Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-02-17Twitter (@Honeymoon_IoC)Gi7w0rm
@online{gi7w0rm:20220217:tweets:a96e458, author = {Gi7w0rm}, title = {{Tweets on win.prometei caught via Cowrie}}, date = {2022-02-17}, organization = {Twitter (@Honeymoon_IoC)}, url = {https://twitter.com/honeymoon_ioc/status/1494311182550904840}, language = {English}, urldate = {2022-02-17} } Tweets on win.prometei caught via Cowrie
Prometei
2022-02-14MorphisecHido Cohen, Arnold Osipov
@techreport{cohen:20220214:journey:6c209dc, author = {Hido Cohen and Arnold Osipov}, title = {{Journey of a Crypto Scammer - NFT-001}}, date = {2022-02-14}, institution = {Morphisec}, url = {https://blog.morphisec.com/hubfs/Journey%20of%20a%20Crypto%20Scammer%20-%20NFT-001%20%7C%20Morphisec%20%7C%20Threat%20Report.pdf}, language = {English}, urldate = {2022-02-19} } Journey of a Crypto Scammer - NFT-001
AsyncRAT BitRAT Remcos
2022-02-09CiscoVanja Svajcer, Vitor Ventura
@online{svajcer:20220209:whats:91fb2d8, author = {Vanja Svajcer and Vitor Ventura}, title = {{What’s with the shared VBA code between Transparent Tribe and other threat actors?}}, date = {2022-02-09}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/02/whats-with-shared-vba-code.html}, language = {English}, urldate = {2022-02-14} } What’s with the shared VBA code between Transparent Tribe and other threat actors?
2022-02-08GuidePoint SecurityDrew Schmitt
@online{schmitt:20220208:using:0b08b47, author = {Drew Schmitt}, title = {{Using Hindsight to Close a Cuba Cold Case}}, date = {2022-02-08}, organization = {GuidePoint Security}, url = {https://www.guidepointsecurity.com/blog/using-hindsight-to-close-a-cuba-cold-case/}, language = {English}, urldate = {2022-03-28} } Using Hindsight to Close a Cuba Cold Case
Cuba
2022-01-27BleepingComputerSergiu Gatlan
@online{gatlan:20220127:taiwanese:287d9cf, author = {Sergiu Gatlan}, title = {{Taiwanese Apple and Tesla contractor hit by Conti ransomware}}, date = {2022-01-27}, organization = {BleepingComputer}, url = {https://www.bleepingcomputer.com/news/security/taiwanese-apple-and-tesla-contractor-hit-by-conti-ransomware/}, language = {English}, urldate = {2022-02-01} } Taiwanese Apple and Tesla contractor hit by Conti ransomware
Conti
2022-01-25Palo Alto Networks Unit 42Yaron Samuel
@online{samuel:20220125:weaponization:3f900f4, author = {Yaron Samuel}, title = {{Weaponization of Excel Add-Ins Part 1: Malicious XLL Files and Agent Tesla Case Studies}}, date = {2022-01-25}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/excel-add-ins-malicious-xll-files-agent-tesla/}, language = {English}, urldate = {2022-01-28} } Weaponization of Excel Add-Ins Part 1: Malicious XLL Files and Agent Tesla Case Studies
Agent Tesla
2022-01-24Trend MicroJunestherry Dela Cruz
@online{cruz:20220124:analysis:5807286, author = {Junestherry Dela Cruz}, title = {{Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant}}, date = {2022-01-24}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/a/analysis-and-Impact-of-lockbit-ransomwares-first-linux-and-vmware-esxi-variant.html}, language = {English}, urldate = {2022-01-25} } Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant
LockBit LockBit
2022-01-24ProofpointProofpoint
@online{proofpoint:20220124:dtpacker:6d34c1b, author = {Proofpoint}, title = {{DTPacker – a .NET Packer with a Curious Password}}, date = {2022-01-24}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/dtpacker-net-packer-curious-password-1}, language = {English}, urldate = {2022-01-25} } DTPacker – a .NET Packer with a Curious Password
Agent Tesla
2022-01-18Trend MicroArianne Dela Cruz, Bren Matthew Ebriega, Don Ovid Ladores, Mary Yambao
@online{cruz:20220118:new:c7bdfeb, author = {Arianne Dela Cruz and Bren Matthew Ebriega and Don Ovid Ladores and Mary Yambao}, title = {{New Ransomware Spotted: White Rabbit and Its Evasion Tactics}}, date = {2022-01-18}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/a/new-ransomware-spotted-white-rabbit-and-its-evasion-tactics.html}, language = {English}, urldate = {2022-01-24} } New Ransomware Spotted: White Rabbit and Its Evasion Tactics
2022-01-16forensicitguyTony Lambert
@online{lambert:20220116:analyzing:2c8a9db, author = {Tony Lambert}, title = {{Analyzing a CACTUSTORCH HTA Leading to Cobalt Strike}}, date = {2022-01-16}, organization = {forensicitguy}, url = {https://forensicitguy.github.io/analyzing-cactustorch-hta-cobaltstrike/}, language = {English}, urldate = {2022-01-25} } Analyzing a CACTUSTORCH HTA Leading to Cobalt Strike
CACTUSTORCH Cobalt Strike
2022-01-11Twitter (@cglyer)Christopher Glyer
