Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-07-22Medium michaelkoczwaraMichael Koczwara
@online{koczwara:20210722:cobalt:f102b02, author = {Michael Koczwara}, title = {{Cobalt Strike Hunting — simple PCAP and Beacon Analysis}}, date = {2021-07-22}, organization = {Medium michaelkoczwara}, url = {https://michaelkoczwara.medium.com/cobalt-strike-hunting-simple-pcap-and-beacon-analysis-f51c36ce6811}, language = {English}, urldate = {2021-07-22} } Cobalt Strike Hunting — simple PCAP and Beacon Analysis
Cobalt Strike
2021-07-14Medium s2wlabJaeki Kim
@online{kim:20210714:matryoshka:6c8d267, author = {Jaeki Kim}, title = {{Matryoshka : Variant of ROKRAT, APT37 (Scarcruft)}}, date = {2021-07-14}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/matryoshka-variant-of-rokrat-apt37-scarcruft-69774ea7bf48}, language = {English}, urldate = {2021-07-20} } Matryoshka : Variant of ROKRAT, APT37 (Scarcruft)
RokRAT
2021-07-14Medium TowardsDataScienceJohn “Turbo” Conwell
@online{conwell:20210714:domain:c0fbbdd, author = {John “Turbo” Conwell}, title = {{Domain Blooms: Identifying Domain Name Themes Targeted By Threat Actors}}, date = {2021-07-14}, organization = {Medium TowardsDataScience}, url = {https://towardsdatascience.com/domain-blooms-identifying-domain-name-themes-targeted-by-threat-actors-70942fe506d4}, language = {English}, urldate = {2021-07-20} } Domain Blooms: Identifying Domain Name Themes Targeted By Threat Actors
2021-07-08Medium walmartglobaltechJason Reaves, Harold Ogden
@online{reaves:20210708:amadey:0deeb3d, author = {Jason Reaves and Harold Ogden}, title = {{Amadey stealer plugin adds Mikrotik and Outlook harvesting}}, date = {2021-07-08}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/amadey-stealer-plugin-adds-mikrotik-and-outlook-harvesting-518efe724ce4}, language = {English}, urldate = {2021-07-11} } Amadey stealer plugin adds Mikrotik and Outlook harvesting
Amadey
2021-07-08Medium s2wlabSojun Ryu
@online{ryu:20210708:analysis:65a332a, author = {Sojun Ryu}, title = {{Analysis of Lazarus malware abusing Non-ActiveX Module in South Korea}}, date = {2021-07-08}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/analysis-of-lazarus-malware-abusing-non-activex-module-in-south-korea-7d52b9539c12}, language = {English}, urldate = {2021-07-09} } Analysis of Lazarus malware abusing Non-ActiveX Module in South Korea
2021-07-07Medium s2wlabSeunghoe Kim
@online{kim:20210707:deep:3903b28, author = {Seunghoe Kim}, title = {{Deep analysis of KPOT Stealer}}, date = {2021-07-07}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/deep-analysis-of-kpot-stealer-fb1d2be9c5dd}, language = {English}, urldate = {2021-07-09} } Deep analysis of KPOT Stealer
KPOT Stealer
2021-07-06Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20210706:ta505:35e0dbc, author = {Jason Reaves and Joshua Platt}, title = {{TA505 adds GoLang crypter for delivering miners and ServHelper}}, date = {2021-07-06}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/ta505-adds-golang-crypter-for-delivering-miners-and-servhelper-af70b26a6e56}, language = {English}, urldate = {2021-07-11} } TA505 adds GoLang crypter for delivering miners and ServHelper
ServHelper
2021-07-03Medium DoublepulsarKevin Beaumont
@online{beaumont:20210703:kaseya:8013669, author = {Kevin Beaumont}, title = {{Kaseya supply chain attack delivers mass ransomware event to US companies}}, date = {2021-07-03}, organization = {Medium Doublepulsar}, url = {https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b}, language = {English}, urldate = {2021-07-24} } Kaseya supply chain attack delivers mass ransomware event to US companies
REvil
2021-06-29Medium MITRE-EngenuityNicholas Amon, Jon Baker
@online{amon:20210629:security:bf73b27, author = {Nicholas Amon and Jon Baker}, title = {{Security Control Mappings: A Starting Point for Threat-Informed Defense}}, date = {2021-06-29}, organization = {Medium MITRE-Engenuity}, url = {https://medium.com/mitre-engenuity/security-control-mappings-a-starting-point-for-threat-informed-defense-a3aab55b1625}, language = {English}, urldate = {2021-07-02} } Security Control Mappings: A Starting Point for Threat-Informed Defense
2021-06-29Medium hidocohenHido Cohen
@online{cohen:20210629:guloaders:a569974, author = {Hido Cohen}, title = {{GuLoader’s Anti-Analysis Techniques}}, date = {2021-06-29}, organization = {Medium hidocohen}, url = {https://hidocohen.medium.com/guloaders-anti-analysis-techniques-e0d4b8437195}, language = {English}, urldate = {2021-07-20} } GuLoader’s Anti-Analysis Techniques
CloudEyE
2021-06-23Medium s2wlabSojun Ryu
