Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-02-20NDSSAlexander Küchler, Alessandro Mantovani, Yufei Han, Leyla Bilge, Davide Balzarotti
@techreport{kchler:20210220:does:b22da85, author = {Alexander Küchler and Alessandro Mantovani and Yufei Han and Leyla Bilge and Davide Balzarotti}, title = {{Does Every Second Count? Time-based Evolution of Malware Behavior in Sandboxes}}, date = {2021-02-20}, institution = {NDSS}, url = {http://s3.eurecom.fr/docs/ndss21_kuechler.pdf}, language = {English}, urldate = {2021-02-04} } Does Every Second Count? Time-based Evolution of Malware Behavior in Sandboxes
2021-02-19Medium 0xthreatintel0xthreatintel
@online{0xthreatintel:20210219:how:5fed055, author = {0xthreatintel}, title = {{How to unpack SManager APT tool?}}, date = {2021-02-19}, organization = {Medium 0xthreatintel}, url = {https://0xthreatintel.medium.com/how-to-unpack-smanager-apt-tool-cb5909819214}, language = {English}, urldate = {2021-02-20} } How to unpack SManager APT tool?
SManager
2021-02-19THE NEW STACKLior Sonntag, Dror Alon
@online{sonntag:20210219:behind:a40f5e6, author = {Lior Sonntag and Dror Alon}, title = {{Behind the Scenes of the SunBurst Attack}}, date = {2021-02-19}, organization = {THE NEW STACK}, url = {https://thenewstack.io/behind-the-scenes-of-the-sunburst-attack/}, language = {English}, urldate = {2021-02-20} } Behind the Scenes of the SunBurst Attack
SUNBURST
2021-02-19GEMINIGEMINI
@online{gemini:20210219:alleged:55485b4, author = {GEMINI}, title = {{Alleged Hydra Market Operators Identified}}, date = {2021-02-19}, organization = {GEMINI}, url = {https://geminiadvisory.io/alleged-hydra-market-operators-identified/}, language = {English}, urldate = {2021-02-20} } Alleged Hydra Market Operators Identified
2021-02-19Palo Alto Networks Unit 42Dominik Reichel
@online{reichel:20210219:ironnetinjector:07c7f33, author = {Dominik Reichel}, title = {{IronNetInjector: Turla’s New Malware Loading Tool}}, date = {2021-02-19}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/ironnetinjector/}, language = {English}, urldate = {2021-02-20} } IronNetInjector: Turla’s New Malware Loading Tool
Agent.BTZ TurlaRPC
2021-02-19The RecordAdam Janofsky, Timo Steffens
@online{janofsky:20210219:cyber:e883fe3, author = {Adam Janofsky and Timo Steffens}, title = {{Cyber Attribution Is More Art Than Science. This Researcher Has a Plan to Change That}}, date = {2021-02-19}, organization = {The Record}, url = {https://therecord.media/cyber-attribution-is-more-art-than-science-this-researcher-has-a-plan-to-change-that/}, language = {English}, urldate = {2021-02-20} } Cyber Attribution Is More Art Than Science. This Researcher Has a Plan to Change That
2021-02-19Lawfare BlogSonja Swanbeck
@online{swanbeck:20210219:how:1b27e22, author = {Sonja Swanbeck}, title = {{How to Understand Iranian Information Operations}}, date = {2021-02-19}, organization = {Lawfare Blog}, url = {https://www.lawfareblog.com/how-understand-iranian-information-operations}, language = {English}, urldate = {2021-02-20} } How to Understand Iranian Information Operations
2021-02-18of0x.ccof0x.cc
@online{of0xcc:20210218:one:9a5f079, author = {of0x.cc}, title = {{One thousand and one ways to copy your shellcode to memory (VBA Macros)}}, date = {2021-02-18}, organization = {of0x.cc}, url = {https://adepts.of0x.cc/alternatives-copy-shellcode/}, language = {English}, urldate = {2021-02-20} } One thousand and one ways to copy your shellcode to memory (VBA Macros)
2021-02-18NTT SecurityHiroki Hada
@online{hada:20210218:ncctrojan:04c46fc, author = {Hiroki Hada}, title = {{nccTrojan used in targeted attack by TA428 group against defense and aviation organizations}}, date = {2021-02-18}, organization = {NTT Security}, url = {https://insight-jp.nttsecurity.com/post/102gr6l/ta428ncctrojan}, language = {Japanese}, urldate = {2021-02-18} } nccTrojan used in targeted attack by TA428 group against defense and aviation organizations
nccTrojan
2021-02-18Red CanaryTony Lambert
@online{lambert:20210218:clipping:ec693c2, author = {Tony Lambert}, title = {{Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight}}, date = {2021-02-18}, organization = {Red Canary}, url = {https://redcanary.com/blog/clipping-silver-sparrows-wings/#technical-analysis}, language = {English}, urldate = {2021-02-20} } Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight
Silver Sparrow
2021-02-18BitdefenderGheorghe Adrian Schipor, Rickey Gevers, Cristina Vatamanu
