Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-10-03One Night in NorfolkNorfolk
@online{norfolk:20221003:some:115e620, author = {Norfolk}, title = {{Some Notes on VIRTUALGATE}}, date = {2022-10-03}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/some-notes-on-virtualgate/}, language = {English}, urldate = {2022-10-05} } Some Notes on VIRTUALGATE
VIRTUALGATE
2022-09-30Medium walmartglobaltechJason Reaves, Jonathan Mccay
@online{reaves:20220930:diavol:d72ab2a, author = {Jason Reaves and Jonathan Mccay}, title = {{Diavol resurfaces}}, date = {2022-09-30}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/diavol-resurfaces-91dd93c7d922}, language = {English}, urldate = {2022-10-05} } Diavol resurfaces
Diavol
2022-09-29NTTNTT Security Holdings Corporation
@techreport{corporation:20220929:report:1615dab, author = {NTT Security Holdings Corporation}, title = {{Report on APT Attacks by BlackTech}}, date = {2022-09-29}, institution = {NTT}, url = {https://jp.security.ntt/resources/EN-BlackTech_2021.pdf}, language = {English}, urldate = {2022-09-30} } Report on APT Attacks by BlackTech
Bifrost PLEAD TSCookie Flagpro Gh0stTimes SelfMake Loader SPIDERPIG RAT
2022-09-29MicrosoftMicrosoft Security Threat Intelligence, LinkedIn Threat Prevention and Defense
@online{intelligence:20220929:zinc:4b8e6c0, author = {Microsoft Security Threat Intelligence and LinkedIn Threat Prevention and Defense}, title = {{ZINC weaponizing open-source software}}, date = {2022-09-29}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/29/zinc-weaponizing-open-source-software/}, language = {English}, urldate = {2022-09-30} } ZINC weaponizing open-source software
2022-09-29MandiantAlexander Marvi, Jeremy Koppen, Tufail Ahmed, Jonathan Lepore
@online{marvi:20220929:bad:4f02da8, author = {Alexander Marvi and Jeremy Koppen and Tufail Ahmed and Jonathan Lepore}, title = {{Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors}}, date = {2022-09-29}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence}, language = {English}, urldate = {2022-09-30} } Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors
2022-09-29GTSCGTSC SECURITY TEAM
@online{team:20220929:warning:e0972dc, author = {GTSC SECURITY TEAM}, title = {{Warning Campaign Attack Using Zero Day Vulnerability on Microsoft Exchange Server}}, date = {2022-09-29}, organization = {GTSC}, url = {https://www.gteltsc.vn/blog/canh-bao-chien-dich-tan-cong-su-dung-lo-hong-zero-day-tren-microsoft-exchange-server-12714.html}, language = {Vietnamese}, urldate = {2022-09-30} } Warning Campaign Attack Using Zero Day Vulnerability on Microsoft Exchange Server
2022-09-29SymantecThreat Hunter Team
@online{team:20220929:witchetty:628f1c4, author = {Threat Hunter Team}, title = {{Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East}}, date = {2022-09-29}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/witchetty-steganography-espionage}, language = {English}, urldate = {2022-09-30} } Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East
CHINACHOPPER Lookback MimiKatz PlugX Unidentified 096 (Keylogger) x4
2022-09-28GigamonRoman Kroshinsky, Pavle Culum
@online{kroshinsky:20220928:investigating:17c6c32, author = {Roman Kroshinsky and Pavle Culum}, title = {{Investigating Web Shells}}, date = {2022-09-28}, organization = {Gigamon}, url = {https://blog.gigamon.com/2022/09/28/investigating-web-shells/}, language = {English}, urldate = {2022-09-30} } Investigating Web Shells
Godzilla Webshell Behinder
2022-09-28SecuronixD. Iuzvyk, T. Peck, O. Kolesnikov
@online{iuzvyk:20220928:securonix:7e14e6e, author = {D. Iuzvyk and T. Peck and O. Kolesnikov}, title = {{Securonix Threat Labs Security Advisory: Detecting STEEP#MAVERICK: New Covert Attack Campaign Targeting Military Contractors}}, date = {2022-09-28}, organization = {Securonix}, url = {https://www.securonix.com/blog/detecting-steepmaverick-new-covert-attack-campaign-targeting-military-contractors/}, language = {English}, urldate = {2022-09-30} } Securonix Threat Labs Security Advisory: Detecting STEEP#MAVERICK: New Covert Attack Campaign Targeting Military Contractors
2022-09-28ArrowRATArrowRat
@online{arrowrat:20220928:arrowrat:05fe8cc, author = {ArrowRat}, title = {{ArrowRat}}, date = {2022-09-28}, organization = {ArrowRAT}, url = {https://www.arrowrat.com}, language = {English}, urldate = {2022-09-29} } ArrowRat
ArrowRAT
2022-09-28KasperskyGReAT
