Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-25Red CanaryAedan Russell
@online{russell:20220525:chromeloader:4877f32, author = {Aedan Russell}, title = {{ChromeLoader: a pushy malvertiser}}, date = {2022-05-25}, organization = {Red Canary}, url = {https://redcanary.com/blog/chromeloader/}, language = {English}, urldate = {2022-05-29} } ChromeLoader: a pushy malvertiser
Choziosi Choziosi
2022-05-12Red CanaryTony Lambert, Lauren Podber
@techreport{lambert:20220512:gootloader:4562030, author = {Tony Lambert and Lauren Podber}, title = {{Gootloader and Cobalt Strike malware analysis}}, date = {2022-05-12}, institution = {Red Canary}, url = {https://redcanary.com/wp-content/uploads/2022/05/Gootloader.pdf}, language = {English}, urldate = {2022-05-13} } Gootloader and Cobalt Strike malware analysis
GootLoader Cobalt Strike
2022-05-12Red CanaryTony Lambert, Lauren Podber
@online{lambert:20220512:goot:1fc62fa, author = {Tony Lambert and Lauren Podber}, title = {{The Goot cause: Detecting Gootloader and its follow-on activity}}, date = {2022-05-12}, organization = {Red Canary}, url = {https://redcanary.com/blog/gootloader}, language = {English}, urldate = {2022-05-13} } The Goot cause: Detecting Gootloader and its follow-on activity
GootLoader Cobalt Strike
2022-05-05Red CanaryLauren Podber, Stef Rand
@online{podber:20220505:raspberry:ebc51e8, author = {Lauren Podber and Stef Rand}, title = {{Raspberry Robin gets the worm early}}, date = {2022-05-05}, organization = {Red Canary}, url = {https://redcanary.com/blog/raspberry-robin/}, language = {English}, urldate = {2022-05-06} } Raspberry Robin gets the worm early
Raspberry Robin
2022-03-22Red CanaryRed Canary
@techreport{canary:20220322:2022:67c40ea, author = {Red Canary}, title = {{2022 Threat Detection Report}}, date = {2022-03-22}, institution = {Red Canary}, url = {https://resource.redcanary.com/rs/003-YRU-314/images/2022_ThreatDetectionReport_RedCanary.pdf}, language = {English}, urldate = {2022-03-23} } 2022 Threat Detection Report
FAKEUPDATES Silver Sparrow BazarBackdoor Cobalt Strike GootKit Yellow Cockatoo RAT
2022-03-16Red CanaryBrian Donohue, Laura Brosnan
@online{donohue:20220316:uncompromised:959f0d0, author = {Brian Donohue and Laura Brosnan}, title = {{Uncompromised: When REvil comes knocking}}, date = {2022-03-16}, organization = {Red Canary}, url = {https://redcanary.com/blog/uncompromised-kaseya/}, language = {English}, urldate = {2022-03-17} } Uncompromised: When REvil comes knocking
REvil
2022-01-24Red CanaryThe Red Canary Team
@online{team:20220124:intelligence:32ceda6, author = {The Red Canary Team}, title = {{Intelligence Insights: January 2022}}, date = {2022-01-24}, organization = {Red Canary}, url = {https://redcanary.com/blog/intelligence-insights-january-2022/}, language = {English}, urldate = {2022-01-25} } Intelligence Insights: January 2022
Blister Conficker
2021-12-16Red CanaryThe Red Canary Team
@online{team:20211216:intelligence:f7bad55, author = {The Red Canary Team}, title = {{Intelligence Insights: December 2021}}, date = {2021-12-16}, organization = {Red Canary}, url = {https://redcanary.com/blog/intelligence-insights-december-2021}, language = {English}, urldate = {2021-12-31} } Intelligence Insights: December 2021
Cobalt Strike QakBot Squirrelwaffle
2021-12-02Red CanaryTony Lambert
@techreport{lambert:20211202:kmspico:4e3afa7, author = {Tony Lambert}, title = {{KMSPico and Cryptbot: A spicy combo}}, date = {2021-12-02}, institution = {Red Canary}, url = {https://redcanary.com/wp-content/uploads/2021/12/KMSPico-V5.pdf}, language = {English}, urldate = {2021-12-07} } KMSPico and Cryptbot: A spicy combo
CryptBot
2021-11-30Red CanaryHarrison van Riper
@online{riper:20211130:proxyshell:060517d, author = {Harrison van Riper}, title = {{ProxyShell exploitation leads to BlackByte ransomware}}, date = {2021-11-30}, organization = {Red Canary}, url = {https://redcanary.com/blog/blackbyte-ransomware/}, language = {English}, urldate = {2021-12-06} } ProxyShell exploitation leads to BlackByte ransomware
BlackByte
2021-11-18Red CanaryThe Red Canary Team