@online{glyer:20220111:thread:ae5ec3d, author = {Christopher Glyer}, title = {{Thread on DEV-0401, a china based ransomware operator exploiting VMware Horizon with log4shell and deploying NightSky ransomware}}, date = {2022-01-11}, organization = {Twitter (@cglyer)}, url = {https://twitter.com/cglyer/status/1480742363991580674}, language = {English}, urldate = {2022-01-25} } Thread on DEV-0401, a china based ransomware operator exploiting VMware Horizon with log4shell and deploying NightSky ransomware
Cobalt Strike NightSky
2021-12-14Kaspersky LabsPaul Rascagnères, Pierre Delcher
@online{rascagnres:20211214:owowa:4a26756, author = {Paul Rascagnères and Pierre Delcher}, title = {{Owowa: the add-on that turns your OWA into a credential stealer and remote access panel}}, date = {2021-12-14}, organization = {Kaspersky Labs}, url = {https://securelist.com/owowa-credential-stealer-and-remote-access/105219/}, language = {English}, urldate = {2021-12-17} } Owowa: the add-on that turns your OWA into a credential stealer and remote access panel
Owowa
2021-12-09MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20211209:closer:bace4ec, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{A closer look at Qakbot’s latest building blocks (and how to knock them down)}}, date = {2021-12-09}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/12/09/a-closer-look-at-qakbots-latest-building-blocks-and-how-to-knock-them-down/}, language = {English}, urldate = {2021-12-13} } A closer look at Qakbot’s latest building blocks (and how to knock them down)
QakBot
2021-12-09Trend MicroVeronica Chierzi
@online{chierzi:20211209:evolution:f5eb0ca, author = {Veronica Chierzi}, title = {{The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs}}, date = {2021-12-09}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/l/the-evolution-of-iot-linux-malware-based-on-mitre-att&ck-ttps.html}, language = {English}, urldate = {2022-01-05} } The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs
Dark Nexus QSnatch
2021-12-07MandiantVan Ta, Jake Nicastro, Rufus Brown, Nick Richard
@online{ta:20211207:fin13:e5e2255, author = {Van Ta and Jake Nicastro and Rufus Brown and Nick Richard}, title = {{FIN13: A Cybercriminal Threat Actor Focused on Mexico}}, date = {2021-12-07}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/fin13-cybercriminal-mexico}, language = {English}, urldate = {2021-12-08} } FIN13: A Cybercriminal Threat Actor Focused on Mexico
jspRAT win.rekoobe FIN13
2021-12-01AvastJan Rubín, Jakub Kaloč
@online{rubn:20211201:toss:0b5f12e, author = {Jan Rubín and Jakub Kaloč}, title = {{Toss a Coin to your Helper (Part 2 of 2)}}, date = {2021-12-01}, organization = {Avast}, url = {https://decoded.avast.io/janrubin/toss-a-coin-to-your-helper}, language = {English}, urldate = {2021-12-07} } Toss a Coin to your Helper (Part 2 of 2)
2021-11-23MorphisecHido Cohen, Arnold Osipov
@online{cohen:20211123:babadeda:ae0d0ac, author = {Hido Cohen and Arnold Osipov}, title = {{Babadeda Crypter targeting crypto, NFT, and DeFi communities}}, date = {2021-11-23}, organization = {Morphisec}, url = {https://blog.morphisec.com/the-babadeda-crypter-targeting-crypto-nft-defi-communities}, language = {English}, urldate = {2021-12-22} } Babadeda Crypter targeting crypto, NFT, and DeFi communities
BitRAT LockBit Remcos
2021-11-19IronNetMorgan Demboski
@online{demboski:20211119:is:d05360d, author = {Morgan Demboski}, title = {{Is a coordinated cyberattack brewing in the escalating Russian-Ukrainian conflict?}}, date = {2021-11-19}, organization = {IronNet}, url = {https://www.ironnet.com/blog/is-a-coordinated-cyberattack-brewing-in-the-escalating-russian-ukrainian-conflict}, language = {English}, urldate = {2021-11-25} } Is a coordinated cyberattack brewing in the escalating Russian-Ukrainian conflict?
2021-11-17MandiantJoshua Goddard
@online{goddard:20211117:proxynoshell:c2b592e, author = {Joshua Goddard}, title = {{ProxyNoShell: A Change in Tactics Exploiting ProxyShell Vulnerabilities}}, date = {2021-11-17}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/change-tactics-proxyshell-vulnerabilities}, language = {English}, urldate = {2021-11-19} } ProxyNoShell: A Change in Tactics Exploiting ProxyShell Vulnerabilities
2021-11-17Investigative reporting project ItalyLorenzo Bagnoli, Riccardo Coluccini
@online{bagnoli:20211117:sorveglianza:3272e30, author = {Lorenzo Bagnoli and Riccardo Coluccini}, title = {{Sorveglianza: l’azienda italiana che vuole sfidare i colossi NSO e Palantir}}, date = {2021-11-17}, organization = {Investigative reporting project Italy}, url = {https://irpimedia.irpi.eu/sorveglianze-cy4gate/}, language = {Italian}, urldate = {2021-11-18} } Sorveglianza: l’azienda italiana che vuole sfidare i colossi NSO e Palantir
Chrysaor