Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-10-31CloudsekAnirudh Batra
@techreport{batra:20231031:phishing:00ca64c, author = {Anirudh Batra}, title = {{Phishing in the Oasis: Investigating the 2 year real estate data harvesting campaign targeting the Middle East}}, date = {2023-10-31}, institution = {Cloudsek}, url = {https://assets-global.website-files.com/635e632477408d12d1811a64/654079151b30065625766e3a_Phishing%20in%20the%20Oasis%20Defending%20Middle%20Eastern%20Real%20Estate.pdf}, language = {English}, urldate = {2023-11-13} } Phishing in the Oasis: Investigating the 2 year real estate data harvesting campaign targeting the Middle East
2023-10-31InfobloxInfoblox Threat Intelligence Group
@online{group:20231031:prolific:e4f06e8, author = {Infoblox Threat Intelligence Group}, title = {{Prolific Puma: Shadowy Link Shortening Service Enables Cybercrime}}, date = {2023-10-31}, organization = {Infoblox}, url = {https://blogs.infoblox.com/cyber-threat-intelligence/prolific-puma-shadowy-link-shortening-service-enables-cybercrime/}, language = {English}, urldate = {2023-11-13} } Prolific Puma: Shadowy Link Shortening Service Enables Cybercrime
Prolific Puma
2023-10-30CheckpointCheckpoint Research
@online{research:20231030:30th:8400dfb, author = {Checkpoint Research}, title = {{30TH OCTOBER – THREAT INTELLIGENCE REPORT}}, date = {2023-10-30}, organization = {Checkpoint}, url = {https://research.checkpoint.com/2023/30th-october-threat-intelligence-report/}, language = {English}, urldate = {2023-11-17} } 30TH OCTOBER – THREAT INTELLIGENCE REPORT
2023-10-27acsenseBrendon Rod
@online{rod:20231027:guide:7f109e6, author = {Brendon Rod}, title = {{A Guide to Scattered Spider Data Breaches}}, date = {2023-10-27}, organization = {acsense}, url = {https://acsense.com/blog/a-guide-to-scattered-spider-data-breaches/}, language = {English}, urldate = {2023-11-17} } A Guide to Scattered Spider Data Breaches
POORTRY
2023-10-27DataBreaches.netDissent
@online{dissent:20231027:hackers:a4c643a, author = {Dissent}, title = {{Hackers escalate: leak 200k CCSD students’ data; claim to still have access to CCSD email system}}, date = {2023-10-27}, organization = {DataBreaches.net}, url = {https://www.databreaches.net/hackers-escalate-leak-200k-ccsd-students-data-claim-to-still-have-access-to-ccsd-email-system/}, language = {English}, urldate = {2023-11-17} } Hackers escalate: leak 200k CCSD students’ data; claim to still have access to CCSD email system
2023-10-27Twitter (@embee_research)Embee_research
@online{embeeresearch:20231027:remcos:af5fa30, author = {Embee_research}, title = {{Remcos Downloader Analysis - Manual Deobfuscation of Visual Basic and Powershell}}, date = {2023-10-27}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/decoding-a-remcos-loader-script-visual-basic-deobfuscation/}, language = {English}, urldate = {2023-10-30} } Remcos Downloader Analysis - Manual Deobfuscation of Visual Basic and Powershell
Remcos
2023-10-26ANSSIANSSI
@techreport{anssi:20231026:attack:c121d4d, author = {ANSSI}, title = {{Attack Campaigns of APT28 since 2021}}, date = {2023-10-26}, institution = {ANSSI}, url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2023-CTI-009.pdf}, language = {French}, urldate = {2023-11-14} } Attack Campaigns of APT28 since 2021
CredoMap DriveOcean Empire Downloader Graphite MimiKatz Mocky LNK reGeorg
2023-10-26Medium walmartglobaltechJonathan Mccay
@online{mccay:20231026:smartapesg:34c667a, author = {Jonathan Mccay}, title = {{SmartApeSG}}, date = {2023-10-26}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/smartapesg-4605157a5b80}, language = {English}, urldate = {2023-11-14} } SmartApeSG
NetSupportManager RAT
2023-10-26Avast DecodedThreat Research Team
@online{team:20231026:rhysida:08ca4b6, author = {Threat Research Team}, title = {{Rhysida Ransomware Technical Analysis}}, date = {2023-10-26}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatresearch/rhysida-ransomware-technical-analysis/}, language = {English}, urldate = {2023-10-30} } Rhysida Ransomware Technical Analysis
Rhysida
2023-10-25SUCURIBen Martin
@online{martin:20231025:fakeupdateru:f9cf3f2, author = {Ben Martin}, title = {{FakeUpdateRU Chrome Update Infection Spreads Trojan Malware}}, date = {2023-10-25}, organization = {SUCURI}, url = {https://blog.sucuri.net/2023/10/fakeupdateru-chrome-update-infection-spreads-trojan-malware.html}, language = {English}, urldate = {2023-11-13} } FakeUpdateRU Chrome Update Infection Spreads Trojan Malware
FakeUpdateRU
2023-10-24National Security and Defense Council of UkraineOrganization of the National Security and Defense Council of Ukraine
