Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-21Trend MicroIan Kenefick
@online{kenefick:20220121:emotet:daddaf1, author = {Ian Kenefick}, title = {{Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware}}, date = {2022-01-21}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/a/emotet-spam-abuses-unconventional-ip-address-formats-spread-malware.html}, language = {English}, urldate = {2022-01-25} } Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware
Emotet
2022-01-21Github (OALabs)OALabs
@online{oalabs:20220121:whispergate:e235152, author = {OALabs}, title = {{WhisperGate Malware}}, date = {2022-01-21}, organization = {Github (OALabs)}, url = {https://github.com/OALabs/Lab-Notes/blob/main/WhisperGate/WhisperGate.ipynb}, language = {English}, urldate = {2022-01-25} } WhisperGate Malware
WhisperGate
2022-01-21SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220121:disruptive:fff238c, author = {Counter Threat Unit ResearchTeam}, title = {{Disruptive Attacks in Ukraine Likely Linked to Escalating Tensions}}, date = {2022-01-21}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/disruptive-attacks-in-ukraine-likely-linked-to-escalating-tensions}, language = {English}, urldate = {2022-01-25} } Disruptive Attacks in Ukraine Likely Linked to Escalating Tensions
WhisperGate
2022-01-21Zero DayKim Zetter
@online{zetter:20220121:hackers:335d7dd, author = {Kim Zetter}, title = {{Hackers Were in Ukraine Systems Months Before Deploying Wiper}}, date = {2022-01-21}, organization = {Zero Day}, url = {https://zetter.substack.com/p/hackers-were-in-ukraine-systems-months}, language = {English}, urldate = {2022-01-25} } Hackers Were in Ukraine Systems Months Before Deploying Wiper
WhisperGate
2022-01-21ZscalerJavier Vicente, Brett Stone-Gross
@online{vicente:20220121:analysis:419182f, author = {Javier Vicente and Brett Stone-Gross}, title = {{Analysis of Xloader’s C2 Network Encryption}}, date = {2022-01-21}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/analysis-xloaders-c2-network-encryption}, language = {English}, urldate = {2022-01-25} } Analysis of Xloader’s C2 Network Encryption
Xloader Formbook
2022-01-21Talos IntelligenceNick Biasini, Michael Chen, Chris Neal, Matt Olney, Dmytro Korzhevin
@online{biasini:20220121:ukraine:e0da072, author = {Nick Biasini and Michael Chen and Chris Neal and Matt Olney and Dmytro Korzhevin}, title = {{Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation}}, date = {2022-01-21}, organization = {Talos Intelligence}, url = {https://blog.talosintelligence.com/2022/01/ukraine-campaign-delivers-defacement.html}, language = {English}, urldate = {2022-01-25} } Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation
WhisperGate
2022-01-21SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220121:whispergate:bcdbf9d, author = {Counter Threat Unit ResearchTeam}, title = {{WhisperGate: Not NotPetya}}, date = {2022-01-21}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/whispergate-not-notpetya}, language = {English}, urldate = {2022-01-25} } WhisperGate: Not NotPetya
WhisperGate
2022-01-21binarlyBinarly Team
@online{team:20220121:deeper:14be956, author = {Binarly Team}, title = {{A deeper UEFI dive into MoonBounce}}, date = {2022-01-21}, organization = {binarly}, url = {https://www.binarly.io/posts/A_deeper_UEFI_dive_into_MoonBounce/index.html}, language = {English}, urldate = {2022-01-25} } A deeper UEFI dive into MoonBounce
MoonBounce
2022-01-20Cado SecurityCado Security
@online{security:20220120:fallout:0dc042a, author = {Cado Security}, title = {{Fallout from Log4Shell-related Vietnamese Cryptocurrency Exchange Attack: KYC Data for Sale on Dark Web}}, date = {2022-01-20}, organization = {Cado Security}, url = {https://www.cadosecurity.com/fallout-from-log4shell-related-vietnamese-cryptocurrency-exchange-attack-kyc-data-for-sale-on-dark-web}, language = {English}, urldate = {2022-01-25} } Fallout from Log4Shell-related Vietnamese Cryptocurrency Exchange Attack: KYC Data for Sale on Dark Web
2022-01-20QianxinRed Raindrop Team
@online{team:20220120:false:ef8ab19, author = {Red Raindrop Team}, title = {{False flags or upgrades? Suspected OceanLotus uses the Glitch platform to reproduce the attack sample}}, date = {2022-01-20}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/1L7o1C-aGlMBAXzHqR9udA}, language = {Chinese}, urldate = {2022-01-25} } False flags or upgrades? Suspected OceanLotus uses the Glitch platform to reproduce the attack sample
2022-01-20FortinetJames Slaugther
@online{slaugther:20220120:new:7cef736, author = {James Slaugther}, title = {{New STRRAT RAT Phishing Campaign}}, date = {2022-01-20}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/new-strrat-rat-phishing-campaign}, language = {English}, urldate = {2022-01-24} } New STRRAT RAT Phishing Campaign
