Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-02-02SUCURIDenis Sinegubko
@online{sinegubko:20210202:whitespace:a93d242, author = {Denis Sinegubko}, title = {{Whitespace Steganography Conceals Web Shell in PHP Malware}}, date = {2021-02-02}, organization = {SUCURI}, url = {https://blog.sucuri.net/2021/02/whitespace-steganography-conceals-web-shell-in-php-malware.html}, language = {English}, urldate = {2021-02-04} } Whitespace Steganography Conceals Web Shell in PHP Malware
2021-01-19HPPatrick Schläpfer
@online{schlpfer:20210119:dridex:a8b3da4, author = {Patrick Schläpfer}, title = {{Dridex Malicious Document Analysis: Automating the Extraction of Payload URLs}}, date = {2021-01-19}, organization = {HP}, url = {https://threatresearch.ext.hp.com/dridex-malicious-document-analysis-automating-the-extraction-of-payload-urls/}, language = {English}, urldate = {2021-01-21} } Dridex Malicious Document Analysis: Automating the Extraction of Payload URLs
Dridex
2020-12-01GdataKarsten Hahn
@online{hahn:20201201:icerat:bc43ba0, author = {Karsten Hahn}, title = {{IceRat evades antivirus by running PHP on Java VM}}, date = {2020-12-01}, organization = {Gdata}, url = {https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp}, language = {English}, urldate = {2020-12-03} } IceRat evades antivirus by running PHP on Java VM
IceRat
2020-11-27HPAlex Holland
@online{holland:20201127:aggah:7dd38ba, author = {Alex Holland}, title = {{Aggah Campaign’s Latest Tactics: Victimology, PowerPoint Dropper and Cryptocurrency Stealer}}, date = {2020-11-27}, organization = {HP}, url = {https://threatresearch.ext.hp.com/aggah-campaigns-latest-tactics-victimology-powerpoint-dropper-and-cryptocurrency-stealer/}, language = {English}, urldate = {2020-11-27} } Aggah Campaign’s Latest Tactics: Victimology, PowerPoint Dropper and Cryptocurrency Stealer
Agent Tesla
2020-09-25360 Total Securitykate
@online{kate:20200925:aptc43:15a3501, author = {kate}, title = {{APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries - HpReact campaign}}, date = {2020-09-25}, organization = {360 Total Security}, url = {https://blog.360totalsecurity.com/en/apt-c-43-steals-venezuelan-military-secrets-to-provide-intelligence-support-for-the-reactionaries-hpreact-campaign/}, language = {English}, urldate = {2020-10-02} } APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries - HpReact campaign
PyArk El Machete
2020-07FlashpointFlashpoint
@techreport{flashpoint:202007:zeppelin:8c54ff6, author = {Flashpoint}, title = {{Zeppelin Ransomware Analysis}}, date = {2020-07}, institution = {Flashpoint}, url = {https://storage.pardot.com/272312/124918/Flashpoint_Hunt_Team___Zeppelin_Ransomware_Analysis.pdf}, language = {English}, urldate = {2020-08-14} } Zeppelin Ransomware Analysis
2020-06-21BromiumAlex Holland
@online{holland:20200621:investigating:1dc98a0, author = {Alex Holland}, title = {{Investigating Threats in HP Sure Controller 4.2: TVRAT}}, date = {2020-06-21}, organization = {Bromium}, url = {https://threatresearch.ext.hp.com/investigating-threats-in-hp-sure-controller-4-2/}, language = {English}, urldate = {2020-07-11} } Investigating Threats in HP Sure Controller 4.2: TVRAT
2020-06-09RiskIQJordan Herman
@online{herman:20200609:misconfigured:75c6908, author = {Jordan Herman}, title = {{Misconfigured Amazon S3 Buckets Continue to be a Launchpad for Malicious Code}}, date = {2020-06-09}, organization = {RiskIQ}, url = {https://www.riskiq.com/blog/labs/misconfigured-s3-buckets/}, language = {English}, urldate = {2020-06-10} } Misconfigured Amazon S3 Buckets Continue to be a Launchpad for Malicious Code
magecart
2020-05-07Der Spiegelhpp
@online{hpp:20200507:ruhruniversitt:7991318, author = {hpp}, title = {{Ruhr-Universität Bochum meldet Computerangriff}}, date = {2020-05-07}, organization = {Der Spiegel}, url = {https://www.spiegel.de/netzwelt/web/ruhr-uni-bochum-offenbar-opfer-von-computerangriff-a-c42754cc-72dc-4d34-8b58-bb0008619c05?utm_source=dlvr.it&utm_medium=twitter#ref=rss}, language = {English}, urldate = {2020-07-06} } Ruhr-Universität Bochum meldet Computerangriff
2020-02-02ESET ResearchMarc-Etienne M.Léveillé, Ignacio Sanmillan
@techreport{mlveill:20200202:tlp:39ce93c, author = {Marc-Etienne M.Léveillé and Ignacio Sanmillan}, title = {{TLP: WHITE A WILD KOBALOS APPEARSTricksy Linux malware goes after HPCs}}, date = {2020-02-02}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2021/01/ESET_Kobalos.pdf}, language = {English}, urldate = {2021-02-04} } TLP: WHITE A WILD KOBALOS APPEARSTricksy Linux malware goes after HPCs