@online{great:20220928:prilex:63ddfb7, author = {GReAT}, title = {{Prilex: the pricey prickle credit card complex}}, date = {2022-09-28}, organization = {Kaspersky}, url = {https://securelist.com/prilex-atm-pos-malware-evolution/107551/}, language = {English}, urldate = {2022-09-30} } Prilex: the pricey prickle credit card complex
2022-09-28Recorded FutureInsikt Group®
@techreport{group:20220928:1:eb11b21, author = {Insikt Group®}, title = {{1 KEY FOR 1 LOCK: The Chinese Communist Party’s Strategy for Targeted Propaganda}}, date = {2022-09-28}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/ta-2022-0928.pdf}, language = {English}, urldate = {2022-09-30} } 1 KEY FOR 1 LOCK: The Chinese Communist Party’s Strategy for Targeted Propaganda
2022-09-28BarracudaTushar Richabadas
@online{richabadas:20220928:threat:0e98b73, author = {Tushar Richabadas}, title = {{Threat Spotlight: Continuing attacks on Atlassian Confluence zero day}}, date = {2022-09-28}, organization = {Barracuda}, url = {https://blog.barracuda.com/2022/09/28/threat-spotlight-continuing-attacks-on-atlassian-confluence-zero-day/}, language = {English}, urldate = {2022-09-30} } Threat Spotlight: Continuing attacks on Atlassian Confluence zero day
2022-09-27Palo Alto Networks Unit 42Mark Lim
@online{lim:20220927:more:5992cc3, author = {Mark Lim}, title = {{More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID}}, date = {2022-09-27}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/polyglot-file-icedid-payload/}, language = {English}, urldate = {2022-09-30} } More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID
PhotoLoader
2022-09-26SentinelOneDinesh Devadoss, Phil Stokes
@online{devadoss:20220926:lazarus:36bd682, author = {Dinesh Devadoss and Phil Stokes}, title = {{Lazarus ‘Operation In(ter)ception’ Targets macOS Users Dreaming of Jobs in Crypto}}, date = {2022-09-26}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/lazarus-operation-interception-targets-macos-users-dreaming-of-jobs-in-crypto}, language = {English}, urldate = {2022-09-30} } Lazarus ‘Operation In(ter)ception’ Targets macOS Users Dreaming of Jobs in Crypto
2022-09-26CrowdStrikeIoan Iacob, Iulian Madalin Ionita
@online{iacob:20220926:anatomy:248e6ff, author = {Ioan Iacob and Iulian Madalin Ionita}, title = {{The Anatomy of Wiper Malware, Part 3: Input/Output Controls}}, date = {2022-09-26}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-3/}, language = {English}, urldate = {2022-09-29} } The Anatomy of Wiper Malware, Part 3: Input/Output Controls
CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper Meteor Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare
2022-09-26Bleeping ComputerBill Toulas
@online{toulas:20220926:new:eb62360, author = {Bill Toulas}, title = {{New Erbium password-stealing malware spreads as game cracks, cheats}}, date = {2022-09-26}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/new-erbium-password-stealing-malware-spreads-as-game-cracks-cheats/}, language = {English}, urldate = {2022-09-29} } New Erbium password-stealing malware spreads as game cracks, cheats
Erbium Stealer
2022-09-23humansecuritySatori Threat Intelligence and Research Team
@online{team:20220923:poseidons:c9c3ead, author = {Satori Threat Intelligence and Research Team}, title = {{Poseidon’s Offspring: Charybdis and Scylla}}, date = {2022-09-23}, organization = {humansecurity}, url = {https://www.humansecurity.com/learn/blog/poseidons-offspring-charybdis-and-scylla}, language = {English}, urldate = {2022-09-30} } Poseidon’s Offspring: Charybdis and Scylla
2022-09-22SentinelOneAleksandar Milenkoski, Juan Andrés Guerrero-Saade, Amitai Ben, Shushan Ehrlich
@techreport{milenkoski:20220922:mystery:bd4bb11, author = {Aleksandar Milenkoski and Juan Andrés Guerrero-Saade and Amitai Ben and Shushan Ehrlich}, title = {{The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities}}, date = {2022-09-22}, institution = {SentinelOne}, url = {https://www.sentinelone.com/wp-content/uploads/2022/09/S1_-SentinelLabs_Metador.pdf}, language = {English}, urldate = {2022-09-30} } The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities
2022-09-22deepwatchEric Ford, Ben Nichols
@techreport{ford:20220922:is:9ff086f, author = {Eric Ford and Ben Nichols}, title = {{Is Gootloader Working with a Foreign Intelligence Service?}}, date = {2022-09-22}, institution = {deepwatch}, url = {https://5556002.fs1.hubspotusercontent-na1.net/hubfs/5556002/2022%20PDF%20Download%20Assets/ADA%20Compliant%20pdfs/Reports/PUBLIC_Gootloader%20-%20Foreign%20Intelligence%20Service.pdf}, language = {English}, urldate = {2022-09-30} } Is Gootloader Working with a Foreign Intelligence Service?
GootKit