Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-01-06DomainToolsJoe Slowik
@online{slowik:20210106:holiday:6ef0c9d, author = {Joe Slowik}, title = {{Holiday Bazar: Tracking a TrickBot-Related Ransomware Incident}}, date = {2021-01-06}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/tracking-a-trickbot-related-ransomware-incident}, language = {English}, urldate = {2021-01-10} } Holiday Bazar: Tracking a TrickBot-Related Ransomware Incident
BazarBackdoor TrickBot
2021-01-04ProferoProfero, SecurityJoes
@techreport{profero:20210104:apt27:a281786, author = {Profero and SecurityJoes}, title = {{APT27 Turns to Ransomware}}, date = {2021-01-04}, institution = {Profero}, url = {https://shared-public-reports.s3-eu-west-1.amazonaws.com/APT27+turns+to+ransomware.pdf}, language = {English}, urldate = {2021-01-10} } APT27 Turns to Ransomware
Clambling
2021DomainToolsJoe Slowik
@techreport{slowik:2021:conceptualizing:3cdf067, author = {Joe Slowik}, title = {{Conceptualizing a Continuum of Cyber Threat Attribution}}, date = {2021}, institution = {DomainTools}, url = {https://www.domaintools.com/content/conceptualizing-a-continuum-of-cyber-threat-attribution.pdf}, language = {English}, urldate = {2021-11-02} } Conceptualizing a Continuum of Cyber Threat Attribution
CHINACHOPPER SUNBURST
2020-12-23Stranded on Pylos BlogJoe Slowik
@online{slowik:20201223:mindmap:3aad3e1, author = {Joe Slowik}, title = {{Mindmap on Russia-linked threat groups}}, date = {2020-12-23}, organization = {Stranded on Pylos Blog}, url = {https://pylos.co/wp-content/uploads/2020/12/wp-1608784569812.jpg}, language = {English}, urldate = {2020-12-26} } Mindmap on Russia-linked threat groups
2020-12-18DomainToolsJoe Slowik
@online{slowik:20201218:continuous:71ffa78, author = {Joe Slowik}, title = {{Continuous Eruption: Further Analysis of the SolarWinds Supply Chain Incident}}, date = {2020-12-18}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/continuous-eruption-further-analysis-of-the-solarwinds-supply-incident}, language = {English}, urldate = {2020-12-18} } Continuous Eruption: Further Analysis of the SolarWinds Supply Chain Incident
SUNBURST
2020-12-14DomainToolsJoe Slowik
@online{slowik:20201214:unraveling:d212099, author = {Joe Slowik}, title = {{Unraveling Network Infrastructure Linked to the SolarWinds Hack}}, date = {2020-12-14}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/unraveling-network-infrastructure-linked-to-the-solarwinds-hack}, language = {English}, urldate = {2020-12-15} } Unraveling Network Infrastructure Linked to the SolarWinds Hack
SUNBURST
2020-12-10Stranded on Pylos BlogJoe Slowik
@online{slowik:20201210:terrorism:2f0bd74, author = {Joe Slowik}, title = {{Terrorism or Information Operation?}}, date = {2020-12-10}, organization = {Stranded on Pylos Blog}, url = {https://pylos.co/2020/12/10/terrorism-or-information-operation/}, language = {English}, urldate = {2020-12-23} } Terrorism or Information Operation?
