Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-09-07GoogleClement Lecigne, Maddie Stone, Google Threat Analysis Group
@online{lecigne:20230907:active:d42dacb, author = {Clement Lecigne and Maddie Stone and Google Threat Analysis Group}, title = {{Active North Korean campaign targeting security researchers}}, date = {2023-09-07}, organization = {Google}, url = {https://blog.google/threat-analysis-group/active-north-korean-campaign-targeting-security-researchers/}, language = {English}, urldate = {2023-09-08} } Active North Korean campaign targeting security researchers
2023-09-07Silent PushSilent Push
@online{push:20230907:from:455edff, author = {Silent Push}, title = {{'From Russia with a 71': Uncovering Gamaredon's fast flux infrastructure. New apex domains and ASN/IP diversity patterns discovered}}, date = {2023-09-07}, organization = {Silent Push}, url = {https://www.silentpush.com/blog/from-russia-with-a-71}, language = {English}, urldate = {2023-09-08} } 'From Russia with a 71': Uncovering Gamaredon's fast flux infrastructure. New apex domains and ASN/IP diversity patterns discovered
2023-09-07Department of JusticeOffice of Public Affairs
@online{affairs:20230907:multiple:8952f60, author = {Office of Public Affairs}, title = {{Multiple Foreign Nationals Charged in Connection with Trickbot Malware and Conti Ransomware Conspiracies}}, date = {2023-09-07}, organization = {Department of Justice}, url = {https://www.justice.gov/opa/pr/multiple-foreign-nationals-charged-connection-trickbot-malware-and-conti-ransomware}, language = {English}, urldate = {2023-09-08} } Multiple Foreign Nationals Charged in Connection with Trickbot Malware and Conti Ransomware Conspiracies
Conti Conti TrickBot
2023-09-07SekoiaJamila B.
@online{b:20230907:my:de66f96, author = {Jamila B.}, title = {{My Tea’s not cold. An overview of China’s cyber threat}}, date = {2023-09-07}, organization = {Sekoia}, url = {https://blog.sekoia.io/my-teas-not-cold-an-overview-of-china-cyber-threat/}, language = {English}, urldate = {2023-09-08} } My Tea’s not cold. An overview of China’s cyber threat
Melofee PingPull SoWaT Sword2033 MgBot MQsTTang PlugX TONESHELL
2023-09-07MicrosoftClint Watts
@online{watts:20230907:china:1b6c403, author = {Clint Watts}, title = {{China, North Korea pursue new targets while honing cyber capabilities}}, date = {2023-09-07}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2023/09/07/digital-threats-cyberattacks-east-asia-china-north-korea/}, language = {English}, urldate = {2023-09-08} } China, North Korea pursue new targets while honing cyber capabilities
2023-09-06MicrosoftMicrosoft Security Response Center (MSRC)
@online{msrc:20230906:results:7ed992f, author = {Microsoft Security Response Center (MSRC)}, title = {{Results of Major Technical Investigations for Storm-0558 Key Acquisition}}, date = {2023-09-06}, organization = {Microsoft}, url = {https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition}, language = {English}, urldate = {2023-09-11} } Results of Major Technical Investigations for Storm-0558 Key Acquisition
2023-09-06TRUESECJakob Nordenlund
@online{nordenlund:20230906:darkgate:cbe3f9b, author = {Jakob Nordenlund}, title = {{DarkGate Loader Malware Delivered via Microsoft Teams}}, date = {2023-09-06}, organization = {TRUESEC}, url = {https://www.truesec.com/hub/blog/darkgate-loader-delivered-via-teams}, language = {English}, urldate = {2023-09-08} } DarkGate Loader Malware Delivered via Microsoft Teams
DarkGate
2023-09-05AhnLabSanseo
@online{sanseo:20230905:blueshell:da706ff, author = {Sanseo}, title = {{BlueShell malware used in APT attacks targeting Korea and Thailand}}, date = {2023-09-05}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/56715/}, language = {Korean}, urldate = {2023-09-07} } BlueShell malware used in APT attacks targeting Korea and Thailand
BlueShell SparkRAT
2023-09-04AhnLabSanseo
@online{sanseo:20230904:chm:0194a5a, author = {Sanseo}, title = {{CHM Malware Using Fukushima Contaminated Water Discharge: RedEyes (ScarCruft)}}, date = {2023-09-04}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/56654/}, language = {English}, urldate = {2023-09-07} } CHM Malware Using Fukushima Contaminated Water Discharge: RedEyes (ScarCruft)
2023-09-04Baltic News NetworkBNN,
@online{bnn:20230904:certlv:bfc1b15, author = {BNN and }, title = {{Cert.lv: activist groups supported by Russia perform cyber attacks on Latvian state institutions}}, date = {2023-09-04}, organization = {Baltic News Network}, url = {https://bnn-news.com/cert-lv-activist-groups-supported-by-russia-perform-cyber-attacks-on-latvian-state-institutions-249022}, language = {English}, urldate = {2023-09-06} } Cert.lv: activist groups supported by Russia perform cyber attacks on Latvian state institutions
