Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-12-06BitSightJoão Batista
@online{batista:20221206:cova:a19beea, author = {João Batista}, title = {{Cova and Nosu: a new loader spreads a new stealer}}, date = {2022-12-06}, organization = {BitSight}, url = {https://www.bitsight.com/blog/cova-and-nosu-new-loader-spreads-new-stealer}, language = {English}, urldate = {2022-12-07} } Cova and Nosu: a new loader spreads a new stealer
Cova Nosu
2022-12-06BlackberryBlackBerry Research & Intelligence Team
@online{team:20221206:mustang:fa0e3e1, author = {BlackBerry Research & Intelligence Team}, title = {{Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets}}, date = {2022-12-06}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/12/mustang-panda-uses-the-russian-ukrainian-war-to-attack-europe-and-asia-pacific-targets}, language = {English}, urldate = {2022-12-06} } Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets
PlugX
2022-12-05CybereasonKotaro Ogino, Ralph Villanueva, Robin Plumer
@online{ogino:20221205:threat:b2ffad4, author = {Kotaro Ogino and Ralph Villanueva and Robin Plumer}, title = {{Threat Analysis: MSI - Masquerading as a Software Installer}}, date = {2022-12-05}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-msi-masquerading-as-software-installer}, language = {English}, urldate = {2022-12-05} } Threat Analysis: MSI - Masquerading as a Software Installer
Magniber Matanbuchus QakBot
2022-12-05PWCPWC
@online{pwc:20221205:blue:65bf05b, author = {PWC}, title = {{Blue Callisto orbits around US Laboratories in 2022}}, date = {2022-12-05}, organization = {PWC}, url = {https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/blue-callisto-orbits-around-us.html}, language = {English}, urldate = {2022-12-06} } Blue Callisto orbits around US Laboratories in 2022
2022-12-05Sekoiasekoia, Threat & Detection Research Team
@online{sekoia:20221205:calisto:cef50e0, author = {sekoia and Threat & Detection Research Team}, title = {{Calisto show interests into entities involved in Ukraine war support}}, date = {2022-12-05}, organization = {Sekoia}, url = {https://blog.sekoia.io/calisto-show-interests-into-entities-involved-in-ukraine-war-support/}, language = {English}, urldate = {2022-12-06} } Calisto show interests into entities involved in Ukraine war support
2022-12-05Recorded FutureRecorded Future
@online{future:20221205:exposing:702c2a5, author = {Recorded Future}, title = {{Exposing TAG-53’s Credential Harvesting Infrastructure Used for Russia-Aligned Espionage Operations}}, date = {2022-12-05}, organization = {Recorded Future}, url = {https://www.recordedfuture.com/exposing-tag-53-credential-harvesting-infrastructure-for-russia-aligned-espionage-operations}, language = {English}, urldate = {2022-12-06} } Exposing TAG-53’s Credential Harvesting Infrastructure Used for Russia-Aligned Espionage Operations
2022-12-03MicrosoftCliff Watts
@online{watts:20221203:preparing:139621a, author = {Cliff Watts}, title = {{Preparing for a Russian cyber offensive against Ukraine this winter}}, date = {2022-12-03}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2022/12/03/preparing-russian-cyber-offensive-ukraine/}, language = {English}, urldate = {2022-12-05} } Preparing for a Russian cyber offensive against Ukraine this winter
CaddyWiper HermeticWiper Prestige
2022-12-02Github (binref)Jesko Hüttenhain
@online{httenhain:20221202:refinery:ee32690, author = {Jesko Hüttenhain}, title = {{The Refinery Files 0x06: Qakbot Decoder}}, date = {2022-12-02}, organization = {Github (binref)}, url = {https://github.com/binref/refinery/blob/master/tutorials/tbr-files.v0x06.Qakbot.Decoder.ipynb}, language = {English}, urldate = {2022-12-02} } The Refinery Files 0x06: Qakbot Decoder
QakBot
2022-12-02K7 SecurityRahul R
@online{r:20221202:koivm:2250d72, author = {Rahul R}, title = {{KoiVM Loader Resurfaces With a Bang}}, date = {2022-12-02}, organization = {K7 Security}, url = {https://labs.k7computing.com/index.php/koivm-loader-resurfaces-with-a-bang/}, language = {English}, urldate = {2022-12-05} } KoiVM Loader Resurfaces With a Bang
KoiVM
2022-12-02Avast DecodedThreat Intelligence Team
@online{team:20221202:hitching:0cb7557, author = {Threat Intelligence Team}, title = {{Hitching a ride with Mustang Panda}}, date = {2022-12-02}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatintel/apt-treasure-trove-avast-suspects-chinese-apt-group-mustang-panda-is-collecting-data-from-burmese-government-agencies-and-opposition-groups/}, language = {English}, urldate = {2022-12-02} } Hitching a ride with Mustang Panda
