Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-21Twitter (@0xToxin)@0xToxin
@online{0xtoxin:20220921:doenerium:0441083, author = {@0xToxin}, title = {{doenerium phishing campaign}}, date = {2022-09-21}, organization = {Twitter (@0xToxin)}, url = {https://twitter.com/0xToxin/status/1572612089901993985}, language = {English}, urldate = {2022-09-22} } doenerium phishing campaign
doenerium
2022-09-21Github (muha2xmad)Muhammad Hasan Ali
@online{ali:20220921:technical:04911e9, author = {Muhammad Hasan Ali}, title = {{Technical analysis of Hydra android malware}}, date = {2022-09-21}, organization = {Github (muha2xmad)}, url = {https://muha2xmad.github.io/malware-analysis/hydra/}, language = {English}, urldate = {2022-09-21} } Technical analysis of Hydra android malware
Hydra Joker
2022-09-21BitSightJoão Batista
@online{batista:20220921:systembc:4aca73f, author = {João Batista}, title = {{SystemBC: The Multipurpose Proxy Bot Still Breathes}}, date = {2022-09-21}, organization = {BitSight}, url = {https://www.bitsight.com/blog/systembc-multipurpose-proxy-bot-still-breathes}, language = {English}, urldate = {2022-09-22} } SystemBC: The Multipurpose Proxy Bot Still Breathes
SystemBC
2022-09-20Recorded FutureInsikt Group®
@techreport{group:20220920:threat:b6666bd, author = {Insikt Group®}, title = {{Threat Actors Continue to Abuse Google Tag Manager for Payment Card e-Skimming}}, date = {2022-09-20}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2022-0920.pdf}, language = {English}, urldate = {2022-09-26} } Threat Actors Continue to Abuse Google Tag Manager for Payment Card e-Skimming
2022-09-20vmwareDana Behling
@online{behling:20220920:threat:8e95f5a, author = {Dana Behling}, title = {{Threat Research: New Method of Volume Shadow Backup Deletion Seen in Recent Ransomware}}, date = {2022-09-20}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/09/threat-research-new-method-of-volume-shadow-backup-deletion-seen-in-recent-ransomware.html}, language = {English}, urldate = {2022-09-26} } Threat Research: New Method of Volume Shadow Backup Deletion Seen in Recent Ransomware
2022-09-20vmwareDana Behling
@online{behling:20220920:threat:099a73a, author = {Dana Behling}, title = {{Threat Report: Illuminating Volume Shadow Deletion}}, date = {2022-09-20}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/09/threat-report-illuminating-volume-shadow-deletion.html}, language = {English}, urldate = {2022-09-26} } Threat Report: Illuminating Volume Shadow Deletion
Conti HelloKitty
2022-09-19vmwareAbe Schneider, Bethany Hardin, Lavine Oluoch
@online{schneider:20220919:evolution:b793a9d, author = {Abe Schneider and Bethany Hardin and Lavine Oluoch}, title = {{The Evolution of the Chromeloader Malware}}, date = {2022-09-19}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/09/the-evolution-of-the-chromeloader-malware.html}, language = {English}, urldate = {2022-09-20} } The Evolution of the Chromeloader Malware
Choziosi
2022-09-19Recorded FutureInsikt Group®
@techreport{group:20220919:russianexus:e07ed8e, author = {Insikt Group®}, title = {{Russia-Nexus UAC-0113 Emulating Telecommunication Providers in Ukraine}}, date = {2022-09-19}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2022-0919.pdf}, language = {English}, urldate = {2022-09-26} } Russia-Nexus UAC-0113 Emulating Telecommunication Providers in Ukraine
Ave Maria Colibri Loader DCRat
2022-09-18K7 SecurityRahul R
@online{r:20220918:raccoon:9a4397c, author = {Rahul R}, title = {{Raccoon back with new claws!}}, date = {2022-09-18}, organization = {K7 Security}, url = {https://labs.k7computing.com/index.php/raccoon-back-with-new-claws/}, language = {English}, urldate = {2022-09-19} } Raccoon back with new claws!
