Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-02-14CybereasonCybereason Incident Response (IR) team
@techreport{team:20230214:gootloader:8d38f70, author = {Cybereason Incident Response (IR) team}, title = {{GootLoader - SEO Poisoning and Large Payloads Leading to Compromise}}, date = {2023-02-14}, institution = {Cybereason}, url = {https://web.archive.org/web/20230209123148/https://www.cybereason.com/hubfs/THREAT%20ALERT%20GootLoader%20-%20Large%20payload%20leading%20to%20compromise%20(BLOG).pdf}, language = {English}, urldate = {2023-07-31} } GootLoader - SEO Poisoning and Large Payloads Leading to Compromise
GootLoader Cobalt Strike SystemBC
2022-12-14CybereasonEli Salem, Alon Laufer, Mark Tsipershtein
@online{salem:20221214:royal:c5960bd, author = {Eli Salem and Alon Laufer and Mark Tsipershtein}, title = {{Royal Rumble: Analysis of Royal Ransomware}}, date = {2022-12-14}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/royal-ransomware-analysis}, language = {English}, urldate = {2022-12-15} } Royal Rumble: Analysis of Royal Ransomware
Royal Ransom
2022-12-05CybereasonKotaro Ogino, Ralph Villanueva, Robin Plumer
@online{ogino:20221205:threat:b2ffad4, author = {Kotaro Ogino and Ralph Villanueva and Robin Plumer}, title = {{Threat Analysis: MSI - Masquerading as a Software Installer}}, date = {2022-12-05}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-msi-masquerading-as-software-installer}, language = {English}, urldate = {2022-12-05} } Threat Analysis: MSI - Masquerading as a Software Installer
Magniber Matanbuchus QakBot
2022-11-23CybereasonCybereason Global SOC Team
@online{team:20221123:threat:17093cc, author = {Cybereason Global SOC Team}, title = {{THREAT ALERT: Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies}}, date = {2022-11-23}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-alert-aggressive-qakbot-campaign-and-the-black-basta-ransomware-group-targeting-u.s.-companies}, language = {English}, urldate = {2022-11-25} } THREAT ALERT: Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies
Black Basta QakBot
2022-09-14CybereasonDerrick Masters, Loïc Castel
@online{masters:20220914:threat:5694e61, author = {Derrick Masters and Loïc Castel}, title = {{THREAT ANALYSIS REPORT: Abusing Notepad++ Plugins for Evasion and Persistence}}, date = {2022-09-14}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-abusing-notepad-plugins-for-evasion-and-persistence}, language = {English}, urldate = {2022-09-19} } THREAT ANALYSIS REPORT: Abusing Notepad++ Plugins for Evasion and Persistence
Meterpreter
2022-09-08CybereasonKotaro Ogino, Yuki Shibuya, Aleksandar Milenkoski
@online{ogino:20220908:threat:2ec8deb, author = {Kotaro Ogino and Yuki Shibuya and Aleksandar Milenkoski}, title = {{Threat Analysis Report: PlugX RAT Loader Evolution}}, date = {2022-09-08}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution}, language = {English}, urldate = {2022-09-13} } Threat Analysis Report: PlugX RAT Loader Evolution
PlugX
2022-08-19CybereasonMark Tsipershtein
@online{tsipershtein:20220819:threat:d0785bf, author = {Mark Tsipershtein}, title = {{THREAT ALERT: Inside the Redeemer 2.0 Ransomware}}, date = {2022-08-19}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-alert-inside-the-redeemer-2.0-ransomware}, language = {English}, urldate = {2022-08-22} } THREAT ALERT: Inside the Redeemer 2.0 Ransomware
2022-08-17CybereasonCybereason Global SOC Team
@online{team:20220817:bumblebee:56dc043, author = {Cybereason Global SOC Team}, title = {{Bumblebee Loader – The High Road to Enterprise Domain Control}}, date = {2022-08-17}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-bumblebee-loader-the-high-road-to-enterprise-domain-control}, language = {English}, urldate = {2022-08-19} } Bumblebee Loader – The High Road to Enterprise Domain Control
BumbleBee Cobalt Strike
2022-07-07CybereasonCybereason Global SOC Team
@online{team:20220707:threat:9f9399b, author = {Cybereason Global SOC Team}, title = {{THREAT ANALYSIS REPORT: LockBit 2.0 - All Paths Lead to Ransom}}, date = {2022-07-07}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-lockbit-2.0-all-paths-lead-to-ransom}, language = {English}, urldate = {2022-07-12} } THREAT ANALYSIS REPORT: LockBit 2.0 - All Paths Lead to Ransom
LockBit
2022-07-07CybereasonLoïc Castel
@online{castel:20220707:threat:e7717e8, author = {Loïc Castel}, title = {{THREAT ALERT: Raspberry Robin Worm Abuses Windows Installer and QNAP Devices}}, date = {2022-07-07}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-alert-raspberry-robin-worm-abuses-windows-installer-and-qnap-devices}, language = {English}, urldate = {2022-07-12} } THREAT ALERT: Raspberry Robin Worm Abuses Windows Installer and QNAP Devices
