Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-12-02Github (binref)Jesko Hüttenhain
@online{httenhain:20221202:refinery:ee32690, author = {Jesko Hüttenhain}, title = {{The Refinery Files 0x06: Qakbot Decoder}}, date = {2022-12-02}, organization = {Github (binref)}, url = {https://github.com/binref/refinery/blob/master/tutorials/tbr-files.v0x06.Qakbot.Decoder.ipynb}, language = {English}, urldate = {2022-12-02} } The Refinery Files 0x06: Qakbot Decoder
QakBot
2022-12-02Avast DecodedThreat Intelligence Team
@online{team:20221202:hitching:0cb7557, author = {Threat Intelligence Team}, title = {{Hitching a ride with Mustang Panda}}, date = {2022-12-02}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatintel/apt-treasure-trove-avast-suspects-chinese-apt-group-mustang-panda-is-collecting-data-from-burmese-government-agencies-and-opposition-groups/}, language = {English}, urldate = {2022-12-02} } Hitching a ride with Mustang Panda
PlugX
2022-12-01ZscalerZscaler
@online{zscaler:20221201:back:43320e6, author = {Zscaler}, title = {{Back in Black... Basta - Technical Analysis of BlackBasta Ransomware 2.0}}, date = {2022-12-01}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/back-black-basta}, language = {English}, urldate = {2022-12-02} } Back in Black... Basta - Technical Analysis of BlackBasta Ransomware 2.0
Black Basta
2022-12-01CISACISA
@techreport{cisa:20221201:stopransomware:de73b79, author = {CISA}, title = {{#StopRansomware: Cuba Ransomware}}, date = {2022-12-01}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/aa22-335a-stopransomware-cuba-ransomware.pdf}, language = {English}, urldate = {2022-12-02} } #StopRansomware: Cuba Ransomware
Cuba
2022-12-01mostwanted002
@online{mostwanted002:20221201:malware:c0d4dc7, author = {mostwanted002}, title = {{Malware Analysis and Triage Report : PirateStealer - Discord_beta.exe}}, date = {2022-12-01}, url = {https://mostwanted002.cf/post/malware-analysis-and-triage-report-piratestealer/}, language = {English}, urldate = {2022-12-01} } Malware Analysis and Triage Report : PirateStealer - Discord_beta.exe
PirateStealer
2022-11-30BitSightAndré Tavares
@online{tavares:20221130:unpacking:a15d3e0, author = {André Tavares}, title = {{Unpacking Colibri Loader: A Russian APT linked Campaign}}, date = {2022-11-30}, organization = {BitSight}, url = {https://www.bitsight.com/blog/unpacking-colibri-loader-russian-apt-linked-campaign}, language = {English}, urldate = {2022-12-02} } Unpacking Colibri Loader: A Russian APT linked Campaign
Colibri Loader PrivateLoader
2022-11-30Tidal Cyber Inc.Scott Small
@online{small:20221130:identifying:ed7c4b3, author = {Scott Small}, title = {{Identifying and Defending Against QakBot's Evolving TTPs}}, date = {2022-11-30}, organization = {Tidal Cyber Inc.}, url = {https://www.tidalcyber.com/blog/identifying-and-defending-against-qakbots-evolving-ttps}, language = {English}, urldate = {2022-12-02} } Identifying and Defending Against QakBot's Evolving TTPs
QakBot
2022-11-30FFRI SecurityMatsumoto
@online{matsumoto:20221130:evolution:29e9b4c, author = {Matsumoto}, title = {{Evolution of the PlugX loader}}, date = {2022-11-30}, organization = {FFRI Security}, url = {https://engineers.ffri.jp/entry/2022/11/30/141346}, language = {Japanese}, urldate = {2022-12-01} } Evolution of the PlugX loader
PlugX Poison Ivy
2022-11-30ESET ResearchFilip Jurčacko
@online{juracko:20221130:whos:f177390, author = {Filip Jurčacko}, title = {{Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin}}, date = {2022-11-30}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/11/30/whos-swimming-south-korean-waters-meet-scarcrufts-dolphin/}, language = {English}, urldate = {2022-12-01} } Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin
2022-11-30SophosAndrew Brandt
@online{brandt:20221130:lockbit:7d7598f, author = {Andrew Brandt}, title = {{LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling}}, date = {2022-11-30}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/11/30/lockbit-3-0-black-attacks-and-leaks-reveal-wormable-capabilities-and-tooling/}, language = {English}, urldate = {2022-12-02} } LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling
LockBit
2022-11-29QianxinRed Raindrop Team