Kobalos
2019-07-19HPAlex Holland
@online{holland:20190719:analysis:06a9a1c, author = {Alex Holland}, title = {{An Analysis of L0rdix RAT, Panel and Builder}}, date = {2019-07-19}, organization = {HP}, url = {https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/}, language = {English}, urldate = {2020-01-07} } An Analysis of L0rdix RAT, Panel and Builder
L0rdix
2019-03-20FlashpointJoshua Platt, Jason Reaves
@online{platt:20190320:fin7:bac265f, author = {Joshua Platt and Jason Reaves}, title = {{FIN7 Revisited: Inside Astra Panel and SQLRat Malware}}, date = {2019-03-20}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/fin7-revisited:-inside-astra-panel-and-sqlrat-malware/}, language = {English}, urldate = {2019-12-18} } FIN7 Revisited: Inside Astra Panel and SQLRat Malware
DNSRat TinyMet
2019-03-20FlashpointJoshua Platt, Jason Reaves
@online{platt:20190320:fin7:a7fe335, author = {Joshua Platt and Jason Reaves}, title = {{FIN7 Revisited: Inside Astra Panel and SQLRat Malware}}, date = {2019-03-20}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/fin7-revisited-inside-astra-panel-and-sqlrat-malware/}, language = {English}, urldate = {2020-01-10} } FIN7 Revisited: Inside Astra Panel and SQLRat Malware
SQLRat FIN7
2019-03-13FlashpointJason Reaves, Joshua Platt
@online{reaves:20190313:dmsniff:47a2734, author = {Jason Reaves and Joshua Platt}, title = {{‘DMSniff’ POS Malware Actively Leveraged to Target Small-, Medium-Sized Businesses}}, date = {2019-03-13}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/dmsniff-pos-malware-actively-leveraged-target-medium-sized-businesses/}, language = {English}, urldate = {2019-12-18} } ‘DMSniff’ POS Malware Actively Leveraged to Target Small-, Medium-Sized Businesses
DMSniff
2019-03-13Cisco TalosWarren Mercer, Paul Rascagnères, Ben Baker
@online{mercer:20190313:glitchpos:a94f15c, author = {Warren Mercer and Paul Rascagnères and Ben Baker}, title = {{GlitchPOS: New PoS malware for sale}}, date = {2019-03-13}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2019/03/glitchpos-new-pos-malware-for-sale.html}, language = {English}, urldate = {2019-10-29} } GlitchPOS: New PoS malware for sale
GlitchPOS
2019-01-15FlashpointVitali Kremez
@online{kremez:20190115:disclosure:0e74c4e, author = {Vitali Kremez}, title = {{Disclosure of Chilean Redbanc Intrusion Leads to Lazarus Ties}}, date = {2019-01-15}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/disclosure-chilean-redbanc-intrusion-lazarus-ties/}, language = {English}, urldate = {2019-08-08} } Disclosure of Chilean Redbanc Intrusion Leads to Lazarus Ties
PowerRatankba
2019-01-14Github (ohpe)OHPE
@online{ohpe:20190114:juicy:d9ac671, author = {OHPE}, title = {{Juicy Potato (abusing the golden privileges)}}, date = {2019-01-14}, organization = {Github (ohpe)}, url = {https://github.com/ohpe/juicy-potato}, language = {English}, urldate = {2020-06-19} } Juicy Potato (abusing the golden privileges)
JuicyPotato
2018-12-20Trend MicroAugusto Remillano II, Mark Vicente
@online{ii:20181220:with:8e827ba, author = {Augusto Remillano II and Mark Vicente}, title = {{With Mirai Comes Miori: IoT Botnet Delivered via ThinkPHP Remote Code Execution Exploit}}, date = {2018-12-20}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/with-mirai-comes-miori-iot-botnet-delivered-via-thinkphp-remote-code-execution-exploit/}, language = {English}, urldate = {2019-11-29} } With Mirai Comes Miori: IoT Botnet Delivered via ThinkPHP Remote Code Execution Exploit
Mirai
2018-09-12FlashpointPaul Burbage, Mike Mimoso
@online{burbage:20180912:malware:5b7d58a, author = {Paul Burbage and Mike Mimoso}, title = {{Malware Campaign Targeting Jaxx Cryptocurrency Wallet Users Shut Down}}, date = {2018-09-12}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/malware-campaign-targets-jaxx-cryptocurrency-wallet-users/}, language = {English}, urldate = {2020-01-08} } Malware Campaign Targeting Jaxx Cryptocurrency Wallet Users Shut Down
KPOT Stealer
2018-05-10FlashpointFlashpoint
@online{flashpoint:20180510:treasurehunter:d6e33c1, author = {Flashpoint}, title = {{TreasureHunter Point-of-Sale Malware and Builder Source Code Leaked}}, date = {2018-05-10}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/treasurehunter-source-code-leaked/}, language = {English}, urldate = {2020-01-08} } TreasureHunter Point-of-Sale Malware and Builder Source Code Leaked
TreasureHunter