Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-11-16YouTube (Swiss Cyber Storm)Angelo Violetti
@online{violetti:20231116:resilience:666cdc2, author = {Angelo Violetti}, title = {{Resilience Rising: Countering the Threat Actors Behind Black Basta Ransomware}}, date = {2023-11-16}, organization = {YouTube (Swiss Cyber Storm)}, url = {https://www.youtube.com/watch?v=iD_KZAqNDZ0}, language = {English}, urldate = {2023-11-16} } Resilience Rising: Countering the Threat Actors Behind Black Basta Ransomware
Black Basta
2023-11-15FortinetAndrew Nicchi, John Simmons, Amey Gat, Mark Robson
@online{nicchi:20231115:investigating:f9d3365, author = {Andrew Nicchi and John Simmons and Amey Gat and Mark Robson}, title = {{Investigating the New Rhysida Ransomware}}, date = {2023-11-15}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/investigating-the-new-rhysida-ransomware}, language = {English}, urldate = {2023-11-22} } Investigating the New Rhysida Ransomware
Rhysida
2023-11-14National Security and Defense Council of UkraineOrganization of the National Security and Defense Council of Ukraine
@techreport{ukraine:20231114:apt29:9628c5e, author = {Organization of the National Security and Defense Council of Ukraine}, title = {{APT29 attacks Embassies using CVE-2023-38831}}, date = {2023-11-14}, institution = {National Security and Defense Council of Ukraine}, url = {https://www.rnbo.gov.ua/files/2023_YEAR/CYBERCENTER/november/APT29%20attacks%20Embassies%20using%20CVE-2023-38831%20-%20report%20en.pdf}, language = {English}, urldate = {2023-11-15} } APT29 attacks Embassies using CVE-2023-38831
2023-11-14SektorCERTSektorCERT
@online{sektorcert:20231114:attacks:9d0198d, author = {SektorCERT}, title = {{The Attacks against the Danish Critical Infrastructure}}, date = {2023-11-14}, organization = {SektorCERT}, url = {https://www.documentcloud.org/documents/24165245-sektorcert-angrebet-mod-dansk-kritisk-infrastruktur-tlp-clear}, language = {Danish}, urldate = {2023-11-15} } The Attacks against the Danish Critical Infrastructure
2023-11-14Department of JusticeU.S. Attorney's Office District of Puerto Rico
@online{rico:20231114:russian:e22cda5, author = {U.S. Attorney's Office District of Puerto Rico}, title = {{Russian and Moldovan National Pleads Guilty to Operating Illegal Botnet Proxy Service that Infected Tens of Thousands of Internet-Connected Devices Around the World}}, date = {2023-11-14}, organization = {Department of Justice}, url = {https://www.justice.gov/usao-pr/pr/russian-and-moldovan-national-pleads-guilty-operating-illegal-botnet-proxy-service}, language = {English}, urldate = {2023-11-14} } Russian and Moldovan National Pleads Guilty to Operating Illegal Botnet Proxy Service that Infected Tens of Thousands of Internet-Connected Devices Around the World
IPStorm IPStorm
2023-11-14SektorCERTSektorCERT
@online{sektorcert:20231114:attacks:97782de, author = {SektorCERT}, title = {{The Attacks against the Danish Critical Infrastructure (translated)}}, date = {2023-11-14}, organization = {SektorCERT}, url = {https://www.documentcloud.org/documents/24165244-sektorcert-translated}, language = {English}, urldate = {2023-11-15} } The Attacks against the Danish Critical Infrastructure (translated)
2023-11-10AhnLabASEC Analysis Team
@online{team:20231110:detection:6c90ee7, author = {ASEC Analysis Team}, title = {{Detection of attacks exploiting asset management software (Andariel Group)}}, date = {2023-11-10}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/58215/}, language = {Korean}, urldate = {2023-11-28} } Detection of attacks exploiting asset management software (Andariel Group)
Lilith Tiger RAT
2023-11-09CrowdStrikeCounter Adversary Operations
@online{operations:20231109:imperial:8a2f4d0, author = {Counter Adversary Operations}, title = {{IMPERIAL KITTEN Deploys Novel Malware Families in Middle East-Focused Operations}}, date = {2023-11-09}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/imperial-kitten-deploys-novel-malware-families/}, language = {English}, urldate = {2023-11-14} } IMPERIAL KITTEN Deploys Novel Malware Families in Middle East-Focused Operations
IMAPLoader
2023-11-06SeqriteSathwik Ram Prakki
@online{prakki:20231106:sidecopys:03c64cf, author = {Sathwik Ram Prakki}, title = {{SideCopy’s Multi-platform Onslaught: Leveraging WinRAR Zero-Day and Linux Variant of Ares RAT}}, date = {2023-11-06}, organization = {Seqrite}, url = {https://www.seqrite.com/blog/sidecopys-multi-platform-onslaught-leveraging-winrar-zero-day-and-linux-variant-of-ares-rat/}, language = {English}, urldate = {2023-11-13} } SideCopy’s Multi-platform Onslaught: Leveraging WinRAR Zero-Day and Linux Variant of Ares RAT
Action RAT AllaKore
2023-11-06VMWare Carbon BlackSwee Lai Lee, Bria Beathley, Abe Schneider, Alan Ngo
@online{lee:20231106:jupyter:58d6320, author = {Swee Lai Lee and Bria Beathley and Abe Schneider and Alan Ngo}, title = {{Jupyter Rising: An Update on Jupyter Infostealer}}, date = {2023-11-06}, organization = {VMWare Carbon Black}, url = {https://blogs.vmware.com/security/2023/11/jupyter-rising-an-update-on-jupyter-infostealer.html}, language = {English}, urldate = {2023-11-17} } Jupyter Rising: An Update on Jupyter Infostealer
