Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-12-07NSANSA
@techreport{nsa:20201207:russian:9dbda97, author = {NSA}, title = {{Russian State-Sponsored Actors Exploiting Vulnerability in VMware® Workspace ONE Access Using Compromised Credentials}}, date = {2020-12-07}, institution = {NSA}, url = {https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF}, language = {English}, urldate = {2020-12-08} } Russian State-Sponsored Actors Exploiting Vulnerability in VMware® Workspace ONE Access Using Compromised Credentials
2020-08-23Github (Insane-Forensics)Insane-Forensics
@online{insaneforensics:20200823:dispatches:0a019d4, author = {Insane-Forensics}, title = {{Dispatches from Drovorub: Network Threat Hunting for Russia GRU GTsSS' Malware at Scale}}, date = {2020-08-23}, organization = {Github (Insane-Forensics)}, url = {https://github.com/Insane-Forensics/drovorub-hunt}, language = {English}, urldate = {2020-08-25} } Dispatches from Drovorub: Network Threat Hunting for Russia GRU GTsSS' Malware at Scale
2020-08-14NSANSA
@techreport{nsa:20200814:drovorub:ee701f6, author = {NSA}, title = {{Drovorub Malware: Fact Sheet & FAQs}}, date = {2020-08-14}, institution = {NSA}, url = {https://www.nsa.gov/portals/75/documents/resources/cybersecurity-professionals/DROVORUB-Fact%20sheet%20and%20FAQs.pdf}, language = {English}, urldate = {2023-03-27} } Drovorub Malware: Fact Sheet & FAQs
2020-08-13NSANSA
@online{nsa:20200813:nsa:7f5e901, author = {NSA}, title = {{NSA and FBI Expose Russian Previously Undisclosed Malware “Drovorub” in Cybersecurity Advisory}}, date = {2020-08-13}, organization = {NSA}, url = {https://www.nsa.gov/news-features/press-room/Article/2311407/nsa-and-fbi-expose-russian-previously-undisclosed-malware-drovorub-in-cybersecu/}, language = {English}, urldate = {2020-08-17} } NSA and FBI Expose Russian Previously Undisclosed Malware “Drovorub” in Cybersecurity Advisory
2020-08-11FireEyeNick Schroeder, Harris Ansari, Brendan McKeague, Tim Martin, Alex Pennino
@online{schroeder:20200811:cookiejar:8fd0fd9, author = {Nick Schroeder and Harris Ansari and Brendan McKeague and Tim Martin and Alex Pennino}, title = {{COOKIEJAR: Tracking Adversaries With FireEye Endpoint Security’s Logon Tracker Module}}, date = {2020-08-11}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/08/cookiejar-tracking-adversaries-with-fireeye-endpoint-security-module.html}, language = {English}, urldate = {2020-08-14} } COOKIEJAR: Tracking Adversaries With FireEye Endpoint Security’s Logon Tracker Module
2020-05-28WiredAndy Greenberg
@online{greenberg:20200528:nsa:c35f45e, author = {Andy Greenberg}, title = {{NSA: Russia's Sandworm Hackers Have Hijacked Mail Servers}}, date = {2020-05-28}, organization = {Wired}, url = {https://www.wired.com/story/nsa-sandworm-exim-mail-server-warning/}, language = {English}, urldate = {2020-05-29} } NSA: Russia's Sandworm Hackers Have Hijacked Mail Servers
2019-12-24Bleeping ComputerLawrence Abrams
@online{abrams:20191224:maze:33a4e28, author = {Lawrence Abrams}, title = {{Maze Ransomware Releases Files Stolen from City of Pensacola}}, date = {2019-12-24}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/maze-ransomware-releases-files-stolen-from-city-of-pensacola/}, language = {English}, urldate = {2020-02-13} } Maze Ransomware Releases Files Stolen from City of Pensacola
Maze
2019-12-11Bleeping ComputerLawrence Abrams
@online{abrams:20191211:maze:acb23da, author = {Lawrence Abrams}, title = {{Maze Ransomware Behind Pensacola Cyberattack, $1M Ransom Demand}}, date = {2019-12-11}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/maze-ransomware-behind-pensacola-cyberattack-1m-ransom-demand/}, language = {English}, urldate = {2020-01-09} } Maze Ransomware Behind Pensacola Cyberattack, $1M Ransom Demand
Maze
2019-09-04Trend MicroJaromír Hořejší, Joseph C. Chen
@online{hoej:20190904:glupteba:230e916, author = {Jaromír Hořejší and Joseph C. Chen}, title = {{Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions}}, date = {2019-09-04}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/glupteba-campaign-hits-network-routers-and-updates-cc-servers-with-data-from-bitcoin-transactions/}, language = {English}, urldate = {2020-01-10} } Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions
Glupteba
2019-03-05PepperMalware BlogPepper Potts
@online{potts:20190305:quick:773aabc, author = {Pepper Potts}, title = {{Quick Analysis of a Trickbot Sample with NSA's Ghidra SRE Framework}}, date = {2019-03-05}, organization = {PepperMalware Blog}, url = {http://www.peppermalware.com/2019/03/quick-analysis-of-trickbot-sample-with.html}, language = {English}, urldate = {2019-12-19} } Quick Analysis of a Trickbot Sample with NSA's Ghidra SRE Framework
