Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-30360 netlabAlex.Turing, Hui Wang
@online{alexturing:20211130:ewdoor:aa6e76e, author = {Alex.Turing and Hui Wang}, title = {{EwDoor Botnet Is Attacking AT&T Customers}}, date = {2021-11-30}, organization = {360 netlab}, url = {https://blog.netlab.360.com/warning-ewdoor-botnet-is-attacking-att-customers/}, language = {English}, urldate = {2021-12-07} } EwDoor Botnet Is Attacking AT&T Customers
EwDoor
2021-11-29CrowdStrikeFalcon OverWatch Team
@online{team:20211129:nowhere:e0fedba, author = {Falcon OverWatch Team}, title = {{Nowhere to Hide: Detecting SILENT CHOLLIMA’s Custom Tooling}}, date = {2021-11-29}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-falcon-overwatch-detected-silent-chollima-custom-tooling/}, language = {English}, urldate = {2021-12-01} } Nowhere to Hide: Detecting SILENT CHOLLIMA’s Custom Tooling
2021-11-24safebreachTomer Bar
@online{bar:20211124:new:3fc1309, author = {Tomer Bar}, title = {{New PowerShortShell Stealer Exploits Recent Microsoft MSHTML Vulnerability to Spy on Farsi Speakers}}, date = {2021-11-24}, organization = {safebreach}, url = {https://www.safebreach.com/blog/2021/new-powershortshell-stealer-exploits-recent-microsoft-mshtml-vulnerability-to-spy-on-farsi-speakers/}, language = {English}, urldate = {2021-11-29} } New PowerShortShell Stealer Exploits Recent Microsoft MSHTML Vulnerability to Spy on Farsi Speakers
PowerShortShell
2021-11-19Twitter (@knight0x07)neeraj
@online{neeraj:20211119:exmatter:c7d7d45, author = {neeraj}, title = {{Tweet on Exmatter, custom data exfiltration tool, used by Blackmatter ransomware group}}, date = {2021-11-19}, organization = {Twitter (@knight0x07)}, url = {https://twitter.com/knight0x07/status/1461787168037240834?s=20}, language = {English}, urldate = {2021-11-29} } Tweet on Exmatter, custom data exfiltration tool, used by Blackmatter ransomware group
ExMatter
2021-11-16BlackberryT.J. O'Leary, Tom Bonner, Marta Janus, Dean Given, Eoin Wickens, Jim Simpson
@techreport{oleary:20211116:finding:e8594dd, author = {T.J. O'Leary and Tom Bonner and Marta Janus and Dean Given and Eoin Wickens and Jim Simpson}, title = {{Finding Beacons in the dark}}, date = {2021-11-16}, institution = {Blackberry}, url = {https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/bb-ebook-finding-beacons-in-the-dark.pdf}, language = {English}, urldate = {2021-11-18} } Finding Beacons in the dark
Cobalt Strike
2021-11-16Intel 471Intel 471
@online{471:20211116:how:dfdf383, author = {Intel 471}, title = {{How cryptomixers allow cybercriminals to clean their ransoms}}, date = {2021-11-16}, organization = {Intel 471}, url = {https://intel471.com/blog/cryptomixers-ransomware}, language = {English}, urldate = {2021-11-18} } How cryptomixers allow cybercriminals to clean their ransoms
2021-11-13YouTube (AGDC Services)AGDC Services
@online{services:20211113:automate:487e01f, author = {AGDC Services}, title = {{Automate Qbot Malware String Decryption With Ghidra Script}}, date = {2021-11-13}, organization = {YouTube (AGDC Services)}, url = {https://www.youtube.com/watch?v=4I0LF8Vm7SI}, language = {English}, urldate = {2021-11-19} } Automate Qbot Malware String Decryption With Ghidra Script
QakBot
2021-11-12360 netlabAlex.Turing, Hui Wang, YANG XU
@online{alexturing:20211112:malware:70f965d, author = {Alex.Turing and Hui Wang and YANG XU}, title = {{Malware uses namesilo Parking pages and Google's custom pages to spread}}, date = {2021-11-12}, organization = {360 netlab}, url = {https://blog.netlab.360.com/zhatuniubility-malware-uses-namesilo-parking-pages-and-googles-custom-pages-to-spread/}, language = {English}, urldate = {2021-11-17} } Malware uses namesilo Parking pages and Google's custom pages to spread
2021-11-11vmwareJason Zhang, Stefano Ortolani, Giovanni Vigna, Threat Analysis Unit
@online{zhang:20211111:research:b254ed6, author = {Jason Zhang and Stefano Ortolani and Giovanni Vigna and Threat Analysis Unit}, title = {{Research Recap: How To Automate Malware Campaign Detection With Telemetry Peak Analyzer}}, date = {2021-11-11}, organization = {vmware}, url = {https://blogs.vmware.com/security/2021/11/telemetry-peak-analyzer-an-automatic-malware-campaign-detector.html}, language = {English}, urldate = {2022-03-22} } Research Recap: How To Automate Malware Campaign Detection With Telemetry Peak Analyzer
Phorpiex QakBot
2021-11-10CrowdStrikeAntonio Parata
