Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-05-17FortinetFred Gutierrez, Gayathri Thirugnanasambandam, Val Saengphaibul
@online{gutierrez:20210517:newly:65d872f, author = {Fred Gutierrez and Gayathri Thirugnanasambandam and Val Saengphaibul}, title = {{Newly Discovered Function in DarkSide Ransomware Variant Targets Disk Partitions}}, date = {2021-05-17}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/newly-discovered-function-in-darkside-ransomware-variant-targets-disk-partitions}, language = {English}, urldate = {2021-05-19} } Newly Discovered Function in DarkSide Ransomware Variant Targets Disk Partitions
DarkSide
2021-05-17UptycsSiddartha Sharma, Ashwin Vamshi
@online{sharma:20210517:discovery:1cd5315, author = {Siddartha Sharma and Ashwin Vamshi}, title = {{Discovery of Simps Botnet Leads To Ties to Keksec Group}}, date = {2021-05-17}, organization = {Uptycs}, url = {https://www.uptycs.com/blog/discovery-of-simps-botnet-leads-ties-to-keksec-group}, language = {English}, urldate = {2021-05-25} } Discovery of Simps Botnet Leads To Ties to Keksec Group
Bashlite Mirai
2021-05-07Cisco TalosCaitlin Huey, Andrew Windsor, Edmund Brumaghin
@online{huey:20210507:lemon:0d46f81, author = {Caitlin Huey and Andrew Windsor and Edmund Brumaghin}, title = {{Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs}}, date = {2021-05-07}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/05/lemon-duck-spreads-wings.html}, language = {English}, urldate = {2021-05-11} } Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs
CHINACHOPPER Cobalt Strike
2021-04-23DarktraceMax Heinemeyer
@online{heinemeyer:20210423:apt35:24eeaad, author = {Max Heinemeyer}, title = {{APT35 ‘Charming Kitten' discovered in a pre-infected environment}}, date = {2021-04-23}, organization = {Darktrace}, url = {https://www.darktrace.com/en/blog/apt-35-charming-kitten-discovered-in-a-pre-infected-environment/}, language = {English}, urldate = {2021-04-29} } APT35 ‘Charming Kitten' discovered in a pre-infected environment
2021-04-22Twitter (@ET_Labs)ET Labs
@online{labs:20210422:lunar:b350736, author = {ET Labs}, title = {{Tweet on Lunar Builder exfiltrating data via Discord webhook}}, date = {2021-04-22}, organization = {Twitter (@ET_Labs)}, url = {https://twitter.com/ET_Labs/status/1385351516664389633}, language = {English}, urldate = {2021-05-25} } Tweet on Lunar Builder exfiltrating data via Discord webhook
2021-04-20FireEyeJosh Fleischer, Chris DiGiamo, Alex Pennino
@online{fleischer:20210420:zeroday:0641c6a, author = {Josh Fleischer and Chris DiGiamo and Alex Pennino}, title = {{Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise}}, date = {2021-04-20}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/04/zero-day-exploits-in-sonicwall-email-security-lead-to-compromise.html}, language = {English}, urldate = {2021-04-28} } Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise
2021-04-18Bleeping ComputerLawrence Abrams
@online{abrams:20210418:discord:8787410, author = {Lawrence Abrams}, title = {{Discord Nitro gift codes now demanded as ransomware payments}}, date = {2021-04-18}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/discord-nitro-gift-codes-now-demanded-as-ransomware-payments/}, language = {English}, urldate = {2021-08-26} } Discord Nitro gift codes now demanded as ransomware payments
win.nitro
2021-04-07TalosNick Biasini, Edmund Brumaghin, Chris Neal, Paul Eubanks.
