Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-09-18Github (gdbinit)Pedro Vilaça
@online{vilaa:20200918:evilquestthiefquest:a7625a8, author = {Pedro Vilaça}, title = {{EvilQuest/ThiefQuest strings decrypt/deobfuscator}}, date = {2020-09-18}, organization = {Github (gdbinit)}, url = {https://github.com/gdbinit/evilquest_deobfuscator}, language = {English}, urldate = {2020-09-19} } EvilQuest/ThiefQuest strings decrypt/deobfuscator
EvilQuest
2020-09-17Max Kersten's BlogMax Kersten
@online{kersten:20200917:automatic:8b19414, author = {Max Kersten}, title = {{Automatic ReZer0 payload and configuration extraction}}, date = {2020-09-17}, organization = {Max Kersten's Blog}, url = {https://maxkersten.nl/binary-analysis-course/analysis-scripts/automatic-rezer0-payload-and-configuration-extraction/}, language = {English}, urldate = {2020-09-18} } Automatic ReZer0 payload and configuration extraction
2020-09-16FBIFBI
@techreport{fbi:20200916:fbi:76fd945, author = {FBI}, title = {{FBI Flash AC-000133-TT: Indictment of China-Based Cyber Actors Associated with APT 41for Intrusion Activities}}, date = {2020-09-16}, institution = {FBI}, url = {https://assets.documentcloud.org/documents/7210602/FLASH-AC-000133-TT-Published.pdf}, language = {English}, urldate = {2020-09-18} } FBI Flash AC-000133-TT: Indictment of China-Based Cyber Actors Associated with APT 41for Intrusion Activities
Axiom
2020-09-16Department of JusticeDepartment of Justice
@online{justice:20200916:seven:d4591b9, author = {Department of Justice}, title = {{Seven International Cyber Defendants, Including “Apt41” Actors, Charged In Connection With Computer Intrusion Campaigns Against More Than 100 Victims Globally}}, date = {2020-09-16}, organization = {Department of Justice}, url = {https://www.justice.gov/opa/pr/seven-international-cyber-defendants-including-apt41-actors-charged-connection-computer}, language = {English}, urldate = {2020-09-18} } Seven International Cyber Defendants, Including “Apt41” Actors, Charged In Connection With Computer Intrusion Campaigns Against More Than 100 Victims Globally
Axiom
2020-09-15US-CERTUS-CERT
@online{uscert:20200915:alert:13d0ab3, author = {US-CERT}, title = {{Alert (AA20-259A): Iran-Based Threat Actor Exploits VPN Vulnerabilities}}, date = {2020-09-15}, organization = {US-CERT}, url = {https://us-cert.cisa.gov/ncas/alerts/aa20-259a}, language = {English}, urldate = {2020-09-16} } Alert (AA20-259A): Iran-Based Threat Actor Exploits VPN Vulnerabilities
CHINACHOPPER Fox Kitten
2020-09-15CheckpointDavid Driker, Amir Landau
@online{driker:20200915:rudeminer:1cea628, author = {David Driker and Amir Landau}, title = {{Rudeminer, Blacksquid and Lucifer Walk Into A Bar}}, date = {2020-09-15}, organization = {Checkpoint}, url = {https://research.checkpoint.com/2020/rudeminer-blacksquid-and-lucifer-walk-into-a-bar/}, language = {English}, urldate = {2020-09-18} } Rudeminer, Blacksquid and Lucifer Walk Into A Bar
Lucifer
2020-09-15US-CERTUS-CERT
@online{uscert:20200915:malware:8345418, author = {US-CERT}, title = {{Malware Analysis Report (AR20-259A): Iranian Web Shells}}, date = {2020-09-15}, organization = {US-CERT}, url = {https://us-cert.cisa.gov/ncas/analysis-reports/ar20-259a}, language = {English}, urldate = {2020-09-16} } Malware Analysis Report (AR20-259A): Iranian Web Shells
CHINACHOPPER
2020-09-15CrowdStrikeCrowdStrike Overwatch Team
@techreport{team:20200915:nowhere:284220e, author = {CrowdStrike Overwatch Team}, title = {{Nowhere to Hide - 2020 Threat Hunting Report}}, date = {2020-09-15}, institution = {CrowdStrike}, url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020OverWatchNowheretoHide.pdf}, language = {English}, urldate = {2020-09-18} } Nowhere to Hide - 2020 Threat Hunting Report
NedDnLoader
2020-09-15Seguranca InformaticaPedro Tavares
@online{tavares:20200915:threat:e046dec, author = {Pedro Tavares}, title = {{Threat analysis: The emergent URSA trojan impacts many countries using a sophisticated loader}}, date = {2020-09-15}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/}, language = {English}, urldate = {2020-09-16} } Threat analysis: The emergent URSA trojan impacts many countries using a sophisticated loader
2020-09-15Recorded FutureInsikt Group®
