Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-01-20cocomelonccocomelonc
@online{cocomelonc:20230120:malware:c480361, author = {cocomelonc}, title = {{Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.}}, date = {2023-01-20}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/persistence/2023/01/19/malware-pers-21.html}, language = {English}, urldate = {2023-01-23} } Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.
2023-01-20BlackberryBlackBerry Research & Intelligence Team
@online{team:20230120:emotet:3d5fe7f, author = {BlackBerry Research & Intelligence Team}, title = {{Emotet Returns With New Methods of Evasion}}, date = {2023-01-20}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2023/01/emotet-returns-with-new-methods-of-evasion}, language = {English}, urldate = {2023-01-25} } Emotet Returns With New Methods of Evasion
Emotet IcedID
2023-01-20The Hacker NewsRavie Lakshmanan
@online{lakshmanan:20230120:chinese:4df7900, author = {Ravie Lakshmanan}, title = {{Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware}}, date = {2023-01-20}, organization = {The Hacker News}, url = {https://thehackernews.com/2023/01/new-chinese-malware-spotted-exploiting.html}, language = {English}, urldate = {2023-01-20} } Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware
BOLDMOVE BOLDMOVE
2023-01-19Team CymruS2 Research Team
@online{team:20230119:darth:4a19fc1, author = {S2 Research Team}, title = {{Darth Vidar: The Dark Side of Evolving Threat Infrastructure}}, date = {2023-01-19}, organization = {Team Cymru}, url = {https://www.team-cymru.com/post/darth-vidar-the-dark-side-of-evolving-threat-infrastructure}, language = {English}, urldate = {2023-01-19} } Darth Vidar: The Dark Side of Evolving Threat Infrastructure
Vidar
2023-01-19ThreatFabricThreatFabric
@online{threatfabric:20230119:hook:f234221, author = {ThreatFabric}, title = {{Hook: a new Ermac fork with RAT capabilities}}, date = {2023-01-19}, organization = {ThreatFabric}, url = {https://www.threatfabric.com/blogs/hook-a-new-ermac-fork-with-rat-capabilities.html}, language = {English}, urldate = {2023-01-19} } Hook: a new Ermac fork with RAT capabilities
Hook
2023-01-19BlackberryBlackBerry Research & Intelligence Team
@online{team:20230119:gamaredon:ed20055, author = {BlackBerry Research & Intelligence Team}, title = {{Gamaredon (Ab)uses Telegram to Target Ukrainian Organizations}}, date = {2023-01-19}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2023/01/gamaredon-abuses-telegram-to-target-ukrainian-organizations}, language = {English}, urldate = {2023-01-25} } Gamaredon (Ab)uses Telegram to Target Ukrainian Organizations
Unidentified VBS 006 (Telegram Loader)
2023-01-19MandiantScott Henderson, Cristiana Kittner, Sarah Hawley, Mark Lechtik
@online{henderson:20230119:suspected:39b0731, author = {Scott Henderson and Cristiana Kittner and Sarah Hawley and Mark Lechtik}, title = {{Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475)}}, date = {2023-01-19}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw}, language = {English}, urldate = {2023-01-20} } Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475)
BOLDMOVE BOLDMOVE
2023-01-19Kaspersky LabsGReAT
@online{great:20230119:roaming:46b7adb, author = {GReAT}, title = {{Roaming Mantis implements new DNS changer in its malicious mobile app in 2022}}, date = {2023-01-19}, organization = {Kaspersky Labs}, url = {https://securelist.com/roaming-mantis-dns-changer-in-malicious-mobile-app/108464/}, language = {English}, urldate = {2023-01-19} } Roaming Mantis implements new DNS changer in its malicious mobile app in 2022
MoqHao
2023-01-18SANS ISCBrad Duncan
@online{duncan:20230118:malicious:df039e8, author = {Brad Duncan}, title = {{Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware}}, date = {2023-01-18}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/29448}, language = {English}, urldate = {2023-01-19} } Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware
Aurora Stealer
2023-01-18Twitter (@Gi7w0rm)Gi7w0rm
