Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-01-26ANY.RUNANY.RUN
@online{anyrun:20230126:cryptbot:fa17489, author = {ANY.RUN}, title = {{CryptBot Infostealer: Malware Analysis}}, date = {2023-01-26}, organization = {ANY.RUN}, url = {https://any.run/cybersecurity-blog/cryptbot-infostealer-malware-analysis/}, language = {English}, urldate = {2023-01-27} } CryptBot Infostealer: Malware Analysis
CryptBot
2023-01-26Palo Alto Networks Unit 42Mike Harbison, Jen Miller-Osborn
@online{harbison:20230126:chinese:a83622f, author = {Mike Harbison and Jen Miller-Osborn}, title = {{Chinese PlugX Malware Hidden in Your USB Devices?}}, date = {2023-01-26}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/}, language = {English}, urldate = {2023-01-27} } Chinese PlugX Malware Hidden in Your USB Devices?
PlugX
2023-01-26AcronisIlan Duhin
@online{duhin:20230126:unpacking:8ff4776, author = {Ilan Duhin}, title = {{Unpacking Emotet Malware}}, date = {2023-01-26}, organization = {Acronis}, url = {https://medium.com/@Ilandu/emotet-unpacking-35bbe2980cfb}, language = {English}, urldate = {2023-01-27} } Unpacking Emotet Malware
Emotet
2023-01-26NCSC UKNCSC UK
@online{uk:20230126:seaborgium:ae8f581, author = {NCSC UK}, title = {{SEABORGIUM and TA453 continue their respective spear-phishing campaigns against targets of interest}}, date = {2023-01-26}, organization = {NCSC UK}, url = {https://www.ncsc.gov.uk/news/spear-phishing-campaigns-targets-of-interest}, language = {English}, urldate = {2023-01-27} } SEABORGIUM and TA453 continue their respective spear-phishing campaigns against targets of interest
2023-01-25SecuronixD. Iuzvyk, T. Peck, O. Kolesnikov
@online{iuzvyk:20230125:securonix:866c376, author = {D. Iuzvyk and T. Peck and O. Kolesnikov}, title = {{Securonix Security Advisory: Python-Based PY#RATION Attack Campaign Leverages Fernet Encryption and Websockets to Avoid Detection}}, date = {2023-01-25}, organization = {Securonix}, url = {https://www.securonix.com/blog/security-advisory-python-based-pyration-attack-campaign/}, language = {English}, urldate = {2023-01-26} } Securonix Security Advisory: Python-Based PY#RATION Attack Campaign Leverages Fernet Encryption and Websockets to Avoid Detection
PY#RATION
2023-01-25ProofpointGreg Lesnewich, Proofpoint Threat Research Team
@online{lesnewich:20230125:ta444:ae76e7b, author = {Greg Lesnewich and Proofpoint Threat Research Team}, title = {{TA444: The APT Startup Aimed at Acquisition (of Your Funds)}}, date = {2023-01-25}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/ta444-apt-startup-aimed-at-your-funds}, language = {English}, urldate = {2023-01-25} } TA444: The APT Startup Aimed at Acquisition (of Your Funds)
CageyChameleon
2023-01-24TrellixDaksh Kapur, Tomer Shloman, Robert Venal, John Fokker
@online{kapur:20230124:cyberattacks:0a05372, author = {Daksh Kapur and Tomer Shloman and Robert Venal and John Fokker}, title = {{Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity}}, date = {2023-01-24}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/research/cyberattacks-targeting-ukraine-increase.html}, language = {English}, urldate = {2023-01-25} } Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity
Andromeda Formbook Houdini Remcos
2023-01-24SentinelOneAleksandar Milenkoski
@online{milenkoski:20230124:dragonspark:828f0d3, author = {Aleksandar Milenkoski}, title = {{DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation}}, date = {2023-01-24}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation/}, language = {English}, urldate = {2023-01-25} } DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation
SparkRAT
2023-01-24FortinetGeri Revay
@online{revay:20230124:year:00a1450, author = {Geri Revay}, title = {{The Year of the Wiper}}, date = {2023-01-24}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/the-year-of-the-wiper}, language = {English}, urldate = {2023-01-25} } The Year of the Wiper
Azov Wiper Bruh Wiper CaddyWiper Cobalt Strike Vidar
2023-01-24eSentireJoe Stewart, Keegan Keplinger
@online{stewart:20230124:unmasking:c26cfce, author = {Joe Stewart and Keegan Keplinger}, title = {{Unmasking Venom Spider}}, date = {2023-01-24}, organization = {eSentire}, url = {https://www.esentire.com/web-native-pages/unmasking-venom-spider}, language = {English}, urldate = {2023-01-25} } Unmasking Venom Spider
More_eggs TerraPreter TerraLoader VenomLNK
2023-01-24DailySecUGil Min-kwon
