Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-10-05Seguranca InformaticaPedro Tavares
@online{tavares:20211005:malware:b92d5a9, author = {Pedro Tavares}, title = {{Malware analysis: Details on LockBit ransomware}}, date = {2021-10-05}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/malware-analysis-details-on-lockbit-ransomware/}, language = {English}, urldate = {2021-10-11} } Malware analysis: Details on LockBit ransomware
LockBit
2021-10-05Medium s2wlabS2W TALON
@online{talon:20211005:prometheus:b698c61, author = {S2W TALON}, title = {{Prometheus x Spook: Prometheus ransomware rebranded Spook ransomware.}}, date = {2021-10-05}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/prometheus-x-spook-prometheus-ransomware-rebranded-spook-ransomware-6f93bd8ab5dd}, language = {English}, urldate = {2021-10-11} } Prometheus x Spook: Prometheus ransomware rebranded Spook ransomware.
Prometheus
2021-10-05BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20211005:drawing:e53477d, author = {The BlackBerry Research & Intelligence Team}, title = {{Drawing a Dragon: Connecting the Dots to Find APT41}}, date = {2021-10-05}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/10/drawing-a-dragon-connecting-the-dots-to-find-apt41}, language = {English}, urldate = {2021-10-11} } Drawing a Dragon: Connecting the Dots to Find APT41
Cobalt Strike Ghost RAT
2021-10-05Recorded FutureInsikt Group®
@techreport{group:20211005:illegal:e392c73, author = {Insikt Group®}, title = {{Illegal Activities Endure on China's Dark Web Despite Strict Internet Control}}, date = {2021-10-05}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2021-1005.pdf}, language = {English}, urldate = {2021-10-11} } Illegal Activities Endure on China's Dark Web Despite Strict Internet Control
2021-10-05EXPMONEXPMON's Blog
@online{blog:20211005:regarding:ed16d41, author = {EXPMON's Blog}, title = {{Regarding the Threats Posed by Encrypted Office Files}}, date = {2021-10-05}, organization = {EXPMON}, url = {https://expmon.blogspot.com/2021/10/regarding-threats-posed-by-encrypted.html}, language = {English}, urldate = {2021-10-11} } Regarding the Threats Posed by Encrypted Office Files
2021-10-05SophosAndrew Brandt, Rajesh Nataraj, Andrew O’Donnell, Mauricio Valdivieso
@online{brandt:20211005:python:61cd49c, author = {Andrew Brandt and Rajesh Nataraj and Andrew O’Donnell and Mauricio Valdivieso}, title = {{Python ransomware script targets ESXi server for encryption}}, date = {2021-10-05}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/10/05/python-ransomware-script-targets-esxi-server-for-encryption/}, language = {English}, urldate = {2021-10-11} } Python ransomware script targets ESXi server for encryption
2021-10-04The DFIR ReportThe DFIR Report
@online{report:20211004:bazarloader:fe3adf3, author = {The DFIR Report}, title = {{BazarLoader and the Conti Leaks}}, date = {2021-10-04}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/10/04/bazarloader-and-the-conti-leaks/}, language = {English}, urldate = {2021-10-11} } BazarLoader and the Conti Leaks
BazarBackdoor Cobalt Strike Conti
2021-10-04JPMintyJai Minton
@online{minton:20211004:strrat:ce3bc16, author = {Jai Minton}, title = {{STRRAT Analysis}}, date = {2021-10-04}, organization = {JPMinty}, url = {https://www.jaiminton.com/reverse-engineering/strrat}, language = {English}, urldate = {2021-10-05} } STRRAT Analysis
STRRAT
2021-10-04pid4.ioJames Hovious
@online{hovious:20211004:how:03b7d93, author = {James Hovious}, title = {{How to Write a Hancitor Extractor in Go}}, date = {2021-10-04}, organization = {pid4.io}, url = {https://pid4.io/posts/how_to_write_a_hancitor_extractor/}, language = {English}, urldate = {2021-10-11} } How to Write a Hancitor Extractor in Go
Hancitor
2021-10-04SophosSean Gallagher, Vikas Singh, Krisztián Diriczi, Kajal Katiyar, Chaitanya Ghorpade, Rahil Shah
@online{gallagher:20211004:atom:782b979, author = {Sean Gallagher and Vikas Singh and Krisztián Diriczi and Kajal Katiyar and Chaitanya Ghorpade and Rahil Shah}, title = {{Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack}}, date = {2021-10-04}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/10/04/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack/}, language = {English}, urldate = {2021-10-11} } Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack
