Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-12-08ThreatFabricThreatFabric
@online{threatfabric:20221208:zombinder:e82734d, author = {ThreatFabric}, title = {{Zombinder: new obfuscation service used by Ermac, now distributed next to desktop stealers}}, date = {2022-12-08}, organization = {ThreatFabric}, url = {https://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html}, language = {English}, urldate = {2022-12-08} } Zombinder: new obfuscation service used by Ermac, now distributed next to desktop stealers
ERMAC Xenomorph
2022-11-04Github (hktalent)51pwn
@online{51pwn:20221104:behinder:2fe7382, author = {51pwn}, title = {{Behinder Mem Shell}}, date = {2022-11-04}, organization = {Github (hktalent)}, url = {https://github.com/hktalent/MyDocs/blob/main/BehinderShell.md}, language = {Chinese}, urldate = {2023-02-22} } Behinder Mem Shell
Behinder
2022-09-01ZscalerAtinderpal Singh, Brett Stone-Gross
@online{singh:20220901:no:82c1b51, author = {Atinderpal Singh and Brett Stone-Gross}, title = {{No Honor Among Thieves - Prynt Stealer’s Backdoor Exposed}}, date = {2022-09-01}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/no-honor-among-thieves-prynt-stealers-backdoor-exposed}, language = {English}, urldate = {2022-09-07} } No Honor Among Thieves - Prynt Stealer’s Backdoor Exposed
DarkEye Prynt Stealer WorldWind
2022-08-01ZscalerAtinderpal Singh
@online{singh:20220801:technical:ab3b0b8, author = {Atinderpal Singh}, title = {{Technical Analysis of Industrial Spy Ransomware}}, date = {2022-08-01}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/technical-analysis-industrial-spy-ransomware}, language = {English}, urldate = {2022-08-02} } Technical Analysis of Industrial Spy Ransomware
Industrial Spy
2022-07-20QianxinRed Raindrops Team
@online{team:20220720:sidewinder:8d70604, author = {Red Raindrops Team}, title = {{The Sidewinder (APT-Q-39) uses Google Play to spread an analysis of malicious Android software}}, date = {2022-07-20}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/analysis-of-malware-android-software-spread-by-sidewinder-using-google-play/}, language = {Chinese}, urldate = {2022-08-02} } The Sidewinder (APT-Q-39) uses Google Play to spread an analysis of malicious Android software
SideWinder
2022-07-14SophosAndrew Brandt, Sergio Bestulic, Harinder Bhathal, Andy French, Bill Kearney, Lee Kirkpatrick, Elida Leite, Peter Mackenzie, Robert Weiland
@online{brandt:20220714:blackcat:745470a, author = {Andrew Brandt and Sergio Bestulic and Harinder Bhathal and Andy French and Bill Kearney and Lee Kirkpatrick and Elida Leite and Peter Mackenzie and Robert Weiland}, title = {{BlackCat ransomware attacks not merely a byproduct of bad luck}}, date = {2022-07-14}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/07/14/blackcat-ransomware-attacks-not-merely-a-byproduct-of-bad-luck/}, language = {English}, urldate = {2022-07-25} } BlackCat ransomware attacks not merely a byproduct of bad luck
BlackCat BlackCat
2022-07-13Check PointCheck Point Research
@online{research:20220713:hit:79199ac, author = {Check Point Research}, title = {{A Hit is made: Suspected India-based Sidewinder APT successfully cyber attacks Pakistan military focused targets}}, date = {2022-07-13}, organization = {Check Point}, url = {https://blog.checkpoint.com/2022/07/13/a-hit-is-made-suspected-india-based-sidewinder-apt-successfully-cyber-attacks-pakistan-military-focused-targets/}, language = {English}, urldate = {2022-07-15} } A Hit is made: Suspected India-based Sidewinder APT successfully cyber attacks Pakistan military focused targets
Unidentified 093 (Sidewinder)
2022-06-30BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220630:threat:555a16b, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: China-Based APT Plays Auto-Updater Card to Deliver WinDealer Malware}}, date = {2022-06-30}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/06/threat-thursday-china-based-apt-plays-auto-updater-card-to-deliver-windealer-malware}, language = {English}, urldate = {2022-07-18} } Threat Thursday: China-Based APT Plays Auto-Updater Card to Deliver WinDealer Malware
WinDealer Red Nue
2022-06-02Kaspersky LabsGReAT
@online{great:20220602:windealer:a54c8c9, author = {GReAT}, title = {{WinDealer dealing on the side}}, date = {2022-06-02}, organization = {Kaspersky Labs}, url = {https://securelist.com/windealer-dealing-on-the-side/105946}, language = {English}, urldate = {2022-07-25} } WinDealer dealing on the side
WinDealer Red Nue
2022-06-02Kaspersky LabsGReAT
@online{great:20220602:windealer:04ad2d0, author = {GReAT}, title = {{WinDealer dealing on the side}}, date = {2022-06-02}, organization = {Kaspersky Labs}, url = {https://securelist.com/windealer-dealing-on-the-side/105946/}, language = {English}, urldate = {2022-06-04} } WinDealer dealing on the side
WinDealer
2022-06-01Group-IBNikita Rostovcev, Alexander Badaev
