Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022Toli SecurityTolisec
@online{tolisec:2022:cryptomining:f2f3380, author = {Tolisec}, title = {{Cryptomining botnet exploiting exposed Docker API}}, date = {2022}, organization = {Toli Security}, url = {https://tolisec.com/cryptomining-botnet-exploiting-exposed-docker-api/}, language = {English}, urldate = {2022-04-15} } Cryptomining botnet exploiting exposed Docker API
2021-12-29AquaNitzan Yaakov
@online{yaakov:20211229:threat:358d40a, author = {Nitzan Yaakov}, title = {{Threat Alert: Evolving Attack Techniques of Autom Cryptomining Campaign}}, date = {2021-12-29}, organization = {Aqua}, url = {https://blog.aquasec.com/attack-techniques-autom-cryptomining-campaign}, language = {English}, urldate = {2021-12-31} } Threat Alert: Evolving Attack Techniques of Autom Cryptomining Campaign
2021-12-12SophosSean Gallagher
@online{gallagher:20211212:log4shell:0609a1c, author = {Sean Gallagher}, title = {{Log4Shell Hell: anatomy of an exploit outbreak}}, date = {2021-12-12}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/12/12/log4shell-hell-anatomy-of-an-exploit-outbreak/}, language = {English}, urldate = {2021-12-31} } Log4Shell Hell: anatomy of an exploit outbreak
2021-12-06MicrosoftTom Burt
@online{burt:20211206:protecting:1e30e3d, author = {Tom Burt}, title = {{Protecting people from recent cyberattacks}}, date = {2021-12-06}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2021/12/06/cyberattacks-nickel-dcu-china/}, language = {English}, urldate = {2021-12-08} } Protecting people from recent cyberattacks
2021-12-02MicrosoftMicrosoft Threat Experts
@online{experts:20211202:structured:74127b2, author = {Microsoft Threat Experts}, title = {{Structured threat hunting: One way Microsoft Threat Experts prioritizes customer defense}}, date = {2021-12-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/12/02/structured-threat-hunting-one-way-microsoft-threat-experts-prioritizes-customer-defense/}, language = {English}, urldate = {2021-12-06} } Structured threat hunting: One way Microsoft Threat Experts prioritizes customer defense
2021-11-30360 netlabAlex.Turing, Hui Wang
@online{alexturing:20211130:ewdoor:aa6e76e, author = {Alex.Turing and Hui Wang}, title = {{EwDoor Botnet Is Attacking AT&T Customers}}, date = {2021-11-30}, organization = {360 netlab}, url = {https://blog.netlab.360.com/warning-ewdoor-botnet-is-attacking-att-customers/}, language = {English}, urldate = {2021-12-07} } EwDoor Botnet Is Attacking AT&T Customers
EwDoor
2021-11-29CrowdStrikeFalcon OverWatch Team
@online{team:20211129:nowhere:e0fedba, author = {Falcon OverWatch Team}, title = {{Nowhere to Hide: Detecting SILENT CHOLLIMA’s Custom Tooling}}, date = {2021-11-29}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-falcon-overwatch-detected-silent-chollima-custom-tooling/}, language = {English}, urldate = {2021-12-01} } Nowhere to Hide: Detecting SILENT CHOLLIMA’s Custom Tooling
2021-11-24safebreachTomer Bar
@online{bar:20211124:new:3fc1309, author = {Tomer Bar}, title = {{New PowerShortShell Stealer Exploits Recent Microsoft MSHTML Vulnerability to Spy on Farsi Speakers}}, date = {2021-11-24}, organization = {safebreach}, url = {https://www.safebreach.com/blog/2021/new-powershortshell-stealer-exploits-recent-microsoft-mshtml-vulnerability-to-spy-on-farsi-speakers/}, language = {English}, urldate = {2021-11-29} } New PowerShortShell Stealer Exploits Recent Microsoft MSHTML Vulnerability to Spy on Farsi Speakers
PowerShortShell
2021-11-19Twitter (@knight0x07)neeraj
@online{neeraj:20211119:exmatter:c7d7d45, author = {neeraj}, title = {{Tweet on Exmatter, custom data exfiltration tool, used by Blackmatter ransomware group}}, date = {2021-11-19}, organization = {Twitter (@knight0x07)}, url = {https://twitter.com/knight0x07/status/1461787168037240834?s=20}, language = {English}, urldate = {2021-11-29} } Tweet on Exmatter, custom data exfiltration tool, used by Blackmatter ransomware group
ExMatter
2021-11-16BlackberryT.J. O'Leary, Tom Bonner, Marta Janus, Dean Given, Eoin Wickens, Jim Simpson
@techreport{oleary:20211116:finding:e8594dd, author = {T.J. O'Leary and Tom Bonner and Marta Janus and Dean Given and Eoin Wickens and Jim Simpson}, title = {{Finding Beacons in the dark}}, date = {2021-11-16}, institution = {Blackberry}, url = {https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/bb-ebook-finding-beacons-in-the-dark.pdf}, language = {English}, urldate = {2021-11-18} } Finding Beacons in the dark
