Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-02-01Security AffairsPierluigi Paganini
@online{paganini:20230201:new:4605a53, author = {Pierluigi Paganini}, title = {{New LockBit Green ransomware variant borrows code from Conti ransomware}}, date = {2023-02-01}, organization = {Security Affairs}, url = {https://securityaffairs.com/141666/cyber-crime/lockbit-green-ransomware-variant.html}, language = {English}, urldate = {2023-02-02} } New LockBit Green ransomware variant borrows code from Conti ransomware
Conti LockBit
2023-01-31DarktraceRoberto Martinez
@online{martinez:20230131:vidar:32a27bd, author = {Roberto Martinez}, title = {{Vidar Info-Stealer Malware Distributed via Malvertising on Google}}, date = {2023-01-31}, organization = {Darktrace}, url = {https://darktrace.com/blog/vidar-info-stealer-malware-distributed-via-malvertising-on-google}, language = {English}, urldate = {2023-02-01} } Vidar Info-Stealer Malware Distributed via Malvertising on Google
Vidar
2023-01-30CheckpointArie Olshtein
@online{olshtein:20230130:following:e442fcc, author = {Arie Olshtein}, title = {{Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware}}, date = {2023-01-30}, organization = {Checkpoint}, url = {https://research.checkpoint.com/2023/following-the-scent-of-trickgate-6-year-old-packer-used-to-deploy-the-most-wanted-malware/}, language = {English}, urldate = {2023-01-31} } Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware
Agent Tesla Azorult Buer Cerber Cobalt Strike Emotet Formbook HawkEye Keylogger Loki Password Stealer (PWS) Maze NetWire RC Remcos REvil TrickBot
2023-01-29AcronisIlan Duhin
@online{duhin:20230129:petyanot:23c3555, author = {Ilan Duhin}, title = {{Petya/Not Petya Ransomware Analysis}}, date = {2023-01-29}, organization = {Acronis}, url = {https://medium.com/@Ilandu/petya-not-petya-ransomware-9619cbbb0786}, language = {English}, urldate = {2023-01-31} } Petya/Not Petya Ransomware Analysis
EternalPetya
2023-01-26ANY.RUNANY.RUN
@online{anyrun:20230126:cryptbot:fa17489, author = {ANY.RUN}, title = {{CryptBot Infostealer: Malware Analysis}}, date = {2023-01-26}, organization = {ANY.RUN}, url = {https://any.run/cybersecurity-blog/cryptbot-infostealer-malware-analysis/}, language = {English}, urldate = {2023-01-27} } CryptBot Infostealer: Malware Analysis
CryptBot
2023-01-26MandiantGovand Sinjari, Andy Morales
@online{sinjari:20230126:welcome:3e0ada1, author = {Govand Sinjari and Andy Morales}, title = {{Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations}}, date = {2023-01-26}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/tracking-evolution-gootloader-operations}, language = {English}, urldate = {2023-01-31} } Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations
GootLoader
2023-01-26Palo Alto Networks Unit 42Mike Harbison, Jen Miller-Osborn
@online{harbison:20230126:chinese:a83622f, author = {Mike Harbison and Jen Miller-Osborn}, title = {{Chinese PlugX Malware Hidden in Your USB Devices?}}, date = {2023-01-26}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/}, language = {English}, urldate = {2023-01-27} } Chinese PlugX Malware Hidden in Your USB Devices?
PlugX
2023-01-26AcronisIlan Duhin
@online{duhin:20230126:unpacking:8ff4776, author = {Ilan Duhin}, title = {{Unpacking Emotet Malware}}, date = {2023-01-26}, organization = {Acronis}, url = {https://medium.com/@Ilandu/emotet-unpacking-35bbe2980cfb}, language = {English}, urldate = {2023-01-27} } Unpacking Emotet Malware
Emotet
2023-01-26Recorded FutureInsikt Group
@techreport{group:20230126:bluebravo:9d6aa62, author = {Insikt Group}, title = {{BlueBravo Uses Ambassador Lure to Deploy GraphicalNeutrino Malware}}, date = {2023-01-26}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf}, language = {English}, urldate = {2023-02-02} } BlueBravo Uses Ambassador Lure to Deploy GraphicalNeutrino Malware
GraphicalNeutrino
2023-01-26NCSC UKNCSC UK
@online{uk:20230126:seaborgium:ae8f581, author = {NCSC UK}, title = {{SEABORGIUM and TA453 continue their respective spear-phishing campaigns against targets of interest}}, date = {2023-01-26}, organization = {NCSC UK}, url = {https://www.ncsc.gov.uk/news/spear-phishing-campaigns-targets-of-interest}, language = {English}, urldate = {2023-01-27} } SEABORGIUM and TA453 continue their respective spear-phishing campaigns against targets of interest
2023-01-26TrendmicroNathaniel Morales, Earle Maui Earnshaw, Don Ovid Ladores, Nick Dai, Nathaniel Gregory Ragasa