@online{ryu:20210623:deep:b255667, author = {Sojun Ryu}, title = {{Deep analysis of REvil Ransomware}}, date = {2021-06-23}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/deep-analysis-of-revil-ransomware-written-in-korean-d1899c0e9317}, language = {Korean}, urldate = {2021-07-29} } Deep analysis of REvil Ransomware
REvil
2021-06-21Medium elis531989Eli Salem
@online{salem:20210621:dissecting:295cc4b, author = {Eli Salem}, title = {{Dissecting and automating Hancitor’s config extraction}}, date = {2021-06-21}, organization = {Medium elis531989}, url = {https://elis531989.medium.com/dissecting-and-automating-hancitors-config-extraction-1a6ed85d99b8}, language = {English}, urldate = {2021-06-22} } Dissecting and automating Hancitor’s config extraction
Hancitor
2021-06-16Medium BI.ZONEAnton Medvedev, Vadim Khrykov
@online{medvedev:20210616:hunting:4e9be2a, author = {Anton Medvedev and Vadim Khrykov}, title = {{Hunting Down MS Exchange Attacks. Part 2 (CVE-2020–0688, CVE-2020–16875, CVE-2021–24085)}}, date = {2021-06-16}, organization = {Medium BI.ZONE}, url = {https://bi-zone.medium.com/hunting-down-ms-exchange-attacks-part-2-cve-2020-0688-cve-2020-16875-cve-2021-24085-8355ec0917c}, language = {English}, urldate = {2021-06-21} } Hunting Down MS Exchange Attacks. Part 2 (CVE-2020–0688, CVE-2020–16875, CVE-2021–24085)
2021-06-08Medium BI.ZONEMaxim Suhanov
@online{suhanov:20210608:measured:471da8d, author = {Maxim Suhanov}, title = {{Measured Boot and Malware Signatures: exploring two vulnerabilities found in the Windows loader}}, date = {2021-06-08}, organization = {Medium BI.ZONE}, url = {https://bi-zone.medium.com/measured-boot-and-malware-signatures-exploring-two-vulnerabilities-found-in-the-windows-loader-5a4fcc3c4b66}, language = {English}, urldate = {2021-06-21} } Measured Boot and Malware Signatures: exploring two vulnerabilities found in the Windows loader
2021-06-07Medium walmartglobaltechJoshua Platt, Jason Reaves
@online{platt:20210607:inside:6c363a7, author = {Joshua Platt and Jason Reaves}, title = {{Inside the SystemBC Malware-As-A-Service}}, date = {2021-06-07}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/inside-the-systembc-malware-as-a-service-9aa03afd09c6}, language = {English}, urldate = {2021-06-08} } Inside the SystemBC Malware-As-A-Service
Ryuk SystemBC TrickBot
2021-06-03Medium s2wlabHyunmin Suh, Denise Dasom Kim, Jungyeon Lim, YH Jeong
@online{suh:20210603:w1:f034ac8, author = {Hyunmin Suh and Denise Dasom Kim and Jungyeon Lim and YH Jeong}, title = {{W1 Jun | EN | Story of the week: Ransomware on the Darkweb}}, date = {2021-06-03}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/w1-jun-en-story-of-the-week-ransomware-on-the-darkweb-af491d33868b}, language = {English}, urldate = {2021-06-16} } W1 Jun | EN | Story of the week: Ransomware on the Darkweb
DarkSide Babuk DarkSide
2021-06-02Medium CyCraftCyCraft Technology Corp
@online{corp:20210602:chinalinked:487955f, author = {CyCraft Technology Corp}, title = {{China-Linked Threat Group Targets Taiwan Critical Infrastructure, Smokescreen Ransomware}}, date = {2021-06-02}, organization = {Medium CyCraft}, url = {https://medium.com/cycraft/china-linked-threat-group-targets-taiwan-critical-infrastructure-smokescreen-ransomware-c2a155aa53d5}, language = {English}, urldate = {2021-06-09} } China-Linked Threat Group Targets Taiwan Critical Infrastructure, Smokescreen Ransomware
Cobalt Strike ColdLock
2021-06-01Medium mergeneMehmet Ergene
@online{ergene:20210601:detecting:5c4b6ff, author = {Mehmet Ergene}, title = {{Detecting Initial Access: HTML Smuggling and ISO Images — Part 1}}, date = {2021-06-01}, organization = {Medium mergene}, url = {https://mergene.medium.com/detecting-initial-access-html-smuggling-and-iso-images-part-1-c4f953edd13f}, language = {English}, urldate = {2021-06-09} } Detecting Initial Access: HTML Smuggling and ISO Images — Part 1
2021-06-01Medium mergeneMehmet Ergene
@online{ergene:20210601:detecting:d2d5dd8, author = {Mehmet Ergene}, title = {{Detecting Initial Access: HTML Smuggling and ISO Images — Part 2}}, date = {2021-06-01}, organization = {Medium mergene}, url = {https://mergene.medium.com/detecting-initial-access-html-smuggling-and-iso-images-part-2-f8dd600430e2}, language = {English}, urldate = {2021-06-09} } Detecting Initial Access: HTML Smuggling and ISO Images — Part 2
2021-05-28Medium s2wlabSojun Ryu
@online{ryu:20210528:deep:c5d221c, author = {Sojun Ryu}, title = {{Deep Analysis of Vidar Stealer}}, date = {2021-05-28}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/deep-analysis-of-vidar-stealer-ebfc3b557aed}, language = {English}, urldate = {2021-06-16} } Deep Analysis of Vidar Stealer
vidar