@online{gi7w0rm:20230118:long:7a6333e, author = {Gi7w0rm}, title = {{A long way to SectopRat}}, date = {2023-01-18}, organization = {Twitter (@Gi7w0rm)}, url = {https://medium.com/@gi7w0rm/a-long-way-to-sectoprat-eb2f0aad6ec8}, language = {English}, urldate = {2023-01-18} } A long way to SectopRat
SectopRAT
2023-01-18Palo Alto Networks Unit 42Unit42
@online{unit42:20230118:chinese:65e6e4b, author = {Unit42}, title = {{Chinese Playful Taurus Activity in Iran}}, date = {2023-01-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/playful-taurus/}, language = {English}, urldate = {2023-01-23} } Chinese Playful Taurus Activity in Iran
turian
2023-01-18ANSSIANSSI
@techreport{anssi:20230118:panorama:1841161, author = {ANSSI}, title = {{Panorama of the Cyber Threat 2022}}, date = {2023-01-18}, institution = {ANSSI}, url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2023-CTI-001.pdf}, language = {French}, urldate = {2023-01-25} } Panorama of the Cyber Threat 2022
2023-01-17Trend MicroPeter Girnus, Aliakbar Zahravi
@online{girnus:20230117:earth:f1cba60, author = {Peter Girnus and Aliakbar Zahravi}, title = {{Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures}}, date = {2023-01-17}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/23/a/earth-bogle-campaigns-target-middle-east-with-geopolitical-lures.html}, language = {English}, urldate = {2023-01-19} } Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures
NjRAT
2023-01-17TrendmicroJunestherry Dela Cruz
@online{cruz:20230117:batloader:594298e, author = {Junestherry Dela Cruz}, title = {{Batloader Malware Abuses Legitimate Tools, Uses Obfuscated JavaScript Files in Q4 2022 Attacks}}, date = {2023-01-17}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/23/a/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html}, language = {English}, urldate = {2023-01-19} } Batloader Malware Abuses Legitimate Tools, Uses Obfuscated JavaScript Files in Q4 2022 Attacks
BATLOADER
2023-01-17QianxinRed Raindrop Team
@online{team:20230117:kasablanka:d2d13e1, author = {Red Raindrop Team}, title = {{Kasablanka Group Probably Conducted Compaigns Targeting Russia}}, date = {2023-01-17}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Kasablanka-Group-Probably-Conducted-Compaigns-Targeting-Russia/}, language = {English}, urldate = {2023-01-18} } Kasablanka Group Probably Conducted Compaigns Targeting Russia
Ave Maria Loda
2023-01-16ANALYST1Jon DiMaggio
@online{dimaggio:20230116:unlocking:adf4dd9, author = {Jon DiMaggio}, title = {{Unlocking Lockbit: A Ransomware Story}}, date = {2023-01-16}, organization = {ANALYST1}, url = {https://analyst1.com/ransomware-diaries-volume-1/}, language = {English}, urldate = {2023-01-26} } Unlocking Lockbit: A Ransomware Story
LockBit LockBit
2023-01-16Medium elis531989Eli Salem
@online{salem:20230116:dancing:3a33ea6, author = {Eli Salem}, title = {{Dancing With Shellcodes: Analyzing Rhadamanthys Stealer}}, date = {2023-01-16}, organization = {Medium elis531989}, url = {https://elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88}, language = {English}, urldate = {2023-01-16} } Dancing With Shellcodes: Analyzing Rhadamanthys Stealer
Rhadamanthys
2023-01-16Twitter (@zachxbt)ZachXBT
@online{zachxbt:20230116:eth:953011c, author = {ZachXBT}, title = {{Tweet on ETH movement of Lazarus}}, date = {2023-01-16}, organization = {Twitter (@zachxbt)}, url = {https://twitter.com/zachxbt/status/1614771861266792449}, language = {English}, urldate = {2023-01-25} } Tweet on ETH movement of Lazarus
2023-01-13nikhilh-20Nikhil Hegde
@online{hegde:20230113:getting:4fc0a8e, author = {Nikhil Hegde}, title = {{Getting Rusty and Stringy with Luna Ransomware}}, date = {2023-01-13}, organization = {nikhilh-20}, url = {https://nikhilh-20.github.io/blog/luna_ransomware/}, language = {English}, urldate = {2023-01-13} } Getting Rusty and Stringy with Luna Ransomware
Luna
2023-01-13Twitter (@Ishusoka)Ishu
@online{ishu:20230113:tweets:31114ef, author = {Ishu}, title = {{Tweets on updates regarding Lumma Stealer}}, date = {2023-01-13}, organization = {Twitter (@Ishusoka)}, url = {https://twitter.com/Ishusoka/status/1614028229307928582}, language = {English}, urldate = {2023-01-18} } Tweets on updates regarding Lumma Stealer
Lumma Stealer