Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-30Cado SecurityCado Security
@online{security:20230330:forensic:77e03e1, author = {Cado Security}, title = {{Forensic Triage of a Windows System running the Backdoored 3CX Desktop App}}, date = {2023-03-30}, organization = {Cado Security}, url = {https://www.cadosecurity.com/forensic-triage-of-a-windows-system-running-the-backdoored-3cx-desktop-app/}, language = {English}, urldate = {2023-04-02} } Forensic Triage of a Windows System running the Backdoored 3CX Desktop App
3CX Backdoor
2022-05-18Cado SecurityMatt Muir
@online{muir:20220518:linux:047bb4d, author = {Matt Muir}, title = {{Linux Attack Techniques: Dynamic Linker Hijacking with LD Preload}}, date = {2022-05-18}, organization = {Cado Security}, url = {https://www.cadosecurity.com/linux-attack-techniques-dynamic-linker-hijacking-with-ld-preload}, language = {English}, urldate = {2022-05-25} } Linux Attack Techniques: Dynamic Linker Hijacking with LD Preload
2022-04-06Cado SecurityMatt Muir, Chris Doman, Al Carchrie, Paul Scott
@online{muir:20220406:cado:8544515, author = {Matt Muir and Chris Doman and Al Carchrie and Paul Scott}, title = {{Cado Discovers Denonia: The First Malware Specifically Targeting Lambda}}, date = {2022-04-06}, organization = {Cado Security}, url = {https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/}, language = {English}, urldate = {2022-08-08} } Cado Discovers Denonia: The First Malware Specifically Targeting Lambda
Denonia
2022-02-20Cado SecurityCado Security
@online{security:20220220:technical:9232633, author = {Cado Security}, title = {{Technical Analysis of the DDoS Attacks against Ukrainian Websites}}, date = {2022-02-20}, organization = {Cado Security}, url = {https://www.cadosecurity.com/technical-analysis-of-the-ddos-attacks-against-ukrainian-websites/}, language = {English}, urldate = {2022-02-26} } Technical Analysis of the DDoS Attacks against Ukrainian Websites
Mirai
2022-02-02Cado SecurityCado Security
@online{security:20220202:coinstomp:f8b12e2, author = {Cado Security}, title = {{CoinStomp Malware Family Targets Asian Cloud Service Providers}}, date = {2022-02-02}, organization = {Cado Security}, url = {https://www.cadosecurity.com/coinstomp-malware-family-targets-asian-cloud-service-providers/}, language = {English}, urldate = {2022-02-04} } CoinStomp Malware Family Targets Asian Cloud Service Providers
2022-01-20Cado SecurityCado Security
@online{security:20220120:fallout:0dc042a, author = {Cado Security}, title = {{Fallout from Log4Shell-related Vietnamese Cryptocurrency Exchange Attack: KYC Data for Sale on Dark Web}}, date = {2022-01-20}, organization = {Cado Security}, url = {https://www.cadosecurity.com/fallout-from-log4shell-related-vietnamese-cryptocurrency-exchange-attack-kyc-data-for-sale-on-dark-web}, language = {English}, urldate = {2022-01-25} } Fallout from Log4Shell-related Vietnamese Cryptocurrency Exchange Attack: KYC Data for Sale on Dark Web
2022-01-17Cado SecurityCado Security
@online{security:20220117:resources:a47b0a6, author = {Cado Security}, title = {{Resources for DFIR Professionals Responding to WhisperGate Malware}}, date = {2022-01-17}, organization = {Cado Security}, url = {https://www.cadosecurity.com/resources-for-dfir-professionals-responding-to-whispergate-malware/}, language = {English}, urldate = {2022-01-18} } Resources for DFIR Professionals Responding to WhisperGate Malware
WhisperGate
2022-01-10Cado SecurityMatt Muir
@online{muir:20220110:abcbot:ace96ad, author = {Matt Muir}, title = {{Abcbot - An Evolution of Xanthe}}, date = {2022-01-10}, organization = {Cado Security}, url = {https://www.cadosecurity.com/abcbot-an-evolution-of-xanthe/}, language = {English}, urldate = {2022-01-17} } Abcbot - An Evolution of Xanthe
Abcbot Xanthe
2021-12-21Cado SecurityMatt Muir
@online{muir:20211221:continued:61d7698, author = {Matt Muir}, title = {{The Continued Evolution of Abcbot}}, date = {2021-12-21}, organization = {Cado Security}, url = {https://www.cadosecurity.com/the-continued-evolution-of-abcbot/}, language = {English}, urldate = {2022-01-05} } The Continued Evolution of Abcbot
Abcbot
2021-12-14Cado SecurityMatt Muir
@online{muir:20211214:analysis:fb34f1a, author = {Matt Muir}, title = {{Analysis of Novel Khonsari Ransomware Deployed by the Log4Shell Vulnerability}}, date = {2021-12-14}, organization = {Cado Security}, url = {https://www.cadosecurity.com/analysis-of-novel-khonsari-ransomware-deployed-by-the-log4shell-vulnerability/}, language = {English}, urldate = {2022-01-18} } Analysis of Novel Khonsari Ransomware Deployed by the Log4Shell Vulnerability