2023-09-04Cert-UACert-UA
@online{certua:20230904:apt28:5db5c7c, author = {Cert-UA}, title = {{APT28 cyberattack: msedge as a bootloader, TOR and mockbin.org/website.hook services as a control center (CERT-UA#7469)}}, date = {2023-09-04}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/5702579}, language = {Ukrainian}, urldate = {2023-09-07} } APT28 cyberattack: msedge as a bootloader, TOR and mockbin.org/website.hook services as a control center (CERT-UA#7469)
2023-09-04Github (muha2xmad)Muhammad Hasan Ali
@online{ali:20230904:deep:26611fe, author = {Muhammad Hasan Ali}, title = {{A deep dive into DCRAT/DarkCrystalRAT malware}}, date = {2023-09-04}, organization = {Github (muha2xmad)}, url = {https://muha2xmad.github.io/malware-analysis/dcrat/}, language = {English}, urldate = {2023-09-04} } A deep dive into DCRAT/DarkCrystalRAT malware
DCRat
2023-09-01AhnLabYe Eun
@online{eun:20230901:malicious:612f451, author = {Ye Eun}, title = {{Malicious LNK that distributes backdoors: RedEyes (ScarCruft)}}, date = {2023-09-01}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/56526/}, language = {Korean}, urldate = {2023-09-07} } Malicious LNK that distributes backdoors: RedEyes (ScarCruft)
2023-09-01MicrosoftMicrosoft Threat Analysis Center (MTAC)
@techreport{mtac:20230901:russias:76e3f04, author = {Microsoft Threat Analysis Center (MTAC)}, title = {{Russia’s influence networks in Sahel activated after coups}}, date = {2023-09-01}, institution = {Microsoft}, url = {https://blogs.microsoft.com/wp-content/uploads/prod/sites/5/2023/09/Sahel-Gabon-Coup-Playbook-PDF.pdf}, language = {English}, urldate = {2023-09-08} } Russia’s influence networks in Sahel activated after coups
2023-08-31AhnLabSanseo
@online{sanseo:20230831:analysis:c771be9, author = {Sanseo}, title = {{Analysis of Andariel’s New Attack Activities}}, date = {2023-08-31}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/56405/}, language = {English}, urldate = {2023-09-01} } Analysis of Andariel’s New Attack Activities
Andardoor BlackRemote Tiger RAT Volgmer
2023-08-31SystemErrorOvi Liber
@online{liber:20230831:reverse:d51cedc, author = {Ovi Liber}, title = {{Reverse engineering SuperBear RAT}}, date = {2023-08-31}, organization = {SystemError}, url = {https://0x0v1.com/posts/superbear/superbear/}, language = {English}, urldate = {2023-09-04} } Reverse engineering SuperBear RAT
SuperBear RAT
2023-08-31Rapid7 LabsNatalie Zargarov, Thomas Elkins, Evan McCann, Tyler McGraw
@online{zargarov:20230831:fake:4b8ef57, author = {Natalie Zargarov and Thomas Elkins and Evan McCann and Tyler McGraw}, title = {{Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers}}, date = {2023-08-31}, organization = {Rapid7 Labs}, url = {https://www.rapid7.com/blog/post/2023/08/31/fake-update-utilizes-new-idat-loader-to-execute-stealc-and-lumma-infostealers/}, language = {English}, urldate = {2023-09-04} } Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers
FAKEUPDATES Amadey IDAT Loader Lumma Stealer SectopRAT
2023-08-31Cisco TalosEdmund Brumaghin
@online{brumaghin:20230831:sapphirestealer:59b335d, author = {Edmund Brumaghin}, title = {{SapphireStealer: Open-source information stealer enables credential and data theft}}, date = {2023-08-31}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/sapphirestealer-goes-open-source/}, language = {English}, urldate = {2023-09-01} } SapphireStealer: Open-source information stealer enables credential and data theft
2023-08-31Cyber GeeksCyberMasterV
@online{cybermasterv:20230831:deep:94c25e1, author = {CyberMasterV}, title = {{A Deep Dive into Brute Ratel C4 Payloads}}, date = {2023-08-31}, organization = {Cyber Geeks}, url = {https://cybergeeks.tech/a-deep-dive-into-brute-ratel-c4-payloads/}, language = {English}, urldate = {2023-09-04} } A Deep Dive into Brute Ratel C4 Payloads
Brute Ratel C4
2023-08-31Checkpointhasherezade
@online{hasherezade:20230831:from:dbe4160, author = {hasherezade}, title = {{From Hidden Bee to Rhadamanthys - The Evolution of Custom Executable Formats}}, date = {2023-08-31}, organization = {Checkpoint}, url = {https://research.checkpoint.com/2023/from-hidden-bee-to-rhadamanthys-the-evolution-of-custom-executable-formats/}, language = {English}, urldate = {2023-09-01} } From Hidden Bee to Rhadamanthys - The Evolution of Custom Executable Formats
Hidden Bee Rhadamanthys