Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-19CrowdStrikeCrowdStrike Intelligence Team
@online{team:20220119:technical:8a81c7e, author = {CrowdStrike Intelligence Team}, title = {{Technical Analysis of the WhisperGate Malicious Bootloader}}, date = {2022-01-19}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/technical-analysis-of-whispergate-malware/}, language = {English}, urldate = {2022-01-20} } Technical Analysis of the WhisperGate Malicious Bootloader
WhisperGate
2022-01-18S2W Inc.BLKSMTH
@online{blksmth:20220118:analysis:f6d259e, author = {BLKSMTH}, title = {{Analysis of Destructive Malware (WhisperGate) targeting Ukraine}}, date = {2022-01-18}, organization = {S2W Inc.}, url = {https://medium.com/s2wblog/analysis-of-destructive-malware-whispergate-targeting-ukraine-9d5d158f19f3}, language = {English}, urldate = {2022-01-19} } Analysis of Destructive Malware (WhisperGate) targeting Ukraine
WhisperGate
2022-01-18ESET ResearchFacundo Muñoz, Matías Porolli
@online{muoz:20220118:donot:724cf3f, author = {Facundo Muñoz and Matías Porolli}, title = {{DoNot Go! Do not respawn!}}, date = {2022-01-18}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/01/18/donot-go-do-not-respawn/}, language = {English}, urldate = {2022-01-18} } DoNot Go! Do not respawn!
yty
2022-01-18SentinelOneJim Walter
@online{walter:20220118:blackcat:39c437d, author = {Jim Walter}, title = {{BlackCat Ransomware | Highly-Configurable, Rust-Driven RaaS On The Prowl For Victims}}, date = {2022-01-18}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/}, language = {English}, urldate = {2022-01-19} } BlackCat Ransomware | Highly-Configurable, Rust-Driven RaaS On The Prowl For Victims
BlackCat
2022-01-17Cado SecurityCado Security
@online{security:20220117:resources:a47b0a6, author = {Cado Security}, title = {{Resources for DFIR Professionals Responding to WhisperGate Malware}}, date = {2022-01-17}, organization = {Cado Security}, url = {https://www.cadosecurity.com/resources-for-dfir-professionals-responding-to-whispergate-malware/}, language = {English}, urldate = {2022-01-18} } Resources for DFIR Professionals Responding to WhisperGate Malware
WhisperGate
2022-01-15MicrosoftMicrosoft, Microsoft Security Intelligence, Microsoft Digital Security Unit (DSU), Microsoft Detection and Response Team (DART), Microsoft 365 Defender Threat Intelligence Team
@online{microsoft:20220115:destructive:77ac2f5, author = {Microsoft and Microsoft Security Intelligence and Microsoft Digital Security Unit (DSU) and Microsoft Detection and Response Team (DART) and Microsoft 365 Defender Threat Intelligence Team}, title = {{Destructive malware targeting Ukrainian organizations (DEV-0586)}}, date = {2022-01-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/}, language = {English}, urldate = {2022-01-18} } Destructive malware targeting Ukrainian organizations (DEV-0586)
WhisperGate
2022-01-14RiskIQJordan Herman
@online{herman:20220114:riskiq:f4f5b68, author = {Jordan Herman}, title = {{RiskIQ: Unique SSL Certificates and JARM Hash Connected to Emotet and Dridex C2 Servers}}, date = {2022-01-14}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/2cd1c003}, language = {English}, urldate = {2022-01-18} } RiskIQ: Unique SSL Certificates and JARM Hash Connected to Emotet and Dridex C2 Servers
Dridex Emotet
2022-01-14Twitter (@billyleonard)Billy Leonard, Google Threat Analysis Group
@online{leonard:20220114:apt28:6c659cc, author = {Billy Leonard and Google Threat Analysis Group}, title = {{Tweet on APT28 credential phishing campaigns targeting Ukraine}}, date = {2022-01-14}, organization = {Twitter (@billyleonard)}, url = {https://twitter.com/billyleonard/status/1482034733072752640}, language = {English}, urldate = {2022-01-18} } Tweet on APT28 credential phishing campaigns targeting Ukraine
2022-01-14HPPatrick Schläpfer
@online{schlpfer:20220114:how:0795917, author = {Patrick Schläpfer}, title = {{How Attackers Use XLL Malware to Infect Systems}}, date = {2022-01-14}, organization = {HP}, url = {https://threatresearch.ext.hp.com/how-attackers-use-xll-malware-to-infect-systems/}, language = {English}, urldate = {2022-01-18} } How Attackers Use XLL Malware to Infect Systems
2022-01-14MandiantMatthew McWhirt, Daniel Smith, Omar Toor, Bryan Turner
@online{mcwhirt:20220114:proactive:5ecb6a7, author = {Matthew McWhirt and Daniel Smith and Omar Toor and Bryan Turner}, title = {{Proactive Preparation and Hardening to Protect Against Destructive Attacks}}, date = {2022-01-14}, organization = {Mandiant}, url = {https://www.mandiant.com/media/14506/download}, language = {English}, urldate = {2022-01-18} } Proactive Preparation and Hardening to Protect Against Destructive Attacks
