Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-11-15SymantecThreat Hunter Team
@online{team:20221115:billbug:f11d48d, author = {Threat Hunter Team}, title = {{Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries}}, date = {2022-11-15}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-asia-governments-cert-authority}, language = {English}, urldate = {2022-11-15} } Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries
Sagerunex
2022-11-14vmwareBethany Hardin, Lavine Oluoch, Tatiana Vollbrecht, Deborah Snyder, Nikki Benoit
@online{hardin:20221114:batloader:879d974, author = {Bethany Hardin and Lavine Oluoch and Tatiana Vollbrecht and Deborah Snyder and Nikki Benoit}, title = {{BATLOADER: The Evasive Downloader Malware}}, date = {2022-11-14}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/11/batloader-the-evasive-downloader-malware.html}, language = {English}, urldate = {2022-11-28} } BATLOADER: The Evasive Downloader Malware
BATLOADER
2022-11-14Twitter (@embee_research)Matthew
@online{matthew:20221114:twitter:9b57525, author = {Matthew}, title = {{Twitter thread on Yara Signatures for Qakbot Encryption Routines}}, date = {2022-11-14}, organization = {Twitter (@embee_research)}, url = {https://twitter.com/embee_research/status/1592067841154756610?s=20}, language = {English}, urldate = {2022-11-18} } Twitter thread on Yara Signatures for Qakbot Encryption Routines
IcedID QakBot
2022-11-14QianxinRed Raindrop Team
@online{team:20221114:operation:d4929d5, author = {Red Raindrop Team}, title = {{Operation (Đường chín đoạn) typhoon: the cyber sea lotus coveting the nine-dash line in the South China Sea}}, date = {2022-11-14}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/pd6fUs5TLdBtwUHauclDOQ}, language = {Chinese}, urldate = {2022-11-15} } Operation (Đường chín đoạn) typhoon: the cyber sea lotus coveting the nine-dash line in the South China Sea
Caja
2022-11-11AhnLabASEC
@online{asec:20221111:magniber:7426c1e, author = {ASEC}, title = {{Magniber Ransomware Attempts to Bypass MOTW (Mark of the Web)}}, date = {2022-11-11}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/41889/}, language = {English}, urldate = {2022-11-15} } Magniber Ransomware Attempts to Bypass MOTW (Mark of the Web)
Magniber
2022-11-10AhnLabASEC
@online{asec:20221110:penetration:d92badf, author = {ASEC}, title = {{Penetration and Distribution Method of Gwisin Attacker}}, date = {2022-11-10}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/41565/}, language = {English}, urldate = {2022-11-11} } Penetration and Distribution Method of Gwisin Attacker
Gwisin
2022-11-10ZscalerThreatLabZ research team
@online{team:20221110:rise:aebb475, author = {ThreatLabZ research team}, title = {{Rise of Banking Trojan Dropper in Google Play}}, date = {2022-11-10}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/rise-banking-trojan-dropper-google-play-0}, language = {English}, urldate = {2022-12-01} } Rise of Banking Trojan Dropper in Google Play
Xenomorph
2022-11-10IntezerNicole Fishbein
@online{fishbein:20221110:how:6b334be, author = {Nicole Fishbein}, title = {{How LNK Files Are Abused by Threat Actors}}, date = {2022-11-10}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/how-threat-actors-abuse-lnk-files/}, language = {English}, urldate = {2022-11-11} } How LNK Files Are Abused by Threat Actors
BumbleBee Emotet Mount Locker QakBot
2022-11-09Security IntelligenceJonathan Reed
@online{reed:20221109:ransomwareasaservice:751e1a8, author = {Jonathan Reed}, title = {{Ransomware-as-a-Service Transforms Gangs Into Businesses}}, date = {2022-11-09}, organization = {Security Intelligence}, url = {https://securityintelligence.com/news/eternity-gang-ransomware-as-a-service-telegram/}, language = {English}, urldate = {2022-11-11} } Ransomware-as-a-Service Transforms Gangs Into Businesses
Eternity Stealer
2022-11-09NetskopeGustavo Palazolo
@online{palazolo:20221109:blackcat:8205dee, author = {Gustavo Palazolo}, title = {{BlackCat Ransomware: Tactics and Techniques From a Targeted Attack}}, date = {2022-11-09}, organization = {Netskope}, url = {https://www.netskope.com/blog/blackcat-ransomware-tactics-and-techniques-from-a-targeted-attack}, language = {English}, urldate = {2022-11-18} } BlackCat Ransomware: Tactics and Techniques From a Targeted Attack
BlackCat ExMatter
2022-11-09Cisco TalosEdmund Brumaghin
