Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-22eSentireJoe Stewart, Keegan Keplinger
@online{stewart:20230522:hunt:4c2c843, author = {Joe Stewart and Keegan Keplinger}, title = {{The Hunt for VENOM SPIDER PART 2}}, date = {2023-05-22}, organization = {eSentire}, url = {https://www.esentire.com/web-native-pages/the-hunt-for-venom-spider-part-2}, language = {English}, urldate = {2023-08-11} } The Hunt for VENOM SPIDER PART 2
VENOM SPIDER
2022-02-25FortinetRotem Sde-Or
@online{sdeor:20220225:hunt:7022dcc, author = {Rotem Sde-Or}, title = {{The Hunt for the Lost Soul: Unraveling the Evolution of the SoulSearcher Malware}}, date = {2022-02-25}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/unraveling-the-evolution-of-the-soul-searcher-malware}, language = {English}, urldate = {2022-03-02} } The Hunt for the Lost Soul: Unraveling the Evolution of the SoulSearcher Malware
Soul
2022-02-10BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220210:threat:3b6c884, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: BHunt Scavenger Harvests Victims’ Crypto Wallets}}, date = {2022-02-10}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/02/threat-thursday-bhunt-scavenger}, language = {English}, urldate = {2022-02-14} } Threat Thursday: BHunt Scavenger Harvests Victims’ Crypto Wallets
BHunt
2022-01-19KasperskyKirill Kruglov
@online{kruglov:20220119:campaigns:777f4f0, author = {Kirill Kruglov}, title = {{Campaigns abusing corporate trusted infrastructure hunt for corporate credentials on ICS networks}}, date = {2022-01-19}, organization = {Kaspersky}, url = {https://ics-cert.kaspersky.com/publications/reports/2022/1/19/campaigns-abusing-corporate-trusted-infrastructure-hunt-for-corporate-credentials-on-ics-networks}, language = {English}, urldate = {2022-01-24} } Campaigns abusing corporate trusted infrastructure hunt for corporate credentials on ICS networks
2022-01-19BleepingComputerBill Toulas
@online{toulas:20220119:new:278c493, author = {Bill Toulas}, title = {{New BHUNT malware targets your crypto wallets and passwords}}, date = {2022-01-19}, organization = {BleepingComputer}, url = {https://www.bleepingcomputer.com/news/security/new-bhunt-malware-targets-your-crypto-wallets-and-passwords/}, language = {English}, urldate = {2022-02-19} } New BHUNT malware targets your crypto wallets and passwords
BHunt
2022-01-18BitdefenderJanos Gergo Szeles
@techreport{szeles:20220118:poking:a2bd8a5, author = {Janos Gergo Szeles}, title = {{Poking Holes in Crypto-Wallets: a Short Analysis of BHUNT Stealer}}, date = {2022-01-18}, institution = {Bitdefender}, url = {https://www.bitdefender.com/files/News/CaseStudies/study/411/Bitdefender-PR-Whitepaper-CyberWallet-creat5874-en-EN.pdf}, language = {English}, urldate = {2022-02-26} } Poking Holes in Crypto-Wallets: a Short Analysis of BHUNT Stealer
BHunt
2022-01-13Kaspersky LabsSeongsu Park, Vitaly Kamluk
@online{park:20220113:bluenoroff:a3ce5e4, author = {Seongsu Park and Vitaly Kamluk}, title = {{The BlueNoroff cryptocurrency hunt is still on}}, date = {2022-01-13}, organization = {Kaspersky Labs}, url = {https://securelist.com/the-bluenoroff-cryptocurrency-hunt-is-still-on/105488/}, language = {English}, urldate = {2023-08-10} } The BlueNoroff cryptocurrency hunt is still on
CageyChameleon SnatchCrypto WebbyTea
2021-11-17BBCJoe Tidy
@online{tidy:20211117:evil:bbce2b5, author = {Joe Tidy}, title = {{Evil Corp: 'My hunt for the world's most wanted hackers'}}, date = {2021-11-17}, organization = {BBC}, url = {https://www.bbc.com/news/technology-59297187}, language = {English}, urldate = {2021-11-18} } Evil Corp: 'My hunt for the world's most wanted hackers'
REvil REvil
2021-11-10MicrosoftJohn Lambert
@online{lambert:20211110:hunt:8ab9e28, author = {John Lambert}, title = {{The hunt for NOBELIUM, the most sophisticated nation-state attack in history}}, date = {2021-11-10}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/10/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history/}, language = {English}, urldate = {2021-11-17} } The hunt for NOBELIUM, the most sophisticated nation-state attack in history
2021-10-22HUNT & HACKETTKrijn de Mik
@online{mik:20211022:advanced:e22d6f6, author = {Krijn de Mik}, title = {{Advanced IP Scanner: the preferred scanner in the A(P)T toolbox}}, date = {2021-10-22}, organization = {HUNT & HACKETT}, url = {https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox}, language = {English}, urldate = {2021-11-02} } Advanced IP Scanner: the preferred scanner in the A(P)T toolbox
