Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-06-22Twitter (@Cryptolaemus1)Cryptolaemus, Kirk Sayre, dao ming si
@online{cryptolaemus:20210622:ta575:895ac37, author = {Cryptolaemus and Kirk Sayre and dao ming si}, title = {{Tweet on TA575, a Dridex affiliate delivering cobaltstrike (packed withe Cryptone) directly via the macro docs}}, date = {2021-06-22}, organization = {Twitter (@Cryptolaemus1)}, url = {https://twitter.com/Cryptolaemus1/status/1407135648528711680}, language = {English}, urldate = {2021-06-22} } Tweet on TA575, a Dridex affiliate delivering cobaltstrike (packed withe Cryptone) directly via the macro docs
Cobalt Strike Dridex
2021-06-21Minerva LabsMinerva Labs
@online{labs:20210621:sload:523f242, author = {Minerva Labs}, title = {{Sload Targeting Europe Again}}, date = {2021-06-21}, organization = {Minerva Labs}, url = {https://blog.minerva-labs.com/sload-targeting-europe-again}, language = {English}, urldate = {2021-06-22} } Sload Targeting Europe Again
sLoad
2021-06-21RECON INFOSECAndrew Cook
@online{cook:20210621:encounter:a6f5f76, author = {Andrew Cook}, title = {{An Encounter With Ransomware-as-a-Service: MEGAsync Analysis}}, date = {2021-06-21}, organization = {RECON INFOSEC}, url = {https://blog.reconinfosec.com/megasync-analysis/}, language = {English}, urldate = {2021-06-22} } An Encounter With Ransomware-as-a-Service: MEGAsync Analysis
2021-06-21Stratosphere LabKamila Babayeva, Sebastian García
@online{babayeva:20210621:dissecting:98ec148, author = {Kamila Babayeva and Sebastian García}, title = {{Dissecting a RAT. Analysis of the Saefko RAT.}}, date = {2021-06-21}, organization = {Stratosphere Lab}, url = {https://www.stratosphereips.org/blog/2021/6/2/dissecting-a-rat-analysis-of-the-saefko-rat}, language = {English}, urldate = {2021-06-22} } Dissecting a RAT. Analysis of the Saefko RAT.
2021-06-21Medium elis531989Eli Salem
@online{salem:20210621:dissecting:295cc4b, author = {Eli Salem}, title = {{Dissecting and automating Hancitor’s config extraction}}, date = {2021-06-21}, organization = {Medium elis531989}, url = {https://elis531989.medium.com/dissecting-and-automating-hancitors-config-extraction-1a6ed85d99b8}, language = {English}, urldate = {2021-06-22} } Dissecting and automating Hancitor’s config extraction
Hancitor
2021-06-21payload.plMarzena Banasiak-Mrozek
@online{banasiakmrozek:20210621:lolifox:7b82098, author = {Marzena Banasiak-Mrozek}, title = {{Lolifox – kto za nim stał i co się z nim stało?}}, date = {2021-06-21}, organization = {payload.pl}, url = {https://payload.pl/co-sie-stalo-z-lolifoxem/}, language = {Polish}, urldate = {2021-06-22} } Lolifox – kto za nim stał i co się z nim stało?
2021-06-21AlienVaultAT&T Alien Labs
@online{labs:20210621:darkside:9f1da07, author = {AT&T Alien Labs}, title = {{Darkside RaaS in Linux version}}, date = {2021-06-21}, organization = {AlienVault}, url = {https://otx.alienvault.com/pulse/60d0afbc395c24edefb33bb9}, language = {English}, urldate = {2021-06-22} } Darkside RaaS in Linux version
DarkSide
2021-06-21sonatypeAx Sharma
@online{sharma:20210621:sonatype:4a46fd1, author = {Ax Sharma}, title = {{Sonatype Catches New PyPI Cryptomining Malware}}, date = {2021-06-21}, organization = {sonatype}, url = {https://blog.sonatype.com/sonatype-catches-new-pypi-cryptomining-malware-via-automated-detection}, language = {English}, urldate = {2021-06-22} } Sonatype Catches New PyPI Cryptomining Malware
2021-06-20SquiblydooSquiblydoo
@online{squiblydoo:20210620:marsdeimos:f574072, author = {Squiblydoo}, title = {{Mars-Deimos: From Jupiter to Mars and Back again (Part Two)}}, date = {2021-06-20}, organization = {Squiblydoo}, url = {https://squiblydoo.blog/2021/06/20/mars-deimos-from-jupiter-to-mars-and-back-again-part-two/}, language = {English}, urldate = {2021-06-22} } Mars-Deimos: From Jupiter to Mars and Back again (Part Two)
Jupyter Stealer
2021-06-20The DFIR ReportThe DFIR Report
@online{report:20210620:from:aadb7e8, author = {The DFIR Report}, title = {{From Word to Lateral Movement in 1 Hour}}, date = {2021-06-20}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/06/20/from-word-to-lateral-movement-in-1-hour/}, language = {English}, urldate = {2021-06-22} } From Word to Lateral Movement in 1 Hour
