Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-19NetbyteSECFareed
@online{fareed:20220519:scam:1d261f3, author = {Fareed}, title = {{Scam and Malicious APK targeting Malaysian: MyMaidKL Technical Analysis}}, date = {2022-05-19}, organization = {NetbyteSEC}, url = {https://notes.netbytesec.com/2022/05/scam-and-malicious-apk-targeting.html}, language = {English}, urldate = {2022-10-30} } Scam and Malicious APK targeting Malaysian: MyMaidKL Technical Analysis
2022-05-04SophosAndreas Klopsch
@online{klopsch:20220504:attacking:750e07f, author = {Andreas Klopsch}, title = {{Attacking Emotet’s Control Flow Flattening}}, date = {2022-05-04}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/05/04/attacking-emotets-control-flow-flattening/}, language = {English}, urldate = {2022-05-05} } Attacking Emotet’s Control Flow Flattening
Emotet
2022-04-19DomainToolsIan Campbell
@online{campbell:20220419:stop:3823abd, author = {Ian Campbell}, title = {{Stop Crypto Kleptos in Their Tracks}}, date = {2022-04-19}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/stop-crypto-kleptos-in-their-tracks}, language = {English}, urldate = {2022-08-26} } Stop Crypto Kleptos in Their Tracks
2022-03-15TRUESECNicklas Keijser
@online{keijser:20220315:analysis:648df73, author = {Nicklas Keijser}, title = {{Analysis of CaddyWiper, wiper targeting Ukraine}}, date = {2022-03-15}, organization = {TRUESEC}, url = {https://www.truesec.com/hub/blog/analysis-of-caddywiper-wiper-targeting-ukraine}, language = {English}, urldate = {2022-03-16} } Analysis of CaddyWiper, wiper targeting Ukraine
CaddyWiper
2022-03-04ImpervaNelli Klepfish
@online{klepfish:20220304:imperva:10dce07, author = {Nelli Klepfish}, title = {{Imperva Mitigates Ransom DDoS Attack Measuring 2.5 Million Requests per Second}}, date = {2022-03-04}, organization = {Imperva}, url = {https://www.imperva.com/blog/imperva-mitigates-ransom-ddos-attack-measuring-2-5-million-requests-per-second/}, language = {English}, urldate = {2022-03-07} } Imperva Mitigates Ransom DDoS Attack Measuring 2.5 Million Requests per Second
2022-03-01NZZMatthias Sander, Shenzhen
@online{sander:20220301:china:a8c83ec, author = {Matthias Sander and Shenzhen}, title = {{China soll mit präzedenzlos ausgeklügelter Malware Regierungen ausspioniert haben}}, date = {2022-03-01}, organization = {NZZ}, url = {https://www.nzz.ch/technologie/china-soll-mit-praezedenzloser-malware-regierungen-ausspioniert-haben-ld.1672292}, language = {German}, urldate = {2022-03-14} } China soll mit präzedenzlos ausgeklügelter Malware Regierungen ausspioniert haben
Daxin
2022-02-16Medium s2wlabS2W TALON
@online{talon:20220216:post:82b63e4, author = {S2W TALON}, title = {{Post Mortem of KlaySwap Incident through BGP Hijacking | EN}}, date = {2022-02-16}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/post-mortem-of-klayswap-incident-through-bgp-hijacking-en-3ed7e33de600}, language = {English}, urldate = {2022-02-26} } Post Mortem of KlaySwap Incident through BGP Hijacking | EN
2022-02-14DarktraceOakley Cox
@online{cox:20220214:staying:16693dd, author = {Oakley Cox}, title = {{Staying ahead of REvil’s Ransomware-as-a-Service business model}}, date = {2022-02-14}, organization = {Darktrace}, url = {https://www.darktrace.com/en/blog/staying-ahead-of-r-evils-ransomware-as-a-service-business-model/}, language = {English}, urldate = {2022-03-01} } Staying ahead of REvil’s Ransomware-as-a-Service business model
REvil REvil
2022-02-08ProofpointKonstantin Klinger, Joshua Miller, Georgi Mladenov
@online{klinger:20220208:ugg:dc05453, author = {Konstantin Klinger and Joshua Miller and Georgi Mladenov}, title = {{Ugg Boots 4 Sale: A Tale of Palestinian-Aligned Espionage}}, date = {2022-02-08}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/ugg-boots-4-sale-tale-palestinian-aligned-espionage}, language = {English}, urldate = {2022-02-09} } Ugg Boots 4 Sale: A Tale of Palestinian-Aligned Espionage
BrittleBush NimbleMamba
2022-01-25Nozomi NetworksAlexey Kleymenov
@online{kleymenov:20220125:how:3c38376, author = {Alexey Kleymenov}, title = {{How to Analyze Malware for Technical Writing}}, date = {2022-01-25}, organization = {Nozomi Networks}, url = {https://www.nozominetworks.com/blog/how-to-analyze-malware-for-technical-writing/}, language = {English}, urldate = {2022-02-02} } How to Analyze Malware for Technical Writing
DarkSide
2022-01-24Check Point ResearchDikla Barda, Romain Zaikin, Oded Vanunu
