Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-17ANY.RUNANY.RUN
@online{anyrun:20230517:deobfuscating:5a82be9, author = {ANY.RUN}, title = {{Deobfuscating the Latest GuLoader: Automating Analysis with Ghidra Scripting}}, date = {2023-05-17}, organization = {ANY.RUN}, url = {https://any.run/cybersecurity-blog/deobfuscating-guloader/}, language = {English}, urldate = {2023-05-26} } Deobfuscating the Latest GuLoader: Automating Analysis with Ghidra Scripting
CloudEyE
2023-05-15SymantecThreat Hunter Team
@online{team:20230515:lancefly:49fd53e, author = {Threat Hunter Team}, title = {{Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors}}, date = {2023-05-15}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lancefly-merdoor-zxshell-custom-backdoor}, language = {English}, urldate = {2023-05-26} } Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors
PlugX ShadowPad ZXShell
2023-05-04SentinelOneTom Hegel
@online{hegel:20230504:kimsuky:6f04a16, author = {Tom Hegel}, title = {{Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign}}, date = {2023-05-04}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/kimsuky-evolves-reconnaissance-capabilities-in-new-global-campaign/}, language = {English}, urldate = {2023-05-05} } Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign
BabyShark
2023-05-01JPCERT/CCShusei Tomonaga
@online{tomonaga:20230501:attack:5c3693e, author = {Shusei Tomonaga}, title = {{Attack trends related to the attack campaign DangerousPassword}}, date = {2023-05-01}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/ja/2023/05/dangerouspassword.html}, language = {English}, urldate = {2023-05-02} } Attack trends related to the attack campaign DangerousPassword
SnatchCrypto
2023-04-26cybleCyble
@online{cyble:20230426:threat:480b98f, author = {Cyble}, title = {{Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram}}, date = {2023-04-26}, organization = {cyble}, url = {https://blog.cyble.com/2023/04/26/threat-actor-selling-new-atomic-macos-amos-stealer-on-telegram/}, language = {English}, urldate = {2023-04-27} } Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram
AMOS
2023-04-24Kaspersky LabsPierre Delcher, Ivan Kwiatkowski
@online{delcher:20230424:tomiris:2d65352, author = {Pierre Delcher and Ivan Kwiatkowski}, title = {{Tomiris called, they want their Turla malware back}}, date = {2023-04-24}, organization = {Kaspersky Labs}, url = {https://securelist.com/tomiris-called-they-want-their-turla-malware-back/109552/}, language = {English}, urldate = {2023-04-26} } Tomiris called, they want their Turla malware back
KopiLuwak Andromeda Ave Maria GoldMax JLORAT Kazuar Meterpreter QUIETCANARY RATel Roopy Telemiris tomiris Topinambour
2023-04-19SymantecThreat Hunter Team
@online{team:20230419:play:01359b7, author = {Threat Hunter Team}, title = {{Play Ransomware Group Using New Custom Data-Gathering Tools}}, date = {2023-04-19}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/play-ransomware-volume-shadow-copy}, language = {English}, urldate = {2023-04-22} } Play Ransomware Group Using New Custom Data-Gathering Tools
PLAY
2023-04-18Rapid7 LabsMatt Green
@online{green:20230418:automating:5252cc0, author = {Matt Green}, title = {{Automating Qakbot Detection at Scale With Velociraptor}}, date = {2023-04-18}, organization = {Rapid7 Labs}, url = {https://www.rapid7.com/blog/post/2023/04/18/automating-qakbot-detection-at-scale-with/}, language = {English}, urldate = {2023-04-25} } Automating Qakbot Detection at Scale With Velociraptor
QakBot
2023-04-05velociraptorMatt Green
@online{green:20230405:automating:ef8b30e, author = {Matt Green}, title = {{Automating Qakbot Decode At Scale}}, date = {2023-04-05}, organization = {velociraptor}, url = {https://docs.velociraptor.app/blog/2023/2023-04-05-qakbot/}, language = {English}, urldate = {2023-04-18} } Automating Qakbot Decode At Scale
QakBot
2023-03-30CrowdStrikeCS ENGINEER
@online{engineer:20230330:20230329:49be400, author = {CS ENGINEER}, title = {{2023-03-29 // SITUATIONAL AWARENESS // CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers}}, date = {2023-03-30}, organization = {CrowdStrike}, url = {https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/}, language = {English}, urldate = {2023-04-02} } 2023-03-29 // SITUATIONAL AWARENESS // CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers
3CX Backdoor
2023-03-30K7 SecurityLathashree K
