Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-07-29SentinelOneJuan Andrés Guerrero-Saade
@online{guerrerosaade:20210729:meteorexpress:0e9bb5a, author = {Juan Andrés Guerrero-Saade}, title = {{MeteorExpress | Mysterious Wiper Paralyzes Iranian Trains with Epic Troll}}, date = {2021-07-29}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/meteorexpress-mysterious-wiper-paralyzes-iranian-trains-with-epic-troll/}, language = {English}, urldate = {2021-07-29} } MeteorExpress | Mysterious Wiper Paralyzes Iranian Trains with Epic Troll
2021-07-29Rasta MouseRasta Mouse
@online{mouse:20210729:ntlm:7f97289, author = {Rasta Mouse}, title = {{NTLM Relaying via Cobalt Strike}}, date = {2021-07-29}, organization = {Rasta Mouse}, url = {https://rastamouse.me/ntlm-relaying-via-cobalt-strike/}, language = {English}, urldate = {2021-07-29} } NTLM Relaying via Cobalt Strike
Cobalt Strike
2021-07-29ENISAIfigeneia Lella, Marianthi Theocharidou, Eleni Tsekmezoglou, Apostolos Malatras, Sebastian García, Veronica Valeros, Volker Distelrath, Konstantinos Moulinos
@online{lella:20210729:enisa:159308a, author = {Ifigeneia Lella and Marianthi Theocharidou and Eleni Tsekmezoglou and Apostolos Malatras and Sebastian García and Veronica Valeros and Volker Distelrath and Konstantinos Moulinos}, title = {{ENISA Threat Landscape for Supply Chain Attacks}}, date = {2021-07-29}, organization = {ENISA}, url = {https://www.enisa.europa.eu/publications/threat-landscape-for-supply-chain-attacks/at_download/fullReport}, language = {English}, urldate = {2021-07-29} } ENISA Threat Landscape for Supply Chain Attacks
2021-07-29IntrusiontruthIntrusiontruth
@online{intrusiontruth:20210729:incompetent:925d0eb, author = {Intrusiontruth}, title = {{An (in)Competent Cyber Program – A brief cyber history of the ‘CCP’}}, date = {2021-07-29}, organization = {Intrusiontruth}, url = {https://intrusiontruth.wordpress.com/2021/07/29/an-incompetent-cyber-program-a-brief-cyber-history-of-the-ccp/}, language = {English}, urldate = {2021-07-29} } An (in)Competent Cyber Program – A brief cyber history of the ‘CCP’
2021-07-28ThreatFabricThreatFabric
@online{threatfabric:20210728:vultur:52f3dd8, author = {ThreatFabric}, title = {{Vultur, with a V for VNC}}, date = {2021-07-28}, organization = {ThreatFabric}, url = {https://www.threatfabric.com/blogs/vultur-v-for-vnc.html}, language = {English}, urldate = {2021-07-29} } Vultur, with a V for VNC
2021-07-28CISACISA, Australian Cyber Security Centre (ACSC), NCSC UK, FBI
@online{cisa:20210728:top:78a1031, author = {CISA and Australian Cyber Security Centre (ACSC) and NCSC UK and FBI}, title = {{Top Routinely Exploited Vulnerabilities}}, date = {2021-07-28}, organization = {CISA}, url = {https://us-cert.cisa.gov/ncas/alerts/aa21-209a}, language = {English}, urldate = {2021-07-29} } Top Routinely Exploited Vulnerabilities
2021-07-28RiskIQJennifer Grob, Jordan Herman
@online{grob:20210728:use:8287989, author = {Jennifer Grob and Jordan Herman}, title = {{Use of XAMPP Web Component to Identify Agent Tesla Infrastructure}}, date = {2021-07-28}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/40000d46}, language = {English}, urldate = {2021-07-29} } Use of XAMPP Web Component to Identify Agent Tesla Infrastructure
Agent Tesla
2021-07-28McAfeeThibault Seret, Noël Keijzer
@techreport{seret:20210728:babuk:6d1325e, author = {Thibault Seret and Noël Keijzer}, title = {{Babuk: Moving to VM and *nix Systems Before Stepping Away}}, date = {2021-07-28}, institution = {McAfee}, url = {https://www.mcafee.com/enterprise/en-us/assets/reports/rp-babuk-moving-to-vm-nix-systems.pdf}, language = {English}, urldate = {2021-07-29} } Babuk: Moving to VM and *nix Systems Before Stepping Away
Babuk
2021-07-28KELAVictoria Kivilevich
@online{kivilevich:20210728:new:7d537c8, author = {Victoria Kivilevich}, title = {{New Russian-Speaking Forum – A New Place for RaaS?}}, date = {2021-07-28}, organization = {KELA}, url = {https://ke-la.com/new-russian-speaking-forum-a-new-place-for-raas/}, language = {English}, urldate = {2021-07-29} } New Russian-Speaking Forum – A New Place for RaaS?