@online{parata:20211110:ploutus:7b4ca7b, author = {Antonio Parata}, title = {{Ploutus ATM Malware Case Study: Automated Deobfuscation of a Strongly Obfuscated .NET Binary}}, date = {2021-11-10}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/ploutus-atm-malware-deobfuscation-case-study}, language = {English}, urldate = {2021-11-17} } Ploutus ATM Malware Case Study: Automated Deobfuscation of a Strongly Obfuscated .NET Binary
Ploutus ATM
2021-11-09Trend MicroTrend Micro Research
@online{research:20211109:compromised:47958cb, author = {Trend Micro Research}, title = {{Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT}}, date = {2021-11-09}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/k/compromised-docker-hub-accounts-abused-for-cryptomining-linked-t.html}, language = {English}, urldate = {2021-11-25} } Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT
2021-10-27Avast DecodedAvast
@online{avast:20211027:avast:6b44ea1, author = {Avast}, title = {{Avast releases decryptor for AtomSilo and LockFile ransomware}}, date = {2021-10-27}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatintel/decryptor-for-atomsilo-and-lockfile-ransomware/}, language = {English}, urldate = {2021-11-08} } Avast releases decryptor for AtomSilo and LockFile ransomware
ATOMSILO LockFile
2021-10-24MicrosoftTom Burt
@online{burt:20211024:new:3afd953, author = {Tom Burt}, title = {{New activity from Russian actor Nobelium}}, date = {2021-10-24}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2021/10/24/new-activity-from-russian-actor-nobelium/?ocid=usoc_TWITTER_M365_spl100002625922692}, language = {English}, urldate = {2021-11-02} } New activity from Russian actor Nobelium
2021-10-15ZscalerRajdeepsinh Dodia
@online{dodia:20211015:atomsilo:81b4ff1, author = {Rajdeepsinh Dodia}, title = {{AtomSilo Ransomware Enters the League of Double Extortion}}, date = {2021-10-15}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/atomsilo-ransomware-enters-league-double-extortion}, language = {English}, urldate = {2021-11-03} } AtomSilo Ransomware Enters the League of Double Extortion
ATOMSILO
2021-10-13Chuongdong blogChuong Dong
@online{dong:20211013:atomsilo:d3abf78, author = {Chuong Dong}, title = {{AtomSilo Ransomware}}, date = {2021-10-13}, organization = {Chuongdong blog}, url = {https://chuongdong.com/reverse%20engineering/2021/10/13/AtomSiloRansomware/}, language = {English}, urldate = {2022-01-25} } AtomSilo Ransomware
ATOMSILO
2021-10-13Chuongdong blogChuong Dong
@online{dong:20211013:atomsilo:9d4ce80, author = {Chuong Dong}, title = {{AtomSilo Ransomware}}, date = {2021-10-13}, organization = {Chuongdong blog}, url = {https://chuongdong.com//reverse%20engineering/2021/10/13/AtomSiloRansomware/}, language = {English}, urldate = {2022-02-02} } AtomSilo Ransomware
ATOMSILO
2021-10-07MicrosoftTom Burt
@online{burt:20211007:russian:eab9ca4, author = {Tom Burt}, title = {{Russian cyberattacks pose greater risk to governments and other insights from our annual report}}, date = {2021-10-07}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2021/10/07/digital-defense-report-2021/}, language = {English}, urldate = {2022-04-15} } Russian cyberattacks pose greater risk to governments and other insights from our annual report
2021-10-06CybereasonTom Fakterman, Daniel Frank, Chen Erlich, Assaf Dahan
@online{fakterman:20211006:operation:9a1ec21, author = {Tom Fakterman and Daniel Frank and Chen Erlich and Assaf Dahan}, title = {{Operation GhostShell: Novel RAT Targets Global Aerospace and Telecoms Firms}}, date = {2021-10-06}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-ghostshell-novel-rat-targets-global-aerospace-and-telecoms-firms}, language = {English}, urldate = {2021-10-24} } Operation GhostShell: Novel RAT Targets Global Aerospace and Telecoms Firms
ShellClient RAT
2021-10-04JPCERT/CCShusei Tomonaga
@online{tomonaga:20211004:malware:5ba808a, author = {Shusei Tomonaga}, title = {{Malware Gh0stTimes Used by BlackTech}}, date = {2021-10-04}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2021/10/gh0sttimes.html}, language = {English}, urldate = {2021-10-11} } Malware Gh0stTimes Used by BlackTech
Gh0stTimes Ghost RAT
2021-10-04SophosSean Gallagher, Vikas Singh, Krisztián Diriczi, Kajal Katiyar, Chaitanya Ghorpade, Rahil Shah
@online{gallagher:20211004:atom:782b979, author = {Sean Gallagher and Vikas Singh and Krisztián Diriczi and Kajal Katiyar and Chaitanya Ghorpade and Rahil Shah}, title = {{Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack}}, date = {2021-10-04}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/10/04/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack/}, language = {English}, urldate = {2021-10-11} } Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack
ATOMSILO Cobalt Strike