Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-08-05360 netlabDaji, suqitian
@online{daji:20220805:dga:b184bd8, author = {Daji and suqitian}, title = {{The DGA family Orchard continues to change, and the new version generates DGA domain names using Bitcoin transaction information}}, date = {2022-08-05}, organization = {360 netlab}, url = {https://blog.netlab.360.com/orchard-dga/}, language = {Chinese}, urldate = {2022-08-08} } The DGA family Orchard continues to change, and the new version generates DGA domain names using Bitcoin transaction information
2022-08-04MandiantLuke Jenkins, Emiel Haeghebaert, Alice Revelli, Ben Read
@online{jenkins:20220804:likely:37b622e, author = {Luke Jenkins and Emiel Haeghebaert and Alice Revelli and Ben Read}, title = {{Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations}}, date = {2022-08-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/likely-iranian-threat-actor-conducts-politically-motivated-disruptive-activity-against}, language = {English}, urldate = {2022-08-08} } Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations
2022-08-04ConnectWiseStu Gonzalez
@online{gonzalez:20220804:formbook:f3addb8, author = {Stu Gonzalez}, title = {{Formbook and Remcos Backdoor RAT by ConnectWise CRU}}, date = {2022-08-04}, organization = {ConnectWise}, url = {https://www.connectwise.com/resources/formbook-remcos-rat}, language = {English}, urldate = {2022-08-08} } Formbook and Remcos Backdoor RAT by ConnectWise CRU
Formbook Remcos
2022-08-04YouTube (Security Joes)Ido Naor, Felipe Duarte
@online{naor:20220804:sockbot:c6eedb6, author = {Ido Naor and Felipe Duarte}, title = {{Sockbot In Goland - Linking APT Actors With Ransomware Gangs}}, date = {2022-08-04}, organization = {YouTube (Security Joes)}, url = {https://www.youtube.com/watch?v=CAMnuhg-Qos}, language = {English}, urldate = {2022-08-08} } Sockbot In Goland - Linking APT Actors With Ransomware Gangs
Sockbot
2022-08-02ZscalerSudeep Singh, Jagadeeswar Ramanukolanu
@online{singh:20220802:largescale:ae7725e, author = {Sudeep Singh and Jagadeeswar Ramanukolanu}, title = {{Large-Scale AiTM Attack targeting enterprise users of Microsoft email services}}, date = {2022-08-02}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/large-scale-aitm-attack-targeting-enterprise-users-microsoft-email-services}, language = {English}, urldate = {2022-08-08} } Large-Scale AiTM Attack targeting enterprise users of Microsoft email services
2022-08-02Recorded FutureInsikt Group
@techreport{group:20220802:initial:5caddb5, author = {Insikt Group}, title = {{Initial Access Brokers Are Key to Rise in Ransomware Attacks}}, date = {2022-08-02}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2022-0802.pdf}, language = {English}, urldate = {2022-08-05} } Initial Access Brokers Are Key to Rise in Ransomware Attacks
Azorult BlackMatter Conti Mars Stealer Raccoon RedLine Stealer Taurus Stealer Vidar
2022-08-02ASECASEC Analysis Team
@online{team:20220802:word:dbe2c7e, author = {ASEC Analysis Team}, title = {{Word File Provided as External Link When Replying to Attacker’s Email (Kimsuky)}}, date = {2022-08-02}, organization = {ASEC}, url = {https://asec.ahnlab.com/en/37396/}, language = {English}, urldate = {2022-08-02} } Word File Provided as External Link When Replying to Attacker’s Email (Kimsuky)
Kimsuky
2022-08-01Twitter (@sekoia_io)sekoia
@online{sekoia:20220801:turlas:ec60a74, author = {sekoia}, title = {{Tweet on Turla's CyberAzov activity}}, date = {2022-08-01}, organization = {Twitter (@sekoia_io)}, url = {https://twitter.com/sekoia_io/status/1554086468104196096}, language = {English}, urldate = {2022-08-02} } Tweet on Turla's CyberAzov activity
CyberAzov
2022-07-31BushidoToken BlogBushidoToken
@online{bushidotoken:20220731:space:636e570, author = {BushidoToken}, title = {{Space Invaders: Cyber Threats That Are Out Of This World}}, date = {2022-07-31}, organization = {BushidoToken Blog}, url = {https://blog.bushidotoken.net/2022/07/space-invaders-cyber-threats-that-are.html}, language = {English}, urldate = {2022-08-02} } Space Invaders: Cyber Threats That Are Out Of This World
Poison Ivy Raindrop SUNBURST TEARDROP WastedLocker
2022-07-30The Hacker NewsRavie Lakshmanan
@online{lakshmanan:20220730:microsoft:0f1459e, author = {Ravie Lakshmanan}, title = {{Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers}}, date = {2022-07-30}, organization = {The Hacker News}, url = {https://thehackernews.com/2022/07/microsoft-links-raspberry-robin-usb.html?_m=3n%2e009a%2e2800%2ejp0ao0cjb8%2e1shm}, language = {English}, urldate = {2022-08-02} } Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers
FAKEUPDATES Raspberry Robin
2022-07-29ZscalerSarthak Misraa
@online{misraa:20220729:raccoon:6937d2e, author = {Sarthak Misraa}, title = {{Raccoon Stealer v2: The Latest Generation of the Raccoon Family}}, date = {2022-07-29}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/raccoon-stealer-v2-latest-generation-raccoon-family}, language = {English}, urldate = {2022-08-02} } Raccoon Stealer v2: The Latest Generation of the Raccoon Family
Raccoon RecordBreaker
2022-07-28CloudsekCloudsek
@online{cloudsek:20220728:techniques:c37b07e, author = {Cloudsek}, title = {{Techniques, Tactics & Procedures (TTPs) Employed by Hacktivist Group DragonForce Malaysia}}, date = {2022-07-28}, organization = {Cloudsek}, url = {https://cloudsek.com/threatintelligence/techniques-tactics-procedures-ttps-employed-by-hacktivist-group-dragonforce-malaysia/}, language = {English}, urldate = {2022-08-02} } Techniques, Tactics & Procedures (TTPs) Employed by Hacktivist Group DragonForce Malaysia
2022-07-27ReversingLabsJoseph Edwards
@online{edwards:20220727:threat:6aaf018, author = {Joseph Edwards}, title = {{Threat analysis: Follina exploit fuels 'live-off-the-land' attacks}}, date = {2022-07-27}, organization = {ReversingLabs}, url = {https://blog.reversinglabs.com/blog/threat-analysis-follina-exploit-powers-live-off-the-land-attacks}, language = {English}, urldate = {2022-08-08} } Threat analysis: Follina exploit fuels 'live-off-the-land' attacks
Cobalt Strike MimiKatz
2022-07-27Trend MicroBuddy Tancio, Jed Valderama
@online{tancio:20220727:gootkit:f1c63fa, author = {Buddy Tancio and Jed Valderama}, title = {{Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike}}, date = {2022-07-27}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/g/gootkit-loaders-updated-tactics-and-fileless-delivery-of-cobalt-strike.html}, language = {English}, urldate = {2022-07-29} } Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike
Cobalt Strike GootKit Kronos REvil SunCrypt
2022-07-27ElasticCyril François, Derek Ditch
@online{franois:20220727:qbot:82146d1, author = {Cyril François and Derek Ditch}, title = {{QBOT Configuration Extractor}}, date = {2022-07-27}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/qbot-configuration-extractor}, language = {English}, urldate = {2022-08-05} } QBOT Configuration Extractor
QakBot
2022-07-27QualysViren Chaudhari
@techreport{chaudhari:20220727:stealthy:9b66a95, author = {Viren Chaudhari}, title = {{Stealthy Quasar Evolving to Lead the RAT Race}}, date = {2022-07-27}, institution = {Qualys}, url = {https://www.qualys.com/docs/whitepapers/qualys-wp-stealthy-quasar-evolving-to-lead-the-rat-race-v220727.pdf}, language = {English}, urldate = {2022-08-04} } Stealthy Quasar Evolving to Lead the RAT Race
Quasar RAT
2022-07-27ElasticCyril François, Andrew Pease, Seth Goodwin
@online{franois:20220727:exploring:67dc644, author = {Cyril François and Andrew Pease and Seth Goodwin}, title = {{Exploring the QBOT Attack Pattern}}, date = {2022-07-27}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern}, language = {English}, urldate = {2022-08-05} } Exploring the QBOT Attack Pattern
QakBot
2022-07-27MicrosoftMicrosoft Threat Intelligence Center (MSTIC), MSRC Team, RiskIQ
@online{mstic:20220727:untangling:27dd5d0, author = {Microsoft Threat Intelligence Center (MSTIC) and MSRC Team and RiskIQ}, title = {{Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits}}, date = {2022-07-27}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/}, language = {English}, urldate = {2022-07-28} } Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
Subzero
2022-07-26Cert-UACert-UA
@online{certua:20220726:uac0010:e697f18, author = {Cert-UA}, title = {{UAC-0010 (Armageddon) cyberattacks using the GammaLoad.PS1_v2 malware (CERT-UA#5003,5013,5069,5071)}}, date = {2022-07-26}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/971405}, language = {Ukrainian}, urldate = {2022-07-28} } UAC-0010 (Armageddon) cyberattacks using the GammaLoad.PS1_v2 malware (CERT-UA#5003,5013,5069,5071)
2022-07-26MicrosoftMicrosoft 365 Defender Research Team
@online{team:20220726:malicious:ff5f5c0, author = {Microsoft 365 Defender Research Team}, title = {{Malicious IIS extensions quietly open persistent backdoors into servers}}, date = {2022-07-26}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/26/malicious-iis-extensions-quietly-open-persistent-backdoors-into-servers/}, language = {English}, urldate = {2022-07-28} } Malicious IIS extensions quietly open persistent backdoors into servers
CHINACHOPPER MimiKatz