Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-05-01Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20210501:muddywater:31657f7, author = {Marco Ramilli}, title = {{Muddywater: Binder Project}}, date = {2021-05-01}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2021/05/01/muddywater-binder-project-part-1/}, language = {English}, urldate = {2021-05-17} } Muddywater: Binder Project
2021-04-23GuidePoint SecurityDrew Schmitt
@online{schmitt:20210423:mount:ccc9271, author = {Drew Schmitt}, title = {{Mount Locker Ransomware Steps up Counter-IR Capabilities, Hindering Efforts for Detection, Response and Investigation}}, date = {2021-04-23}, organization = {GuidePoint Security}, url = {https://www.guidepointsecurity.com/mount-locker-ransomware-steps-up-counter-ir-capabilities/}, language = {English}, urldate = {2021-04-28} } Mount Locker Ransomware Steps up Counter-IR Capabilities, Hindering Efforts for Detection, Response and Investigation
Mount Locker
2021-04-14ZscalerRohit Chaturvedi, Atinderpal Singh, Tarun Dewan
@online{chaturvedi:20210414:look:02bf1e0, author = {Rohit Chaturvedi and Atinderpal Singh and Tarun Dewan}, title = {{A look at HydroJiin campaign}}, date = {2021-04-14}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/look-hydrojiin-campaign}, language = {English}, urldate = {2021-04-16} } A look at HydroJiin campaign
NetWire RC Quasar RAT
2021-04-12KnownsecKnownsec
@online{knownsec:20210412:sidewinders:30d5f41, author = {Knownsec}, title = {{APT SideWinder's latest attack on a certain region in South Asia}}, date = {2021-04-12}, organization = {Knownsec}, url = {https://www.freebuf.com/articles/network/269251.html}, language = {Chinese}, urldate = {2021-04-14} } APT SideWinder's latest attack on a certain region in South Asia
2021-04-12IndeChris Campbell
@online{campbell:20210412:different:ea9739f, author = {Chris Campbell}, title = {{A Different Kind of Zoombomb}}, date = {2021-04-12}, organization = {Inde}, url = {https://www.inde.nz/blog/different-kind-of-zoombomb}, language = {English}, urldate = {2022-04-29} } A Different Kind of Zoombomb
Cobalt Strike
2021-03-08DeepEnd REsearchDeepEnd Research
@online{research:20210308:renewed:e3a9842, author = {DeepEnd Research}, title = {{Renewed SideWinder Activity in South Asia}}, date = {2021-03-08}, organization = {DeepEnd REsearch}, url = {http://www.deependresearch.org/2021/03/renewed-sidewinder-activity-in-south.html}, language = {English}, urldate = {2021-03-11} } Renewed SideWinder Activity in South Asia
2021-03-04MicrosoftRamin Nafisi, Andrea Lelli, Microsoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{nafisi:20210304:goldmax:3fa3f68, author = {Ramin Nafisi and Andrea Lelli and Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence}}, date = {2021-03-04}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware}, language = {English}, urldate = {2021-03-06} } GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
SUNBURST TEARDROP UNC2452
2021-03-04MicrosoftRamin Nafisi, Andrea Lelli
@online{nafisi:20210304:goldmax:f699172, author = {Ramin Nafisi and Andrea Lelli}, title = {{GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence}}, date = {2021-03-04}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/}, language = {English}, urldate = {2021-03-07} } GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
GoldMax
2021-03-04MalpediaMalpedia
@online{malpedia:20210304:malpedia:b8ffad2, author = {Malpedia}, title = {{Malpedia Page for family Sidewinder}}, date = {2021-03-04}, organization = {Malpedia}, url = {https://malpedia.caad.fkie.fraunhofer.de/details/win.sidewinder}, language = {English}, urldate = {2021-03-12} } Malpedia Page for family Sidewinder
SideWinder
2021-02-24IBMIBM SECURITY X-FORCE
@online{xforce:20210224:xforce:ac9a90e, author = {IBM SECURITY X-FORCE}, title = {{X-Force Threat Intelligence Index 2021}}, date = {2021-02-24}, organization = {IBM}, url = {https://ibm.ent.box.com/s/hs5pcayhbbhjvj8di5sqdpbbd88tsh89}, language = {English}, urldate = {2021-03-02} } X-Force Threat Intelligence Index 2021
Emotet QakBot Ramnit REvil TrickBot
2021-01-13AlienVaultTom Hegel
@techreport{hegel:20210113:global:72b7b9d, author = {Tom Hegel}, title = {{A Global Perspective of the SideWinder APT}}, date = {2021-01-13}, institution = {AlienVault}, url = {https://cdn-cybersecurity.att.com/docs/global-perspective-of-the-sidewinder-apt.pdf}, language = {English}, urldate = {2021-01-18} } A Global Perspective of the SideWinder APT
