Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-15KasperskyOleg Kupreev
@online{kupreev:20220915:selfspreading:a51b997, author = {Oleg Kupreev}, title = {{Self-spreading stealer attacks gamers via YouTube}}, date = {2022-09-15}, organization = {Kaspersky}, url = {https://securelist.com/self-spreading-stealer-attacks-gamers-via-youtube/107407/}, language = {English}, urldate = {2022-09-16} } Self-spreading stealer attacks gamers via YouTube
RedLine Stealer
2022-09-14Mandiantmacla, Mathew Potaczek, Nino Isakovic, Matt Williams, Yash Gupta
@online{macla:20220914:its:1d63d78, author = {macla and Mathew Potaczek and Nino Isakovic and Matt Williams and Yash Gupta}, title = {{It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp}}, date = {2022-09-14}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/dprk-whatsapp-phishing}, language = {English}, urldate = {2022-09-19} } It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp
BLINDINGCAN
2022-09-14Trend MicroSunil Bharti
@online{bharti:20220914:postexploitation:3baee2f, author = {Sunil Bharti}, title = {{A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities}}, date = {2022-09-14}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/i/a-post-exploitation-look-at-coinminers-abusing-weblogic-vulnerab.html}, language = {English}, urldate = {2022-09-16} } A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities
Kinsing
2022-09-14ESET ResearchVladislav Hrčka, Mathieu Tartare, Thibaut Passilly
@online{hrka:20220914:you:3850b85, author = {Vladislav Hrčka and Mathieu Tartare and Thibaut Passilly}, title = {{You never walk alone: The SideWalk backdoor gets a Linux variant}}, date = {2022-09-14}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/09/14/you-never-walk-alone-sidewalk-backdoor-linux-variant/}, language = {English}, urldate = {2022-09-19} } You never walk alone: The SideWalk backdoor gets a Linux variant
SideWalk
2022-09-14SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220914:opsec:b493562, author = {Counter Threat Unit ResearchTeam}, title = {{Opsec Mistakes Reveal COBALT MIRAGE Threat Actors}}, date = {2022-09-14}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/opsec-mistakes-reveal-cobalt-mirage-threat-actors}, language = {English}, urldate = {2022-09-19} } Opsec Mistakes Reveal COBALT MIRAGE Threat Actors
TUNNELFISH
2022-09-14Seguranca InformaticaPedro Tavares
@online{tavares:20220914:ursa:add3756, author = {Pedro Tavares}, title = {{URSA trojan is back with a new dance}}, date = {2022-09-14}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/ursa-trojan-is-back-with-a-new-dance/#.YyXEkaRBzIU}, language = {English}, urldate = {2022-09-19} } URSA trojan is back with a new dance
Mispadu
2022-09-14SecurityScorecardVlad Pasca
@online{pasca:20220914:detailed:f0a7a7f, author = {Vlad Pasca}, title = {{A Detailed Analysis of the Quantum Ransomware}}, date = {2022-09-14}, organization = {SecurityScorecard}, url = {https://securityscorecard.pathfactory.com/research/quantum-ransomware}, language = {English}, urldate = {2022-09-15} } A Detailed Analysis of the Quantum Ransomware
Mount Locker
2022-09-14CybereasonDerrick Masters, Loïc Castel
@online{masters:20220914:threat:5694e61, author = {Derrick Masters and Loïc Castel}, title = {{THREAT ANALYSIS REPORT: Abusing Notepad++ Plugins for Evasion and Persistence}}, date = {2022-09-14}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-abusing-notepad-plugins-for-evasion-and-persistence}, language = {English}, urldate = {2022-09-19} } THREAT ANALYSIS REPORT: Abusing Notepad++ Plugins for Evasion and Persistence
Meterpreter
2022-09-14KISAKISA
@techreport{kisa:20220914:ttps7:cd9faff, author = {KISA}, title = {{TTPs#7: Analysis on Lateral Movement Strategy Using SMB/Admin Share}}, date = {2022-09-14}, institution = {KISA}, url = {https://www.boho.or.kr/filedownload.do?attach_file_seq=3669&attach_file_id=EpF3669.pdf}, language = {English}, urldate = {2022-09-19} } TTPs#7: Analysis on Lateral Movement Strategy Using SMB/Admin Share
2022-09-14Security JoesFelipe Duarte
@techreport{duarte:20220914:dissecting:6ab0659, author = {Felipe Duarte}, title = {{Dissecting PlugX to Extract Its Crown Jewels}}, date = {2022-09-14}, institution = {Security Joes}, url = {https://secjoes-reports.s3.eu-central-1.amazonaws.com/Dissecting+PlugX+to+Extract+Its+Crown+Jewels.pdf}, language = {English}, urldate = {2022-09-16} } Dissecting PlugX to Extract Its Crown Jewels
PlugX
2022-09-14Intel 471Intel 471
