Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-20SecurityIntelligenceJohn Dwyer
@online{dwyer:20230320:when:3f1345c, author = {John Dwyer}, title = {{When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule}}, date = {2023-03-20}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/posts/defensive-considerations-lazarus-fudmodule/}, language = {English}, urldate = {2023-03-21} } When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule
FudModule
2023-03-07TrellixPham Duy Phuc, Raghav Kapoor, John Fokker, Alejandro Houspanossian, Mathanraj Thangaraju
@online{phuc:20230307:qakbot:a1aef8e, author = {Pham Duy Phuc and Raghav Kapoor and John Fokker and Alejandro Houspanossian and Mathanraj Thangaraju}, title = {{Qakbot Evolves to OneNote Malware Distribution}}, date = {2023-03-07}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/research/qakbot-evolves-to-onenote-malware-distribution.html}, language = {English}, urldate = {2023-03-13} } Qakbot Evolves to OneNote Malware Distribution
QakBot
2023-01-24TrellixDaksh Kapur, Tomer Shloman, Robert Venal, John Fokker
@online{kapur:20230124:cyberattacks:0a05372, author = {Daksh Kapur and Tomer Shloman and Robert Venal and John Fokker}, title = {{Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity}}, date = {2023-01-24}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/research/cyberattacks-targeting-ukraine-increase.html}, language = {English}, urldate = {2023-01-25} } Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity
Andromeda Formbook Houdini Remcos
2023-01-05MandiantSarah Hawley, Gabby Roncone, Tyler McLellan, Eduardo Mattos, John Wolfram
@online{hawley:20230105:turla:f1d8f9b, author = {Sarah Hawley and Gabby Roncone and Tyler McLellan and Eduardo Mattos and John Wolfram}, title = {{Turla: A Galaxy of Opportunity}}, date = {2023-01-05}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/turla-galaxy-opportunity}, language = {English}, urldate = {2023-01-05} } Turla: A Galaxy of Opportunity
KopiLuwak Andromeda QUIETCANARY
2022-11-28MandiantRyan Tomcik, John Wolfram, Tommy Dacanay, Geoff Ackerman
@online{tomcik:20221128:always:f073a0d, author = {Ryan Tomcik and John Wolfram and Tommy Dacanay and Geoff Ackerman}, title = {{Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia}}, date = {2022-11-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/china-nexus-espionage-southeast-asia}, language = {English}, urldate = {2022-12-02} } Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia
BLUEHAZE DARKDEW MISTCLOAK
2022-10-04YouTube (John Hammond)John Hammond
@online{hammond:20221004:havoc:ba93acc, author = {John Hammond}, title = {{HAVOC C2 - Demon Bypasses Windows 11 Defender}}, date = {2022-10-04}, organization = {YouTube (John Hammond)}, url = {https://www.youtube.com/watch?v=ErPKP4Ms28s}, language = {English}, urldate = {2022-10-12} } HAVOC C2 - Demon Bypasses Windows 11 Defender
Havoc
2022-08-30Medium the_abjuri5tJohn F
@online{f:20220830:nanocore:86aa443, author = {John F}, title = {{NanoCore RAT Hunting Guide}}, date = {2022-08-30}, organization = {Medium the_abjuri5t}, url = {https://medium.com/@the_abjuri5t/nanocore-rat-hunting-guide-cb185473c1e0}, language = {English}, urldate = {2022-08-30} } NanoCore RAT Hunting Guide
Nanocore RAT
2022-06-30Trend MicroKenneth Adrian Apostol, Paolo Ronniel Labrador, Mirah Manlapig, James Panlilio, Emmanuel Panopio, John Kenneth Reyes, Melvin Singwa
@online{apostol:20220630:black:7464953, author = {Kenneth Adrian Apostol and Paolo Ronniel Labrador and Mirah Manlapig and James Panlilio and Emmanuel Panopio and John Kenneth Reyes and Melvin Singwa}, title = {{Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit}}, date = {2022-06-30}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html}, language = {English}, urldate = {2022-07-05} } Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit
Black Basta Cobalt Strike QakBot
2022-06-08TrustwaveJohn Anderson
@online{anderson:20220608:not:5c393ce, author = {John Anderson}, title = {{Not all "Internet Connections" are Equal}}, date = {2022-06-08}, organization = {Trustwave}, url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/not-all-internet-connections-are-equal}, language = {English}, urldate = {2022-08-17} } Not all "Internet Connections" are Equal
2022-04-29MandiantJohn Wolfram, Sarah Hawley, Tyler McLellan, Nick Simonian, Anders Vejlby
@online{wolfram:20220429:trello:c078513, author = {John Wolfram and Sarah Hawley and Tyler McLellan and Nick Simonian and Anders Vejlby}, title = {{Trello From the Other Side: Tracking APT29 Phishing Campaigns}}, date = {2022-04-29}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/tracking-apt29-phishing-campaigns}, language = {English}, urldate = {2022-10-19} } Trello From the Other Side: Tracking APT29 Phishing Campaigns
BEATDROP VaporRage
2022-04-28MandiantJohn Wolfram, Sarah Hawley, Tyler McLellan, Nick Simonian, Anders Vejlby
