Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-12-01RiskIQJordan Herman
@online{herman:20211201:bulletproof:1ada142, author = {Jordan Herman}, title = {{Bulletproof Hosting Services: Investigating Shinjiru Technology Sdn Bhd}}, date = {2021-12-01}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/cb658730}, language = {English}, urldate = {2021-12-23} } Bulletproof Hosting Services: Investigating Shinjiru Technology Sdn Bhd
2021-11-17RiskIQJennifer Grob
@online{grob:20211117:aggah:67f2411, author = {Jennifer Grob}, title = {{Aggah Campaign Replaces Crypto Currency Addresses with Their Own}}, date = {2021-11-17}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/09514842}, language = {English}, urldate = {2021-11-18} } Aggah Campaign Replaces Crypto Currency Addresses with Their Own
2021-11-03RiskIQKelsey Clapp
@online{clapp:20211103:vagabon:d24a68e, author = {Kelsey Clapp}, title = {{Vagabon PhishKit - An Example of Shared Code Modularity}}, date = {2021-11-03}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/17d2262c}, language = {English}, urldate = {2021-11-08} } Vagabon PhishKit - An Example of Shared Code Modularity
2021-10-20RiskIQJennifer Grob
@online{grob:20211020:overview:f51c170, author = {Jennifer Grob}, title = {{Overview of Malware Hosted on Discord's Content Delivery Network}}, date = {2021-10-20}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/fe25847f}, language = {English}, urldate = {2021-10-26} } Overview of Malware Hosted on Discord's Content Delivery Network
2021-09-22RiskIQKelsey Clapp, Jordan Herman
@online{clapp:20210922:bom:b738b21, author = {Kelsey Clapp and Jordan Herman}, title = {{The Bom Skimmer and MageCart Group 7}}, date = {2021-09-22}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/743ea75b/description}, language = {English}, urldate = {2021-09-24} } The Bom Skimmer and MageCart Group 7
magecart
2021-09-16RiskIQRiskIQ
@online{riskiq:20210916:untangling:d1e0f1b, author = {RiskIQ}, title = {{Untangling the Spider Web: The Curious Connection Between WIZARD SPIDER’s Ransomware Infrastructure and a Windows Zero-Day Exploit}}, date = {2021-09-16}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/c88cf7e6}, language = {English}, urldate = {2021-09-19} } Untangling the Spider Web: The Curious Connection Between WIZARD SPIDER’s Ransomware Infrastructure and a Windows Zero-Day Exploit
Cobalt Strike Ryuk
2021-09-08RiskIQJennifer Grob
@online{grob:20210908:bulletproof:902e9f2, author = {Jennifer Grob}, title = {{Bulletproof Hosting Services: Investigating Flowspec}}, date = {2021-09-08}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/2a36a7d2/description}, language = {English}, urldate = {2021-09-10} } Bulletproof Hosting Services: Investigating Flowspec
Azorult Glupteba
2021-08-25RiskIQJordan Herman
@online{herman:20210825:eitest:e4c2c31, author = {Jordan Herman}, title = {{EITest: Linkages to the Ongoing Malware Delivery Campaign Referred to as "Gootloader"}}, date = {2021-08-25}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/f5d5ed38}, language = {English}, urldate = {2021-08-30} } EITest: Linkages to the Ongoing Malware Delivery Campaign Referred to as "Gootloader"
GootLoader
2021-07-30RiskIQTeam Atlas
@online{atlas:20210730:bear:04ae603, author = {Team Atlas}, title = {{Bear Tracks: Infrastructure Patterns Lead to More Than 30 Active APT29 C2 Servers}}, date = {2021-07-30}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/541a465f/description}, language = {English}, urldate = {2021-08-02} } Bear Tracks: Infrastructure Patterns Lead to More Than 30 Active APT29 C2 Servers
elf.wellmess WellMess
2021-07-28RiskIQJennifer Grob, Jordan Herman
@online{grob:20210728:use:8287989, author = {Jennifer Grob and Jordan Herman}, title = {{Use of XAMPP Web Component to Identify Agent Tesla Infrastructure}}, date = {2021-07-28}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/40000d46}, language = {English}, urldate = {2021-07-29} } Use of XAMPP Web Component to Identify Agent Tesla Infrastructure
