Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-05-07Medium svch0stsvch0st
@online{svch0st:20210507:stats:11919e5, author = {svch0st}, title = {{Stats from Hunting Cobalt Strike Beacons}}, date = {2021-05-07}, organization = {Medium svch0st}, url = {https://svch0st.medium.com/stats-from-hunting-cobalt-strike-beacons-c17e56255f9b}, language = {English}, urldate = {2021-05-08} } Stats from Hunting Cobalt Strike Beacons
Cobalt Strike
2021-05-07MorphisecNadav Lorber
@online{lorber:20210507:revealing:add3b8a, author = {Nadav Lorber}, title = {{Revealing the ‘Snip3’ Crypter, a Highly Evasive RAT Loader}}, date = {2021-05-07}, organization = {Morphisec}, url = {https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader}, language = {English}, urldate = {2021-05-08} } Revealing the ‘Snip3’ Crypter, a Highly Evasive RAT Loader
Agent Tesla AsyncRAT Revenge RAT
2021-05-07Group-IBOleg Skulkin, Semyon Rogachev
@online{skulkin:20210507:connecting:49c0b13, author = {Oleg Skulkin and Semyon Rogachev}, title = {{Connecting the Bots Hancitor fuels Cuba Ransomware Operations}}, date = {2021-05-07}, organization = {Group-IB}, url = {https://blog.group-ib.com/hancitor-cuba-ransomware}, language = {English}, urldate = {2021-05-08} } Connecting the Bots Hancitor fuels Cuba Ransomware Operations
Cuba Ransomware Hancitor
2021-05-07GCHQNCSC UK, CISA, FBI, NSA
@techreport{uk:20210507:further:400b6a8, author = {NCSC UK and CISA and FBI and NSA}, title = {{Further TTPs associated with SVR cyber actors: Use of multiple publicly available exploits and Sliver framework to target organisations globally}}, date = {2021-05-07}, institution = {GCHQ}, url = {https://www.ncsc.gov.uk/files/Advisory-further-TTPs-associated-with-SVR-cyber-actors.pdf}, language = {English}, urldate = {2021-05-08} } Further TTPs associated with SVR cyber actors: Use of multiple publicly available exploits and Sliver framework to target organisations globally
2021-05-07Bleeping ComputerLawrence Abrams
@online{abrams:20210507:data:c674b2b, author = {Lawrence Abrams}, title = {{Data leak marketplaces aim to take over the extortion economy}}, date = {2021-05-07}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/data-leak-marketplaces-aim-to-take-over-the-extortion-economy/}, language = {English}, urldate = {2021-05-08} } Data leak marketplaces aim to take over the extortion economy
Babuk Ransomware Maze
2021-05-06KasperskyMark Lechtik, Giampaolo Dedola
@online{lechtik:20210506:operation:b437cc1, author = {Mark Lechtik and Giampaolo Dedola}, title = {{Operation TunnelSnake}}, date = {2021-05-06}, organization = {Kaspersky}, url = {https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/}, language = {English}, urldate = {2021-05-08} } Operation TunnelSnake
Moriya
2021-05-06IntrusiontruthIntrusiontruth
@online{intrusiontruth:20210506:with:a398f7e, author = {Intrusiontruth}, title = {{An APT with no name}}, date = {2021-05-06}, organization = {Intrusiontruth}, url = {https://intrusiontruth.wordpress.com/2021/05/06/an-apt-with-no-name/}, language = {English}, urldate = {2021-05-08} } An APT with no name
2021-05-06MIT Technology ReviewPatrick Howell O'Neill
@online{oneill:20210506:how:880a61c, author = {Patrick Howell O'Neill}, title = {{How China turned a prize-winning iPhone hack against the Uyghurs}}, date = {2021-05-06}, organization = {MIT Technology Review}, url = {https://www.technologyreview.com/2021/05/06/1024621/china-apple-spy-uyghur-hacker-tianfu/}, language = {English}, urldate = {2021-05-08} } How China turned a prize-winning iPhone hack against the Uyghurs
2021-05-06Sophos LabsTilly Travers
@online{travers:20210506:mtr:1f2feb4, author = {Tilly Travers}, title = {{MTR in Real Time: Pirates pave way for Ryuk ransomware}}, date = {2021-05-06}, organization = {Sophos Labs}, url = {https://news.sophos.com/en-us/2021/05/06/mtr-in-real-time-pirates-pave-way-for-ryuk-ransomware/}, language = {English}, urldate = {2021-05-08} } MTR in Real Time: Pirates pave way for Ryuk ransomware
Ryuk
2021-05-06CISACISA
@online{cisa:20210506:mar103247841v1:408b7aa, author = {CISA}, title = {{MAR-10324784-1.v1: FiveHands Ransomware}}, date = {2021-05-06}, organization = {CISA}, url = {https://us-cert.cisa.gov/ncas/analysis-reports/ar21-126b}, language = {English}, urldate = {2021-05-08} } MAR-10324784-1.v1: FiveHands Ransomware
