Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-25Medium (Cryptax)Axelle Apvrille
@online{apvrille:20220125:bianlian:016e450, author = {Axelle Apvrille}, title = {{BianLian C&C domain name}}, date = {2022-01-25}, organization = {Medium (Cryptax)}, url = {https://cryptax.medium.com/bianlian-c-c-domain-name-4f226a29e221}, language = {English}, urldate = {2022-08-15} } BianLian C&C domain name
BianLian Hydra
2022-01-21Medium (Cryptax)Axelle Apvrille
@online{apvrille:20220121:creating:9e6e3cf, author = {Axelle Apvrille}, title = {{Creating a safe dummy C&C to test Android bots}}, date = {2022-01-21}, organization = {Medium (Cryptax)}, url = {https://cryptax.medium.com/creating-a-safe-dummy-c-c-to-test-android-bots-ffa6e7a3dce5}, language = {English}, urldate = {2022-08-15} } Creating a safe dummy C&C to test Android bots
BianLian Hydra
2022-01-18Medium (Scarlet Shark)Scarlet Shark
@online{shark:20220118:perswaysion:df80644, author = {Scarlet Shark}, title = {{PerSwaysion Threat Actor Updates Their Techniques and Infrastructure}}, date = {2022-01-18}, organization = {Medium (Scarlet Shark)}, url = {https://blog.scarletshark.com/perswaysion-threat-actor-updates-their-techniques-and-infrastructure-e9465157a653}, language = {English}, urldate = {2022-01-24} } PerSwaysion Threat Actor Updates Their Techniques and Infrastructure
2022-01-17Medium (Cryptax)Axelle Apvrille
@online{apvrille:20220117:androidbianlian:f425de5, author = {Axelle Apvrille}, title = {{Android/BianLian payload}}, date = {2022-01-17}, organization = {Medium (Cryptax)}, url = {https://cryptax.medium.com/android-bianlian-payload-61febabed00a}, language = {English}, urldate = {2022-08-15} } Android/BianLian payload
BianLian Hydra
2022-01-14Medium (Cryptax)Axelle Apvrille
@online{apvrille:20220114:multidex:eaa6c6b, author = {Axelle Apvrille}, title = {{Multidex trick to unpack Android/BianLian}}, date = {2022-01-14}, organization = {Medium (Cryptax)}, url = {https://cryptax.medium.com/multidex-trick-to-unpack-android-bianlian-ed52eb791e56}, language = {English}, urldate = {2022-03-30} } Multidex trick to unpack Android/BianLian
BianLian
2022-01-11Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220111:signed:0f32583, author = {Jason Reaves and Joshua Platt}, title = {{Signed DLL campaigns as a service}}, date = {2022-01-11}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/signed-dll-campaigns-as-a-service-7760ac676489}, language = {English}, urldate = {2023-01-31} } Signed DLL campaigns as a service
BATLOADER Cobalt Strike ISFB Zloader
2022-01-02Medium amgedwagehAmged Wageh
@online{wageh:20220102:automating:90d5701, author = {Amged Wageh}, title = {{Automating The Analysis Of An AutoIT Script That Wraps A Remcos RAT}}, date = {2022-01-02}, organization = {Medium amgedwageh}, url = {https://medium.com/@amgedwageh/analysis-of-an-autoit-script-that-wraps-a-remcos-rat-6b5b66075b87}, language = {English}, urldate = {2022-01-25} } Automating The Analysis Of An AutoIT Script That Wraps A Remcos RAT
Remcos
2021-12-31victory mediumZach Edwards
@online{edwards:20211231:compromised:3ee8044, author = {Zach Edwards}, title = {{Compromised Godaddy Infrastructure Attacking Numerous U.S. Government Websites to Promote “Canadian Pharmacy” Scam Websites}}, date = {2021-12-31}, organization = {victory medium}, url = {https://victorymedium.com/godaddy-global-issues-canadian-pharmacy-injections/}, language = {English}, urldate = {2022-01-25} } Compromised Godaddy Infrastructure Attacking Numerous U.S. Government Websites to Promote “Canadian Pharmacy” Scam Websites
2021-12-28Medium CrovaxCrovax
@online{crovax:20211228:extracting:cd05925, author = {Crovax}, title = {{Extracting Hancitor’s Configuration with Ghidra part 1}}, date = {2021-12-28}, organization = {Medium Crovax}, url = {https://medium.com/@crovax/extracting-hancitors-configuration-with-ghidra-7963900494b5}, language = {English}, urldate = {2022-01-25} } Extracting Hancitor’s Configuration with Ghidra part 1
Hancitor
2021-12-14Medium s2wlabS2W TALON
@online{talon:20211214:logs:198ffe4, author = {S2W TALON}, title = {{Logs of Log4shell (CVE-2021-44228): log4j is ubiquitous}}, date = {2021-12-14}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/logs-of-log4shell-cve-2021-44228-log4j-is-ubiquitous-en-809064312039}, language = {English}, urldate = {2022-01-05} } Logs of Log4shell (CVE-2021-44228): log4j is ubiquitous
Kinsing Mirai Tsunami
2021-12-10Medium s2wlabS2W TALON
@online{talon:20211210:blackcat:2ec3ecf, author = {S2W TALON}, title = {{BlackCat: New Rust based ransomware borrowing BlackMatter’s configuration}}, date = {2021-12-10}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/blackcat-new-rust-based-ransomware-borrowing-blackmatters-configuration-31c8d330a809}, language = {English}, urldate = {2022-01-06} } BlackCat: New Rust based ransomware borrowing BlackMatter’s configuration
BlackCat BlackMatter
2021-11-30Medium nusenunusenu
@online{nusenu:20211130:is:99e6cf1, author = {nusenu}, title = {{Is "KAX17" performing de-anonymization Attacks against Tor Users?}}, date = {2021-11-30}, organization = {Medium nusenu}, url = {https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8}, language = {English}, urldate = {2021-12-06} } Is "KAX17" performing de-anonymization Attacks against Tor Users?
