Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-05-05Recorded FutureInsikt Group®
@online{group:20210505:chinas:0d77f3f, author = {Insikt Group®}, title = {{China’s PLA Unit 61419 Purchasing Foreign Antivirus Products, Likely for Exploitation}}, date = {2021-05-05}, organization = {Recorded Future}, url = {https://www.recordedfuture.com/china-pla-unit-purchasing-antivirus-exploitation/}, language = {English}, urldate = {2021-05-08} } China’s PLA Unit 61419 Purchasing Foreign Antivirus Products, Likely for Exploitation
2021-05-05ProferoProfero, SecurityJoes
@techreport{profero:20210505:cuba:bc183e8, author = {Profero and SecurityJoes}, title = {{Cuba Ransomware Group on a Roll}}, date = {2021-05-05}, institution = {Profero}, url = {https://shared-public-reports.s3-eu-west-1.amazonaws.com/Cuba+Ransomware+Group+-+on+a+roll.pdf}, language = {English}, urldate = {2021-05-07} } Cuba Ransomware Group on a Roll
Cuba Ransomware
2021-05-05The RecordCatalin Cimpanu
@online{cimpanu:20210505:malware:27b4343, author = {Catalin Cimpanu}, title = {{Malware group leaks millions of stolen authentication cookies}}, date = {2021-05-05}, organization = {The Record}, url = {https://therecord.media/malware-group-leaks-millions-of-stolen-authentication-cookies/}, language = {English}, urldate = {2021-05-07} } Malware group leaks millions of stolen authentication cookies
Raccoon
2021-05-05SophosLabs UncutAndrew Brandt, Peter Mackenzie, Vikas Singh, Gabor Szappanos
@online{brandt:20210505:intervention:f548dee, author = {Andrew Brandt and Peter Mackenzie and Vikas Singh and Gabor Szappanos}, title = {{Intervention halts a ProxyLogon-enabled attack}}, date = {2021-05-05}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/05/05/intervention-halts-a-proxylogon-enabled-attack}, language = {English}, urldate = {2021-05-07} } Intervention halts a ProxyLogon-enabled attack
Cobalt Strike
2021-05-05zimperiumJon Paterson
@online{paterson:20210505:flubot:c917ba6, author = {Jon Paterson}, title = {{Flubot vs. Zimperium}}, date = {2021-05-05}, organization = {zimperium}, url = {https://blog.zimperium.com/flubot-vs-zimperium/}, language = {English}, urldate = {2021-05-08} } Flubot vs. Zimperium
FluBot
2021-05-05ESET ResearchESET Research
@online{research:20210505:ousaban:655e747, author = {ESET Research}, title = {{Ousaban: Private photo collection hidden in a CABinet}}, date = {2021-05-05}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/05/05/ousaban-private-photo-collection-hidden-cabinet/}, language = {English}, urldate = {2021-05-08} } Ousaban: Private photo collection hidden in a CABinet
2021-05-05Kashif Ali Surfeit and Blasé SecurityKashif Ali
@online{ali:20210505:roaming:b3131fd, author = {Kashif Ali}, title = {{Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware}}, date = {2021-05-05}, organization = {Kashif Ali Surfeit and Blasé Security}, url = {https://www.kashifali.ca/2021/05/05/roaming-mantis-amplifies-smishing-campaign-with-os-specific-android-malware/}, language = {English}, urldate = {2021-05-08} } Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware
MoqHao Roaming Mantis
2021-05-05ZscalerAniruddha Dolas, Mohd Sadique, Manohar Ghule
@online{dolas:20210505:catching:ace83fc, author = {Aniruddha Dolas and Mohd Sadique and Manohar Ghule}, title = {{Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats}}, date = {2021-05-05}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols}, language = {English}, urldate = {2021-05-08} } Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats
Agent Tesla AsyncRAT Crimson RAT CyberGate Ghost RAT Nanocore RAT NetWire RC NjRAT Quasar RAT Remcos
2021-05-04Cr4sh
@online{cr4sh:20210504:cr4sh:3c1597c, author = {Cr4sh}, title = {{Cr4sh / MicroBackdoor : Small and convenient C2 tool for Windows targets}}, date = {2021-05-04}, url = {https://github.com/cr4sh/microbackdoor}, language = {English}, urldate = {2021-05-04} } Cr4sh / MicroBackdoor : Small and convenient C2 tool for Windows targets
MicroBackdoor
2021-05-04Red CanaryJustin Schoenfeld, Aaron Didier
@online{schoenfeld:20210504:transferring:ed44b55, author = {Justin Schoenfeld and Aaron Didier}, title = {{Transferring leverage in a ransomware attack}}, date = {2021-05-04}, organization = {Red Canary}, url = {https://redcanary.com/blog/rclone-mega-extortion/}, language = {English}, urldate = {2021-05-07} } Transferring leverage in a ransomware attack
2021-05-04Twitter (@TrendMicroRSRCH)Trend Micro Research
@online{research:20210504:n3tw0rm:626085f, author = {Trend Micro Research}, title = {{Tweet on N3tw0rm ransomware, that has started affecting users in Israel.}}, date = {2021-05-04}, organization = {Twitter (@TrendMicroRSRCH)}, url = {https://twitter.com/TrendMicroRSRCH/status/1389422784808378370}, language = {English}, urldate = {2021-05-04} } Tweet on N3tw0rm ransomware, that has started affecting users in Israel.
