Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-03-08MandiantRufus Brown, Van Ta, Douglas Bienstock, Geoff Ackerman, John Wolfram
@online{brown:20220308:does:94c6c3e, author = {Rufus Brown and Van Ta and Douglas Bienstock and Geoff Ackerman and John Wolfram}, title = {{Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments}}, date = {2022-03-08}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/apt41-us-state-governments}, language = {English}, urldate = {2022-03-10} } Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments
KEYPLUG Cobalt Strike LOWKEY
2022-03-04IBMJohn Dwyer, Kevin Henson
@online{dwyer:20220304:new:c661960, author = {John Dwyer and Kevin Henson}, title = {{New Wiper Malware Used Against Ukranian Organizations}}, date = {2022-03-04}, organization = {IBM}, url = {https://securityintelligence.com/posts/new-wiper-malware-used-against-ukranian-organizations/}, language = {English}, urldate = {2022-03-07} } New Wiper Malware Used Against Ukranian Organizations
IsaacWiper
2022-03-01Huntress LabsJohn Hammond
@online{hammond:20220301:targeted:c462269, author = {John Hammond}, title = {{Targeted APT Activity: BABYSHARK Is Out for Blood}}, date = {2022-03-01}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/targeted-apt-activity-babyshark-is-out-for-blood}, language = {English}, urldate = {2022-03-07} } Targeted APT Activity: BABYSHARK Is Out for Blood
BabyShark
2022-02-24IBMAnne Jobmann, Claire Zaboeva, Richard Emerson, Christopher Del Fierro, John Dwyer
@online{jobmann:20220224:ibm:deaac04, author = {Anne Jobmann and Claire Zaboeva and Richard Emerson and Christopher Del Fierro and John Dwyer}, title = {{IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine}}, date = {2022-02-24}, organization = {IBM}, url = {https://securityintelligence.com/posts/new-destructive-malware-cyber-attacks-ukraine/}, language = {English}, urldate = {2022-03-02} } IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine
HermeticWiper
2022-02-18YouTube (John Hammond)John Hammond
@online{hammond:20220218:uncovering:1c5162c, author = {John Hammond}, title = {{Uncovering NETWIRE Malware - Discovery & Deobfuscation}}, date = {2022-02-18}, organization = {YouTube (John Hammond)}, url = {https://www.youtube.com/watch?v=TeQdZxP0RYY}, language = {English}, urldate = {2022-02-19} } Uncovering NETWIRE Malware - Discovery & Deobfuscation
NetWire RC
2022-01-27Recorded FutureJohn Wetzel
@techreport{wetzel:20220127:russias:e336cc8, author = {John Wetzel}, title = {{Russia’s Biggest Threat Is Its Instability}}, date = {2022-01-27}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/pov-2022-0127.pdf}, language = {English}, urldate = {2022-02-04} } Russia’s Biggest Threat Is Its Instability
WhisperGate
2022-01-20BrightTALK (Mandiant)John Hultquist, Matthew McWhirt
@online{hultquist:20220120:anticipating:b2d356a, author = {John Hultquist and Matthew McWhirt}, title = {{Anticipating and Preparing for Russian Cyber Activity}}, date = {2022-01-20}, organization = {BrightTALK (Mandiant)}, url = {https://www.brighttalk.com/webcast/7451/527124}, language = {English}, urldate = {2022-02-14} } Anticipating and Preparing for Russian Cyber Activity
2022-01-20MandiantJohn Hultquist
@online{hultquist:20220120:anticipating:8005282, author = {John Hultquist}, title = {{Anticipating Cyber Threats as the Ukraine Crisis Escalates}}, date = {2022-01-20}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/ukraine-crisis-cyber-threats}, language = {English}, urldate = {2022-01-24} } Anticipating Cyber Threats as the Ukraine Crisis Escalates
2022-01-04The Cyber Security TimesJohn Greenwood
@online{greenwood:20220104:purple:98da376, author = {John Greenwood}, title = {{Purple Fox malware is actively distributed via Telegram Installers}}, date = {2022-01-04}, organization = {The Cyber Security Times}, url = {https://www.thecybersecuritytimes.com/purple-fox-malware-is-actively-distributed-via-telegram-installers/}, language = {English}, urldate = {2022-01-06} } Purple Fox malware is actively distributed via Telegram Installers
PurpleFox
2021-12-16CitizenLabKristin Berdan, John Scott-Railton, Bill Marczak, Noura Al-Jizawi, Bahr Abdul Razzak, Ron Deibert, Siena Anstis
@online{berdan:20211216:pegasus:c1c06eb, author = {Kristin Berdan and John Scott-Railton and Bill Marczak and Noura Al-Jizawi and Bahr Abdul Razzak and Ron Deibert and Siena Anstis}, title = {{Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware}}, date = {2021-12-16}, organization = {CitizenLab}, url = {https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/}, language = {English}, urldate = {2022-01-24} } Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware
Chrysaor
2021-12-15MandiantMatthew McWhirt, John Hultquist
@online{mcwhirt:20211215:log4shell:9216a09, author = {Matthew McWhirt and John Hultquist}, title = {{Log4Shell Initial Exploitation and Mitigation Recommendations}}, date = {2021-12-15}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/log4shell-recommendations}, language = {English}, urldate = {2021-12-31} } Log4Shell Initial Exploitation and Mitigation Recommendations
2021-11-10MicrosoftJohn Lambert
@online{lambert:20211110:hunt:8ab9e28, author = {John Lambert}, title = {{The hunt for NOBELIUM, the most sophisticated nation-state attack in history}}, date = {2021-11-10}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/10/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history/}, language = {English}, urldate = {2021-11-17} } The hunt for NOBELIUM, the most sophisticated nation-state attack in history
2021-11-07McAfeeJohn Fokker, Raj Samani
@online{fokker:20211107:who:f8f6ef2, author = {John Fokker and Raj Samani}, title = {{Who Will Bend the Knee in RaaS Game of Thrones in 2022?}}, date = {2021-11-07}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/who-will-bend-the-knee-in-raas-game-of-thrones-in-2022/}, language = {English}, urldate = {2021-11-08} } Who Will Bend the Knee in RaaS Game of Thrones in 2022?