Cobalt Strike IcedID
2021-06-20Ashwathi Sasi
@online{sasi:20210620:sorcery:029bf20, author = {Ashwathi Sasi}, title = {{The Sorcery of Malware Reverse Engineering}}, date = {2021-06-20}, url = {https://docs.google.com/presentation/d/1W3GbGnRGBqqvS4Cbz3I2CzH6eJO3JRujWW83tUdFHdE}, language = {English}, urldate = {2021-06-22} } The Sorcery of Malware Reverse Engineering
2021-06-19SWITCH Security BlogDaniel Stirnimann
@online{stirnimann:20210619:android:ecea911, author = {Daniel Stirnimann}, title = {{Android FluBot enters Switzerland}}, date = {2021-06-19}, organization = {SWITCH Security Blog}, url = {https://securityblog.switch.ch/2021/06/19/android-flubot-enters-switzerland/}, language = {English}, urldate = {2021-06-22} } Android FluBot enters Switzerland
FluBot
2021-06-18Bleeping ComputerSergiu Gatlan
@online{gatlan:20210618:poland:624cade, author = {Sergiu Gatlan}, title = {{Poland blames Russia for breach, theft of Polish officials' emails}}, date = {2021-06-18}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/poland-blames-russia-for-breach-theft-of-polish-officials-emails/}, language = {English}, urldate = {2021-06-22} } Poland blames Russia for breach, theft of Polish officials' emails
2021-06-18Chosun Biz손덕호 기자, Son Deok-ho
@online{:20210618:atomic:d62e18f, author = {손덕호 기자 and Son Deok-ho}, title = {{The Atomic Energy Research Institute has been breached by a North Korean hacker organization Kimsuky}}, date = {2021-06-18}, organization = {Chosun Biz}, url = {https://biz.chosun.com/policy/politics/2021/06/18/V4DTFCEXPRA4DFCBVVJO3DPR5I/}, language = {Korean}, urldate = {2021-06-22} } The Atomic Energy Research Institute has been breached by a North Korean hacker organization Kimsuky
2021-06-18CrowdStrikeJosh Dalman, Heather Smith
@online{dalman:20210618:ransomware:2c31db2, author = {Josh Dalman and Heather Smith}, title = {{Ransomware Actors Evolved Their Operations in 2020}}, date = {2021-06-18}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/ransomware-actors-evolved-operations-in-2020/}, language = {English}, urldate = {2021-06-22} } Ransomware Actors Evolved Their Operations in 2020
2021-06-18SecurityScorecardRyan Sherstobitoff
@online{sherstobitoff:20210618:securityscorecard:0000641, author = {Ryan Sherstobitoff}, title = {{SecurityScorecard Finds USAID Hack Much Larger Than Initially Thought}}, date = {2021-06-18}, organization = {SecurityScorecard}, url = {https://securityscorecard.com/blog/securityscorecard-finds-usaid-hack-much-larger-than-initially-thought}, language = {English}, urldate = {2021-06-22} } SecurityScorecard Finds USAID Hack Much Larger Than Initially Thought
Cobalt Strike
2021-06-18NSFOCUSFuying Laboratory
@online{laboratory:20210618:ryuk:2330d16, author = {Fuying Laboratory}, title = {{Ryuk Botnet, Simps Botnet, Gods of Destny Botnet}}, date = {2021-06-18}, organization = {NSFOCUS}, url = {http://blog.nsfocus.net/ryuk-botnet/}, language = {Chinese}, urldate = {2021-06-22} } Ryuk Botnet, Simps Botnet, Gods of Destny Botnet
2021-06-18YouTube (jnpc)Yuu Arai, Twitter (@yarai1978)
@online{arai:20210618:cyber:efd5b54, author = {Yuu Arai and Twitter (@yarai1978)}, title = {{"Cyber ​​Security" Yu Arai, NTT DATA Executive Security Analyst}}, date = {2021-06-18}, organization = {YouTube (jnpc)}, url = {https://www.youtube.com/watch?v=2GRhJgF49vA&ab_channel=jnpc}, language = {Japanese}, urldate = {2021-06-22} } "Cyber ​​Security" Yu Arai, NTT DATA Executive Security Analyst
2021-06-18PRODAFT Threat IntelligencePRODAFT
@techreport{prodaft:20210618:lockbit:783c679, author = {PRODAFT}, title = {{LockBit RaaSIn-Depth Analysis}}, date = {2021-06-18}, institution = {PRODAFT Threat Intelligence}, url = {https://www.prodaft.com/m/reports/LockBit_Case_Report___TLPWHITE.pdf}, language = {English}, urldate = {2021-06-22} } LockBit RaaSIn-Depth Analysis
LockBit
2021-06-17struppigelKarsten Hahn
@online{hahn:20210617:network:63e106b, author = {Karsten Hahn}, title = {{Tweet on Network filter rootkit driver signed by Microsoft}}, date = {2021-06-17}, organization = {struppigel}, url = {https://twitter.com/struppigel/status/1405483373280235520}, language = {English}, urldate = {2021-06-22} } Tweet on Network filter rootkit driver signed by Microsoft