Raccoon
2022-09-16Group-IBTwitter (@GroupIB_GIB)
@online{groupibgib:20220916:uber:255f13d, author = {Twitter (@GroupIB_GIB)}, title = {{Tweet on Uber Employees potentially infected with Raccoon and Vidar stealer}}, date = {2022-09-16}, organization = {Group-IB}, url = {https://twitter.com/GroupIB_GIB/status/1570821174736850945}, language = {English}, urldate = {2022-09-19} } Tweet on Uber Employees potentially infected with Raccoon and Vidar stealer
Raccoon Vidar
2022-09-16spookysecspookysec
@online{spookysec:20220916:deception:d6fa54d, author = {spookysec}, title = {{Deception in Depth - Building Deceptions from Breaches}}, date = {2022-09-16}, organization = {spookysec}, url = {https://blog.spookysec.net/DnD-building-from-breaches/}, language = {English}, urldate = {2022-09-19} } Deception in Depth - Building Deceptions from Breaches
2022-09-16Bleeping ComputerLawrence Abrams
@online{abrams:20220916:uber:0317b11, author = {Lawrence Abrams}, title = {{Uber hacked, internal systems breached and vulnerability reports stolen}}, date = {2022-09-16}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/}, language = {English}, urldate = {2022-09-19} } Uber hacked, internal systems breached and vulnerability reports stolen
2022-09-16muha2xmadMuhammad Hasan Ali
@online{ali:20220916:tweets:b0293e1, author = {Muhammad Hasan Ali}, title = {{Tweets about Hydra android malware}}, date = {2022-09-16}, organization = {muha2xmad}, url = {https://twitter.com/muha2xmad/status/1570788983474638849}, language = {English}, urldate = {2022-09-19} } Tweets about Hydra android malware
Hydra
2022-09-16GovCERT.chGovCERT.ch
@techreport{govcertch:20220916:unflattening:ac739a3, author = {GovCERT.ch}, title = {{Unflattening ConfuserEx .NET Code in IDA}}, date = {2022-09-16}, institution = {GovCERT.ch}, url = {https://www.govcert.ch/downloads/whitepapers/Unflattening-ConfuserEx-Code-in-IDA.pdf}, language = {English}, urldate = {2022-09-19} } Unflattening ConfuserEx .NET Code in IDA
Ginzo Stealer
2022-09-15TalosAsheer Malhotra, Guilherme Venere
@online{malhotra:20220915:gamaredon:e8a0cbc, author = {Asheer Malhotra and Guilherme Venere}, title = {{Gamaredon APT targets Ukrainian government agencies in new campaign}}, date = {2022-09-15}, organization = {Talos}, url = {https://blog.talosintelligence.com/2022/09/gamaredon-apt-targets-ukrainian-agencies.html}, language = {English}, urldate = {2022-09-19} } Gamaredon APT targets Ukrainian government agencies in new campaign
2022-09-15JPCERT/CCShusei Tomonaga
@online{tomonaga:20220915:f5:717ee99, author = {Shusei Tomonaga}, title = {{F5 BIG-IP Vulnerability (CVE-2022-1388) Exploited by BlackTech}}, date = {2022-09-15}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2022/09/bigip-exploit.html}, language = {English}, urldate = {2022-09-19} } F5 BIG-IP Vulnerability (CVE-2022-1388) Exploited by BlackTech
Hipid
2022-09-15AquasecAssaf Morag, Asaf Eitani
@online{morag:20220915:threat:b35ec09, author = {Assaf Morag and Asaf Eitani}, title = {{Threat Alert: New Malware in the Cloud By TeamTNT}}, date = {2022-09-15}, organization = {Aquasec}, url = {https://blog.aquasec.com/new-malware-in-the-cloud-by-teamtnt}, language = {English}, urldate = {2022-09-19} } Threat Alert: New Malware in the Cloud By TeamTNT
Tsunami
2022-09-15SymantecThreat Hunter Team
@online{team:20220915:webworm:500c850, author = {Threat Hunter Team}, title = {{Webworm: Espionage Attackers Testing and Using Older Modified RATs}}, date = {2022-09-15}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/webworm-espionage-rats}, language = {English}, urldate = {2022-09-20} } Webworm: Espionage Attackers Testing and Using Older Modified RATs
9002 RAT Ghost RAT Trochilus RAT
2022-09-15SentinelOneJim Walter
@online{walter:20220915:from:0d72348, author = {Jim Walter}, title = {{From the Front Lines | Slam! Anatomy of a Publicly-Available Ransomware Builder}}, date = {2022-09-15}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/from-the-front-lines-slam-anatomy-of-a-publicly-available-ransomware-builder/}, language = {English}, urldate = {2022-09-26} } From the Front Lines | Slam! Anatomy of a Publicly-Available Ransomware Builder
Slam
2022-09-15SekoiaThreat & Detection Research Team
@online{team:20220915:privateloader:d88c7b2, author = {Threat & Detection Research Team}, title = {{PrivateLoader: the loader of the prevalent ruzki PPI service}}, date = {2022-09-15}, organization = {Sekoia}, url = {https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/}, language = {English}, urldate = {2022-09-19} } PrivateLoader: the loader of the prevalent ruzki PPI service
Agent Tesla Coinminer DanaBot DCRat Eternity Stealer Glupteba Mars Stealer NetSupportManager RAT Nymaim Nymaim2 Phoenix Keylogger PrivateLoader Raccoon RedLine Stealer SmokeLoader Socelars STOP Vidar YTStealer