Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-09-29IntrinsecCTI Intrinsec, Intrinsec
@techreport{intrinsec:20230929:ongoing:4c83347, author = {CTI Intrinsec and Intrinsec}, title = {{Ongoing threats targeting the energy industry}}, date = {2023-09-29}, institution = {Intrinsec}, url = {https://www.intrinsec.com/wp-content/uploads/2023/09/TLP-CLEAR-20230912-EN-GuLoader-Information-report.pdf}, language = {English}, urldate = {2023-10-02} } Ongoing threats targeting the energy industry
Agent Tesla CloudEyE
2023-09-29ESET ResearchPeter Kálnai
@online{klnai:20230929:lazarus:130bcd5, author = {Peter Kálnai}, title = {{Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company}}, date = {2023-09-29}, organization = {ESET Research}, url = {https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/}, language = {English}, urldate = {2023-10-02} } Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
miniBlindingCan
2023-09-28ConfiantBOZOSLIVEHERE
@online{bozoslivehere:20230928:exploring:3cc7b21, author = {BOZOSLIVEHERE}, title = {{Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees}}, date = {2023-09-28}, organization = {Confiant}, url = {https://blog.confiant.com/exploring-scamclub-payloads-via-deobfuscation-using-abstract-syntax-trees-65ef7f412537}, language = {English}, urldate = {2023-09-29} } Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
2023-09-27Cyber GeeksVlad Pasca
@online{pasca:20230927:deep:2958d5b, author = {Vlad Pasca}, title = {{A Deep Dive into Brute Ratel C4 payloads – Part 2}}, date = {2023-09-27}, organization = {Cyber Geeks}, url = {https://cybergeeks.tech/a-deep-dive-into-brute-ratel-c4-payloads-part-2/}, language = {English}, urldate = {2023-09-29} } A Deep Dive into Brute Ratel C4 payloads – Part 2
Brute Ratel C4
2023-09-25cocomelonccocomelonc
@online{cocomelonc:20230925:malware:536902a, author = {cocomelonc}, title = {{Malware development trick - part 36: Enumerate process modules. Simple C++ example.}}, date = {2023-09-25}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2023/09/25/malware-trick-36.html}, language = {English}, urldate = {2023-09-29} } Malware development trick - part 36: Enumerate process modules. Simple C++ example.
4h_rat Aria-body
2023-09-250x0v1Ovi
@online{ovi:20230925:rearchive:72332ff, author = {Ovi}, title = {{REArchive: Reverse engineering APT37’s GOLDBACKDOOR dropper}}, date = {2023-09-25}, organization = {0x0v1}, url = {https://www.0x0v1.com/rearchive-goldbackdoor/}, language = {English}, urldate = {2023-10-02} } REArchive: Reverse engineering APT37’s GOLDBACKDOOR dropper
GOLDBACKDOOR
2023-09-22R136a1Dominik Reichel
@online{reichel:20230922:more:7b1d0a4, author = {Dominik Reichel}, title = {{More on DreamLand}}, date = {2023-09-22}, organization = {R136a1}, url = {https://r136a1.dev/2023/09/22/more-on-dreamland/}, language = {English}, urldate = {2023-09-28} } More on DreamLand
LuaDream
2023-09-22PRODAFTPRODAFT
@online{prodaft:20230922:darkgate:23e4b9e, author = {PRODAFT}, title = {{DarkGate IOCs}}, date = {2023-09-22}, organization = {PRODAFT}, url = {https://github.com/prodaft/malware-ioc/blob/master/PTI-66/DarkGate.md}, language = {English}, urldate = {2023-09-25} } DarkGate IOCs
DarkGate QakBot
2023-09-21Sentinel LABSAleksandar Milenkoski, QGroup
@online{milenkoski:20230921:sandman:4735b8d, author = {Aleksandar Milenkoski and QGroup}, title = {{Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit}}, date = {2023-09-21}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/}, language = {English}, urldate = {2023-09-28} } Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit
LuaDream
2023-09-21Sentinel LABSTom Hegel
@online{hegel:20230921:cyber:9a6bb38, author = {Tom Hegel}, title = {{Cyber Soft Power | China’s Continental Takeover}}, date = {2023-09-21}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/cyber-soft-power-chinas-continental-takeover/}, language = {English}, urldate = {2023-09-22} } Cyber Soft Power | China’s Continental Takeover
2023-09-20ProofpointProofpoint Threat Research Team
@online{team:20230920:chinese:25abe7e, author = {Proofpoint Threat Research Team}, title = {{Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape}}, date = {2023-09-20}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/chinese-malware-appears-earnest-across-cybercrime-threat-landscape}, language = {English}, urldate = {2023-09-22} } Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape
FatalRat PurpleFox ValleyRAT
2023-09-20Cado SecurityMatt Muir
@online{muir:20230920:cado:0769cd6, author = {Matt Muir}, title = {{Cado Security Labs Researchers Witness a 600X Increase in P2Pinfect Traffic}}, date = {2023-09-20}, organization = {Cado Security}, url = {https://www.cadosecurity.com/cado-security-labs-researchers-witness-a-600x-increase-in-p2pinfect-traffic/}, language = {English}, urldate = {2023-09-25} } Cado Security Labs Researchers Witness a 600X Increase in P2Pinfect Traffic
2023-09-20Check Point ResearchCheckpoint Research
@online{research:20230920:behind:b3bd2a2, author = {Checkpoint Research}, title = {{Behind the Scenes of BBTok: Analyzing a Banker’s Server Side Components}}, date = {2023-09-20}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2023/behind-the-scenes-of-bbtok-analyzing-a-bankers-server-side-components/}, language = {English}, urldate = {2023-09-25} } Behind the Scenes of BBTok: Analyzing a Banker’s Server Side Components
BBtok
2023-09-19Recorded FutureInsikt Group
@techreport{group:20230919:multiyear:84b50f8, author = {Insikt Group}, title = {{Multi-year Chinese APT Campaign Targets South Korean Academic, Government, and Political Entities}}, date = {2023-09-19}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2023-0919.pdf}, language = {English}, urldate = {2023-09-20} } Multi-year Chinese APT Campaign Targets South Korean Academic, Government, and Political Entities
Korlia
2023-09-19Cisco TalosAsheer Malhotra, Caitlin Huey, Sean Taylor, Vitor Ventura, Arnaud Zobec
@online{malhotra:20230919:new:a39af36, author = {Asheer Malhotra and Caitlin Huey and Sean Taylor and Vitor Ventura and Arnaud Zobec}, title = {{New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants}}, date = {2023-09-19}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/introducing-shrouded-snooper/}, language = {English}, urldate = {2023-09-20} } New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants
HTTPSnoop PipeSnoop
2023-09-19Medium (@DCSO_CyTec)Johann Aydinbas
@online{aydinbas:20230919:shortandmalicious:a0cff0b, author = {Johann Aydinbas}, title = {{#ShortAndMalicious — DarkGate}}, date = {2023-09-19}, organization = {Medium (@DCSO_CyTec)}, url = {https://medium.com/@DCSO_CyTec/shortandmalicious-darkgate-d9102a457232}, language = {English}, urldate = {2023-09-20} } #ShortAndMalicious — DarkGate
DarkGate
2023-09-19CheckpointAlexey Bukhteyev, Arie Olshtein
@online{bukhteyev:20230919:unveiling:1ebf179, author = {Alexey Bukhteyev and Arie Olshtein}, title = {{Unveiling the Shadows: The Dark Alliance between GuLoader and Remcos}}, date = {2023-09-19}, organization = {Checkpoint}, url = {https://research.checkpoint.com/2023/unveiling-the-shadows-the-dark-alliance-between-guloader-and-remcos/}, language = {English}, urldate = {2023-09-20} } Unveiling the Shadows: The Dark Alliance between GuLoader and Remcos
CloudEyE Remcos
2023-09-18Alpine SecurityBorja Merino
@online{merino:20230918:hijackloader:e047216, author = {Borja Merino}, title = {{HijackLoader Targets Hotels: A Technical Analysis}}, date = {2023-09-18}, organization = {Alpine Security}, url = {https://alpine-sec.medium.com/hijackloader-targets-hotels-a-technical-analysis-c2795fc4f3a3}, language = {English}, urldate = {2023-09-29} } HijackLoader Targets Hotels: A Technical Analysis
HijackLoader
2023-09-18KrebsOnSecurityBrian Krebs
@online{krebs:20230918:whos:a141b00, author = {Brian Krebs}, title = {{Who's Behind the 8Base Ransomware Website?}}, date = {2023-09-18}, organization = {KrebsOnSecurity}, url = {https://krebsonsecurity.com/2023/09/whos-behind-the-8base-ransomware-website/}, language = {English}, urldate = {2023-09-22} } Who's Behind the 8Base Ransomware Website?
8Base
2023-09-18SentinelOneAlex Delamotte
@online{delamotte:20230918:capratube:77604c8, author = {Alex Delamotte}, title = {{CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones}}, date = {2023-09-18}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/}, language = {English}, urldate = {2023-09-20} } CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones
CapraRAT