Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-24Twitter (@_icebre4ker_)_icebre4ker_
@online{icebre4ker:20220124:vultur:3eda891, author = {_icebre4ker_}, title = {{Vultur Dropper on Google Play Store}}, date = {2022-01-24}, organization = {Twitter (@_icebre4ker_)}, url = {https://twitter.com/_icebre4ker_/status/1485651238175846400}, language = {English}, urldate = {2022-02-02} } Vultur Dropper on Google Play Store
Vultur
2022-01-22Atomic Matryoshkaz3r0day_504
@online{z3r0day504:20220122:malware:1ec08ef, author = {z3r0day_504}, title = {{Malware Headliners: Emotet}}, date = {2022-01-22}, organization = {Atomic Matryoshka}, url = {https://www.atomicmatryoshka.com/post/malware-headliners-emotet}, language = {English}, urldate = {2022-02-01} } Malware Headliners: Emotet
Emotet
2022-01-21Twitter (@_CPResearch_)Check Point Research
@online{research:20220121:whitelambert:e5581c9, author = {Check Point Research}, title = {{Tweet on WhiteLambert malware}}, date = {2022-01-21}, organization = {Twitter (@_CPResearch_)}, url = {https://twitter.com/_CPResearch_/status/1484502090068242433}, language = {English}, urldate = {2022-01-25} } Tweet on WhiteLambert malware
Lambert
2022-01-20CybleincCyble
@online{cyble:20220120:deep:e172620, author = {Cyble}, title = {{Deep Dive Into Ragnar_locker Ransomware Gang}}, date = {2022-01-20}, organization = {Cybleinc}, url = {https://blog.cyble.com/2022/01/20/deep-dive-into-ragnar-locker-ransomware-gang/}, language = {English}, urldate = {2022-01-25} } Deep Dive Into Ragnar_locker Ransomware Gang
RagnarLocker
2022-01-15Atomic Matryoshkaz3r0day_504
@online{z3r0day504:20220115:malware:ce94f8c, author = {z3r0day_504}, title = {{Malware Headliners: Qakbot}}, date = {2022-01-15}, organization = {Atomic Matryoshka}, url = {https://www.atomicmatryoshka.com/post/malware-headliners-qakbot}, language = {English}, urldate = {2022-02-01} } Malware Headliners: Qakbot
QakBot
2022-01-13Twitter (@8th_grey_owl)8thGreyOwl
@online{8thgreyowl:20220113:selfmake:b0e52ab, author = {8thGreyOwl}, title = {{Tweet on SelfMake Loader}}, date = {2022-01-13}, organization = {Twitter (@8th_grey_owl)}, url = {https://twitter.com/8th_grey_owl/status/1481433481485844483}, language = {English}, urldate = {2022-01-19} } Tweet on SelfMake Loader
SelfMake Loader
2022-01-09Atomic Matryoshkaz3r0day_504
@online{z3r0day504:20220109:malware:81e38aa, author = {z3r0day_504}, title = {{Malware Headliners: Dridex}}, date = {2022-01-09}, organization = {Atomic Matryoshka}, url = {https://www.atomicmatryoshka.com/post/malware-headliners-dridex}, language = {English}, urldate = {2022-02-01} } Malware Headliners: Dridex
Dridex
2022-01-02Atomic Matryoshkaz3r0day_504
@online{z3r0day504:20220102:cracking:0315ea6, author = {z3r0day_504}, title = {{"Cracking Open the Malware Piñata" Series: Intro to Dynamic Analysis with RedLineStealer}}, date = {2022-01-02}, organization = {Atomic Matryoshka}, url = {https://www.atomicmatryoshka.com/post/cracking-open-the-malware-pi%C3%B1ata-series-intro-to-dynamic-analysis-with-redlinestealer}, language = {English}, urldate = {2022-05-29} } "Cracking Open the Malware Piñata" Series: Intro to Dynamic Analysis with RedLineStealer
RedLine Stealer
2021-11-17Twitter (@Unit42_Intel)Unit 42
@online{42:20211117:matanbuchus:9e3556c, author = {Unit 42}, title = {{Tweet on Matanbuchus Loader used to deliver Qakbot (tag obama128b) and follow-up CobaltStrike}}, date = {2021-11-17}, organization = {Twitter (@Unit42_Intel)}, url = {https://twitter.com/Unit42_Intel/status/1461004489234829320}, language = {English}, urldate = {2021-11-25} } Tweet on Matanbuchus Loader used to deliver Qakbot (tag obama128b) and follow-up CobaltStrike
Cobalt Strike QakBot
2021-11-16Twitter (@_icebre4ker_)Fr4
@online{fr4:20211116:about:7000822, author = {Fr4}, title = {{Tweet about Aberebot source code put up for sale by the developer}}, date = {2021-11-16}, organization = {Twitter (@_icebre4ker_)}, url = {https://twitter.com/_icebre4ker_/status/1460527428544176128}, language = {English}, urldate = {2021-11-19} } Tweet about Aberebot source code put up for sale by the developer
Aberebot
2021-11-16Twitter (@_CPResearch_)Check Point Research
