Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-12-14GigamonJoe Slowik
@online{slowik:20211214:network:0d17ac7, author = {Joe Slowik}, title = {{Network Security Monitoring Opportunities and Best Practices for Log4j Defense}}, date = {2021-12-14}, organization = {Gigamon}, url = {https://blog.gigamon.com/2021/12/14/network-security-monitoring-opportunities-and-best-practices-for-log4j-defense/}, language = {English}, urldate = {2022-02-10} } Network Security Monitoring Opportunities and Best Practices for Log4j Defense
2021-11-17BBCJoe Tidy
@online{tidy:20211117:evil:bbce2b5, author = {Joe Tidy}, title = {{Evil Corp: 'My hunt for the world's most wanted hackers'}}, date = {2021-11-17}, organization = {BBC}, url = {https://www.bbc.com/news/technology-59297187}, language = {English}, urldate = {2021-11-18} } Evil Corp: 'My hunt for the world's most wanted hackers'
REvil REvil
2021-11-16IronNetIronNet Threat Research, Morgan Demboski, Joey Fitzpatrick, Peter Rydzynski
@online{research:20211116:how:d7fdaf8, author = {IronNet Threat Research and Morgan Demboski and Joey Fitzpatrick and Peter Rydzynski}, title = {{How IronNet's Behavioral Analytics Detect REvil and Conti Ransomware}}, date = {2021-11-16}, organization = {IronNet}, url = {https://www.ironnet.com/blog/ransomware-graphic-blog}, language = {English}, urldate = {2021-11-25} } How IronNet's Behavioral Analytics Detect REvil and Conti Ransomware
Cobalt Strike Conti IcedID REvil
2021-11-04Youtube (Virus Bulletin)Yi-Jhen Hsieh, Joey Chen
@online{hsieh:20211104:shadowpad:8dbd5c7, author = {Yi-Jhen Hsieh and Joey Chen}, title = {{ShadowPad: the masterpiece of privately sold malware in Chinese espionage}}, date = {2021-11-04}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=r1zAVX_HnJg}, language = {English}, urldate = {2022-08-08} } ShadowPad: the masterpiece of privately sold malware in Chinese espionage
PlugX ShadowPad
2021-10-27ProofpointSelena Larson, Joe Wise
@online{larson:20211027:new:0d80a57, author = {Selena Larson and Joe Wise}, title = {{New Threat Actor Spoofs Philippine Government, COVID-19 Health Data in Widespread RAT Campaigns}}, date = {2021-10-27}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/new-threat-actor-spoofs-philippine-government-covid-19-health-data-widespread}, language = {English}, urldate = {2021-11-03} } New Threat Actor Spoofs Philippine Government, COVID-19 Health Data in Widespread RAT Campaigns
Nanocore RAT Remcos
2021-10-25GigamonJoe Slowik
@online{slowik:20211025:bear:ea7ac23, author = {Joe Slowik}, title = {{Bear in the Net: A Network-Focused Perspective on Berserk Bear}}, date = {2021-10-25}, organization = {Gigamon}, url = {https://blog.gigamon.com/2021/10/25/bear-in-the-net-a-network-focused-perspective-on-berserk-bear/}, language = {English}, urldate = {2022-02-10} } Bear in the Net: A Network-Focused Perspective on Berserk Bear
2021-10-12IronNetBrett Fitzpatrick, Joey Fitzpatrick, Morgan Demboski, Peter Rydzynski, IronNet Threat Research
@online{fitzpatrick:20211012:continued:e1f2eb4, author = {Brett Fitzpatrick and Joey Fitzpatrick and Morgan Demboski and Peter Rydzynski and IronNet Threat Research}, title = {{Continued Exploitation of CVE-2021-26084}}, date = {2021-10-12}, organization = {IronNet}, url = {https://www.ironnet.com/blog/continued-exploitation-of-cve-2021-26084}, language = {English}, urldate = {2021-10-25} } Continued Exploitation of CVE-2021-26084
