Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-16Group-IBTwitter (@GroupIB_GIB)
@online{groupibgib:20220916:uber:255f13d, author = {Twitter (@GroupIB_GIB)}, title = {{Tweet on Uber Employees potentially infected with Raccoon and Vidar stealer}}, date = {2022-09-16}, organization = {Group-IB}, url = {https://twitter.com/GroupIB_GIB/status/1570821174736850945}, language = {English}, urldate = {2022-09-19} } Tweet on Uber Employees potentially infected with Raccoon and Vidar stealer
Raccoon Vidar
2022-08-30Medium the_abjuri5tJohn F
@online{f:20220830:nanocore:86aa443, author = {John F}, title = {{NanoCore RAT Hunting Guide}}, date = {2022-08-30}, organization = {Medium the_abjuri5t}, url = {https://medium.com/@the_abjuri5t/nanocore-rat-hunting-guide-cb185473c1e0}, language = {English}, urldate = {2022-08-30} } NanoCore RAT Hunting Guide
Nanocore RAT
2022-08-25ExpelKyle Pellett, Andrew Jerry
@online{pellett:20220825:moreeggs:f309813, author = {Kyle Pellett and Andrew Jerry}, title = {{MORE_EGGS and Some LinkedIn Resumé Spearphishing}}, date = {2022-08-25}, organization = {Expel}, url = {https://expel.com/blog/more-eggs-and-some-linkedin-resume-spearphishing}, language = {English}, urldate = {2022-08-31} } MORE_EGGS and Some LinkedIn Resumé Spearphishing
More_eggs
2022-08-16Twitter (@fumik0_)fumik0
@online{fumik0:20220816:lumma:76d543a, author = {fumik0}, title = {{Tweet on Lumma Stealer based on Mars Stealer}}, date = {2022-08-16}, organization = {Twitter (@fumik0_)}, url = {https://twitter.com/fumik0_/status/1559474920152875008}, language = {English}, urldate = {2022-08-28} } Tweet on Lumma Stealer based on Mars Stealer
Lumma Stealer
2022-08-01Twitter (@sekoia_io)sekoia
@online{sekoia:20220801:turlas:ec60a74, author = {sekoia}, title = {{Tweet on Turla's CyberAzov activity}}, date = {2022-08-01}, organization = {Twitter (@sekoia_io)}, url = {https://twitter.com/sekoia_io/status/1554086468104196096}, language = {English}, urldate = {2022-08-02} } Tweet on Turla's CyberAzov activity
CyberAzov
2022-07-26Cert-UACert-UA
@online{certua:20220726:uac0010:e697f18, author = {Cert-UA}, title = {{UAC-0010 (Armageddon) cyberattacks using the GammaLoad.PS1_v2 malware (CERT-UA#5003,5013,5069,5071)}}, date = {2022-07-26}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/971405}, language = {Ukrainian}, urldate = {2022-07-28} } UAC-0010 (Armageddon) cyberattacks using the GammaLoad.PS1_v2 malware (CERT-UA#5003,5013,5069,5071)
Gamaredon Group
2022-06-28Twitter (@_CPResearch_)Check Point Research
@online{research:20220628:malware:896fb41, author = {Check Point Research}, title = {{Tweet on malware used against Steel Industry in Iran}}, date = {2022-06-28}, organization = {Twitter (@_CPResearch_)}, url = {https://twitter.com/_cpresearch_/status/1541753913732366338}, language = {English}, urldate = {2022-07-25} } Tweet on malware used against Steel Industry in Iran
Meteor Predatory Sparrow
2022-06-28Twitter (@_icebre4ker_)Fr4
@online{fr4:20220628:revive:7582d22, author = {Fr4}, title = {{Revive and Coper are using similar phishing template and app}}, date = {2022-06-28}, organization = {Twitter (@_icebre4ker_)}, url = {https://twitter.com/_icebre4ker_/status/1541875982684094465}, language = {English}, urldate = {2022-06-29} } Revive and Coper are using similar phishing template and app
Coper
2022-05-12Cert-UACert-UA
@online{certua:20220512:uac0010:582178b, author = {Cert-UA}, title = {{Uac-0010 (Armageddon) cyberattacks using GammaLoad.PS1_v2 malware (CERT-UA#4634,4648)}}, date = {2022-05-12}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/40240}, language = {Ukrainian}, urldate = {2022-05-17} } Uac-0010 (Armageddon) cyberattacks using GammaLoad.PS1_v2 malware (CERT-UA#4634,4648)
Gamaredon Group
2022-04-27Binary Defenseshade_vx
@online{shadevx:20220427:detecting:ebc3f20, author = {shade_vx}, title = {{Detecting Ransomware’s Stealthy Boot Configuration Edits}}, date = {2022-04-27}, organization = {Binary Defense}, url = {https://www.binarydefense.com/detecting-ransomwares-stealthy-boot-configuration-edits/}, language = {English}, urldate = {2022-05-09} } Detecting Ransomware’s Stealthy Boot Configuration Edits
2022-04-21eSentireeSentire Threat Response Unit (TRU)
