Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-25Trend MicroArianne Dela Cruz, Byron Gelera, McJustine De Guzman, Warren Sto.Tomas
@online{cruz:20220525:new:43d8257, author = {Arianne Dela Cruz and Byron Gelera and McJustine De Guzman and Warren Sto.Tomas}, title = {{New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices}}, date = {2022-05-25}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/e/new-linux-based-ransomware-cheerscrypt-targets-exsi-devices.html}, language = {English}, urldate = {2022-05-29} } New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices
2022-05-16Malwarebytes LabsThreat Intelligence Team
@online{team:20220516:custom:5fe917a, author = {Threat Intelligence Team}, title = {{Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis}}, date = {2022-05-16}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/05/custom-powershell-rat-targets-germans-seeking-information-about-the-ukraine-crisis/}, language = {English}, urldate = {2022-05-17} } Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis
Unidentified PS 003 (RAT)
2022-05-16JPCERT/CCShusei Tomonaga
@online{tomonaga:20220516:analysis:b1c8089, author = {Shusei Tomonaga}, title = {{Analysis of HUI Loader}}, date = {2022-05-16}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/ja/2022/05/HUILoader.html}, language = {English}, urldate = {2022-05-17} } Analysis of HUI Loader
HUI Loader PlugX Poison Ivy Quasar RAT
2022-05-07YouTube (botconf eu)Daniel Lunghi, Jaromír Hořejší
@online{lunghi:20220507:operation:749c341, author = {Daniel Lunghi and Jaromír Hořejší}, title = {{Operation Gamblingpuppet: Analysis Of A Multiplatform Campaign Targeting Online Gambling Customers}}, date = {2022-05-07}, organization = {YouTube (botconf eu)}, url = {https://www.youtube.com/watch?v=QXGO4RJaUPQ}, language = {English}, urldate = {2022-07-25} } Operation Gamblingpuppet: Analysis Of A Multiplatform Campaign Targeting Online Gambling Customers
Earth Berberoka
2022-05-04CybereasonChen Erlich, Fusao Tanida, Ofir Ozer, Akihiro Tomita, Niv Yona, Daniel Frank, Assaf Dahan
@online{erlich:20220504:operation:0d23595, author = {Chen Erlich and Fusao Tanida and Ofir Ozer and Akihiro Tomita and Niv Yona and Daniel Frank and Assaf Dahan}, title = {{Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques}}, date = {2022-05-04}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-cuckoobees-deep-dive-into-stealthy-winnti-techniques}, language = {English}, urldate = {2022-05-09} } Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques
PRIVATELOG Spyder STASHLOG Winnti
2022-05-04HPPatrick Schläpfer
@online{schlpfer:20220504:tips:f12f7ba, author = {Patrick Schläpfer}, title = {{Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware}}, date = {2022-05-04}, organization = {HP}, url = {https://threatresearch.ext.hp.com/tips-for-automating-ioc-extraction-from-gootloader-a-changing-javascript-malware/}, language = {English}, urldate = {2022-05-05} } Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware
GootLoader
2022-05-04CybereasonChen Erlich, Fusao Tanida, Ofir Ozer, Akihiro Tomita, Niv Yona, Daniel Frank, Assaf Dahan
@online{erlich:20220504:operation:e40ec58, author = {Chen Erlich and Fusao Tanida and Ofir Ozer and Akihiro Tomita and Niv Yona and Daniel Frank and Assaf Dahan}, title = {{Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive}}, date = {2022-05-04}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive}, language = {English}, urldate = {2022-05-05} } Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive
PRIVATELOG Spyder STASHLOG Winnti
2022-05-03Cluster25Cluster25
@online{cluster25:20220503:strange:1481afa, author = {Cluster25}, title = {{The Strange Link Between A Destructive Malware And A Ransomware-Gang Linked Custom Loader: IsaacWiper Vs Vatet}}, date = {2022-05-03}, organization = {Cluster25}, url = {https://cluster25.io/2022/05/03/a-strange-link-between-a-destructive-malware-and-the-loader-of-a-ransomware-group-isaacwiper-vs-vatet/}, language = {English}, urldate = {2022-05-04} } The Strange Link Between A Destructive Malware And A Ransomware-Gang Linked Custom Loader: IsaacWiper Vs Vatet
Cobalt Strike IsaacWiper PyXie
2022-04-27ZscalerDennis Schwarz, Brett Stone-Gross
@online{schwarz:20220427:targeted:7d4de4a, author = {Dennis Schwarz and Brett Stone-Gross}, title = {{Targeted attack on Thailand Pass customers delivers AsyncRAT}}, date = {2022-04-27}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/targeted-attack-thailand-pass-customers-delivers-asyncrat}, language = {English}, urldate = {2022-05-03} } Targeted attack on Thailand Pass customers delivers AsyncRAT
