Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-15Huntress LabsTeam Huntress
@online{huntress:20220115:threat:cb103f0, author = {Team Huntress}, title = {{Threat Advisory: VMware Horizon Servers Actively Being Hit With Cobalt Strike (by DEV-0401)}}, date = {2022-01-15}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/cybersecurity-advisory-vmware-horizon-servers-actively-being-hit-with-cobalt-strike}, language = {English}, urldate = {2022-03-07} } Threat Advisory: VMware Horizon Servers Actively Being Hit With Cobalt Strike (by DEV-0401)
Cobalt Strike
2022-01-11Twitter (@cglyer)Christopher Glyer
@online{glyer:20220111:thread:ae5ec3d, author = {Christopher Glyer}, title = {{Thread on DEV-0401, a china based ransomware operator exploiting VMware Horizon with log4shell and deploying NightSky ransomware}}, date = {2022-01-11}, organization = {Twitter (@cglyer)}, url = {https://twitter.com/cglyer/status/1480742363991580674}, language = {English}, urldate = {2022-01-25} } Thread on DEV-0401, a china based ransomware operator exploiting VMware Horizon with log4shell and deploying NightSky ransomware
Cobalt Strike NightSky
2021-12-23vmwareThreat Analysis Unit
@online{unit:20211223:introducing:5593554, author = {Threat Analysis Unit}, title = {{Introducing DARTH: Distributed Analysis for Research and Threat Hunting}}, date = {2021-12-23}, organization = {vmware}, url = {https://blogs.vmware.com/networkvirtualization/2021/12/introducing-darth-distributed-analysis-for-research-and-threat-hunting.html/}, language = {English}, urldate = {2022-02-10} } Introducing DARTH: Distributed Analysis for Research and Threat Hunting
2021-12-03vmwareVMWare
@online{vmware:20211203:tigerrat:3388e2c, author = {VMWare}, title = {{TigerRAT – Advanced Adversaries on the Prowl}}, date = {2021-12-03}, organization = {vmware}, url = {https://blogs.vmware.com/security/2021/12/tigerrat-advanced-adversaries-on-the-prowl.html}, language = {English}, urldate = {2021-12-06} } TigerRAT – Advanced Adversaries on the Prowl
Tiger RAT
2021-11-16vmwareTakahiro Haruyama
@online{haruyama:20211116:monitoring:e4ca54e, author = {Takahiro Haruyama}, title = {{Monitoring Winnti 4.0 C2 Servers for Two Years}}, date = {2021-11-16}, organization = {vmware}, url = {https://blogs.vmware.com/security/2021/11/monitoring-winnti-4-0-c2-servers-for-two-years.html}, language = {English}, urldate = {2021-11-17} } Monitoring Winnti 4.0 C2 Servers for Two Years
Winnti
2021-11-11vmwareJason Zhang, Stefano Ortolani, Giovanni Vigna, Threat Analysis Unit
@online{zhang:20211111:research:b254ed6, author = {Jason Zhang and Stefano Ortolani and Giovanni Vigna and Threat Analysis Unit}, title = {{Research Recap: How To Automate Malware Campaign Detection With Telemetry Peak Analyzer}}, date = {2021-11-11}, organization = {vmware}, url = {https://blogs.vmware.com/security/2021/11/telemetry-peak-analyzer-an-automatic-malware-campaign-detector.html}, language = {English}, urldate = {2022-03-22} } Research Recap: How To Automate Malware Campaign Detection With Telemetry Peak Analyzer
Phorpiex QakBot
2021-09-21vmwareBob Plankers
@online{plankers:20210921:vmsa20210020:03f2366, author = {Bob Plankers}, title = {{VMSA-2021-0020: What You Need to Know (CVE-2021-22005)}}, date = {2021-09-21}, organization = {vmware}, url = {https://blogs.vmware.com/vsphere/2021/09/vmsa-2021-0020-what-you-need-to-know.html}, language = {English}, urldate = {2021-09-28} } VMSA-2021-0020: What You Need to Know (CVE-2021-22005)
2021-08-05Bleeping ComputerLawrence Abrams
@online{abrams:20210805:linux:d6e65f8, author = {Lawrence Abrams}, title = {{Linux version of BlackMatter ransomware targets VMware ESXi servers}}, date = {2021-08-05}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/linux-version-of-blackmatter-ransomware-targets-vmware-esxi-servers/}, language = {English}, urldate = {2021-08-09} } Linux version of BlackMatter ransomware targets VMware ESXi servers
BlackMatter
2021-07-26vmwareQuentin Fois, Pavankumar Chaudhari
@online{fois:20210726:hunting:ff1181b, author = {Quentin Fois and Pavankumar Chaudhari}, title = {{Hunting IcedID and unpacking automation with Qiling}}, date = {2021-07-26}, organization = {vmware}, url = {https://blogs.vmware.com/security/2021/07/hunting-icedid-and-unpacking-automation-with-qiling.html}, language = {English}, urldate = {2021-07-27} } Hunting IcedID and unpacking automation with Qiling
IcedID
2021-07-15Bleeping ComputerLawrence Abrams
@online{abrams:20210715:linux:87987af, author = {Lawrence Abrams}, title = {{Linux version of HelloKitty ransomware targets VMware ESXi servers}}, date = {2021-07-15}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/linux-version-of-hellokitty-ransomware-targets-vmware-esxi-servers/}, language = {English}, urldate = {2021-08-06} } Linux version of HelloKitty ransomware targets VMware ESXi servers
