Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-07-20Trend MicroJoelson Soares, Buddy Tancio, Erika Mendoza, Jessie Prevost, Nusrath Iqra
@online{soares:20220720:analyzing:8753d99, author = {Joelson Soares and Buddy Tancio and Erika Mendoza and Jessie Prevost and Nusrath Iqra}, title = {{Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data}}, date = {2022-07-20}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/g/analyzing-penetration-testing-tools-that-threat-actors-use-to-br.html}, language = {English}, urldate = {2022-07-25} } Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data
2022-07-18YouTube (Security Joes)Felipe Duarte
@online{duarte:20220718:plugx:bfdba72, author = {Felipe Duarte}, title = {{PlugX DLL Side-Loading Technique}}, date = {2022-07-18}, organization = {YouTube (Security Joes)}, url = {https://www.youtube.com/watch?v=E2_DTQJjDYc}, language = {English}, urldate = {2022-07-19} } PlugX DLL Side-Loading Technique
PlugX
2022-07-11BBCJoe Tidy
@online{tidy:20220711:predatory:441dbbc, author = {Joe Tidy}, title = {{Predatory Sparrow: Who are the hackers who say they started a fire in Iran?}}, date = {2022-07-11}, organization = {BBC}, url = {https://www.bbc.com/news/technology-62072480}, language = {English}, urldate = {2022-07-13} } Predatory Sparrow: Who are the hackers who say they started a fire in Iran?
Predatory Sparrow
2022-06-15Security JoesCharles Lomboni, Venkat Rajgor, Felipe Duarte
@techreport{lomboni:20220615:backdoor:8d43d9e, author = {Charles Lomboni and Venkat Rajgor and Felipe Duarte}, title = {{Backdoor via XFF: Mysterious Threat Actor Under Radar}}, date = {2022-06-15}, institution = {Security Joes}, url = {https://secjoes-reports.s3.eu-central-1.amazonaws.com/Backdoor%2Bvia%2BXFF%2BMysterious%2BThreat%2BActor%2BUnder%2BRadar.pdf}, language = {English}, urldate = {2022-06-16} } Backdoor via XFF: Mysterious Threat Actor Under Radar
CHINACHOPPER
2022-06-09Sentinel LABSJoey Chen
@online{chen:20220609:aoqin:134698f, author = {Joey Chen}, title = {{Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years}}, date = {2022-06-09}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/aoqin-dragon-newly-discovered-chinese-linked-apt-has-been-quietly-spying-on-organizations-for-10-years/}, language = {English}, urldate = {2022-06-09} } Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years
heyoka mongall Aoqin Dragon
2022-05-08IronNetMichael Leardi, Joey Fitzpatrick, Brent Eskridge
@online{leardi:20220508:tracking:8f52310, author = {Michael Leardi and Joey Fitzpatrick and Brent Eskridge}, title = {{Tracking Cobalt Strike Servers Used in Cyberattacks on Ukraine}}, date = {2022-05-08}, organization = {IronNet}, url = {https://www.ironnet.com/blog/tracking-cobalt-strike-servers-used-in-cyberattacks-on-ukraine}, language = {English}, urldate = {2022-05-09} } Tracking Cobalt Strike Servers Used in Cyberattacks on Ukraine
Cobalt Strike
2022-05-02Sentinel LABSJoey Chen, Amitai Ben Shushan Ehrlich
@online{chen:20220502:moshen:1969df2, author = {Joey Chen and Amitai Ben Shushan Ehrlich}, title = {{Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad}}, date = {2022-05-02}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/}, language = {English}, urldate = {2022-05-04} } Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad
PlugX ShadowPad
2022-04-23Stranded on Pylos BlogJoe Slowik
@online{slowik:20220423:industroyer2:c8064df, author = {Joe Slowik}, title = {{Industroyer2 in Perspective}}, date = {2022-04-23}, organization = {Stranded on Pylos Blog}, url = {https://pylos.co/2022/04/23/industroyer2-in-perspective/}, language = {English}, urldate = {2022-04-25} } Industroyer2 in Perspective
INDUSTROYER2
2022-04-08Secure RoboticsJoel Yonts
@techreport{yonts:20220408:securing:3a54566, author = {Joel Yonts}, title = {{Securing Chatbot Technology - Part1: Chatbot Weaponization And ChatRATS}}, date = {2022-04-08}, institution = {Secure Robotics}, url = {https://static1.squarespace.com/static/60e9e4c7f46b2d2b9a99ae76/t/6251e30d7776fd348c188888/1649533710217/SR+Chatbot+Weaponization.pdf}, language = {English}, urldate = {2022-04-25} } Securing Chatbot Technology - Part1: Chatbot Weaponization And ChatRATS
2022-03-09Security JoesFelipe Duarte, Ido Naor
@techreport{duarte:20220309:sockbot:a9095cc, author = {Felipe Duarte and Ido Naor}, title = {{Sockbot in GoLand}}, date = {2022-03-09}, institution = {Security Joes}, url = {https://secjoes-reports.s3.eu-central-1.amazonaws.com/Sockbot%2Bin%2BGoLand.pdf}, language = {English}, urldate = {2022-03-10} } Sockbot in GoLand
