Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-06-17IntezerRyan Robinson
@online{robinson:20210617:klingon:ed4d44f, author = {Ryan Robinson}, title = {{Klingon RAT Holding on for Dear Life}}, date = {2021-06-17}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/klingon-rat-holding-on-for-dear-life/}, language = {English}, urldate = {2021-06-21} } Klingon RAT Holding on for Dear Life
KlingonRAT
2021-06-17ProofpointKonstantin Klinger, Dennis Schwarz, Selena Larson
@online{klinger:20210617:new:2641c84, author = {Konstantin Klinger and Dennis Schwarz and Selena Larson}, title = {{New TA402 Molerats Malware Targets Governments in the Middle East}}, date = {2021-06-17}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/new-ta402-molerats-malware-targets-governments-middle-east}, language = {English}, urldate = {2021-06-21} } New TA402 Molerats Malware Targets Governments in the Middle East
Molerat Loader
2021-05-27cyberpunkleighcyberpunkleigh
@online{cyberpunkleigh:20210527:apostle:f53c506, author = {cyberpunkleigh}, title = {{Apostle Ransomware Analysis}}, date = {2021-05-27}, organization = {cyberpunkleigh}, url = {https://cyberpunkleigh.wordpress.com/2021/05/27/apostle-ransomware-analysis/}, language = {English}, urldate = {2021-06-24} } Apostle Ransomware Analysis
Apostle
2021-05-19Nozomi NetworksAlexey Kleymenov
@online{kleymenov:20210519:colonial:e537383, author = {Alexey Kleymenov}, title = {{Colonial Pipeline Ransomware Attack: Revealing How DarkSide Works}}, date = {2021-05-19}, organization = {Nozomi Networks}, url = {https://www.nozominetworks.com/blog/colonial-pipeline-ransomware-attack-revealing-how-darkside-works/}, language = {English}, urldate = {2021-05-26} } Colonial Pipeline Ransomware Attack: Revealing How DarkSide Works
DarkSide
2021-04-16Trend MicroSteven Du, Dechao Zhao, Luis Magisa, Ariel Neimond Lazaro
@online{du:20210416:xcsset:9c5ad09, author = {Steven Du and Dechao Zhao and Luis Magisa and Ariel Neimond Lazaro}, title = {{XCSSET Quickly Adapts to macOS 11 and M1-based Macs}}, date = {2021-04-16}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/d/xcsset-quickly-adapts-to-macos-11-and-m1-based-macs.html}, language = {English}, urldate = {2021-04-28} } XCSSET Quickly Adapts to macOS 11 and M1-based Macs
XCSSET
2021-03-09360 netlabJiaYu
@online{jiayu:20210309:threat:fa2a2a3, author = {JiaYu}, title = {{Threat Alert: z0Miner Is Spreading quickly by Exploiting ElasticSearch and Jenkins Vulnerabilities}}, date = {2021-03-09}, organization = {360 netlab}, url = {https://blog.netlab.360.com/threat-alert-z0miner-is-spreading-quickly-by-exploiting-elasticsearch-and-jenkins-vulnerabilities/}, language = {English}, urldate = {2021-03-11} } Threat Alert: z0Miner Is Spreading quickly by Exploiting ElasticSearch and Jenkins Vulnerabilities
2021-02-22AdvIntelBeatriz Pimenta Klein
@online{klein:20210222:economic:904a7ed, author = {Beatriz Pimenta Klein}, title = {{Economic Growth, Digital Inclusion, & Specialized Crime: Financial Cyber Fraud in LATAM}}, date = {2021-02-22}, organization = {AdvIntel}, url = {https://www.advintel.io/post/economic-growth-digital-inclusion-specialized-crime-financial-cyber-fraud-in-latam}, language = {English}, urldate = {2022-02-16} } Economic Growth, Digital Inclusion, & Specialized Crime: Financial Cyber Fraud in LATAM
BRATA Mekotio Metamorfo Ploutus ATM VictoryGate
2021-02-08Medium kurtikleitonkleiton0x7e
@online{kleiton0x7e:20210208:evade:2136d7f, author = {kleiton0x7e}, title = {{Evade EDR with Shellcode Injection and gain persistence using Registry Run Keys}}, date = {2021-02-08}, organization = {Medium kurtikleiton}, url = {https://kurtikleiton.medium.com/evade-avs-edr-with-shellcode-injection-159dde4dba1a}, language = {English}, urldate = {2021-02-09} } Evade EDR with Shellcode Injection and gain persistence using Registry Run Keys
2021-01-26FireEyeBernard Sapaden, Mohammed Mohsin Dalla, Rahul Mohandas, Sachin Shukla, Srini Seethapathy, Sujnani Ravindra
@online{sapaden:20210126:phishing:9b3dbb3, author = {Bernard Sapaden and Mohammed Mohsin Dalla and Rahul Mohandas and Sachin Shukla and Srini Seethapathy and Sujnani Ravindra}, title = {{Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication}}, date = {2021-01-26}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/01/phishing-campaign-woff-obfuscation-telegram-communications.html}, language = {English}, urldate = {2021-01-29} } Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication
2021-01-24malwareandstuff blogAndreas Klopsch
@online{klopsch:20210124:catching:3a3897f, author = {Andreas Klopsch}, title = {{Catching Debuggers with Section Hashing}}, date = {2021-01-24}, organization = {malwareandstuff blog}, url = {https://malwareandstuff.com/catching-debuggers-with-section-hashing/}, language = {English}, urldate = {2021-02-06} } Catching Debuggers with Section Hashing