@online{471:20220914:prorussian:99cfb4d, author = {Intel 471}, title = {{Pro-Russian Hacktivist Groups Target Ukraine Supporters}}, date = {2022-09-14}, organization = {Intel 471}, url = {https://intel471.com/blog/pro-russian-hacktivist-groups-target-ukraine-supporters}, language = {English}, urldate = {2022-09-19} } Pro-Russian Hacktivist Groups Target Ukraine Supporters
2022-09-14CISAFBI, US-CERT, NSA, U.S. Cyber Command, U.S. Department of the Treasury, Australian Cyber Security Centre (ACSC), CSE Canada, NCSC UK
@online{fbi:20220914:alert:c9a3789, author = {FBI and US-CERT and NSA and U.S. Cyber Command and U.S. Department of the Treasury and Australian Cyber Security Centre (ACSC) and CSE Canada and NCSC UK}, title = {{Alert (AA22-257A): Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations}}, date = {2022-09-14}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-257a}, language = {English}, urldate = {2022-09-20} } Alert (AA22-257A): Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations
2022-09-13Palo Alto Networks Unit 42Jeff White
@online{white:20220913:originlogger:92a4758, author = {Jeff White}, title = {{OriginLogger: A Look at Agent Tesla’s Successor}}, date = {2022-09-13}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/originlogger/}, language = {English}, urldate = {2022-09-16} } OriginLogger: A Look at Agent Tesla’s Successor
Agent Tesla OriginLogger
2022-09-13SymantecThreat Hunter Team
@online{team:20220913:new:2ff2e98, author = {Threat Hunter Team}, title = {{New Wave of Espionage Activity Targets Asian Governments}}, date = {2022-09-13}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-asia-governments}, language = {English}, urldate = {2022-09-20} } New Wave of Espionage Activity Targets Asian Governments
MimiKatz PlugX Quasar RAT ShadowPad Trochilus RAT
2022-09-13Sansec Threat ResearchSansec Threat Research Team
@online{team:20220913:magento:5f0f103, author = {Sansec Threat Research Team}, title = {{Magento vendor Fishpig hacked, backdoors added}}, date = {2022-09-13}, organization = {Sansec Threat Research}, url = {https://sansec.io/research/rekoobe-fishpig-magento}, language = {English}, urldate = {2022-09-15} } Magento vendor Fishpig hacked, backdoors added
Rekoobe
2022-09-13AdvIntelAdvanced Intelligence
@online{intelligence:20220913:advintels:ea02331, author = {Advanced Intelligence}, title = {{AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022}}, date = {2022-09-13}, organization = {AdvIntel}, url = {https://www.advintel.io/post/advintel-s-state-of-emotet-aka-spmtools-displays-over-million-compromised-machines-through-2022}, language = {English}, urldate = {2022-09-19} } AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022
Conti Cobalt Strike Emotet Ryuk TrickBot
2022-09-13AbnormalCrane Hassold
@online{hassold:20220913:back:1ceafb3, author = {Crane Hassold}, title = {{Back to School: BEC Group Targets Teachers with Payroll Diversion Attacks}}, date = {2022-09-13}, organization = {Abnormal}, url = {https://intelligence.abnormalsecurity.com/blog/bec-group-targets-teachers-payroll-diversion-attacks}, language = {English}, urldate = {2022-09-19} } Back to School: BEC Group Targets Teachers with Payroll Diversion Attacks
2022-09-13ProofpointJoshua Miller, Kyle Eaton, Alexander Rausch
@online{miller:20220913:look:781be66, author = {Joshua Miller and Kyle Eaton and Alexander Rausch}, title = {{Look What You Made Me Do: TA453 Uses Multi-Persona Impersonation to Capitalize on FOMO}}, date = {2022-09-13}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/ta453-uses-multi-persona-impersonation-capitalize-fomo}, language = {English}, urldate = {2022-09-19} } Look What You Made Me Do: TA453 Uses Multi-Persona Impersonation to Capitalize on FOMO
2022-09-12Infosec WriteupsAaron Stratton
@online{stratton:20220912:raccoon:3a04b24, author = {Aaron Stratton}, title = {{Raccoon Stealer v2 Malware Analysis}}, date = {2022-09-12}, organization = {Infosec Writeups}, url = {https://infosecwriteups.com/raccoon-stealer-v2-malware-analysis-55cc33774ac8}, language = {English}, urldate = {2022-09-26} } Raccoon Stealer v2 Malware Analysis
Raccoon RecordBreaker
2022-09-12Trend MicroNitesh Surana
@online{surana:20220912:security:14e0203, author = {Nitesh Surana}, title = {{Security Breaks: TeamTNT’s DockerHub Credentials Leak}}, date = {2022-09-12}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/i/security-breaks-teamtnts-dockerhub-credentials-leak.html}, language = {English}, urldate = {2022-09-19} } Security Breaks: TeamTNT’s DockerHub Credentials Leak