Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-11QianxinRed Raindrop Team
@online{team:20211111:sidecopy:ef53637, author = {Red Raindrop Team}, title = {{SideCopy organization's recent attack incident analysis using China-India current affairs news}}, date = {2021-11-11}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/October-Operation-SideCopy}, language = {Chinese}, urldate = {2022-01-25} } SideCopy organization's recent attack incident analysis using China-India current affairs news
2021-11-08KELAKELA Cyber Intelligence Center
@online{center:20211108:aint:b92e3b4, author = {KELA Cyber Intelligence Center}, title = {{Ain’t No Actor Trustworthy Enough: The importance of validating sources}}, date = {2021-11-08}, organization = {KELA}, url = {https://ke-la.com/aint-no-actor-trustworthy-enough-the-importance-of-validating-sources/}, language = {English}, urldate = {2021-11-09} } Ain’t No Actor Trustworthy Enough: The importance of validating sources
2021-11-03Team Cymrutcblogposts
@online{tcblogposts:20211103:webinject:f4d41bb, author = {tcblogposts}, title = {{Webinject Panel Administration: A Vantage Point into Multiple Threat Actor Campaigns - A Case Study on the Value of Threat Reconnaisance}}, date = {2021-11-03}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/11/03/webinject-panel-administration-a-vantage-point-into-multiple-threat-actor-campaigns/}, language = {English}, urldate = {2021-11-08} } Webinject Panel Administration: A Vantage Point into Multiple Threat Actor Campaigns - A Case Study on the Value of Threat Reconnaisance
DoppelDridex IcedID QakBot Zloader
2021-10-28LookoutKristina Balaam, Paul Shunk
@online{balaam:20211028:rooting:fbbe47f, author = {Kristina Balaam and Paul Shunk}, title = {{Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign}}, date = {2021-10-28}, organization = {Lookout}, url = {https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign}, language = {English}, urldate = {2021-11-03} } Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign
AbstractEmu
2021-10-19ProofpointZydeca Cass, Axel F, Crista Giering, Matthew Mesa, Georgi Mladenov, Brandon Murphy
@online{cass:20211019:whatta:4d969e1, author = {Zydeca Cass and Axel F and Crista Giering and Matthew Mesa and Georgi Mladenov and Brandon Murphy}, title = {{Whatta TA: TA505 Ramps Up Activity, Delivers New FlawedGrace Variant}}, date = {2021-10-19}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant}, language = {English}, urldate = {2021-10-24} } Whatta TA: TA505 Ramps Up Activity, Delivers New FlawedGrace Variant
FlawedGrace MirrorBlast
2021-09-27Trend MicroRyan Maglaque, Joelson Soares, Gilbert Sison, Arianne Dela Cruz, Warren Sto.Tomas
@online{maglaque:20210927:fake:e02e3a3, author = {Ryan Maglaque and Joelson Soares and Gilbert Sison and Arianne Dela Cruz and Warren Sto.Tomas}, title = {{Fake Installers Drop Malware and Open Doors for Opportunistic Attackers}}, date = {2021-09-27}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/i/fake-installers-drop-malware-and-open-doors-for-opportunistic-attackers.html}, language = {English}, urldate = {2021-10-05} } Fake Installers Drop Malware and Open Doors for Opportunistic Attackers
RedLine Stealer Socelars Vidar
2021-09-20Rostelecom-SolarRostelecom-Solar
@online{rostelecomsolar:20210920:how:cfe97c4, author = {Rostelecom-Solar}, title = {{How we searched for a connection between Mēris and Glupteba, and gained control over 45 thousand MikroTik devices}}, date = {2021-09-20}, organization = {Rostelecom-Solar}, url = {https://habr.com/ru/company/solarsecurity/blog/578900/}, language = {Russian}, urldate = {2021-09-22} } How we searched for a connection between Mēris and Glupteba, and gained control over 45 thousand MikroTik devices
Glupteba
2021-09-15Palo Alto Networks Unit 42Anna Chung, Swetha Balla
@online{chung:20210915:phishing:15f054e, author = {Anna Chung and Swetha Balla}, title = {{Phishing Eager Travelers}}, date = {2021-09-15}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/travel-themed-phishing/}, language = {English}, urldate = {2021-09-19} } Phishing Eager Travelers
Dridex
2021-09-01YouTube (Black Hat)Aragorn Tseng, Charles Li
@online{tseng:20210901:mem2img:7817a5d, author = {Aragorn Tseng and Charles Li}, title = {{Mem2Img: Memory-Resident Malware Detection via Convolution Neural Network}}, date = {2021-09-01}, organization = {YouTube (Black Hat)}, url = {https://www.youtube.com/watch?v=6SDdUVejR2w}, language = {English}, urldate = {2021-09-12} } Mem2Img: Memory-Resident Malware Detection via Convolution Neural Network
Cobalt Strike PlugX Waterbear
2021-08-27Seguranca InformaticaPedro Tavares
@online{tavares:20210827:fraude:0e0b29a, author = {Pedro Tavares}, title = {{Fraude personificando a marca Continente espalha-se através do WhatsApp: Não se deixe enganar!}}, date = {2021-08-27}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/fraude-personificando-a-marca-continente-espalha-se-atraves-do-whatsapp-nao-se-deixe-enganar/}, language = {Portugese}, urldate = {2021-09-12} } Fraude personificando a marca Continente espalha-se através do WhatsApp: Não se deixe enganar!
