Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-11-10HAURIHAURI
@online{hauri:20231110:detailed:2940d5f, author = {HAURI}, title = {{Detailed analysis report: Malware disguised as Putty (Lazarus APT)}}, date = {2023-11-10}, organization = {HAURI}, url = {https://download.hauri.net/DownSource/down/dwn_detail_down.html?uid=55}, language = {Korean}, urldate = {2023-11-17} } Detailed analysis report: Malware disguised as Putty (Lazarus APT)
ComeBacker
2023-11-10NSFOCUSNSFOCUS
@online{nsfocus:20231110:new:f2ce1ec, author = {NSFOCUS}, title = {{The New APT Group DarkCasino and the Global Surge in WinRAR 0-Day Exploits}}, date = {2023-11-10}, organization = {NSFOCUS}, url = {https://nsfocusglobal.com/the-new-apt-group-darkcasino-and-the-global-surge-in-winrar-0-day-exploits/}, language = {English}, urldate = {2023-11-17} } The New APT Group DarkCasino and the Global Surge in WinRAR 0-Day Exploits
Cobalt Strike Konni
2023-11-09CYBERWARZONETech Team
@online{team:20231109:tasnim:f8aadc5, author = {Tech Team}, title = {{Tasnim News Hacked By WeRedEvils}}, date = {2023-11-09}, organization = {CYBERWARZONE}, url = {https://cyberwarzone.com/tasnim-news-hacked-by-weredevils/}, language = {English}, urldate = {2023-11-17} } Tasnim News Hacked By WeRedEvils
2023-11-09CrowdStrikeCounter Adversary Operations
@online{operations:20231109:imperial:8a2f4d0, author = {Counter Adversary Operations}, title = {{IMPERIAL KITTEN Deploys Novel Malware Families in Middle East-Focused Operations}}, date = {2023-11-09}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/imperial-kitten-deploys-novel-malware-families/}, language = {English}, urldate = {2023-11-14} } IMPERIAL KITTEN Deploys Novel Malware Families in Middle East-Focused Operations
IMAPLoader
2023-11-07SOCRadarSOCRadar
@online{socradar:20231107:new:70a6ba7, author = {SOCRadar}, title = {{New Gootloader Variant “GootBot” Changes the Game in Malware Tactics}}, date = {2023-11-07}, organization = {SOCRadar}, url = {https://socradar.io/new-gootloader-variant-gootbot-changes-the-game-in-malware-tactics/}, language = {English}, urldate = {2023-11-27} } New Gootloader Variant “GootBot” Changes the Game in Malware Tactics
GootLoader Cobalt Strike
2023-11-06SeqriteSathwik Ram Prakki
@online{prakki:20231106:sidecopys:03c64cf, author = {Sathwik Ram Prakki}, title = {{SideCopy’s Multi-platform Onslaught: Leveraging WinRAR Zero-Day and Linux Variant of Ares RAT}}, date = {2023-11-06}, organization = {Seqrite}, url = {https://www.seqrite.com/blog/sidecopys-multi-platform-onslaught-leveraging-winrar-zero-day-and-linux-variant-of-ares-rat/}, language = {English}, urldate = {2023-11-13} } SideCopy’s Multi-platform Onslaught: Leveraging WinRAR Zero-Day and Linux Variant of Ares RAT
Action RAT AllaKore
2023-11-06VMWare Carbon BlackSwee Lai Lee, Bria Beathley, Abe Schneider, Alan Ngo
@online{lee:20231106:jupyter:58d6320, author = {Swee Lai Lee and Bria Beathley and Abe Schneider and Alan Ngo}, title = {{Jupyter Rising: An Update on Jupyter Infostealer}}, date = {2023-11-06}, organization = {VMWare Carbon Black}, url = {https://blogs.vmware.com/security/2023/11/jupyter-rising-an-update-on-jupyter-infostealer.html}, language = {English}, urldate = {2023-11-17} } Jupyter Rising: An Update on Jupyter Infostealer
solarmarker
2023-11-06Twitter (@embee_research)Embee_research
@online{embeeresearch:20231106:unpacking:a3f7c0b, author = {Embee_research}, title = {{Unpacking Malware With Hardware Breakpoints - Cobalt Strike}}, date = {2023-11-06}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/unpacking-malware-with-hardware-breakpoints-cobalt-strike/}, language = {English}, urldate = {2023-11-13} } Unpacking Malware With Hardware Breakpoints - Cobalt Strike
Cobalt Strike
2023-11-06Security IntelligenceGolo Mühr, Ole Villadsen
@online{mhr:20231106:gootbot:e37a082, author = {Golo Mühr and Ole Villadsen}, title = {{GootBot – Gootloader’s new approach to post-exploitation}}, date = {2023-11-06}, organization = {Security Intelligence}, url = {https://securityintelligence.com/x-force/gootbot-gootloaders-new-approach-to-post-exploitation/}, language = {English}, urldate = {2023-11-27} } GootBot – Gootloader’s new approach to post-exploitation
GootLoader
2023-11-03UptycsShilpesh Trivedi, Uptycs Threat Research
@online{trivedi:20231103:ghostsec:049115a, author = {Shilpesh Trivedi and Uptycs Threat Research}, title = {{GhostSec: From Fighting ISIS to Possibly Targeting Israel with RaaS}}, date = {2023-11-03}, organization = {Uptycs}, url = {https://www.uptycs.com/blog/ghostlocker-ransomware-ghostsec}, language = {English}, urldate = {2023-11-13} } GhostSec: From Fighting ISIS to Possibly Targeting Israel with RaaS