@online{morales:20230126:new:c7aa03b, author = {Nathaniel Morales and Earle Maui Earnshaw and Don Ovid Ladores and Nick Dai and Nathaniel Gregory Ragasa}, title = {{New Mimic Ransomware Abuses Everything APIs for its Encryption Process}}, date = {2023-01-26}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/23/a/new-mimic-ransomware-abuses-everything-apis-for-its-encryption-p.html}, language = {English}, urldate = {2023-01-31} } New Mimic Ransomware Abuses Everything APIs for its Encryption Process
Mimic Ransomware
2023-01-25SecuronixD. Iuzvyk, T. Peck, O. Kolesnikov
@online{iuzvyk:20230125:securonix:866c376, author = {D. Iuzvyk and T. Peck and O. Kolesnikov}, title = {{Securonix Security Advisory: Python-Based PY#RATION Attack Campaign Leverages Fernet Encryption and Websockets to Avoid Detection}}, date = {2023-01-25}, organization = {Securonix}, url = {https://www.securonix.com/blog/security-advisory-python-based-pyration-attack-campaign/}, language = {English}, urldate = {2023-01-26} } Securonix Security Advisory: Python-Based PY#RATION Attack Campaign Leverages Fernet Encryption and Websockets to Avoid Detection
PY#RATION
2023-01-25ProofpointGreg Lesnewich, Proofpoint Threat Research Team
@online{lesnewich:20230125:ta444:ae76e7b, author = {Greg Lesnewich and Proofpoint Threat Research Team}, title = {{TA444: The APT Startup Aimed at Acquisition (of Your Funds)}}, date = {2023-01-25}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/ta444-apt-startup-aimed-at-your-funds}, language = {English}, urldate = {2023-01-25} } TA444: The APT Startup Aimed at Acquisition (of Your Funds)
CageyChameleon
2023-01-24TrellixDaksh Kapur, Tomer Shloman, Robert Venal, John Fokker
@online{kapur:20230124:cyberattacks:0a05372, author = {Daksh Kapur and Tomer Shloman and Robert Venal and John Fokker}, title = {{Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity}}, date = {2023-01-24}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/research/cyberattacks-targeting-ukraine-increase.html}, language = {English}, urldate = {2023-01-25} } Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity
Andromeda Formbook Houdini Remcos
2023-01-24SentinelOneAleksandar Milenkoski
@online{milenkoski:20230124:dragonspark:828f0d3, author = {Aleksandar Milenkoski}, title = {{DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation}}, date = {2023-01-24}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation/}, language = {English}, urldate = {2023-01-25} } DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation
SparkRAT
2023-01-24FortinetGeri Revay
@online{revay:20230124:year:00a1450, author = {Geri Revay}, title = {{The Year of the Wiper}}, date = {2023-01-24}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/the-year-of-the-wiper}, language = {English}, urldate = {2023-01-25} } The Year of the Wiper
Azov Wiper Bruh Wiper CaddyWiper Cobalt Strike Vidar
2023-01-24eSentireJoe Stewart, Keegan Keplinger
@online{stewart:20230124:unmasking:c26cfce, author = {Joe Stewart and Keegan Keplinger}, title = {{Unmasking Venom Spider}}, date = {2023-01-24}, organization = {eSentire}, url = {https://www.esentire.com/web-native-pages/unmasking-venom-spider}, language = {English}, urldate = {2023-01-25} } Unmasking Venom Spider
More_eggs TerraPreter TerraLoader VenomLNK
2023-01-24DailySecUGil Min-kwon
@online{minkwon:20230124:urgent:71e54e3, author = {Gil Min-kwon}, title = {{[Urgent] A Chinese hacker organization that declared hacking war on Korea..."KISA will hack" notice}}, date = {2023-01-24}, organization = {DailySecU}, url = {https://www.dailysecu.com/news/articleView.html?idxno=143020}, language = {English}, urldate = {2023-01-24} } [Urgent] A Chinese hacker organization that declared hacking war on Korea..."KISA will hack" notice
2023-01-23UptycsKarthickkumar Kathiresan, Shilpesh Trivedi
@online{kathiresan:20230123:titan:2ea755f, author = {Karthickkumar Kathiresan and Shilpesh Trivedi}, title = {{The Titan Stealer: Notorious Telegram Malware Campaign - Uptycs}}, date = {2023-01-23}, organization = {Uptycs}, url = {https://www.uptycs.com/blog/titan-stealer-telegram-malware-campaign}, language = {English}, urldate = {2023-01-26} } The Titan Stealer: Notorious Telegram Malware Campaign - Uptycs
TitanStealer
2023-01-23FBIFBI National Press Office
@online{office:20230123:fbi:172d0d8, author = {FBI National Press Office}, title = {{FBI Confirms Lazarus Group Cyber Actors Responsible for Harmony's Horizon Bridge Currency Theft}}, date = {2023-01-23}, organization = {FBI}, url = {https://www.fbi.gov/news/press-releases/fbi-confirms-lazarus-group-apt38-cyber-actors-responsible-for-harmonys-horizon-bridge-currency-theft}, language = {English}, urldate = {2023-01-25} } FBI Confirms Lazarus Group Cyber Actors Responsible for Harmony's Horizon Bridge Currency Theft