Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-03-09Security JoesFelipe Duarte, Ido Naor
@techreport{duarte:20220309:sockbot:a9095cc, author = {Felipe Duarte and Ido Naor}, title = {{Sockbot in GoLand}}, date = {2022-03-09}, institution = {Security Joes}, url = {https://secjoes-reports.s3.eu-central-1.amazonaws.com/Sockbot%2Bin%2BGoLand.pdf}, language = {English}, urldate = {2022-03-10} } Sockbot in GoLand
lsassDumper Sockbot
2022-03-07ElasticDaniel Stepanic, Derek Ditch, Joe Desimone, Cyril François, Github (@1337-42), Samir Bousseaden, Andrew Pease
@online{stepanic:20220307:phoreal:f982397, author = {Daniel Stepanic and Derek Ditch and Joe Desimone and Cyril François and Github (@1337-42) and Samir Bousseaden and Andrew Pease}, title = {{PHOREAL Malware Targets the Southeast Asian Financial Sector}}, date = {2022-03-07}, organization = {Elastic}, url = {https://elastic.github.io/security-research/intelligence/2022/03/02.phoreal-targets-southeast-asia-financial-sector/article/}, language = {English}, urldate = {2022-03-08} } PHOREAL Malware Targets the Southeast Asian Financial Sector
PHOREAL
2022-02-25CyberScoopJoe Warminsky
@online{warminsky:20220225:trickbot:2d38470, author = {Joe Warminsky}, title = {{TrickBot malware suddenly got quiet, researchers say, but it's hardly the end for its operators}}, date = {2022-02-25}, organization = {CyberScoop}, url = {https://www.cyberscoop.com/trickbot-shutdown-conti-emotet/}, language = {English}, urldate = {2022-03-01} } TrickBot malware suddenly got quiet, researchers say, but it's hardly the end for its operators
BazarBackdoor Emotet TrickBot
2022-02-18ReutersJoel Schectman, Christopher Bing
@online{schectman:20220218:how:5e6b66c, author = {Joel Schectman and Christopher Bing}, title = {{How a Saudi woman's iPhone revealed hacking around the world}}, date = {2022-02-18}, organization = {Reuters}, url = {https://www.reuters.com/technology/how-saudi-womans-iphone-revealed-hacking-around-world-2022-02-17/}, language = {English}, urldate = {2022-02-19} } How a Saudi woman's iPhone revealed hacking around the world
Chrysaor
2022-02-15ProofpointSelena Larson, Joe Wise
@online{larson:20220215:charting:0205206, author = {Selena Larson and Joe Wise}, title = {{Charting TA2541's Flight}}, date = {2022-02-15}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight}, language = {English}, urldate = {2022-02-16} } Charting TA2541's Flight
AsyncRAT TA2541
2022-01-27GigamonJoe Slowik
@online{slowik:20220127:focusing:5b47208, author = {Joe Slowik}, title = {{Focusing on “Left of Boom”}}, date = {2022-01-27}, organization = {Gigamon}, url = {https://blog.gigamon.com/2022/01/28/focusing-on-left-of-boom/}, language = {English}, urldate = {2022-02-02} } Focusing on “Left of Boom”
WhisperGate
2022-01-19ElasticDaniel Stepanic, Samir Bousseaden, James Spiteri, Joe Desimone, Mark Mager, Andrew Pease
@online{stepanic:20220119:operation:c81f473, author = {Daniel Stepanic and Samir Bousseaden and James Spiteri and Joe Desimone and Mark Mager and Andrew Pease}, title = {{Operation Bleeding Bear}}, date = {2022-01-19}, organization = {Elastic}, url = {https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/}, language = {English}, urldate = {2022-01-24} } Operation Bleeding Bear
WhisperGate
2022-01-19ElasticDaniel Stepanic, James Spiteri, Joe Desimone, Mark Mager, Andrew Pease
@online{stepanic:20220119:operation:95a5975, author = {Daniel Stepanic and James Spiteri and Joe Desimone and Mark Mager and Andrew Pease}, title = {{Operation Bleeding Bear}}, date = {2022-01-19}, organization = {Elastic}, url = {https://www.elastic.co/fr/security-labs/operation-bleeding-bear}, language = {English}, urldate = {2023-01-05} } Operation Bleeding Bear
WhisperGate
2021-12-30Stranded on Pylos BlogJoe Slowik
@online{slowik:20211230:lights:65d52c9, author = {Joe Slowik}, title = {{Lights Out in Isfahan}}, date = {2021-12-30}, organization = {Stranded on Pylos Blog}, url = {https://pylos.co/2021/12/30/lights-out-in-isfahan/}, language = {English}, urldate = {2022-01-25} } Lights Out in Isfahan
2021-12-23ElasticJoe Desimone, Samir Bousseaden
@online{desimone:20211223:elastic:0e1caf7, author = {Joe Desimone and Samir Bousseaden}, title = {{Elastic Security uncovers BLISTER malware campaign}}, date = {2021-12-23}, organization = {Elastic}, url = {https://www.elastic.co/blog/elastic-security-uncovers-blister-malware-campaign}, language = {English}, urldate = {2021-12-23} } Elastic Security uncovers BLISTER malware campaign
Blister
2021-12-21GigamonJoe Slowik
