Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-02-24MandiantRyan Tomcik, Emiel Haeghebaert, Tufail Ahmed
@online{tomcik:20220224:left:dfe77e0, author = {Ryan Tomcik and Emiel Haeghebaert and Tufail Ahmed}, title = {{Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity}}, date = {2022-02-24}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/telegram-malware-iranian-espionage}, language = {English}, urldate = {2022-03-01} } Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity
STARWHALE GRAMDOOR
2022-02-22CrowdStrikeJoseph Goodwin, Aspen Lindblom
@online{goodwin:20220222:crowdstrike:0518322, author = {Joseph Goodwin and Aspen Lindblom}, title = {{CrowdStrike Research Investigates Exploit Behavior to Strengthen Customer Protection}}, date = {2022-02-22}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/exploit-research-strengthens-customer-protection/}, language = {English}, urldate = {2022-03-02} } CrowdStrike Research Investigates Exploit Behavior to Strengthen Customer Protection
2022-02-21Atomic Matryoshkaz3r0day_504
@online{z3r0day504:20220221:ousaban:38cdf0b, author = {z3r0day_504}, title = {{Ousaban MSI Installer Analysis}}, date = {2022-02-21}, organization = {Atomic Matryoshka}, url = {https://www.atomicmatryoshka.com/post/ousaban-msi-installer-analysis}, language = {English}, urldate = {2022-02-26} } Ousaban MSI Installer Analysis
Ousaban
2022-02-18IntezerIntezer
@online{intezer:20220218:teamtnt:354772f, author = {Intezer}, title = {{TeamTNT Cryptomining Explosion}}, date = {2022-02-18}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/teamtnt-cryptomining-explosion/}, language = {English}, urldate = {2022-02-26} } TeamTNT Cryptomining Explosion
TeamTNT
2022-02-16Threat PostTara Seals
@online{seals:20220216:trickbot:a1c11b3, author = {Tara Seals}, title = {{TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands}}, date = {2022-02-16}, organization = {Threat Post}, url = {https://threatpost.com/trickbot-amazon-paypal-top-brands/178483/}, language = {English}, urldate = {2022-02-17} } TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands
TrickBot
2022-02-16Check Point ResearchAliaksandr Trafimchuk, Raman Ladutska
@online{trafimchuk:20220216:modern:a6f60a5, author = {Aliaksandr Trafimchuk and Raman Ladutska}, title = {{A Modern Ninja: Evasive Trickbot Attacks Customers of 60 High-Profile Companies}}, date = {2022-02-16}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2022/a-modern-ninja-evasive-trickbot-attacks-customers-of-60-high-profile-companies/}, language = {English}, urldate = {2022-02-18} } A Modern Ninja: Evasive Trickbot Attacks Customers of 60 High-Profile Companies
TrickBot
2022-02-09Sentinel LABSTom Hegel
@online{hegel:20220209:modifiedelephant:b004138, author = {Tom Hegel}, title = {{ModifiedElephant APT and a Decade of Fabricating Evidence}}, date = {2022-02-09}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/}, language = {English}, urldate = {2022-02-14} } ModifiedElephant APT and a Decade of Fabricating Evidence
DarkComet Incubator NetWire RC ModifiedElephant
2022-02-09SentinelOneTom Hegel, Juan Andrés Guerrero-Saade
@techreport{hegel:20220209:modified:3c039c6, author = {Tom Hegel and Juan Andrés Guerrero-Saade}, title = {{Modified Elephant APT and a Decade of Fabricating Evidence}}, date = {2022-02-09}, institution = {SentinelOne}, url = {https://www.sentinelone.com/wp-content/uploads/2022/02/Modified-Elephant-APT-and-a-Decade-of-Fabricating-Evidence-SentinelLabs.pdf}, language = {English}, urldate = {2022-02-14} } Modified Elephant APT and a Decade of Fabricating Evidence
DarkComet Incubator NetWire RC
2022-02-04Medium tomiwa-xyAdetomiwa
@online{adetomiwa:20220204:static:86b3c83, author = {Adetomiwa}, title = {{Static analysis of Goldenhelper Malware (Golden Tax malware)}}, date = {2022-02-04}, organization = {Medium tomiwa-xy}, url = {https://tomiwa-xy.medium.com/static-analysis-of-goldenhelper-malware-golden-tax-malware-d9f85a88e74d}, language = {English}, urldate = {2022-02-17} } Static analysis of Goldenhelper Malware (Golden Tax malware)
GoldenHelper
2022-02-03SymantecSymantec Threat Hunter Team
@online{team:20220203:antlion:f2f0600, author = {Symantec Threat Hunter Team}, title = {{Antlion: Chinese APT Uses Custom Backdoor to Target Financial Institutions in Taiwan}}, date = {2022-02-03}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/china-apt-antlion-taiwan-financial-attacks}, language = {English}, urldate = {2022-02-04} } Antlion: Chinese APT Uses Custom Backdoor to Target Financial Institutions in Taiwan
