Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-10-18Cado SecurityNate Bill, Matt Muir
@online{bill:20231018:qubitstrike:860a8fa, author = {Nate Bill and Matt Muir}, title = {{Qubitstrike - An Emerging Malware Campaign Targeting Jupyter Notebooks}}, date = {2023-10-18}, organization = {Cado Security}, url = {https://www.cadosecurity.com/qubitstrike-an-emerging-malware-campaign-targeting-jupyter-notebooks/}, language = {English}, urldate = {2023-10-18} } Qubitstrike - An Emerging Malware Campaign Targeting Jupyter Notebooks
2023-10-17Oliver Hough
@online{hough:20231017:prospernot:0726780, author = {Oliver Hough}, title = {{PROSPERNOT (PROSPERO-AS) The Little AS That Could. Part 1}}, date = {2023-10-17}, url = {https://oliverhough.io/prospernot-prospero-as-the-little-as-that-could-part-1/}, language = {English}, urldate = {2023-10-17} } PROSPERNOT (PROSPERO-AS) The Little AS That Could. Part 1
2023-10-16Twitter (@embee_research)Embee_research
@online{embeeresearch:20231016:decoding:f01af37, author = {Embee_research}, title = {{Decoding a Simple Visual Basic (.vbs) Script - DarkGate Loader}}, date = {2023-10-16}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/decoding-a-simple-visual-basic-vbs-script-darkgate-loader/}, language = {English}, urldate = {2023-10-17} } Decoding a Simple Visual Basic (.vbs) Script - DarkGate Loader
DarkGate
2023-10-16SekoiaThreat & Detection Research Team, sekoia
@online{team:20231016:clearfake:79236a9, author = {Threat & Detection Research Team and sekoia}, title = {{ClearFake: a newcomer to the “fake updates” threats landscape}}, date = {2023-10-16}, organization = {Sekoia}, url = {https://blog.sekoia.io/clearfake-a-newcomer-to-the-fake-updates-threats-landscape/}, language = {English}, urldate = {2023-10-17} } ClearFake: a newcomer to the “fake updates” threats landscape
ClearFake
2023-10-15Cert-UACert-UA
@online{certua:20231015:peculiarities:c150d45, author = {Cert-UA}, title = {{Peculiarities of destructive cyber attacks against Ukrainian providers (CERT-UA#7627)}}, date = {2023-10-15}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/6123309}, language = {Ukrainian}, urldate = {2023-10-17} } Peculiarities of destructive cyber attacks against Ukrainian providers (CERT-UA#7627)
Poseidon
2023-10-13AhnLabASEC Analysis Team
@online{team:20231013:analysis:ff83513, author = {ASEC Analysis Team}, title = {{Analysis Report on Lazarus Threat Group’s Volgmer and Scout Malware}}, date = {2023-10-13}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/57685/}, language = {English}, urldate = {2023-10-20} } Analysis Report on Lazarus Threat Group’s Volgmer and Scout Malware
JessieConTea Scout Volgmer
2023-10-12Cluster25Cluster25 Threat Intel Team
@online{team:20231012:cve202338831:6b50b62, author = {Cluster25 Threat Intel Team}, title = {{CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations}}, date = {2023-10-12}, organization = {Cluster25}, url = {https://blog.cluster25.duskrise.com/2023/10/12/cve-2023-38831-russian-attack}, language = {English}, urldate = {2023-10-13} } CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations
Agent Tesla Crimson RAT Nanocore RAT SmokeLoader
2023-10-12SpamhausSpamhaus Malware Labs
@techreport{labs:20231012:spamhaus:cc0ff5c, author = {Spamhaus Malware Labs}, title = {{Spamhaus Botnet Threat Update Q3 2023}}, date = {2023-10-12}, institution = {Spamhaus}, url = {https://info.spamhaus.com/hubfs/Botnet%20Reports/2023%20Q3%20Botnet%20Threat%20Update.pdf}, language = {English}, urldate = {2023-10-17} } Spamhaus Botnet Threat Update Q3 2023
FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar
2023-10-12TrendmicroTrend Micro Research
@online{research:20231012:darkgate:10d712d, author = {Trend Micro Research}, title = {{DarkGate Opens Organizations for Attack via Skype, Teams}}, date = {2023-10-12}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html}, language = {English}, urldate = {2023-10-18} } DarkGate Opens Organizations for Attack via Skype, Teams
DarkGate
2023-10-10cybleCyble
@online{cyble:20231010:threat:4adb5be, author = {Cyble}, title = {{Threat Actor deploys Mythic’s Athena Agent to target Russian Semiconductor Suppliers}}, date = {2023-10-10}, organization = {cyble}, url = {https://cyble.com/blog/threat-actor-deploys-mythics-athena-agent-to-target-russian-semiconductor-suppliers/}, language = {English}, urldate = {2023-10-12} } Threat Actor deploys Mythic’s Athena Agent to target Russian Semiconductor Suppliers
Athena
2023-10-10SymantecThreat Hunter Team
