Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-02Trend MicroIeriz Nicolle Gonzalez, Nathaniel Morales, Monte de Jesus
@online{gonzalez:20220602:yourcyanide:0e8d1cb, author = {Ieriz Nicolle Gonzalez and Nathaniel Morales and Monte de Jesus}, title = {{YourCyanide: A CMD-Based Ransomware With Multiple Layers of Obfuscation}}, date = {2022-06-02}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/f/yourcyanide-a-cmd-based-ransomware.html}, language = {English}, urldate = {2022-06-07} } YourCyanide: A CMD-Based Ransomware With Multiple Layers of Obfuscation
YourCyanide
2022-05-25Trend MicroArianne Dela Cruz, Byron Gelera, McJustine De Guzman, Warren Sto.Tomas
@online{cruz:20220525:new:43d8257, author = {Arianne Dela Cruz and Byron Gelera and McJustine De Guzman and Warren Sto.Tomas}, title = {{New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices}}, date = {2022-05-25}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/e/new-linux-based-ransomware-cheerscrypt-targets-exsi-devices.html}, language = {English}, urldate = {2022-05-29} } New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices
2022-05-18Github (0x00-0x7f)Sadia Bashir
@online{bashir:20220518:case:986df17, author = {Sadia Bashir}, title = {{A Case of Vidar Infostealer - Part 2}}, date = {2022-05-18}, organization = {Github (0x00-0x7f)}, url = {https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/}, language = {English}, urldate = {2022-05-25} } A Case of Vidar Infostealer - Part 2
Vidar
2022-05-12cybleCyble Research Labs
@online{labs:20220512:closer:049ae54, author = {Cyble Research Labs}, title = {{A Closer Look At Eternity Malware: Threat Actors Leveraging Telegram To Build Malware}}, date = {2022-05-12}, organization = {cyble}, url = {https://blog.cyble.com/2022/05/12/a-closer-look-at-eternity-malware/}, language = {English}, urldate = {2022-05-25} } A Closer Look At Eternity Malware: Threat Actors Leveraging Telegram To Build Malware
DynamicStealer Eternity Clipper Eternity Ransomware Eternity Stealer Eternity Worm
2022-05-04HPPatrick Schläpfer
@online{schlpfer:20220504:tips:f12f7ba, author = {Patrick Schläpfer}, title = {{Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware}}, date = {2022-05-04}, organization = {HP}, url = {https://threatresearch.ext.hp.com/tips-for-automating-ioc-extraction-from-gootloader-a-changing-javascript-malware/}, language = {English}, urldate = {2022-05-05} } Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware
GootLoader
2022-04-26Intel 471Intel 471
@online{471:20220426:conti:6bcff7d, author = {Intel 471}, title = {{Conti and Emotet: A constantly destructive duo}}, date = {2022-04-26}, organization = {Intel 471}, url = {https://intel471.com/blog/conti-emotet-ransomware-conti-leaks}, language = {English}, urldate = {2022-04-29} } Conti and Emotet: A constantly destructive duo
Cobalt Strike Conti Emotet IcedID QakBot TrickBot
2022-04-18National Intelligence UniversityKevin P. Riehle
@techreport{riehle:20220418:russian:baaf138, author = {Kevin P. Riehle}, title = {{Russian Intelligence: A Case-based Study of Russian Services and Missions Past and Present}}, date = {2022-04-18}, institution = {National Intelligence University}, url = {https://ni-u.edu/wp/wp-content/uploads/2022/05/Riehle_Russian-Intelligence.pdf}, language = {English}, urldate = {2022-05-11} } Russian Intelligence: A Case-based Study of Russian Services and Missions Past and Present
2022-03-31CrowdStrikeChristopher Romano, Vaishnav Murthy
@online{romano:20220331:cloudy:15ac5c7, author = {Christopher Romano and Vaishnav Murthy}, title = {{Cloudy with a Chance of Unclear Mailbox Sync: CrowdStrike Services Identifies Logging Inconsistencies in Microsoft 365}}, date = {2022-03-31}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/crowdstrike-services-identifies-logging-inconsistencies-in-microsoft-365/}, language = {English}, urldate = {2022-04-05} } Cloudy with a Chance of Unclear Mailbox Sync: CrowdStrike Services Identifies Logging Inconsistencies in Microsoft 365
2022-03-27Github (0x00-0x7f)Sadia Bashir
@online{bashir:20220327:case:80e7471, author = {Sadia Bashir}, title = {{A Case of Vidar Infostealer - Part 1 (Unpacking)}}, date = {2022-03-27}, organization = {Github (0x00-0x7f)}, url = {https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/}, language = {English}, urldate = {2022-03-31} } A Case of Vidar Infostealer - Part 1 (Unpacking)
Vidar
2022-03-26n0p BlogAli Mosajjal
@online{mosajjal:20220326:analysis:b94c029, author = {Ali Mosajjal}, title = {{Analysis of a Caddy Wiper Sample Targeting Ukraine}}, date = {2022-03-26}, organization = {n0p Blog}, url = {https://n0p.me/2022/03/2022-03-26-caddywiper/}, language = {English}, urldate = {2022-03-28} } Analysis of a Caddy Wiper Sample Targeting Ukraine
