Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-11-16Medium (@DCSO_CyTec)Johann Aydinbas, Axel Wauer
@online{aydinbas:20221116:hz:b5a2d6d, author = {Johann Aydinbas and Axel Wauer}, title = {{HZ RAT goes China}}, date = {2022-11-16}, organization = {Medium (@DCSO_CyTec)}, url = {https://medium.com/@DCSO_CyTec/hz-rat-goes-china-506854c5f2e2}, language = {English}, urldate = {2022-11-18} } HZ RAT goes China
HZ RAT
2022-11-14Twitter (@embee_research)Matthew
@online{matthew:20221114:twitter:9b57525, author = {Matthew}, title = {{Twitter thread on Yara Signatures for Qakbot Encryption Routines}}, date = {2022-11-14}, organization = {Twitter (@embee_research)}, url = {https://twitter.com/embee_research/status/1592067841154756610?s=20}, language = {English}, urldate = {2022-11-18} } Twitter thread on Yara Signatures for Qakbot Encryption Routines
IcedID QakBot
2022-11-02Twitter (@_CPResearch_)Checkpoint Research
@online{research:20221102:azov:9f43496, author = {Checkpoint Research}, title = {{Tweet on Azov Wiper}}, date = {2022-11-02}, organization = {Twitter (@_CPResearch_)}, url = {https://twitter.com/_CPResearch_/status/1587837524604465153}, language = {English}, urldate = {2022-11-09} } Tweet on Azov Wiper
Azov Wiper
2022-10-12Twitter (@embee_research)Embee_research, Huntress Labs
@online{embeeresearch:20221012:tweets:3284cd3, author = {Embee_research and Huntress Labs}, title = {{Tweets on detection of Brute Ratel via API Hashes}}, date = {2022-10-12}, organization = {Twitter (@embee_research)}, url = {https://twitter.com/embee_research/status/1580030303950995456?s=20&t=0vfXnrCXaVSX-P-hiSrFwA}, language = {English}, urldate = {2022-11-21} } Tweets on detection of Brute Ratel via API Hashes
Brute Ratel C4
2022-10-11Twitter (@embee_research)Embee_research, Huntress Labs
@online{embeeresearch:20221011:havoc:3bc6fb5, author = {Embee_research and Huntress Labs}, title = {{Tweet on Havoc C2 - Static Detection Via Ntdll API Hashes}}, date = {2022-10-11}, organization = {Twitter (@embee_research)}, url = {https://twitter.com/embee_research/status/1579668721777643520?s=20&t=nDJOv1Yf5mQZKCou7qMrhQ}, language = {English}, urldate = {2022-11-21} } Tweet on Havoc C2 - Static Detection Via Ntdll API Hashes
Havoc
2022-10-11Medium (@DCSO_CyTec)Axel Wauer, Johann Aydinbas, Denis Szadkowski
@online{wauer:20221011:tracking:7c6c193, author = {Axel Wauer and Johann Aydinbas and Denis Szadkowski}, title = {{Tracking down Maggie}}, date = {2022-10-11}, organization = {Medium (@DCSO_CyTec)}, url = {https://medium.com/@DCSO_CyTec/tracking-down-maggie-4d889872513d}, language = {English}, urldate = {2022-10-30} } Tracking down Maggie
Maggie
2022-10-04Medium (@DCSO_CyTec)Johann Aydinbas, Axel Wauer
@online{aydinbas:20221004:mssql:df4869a, author = {Johann Aydinbas and Axel Wauer}, title = {{MSSQL, meet Maggie}}, date = {2022-10-04}, organization = {Medium (@DCSO_CyTec)}, url = {https://medium.com/@DCSO_CyTec/mssql-meet-maggie-898773df3b01}, language = {English}, urldate = {2022-10-05} } MSSQL, meet Maggie
Maggie
2022-10-04Twitter (@sekoia_io)sekoia
@online{sekoia:20221004:tweets:49c9f1d, author = {sekoia}, title = {{Tweets detailing operation of Erbium stealer}}, date = {2022-10-04}, organization = {Twitter (@sekoia_io)}, url = {https://twitter.com/sekoia_io/status/1577222282929311744}, language = {English}, urldate = {2022-12-05} } Tweets detailing operation of Erbium stealer
Erbium Stealer
2022-09-22Twitter (@sekoia_io)sekoia
@online{sekoia:20220922:tweets:b2e9079, author = {sekoia}, title = {{Tweets on Lumma stealer}}, date = {2022-09-22}, organization = {Twitter (@sekoia_io)}, url = {https://twitter.com/sekoia_io/status/1572889505497223169}, language = {English}, urldate = {2022-10-14} } Tweets on Lumma stealer
Lumma Stealer
2022-09-16Group-IBTwitter (@GroupIB_GIB)
@online{groupibgib:20220916:uber:255f13d, author = {Twitter (@GroupIB_GIB)}, title = {{Tweet on Uber Employees potentially infected with Raccoon and Vidar stealer}}, date = {2022-09-16}, organization = {Group-IB}, url = {https://twitter.com/GroupIB_GIB/status/1570821174736850945}, language = {English}, urldate = {2022-09-19} } Tweet on Uber Employees potentially infected with Raccoon and Vidar stealer
Raccoon Vidar
2022-08-30Medium the_abjuri5tJohn F
