Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-15VolexitySteven Adair, Thomas Lancaster, Volexity Threat Research
@online{adair:20220615:driftingcloud:58322a8, author = {Steven Adair and Thomas Lancaster and Volexity Threat Research}, title = {{DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach}}, date = {2022-06-15}, organization = {Volexity}, url = {https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/}, language = {English}, urldate = {2022-06-17} } DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach
pupy Sliver
2022-06-15Security JoesCharles Lomboni, Venkat Rajgor, Felipe Duarte
@techreport{lomboni:20220615:backdoor:8d43d9e, author = {Charles Lomboni and Venkat Rajgor and Felipe Duarte}, title = {{Backdoor via XFF: Mysterious Threat Actor Under Radar}}, date = {2022-06-15}, institution = {Security Joes}, url = {https://secjoes-reports.s3.eu-central-1.amazonaws.com/Backdoor%2Bvia%2BXFF%2BMysterious%2BThreat%2BActor%2BUnder%2BRadar.pdf}, language = {English}, urldate = {2022-06-16} } Backdoor via XFF: Mysterious Threat Actor Under Radar
CHINACHOPPER
2022-06-15ThreatStopOfir Ashman
@online{ashman:20220615:first:a157972, author = {Ofir Ashman}, title = {{First Conti, then Hive: Costa Rica gets hit with ransomware again}}, date = {2022-06-15}, organization = {ThreatStop}, url = {https://www.threatstop.com/blog/first-conti-then-hive-costa-rica-gets-hit-with-ransomware-again}, language = {English}, urldate = {2022-06-27} } First Conti, then Hive: Costa Rica gets hit with ransomware again
Conti Hive Conti Hive
2022-06-15QualysAkshat Pradhan
@techreport{pradhan:20220615:fake:f00033d, author = {Akshat Pradhan}, title = {{Fake Cracked Software Caught Peddling Redline Stealers}}, date = {2022-06-15}, institution = {Qualys}, url = {https://www.qualys.com/docs/whitepapers/qualys-wp-fake-cracked-software-caught-peddling-redline-stealers-v220606.pdf}, language = {English}, urldate = {2022-06-17} } Fake Cracked Software Caught Peddling Redline Stealers
RedLine Stealer
2022-06-13Quick HealTejaswini Sandapolla
@online{sandapolla:20220613:robin:038fcc7, author = {Tejaswini Sandapolla}, title = {{Robin Hood Ransomware ‘GOODWILL’ Forces Victim For Charity}}, date = {2022-06-13}, organization = {Quick Heal}, url = {https://blogs.quickheal.com/a-new-ransomware-goodwill-hacks-the-victims-for-charity-read-more-to-know-more-about-this-ransomware-and-how-it-affects-its-victims/}, language = {English}, urldate = {2022-06-15} } Robin Hood Ransomware ‘GOODWILL’ Forces Victim For Charity
RobinHood
2022-06-13cybleCyble Research Labs
@online{labs:20220613:hydra:b8c7a23, author = {Cyble Research Labs}, title = {{Hydra Android Malware Distributed Via Play Store}}, date = {2022-06-13}, organization = {cyble}, url = {https://blog.cyble.com/2022/06/13/hydra-android-malware-distributed-via-play-store/}, language = {English}, urldate = {2022-06-15} } Hydra Android Malware Distributed Via Play Store
Hydra
2022-06-13SekoiaThreat & Detection Research Team
@online{team:20220613:bumblebee:0a56342, author = {Threat & Detection Research Team}, title = {{BumbleBee: a new trendy loader for Initial Access Brokers}}, date = {2022-06-13}, organization = {Sekoia}, url = {https://blog.sekoia.io/bumblebee-a-new-trendy-loader-for-initial-access-brokers/}, language = {English}, urldate = {2022-06-17} } BumbleBee: a new trendy loader for Initial Access Brokers
BumbleBee
2022-06-13SecurityScorecardVlad Pasca
@online{pasca:20220613:detailed:f49a7e1, author = {Vlad Pasca}, title = {{A Detailed Analysis Of The Last Version Of REvil Ransomware (Download PDF)}}, date = {2022-06-13}, organization = {SecurityScorecard}, url = {https://securityscorecard.com/research/a-detailed-analysis-of-the-last-version-of-revil-ransomware}, language = {English}, urldate = {2022-06-15} } A Detailed Analysis Of The Last Version Of REvil Ransomware (Download PDF)
REvil
2022-06-13Palo Alto Networks Unit 42Unit 42
@online{42:20220613:gallium:d89b0b2, author = {Unit 42}, title = {{GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool}}, date = {2022-06-13}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/pingpull-gallium/}, language = {English}, urldate = {2022-06-15} } GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool
2022-06-13MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20220613:many:7681eda, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{The many lives of BlackCat ransomware}}, date = {2022-06-13}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/}, language = {English}, urldate = {2022-06-15} } The many lives of BlackCat ransomware