2021-10-24CitizenLabBill Marczak, John Scott-Railton, Siena Anstis, Bahr Abdul Razzak, Ron Deibert
@online{marczak:20211024:breaking:26acce3, author = {Bill Marczak and John Scott-Railton and Siena Anstis and Bahr Abdul Razzak and Ron Deibert}, title = {{Breaking the News New York Times Journalist Ben Hubbard Hacked with Pegasus after Reporting on Previous Hacking Attempts}}, date = {2021-10-24}, organization = {CitizenLab}, url = {https://citizenlab.ca/2021/10/breaking-news-new-york-times-journalist-ben-hubbard-pegasus/}, language = {English}, urldate = {2021-11-02} } Breaking the News New York Times Journalist Ben Hubbard Hacked with Pegasus after Reporting on Previous Hacking Attempts
Chrysaor
2021-09-22YouTube (John Hammond)John Hammond
@online{hammond:20210922:snip3:319b687, author = {John Hammond}, title = {{Snip3 Crypter/RAT Loader - DcRat MALWARE ANALYSIS}}, date = {2021-09-22}, organization = {YouTube (John Hammond)}, url = {https://www.youtube.com/watch?v=ElqmQDySy48}, language = {English}, urldate = {2021-09-23} } Snip3 Crypter/RAT Loader - DcRat MALWARE ANALYSIS
DCRat
2021-09-14FortinetJohn Simmons
@online{simmons:20210914:more:f8ade2c, author = {John Simmons}, title = {{More ProxyShell? Web Shells Lead to ZeroLogon and Application Impersonation Attacks}}, date = {2021-09-14}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/more-proxyshell-web-shells-lead-to-zerologon-and-application-impersonation-attacks}, language = {English}, urldate = {2021-09-19} } More ProxyShell? Web Shells Lead to ZeroLogon and Application Impersonation Attacks
2021-09-13CitizenLabBill Marczak, John Scott-Railton, Bahr Abdul Razzak, Noura Al-Jizawi, Siena Anstis, Kristin Berdan, Ron Deibert
@online{marczak:20210913:forcedentry:7427f45, author = {Bill Marczak and John Scott-Railton and Bahr Abdul Razzak and Noura Al-Jizawi and Siena Anstis and Kristin Berdan and Ron Deibert}, title = {{FORCEDENTRY NSO Group iMessage Zero-Click Exploit Captured in the Wild (CVE-2021-30860)}}, date = {2021-09-13}, organization = {CitizenLab}, url = {https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/}, language = {English}, urldate = {2021-09-14} } FORCEDENTRY NSO Group iMessage Zero-Click Exploit Captured in the Wild (CVE-2021-30860)
2021-09-08McAfeeMax Kersten, John Fokker, Thibault Seret
@online{kersten:20210908:how:5c39aac, author = {Max Kersten and John Fokker and Thibault Seret}, title = {{How Groove Gang is Shaking up the Ransomware-as-a-Service Market to Empower Affiliates}}, date = {2021-09-08}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/how-groove-gang-is-shaking-up-the-ransomware-as-a-service-market-to-empower-affiliates/}, language = {English}, urldate = {2021-09-12} } How Groove Gang is Shaking up the Ransomware-as-a-Service Market to Empower Affiliates
Babuk BlackMatter Babuk BlackMatter CTB Locker
2021-09-03IBMCamille Singleton, Andrew Gorecki, John Dwyer
@online{singleton:20210903:dissecting:4d56786, author = {Camille Singleton and Andrew Gorecki and John Dwyer}, title = {{Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight}}, date = {2021-09-03}, organization = {IBM}, url = {https://securityintelligence.com/posts/sodinokibi-ransomware-incident-response-intelligence-together/}, language = {English}, urldate = {2021-09-09} } Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight
Valak QakBot REvil
2021-09-03FireEyeAdrian Sanchez Hernandez, Govand Sinjari, Joshua Goddard, Brendan McKeague, John Wolfram, Alex Pennino, Andrew Rector, Harris Ansari, Yash Gupta
@online{hernandez:20210903:pst:a8de902, author = {Adrian Sanchez Hernandez and Govand Sinjari and Joshua Goddard and Brendan McKeague and John Wolfram and Alex Pennino and Andrew Rector and Harris Ansari and Yash Gupta}, title = {{PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers}}, date = {2021-09-03}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/09/proxyshell-exploiting-microsoft-exchange-servers.html}, language = {English}, urldate = {2021-09-06} } PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers
CHINACHOPPER HTran