Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-04-14Bleeping ComputerBill Toulas
@online{toulas:20220414:new:049e894, author = {Bill Toulas}, title = {{New ZingoStealer infostealer drops more malware, cryptominers}}, date = {2022-04-14}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/new-zingostealer-infostealer-drops-more-malware-cryptominers/}, language = {English}, urldate = {2022-04-15} } New ZingoStealer infostealer drops more malware, cryptominers
2022-04-13ESET ResearchJean-Ian Boutin, Tomáš Procházka
@online{boutin:20220413:eset:7463437, author = {Jean-Ian Boutin and Tomáš Procházka}, title = {{ESET takes part in global operation to disrupt Zloader botnets}}, date = {2022-04-13}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/04/13/eset-takes-part-global-operation-disrupt-zloader-botnets/}, language = {English}, urldate = {2022-04-14} } ESET takes part in global operation to disrupt Zloader botnets
Cobalt Strike Zloader
2022-04-07MicrosoftTom Burt
@online{burt:20220407:disrupting:8f3a3d9, author = {Tom Burt}, title = {{Disrupting cyberattacks targeting Ukraine (APT28)}}, date = {2022-04-07}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2022/04/07/cyberattacks-ukraine-strontium-russia/}, language = {English}, urldate = {2022-04-12} } Disrupting cyberattacks targeting Ukraine (APT28)
2022-04-06AbnormalAbnormal Security
@online{security:20220406:tax:c34a522, author = {Abnormal Security}, title = {{Tax Return Customer Campaign Attempts to Infect Victims with Sorillus RAT}}, date = {2022-04-06}, organization = {Abnormal}, url = {https://abnormalsecurity.com/blog/tax-customers-sorillus-rat}, language = {English}, urldate = {2022-08-02} } Tax Return Customer Campaign Attempts to Infect Victims with Sorillus RAT
Sorillus RAT
2022-03-24Sentinel LABSTom Hegel
@online{hegel:20220324:chinese:d541fb8, author = {Tom Hegel}, title = {{Chinese Threat Actor Scarab Targeting Ukraine}}, date = {2022-03-24}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/chinese-threat-actor-scarab-targeting-ukraine/}, language = {English}, urldate = {2022-03-25} } Chinese Threat Actor Scarab Targeting Ukraine
HeaderTip Scieron
2022-03-24Sentinel LABSTom Hegel
@online{hegel:20220324:chinese:39b373a, author = {Tom Hegel}, title = {{Chinese Threat Actor Scarab Targeting Ukraine}}, date = {2022-03-24}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/chinese-threat-actor-scarab-targeting-ukraine}, language = {English}, urldate = {2022-03-29} } Chinese Threat Actor Scarab Targeting Ukraine
Scieron Scarab
2022-03-21Azure DevOps (Mastadamus)Mastadamus
@online{mastadamus:20220321:anatomy:5e52c7b, author = {Mastadamus}, title = {{Anatomy of An Mirai Botnet Attack}}, date = {2022-03-21}, organization = {Azure DevOps (Mastadamus)}, url = {https://dev.azure.com/Mastadamus/Mirai%20Botnet%20Analysis/_wiki/wikis/Mirai-Botnet-Analysis.wiki/12/Anatomy-of-An-Mirai-Botnet-Attack}, language = {English}, urldate = {2022-03-22} } Anatomy of An Mirai Botnet Attack
Mirai
2022-03-21The DFIR ReportThe DFIR Report
@online{report:20220321:apt35:9f4291d, author = {The DFIR Report}, title = {{APT35 Automates Initial Access Using ProxyShell}}, date = {2022-03-21}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2022/03/21/apt35-automates-initial-access-using-proxyshell/}, language = {English}, urldate = {2022-03-22} } APT35 Automates Initial Access Using ProxyShell
2022-03-17CISAUS-CERT
@techreport{uscert:20220317:alert:5cbab55, author = {US-CERT}, title = {{Alert (AA22-076A) Strengthening Cybersecurity of SATCOM Network Providers and Customers}}, date = {2022-03-17}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-076_Strengthening_Cybersecurity_of_SATCOM_Network_Providers_and_Customers.pdf}, language = {English}, urldate = {2022-04-07} } Alert (AA22-076A) Strengthening Cybersecurity of SATCOM Network Providers and Customers
2022-03-15JPCERT/CCShusei Tomonaga
@online{tomonaga:20220315:antiupx:f8c6f2f, author = {Shusei Tomonaga}, title = {{Anti-UPX Unpacking Technique}}, date = {2022-03-15}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2022/03/anti_upx_unpack.html}, language = {English}, urldate = {2022-03-28} } Anti-UPX Unpacking Technique
Mirai
2022-03-12Arash's BlogArash Parsa