TrickBot
2018-12-12Kaspersky LabsBoris Larin, Vladislav Stolyarov, Anton Ivanov
@online{larin:20181212:zeroday:4c8907e, author = {Boris Larin and Vladislav Stolyarov and Anton Ivanov}, title = {{Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611)}}, date = {2018-12-12}, organization = {Kaspersky Labs}, url = {https://securelist.com/zero-day-in-windows-kernel-transaction-manager-cve-2018-8611/89253/}, language = {English}, urldate = {2019-12-20} } Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611)
SandCat
2018-11-12ccdcoeEnsar Şeker, İhsan Burak Tolga
@techreport{eker:20181112:national:b091aae, author = {Ensar Şeker and İhsan Burak Tolga}, title = {{National Cyber Security Organisation: TURKEY}}, date = {2018-11-12}, institution = {ccdcoe}, url = {https://ccdcoe.org/uploads/2018/10/CS_organisation_TUR_112018_FINAL.pdf}, language = {English}, urldate = {2022-02-02} } National Cyber Security Organisation: TURKEY
2018-10-18McAfeeRyan Sherstobitoff, Asheer Malhotra
@techreport{sherstobitoff:20181018:operation:f7a178c, author = {Ryan Sherstobitoff and Asheer Malhotra}, title = {{‘Operation Oceansalt’ Attacks South Korea, U.S., and Canada With Source Code From Chinese Hacker Group}}, date = {2018-10-18}, institution = {McAfee}, url = {https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-oceansalt.pdf}, language = {English}, urldate = {2020-01-07} } ‘Operation Oceansalt’ Attacks South Korea, U.S., and Canada With Source Code From Chinese Hacker Group
Oceansalt APT1
2018-10-17Raj Samani, Ryan Sherstobitoff
@online{samani:20181017:operation:0b1d8ce, author = {Raj Samani and Ryan Sherstobitoff}, title = {{‘Operation Oceansalt’ Delivers Wave After Wave}}, date = {2018-10-17}, url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-oceansalt-delivers-wave-after-wave/}, language = {English}, urldate = {2019-10-17} } ‘Operation Oceansalt’ Delivers Wave After Wave
APT1
2018-05-07European Association for Secure TransactionsEuropean Association for Secure Transactions
@online{transactions:20180507:east:a785028, author = {European Association for Secure Transactions}, title = {{EAST Publishes European Fraud Update 2-2018}}, date = {2018-05-07}, organization = {European Association for Secure Transactions}, url = {https://www.association-secure-transactions.eu/east-publishes-fraud-update-2-2018/}, language = {English}, urldate = {2019-11-29} } EAST Publishes European Fraud Update 2-2018
WinPot
2018-03CrySyS LabBoldizsar Bencsath
@techreport{bencsath:201803:territorial:04343bb, author = {Boldizsar Bencsath}, title = {{Territorial Dispute – NSA’s perspective on APT landscape}}, date = {2018-03}, institution = {CrySyS Lab}, url = {https://www.crysys.hu/publications/files/tedi/ukatemicrysys_territorialdispute.pdf}, language = {English}, urldate = {2020-05-07} } Territorial Dispute – NSA’s perspective on APT landscape
9002 RAT Agent.BTZ DuQu EYService Flame FlowerShop Stuxnet Uroburos
2017-11-27BlacklakeBrian Krebs
@online{krebs:20171127:who:8490729, author = {Brian Krebs}, title = {{WHO WAS THE NSA CONTRACTOR ARRESTED FOR LEAKING THE ‘SHADOW BROKERS’ HACKING TOOLS?}}, date = {2017-11-27}, organization = {Blacklake}, url = {https://blacklakesecurity.com/who-was-the-nsa-contractor-arrested-for-leaking-the-shadow-brokers-hacking-tools/}, language = {English}, urldate = {2019-11-25} } WHO WAS THE NSA CONTRACTOR ARRESTED FOR LEAKING THE ‘SHADOW BROKERS’ HACKING TOOLS?
The Shadow Brokers
2017-09-07HackReadAhmed Waqas
@online{waqas:20170907:new:e861013, author = {Ahmed Waqas}, title = {{New NSA Data Dump: ShadowBrokers Release UNITEDRAKE Malware}}, date = {2017-09-07}, organization = {HackRead}, url = {https://www.hackread.com/nsa-data-dump-shadowbrokers-expose-unitedrake-malware/}, language = {English}, urldate = {2020-01-07} } New NSA Data Dump: ShadowBrokers Release UNITEDRAKE Malware
The Shadow Brokers
2017-05-12EmsisoftHolger Keller
@online{keller:20170512:global:2ee68f6, author = {Holger Keller}, title = {{Global WannaCry ransomware outbreak uses known NSA exploits}}, date = {2017-05-12}, organization = {Emsisoft}, url = {http://blog.emsisoft.com/2017/05/12/wcry-ransomware-outbreak/}, language = {English}, urldate = {2019-12-10} } Global WannaCry ransomware outbreak uses known NSA exploits
WannaCryptor
2017-04-17CSO OnlineMichael Kan
@online{kan:20170417:new:6eb33c6, author = {Michael Kan}, title = {{New NSA leak may expose its bank spying, Windows exploits}}, date = {2017-04-17}, organization = {CSO Online}, url = {https://www.csoonline.com/article/3190055/new-nsa-leak-may-expose-its-bank-spying-windows-exploits.html}, language = {English}, urldate = {2019-12-24} } New NSA leak may expose its bank spying, Windows exploits
The Shadow Brokers