@online{team:20221129:job:1749e9c, author = {Red Raindrop Team}, title = {{Job hunting trap: Analysis of Lazarus attack activities using recruitment information such as Mizuho Bank of Japan as bait}}, date = {2022-11-29}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/nnLqUBPX8xZ3hCr5u-iSjQ}, language = {Chinese}, urldate = {2022-12-01} } Job hunting trap: Analysis of Lazarus attack activities using recruitment information such as Mizuho Bank of Japan as bait
2022-11-29Recorded FutureRecorded Future
@techreport{future:20221129:suspected:199acb1, author = {Recorded Future}, title = {{Suspected Iran-Nexus TAG-56 Uses UAE Forum Lure for Credential Theft Against US Think Tank}}, date = {2022-11-29}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2022-1129.pdf}, language = {English}, urldate = {2022-12-02} } Suspected Iran-Nexus TAG-56 Uses UAE Forum Lure for Credential Theft Against US Think Tank
2022-11-28MandiantRyan Tomcik, John Wolfram, Tommy Dacanay, Geoff Ackerman
@online{tomcik:20221128:always:f073a0d, author = {Ryan Tomcik and John Wolfram and Tommy Dacanay and Geoff Ackerman}, title = {{Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia}}, date = {2022-11-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/china-nexus-espionage-southeast-asia}, language = {English}, urldate = {2022-12-02} } Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia
BLUEHAZE DARKDEW MISTCLOAK
2022-11-28The DFIR ReportThe DFIR Report
@online{report:20221128:emotet:53a5fed, author = {The DFIR Report}, title = {{Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware}}, date = {2022-11-28}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2022/11/28/emotet-strikes-again-lnk-file-leads-to-domain-wide-ransomware/}, language = {English}, urldate = {2022-11-28} } Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware
Emotet Mount Locker
2022-11-27cocomelonccocomelonc
@online{cocomelonc:20221127:malware:e3f9492, author = {cocomelonc}, title = {{Malware development tricks: part 24. ListPlanting. Simple C++ example.}}, date = {2022-11-27}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2022/11/27/malware-tricks-24.html}, language = {English}, urldate = {2022-11-28} } Malware development tricks: part 24. ListPlanting. Simple C++ example.
InvisiMole
2022-11-27SecurityScorecardVlad Pasca
@online{pasca:20221127:technical:c2326cf, author = {Vlad Pasca}, title = {{A Technical Analysis of Royal Ransomware}}, date = {2022-11-27}, organization = {SecurityScorecard}, url = {https://securityscorecard.pathfactory.com/research/the-royal-ransomware}, language = {English}, urldate = {2022-11-28} } A Technical Analysis of Royal Ransomware
Royal Ransom
2022-11-26BushidoToken BlogBushidoToken
@online{bushidotoken:20221126:detecting:e5cee52, author = {BushidoToken}, title = {{Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms}}, date = {2022-11-26}, organization = {BushidoToken Blog}, url = {https://blog.bushidotoken.net/2022/11/detecting-and-fingerprinting.html}, language = {English}, urldate = {2022-11-28} } Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms
CollectorGoomba Misha TitanStealer
2022-11-25NL TimesNL Times
@online{times:20221125:russian:0a11bb6, author = {NL Times}, title = {{Russian hackers targeting Dutch gas terminal}}, date = {2022-11-25}, organization = {NL Times}, url = {https://nltimes.nl/2022/11/25/russian-hackers-targeting-dutch-gas-terminal-report}, language = {English}, urldate = {2022-12-01} } Russian hackers targeting Dutch gas terminal
2022-11-25Github (struppigel)Karsten Hahn
@online{hahn:20221125:python:ec3b5d3, author = {Karsten Hahn}, title = {{Python script to decode NightHawk strings}}, date = {2022-11-25}, organization = {Github (struppigel)}, url = {https://github.com/struppigel/hedgehog-tools/blob/main/nighthawk_str_decoder.py}, language = {English}, urldate = {2022-11-28} } Python script to decode NightHawk strings
Nighthawk
2022-11-24ExploitReversingAlexandre Borges
@techreport{borges:20221124:malware:a5021aa, author = {Alexandre Borges}, title = {{Malware Analysis Series (MAS): Article 6}}, date = {2022-11-24}, institution = {ExploitReversing}, url = {https://exploitreversing.files.wordpress.com/2022/11/mas_6-1.pdf}, language = {English}, urldate = {2022-11-25} } Malware Analysis Series (MAS): Article 6
Ave Maria