@online{research:20211116:32bit:f9aff89, author = {Check Point Research}, title = {{Tweet on 32bit version of CVE-2021-1732 exploited by BITTER group}}, date = {2021-11-16}, organization = {Twitter (@_CPResearch_)}, url = {https://twitter.com/_CPResearch_/status/1460643735952318474}, language = {English}, urldate = {2021-11-19} } Tweet on 32bit version of CVE-2021-1732 exploited by BITTER group
2021-11-15The DFIR Report0xtornado, v3t0_
@online{0xtornado:20211115:exchange:2920728, author = {0xtornado and v3t0_}, title = {{Exchange Exploit Leads to Domain Wide Ransomware}}, date = {2021-11-15}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/11/15/exchange-exploit-leads-to-domain-wide-ransomware/}, language = {English}, urldate = {2021-11-17} } Exchange Exploit Leads to Domain Wide Ransomware
2021-11-12Twitter (@Arkbird_SOLG)Arkbird
@online{arkbird:20211112:tweets:3905e33, author = {Arkbird}, title = {{Tweets on Void Balaur using QuantLoader and ZStealer}}, date = {2021-11-12}, organization = {Twitter (@Arkbird_SOLG)}, url = {https://twitter.com/Arkbird_SOLG/status/1458973883068043264}, language = {English}, urldate = {2021-12-22} } Tweets on Void Balaur using QuantLoader and ZStealer
QuantLoader ZStealer
2021-11-05Twitter (@Unit42_Intel)Unit 42
@online{42:20211105:ta551:98c564e, author = {Unit 42}, title = {{Tweet on TA551 (Shathak) BazarLoader infection with CobaltStrike and DarkVNC drops}}, date = {2021-11-05}, organization = {Twitter (@Unit42_Intel)}, url = {https://twitter.com/Unit42_Intel/status/1458113934024757256}, language = {English}, urldate = {2021-11-17} } Tweet on TA551 (Shathak) BazarLoader infection with CobaltStrike and DarkVNC drops
BazarBackdoor Cobalt Strike
2021-11-03Twitter (@Corvid_Cyber)CORVID
@online{corvid:20211103:unique:3709f32, author = {CORVID}, title = {{Tweet on a unique Qbot debugger dropped by an actor after compromise}}, date = {2021-11-03}, organization = {Twitter (@Corvid_Cyber)}, url = {https://twitter.com/Corvid_Cyber/status/1455844008081641472}, language = {English}, urldate = {2021-11-08} } Tweet on a unique Qbot debugger dropped by an actor after compromise
QakBot
2021-11-01The DFIR Report@iiamaleks, @samaritan_o
@online{iiamaleks:20211101:from:2348d47, author = {@iiamaleks and @samaritan_o}, title = {{From Zero to Domain Admin}}, date = {2021-11-01}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/11/01/from-zero-to-domain-admin/}, language = {English}, urldate = {2021-11-03} } From Zero to Domain Admin
Cobalt Strike Hancitor
2021-10-20Medium ThreatMinerThreatMiner
@online{threatminer:20211020:tm:f691bf6, author = {ThreatMiner}, title = {{TM Follow-Up (TAG_APT35_14/10/21)}}, date = {2021-10-20}, organization = {Medium ThreatMiner}, url = {https://medium.com/@ThreatMiner/tm-follow-up-tag-apt35-14-10-21-72134fab9aea}, language = {English}, urldate = {2021-11-19} } TM Follow-Up (TAG_APT35_14/10/21)
2021-10-12Twitter (@_CPResearch_)Check Point Research
@online{research:20211012:of:80a5962, author = {Check Point Research}, title = {{Tweet of re-emergence phorpiex with a new "Twizt" module}}, date = {2021-10-12}, organization = {Twitter (@_CPResearch_)}, url = {https://twitter.com/_CPResearch_/status/1447852018794643457}, language = {English}, urldate = {2021-11-08} } Tweet of re-emergence phorpiex with a new "Twizt" module
Phorpiex
2021-09-28Twitter (@Max_Mal_)Max Malyutin
@online{malyutin:20210928:how:139921e, author = {Max Malyutin}, title = {{Tweet on how to debug SquirrelWaffle}}, date = {2021-09-28}, organization = {Twitter (@Max_Mal_)}, url = {https://twitter.com/Max_Mal_/status/1442496131410190339}, language = {English}, urldate = {2021-09-28} } Tweet on how to debug SquirrelWaffle
Squirrelwaffle
2021-09-28NetlabHui Wang, Alex.Turing, YANG XU
@online{wang:20210928:miraiptearimasuta:2349f41, author = {Hui Wang and Alex.Turing and YANG XU}, title = {{Mirai_ptea_Rimasuta variant is exploiting a new RUIJIE router 0 day to spread}}, date = {2021-09-28}, organization = {Netlab}, url = {https://blog.netlab.360.com/rimasuta-spread-with-ruijie-0day-en/}, language = {English}, urldate = {2021-10-24} } Mirai_ptea_Rimasuta variant is exploiting a new RUIJIE router 0 day to spread
Mirai