Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-07-21MandiantJames Nugent, Foti Castelan, Doug Bienstock, Justin Moore, Josh Murchie
@online{nugent:20230721:exploitation:ef4ffa7, author = {James Nugent and Foti Castelan and Doug Bienstock and Justin Moore and Josh Murchie}, title = {{Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519)}}, date = {2023-07-21}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/citrix-zero-day-espionage}, language = {English}, urldate = {2023-07-31} } Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519)
2023-07-19LookoutKristina Balaam, Justin Albrecht
@online{balaam:20230719:lookout:102fb09, author = {Kristina Balaam and Justin Albrecht}, title = {{Lookout Attributes Advanced Android Surveillanceware to Chinese Espionage Group APT41}}, date = {2023-07-19}, organization = {Lookout}, url = {https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41}, language = {English}, urldate = {2023-09-04} } Lookout Attributes Advanced Android Surveillanceware to Chinese Espionage Group APT41
DragonEgg WyrmSpy
2023-06-02MandiantNader Zaveri, Jeremy Kennelly, Genevieve Stark, Matthew McWhirt, DAN NUTTING, Kimberly Goody, Justin Moore, JOE PISANO, Zander Work, PETER UKHANOV, Juraj Sucik, WILL SILVERSTONE, ZACH SCHRAMM, Greg Blaum, OLLIE STYLES, NICHOLAS BENNETT, Josh Murchie
@online{zaveri:20230602:zeroday:a5ec238, author = {Nader Zaveri and Jeremy Kennelly and Genevieve Stark and Matthew McWhirt and DAN NUTTING and Kimberly Goody and Justin Moore and JOE PISANO and Zander Work and PETER UKHANOV and Juraj Sucik and WILL SILVERSTONE and ZACH SCHRAMM and Greg Blaum and OLLIE STYLES and NICHOLAS BENNETT and Josh Murchie}, title = {{Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft}}, date = {2023-06-02}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft}, language = {English}, urldate = {2023-07-31} } Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft
2023-04-27LookoutKyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht
@online{schmittle:20230427:lookout:3956976, author = {Kyle Schmittle and Alemdar Islamoglu and Paul Shunk and Justin Albrecht}, title = {{Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy}}, date = {2023-04-27}, organization = {Lookout}, url = {https://www.lookout.com/blog/iranian-spyware-bouldspy}, language = {English}, urldate = {2023-05-30} } Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy
DAAM
2023-04-19MicrosoftJustin Warner, Microsoft Threat Intelligence Center (MSTIC)
@online{warner:20230419:exploring:c68c1d0, author = {Justin Warner and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Exploring STRONTIUM's Abuse of Cloud Services}}, date = {2023-04-19}, organization = {Microsoft}, url = {https://www.youtube.com/watch?v=_qdCGgQlHJE}, language = {English}, urldate = {2023-04-22} } Exploring STRONTIUM's Abuse of Cloud Services
FusionDrive
2022-12-13Margin ResearchJustin Sherman
@online{sherman:20221213:analyzing:a56b53e, author = {Justin Sherman}, title = {{Analyzing Russian SDK Pushwoosh and Russian Code Contributions}}, date = {2022-12-13}, organization = {Margin Research}, url = {https://margin.re/2022/12/analyzing-russian-sdk-pushwoosh-and-russian-code-contributions/}, language = {English}, urldate = {2022-12-15} } Analyzing Russian SDK Pushwoosh and Russian Code Contributions
2022-11-18Atlantic CouncilJustin Sherman
@online{sherman:20221118:gru:afc977c, author = {Justin Sherman}, title = {{GRU 26165: The Russian cyber unit that hacks targets on-site}}, date = {2022-11-18}, organization = {Atlantic Council}, url = {https://www.atlanticcouncil.org/content-series/tech-at-the-leading-edge/the-russian-cyber-unit-that-hacks-targets-on-site/}, language = {English}, urldate = {2022-12-20} } GRU 26165: The Russian cyber unit that hacks targets on-site
EternalPetya
2022-06-16LookoutJustin Albrecht, Paul Shunk
@online{albrecht:20220616:lookout:854484b, author = {Justin Albrecht and Paul Shunk}, title = {{Lookout Uncovers Android Spyware Deployed in Kazakhstan}}, date = {2022-06-16}, organization = {Lookout}, url = {https://www.lookout.com/blog/hermit-spyware-discovery}, language = {English}, urldate = {2022-07-01} } Lookout Uncovers Android Spyware Deployed in Kazakhstan
2022-06-16Justin Albrecht, Paul Shunk
@online{albrecht:20220616:lookout:9bc50ad, author = {Justin Albrecht and Paul Shunk}, title = {{Lookout Uncovers Android Spyware Deployed in Kazakhstan}}, date = {2022-06-16}, url = {https://de.lookout.com/blog/hermit-spyware-discovery}, language = {English}, urldate = {2022-07-01} } Lookout Uncovers Android Spyware Deployed in Kazakhstan
Hermit
2022-05-25Trend MicroArianne Dela Cruz, Byron Gelera, McJustine De Guzman, Warren Sto.Tomas