lsassDumper Sockbot
2022-03-07ElasticDaniel Stepanic, Derek Ditch, Joe Desimone, Cyril François, Github (@1337-42), Samir Bousseaden, Andrew Pease
@online{stepanic:20220307:phoreal:f982397, author = {Daniel Stepanic and Derek Ditch and Joe Desimone and Cyril François and Github (@1337-42) and Samir Bousseaden and Andrew Pease}, title = {{PHOREAL Malware Targets the Southeast Asian Financial Sector}}, date = {2022-03-07}, organization = {Elastic}, url = {https://elastic.github.io/security-research/intelligence/2022/03/02.phoreal-targets-southeast-asia-financial-sector/article/}, language = {English}, urldate = {2022-03-08} } PHOREAL Malware Targets the Southeast Asian Financial Sector
PHOREAL
2022-02-25CyberScoopJoe Warminsky
@online{warminsky:20220225:trickbot:2d38470, author = {Joe Warminsky}, title = {{TrickBot malware suddenly got quiet, researchers say, but it's hardly the end for its operators}}, date = {2022-02-25}, organization = {CyberScoop}, url = {https://www.cyberscoop.com/trickbot-shutdown-conti-emotet/}, language = {English}, urldate = {2022-03-01} } TrickBot malware suddenly got quiet, researchers say, but it's hardly the end for its operators
BazarBackdoor Emotet TrickBot
2022-02-18ReutersJoel Schectman, Christopher Bing
@online{schectman:20220218:how:5e6b66c, author = {Joel Schectman and Christopher Bing}, title = {{How a Saudi woman's iPhone revealed hacking around the world}}, date = {2022-02-18}, organization = {Reuters}, url = {https://www.reuters.com/technology/how-saudi-womans-iphone-revealed-hacking-around-world-2022-02-17/}, language = {English}, urldate = {2022-02-19} } How a Saudi woman's iPhone revealed hacking around the world
Chrysaor
2022-02-15ProofpointSelena Larson, Joe Wise
@online{larson:20220215:charting:0205206, author = {Selena Larson and Joe Wise}, title = {{Charting TA2541's Flight}}, date = {2022-02-15}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight}, language = {English}, urldate = {2022-02-16} } Charting TA2541's Flight
AsyncRAT TA2541
2022-01-27GigamonJoe Slowik
@online{slowik:20220127:focusing:5b47208, author = {Joe Slowik}, title = {{Focusing on “Left of Boom”}}, date = {2022-01-27}, organization = {Gigamon}, url = {https://blog.gigamon.com/2022/01/28/focusing-on-left-of-boom/}, language = {English}, urldate = {2022-02-02} } Focusing on “Left of Boom”
WhisperGate
2022-01-19ElasticDaniel Stepanic, Samir Bousseaden, James Spiteri, Joe Desimone, Mark Mager, Andrew Pease
@online{stepanic:20220119:operation:c81f473, author = {Daniel Stepanic and Samir Bousseaden and James Spiteri and Joe Desimone and Mark Mager and Andrew Pease}, title = {{Operation Bleeding Bear}}, date = {2022-01-19}, organization = {Elastic}, url = {https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/}, language = {English}, urldate = {2022-01-24} } Operation Bleeding Bear
WhisperGate
2022-01-19ElasticDaniel Stepanic, James Spiteri, Joe Desimone, Mark Mager, Andrew Pease
@online{stepanic:20220119:operation:95a5975, author = {Daniel Stepanic and James Spiteri and Joe Desimone and Mark Mager and Andrew Pease}, title = {{Operation Bleeding Bear}}, date = {2022-01-19}, organization = {Elastic}, url = {https://www.elastic.co/fr/security-labs/operation-bleeding-bear}, language = {English}, urldate = {2023-01-05} } Operation Bleeding Bear
WhisperGate
2021-12-30Stranded on Pylos BlogJoe Slowik
@online{slowik:20211230:lights:65d52c9, author = {Joe Slowik}, title = {{Lights Out in Isfahan}}, date = {2021-12-30}, organization = {Stranded on Pylos Blog}, url = {https://pylos.co/2021/12/30/lights-out-in-isfahan/}, language = {English}, urldate = {2022-01-25} } Lights Out in Isfahan
2021-12-23ElasticJoe Desimone, Samir Bousseaden
@online{desimone:20211223:elastic:0e1caf7, author = {Joe Desimone and Samir Bousseaden}, title = {{Elastic Security uncovers BLISTER malware campaign}}, date = {2021-12-23}, organization = {Elastic}, url = {https://www.elastic.co/blog/elastic-security-uncovers-blister-malware-campaign}, language = {English}, urldate = {2021-12-23} } Elastic Security uncovers BLISTER malware campaign
Blister
2021-12-21GigamonJoe Slowik
@online{slowik:20211221:log:c950f86, author = {Joe Slowik}, title = {{The Log Keeps Rolling On: Evaluating Log4j Developments and Defensive Requirements}}, date = {2021-12-21}, organization = {Gigamon}, url = {https://blog.gigamon.com/2021/12/21/the-log-keeps-rolling-on-evaluating-log4j-developments-and-defensive-requirements/}, language = {English}, urldate = {2022-02-10} } The Log Keeps Rolling On: Evaluating Log4j Developments and Defensive Requirements