@online{brumaghin:20221109:threat:151d926, author = {Edmund Brumaghin}, title = {{Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns}}, date = {2022-11-09}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/ipfs-abuse/}, language = {English}, urldate = {2022-11-11} } Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns
Agent Tesla
2022-11-08cybleCyble
@online{cyble:20221108:massive:0ed7213, author = {Cyble}, title = {{Massive YouTube Campaign Targeting Over 100 Applications To Deliver Info Stealer}}, date = {2022-11-08}, organization = {cyble}, url = {https://blog.cyble.com/2022/11/08/massive-youtube-campaign-targeting-over-100-applications-to-deliver-info-stealer/}, language = {English}, urldate = {2022-11-09} } Massive YouTube Campaign Targeting Over 100 Applications To Deliver Info Stealer
RecordBreaker Vidar
2022-11-07DarktraceTaisiia Garkava, Dillon Ashmore
@online{garkava:20221107:inside:43d468a, author = {Taisiia Garkava and Dillon Ashmore}, title = {{Inside the Yanluowang Leak: Organization, Members, and Tactics}}, date = {2022-11-07}, organization = {Darktrace}, url = {https://de.darktrace.com/blog/inside-the-yanluowang-leak-organization-members-and-tactics}, language = {English}, urldate = {2022-11-07} } Inside the Yanluowang Leak: Organization, Members, and Tactics
Yanluowang
2022-11-03ZscalerSudeep Singh
@online{singh:20221103:apt36:33403b8, author = {Sudeep Singh}, title = {{APT-36 Uses New TTPs and New Tools to Target Indian Governmental Organizations}}, date = {2022-11-03}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/apt-36-uses-new-ttps-and-new-tools-target-indian-governmental-organizations}, language = {English}, urldate = {2022-11-12} } APT-36 Uses New TTPs and New Tools to Target Indian Governmental Organizations
LimePad
2022-11-03SentinelOneSentinelLabs
@online{sentinellabs:20221103:black:0be02f3, author = {SentinelLabs}, title = {{Black Basta Ransomware | Attacks deploy Custom EDR Evasion Tools tied to FIN7 Threat Actor}}, date = {2022-11-03}, organization = {SentinelOne}, url = {https://assets.sentinelone.com/sentinellabs22/sentinellabs-blackbasta}, language = {English}, urldate = {2022-11-03} } Black Basta Ransomware | Attacks deploy Custom EDR Evasion Tools tied to FIN7 Threat Actor
Black Basta QakBot SocksBot
2022-11-03Sentinel LABSAntonio Cocomazzi
@online{cocomazzi:20221103:black:b0c2f05, author = {Antonio Cocomazzi}, title = {{Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor}}, date = {2022-11-03}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/}, language = {English}, urldate = {2022-11-15} } Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor
Black Basta
2022-11-03SophosGabor Szappanos
@online{szappanos:20221103:family:666a56f, author = {Gabor Szappanos}, title = {{Family Tree: DLL-Sideloading Cases May Be Related}}, date = {2022-11-03}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/11/03/family-tree-dll-sideloading-cases-may-be-related/}, language = {English}, urldate = {2022-12-02} } Family Tree: DLL-Sideloading Cases May Be Related
DARKDEW MISTCLOAK
2022-11-03paloalto Netoworks: Unit42Durgesh Sangvikar, Chris Navarrete, Matthew Tennis, Yanhui Jia, Yu Fu, Siddhart Shibiraj
@online{sangvikar:20221103:cobalt:9a81f6f, author = {Durgesh Sangvikar and Chris Navarrete and Matthew Tennis and Yanhui Jia and Yu Fu and Siddhart Shibiraj}, title = {{Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild}}, date = {2022-11-03}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-team-server/}, language = {English}, urldate = {2022-11-03} } Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild
Cobalt Strike
2022-11-03Github (chronicle)Chronicle
@online{chronicle:20221103:gcti:dc42ba8, author = {Chronicle}, title = {{GCTI Open Source Detection Signatures}}, date = {2022-11-03}, organization = {Github (chronicle)}, url = {https://github.com/chronicle/GCTI}, language = {English}, urldate = {2022-11-25} } GCTI Open Source Detection Signatures
Cobalt Strike Sliver
2022-11-02SekoiaThreat & Detection Research Team
@online{team:20221102:httpsblogsekoiaiobluefoxinformationstealertraffermaas:142012b, author = {Threat & Detection Research Team}, title = {{https://blog.sekoia.io/bluefox-information-stealer-traffer-maas/}}, date = {2022-11-02}, organization = {Sekoia}, url = {https://blog.sekoia.io/aurora-a-rising-stealer-flying-under-the-radar/}, language = {English}, urldate = {2022-11-25} } https://blog.sekoia.io/bluefox-information-stealer-traffer-maas/
Aurora Stealer BlueFox