Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-11-30Twitter (@embee_research)Embee_research
@online{embeeresearch:20231130:advanced:4afa89a, author = {Embee_research}, title = {{Advanced Threat Intel Queries - Catching 83 Qakbot Servers with Regex, Censys and TLS Certificates}}, date = {2023-11-30}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/advanced-threat-intel-queries-catching-83-qakbot-servers-with-regex-censys-and-tls-certificates/}, language = {English}, urldate = {2023-11-30} } Advanced Threat Intel Queries - Catching 83 Qakbot Servers with Regex, Censys and TLS Certificates
QakBot
2023-11-28ANY.RUNMaksim Mikhailov
@online{mikhailov:20231128:risepro:9e5dc7e, author = {Maksim Mikhailov}, title = {{RisePro Malware Analysis: Exploring C2 Communication of a New Version}}, date = {2023-11-28}, organization = {ANY.RUN}, url = {https://any.run/cybersecurity-blog/risepro-malware-communication-analysis/}, language = {English}, urldate = {2023-11-30} } RisePro Malware Analysis: Exploring C2 Communication of a New Version
RisePro
2023-11-27Twitter (@embee_research)Embee_research
@online{embeeresearch:20231127:building:3dd782a, author = {Embee_research}, title = {{Building Threat Intel Queries Utilising Regex and TLS Certificates - (BianLian)}}, date = {2023-11-27}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/building-advanced-censys-queries-utilising-regex-bianlian/}, language = {English}, urldate = {2023-11-27} } Building Threat Intel Queries Utilising Regex and TLS Certificates - (BianLian)
BianLian
2023-11-26Twitter (@embee_research)Embee_research
@online{embeeresearch:20231126:identifying:8b70097, author = {Embee_research}, title = {{Identifying Suspected PrivateLoader Servers with Censys}}, date = {2023-11-26}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/identifying-privateloader-servers-with-censys/}, language = {English}, urldate = {2023-11-27} } Identifying Suspected PrivateLoader Servers with Censys
PrivateLoader
2023-11-23Trend MicroAliakbar Zahravi, Peter Girnus
@online{zahravi:20231123:parasitesnatcher:74e8353, author = {Aliakbar Zahravi and Peter Girnus}, title = {{ParaSiteSnatcher: How Malicious Chrome Extensions Target Brazil}}, date = {2023-11-23}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/23/k/parasitesnatcher-how-malicious-chrome-extensions-target-brazil-.html}, language = {English}, urldate = {2023-11-27} } ParaSiteSnatcher: How Malicious Chrome Extensions Target Brazil
ParaSiteSnatcher
2023-11-22MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20231122:diamond:59a70c1, author = {Microsoft Threat Intelligence}, title = {{Diamond Sleet supply chain compromise distributes a modified CyberLink installer}}, date = {2023-11-22}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer/}, language = {English}, urldate = {2023-11-23} } Diamond Sleet supply chain compromise distributes a modified CyberLink installer
LambLoad
2023-11-21ANY.RUNIgal Lytzki
@online{lytzki:20231121:xworm:ae4f2eb, author = {Igal Lytzki}, title = {{XWorm Malware: Exploring C&C Communication}}, date = {2023-11-21}, organization = {ANY.RUN}, url = {https://any.run/cybersecurity-blog/xworm-malware-communication-analysis/}, language = {English}, urldate = {2023-11-22} } XWorm Malware: Exploring C&C Communication
XWorm
2023-11-21adluminadlumin
@online{adlumin:20231121:playcrypt:a3455dc, author = {adlumin}, title = {{PlayCrypt Ransomware-as-a-Service Expands Threat from Script Kiddies and Sophisticated Attackers}}, date = {2023-11-21}, organization = {adlumin}, url = {https://adlumin.com/post/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers/}, language = {English}, urldate = {2023-11-22} } PlayCrypt Ransomware-as-a-Service Expands Threat from Script Kiddies and Sophisticated Attackers
PLAY
2023-11-21IBMCharlotte Hammond, Ole Villadsen, Kat Metrick
@online{hammond:20231121:stealthy:057553f, author = {Charlotte Hammond and Ole Villadsen and Kat Metrick}, title = {{Stealthy WailingCrab Malware misuses MQTT Messaging Protocol}}, date = {2023-11-21}, organization = {IBM}, url = {https://securityintelligence.com/x-force/wailingcrab-malware-misues-mqtt-messaging-protocol/}, language = {English}, urldate = {2023-11-27} } Stealthy WailingCrab Malware misuses MQTT Messaging Protocol
Gozi WikiLoader
2023-11-21Medium infoSec Write-upsJustAnother-Engineer