@online{cruz:20220525:new:43d8257, author = {Arianne Dela Cruz and Byron Gelera and McJustine De Guzman and Warren Sto.Tomas}, title = {{New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices}}, date = {2022-05-25}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/e/new-linux-based-ransomware-cheerscrypt-targets-exsi-devices.html}, language = {English}, urldate = {2022-05-29} } New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices
2022-05-05Cisco TalosJung soo An, Asheer Malhotra, Justin Thattil, Aliza Berk, Kendall McKay
@online{an:20220505:mustang:cbc06e9, author = {Jung soo An and Asheer Malhotra and Justin Thattil and Aliza Berk and Kendall McKay}, title = {{Mustang Panda deploys a new wave of malware targeting Europe}}, date = {2022-05-05}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/05/mustang-panda-targets-europe.html}, language = {English}, urldate = {2023-08-03} } Mustang Panda deploys a new wave of malware targeting Europe
Cobalt Strike Meterpreter PlugX Unidentified 094
2022-03-29Cisco TalosAsheer Malhotra, Justin Thattil, Kendall McKay
@online{malhotra:20220329:transparent:dcf66a7, author = {Asheer Malhotra and Justin Thattil and Kendall McKay}, title = {{Transparent Tribe campaign uses new bespoke malware to target Indian government officials}}, date = {2022-03-29}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html?m=1}, language = {English}, urldate = {2022-03-30} } Transparent Tribe campaign uses new bespoke malware to target Indian government officials
Crimson RAT
2022-01-09Twitter (@sixdub)Justin Warner
@online{warner:20220109:malicious:69c6805, author = {Justin Warner}, title = {{Tweet on malicious document used by Gamaredon aka DEV-0157}}, date = {2022-01-09}, organization = {Twitter (@sixdub)}, url = {https://twitter.com/sixdub/status/1480188400795803652}, language = {English}, urldate = {2022-01-18} } Tweet on malicious document used by Gamaredon aka DEV-0157
2021-12-08DarktraceJustin Fier
@online{fier:20211208:double:d7f9207, author = {Justin Fier}, title = {{The double extortion business: Conti Ransomware Gang finds new avenues of negotiation}}, date = {2021-12-08}, organization = {Darktrace}, url = {https://www.darktrace.com/en/blog/the-double-extortion-business-conti-ransomware-gang-finds-new-avenues-of-negotiation/}, language = {English}, urldate = {2021-12-09} } The double extortion business: Conti Ransomware Gang finds new avenues of negotiation
Conti
2021-09-23TalosAsheer Malhotra, Vanja Svajcer, Justin Thattil
@online{malhotra:20210923:operation:056c76c, author = {Asheer Malhotra and Vanja Svajcer and Justin Thattil}, title = {{Operation “Armor Piercer:” Targeted attacks in the Indian subcontinent using commercial RATs}}, date = {2021-09-23}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/09/operation-armor-piercer.html}, language = {English}, urldate = {2021-10-05} } Operation “Armor Piercer:” Targeted attacks in the Indian subcontinent using commercial RATs
Ave Maria NetWire RC
2021-07-15Kryptos LogicKryptos Logic Vantage Team
@online{team:20210715:adjusting:3aa9a65, author = {Kryptos Logic Vantage Team}, title = {{Adjusting the Anchor}}, date = {2021-07-15}, organization = {Kryptos Logic}, url = {https://www.kryptoslogic.com/blog/2021/07/adjusting-the-anchor/}, language = {English}, urldate = {2021-07-24} } Adjusting the Anchor
Anchor
2021-07-07TalosAsheer Malhotra, Justin Thattil
@techreport{malhotra:20210707:insidecopy:107d438, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal}}, date = {2021-07-07}, institution = {Talos}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/591/original/062521_SideCopy_%281%29.pdf}, language = {English}, urldate = {2021-07-09} } InSideCopy: How this APT continues to evolve its arsenal
AllaKore Lilith NjRAT
2021-07-07Talos IntelligenceAsheer Malhotra, Justin Thattil
@online{malhotra:20210707:insidecopy:eca169d, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal}}, date = {2021-07-07}, organization = {Talos Intelligence}, url = {https://blog.talosintelligence.com/2021/07/sidecopy.html}, language = {English}, urldate = {2021-07-08} } InSideCopy: How this APT continues to evolve its arsenal
AllaKore NjRAT SideCopy
2021-07-07TalosAsheer Malhotra, Justin Thattil
@online{malhotra:20210707:insidecopy:ac5b778, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal (Network IOCs)}}, date = {2021-07-07}, organization = {Talos}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/594/original/Network_IOCs_list_for_coverage.txt?1625657479}, language = {English}, urldate = {2021-07-09} } InSideCopy: How this APT continues to evolve its arsenal (Network IOCs)
AllaKore Lilith NjRAT
2021-07-07TalosAsheer Malhotra, Justin Thattil
@online{malhotra:20210707:insidecopy:e6b25bb, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal (IOCs)}}, date = {2021-07-07}, organization = {Talos}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/592/original/Hashes_IOCs_for_coverage.txt}, language = {English}, urldate = {2021-07-09} } InSideCopy: How this APT continues to evolve its arsenal (IOCs)
AllaKore Lilith NjRAT