@online{biasini:20210407:sowing:2bf94a9, author = {Nick Biasini and Edmund Brumaghin and Chris Neal and Paul Eubanks.}, title = {{Sowing Discord: Reaping the benefits of collaboration app abuse}}, date = {2021-04-07}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/04/collab-app-abuse.html}, language = {English}, urldate = {2021-04-19} } Sowing Discord: Reaping the benefits of collaboration app abuse
2021-03-26ImpervaDaniel Johnston
@online{johnston:20210326:imperva:a78367a, author = {Daniel Johnston}, title = {{Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange Disclosures}}, date = {2021-03-26}, organization = {Imperva}, url = {https://www.imperva.com/blog/imperva-observes-hive-of-activity-following-hafnium-microsoft-exchange-disclosures/}, language = {English}, urldate = {2021-03-30} } Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange Disclosures
CHINACHOPPER
2021-03-24CiscoDavid Liebenberg, Caitlin Huey
@online{liebenberg:20210324:quarterly:4707c30, author = {David Liebenberg and Caitlin Huey}, title = {{Quarterly Report: Incident Response trends from Winter 2020-21}}, date = {2021-03-24}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/03/ctir-trends-winter-2020-21.html}, language = {English}, urldate = {2021-03-25} } Quarterly Report: Incident Response trends from Winter 2020-21
Egregor REvil WastedLocker
2021-03-22K7 SecurityMary Muthu Francisca
@online{francisca:20210322:malspam:7d33257, author = {Mary Muthu Francisca}, title = {{MalSpam Campaigns Download njRAT from Paste Sites}}, date = {2021-03-22}, organization = {K7 Security}, url = {https://labs.k7computing.com/?p=21904}, language = {English}, urldate = {2021-03-25} } MalSpam Campaigns Download njRAT from Paste Sites
NjRAT
2021-03-09Cisco TalosCisco Talos
@online{talos:20210309:hafnium:55699b2, author = {Cisco Talos}, title = {{Hafnium Update: Continued Microsoft Exchange Server Exploitation}}, date = {2021-03-09}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/03/hafnium-update.html}, language = {English}, urldate = {2021-03-11} } Hafnium Update: Continued Microsoft Exchange Server Exploitation
2021-03-02Cisco TalosAsheer Malhotra
@online{malhotra:20210302:obliquerat:f7504fa, author = {Asheer Malhotra}, title = {{ObliqueRAT returns with new campaign using hijacked websites}}, date = {2021-03-02}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/02/obliquerat-new-campaign.html}, language = {English}, urldate = {2021-03-04} } ObliqueRAT returns with new campaign using hijacked websites
Oblique RAT
2021-03-01The RecordCatalin Cimpanu
@online{cimpanu:20210301:first:6ded68e, author = {Catalin Cimpanu}, title = {{First Fully Weaponized Spectre Exploit Discovered Online}}, date = {2021-03-01}, organization = {The Record}, url = {https://therecord.media/first-fully-weaponized-spectre-exploit-discovered-online/}, language = {English}, urldate = {2021-03-04} } First Fully Weaponized Spectre Exploit Discovered Online
2021-02-24VMWare Carbon BlackTakahiro Haruyama
@techreport{haruyama:20210224:knock:f4903a2, author = {Takahiro Haruyama}, title = {{Knock, knock, Neo. - Active C2 Discovery Using Protocol Emulation}}, date = {2021-02-24}, institution = {VMWare Carbon Black}, url = {https://jsac.jpcert.or.jp/archive/2021/pdf/JSAC2021_201_haruyama_jp.pdf}, language = {Japanese}, urldate = {2021-02-26} } Knock, knock, Neo. - Active C2 Discovery Using Protocol Emulation
Cobalt Strike
2021-02-23TwitterTwitter Safety
@online{safety:20210223:disclosing:bdbc667, author = {Twitter Safety}, title = {{Disclosing networks of state-linked information operations}}, date = {2021-02-23}, organization = {Twitter}, url = {https://blog.twitter.com/en_us/topics/company/2021/disclosing-networks-of-state-linked-information-operations-.html}, language = {English}, urldate = {2021-02-25} } Disclosing networks of state-linked information operations
2021-02-17VinCSSTrương Quốc Ngân
@online{ngn:20210217:re020:76db05d, author = {Trương Quốc Ngân}, title = {{[RE020] ElephantRAT (Kunming version): our latest discovered RAT of Panda and the similarities with recently Smanager RAT}}, date = {2021-02-17}, organization = {VinCSS}, url = {https://blog.vincss.net/2021/02/re020-elephantrat-kunming-version-our-latest-discovered-RAT-of-Panda.html}, language = {English}, urldate = {2021-02-20} } [RE020] ElephantRAT (Kunming version): our latest discovered RAT of Panda and the similarities with recently Smanager RAT
SManager
2021-02-17Cisco TalosVanja Svajcer
@online{svajcer:20210217:masslogger:cd9e6fb, author = {Vanja Svajcer}, title = {{Masslogger campaigns exfiltrates user credentials}}, date = {2021-02-17}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/02/masslogger-cred-exfil.html}, language = {English}, urldate = {2021-02-20} } Masslogger campaigns exfiltrates user credentials
MASS Logger
2021-02-15Twitter (@TheDFIRReport)The DFIR Report
@online{report:20210215:qakbot:f692e9c, author = {The DFIR Report}, title = {{Tweet on Qakbot post infection discovery activity}}, date = {2021-02-15}, organization = {Twitter (@TheDFIRReport)}, url = {https://twitter.com/TheDFIRReport/status/1361331598344478727}, language = {English}, urldate = {2021-02-18} } Tweet on Qakbot post infection discovery activity
QakBot
2021-02-12Twitter (@ESETresearch)ESET Research
@online{research:20210212:twitter:8703272, author = {ESET Research}, title = {{A twitter thread on discussing updated attack chain of EVILNUM group and their use PYVIL malware}}, date = {2021-02-12}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1360178593968623617}, language = {English}, urldate = {2021-02-18} } A twitter thread on discussing updated attack chain of EVILNUM group and their use PYVIL malware
PyVil