Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-05ARMORArmor
@online{armor:20220105:threat:178f0e9, author = {Armor}, title = {{Threat Intelligence Report: The Evolution of Doppel Spider from BitPaymer to Grief Ransomware}}, date = {2022-01-05}, organization = {ARMOR}, url = {https://www.armor.com/resources/threat-intelligence/the-evolution-of-doppel-spider-from-bitpaymer-to-grief-ransomware/}, language = {English}, urldate = {2022-01-12} } Threat Intelligence Report: The Evolution of Doppel Spider from BitPaymer to Grief Ransomware
DoppelPaymer FriedEx
2022-01-05SYGNIAAmnon Kushnir, Noam Lifshitz, Yoav Mazor, Oren Biderman, Boaz Wasserman, Itay Shohat, Arie Zilberstein
@online{kushnir:20220105:elephant:1bbf7d7, author = {Amnon Kushnir and Noam Lifshitz and Yoav Mazor and Oren Biderman and Boaz Wasserman and Itay Shohat and Arie Zilberstein}, title = {{Elephant Beetle: Uncovering an Organized Financial-Theft Operation}}, date = {2022-01-05}, organization = {SYGNIA}, url = {https://blog.sygnia.co/elephant-beetle-an-organized-financial-theft-operation}, language = {English}, urldate = {2022-01-06} } Elephant Beetle: Uncovering an Organized Financial-Theft Operation
2022-01-05Check PointGolan Cohen
@online{cohen:20220105:can:6a1ef46, author = {Golan Cohen}, title = {{Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk}}, date = {2022-01-05}, organization = {Check Point}, url = {https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/}, language = {English}, urldate = {2022-01-18} } Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk
Zloader
2022-01-03MinervaLabsNatalie Zargarov
@online{zargarov:20220103:malicious:23d7ba8, author = {Natalie Zargarov}, title = {{Malicious Telegram Installer Drops Purple Fox Rootkit}}, date = {2022-01-03}, organization = {MinervaLabs}, url = {https://blog.minerva-labs.com/malicious-telegram-installer-drops-purple-fox-rootkit}, language = {English}, urldate = {2022-01-06} } Malicious Telegram Installer Drops Purple Fox Rootkit
win.purplefox
2021-12-31CERT.PLMarcin Dudek, Michał Praszmo
@online{dudek:20211231:iko:bd137c3, author = {Marcin Dudek and Michał Praszmo}, title = {{IKO activation - Malware campaign}}, date = {2021-12-31}, organization = {CERT.PL}, url = {https://cert.pl/posts/2021/12/aktywacja-aplikacji-iko/}, language = {Polish}, urldate = {2022-01-05} } IKO activation - Malware campaign
Coper
2021-12-30GovInfo SecurityMathew J. Schwartz
@online{schwartz:20211230:vice:70dac62, author = {Mathew J. Schwartz}, title = {{Vice Society: Ransomware Gang Disrupted Spar Stores}}, date = {2021-12-30}, organization = {GovInfo Security}, url = {https://www.govinfosecurity.com/vice-society-ransomware-gang-disrupted-spar-stores-a-18225}, language = {English}, urldate = {2022-01-03} } Vice Society: Ransomware Gang Disrupted Spar Stores
HelloKitty
2021-12-30InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20211230:agent:2b24ea4, author = {Brad Duncan}, title = {{Agent Tesla Updates SMTP Data Exfiltration Technique}}, date = {2021-12-30}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28190}, language = {English}, urldate = {2022-01-03} } Agent Tesla Updates SMTP Data Exfiltration Technique
Agent Tesla
2021-12-29CrowdStrikeBenjamin Wiley, Falcon OverWatch Team
@online{wiley:20211229:overwatch:35d7dee, author = {Benjamin Wiley and Falcon OverWatch Team}, title = {{OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt}}, date = {2021-12-29}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools/}, language = {English}, urldate = {2021-12-31} } OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt
Cobalt Strike AQUATIC PANDA
2021-12-29Palo Alto Networks Unit 42Zhanhao Chen, Daiping Liu, Wanjin Li, Jielong Xu
@online{chen:20211229:strategically:0d2fa74, author = {Zhanhao Chen and Daiping Liu and Wanjin Li and Jielong Xu}, title = {{Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends}}, date = {2021-12-29}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/strategically-aged-domain-detection/}, language = {English}, urldate = {2022-01-05} } Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends
Chrysaor SUNBURST
2021-12-29AquaNitzan Yaakov
@online{yaakov:20211229:threat:358d40a, author = {Nitzan Yaakov}, title = {{Threat Alert: Evolving Attack Techniques of Autom Cryptomining Campaign}}, date = {2021-12-29}, organization = {Aqua}, url = {https://blog.aquasec.com/attack-techniques-autom-cryptomining-campaign}, language = {English}, urldate = {2021-12-31} } Threat Alert: Evolving Attack Techniques of Autom Cryptomining Campaign
2021-12-29Github (jeFF0Falltrades)Jeff Archer