Cobalt Strike
2021-11-16Intel 471Intel 471
@online{471:20211116:how:dfdf383, author = {Intel 471}, title = {{How cryptomixers allow cybercriminals to clean their ransoms}}, date = {2021-11-16}, organization = {Intel 471}, url = {https://intel471.com/blog/cryptomixers-ransomware}, language = {English}, urldate = {2021-11-18} } How cryptomixers allow cybercriminals to clean their ransoms
2021-11-13YouTube (AGDC Services)AGDC Services
@online{services:20211113:automate:487e01f, author = {AGDC Services}, title = {{Automate Qbot Malware String Decryption With Ghidra Script}}, date = {2021-11-13}, organization = {YouTube (AGDC Services)}, url = {https://www.youtube.com/watch?v=4I0LF8Vm7SI}, language = {English}, urldate = {2021-11-19} } Automate Qbot Malware String Decryption With Ghidra Script
QakBot
2021-11-12360 netlabAlex.Turing, Hui Wang, YANG XU
@online{alexturing:20211112:malware:70f965d, author = {Alex.Turing and Hui Wang and YANG XU}, title = {{Malware uses namesilo Parking pages and Google's custom pages to spread}}, date = {2021-11-12}, organization = {360 netlab}, url = {https://blog.netlab.360.com/zhatuniubility-malware-uses-namesilo-parking-pages-and-googles-custom-pages-to-spread/}, language = {English}, urldate = {2021-11-17} } Malware uses namesilo Parking pages and Google's custom pages to spread
2021-11-11vmwareJason Zhang, Stefano Ortolani, Giovanni Vigna, Threat Analysis Unit
@online{zhang:20211111:research:b254ed6, author = {Jason Zhang and Stefano Ortolani and Giovanni Vigna and Threat Analysis Unit}, title = {{Research Recap: How To Automate Malware Campaign Detection With Telemetry Peak Analyzer}}, date = {2021-11-11}, organization = {vmware}, url = {https://blogs.vmware.com/security/2021/11/telemetry-peak-analyzer-an-automatic-malware-campaign-detector.html}, language = {English}, urldate = {2022-03-22} } Research Recap: How To Automate Malware Campaign Detection With Telemetry Peak Analyzer
Phorpiex QakBot
2021-11-10CrowdStrikeAntonio Parata
@online{parata:20211110:ploutus:7b4ca7b, author = {Antonio Parata}, title = {{Ploutus ATM Malware Case Study: Automated Deobfuscation of a Strongly Obfuscated .NET Binary}}, date = {2021-11-10}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/ploutus-atm-malware-deobfuscation-case-study}, language = {English}, urldate = {2021-11-17} } Ploutus ATM Malware Case Study: Automated Deobfuscation of a Strongly Obfuscated .NET Binary
Ploutus ATM
2021-11-09Trend MicroTrend Micro Research
@online{research:20211109:compromised:47958cb, author = {Trend Micro Research}, title = {{Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT}}, date = {2021-11-09}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/k/compromised-docker-hub-accounts-abused-for-cryptomining-linked-t.html}, language = {English}, urldate = {2021-11-25} } Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT
2021-10-27Avast DecodedAvast
@online{avast:20211027:avast:6b44ea1, author = {Avast}, title = {{Avast releases decryptor for AtomSilo and LockFile ransomware}}, date = {2021-10-27}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatintel/decryptor-for-atomsilo-and-lockfile-ransomware/}, language = {English}, urldate = {2021-11-08} } Avast releases decryptor for AtomSilo and LockFile ransomware
ATOMSILO LockFile
2021-10-24MicrosoftTom Burt
@online{burt:20211024:new:3afd953, author = {Tom Burt}, title = {{New activity from Russian actor Nobelium}}, date = {2021-10-24}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2021/10/24/new-activity-from-russian-actor-nobelium/?ocid=usoc_TWITTER_M365_spl100002625922692}, language = {English}, urldate = {2021-11-02} } New activity from Russian actor Nobelium
2021-10-15ZscalerRajdeepsinh Dodia
@online{dodia:20211015:atomsilo:81b4ff1, author = {Rajdeepsinh Dodia}, title = {{AtomSilo Ransomware Enters the League of Double Extortion}}, date = {2021-10-15}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/atomsilo-ransomware-enters-league-double-extortion}, language = {English}, urldate = {2021-11-03} } AtomSilo Ransomware Enters the League of Double Extortion
ATOMSILO
2021-10-13Chuongdong blogChuong Dong
@online{dong:20211013:atomsilo:9d4ce80, author = {Chuong Dong}, title = {{AtomSilo Ransomware}}, date = {2021-10-13}, organization = {Chuongdong blog}, url = {https://chuongdong.com//reverse%20engineering/2021/10/13/AtomSiloRansomware/}, language = {English}, urldate = {2022-02-02} } AtomSilo Ransomware
ATOMSILO