Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-01-09TrendmicroHitomi Kimura, Ryan Maglaque, Fe Cureg, Trent Bessell
@online{kimura:20230109:gootkit:585185a, author = {Hitomi Kimura and Ryan Maglaque and Fe Cureg and Trent Bessell}, title = {{Gootkit Loader Actively Targets Australian Healthcare Industry}}, date = {2023-01-09}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html}, language = {English}, urldate = {2023-01-13} } Gootkit Loader Actively Targets Australian Healthcare Industry
GootKit
2022-12-22Sentinel LABSAntonio Cocomazzi
@online{cocomazzi:20221222:custombranded:3f5dd45, author = {Antonio Cocomazzi}, title = {{Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development}}, date = {2022-12-22}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/}, language = {English}, urldate = {2023-01-05} } Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development
Curator PolyVice
2022-11-28MandiantRyan Tomcik, John Wolfram, Tommy Dacanay, Geoff Ackerman
@online{tomcik:20221128:always:f073a0d, author = {Ryan Tomcik and John Wolfram and Tommy Dacanay and Geoff Ackerman}, title = {{Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia}}, date = {2022-11-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/china-nexus-espionage-southeast-asia}, language = {English}, urldate = {2022-12-02} } Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia
BLUEHAZE DARKDEW MISTCLOAK
2022-11-03SentinelOneSentinelLabs
@online{sentinellabs:20221103:black:0be02f3, author = {SentinelLabs}, title = {{Black Basta Ransomware | Attacks deploy Custom EDR Evasion Tools tied to FIN7 Threat Actor}}, date = {2022-11-03}, organization = {SentinelOne}, url = {https://assets.sentinelone.com/sentinellabs22/sentinellabs-blackbasta}, language = {English}, urldate = {2022-11-03} } Black Basta Ransomware | Attacks deploy Custom EDR Evasion Tools tied to FIN7 Threat Actor
Black Basta QakBot SocksBot
2022-11-03Sentinel LABSAntonio Cocomazzi
@online{cocomazzi:20221103:black:b0c2f05, author = {Antonio Cocomazzi}, title = {{Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor}}, date = {2022-11-03}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/}, language = {English}, urldate = {2022-11-15} } Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor
Black Basta
2022-09-26CrowdStrikeIoan Iacob, Iulian Madalin Ionita
@online{iacob:20220926:anatomy:248e6ff, author = {Ioan Iacob and Iulian Madalin Ionita}, title = {{The Anatomy of Wiper Malware, Part 3: Input/Output Controls}}, date = {2022-09-26}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-3/}, language = {English}, urldate = {2022-09-29} } The Anatomy of Wiper Malware, Part 3: Input/Output Controls
CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper Meteor Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare
2022-09-22Sentinel LABSTom Hegel
@online{hegel:20220922:void:edb8cef, author = {Tom Hegel}, title = {{Void Balaur | The Sprawling Infrastructure of a Careless Mercenary}}, date = {2022-09-22}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/the-sprawling-infrastructure-of-a-careless-mercenary/}, language = {English}, urldate = {2022-09-27} } Void Balaur | The Sprawling Infrastructure of a Careless Mercenary
Void Balaur
2022-09-15JPCERT/CCShusei Tomonaga
@online{tomonaga:20220915:f5:717ee99, author = {Shusei Tomonaga}, title = {{F5 BIG-IP Vulnerability (CVE-2022-1388) Exploited by BlackTech}}, date = {2022-09-15}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2022/09/bigip-exploit.html}, language = {English}, urldate = {2022-09-19} } F5 BIG-IP Vulnerability (CVE-2022-1388) Exploited by BlackTech
Hipid
2022-09-15SentinelOneJim Walter
@online{walter:20220915:from:0d72348, author = {Jim Walter}, title = {{From the Front Lines | Slam! Anatomy of a Publicly-Available Ransomware Builder}}, date = {2022-09-15}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/from-the-front-lines-slam-anatomy-of-a-publicly-available-ransomware-builder/}, language = {English}, urldate = {2022-09-26} } From the Front Lines | Slam! Anatomy of a Publicly-Available Ransomware Builder
Slam
2022-09-01safebreachTomer Bar
@online{bar:20220901:safebreach:590dc9f, author = {Tomer Bar}, title = {{SafeBreach Labs Researchers Uncover New Remote Access Trojan (RAT)}}, date = {2022-09-01}, organization = {safebreach}, url = {https://www.safebreach.com/resources/blog/remote-access-trojan-coderat}, language = {English}, urldate = {2022-09-16} } SafeBreach Labs Researchers Uncover New Remote Access Trojan (RAT)
2022-08-30CiscoVanja Svajcer
@online{svajcer:20220830:modernloader:5b62dce, author = {Vanja Svajcer}, title = {{ModernLoader delivers multiple stealers, cryptominers and RATs}}, date = {2022-08-30}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html}, language = {English}, urldate = {2022-08-31} } ModernLoader delivers multiple stealers, cryptominers and RATs
