Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-30CrowdStrikeFalcon OverWatch Team
@online{team:20210930:hunting:bc2e59d, author = {Falcon OverWatch Team}, title = {{Hunting for the Confluence Exploitation: When Falcon OverWatch Becomes the First Line of Defense}}, date = {2021-09-30}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-crowdstrike-threat-hunters-identified-a-confluence-exploit/}, language = {English}, urldate = {2021-10-05} } Hunting for the Confluence Exploitation: When Falcon OverWatch Becomes the First Line of Defense
Cobalt Strike
2021-09-30KasperskyMark Lechtik, Aseel Kayal, Paul Rascagnères, Vasily Berdnikov
@online{lechtik:20210930:ghostemperor:f7bdb63, author = {Mark Lechtik and Aseel Kayal and Paul Rascagnères and Vasily Berdnikov}, title = {{GhostEmperor: From ProxyLogon to kernel mode}}, date = {2021-09-30}, organization = {Kaspersky}, url = {https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/}, language = {English}, urldate = {2021-10-05} } GhostEmperor: From ProxyLogon to kernel mode
GhostEmperor
2021-09-30KasperskyMark Lechtik, Aseel Kayal, Paul Rascagnères, Vasily Berdnikov
@techreport{lechtik:20210930:ghostemperors:5422c32, author = {Mark Lechtik and Aseel Kayal and Paul Rascagnères and Vasily Berdnikov}, title = {{GhostEmperor’s infection chain and post-exploitation toolset: technical details}}, date = {2021-09-30}, institution = {Kaspersky}, url = {https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/30094337/GhostEmperor_technical-details_PDF_eng.pdf}, language = {English}, urldate = {2021-10-05} } GhostEmperor’s infection chain and post-exploitation toolset: technical details
2021-09-29TelsyTelsy Research Team
@online{team:20210929:google:127939e, author = {Telsy Research Team}, title = {{Google Drive abused in document exfiltration operation against Afghanistan}}, date = {2021-09-29}, organization = {Telsy}, url = {https://www.telsy.com/google-drive-abused-in-document-exfiltration-operation-against-afghanistan/}, language = {English}, urldate = {2021-10-11} } Google Drive abused in document exfiltration operation against Afghanistan
2021-09-29The RecordCatalin Cimpanu
@online{cimpanu:20210929:turkish:2ac5599, author = {Catalin Cimpanu}, title = {{Turkish national charged for DDoS attacks with the WireX botnet}}, date = {2021-09-29}, organization = {The Record}, url = {https://therecord.media/turkish-national-charged-for-ddos-attacks-with-the-wirex-botnet/}, language = {English}, urldate = {2021-10-13} } Turkish national charged for DDoS attacks with the WireX botnet
WireX
2021-09-29Trend MicroAliakbar Zahravi, William Gamazo Sanchez, Kamlapati Choubey, Peter Girnus
@online{zahravi:20210929:formbook:54b9f08, author = {Aliakbar Zahravi and William Gamazo Sanchez and Kamlapati Choubey and Peter Girnus}, title = {{FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal}}, date = {2021-09-29}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/i/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-404.html}, language = {English}, urldate = {2021-10-05} } FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal
Formbook
2021-09-29United States Department of JusticeUS Department of Justice
@online{justice:20210929:federal:acc7b4c, author = {US Department of Justice}, title = {{Federal Indictment in Chicago Charges Turkish National With Directing Cyber Attack on Multinational Hospitality Company}}, date = {2021-09-29}, organization = {United States Department of Justice}, url = {https://www.justice.gov/usao-ndil/pr/federal-indictment-chicago-charges-turkish-national-directing-cyber-attack}, language = {English}, urldate = {2021-10-13} } Federal Indictment in Chicago Charges Turkish National With Directing Cyber Attack on Multinational Hospitality Company
WireX
2021-09-29Ivan Kwiatkowski, Pierre Delcher
@online{kwiatkowski:20210929:darkhalo:d81f7d2, author = {Ivan Kwiatkowski and Pierre Delcher}, title = {{DarkHalo after SolarWinds: the Tomiris connection}}, date = {2021-09-29}, url = {https://securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104311/}, language = {English}, urldate = {2021-10-01} } DarkHalo after SolarWinds: the Tomiris connection
tomiris
2021-09-29ProofpointSelena Larson, Proofpoint Staff
@online{larson:20210929:ta544:ab2f0d3, author = {Selena Larson and Proofpoint Staff}, title = {{TA544 Targets Italian Organizations with Ursnif Malware}}, date = {2021-09-29}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/security-briefs/ta544-targets-italian-organizations-ursnif-malware}, language = {English}, urldate = {2021-10-11} } TA544 Targets Italian Organizations with Ursnif Malware