2021-01-24evotecPrzemyslaw Klys
@online{klys:20210124:only:57d75f9, author = {Przemyslaw Klys}, title = {{The only command you will ever need to understand and fix your Group Policies (GPO)}}, date = {2021-01-24}, organization = {evotec}, url = {https://evotec.xyz/the-only-command-you-will-ever-need-to-understand-and-fix-your-group-policies-gpo/}, language = {English}, urldate = {2021-02-06} } The only command you will ever need to understand and fix your Group Policies (GPO)
2021-01-19MalwarebytesMarcin Kleczynski
@online{kleczynski:20210119:malwarebytes:2fe3d7d, author = {Marcin Kleczynski}, title = {{Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments}}, date = {2021-01-19}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/}, language = {English}, urldate = {2021-01-21} } Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments
2021-01-14ImpervaShiran Bareli
@online{bareli:20210114:python:c95ebf6, author = {Shiran Bareli}, title = {{Python Cryptominer Botnet Quickly Adopts Latest Vulnerabilities}}, date = {2021-01-14}, organization = {Imperva}, url = {https://www.imperva.com/blog/python-cryptominer-botnet-quickly-adopts-latest-vulnerabilities/}, language = {English}, urldate = {2021-01-21} } Python Cryptominer Botnet Quickly Adopts Latest Vulnerabilities
2021SecureworksSecureWorks
@online{secureworks:2021:threat:c0ba914, author = {SecureWorks}, title = {{Threat Profile: GOLD FRANKLIN}}, date = {2021}, organization = {Secureworks}, url = {http://www.secureworks.com/research/threat-profiles/gold-franklin}, language = {English}, urldate = {2021-05-31} } Threat Profile: GOLD FRANKLIN
Grateful POS Meterpreter MimiKatz RemCom FIN6
2020-12-16LookoutRobert Nickle, Apurva Kumar, Justin Albrecht, Diane Wee
@online{nickle:20201216:lookout:089b35a, author = {Robert Nickle and Apurva Kumar and Justin Albrecht and Diane Wee}, title = {{Lookout Discovers New Spyware Used by Sextortionists to Blackmail iOS and Android Users}}, date = {2020-12-16}, organization = {Lookout}, url = {https://blog.lookout.com/lookout-discovers-new-spyware-goontact-used-by-sextortionists-for-blackmail}, language = {English}, urldate = {2020-12-17} } Lookout Discovers New Spyware Used by Sextortionists to Blackmail iOS and Android Users
goontact
2020-10-27CofenseAdam Martin, Nathaniel Sagibanda, Kian Buckley Maher, Cofense Phishing Defense Center
@online{martin:20201027:purchase:efee82d, author = {Adam Martin and Nathaniel Sagibanda and Kian Buckley Maher and Cofense Phishing Defense Center}, title = {{Purchase Order Phishing, the Everlasting Phishing Tactic}}, date = {2020-10-27}, organization = {Cofense}, url = {https://cofense.com/purchase-order-phishing-the-everlasting-phishing-tactic/}, language = {English}, urldate = {2020-11-02} } Purchase Order Phishing, the Everlasting Phishing Tactic
2020-10-16GoogleShane Huntley, Google Threat Analysis Group
@online{huntley:20201016:how:baafd73, author = {Shane Huntley and Google Threat Analysis Group}, title = {{How we're tackling evolving online threats}}, date = {2020-10-16}, organization = {Google}, url = {https://blog.google/threat-analysis-group/how-were-tackling-evolving-online-threats}, language = {English}, urldate = {2020-10-23} } How we're tackling evolving online threats
2020-09-22Heise SecurityOlivia von Westernhagen
@online{westernhagen:20200922:uniklinik:bae1c32, author = {Olivia von Westernhagen}, title = {{Uniklinik Düsseldorf: Ransomware "DoppelPaymer" soll hinter dem Angriff stecken}}, date = {2020-09-22}, organization = {Heise Security}, url = {https://www.heise.de/news/Uniklinik-Duesseldorf-Ransomware-DoppelPaymer-soll-hinter-dem-Angriff-stecken-4908608.html}, language = {German}, urldate = {2020-09-23} } Uniklinik Düsseldorf: Ransomware "DoppelPaymer" soll hinter dem Angriff stecken
DoppelPaymer
2020-09-13Twitter (@bartblaze)BartBlaze
@online{bartblaze:20200913:cryakl:3d29bf0, author = {BartBlaze}, title = {{Tweet on Cryakl 2.0.0.0}}, date = {2020-09-13}, organization = {Twitter (@bartblaze)}, url = {https://twitter.com/bartblaze/status/1305197264332369920}, language = {English}, urldate = {2020-09-15} } Tweet on Cryakl 2.0.0.0
Cryakl
2020-07-12Malware and StuffAndreas Klopsch
@online{klopsch:20200712:deobfuscating:a374688, author = {Andreas Klopsch}, title = {{Deobfuscating DanaBot’s API Hashing}}, date = {2020-07-12}, organization = {Malware and Stuff}, url = {https://malwareandstuff.com/deobfuscating-danabots-api-hashing/}, language = {English}, urldate = {2020-07-15} } Deobfuscating DanaBot’s API Hashing
DanaBot