Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-30ProofpointMichael Raggi, Proofpoint Threat Insight Team
@online{raggi:20230330:exploitation:68f9fd6, author = {Michael Raggi and Proofpoint Threat Insight Team}, title = {{Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe}}, date = {2023-03-30}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability}, language = {English}, urldate = {2023-03-30} } Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe
2023-03-30VolexityAnkur Saini, Callum Roxan, Charlie Gardner, Paul Rascagnères, Steven Adair, Thomas Lancaster
@online{saini:20230330:3cx:82b291e, author = {Ankur Saini and Callum Roxan and Charlie Gardner and Paul Rascagnères and Steven Adair and Thomas Lancaster}, title = {{3CX Supply Chain Compromise Leads to ICONIC Incident}}, date = {2023-03-30}, organization = {Volexity}, url = {https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/}, language = {English}, urldate = {2023-03-30} } 3CX Supply Chain Compromise Leads to ICONIC Incident
3CX Backdoor IconicStealer
2023-03-30MandiantAlden Wahlstrom, Gabby Roncone, Keith Lunden, Daniel Kapellmann Zafra
@online{wahlstrom:20230330:contracts:c4bbb45, author = {Alden Wahlstrom and Gabby Roncone and Keith Lunden and Daniel Kapellmann Zafra}, title = {{Contracts Identify Cyber Operations Projects from Russian Company NTC Vulkan}}, date = {2023-03-30}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/cyber-operations-russian-vulkan}, language = {English}, urldate = {2023-03-30} } Contracts Identify Cyber Operations Projects from Russian Company NTC Vulkan
INCONTROLLER
2023-03-30abuse.chabuse.ch
@online{abusech:20230330:lu0bot:acc5ddd, author = {abuse.ch}, title = {{Lu0Bot samples on MalwareBazaar}}, date = {2023-03-30}, organization = {abuse.ch}, url = {https://bazaar.abuse.ch/browse/tag/Lu0Bot/}, language = {English}, urldate = {2023-03-30} } Lu0Bot samples on MalwareBazaar
Lu0Bot
2023-03-29SentinelOneJuan Andrés Guerrero-Saade
@online{guerrerosaade:20230329:smoothoperator:42df1eb, author = {Juan Andrés Guerrero-Saade}, title = {{SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack}}, date = {2023-03-29}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/}, language = {English}, urldate = {2023-03-30} } SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack
3CX Backdoor
2023-03-29CrowdStrikeResearch & Threat Intel
@online{intel:20230329:crowdstrike:cafb1f8, author = {Research & Threat Intel}, title = {{CrowdStrike Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers}}, date = {2023-03-29}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/}, language = {English}, urldate = {2023-03-30} } CrowdStrike Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers
3CX Backdoor
2023-03-28ExaTrackExaTrack
@online{exatrack:20230328:mlofe:6ca8f29, author = {ExaTrack}, title = {{Mélofée: a new alien malware in the Panda's toolset targeting Linux hosts}}, date = {2023-03-28}, organization = {ExaTrack}, url = {https://blog.exatrack.com/melofee/}, language = {English}, urldate = {2023-03-29} } Mélofée: a new alien malware in the Panda's toolset targeting Linux hosts
HelloBot Melofee Winnti Cobalt Strike SparkRAT STOWAWAY
2023-03-28ThreatMonThreatMon Malware Research Team, seyitsec
@online{team:20230328:chinotto:95afa43, author = {ThreatMon Malware Research Team and seyitsec}, title = {{Chinotto Backdoor Technical Analysis of the APT Reaper’s Powerful Weapon}}, date = {2023-03-28}, organization = {ThreatMon}, url = {https://threatmon.io/chinotto-backdoor-technical-analysis-of-the-apt-reapers-powerful/}, language = {English}, urldate = {2023-03-29} } Chinotto Backdoor Technical Analysis of the APT Reaper’s Powerful Weapon
Chinotto
2023-03-28BitSightAndré Tavares
@online{tavares:20230328:tofsee:60925da, author = {André Tavares}, title = {{Tofsee Botnet: Proxying and Mining}}, date = {2023-03-28}, organization = {BitSight}, url = {https://www.bitsight.com/blog/tofsee-botnet-proxying-and-mining}, language = {English}, urldate = {2023-03-29} } Tofsee Botnet: Proxying and Mining
Tofsee
2023-03-28ANY.RUNANY.RUN
@online{anyrun:20230328:limerat:14deee8, author = {ANY.RUN}, title = {{LimeRAT Malware Analysis: Extracting the Config}}, date = {2023-03-28}, organization = {ANY.RUN}, url = {https://any.run/cybersecurity-blog/limerat-malware-analysis/}, language = {English}, urldate = {2023-03-30} } LimeRAT Malware Analysis: Extracting the Config
LimeRAT
2023-03-27ZscalerMeghraj Nandanwar, Satyam Singh