@online{rostovcev:20220601:sidewinderantibotscript:62cb932, author = {Nikita Rostovcev and Alexander Badaev}, title = {{SideWinder.AntiBot.Script Analysis of SideWinder's new infrastructure and tool that narrows their reach to Pakistan}}, date = {2022-06-01}, organization = {Group-IB}, url = {https://blog.group-ib.com/sidewinder-antibot}, language = {English}, urldate = {2022-06-02} } SideWinder.AntiBot.Script Analysis of SideWinder's new infrastructure and tool that narrows their reach to Pakistan
2022-05-18Weixin360 Threat Intelligence Center
@online{center:20220518:filesyncshelldll:4266601, author = {360 Threat Intelligence Center}, title = {{filesyncshell.dll hijacked? APT-C-24 Sidewinder Briefing on the Latest Attack Activity}}, date = {2022-05-18}, organization = {Weixin}, url = {https://mp.weixin.qq.com/s/qsGxZIiTsuI7o-_XmiHLHg}, language = {Chinese}, urldate = {2022-05-25} } filesyncshell.dll hijacked? APT-C-24 Sidewinder Briefing on the Latest Attack Activity
2022-01-06VMRayVMRay Labs Team
@online{team:20220106:malware:f4efbd5, author = {VMRay Labs Team}, title = {{Malware Analysis Spotlight: XLoader’ Cross-platform Support Utilizing XBinder}}, date = {2022-01-06}, organization = {VMRay}, url = {https://www.vmray.com/cyber-security-blog/malware-analysis-spotlight-xbinder-xloader/}, language = {English}, urldate = {2022-01-25} } Malware Analysis Spotlight: XLoader’ Cross-platform Support Utilizing XBinder
Xloader
2021-11-18SophosSean Gallagher, Vikas Singh, Robert Weiland, Elida Leite, Kyle Link, Ratul Ghosh, Harinder Bhathal, Sergio Bestuilic, Ferenc László Nagy, Rahul Dugar, Nirav Parekh, Gabor Szappanos
@online{gallagher:20211118:new:31668c5, author = {Sean Gallagher and Vikas Singh and Robert Weiland and Elida Leite and Kyle Link and Ratul Ghosh and Harinder Bhathal and Sergio Bestuilic and Ferenc László Nagy and Rahul Dugar and Nirav Parekh and Gabor Szappanos}, title = {{New ransomware actor uses password-protected archives to bypass encryption protection}}, date = {2021-11-18}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/?cmp=30728}, language = {English}, urldate = {2021-11-19} } New ransomware actor uses password-protected archives to bypass encryption protection
2021-10-26JPCERT/CCYuma Masubuchi
@online{masubuchi:20211026:malware:44bce23, author = {Yuma Masubuchi}, title = {{Malware WinDealer used by LuoYu Attack Group}}, date = {2021-10-26}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2021/10/windealer.html}, language = {English}, urldate = {2021-11-03} } Malware WinDealer used by LuoYu Attack Group
WinDealer Red Nue
2021-08-31ebryxAhmad Muneeb Khan, Syed Hasan Akhtar
@online{khan:20210831:exposing:c1c5458, author = {Ahmad Muneeb Khan and Syed Hasan Akhtar}, title = {{Exposing Sidewinder’s Arsenal against Windows}}, date = {2021-08-31}, organization = {ebryx}, url = {https://blog.ebryx.com/2021/08/31/exposing-sidewinders-arsenal-against-windows.html}, language = {English}, urldate = {2021-11-17} } Exposing Sidewinder’s Arsenal against Windows
2021-07-18CitizenLabBill Marczak, John Scott-Railton, Siena Anstis, Ron Deibert
@online{marczak:20210718:independent:f943436, author = {Bill Marczak and John Scott-Railton and Siena Anstis and Ron Deibert}, title = {{Independent Peer Review of Amnesty International’s Forensic Methods for Identifying Pegasus Spyware}}, date = {2021-07-18}, organization = {CitizenLab}, url = {https://citizenlab.ca/2021/07/amnesty-peer-review/}, language = {English}, urldate = {2021-07-21} } Independent Peer Review of Amnesty International’s Forensic Methods for Identifying Pegasus Spyware
Chrysaor
2021-07-04SophosMark Loman, Sean Gallagher, Anand Ajjan
@online{loman:20210704:independence:56ff257, author = {Mark Loman and Sean Gallagher and Anand Ajjan}, title = {{Independence Day: REvil uses supply chain exploit to attack hundreds of businesses}}, date = {2021-07-04}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses}, language = {English}, urldate = {2021-07-26} } Independence Day: REvil uses supply chain exploit to attack hundreds of businesses
REvil
2021-06-30GuardicoreLiad Mordekoviz, Ophir Harpaz
@online{mordekoviz:20210630:smb:93a9547, author = {Liad Mordekoviz and Ophir Harpaz}, title = {{SMB Worm “Indexsinas” Uses Lateral Movement to Infect Whole Networks}}, date = {2021-06-30}, organization = {Guardicore}, url = {https://www.guardicore.com/labs/smb-worm-indexsinas/}, language = {English}, urldate = {2021-07-02} } SMB Worm “Indexsinas” Uses Lateral Movement to Infect Whole Networks
2021-05-07Marco Ramilli
@online{ramilli:20210507:muddywater:a09bd20, author = {Marco Ramilli}, title = {{MuddyWater: Binder Project (Part 2)}}, date = {2021-05-07}, url = {https://marcoramilli.com/2021/05/07/muddywater-binder-project-part-2/}, language = {English}, urldate = {2021-05-17} } MuddyWater: Binder Project (Part 2)