Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-07-01cybleCyble
@online{cyble:20220701:xloader:dd3b118, author = {Cyble}, title = {{Xloader Returns With New Infection Technique}}, date = {2022-07-01}, organization = {cyble}, url = {https://blog.cyble.com/2022/07/01/xloader-returns-with-new-infection-technique/}, language = {English}, urldate = {2022-07-01} } Xloader Returns With New Infection Technique
Formbook
2022-06-29Github (vc0RExor)Aaron Jornet Sales
@techreport{sales:20220629:machete:a0bb28d, author = {Aaron Jornet Sales}, title = {{Machete Weapons Lokibot - A Malware Report}}, date = {2022-06-29}, institution = {Github (vc0RExor)}, url = {https://github.com/vc0RExor/Malware-Threat-Reports/blob/main/Lokibot/Machete-Weapons-Lokibot/Machete%20weapons-Lokibot_EN.pdf}, language = {English}, urldate = {2022-06-30} } Machete Weapons Lokibot - A Malware Report
LokiBot
2022-06-29IntezerJoakim Kennedy
@online{kennedy:20220629:ytstealer:0c2bc5c, author = {Joakim Kennedy}, title = {{YTStealer Malware: “YouTube Cookies! Om Nom Nom Nom”}}, date = {2022-06-29}, organization = {Intezer}, url = {https://www.intezer.com/blog/research/ytstealer-malware-youtube-cookies/}, language = {English}, urldate = {2022-06-30} } YTStealer Malware: “YouTube Cookies! Om Nom Nom Nom”
YTStealer
2022-06-28AhnLabASEC
@online{asec:20220628:new:df3f9bf, author = {ASEC}, title = {{New Info-stealer Disguised as Crack Being Distributed}}, date = {2022-06-28}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/35981/}, language = {English}, urldate = {2022-06-30} } New Info-stealer Disguised as Crack Being Distributed
ClipBanker CryptBot Raccoon RedLine Stealer
2022-06-28Reversing LabsJoseph Edwards
@online{edwards:20220628:smashandgrab:115e907, author = {Joseph Edwards}, title = {{Smash-and-grab: AstraLocker 2.0 pushes ransomware direct from Office docs}}, date = {2022-06-28}, organization = {Reversing Labs}, url = {https://blog.reversinglabs.com/blog/smash-and-grab-astralocker-2-pushes-ransomware-direct-from-office-docs}, language = {English}, urldate = {2022-06-30} } Smash-and-grab: AstraLocker 2.0 pushes ransomware direct from Office docs
AstraLocker
2022-06-28LumenBlack Lotus Labs
@online{labs:20220628:zuorat:f60583e, author = {Black Lotus Labs}, title = {{ZuoRAT Hijacks SOHO Routers To Silently Stalk Networks}}, date = {2022-06-28}, organization = {Lumen}, url = {https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/}, language = {English}, urldate = {2022-06-30} } ZuoRAT Hijacks SOHO Routers To Silently Stalk Networks
ZuoRAT Cobalt Strike
2022-06-28GBHackers on SecurityGurubaran S
@online{s:20220628:black:e69f497, author = {Gurubaran S}, title = {{Black Basta Ransomware Emerging From Underground to Attack Corporate Networks}}, date = {2022-06-28}, organization = {GBHackers on Security}, url = {https://gbhackers.com/black-basta-ransomware/}, language = {English}, urldate = {2022-06-30} } Black Basta Ransomware Emerging From Underground to Attack Corporate Networks
Black Basta
2022-06-28BroadcomThreat Hunter Team, Vishal Kamble
@online{team:20220628:bumblebee:29809dd, author = {Threat Hunter Team and Vishal Kamble}, title = {{Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem}}, date = {2022-06-28}, organization = {Broadcom}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bumblebee-loader-cybercrime}, language = {English}, urldate = {2022-06-30} } Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem
BumbleBee
2022-06-28SekoiaThreat & Detection Research Team
@online{team:20220628:raccoon:98accde, author = {Threat & Detection Research Team}, title = {{Raccoon Stealer v2 – Part 1: The return of the dead}}, date = {2022-06-28}, organization = {Sekoia}, url = {https://blog.sekoia.io/raccoon-stealer-v2-part-1-the-return-of-the-dead/}, language = {English}, urldate = {2022-06-30} } Raccoon Stealer v2 – Part 1: The return of the dead
Raccoon
2022-06-28Twitter (@_icebre4ker_)Fr4
@online{fr4:20220628:revive:7582d22, author = {Fr4}, title = {{Revive and Coper are using similar phishing template and app}}, date = {2022-06-28}, organization = {Twitter (@_icebre4ker_)}, url = {https://twitter.com/_icebre4ker_/status/1541875982684094465}, language = {English}, urldate = {2022-06-29} } Revive and Coper are using similar phishing template and app
