Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-05-03Twitter (@y_advintel)Yelisey Boguslavskiy
@online{boguslavskiy:20210503:tween:35cfbaf, author = {Yelisey Boguslavskiy}, title = {{Tween on new RaaS Galaxy Ransomware}}, date = {2021-05-03}, organization = {Twitter (@y_advintel)}, url = {https://twitter.com/y_advintel/status/1389330275616710657}, language = {English}, urldate = {2021-05-08} } Tween on new RaaS Galaxy Ransomware
2021-05-03splunkSplunk Threat Research Team
@online{team:20210503:clop:1d24527, author = {Splunk Threat Research Team}, title = {{Clop Ransomware Detection: Threat Research Release, April 2021}}, date = {2021-05-03}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/clop-ransomware-detection-threat-research-release-april-2021.html}, language = {English}, urldate = {2021-05-07} } Clop Ransomware Detection: Threat Research Release, April 2021
Clop
2021-05-03xorl %eax, %eaxAnastasios Pingios
@online{pingios:20210503:exploitation:b2c98a9, author = {Anastasios Pingios}, title = {{Exploitation of data breaches for executive protection}}, date = {2021-05-03}, organization = {xorl %eax, %eax}, url = {https://xorl.wordpress.com/2021/05/03/exploitation-of-data-breaches-for-executive-protection/}, language = {English}, urldate = {2021-05-08} } Exploitation of data breaches for executive protection
2021-05-03Medium walmartglobaltechJoshua Platt, Jason Reaves
@online{platt:20210503:buerloader:2aa3e3f, author = {Joshua Platt and Jason Reaves}, title = {{BuerLoader Updates}}, date = {2021-05-03}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/buerloader-updates-3e34c1949b96}, language = {English}, urldate = {2021-05-04} } BuerLoader Updates
Buer
2021-05-03Bleeping ComputerLawrence Abrams
@online{abrams:20210503:n3tw0rm:a58b595, author = {Lawrence Abrams}, title = {{N3TW0RM ransomware emerges in wave of cyberattacks in Israel}}, date = {2021-05-03}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/n3tw0rm-ransomware-emerges-in-wave-of-cyberattacks-in-israel/}, language = {English}, urldate = {2021-05-04} } N3TW0RM ransomware emerges in wave of cyberattacks in Israel
2021-05-03Bleeping ComputerLawrence Abrams
@online{abrams:20210503:apple:f499daf, author = {Lawrence Abrams}, title = {{Apple fixes 2 iOS zero-day vulnerabilities actively used in attacks}}, date = {2021-05-03}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/apple/apple-fixes-2-ios-zero-day-vulnerabilities-actively-used-in-attacks/}, language = {English}, urldate = {2021-05-04} } Apple fixes 2 iOS zero-day vulnerabilities actively used in attacks
2021-05-03ProofpointKelsey Merriman, Bryan Campbell, Selena Larson, Proofpoint Threat Research Team
@online{merriman:20210503:new:cd4d275, author = {Kelsey Merriman and Bryan Campbell and Selena Larson and Proofpoint Threat Research Team}, title = {{New Variant of Buer Loader Written in Rust}}, date = {2021-05-03}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/new-variant-buer-loader-written-rust}, language = {English}, urldate = {2021-05-03} } New Variant of Buer Loader Written in Rust
Buer
2021-05-03FortinetFred Gutierrez, Val Saengphaibul
@online{gutierrez:20210503:spearphishing:4dced65, author = {Fred Gutierrez and Val Saengphaibul}, title = {{Spearphishing Attack Uses COVID-21 Lure to Target Ukrainian Government}}, date = {2021-05-03}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/spearphishing-attack-uses-covid-21-lure-to-target-ukrainian-government}, language = {English}, urldate = {2021-05-04} } Spearphishing Attack Uses COVID-21 Lure to Target Ukrainian Government
2021-05-02The DFIR ReportThe DFIR Report
@online{report:20210502:trickbot:242b786, author = {The DFIR Report}, title = {{Trickbot Brief: Creds and Beacons}}, date = {2021-05-02}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2021/05/02/trickbot-brief-creds-and-beacons/}, language = {English}, urldate = {2021-05-04} } Trickbot Brief: Creds and Beacons
Cobalt Strike TrickBot
2021-05-02GoggleHeadedHacker BlogJacob Pimental
@online{pimental:20210502:sodinokibi:8c1c93c, author = {Jacob Pimental}, title = {{Sodinokibi Ransomware Analysis}}, date = {2021-05-02}, organization = {GoggleHeadedHacker Blog}, url = {https://www.goggleheadedhacker.com/blog/post/sodinokibi-ransomware-analysis}, language = {English}, urldate = {2021-05-08} } Sodinokibi Ransomware Analysis
REvil
2021-05-02Cybleinccybleinc
