Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-02-14 ⋅ US-CERTUS-CERT
@online{uscert:20200214:malware:315814d, author = {US-CERT}, title = {{Malware Analysis Report (AR20-045C)}}, date = {2020-02-14}, organization = {US-CERT}, url = {https://www.us-cert.gov/ncas/analysis-reports/ar20-045c}, language = {English}, urldate = {2020-02-14} } Malware Analysis Report (AR20-045C)
CHEESETRAY
2020-02-13 ⋅ CybereasonCybereason Nocturnus
@online{nocturnus:20200213:new:ca8e240, author = {Cybereason Nocturnus}, title = {{New Cyber Espionage Campaigns Targeting Palestinians - Part 1: The Spark Campaign}}, date = {2020-02-13}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one}, language = {English}, urldate = {2020-02-13} } New Cyber Espionage Campaigns Targeting Palestinians - Part 1: The Spark Campaign
Spark
2020-02-13 ⋅ CybereasonCybereason Nocturnus
@online{nocturnus:20200213:new:4006ede, author = {Cybereason Nocturnus}, title = {{New Cyber Espionage Campaigns Targeting Palestinians - Part 2: The Discovery of the New, Mysterious Pierogi Backdoor}}, date = {2020-02-13}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-2-the-discovery-of-the-new-mysterious-pierogi-backdoor}, language = {English}, urldate = {2020-02-13} } New Cyber Espionage Campaigns Targeting Palestinians - Part 2: The Discovery of the New, Mysterious Pierogi Backdoor
Pierogi
2020-02-12 ⋅ Cisco TalosChris Neal
@online{neal:20200212:loda:3334939, author = {Chris Neal}, title = {{Loda RAT Grows Up}}, date = {2020-02-12}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/02/loda-rat-grows-up.html}, language = {English}, urldate = {2020-02-13} } Loda RAT Grows Up
Loda
2020-02-12 ⋅ TelsyTelsy
@online{telsy:20200212:meeting:085d775, author = {Telsy}, title = {{Meeting POWERBAND: The APT33 .NET POWERTON Variant}}, date = {2020-02-12}, organization = {Telsy}, url = {https://blog.telsy.com/meeting-powerband-the-apt33-net-powerton-variant/}, language = {English}, urldate = {2020-02-14} } Meeting POWERBAND: The APT33 .NET POWERTON Variant
POWERTON POWERBAND
2020-02-11 ⋅ Github (jeFF0Falltrades)Jeff Archer
@online{archer:20200211:metamorfo:663ae17, author = {Jeff Archer}, title = {{Metamorfo (aka Casbaneiro)}}, date = {2020-02-11}, organization = {Github (jeFF0Falltrades)}, url = {https://github.com/jeFF0Falltrades/IoCs/blob/master/Broadbased/metamorfo.md}, language = {English}, urldate = {2020-02-11} } Metamorfo (aka Casbaneiro)
Metamorfo Unidentified 072 (Metamorfo Loader)
2020-02-11 ⋅ Twitter (@malwrhunterteam)MalwareHunterTeam
@online{malwarehunterteam:20200211:parallax:e157478, author = {MalwareHunterTeam}, title = {{Tweet on Parallax RAT}}, date = {2020-02-11}, organization = {Twitter (@malwrhunterteam)}, url = {https://twitter.com/malwrhunterteam/status/1227196799997431809}, language = {English}, urldate = {2020-02-13} } Tweet on Parallax RAT
Parallax RAT
2020-02-10 ⋅ Kaspersky LabsAnna Malina
@online{malina:20200210:kbot:87338ae, author = {Anna Malina}, title = {{KBOT: sometimes they come back}}, date = {2020-02-10}, organization = {Kaspersky Labs}, url = {https://securelist.com/kbot-sometimes-they-come-back/96157/}, language = {English}, urldate = {2020-02-11} } KBOT: sometimes they come back
KBOT
2020-02-10 ⋅ MalwarebytesAdam Kujawa, Wendy Zamora, Jérôme Segura, Thomas Reed, Nathan Collier, Jovi Umawing, Chris Boyd, Pieter Arntz, David Ruiz
@techreport{kujawa:20200210:2020:3fdaf12, author = {Adam Kujawa and Wendy Zamora and Jérôme Segura and Thomas Reed and Nathan Collier and Jovi Umawing and Chris Boyd and Pieter Arntz and David Ruiz}, title = {{2020 State of Malware Report}}, date = {2020-02-10}, institution = {Malwarebytes}, url = {https://resources.malwarebytes.com/files/2020/02/2020_State-of-Malware-Report.pdf}, language = {English}, urldate = {2020-02-13} } 2020 State of Malware Report
magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor
2020-02-10 ⋅ Bit of Hex BlogMatt
@online{matt:20200210:suspected:d2241fe, author = {Matt}, title = {{Suspected Sapphire Mushroom (APT-C-12) malicious LNK files}}, date = {2020-02-10}, organization = {Bit of Hex Blog}, url = {https://bitofhex.com/2020/02/10/sapphire-mushroom-lnk-files/}, language = {English}, urldate = {2020-02-13} } Suspected Sapphire Mushroom (APT-C-12) malicious LNK files
Unidentified PS 001 APT-C-12
2020-02-10 ⋅ ZDNetCatalin Cimpanu