ISFB
2021-09-29CYBER GEEKS All Things InfosecCyberMasterV
@online{cybermasterv:20210929:how:b7fbf82, author = {CyberMasterV}, title = {{How to defeat the Russian Dukes: A step-by-step analysis of MiniDuke used by APT29/Cozy Bear}}, date = {2021-09-29}, organization = {CYBER GEEKS All Things Infosec}, url = {https://cybergeeks.tech/how-to-defeat-the-russian-dukes-a-step-by-step-analysis-of-miniduke-used-by-apt29-cozy-bear/}, language = {English}, urldate = {2021-10-14} } How to defeat the Russian Dukes: A step-by-step analysis of MiniDuke used by APT29/Cozy Bear
MiniDuke
2021-09-28Lab52Th3spis
@online{th3spis:20210928:winter:f871981, author = {Th3spis}, title = {{Winter Vivern – all Summer}}, date = {2021-09-28}, organization = {Lab52}, url = {https://lab52.io/blog/winter-vivern-all-summer/}, language = {English}, urldate = {2021-10-11} } Winter Vivern – all Summer
2021-09-28FlashpointFlashpoint
@online{flashpoint:20210928:revils:ffcbfac, author = {Flashpoint}, title = {{REvil’s “Cryptobackdoor” Con: Ransomware Group’s Tactics Roil Affiliates, Sparking a Fallout}}, date = {2021-09-28}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/revils-cryptobackdoor-con-ransomware-groups-tactics-roil-affiliates-sparking-a-fallout/}, language = {English}, urldate = {2021-10-13} } REvil’s “Cryptobackdoor” Con: Ransomware Group’s Tactics Roil Affiliates, Sparking a Fallout
REvil
2021-09-28Twitter (@Max_Mal_)Max Malyutin
@online{malyutin:20210928:how:139921e, author = {Max Malyutin}, title = {{Tweet on how to debug SquirrelWaffle}}, date = {2021-09-28}, organization = {Twitter (@Max_Mal_)}, url = {https://twitter.com/Max_Mal_/status/1442496131410190339}, language = {English}, urldate = {2021-09-28} } Tweet on how to debug SquirrelWaffle
Squirrelwaffle
2021-09-28Kaspersky LabsGReAT
@online{great:20210928:finspy:52097c8, author = {GReAT}, title = {{FinSpy: unseen findings}}, date = {2021-09-28}, organization = {Kaspersky Labs}, url = {https://securelist.com/finspy-unseen-findings/104322/}, language = {English}, urldate = {2021-10-08} } FinSpy: unseen findings
FinFisher FinFisher FinFisher FinFisher RAT
2021-09-28HolisticInfosecRuss McRee
@online{mcree:20210928:zircolite:a9dbceb, author = {Russ McRee}, title = {{Zircolite vs Defense Evasion & Nobellium FoggyWeb}}, date = {2021-09-28}, organization = {HolisticInfosec}, url = {https://holisticinfosec.io/post/2021-09-28-zircolite/}, language = {English}, urldate = {2021-10-11} } Zircolite vs Defense Evasion & Nobellium FoggyWeb
2021-09-28Twitter (@wvuuuuuuuuuuuuu)WVU
@online{wvu:20210928:itw:bd2b88b, author = {WVU}, title = {{Tweet on ITW exploitation of CVE-2021-22005}}, date = {2021-09-28}, organization = {Twitter (@wvuuuuuuuuuuuuu)}, url = {https://twitter.com/wvuuuuuuuuuuuuu/status/1442634215330390020}, language = {English}, urldate = {2021-10-05} } Tweet on ITW exploitation of CVE-2021-22005
2021-09-28Recorded FutureInsikt Group®
@techreport{group:20210928:business:ea7e9d5, author = {Insikt Group®}, title = {{The Business of Fraud: Laundering Funds in the Criminal Underground}}, date = {2021-09-28}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2021-0928.pdf}, language = {English}, urldate = {2021-10-11} } The Business of Fraud: Laundering Funds in the Criminal Underground
2021-09-28ZscalerAvinash Kumar, Brett Stone-Gross
@online{kumar:20210928:squirrelwaffle:9b1cffc, author = {Avinash Kumar and Brett Stone-Gross}, title = {{Squirrelwaffle: New Loader Delivering Cobalt Strike}}, date = {2021-09-28}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/squirrelwaffle-new-loader-delivering-cobalt-strike}, language = {English}, urldate = {2021-10-11} } Squirrelwaffle: New Loader Delivering Cobalt Strike
Cobalt Strike Squirrelwaffle
2021-09-28Recorded FutureInsikt Group®
@online{group:20210928:4:069b441, author = {Insikt Group®}, title = {{4 Chinese APT Groups Identified Targeting Mail Server of Afghan Telecommunications Firm Roshan}}, date = {2021-09-28}, organization = {Recorded Future}, url = {https://www.recordedfuture.com/chinese-apt-groups-target-afghan-telecommunications-firm/}, language = {English}, urldate = {2021-10-11} } 4 Chinese APT Groups Identified Targeting Mail Server of Afghan Telecommunications Firm Roshan
PlugX Winnti
2021-09-27Cyber-AnubisNidal Fikri
@online{fikri:20210927:redline:37cd84a, author = {Nidal Fikri}, title = {{RedLine Infostealer | Detailed Reverse Engineering}}, date = {2021-09-27}, organization = {Cyber-Anubis}, url = {https://cyber-anubis.github.io/malware%20analysis/redline/}, language = {English}, urldate = {2021-10-05} } RedLine Infostealer | Detailed Reverse Engineering
RedLine Stealer