Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-05-25Huntress LabsMatthew Brennan
@online{brennan:20210525:cobalt:c428be0, author = {Matthew Brennan}, title = {{Cobalt Strikes Again: An Analysis of Obfuscated Malware}}, date = {2021-05-25}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware}, language = {English}, urldate = {2021-06-09} } Cobalt Strikes Again: An Analysis of Obfuscated Malware
Cobalt Strike
2021-05-06Sophos LabsTilly Travers, Bill Kearney, Kyle Link, Peter Mackenzie, Matthew Sharf
@online{travers:20210506:mtr:1f2feb4, author = {Tilly Travers and Bill Kearney and Kyle Link and Peter Mackenzie and Matthew Sharf}, title = {{MTR in Real Time: Pirates pave way for Ryuk ransomware}}, date = {2021-05-06}, organization = {Sophos Labs}, url = {https://news.sophos.com/en-us/2021/05/06/mtr-in-real-time-pirates-pave-way-for-ryuk-ransomware/}, language = {English}, urldate = {2021-05-13} } MTR in Real Time: Pirates pave way for Ryuk ransomware
Ryuk
2021-03-14DAILY BEASTMatthew Brazil
@online{brazil:20210314:how:5fcb8be, author = {Matthew Brazil}, title = {{How China’s Devastating Microsoft Hack Puts Us All at Risk}}, date = {2021-03-14}, organization = {DAILY BEAST}, url = {https://www.thedailybeast.com/how-chinas-devastating-microsoft-hack-puts-us-all-at-risk}, language = {English}, urldate = {2021-03-31} } How China’s Devastating Microsoft Hack Puts Us All at Risk
HAFNIUM
2021-03-10ProofpointDennis Schwarz, Matthew Mesa, Proofpoint Threat Research Team
@online{schwarz:20210310:nimzaloader:f6960d4, author = {Dennis Schwarz and Matthew Mesa and Proofpoint Threat Research Team}, title = {{NimzaLoader: TA800’s New Initial Access Malware}}, date = {2021-03-10}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware}, language = {English}, urldate = {2021-03-12} } NimzaLoader: TA800’s New Initial Access Malware
BazarNimrod Cobalt Strike
2021-03-08Palo Alto Networks Unit 42Chris Navarrete, Yanhui Jia, Matthew Tennis, Durgesh Sangvikar, Rongbo Shao
@online{navarrete:20210308:attack:6238643, author = {Chris Navarrete and Yanhui Jia and Matthew Tennis and Durgesh Sangvikar and Rongbo Shao}, title = {{Attack Chain Overview: Emotet in December 2020 and January 2021}}, date = {2021-03-08}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/attack-chain-overview-emotet-in-december-2020-and-january-2021/}, language = {English}, urldate = {2021-03-11} } Attack Chain Overview: Emotet in December 2020 and January 2021
Emotet
2021-03-02VolexityJosh Grunzweig, Matthew Meltzer, Sean Koessel, Steven Adair, Thomas Lancaster
@online{grunzweig:20210302:operation:44c264f, author = {Josh Grunzweig and Matthew Meltzer and Sean Koessel and Steven Adair and Thomas Lancaster}, title = {{Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities}}, date = {2021-03-02}, organization = {Volexity}, url = {https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/}, language = {English}, urldate = {2021-03-07} } Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities
CHINACHOPPER HAFNIUM
2021-01-19FireEyeMike Burns, Matthew McWhirt, Douglas Bienstock, Nick Bennett
@online{burns:20210119:remediation:76c7695, author = {Mike Burns and Matthew McWhirt and Douglas Bienstock and Nick Bennett}, title = {{Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452}}, date = {2021-01-19}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/01/remediation-and-hardening-strategies-for-microsoft-365-to-defend-against-unc2452.html}, language = {English}, urldate = {2021-01-21} } Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
2021-01-19MandiantMike Burns, Matthew McWhirt, Douglas Bienstock, Nick Bennett