@online{parsa:20220312:analyzing:5b0c5f2, author = {Arash Parsa}, title = {{Analyzing Malware with Hooks, Stomps, and Return-addresses}}, date = {2022-03-12}, organization = {Arash's Blog}, url = {https://www.arashparsa.com/catching-a-malware-with-no-name/}, language = {English}, urldate = {2022-03-28} } Analyzing Malware with Hooks, Stomps, and Return-addresses
Cobalt Strike
2022-03-07Check Point ResearchCheck Point
@online{point:20220307:lapsus:007ba79, author = {Check Point}, title = {{Lapsus$ Ransomware gang uses stolen source code to disguise malware files as trustworthy. Check Point customers remain protected}}, date = {2022-03-07}, organization = {Check Point Research}, url = {https://blog.checkpoint.com/2022/03/07/lapsus-ransomware-gang-uses-stolen-source-code-to-disguise-malware-files-as-trustworthy-check-point-customers-remain-protected/}, language = {English}, urldate = {2022-03-25} } Lapsus$ Ransomware gang uses stolen source code to disguise malware files as trustworthy. Check Point customers remain protected
LAPSUS
2022-03-02Bleeping ComputerBill Toulas
@online{toulas:20220302:log4shell:fa4dfeb, author = {Bill Toulas}, title = {{Log4shell exploits now used mostly for DDoS botnets, cryptominers}}, date = {2022-03-02}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/log4shell-exploits-now-used-mostly-for-ddos-botnets-cryptominers/}, language = {English}, urldate = {2022-03-07} } Log4shell exploits now used mostly for DDoS botnets, cryptominers
Kinsing Tsunami BillGates
2022-03-01CybereasonTom Fakterman, Ohav Peri
@online{fakterman:20220301:cybereason:b40f6c6, author = {Tom Fakterman and Ohav Peri}, title = {{Cybereason vs. BlackCat Ransomware}}, date = {2022-03-01}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/cybereason-vs.-blackcat-ransomware}, language = {English}, urldate = {2022-03-07} } Cybereason vs. BlackCat Ransomware
BlackCat
2022-02-26Atomic Matryoshkaz3r0day_504
@online{z3r0day504:20220226:infographic:7bb195e, author = {z3r0day_504}, title = {{Infographic: APTs in South America}}, date = {2022-02-26}, organization = {Atomic Matryoshka}, url = {https://www.atomicmatryoshka.com/post/infographic-apts-in-south-america}, language = {English}, urldate = {2022-03-01} } Infographic: APTs in South America
Imminent Monitor RAT Machete
2022-02-24MandiantRyan Tomcik, Emiel Haeghebaert, Tufail Ahmed
@online{tomcik:20220224:left:dfe77e0, author = {Ryan Tomcik and Emiel Haeghebaert and Tufail Ahmed}, title = {{Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity}}, date = {2022-02-24}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/telegram-malware-iranian-espionage}, language = {English}, urldate = {2022-03-01} } Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity
STARWHALE GRAMDOOR
2022-02-22CrowdStrikeJoseph Goodwin, Aspen Lindblom
@online{goodwin:20220222:crowdstrike:0518322, author = {Joseph Goodwin and Aspen Lindblom}, title = {{CrowdStrike Research Investigates Exploit Behavior to Strengthen Customer Protection}}, date = {2022-02-22}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/exploit-research-strengthens-customer-protection/}, language = {English}, urldate = {2022-03-02} } CrowdStrike Research Investigates Exploit Behavior to Strengthen Customer Protection
2022-02-21Atomic Matryoshkaz3r0day_504
@online{z3r0day504:20220221:ousaban:38cdf0b, author = {z3r0day_504}, title = {{Ousaban MSI Installer Analysis}}, date = {2022-02-21}, organization = {Atomic Matryoshka}, url = {https://www.atomicmatryoshka.com/post/ousaban-msi-installer-analysis}, language = {English}, urldate = {2022-02-26} } Ousaban MSI Installer Analysis
Ousaban
2022-02-18IntezerIntezer
@online{intezer:20220218:teamtnt:354772f, author = {Intezer}, title = {{TeamTNT Cryptomining Explosion}}, date = {2022-02-18}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/teamtnt-cryptomining-explosion/}, language = {English}, urldate = {2022-02-26} } TeamTNT Cryptomining Explosion
TeamTNT
2022-02-16Check Point ResearchAliaksandr Trafimchuk, Raman Ladutska
@online{trafimchuk:20220216:modern:a6f60a5, author = {Aliaksandr Trafimchuk and Raman Ladutska}, title = {{A Modern Ninja: Evasive Trickbot Attacks Customers of 60 High-Profile Companies}}, date = {2022-02-16}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2022/a-modern-ninja-evasive-trickbot-attacks-customers-of-60-high-profile-companies/}, language = {English}, urldate = {2022-02-18} } A Modern Ninja: Evasive Trickbot Attacks Customers of 60 High-Profile Companies
TrickBot