@online{k:20230330:goatrat:c19eec5, author = {Lathashree K}, title = {{GoatRAT Attacks Automated Payment Systems}}, date = {2023-03-30}, organization = {K7 Security}, url = {https://labs.k7computing.com/index.php/goatrat-attacks-automated-payment-systems/}, language = {English}, urldate = {2023-04-25} } GoatRAT Attacks Automated Payment Systems
GoatRAT
2023-03-29CrowdStrikeResearch & Threat Intel
@online{intel:20230329:crowdstrike:cafb1f8, author = {Research & Threat Intel}, title = {{CrowdStrike Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers}}, date = {2023-03-29}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/}, language = {English}, urldate = {2023-03-30} } CrowdStrike Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers
3CX Backdoor
2023-03-23MandiantRyan Tomcik, Rufus Brown, Josh Fleischer
@online{tomcik:20230323:unc961:68bbb35, author = {Ryan Tomcik and Rufus Brown and Josh Fleischer}, title = {{UNC961 in the Multiverse of Mandiant: Three Encounters with a Financially Motivated Threat Actor}}, date = {2023-03-23}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/unc961-multiverse-financially-motivated}, language = {English}, urldate = {2023-04-25} } UNC961 in the Multiverse of Mandiant: Three Encounters with a Financially Motivated Threat Actor
HOLERUN LIGHTBUNNY
2023-03-16SentinelOneTom Hegel
@online{hegel:20230316:winter:5e43881, author = {Tom Hegel}, title = {{Winter Vivern | Uncovering a Wave of Global Espionage}}, date = {2023-03-16}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/winter-vivern-uncovering-a-wave-of-global-espionage/}, language = {English}, urldate = {2023-03-20} } Winter Vivern | Uncovering a Wave of Global Espionage
APERETIF
2023-03-16MandiantAlexander Marvi, BRAD SLAYBAUGH, DAN EBREO, Tufail Ahmed, Muhammad Umair, TINA JOHNSON
@online{marvi:20230316:fortinet:d6ae40c, author = {Alexander Marvi and BRAD SLAYBAUGH and DAN EBREO and Tufail Ahmed and Muhammad Umair and TINA JOHNSON}, title = {{Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation}}, date = {2023-03-16}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem}, language = {English}, urldate = {2023-04-22} } Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation
2023-03-09DeepInstinctSimon Kenin
@online{kenin:20230309:ducktail:1f4fcc3, author = {Simon Kenin}, title = {{DUCKTAIL: Threat Operation Re-emerges with New LNK, PowerShell, and Other Custom Tactics to Avoid Detection}}, date = {2023-03-09}, organization = {DeepInstinct}, url = {https://www.deepinstinct.com/blog/ducktail-threat-operation-re-emerges-with-new-lnk-powershell-and-other-custom-tactics-to-avoid-detection}, language = {English}, urldate = {2023-03-24} } DUCKTAIL: Threat Operation Re-emerges with New LNK, PowerShell, and Other Custom Tactics to Avoid Detection
DUCKTAIL
2023-01-29Dark VortexParanoid Ninja
@online{ninja:20230129:hiding:1b59393, author = {Paranoid Ninja}, title = {{Hiding In PlainSight - Indirect Syscall is Dead! Long Live Custom Call Stacks}}, date = {2023-01-29}, organization = {Dark Vortex}, url = {https://0xdarkvortex.dev/hiding-in-plainsight/}, language = {English}, urldate = {2023-02-21} } Hiding In PlainSight - Indirect Syscall is Dead! Long Live Custom Call Stacks
Brute Ratel C4
2023-01-24TrellixDaksh Kapur, Tomer Shloman, Robert Venal, John Fokker
@online{kapur:20230124:cyberattacks:0a05372, author = {Daksh Kapur and Tomer Shloman and Robert Venal and John Fokker}, title = {{Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity}}, date = {2023-01-24}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/research/cyberattacks-targeting-ukraine-increase.html}, language = {English}, urldate = {2023-01-25} } Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity
Andromeda Formbook Houdini Remcos
2023-01-12Sentinel LABSTom Hegel, Aleksandar Milenkoski
@online{hegel:20230112:noname05716:b3cb836, author = {Tom Hegel and Aleksandar Milenkoski}, title = {{NoName057(16) – The Pro-Russian Hacktivist Group Targeting NATO}}, date = {2023-01-12}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/noname05716-the-pro-russian-hacktivist-group-targeting-nato/}, language = {English}, urldate = {2023-02-17} } NoName057(16) – The Pro-Russian Hacktivist Group Targeting NATO
Bobik Dosia NoName057(16)
2023-01-09TrendmicroHitomi Kimura, Ryan Maglaque, Fe Cureg, Trent Bessell
@online{kimura:20230109:gootkit:585185a, author = {Hitomi Kimura and Ryan Maglaque and Fe Cureg and Trent Bessell}, title = {{Gootkit Loader Actively Targets Australian Healthcare Industry}}, date = {2023-01-09}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html}, language = {English}, urldate = {2023-01-13} } Gootkit Loader Actively Targets Australian Healthcare Industry
GootKit