Agent Tesla
2021-07-14RiskIQJordan Herman
@online{herman:20210714:bulletproof:6b4372f, author = {Jordan Herman}, title = {{Bulletproof Hosting Services: Investigating Media Land LLC, Part 2}}, date = {2021-07-14}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/7b83636f}, language = {English}, urldate = {2021-07-20} } Bulletproof Hosting Services: Investigating Media Land LLC, Part 2
2021-06-30RiskIQJennifer Grob, Jordan Herman
@online{grob:20210630:bulletproof:5d71486, author = {Jennifer Grob and Jordan Herman}, title = {{Bulletproof Hosting Services: Investigating Media Land LLC}}, date = {2021-06-30}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/49db7be3}, language = {English}, urldate = {2021-07-02} } Bulletproof Hosting Services: Investigating Media Land LLC
2021-06-16RiskIQJordan Herman
@online{herman:20210616:bit2check:760db1e, author = {Jordan Herman}, title = {{Bit2Check: Investigating Actors in the Carding Space}}, date = {2021-06-16}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/f1e8399e}, language = {English}, urldate = {2021-06-21} } Bit2Check: Investigating Actors in the Carding Space
2021-06-04RiskIQTeam RiskIQ
@online{riskiq:20210604:sysrvhello:e99aa12, author = {Team RiskIQ}, title = {{The Sysrv-hello Cryptojacking Botnet: Here’s What’s New}}, date = {2021-06-04}, organization = {RiskIQ}, url = {https://www.riskiq.com/blog/external-threat-management/sysrv-hello-cryptojacking-botnet/}, language = {English}, urldate = {2022-01-05} } The Sysrv-hello Cryptojacking Botnet: Here’s What’s New
Sysrv-hello
2021-06-02RiskIQJennifer Grob
@online{grob:20210602:review:df29e01, author = {Jennifer Grob}, title = {{Review of Sysrv-hello Cryptjacking Botnet}}, date = {2021-06-02}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/98f391f9}, language = {English}, urldate = {2021-06-16} } Review of Sysrv-hello Cryptjacking Botnet
2021-05-26RiskIQJordan Herman
@online{herman:20210526:mobileinter:bfb90e8, author = {Jordan Herman}, title = {{The MobileInter Skimmer: Hosted by Google, Hiding in Images}}, date = {2021-05-26}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/8109e7ab}, language = {English}, urldate = {2021-06-09} } The MobileInter Skimmer: Hosted by Google, Hiding in Images
2021-05-20RiskIQJennifer Grob
@online{grob:20210520:analysis:1b7ae0b, author = {Jennifer Grob}, title = {{Analysis of Infrastructure used by DarkSide Affiliates}}, date = {2021-05-20}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/fdf74f23}, language = {English}, urldate = {2021-05-26} } Analysis of Infrastructure used by DarkSide Affiliates
DarkSide
2021-05-05RiskIQKelsey Clapp
@online{clapp:20210505:viruses:aab7c1a, author = {Kelsey Clapp}, title = {{Viruses to Violations - TrickBot's Shift in Tactics During the Pandemic}}, date = {2021-05-05}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/298c9fc9}, language = {English}, urldate = {2021-05-26} } Viruses to Violations - TrickBot's Shift in Tactics During the Pandemic
TrickBot
2021-04-22RiskIQAdam Castleman, Jordan Herman
@online{castleman:20210422:stealing:d799b15, author = {Adam Castleman and Jordan Herman}, title = {{Stealing All Your Information For Years With Shadow Z118 PayPal Phish Kits}}, date = {2021-04-22}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/50bcba95}, language = {English}, urldate = {2021-04-28} } Stealing All Your Information For Years With Shadow Z118 PayPal Phish Kits
2021-04-22RiskIQRiskIQ
@online{riskiq:20210422:solarwinds:83581ea, author = {RiskIQ}, title = {{SolarWinds: Advancing the Story}}, date = {2021-04-22}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/9a515637}, language = {English}, urldate = {2021-04-28} } SolarWinds: Advancing the Story
SUNBURST