Coinminer DCRat ModernLoader RedLine Stealer SapphireMiner SystemBC
2022-08-25Trend MicroMohamed Fahmy, Nathaniel Gregory Ragasa, Earle Maui Earnshaw, Bahaa Yamany, Jeffrey Francis Bonaobra, Jay Yaneza
@online{fahmy:20220825:new:62162e8, author = {Mohamed Fahmy and Nathaniel Gregory Ragasa and Earle Maui Earnshaw and Bahaa Yamany and Jeffrey Francis Bonaobra and Jay Yaneza}, title = {{New Golang Ransomware Agenda Customizes Attacks}}, date = {2022-08-25}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/h/new-golang-ransomware-agenda-customizes-attacks.html}, language = {English}, urldate = {2022-08-30} } New Golang Ransomware Agenda Customizes Attacks
AgendaCrypt
2022-08-25Trend MicroMohamed Fahmy, Nathaniel Gregory Ragasa, Earle Maui Earnshaw, Bahaa Yamany, Jeffrey Francis Bonaobra, Jay Yaneza
@online{fahmy:20220825:new:6f3ec79, author = {Mohamed Fahmy and Nathaniel Gregory Ragasa and Earle Maui Earnshaw and Bahaa Yamany and Jeffrey Francis Bonaobra and Jay Yaneza}, title = {{New Golang Ransomware Agenda Customizes Attacks (IoCs)}}, date = {2022-08-25}, organization = {Trend Micro}, url = {https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt}, language = {English}, urldate = {2022-08-30} } New Golang Ransomware Agenda Customizes Attacks (IoCs)
AgendaCrypt
2022-08-24Trend MicroRyan Soliven, Hitomi Kimura
@online{soliven:20220824:ransomware:a88ee05, author = {Ryan Soliven and Hitomi Kimura}, title = {{Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus}}, date = {2022-08-24}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html}, language = {English}, urldate = {2022-09-20} } Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
Babuk
2022-08-24CrowdStrikeIoan Iacob, Iulian Madalin Ionita
@online{iacob:20220824:anatomy:64f6451, author = {Ioan Iacob and Iulian Madalin Ionita}, title = {{The Anatomy of Wiper Malware, Part 2: Third-Party Drivers}}, date = {2022-08-24}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-2}, language = {English}, urldate = {2022-08-31} } The Anatomy of Wiper Malware, Part 2: Third-Party Drivers
2022-08-24Trend MicroRyan Soliven, Hitomi Kimura
@online{soliven:20220824:ransomware:20db707, author = {Ryan Soliven and Hitomi Kimura}, title = {{Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus (IoCs)}}, date = {2022-08-24}, organization = {Trend Micro}, url = {https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus/IOCs-blog-Ransomware%20Actor%20Abuses%20Genshin%20Impact%20Anti-Cheat%20Driver%20to%20Kill%20Antivirus.txt}, language = {English}, urldate = {2022-08-30} } Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus (IoCs)
Babuk
2022-08-12CrowdStrikeIoan Iacob, Iulian Madalin Ionita
@online{iacob:20220812:anatomy:b13ce32, author = {Ioan Iacob and Iulian Madalin Ionita}, title = {{The Anatomy of Wiper Malware, Part 1: Common Techniques}}, date = {2022-08-12}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-1/}, language = {English}, urldate = {2023-01-19} } The Anatomy of Wiper Malware, Part 1: Common Techniques
Apostle CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper IsraBye KillDisk Meteor Olympic Destroyer Ordinypt Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare
2022-08-02cybleCyble Research Labs
@online{labs:20220802:fake:9770cab, author = {Cyble Research Labs}, title = {{Fake Atomic Wallet Website Distributing Mars Stealer}}, date = {2022-08-02}, organization = {cyble}, url = {https://blog.cyble.com/2022/08/02/fake-atomic-wallet-website-distributing-mars-stealer/}, language = {English}, urldate = {2022-08-08} } Fake Atomic Wallet Website Distributing Mars Stealer
Mars Stealer
2022-07-20Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy, Marley Smith
@online{kremez:20220720:anatomy:cd94a81, author = {Vitali Kremez and Yelisey Boguslavskiy and Marley Smith}, title = {{Anatomy of Attack: Truth Behind the Costa Rica Government Ransomware 5-Day Intrusion}}, date = {2022-07-20}, organization = {Advanced Intelligence}, url = {https://www.advintel.io/post/anatomy-of-attack-truth-behind-the-costa-rica-government-ransomware-5-day-intrusion}, language = {English}, urldate = {2022-07-25} } Anatomy of Attack: Truth Behind the Costa Rica Government Ransomware 5-Day Intrusion
Cobalt Strike
2022-07-18NetWitnessStefano Maccaglia, Will Gragido
@techreport{maccaglia:20220718:fin13:bcc74d2, author = {Stefano Maccaglia and Will Gragido}, title = {{FIN13 (Elephant Beetle): Viva la Threat! Anatomy of a Fintech Attack}}, date = {2022-07-18}, institution = {NetWitness}, url = {https://www.netwitness.com/wp-content/uploads/FIN13-Elephant-Beetle-NetWitness.pdf}, language = {English}, urldate = {2022-08-05} } FIN13 (Elephant Beetle): Viva la Threat! Anatomy of a Fintech Attack
FIN13