solarmarker
2023-11-06Security IntelligenceGolo Mühr, Ole Villadsen
@online{mhr:20231106:gootbot:e37a082, author = {Golo Mühr and Ole Villadsen}, title = {{GootBot – Gootloader’s new approach to post-exploitation}}, date = {2023-11-06}, organization = {Security Intelligence}, url = {https://securityintelligence.com/x-force/gootbot-gootloaders-new-approach-to-post-exploitation/}, language = {English}, urldate = {2023-11-27} } GootBot – Gootloader’s new approach to post-exploitation
GootLoader
2023-11-03UptycsShilpesh Trivedi, Uptycs Threat Research
@online{trivedi:20231103:ghostsec:049115a, author = {Shilpesh Trivedi and Uptycs Threat Research}, title = {{GhostSec: From Fighting ISIS to Possibly Targeting Israel with RaaS}}, date = {2023-11-03}, organization = {Uptycs}, url = {https://www.uptycs.com/blog/ghostlocker-ransomware-ghostsec}, language = {English}, urldate = {2023-11-13} } GhostSec: From Fighting ISIS to Possibly Targeting Israel with RaaS
GhostLocker GhostSec
2023-11-02BitSightBitSight
@online{bitsight:20231102:unveiling:26ed4db, author = {BitSight}, title = {{Unveiling Socks5Systemz: The Rise of a New Proxy Service via PrivateLoader and Amadey}}, date = {2023-11-02}, organization = {BitSight}, url = {https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey}, language = {English}, urldate = {2023-11-13} } Unveiling Socks5Systemz: The Rise of a New Proxy Service via PrivateLoader and Amadey
Amadey PrivateLoader Socks5 Systemz
2023-11-02BitSightBitSight
@online{bitsight:20231102:unveiling:747482a, author = {BitSight}, title = {{Unveiling Socks5Systemz: The Rise of a New Proxy Service via PrivateLoader and Amadey}}, date = {2023-11-02}, organization = {BitSight}, url = {https://www.bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey}, language = {English}, urldate = {2023-11-13} } Unveiling Socks5Systemz: The Rise of a New Proxy Service via PrivateLoader and Amadey
Amadey PrivateLoader Socks5 Systemz
2023-11-02DataBreaches.netDissent
@online{dissent:20231102:jeffco:bd86dfa, author = {Dissent}, title = {{Jeffco Public Schools hit by the same threat actors that hit Clark County School District — and via the same way}}, date = {2023-11-02}, organization = {DataBreaches.net}, url = {https://www.databreaches.net/jeffco-public-schools-hit-by-the-same-threat-actors-that-hit-clark-county-school-district-and-via-the-same-way/}, language = {English}, urldate = {2023-11-17} } Jeffco Public Schools hit by the same threat actors that hit Clark County School District — and via the same way
2023-11-01Twitter (@embee_research)Embee_research
@online{embeeresearch:20231101:malware:897262b, author = {Embee_research}, title = {{Malware Unpacking With Memory Dumps - Intermediate Methods (Pe-Sieve, Process Hacker, Hxd and Pe-bear)}}, date = {2023-11-01}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/unpacking-malware-using-process-hacker-and-memory-inspection/}, language = {English}, urldate = {2023-11-13} } Malware Unpacking With Memory Dumps - Intermediate Methods (Pe-Sieve, Process Hacker, Hxd and Pe-bear)
AsyncRAT
2023-11-01AppGateFelipe Tarijon
@online{tarijon:20231101:vietnamese:0cdc68a, author = {Felipe Tarijon}, title = {{Vietnamese Information Stealer Campaigns Target Professionals on LinkedIn}}, date = {2023-11-01}, organization = {AppGate}, url = {https://www.appgate.com/blog/vietnamese-information-stealer-campaigns-target-professionals-on-linkedin}, language = {English}, urldate = {2023-11-13} } Vietnamese Information Stealer Campaigns Target Professionals on LinkedIn
DUCKTAIL
2023-11-01NetskopeLeandro Froes
@online{froes:20231101:new:145f312, author = {Leandro Froes}, title = {{New DarkGate Variant Uses a New Loading Approach}}, date = {2023-11-01}, organization = {Netskope}, url = {https://www.netskope.com/jp/blog/new-darkgate-variant-uses-a-new-loading-approach}, language = {English}, urldate = {2023-11-13} } New DarkGate Variant Uses a New Loading Approach
DarkGate
2023-10-31Palo Alto Networks Unit 42Daniel Frank, Tom Fakterman
@online{frank:20231031:over:def0823, author = {Daniel Frank and Tom Fakterman}, title = {{Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla)}}, date = {2023-10-31}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/pensive-ursa-uses-upgraded-kazuar-backdoor/}, language = {English}, urldate = {2023-11-14} } Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla)
Kazuar
2023-10-31ElasticColson Wilhoit, Ricardo Ungureanu, Seth Goodwin, Andrew Pease
@online{wilhoit:20231031:elastic:4f80b7d, author = {Colson Wilhoit and Ricardo Ungureanu and Seth Goodwin and Andrew Pease}, title = {{Elastic catches DPRK passing out KANDYKORN}}, date = {2023-10-31}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykorn}, language = {English}, urldate = {2023-11-14} } Elastic catches DPRK passing out KANDYKORN
HLOADER KANDYKORN SUGARLOADER