Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-01-27ESET ResearchESET Research
@online{research:20230127:swiftslicer:0877e07, author = {ESET Research}, title = {{SwiftSlicer: New destructive wiper malware strikes Ukraine}}, date = {2023-01-27}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/01/27/swiftslicer-new-destructive-wiper-malware-ukraine/}, language = {English}, urldate = {2023-02-03} } SwiftSlicer: New destructive wiper malware strikes Ukraine
SwiftSlicer
2023-01-26ANY.RUNANY.RUN
@online{anyrun:20230126:cryptbot:fa17489, author = {ANY.RUN}, title = {{CryptBot Infostealer: Malware Analysis}}, date = {2023-01-26}, organization = {ANY.RUN}, url = {https://any.run/cybersecurity-blog/cryptbot-infostealer-malware-analysis/}, language = {English}, urldate = {2023-01-27} } CryptBot Infostealer: Malware Analysis
CryptBot
2023-01-26MandiantGovand Sinjari, Andy Morales
@online{sinjari:20230126:welcome:3e0ada1, author = {Govand Sinjari and Andy Morales}, title = {{Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations}}, date = {2023-01-26}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/tracking-evolution-gootloader-operations}, language = {English}, urldate = {2023-01-31} } Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations
GootLoader
2023-01-26Palo Alto Networks Unit 42Mike Harbison, Jen Miller-Osborn
@online{harbison:20230126:chinese:a83622f, author = {Mike Harbison and Jen Miller-Osborn}, title = {{Chinese PlugX Malware Hidden in Your USB Devices?}}, date = {2023-01-26}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/}, language = {English}, urldate = {2023-01-27} } Chinese PlugX Malware Hidden in Your USB Devices?
PlugX
2023-01-26AcronisIlan Duhin
@online{duhin:20230126:unpacking:8ff4776, author = {Ilan Duhin}, title = {{Unpacking Emotet Malware}}, date = {2023-01-26}, organization = {Acronis}, url = {https://medium.com/@Ilandu/emotet-unpacking-35bbe2980cfb}, language = {English}, urldate = {2023-01-27} } Unpacking Emotet Malware
Emotet
2023-01-26Recorded FutureInsikt Group
@techreport{group:20230126:bluebravo:9d6aa62, author = {Insikt Group}, title = {{BlueBravo Uses Ambassador Lure to Deploy GraphicalNeutrino Malware}}, date = {2023-01-26}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf}, language = {English}, urldate = {2023-02-02} } BlueBravo Uses Ambassador Lure to Deploy GraphicalNeutrino Malware
GraphicalNeutrino
2023-01-26NCSC UKNCSC UK
@online{uk:20230126:seaborgium:ae8f581, author = {NCSC UK}, title = {{SEABORGIUM and TA453 continue their respective spear-phishing campaigns against targets of interest}}, date = {2023-01-26}, organization = {NCSC UK}, url = {https://www.ncsc.gov.uk/news/spear-phishing-campaigns-targets-of-interest}, language = {English}, urldate = {2023-01-27} } SEABORGIUM and TA453 continue their respective spear-phishing campaigns against targets of interest
2023-01-26TrendmicroNathaniel Morales, Earle Maui Earnshaw, Don Ovid Ladores, Nick Dai, Nathaniel Gregory Ragasa
@online{morales:20230126:new:c7aa03b, author = {Nathaniel Morales and Earle Maui Earnshaw and Don Ovid Ladores and Nick Dai and Nathaniel Gregory Ragasa}, title = {{New Mimic Ransomware Abuses Everything APIs for its Encryption Process}}, date = {2023-01-26}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/23/a/new-mimic-ransomware-abuses-everything-apis-for-its-encryption-p.html}, language = {English}, urldate = {2023-01-31} } New Mimic Ransomware Abuses Everything APIs for its Encryption Process
Mimic Ransomware
2023-01-25SecuronixD. Iuzvyk, T. Peck, O. Kolesnikov
@online{iuzvyk:20230125:securonix:866c376, author = {D. Iuzvyk and T. Peck and O. Kolesnikov}, title = {{Securonix Security Advisory: Python-Based PY#RATION Attack Campaign Leverages Fernet Encryption and Websockets to Avoid Detection}}, date = {2023-01-25}, organization = {Securonix}, url = {https://www.securonix.com/blog/security-advisory-python-based-pyration-attack-campaign/}, language = {English}, urldate = {2023-01-26} } Securonix Security Advisory: Python-Based PY#RATION Attack Campaign Leverages Fernet Encryption and Websockets to Avoid Detection
PY#RATION
2023-01-25ProofpointGreg Lesnewich, Proofpoint Threat Research Team
@online{lesnewich:20230125:ta444:ae76e7b, author = {Greg Lesnewich and Proofpoint Threat Research Team}, title = {{TA444: The APT Startup Aimed at Acquisition (of Your Funds)}}, date = {2023-01-25}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/ta444-apt-startup-aimed-at-your-funds}, language = {English}, urldate = {2023-01-25} } TA444: The APT Startup Aimed at Acquisition (of Your Funds)