@online{wolfram:20220428:trello:dab21ca, author = {John Wolfram and Sarah Hawley and Tyler McLellan and Nick Simonian and Anders Vejlby}, title = {{Trello From the Other Side: Tracking APT29 Phishing Campaigns}}, date = {2022-04-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns}, language = {English}, urldate = {2022-04-29} } Trello From the Other Side: Tracking APT29 Phishing Campaigns
Cobalt Strike
2022-04-18CitizenLabJohn Scott-Railton, Elies Campo, Bill Marczak, Bahr Abdul Razzak, Siena Anstis, Gözde Böcü, Salvatore Solimano, Ron Deibert
@online{scottrailton:20220418:catalangate:95aa638, author = {John Scott-Railton and Elies Campo and Bill Marczak and Bahr Abdul Razzak and Siena Anstis and Gözde Böcü and Salvatore Solimano and Ron Deibert}, title = {{CatalanGate Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru}}, date = {2022-04-18}, organization = {CitizenLab}, url = {https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/}, language = {English}, urldate = {2022-04-20} } CatalanGate Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru
Chrysaor
2022-04-12SophosAndrew Brandt, Angela Gunn, Melissa Kelly, Peter Mackenzie, Ferenc László Nagy, Mauricio Valdivieso, Sergio Bestulic, Johnathan Fern, Linda Smith, Matthew Everts
@online{brandt:20220412:attackers:f9f5c52, author = {Andrew Brandt and Angela Gunn and Melissa Kelly and Peter Mackenzie and Ferenc László Nagy and Mauricio Valdivieso and Sergio Bestulic and Johnathan Fern and Linda Smith and Matthew Everts}, title = {{Attackers linger on government agency computers before deploying Lockbit ransomware}}, date = {2022-04-12}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/04/12/attackers-linger-on-government-agency-computers-before-deploying-lockbit-ransomware/}, language = {English}, urldate = {2022-04-15} } Attackers linger on government agency computers before deploying Lockbit ransomware
LockBit
2022-04-05Medium jsecurity101Jonathan Johnson
@online{johnson:20220405:bypassing:2397ea1, author = {Jonathan Johnson}, title = {{Bypassing Access Mask Auditing Strategies}}, date = {2022-04-05}, organization = {Medium jsecurity101}, url = {https://jsecurity101.medium.com/bypassing-access-mask-auditing-strategies-480fb641c158}, language = {English}, urldate = {2022-04-15} } Bypassing Access Mask Auditing Strategies
2022-03-31TrellixJohn Fokker, Jambul Tologonov
@online{fokker:20220331:conti:3bc2974, author = {John Fokker and Jambul Tologonov}, title = {{Conti Leaks: Examining the Panama Papers of Ransomware}}, date = {2022-03-31}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/conti-leaks-examining-the-panama-papers-of-ransomware.html}, language = {English}, urldate = {2022-04-07} } Conti Leaks: Examining the Panama Papers of Ransomware
LockBit Amadey Buer Conti IcedID LockBit Mailto Maze PhotoLoader Ryuk TrickBot
2022-03-28MandiantGeoff Ackerman, Tufail Ahmed, James Maclachlan, Dallin Warne, John Wolfram, Brandon Wilbur
@online{ackerman:20220328:forged:3105d8e, author = {Geoff Ackerman and Tufail Ahmed and James Maclachlan and Dallin Warne and John Wolfram and Brandon Wilbur}, title = {{Forged in Fire: A Survey of MobileIron Log4Shell Exploitation}}, date = {2022-03-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/mobileiron-log4shell-exploitation}, language = {English}, urldate = {2022-03-30} } Forged in Fire: A Survey of MobileIron Log4Shell Exploitation
KEYPLUG
2022-03-23MandiantMichael Barnhart, Michelle Cantos, Jeffery Johnson, Elias fox, Gary Freas, Dan Scott
@online{barnhart:20220323:not:ca8438c, author = {Michael Barnhart and Michelle Cantos and Jeffery Johnson and Elias fox and Gary Freas and Dan Scott}, title = {{Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations}}, date = {2022-03-23}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/mapping-dprk-groups-to-government}, language = {English}, urldate = {2022-03-25} } Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations
2022-03-21IEEEPierce Ryan, John Fokker, Sorcha Healy, Andreas Amann
@online{ryan:20220321:dynamics:29d9088, author = {Pierce Ryan and John Fokker and Sorcha Healy and Andreas Amann}, title = {{Dynamics of Targeted Ransomware Negotiation}}, date = {2022-03-21}, organization = {IEEE}, url = {https://ieeexplore.ieee.org/document/9738625}, language = {English}, urldate = {2022-04-05} } Dynamics of Targeted Ransomware Negotiation
2022-03-17TrellixThibault Seret, John Fokker
@online{seret:20220317:suspected:f30741a, author = {Thibault Seret and John Fokker}, title = {{Suspected DarkHotel APT activity update}}, date = {2022-03-17}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/suspected-darkhotel-apt-activity-update.html}, language = {English}, urldate = {2022-03-18} } Suspected DarkHotel APT activity update
RMOT
2022-03-15SecurityIntelligenceChristopher Del Fierro, John Dwyer
@online{fierro:20220315:caddywiper:6504bd2, author = {Christopher Del Fierro and John Dwyer}, title = {{CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations}}, date = {2022-03-15}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/posts/caddywiper-malware-targeting-ukrainian-organizations/}, language = {English}, urldate = {2022-03-16} } CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations
CaddyWiper