@online{cimpanu:20200210:fbi:1904430, author = {Catalin Cimpanu}, title = {{FBI warns about ongoing attacks against software supply chain companies}}, date = {2020-02-10}, organization = {ZDNet}, url = {https://www.zdnet.com/article/fbi-warns-about-ongoing-attacks-against-software-supply-chain-companies/}, language = {English}, urldate = {2020-02-11} } FBI warns about ongoing attacks against software supply chain companies
DistTrack Kwampirs
2020-02-07 ⋅ Medium CSIS TechblogBenoît Ancel
@online{ancel:20200207:installcapital:23b3760, author = {Benoît Ancel}, title = {{InstallCapital — When AdWare Becomes Pay-per-Install Cyber-Crime}}, date = {2020-02-07}, organization = {Medium CSIS Techblog}, url = {https://medium.com/csis-techblog/installcapital-when-adware-becomes-pay-per-install-cyber-crime-15516249a451}, language = {English}, urldate = {2020-02-09} } InstallCapital — When AdWare Becomes Pay-per-Install Cyber-Crime
DreamBot Glupteba
2020-02-07 ⋅ Binary DefenseJames Quinn
@online{quinn:20200207:emotet:07de43a, author = {James Quinn}, title = {{Emotet Evolves With New Wi-Fi Spreader}}, date = {2020-02-07}, organization = {Binary Defense}, url = {https://www.binarydefense.com/emotet-evolves-with-new-wi-fi-spreader/}, language = {English}, urldate = {2020-02-09} } Emotet Evolves With New Wi-Fi Spreader
Emotet
2020-02-07 ⋅ RiskIQJordan Herman
@online{herman:20200207:magecart:185b67b, author = {Jordan Herman}, title = {{Magecart Group 12’s Latest: Actors Behind Attacks on Olympics Ticket Re-sellers Deftly Swapped Domains to Continue Campaign}}, date = {2020-02-07}, organization = {RiskIQ}, url = {https://www.riskiq.com/blog/labs/magecart-group-12-olympics/}, language = {English}, urldate = {2020-02-09} } Magecart Group 12’s Latest: Actors Behind Attacks on Olympics Ticket Re-sellers Deftly Swapped Domains to Continue Campaign
magecart
2020-02-07 ⋅ Bleeping ComputerSergiu Gatlan
@online{gatlan:20200207:ta505:7a8e5a2, author = {Sergiu Gatlan}, title = {{TA505 Hackers Behind Maastricht University Ransomware Attack}}, date = {2020-02-07}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/ta505-hackers-behind-maastricht-university-ransomware-attack/}, language = {English}, urldate = {2020-02-13} } TA505 Hackers Behind Maastricht University Ransomware Attack
Clop
2020-02-07 ⋅ Medium SebdravenSébastien Larinier
@online{larinier:20200207:40:9415c5c, author = {Sébastien Larinier}, title = {{APT 40 in Malaysia}}, date = {2020-02-07}, organization = {Medium Sebdraven}, url = {https://medium.com/@Sebdraven/apt-40-in-malaysia-61ed9c9642e9}, language = {English}, urldate = {2020-02-09} } APT 40 in Malaysia
DADJOKE
2020-02-06 ⋅ IronNetJonathan Lepore
@online{lepore:20200206:dns:c7069f1, author = {Jonathan Lepore}, title = {{DNS Tunneling Series, Part 3: The Siren Song of RogueRobin}}, date = {2020-02-06}, organization = {IronNet}, url = {https://ironnet.com/blog/dns-tunneling-series-part-3-the-siren-song-of-roguerobin/}, language = {English}, urldate = {2020-02-13} } DNS Tunneling Series, Part 3: The Siren Song of RogueRobin
RogueRobin
2020-02-06 ⋅ Bleeping ComputerLawrence Abrams
@online{abrams:20200206:ransomware:8b6a606, author = {Lawrence Abrams}, title = {{Ransomware Exploits GIGABYTE Driver to Kill AV Processes}}, date = {2020-02-06}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/ransomware-exploits-gigabyte-driver-to-kill-av-processes/}, language = {English}, urldate = {2020-02-13} } Ransomware Exploits GIGABYTE Driver to Kill AV Processes
RobinHood
2020-02-06 ⋅ SophosAndrew Brandt, Mark Loman
@online{brandt:20200206:living:811742c, author = {Andrew Brandt and Mark Loman}, title = {{Living off another land: Ransomware borrows vulnerable driver to remove security software}}, date = {2020-02-06}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2020/02/06/living-off-another-land-ransomware-borrows-vulnerable-driver-to-remove-security-software/}, language = {English}, urldate = {2020-02-13} } Living off another land: Ransomware borrows vulnerable driver to remove security software
RobinHood
2020-02-05 ⋅ Bleeping ComputerLawrence Abrams
@online{abrams:20200205:mailto:3027008, author = {Lawrence Abrams}, title = {{Mailto (NetWalker) Ransomware Targets Enterprise Networks}}, date = {2020-02-05}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/mailto-netwalker-ransomware-targets-enterprise-networks/}, language = {English}, urldate = {2020-02-11} } Mailto (NetWalker) Ransomware Targets Enterprise Networks
Mailto