CageyChameleon
2023-01-24TrellixDaksh Kapur, Tomer Shloman, Robert Venal, John Fokker
@online{kapur:20230124:cyberattacks:0a05372, author = {Daksh Kapur and Tomer Shloman and Robert Venal and John Fokker}, title = {{Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity}}, date = {2023-01-24}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/research/cyberattacks-targeting-ukraine-increase.html}, language = {English}, urldate = {2023-01-25} } Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity
Andromeda Formbook Houdini Remcos
2023-01-24SentinelOneAleksandar Milenkoski
@online{milenkoski:20230124:dragonspark:828f0d3, author = {Aleksandar Milenkoski}, title = {{DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation}}, date = {2023-01-24}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation/}, language = {English}, urldate = {2023-01-25} } DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation
SparkRAT
2023-01-24FortinetGeri Revay
@online{revay:20230124:year:00a1450, author = {Geri Revay}, title = {{The Year of the Wiper}}, date = {2023-01-24}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/the-year-of-the-wiper}, language = {English}, urldate = {2023-01-25} } The Year of the Wiper
Azov Wiper Bruh Wiper CaddyWiper Cobalt Strike Vidar
2023-01-24eSentireJoe Stewart, Keegan Keplinger
@online{stewart:20230124:unmasking:c26cfce, author = {Joe Stewart and Keegan Keplinger}, title = {{Unmasking Venom Spider}}, date = {2023-01-24}, organization = {eSentire}, url = {https://www.esentire.com/web-native-pages/unmasking-venom-spider}, language = {English}, urldate = {2023-01-25} } Unmasking Venom Spider
More_eggs TerraPreter TerraLoader VenomLNK
2023-01-24DailySecUGil Min-kwon
@online{minkwon:20230124:urgent:71e54e3, author = {Gil Min-kwon}, title = {{[Urgent] A Chinese hacker organization that declared hacking war on Korea..."KISA will hack" notice}}, date = {2023-01-24}, organization = {DailySecU}, url = {https://www.dailysecu.com/news/articleView.html?idxno=143020}, language = {English}, urldate = {2023-01-24} } [Urgent] A Chinese hacker organization that declared hacking war on Korea..."KISA will hack" notice
2023-01-23UptycsKarthickkumar Kathiresan, Shilpesh Trivedi
@online{kathiresan:20230123:titan:2ea755f, author = {Karthickkumar Kathiresan and Shilpesh Trivedi}, title = {{The Titan Stealer: Notorious Telegram Malware Campaign - Uptycs}}, date = {2023-01-23}, organization = {Uptycs}, url = {https://www.uptycs.com/blog/titan-stealer-telegram-malware-campaign}, language = {English}, urldate = {2023-01-26} } The Titan Stealer: Notorious Telegram Malware Campaign - Uptycs
TitanStealer
2023-01-23FBIFBI National Press Office
@online{office:20230123:fbi:172d0d8, author = {FBI National Press Office}, title = {{FBI Confirms Lazarus Group Cyber Actors Responsible for Harmony's Horizon Bridge Currency Theft}}, date = {2023-01-23}, organization = {FBI}, url = {https://www.fbi.gov/news/press-releases/fbi-confirms-lazarus-group-apt38-cyber-actors-responsible-for-harmonys-horizon-bridge-currency-theft}, language = {English}, urldate = {2023-01-25} } FBI Confirms Lazarus Group Cyber Actors Responsible for Harmony's Horizon Bridge Currency Theft
2023-01-20cocomelonccocomelonc
@online{cocomelonc:20230120:malware:c480361, author = {cocomelonc}, title = {{Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.}}, date = {2023-01-20}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/persistence/2023/01/19/malware-pers-21.html}, language = {English}, urldate = {2023-01-23} } Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.
2023-01-20BlackberryBlackBerry Research & Intelligence Team
@online{team:20230120:emotet:3d5fe7f, author = {BlackBerry Research & Intelligence Team}, title = {{Emotet Returns With New Methods of Evasion}}, date = {2023-01-20}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2023/01/emotet-returns-with-new-methods-of-evasion}, language = {English}, urldate = {2023-01-25} } Emotet Returns With New Methods of Evasion
Emotet IcedID
2023-01-20The Hacker NewsRavie Lakshmanan
@online{lakshmanan:20230120:chinese:4df7900, author = {Ravie Lakshmanan}, title = {{Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware}}, date = {2023-01-20}, organization = {The Hacker News}, url = {https://thehackernews.com/2023/01/new-chinese-malware-spotted-exploiting.html}, language = {English}, urldate = {2023-01-20} } Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware
BOLDMOVE BOLDMOVE