@online{barda:20220124:scammers:df4feaf, author = {Dikla Barda and Romain Zaikin and Oded Vanunu}, title = {{Scammers are creating new fraudulent Crypto Tokens and misconfiguring smart contract’s to steal funds}}, date = {2022-01-24}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2022/scammers-are-creating-new-fraudulent-crypto-tokens-and-misconfiguring-smart-contracts-to-steal-funds/}, language = {English}, urldate = {2022-01-25} } Scammers are creating new fraudulent Crypto Tokens and misconfiguring smart contract’s to steal funds
2021-11-12Twitter (@3xp0rtblog)3xp0rt
@online{3xp0rt:20211112:tweets:fbce5a2, author = {3xp0rt}, title = {{Tweets on DarkLoader}}, date = {2021-11-12}, organization = {Twitter (@3xp0rtblog)}, url = {https://twitter.com/3xp0rtblog/status/1459081435361517585}, language = {English}, urldate = {2021-12-22} } Tweets on DarkLoader
DarkLoader
2021-09-03Twitter (@ESETresearch)ESET Research
@online{research:20210903:twitter:1e08c95, author = {ESET Research}, title = {{Twitter thread on SPARKLOG, a launcher component for PRIVATELOG along with STASHLOG}}, date = {2021-09-03}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1433819369784610828}, language = {English}, urldate = {2021-09-14} } Twitter thread on SPARKLOG, a launcher component for PRIVATELOG along with STASHLOG
PRIVATELOG STASHLOG
2021-08-26The New York TimesPaul Mozur, Chris Buckley
@online{mozur:20210826:spies:3fe7b2b, author = {Paul Mozur and Chris Buckley}, title = {{Spies for Hire: China’s New Breed of Hackers Blends Espionage and Entrepreneurship}}, date = {2021-08-26}, organization = {The New York Times}, url = {https://www.nytimes.com/2021/08/26/technology/china-hackers.html}, language = {English}, urldate = {2021-09-12} } Spies for Hire: China’s New Breed of Hackers Blends Espionage and Entrepreneurship
2021-08-22Malware and StuffAndreas Klopsch
@online{klopsch:20210822:peb:c8b9cea, author = {Andreas Klopsch}, title = {{PEB: Where Magic Is Stored}}, date = {2021-08-22}, organization = {Malware and Stuff}, url = {https://malwareandstuff.com/peb-where-magic-is-stored/}, language = {English}, urldate = {2021-09-19} } PEB: Where Magic Is Stored
Dacls
2021-08-06Sophos Naked SecurityPaul Ducklin
@online{ducklin:20210806:conti:9bcfb85, author = {Paul Ducklin}, title = {{Conti ransomware affiliate goes rogue, leaks “gang data”}}, date = {2021-08-06}, organization = {Sophos Naked Security}, url = {https://nakedsecurity.sophos.com/2021/08/06/conti-ransomware-affiliate-goes-rogue-leaks-company-data/}, language = {English}, urldate = {2022-03-18} } Conti ransomware affiliate goes rogue, leaks “gang data”
Conti
2021-08-03Twitter (@ValthekOn)Valthek
@online{valthek:20210803:blacklisted:4126206, author = {Valthek}, title = {{Tweet on blacklisted extensions & names of BlackMatter ransomware making the check against custom hashes values}}, date = {2021-08-03}, organization = {Twitter (@ValthekOn)}, url = {https://twitter.com/ValthekOn/status/1422385890467491841?s=20}, language = {English}, urldate = {2021-08-06} } Tweet on blacklisted extensions & names of BlackMatter ransomware making the check against custom hashes values
DarkSide
2021-08-02Youtube (Forschungsinstitut Cyber Defense)Alexander Rausch, Konstantin Klinger
@online{rausch:20210802:code:dee039d, author = {Alexander Rausch and Konstantin Klinger}, title = {{The CODE 2021: Workshop presentation and demonstration about CobaltStrike}}, date = {2021-08-02}, organization = {Youtube (Forschungsinstitut Cyber Defense)}, url = {https://www.youtube.com/watch?v=y65hmcLIWDY}, language = {English}, urldate = {2021-08-25} } The CODE 2021: Workshop presentation and demonstration about CobaltStrike
Cobalt Strike
2021-07-19ProofpointJoe Wise, Konstantin Klinger, Selena Larson, Proofpoint Threat Research Team
@online{wise:20210719:new:cb02a85, author = {Joe Wise and Konstantin Klinger and Selena Larson and Proofpoint Threat Research Team}, title = {{New Threat Actor Uses Spanish Language Lures to Distribute Seldom Observed Bandook Malware}}, date = {2021-07-19}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/new-threat-actor-uses-spanish-language-lures-distribute-seldom-observed-bandook}, language = {English}, urldate = {2021-07-26} } New Threat Actor Uses Spanish Language Lures to Distribute Seldom Observed Bandook Malware
Bandook
2021-06-22DarktraceOakley Cox
@online{cox:20210622:cryptomining:13a5fec, author = {Oakley Cox}, title = {{Crypto-mining on a DNS server}}, date = {2021-06-22}, organization = {Darktrace}, url = {https://www.darktrace.com/en/blog/crypto-mining-on-a-dns-server/}, language = {English}, urldate = {2021-06-24} } Crypto-mining on a DNS server