@techreport{burns:20210119:remediation:044c1db, author = {Mike Burns and Matthew McWhirt and Douglas Bienstock and Nick Bennett}, title = {{Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 (WHITE PAPER)}}, date = {2021-01-19}, institution = {Mandiant}, url = {https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/wp-m-unc2452-2021-000343-01.pdf}, language = {English}, urldate = {2021-01-21} } Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 (WHITE PAPER)
2021-01-06MimecastMatthew Gardiner
@online{gardiner:20210106:how:b9e3a36, author = {Matthew Gardiner}, title = {{How to Slam a Door on the Cutwail Botnet: Enforce DMARC}}, date = {2021-01-06}, organization = {Mimecast}, url = {https://www.mimecast.com/blog/how-to-slam-a-door-on-the-cutwail-botnet-enforce-dmarc/}, language = {English}, urldate = {2021-01-27} } How to Slam a Door on the Cutwail Botnet: Enforce DMARC
Cutwail
2020-12-18Trend MicroMatthew Camacho, Raphael Centeno, Junestherry Salvador
@online{camacho:20201218:negasteal:e5b291f, author = {Matthew Camacho and Raphael Centeno and Junestherry Salvador}, title = {{Negasteal Uses Hastebin for Fileless Delivery of Crysis Ransomware}}, date = {2020-12-18}, organization = {Trend Micro}, url = {https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/negasteal-uses-hastebin-for-fileless-delivery-of-crysis-ransomware}, language = {English}, urldate = {2020-12-26} } Negasteal Uses Hastebin for Fileless Delivery of Crysis Ransomware
Agent Tesla Dharma
2020-12-17Palo Alto Networks Unit 42Matthew Tennis
@online{tennis:20201217:supernova:5609635, author = {Matthew Tennis}, title = {{SUPERNOVA SolarWinds .NET Webshell Analysis}}, date = {2020-12-17}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/solarstorm-supernova}, language = {English}, urldate = {2022-07-25} } SUPERNOVA SolarWinds .NET Webshell Analysis
SUPERNOVA BRONZE SPIRAL
2020-12-14VolexityDamien Cash, Matthew Meltzer, Sean Koessel, Steven Adair, Thomas Lancaster, Volexity Threat Research
@online{cash:20201214:dark:7d54c5d, author = {Damien Cash and Matthew Meltzer and Sean Koessel and Steven Adair and Thomas Lancaster and Volexity Threat Research}, title = {{Dark Halo Leverages SolarWinds Compromise to Breach Organizations}}, date = {2020-12-14}, organization = {Volexity}, url = {https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/}, language = {English}, urldate = {2020-12-15} } Dark Halo Leverages SolarWinds Compromise to Breach Organizations
SUNBURST
2020-12-13FireEyeAndrew Archer, Doug Bienstock, Chris DiGiamo, Glenn Edwards, Nick Hornick, Alex Pennino, Andrew Rector, Scott Runnels, Eric Scales, Nalani Fraiser, Sarah Jones, John Hultquist, Ben Read, Jon Leathery, Fred House, Dileep Jallepalli, Michael Sikorski, Stephen Eckels, William Ballenthin, Jay Smith, Alex Berry, Nick Richard, Isif Ibrahima, Dan Perez, Marcin Siedlarz, Ben Withnell, Barry Vengerik, Nicole Oppenheim, Ian Ahl, Andrew Thompson, Matt Dunwoody, Evan Reese, Steve Miller, Alyssa Rahman, John Gorman, Lennard Galang, Steve Stone, Nick Bennett, Matthew McWhirt, Mike Burns, Omer Baig, Nick Carr, Christopher Glyer, Ramin Nafisi, Microsoft
@online{archer:20201213:highly:9fe1728, author = {Andrew Archer and Doug Bienstock and Chris DiGiamo and Glenn Edwards and Nick Hornick and Alex Pennino and Andrew Rector and Scott Runnels and Eric Scales and Nalani Fraiser and Sarah Jones and John Hultquist and Ben Read and Jon Leathery and Fred House and Dileep Jallepalli and Michael Sikorski and Stephen Eckels and William Ballenthin and Jay Smith and Alex Berry and Nick Richard and Isif Ibrahima and Dan Perez and Marcin Siedlarz and Ben Withnell and Barry Vengerik and Nicole Oppenheim and Ian Ahl and Andrew Thompson and Matt Dunwoody and Evan Reese and Steve Miller and Alyssa Rahman and John Gorman and Lennard Galang and Steve Stone and Nick Bennett and Matthew McWhirt and Mike Burns and Omer Baig and Nick Carr and Christopher Glyer and Ramin Nafisi and Microsoft}, title = {{Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor}}, date = {2020-12-13}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html}, language = {English}, urldate = {2020-12-19} } Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
