Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-23Trend MicroIan Kenefick
@online{kenefick:20211123:bazarloader:794de7c, author = {Ian Kenefick}, title = {{BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors}}, date = {2021-11-23}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/k/bazarloader-adds-compromised-installers-iso-to-arrival-delivery-vectors.html}, language = {English}, urldate = {2021-11-26} } BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors
BazarBackdoor
2021-11-23AnomaliAnomali Threat Research
@online{research:20211123:mummy:8cffd4e, author = {Anomali Threat Research}, title = {{Mummy Spider’s Emotet Malware is Back After a Year Hiatus; Wizard Spider’s TrickBot Observed in Its Return}}, date = {2021-11-23}, organization = {Anomali}, url = {https://www.anomali.com/blog/mummy-spiders-emotet-malware-is-back-after-a-year-hiatus-wizard-spiders-trickbot-observed-in-its-return}, language = {English}, urldate = {2021-11-26} } Mummy Spider’s Emotet Malware is Back After a Year Hiatus; Wizard Spider’s TrickBot Observed in Its Return
Emotet
2021-11-22YouTube ( DuMp-GuY TrIcKsTeR)Jiří Vinopal
@online{vinopal:20211122:powershell:b15c355, author = {Jiří Vinopal}, title = {{Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part2]}}, date = {2021-11-22}, organization = {YouTube ( DuMp-GuY TrIcKsTeR)}, url = {https://youtu.be/BM38OshcozE}, language = {English}, urldate = {2021-11-26} } Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part2]
Agent Tesla
2021-11-22YouTube ( DuMp-GuY TrIcKsTeR)Jiří Vinopal
@online{vinopal:20211122:powershell:37baf25, author = {Jiří Vinopal}, title = {{Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part1]}}, date = {2021-11-22}, organization = {YouTube ( DuMp-GuY TrIcKsTeR)}, url = {https://youtu.be/hxaeWyK8gMI}, language = {English}, urldate = {2021-11-26} } Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part1]
Agent Tesla
2021-11-21Cyber-AnubisNidal Fikri
@online{fikri:20211121:drdiex:b9218fa, author = {Nidal Fikri}, title = {{Drdiex Trojan | Defeating Anti-Analysis | Strings Decryption | C&C Extraction}}, date = {2021-11-21}, organization = {Cyber-Anubis}, url = {https://cyber-anubis.github.io/malware%20analysis/dridex/}, language = {English}, urldate = {2021-11-25} } Drdiex Trojan | Defeating Anti-Analysis | Strings Decryption | C&C Extraction
DoppelDridex Dridex
2021-11-20Advanced IntelligenceYelisey Boguslavskiy, Vitali Kremez
@online{boguslavskiy:20211120:corporate:a8b0a1c, author = {Yelisey Boguslavskiy and Vitali Kremez}, title = {{Corporate Loader "Emotet": History of "X" Project Return for Ransomware}}, date = {2021-11-20}, organization = {Advanced Intelligence}, url = {https://www.advintel.io/post/corporate-loader-emotet-history-of-x-project-return-for-ransomware}, language = {English}, urldate = {2021-11-25} } Corporate Loader "Emotet": History of "X" Project Return for Ransomware
Emotet
2021-11-20Twitter (@eduardfir)Eduardo Mattos
@online{mattos:20211120:velociraptor:bc6d897, author = {Eduardo Mattos}, title = {{Tweet on Velociraptor artifact analysis for Emotet}}, date = {2021-11-20}, organization = {Twitter (@eduardfir)}, url = {https://twitter.com/eduardfir/status/1461856030292422659}, language = {English}, urldate = {2021-11-25} } Tweet on Velociraptor artifact analysis for Emotet
Emotet
2021-11-19Trend MicroMohamed Fahmy, Sherif Magdy, Abdelrhman Sharshar
@online{fahmy:20211119:squirrelwaffle:1e8fa78, author = {Mohamed Fahmy and Sherif Magdy and Abdelrhman Sharshar}, title = {{Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains}}, date = {2021-11-19}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html}, language = {English}, urldate = {2021-11-25} } Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains
Cobalt Strike QakBot Squirrelwaffle
2021-11-19CRONUPGermán Fernández
@online{fernndez:20211119:la:2cbc6a0, author = {Germán Fernández}, title = {{La Botnet de EMOTET reinicia ataques en Chile y LATAM}}, date = {2021-11-19}, organization = {CRONUP}, url = {https://www.cronup.com/la-botnet-de-emotet-reinicia-ataques-en-chile-y-latinoamerica/}, language = {Spanish}, urldate = {2021-11-25} } La Botnet de EMOTET reinicia ataques en Chile y LATAM
Emotet
2021-11-19insomniacs(Medium)Asuna Amawaka
@online{amawaka:20211119:its:bd24ebf, author = {Asuna Amawaka}, title = {{It’s a BEE! It’s a… no, it’s ShadowPad.}}, date = {2021-11-19}, organization = {insomniacs(Medium)}, url = {https://medium.com/insomniacs/its-a-bee-it-s-a-no-it-s-shadowpad-aff6a970a1c2}, language = {English}, urldate = {2021-11-25} } It’s a BEE! It’s a… no, it’s ShadowPad.