@techreport{ukraine:20231024:surge:6a4874b, author = {Organization of the National Security and Defense Council of Ukraine}, title = {{The Surge in SmokeLoader Attacks on Ukrainian Institutions}}, date = {2023-10-24}, institution = {National Security and Defense Council of Ukraine}, url = {https://www.rnbo.gov.ua/files/2023_YEAR/CYBERCENTER/october/The%20Surge%20in%20Smokeloader%20Attacks%20on%20Ukrainian%20Institutions%20UA.pdf}, language = {English}, urldate = {2023-11-14} } The Surge in SmokeLoader Attacks on Ukrainian Institutions
SmokeLoader
2023-10-24Sentinel LABSTom Hegel, Aleksandar Milenkoski
@online{hegel:20231024:israelhamas:313d369, author = {Tom Hegel and Aleksandar Milenkoski}, title = {{The Israel-Hamas War | Cyber Domain State-Sponsored Activity of Interest}}, date = {2023-10-24}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/the-israel-hamas-war-cyber-domain-state-sponsored-activity-of-interest/}, language = {English}, urldate = {2023-11-27} } The Israel-Hamas War | Cyber Domain State-Sponsored Activity of Interest
2023-10-23ProofpointJared Peck
@online{peck:20231023:from:4784a88, author = {Jared Peck}, title = {{From Copacabana to Barcelona: The Cross-Continental Threat of Brazilian Banking Malware}}, date = {2023-10-23}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/copacabana-barcelona-cross-continental-threat-brazilian-banking-malware}, language = {English}, urldate = {2023-11-14} } From Copacabana to Barcelona: The Cross-Continental Threat of Brazilian Banking Malware
Grandoreiro
2023-10-23Twitter (@embee_research)Embee_research
@online{embeeresearch:20231023:cobalt:0c88305, author = {Embee_research}, title = {{Cobalt Strike .VBS Loader - Decoding with Advanced CyberChef and Emulation}}, date = {2023-10-23}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/decoding-a-cobalt-strike-vba-loader-with-cyberchef/}, language = {English}, urldate = {2023-10-30} } Cobalt Strike .VBS Loader - Decoding with Advanced CyberChef and Emulation
Cobalt Strike
2023-10-20Twitter (@embee_research)Embee_research
@online{embeeresearch:20231020:decoding:85adeaa, author = {Embee_research}, title = {{Decoding a Cobalt Strike .hta Loader Using CyberChef and Emulation}}, date = {2023-10-20}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/malware-analysis-decoding-a-simple-hta-loader/}, language = {English}, urldate = {2023-10-20} } Decoding a Cobalt Strike .hta Loader Using CyberChef and Emulation
Cobalt Strike
2023-10-20Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20231020:icedid:43212cd, author = {Jason Reaves and Joshua Platt}, title = {{IcedID gets Loaded}}, date = {2023-10-20}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/icedid-gets-loaded-af073b7b6d39}, language = {English}, urldate = {2023-11-14} } IcedID gets Loaded
Unidentified 111 (IcedID Loader)
2023-10-19SymantecThreat Hunter Team
@online{team:20231019:crambus:9e0aec9, author = {Threat Hunter Team}, title = {{Crambus: New Campaign Targets Middle Eastern Government}}, date = {2023-10-19}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/crambus-middle-east-government}, language = {English}, urldate = {2023-10-20} } Crambus: New Campaign Targets Middle Eastern Government
Clipog
2023-10-18Twitter (@embee_research)Embee_research
@online{embeeresearch:20231018:ghidra:1253f8d, author = {Embee_research}, title = {{Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function}}, date = {2023-10-18}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/ghidra-entropy-analysis-locating-decryption-functions/}, language = {English}, urldate = {2023-10-20} } Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function
Cobalt Strike
2023-10-18Kaspersky LabsGReAT, Kaspersky Lab ICS CERT
@techreport{great:20231018:updated:4d78dec, author = {GReAT and Kaspersky Lab ICS CERT}, title = {{Updated MATA attacks industrial companies in Eastern Europe}}, date = {2023-10-18}, institution = {Kaspersky Labs}, url = {https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2023/10/18092216/Updated-MATA-attacks-Eastern-Europe_full-report_ENG.pdf}, language = {English}, urldate = {2023-10-18} } Updated MATA attacks industrial companies in Eastern Europe
Dacls Unidentified 106
2023-10-18MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20231018:multiple:1533f8e, author = {Microsoft Threat Intelligence}, title = {{Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability}}, date = {2023-10-18}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/}, language = {English}, urldate = {2023-10-20} } Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability
FeedLoad ForestTiger HazyLoad RollSling