@online{team:20231010:grayling:ebc3b74, author = {Threat Hunter Team}, title = {{Grayling: Previously Unseen Threat Actor Targets Multiple Organizations in Taiwan}}, date = {2023-10-10}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayling-taiwan-cyber-attacks}, language = {English}, urldate = {2023-10-11} } Grayling: Previously Unseen Threat Actor Targets Multiple Organizations in Taiwan
Cobalt Strike Havoc MimiKatz Grayling
2023-10-10Qianxinadmin
@online{admin:20231010:sand:f91a858, author = {admin}, title = {{Sand Cat Group - Attacks on Kurdistan Democratic Party (KDP) Activists}}, date = {2023-10-10}, organization = {Qianxin}, url = {https://www.ctfiot.com/138538.html}, language = {English}, urldate = {2023-10-12} } Sand Cat Group - Attacks on Kurdistan Democratic Party (KDP) Activists
MOrder RAT Caracal Kitten
2023-10-05ESET ResearchFernando Tavella
@online{tavella:20231005:operation:cf892cd, author = {Fernando Tavella}, title = {{Operation Jacana: Foundling hobbits in Guyana}}, date = {2023-10-05}, organization = {ESET Research}, url = {https://www.welivesecurity.com/en/eset-research/operation-jacana-spying-guyana-entity/}, language = {English}, urldate = {2023-10-09} } Operation Jacana: Foundling hobbits in Guyana
DinodasRAT
2023-10-05TalosGuilherme Venere
@online{venere:20231005:qakbotaffiliated:f830478, author = {Guilherme Venere}, title = {{Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown}}, date = {2023-10-05}, organization = {Talos}, url = {https://blog.talosintelligence.com/qakbot-affiliated-actors-distribute-ransom/}, language = {English}, urldate = {2023-10-05} } Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown
QakBot
2023-10-05Twitter (@embee_research)Embee_research
@online{embeeresearch:20231005:introduction:4edb3e1, author = {Embee_research}, title = {{Introduction to DotNet Configuration Extraction - RevengeRAT}}, date = {2023-10-05}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/introduction-to-dotnet-configuration-extraction-revengerat/}, language = {English}, urldate = {2023-10-05} } Introduction to DotNet Configuration Extraction - RevengeRAT
Revenge RAT
2023-10-05EclecticIQArda Büyükkaya
@online{bykkaya:20231005:chinese:7bd80ab, author = {Arda Büyükkaya}, title = {{Chinese State-Sponsored Cyber Espionage Activity Targeting Semiconductor Industry in East Asia}}, date = {2023-10-05}, organization = {EclecticIQ}, url = {https://blog.eclecticiq.com/chinese-state-sponsored-cyber-espionage-activity-targeting-semiconductor-industry-in-east-asia}, language = {English}, urldate = {2023-10-06} } Chinese State-Sponsored Cyber Espionage Activity Targeting Semiconductor Industry in East Asia
ChargeWeapon Carderbee
2023-10-05Group-IBGroup-IB
@online{groupib:20231005:lets:08bd64c, author = {Group-IB}, title = {{Let's dig deeper: dissecting the new Android Trojan GoldDigger with Group-IB Fraud Matrix}}, date = {2023-10-05}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/golddigger-fraud-matrix/}, language = {English}, urldate = {2023-10-09} } Let's dig deeper: dissecting the new Android Trojan GoldDigger with Group-IB Fraud Matrix
GoldDigger
2023-10-04Twitter (@embee_research)Embee_research
@online{embeeresearch:20231004:developing:c147c2f, author = {Embee_research}, title = {{Developing Yara Signatures for Malware - Practical Examples}}, date = {2023-10-04}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/practical-signatures-for-identifying-malware-with-yara/}, language = {English}, urldate = {2023-10-05} } Developing Yara Signatures for Malware - Practical Examples
DarkGate Lu0Bot
2023-10-03Outpost24David Catalan
@online{catalan:20231003:rhadamanthys:fb542d8, author = {David Catalan}, title = {{Rhadamanthys malware analysis: How infostealers use VMs to avoid analysis}}, date = {2023-10-03}, organization = {Outpost24}, url = {https://outpost24.com/blog/rhadamanthys-malware-analysis/}, language = {English}, urldate = {2023-10-05} } Rhadamanthys malware analysis: How infostealers use VMs to avoid analysis
Rhadamanthys
2023-10-03Twitter (@ShilpeshTrivedi)Shilpesh Trivedi
@online{trivedi:20231003:about:ce99df5, author = {Shilpesh Trivedi}, title = {{Tweet about possible Rebranding/Deriviate for ERMAC called Rusty Droid}}, date = {2023-10-03}, organization = {Twitter (@ShilpeshTrivedi)}, url = {https://twitter.com/ShilpeshTrivedi/status/1709096404835356883}, language = {English}, urldate = {2023-10-09} } Tweet about possible Rebranding/Deriviate for ERMAC called Rusty Droid
ERMAC