STRRAT
2022-01-20InkyRoger Kay
@online{kay:20220120:fresh:577fae2, author = {Roger Kay}, title = {{Fresh Phish: Phishers Lure Victims with Fake Invites to Bid on Nonexistent Federal Projects}}, date = {2022-01-20}, organization = {Inky}, url = {https://www.inky.com/blog/fresh-phish-phishers-lure-victims-with-fake-invites-to-bid-on-nonexistent-federal-projects}, language = {English}, urldate = {2022-01-24} } Fresh Phish: Phishers Lure Victims with Fake Invites to Bid on Nonexistent Federal Projects
2022-01-20Kaspersky LabsMark Lechtik, Vasily Berdnikov, Denis Legezo, Ilya Borisov
@techreport{lechtik:20220120:technical:fa16a24, author = {Mark Lechtik and Vasily Berdnikov and Denis Legezo and Ilya Borisov}, title = {{Technical details of MoonBounce’s implementation}}, date = {2022-01-20}, institution = {Kaspersky Labs}, url = {https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/01/19115831/MoonBounce_technical-details_eng.pdf}, language = {English}, urldate = {2022-01-25} } Technical details of MoonBounce’s implementation
MoonBounce
2022-01-20ZscalerSahil Antil, Sudeep Singh
@online{antil:20220120:new:2bc6613, author = {Sahil Antil and Sudeep Singh}, title = {{New espionage attack by Molerats APT targeting users in the Middle East}}, date = {2022-01-20}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/new-espionage-attack-molerats-apt-targeting-users-middle-east}, language = {English}, urldate = {2022-01-24} } New espionage attack by Molerats APT targeting users in the Middle East
Spark
2022-01-20Palo Alto Networks Unit 42Robert Falcone, Mike Harbison, Josh Grunzweig
@online{falcone:20220120:threat:4aad471, author = {Robert Falcone and Mike Harbison and Josh Grunzweig}, title = {{Threat Brief: Ongoing Russia and Ukraine Cyber Conflict}}, date = {2022-01-20}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/ukraine-cyber-conflict-cve-2021-32648-whispergate/}, language = {English}, urldate = {2022-01-24} } Threat Brief: Ongoing Russia and Ukraine Cyber Conflict
WhisperGate
2022-01-20CybleincCyble
@online{cyble:20220120:deep:e172620, author = {Cyble}, title = {{Deep Dive Into Ragnar_locker Ransomware Gang}}, date = {2022-01-20}, organization = {Cybleinc}, url = {https://blog.cyble.com/2022/01/20/deep-dive-into-ragnar-locker-ransomware-gang/}, language = {English}, urldate = {2022-01-25} } Deep Dive Into Ragnar_locker Ransomware Gang
RagnarLocker
2022-01-20TrellixRaj Samani, Mo Cashman, Taylor Mullins
@online{samani:20220120:update:43f230d, author = {Raj Samani and Mo Cashman and Taylor Mullins}, title = {{Update on WhisperGate, Destructive Malware Targeting Ukraine – Threat Intelligence & Protections Update}}, date = {2022-01-20}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/update-on-whispergate-destructive-malware-targeting-ukraine.html}, language = {English}, urldate = {2022-01-25} } Update on WhisperGate, Destructive Malware Targeting Ukraine – Threat Intelligence & Protections Update
WhisperGate
2022-01-20MorphisecMichael Gorelik
@online{gorelik:20220120:log4j:99fd2e0, author = {Michael Gorelik}, title = {{Log4j Exploit Hits Again: Vulnerable VMWare Horizon Servers at Risk}}, date = {2022-01-20}, organization = {Morphisec}, url = {https://blog.morphisec.com/log4j-exploit-hits-again-vulnerable-vmware-horizon-servers-at-risk}, language = {English}, urldate = {2022-01-25} } Log4j Exploit Hits Again: Vulnerable VMWare Horizon Servers at Risk
Cobalt Strike
2022-01-20Twitter (@ClearskySec)ClearSky Cybersecurity
@online{cybersecurity:20220120:comlook:ca9c0aa, author = {ClearSky Cybersecurity}, title = {{Tweet on ComLook backdoor used by Turla}}, date = {2022-01-20}, organization = {Twitter (@ClearskySec)}, url = {https://twitter.com/ClearskySec/status/1484211242474561540}, language = {English}, urldate = {2022-01-25} } Tweet on ComLook backdoor used by Turla
ComLook
2022-01-20U.S. Department of the TreasuryU.S. Department of the Treasury
@online{treasury:20220120:treasury:f913fda, author = {U.S. Department of the Treasury}, title = {{Treasury Sanctions Russian-Backed Actors Responsible for Destabilization Activities in Ukraine (Taras Kozak, Oleh Voloshyn, Volodymyr Oliynyk, Vladimir Sivkovich)}}, date = {2022-01-20}, organization = {U.S. Department of the Treasury}, url = {https://home.treasury.gov/news/press-releases/jy0562}, language = {English}, urldate = {2022-01-25} } Treasury Sanctions Russian-Backed Actors Responsible for Destabilization Activities in Ukraine (Taras Kozak, Oleh Voloshyn, Volodymyr Oliynyk, Vladimir Sivkovich)