Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-12-16FortinetFred Gutierrez, Val Saengphaibul
@online{gutierrez:20201216:adversary:3b3781a, author = {Fred Gutierrez and Val Saengphaibul}, title = {{Adversary Playbook: JavaScript RAT Looking for that Government Cheese}}, date = {2020-12-16}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/adversary-playbook-javascript-rat-looking-for-that-government-cheese}, language = {English}, urldate = {2021-01-18} } Adversary Playbook: JavaScript RAT Looking for that Government Cheese
JSOutProx
2020-11-11DomainToolsJoe Slowik
@online{slowik:20201111:extrapolating:8998b55, author = {Joe Slowik}, title = {{Extrapolating Adversary Intent Through Infrastructure}}, date = {2020-11-11}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/extrapolating-adversary-intent-through-infrastructure}, language = {English}, urldate = {2020-11-19} } Extrapolating Adversary Intent Through Infrastructure
2020-11-05Github (scythe-io)SCYTHE
@online{scythe:20201105:ryuk:8d7c4de, author = {SCYTHE}, title = {{Ryuk Adversary Emulation Plan}}, date = {2020-11-05}, organization = {Github (scythe-io)}, url = {https://github.com/scythe-io/community-threats/tree/master/Ryuk}, language = {English}, urldate = {2020-11-11} } Ryuk Adversary Emulation Plan
Ryuk
2020-10-27Sophos Managed Threat Response (MTR)Greg Iddon
@online{iddon:20201027:mtr:3b62ca9, author = {Greg Iddon}, title = {{MTR Casebook: An active adversary caught in the act}}, date = {2020-10-27}, organization = {Sophos Managed Threat Response (MTR)}, url = {https://news.sophos.com/en-us/2020/10/27/mtr-casebook-an-active-adversary-caught-in-the-act/}, language = {English}, urldate = {2020-11-02} } MTR Casebook: An active adversary caught in the act
Cobalt Strike
2020-09-15Seguranca InformaticaPedro Tavares
@online{tavares:20200915:threat:e046dec, author = {Pedro Tavares}, title = {{Threat analysis: The emergent URSA trojan impacts many countries using a sophisticated loader}}, date = {2020-09-15}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/}, language = {English}, urldate = {2021-06-07} } Threat analysis: The emergent URSA trojan impacts many countries using a sophisticated loader
Mispadu
2020-09-11RSA Conference (YouTube)Brook Chelmo
@online{chelmo:20200911:two:e4f5286, author = {Brook Chelmo}, title = {{Two weeks with a Russian Ransomware Cell}}, date = {2020-09-11}, organization = {RSA Conference (YouTube)}, url = {https://youtu.be/Oqg20dF8tTA}, language = {English}, urldate = {2023-10-10} } Two weeks with a Russian Ransomware Cell
HILDACRYPT
2020-08-11FireEyeNick Schroeder, Harris Ansari, Brendan McKeague, Tim Martin, Alex Pennino
@online{schroeder:20200811:cookiejar:8fd0fd9, author = {Nick Schroeder and Harris Ansari and Brendan McKeague and Tim Martin and Alex Pennino}, title = {{COOKIEJAR: Tracking Adversaries With FireEye Endpoint Security’s Logon Tracker Module}}, date = {2020-08-11}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/08/cookiejar-tracking-adversaries-with-fireeye-endpoint-security-module.html}, language = {English}, urldate = {2020-08-14} } COOKIEJAR: Tracking Adversaries With FireEye Endpoint Security’s Logon Tracker Module
2020-07-17ZscalerSudeep Singh, Kaivalya Khursale
@online{singh:20200717:new:2f385f2, author = {Sudeep Singh and Kaivalya Khursale}, title = {{New Voicemail-Themed Phishing Attacks Use Evasion Techniques and Steal Credentials}}, date = {2020-07-17}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/new-voicemail-themed-phishing-attacks-use-evasion-techniques-and-steal-credentials}, language = {English}, urldate = {2022-07-01} } New Voicemail-Themed Phishing Attacks Use Evasion Techniques and Steal Credentials
2020-07-14CrowdStrikeFalcon OverWatch Team
@online{team:20200714:manufacturing:3e552ec, author = {Falcon OverWatch Team}, title = {{Manufacturing Industry in the Adversaries’ Crosshairs}}, date = {2020-07-14}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/adversaries-targeting-the-manufacturing-industry/}, language = {English}, urldate = {2020-07-23} } Manufacturing Industry in the Adversaries’ Crosshairs
ShadowPad Snake
2020-05-20Avast DecodedDavid Jursa, Simi Musilova, Jan Rubín, Alexej Savčin
@online{jursa:20200520:ghostdns:43190d5, author = {David Jursa and Simi Musilova and Jan Rubín and Alexej Savčin}, title = {{GhostDNS Source Code Leaked}}, date = {2020-05-20}, organization = {Avast Decoded}, url = {https://decoded.avast.io/simonamusilova/ghostdns-source-code-leaked/}, language = {English}, urldate = {2020-05-23} } GhostDNS Source Code Leaked
2020-05-01Macnica NetworksTeamT5, Macnica Networks