@online{archer:20211229:asyncrat:4b7c4d9, author = {Jeff Archer}, title = {{AsyncRAT Configuration Parser}}, date = {2021-12-29}, organization = {Github (jeFF0Falltrades)}, url = {https://github.com/jeFF0Falltrades/Tutorials/tree/master/asyncrat_config_parser}, language = {English}, urldate = {2021-12-31} } AsyncRAT Configuration Parser
AsyncRAT
2021-12-29Nikkei AsiaRyoma Kashiwagi
@online{kashiwagi:20211229:japan:b5d1e71, author = {Ryoma Kashiwagi}, title = {{Japan aerospace cyberattacks show link to Chinese military: police (PLA Unit 61419)}}, date = {2021-12-29}, organization = {Nikkei Asia}, url = {https://asia.nikkei.com/Business/Technology/Japan-aerospace-cyberattacks-show-link-to-Chinese-military-police}, language = {English}, urldate = {2021-12-31} } Japan aerospace cyberattacks show link to Chinese military: police (PLA Unit 61419)
2021-12-28CyStackTrung Nguyen, Son Nguyen, Chau Ha, Chau Nguyen, Khoi Vu, Duong Tran
@online{nguyen:20211228:attack:3bd88b5, author = {Trung Nguyen and Son Nguyen and Chau Ha and Chau Nguyen and Khoi Vu and Duong Tran}, title = {{The attack on ONUS – A real-life case of the Log4Shell vulnerability}}, date = {2021-12-28}, organization = {CyStack}, url = {https://cystack.net/research/the-attack-on-onus-a-real-life-case-of-the-log4shell-vulnerability}, language = {English}, urldate = {2022-01-05} } The attack on ONUS – A real-life case of the Log4Shell vulnerability
2021-12-28MIT Technology ReviewPatrick Howell O'Neill
@online{oneill:20211228:hackerforhire:b07ecab, author = {Patrick Howell O'Neill}, title = {{The hacker-for-hire industry is now too big to fail}}, date = {2021-12-28}, organization = {MIT Technology Review}, url = {https://www.technologyreview.com/2021/12/28/1043029/the-hacker-for-hire-industry-is-now-too-big-to-fail/}, language = {English}, urldate = {2021-12-31} } The hacker-for-hire industry is now too big to fail
2021-12-28Padvish Threats DatabasePadvish Threats Database
@online{database:20211228:implantarmilobleeda:3e30a84, author = {Padvish Threats Database}, title = {{Implant.ARM.iLOBleed.a}}, date = {2021-12-28}, organization = {Padvish Threats Database}, url = {https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/}, language = {English}, urldate = {2022-01-03} } Implant.ARM.iLOBleed.a
2021-12-28Morphus LabsRenato Marinho
@online{marinho:20211228:attackers:48320eb, author = {Renato Marinho}, title = {{Attackers are abusing MSBuild to evade defenses and implant Cobalt Strike beacons}}, date = {2021-12-28}, organization = {Morphus Labs}, url = {https://morphuslabs.com/attackers-are-abusing-msbuild-to-evade-defenses-and-implant-cobalt-strike-beacons-edac4ab84f42}, language = {English}, urldate = {2021-12-31} } Attackers are abusing MSBuild to evade defenses and implant Cobalt Strike beacons
Cobalt Strike
2021-12-28The RecordCatalin Cimpanu
@online{cimpanu:20211228:iranian:0d0f5b0, author = {Catalin Cimpanu}, title = {{Iranian hackers behind Cox Media Group ransomware attack (DEV-0270)}}, date = {2021-12-28}, organization = {The Record}, url = {https://therecord.media/iranian-hackers-behind-cox-media-group-ransomware-attack/}, language = {English}, urldate = {2021-12-31} } Iranian hackers behind Cox Media Group ransomware attack (DEV-0270)
SamSam
2021-12-28CrowdStrikeTimo Kreuzer, Yarden Shafir, satoshi tanda, Blair Foster
@online{kreuzer:20211228:crowdstrike:32ba306, author = {Timo Kreuzer and Yarden Shafir and satoshi tanda and Blair Foster}, title = {{CrowdStrike Strengthens Exploit Protection Using Intel CPU Telemetry}}, date = {2021-12-28}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/introducing-falcon-hardware-enhanced-exploit-detection/}, language = {English}, urldate = {2022-01-03} } CrowdStrike Strengthens Exploit Protection Using Intel CPU Telemetry
2021-12-27Checkpoint Research
@online{research:20211227:deep:c94d67d, author = {Checkpoint Research}, title = {{A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard}}, date = {2021-12-27}, url = {https://research.checkpoint.com/2021/a-deep-dive-into-doublefeature-equation-groups-post-exploitation-dashboard/}, language = {English}, urldate = {2022-01-05} } A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard
Equationgroup (Sorting) Fanny MISTYVEAL PeddleCheap
2021-12-22ThreatrayMarkel Picado Ortiz
@techreport{ortiz:20211222:establishing:41e5885, author = {Markel Picado Ortiz}, title = {{Establishing the TigerRAT and TigerDownloader Malware Families}}, date = {2021-12-22}, institution = {Threatray}, url = {https://threatray.com/wp-content/uploads/2021/12/threatray-establishing-the-tigerrat-and-tigerdownloader-malware-families.pdf}, language = {English}, urldate = {2021-12-31} } Establishing the TigerRAT and TigerDownloader Malware Families
Tiger RAT