Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-02-24RiskIQRiskIQ
@online{riskiq:20220224:riskiq:1c80c36, author = {RiskIQ}, title = {{RiskIQ: HermeticWiper Compromised Server Used in Attack Chain}}, date = {2022-02-24}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/9f59cb85}, language = {English}, urldate = {2022-03-02} } RiskIQ: HermeticWiper Compromised Server Used in Attack Chain
HermeticWiper
2022-02-07RiskIQRiskIQ
@online{riskiq:20220207:riskiq:43b167b, author = {RiskIQ}, title = {{RiskIQ: Malicious Infrastructure Connected to Particular Windows Host Certificates}}, date = {2022-02-07}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/ade260c6}, language = {English}, urldate = {2022-02-09} } RiskIQ: Malicious Infrastructure Connected to Particular Windows Host Certificates
AsyncRAT BitRAT Nanocore RAT
2022-02-03RiskIQRiskIQ
@online{riskiq:20220203:riskiq:2c2cdfe, author = {RiskIQ}, title = {{RiskIQ: Exposed QNAP Devices are Vulnerable to Compromise}}, date = {2022-02-03}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/1601124b}, language = {English}, urldate = {2022-02-04} } RiskIQ: Exposed QNAP Devices are Vulnerable to Compromise
DEADBOLT
2022-01-14RiskIQJordan Herman
@online{herman:20220114:riskiq:f4f5b68, author = {Jordan Herman}, title = {{RiskIQ: Unique SSL Certificates and JARM Hash Connected to Emotet and Dridex C2 Servers}}, date = {2022-01-14}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/2cd1c003}, language = {English}, urldate = {2022-01-18} } RiskIQ: Unique SSL Certificates and JARM Hash Connected to Emotet and Dridex C2 Servers
Dridex Emotet
2021-12-13RiskIQJordan Herman
@online{herman:20211213:riskiq:82a7631, author = {Jordan Herman}, title = {{RiskIQ: Connections between Nanocore, Netwire, and AsyncRAT and Vjw0rm dynamic DNS C2 infrastructure}}, date = {2021-12-13}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/24759ad2}, language = {English}, urldate = {2022-01-18} } RiskIQ: Connections between Nanocore, Netwire, and AsyncRAT and Vjw0rm dynamic DNS C2 infrastructure
AsyncRAT Nanocore RAT NetWire RC Vjw0rm
2021-12-03RiskIQKelsey Clapp
@online{clapp:20211203:woos:020f03d, author = {Kelsey Clapp}, title = {{Woo's There? Magecart Targets WooCommerce}}, date = {2021-12-03}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/2efc2782}, language = {English}, urldate = {2021-12-07} } Woo's There? Magecart Targets WooCommerce
magecart
2021-12-01RiskIQJordan Herman
@online{herman:20211201:bulletproof:1ada142, author = {Jordan Herman}, title = {{Bulletproof Hosting Services: Investigating Shinjiru Technology Sdn Bhd}}, date = {2021-12-01}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/cb658730}, language = {English}, urldate = {2021-12-23} } Bulletproof Hosting Services: Investigating Shinjiru Technology Sdn Bhd
2021-11-17RiskIQJennifer Grob
@online{grob:20211117:aggah:67f2411, author = {Jennifer Grob}, title = {{Aggah Campaign Replaces Crypto Currency Addresses with Their Own}}, date = {2021-11-17}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/09514842}, language = {English}, urldate = {2021-11-18} } Aggah Campaign Replaces Crypto Currency Addresses with Their Own
2021-11-03RiskIQKelsey Clapp
@online{clapp:20211103:vagabon:d24a68e, author = {Kelsey Clapp}, title = {{Vagabon PhishKit - An Example of Shared Code Modularity}}, date = {2021-11-03}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/17d2262c}, language = {English}, urldate = {2021-11-08} } Vagabon PhishKit - An Example of Shared Code Modularity
2021-10-20RiskIQJennifer Grob
@online{grob:20211020:overview:f51c170, author = {Jennifer Grob}, title = {{Overview of Malware Hosted on Discord's Content Delivery Network}}, date = {2021-10-20}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/fe25847f}, language = {English}, urldate = {2021-10-26} } Overview of Malware Hosted on Discord's Content Delivery Network
2021-09-22RiskIQKelsey Clapp, Jordan Herman
