Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-12-02Avast DecodedThreat Intelligence Team
@online{team:20221202:hitching:0cb7557, author = {Threat Intelligence Team}, title = {{Hitching a ride with Mustang Panda}}, date = {2022-12-02}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatintel/apt-treasure-trove-avast-suspects-chinese-apt-group-mustang-panda-is-collecting-data-from-burmese-government-agencies-and-opposition-groups/}, language = {English}, urldate = {2022-12-02} } Hitching a ride with Mustang Panda
PlugX
2022-12-01mostwanted002
@online{mostwanted002:20221201:malware:c0d4dc7, author = {mostwanted002}, title = {{Malware Analysis and Triage Report : PirateStealer - Discord_beta.exe}}, date = {2022-12-01}, url = {https://mostwanted002.cf/post/malware-analysis-and-triage-report-piratestealer/}, language = {English}, urldate = {2022-12-01} } Malware Analysis and Triage Report : PirateStealer - Discord_beta.exe
PirateStealer
2022-11-30FFRI SecurityMatsumoto
@online{matsumoto:20221130:evolution:29e9b4c, author = {Matsumoto}, title = {{Evolution of the PlugX loader}}, date = {2022-11-30}, organization = {FFRI Security}, url = {https://engineers.ffri.jp/entry/2022/11/30/141346}, language = {Japanese}, urldate = {2022-12-01} } Evolution of the PlugX loader
PlugX Poison Ivy
2022-11-30ESET ResearchFilip Jurčacko
@online{juracko:20221130:whos:f177390, author = {Filip Jurčacko}, title = {{Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin}}, date = {2022-11-30}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/11/30/whos-swimming-south-korean-waters-meet-scarcrufts-dolphin/}, language = {English}, urldate = {2022-12-01} } Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin
2022-11-30SophosAndrew Brandt
@online{brandt:20221130:lockbit:7d7598f, author = {Andrew Brandt}, title = {{LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling}}, date = {2022-11-30}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/11/30/lockbit-3-0-black-attacks-and-leaks-reveal-wormable-capabilities-and-tooling/}, language = {English}, urldate = {2022-12-02} } LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling
LockBit
2022-11-29QianxinRed Raindrop Team
@online{team:20221129:job:1749e9c, author = {Red Raindrop Team}, title = {{Job hunting trap: Analysis of Lazarus attack activities using recruitment information such as Mizuho Bank of Japan as bait}}, date = {2022-11-29}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/nnLqUBPX8xZ3hCr5u-iSjQ}, language = {Chinese}, urldate = {2022-12-01} } Job hunting trap: Analysis of Lazarus attack activities using recruitment information such as Mizuho Bank of Japan as bait
2022-11-26BushidoToken BlogBushidoToken
@online{bushidotoken:20221126:detecting:e5cee52, author = {BushidoToken}, title = {{Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms}}, date = {2022-11-26}, organization = {BushidoToken Blog}, url = {https://blog.bushidotoken.net/2022/11/detecting-and-fingerprinting.html}, language = {English}, urldate = {2022-11-28} } Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms
CollectorGoomba Misha TitanStealer
2022-11-23CybereasonCybereason Global SOC Team
@online{team:20221123:threat:17093cc, author = {Cybereason Global SOC Team}, title = {{THREAT ALERT: Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies}}, date = {2022-11-23}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-alert-aggressive-qakbot-campaign-and-the-black-basta-ransomware-group-targeting-u.s.-companies}, language = {English}, urldate = {2022-11-25} } THREAT ALERT: Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies
Black Basta QakBot
2022-11-22Twitter (@ESETresearch)ESET Research
@online{research:20221122:tweets:518c665, author = {ESET Research}, title = {{Tweets on SysUpdate / Soldier / HyperSSL}}, date = {2022-11-22}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1594937054303236096}, language = {English}, urldate = {2022-11-25} } Tweets on SysUpdate / Soldier / HyperSSL
HyperSSL
2022-11-22ProofpointAlexander Rausch, Proofpoint Threat Research Team
@online{rausch:20221122:nighthawk:48f730c, author = {Alexander Rausch and Proofpoint Threat Research Team}, title = {{Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice}}, date = {2022-11-22}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice}, language = {English}, urldate = {2022-11-22} } Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice
