Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-01-17Trend MicroPeter Girnus, Aliakbar Zahravi
@online{girnus:20230117:earth:f1cba60, author = {Peter Girnus and Aliakbar Zahravi}, title = {{Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures}}, date = {2023-01-17}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/23/a/earth-bogle-campaigns-target-middle-east-with-geopolitical-lures.html}, language = {English}, urldate = {2023-01-19} } Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures
NjRAT
2022-09-30ESET ResearchPeter Kálnai, Matěj Havránek
@techreport{klnai:20220930:lazarus:efbd75d, author = {Peter Kálnai and Matěj Havránek}, title = {{Lazarus & BYOVD: evil to the Windows core}}, date = {2022-09-30}, institution = {ESET Research}, url = {https://www.virusbulletin.com/uploads/pdf/conference/vb2022/papers/VB2022-Lazarus-and-BYOVD-evil-to-the-Windows-core.pdf}, language = {English}, urldate = {2022-12-24} } Lazarus & BYOVD: evil to the Windows core
FudModule
2022-09-30ESET ResearchPeter Kálnai
@online{klnai:20220930:amazonthemed:bf959b5, author = {Peter Kálnai}, title = {{Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium}}, date = {2022-09-30}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/09/30/amazon-themed-campaigns-lazarus-netherlands-belgium/}, language = {English}, urldate = {2022-12-29} } Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium
BLINDINGCAN FudModule
2022-07-19Palo Alto Networks Unit 42Mike Harbison, Peter Renals
@online{harbison:20220719:russian:acbf388, author = {Mike Harbison and Peter Renals}, title = {{Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive}}, date = {2022-07-19}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/}, language = {English}, urldate = {2022-07-19} } Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive
Cobalt Strike EnvyScout Gdrive
2022-07-14SophosAndrew Brandt, Sergio Bestulic, Harinder Bhathal, Andy French, Bill Kearney, Lee Kirkpatrick, Elida Leite, Peter Mackenzie, Robert Weiland
@online{brandt:20220714:blackcat:745470a, author = {Andrew Brandt and Sergio Bestulic and Harinder Bhathal and Andy French and Bill Kearney and Lee Kirkpatrick and Elida Leite and Peter Mackenzie and Robert Weiland}, title = {{BlackCat ransomware attacks not merely a byproduct of bad luck}}, date = {2022-07-14}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/07/14/blackcat-ransomware-attacks-not-merely-a-byproduct-of-bad-luck/}, language = {English}, urldate = {2022-07-25} } BlackCat ransomware attacks not merely a byproduct of bad luck
BlackCat BlackCat
2022-07-05Palo Alto Networks Unit 42Mike Harbison, Peter Renals
@online{harbison:20220705:when:277492d, author = {Mike Harbison and Peter Renals}, title = {{When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors}}, date = {2022-07-05}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/brute-ratel-c4-tool}, language = {English}, urldate = {2022-07-12} } When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors
2022-06-06NCC GroupRoss Inman, Peter Gurney
@online{inman:20220606:shining:4e6cd58, author = {Ross Inman and Peter Gurney}, title = {{Shining the Light on Black Basta}}, date = {2022-06-06}, organization = {NCC Group}, url = {https://research.nccgroup.com/2022/06/06/shining-the-light-on-black-basta/}, language = {English}, urldate = {2022-06-07} } Shining the Light on Black Basta
Black Basta
2022-05-20nccgroupPeter Gurney
@online{gurney:20220520:metastealer:d3c2f0e, author = {Peter Gurney}, title = {{Metastealer – filling the Racoon void}}, date = {2022-05-20}, organization = {nccgroup}, url = {https://research.nccgroup.com/2022/05/20/metastealer-filling-the-racoon-void/}, language = {English}, urldate = {2023-01-31} } Metastealer – filling the Racoon void
MetaStealer
2022-04-12SophosAndrew Brandt, Angela Gunn, Melissa Kelly, Peter Mackenzie, Ferenc László Nagy, Mauricio Valdivieso, Sergio Bestulic, Johnathan Fern, Linda Smith, Matthew Everts
@online{brandt:20220412:attackers:f9f5c52, author = {Andrew Brandt and Angela Gunn and Melissa Kelly and Peter Mackenzie and Ferenc László Nagy and Mauricio Valdivieso and Sergio Bestulic and Johnathan Fern and Linda Smith and Matthew Everts}, title = {{Attackers linger on government agency computers before deploying Lockbit ransomware}}, date = {2022-04-12}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/04/12/attackers-linger-on-government-agency-computers-before-deploying-lockbit-ransomware/}, language = {English}, urldate = {2022-04-15} } Attackers linger on government agency computers before deploying Lockbit ransomware
LockBit
2021-12-22SophosAndrew Brandt, Fraser Howard, Anand Ajjan, Peter Mackenzie, Ferenc László Nagy, Sergio Bestulic, Timothy Easton
@online{brandt:20211222:avos:b09298c, author = {Andrew Brandt and Fraser Howard and Anand Ajjan and Peter Mackenzie and Ferenc László Nagy and Sergio Bestulic and Timothy Easton}, title = {{Avos Locker remotely accesses boxes, even running in Safe Mode}}, date = {2021-12-22}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/12/22/avos-locker-remotely-accesses-boxes-even-running-in-safe-mode/}, language = {English}, urldate = {2021-12-31} } Avos Locker remotely accesses boxes, even running in Safe Mode