2020-12-08DomainToolsJoe Slowik
@online{slowik:20201208:identifying:0182ebe, author = {Joe Slowik}, title = {{Identifying Critical Infrastructure Targeting through Network Creation}}, date = {2020-12-08}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/identifying-critical-infrastructure-targeting-through-network-creation}, language = {English}, urldate = {2020-12-10} } Identifying Critical Infrastructure Targeting through Network Creation
2020-12-02DomainToolsJoe Slowik
@online{slowik:20201202:identifying:8ac64c3, author = {Joe Slowik}, title = {{Identifying Network Infrastructure Related to a World Health Organization Spoofing Campaign}}, date = {2020-12-02}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/identifying-network-infrastructure-related-to-a-who-spoofing-campaign}, language = {English}, urldate = {2020-12-08} } Identifying Network Infrastructure Related to a World Health Organization Spoofing Campaign
Azorult Glupteba
2020-11-20DomainToolsJoe Slowik, Black Lotus Labs, Lumen
@online{slowik:20201120:current:f9956c6, author = {Joe Slowik and Black Lotus Labs and Lumen}, title = {{Current Events to Widespread Campaigns: Pivoting from Samples to Identify Activity}}, date = {2020-11-20}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/current-events-to-widespread-campaigns-pivoting-from-samples-to-identify}, language = {English}, urldate = {2020-11-23} } Current Events to Widespread Campaigns: Pivoting from Samples to Identify Activity
2020-11-18DomainToolsJoe Slowik
@online{slowik:20201118:analyzing:abccd43, author = {Joe Slowik}, title = {{Analyzing Network Infrastructure as Composite Objects}}, date = {2020-11-18}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/analyzing-network-infrastructure-as-composite-objects}, language = {English}, urldate = {2020-11-19} } Analyzing Network Infrastructure as Composite Objects
Ryuk
2020-11-11DomainToolsJoe Slowik
@online{slowik:20201111:extrapolating:8998b55, author = {Joe Slowik}, title = {{Extrapolating Adversary Intent Through Infrastructure}}, date = {2020-11-11}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/extrapolating-adversary-intent-through-infrastructure}, language = {English}, urldate = {2020-11-19} } Extrapolating Adversary Intent Through Infrastructure
2020-11-04Stranded on Pylos BlogJoe Slowik
@online{slowik:20201104:enigmatic:c2d7b4e, author = {Joe Slowik}, title = {{The Enigmatic Energetic Bear}}, date = {2020-11-04}, organization = {Stranded on Pylos Blog}, url = {https://pylos.co/2020/11/04/the-enigmatic-energetic-bear/}, language = {English}, urldate = {2020-11-06} } The Enigmatic Energetic Bear
EternalPetya Havex RAT
2020-10-30ReutersRaphael Satter, Christopher Bing, Joel Schectman
@online{satter:20201030:russian:4fdafef, author = {Raphael Satter and Christopher Bing and Joel Schectman}, title = {{Russian hackers targeted California, Indiana Democratic parties}}, date = {2020-10-30}, organization = {Reuters}, url = {https://www.reuters.com/article/us-usa-election-cyber-russia-exclusive-idUSKBN27F1CP}, language = {English}, urldate = {2020-11-02} } Russian hackers targeted California, Indiana Democratic parties
2020-09-24MicrosoftBen Koehl, Joe Hannon
@online{koehl:20200924:microsoft:2df24ab, author = {Ben Koehl and Joe Hannon}, title = {{Microsoft Security—detecting empires in the cloud}}, date = {2020-09-24}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/}, language = {English}, urldate = {2023-05-24} } Microsoft Security—detecting empires in the cloud
2020-09-24Github (FortyNorthSecurity)Matt Grandy, Joe Leon
@techreport{grandy:20200924:offensive:8c9687e, author = {Matt Grandy and Joe Leon}, title = {{Offensive Maldocs in 2020}}, date = {2020-09-24}, institution = {Github (FortyNorthSecurity)}, url = {https://github.com/FortyNorthSecurity/Presentations/blob/master/Offensive%20Maldocs%20in%202020.pdf}, language = {English}, urldate = {2020-09-25} } Offensive Maldocs in 2020
2020-09-24MicrosoftBen Koehl, Joe Hannon, Microsoft Identity Security Team
@online{koehl:20200924:microsoft:adbe527, author = {Ben Koehl and Joe Hannon and Microsoft Identity Security Team}, title = {{Microsoft Security—detecting empires in the cloud}}, date = {2020-09-24}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/}, language = {English}, urldate = {2020-09-24} } Microsoft Security—detecting empires in the cloud
CACTUSTORCH LazyCat APT40
2020-09-23Stranded on Pylos BlogJoe Slowik
@online{slowik:20200923:understanding:47cffee, author = {Joe Slowik}, title = {{Understanding Uncertainty while Undermining Democracy}}, date = {2020-09-23}, organization = {Stranded on Pylos Blog}, url = {https://pylos.co/2020/09/23/understanding-uncertainty-while-undermining-democracy/}, language = {English}, urldate = {2020-09-24} } Understanding Uncertainty while Undermining Democracy
2020-09-21Cisco TalosNick Mavis, Joe Marshall, JON MUNSHAW
@techreport{mavis:20200921:art:d9702a4, author = {Nick Mavis and Joe Marshall and JON MUNSHAW}, title = {{The art and science of detecting Cobalt Strike}}, date = {2020-09-21}, institution = {Cisco Talos}, url = {https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf}, language = {English}, urldate = {2020-09-23} } The art and science of detecting Cobalt Strike
Cobalt Strike
2020-09-17Joe Security's BlogJoe Security
@online{security:20200917:guloaders:fe9ed59, author = {Joe Security}, title = {{GuLoader's VM-Exit Instruction Hammering explained}}, date = {2020-09-17}, organization = {Joe Security's Blog}, url = {https://www.joesecurity.org/blog/3535317197858305930}, language = {English}, urldate = {2021-01-10} } GuLoader's VM-Exit Instruction Hammering explained
CloudEyE