ATOMSILO Cobalt Strike
2021-10-04JPCERT/CCShusei Tomonaga
@online{tomonaga:20211004:malware:5ba808a, author = {Shusei Tomonaga}, title = {{Malware Gh0stTimes Used by BlackTech}}, date = {2021-10-04}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2021/10/gh0sttimes.html}, language = {English}, urldate = {2021-10-11} } Malware Gh0stTimes Used by BlackTech
Gh0stTimes Ghost RAT
2021-10-04nvisoMaxime Thiebaut
@online{thiebaut:20211004:phish:4270c8c, author = {Maxime Thiebaut}, title = {{Phish, Phished, Phisher: A Quick Peek Inside a Telegram Harvester}}, date = {2021-10-04}, organization = {nviso}, url = {https://blog.nviso.eu/2021/10/04/phish-phished-phisher-a-quick-peek-inside-a-telegram-harvester/}, language = {English}, urldate = {2021-10-11} } Phish, Phished, Phisher: A Quick Peek Inside a Telegram Harvester
2021-10-03Github (0xjxd)Joel Dönne
@techreport{dnne:20211003:squirrelwaffle:3a35566, author = {Joel Dönne}, title = {{SquirrelWaffle - From Maldoc to Cobalt Strike}}, date = {2021-10-03}, institution = {Github (0xjxd)}, url = {https://github.com/0xjxd/SquirrelWaffle-From-Maldoc-to-Cobalt-Strike/raw/main/2021-10-02%20-%20SquirrelWaffle%20-%20From%20Maldoc%20to%20Cobalt%20Strike.pdf}, language = {English}, urldate = {2021-10-07} } SquirrelWaffle - From Maldoc to Cobalt Strike
Cobalt Strike Squirrelwaffle
2021-10-01ZeroFoxStephan Simon
@online{simon:20211001:babuk:9bce12b, author = {Stephan Simon}, title = {{Babuk Ransomware Variant Delta Plus Used in Live Attacks After Source Code Leaked}}, date = {2021-10-01}, organization = {ZeroFox}, url = {https://www.zerofox.com/blog/babuk-ransomware-variant-delta-plus/}, language = {English}, urldate = {2021-10-11} } Babuk Ransomware Variant Delta Plus Used in Live Attacks After Source Code Leaked
Babuk
2021-10-010ffset BlogChuong Dong
@online{dong:20211001:squirrelwaffle:24c9b06, author = {Chuong Dong}, title = {{SQUIRRELWAFFLE – Analysing the Custom Packer}}, date = {2021-10-01}, organization = {0ffset Blog}, url = {https://www.0ffset.net/reverse-engineering/malware-analysis/squirrelwaffle-custom-packer/}, language = {English}, urldate = {2021-10-14} } SQUIRRELWAFFLE – Analysing the Custom Packer
Cobalt Strike Squirrelwaffle
2021-09-30SentinelOneAmitai Ben Shushan Ehrlich
@online{ehrlich:20210930:new:c3f26e0, author = {Amitai Ben Shushan Ehrlich}, title = {{New Version Of Apostle Ransomware Reemerges In Targeted Attack On Higher Education}}, date = {2021-09-30}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/new-version-of-apostle-ransomware-reemerges-in-targeted-attack-on-higher-education/}, language = {English}, urldate = {2021-10-11} } New Version Of Apostle Ransomware Reemerges In Targeted Attack On Higher Education
Apostle
2021-09-30laceworkLacework Labs
@online{labs:20210930:mirai:014ab03, author = {Lacework Labs}, title = {{Mirai goes Stealth – TLS & IoT Malware}}, date = {2021-09-30}, organization = {lacework}, url = {https://www.lacework.com/blog/mirai-goes-stealth-tls-iot-malware/}, language = {English}, urldate = {2021-10-11} } Mirai goes Stealth – TLS & IoT Malware
Mirai elf.vpnfilter
2021-09-30Palo Alto Networks Unit 42Brady Stout
@online{stout:20210930:credential:c5ca608, author = {Brady Stout}, title = {{Credential Harvesting at Scale Without Malware}}, date = {2021-09-30}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/credential-harvesting/}, language = {English}, urldate = {2021-10-11} } Credential Harvesting at Scale Without Malware
2021-09-30BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20210930:threat:d31cc55, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: xLoader Infostealer}}, date = {2021-09-30}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/09/threat-thursday-xloader-infostealer}, language = {English}, urldate = {2021-10-11} } Threat Thursday: xLoader Infostealer
Xloader Formbook
2021-09-30PT Expert Security Center
@online{center:20210930:masters:8707c00, author = {PT Expert Security Center}, title = {{Masters of Mimicry: new APT group ChamelGang and its arsenal}}, date = {2021-09-30}, url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang}, language = {English}, urldate = {2021-10-14} } Masters of Mimicry: new APT group ChamelGang and its arsenal
Cobalt Strike