Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-19HPPatrick Schläpfer
@online{schlpfer:20210919:mirrorblast:a81e63c, author = {Patrick Schläpfer}, title = {{MirrorBlast and TA505: Examining Similarities in Tactics, Techniques and Procedures}}, date = {2021-09-19}, organization = {HP}, url = {https://threatresearch.ext.hp.com/mirrorblast-and-ta505-examining-similarities-in-tactics-techniques-and-procedures/}, language = {English}, urldate = {2021-10-24} } MirrorBlast and TA505: Examining Similarities in Tactics, Techniques and Procedures
MirrorBlast
2021-08-10FlashpointFlashpoint
@online{flashpoint:20210810:revil:8be7760, author = {Flashpoint}, title = {{REvil Master Key for Kaseya Attack Posted to XSS}}, date = {2021-08-10}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/possible-universal-revil-master-key-posted-to-xss/}, language = {English}, urldate = {2021-08-11} } REvil Master Key for Kaseya Attack Posted to XSS
REvil
2021-07-30HPPatrick Schläpfer
@online{schlpfer:20210730:detecting:2291323, author = {Patrick Schläpfer}, title = {{Detecting TA551 domains}}, date = {2021-07-30}, organization = {HP}, url = {https://threatresearch.ext.hp.com/detecting-ta551-domains/}, language = {English}, urldate = {2021-08-02} } Detecting TA551 domains
Valak Dridex IcedID ISFB QakBot
2021-07-27FlashpointFlashpoint
@online{flashpoint:20210727:chatter:08a4080, author = {Flashpoint}, title = {{Chatter Indicates BlackMatter as REvil Successor}}, date = {2021-07-27}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/chatter-indicates-blackmatter-as-revil-successor/}, language = {English}, urldate = {2021-08-02} } Chatter Indicates BlackMatter as REvil Successor
REvil
2021-07-09SeqriteChaitanya Haritash, Nihar Deshpande, Shayak Tarafdar
@techreport{haritash:20210709:seqrite:8d36786, author = {Chaitanya Haritash and Nihar Deshpande and Shayak Tarafdar}, title = {{Seqrite uncovers second wave of Operation SideCopy targeting Indian critical infrastructure PSUs}}, date = {2021-07-09}, institution = {Seqrite}, url = {https://www.seqrite.com/documents/en/white-papers/Whitepaper-OperationSideCopy.pdf}, language = {English}, urldate = {2021-07-20} } Seqrite uncovers second wave of Operation SideCopy targeting Indian critical infrastructure PSUs
NjRAT ReverseRAT
2021-06-28HPPatrick Schläpfer
@online{schlpfer:20210628:snake:bf10d9d, author = {Patrick Schläpfer}, title = {{Snake Keylogger’s Many Skins: Analysing Code Reuse Among Infostealers}}, date = {2021-06-28}, organization = {HP}, url = {https://threatresearch.ext.hp.com/the-many-skins-of-snake-keylogger/}, language = {English}, urldate = {2021-06-29} } Snake Keylogger’s Many Skins: Analysing Code Reuse Among Infostealers
404 Keylogger Phoenix Keylogger
2021-06-15Nextron SystemsNextron Systems
@online{systems:20210615:use:d8fbd39, author = {Nextron Systems}, title = {{Use YARA math Module Extension in THOR TechPreview and THOR Lite}}, date = {2021-06-15}, organization = {Nextron Systems}, url = {https://www.nextron-systems.com/2021/06/15/use-yara-math-module-extension-in-thor-techpreview-and-thor-lite/}, language = {English}, urldate = {2021-06-21} } Use YARA math Module Extension in THOR TechPreview and THOR Lite
2021-06-04JPCERT/CCKota Kino
@online{kino:20210604:php:9178d39, author = {Kota Kino}, title = {{PHP Malware Used in Lucky Visitor Scam}}, date = {2021-06-04}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2021/06/php_malware.html}, language = {English}, urldate = {2021-06-16} } PHP Malware Used in Lucky Visitor Scam
2021-05-25Flashpoint, Chainalysis
@techreport{flashpoint:20210525:hydra:2088738, author = {Flashpoint and Chainalysis}, title = {{Hydra: Where The Crypto Money Laundering Trail Goes Dark}}, date = {2021-05-25}, institution = {}, url = {https://storage.pardot.com/272312/1621903351Nn9y2MzH/Flashpoint_Chainalysis_Hydra_Crypto_Cybercrime_Research.pdf}, language = {English}, urldate = {2021-05-26} } Hydra: Where The Crypto Money Laundering Trail Goes Dark
2021-05-21Twitter (@alberto__segura)Alberto Segura
@online{segura:20210521:flubt:4fd3961, author = {Alberto Segura}, title = {{Tweet on Flubt version 4.2 (p.php variant) with new AES strings encryption}}, date = {2021-05-21}, organization = {Twitter (@alberto__segura)}, url = {https://twitter.com/alberto__segura/status/1395675479194095618}, language = {English}, urldate = {2021-06-21} } Tweet on Flubt version 4.2 (p.php variant) with new AES strings encryption
