Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-07-02CiscoAsheer Malhotra, Justin Thattil
@online{malhotra:20210702:insidecopy:c85188c, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal}}, date = {2021-07-02}, organization = {Cisco}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/591/original/062521_SideCopy_%281%29.pdf?1625657388}, language = {English}, urldate = {2022-01-25} } InSideCopy: How this APT continues to evolve its arsenal
AllaKore CetaRAT Lilith NjRAT ReverseRAT
2021-06-16FireEyeTyler McLellan, Robert Dean, Justin Moore, Nick Harbour, Mike Hunhoff, Jared Wilson
@online{mclellan:20210616:smoking:fa6559d, author = {Tyler McLellan and Robert Dean and Justin Moore and Nick Harbour and Mike Hunhoff and Jared Wilson}, title = {{Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise}}, date = {2021-06-16}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html}, language = {English}, urldate = {2021-12-01} } Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
Cobalt Strike SMOKEDHAM
2021-06-16MandiantTyler McLellan, Robert Dean, Justin Moore, Nick Harbour, Mike Hunhoff, Jared Wilson, Jordan Nuce
@online{mclellan:20210616:smoking:a03a78c, author = {Tyler McLellan and Robert Dean and Justin Moore and Nick Harbour and Mike Hunhoff and Jared Wilson and Jordan Nuce}, title = {{Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise}}, date = {2021-06-16}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/darkside-affiliate-supply-chain-software-compromise}, language = {English}, urldate = {2021-12-01} } Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
Cobalt Strike SMOKEDHAM
2021-05-13TalosAsheer Malhotra, Justin Thattil, Kendall McKay
@online{malhotra:20210513:transparent:9993964, author = {Asheer Malhotra and Justin Thattil and Kendall McKay}, title = {{Transparent Tribe APT expands its Windows malware arsenal}}, date = {2021-05-13}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html}, language = {English}, urldate = {2021-05-13} } Transparent Tribe APT expands its Windows malware arsenal
Crimson RAT Oblique RAT
2021-05-13ABC NewsJustin Gomez
@online{gomez:20210513:dont:4c0730c, author = {Justin Gomez}, title = {{'Don't panic,' Biden tells Americans facing gasoline shortages from pipeline attack}}, date = {2021-05-13}, organization = {ABC News}, url = {https://abcnews.go.com/Politics/biden-speak-colonial-pipeline-attack-americans-face-gasoline/story?id=77666212}, language = {English}, urldate = {2021-05-17} } 'Don't panic,' Biden tells Americans facing gasoline shortages from pipeline attack
DarkSide
2021-05-04Red CanaryJustin Schoenfeld, Aaron Didier
@online{schoenfeld:20210504:transferring:ed44b55, author = {Justin Schoenfeld and Aaron Didier}, title = {{Transferring leverage in a ransomware attack}}, date = {2021-05-04}, organization = {Red Canary}, url = {https://redcanary.com/blog/rclone-mega-extortion/}, language = {English}, urldate = {2021-05-07} } Transferring leverage in a ransomware attack
2021-04-29FireEyeTyler McLellan, Justin Moore, Raymond Leong
@online{mclellan:20210429:unc2447:2ad0d96, author = {Tyler McLellan and Justin Moore and Raymond Leong}, title = {{UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat}}, date = {2021-04-29}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html}, language = {English}, urldate = {2022-03-07} } UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat
Cobalt Strike FiveHands HelloKitty
2021-04-09MicrosoftEmily Hacker, Justin Carroll, Microsoft 365 Defender Threat Intelligence Team
@online{hacker:20210409:investigating:2b6f30a, author = {Emily Hacker and Justin Carroll and Microsoft 365 Defender Threat Intelligence Team}, title = {{Investigating a unique “form” of email delivery for IcedID malware}}, date = {2021-04-09}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/04/09/investigating-a-unique-form-of-email-delivery-for-icedid-malware/}, language = {English}, urldate = {2021-04-12} } Investigating a unique “form” of email delivery for IcedID malware
IcedID
2021-04-07Medium sixdubJustin Warner
@online{warner:20210407:using:a7d19fd, author = {Justin Warner}, title = {{Using Kaitai Struct to Parse Cobalt Strike Beacon Configs}}, date = {2021-04-07}, organization = {Medium sixdub}, url = {https://sixdub.medium.com/using-kaitai-to-parse-cobalt-strike-beacon-configs-f5f0552d5a6e}, language = {English}, urldate = {2021-04-09} } Using Kaitai Struct to Parse Cobalt Strike Beacon Configs
Cobalt Strike
2021-04-01MicrosoftCole Sodja, Justin Carroll, Melissa Turcotte, Joshua Neil, Microsoft 365 Defender Research Team
@online{sodja:20210401:automating:d24c8aa, author = {Cole Sodja and Justin Carroll and Melissa Turcotte and Joshua Neil and Microsoft 365 Defender Research Team}, title = {{Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting}}, date = {2021-04-01}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/04/01/automating-threat-actor-tracking-understanding-attacker-behavior-for-intelligence-and-contextual-alerting/}, language = {English}, urldate = {2021-04-06} } Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting
2020-12-18ElasticCamilla Montonen, Justin Ibarra
@online{montonen:20201218:combining:13fef73, author = {Camilla Montonen and Justin Ibarra}, title = {{Combining supervised and unsupervised machine learning for DGA detection}}, date = {2020-12-18}, organization = {Elastic}, url = {https://www.elastic.co/blog/supervised-and-unsupervised-machine-learning-for-dga-detection}, language = {English}, urldate = {2020-12-18} } Combining supervised and unsupervised machine learning for DGA detection
SUNBURST
2020-12-16LookoutRobert Nickle, Apurva Kumar, Justin Albrecht, Diane Wee
@online{nickle:20201216:lookout:089b35a, author = {Robert Nickle and Apurva Kumar and Justin Albrecht and Diane Wee}, title = {{Lookout Discovers New Spyware Used by Sextortionists to Blackmail iOS and Android Users}}, date = {2020-12-16}, organization = {Lookout}, url = {https://blog.lookout.com/lookout-discovers-new-spyware-goontact-used-by-sextortionists-for-blackmail}, language = {English}, urldate = {2020-12-17} } Lookout Discovers New Spyware Used by Sextortionists to Blackmail iOS and Android Users
goontact
2020-11-12BrightTALK (FireEye)Justin Moore, Jacob Thompson
@online{moore:20201112:living:a1593bb, author = {Justin Moore and Jacob Thompson}, title = {{Living Off The Land on a Private Island: An Overview of UNC1945}}, date = {2020-11-12}, organization = {BrightTALK (FireEye)}, url = {https://www.brighttalk.com/webcast/7451/451508}, language = {English}, urldate = {2020-12-15} } Living Off The Land on a Private Island: An Overview of UNC1945
2020-11-02FireEyeJustin Moore, Wojciech Ledzion, Luis Rocha, Adrian Pisarczyk, Daniel Caban, Sara Rincon, Daniel Susin, Antonio Monaca
@online{moore:20201102:live:1632e2d, author = {Justin Moore and Wojciech Ledzion and Luis Rocha and Adrian Pisarczyk and Daniel Caban and Sara Rincon and Daniel Susin and Antonio Monaca}, title = {{Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945}}, date = {2020-11-02}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/11/live-off-the-land-an-overview-of-unc1945.html}, language = {English}, urldate = {2020-11-06} } Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945
SLAPSTICK STEELCORGI
2020-06-12SUCURIJustin Channell
@online{channell:20200612:what:af937e9, author = {Justin Channell}, title = {{What is the Gibberish Hack?}}, date = {2020-06-12}, organization = {SUCURI}, url = {https://blog.sucuri.net/2020/06/gibberish-hack.html}, language = {English}, urldate = {2020-06-16} } What is the Gibberish Hack?
2019-07-23GigamonKristina Savelesky, Ed Miles, Justin Warner
@online{savelesky:20190723:abadbabe:061c7a8, author = {Kristina Savelesky and Ed Miles and Justin Warner}, title = {{ABADBABE 8BADF00D: Discovering BADHATCH and a Detailed Look at FIN8’s Tooling}}, date = {2019-07-23}, organization = {Gigamon}, url = {https://atr-blog.gigamon.com/2019/07/23/abadbabe-8badf00d-discovering-badhatch-and-a-detailed-look-at-fin8s-tooling/}, language = {English}, urldate = {2020-02-09} } ABADBABE 8BADF00D: Discovering BADHATCH and a Detailed Look at FIN8’s Tooling
PoSlurp Powersniff
2019-07-23GigamonKristina Savelesky, Ed Miles, Justin Warner
@online{savelesky:20190723:abadbabe:7d07c9b, author = {Kristina Savelesky and Ed Miles and Justin Warner}, title = {{ABADBABE 8BADF00D: Discovering BADHATCH and a Detailed Look at FIN8’s Tooling}}, date = {2019-07-23}, organization = {Gigamon}, url = {https://blog.gigamon.com/2019/07/23/abadbabe-8badf00d-discovering-badhatch-and-a-detailed-look-at-fin8s-tooling/}, language = {English}, urldate = {2023-08-31} } ABADBABE 8BADF00D: Discovering BADHATCH and a Detailed Look at FIN8’s Tooling
BADHATCH
2018-12-17Twitter (@MJDutch)Justin
@online{justin:20181217:apt39:6e13cad, author = {Justin}, title = {{Tweet on APT39}}, date = {2018-12-17}, organization = {Twitter (@MJDutch)}, url = {https://twitter.com/MJDutch/status/1074820959784321026?s=19}, language = {English}, urldate = {2020-01-08} } Tweet on APT39
OilRig
2018-08-16Recorded FutureInsikt Group, Sanil Chohan, Winnona Desombre, Justin Grosfelt
@online{group:20180816:chinese:cd91b33, author = {Insikt Group and Sanil Chohan and Winnona Desombre and Justin Grosfelt}, title = {{Chinese Cyberespionage Originating From Tsinghua University Infrastructure}}, date = {2018-08-16}, organization = {Recorded Future}, url = {https://www.recordedfuture.com/chinese-cyberespionage-operations}, language = {English}, urldate = {2023-05-15} } Chinese Cyberespionage Originating From Tsinghua University Infrastructure
ext4 RedAlpha
2018-08-16Recorded FutureSanil Chohan, Winnona Desombre, Justin Grosfelt
@online{chohan:20180816:chinese:91aaa15, author = {Sanil Chohan and Winnona Desombre and Justin Grosfelt}, title = {{Chinese Cyberespionage Originating From Tsinghua University Infrastructure}}, date = {2018-08-16}, organization = {Recorded Future}, url = {https://www.recordedfuture.com/chinese-cyberespionage-operations/}, language = {English}, urldate = {2020-01-09} } Chinese Cyberespionage Originating From Tsinghua University Infrastructure
ext4