AsyncRAT
2022-04-21CrowdStrikeManoj Ahuje
@online{ahuje:20220421:lemonduck:6b61d01, author = {Manoj Ahuje}, title = {{LemonDuck Targets Docker for Cryptomining Operations}}, date = {2022-04-21}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/lemonduck-botnet-targets-docker-for-cryptomining-operations/}, language = {English}, urldate = {2022-04-24} } LemonDuck Targets Docker for Cryptomining Operations
Lemon Duck
2022-04-14Bleeping ComputerBill Toulas
@online{toulas:20220414:new:049e894, author = {Bill Toulas}, title = {{New ZingoStealer infostealer drops more malware, cryptominers}}, date = {2022-04-14}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/new-zingostealer-infostealer-drops-more-malware-cryptominers/}, language = {English}, urldate = {2022-04-15} } New ZingoStealer infostealer drops more malware, cryptominers
2022-04-13ESET ResearchJean-Ian Boutin, Tomáš Procházka
@online{boutin:20220413:eset:7463437, author = {Jean-Ian Boutin and Tomáš Procházka}, title = {{ESET takes part in global operation to disrupt Zloader botnets}}, date = {2022-04-13}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/04/13/eset-takes-part-global-operation-disrupt-zloader-botnets/}, language = {English}, urldate = {2022-04-14} } ESET takes part in global operation to disrupt Zloader botnets
Cobalt Strike Zloader
2022-04-07MicrosoftTom Burt
@online{burt:20220407:disrupting:8f3a3d9, author = {Tom Burt}, title = {{Disrupting cyberattacks targeting Ukraine (APT28)}}, date = {2022-04-07}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2022/04/07/cyberattacks-ukraine-strontium-russia/}, language = {English}, urldate = {2022-04-12} } Disrupting cyberattacks targeting Ukraine (APT28)
2022-04-06AbnormalAbnormal Security
@online{security:20220406:tax:c34a522, author = {Abnormal Security}, title = {{Tax Return Customer Campaign Attempts to Infect Victims with Sorillus RAT}}, date = {2022-04-06}, organization = {Abnormal}, url = {https://abnormalsecurity.com/blog/tax-customers-sorillus-rat}, language = {English}, urldate = {2022-08-02} } Tax Return Customer Campaign Attempts to Infect Victims with Sorillus RAT
Sorillus RAT
2022-03-24Sentinel LABSTom Hegel
@online{hegel:20220324:chinese:d541fb8, author = {Tom Hegel}, title = {{Chinese Threat Actor Scarab Targeting Ukraine}}, date = {2022-03-24}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/chinese-threat-actor-scarab-targeting-ukraine/}, language = {English}, urldate = {2022-03-25} } Chinese Threat Actor Scarab Targeting Ukraine
HeaderTip Scieron
2022-03-24Sentinel LABSTom Hegel
@online{hegel:20220324:chinese:39b373a, author = {Tom Hegel}, title = {{Chinese Threat Actor Scarab Targeting Ukraine}}, date = {2022-03-24}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/chinese-threat-actor-scarab-targeting-ukraine}, language = {English}, urldate = {2022-03-29} } Chinese Threat Actor Scarab Targeting Ukraine
Scieron Scarab
2022-03-21Azure DevOps (Mastadamus)Mastadamus
@online{mastadamus:20220321:anatomy:5e52c7b, author = {Mastadamus}, title = {{Anatomy of An Mirai Botnet Attack}}, date = {2022-03-21}, organization = {Azure DevOps (Mastadamus)}, url = {https://dev.azure.com/Mastadamus/Mirai%20Botnet%20Analysis/_wiki/wikis/Mirai-Botnet-Analysis.wiki/12/Anatomy-of-An-Mirai-Botnet-Attack}, language = {English}, urldate = {2022-03-22} } Anatomy of An Mirai Botnet Attack
Mirai
2022-03-21The DFIR ReportThe DFIR Report
@online{report:20220321:apt35:9f4291d, author = {The DFIR Report}, title = {{APT35 Automates Initial Access Using ProxyShell}}, date = {2022-03-21}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2022/03/21/apt35-automates-initial-access-using-proxyshell/}, language = {English}, urldate = {2022-03-22} } APT35 Automates Initial Access Using ProxyShell
2022-03-17CISAUS-CERT
@techreport{uscert:20220317:alert:5cbab55, author = {US-CERT}, title = {{Alert (AA22-076A) Strengthening Cybersecurity of SATCOM Network Providers and Customers}}, date = {2022-03-17}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-076_Strengthening_Cybersecurity_of_SATCOM_Network_Providers_and_Customers.pdf}, language = {English}, urldate = {2022-04-07} } Alert (AA22-076A) Strengthening Cybersecurity of SATCOM Network Providers and Customers
2022-03-15JPCERT/CCShusei Tomonaga
@online{tomonaga:20220315:antiupx:f8c6f2f, author = {Shusei Tomonaga}, title = {{Anti-UPX Unpacking Technique}}, date = {2022-03-15}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2022/03/anti_upx_unpack.html}, language = {English}, urldate = {2022-03-28} } Anti-UPX Unpacking Technique
Mirai