Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-07-07Twitter (@resecurity_com)Resecurity
Tweet REvil attack chain used against Kaseya
REvil
2021-07-07Twitter (@C0rk1_H)hyabcd
Tweet on purplefox exploiting PrintNightmare (CVE-2021-34527) vulnerability in cryptocurrency mining campaign
PurpleFox
2021-07-06Twitter (@_alex_il_)Alex Ilgayev
Tweet on REvil ransomware actor using vulnerable defender executable in its infection flow in early may before Kaseya attack
REvil
2021-07-06Twitter (@MBThreatIntel)Malwarebytes Threat Intelligence
Tweet on a malspam campaign that is taking advantage of Kaseya VSA ransomware attack to drop CobaltStrike
Cobalt Strike
2021-07-05Twitter (@R3MRUM)R3MRUM
Twitter thread with additional context on C2 domains found in REvil configuration
REvil
2021-07-05Twitter (@SophosLabs)SophosLabs
Tweet with a REvil ransomware execution demo
REvil
2021-07-04Twitter (@svch0st)Zach
Tweet on #Kaseya detection tool for detecting REvil
REvil
2021-07-04Twitter (@PolarToffee)Toffee
Tweet on AvosLocker, ransomware advertising for affiliates through Dread
2021-07-03Twitter (@fwosar)Fabian Wosar
Twitter thread on REvil's cryptographic scheme
REvil
2021-07-03Twitter (@LloydLabs)Lloyd
Twitter Thread on Revil sideloading DLL used in Kaseya attack
REvil
2021-07-02Twitter (@VK_intel)Vitali Kremez
Tweet on Revil ransomware analysis used in Kaseya attack
REvil
2021-07-02Twitter (@SyscallE)SeAccessCheck
Tweet on Revil dropper used in Kaseya attack
REvil
2021-06-29Twitter (@IntezerLabs)Intezer
Tweet on unknown elf backdoor based on an open source remote shell named "amcsh"
BioSet
2021-06-29Twitter (@sisoma2)sisoma2
Tweet on vidar stealer using Tumblr to obtain dynamic config
Vidar
2021-06-29Twitter (@VK_intel)Vitali Kremez
Tweet on Linux version of REvil ransomware
REvil
2021-06-28Twitter (@AdamTheAnalyst)AdamTheAnalyst
Tweet on suspected REvil exfiltration (over RClone FTP) server
REvil REvil
2021-06-28Twitter (@VK_intel)Vitali Kremez
Tweet on ELF version of REvil
REvil
2021-06-27Twitter (@GossiTheDog)Kevin Beaumont
Tweet on babuk ransomware builder
Babuk
2021-06-23Twitter (@IntezerLabs)Intezer
Tweet on linux version of Derusbi
Derusbi
2021-06-22Twitter (@Cryptolaemus1)Cryptolaemus, dao ming si, Kirk Sayre
Tweet on TA575, a Dridex affiliate delivering cobaltstrike (packed withe Cryptone) directly via the macro docs
Cobalt Strike Dridex