Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-07-18FortinetTom Hegel
@online{hegel:20220718:from:21160ee, author = {Tom Hegel}, title = {{From the Front Lines | 8220 Gang Massively Expands Cloud Botnet to 30,000 Infected Hosts}}, date = {2022-07-18}, organization = {Fortinet}, url = {https://www.sentinelone.com/blog/from-the-front-lines-8220-gang-massively-expands-cloud-botnet-to-30000-infected-hosts}, language = {English}, urldate = {2022-07-25} } From the Front Lines | 8220 Gang Massively Expands Cloud Botnet to 30,000 Infected Hosts
2022-07-18NetWitnessStefano Maccaglia, Will Gragido
@techreport{maccaglia:20220718:fin13:bcc74d2, author = {Stefano Maccaglia and Will Gragido}, title = {{FIN13 (Elephant Beetle): Viva la Threat! Anatomy of a Fintech Attack}}, date = {2022-07-18}, institution = {NetWitness}, url = {https://www.netwitness.com/wp-content/uploads/FIN13-Elephant-Beetle-NetWitness.pdf}, language = {English}, urldate = {2022-08-05} } FIN13 (Elephant Beetle): Viva la Threat! Anatomy of a Fintech Attack
FIN13
2022-07-07Sentinel LABSTom Hegel
@online{hegel:20220707:targets:174ab91, author = {Tom Hegel}, title = {{Targets of Interest - Russian Organizations Increasingly Under Attack By Chinese APTs}}, date = {2022-07-07}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/targets-of-interest-russian-organizations-increasingly-under-attack-by-chinese-apts/}, language = {English}, urldate = {2022-07-12} } Targets of Interest - Russian Organizations Increasingly Under Attack By Chinese APTs
8.t Dropper Korlia
2022-07-07JPCERT/CCShusei Tomonaga
@online{tomonaga:20220707:yamabot:bed4014, author = {Shusei Tomonaga}, title = {{YamaBot Malware Used by Lazarus}}, date = {2022-07-07}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2022/07/yamabot.html}, language = {English}, urldate = {2022-09-12} } YamaBot Malware Used by Lazarus
YamaBot
2022-07-05JPCERT/CCShusei Tomonaga
@online{tomonaga:20220705:vsingle:85138e2, author = {Shusei Tomonaga}, title = {{VSingle malware that obtains C2 server information from GitHub}}, date = {2022-07-05}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2022/07/vsingle.html}, language = {English}, urldate = {2022-07-05} } VSingle malware that obtains C2 server information from GitHub
VSingle
2022-07-01SYGNIAOren Biderman, Tomer Lahiyani, Noam Lifshitz
@online{biderman:20220701:luna:42b3fcf, author = {Oren Biderman and Tomer Lahiyani and Noam Lifshitz}, title = {{Luna Moth: The Actors Behind the Recent False Subscription Scams}}, date = {2022-07-01}, organization = {SYGNIA}, url = {https://blog.sygnia.co/luna-moth-false-subscription-scams}, language = {English}, urldate = {2022-07-15} } Luna Moth: The Actors Behind the Recent False Subscription Scams
2022-06-30MicrosoftPhilip Tsukerman, Amir Kutcher, Tomer Cabouly, Microsoft 365 Defender Research Team
@online{tsukerman:20220630:using:bb8c963, author = {Philip Tsukerman and Amir Kutcher and Tomer Cabouly and Microsoft 365 Defender Research Team}, title = {{Using process creation properties to catch evasion techniques}}, date = {2022-06-30}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/06/30/using-process-creation-properties-to-catch-evasion-techniques/}, language = {English}, urldate = {2022-08-18} } Using process creation properties to catch evasion techniques
2022-06-28AccentureAccenture
@online{accenture:20220628:stealbit:ec9bb0e, author = {Accenture}, title = {{Steal(Bit) or exfil, what does it (Ex)Matter? Comparative Analysis of Custom Exfiltration Tools}}, date = {2022-06-28}, organization = {Accenture}, url = {https://www.accenture.com/us-en/blogs/security/stealbit-exmatter-exfiltration-tool-analysis}, language = {English}, urldate = {2022-09-26} } Steal(Bit) or exfil, what does it (Ex)Matter? Comparative Analysis of Custom Exfiltration Tools
ExMatter StealBit
2022-05-30Matthieu Walter
@online{walter:20220530:automatically:a02278f, author = {Matthieu Walter}, title = {{Automatically Unpacking IcedID Stage 1 with Angr}}, date = {2022-05-30}, url = {https://matth.dmz42.org/posts/2022/automatically-unpacking-icedid-stage1-with-angr/}, language = {English}, urldate = {2022-05-31} } Automatically Unpacking IcedID Stage 1 with Angr
IcedID
2022-05-25Trend MicroArianne Dela Cruz, Byron Gelera, McJustine De Guzman, Warren Sto.Tomas
@online{cruz:20220525:new:43d8257, author = {Arianne Dela Cruz and Byron Gelera and McJustine De Guzman and Warren Sto.Tomas}, title = {{New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices}}, date = {2022-05-25}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/e/new-linux-based-ransomware-cheerscrypt-targets-exsi-devices.html}, language = {English}, urldate = {2022-05-29} } New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices
2022-05-25CrowdStrikeJamie Harris