@online{f:20220830:nanocore:86aa443, author = {John F}, title = {{NanoCore RAT Hunting Guide}}, date = {2022-08-30}, organization = {Medium the_abjuri5t}, url = {https://medium.com/@the_abjuri5t/nanocore-rat-hunting-guide-cb185473c1e0}, language = {English}, urldate = {2022-08-30} } NanoCore RAT Hunting Guide
Nanocore RAT
2022-08-25ExpelKyle Pellett, Andrew Jerry
@online{pellett:20220825:moreeggs:f309813, author = {Kyle Pellett and Andrew Jerry}, title = {{MORE_EGGS and Some LinkedIn Resumé Spearphishing}}, date = {2022-08-25}, organization = {Expel}, url = {https://expel.com/blog/more-eggs-and-some-linkedin-resume-spearphishing}, language = {English}, urldate = {2022-08-31} } MORE_EGGS and Some LinkedIn Resumé Spearphishing
More_eggs
2022-08-16Twitter (@fumik0_)fumik0
@online{fumik0:20220816:lumma:76d543a, author = {fumik0}, title = {{Tweet on Lumma Stealer based on Mars Stealer}}, date = {2022-08-16}, organization = {Twitter (@fumik0_)}, url = {https://twitter.com/fumik0_/status/1559474920152875008}, language = {English}, urldate = {2022-08-28} } Tweet on Lumma Stealer based on Mars Stealer
Lumma Stealer
2022-08-01Twitter (@sekoia_io)sekoia
@online{sekoia:20220801:turlas:ec60a74, author = {sekoia}, title = {{Tweet on Turla's CyberAzov activity}}, date = {2022-08-01}, organization = {Twitter (@sekoia_io)}, url = {https://twitter.com/sekoia_io/status/1554086468104196096}, language = {English}, urldate = {2022-08-02} } Tweet on Turla's CyberAzov activity
CyberAzov
2022-07-26Cert-UACert-UA
@online{certua:20220726:uac0010:e697f18, author = {Cert-UA}, title = {{UAC-0010 (Armageddon) cyberattacks using the GammaLoad.PS1_v2 malware (CERT-UA#5003,5013,5069,5071)}}, date = {2022-07-26}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/971405}, language = {Ukrainian}, urldate = {2022-07-28} } UAC-0010 (Armageddon) cyberattacks using the GammaLoad.PS1_v2 malware (CERT-UA#5003,5013,5069,5071)
Gamaredon Group
2022-06-28Twitter (@_CPResearch_)Check Point Research
@online{research:20220628:malware:896fb41, author = {Check Point Research}, title = {{Tweet on malware used against Steel Industry in Iran}}, date = {2022-06-28}, organization = {Twitter (@_CPResearch_)}, url = {https://twitter.com/_cpresearch_/status/1541753913732366338}, language = {English}, urldate = {2022-07-25} } Tweet on malware used against Steel Industry in Iran
Meteor Predatory Sparrow
2022-06-28Twitter (@_icebre4ker_)Fr4
@online{fr4:20220628:revive:7582d22, author = {Fr4}, title = {{Revive and Coper are using similar phishing template and app}}, date = {2022-06-28}, organization = {Twitter (@_icebre4ker_)}, url = {https://twitter.com/_icebre4ker_/status/1541875982684094465}, language = {English}, urldate = {2022-06-29} } Revive and Coper are using similar phishing template and app
Coper
2022-05-12Cert-UACert-UA
@online{certua:20220512:uac0010:582178b, author = {Cert-UA}, title = {{Uac-0010 (Armageddon) cyberattacks using GammaLoad.PS1_v2 malware (CERT-UA#4634,4648)}}, date = {2022-05-12}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/40240}, language = {Ukrainian}, urldate = {2022-05-17} } Uac-0010 (Armageddon) cyberattacks using GammaLoad.PS1_v2 malware (CERT-UA#4634,4648)
Gamaredon Group
2022-04-27Binary Defenseshade_vx
@online{shadevx:20220427:detecting:ebc3f20, author = {shade_vx}, title = {{Detecting Ransomware’s Stealthy Boot Configuration Edits}}, date = {2022-04-27}, organization = {Binary Defense}, url = {https://www.binarydefense.com/detecting-ransomwares-stealthy-boot-configuration-edits/}, language = {English}, urldate = {2022-05-09} } Detecting Ransomware’s Stealthy Boot Configuration Edits
2022-04-21eSentireeSentire Threat Response Unit (TRU)
@online{tru:20220421:hackers:e10086f, author = {eSentire Threat Response Unit (TRU)}, title = {{Hackers Spearphish Corporate Hiring Managers with Poisoned Resumes, Infecting Them with the More_Eggs Malware, Warns eSentire}}, date = {2022-04-21}, organization = {eSentire}, url = {https://www.esentire.com/blog/hackers-spearphish-corporate-hiring-managers-with-poisoned-resumes-infecting-them-with-the-more-eggs-malware}, language = {English}, urldate = {2023-01-25} } Hackers Spearphish Corporate Hiring Managers with Poisoned Resumes, Infecting Them with the More_Eggs Malware, Warns eSentire
More_eggs TerraLoader VenomLNK