@online{nandanwar:20230327:dbatloader:a8f205c, author = {Meghraj Nandanwar and Satyam Singh}, title = {{DBatLoader: Actively Distributing Malwares Targeting European Businesses}}, date = {2023-03-27}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/dbatloader-actively-distributing-malwares-targeting-european-businesses}, language = {English}, urldate = {2023-03-29} } DBatLoader: Actively Distributing Malwares Targeting European Businesses
DBatLoader Remcos
2023-03-27splunkSplunk Threat Research Team
@online{team:20230327:asyncrat:7bf3c13, author = {Splunk Threat Research Team}, title = {{AsyncRAT Crusade: Detections and Defense}}, date = {2023-03-27}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/asyncrat-crusade-detections-and-defense.html}, language = {English}, urldate = {2023-03-30} } AsyncRAT Crusade: Detections and Defense
AsyncRAT
2023-03-27ProofpointPim Trouerbach, Kelsey Merriman, Joe Wise
@online{trouerbach:20230327:fork:62e7699, author = {Pim Trouerbach and Kelsey Merriman and Joe Wise}, title = {{Fork in the Ice: The New Era of IcedID}}, date = {2023-03-27}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/fork-ice-new-era-icedid}, language = {English}, urldate = {2023-03-27} } Fork in the Ice: The New Era of IcedID
IcedID
2023-03-26Luca Mella
@online{mella:20230326:updates:deb3c61, author = {Luca Mella}, title = {{Updates from the MaaS: new threats delivered through NullMixer}}, date = {2023-03-26}, url = {https://medium.com/@lcam/updates-from-the-maas-new-threats-delivered-through-nullmixer-d45defc260d1}, language = {English}, urldate = {2023-03-29} } Updates from the MaaS: new threats delivered through NullMixer
Fabookie Nullmixer PseudoManuscrypt Raccoon RedLine Stealer
2023-03-25davincifans101
@techreport{davincifans101:20230325:analysis:40946b6, author = {davincifans101}, title = {{Analysis Report of Pinduoduo's Malicious Behaviors}}, date = {2023-03-25}, institution = {}, url = {https://raw.githubusercontent.com/davincifans101/pinduoduo_backdoor_detailed_report/main/report_en.pdf}, language = {English}, urldate = {2023-03-29} } Analysis Report of Pinduoduo's Malicious Behaviors
2023-03-25kienmanowar BlogTran Trung Kien, m4n0w4r
@online{kien:20230325:quicknote:c2b9de4, author = {Tran Trung Kien and m4n0w4r}, title = {{[QuickNote] Decrypting the C2 configuration of Warzone RAT}}, date = {2023-03-25}, organization = {kienmanowar Blog}, url = {https://kienmanowar.wordpress.com/2023/03/25/quicknote-decrypting-the-c2-configuration-of-warzone-rat/}, language = {English}, urldate = {2023-03-27} } [QuickNote] Decrypting the C2 configuration of Warzone RAT
Ave Maria
2023-03-24cocomelonccocomelonc
@online{cocomelonc:20230324:malware:972beff, author = {cocomelonc}, title = {{Malware AV/VM evasion - part 14: encrypt/decrypt payload via A5/1. Bypass Kaspersky AV. Simple C++ example.}}, date = {2023-03-24}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2023/03/24/malware-av-evasion-14.html}, language = {English}, urldate = {2023-03-30} } Malware AV/VM evasion - part 14: encrypt/decrypt payload via A5/1. Bypass Kaspersky AV. Simple C++ example.
2023-03-24Lab52peko
@online{peko:20230324:bypassing:a6439f7, author = {peko}, title = {{Bypassing Qakbot Anti-Analysis}}, date = {2023-03-24}, organization = {Lab52}, url = {https://lab52.io/blog/bypassing-qakbot-anti-analysis-tactics/}, language = {English}, urldate = {2023-03-27} } Bypassing Qakbot Anti-Analysis
QakBot
2023-03-23Medium s2wlabBLKSMTH, S2W TALON
@online{blksmth:20230323:scarcruft:82ba4d6, author = {BLKSMTH and S2W TALON}, title = {{Scarcruft Bolsters Arsenal for targeting individual Android devices}}, date = {2023-03-23}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/scarcruft-bolsters-arsenal-for-targeting-individual-android-devices-97d2bcef4ab}, language = {English}, urldate = {2023-03-27} } Scarcruft Bolsters Arsenal for targeting individual Android devices
RambleOn RokRAT
2023-03-23SentinelOneAleksandar Milenkoski, Juan Andrés Guerrero-Saade, Joey Chen, QGroup
@online{milenkoski:20230323:operation:2263a72, author = {Aleksandar Milenkoski and Juan Andrés Guerrero-Saade and Joey Chen and QGroup}, title = {{Operation Tainted Love | Chinese APTs Target Telcos in New Attacks}}, date = {2023-03-23}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/operation-tainted-love-chinese-apts-target-telcos-in-new-attacks/}, language = {English}, urldate = {2023-03-27} } Operation Tainted Love | Chinese APTs Target Telcos in New Attacks
mim221