CaddyWiper
2022-03-23KrebsOnSecurityBrian Krebs
@online{krebs:20220323:closer:411208b, author = {Brian Krebs}, title = {{A Closer Look at the LAPSUS$ Data Extortion Group}}, date = {2022-03-23}, organization = {KrebsOnSecurity}, url = {https://krebsonsecurity.com/2022/03/a-closer-look-at-the-lapsus-data-extortion-group/}, language = {English}, urldate = {2022-03-24} } A Closer Look at the LAPSUS$ Data Extortion Group
RedLine Stealer
2022-03-23splunkShannon Davis
@online{davis:20220323:gone:56f570f, author = {Shannon Davis}, title = {{Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed}}, date = {2022-03-23}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/gone-in-52-seconds-and-42-minutes-a-comparative-analysis-of-ransomware-encryption-speed.html}, language = {English}, urldate = {2022-03-25} } Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed
Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk
2022-03-22The Hacker NewsRavie Lakshmanan
@online{lakshmanan:20220322:microsoft:3373c3d, author = {Ravie Lakshmanan}, title = {{Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group}}, date = {2022-03-22}, organization = {The Hacker News}, url = {https://thehackernews.com/2022/03/microsoft-and-okta-confirm-breach-by.html}, language = {English}, urldate = {2022-03-23} } Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group
RedLine Stealer
2022-03-21Github (trendmicro)Trend Micro Research
@online{research:20220321:python:7dbe8dd, author = {Trend Micro Research}, title = {{Python script to check a Cyclops Blink C&C}}, date = {2022-03-21}, organization = {Github (trendmicro)}, url = {https://github.com/trendmicro/research/blob/main/cyclops_blink/c2-scripts/check.py}, language = {English}, urldate = {2022-03-28} } Python script to check a Cyclops Blink C&C
CyclopsBlink
2022-03-14Bleeping ComputerBill Toulas
@online{toulas:20220314:android:d0310b4, author = {Bill Toulas}, title = {{Android malware Escobar steals your Google Authenticator MFA codes}}, date = {2022-03-14}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/}, language = {English}, urldate = {2022-06-09} } Android malware Escobar steals your Google Authenticator MFA codes
Aberebot
2022-03-13Security AffairsPierluigi Paganini
@online{paganini:20220313:hidden:c809849, author = {Pierluigi Paganini}, title = {{The hidden C2: Lampion trojan release 212 is on the rise and using a C2 server for two years}}, date = {2022-03-13}, organization = {Security Affairs}, url = {https://securityaffairs.co/wordpress/128975/malware/hidden-c2-lampion-trojan-release-212.html}, language = {English}, urldate = {2022-03-14} } The hidden C2: Lampion trojan release 212 is on the rise and using a C2 server for two years
lampion
2022-03-03LIFARSLIFARS
@online{lifars:20220303:closer:f29cc25, author = {LIFARS}, title = {{A Closer Look at the Russian Actors Targeting Organizations in Ukraine}}, date = {2022-03-03}, organization = {LIFARS}, url = {https://lifars.com/2022/03/a-closer-look-at-the-russian-actors-targeting-organizations-in-ukraine/}, language = {English}, urldate = {2022-03-04} } A Closer Look at the Russian Actors Targeting Organizations in Ukraine
HermeticWiper IsaacWiper Saint Bot WhisperGate
2022-03-01ProofpointMichael Raggi, Zydeca Cass, Proofpoint Threat Research Team
@online{raggi:20220301:asylum:27cfa43, author = {Michael Raggi and Zydeca Cass and Proofpoint Threat Research Team}, title = {{Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement}}, date = {2022-03-01}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails}, language = {English}, urldate = {2022-03-10} } Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement
SunSeed
2022-02-26Seguranca InformaticaPedro Tavares
@online{tavares:20220226:hidden:544b0bd, author = {Pedro Tavares}, title = {{The hidden C2: Lampion trojan release 212 is on the rise and using a C2 server for two years}}, date = {2022-02-26}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/the-hidden-c2-lampion-trojan-release-212-is-on-the-rise-and-using-a-c2-server-for-two-years}, language = {English}, urldate = {2022-03-04} } The hidden C2: Lampion trojan release 212 is on the rise and using a C2 server for two years
lampion
2022-02-24nvisoMichel Coene
@online{coene:20220224:threat:f0dba09, author = {Michel Coene}, title = {{Threat Update – Ukraine & Russia conflict}}, date = {2022-02-24}, organization = {nviso}, url = {https://blog.nviso.eu/2022/02/24/threat-update-ukraine-russia-tensions/}, language = {English}, urldate = {2022-03-01} } Threat Update – Ukraine & Russia conflict
EternalPetya GreyEnergy HermeticWiper Industroyer KillDisk WhisperGate