BlackCat
2022-06-13Avast DecodedJan Neduchal, David Álvarez
@online{neduchal:20220613:linux:67027a5, author = {Jan Neduchal and David Álvarez}, title = {{Linux Threat Hunting: ‘Syslogk’ a kernel rootkit found under development in the wild}}, date = {2022-06-13}, organization = {Avast Decoded}, url = {https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/}, language = {English}, urldate = {2022-06-15} } Linux Threat Hunting: ‘Syslogk’ a kernel rootkit found under development in the wild
Rekoobe
2022-06-13SANS ISCRenato Marinho
@online{marinho:20220613:translating:633e46a, author = {Renato Marinho}, title = {{Translating Saitama's DNS tunneling messages}}, date = {2022-06-13}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/Translating+Saitama%27s+DNS+tunneling+messages/28738}, language = {English}, urldate = {2022-06-16} } Translating Saitama's DNS tunneling messages
Saitama Backdoor
2022-06-12ConfiantTaha
@online{taha:20220612:how:c05db89, author = {Taha}, title = {{How SeaFlower 藏海花 installs backdoors in iOS/Android web3 wallets to steal your seed phrase}}, date = {2022-06-12}, organization = {Confiant}, url = {https://blog.confiant.com/how-seaflower-%E8%97%8F%E6%B5%B7%E8%8A%B1-installs-backdoors-in-ios-android-web3-wallets-to-steal-your-seed-phrase-d25f0ccdffce}, language = {English}, urldate = {2022-06-15} } How SeaFlower 藏海花 installs backdoors in iOS/Android web3 wallets to steal your seed phrase
2022-06-10Soc InvestigationVignesh Bhaaskaran
@online{bhaaskaran:20220610:new:d2fb70b, author = {Vignesh Bhaaskaran}, title = {{New SVCReady malware loads from Word doc properties – Detection & Response}}, date = {2022-06-10}, organization = {Soc Investigation}, url = {https://www.socinvestigation.com/new-svcready-malware-loads-from-word-doc-properties-detection-response/}, language = {English}, urldate = {2022-06-10} } New SVCReady malware loads from Word doc properties – Detection & Response
SVCReady
2022-06-10Palo Alto Networks Unit 42Doel Santos, Daniel Bunce
@online{santos:20220610:exposing:f66db25, author = {Doel Santos and Daniel Bunce}, title = {{Exposing HelloXD Ransomware and x4k}}, date = {2022-06-10}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/helloxd-ransomware}, language = {English}, urldate = {2022-06-11} } Exposing HelloXD Ransomware and x4k
2022-06-09ZscalerNiraj Shivtarkar, Avinash Kumar
@online{shivtarkar:20220609:lyceum:20cd217, author = {Niraj Shivtarkar and Avinash Kumar}, title = {{Lyceum .NET DNS Backdoor}}, date = {2022-06-09}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/lyceum-net-dns-backdoor}, language = {English}, urldate = {2022-06-10} } Lyceum .NET DNS Backdoor
Lyceum .NET DNS Backdoor
2022-06-09BlackberryJoakim Kennedy, The BlackBerry Research & Intelligence Team
@online{kennedy:20220609:symbiote:fcc031b, author = {Joakim Kennedy and The BlackBerry Research & Intelligence Team}, title = {{Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat}}, date = {2022-06-09}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat}, language = {English}, urldate = {2022-06-09} } Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
Symbiote
2022-06-09Palo Alto Networks Unit 42Amer Elsad, JR Gumarin, Abigail Barr
@online{elsad:20220609:lockbit:3cfa609, author = {Amer Elsad and JR Gumarin and Abigail Barr}, title = {{LockBit 2.0: How This RaaS Operates and How to Protect Against It}}, date = {2022-06-09}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/lockbit-2-ransomware/}, language = {English}, urldate = {2022-06-11} } LockBit 2.0: How This RaaS Operates and How to Protect Against It
LockBit
2022-06-09Bleeping ComputerLawrence Abrams
@online{abrams:20220609:roblox:19b3f09, author = {Lawrence Abrams}, title = {{Roblox Game Pass store used to sell ransomware decryptor}}, date = {2022-06-09}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/roblox-game-pass-store-used-to-sell-ransomware-decryptor/}, language = {English}, urldate = {2022-06-10} } Roblox Game Pass store used to sell ransomware decryptor
Chaos
2022-06-09AvastDominika Regéciová
@online{regciov:20220609:yara:ae26e01, author = {Dominika Regéciová}, title = {{Yara: In Search Of Regular Expressions}}, date = {2022-06-09}, organization = {Avast}, url = {https://engineering.avast.io/yara-in-search-of-regular-expressions/}, language = {English}, urldate = {2022-06-09} } Yara: In Search Of Regular Expressions