FiveHands
2021-05-06Cyborg SecurityBrandon Denker
@online{denker:20210506:ransomware:a1f31df, author = {Brandon Denker}, title = {{Ransomware: Hunting for Inhibiting System Backup or Recovery}}, date = {2021-05-06}, organization = {Cyborg Security}, url = {https://www.cyborgsecurity.com/cyborg_labs/hunting-ransomware-inhibiting-system-backup-or-recovery/}, language = {English}, urldate = {2021-05-08} } Ransomware: Hunting for Inhibiting System Backup or Recovery
Avaddon Ransomware Conti Ransomware DarkSide LockBit Mailto Maze Mespinoza Nemty PwndLocker RagnarLocker RansomEXX REvil Ryuk Snatch ThunderX Ransomware
2021-05-06The Finnish Defense ForcesThe Finnish Defense Forces
@techreport{forces:20210506:finnish:a534e3b, author = {The Finnish Defense Forces}, title = {{Finnish Military Intelligence Review 2021}}, date = {2021-05-06}, institution = {The Finnish Defense Forces}, url = {https://assets.documentcloud.org/documents/20699312/pv_sotilastiedustelu_raportti_www_eng.pdf}, language = {English}, urldate = {2021-05-08} } Finnish Military Intelligence Review 2021
2021-05-06FacebookFacebook
@techreport{facebook:20210506:april:efdf147, author = {Facebook}, title = {{April 2021 Coordinated Inauthentic Behavior Report}}, date = {2021-05-06}, institution = {Facebook}, url = {https://about.fb.com/wp-content/uploads/2021/05/April-2021-CIB-Report.pdf}, language = {English}, urldate = {2021-05-08} } April 2021 Coordinated Inauthentic Behavior Report
2021-05-06BlackberryBlackBerry Research and Intelligence team
@online{team:20210506:threat:8bdd47b, author = {BlackBerry Research and Intelligence team}, title = {{Threat Thursday: Dr. REvil Ransomware Strikes Again, Employs Double Extortion Tactics}}, date = {2021-05-06}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/05/threat-thursday-dr-revil-ransomware-strikes-again-employs-double-extortion-tactics}, language = {English}, urldate = {2021-05-08} } Threat Thursday: Dr. REvil Ransomware Strikes Again, Employs Double Extortion Tactics
REvil
2021-05-06CISACISA
@online{cisa:20210506:analysis:9b259c7, author = {CISA}, title = {{Analysis Report: FiveHands Ransomware}}, date = {2021-05-06}, organization = {CISA}, url = {https://us-cert.cisa.gov/ncas/analysis-reports/ar21-126a}, language = {English}, urldate = {2021-05-08} } Analysis Report: FiveHands Ransomware
FiveHands
2021-05-06360 netlabAlex Turing
@online{turing:20210506:rotajakiro:3e85531, author = {Alex Turing}, title = {{RotaJakiro, the Linux version of the OceanLotus}}, date = {2021-05-06}, organization = {360 netlab}, url = {https://blog.netlab.360.com/rotajakiro_linux_version_of_oceanlotus/}, language = {English}, urldate = {2021-05-08} } RotaJakiro, the Linux version of the OceanLotus
RotaJakiro
2021-05-06Twitter (@SyscallE)NtUnmapViewOfSection
@online{ntunmapviewofsection:20210506:short:1045831, author = {NtUnmapViewOfSection}, title = {{Tweet on short analysis of Nebulae Backdoor}}, date = {2021-05-06}, organization = {Twitter (@SyscallE)}, url = {https://twitter.com/SyscallE/status/1390339497804636166}, language = {English}, urldate = {2021-05-08} } Tweet on short analysis of Nebulae Backdoor
Nebulae
2021-05-06xorl %eax, %eaxAnastasios Pingios
@online{pingios:20210506:iran:7acb8a7, author = {Anastasios Pingios}, title = {{Iran Cyber Operations Groups}}, date = {2021-05-06}, organization = {xorl %eax, %eax}, url = {https://xorl.wordpress.com/2021/05/06/iran-cyber-operations-groups/}, language = {English}, urldate = {2021-05-08} } Iran Cyber Operations Groups
2021-05-05TRUESECMattias Wåhlén
@online{whln:20210505:are:61bb8a0, author = {Mattias Wåhlén}, title = {{Are The Notorious Cyber Criminals Evil Corp actually Russian Spies?}}, date = {2021-05-05}, organization = {TRUESEC}, url = {https://blog.truesec.com/2021/05/05/are-the-notorious-cyber-criminals-evil-corp-actually-russian-spies/}, language = {English}, urldate = {2021-05-08} } Are The Notorious Cyber Criminals Evil Corp actually Russian Spies?
Cobalt Strike Hades Ransomware WastedLocker
2021-05-05Twitter (@3xp0rtblog)3xp0rt
@online{3xp0rt:20210505:toxin:00d47c5, author = {3xp0rt}, title = {{Tweet on Toxin Miner}}, date = {2021-05-05}, organization = {Twitter (@3xp0rtblog)}, url = {https://twitter.com/3xp0rtblog/status/1389692430061027328}, language = {English}, urldate = {2021-05-08} } Tweet on Toxin Miner