@techreport{teamt5:20200501:cyber:70c9cbc, author = {TeamT5 and Macnica Networks}, title = {{Cyber Espionage Tradecraft in the Real World Adversaries targeting Japan in the second half of 2019}}, date = {2020-05-01}, institution = {Macnica Networks}, url = {https://www.macnica.net/pdf/mpressioncss_ta_report_2019_4_en.pdf}, language = {English}, urldate = {2021-02-26} } Cyber Espionage Tradecraft in the Real World Adversaries targeting Japan in the second half of 2019
TSCookie LODEINFO
2020-04-08SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20200408:how:192d583, author = {Counter Threat Unit ResearchTeam}, title = {{How Cyber Adversaries are Adapting to Exploit the Global Pandemic}}, date = {2020-04-08}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/how-cyber-adversaries-are-adapting-to-exploit-the-global-pandemic}, language = {English}, urldate = {2021-05-28} } How Cyber Adversaries are Adapting to Exploit the Global Pandemic
GOLD SOUTHFIELD TA2101 TA505 WIZARD SPIDER
2020-03-31FireEyeVan Ta, Aaron Stephens
@online{ta:20200331:its:632dfca, author = {Van Ta and Aaron Stephens}, title = {{It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit}}, date = {2020-03-31}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/03/the-cycle-of-adversary-pursuit.html}, language = {English}, urldate = {2020-04-06} } It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit
Ryuk TrickBot UNC1878
2020-03-24RSAHermes Bojaxhi
@online{bojaxhi:20200324:exchange:bd67613, author = {Hermes Bojaxhi}, title = {{Exchange Exploit Case Study – CVE-2020-0688}}, date = {2020-03-24}, organization = {RSA}, url = {https://community.rsa.com/community/products/netwitness/blog/2020/03/24/exchange-exploit-case-study-cve-2020-0688}, language = {English}, urldate = {2021-02-02} } Exchange Exploit Case Study – CVE-2020-0688
2020-03-02Virus BulletinAlex Hinchliffe
@online{hinchliffe:20200302:pulling:35771e7, author = {Alex Hinchliffe}, title = {{Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary}}, date = {2020-03-02}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-pulling-pkplug-adversary-playbook-long-standing-espionage-activity-chinese-nation-state-adversary/}, language = {English}, urldate = {2020-03-02} } Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary
HenBox Farseer PlugX Poison Ivy
2020-02-25RSA ConferenceJoel DeCapua
@online{decapua:20200225:feds:423f929, author = {Joel DeCapua}, title = {{Feds Fighting Ransomware: How the FBI Investigates and How You Can Help}}, date = {2020-02-25}, organization = {RSA Conference}, url = {https://www.youtube.com/watch?v=LUxOcpIRxmg}, language = {English}, urldate = {2020-03-04} } Feds Fighting Ransomware: How the FBI Investigates and How You Can Help
FastCash Cerber Defray Dharma FriedEx Gandcrab GlobeImposter Mamba Phobos Rapid Ransom REvil Ryuk SamSam Zeus
2019-11-21Bleeping ComputerLawrence Abrams
@online{abrams:20191121:allied:a3d69d7, author = {Lawrence Abrams}, title = {{Allied Universal Breached by Maze Ransomware, Stolen Data Leaked}}, date = {2019-11-21}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/allied-universal-breached-by-maze-ransomware-stolen-data-leaked/}, language = {English}, urldate = {2020-01-08} } Allied Universal Breached by Maze Ransomware, Stolen Data Leaked
Maze
2019-11-13CrowdStrikeJen Ayers, Jason Rivera
@techreport{ayers:20191113:through:70cc3b3, author = {Jen Ayers and Jason Rivera}, title = {{Through the Eyes of the Adversary}}, date = {2019-11-13}, institution = {CrowdStrike}, url = {https://na.eventscloud.com/file_uploads/6568237bca6dc156e5c5557c5989e97c_CrowdStrikeFal.Con2019_ThroughEyesOfAdversary_J.Ayers.pdf}, language = {English}, urldate = {2020-03-22} } Through the Eyes of the Adversary
TrickBot CLOCKWORK SPIDER
2019-09-22ProofpointMichael Raggi, Proofpoint Threat Insight Team
@online{raggi:20190922:lookback:51454f7, author = {Michael Raggi and Proofpoint Threat Insight Team}, title = {{LookBack Forges Ahead: Continued Targeting of the United States’ Utilities Sector Reveals Additional Adversary TTPs}}, date = {2019-09-22}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/lookback-forges-ahead-continued-targeting-united-states-utilities-sector-reveals}, language = {English}, urldate = {2019-12-20} } LookBack Forges Ahead: Continued Targeting of the United States’ Utilities Sector Reveals Additional Adversary TTPs
Lookback TA410
2019-06-20SymantecSymantec DeepSight Adversary Intelligence Team, Symantec Network Protection Security Labs
@online{team:20190620:waterbug:9c50dd1, author = {Symantec DeepSight Adversary Intelligence Team and Symantec Network Protection Security Labs}, title = {{Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments}}, date = {2019-06-20}, organization = {Symantec}, url = {https://www.symantec.com/blogs/threat-intelligence/waterbug-espionage-governments}, language = {English}, urldate = {2020-01-13} } Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments
LightNeuron