Nighthawk
2022-11-21ZscalerSudeep Singh
@online{singh:20221121:black:9712dce, author = {Sudeep Singh}, title = {{Black Friday Alert: 4 Emerging Skimming Attacks to Watch for This Holiday Season}}, date = {2022-11-21}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/black-friday-scams-4-emerging-skimming-attacks-watch-holiday-season}, language = {English}, urldate = {2022-11-23} } Black Friday Alert: 4 Emerging Skimming Attacks to Watch for This Holiday Season
magecart
2022-11-21MalwarebytesMalwarebytes
@techreport{malwarebytes:20221121:20221121:f4c6d35, author = {Malwarebytes}, title = {{2022-11-21 Threat Intel Report}}, date = {2022-11-21}, institution = {Malwarebytes}, url = {https://www.malwarebytes.com/blog/threat-intelligence/2022/20221121-threat-intel-report-final.pdf}, language = {English}, urldate = {2022-11-25} } 2022-11-21 Threat Intel Report
404 Keylogger Agent Tesla Formbook Hive Remcos
2022-11-21Palo Alto Networks Unit 42Kristopher Russo
@online{russo:20221121:threat:86205c7, author = {Kristopher Russo}, title = {{Threat Assessment: Luna Moth Callback Phishing Campaign}}, date = {2022-11-21}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/luna-moth-callback-phishing/}, language = {English}, urldate = {2022-11-25} } Threat Assessment: Luna Moth Callback Phishing Campaign
BazarBackdoor Conti
2022-11-21Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20221121:is:cfeafc3, author = {Marco Ramilli}, title = {{Is Hagga Threat Actor Abusing FSociety Framework ?}}, date = {2022-11-21}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2022/11/21/is-hagga-threat-actor-abusing-fsociety-framework/}, language = {English}, urldate = {2022-11-22} } Is Hagga Threat Actor Abusing FSociety Framework ?
2022-11-21vmwareThreat Analysis Unit
@online{unit:20221121:threat:7972abc, author = {Threat Analysis Unit}, title = {{Threat Analysis: Active C2 Discovery Using Protocol Emulation Part4 (Dacls, aka MATA)}}, date = {2022-11-21}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/11/threat-analysis-active-c2-discovery-using-protocol-emulation-part4-dacls-aka-mata.html}, language = {English}, urldate = {2022-11-28} } Threat Analysis: Active C2 Discovery Using Protocol Emulation Part4 (Dacls, aka MATA)
Dacls
2022-11-18Palo Alto Networks Unit 42Akshata Rao, Zong-Yu Wu, Wenjun Hu
@online{rao:20221118:ai:33376a7, author = {Akshata Rao and Zong-Yu Wu and Wenjun Hu}, title = {{An AI Based Solution to Detecting the DoubleZero .NET Wiper}}, date = {2022-11-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/doublezero-net-wiper/}, language = {English}, urldate = {2022-11-25} } An AI Based Solution to Detecting the DoubleZero .NET Wiper
DoubleZero
2022-11-16Medium (@DCSO_CyTec)Johann Aydinbas, Axel Wauer
@online{aydinbas:20221116:hz:b5a2d6d, author = {Johann Aydinbas and Axel Wauer}, title = {{HZ RAT goes China}}, date = {2022-11-16}, organization = {Medium (@DCSO_CyTec)}, url = {https://medium.com/@DCSO_CyTec/hz-rat-goes-china-506854c5f2e2}, language = {English}, urldate = {2022-11-18} } HZ RAT goes China
HZ RAT
2022-11-16splunkSplunk Threat Research Team
@online{team:20221116:inside:6c4f291, author = {Splunk Threat Research Team}, title = {{Inside the Mind of a ‘Rat’ - Agent Tesla Detection and Analysis}}, date = {2022-11-16}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/inside-the-mind-of-a-rat-agent-tesla-detection-and-analysis.html}, language = {English}, urldate = {2022-11-28} } Inside the Mind of a ‘Rat’ - Agent Tesla Detection and Analysis
Agent Tesla
2022-11-15Kaspersky LabsKonstantin Zykov, Jornt van der Wiel
@online{zykov:20221115:dtrack:9f8ed2a, author = {Konstantin Zykov and Jornt van der Wiel}, title = {{DTrack activity targeting Europe and Latin America}}, date = {2022-11-15}, organization = {Kaspersky Labs}, url = {https://securelist.com/dtrack-targeting-europe-latin-america/107798/}, language = {English}, urldate = {2022-11-18} } DTrack activity targeting Europe and Latin America
Dtrack
2022-11-15FortinetJoie Salvio, Roy Tay
@online{salvio:20221115:new:b7c34bb, author = {Joie Salvio and Roy Tay}, title = {{New RapperBot Campaign – We Know What You Bruting for this Time}}, date = {2022-11-15}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/new-rapperbot-campaign-ddos-attacks}, language = {English}, urldate = {2022-11-21} } New RapperBot Campaign – We Know What You Bruting for this Time
RapperBot