2022-01-12Guillaume Orlando
@online{orlando:20220112:2021:d68b80f, author = {Guillaume Orlando}, title = {{2021 Gorgon Group APT Operation}}, date = {2022-01-12}, url = {https://guillaumeorlando.github.io/GorgonInfectionchain}, language = {English}, urldate = {2022-01-13} } 2021 Gorgon Group APT Operation
Agent Tesla
2022-01-12Sentinel LABSAmitai Ben Shushan Ehrlich
@online{ehrlich:20220112:wading:52a8e3a, author = {Amitai Ben Shushan Ehrlich}, title = {{Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor}}, date = {2022-01-12}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/wading-through-muddy-waters-recent-activity-of-an-iranian-state-sponsored-threat-actor/}, language = {English}, urldate = {2022-01-18} } Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor
PowGoop
2022-01-12CiscoChetan Raghuprasad, Vanja Svajcer
@online{raghuprasad:20220112:nanocore:938e93c, author = {Chetan Raghuprasad and Vanja Svajcer}, title = {{Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure}}, date = {2022-01-12}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html}, language = {English}, urldate = {2022-01-18} } Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure
AsyncRAT Nanocore RAT NetWire RC
2022-01-11Github (baderj)Johannes Bader
@online{bader:20220111:reimplementation:f8b45d0, author = {Johannes Bader}, title = {{Reimplementation of Expiro's DGA}}, date = {2022-01-11}, organization = {Github (baderj)}, url = {https://github.com/baderj/domain_generation_algorithms/blob/master/expiro/dga.py}, language = {English}, urldate = {2022-01-13} } Reimplementation of Expiro's DGA
Expiro
2022-01-11CybereasonOmri Refaeli, Chen Erlich, Ofir Ozer, Niv Yona, Daichi Shimabukuro
@online{refaeli:20220111:threat:fd22089, author = {Omri Refaeli and Chen Erlich and Ofir Ozer and Niv Yona and Daichi Shimabukuro}, title = {{Threat Analysis Report: DatopLoader Exploits ProxyShell to Deliver QBOT and Cobalt Strike}}, date = {2022-01-11}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-datoploader-exploits-proxyshell-to-deliver-qbot-and-cobalt-strike}, language = {English}, urldate = {2022-01-18} } Threat Analysis Report: DatopLoader Exploits ProxyShell to Deliver QBOT and Cobalt Strike
Cobalt Strike QakBot Squirrelwaffle
2022-01-11CISA, FBI, NSA
@techreport{cisa:20220111:understanding:07bbdcf, author = {CISA and FBI and NSA}, title = {{Understanding and Mitigating Russian State- Sponsored Cyber Threats to U.S. Critical Infrastructure}}, date = {2022-01-11}, institution = {}, url = {https://media.defense.gov/2022/Jan/11/2002919950/-1/-1/1/JOINT_CSA_UNDERSTANDING_MITIGATING_RUSSIAN_CYBER_THREATS_TO_US_CRITICAL_INFRASTRUCTURE_20220111.PDF}, language = {English}, urldate = {2022-01-18} } Understanding and Mitigating Russian State- Sponsored Cyber Threats to U.S. Critical Infrastructure
2022-01-11Twitter (@cglyer)Christopher Glyer
@online{glyer:20220111:thread:ae5ec3d, author = {Christopher Glyer}, title = {{Thread on DEV-0401, a china based ransomware operator exploiting VMware Horizon with log4shell and deploying NightSky ransomware}}, date = {2022-01-11}, organization = {Twitter (@cglyer)}, url = {https://twitter.com/cglyer/status/1480742363991580674}, language = {English}, urldate = {2022-01-18} } Thread on DEV-0401, a china based ransomware operator exploiting VMware Horizon with log4shell and deploying NightSky ransomware
NightSky
2022-01-11ESET ResearchMichal Poslušný
@online{poslun:20220111:signed:1c59d41, author = {Michal Poslušný}, title = {{Signed kernel drivers – Unguarded gateway to Windows’ core}}, date = {2022-01-11}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/01/11/signed-kernel-drivers-unguarded-gateway-windows-core/}, language = {English}, urldate = {2022-01-18} } Signed kernel drivers – Unguarded gateway to Windows’ core
InvisiMole LoJax RobinHood Slingshot
2022-01-11CrowdStrikeAnmol Maurya
@online{maurya:20220111:tellyouthepass:b31fcb8, author = {Anmol Maurya}, title = {{TellYouThePass Ransomware Analysis Reveals a Modern Reinterpretation Using Golang}}, date = {2022-01-11}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/tellyouthepass-ransomware-analysis-reveals-modern-reinterpretation-using-golang/}, language = {English}, urldate = {2022-01-18} } TellYouThePass Ransomware Analysis Reveals a Modern Reinterpretation Using Golang
TellYouThePass
2022-01-10Cado SecurityMatt Muir
@online{muir:20220110:abcbot:ace96ad, author = {Matt Muir}, title = {{Abcbot - An Evolution of Xanthe}}, date = {2022-01-10}, organization = {Cado Security}, url = {https://www.cadosecurity.com/abcbot-an-evolution-of-xanthe/}, language = {English}, urldate = {2022-01-17} } Abcbot - An Evolution of Xanthe
Abcbot Xanthe