Coper
2022-06-27NetskopeGustavo Palazolo
@online{palazolo:20220627:emotet:e01f0fb, author = {Gustavo Palazolo}, title = {{Emotet: Still Abusing Microsoft Office Macros}}, date = {2022-06-27}, organization = {Netskope}, url = {https://www.netskope.com/blog/emotet-still-abusing-microsoft-office-macros}, language = {English}, urldate = {2022-06-30} } Emotet: Still Abusing Microsoft Office Macros
Emotet
2022-06-27Kaspersky ICS CERTArtem Snegirev, Kirill Kruglov
@online{snegirev:20220627:attacks:100c151, author = {Artem Snegirev and Kirill Kruglov}, title = {{Attacks on industrial control systems using ShadowPad}}, date = {2022-06-27}, organization = {Kaspersky ICS CERT}, url = {https://ics-cert.kaspersky.com/publications/reports/2022/06/27/attacks-on-industrial-control-systems-using-shadowpad/}, language = {English}, urldate = {2022-06-29} } Attacks on industrial control systems using ShadowPad
Cobalt Strike PlugX ShadowPad
2022-06-27InQuestIsabelle Quinn
@online{quinn:20220627:glowsand:deff96a, author = {Isabelle Quinn}, title = {{GlowSand}}, date = {2022-06-27}, organization = {InQuest}, url = {https://inquest.net/blog/2022/06/27/glowsand}, language = {English}, urldate = {2022-06-30} } GlowSand
2022-06-27ZscalerSudeep Singh, Sahil Antil
@online{singh:20220627:return:a09268a, author = {Sudeep Singh and Sahil Antil}, title = {{Return of the Evilnum APT with updated TTPs and new targets}}, date = {2022-06-27}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/return-evilnum-apt-updated-ttps-and-new-targets}, language = {English}, urldate = {2022-06-29} } Return of the Evilnum APT with updated TTPs and new targets
EVILNUM EVILNUM
2022-06-27CleafyCleafy
@online{cleafy:20220627:revive:e305f85, author = {Cleafy}, title = {{Revive: from spyware to Android banking trojan}}, date = {2022-06-27}, organization = {Cleafy}, url = {https://www.cleafy.com/cleafy-labs/revive-from-spyware-to-android-banking-trojan}, language = {English}, urldate = {2022-06-29} } Revive: from spyware to Android banking trojan
2022-06-26BushidoToken
@online{bushidotoken:20220626:overview:97370ff, author = {BushidoToken}, title = {{Overview of Russian GRU and SVR Cyberespionage Campaigns 1H 2022}}, date = {2022-06-26}, url = {https://blog.bushidotoken.net/2022/06/overview-of-russian-gru-and-svr.html}, language = {English}, urldate = {2022-06-27} } Overview of Russian GRU and SVR Cyberespionage Campaigns 1H 2022
Cobalt Strike EnvyScout
2022-06-24Palo Alto Networks Unit 42Mark Lim, Riley Porter
@online{lim:20220624:there:7a3b762, author = {Mark Lim and Riley Porter}, title = {{There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families}}, date = {2022-06-24}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/api-hammering-malware-families/}, language = {English}, urldate = {2022-06-27} } There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families
BazarBackdoor Zloader
2022-06-24XJuniorMohamed Ashraf
@online{ashraf:20220624:apt34:92c90d5, author = {Mohamed Ashraf}, title = {{APT34 - Saitama Agent}}, date = {2022-06-24}, organization = {XJunior}, url = {https://x-junior.github.io/malware%20analysis/2022/06/24/Apt34.html}, language = {English}, urldate = {2022-07-01} } APT34 - Saitama Agent
Saitama Backdoor
2022-06-24Soc InvestigationBalaGanesh
@online{balaganesh:20220624:icedid:2bb9d0d, author = {BalaGanesh}, title = {{IcedID Banking Trojan returns with new TTPS – Detection & Response}}, date = {2022-06-24}, organization = {Soc Investigation}, url = {https://www.socinvestigation.com/icedid-banking-trojan-returns-with-new-ttps-detection-response/}, language = {English}, urldate = {2022-06-27} } IcedID Banking Trojan returns with new TTPS – Detection & Response
IcedID
2022-06-24AhnLabASEC
@online{asec:20220624:lockbit:a98a9bb, author = {ASEC}, title = {{LockBit Ransomware Disguised as Copyright Claim E-mail Being Distributed}}, date = {2022-06-24}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/35822/}, language = {English}, urldate = {2022-06-27} } LockBit Ransomware Disguised as Copyright Claim E-mail Being Distributed
LockBit