@techreport{schipor:20210218:iranian:a6516fb, author = {Gheorghe Adrian Schipor and Rickey Gevers and Cristina Vatamanu}, title = {{Iranian APT Makes a Comeback with “Thunder and Lightning” Backdoor and Espionage Combo}}, date = {2021-02-18}, institution = {Bitdefender}, url = {https://download.bitdefender.com/resources/files/News/CaseStudies/study/393/Bitdefender-Whitepaper-Iranian-APT-Makes-a-Comeback-with-Thunder-and-Lightning-Backdoor-and-Espionage-Combo.pdf}, language = {English}, urldate = {2021-02-20} } Iranian APT Makes a Comeback with “Thunder and Lightning” Backdoor and Espionage Combo
Infy Tonnerre
2021-02-18PTSecurityPTSecurity
@online{ptsecurity:20210218:httpswwwptsecuritycomwwenanalyticsantisandboxtechniques:d616c1f, author = {PTSecurity}, title = {{https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/}}, date = {2021-02-18}, organization = {PTSecurity}, url = {https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/}, language = {English}, urldate = {2021-02-25} } https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/
Poet RAT Gravity RAT Ketrican Okrum OopsIE Remcos RogueRobinNET RokRAT SmokeLoader
2021-02-18MicrosoftMSRC Team
@online{team:20210218:microsoft:645b21a, author = {MSRC Team}, title = {{Microsoft Internal Solorigate Investigation – Final Update}}, date = {2021-02-18}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/}, language = {English}, urldate = {2021-02-18} } Microsoft Internal Solorigate Investigation – Final Update
2021-02-18JPCERT/CCKota Kino
@online{kino:20210218:further:c4352ca, author = {Kota Kino}, title = {{Further Updates in LODEINFO Malware}}, date = {2021-02-18}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2021/02/LODEINFO-3.html}, language = {English}, urldate = {2021-02-18} } Further Updates in LODEINFO Malware
LODEINFO
2021-02-17cyber00011011.github.ioCyber_00011011
@online{cyber00011011:20210217:understand:2783d8d, author = {Cyber_00011011}, title = {{Understand Shellcode with CyberChef}}, date = {2021-02-17}, organization = {cyber00011011.github.io}, url = {https://cyber00011011.github.io/CookingUpCyber/}, language = {English}, urldate = {2021-02-20} } Understand Shellcode with CyberChef
2021-02-17AquasecAssaf Morag
@online{morag:20210217:threat:b99a6f4, author = {Assaf Morag}, title = {{Threat Alert: TeamTNT Pwn Campaign Against Docker and K8s Environments}}, date = {2021-02-17}, organization = {Aquasec}, url = {https://blog.aquasec.com/teamtnt-campaign-against-docker-kubernetes-environment}, language = {English}, urldate = {2021-02-20} } Threat Alert: TeamTNT Pwn Campaign Against Docker and K8s Environments
TeamTNT
2021-02-17VinCSSTrương Quốc Ngân
@online{ngn:20210217:re020:76db05d, author = {Trương Quốc Ngân}, title = {{[RE020] ElephantRAT (Kunming version): our latest discovered RAT of Panda and the similarities with recently Smanager RAT}}, date = {2021-02-17}, organization = {VinCSS}, url = {https://blog.vincss.net/2021/02/re020-elephantrat-kunming-version-our-latest-discovered-RAT-of-Panda.html}, language = {English}, urldate = {2021-02-20} } [RE020] ElephantRAT (Kunming version): our latest discovered RAT of Panda and the similarities with recently Smanager RAT
SManager
2021-02-17Palo Alto Networks Unit 42Nathaniel Quist
@online{quist:20210217:watchdog:1cd1353, author = {Nathaniel Quist}, title = {{WatchDog: Exposing a Cryptojacking Campaign That’s Operated for Two Years}}, date = {2021-02-17}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/watchdog-cryptojacking/}, language = {English}, urldate = {2021-02-20} } WatchDog: Exposing a Cryptojacking Campaign That’s Operated for Two Years
2021-02-17YouTube (AGDC Services)AGDC Services
@online{services:20210217:how:d492b9b, author = {AGDC Services}, title = {{How Malware Can Resolve APIs By Hash}}, date = {2021-02-17}, organization = {YouTube (AGDC Services)}, url = {https://www.youtube.com/watch?v=q8of74upT_g}, language = {English}, urldate = {2021-02-24} } How Malware Can Resolve APIs By Hash
Emotet Mailto
2021-02-17Politie NLPolitie NL
@online{nl:20210217:politie:a27a279, author = {Politie NL}, title = {{Politie bestrijdt cybercrime via Nederlandse infrastructuur}}, date = {2021-02-17}, organization = {Politie NL}, url = {https://www.politie.nl/nieuws/2021/februari/17/politie-bestrijdt-cybercrime-via-nederlandse-infrastructuur.html}, language = {Dutch}, urldate = {2021-02-20} } Politie bestrijdt cybercrime via Nederlandse infrastructuur
Emotet