2021-10-03Github (0xjxd)Joel Dönne
@techreport{dnne:20211003:squirrelwaffle:3a35566, author = {Joel Dönne}, title = {{SquirrelWaffle - From Maldoc to Cobalt Strike}}, date = {2021-10-03}, institution = {Github (0xjxd)}, url = {https://github.com/0xjxd/SquirrelWaffle-From-Maldoc-to-Cobalt-Strike/raw/main/2021-10-02%20-%20SquirrelWaffle%20-%20From%20Maldoc%20to%20Cobalt%20Strike.pdf}, language = {English}, urldate = {2021-10-07} } SquirrelWaffle - From Maldoc to Cobalt Strike
Cobalt Strike Squirrelwaffle
2021-09-27Trend MicroRyan Maglaque, Joelson Soares, Gilbert Sison, Arianne Dela Cruz, Warren Sto.Tomas
@online{maglaque:20210927:fake:e02e3a3, author = {Ryan Maglaque and Joelson Soares and Gilbert Sison and Arianne Dela Cruz and Warren Sto.Tomas}, title = {{Fake Installers Drop Malware and Open Doors for Opportunistic Attackers}}, date = {2021-09-27}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/i/fake-installers-drop-malware-and-open-doors-for-opportunistic-attackers.html}, language = {English}, urldate = {2021-10-05} } Fake Installers Drop Malware and Open Doors for Opportunistic Attackers
RedLine Stealer Socelars Vidar
2021-09-10GigamonJoe Slowik
@online{slowik:20210910:rendering:59082b0, author = {Joe Slowik}, title = {{Rendering Threats: A Network Perspective}}, date = {2021-09-10}, organization = {Gigamon}, url = {https://blog.gigamon.com/2021/09/10/rendering-threats-a-network-perspective/}, language = {English}, urldate = {2023-04-06} } Rendering Threats: A Network Perspective
BumbleBee Cobalt Strike
2021-09-09Stranded on Pylos BlogJoe Slowik
@online{slowik:20210909:spectrum:0b31314, author = {Joe Slowik}, title = {{A Spectrum of State Ransomware Responsibility}}, date = {2021-09-09}, organization = {Stranded on Pylos Blog}, url = {https://pylos.co/2021/09/09/a-spectrum-of-state-ransomware-responsibility/}, language = {English}, urldate = {2021-09-28} } A Spectrum of State Ransomware Responsibility
2021-09-01YouTube (Hack In The Box Security Conference)Yi-Jhen Hsieh, Joey Chen
@online{hsieh:20210901:shadowpad:f9ae111, author = {Yi-Jhen Hsieh and Joey Chen}, title = {{SHADOWPAD: Chinese Espionage Malware-as-a-Service}}, date = {2021-09-01}, organization = {YouTube (Hack In The Box Security Conference)}, url = {https://www.youtube.com/watch?v=IRh6R8o1Q7U}, language = {English}, urldate = {2022-08-08} } SHADOWPAD: Chinese Espionage Malware-as-a-Service
PlugX ShadowPad
2021-08-23SentinelOneYi-Jhen Hsieh, Joey Chen
@techreport{hsieh:20210823:shadowpad:58780f1, author = {Yi-Jhen Hsieh and Joey Chen}, title = {{ShadowPad: the Masterpiece of Privately Sold Malware in Chinese Espionage}}, date = {2021-08-23}, institution = {SentinelOne}, url = {https://conference.hitb.org/hitbsecconf2021sin/materials/D1T1%20-%20%20ShadowPad%20-%20A%20Masterpiece%20of%20Privately%20Sold%20Malware%20in%20Chinese%20Espionage%20-%20Yi-Jhen%20Hsieh%20&%20Joey%20Chen.pdf}, language = {English}, urldate = {2022-07-18} } ShadowPad: the Masterpiece of Privately Sold Malware in Chinese Espionage
PlugX ShadowPad
2021-08-19Sentinel LABSYi-Jhen Hsieh, Joey Chen