8.t Dropper Koadic SideWinder
2020-12-09Trend MicroJoseph C Chen, Jaromír Hořejší, Ecular Xu
@online{chen:20201209:sidewinder:a454abd, author = {Joseph C Chen and Jaromír Hořejší and Ecular Xu}, title = {{SideWinder Leverages South Asian Territorial Issues for Spear Phishing and Mobile Device Attacks}}, date = {2020-12-09}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/20/l/sidewinder-leverages-south-asian-territorial-issues-for-spear-ph.html}, language = {English}, urldate = {2020-12-10} } SideWinder Leverages South Asian Territorial Issues for Spear Phishing and Mobile Device Attacks
Meterpreter SideWinder RAZOR TIGER
2020-12-09AlienVault OTXAlienVault
@online{alienvault:20201209:sidewinder:65e0781, author = {AlienVault}, title = {{SideWinder APT South Asian Territorial Themed Spear Phishing and Mobile Device Attacks}}, date = {2020-12-09}, organization = {AlienVault OTX}, url = {https://otx.alienvault.com/pulse/5fd10760f9afb730d37c4742/}, language = {English}, urldate = {2021-03-12} } SideWinder APT South Asian Territorial Themed Spear Phishing and Mobile Device Attacks
SideWinder RAZOR TIGER
2020-12-04IndeChris Campbell
@online{campbell:20201204:inside:9f2f036, author = {Chris Campbell}, title = {{Inside a .NET Stealer: AgentTesla}}, date = {2020-12-04}, organization = {Inde}, url = {https://www.inde.nz/blog/inside-agenttesla}, language = {English}, urldate = {2022-04-29} } Inside a .NET Stealer: AgentTesla
Agent Tesla
2020-11-18SeqritePriyanka Shinde
@online{shinde:20201118:thanos:4a211b9, author = {Priyanka Shinde}, title = {{Thanos Ransomware Evading Anti-ransomware Protection With RIPlace Tactic}}, date = {2020-11-18}, organization = {Seqrite}, url = {https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/}, language = {English}, urldate = {2021-01-01} } Thanos Ransomware Evading Anti-ransomware Protection With RIPlace Tactic
Hakbit
2020-09-30FBIFBI
@online{fbi:20200930:alert:cc6c032, author = {FBI}, title = {{Alert Number I-093020-PSA: Distributed Denial of Service Attacks Could Hinder Access to Voting Information, Would Not Prevent Voting}}, date = {2020-09-30}, organization = {FBI}, url = {https://www.ic3.gov/media/2020/200930.aspx}, language = {English}, urldate = {2020-10-05} } Alert Number I-093020-PSA: Distributed Denial of Service Attacks Could Hinder Access to Voting Information, Would Not Prevent Voting
2020-09-29ZscalerMohd Sadique, Atinderpal Singh
@online{sadique:20200929:spear:de79be6, author = {Mohd Sadique and Atinderpal Singh}, title = {{Spear Phishing Campaign Delivers Buer and Bazar Malware}}, date = {2020-09-29}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/research/spear-phishing-campaign-delivers-buer-and-bazar-malware}, language = {English}, urldate = {2020-10-15} } Spear Phishing Campaign Delivers Buer and Bazar Malware
BazarBackdoor Buer
2020-08-31IndeChris Campbell
@online{campbell:20200831:analysis:33c982e, author = {Chris Campbell}, title = {{Analysis of the latest wave of Emotet malicious documents}}, date = {2020-08-31}, organization = {Inde}, url = {https://www.inde.nz/blog/analysis-of-the-latest-wave-of-emotet-malicious-documents}, language = {English}, urldate = {2022-04-29} } Analysis of the latest wave of Emotet malicious documents
Emotet
2020-06-19ZscalerAtinderpal Singh, Nirmal Singh, Sahil Antil
@online{singh:20200619:targeted:05d8d31, author = {Atinderpal Singh and Nirmal Singh and Sahil Antil}, title = {{Targeted Attack Leverages India-China Border Dispute to Lure Victims}}, date = {2020-06-19}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/research/targeted-attack-leverages-india-china-border-dispute-lure-victims}, language = {English}, urldate = {2020-06-21} } Targeted Attack Leverages India-China Border Dispute to Lure Victims
Cobalt Strike
2020-06-11ZscalerSudeep Singh, Atinderpal Singh
@online{singh:20200611:return:3a58e44, author = {Sudeep Singh and Atinderpal Singh}, title = {{The Return of the Higaisa APT}}, date = {2020-06-11}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/research/return-higaisa-apt}, language = {English}, urldate = {2020-06-12} } The Return of the Higaisa APT
Unidentified 076 (Higaisa LNK to Shellcode)