Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-07-26WithSecureMohammad Kazem Hassan Nejad
@techreport{nejad:20220726:ducktail:04c6c82, author = {Mohammad Kazem Hassan Nejad}, title = {{DUCKTAIL: An infostealer malware targeting Facebook Business accounts}}, date = {2022-07-26}, institution = {WithSecure}, url = {https://labs.withsecure.com/assets/BlogFiles/Publications/WithSecure_Research_DUCKTAIL.pdf}, language = {English}, urldate = {2022-07-28} } DUCKTAIL: An infostealer malware targeting Facebook Business accounts
2022-07-25Cert-UACert-UA
@online{certua:20220725:mass:92104f0, author = {Cert-UA}, title = {{Mass distribution of desktops (Formbook, Snake Keylogger) and use of Malware RelicRace/RelicSource as a means of delivery (CERT-UA#5056)}}, date = {2022-07-25}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/955924}, language = {Ukrainian}, urldate = {2022-07-28} } Mass distribution of desktops (Formbook, Snake Keylogger) and use of Malware RelicRace/RelicSource as a means of delivery (CERT-UA#5056)
404 Keylogger Formbook RelicRace
2022-07-23BleepingComputerBill Toulas
@online{toulas:20220723:north:79193bd, author = {Bill Toulas}, title = {{North Korean hackers attack EU targets with Konni RAT malware}}, date = {2022-07-23}, organization = {BleepingComputer}, url = {https://www.bleepingcomputer.com/news/security/north-korean-hackers-attack-eu-targets-with-konni-rat-malware/}, language = {English}, urldate = {2022-07-25} } North Korean hackers attack EU targets with Konni RAT malware
Konni
2022-07-21TalosTalos
@online{talos:20220721:attackers:480fda8, author = {Talos}, title = {{Attackers target Ukraine using GoMet backdoor}}, date = {2022-07-21}, organization = {Talos}, url = {https://blog.talosintelligence.com/2022/07/attackers-target-ukraine-using-gomet.html}, language = {English}, urldate = {2022-07-27} } Attackers target Ukraine using GoMet backdoor
GoMet
2022-07-21ProofpointBryan Campbell, Pim Trouerbach, Selena Larson, Proofpoint Threat Research Team
@online{campbell:20220721:buy:bf7d3c4, author = {Bryan Campbell and Pim Trouerbach and Selena Larson and Proofpoint Threat Research Team}, title = {{Buy, Sell, Steal, EvilNum Targets Cryptocurrency, Forex, Commodities}}, date = {2022-07-21}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/buy-sell-steal-evilnum-targets-cryptocurrency-forex-commodities}, language = {English}, urldate = {2022-07-25} } Buy, Sell, Steal, EvilNum Targets Cryptocurrency, Forex, Commodities
EVILNUM
2022-07-20KasperskyMarc Rivero López, Jornt van der Wiel, Dmitry Galov, Sergey Lozhkin
@online{lpez:20220720:luna:176a613, author = {Marc Rivero López and Jornt van der Wiel and Dmitry Galov and Sergey Lozhkin}, title = {{Luna and Black Basta — new ransomware for Windows, Linux and ESXi}}, date = {2022-07-20}, organization = {Kaspersky}, url = {https://securelist.com/luna-black-basta-ransomware/106950}, language = {English}, urldate = {2022-07-25} } Luna and Black Basta — new ransomware for Windows, Linux and ESXi
Black Basta Conti
2022-07-20Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy, Marley Smith
@online{kremez:20220720:anatomy:cd94a81, author = {Vitali Kremez and Yelisey Boguslavskiy and Marley Smith}, title = {{Anatomy of Attack: Truth Behind the Costa Rica Government Ransomware 5-Day Intrusion}}, date = {2022-07-20}, organization = {Advanced Intelligence}, url = {https://www.advintel.io/post/anatomy-of-attack-truth-behind-the-costa-rica-government-ransomware-5-day-intrusion}, language = {English}, urldate = {2022-07-25} } Anatomy of Attack: Truth Behind the Costa Rica Government Ransomware 5-Day Intrusion
Cobalt Strike
2022-07-20Cert-UACert-UA
@online{certua:20220720:cyberattack:3450ba8, author = {Cert-UA}, title = {{Cyberattack on State Organizations of Ukraine using the topic OK "South" and the malicious program AgentTesla (CERT-UA#4987)}}, date = {2022-07-20}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/861292}, language = {Ukrainian}, urldate = {2022-07-25} } Cyberattack on State Organizations of Ukraine using the topic OK "South" and the malicious program AgentTesla (CERT-UA#4987)
Agent Tesla
2022-07-20Securonix Threat LabsD. Iuzvyk, T. Peck, O. Kolesnikov
@online{iuzvyk:20220720:stiffbizon:ae896da, author = {D. Iuzvyk and T. Peck and O. Kolesnikov}, title = {{STIFF#BIZON Detection Using Securonix – New Attack Campaign Observed Possibly Linked to Konni/APT37 (North Korea) - Securonix}}, date = {2022-07-20}, organization = {Securonix Threat Labs}, url = {https://www.securonix.com/blog/stiffbizon-detection-new-attack-campaign-observed/}, language = {English}, urldate = {2022-07-25} } STIFF#BIZON Detection Using Securonix – New Attack Campaign Observed Possibly Linked to Konni/APT37 (North Korea) - Securonix
Konni
2022-07-20MandiantMandiant Threat Intelligence