@online{minkwon:20230124:urgent:71e54e3, author = {Gil Min-kwon}, title = {{[Urgent] A Chinese hacker organization that declared hacking war on Korea..."KISA will hack" notice}}, date = {2023-01-24}, organization = {DailySecU}, url = {https://www.dailysecu.com/news/articleView.html?idxno=143020}, language = {English}, urldate = {2023-01-24} } [Urgent] A Chinese hacker organization that declared hacking war on Korea..."KISA will hack" notice
2023-01-23UptycsKarthickkumar Kathiresan, Shilpesh Trivedi
@online{kathiresan:20230123:titan:2ea755f, author = {Karthickkumar Kathiresan and Shilpesh Trivedi}, title = {{The Titan Stealer: Notorious Telegram Malware Campaign - Uptycs}}, date = {2023-01-23}, organization = {Uptycs}, url = {https://www.uptycs.com/blog/titan-stealer-telegram-malware-campaign}, language = {English}, urldate = {2023-01-26} } The Titan Stealer: Notorious Telegram Malware Campaign - Uptycs
TitanStealer
2023-01-23FBIFBI National Press Office
@online{office:20230123:fbi:172d0d8, author = {FBI National Press Office}, title = {{FBI Confirms Lazarus Group Cyber Actors Responsible for Harmony's Horizon Bridge Currency Theft}}, date = {2023-01-23}, organization = {FBI}, url = {https://www.fbi.gov/news/press-releases/fbi-confirms-lazarus-group-apt38-cyber-actors-responsible-for-harmonys-horizon-bridge-currency-theft}, language = {English}, urldate = {2023-01-25} } FBI Confirms Lazarus Group Cyber Actors Responsible for Harmony's Horizon Bridge Currency Theft
2023-01-20cocomelonccocomelonc
@online{cocomelonc:20230120:malware:c480361, author = {cocomelonc}, title = {{Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.}}, date = {2023-01-20}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/persistence/2023/01/19/malware-pers-21.html}, language = {English}, urldate = {2023-01-23} } Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.
2023-01-20BlackberryBlackBerry Research & Intelligence Team
@online{team:20230120:emotet:3d5fe7f, author = {BlackBerry Research & Intelligence Team}, title = {{Emotet Returns With New Methods of Evasion}}, date = {2023-01-20}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2023/01/emotet-returns-with-new-methods-of-evasion}, language = {English}, urldate = {2023-01-25} } Emotet Returns With New Methods of Evasion
Emotet IcedID
2023-01-20The Hacker NewsRavie Lakshmanan
@online{lakshmanan:20230120:chinese:4df7900, author = {Ravie Lakshmanan}, title = {{Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware}}, date = {2023-01-20}, organization = {The Hacker News}, url = {https://thehackernews.com/2023/01/new-chinese-malware-spotted-exploiting.html}, language = {English}, urldate = {2023-01-20} } Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware
BOLDMOVE BOLDMOVE
2023-01-19Team CymruS2 Research Team
@online{team:20230119:darth:4a19fc1, author = {S2 Research Team}, title = {{Darth Vidar: The Dark Side of Evolving Threat Infrastructure}}, date = {2023-01-19}, organization = {Team Cymru}, url = {https://www.team-cymru.com/post/darth-vidar-the-dark-side-of-evolving-threat-infrastructure}, language = {English}, urldate = {2023-01-19} } Darth Vidar: The Dark Side of Evolving Threat Infrastructure
Vidar
2023-01-19BlackberryBlackBerry Research & Intelligence Team
@online{team:20230119:gamaredon:ed20055, author = {BlackBerry Research & Intelligence Team}, title = {{Gamaredon (Ab)uses Telegram to Target Ukrainian Organizations}}, date = {2023-01-19}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2023/01/gamaredon-abuses-telegram-to-target-ukrainian-organizations}, language = {English}, urldate = {2023-01-25} } Gamaredon (Ab)uses Telegram to Target Ukrainian Organizations
Unidentified VBS 006 (Telegram Loader)
2023-01-19MandiantScott Henderson, Cristiana Kittner, Sarah Hawley, Mark Lechtik
@online{henderson:20230119:suspected:39b0731, author = {Scott Henderson and Cristiana Kittner and Sarah Hawley and Mark Lechtik}, title = {{Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475)}}, date = {2023-01-19}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw}, language = {English}, urldate = {2023-01-20} } Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475)
BOLDMOVE BOLDMOVE
2023-01-19Kaspersky LabsGReAT
@online{great:20230119:roaming:46b7adb, author = {GReAT}, title = {{Roaming Mantis implements new DNS changer in its malicious mobile app in 2022}}, date = {2023-01-19}, organization = {Kaspersky Labs}, url = {https://securelist.com/roaming-mantis-dns-changer-in-malicious-mobile-app/108464/}, language = {English}, urldate = {2023-01-19} } Roaming Mantis implements new DNS changer in its malicious mobile app in 2022
MoqHao