@online{harris:20220525:hunting:48d53ea, author = {Jamie Harris}, title = {{Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun}}, date = {2022-05-25}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-to-hunt-for-decisivearchitect-and-justforfun-implant/}, language = {English}, urldate = {2022-05-29} } Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun
BPFDoor
2022-05-16Malwarebytes LabsThreat Intelligence Team
@online{team:20220516:custom:5fe917a, author = {Threat Intelligence Team}, title = {{Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis}}, date = {2022-05-16}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/05/custom-powershell-rat-targets-germans-seeking-information-about-the-ukraine-crisis/}, language = {English}, urldate = {2022-05-17} } Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis
Unidentified PS 003 (RAT)
2022-05-16JPCERT/CCShusei Tomonaga
@online{tomonaga:20220516:analysis:b1c8089, author = {Shusei Tomonaga}, title = {{Analysis of HUI Loader}}, date = {2022-05-16}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/ja/2022/05/HUILoader.html}, language = {English}, urldate = {2022-05-17} } Analysis of HUI Loader
HUI Loader PlugX Poison Ivy Quasar RAT
2022-05-07YouTube (botconf eu)Daniel Lunghi, Jaromír Hořejší
@online{lunghi:20220507:operation:749c341, author = {Daniel Lunghi and Jaromír Hořejší}, title = {{Operation Gamblingpuppet: Analysis Of A Multiplatform Campaign Targeting Online Gambling Customers}}, date = {2022-05-07}, organization = {YouTube (botconf eu)}, url = {https://www.youtube.com/watch?v=QXGO4RJaUPQ}, language = {English}, urldate = {2022-07-25} } Operation Gamblingpuppet: Analysis Of A Multiplatform Campaign Targeting Online Gambling Customers
Earth Berberoka
2022-05-04CybereasonChen Erlich, Fusao Tanida, Ofir Ozer, Akihiro Tomita, Niv Yona, Daniel Frank, Assaf Dahan
@online{erlich:20220504:operation:0d23595, author = {Chen Erlich and Fusao Tanida and Ofir Ozer and Akihiro Tomita and Niv Yona and Daniel Frank and Assaf Dahan}, title = {{Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques}}, date = {2022-05-04}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-cuckoobees-deep-dive-into-stealthy-winnti-techniques}, language = {English}, urldate = {2022-05-09} } Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques
PRIVATELOG Spyder STASHLOG Winnti
2022-05-04HPPatrick Schläpfer
@online{schlpfer:20220504:tips:f12f7ba, author = {Patrick Schläpfer}, title = {{Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware}}, date = {2022-05-04}, organization = {HP}, url = {https://threatresearch.ext.hp.com/tips-for-automating-ioc-extraction-from-gootloader-a-changing-javascript-malware/}, language = {English}, urldate = {2022-05-05} } Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware
GootLoader
2022-05-04CybereasonChen Erlich, Fusao Tanida, Ofir Ozer, Akihiro Tomita, Niv Yona, Daniel Frank, Assaf Dahan
@online{erlich:20220504:operation:e40ec58, author = {Chen Erlich and Fusao Tanida and Ofir Ozer and Akihiro Tomita and Niv Yona and Daniel Frank and Assaf Dahan}, title = {{Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive}}, date = {2022-05-04}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive}, language = {English}, urldate = {2022-05-05} } Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive
PRIVATELOG Spyder STASHLOG Winnti
2022-05-03Cluster25Cluster25
@online{cluster25:20220503:strange:1481afa, author = {Cluster25}, title = {{The Strange Link Between A Destructive Malware And A Ransomware-Gang Linked Custom Loader: IsaacWiper Vs Vatet}}, date = {2022-05-03}, organization = {Cluster25}, url = {https://cluster25.io/2022/05/03/a-strange-link-between-a-destructive-malware-and-the-loader-of-a-ransomware-group-isaacwiper-vs-vatet/}, language = {English}, urldate = {2022-05-04} } The Strange Link Between A Destructive Malware And A Ransomware-Gang Linked Custom Loader: IsaacWiper Vs Vatet
Cobalt Strike IsaacWiper PyXie
2022-04-27ZscalerDennis Schwarz, Brett Stone-Gross
@online{schwarz:20220427:targeted:7d4de4a, author = {Dennis Schwarz and Brett Stone-Gross}, title = {{Targeted attack on Thailand Pass customers delivers AsyncRAT}}, date = {2022-04-27}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/targeted-attack-thailand-pass-customers-delivers-asyncrat}, language = {English}, urldate = {2022-05-03} } Targeted attack on Thailand Pass customers delivers AsyncRAT
AsyncRAT
2022-04-21CrowdStrikeManoj Ahuje
@online{ahuje:20220421:lemonduck:6b61d01, author = {Manoj Ahuje}, title = {{LemonDuck Targets Docker for Cryptomining Operations}}, date = {2022-04-21}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/lemonduck-botnet-targets-docker-for-cryptomining-operations/}, language = {English}, urldate = {2022-04-24} } LemonDuck Targets Docker for Cryptomining Operations
Lemon Duck