Pay2Key
2021-05-04Seguranca InformaticaPedro Tavares
@online{tavares:20210504:taste:b6a3380, author = {Pedro Tavares}, title = {{A taste of the latest release of QakBot}}, date = {2021-05-04}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/a-taste-of-the-latest-release-of-qakbot}, language = {English}, urldate = {2021-05-07} } A taste of the latest release of QakBot
QakBot
2021-05-04TrustwaveLloyd Macrohon, Rodel Mendrez
@online{macrohon:20210504:pingback:4988e88, author = {Lloyd Macrohon and Rodel Mendrez}, title = {{Pingback: Backdoor At The End Of The ICMP Tunnel}}, date = {2021-05-04}, organization = {Trustwave}, url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/backdoor-at-the-end-of-the-icmp-tunnel/}, language = {English}, urldate = {2021-05-04} } Pingback: Backdoor At The End Of The ICMP Tunnel
PingBack
2021-05-04in.securityOwen
@online{owen:20210504:detecting:8e2a985, author = {Owen}, title = {{Detecting Lateral Movement via WinRM Using KQL}}, date = {2021-05-04}, organization = {in.security}, url = {https://in.security/detecting-lateral-movement-via-winrm-using-kql/}, language = {English}, urldate = {2021-05-07} } Detecting Lateral Movement via WinRM Using KQL
2021-05-04PhishLabsJessica Ellis
@online{ellis:20210504:alien:3773dbb, author = {Jessica Ellis}, title = {{Alien Mobile Malware Evades Detection, Increases Targets}}, date = {2021-05-04}, organization = {PhishLabs}, url = {https://info.phishlabs.com/blog/alien-mobile-malware-evades-detection-increases-targets}, language = {English}, urldate = {2021-05-07} } Alien Mobile Malware Evades Detection, Increases Targets
Alien
2021-05-04Trend MicroMonte de Jesus, Fyodor Yarochkin, Paul Pajares
@online{jesus:20210504:new:38799c6, author = {Monte de Jesus and Fyodor Yarochkin and Paul Pajares}, title = {{New Panda Stealer Targets Cryptocurrency Wallets}}, date = {2021-05-04}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/e/new-panda-stealer-targets-cryptocurrency-wallets-.html}, language = {English}, urldate = {2021-05-04} } New Panda Stealer Targets Cryptocurrency Wallets
Panda Stealer
2021-05-04Twitter (@elisalem9)Eli Salem
@online{salem:20210504:analysis:e2677f0, author = {Eli Salem}, title = {{Tweet on analysis of N3tw0rm ransomware}}, date = {2021-05-04}, organization = {Twitter (@elisalem9)}, url = {https://twitter.com/elisalem9/status/1389481237228699650?s=20}, language = {English}, urldate = {2021-05-08} } Tweet on analysis of N3tw0rm ransomware
2021-05-04Medium sergiusechelSergiu Sechel
@online{sechel:20210504:improving:ce4da6d, author = {Sergiu Sechel}, title = {{Improving the network-based detection of Cobalt Strike C2 servers in the wild while reducing the risk of false positives}}, date = {2021-05-04}, organization = {Medium sergiusechel}, url = {https://sergiusechel.medium.com/improving-the-network-based-detection-of-cobalt-strike-c2-servers-in-the-wild-while-reducing-the-6964205f6468}, language = {English}, urldate = {2021-05-04} } Improving the network-based detection of Cobalt Strike C2 servers in the wild while reducing the risk of false positives
Cobalt Strike
2021-05-04Fox-ITfumik0, the RIFT Team, Fox IT
@online{fumik0:20210504:rm3:41d6969, author = {fumik0 and the RIFT Team and Fox IT}, title = {{RM3 – Curiosities of the wildest banking malware}}, date = {2021-05-04}, organization = {Fox-IT}, url = {https://blog.fox-it.com/2021/05/04/rm3-curiosities-of-the-wildest-banking-malware/}, language = {English}, urldate = {2021-05-04} } RM3 – Curiosities of the wildest banking malware
ISFB
2021-05-04Lacework LabsChris Hall
@online{hall:20210504:cpuminer:db7b10e, author = {Chris Hall}, title = {{Cpuminer & Friends}}, date = {2021-05-04}, organization = {Lacework Labs}, url = {https://www.lacework.com/cpuminer-friends/}, language = {English}, urldate = {2021-05-08} } Cpuminer & Friends