GhostLocker GhostSec
2023-11-02BitSightBitSight
@online{bitsight:20231102:unveiling:26ed4db, author = {BitSight}, title = {{Unveiling Socks5Systemz: The Rise of a New Proxy Service via PrivateLoader and Amadey}}, date = {2023-11-02}, organization = {BitSight}, url = {https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey}, language = {English}, urldate = {2023-11-13} } Unveiling Socks5Systemz: The Rise of a New Proxy Service via PrivateLoader and Amadey
Amadey PrivateLoader Socks5 Systemz
2023-11-02BitSightBitSight
@online{bitsight:20231102:unveiling:747482a, author = {BitSight}, title = {{Unveiling Socks5Systemz: The Rise of a New Proxy Service via PrivateLoader and Amadey}}, date = {2023-11-02}, organization = {BitSight}, url = {https://www.bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey}, language = {English}, urldate = {2023-11-13} } Unveiling Socks5Systemz: The Rise of a New Proxy Service via PrivateLoader and Amadey
Amadey PrivateLoader Socks5 Systemz
2023-11-02DataBreaches.netDissent
@online{dissent:20231102:jeffco:bd86dfa, author = {Dissent}, title = {{Jeffco Public Schools hit by the same threat actors that hit Clark County School District — and via the same way}}, date = {2023-11-02}, organization = {DataBreaches.net}, url = {https://www.databreaches.net/jeffco-public-schools-hit-by-the-same-threat-actors-that-hit-clark-county-school-district-and-via-the-same-way/}, language = {English}, urldate = {2023-11-17} } Jeffco Public Schools hit by the same threat actors that hit Clark County School District — and via the same way
2023-11-01nccgroupMick Koomen
@online{koomen:20231101:popping:05205f6, author = {Mick Koomen}, title = {{Popping Blisters for research: An overview of past payloads and exploring recent developments}}, date = {2023-11-01}, organization = {nccgroup}, url = {https://blog.fox-it.com/2023/11/01/popping-blisters-for-research-an-overview-of-past-payloads-and-exploring-recent-developments/}, language = {English}, urldate = {2023-11-14} } Popping Blisters for research: An overview of past payloads and exploring recent developments
Blister Cobalt Strike
2023-11-01Twitter (@embee_research)Embee_research
@online{embeeresearch:20231101:malware:897262b, author = {Embee_research}, title = {{Malware Unpacking With Memory Dumps - Intermediate Methods (Pe-Sieve, Process Hacker, Hxd and Pe-bear)}}, date = {2023-11-01}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/unpacking-malware-using-process-hacker-and-memory-inspection/}, language = {English}, urldate = {2023-11-13} } Malware Unpacking With Memory Dumps - Intermediate Methods (Pe-Sieve, Process Hacker, Hxd and Pe-bear)
AsyncRAT
2023-11-01Idan Malihi
@online{malihi:20231101:redline:07a33c0, author = {Idan Malihi}, title = {{RedLine Stealer Malware Analysis}}, date = {2023-11-01}, url = {https://medium.com/@idan_malihi/redline-stealer-malware-analysis-76506ef723ab}, language = {English}, urldate = {2023-11-13} } RedLine Stealer Malware Analysis
RedLine Stealer
2023-11-01AppGateFelipe Tarijon
@online{tarijon:20231101:vietnamese:0cdc68a, author = {Felipe Tarijon}, title = {{Vietnamese Information Stealer Campaigns Target Professionals on LinkedIn}}, date = {2023-11-01}, organization = {AppGate}, url = {https://www.appgate.com/blog/vietnamese-information-stealer-campaigns-target-professionals-on-linkedin}, language = {English}, urldate = {2023-11-13} } Vietnamese Information Stealer Campaigns Target Professionals on LinkedIn
DUCKTAIL
2023-11-01SANS ISCXavier Mertens
@online{mertens:20231101:malware:c5ceeb2, author = {Xavier Mertens}, title = {{Malware Dropped Through a ZPAQ Archive}}, date = {2023-11-01}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/Malware+Dropped+Through+a+ZPAQ+Archive/30366/}, language = {English}, urldate = {2023-11-13} } Malware Dropped Through a ZPAQ Archive
2023-11-01NetskopeLeandro Froes
@online{froes:20231101:new:145f312, author = {Leandro Froes}, title = {{New DarkGate Variant Uses a New Loading Approach}}, date = {2023-11-01}, organization = {Netskope}, url = {https://www.netskope.com/jp/blog/new-darkgate-variant-uses-a-new-loading-approach}, language = {English}, urldate = {2023-11-13} } New DarkGate Variant Uses a New Loading Approach
DarkGate
2023-10-31Palo Alto Networks Unit 42Daniel Frank, Tom Fakterman
@online{frank:20231031:over:def0823, author = {Daniel Frank and Tom Fakterman}, title = {{Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla)}}, date = {2023-10-31}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/pensive-ursa-uses-upgraded-kazuar-backdoor/}, language = {English}, urldate = {2023-11-14} } Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla)
Kazuar