Raspberry Robin
2022-05-09CybereasonLior Rochberger
@online{rochberger:20220509:cybereason:9178f63, author = {Lior Rochberger}, title = {{Cybereason vs. Quantum Locker Ransomware}}, date = {2022-05-09}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware}, language = {English}, urldate = {2022-05-11} } Cybereason vs. Quantum Locker Ransomware
IcedID Mount Locker
2022-05-04CybereasonChen Erlich, Fusao Tanida, Ofir Ozer, Akihiro Tomita, Niv Yona, Daniel Frank, Assaf Dahan
@online{erlich:20220504:operation:0d23595, author = {Chen Erlich and Fusao Tanida and Ofir Ozer and Akihiro Tomita and Niv Yona and Daniel Frank and Assaf Dahan}, title = {{Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques}}, date = {2022-05-04}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-cuckoobees-deep-dive-into-stealthy-winnti-techniques}, language = {English}, urldate = {2022-05-09} } Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques
PRIVATELOG Spyder STASHLOG Winnti
2022-05-04CybereasonChen Erlich, Fusao Tanida, Ofir Ozer, Akihiro Tomita, Niv Yona, Daniel Frank, Assaf Dahan
@online{erlich:20220504:operation:e40ec58, author = {Chen Erlich and Fusao Tanida and Ofir Ozer and Akihiro Tomita and Niv Yona and Daniel Frank and Assaf Dahan}, title = {{Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive}}, date = {2022-05-04}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive}, language = {English}, urldate = {2022-05-05} } Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive
PRIVATELOG Spyder STASHLOG Winnti
2022-04-30CybereasonDaniel Frank, Assaf Dahan
@online{frank:20220430:portdoor:1dca82a, author = {Daniel Frank and Assaf Dahan}, title = {{PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector}}, date = {2022-04-30}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/research/portdoor-new-chinese-apt-backdoor-attack-targets-russian-defense-sector}, language = {English}, urldate = {2022-08-09} } PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector
PortDoor
2022-04-25CybereasonAleksandar Milenkoski, Loïc Castel, Yonatan Gidnian
@online{milenkoski:20220425:threat:14aee4f, author = {Aleksandar Milenkoski and Loïc Castel and Yonatan Gidnian}, title = {{THREAT ANALYSIS REPORT: SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems}}, date = {2022-04-25}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-socgholish-and-zloader-from-fake-updates-and-installers-to-owning-your-systems}, language = {English}, urldate = {2022-04-29} } THREAT ANALYSIS REPORT: SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems
FAKEUPDATES Zloader
2022-04-06CybereasonCybereason Nocturnus
@online{nocturnus:20220406:operation:5add58e, author = {Cybereason Nocturnus}, title = {{Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials}}, date = {2022-04-06}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials}, language = {English}, urldate = {2022-06-27} } Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials
Barb(ie) Downloader BarbWire
2022-04-06CybereasonCybereason Nocturnus
@online{nocturnus:20220406:operation:f2775e3, author = {Cybereason Nocturnus}, title = {{Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials}}, date = {2022-04-06}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials#iocs}, language = {English}, urldate = {2022-06-09} } Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials
2022-03-01CybereasonTom Fakterman, Ohav Peri
@online{fakterman:20220301:cybereason:b40f6c6, author = {Tom Fakterman and Ohav Peri}, title = {{Cybereason vs. BlackCat Ransomware}}, date = {2022-03-01}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/cybereason-vs.-blackcat-ransomware}, language = {English}, urldate = {2022-03-07} } Cybereason vs. BlackCat Ransomware
BlackCat
2022-02-10CybereasonCybereason Global SOC Team
@online{team:20220210:threat:320574f, author = {Cybereason Global SOC Team}, title = {{Threat Analysis Report: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot}}, date = {2022-02-10}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-all-paths-lead-to-cobalt-strike-icedid-emotet-and-qbot}, language = {English}, urldate = {2022-02-10} } Threat Analysis Report: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot
Cobalt Strike Emotet IcedID QakBot
2022-02-08CybereasonLior Rochberger
@online{rochberger:20220208:cybereason:42a7ee9, author = {Lior Rochberger}, title = {{Cybereason vs. Lorenz Ransomware}}, date = {2022-02-08}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/cybereason-vs.-lorenz-ransomware}, language = {English}, urldate = {2022-02-10} } Cybereason vs. Lorenz Ransomware
Lorenz