Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-10-18FlashpointFlashpoint
REvil Disappears Again: ‘Something Is Rotten in the State of Ransomware’
REvil REvil
2021-10-01HPHP Wolf Security
Threat Insights Report Q3 - 2021
STRRAT CloudEyE NetWire RC Remcos TrickBot Vjw0rm
2021-09-29FlashpointFlashpoint
Russian hacker Q&A: An Interview With REvil-Affiliated Ransomware Contractor
REvil REvil
2021-09-28FlashpointFlashpoint
REvil’s “Cryptobackdoor” Con: Ransomware Group’s Tactics Roil Affiliates, Sparking a Fallout
REvil
2021-09-19HPPatrick Schläpfer
MirrorBlast and TA505: Examining Similarities in Tactics, Techniques and Procedures
MirrorBlast
2021-08-10FlashpointFlashpoint
REvil Master Key for Kaseya Attack Posted to XSS
REvil
2021-07-30HPPatrick Schläpfer
Detecting TA551 domains
Valak Dridex IcedID ISFB QakBot
2021-07-27FlashpointFlashpoint
Chatter Indicates BlackMatter as REvil Successor
REvil
2021-07-09SeqriteChaitanya Haritash, Nihar Deshpande, Shayak Tarafdar
Seqrite uncovers second wave of Operation SideCopy targeting Indian critical infrastructure PSUs
NjRAT ReverseRAT
2021-06-28HPPatrick Schläpfer
Snake Keylogger’s Many Skins: Analysing Code Reuse Among Infostealers
404 Keylogger Phoenix Keylogger
2021-06-15Nextron SystemsNextron Systems
Use YARA math Module Extension in THOR TechPreview and THOR Lite
2021-06-04JPCERT/CCKota Kino
PHP Malware Used in Lucky Visitor Scam
2021-05-25Chainalysis, Flashpoint
Hydra: Where The Crypto Money Laundering Trail Goes Dark
2021-05-21Twitter (@alberto__segura)Alberto Segura
Tweet on Flubot version 4.2 (p.php variant) with new AES strings encryption
FluBot
2021-05-13MalwarebytesJérôme Segura
Newly observed PHP-based skimmer shows ongoing Magecart Group 12 activity
magecart
2021-05-11FlashpointFlashpoint
DarkSide Ransomware Links to REvil Group Difficult to Dismiss
DarkSide REvil
2021-04-30MADRID LabsOdin Bernstein
Qbot: Analyzing PHP Proxy Scripts from Compromised Web Server
QakBot
2021-04-30FlashpointFlashpoint
A Second Iranian State-Sponsored Ransomware Operation “Project Signal” Emerges
2021-04-14HPPatrick Schläpfer
From PoC to Exploit Kit: Purple Fox now exploits CVE-2021-26411
PurpleFox
2021-04-08HPMichael McGuire
Nation States, Cyberconflict and the Web of Profit