AvosLocker
2021-12-20IronNetPeter Rydzynski, Michael Leardi, Brent Eskridge
@online{rydzynski:20211220:detecting:686a034, author = {Peter Rydzynski and Michael Leardi and Brent Eskridge}, title = {{Detecting anomalous network traffic resulting from a successful Log4j attack}}, date = {2021-12-20}, organization = {IronNet}, url = {https://www.ironnet.com/blog/detecting-anomalous-network-traffic-resulting-from-a-successful-log4j-attack}, language = {English}, urldate = {2022-03-08} } Detecting anomalous network traffic resulting from a successful Log4j attack
2021-12-02Palo Alto Networks Unit 42Robert Falcone, Peter Renals
@online{falcone:20211202:expands:dfaebce, author = {Robert Falcone and Peter Renals}, title = {{APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus}}, date = {2021-12-02}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/tiltedtemple-manageengine-servicedesk-plus/}, language = {English}, urldate = {2021-12-02} } APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus
Godzilla Webshell
2021-11-29CertitudePeter Wagner
@online{wagner:20211129:unpatched:4047c05, author = {Peter Wagner}, title = {{Unpatched Exchange Servers distribute Phishing Links (SquirrelWaffle)}}, date = {2021-11-29}, organization = {Certitude}, url = {https://certitude.consulting/blog/en/unpatched-exchange-servers-distribute-phishing-links-squirrelwaffle/}, language = {English}, urldate = {2021-12-06} } Unpatched Exchange Servers distribute Phishing Links (SquirrelWaffle)
Squirrelwaffle
2021-11-16IronNetIronNet Threat Research, Morgan Demboski, Joey Fitzpatrick, Peter Rydzynski
@online{research:20211116:how:d7fdaf8, author = {IronNet Threat Research and Morgan Demboski and Joey Fitzpatrick and Peter Rydzynski}, title = {{How IronNet's Behavioral Analytics Detect REvil and Conti Ransomware}}, date = {2021-11-16}, organization = {IronNet}, url = {https://www.ironnet.com/blog/ransomware-graphic-blog}, language = {English}, urldate = {2021-11-25} } How IronNet's Behavioral Analytics Detect REvil and Conti Ransomware
Cobalt Strike Conti IcedID REvil
2021-11-07Palo Alto Networks Unit 42Robert Falcone, Jeff White, Peter Renals
@online{falcone:20211107:targeted:121be00, author = {Robert Falcone and Jeff White and Peter Renals}, title = {{Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer}}, date = {2021-11-07}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/}, language = {English}, urldate = {2021-12-02} } Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
Godzilla Webshell NGLite
2021-10-12IronNetBrett Fitzpatrick, Joey Fitzpatrick, Morgan Demboski, Peter Rydzynski, IronNet Threat Research
@online{fitzpatrick:20211012:continued:e1f2eb4, author = {Brett Fitzpatrick and Joey Fitzpatrick and Morgan Demboski and Peter Rydzynski and IronNet Threat Research}, title = {{Continued Exploitation of CVE-2021-26084}}, date = {2021-10-12}, organization = {IronNet}, url = {https://www.ironnet.com/blog/continued-exploitation-of-cve-2021-26084}, language = {English}, urldate = {2021-10-25} } Continued Exploitation of CVE-2021-26084
2021-10-07Palo Alto Networks Unit 42Peter Renals
@online{renals:20211007:silverterrier:e682411, author = {Peter Renals}, title = {{SilverTerrier – Nigerian Business Email Compromise}}, date = {2021-10-07}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/silverterrier-nigerian-business-email-compromise/}, language = {English}, urldate = {2021-10-11} } SilverTerrier – Nigerian Business Email Compromise
2021-09-29Trend MicroAliakbar Zahravi, William Gamazo Sanchez, Kamlapati Choubey, Peter Girnus
@online{zahravi:20210929:formbook:54b9f08, author = {Aliakbar Zahravi and William Gamazo Sanchez and Kamlapati Choubey and Peter Girnus}, title = {{FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal}}, date = {2021-09-29}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/i/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-404.html}, language = {English}, urldate = {2021-10-05} } FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal
Formbook
2021-09-03SophosSean Gallagher, Peter Mackenzie, Anand Ajjan, Andrew Ludgate, Gabor Szappanos, Sergio Bestulic, Syed Zaidi
@online{gallagher:20210903:conti:db20680, author = {Sean Gallagher and Peter Mackenzie and Anand Ajjan and Andrew Ludgate and Gabor Szappanos and Sergio Bestulic and Syed Zaidi}, title = {{Conti affiliates use ProxyShell Exchange exploit in ransomware attacks}}, date = {2021-09-03}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/}, language = {English}, urldate = {2021-09-06} } Conti affiliates use ProxyShell Exchange exploit in ransomware attacks
Cobalt Strike Conti
2021-08-05Twitter (@AltShiftPrtScn)Peter Mackenzie
@online{mackenzie:20210805:conti:8ba71b6, author = {Peter Mackenzie}, title = {{Tweet on Conti ransomware affiliates using AnyDesk, Atera, Splashtop, Remote Utilities and ScreenConnect to maintain network access}}, date = {2021-08-05}, organization = {Twitter (@AltShiftPrtScn)}, url = {https://twitter.com/AltShiftPrtScn/status/1423188974298861571}, language = {English}, urldate = {2021-08-06} } Tweet on Conti ransomware affiliates using AnyDesk, Atera, Splashtop, Remote Utilities and ScreenConnect to maintain network access
Conti