@online{intelligence:20220720:evacuation:edd478e, author = {Mandiant Threat Intelligence}, title = {{Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities}}, date = {2022-07-20}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/spear-phish-ukrainian-entities}, language = {English}, urldate = {2022-07-25} } Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities
Cobalt Strike GraphSteel GrimPlant MicroBackdoor
2022-07-20Trend MicroJoelson Soares, Buddy Tancio, Erika Mendoza, Jessie Prevost, Nusrath Iqra
@online{soares:20220720:analyzing:8753d99, author = {Joelson Soares and Buddy Tancio and Erika Mendoza and Jessie Prevost and Nusrath Iqra}, title = {{Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data}}, date = {2022-07-20}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/g/analyzing-penetration-testing-tools-that-threat-actors-use-to-br.html}, language = {English}, urldate = {2022-07-25} } Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data
2022-07-19GoogleBilly Leonard
@online{leonard:20220719:continued:2a97da1, author = {Billy Leonard}, title = {{Continued cyber activity in Eastern Europe observed by TAG}}, date = {2022-07-19}, organization = {Google}, url = {https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag}, language = {English}, urldate = {2022-08-05} } Continued cyber activity in Eastern Europe observed by TAG
CyberAzov Callisto Ghostwriter Sandworm Sofacy Turla Group
2022-07-19Cert-AgIDCert-AgID
@online{certagid:20220719:analysis:ab762a7, author = {Cert-AgID}, title = {{Analysis and technical insights on the Coper malware used to attack mobile devices}}, date = {2022-07-19}, organization = {Cert-AgID}, url = {https://cert-agid.gov.it/news/analisi-e-approfondimenti-tecnici-sul-malware-coper-utilizzato-per-attaccare-dispositivi-mobili/}, language = {Italian}, urldate = {2022-07-25} } Analysis and technical insights on the Coper malware used to attack mobile devices
Coper
2022-07-19ESET ResearchMarc-Etienne M.Léveillé
@online{mlveill:20220719:i:d9dc1d5, author = {Marc-Etienne M.Léveillé}, title = {{I see what you did there: A look at the CloudMensis macOS spyware}}, date = {2022-07-19}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/}, language = {English}, urldate = {2022-07-20} } I see what you did there: A look at the CloudMensis macOS spyware
CloudMensis
2022-07-19Recorded FutureInsikt Group®
@techreport{group:20220719:amid:e54f780, author = {Insikt Group®}, title = {{Amid Rising Magecart Attacks on Online Ordering Platforms, Recent Campaigns Infect 311 Restaurants}}, date = {2022-07-19}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2022-0719.pdf}, language = {English}, urldate = {2022-07-25} } Amid Rising Magecart Attacks on Online Ordering Platforms, Recent Campaigns Infect 311 Restaurants
magecart
2022-07-19CERT PolandCERT Poland
@online{poland:20220719:development:a66f04f, author = {CERT Poland}, title = {{Development of UNC1151/Ghostwriter attack techniques}}, date = {2022-07-19}, organization = {CERT Poland}, url = {https://cert.pl/posts/2022/07/techniki-unc1151/}, language = {Polish}, urldate = {2022-07-25} } Development of UNC1151/Ghostwriter attack techniques
2022-07-19GoogleBilly Leonard
@online{leonard:20220719:continued:e1dd77e, author = {Billy Leonard}, title = {{Continued cyber activity in Eastern Europe observed by TAG}}, date = {2022-07-19}, organization = {Google}, url = {https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag/}, language = {English}, urldate = {2022-07-25} } Continued cyber activity in Eastern Europe observed by TAG
CyberAzov
2022-07-19Palo Alto Networks Unit 42Mike Harbison, Peter Renals
@online{harbison:20220719:russian:acbf388, author = {Mike Harbison and Peter Renals}, title = {{Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive}}, date = {2022-07-19}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/}, language = {English}, urldate = {2022-07-19} } Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive
Cobalt Strike EnvyScout Gdrive
2022-07-19FortinetXiaopeng Zhang
@online{zhang:20220719:new:a3b1085, author = {Xiaopeng Zhang}, title = {{New Variant of QakBot Being Spread by HTML File Attached to Phishing Emails}}, date = {2022-07-19}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/new-variant-of-qakbot-spread-by-phishing-emails}, language = {English}, urldate = {2022-07-25} } New Variant of QakBot Being Spread by HTML File Attached to Phishing Emails
QakBot
2022-07-18NetWitnessStefano Maccaglia, Will Gragido
@techreport{maccaglia:20220718:fin13:bcc74d2, author = {Stefano Maccaglia and Will Gragido}, title = {{FIN13 (Elephant Beetle): Viva la Threat! Anatomy of a Fintech Attack}}, date = {2022-07-18}, institution = {NetWitness}, url = {https://www.netwitness.com/wp-content/uploads/FIN13-Elephant-Beetle-NetWitness.pdf}, language = {English}, urldate = {2022-08-05} } FIN13 (Elephant Beetle): Viva la Threat! Anatomy of a Fintech Attack
FIN13