@online{tru:20220421:hackers:e10086f, author = {eSentire Threat Response Unit (TRU)}, title = {{Hackers Spearphish Corporate Hiring Managers with Poisoned Resumes, Infecting Them with the More_Eggs Malware, Warns eSentire}}, date = {2022-04-21}, organization = {eSentire}, url = {https://www.esentire.com/blog/hackers-spearphish-corporate-hiring-managers-with-poisoned-resumes-infecting-them-with-the-more-eggs-malware}, language = {English}, urldate = {2022-05-24} } Hackers Spearphish Corporate Hiring Managers with Poisoned Resumes, Infecting Them with the More_Eggs Malware, Warns eSentire
More_eggs
2022-04-14Medium (@DCSO_CyTec)DCSO CyTec
@online{cytec:20220414:404:a7dc53d, author = {DCSO CyTec}, title = {{404 — File still found}}, date = {2022-04-14}, organization = {Medium (@DCSO_CyTec)}, url = {https://medium.com/@DCSO_CyTec/404-file-still-found-d52c3834084c}, language = {English}, urldate = {2022-05-31} } 404 — File still found
SideWinder
2022-04-04The DFIR Report@0xtornado, @yatinwad, @MettalicHack, @_pete_0
@online{0xtornado:20220404:stolen:3df91a7, author = {@0xtornado and @yatinwad and @MettalicHack and @_pete_0}, title = {{Stolen Images Campaign Ends in Conti Ransomware}}, date = {2022-04-04}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2022/04/04/stolen-images-campaign-ends-in-conti-ransomware/}, language = {English}, urldate = {2022-04-04} } Stolen Images Campaign Ends in Conti Ransomware
Conti IcedID
2022-03-12Twitter (@ET_Labs)ET Labs
@online{labs:20220312:quick:ef9cb00, author = {ET Labs}, title = {{A quick thread examining the network artifacts of the HermeticWizard spreading}}, date = {2022-03-12}, organization = {Twitter (@ET_Labs)}, url = {https://twitter.com/ET_Labs/status/1502494650640351236}, language = {English}, urldate = {2022-03-28} } A quick thread examining the network artifacts of the HermeticWizard spreading
HermeticWizard
2022-03-10Twitter (@teamcymru_S2)Team Cymru
@online{cymru:20220310:crimson:a646aac, author = {Team Cymru}, title = {{Tweet on Crimson RAT infrastructure used by APT36}}, date = {2022-03-10}, organization = {Twitter (@teamcymru_S2)}, url = {https://twitter.com/teamcymru_S2/status/1501955802025836546}, language = {English}, urldate = {2022-03-14} } Tweet on Crimson RAT infrastructure used by APT36
Crimson RAT
2022-02-28Twitter (@M_haggis)The Haag
@online{haag:20220228:parsing:7eb8f68, author = {The Haag}, title = {{Tweet on parsing Daxin driver metadata using powershell}}, date = {2022-02-28}, organization = {Twitter (@M_haggis)}, url = {https://twitter.com/M_haggis/status/1498399791276912640}, language = {English}, urldate = {2022-03-07} } Tweet on parsing Daxin driver metadata using powershell
Daxin
2022-02-26Atomic Matryoshkaz3r0day_504
@online{z3r0day504:20220226:infographic:7bb195e, author = {z3r0day_504}, title = {{Infographic: APTs in South America}}, date = {2022-02-26}, organization = {Atomic Matryoshka}, url = {https://www.atomicmatryoshka.com/post/infographic-apts-in-south-america}, language = {English}, urldate = {2022-03-01} } Infographic: APTs in South America
Imminent Monitor RAT Machete
2022-02-21Atomic Matryoshkaz3r0day_504
@online{z3r0day504:20220221:ousaban:38cdf0b, author = {z3r0day_504}, title = {{Ousaban MSI Installer Analysis}}, date = {2022-02-21}, organization = {Atomic Matryoshka}, url = {https://www.atomicmatryoshka.com/post/ousaban-msi-installer-analysis}, language = {English}, urldate = {2022-02-26} } Ousaban MSI Installer Analysis
Ousaban
2022-02-17Twitter (@Honeymoon_IoC)Gi7w0rm
@online{gi7w0rm:20220217:tweets:a96e458, author = {Gi7w0rm}, title = {{Tweets on win.prometei caught via Cowrie}}, date = {2022-02-17}, organization = {Twitter (@Honeymoon_IoC)}, url = {https://twitter.com/honeymoon_ioc/status/1494311182550904840}, language = {English}, urldate = {2022-02-17} } Tweets on win.prometei caught via Cowrie
Prometei
2022-01-28Atomic Matryoshkaz3r0day_504
@online{z3r0day504:20220128:malware:3628b1b, author = {z3r0day_504}, title = {{Malware Headliners: LokiBot}}, date = {2022-01-28}, organization = {Atomic Matryoshka}, url = {https://www.atomicmatryoshka.com/post/malware-headliners-lokibot}, language = {English}, urldate = {2022-02-01} } Malware Headliners: LokiBot
Loki Password Stealer (PWS)