Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-09CybereasonLior Rochberger
@online{rochberger:20220509:cybereason:9178f63, author = {Lior Rochberger}, title = {{Cybereason vs. Quantum Locker Ransomware}}, date = {2022-05-09}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware}, language = {English}, urldate = {2022-05-11} } Cybereason vs. Quantum Locker Ransomware
IcedID Mount Locker
2022-05-04CybereasonChen Erlich, Fusao Tanida, Ofir Ozer, Akihiro Tomita, Niv Yona, Daniel Frank, Assaf Dahan
@online{erlich:20220504:operation:0d23595, author = {Chen Erlich and Fusao Tanida and Ofir Ozer and Akihiro Tomita and Niv Yona and Daniel Frank and Assaf Dahan}, title = {{Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques}}, date = {2022-05-04}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-cuckoobees-deep-dive-into-stealthy-winnti-techniques}, language = {English}, urldate = {2022-05-09} } Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques
PRIVATELOG Spyder STASHLOG Winnti
2022-05-04CybereasonChen Erlich, Fusao Tanida, Ofir Ozer, Akihiro Tomita, Niv Yona, Daniel Frank, Assaf Dahan
@online{erlich:20220504:operation:e40ec58, author = {Chen Erlich and Fusao Tanida and Ofir Ozer and Akihiro Tomita and Niv Yona and Daniel Frank and Assaf Dahan}, title = {{Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive}}, date = {2022-05-04}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive}, language = {English}, urldate = {2022-05-05} } Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive
PRIVATELOG Spyder STASHLOG Winnti
2022-04-25CybereasonAleksandar Milenkoski, Loïc Castel, Yonatan Gidnian
@online{milenkoski:20220425:threat:14aee4f, author = {Aleksandar Milenkoski and Loïc Castel and Yonatan Gidnian}, title = {{THREAT ANALYSIS REPORT: SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems}}, date = {2022-04-25}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-socgholish-and-zloader-from-fake-updates-and-installers-to-owning-your-systems}, language = {English}, urldate = {2022-04-29} } THREAT ANALYSIS REPORT: SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems
FAKEUPDATES Zloader
2022-03-01CybereasonTom Fakterman, Ohav Peri
@online{fakterman:20220301:cybereason:b40f6c6, author = {Tom Fakterman and Ohav Peri}, title = {{Cybereason vs. BlackCat Ransomware}}, date = {2022-03-01}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/cybereason-vs.-blackcat-ransomware}, language = {English}, urldate = {2022-03-07} } Cybereason vs. BlackCat Ransomware
BlackCat
2022-02-10CybereasonCybereason Global SOC Team
@online{team:20220210:threat:320574f, author = {Cybereason Global SOC Team}, title = {{Threat Analysis Report: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot}}, date = {2022-02-10}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-all-paths-lead-to-cobalt-strike-icedid-emotet-and-qbot}, language = {English}, urldate = {2022-02-10} } Threat Analysis Report: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot
Cobalt Strike Emotet IcedID QakBot
2022-02-08CybereasonLior Rochberger
@online{rochberger:20220208:cybereason:42a7ee9, author = {Lior Rochberger}, title = {{Cybereason vs. Lorenz Ransomware}}, date = {2022-02-08}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/cybereason-vs.-lorenz-ransomware}, language = {English}, urldate = {2022-02-10} } Cybereason vs. Lorenz Ransomware
Lorenz
2022-02-01CybereasonTom Fakterman
@online{fakterman:20220201:strifewater:a2694c3, author = {Tom Fakterman}, title = {{StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations}}, date = {2022-02-01}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/strifewater-rat-iranian-apt-moses-staff-adds-new-trojan-to-ransomware-operations}, language = {English}, urldate = {2022-02-02} } StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations
StrifeWater RAT MosesStaff
2022-02-01CybereasonDaniel Frank
@online{frank:20220201:powerless:2b9c48c, author = {Daniel Frank}, title = {{PowerLess Trojan: Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage}}, date = {2022-02-01}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/powerless-trojan-iranian-apt-phosphorus-adds-new-powershell-backdoor-for-espionage}, language = {English}, urldate = {2022-02-02} } PowerLess Trojan: Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage
2022-01-11CybereasonOmri Refaeli, Chen Erlich, Ofir Ozer, Niv Yona, Daichi Shimabukuro
@online{refaeli:20220111:threat:fd22089, author = {Omri Refaeli and Chen Erlich and Ofir Ozer and Niv Yona and Daichi Shimabukuro}, title = {{Threat Analysis Report: DatopLoader Exploits ProxyShell to Deliver QBOT and Cobalt Strike}}, date = {2022-01-11}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-datoploader-exploits-proxyshell-to-deliver-qbot-and-cobalt-strike}, language = {English}, urldate = {2022-01-18} } Threat Analysis Report: DatopLoader Exploits ProxyShell to Deliver QBOT and Cobalt Strike