HelloKitty
2021-07-08vmwareQuentin Fois, Pavankumar Chaudhari
@online{fois:20210708:icedid:47da76d, author = {Quentin Fois and Pavankumar Chaudhari}, title = {{IcedID: Analysis and Detection}}, date = {2021-07-08}, organization = {vmware}, url = {https://blogs.vmware.com/security/2021/07/icedid-analysis-and-detection.html}, language = {English}, urldate = {2021-07-20} } IcedID: Analysis and Detection
IcedID
2021-07-01ThreatpostTom Spring
@online{spring:20210701:linux:2584acf, author = {Tom Spring}, title = {{Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices}}, date = {2021-07-01}, organization = {Threatpost}, url = {https://threatpost.com/linux-variant-ransomware-vmwares-nas/167511/}, language = {English}, urldate = {2021-07-02} } Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices
REvil
2021-06-04Bleeping ComputerSergiu Gatlan
@online{gatlan:20210604:freakout:0ccc055, author = {Sergiu Gatlan}, title = {{FreakOut malware worms its way into vulnerable VMware servers}}, date = {2021-06-04}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/freakout-malware-worms-its-way-into-vulnerable-vmware-servers/}, language = {English}, urldate = {2021-06-16} } FreakOut malware worms its way into vulnerable VMware servers
N3Cr0m0rPh
2021-03-29VMWare Carbon BlackJason Zhang, Oleg Boyarchuk, Giovanni Vigna
@online{zhang:20210329:dridex:7692f65, author = {Jason Zhang and Oleg Boyarchuk and Giovanni Vigna}, title = {{Dridex Reloaded: Analysis of a New Dridex Campaign}}, date = {2021-03-29}, organization = {VMWare Carbon Black}, url = {https://blogs.vmware.com/networkvirtualization/2021/03/analysis-of-a-new-dridex-campaign.html/}, language = {English}, urldate = {2021-04-09} } Dridex Reloaded: Analysis of a New Dridex Campaign
Dridex
2021-03-25VMWare Carbon BlackThreat Analysis Unit, Baibhav Singh, Giovanni Vigna
@online{unit:20210325:memory:6fb3ce4, author = {Threat Analysis Unit and Baibhav Singh and Giovanni Vigna}, title = {{Memory Forensics for Virtualized Hosts}}, date = {2021-03-25}, organization = {VMWare Carbon Black}, url = {https://blogs.vmware.com/networkvirtualization/2021/03/memory-forensics-for-virtualized-hosts.html/?src=so_601c8a71b87d7&cid=7012H000001YsJA}, language = {English}, urldate = {2021-04-09} } Memory Forensics for Virtualized Hosts
2021-02-24VMWare Carbon BlackTakahiro Haruyama
@techreport{haruyama:20210224:knock:f4903a2, author = {Takahiro Haruyama}, title = {{Knock, knock, Neo. - Active C2 Discovery Using Protocol Emulation}}, date = {2021-02-24}, institution = {VMWare Carbon Black}, url = {https://jsac.jpcert.or.jp/archive/2021/pdf/JSAC2021_201_haruyama_jp.pdf}, language = {Japanese}, urldate = {2021-02-26} } Knock, knock, Neo. - Active C2 Discovery Using Protocol Emulation
Cobalt Strike
2021-02-23vmwareThreat Analysis Unit
@techreport{unit:20210223:iron:c71d37f, author = {Threat Analysis Unit}, title = {{Iron Rain: Understanding Nation-State Motives and APT Groups}}, date = {2021-02-23}, institution = {vmware}, url = {https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/docs/vmwcb-report-iron-rain-understanding-nation-state-motives-and-apt-groups.pdf}, language = {English}, urldate = {2022-03-23} } Iron Rain: Understanding Nation-State Motives and APT Groups
2020-12-21US Court of Appeals for the Ninth CourtMicrosoft, Google, Cisco, Github, LinkedIn, VMWare, Internet Association, WhatsApp
@techreport{microsoft:20201221:case:eb6d265, author = {Microsoft and Google and Cisco and Github and LinkedIn and VMWare and Internet Association and WhatsApp}, title = {{Case: 20-16408: WhatsApp et al. vs NSO Group}}, date = {2020-12-21}, institution = {US Court of Appeals for the Ninth Court}, url = {https://blogs.microsoft.com/wp-content/uploads/prod/sites/5/2020/12/NSO-v.-WhatsApp-Amicus-Brief-Microsoft-et-al.-as-filed.pdf}, language = {English}, urldate = {2020-12-23} } Case: 20-16408: WhatsApp et al. vs NSO Group
2020-12-07NSANSA
@techreport{nsa:20201207:russian:9dbda97, author = {NSA}, title = {{Russian State-Sponsored Actors Exploiting Vulnerability in VMware® Workspace ONE Access Using Compromised Credentials}}, date = {2020-12-07}, institution = {NSA}, url = {https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF}, language = {English}, urldate = {2020-12-08} } Russian State-Sponsored Actors Exploiting Vulnerability in VMware® Workspace ONE Access Using Compromised Credentials
2020-07-24VMWare Carbon BlackAndrew Costis
@online{costis:20200724:tau:2730a2c, author = {Andrew Costis}, title = {{TAU Threat Discovery: Cryptocurrency Clipper Malware Evolves}}, date = {2020-07-24}, organization = {VMWare Carbon Black}, url = {https://www.carbonblack.com/blog/tau-threat-discovery-cryptocurrency-clipper-malware-evolves/}, language = {English}, urldate = {2020-08-05} } TAU Threat Discovery: Cryptocurrency Clipper Malware Evolves
Poulight Stealer