PlugX
2022-12-02Palo Alto Networks Unit 42Dominik Reichel, Esmid Idrizovic, Bob Jung
@online{reichel:20221202:blowing:0698d7a, author = {Dominik Reichel and Esmid Idrizovic and Bob Jung}, title = {{Blowing Cobalt Strike Out of the Water With Memory Analysis}}, date = {2022-12-02}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-memory-analysis/}, language = {English}, urldate = {2022-12-05} } Blowing Cobalt Strike Out of the Water With Memory Analysis
Cobalt Strike
2022-12-01KasperskyFyodor Sinitsyn, Yanis Zinchenko
@online{sinitsyn:20221201:crywiper:a9785ec, author = {Fyodor Sinitsyn and Yanis Zinchenko}, title = {{Новый троянец CryWiper прикидывается шифровальщиком}}, date = {2022-12-01}, organization = {Kaspersky}, url = {https://securelist.ru/novyj-troyanec-crywiper/106114/}, language = {Russian}, urldate = {2022-12-06} } Новый троянец CryWiper прикидывается шифровальщиком
2022-12-01ZscalerZscaler
@online{zscaler:20221201:back:43320e6, author = {Zscaler}, title = {{Back in Black... Basta - Technical Analysis of BlackBasta Ransomware 2.0}}, date = {2022-12-01}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/back-black-basta}, language = {English}, urldate = {2022-12-02} } Back in Black... Basta - Technical Analysis of BlackBasta Ransomware 2.0
Black Basta
2022-12-01CISACISA
@techreport{cisa:20221201:stopransomware:de73b79, author = {CISA}, title = {{#StopRansomware: Cuba Ransomware}}, date = {2022-12-01}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/aa22-335a-stopransomware-cuba-ransomware.pdf}, language = {English}, urldate = {2022-12-02} } #StopRansomware: Cuba Ransomware
Cuba
2022-12-01mostwanted002
@online{mostwanted002:20221201:malware:c0d4dc7, author = {mostwanted002}, title = {{Malware Analysis and Triage Report : PirateStealer - Discord_beta.exe}}, date = {2022-12-01}, url = {https://mostwanted002.cf/post/malware-analysis-and-triage-report-piratestealer/}, language = {English}, urldate = {2022-12-01} } Malware Analysis and Triage Report : PirateStealer - Discord_beta.exe
PirateStealer
2022-12-01splunkSplunk Threat Research Team
@online{team:20221201:from:4ac8d82, author = {Splunk Threat Research Team}, title = {{From Macros to No Macros: Continuous Malware Improvements by QakBot}}, date = {2022-12-01}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/from-macros-to-no-macros-continuous-malware-improvements-by-qakbot.html}, language = {English}, urldate = {2022-12-05} } From Macros to No Macros: Continuous Malware Improvements by QakBot
QakBot
2022-11-30BitSightAndré Tavares
@online{tavares:20221130:unpacking:a15d3e0, author = {André Tavares}, title = {{Unpacking Colibri Loader: A Russian APT linked Campaign}}, date = {2022-11-30}, organization = {BitSight}, url = {https://www.bitsight.com/blog/unpacking-colibri-loader-russian-apt-linked-campaign}, language = {English}, urldate = {2022-12-02} } Unpacking Colibri Loader: A Russian APT linked Campaign
Colibri Loader PrivateLoader
2022-11-30Tidal Cyber Inc.Scott Small
@online{small:20221130:identifying:ed7c4b3, author = {Scott Small}, title = {{Identifying and Defending Against QakBot's Evolving TTPs}}, date = {2022-11-30}, organization = {Tidal Cyber Inc.}, url = {https://www.tidalcyber.com/blog/identifying-and-defending-against-qakbots-evolving-ttps}, language = {English}, urldate = {2022-12-02} } Identifying and Defending Against QakBot's Evolving TTPs
QakBot
2022-11-30ESET ResearchFilip Jurčacko
@online{juracko:20221130:whos:f177390, author = {Filip Jurčacko}, title = {{Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin}}, date = {2022-11-30}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/11/30/whos-swimming-south-korean-waters-meet-scarcrufts-dolphin/}, language = {English}, urldate = {2022-12-01} } Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin
2022-11-30SophosAndrew Brandt
@online{brandt:20221130:lockbit:7d7598f, author = {Andrew Brandt}, title = {{LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling}}, date = {2022-11-30}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/11/30/lockbit-3-0-black-attacks-and-leaks-reveal-wormable-capabilities-and-tooling/}, language = {English}, urldate = {2022-12-02} } LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling
LockBit