Conti DarkSide Dharma Egregor Hades REvil Ryuk
2021-07-28PrevailionPrevailion
@online{prevailion:20210728:cert:296a6ee, author = {Prevailion}, title = {{Cert Safari: Leveraging TLS Certificates to Hunt Evil}}, date = {2021-07-28}, organization = {Prevailion}, url = {https://www.prevailion.com/cert-safari-leveraging-tls-certificates-to-hunt-evil/}, language = {English}, urldate = {2021-08-02} } Cert Safari: Leveraging TLS Certificates to Hunt Evil
2021-07-20Huntress LabsJohn Hammond
@online{hammond:20210720:security:50ec27a, author = {John Hammond}, title = {{Security Researchers’ Hunt to Discover Origins of the Kaseya VSA Mass Ransomware Incident}}, date = {2021-07-20}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/security-researchers-hunt-to-discover-origins-of-the-kaseya-vsa-mass-ransomware-incident}, language = {English}, urldate = {2021-07-26} } Security Researchers’ Hunt to Discover Origins of the Kaseya VSA Mass Ransomware Incident
REvil
2021-06-10HUNT & HACKETTKrijn de Mik
@online{mik:20210610:revil:ea22471, author = {Krijn de Mik}, title = {{REvil: the usage of legitimate remote admin tooling}}, date = {2021-06-10}, organization = {HUNT & HACKETT}, url = {https://www.huntandhackett.com/blog/revil-the-usage-of-legitimate-remote-admin-tooling}, language = {English}, urldate = {2021-06-16} } REvil: the usage of legitimate remote admin tooling
REvil
2021-05-02The RecordCatalin Cimpanu
@online{cimpanu:20210502:doj:9d42ffb, author = {Catalin Cimpanu}, title = {{DOJ hiring new liaison prosecutor to hunt cybercriminals in Eastern Europe}}, date = {2021-05-02}, organization = {The Record}, url = {https://therecord.media/doj-hiring-new-liaison-prosecutor-to-hunt-cybercriminals-in-eastern-europe/}, language = {English}, urldate = {2021-05-03} } DOJ hiring new liaison prosecutor to hunt cybercriminals in Eastern Europe
2021-03-18Github (cisagov)CISA
@online{cisa:20210318:cisa:49f510f, author = {CISA}, title = {{CISA Hunt and Incident Response Program (CHIRP)}}, date = {2021-03-18}, organization = {Github (cisagov)}, url = {https://github.com/cisagov/CHIRP}, language = {English}, urldate = {2021-03-19} } CISA Hunt and Incident Response Program (CHIRP)
SUNBURST
2021-02-25MicrosoftMicrosoft
@online{microsoft:20210225:codeql:a43a525, author = {Microsoft}, title = {{CodeQL queries to hunt for Solorigate activity}}, date = {2021-02-25}, organization = {Microsoft}, url = {https://github.com/github/codeql/tree/main/csharp/ql/src/experimental/Security%20Features/campaign}, language = {English}, urldate = {2021-02-25} } CodeQL queries to hunt for Solorigate activity
SUNBURST
2021-02-25MicrosoftMicrosoft Identity Security Team
@online{team:20210225:microsoft:bd11fce, author = {Microsoft Identity Security Team}, title = {{Microsoft open sources CodeQL queries used to hunt for Solorigate activity}}, date = {2021-02-25}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/02/25/microsoft-open-sources-codeql-queries-used-to-hunt-for-solorigate-activity/}, language = {English}, urldate = {2021-02-25} } Microsoft open sources CodeQL queries used to hunt for Solorigate activity
SUNBURST
2021-01-11Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20210111:xhunt:20574a1, author = {Robert Falcone}, title = {{xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement}}, date = {2021-01-11}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/bumblebee-webshell-xhunt-campaign/}, language = {English}, urldate = {2022-08-08} } xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement
2020-12-15Cyborg SecurityAustin Jackson
@online{jackson:20201215:threat:00bfb46, author = {Austin Jackson}, title = {{Threat Hunt Deep Dives: SolarWinds Supply Chain Compromise (Solorigate / SUNBURST Backdoor)}}, date = {2020-12-15}, organization = {Cyborg Security}, url = {https://www.cyborgsecurity.com/cyborg_labs/threat-hunt-deep-dives-solarwinds-supply-chain-compromise-solorigate-sunburst-backdoor/}, language = {English}, urldate = {2020-12-23} } Threat Hunt Deep Dives: SolarWinds Supply Chain Compromise (Solorigate / SUNBURST Backdoor)
SUNBURST
2020-11-09Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20201109:xhunt:1d9f468, author = {Robert Falcone}, title = {{xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control}}, date = {2020-11-09}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/xhunt-campaign-backdoors/}, language = {English}, urldate = {2020-11-09} } xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control
Snugy