2021-11-19insomniacs(Medium)Asuna Amawaka
@online{amawaka:20211119:its:bd24ebf, author = {Asuna Amawaka}, title = {{It’s a BEE! It’s a… no, it’s ShadowPad.}}, date = {2021-11-19}, organization = {insomniacs(Medium)}, url = {https://medium.com/insomniacs/its-a-bee-it-s-a-no-it-s-shadowpad-aff6a970a1c2}, language = {English}, urldate = {2021-11-25} } It’s a BEE! It’s a… no, it’s ShadowPad.
ShadowPad
2021-11-18Medium 0xchinaHamad Alnakal
@online{alnakal:20211118:malware:a0b177d, author = {Hamad Alnakal}, title = {{Malware reverse engineering (Ryuk Ransomware)}}, date = {2021-11-18}, organization = {Medium 0xchina}, url = {https://0xchina.medium.com/malware-reverse-engineering-31039450af27}, language = {English}, urldate = {2021-11-19} } Malware reverse engineering (Ryuk Ransomware)
Ryuk
2021-11-17Medium ThreatMinerThreatMiner
@online{threatminer:20211117:android:e542c71, author = {ThreatMiner}, title = {{Android Trojan Targeting Korean Demographic using GitHub for C2}}, date = {2021-11-17}, organization = {Medium ThreatMiner}, url = {https://medium.com/@ThreatMiner/android-trojan-targeting-korean-demographic-using-github-for-c2-8219fc39f749}, language = {English}, urldate = {2021-11-19} } Android Trojan Targeting Korean Demographic using GitHub for C2
Unidentified APK 006
2021-10-29Medium LuatixJulien Richard
@online{richard:20211029:opencti:4edb701, author = {Julien Richard}, title = {{OpenCTI data sharing}}, date = {2021-10-29}, organization = {Medium Luatix}, url = {https://medium.com/luatix/opencti-data-sharing-6da7dc045d14}, language = {English}, urldate = {2021-11-25} } OpenCTI data sharing
2021-10-22Medium JangJang
@online{jang:20211022:50:28a6ec4, author = {Jang}, title = {{50 Shades of SolarWinds Orion Deserialization (Part 1: CVE-2021–35215)}}, date = {2021-10-22}, organization = {Medium Jang}, url = {https://testbnull.medium.com/50-shades-of-solarwinds-orion-deserialization-part-1-cve-2021-35215-2e5764e0e4f2}, language = {English}, urldate = {2021-10-26} } 50 Shades of SolarWinds Orion Deserialization (Part 1: CVE-2021–35215)
2021-10-20Medium ThreatMinerThreatMiner
@online{threatminer:20211020:tm:f691bf6, author = {ThreatMiner}, title = {{TM Follow-Up (TAG_APT35_14/10/21)}}, date = {2021-10-20}, organization = {Medium ThreatMiner}, url = {https://medium.com/@ThreatMiner/tm-follow-up-tag-apt35-14-10-21-72134fab9aea}, language = {English}, urldate = {2021-11-19} } TM Follow-Up (TAG_APT35_14/10/21)
2021-10-18Medium ConfiantTaha Karim
@online{karim:20211018:profiling:5e4f3a5, author = {Taha Karim}, title = {{Profiling hackers using the Malvertising Attack Matrix by Confiant}}, date = {2021-10-18}, organization = {Medium Confiant}, url = {https://blog.confiant.com/profiling-hackers-using-the-malvertising-attack-matrix-by-confiant-9341838887b7}, language = {English}, urldate = {2021-10-26} } Profiling hackers using the Malvertising Attack Matrix by Confiant
2021-10-14Medium walmartglobaltechJason Reaves
@online{reaves:20211014:investigation:29ef29c, author = {Jason Reaves}, title = {{Investigation into the state of NIM malware Part 2}}, date = {2021-10-14}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/investigation-into-the-state-of-nim-malware-part-2-a28bffffa671}, language = {English}, urldate = {2021-12-15} } Investigation into the state of NIM malware Part 2
Cobalt Strike NimGrabber Nimrev Unidentified 088 (Nim Ransomware)