@techreport{group:20200915:back:2c78a6f, author = {Insikt Group®}, title = {{Back Despite Disruption: RedDelta Resumes Operations}}, date = {2020-09-15}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2020-0915.pdf}, language = {English}, urldate = {2020-09-16} } Back Despite Disruption: RedDelta Resumes Operations
PlugX
2020-09-14US-CERTUS-CERT
@online{uscert:20200914:alert:71b6963, author = {US-CERT}, title = {{Alert (AA20-258A): Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity}}, date = {2020-09-14}, organization = {US-CERT}, url = {https://us-cert.cisa.gov/ncas/alerts/aa20-258a}, language = {English}, urldate = {2020-09-16} } Alert (AA20-258A): Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity
2020-09-13Twitter (@bartblaze)BartBlaze
@online{bartblaze:20200913:cryakl:3d29bf0, author = {BartBlaze}, title = {{Tweet on Cryakl 2.0.0.0}}, date = {2020-09-13}, organization = {Twitter (@bartblaze)}, url = {https://twitter.com/bartblaze/status/1305197264332369920}, language = {English}, urldate = {2020-09-15} } Tweet on Cryakl 2.0.0.0
Cryakl
2020-09-11ThreatConnectThreatConnect Research Team
@online{team:20200911:research:edfb074, author = {ThreatConnect Research Team}, title = {{Research Roundup: Activity on Previously Identified APT33 Domains}}, date = {2020-09-11}, organization = {ThreatConnect}, url = {https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/}, language = {English}, urldate = {2020-09-15} } Research Roundup: Activity on Previously Identified APT33 Domains
Emotet PlugX APT33
2020-09-11VinCSSm4n0w4r
@online{m4n0w4r:20200911:re016:5134994, author = {m4n0w4r}, title = {{[RE016] Malware Analysis: ModiLoader}}, date = {2020-09-11}, organization = {VinCSS}, url = {https://blog.vincss.net/2020/09/re016-malware-analysis-modiloader-eng.html}, language = {English}, urldate = {2020-09-11} } [RE016] Malware Analysis: ModiLoader
DBatLoader
2020-09-11KISAKrCERT
@techreport{krcert:20200911:analysis:490f2e3, author = {KrCERT}, title = {{Analysis of attacker's strategy of using malicious code}}, date = {2020-09-11}, institution = {KISA}, url = {https://www.boho.or.kr/filedownload.do?attach_file_seq=2517&attach_file_id=EpF2517.pdf}, language = {Korean}, urldate = {2020-09-15} } Analysis of attacker's strategy of using malicious code
2020-09-10SANS ISC InfoSec ForumsBrad Duncan
@online{duncan:20200910:recent:f9e103f, author = {Brad Duncan}, title = {{Recent Dridex activity}}, date = {2020-09-10}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/Recent+Dridex+activity/26550/}, language = {English}, urldate = {2020-09-15} } Recent Dridex activity
Dridex
2020-09-10ESET ResearchAnton Cherepanov
@online{cherepanov:20200910:who:2fdc6a6, author = {Anton Cherepanov}, title = {{Who is calling? CDRThief targets Linux VoIP softswitches}}, date = {2020-09-10}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2020/09/10/who-callin-cdrthief-linux-voip-softswitches/}, language = {English}, urldate = {2020-09-15} } Who is calling? CDRThief targets Linux VoIP softswitches
CDRThief
2020-09-10MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20200910:strontium:eeaafcd, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{STRONTIUM: Detecting new patterns in credential harvesting}}, date = {2020-09-10}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/09/10/strontium-detecting-new-patters-credential-harvesting/}, language = {English}, urldate = {2020-09-15} } STRONTIUM: Detecting new patterns in credential harvesting
Sofacy
2020-09-10Group-IBOleg Skulkin, Semyon Rogachev
@online{skulkin:20200910:lock:a6f630a, author = {Oleg Skulkin and Semyon Rogachev}, title = {{Lock Like a Pro: Dive in Recent ProLock's Big Game Hunting}}, date = {2020-09-10}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/prolock_evolution}, language = {English}, urldate = {2020-09-15} } Lock Like a Pro: Dive in Recent ProLock's Big Game Hunting
PwndLocker QakBot
2020-09-10Kaspersky LabsGReAT
@online{great:20200910:overview:f751b73, author = {GReAT}, title = {{An overview of targeted attacks and APTs on Linux}}, date = {2020-09-10}, organization = {Kaspersky Labs}, url = {https://securelist.com/an-overview-of-targeted-attacks-and-apts-on-linux/98440/}, language = {English}, urldate = {2020-09-15} } An overview of targeted attacks and APTs on Linux