FluBot
2021-05-13MalwarebytesJérôme Segura
@online{segura:20210513:newly:396ce52, author = {Jérôme Segura}, title = {{Newly observed PHP-based skimmer shows ongoing Magecart Group 12 activity}}, date = {2021-05-13}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2021/05/newly-observed-php-based-skimmer-shows-ongoing-magecart-group-12-activity/}, language = {English}, urldate = {2021-05-17} } Newly observed PHP-based skimmer shows ongoing Magecart Group 12 activity
magecart
2021-05-11FlashpointFlashpoint
@online{flashpoint:20210511:darkside:32c4e89, author = {Flashpoint}, title = {{DarkSide Ransomware Links to REvil Group Difficult to Dismiss}}, date = {2021-05-11}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/darkside-ransomware-links-to-revil-difficult-to-dismiss/}, language = {English}, urldate = {2021-05-13} } DarkSide Ransomware Links to REvil Group Difficult to Dismiss
DarkSide REvil
2021-04-30FlashpointFlashpoint
@online{flashpoint:20210430:second:53c20b4, author = {Flashpoint}, title = {{A Second Iranian State-Sponsored Ransomware Operation “Project Signal” Emerges}}, date = {2021-04-30}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/second-iranian-ransomware-operation-project-signal-emerges/}, language = {English}, urldate = {2021-05-03} } A Second Iranian State-Sponsored Ransomware Operation “Project Signal” Emerges
2021-04-30MADRID LabsOdin Bernstein
@online{bernstein:20210430:qbot:104bad4, author = {Odin Bernstein}, title = {{Qbot: Analyzing PHP Proxy Scripts from Compromised Web Server}}, date = {2021-04-30}, organization = {MADRID Labs}, url = {https://madlabs.dsu.edu/madrid/blog/2021/04/30/qbot-analyzing-php-proxy-scripts-from-compromised-web-server/}, language = {English}, urldate = {2021-05-08} } Qbot: Analyzing PHP Proxy Scripts from Compromised Web Server
QakBot
2021-04-14HPPatrick Schläpfer
@online{schlpfer:20210414:from:6649630, author = {Patrick Schläpfer}, title = {{From PoC to Exploit Kit: Purple Fox now exploits CVE-2021-26411}}, date = {2021-04-14}, organization = {HP}, url = {https://threatresearch.ext.hp.com/purple-fox-exploit-kit-now-exploits-cve-2021-26411/}, language = {English}, urldate = {2021-04-16} } From PoC to Exploit Kit: Purple Fox now exploits CVE-2021-26411
PurpleFox
2021-04-08HPMichael McGuire
@techreport{mcguire:20210408:nation:5ee2c5e, author = {Michael McGuire}, title = {{Nation States, Cyberconflict and the Web of Profit}}, date = {2021-04-08}, institution = {HP}, url = {https://threatresearch.ext.hp.com/wp-content/uploads/2021/04/hp-bps-web-of-profit-report_APR_2021.pdf}, language = {English}, urldate = {2021-04-12} } Nation States, Cyberconflict and the Web of Profit
2021-03-17HPHP Bromium
@techreport{bromium:20210317:threat:3aed551, author = {HP Bromium}, title = {{Threat Insights Report Q4-2020}}, date = {2021-03-17}, institution = {HP}, url = {https://threatresearch.ext.hp.com/wp-content/uploads/2021/03/HP_Bromium_Threat_Insights_Report_Q4_2020.pdf}, language = {English}, urldate = {2021-03-19} } Threat Insights Report Q4-2020
Agent Tesla BitRAT ComodoSec Dridex Emotet Ficker Stealer Formbook Zloader
2021-03-11FlashpointFlashpoint
@online{flashpoint:20210311:cl0p:666bd6f, author = {Flashpoint}, title = {{CL0P and REvil Escalate Their Ransomware Tactics}}, date = {2021-03-11}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/cl0p-and-revil-escalate-their-ransomware-tactics/}, language = {English}, urldate = {2021-03-12} } CL0P and REvil Escalate Their Ransomware Tactics
Clop REvil
2021-03-04FlashpointFlashpoint
@online{flashpoint:20210304:breaking:f6dfffc, author = {Flashpoint}, title = {{Breaking: Elite Cybercrime Forum “Maza” Breached by Unknown Attacker}}, date = {2021-03-04}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/breelite-cybercrime-forum-maza-breached-by-unknown-attacker/}, language = {English}, urldate = {2021-03-04} } Breaking: Elite Cybercrime Forum “Maza” Breached by Unknown Attacker
2021-02-23FlashpointFlashpoint
@online{flashpoint:20210223:new:4f8b993, author = {Flashpoint}, title = {{New Mysterious Operators Usurp Elite Russian Hacker Forum “Verified”}}, date = {2021-02-23}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/new-mysterious-operators-usurp-elite-russian-hacker-forum-verified/}, language = {English}, urldate = {2021-02-25} } New Mysterious Operators Usurp Elite Russian Hacker Forum “Verified”