@online{clapp:20210922:bom:b738b21, author = {Kelsey Clapp and Jordan Herman}, title = {{The Bom Skimmer and MageCart Group 7}}, date = {2021-09-22}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/743ea75b/description}, language = {English}, urldate = {2021-09-24} } The Bom Skimmer and MageCart Group 7
magecart
2021-09-16RiskIQRiskIQ
@online{riskiq:20210916:untangling:d1e0f1b, author = {RiskIQ}, title = {{Untangling the Spider Web: The Curious Connection Between WIZARD SPIDER’s Ransomware Infrastructure and a Windows Zero-Day Exploit}}, date = {2021-09-16}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/c88cf7e6}, language = {English}, urldate = {2021-09-19} } Untangling the Spider Web: The Curious Connection Between WIZARD SPIDER’s Ransomware Infrastructure and a Windows Zero-Day Exploit
Cobalt Strike Ryuk
2021-09-08RiskIQJennifer Grob
@online{grob:20210908:bulletproof:902e9f2, author = {Jennifer Grob}, title = {{Bulletproof Hosting Services: Investigating Flowspec}}, date = {2021-09-08}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/2a36a7d2/description}, language = {English}, urldate = {2021-09-10} } Bulletproof Hosting Services: Investigating Flowspec
Azorult Glupteba
2021-08-25RiskIQJordan Herman
@online{herman:20210825:eitest:e4c2c31, author = {Jordan Herman}, title = {{EITest: Linkages to the Ongoing Malware Delivery Campaign Referred to as "Gootloader"}}, date = {2021-08-25}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/f5d5ed38}, language = {English}, urldate = {2021-08-30} } EITest: Linkages to the Ongoing Malware Delivery Campaign Referred to as "Gootloader"
GootLoader
2021-07-30RiskIQTeam Atlas
@online{atlas:20210730:bear:04ae603, author = {Team Atlas}, title = {{Bear Tracks: Infrastructure Patterns Lead to More Than 30 Active APT29 C2 Servers}}, date = {2021-07-30}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/541a465f/description}, language = {English}, urldate = {2021-08-02} } Bear Tracks: Infrastructure Patterns Lead to More Than 30 Active APT29 C2 Servers
elf.wellmess WellMess
2021-07-28RiskIQJennifer Grob, Jordan Herman
@online{grob:20210728:use:8287989, author = {Jennifer Grob and Jordan Herman}, title = {{Use of XAMPP Web Component to Identify Agent Tesla Infrastructure}}, date = {2021-07-28}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/40000d46}, language = {English}, urldate = {2021-07-29} } Use of XAMPP Web Component to Identify Agent Tesla Infrastructure
Agent Tesla
2021-07-14RiskIQJordan Herman
@online{herman:20210714:bulletproof:6b4372f, author = {Jordan Herman}, title = {{Bulletproof Hosting Services: Investigating Media Land LLC, Part 2}}, date = {2021-07-14}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/7b83636f}, language = {English}, urldate = {2021-07-20} } Bulletproof Hosting Services: Investigating Media Land LLC, Part 2
2021-06-30RiskIQJennifer Grob, Jordan Herman
@online{grob:20210630:bulletproof:5d71486, author = {Jennifer Grob and Jordan Herman}, title = {{Bulletproof Hosting Services: Investigating Media Land LLC}}, date = {2021-06-30}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/49db7be3}, language = {English}, urldate = {2021-07-02} } Bulletproof Hosting Services: Investigating Media Land LLC
2021-06-16RiskIQJordan Herman
@online{herman:20210616:bit2check:760db1e, author = {Jordan Herman}, title = {{Bit2Check: Investigating Actors in the Carding Space}}, date = {2021-06-16}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/f1e8399e}, language = {English}, urldate = {2021-06-21} } Bit2Check: Investigating Actors in the Carding Space
2021-06-04RiskIQTeam RiskIQ
@online{riskiq:20210604:sysrvhello:e99aa12, author = {Team RiskIQ}, title = {{The Sysrv-hello Cryptojacking Botnet: Here’s What’s New}}, date = {2021-06-04}, organization = {RiskIQ}, url = {https://www.riskiq.com/blog/external-threat-management/sysrv-hello-cryptojacking-botnet/}, language = {English}, urldate = {2022-01-05} } The Sysrv-hello Cryptojacking Botnet: Here’s What’s New
Sysrv-hello