@online{slowik:20211221:log:c950f86, author = {Joe Slowik}, title = {{The Log Keeps Rolling On: Evaluating Log4j Developments and Defensive Requirements}}, date = {2021-12-21}, organization = {Gigamon}, url = {https://blog.gigamon.com/2021/12/21/the-log-keeps-rolling-on-evaluating-log4j-developments-and-defensive-requirements/}, language = {English}, urldate = {2022-02-10} } The Log Keeps Rolling On: Evaluating Log4j Developments and Defensive Requirements
2021-12-14GigamonJoe Slowik
@online{slowik:20211214:network:0d17ac7, author = {Joe Slowik}, title = {{Network Security Monitoring Opportunities and Best Practices for Log4j Defense}}, date = {2021-12-14}, organization = {Gigamon}, url = {https://blog.gigamon.com/2021/12/14/network-security-monitoring-opportunities-and-best-practices-for-log4j-defense/}, language = {English}, urldate = {2022-02-10} } Network Security Monitoring Opportunities and Best Practices for Log4j Defense
2021-11-17BBCJoe Tidy
@online{tidy:20211117:evil:bbce2b5, author = {Joe Tidy}, title = {{Evil Corp: 'My hunt for the world's most wanted hackers'}}, date = {2021-11-17}, organization = {BBC}, url = {https://www.bbc.com/news/technology-59297187}, language = {English}, urldate = {2021-11-18} } Evil Corp: 'My hunt for the world's most wanted hackers'
REvil REvil
2021-11-16IronNetIronNet Threat Research, Morgan Demboski, Joey Fitzpatrick, Peter Rydzynski
@online{research:20211116:how:d7fdaf8, author = {IronNet Threat Research and Morgan Demboski and Joey Fitzpatrick and Peter Rydzynski}, title = {{How IronNet's Behavioral Analytics Detect REvil and Conti Ransomware}}, date = {2021-11-16}, organization = {IronNet}, url = {https://www.ironnet.com/blog/ransomware-graphic-blog}, language = {English}, urldate = {2021-11-25} } How IronNet's Behavioral Analytics Detect REvil and Conti Ransomware
Cobalt Strike Conti IcedID REvil
2021-11-04Youtube (Virus Bulletin)Yi-Jhen Hsieh, Joey Chen
@online{hsieh:20211104:shadowpad:8dbd5c7, author = {Yi-Jhen Hsieh and Joey Chen}, title = {{ShadowPad: the masterpiece of privately sold malware in Chinese espionage}}, date = {2021-11-04}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=r1zAVX_HnJg}, language = {English}, urldate = {2022-08-08} } ShadowPad: the masterpiece of privately sold malware in Chinese espionage
PlugX ShadowPad
2021-10-27ProofpointSelena Larson, Joe Wise
@online{larson:20211027:new:0d80a57, author = {Selena Larson and Joe Wise}, title = {{New Threat Actor Spoofs Philippine Government, COVID-19 Health Data in Widespread RAT Campaigns}}, date = {2021-10-27}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/new-threat-actor-spoofs-philippine-government-covid-19-health-data-widespread}, language = {English}, urldate = {2021-11-03} } New Threat Actor Spoofs Philippine Government, COVID-19 Health Data in Widespread RAT Campaigns
Nanocore RAT Remcos
2021-10-25GigamonJoe Slowik
@online{slowik:20211025:bear:ea7ac23, author = {Joe Slowik}, title = {{Bear in the Net: A Network-Focused Perspective on Berserk Bear}}, date = {2021-10-25}, organization = {Gigamon}, url = {https://blog.gigamon.com/2021/10/25/bear-in-the-net-a-network-focused-perspective-on-berserk-bear/}, language = {English}, urldate = {2022-02-10} } Bear in the Net: A Network-Focused Perspective on Berserk Bear
2021-10-12IronNetBrett Fitzpatrick, Joey Fitzpatrick, Morgan Demboski, Peter Rydzynski, IronNet Threat Research
@online{fitzpatrick:20211012:continued:e1f2eb4, author = {Brett Fitzpatrick and Joey Fitzpatrick and Morgan Demboski and Peter Rydzynski and IronNet Threat Research}, title = {{Continued Exploitation of CVE-2021-26084}}, date = {2021-10-12}, organization = {IronNet}, url = {https://www.ironnet.com/blog/continued-exploitation-of-cve-2021-26084}, language = {English}, urldate = {2021-10-25} } Continued Exploitation of CVE-2021-26084
2021-10-03Github (0xjxd)Joel Dönne
@techreport{dnne:20211003:squirrelwaffle:3a35566, author = {Joel Dönne}, title = {{SquirrelWaffle - From Maldoc to Cobalt Strike}}, date = {2021-10-03}, institution = {Github (0xjxd)}, url = {https://github.com/0xjxd/SquirrelWaffle-From-Maldoc-to-Cobalt-Strike/raw/main/2021-10-02%20-%20SquirrelWaffle%20-%20From%20Maldoc%20to%20Cobalt%20Strike.pdf}, language = {English}, urldate = {2021-10-07} } SquirrelWaffle - From Maldoc to Cobalt Strike
Cobalt Strike Squirrelwaffle
2021-09-27Trend MicroRyan Maglaque, Joelson Soares, Gilbert Sison, Arianne Dela Cruz, Warren Sto.Tomas
@online{maglaque:20210927:fake:e02e3a3, author = {Ryan Maglaque and Joelson Soares and Gilbert Sison and Arianne Dela Cruz and Warren Sto.Tomas}, title = {{Fake Installers Drop Malware and Open Doors for Opportunistic Attackers}}, date = {2021-09-27}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/i/fake-installers-drop-malware-and-open-doors-for-opportunistic-attackers.html}, language = {English}, urldate = {2021-10-05} } Fake Installers Drop Malware and Open Doors for Opportunistic Attackers
RedLine Stealer Socelars Vidar