2021-08-24KELAKELA Cyber Intelligence Center
@online{center:20210824:lockbit:730526a, author = {KELA Cyber Intelligence Center}, title = {{LockBit 2.0 Interview with Russian OSINT}}, date = {2021-08-24}, organization = {KELA}, url = {https://ke-la.com/lockbit-2-0-interview-with-russian-osint/}, language = {English}, urldate = {2021-11-02} } LockBit 2.0 Interview with Russian OSINT
LockBit
2021-08-19TalosAsheer Malhotra, Vitor Ventura, Vanja Svajcer
@online{malhotra:20210819:malicious:e04d4c9, author = {Asheer Malhotra and Vitor Ventura and Vanja Svajcer}, title = {{Malicious Campaign Targets Latin America: The seller, The operator and a curious link}}, date = {2021-08-19}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/08/rat-campaign-targets-latin-america.html}, language = {English}, urldate = {2021-08-30} } Malicious Campaign Targets Latin America: The seller, The operator and a curious link
AsyncRAT NjRAT
2021-08-10FireEyeIsrael Research Team, U.S. Threat Intel Team
@online{team:20210810:unc215:dbc483a, author = {Israel Research Team and U.S. Threat Intel Team}, title = {{UNC215: Spotlight on a Chinese Espionage Campaign in Israel}}, date = {2021-08-10}, organization = {FireEye}, url = {https://www.mandiant.com/resources/unc215-chinese-espionage-campaign-in-israel}, language = {English}, urldate = {2021-12-06} } UNC215: Spotlight on a Chinese Espionage Campaign in Israel
HyperBro HyperSSL MimiKatz
2021-08-09ESET ResearchZuzana Hromcová
@online{hromcov:20210809:iispy:c0b6ad3, author = {Zuzana Hromcová}, title = {{IISpy: A complex server‑side backdoor with anti‑forensic features}}, date = {2021-08-09}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/08/09/iispy-complex-server-side-backdoor-antiforensic-features/}, language = {English}, urldate = {2021-09-19} } IISpy: A complex server‑side backdoor with anti‑forensic features
IISpy JuicyPotato
2021-08-04FireEyeDoug Bienstock, Josh Madeley
@techreport{bienstock:20210804:cloudy:a74cb93, author = {Doug Bienstock and Josh Madeley}, title = {{Cloudy with a Chance of APTNovel Microsoft 365 Attacks in the Wild}}, date = {2021-08-04}, institution = {FireEye}, url = {https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Cloudy-With-A-Chance-Of-APT-Novel-Microsoft-365-Attacks-In-The-Wild.pdf}, language = {English}, urldate = {2021-08-06} } Cloudy with a Chance of APTNovel Microsoft 365 Attacks in the Wild
2021-07-29Rasta MouseRasta Mouse
@online{mouse:20210729:ntlm:7f97289, author = {Rasta Mouse}, title = {{NTLM Relaying via Cobalt Strike}}, date = {2021-07-29}, organization = {Rasta Mouse}, url = {https://rastamouse.me/ntlm-relaying-via-cobalt-strike/}, language = {English}, urldate = {2021-07-29} } NTLM Relaying via Cobalt Strike
Cobalt Strike
2021-07-20Trend MicroDavid Fiser, Alfredo Oliveira
@techreport{fiser:20210720:tracking:9085bb7, author = {David Fiser and Alfredo Oliveira}, title = {{Tracking the Activities of TeamTNT: A Closer Look at a Cloud-Focused Malicious Actor Group}}, date = {2021-07-20}, institution = {Trend Micro}, url = {https://documents.trendmicro.com/assets/white_papers/wp-tracking-the-activities-of-teamTNT.pdf}, language = {English}, urldate = {2021-07-26} } Tracking the Activities of TeamTNT: A Closer Look at a Cloud-Focused Malicious Actor Group
TeamTNT
2021-07-18Twitter (@billmarczak)Bill Marczak
@online{marczak:20210718:twitter:d1f4dfe, author = {Bill Marczak}, title = {{Twitter thread with a couple of interesting bits from AmnestyTech's new report on Pegasus}}, date = {2021-07-18}, organization = {Twitter (@billmarczak)}, url = {https://twitter.com/billmarczak/status/1416801439402262529}, language = {English}, urldate = {2021-07-24} } Twitter thread with a couple of interesting bits from AmnestyTech's new report on Pegasus
Chrysaor
2021-07-14Guardia CivilGuardia Civil
@online{civil:20210714:civil:e46ca2f, author = {Guardia Civil}, title = {{The Civil Guard dismantles an important network dedicated to committing scams through the Internet}}, date = {2021-07-14}, organization = {Guardia Civil}, url = {http://www.interior.gob.es/prensa/noticias/-/asset_publisher/GHU8Ap6ztgsg/content/id/13552853}, language = {Spanish}, urldate = {2021-07-20} } The Civil Guard dismantles an important network dedicated to committing scams through the Internet
Grandoreiro Mekotio
2021-07-12ProofpointJoshua Miller, Crista Giering, Threat Research Team
@online{miller:20210712:operation:c819876, author = {Joshua Miller and Crista Giering and Threat Research Team}, title = {{Operation SpoofedScholars: A Conversation with TA453}}, date = {2021-07-12}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/operation-spoofedscholars-conversation-ta453}, language = {English}, urldate = {2021-07-20} } Operation SpoofedScholars: A Conversation with TA453