@online{hsieh:20210819:shadowpad:04bbb1e, author = {Yi-Jhen Hsieh and Joey Chen}, title = {{ShadowPad | A Masterpiece of Privately Sold Malware in Chinese Espionage}}, date = {2021-08-19}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/shadowpad-a-masterpiece-of-privately-sold-malware-in-chinese-espionage/}, language = {English}, urldate = {2021-08-23} } ShadowPad | A Masterpiece of Privately Sold Malware in Chinese Espionage
ShadowPad
2021-08-12Edmund Brumaghin, Joe Marshall, Arnaud Zobec
@online{brumaghin:20210812:vice:c55624f, author = {Edmund Brumaghin and Joe Marshall and Arnaud Zobec}, title = {{Vice Society Leverages PrintNightmare In Ransomware Attacks}}, date = {2021-08-12}, url = {https://blog.talosintelligence.com/2021/08/vice-society-ransomware-printnightmare.html}, language = {English}, urldate = {2021-08-15} } Vice Society Leverages PrintNightmare In Ransomware Attacks
2021-08-04Trend MicroRyan Maglaque, Jessie Prevost, Joelson Soares, Janus Agcaoili
@online{maglaque:20210804:supply:1b4bee6, author = {Ryan Maglaque and Jessie Prevost and Joelson Soares and Janus Agcaoili}, title = {{Supply Chain Attacks from a Managed Detection and Response Perspective}}, date = {2021-08-04}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/h/supply-chain-attacks-from-a-managed-detection-and-response-persp.html}, language = {English}, urldate = {2021-08-31} } Supply Chain Attacks from a Managed Detection and Response Perspective
REvil
2021-07-27GigamonJoe Slowik
@online{slowik:20210727:ghosts:af3dc18, author = {Joe Slowik}, title = {{Ghosts on the Wire: Expanding Conceptions of Network Anomalies}}, date = {2021-07-27}, organization = {Gigamon}, url = {https://blog.gigamon.com/2021/07/27/ghosts-on-the-wire-expanding-conceptions-of-network-anomalies/}, language = {English}, urldate = {2021-08-02} } Ghosts on the Wire: Expanding Conceptions of Network Anomalies
SUNBURST
2021-07-19ProofpointJoe Wise, Konstantin Klinger, Selena Larson, Proofpoint Threat Research Team
@online{wise:20210719:new:cb02a85, author = {Joe Wise and Konstantin Klinger and Selena Larson and Proofpoint Threat Research Team}, title = {{New Threat Actor Uses Spanish Language Lures to Distribute Seldom Observed Bandook Malware}}, date = {2021-07-19}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/new-threat-actor-uses-spanish-language-lures-distribute-seldom-observed-bandook}, language = {English}, urldate = {2021-07-26} } New Threat Actor Uses Spanish Language Lures to Distribute Seldom Observed Bandook Malware
Bandook
2021-07-08GigamonJoe Slowik
@online{slowik:20210708:observations:21f913b, author = {Joe Slowik}, title = {{Observations and Recommendations from the Ongoing REvil-Kaseya Incident}}, date = {2021-07-08}, organization = {Gigamon}, url = {https://blog.gigamon.com/2021/07/08/observations-and-recommendations-from-the-ongoing-revil-kaseya-incident/}, language = {English}, urldate = {2021-07-12} } Observations and Recommendations from the Ongoing REvil-Kaseya Incident
REvil
2021-06-24GigamonJoe Slowik
@techreport{slowik:20210624:baffling:d37b293, author = {Joe Slowik}, title = {{The Baffling Berserk Bear: A Decade's Activity targeting Critical Infrastructure}}, date = {2021-06-24}, institution = {Gigamon}, url = {https://vblocalhost.com/uploads/VB2021-Slowik.pdf}, language = {English}, urldate = {2021-10-26} } The Baffling Berserk Bear: A Decade's Activity targeting Critical Infrastructure
Havex RAT Heriplor Karagany