Cobalt Strike QakBot Squirrelwaffle
2021-12-16CybereasonAleksandar Milenkoski, Kotaro Ogino
@online{milenkoski:20211216:inside:40c2e51, author = {Aleksandar Milenkoski and Kotaro Ogino}, title = {{Inside the LockBit Arsenal - The StealBit Exfiltration Tool}}, date = {2021-12-16}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-inside-the-lockbit-arsenal-the-stealbit-exfiltration-tool}, language = {English}, urldate = {2022-02-04} } Inside the LockBit Arsenal - The StealBit Exfiltration Tool
LockBit StealBit
2021-11-09CybereasonAleksandar Milenkoski, Eli Salem
@online{milenkoski:20211109:threat:9f898c9, author = {Aleksandar Milenkoski and Eli Salem}, title = {{THREAT ANALYSIS REPORT: From Shatak Emails to the Conti Ransomware}}, date = {2021-11-09}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-from-shatak-emails-to-the-conti-ransomware}, language = {English}, urldate = {2022-02-09} } THREAT ANALYSIS REPORT: From Shatak Emails to the Conti Ransomware
Cobalt Strike Conti
2021-10-28CybereasonAleksandar Milenkoski, Brian Janower
@online{milenkoski:20211028:threat:8d45698, author = {Aleksandar Milenkoski and Brian Janower}, title = {{THREAT ANALYSIS REPORT: Snake Infostealer Malware}}, date = {2021-10-28}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-snake-infostealer-malware}, language = {English}, urldate = {2021-11-03} } THREAT ANALYSIS REPORT: Snake Infostealer Malware
404 Keylogger
2021-10-27CybereasonGal Romano, Rotem Rostami, Aleksandar Milenkoski
@online{romano:20211027:threat:f8b736b, author = {Gal Romano and Rotem Rostami and Aleksandar Milenkoski}, title = {{THREAT ALERT: Malicious Code Implant in the UAParser.js Library}}, date = {2021-10-27}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-alert-malicious-code-implant-in-the-uaparser.js-library}, language = {English}, urldate = {2021-11-03} } THREAT ALERT: Malicious Code Implant in the UAParser.js Library
2021-10-06CybereasonTom Fakterman, Daniel Frank, Chen Erlich, Assaf Dahan
@online{fakterman:20211006:operation:9a1ec21, author = {Tom Fakterman and Daniel Frank and Chen Erlich and Assaf Dahan}, title = {{Operation GhostShell: Novel RAT Targets Global Aerospace and Telecoms Firms}}, date = {2021-10-06}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-ghostshell-novel-rat-targets-global-aerospace-and-telecoms-firms}, language = {English}, urldate = {2021-10-24} } Operation GhostShell: Novel RAT Targets Global Aerospace and Telecoms Firms
ShellClient RAT
2021-09-27CybereasonAleksandar Milenkoski
@online{milenkoski:20210927:threat:843919b, author = {Aleksandar Milenkoski}, title = {{Threat Analysis Report: Inside the Destructive PYSA Ransomware}}, date = {2021-09-27}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-inside-the-destructive-pysa-ransomware}, language = {English}, urldate = {2021-09-28} } Threat Analysis Report: Inside the Destructive PYSA Ransomware
Mespinoza
2021-09-22CybereasonAleksandar Milenkoski, Eli Salem
@online{milenkoski:20210922:threat:cba08ae, author = {Aleksandar Milenkoski and Eli Salem}, title = {{Threat Analysis Report: PrintNightmare and Magniber Ransomware}}, date = {2021-09-22}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-printnightmare-and-magniber-ransomware}, language = {English}, urldate = {2021-09-28} } Threat Analysis Report: PrintNightmare and Magniber Ransomware
Magniber
2021-08-11CybereasonTony Bradley
@online{bradley:20210811:rising:3bef356, author = {Tony Bradley}, title = {{The Rising Threat from LockBit Ransomware}}, date = {2021-08-11}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/rising-threat-from-lockbit-ransomware}, language = {English}, urldate = {2022-02-14} } The Rising Threat from LockBit Ransomware
LockBit
2021-08-03CybereasonAssaf Dahan, Lior Rochberger, Daniel Frank, Tom Fakterman
@online{dahan:20210803:deadringer:908e8d5, author = {Assaf Dahan and Lior Rochberger and Daniel Frank and Tom Fakterman}, title = {{DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos}}, date = {2021-08-03}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/deadringer-exposing-chinese-threat-actors-targeting-major-telcos}, language = {English}, urldate = {2021-08-06} } DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos
CHINACHOPPER Cobalt Strike MimiKatz Nebulae
2021-07-15CybereasonCybereason Nocturnus
@online{nocturnus:20210715:cybereason:06113e5, author = {Cybereason Nocturnus}, title = {{cybereason vs. prometheus ransomware}}, date = {2021-07-15}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/cybereason-vs.-prometheus-ransomware}, language = {English}, urldate = {2021-08-03} } cybereason vs. prometheus ransomware
Hakbit Prometheus