SUNBURST SUPERNOVA TEARDROP UNC2452
2020-11-20Trend MicroAbraham Camba, Bren Matthew Ebriega, Gilbert Sison
@online{camba:20201120:weaponizing:e15699d, author = {Abraham Camba and Bren Matthew Ebriega and Gilbert Sison}, title = {{Weaponizing Open Source Software for Targeted Attacks}}, date = {2020-11-20}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/20/k/weaponizing-open-source-software-for-targeted-attacks.html}, language = {English}, urldate = {2020-11-23} } Weaponizing Open Source Software for Targeted Attacks
LaZagne Defray PlugX
2020-07-08COLUMBIA | SIPAMatthew Armelli, Stuart Caudill, John Patrick Dees, Max Egar, Jennifer Keltz, Lan Pelekis, John Sakellariadis, Vipratap Vikram Singh, Katherine von Ofenheim, Neal Pollard
@online{armelli:20200708:named:c581e3d, author = {Matthew Armelli and Stuart Caudill and John Patrick Dees and Max Egar and Jennifer Keltz and Lan Pelekis and John Sakellariadis and Vipratap Vikram Singh and Katherine von Ofenheim and Neal Pollard}, title = {{Named But Hardly Shamed: What is the Impact of Information Disclosures on an APT Operations?}}, date = {2020-07-08}, organization = {COLUMBIA | SIPA}, url = {https://sipa.columbia.edu/file/12461/download?token=o5TRWZnI}, language = {English}, urldate = {2020-07-13} } Named But Hardly Shamed: What is the Impact of Information Disclosures on an APT Operations?
2020-07-07FireEyeMatthew Haigh, Trevor Haskell
@online{haigh:20200707:configuring:a0cb3d9, author = {Matthew Haigh and Trevor Haskell}, title = {{Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool}}, date = {2020-07-07}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/07/configuring-windows-domain-dynamically-analyze-obfuscated-lateral-movement-tool.html}, language = {English}, urldate = {2020-08-18} } Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool
2020-05-28Rapid7 LabsMatthew Berninger
@online{berninger:20200528:masked:44cad71, author = {Matthew Berninger}, title = {{The Masked SYNger: Investigating a Traffic Phenomenon}}, date = {2020-05-28}, organization = {Rapid7 Labs}, url = {https://blog.rapid7.com/2020/05/28/the-masked-synger-investigating-a-traffic-phenomenon/}, language = {English}, urldate = {2020-05-29} } The Masked SYNger: Investigating a Traffic Phenomenon
2020-05-20ProofpointDennis Schwarz, Matthew Mesa, Proofpoint Threat Research Team
@online{schwarz:20200520:zloader:e3c523e, author = {Dennis Schwarz and Matthew Mesa and Proofpoint Threat Research Team}, title = {{ZLoader Loads Again: New ZLoader Variant Returns}}, date = {2020-05-20}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/zloader-loads-again-new-zloader-variant-returns}, language = {English}, urldate = {2020-05-23} } ZLoader Loads Again: New ZLoader Variant Returns
Zloader
2020-05-14Trend MicroMatthew Stewart
@online{stewart:20200514:qnodeservice:603306e, author = {Matthew Stewart}, title = {{QNodeService: Node.js Trojan Spread via Covid-19 Lure}}, date = {2020-05-14}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/qnodeservice-node-js-trojan-spread-via-covid-19-lure/}, language = {English}, urldate = {2020-05-18} } QNodeService: Node.js Trojan Spread via Covid-19 Lure
QNodeService
2020-04-21VolexityAndrew Case, Dave Lassalle, Matthew Meltzer, Sean Koessel, Steven Adair, Thomas Lancaster
@online{case:20200421:evil:54c1d46, author = {Andrew Case and Dave Lassalle and Matthew Meltzer and Sean Koessel and Steven Adair and Thomas Lancaster}, title = {{Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant}}, date = {2020-04-21}, organization = {Volexity}, url = {https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/}, language = {English}, urldate = {2020-04-22} } Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant