Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-10Deep instinctDeep Instinct Threat Lab
@online{lab:20230510:bpfdoor:d22b474, author = {Deep Instinct Threat Lab}, title = {{BPFDoor Malware Evolves – Stealthy Sniffing Backdoor Ups Its Game}}, date = {2023-05-10}, organization = {Deep instinct}, url = {https://www.deepinstinct.com/blog/bpfdoor-malware-evolves-stealthy-sniffing-backdoor-ups-its-game}, language = {English}, urldate = {2023-05-11} } BPFDoor Malware Evolves – Stealthy Sniffing Backdoor Ups Its Game
BPFDoor
2023-05-09paloalto Netoworks: Unit42Doel Santos, Daniel Bunce, Anthony Galiette
@online{santos:20230509:threat:c231c7f, author = {Doel Santos and Daniel Bunce and Anthony Galiette}, title = {{Threat Assessment: Royal Ransomware}}, date = {2023-05-09}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/royal-ransomware/}, language = {English}, urldate = {2023-05-10} } Threat Assessment: Royal Ransomware
Royal Ransom Royal Ransom
2023-05-09CISACISA
@online{cisa:20230509:hunting:eee110d, author = {CISA}, title = {{Hunting Russian Intelligence “Snake” Malware}}, date = {2023-05-09}, organization = {CISA}, url = {https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a}, language = {English}, urldate = {2023-05-10} } Hunting Russian Intelligence “Snake” Malware
Agent.BTZ Cobra Carbon System Uroburos
2023-05-09SophosPaul Jaramillo
@online{jaramillo:20230509:akira:55a936a, author = {Paul Jaramillo}, title = {{Akira Ransomware is “bringin’ 1988 back”}}, date = {2023-05-09}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2023/05/09/akira-ransomware-is-bringin-88-back/}, language = {English}, urldate = {2023-05-11} } Akira Ransomware is “bringin’ 1988 back”
Akira
2023-05-09Huntress LabsMatthew Brennan
@online{brennan:20230509:advanced:eaca988, author = {Matthew Brennan}, title = {{Advanced Cyberchef Tips - AsyncRAT Loader}}, date = {2023-05-09}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/advanced-cyberchef-tips-asyncrat-loader}, language = {English}, urldate = {2023-05-11} } Advanced Cyberchef Tips - AsyncRAT Loader
AsyncRAT
2023-05-09eSentireRussianPanda
@online{russianpanda:20230509:esentire:3eaa138, author = {RussianPanda}, title = {{eSentire Threat Intelligence Malware Analysis: Vidar Stealer}}, date = {2023-05-09}, organization = {eSentire}, url = {https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-vidar-stealer}, language = {English}, urldate = {2023-05-25} } eSentire Threat Intelligence Malware Analysis: Vidar Stealer
Vidar
2023-05-09TrendmicroKhristian Joseph Morales, Gilbert Sison
@online{morales:20230509:managed:63d09f1, author = {Khristian Joseph Morales and Gilbert Sison}, title = {{Managed XDR Investigation of Ducktail in Trend Micro Vision One}}, date = {2023-05-09}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/23/e/managed-xdr-investigation-of-ducktail-in-trend-micro-vision-one.html}, language = {English}, urldate = {2023-05-11} } Managed XDR Investigation of Ducktail in Trend Micro Vision One
DUCKTAIL
2023-05-09Medium walmartglobaltechJason Reaves, Joshua Platt, Jonathan Mccay
@online{reaves:20230509:metastealer:11ef397, author = {Jason Reaves and Joshua Platt and Jonathan Mccay}, title = {{MetaStealer string decryption and DGA overview}}, date = {2023-05-09}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/metastealer-string-decryption-and-dga-overview-5f38f76830cd}, language = {English}, urldate = {2023-05-11} } MetaStealer string decryption and DGA overview
MetaStealer
2023-05-08cocomelonccocomelonc
@online{cocomelonc:20230508:malware:d344f4a, author = {cocomelonc}, title = {{Malware analysis report: WinDealer (LuoYu Threat Group)}}, date = {2023-05-08}, organization = {cocomelonc}, url = {https://mssplab.github.io/threat-hunting/2023/05/08/malware-analysis-windealer.html}, language = {English}, urldate = {2023-05-10} } Malware analysis report: WinDealer (LuoYu Threat Group)
WinDealer
2023-05-08BlackberryBlackBerry Research & Intelligence Team
@online{team:20230508:sidewinder:ab9205d, author = {BlackBerry Research & Intelligence Team}, title = {{SideWinder Uses Server-side Polymorphism to Attack Pakistan Government Officials — and Is Now Targeting Turkey}}, date = {2023-05-08}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2023/05/sidewinder-uses-server-side-polymorphism-to-target-pakistan}, language = {English}, urldate = {2023-05-10} } SideWinder Uses Server-side Polymorphism to Attack Pakistan Government Officials — and Is Now Targeting Turkey
2023-05-08ViuleeenzAlessandro Strino
@online{strino:20230508:extracting:2957b3f, author = {Alessandro Strino}, title = {{Extracting DDosia targets from process memory}}, date = {2023-05-08}, organization = {Viuleeenz}, url = {https://viuleeenz.github.io/posts/2023/05/extracting-ddosia-targets-from-process-memory/}, language = {English}, urldate = {2023-05-23} } Extracting DDosia targets from process memory
Dosia
2023-05-07Twitter (@embee_research)Matthew
@online{matthew:20230507:agenttesla:65bf8af, author = {Matthew}, title = {{AgentTesla - Full Loader Analysis - Resolving API Hashes Using Conditional Breakpoints}}, date = {2023-05-07}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/agenttesla-full-analysis-api-hashing/}, language = {English}, urldate = {2023-05-08} } AgentTesla - Full Loader Analysis - Resolving API Hashes Using Conditional Breakpoints
Agent Tesla
2023-05-05DragosSam Hanson
@online{hanson:20230505:deep:40a46bc, author = {Sam Hanson}, title = {{Deep Dive Into PIPEDREAM’s OPC UA Module, MOUSEHOLE}}, date = {2023-05-05}, organization = {Dragos}, url = {https://www.dragos.com/blog/pipedream-mousehole-opcua-module/}, language = {English}, urldate = {2023-05-08} } Deep Dive Into PIPEDREAM’s OPC UA Module, MOUSEHOLE
2023-05-04Kaspersky LabsDmitry Kalinin
@online{kalinin:20230504:not:44e1fd7, author = {Dmitry Kalinin}, title = {{Not quite an Easter egg: a new family of Trojan subscribers on Google Play}}, date = {2023-05-04}, organization = {Kaspersky Labs}, url = {https://securelist.com/fleckpe-a-new-family-of-trojan-subscribers-on-google-play/109643/}, language = {English}, urldate = {2023-05-08} } Not quite an Easter egg: a new family of Trojan subscribers on Google Play
2023-05-04Check Point ResearchAlex Shamshur, Sam Handelman, Raman Ladutska
@online{shamshur:20230504:eastern:30d81b9, author = {Alex Shamshur and Sam Handelman and Raman Ladutska}, title = {{Eastern Asian Android Assault - FluHorse}}, date = {2023-05-04}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2023/eastern-asian-android-assault-fluhorse/}, language = {English}, urldate = {2023-05-10} } Eastern Asian Android Assault - FluHorse
FluHorse
2023-05-04ElasticCyril François
@online{franois:20230504:unpacking:7f892ff, author = {Cyril François}, title = {{Unpacking ICEDID}}, date = {2023-05-04}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/unpacking-icedid}, language = {English}, urldate = {2023-05-05} } Unpacking ICEDID
IcedID PhotoLoader
2023-05-04SecurityScorecardVlad Pasca
@online{pasca:20230504:how:a820c7a, author = {Vlad Pasca}, title = {{How to Analyze Java Malware – A Case Study of STRRAT}}, date = {2023-05-04}, organization = {SecurityScorecard}, url = {https://resources.securityscorecard.com/cybersecurity/analyze-java-malware-strrat#page=1}, language = {English}, urldate = {2023-05-10} } How to Analyze Java Malware – A Case Study of STRRAT
STRRAT
2023-05-04SentinelOneTom Hegel
@online{hegel:20230504:kimsuky:6f04a16, author = {Tom Hegel}, title = {{Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign}}, date = {2023-05-04}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/kimsuky-evolves-reconnaissance-capabilities-in-new-global-campaign/}, language = {English}, urldate = {2023-05-05} } Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign
BabyShark
2023-05-03Lab52Lab52
@online{lab52:20230503:new:1056613, author = {Lab52}, title = {{New Mustang Panda’s campaing against Australia}}, date = {2023-05-03}, organization = {Lab52}, url = {https://lab52.io/blog/new-mustang-pandas-campaing-against-australia/}, language = {English}, urldate = {2023-05-08} } New Mustang Panda’s campaing against Australia
PlugX
2023-05-03Youtube (Guided Hacking)Guided Hacking
@online{hacking:20230503:polyglot:dade492, author = {Guided Hacking}, title = {{PolyGlot Malware Analysis​ - IcedID Stager}}, date = {2023-05-03}, organization = {Youtube (Guided Hacking)}, url = {https://www.youtube.com/watch?v=4j8t9kFLFIY}, language = {English}, urldate = {2023-05-05} } PolyGlot Malware Analysis​ - IcedID Stager
PhotoLoader