ShadowPad
2021-11-19LAC WATCHLAC WATCH
@online{watch:20211119:malware:c504e6f, author = {LAC WATCH}, title = {{Malware Emotet resumes its activities for the first time in 10 months, and Japan is also the target of the attack}}, date = {2021-11-19}, organization = {LAC WATCH}, url = {https://www.lac.co.jp/lacwatch/alert/20211119_002801.html}, language = {English}, urldate = {2021-11-25} } Malware Emotet resumes its activities for the first time in 10 months, and Japan is also the target of the attack
Emotet
2021-11-19IronNetMorgan Demboski
@online{demboski:20211119:is:d05360d, author = {Morgan Demboski}, title = {{Is a coordinated cyberattack brewing in the escalating Russian-Ukrainian conflict?}}, date = {2021-11-19}, organization = {IronNet}, url = {https://www.ironnet.com/blog/is-a-coordinated-cyberattack-brewing-in-the-escalating-russian-ukrainian-conflict}, language = {English}, urldate = {2021-11-25} } Is a coordinated cyberattack brewing in the escalating Russian-Ukrainian conflict?
2021-11-18Twitter (@tccontre18)Br3akp0int
@online{br3akp0int:20211118:how:02114e2, author = {Br3akp0int}, title = {{Tweet on how to decrypt 4 layers of encryption & obfuscation of vjw0rm}}, date = {2021-11-18}, organization = {Twitter (@tccontre18)}, url = {https://twitter.com/tccontre18/status/1461386178528264204}, language = {English}, urldate = {2021-11-19} } Tweet on how to decrypt 4 layers of encryption & obfuscation of vjw0rm
Vjw0rm
2021-11-18BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20211118:threat:7fd07f8, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: DanaBot’s Evolution from Bank Fraud to DDos Attacks}}, date = {2021-11-18}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/11/threat-thursday-danabot-malware-as-a-service}, language = {English}, urldate = {2021-11-25} } Threat Thursday: DanaBot’s Evolution from Bank Fraud to DDos Attacks
DanaBot
2021-11-18Red CanaryThe Red Canary Team
@online{team:20211118:intelligence:7b00cb9, author = {The Red Canary Team}, title = {{Intelligence Insights: November 2021}}, date = {2021-11-18}, organization = {Red Canary}, url = {https://redcanary.com/blog/intelligence-insights-november-2021/}, language = {English}, urldate = {2021-11-19} } Intelligence Insights: November 2021
Andromeda Conti LockBit QakBot Squirrelwaffle
2021-11-18scelarityIOscelarity.IO
@online{scelarityio:20211118:art:6d4757c, author = {scelarity.IO}, title = {{The Art of PerSwaysion Investigation of a Long-Lived Phishing Kit}}, date = {2021-11-18}, organization = {scelarityIO}, url = {https://www.seclarity.io/resources/blog/the-art-of-perswaysion-phishing-kit/}, language = {English}, urldate = {2021-11-19} } The Art of PerSwaysion Investigation of a Long-Lived Phishing Kit
2021-11-18NetskopeGustavo Palazolo, Ghanashyam Satpathy
@online{palazolo:20211118:netskope:39d2098, author = {Gustavo Palazolo and Ghanashyam Satpathy}, title = {{Netskope Threat Coverage: The Return of Emotet}}, date = {2021-11-18}, organization = {Netskope}, url = {https://www.netskope.com/blog/netskope-threat-coverage-the-return-of-emotet}, language = {English}, urldate = {2021-11-25} } Netskope Threat Coverage: The Return of Emotet
Emotet
2021-11-18Group-IBIvan Pisarev
@online{pisarev:20211118:awakening:5bb7c5e, author = {Ivan Pisarev}, title = {{The awakening: Group-IB uncovers new corporate espionage attacks by RedCurl}}, date = {2021-11-18}, organization = {Group-IB}, url = {https://www.group-ib.com/media/red-curl-threat-report/}, language = {English}, urldate = {2021-11-19} } The awakening: Group-IB uncovers new corporate espionage attacks by RedCurl
2021-11-18SophosSean Gallagher, Vikas Singh, Robert Weiland, Elida Leite, Kyle Link, Ratul Ghosh, Harinder Bhathal, Sergio Bestuilic, Ferenc László Nagy, Rahul Dugar, Nirav Parekh, Gabor Szappanos
@online{gallagher:20211118:new:31668c5, author = {Sean Gallagher and Vikas Singh and Robert Weiland and Elida Leite and Kyle Link and Ratul Ghosh and Harinder Bhathal and Sergio Bestuilic and Ferenc László Nagy and Rahul Dugar and Nirav Parekh and Gabor Szappanos}, title = {{New ransomware actor uses password-protected archives to bypass encryption protection}}, date = {2021-11-18}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/?cmp=30728}, language = {English}, urldate = {2021-11-19} } New ransomware actor uses password-protected archives to bypass encryption protection
2021-11-18VenafiVenafi
@online{venafi:20211118:apt41:d8306a9, author = {Venafi}, title = {{APT41 Perfects Code Signing Abuse to Escalate Supply Chain Attacks}}, date = {2021-11-18}, organization = {Venafi}, url = {https://www.venafi.com/resource/Apt41-codesigning-whitepaper#}, language = {English}, urldate = {2021-11-25} } APT41 Perfects Code Signing Abuse to Escalate Supply Chain Attacks