MimiKatz xPack Antlion
2022-02-02Cado SecurityCado Security
@online{security:20220202:coinstomp:f8b12e2, author = {Cado Security}, title = {{CoinStomp Malware Family Targets Asian Cloud Service Providers}}, date = {2022-02-02}, organization = {Cado Security}, url = {https://www.cadosecurity.com/coinstomp-malware-family-targets-asian-cloud-service-providers/}, language = {English}, urldate = {2022-02-04} } CoinStomp Malware Family Targets Asian Cloud Service Providers
2022-02-01CybereasonTom Fakterman
@online{fakterman:20220201:strifewater:a2694c3, author = {Tom Fakterman}, title = {{StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations}}, date = {2022-02-01}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/strifewater-rat-iranian-apt-moses-staff-adds-new-trojan-to-ransomware-operations}, language = {English}, urldate = {2022-02-02} } StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations
StrifeWater RAT MosesStaff
2022-01-31CyberArkArash Parsa
@online{parsa:20220131:analyzing:c496cc6, author = {Arash Parsa}, title = {{Analyzing Malware with Hooks, Stomps and Return-addresses}}, date = {2022-01-31}, organization = {CyberArk}, url = {https://www.cyberark.com/resources/threat-research/analyzing-malware-with-hooks-stomps-and-return-addresses-2}, language = {English}, urldate = {2022-05-09} } Analyzing Malware with Hooks, Stomps and Return-addresses
Cobalt Strike
2022-01-28Atomic Matryoshkaz3r0day_504
@online{z3r0day504:20220128:malware:3628b1b, author = {z3r0day_504}, title = {{Malware Headliners: LokiBot}}, date = {2022-01-28}, organization = {Atomic Matryoshka}, url = {https://www.atomicmatryoshka.com/post/malware-headliners-lokibot}, language = {English}, urldate = {2022-02-01} } Malware Headliners: LokiBot
Loki Password Stealer (PWS)
2022-01-22Atomic Matryoshkaz3r0day_504
@online{z3r0day504:20220122:malware:1ec08ef, author = {z3r0day_504}, title = {{Malware Headliners: Emotet}}, date = {2022-01-22}, organization = {Atomic Matryoshka}, url = {https://www.atomicmatryoshka.com/post/malware-headliners-emotet}, language = {English}, urldate = {2022-02-01} } Malware Headliners: Emotet
Emotet
2022-01-15MicrosoftTom Burt
@online{burt:20220115:malware:5f4e2d4, author = {Tom Burt}, title = {{Malware attacks targeting Ukraine government (DEV-0586)}}, date = {2022-01-15}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2022/01/15/mstic-malware-cyberattacks-ukraine-government/}, language = {English}, urldate = {2022-04-15} } Malware attacks targeting Ukraine government (DEV-0586)
WhisperGate
2022-01-15Atomic Matryoshkaz3r0day_504
@online{z3r0day504:20220115:malware:ce94f8c, author = {z3r0day_504}, title = {{Malware Headliners: Qakbot}}, date = {2022-01-15}, organization = {Atomic Matryoshka}, url = {https://www.atomicmatryoshka.com/post/malware-headliners-qakbot}, language = {English}, urldate = {2022-02-01} } Malware Headliners: Qakbot
QakBot
2022-01-09Atomic Matryoshkaz3r0day_504
@online{z3r0day504:20220109:malware:81e38aa, author = {z3r0day_504}, title = {{Malware Headliners: Dridex}}, date = {2022-01-09}, organization = {Atomic Matryoshka}, url = {https://www.atomicmatryoshka.com/post/malware-headliners-dridex}, language = {English}, urldate = {2022-02-01} } Malware Headliners: Dridex
Dridex
2022-01-02Medium amgedwagehAmged Wageh
@online{wageh:20220102:automating:90d5701, author = {Amged Wageh}, title = {{Automating The Analysis Of An AutoIT Script That Wraps A Remcos RAT}}, date = {2022-01-02}, organization = {Medium amgedwageh}, url = {https://medium.com/@amgedwageh/analysis-of-an-autoit-script-that-wraps-a-remcos-rat-6b5b66075b87}, language = {English}, urldate = {2022-01-25} } Automating The Analysis Of An AutoIT Script That Wraps A Remcos RAT
Remcos
2022-01-02Atomic Matryoshkaz3r0day_504
@online{z3r0day504:20220102:cracking:0315ea6, author = {z3r0day_504}, title = {{"Cracking Open the Malware Piñata" Series: Intro to Dynamic Analysis with RedLineStealer}}, date = {2022-01-02}, organization = {Atomic Matryoshka}, url = {https://www.atomicmatryoshka.com/post/cracking-open-the-malware-pi%C3%B1ata-series-intro-to-dynamic-analysis-with-redlinestealer}, language = {English}, urldate = {2022-05-29} } "Cracking Open the Malware Piñata" Series: Intro to Dynamic Analysis with RedLineStealer
RedLine Stealer