Babuk
2021-07-28SUCURIBen Martin
@online{martin:20210728:stylish:741bbed, author = {Ben Martin}, title = {{Stylish Magento Card Stealer loads Without Script Tags}}, date = {2021-07-28}, organization = {SUCURI}, url = {https://blog.sucuri.net/2021/07/stylish-magento-card-stealer-loads-without-script-tags.html}, language = {English}, urldate = {2021-07-29} } Stylish Magento Card Stealer loads Without Script Tags
2021-07-28ProofpointJoshua Miller, Michael Raggi, Crista Giering
@online{miller:20210728:i:23e9aad, author = {Joshua Miller and Michael Raggi and Crista Giering}, title = {{I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona}}, date = {2021-07-28}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/i-knew-you-were-trouble-ta456-targets-defense-contractor-alluring-social-media}, language = {English}, urldate = {2021-07-29} } I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona
Liderc SysKit
2021-07-27360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20210727:summary:219ae9b, author = {Advanced Threat Institute}, title = {{Summary of Kimsuky's secret stealing activities in the first half of 2021}}, date = {2021-07-27}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/og8mfnqoKZsHlOJdIDKYgQ}, language = {Chinese}, urldate = {2021-07-27} } Summary of Kimsuky's secret stealing activities in the first half of 2021
2021-07-27ElasticElastic Security Intelligence & Analytics Team
@online{team:20210727:collecting:fb21718, author = {Elastic Security Intelligence & Analytics Team}, title = {{Collecting and operationalizing threat data from the Mozi botnet}}, date = {2021-07-27}, organization = {Elastic}, url = {https://www.elastic.co/blog/collecting-and-operationalizing-threat-data-from-the-mozi-botnet}, language = {English}, urldate = {2021-07-29} } Collecting and operationalizing threat data from the Mozi botnet
Mozi
2021-07-27Palo Alto Networks Unit 42Mike Harbison, Alex Hinchliffe
@online{harbison:20210727:thor:5d6d793, author = {Mike Harbison and Alex Hinchliffe}, title = {{THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group}}, date = {2021-07-27}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/thor-plugx-variant/}, language = {English}, urldate = {2021-07-29} } THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group
PlugX
2021-07-27The RecordCatalin Cimpanu
@online{cimpanu:20210727:blackmatter:4934eef, author = {Catalin Cimpanu}, title = {{BlackMatter ransomware targets companies with revenue of $100 million and more}}, date = {2021-07-27}, organization = {The Record}, url = {https://therecord.media/blackmatter-ransomware-targets-companies-with-revenues-of-100-million-and-more/}, language = {English}, urldate = {2021-07-29} } BlackMatter ransomware targets companies with revenue of $100 million and more
2021-07-27Recorded FutureInsikt Group®
@online{group:20210727:blackmatter:db85bfb, author = {Insikt Group®}, title = {{BlackMatter Ransomware Emerges As Successor to DarkSide, REvil}}, date = {2021-07-27}, organization = {Recorded Future}, url = {https://www.recordedfuture.com/blackmatter-ransomware-successor-darkside-revil/}, language = {English}, urldate = {2021-07-29} } BlackMatter Ransomware Emerges As Successor to DarkSide, REvil
DarkSide LockBit REvil
2021-07-27Check PointAlexey Bukhteyev, Raman Ladutska
@online{bukhteyev:20210727:timeproven:d927632, author = {Alexey Bukhteyev and Raman Ladutska}, title = {{Time-proven tricks in a new environment: the macOS evolution of Formbook}}, date = {2021-07-27}, organization = {Check Point}, url = {https://research.checkpoint.com/2021/time-proven-tricks-in-a-new-environment-the-macos-evolution-of-formbook/}, language = {English}, urldate = {2021-07-29} } Time-proven tricks in a new environment: the macOS evolution of Formbook
Xloader
2021-07-27Recorded FutureInsikt Group®
@techreport{group:20210727:chinas:6cab907, author = {Insikt Group®}, title = {{China’s Digital Colonialism: Espionage and Repression Along the Digital Silk Road}}, date = {2021-07-27}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2021-0727.pdf}, language = {English}, urldate = {2021-07-29} } China’s Digital Colonialism: Espionage and Repression Along the Digital Silk Road
2021-07-27Bleeping ComputerLawrence Abrams
@online{abrams:20210727:lockbit:095b8d6, author = {Lawrence Abrams}, title = {{LockBit ransomware now encrypts Windows domains using group policies}}, date = {2021-07-27}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-encrypts-windows-domains-using-group-policies/}, language = {English}, urldate = {2021-07-29} } LockBit ransomware now encrypts Windows domains using group policies
Egregor LockBit
2021-07-27Bleeping ComputerSergiu Gatlan
@online{gatlan:20210727:uc:4b59fb1, author = {Sergiu Gatlan}, title = {{UC San Diego Health discloses data breach after phishing attack}}, date = {2021-07-27}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/uc-san-diego-health-discloses-data-breach-after-phishing-attack/}, language = {English}, urldate = {2021-07-29} } UC San Diego Health discloses data breach after phishing attack