@online{team:20211118:intelligence:7b00cb9, author = {The Red Canary Team}, title = {{Intelligence Insights: November 2021}}, date = {2021-11-18}, organization = {Red Canary}, url = {https://redcanary.com/blog/intelligence-insights-november-2021/}, language = {English}, urldate = {2021-11-19} } Intelligence Insights: November 2021
Andromeda Conti LockBit QakBot Squirrelwaffle
2021-09-22Red CanaryThe Red Canary Team
@online{team:20210922:intelligence:98e291c, author = {The Red Canary Team}, title = {{Intelligence Insights: September 2021}}, date = {2021-09-22}, organization = {Red Canary}, url = {https://redcanary.com/blog/intel-insights-sept-2021/}, language = {English}, urldate = {2021-09-29} } Intelligence Insights: September 2021
2021-08-05Red CanaryTony Lambert, Brian Donohue, Dan Cotton
@online{lambert:20210805:when:aeb7b10, author = {Tony Lambert and Brian Donohue and Dan Cotton}, title = {{When Dridex and Cobalt Strike give you Grief}}, date = {2021-08-05}, organization = {Red Canary}, url = {https://redcanary.com/blog/grief-ransomware/}, language = {English}, urldate = {2021-09-10} } When Dridex and Cobalt Strike give you Grief
Cobalt Strike DoppelDridex DoppelPaymer
2021-05-04Red CanaryJustin Schoenfeld, Aaron Didier
@online{schoenfeld:20210504:transferring:ed44b55, author = {Justin Schoenfeld and Aaron Didier}, title = {{Transferring leverage in a ransomware attack}}, date = {2021-05-04}, organization = {Red Canary}, url = {https://redcanary.com/blog/rclone-mega-extortion/}, language = {English}, urldate = {2021-05-07} } Transferring leverage in a ransomware attack
2021-03-31Red CanaryRed Canary
@techreport{canary:20210331:2021:cd81f2d, author = {Red Canary}, title = {{2021 Threat Detection Report}}, date = {2021-03-31}, institution = {Red Canary}, url = {https://resource.redcanary.com/rs/003-YRU-314/images/2021-Threat-Detection-Report.pdf}, language = {English}, urldate = {2021-04-06} } 2021 Threat Detection Report
Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot
2021-03-09Red CanaryTony Lambert, Brian Donohue, Katie Nickels
@online{lambert:20210309:microsoft:6a37334, author = {Tony Lambert and Brian Donohue and Katie Nickels}, title = {{Microsoft Exchange server exploitation: how to detect, mitigate, and stay calm}}, date = {2021-03-09}, organization = {Red Canary}, url = {https://redcanary.com/blog/microsoft-exchange-attacks}, language = {English}, urldate = {2021-03-11} } Microsoft Exchange server exploitation: how to detect, mitigate, and stay calm
CHINACHOPPER
2021-02-18Red CanaryTony Lambert
@online{lambert:20210218:clipping:ec693c2, author = {Tony Lambert}, title = {{Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight}}, date = {2021-02-18}, organization = {Red Canary}, url = {https://redcanary.com/blog/clipping-silver-sparrows-wings/#technical-analysis}, language = {English}, urldate = {2021-02-20} } Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight
Silver Sparrow
2021-01-06Red CanaryTony Lambert
@online{lambert:20210106:hunting:272410b, author = {Tony Lambert}, title = {{Hunting for GetSystem in offensive security tools}}, date = {2021-01-06}, organization = {Red Canary}, url = {https://redcanary.com/blog/getsystem-offsec/}, language = {English}, urldate = {2021-01-11} } Hunting for GetSystem in offensive security tools
Cobalt Strike Empire Downloader Meterpreter PoshC2
2020-12-08Red CanaryMatt Graeber
@online{graeber:20201208:why:31709f3, author = {Matt Graeber}, title = {{The why, what, and how of threat research}}, date = {2020-12-08}, organization = {Red Canary}, url = {https://redcanary.com/blog/threat-research-questions}, language = {English}, urldate = {2020-12-10} } The why, what, and how of threat research
2020-12-04Red CanaryRed Canary
@online{canary:20201204:yellow:1633ca2, author = {Red Canary}, title = {{Yellow Cockatoo: Search engine redirects, in-memory remote access trojan, and more}}, date = {2020-12-04}, organization = {Red Canary}, url = {https://redcanary.com/blog/yellow-cockatoo/}, language = {English}, urldate = {2020-12-08} } Yellow Cockatoo: Search engine redirects, in-memory remote access trojan, and more
Yellow Cockatoo RAT