Khonsari
2021-12-13Cado SecurityCado Security
@online{security:20211213:analysis:6199122, author = {Cado Security}, title = {{Analysis of Initial In The Wild Attacks Exploiting Log4Shell/Log4J/CVE-2021-44228}}, date = {2021-12-13}, organization = {Cado Security}, url = {https://www.cadosecurity.com/analysis-of-initial-in-the-wild-attacks-exploiting-log4shell-log4j-cve-2021-44228/}, language = {English}, urldate = {2022-01-18} } Analysis of Initial In The Wild Attacks Exploiting Log4Shell/Log4J/CVE-2021-44228
Kinsing Mirai Tsunami
2021-10-23Cado SecurityCado Security
@online{security:20211023:links:f7c6f85, author = {Cado Security}, title = {{Links to Previous Attacks in UAParserJS Compromise}}, date = {2021-10-23}, organization = {Cado Security}, url = {https://www.cadosecurity.com/links-to-previous-attacks-in-uaparserjs-compromise/}, language = {English}, urldate = {2021-11-02} } Links to Previous Attacks in UAParserJS Compromise
2021-09-14Cado SecurityCado Security
@online{security:20210914:teamtnt:bdb30cc, author = {Cado Security}, title = {{TeamTNT Script Employed to Grab AWS Credentials}}, date = {2021-09-14}, organization = {Cado Security}, url = {https://www.cadosecurity.com/teamtnt-script-employed-to-grab-aws-credentials/}, language = {English}, urldate = {2021-09-19} } TeamTNT Script Employed to Grab AWS Credentials
TeamTNT Tsunami
2021-07-14Cado SecurityChristopher Doman
@online{doman:20210714:triage:5a7151d, author = {Christopher Doman}, title = {{Triage analysis of Serv-U FTP user backdoor deployed by CVE-2021-35211 (DEV-0322)}}, date = {2021-07-14}, organization = {Cado Security}, url = {https://www.cadosecurity.com/post/triage-analysis-of-serv-u-ftp-user-backdoor-deployed-by-cve-2021-35211}, language = {English}, urldate = {2021-07-20} } Triage analysis of Serv-U FTP user backdoor deployed by CVE-2021-35211 (DEV-0322)
2021-07-13Cado SecurityChristopher Doman
@online{doman:20210713:resources:13f690a, author = {Christopher Doman}, title = {{Resources for Investigating Cloud and Container Penetration Testing Tools}}, date = {2021-07-13}, organization = {Cado Security}, url = {https://www.cadosecurity.com/post/resources-for-investigating-cloud-and-container-penetration-testing-tools}, language = {English}, urldate = {2021-07-20} } Resources for Investigating Cloud and Container Penetration Testing Tools
2021-04-06Cado Securitycadolabs
@online{cadolabs:20210406:threat:aba341a, author = {cadolabs}, title = {{Threat Group Uses Voice Changing Software in Espionage Attempt}}, date = {2021-04-06}, organization = {Cado Security}, url = {https://www.cadosecurity.com/post/threat-group-uses-voice-changing-software-in-espionage-attempt}, language = {English}, urldate = {2021-04-06} } Threat Group Uses Voice Changing Software in Espionage Attempt
Houdini
2021-02-10Cado SecurityChristopher Doman
@online{doman:20210210:punk:dd2c142, author = {Christopher Doman}, title = {{Punk Kitty Ransom - Analysing HelloKitty Ransomware Attacks}}, date = {2021-02-10}, organization = {Cado Security}, url = {https://www.cadosecurity.com/post/punk-kitty-ransom-analysing-hellokitty-ransomware-attacks}, language = {English}, urldate = {2021-02-17} } Punk Kitty Ransom - Analysing HelloKitty Ransomware Attacks
HelloKitty
2021-01-18Cado Securitycadolabs
@online{cadolabs:20210118:botnet:f8ef420, author = {cadolabs}, title = {{Botnet Deploys Cloud and Container Attack Techniques}}, date = {2021-01-18}, organization = {Cado Security}, url = {https://www.cadosecurity.com/post/botnet-deploys-cloud-and-container-attack-techniques}, language = {English}, urldate = {2021-01-21} } Botnet Deploys Cloud and Container Attack Techniques
2020-12-14Cado SecurityChristopher Doman
@online{doman:20201214:responding:639d2ce, author = {Christopher Doman}, title = {{Responding to Solarigate}}, date = {2020-12-14}, organization = {Cado Security}, url = {https://www.cadosecurity.com/post/responding-to-solarigate}, language = {English}, urldate = {2020-12-14} } Responding to Solarigate
SUNBURST
2020-08-17Cado SecurityChris Doman
@online{doman:20200817:team:01dd484, author = {Chris Doman}, title = {{Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials}}, date = {2020-08-17}, organization = {Cado Security}, url = {https://www.cadosecurity.com/post/team-tnt-the-first-crypto-mining-worm-to-steal-aws-credentials}, language = {English}, urldate = {2021-03-12} } Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials
TeamTNT TeamTNT