@online{justanotherengineer:20231121:unmasking:68727c8, author = {JustAnother-Engineer}, title = {{Unmasking NJRat: A Deep Dive into a Notorious Remote Access Trojan Part1}}, date = {2023-11-21}, organization = {Medium infoSec Write-ups}, url = {https://infosecwriteups.com/part1-static-code-analysis-of-the-rat-njrat-2f273408df43}, language = {English}, urldate = {2023-11-22} } Unmasking NJRat: A Deep Dive into a Notorious Remote Access Trojan Part1
NjRAT
2023-11-21Palo Alto Networks Unit 42Unit 42
@online{42:20231121:hacking:94da88b, author = {Unit 42}, title = {{Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors}}, date = {2023-11-21}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/two-campaigns-by-north-korea-bad-actors-target-job-hunters/}, language = {English}, urldate = {2023-11-23} } Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors
BeaverTail InvisibleFerret
2023-11-21ReliaquestJames Xiang
@online{xiang:20231121:scattered:f9fc830, author = {James Xiang}, title = {{Scattered Spider Attack Analysis}}, date = {2023-11-21}, organization = {Reliaquest}, url = {https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/}, language = {English}, urldate = {2023-11-27} } Scattered Spider Attack Analysis
2023-11-21TrellixErnesto Fernández Provecho, Pham Duy Phuc, Ciana Driscoll, Vinoo Thomas
@online{provecho:20231121:continued:8a0bc28, author = {Ernesto Fernández Provecho and Pham Duy Phuc and Ciana Driscoll and Vinoo Thomas}, title = {{The Continued Evolution of the DarkGate Malware-as-a-Service}}, date = {2023-11-21}, organization = {Trellix}, url = {https://www.trellix.com/about/newsroom/stories/research/the-continued-evolution-of-the-darkgate-malware-as-a-service/}, language = {English}, urldate = {2023-11-27} } The Continued Evolution of the DarkGate Malware-as-a-Service
DarkGate
2023-11-20SekoiaPierre Le Bourhis
@online{bourhis:20231120:darkgate:9bff66a, author = {Pierre Le Bourhis}, title = {{DarkGate Internals}}, date = {2023-11-20}, organization = {Sekoia}, url = {https://blog.sekoia.io/darkgate-internals/}, language = {English}, urldate = {2023-11-22} } DarkGate Internals
DarkGate
2023-11-20vmwareAlex Murillo, Alan Ngo, Abe Schneider, Fae Carlisle, Nikki Benoit
@online{murillo:20231120:netsupport:772540b, author = {Alex Murillo and Alan Ngo and Abe Schneider and Fae Carlisle and Nikki Benoit}, title = {{NetSupport RAT: The RAT King Returns}}, date = {2023-11-20}, organization = {vmware}, url = {https://blogs.vmware.com/security/2023/11/netsupport-rat-the-rat-king-returns.html}, language = {English}, urldate = {2023-11-22} } NetSupport RAT: The RAT King Returns
NetSupportManager RAT
2023-11-19MalDbgIan French
@online{french:20231119:look:e1f25f7, author = {Ian French}, title = {{A Look at IPStorm - Cross-Platform Malware Written in Go}}, date = {2023-11-19}, organization = {MalDbg}, url = {https://maldbg.com/ipstorm-golang-malware-windows}, language = {English}, urldate = {2023-11-22} } A Look at IPStorm - Cross-Platform Malware Written in Go
IPStorm IPStorm
2023-11-17Cisco TalosGuilherme Venere
@online{venere:20231117:understanding:0f7a321, author = {Guilherme Venere}, title = {{Understanding the Phobos affiliate structure and activity}}, date = {2023-11-17}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/understanding-the-phobos-affiliate-structure/}, language = {English}, urldate = {2023-11-23} } Understanding the Phobos affiliate structure and activity
Phobos
2023-11-16CISACISA
@techreport{cisa:20231116:scattered:5864b37, author = {CISA}, title = {{Scattered Spider}}, date = {2023-11-16}, institution = {CISA}, url = {https://www.cisa.gov/sites/default/files/2023-11/aa23-320a_scattered_spider.pdf}, language = {English}, urldate = {2023-11-17} } Scattered Spider
BlackCat Ave Maria Raccoon Vidar
2023-11-16The RegisterConnor Jones
@online{jones:20231116:blackcat:4be2570, author = {Connor Jones}, title = {{BlackCat plays with malvertising traps to lure corporate victims}}, date = {2023-11-16}, organization = {The Register}, url = {https://www.theregister.com/2023/11/16/blackcat_ransomware_luring_corporate_targets/}, language = {English}, urldate = {2023-11-17} } BlackCat plays with malvertising traps to lure corporate victims
BlackCat
2023-11-16CISACISA
@online{cisa:20231116:scattered:ec1932d, author = {CISA}, title = {{Scattered Spider}}, date = {2023-11-16}, organization = {CISA}, url = {https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a}, language = {English}, urldate = {2023-11-22} } Scattered Spider
Ave Maria BlackCat Raccoon Vidar