@online{cybleinc:20210502:mobile:8f117f2, author = {cybleinc}, title = {{Mobile Malware App Anubis Strikes Again, Continues to Lure Users Disguised as a Fake Antivirus}}, date = {2021-05-02}, organization = {Cybleinc}, url = {https://cybleinc.com/2021/05/02/mobile-malware-app-anubis-strikes-again-continues-to-lure-users-disguised-as-a-fake-antivirus/}, language = {English}, urldate = {2021-05-03} } Mobile Malware App Anubis Strikes Again, Continues to Lure Users Disguised as a Fake Antivirus
Anubis
2021-05-02The RecordCatalin Cimpanu
@online{cimpanu:20210502:doj:9d42ffb, author = {Catalin Cimpanu}, title = {{DOJ hiring new liaison prosecutor to hunt cybercriminals in Eastern Europe}}, date = {2021-05-02}, organization = {The Record}, url = {https://therecord.media/doj-hiring-new-liaison-prosecutor-to-hunt-cybercriminals-in-eastern-europe/}, language = {English}, urldate = {2021-05-03} } DOJ hiring new liaison prosecutor to hunt cybercriminals in Eastern Europe
2021-04-30FlashpointFlashpoint
@online{flashpoint:20210430:second:53c20b4, author = {Flashpoint}, title = {{A Second Iranian State-Sponsored Ransomware Operation “Project Signal” Emerges}}, date = {2021-04-30}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/second-iranian-ransomware-operation-project-signal-emerges/}, language = {English}, urldate = {2021-05-03} } A Second Iranian State-Sponsored Ransomware Operation “Project Signal” Emerges
2021-04-30Twitter (@3xp0rtblog)3xp0rt
@online{3xp0rt:20210430:zenar:be4f5e3, author = {3xp0rt}, title = {{Tweet on Zenar Miner}}, date = {2021-04-30}, organization = {Twitter (@3xp0rtblog)}, url = {https://twitter.com/3xp0rtblog/status/1387996083712888832?s=20}, language = {English}, urldate = {2021-05-08} } Tweet on Zenar Miner
2021-04-30Trend MicroCedric Pernet, Fyodor Yarochkin, Vladimir Kropotov
@online{pernet:20210430:how:2434ac6, author = {Cedric Pernet and Fyodor Yarochkin and Vladimir Kropotov}, title = {{How Cybercriminals Abuse OpenBullet for Credential Stuffing}}, date = {2021-04-30}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/d/how-cybercriminals-abuse-openbullet-for-credential-stuffing-.html}, language = {English}, urldate = {2021-05-03} } How Cybercriminals Abuse OpenBullet for Credential Stuffing
2021-04-30Medium ateixeiAlex Teixeira
@online{teixeira:20210430:detecting:70a1053, author = {Alex Teixeira}, title = {{Detecting network beacons via KQL using simple spread stats functions}}, date = {2021-04-30}, organization = {Medium ateixei}, url = {https://ateixei.medium.com/detecting-network-beacons-via-kql-using-simple-spread-stats-functions-c2f031b0736b}, language = {English}, urldate = {2021-05-03} } Detecting network beacons via KQL using simple spread stats functions
2021-04-30Cybleinccybleinc
@online{cybleinc:20210430:transparent:1df2639, author = {cybleinc}, title = {{Transparent Tribe Operating with a New Variant of Crimson RAT}}, date = {2021-04-30}, organization = {Cybleinc}, url = {https://cybleinc.com/2021/04/30/transparent-tribe-operating-with-a-new-variant-of-crimson-rat/}, language = {English}, urldate = {2021-05-03} } Transparent Tribe Operating with a New Variant of Crimson RAT
Crimson RAT
2021-04-30MADRID LabsOdin Bernstein
@online{bernstein:20210430:qbot:104bad4, author = {Odin Bernstein}, title = {{Qbot: Analyzing PHP Proxy Scripts from Compromised Web Server}}, date = {2021-04-30}, organization = {MADRID Labs}, url = {https://madlabs.dsu.edu/madrid/blog/2021/04/30/qbot-analyzing-php-proxy-scripts-from-compromised-web-server/}, language = {English}, urldate = {2021-05-08} } Qbot: Analyzing PHP Proxy Scripts from Compromised Web Server
QakBot
2021-04-30The RecordCatalin Cimpanu
@online{cimpanu:20210430:cybercrime:1bc5f68, author = {Catalin Cimpanu}, title = {{Cybercrime Featured DarkPath scam group loses 134 domains impersonating the WHO}}, date = {2021-04-30}, organization = {The Record}, url = {https://therecord.media/darkpath-scam-group-loses-134-domains-impersonating-the-who/}, language = {English}, urldate = {2021-05-03} } Cybercrime Featured DarkPath scam group loses 134 domains impersonating the WHO
2021-04-29Bleeping ComputerLawrence Abrams
@online{abrams:20210429:whistler:7e56ef7, author = {Lawrence Abrams}, title = {{Whistler resort municipality hit by new ransomware operation}}, date = {2021-04-29}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/whistler-resort-municipality-hit-by-new-ransomware-operation/}, language = {English}, urldate = {2021-05-08} } Whistler resort municipality hit by new ransomware operation