Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-12-05ProofpointGreg Lesnewich, Crista Giering, Proofpoint Threat Research Team
@online{lesnewich:20231205:ta422s:a757704, author = {Greg Lesnewich and Crista Giering and Proofpoint Threat Research Team}, title = {{TA422’s Dedicated Exploitation Loop—the Same Week After Week}}, date = {2023-12-05}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/ta422s-dedicated-exploitation-loop-same-week-after-week}, language = {English}, urldate = {2023-12-05} } TA422’s Dedicated Exploitation Loop—the Same Week After Week
2023-12-04The RecordJonathan Greig
@online{greig:20231204:florida:d5fca3c, author = {Jonathan Greig}, title = {{Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks}}, date = {2023-12-04}, organization = {The Record}, url = {https://therecord.media/florida-water-agency-ransomware-cisa-warning-utilities}, language = {English}, urldate = {2023-12-05} } Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks
2023-12-04The DFIR ReportThe DFIR Report
@online{report:20231204:sql:6f613e5, author = {The DFIR Report}, title = {{SQL Brute Force leads to Bluesky Ransomware}}, date = {2023-12-04}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware/}, language = {English}, urldate = {2023-12-04} } SQL Brute Force leads to Bluesky Ransomware
BlueSky Cobalt Strike
2023-12-04Cado SecurityMatt Muir
@online{muir:20231204:p2pinfect:9bec92b, author = {Matt Muir}, title = {{P2Pinfect - New Variant Targets MIPS Devices}}, date = {2023-12-04}, organization = {Cado Security}, url = {https://www.cadosecurity.com/p2pinfect-new-variant-targets-mips-devices/}, language = {English}, urldate = {2023-12-05} } P2Pinfect - New Variant Targets MIPS Devices
2023-12-03Twitter (@vxunderground)VX-Underground
@online{vxunderground:20231203:about:e15f416, author = {VX-Underground}, title = {{Tweet about ALPHV group compromising Tipalti to pressure its clients.}}, date = {2023-12-03}, organization = {Twitter (@vxunderground)}, url = {https://x.com/vxunderground/status/1731138180672344095?t=reBMQQFFMGQ_zkV8KmL_LA&s=01}, language = {English}, urldate = {2023-12-04} } Tweet about ALPHV group compromising Tipalti to pressure its clients.
BlackCat BlackCat
2023-12-03Bleeping ComputerLawrence Abrams
@online{abrams:20231203:linux:b5f945e, author = {Lawrence Abrams}, title = {{Linux version of Qilin ransomware focuses on VMware ESXi}}, date = {2023-12-03}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/linux-version-of-qilin-ransomware-focuses-on-vmware-esxi/}, language = {English}, urldate = {2023-12-05} } Linux version of Qilin ransomware focuses on VMware ESXi
Qilin
2023-12-02openhunting.ioopenhunting.io
@online{openhuntingio:20231202:threat:2d4aed7, author = {openhunting.io}, title = {{Threat Hunting Malware Infrastructure}}, date = {2023-12-02}, organization = {openhunting.io}, url = {https://www.linkedin.com/feed/update/urn:li:activity:7137086303329783808/}, language = {English}, urldate = {2023-12-04} } Threat Hunting Malware Infrastructure
VBREVSHELL AsyncRAT
2023-12-01LianSecurityLianSecurity
@online{liansecurity:20231201:boomslang:4946653, author = {LianSecurity}, title = {{BOOMSLANG Mobile fraud family analysis}}, date = {2023-12-01}, organization = {LianSecurity}, url = {https://www.liansecurity.com/#/main/news/mlRmJIwB203zX1eeD8-r/detail}, language = {English}, urldate = {2023-12-04} } BOOMSLANG Mobile fraud family analysis
2023-12-01The RecordDaryna Antoniuk
@online{antoniuk:20231201:russian:546018e, author = {Daryna Antoniuk}, title = {{Russian developer of Trickbot malware pleads guilty, faces 35-year sentence}}, date = {2023-12-01}, organization = {The Record}, url = {https://therecord.media/russian-trickbot-malware-developer-pleads-guilty}, language = {English}, urldate = {2023-12-04} } Russian developer of Trickbot malware pleads guilty, faces 35-year sentence
TrickBot
2023-11-30K7 SecurityArunkumar
@online{arunkumar:20231130:uncovering:f655d68, author = {Arunkumar}, title = {{Uncovering the Serpent}}, date = {2023-11-30}, organization = {K7 Security}, url = {https://labs.k7computing.com/index.php/uncovering-the-serpent/}, language = {English}, urldate = {2023-11-30} } Uncovering the Serpent
Serpent
2023-11-30Twitter (@embee_research)Embee_research
@online{embeeresearch:20231130:advanced:4afa89a, author = {Embee_research}, title = {{Advanced Threat Intel Queries - Catching 83 Qakbot Servers with Regex, Censys and TLS Certificates}}, date = {2023-11-30}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/advanced-threat-intel-queries-catching-83-qakbot-servers-with-regex-censys-and-tls-certificates/}, language = {English}, urldate = {2023-11-30} } Advanced Threat Intel Queries - Catching 83 Qakbot Servers with Regex, Censys and TLS Certificates
QakBot
2023-11-30BlackberryBlackBerry Research & Intelligence Team, Dmitry Bestuzhev
@online{team:20231130:aeroblade:725b5e6, author = {BlackBerry Research & Intelligence Team and Dmitry Bestuzhev}, title = {{AeroBlade on the Hunt Targeting the U.S. Aerospace Industry}}, date = {2023-11-30}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2023/11/aeroblade-on-the-hunt-targeting-us-aerospace-industry}, language = {English}, urldate = {2023-12-05} } AeroBlade on the Hunt Targeting the U.S. Aerospace Industry
2023-11-29TrellixAlexandre Mundo, Max Kersten
@online{mundo:20231129:akira:5965a88, author = {Alexandre Mundo and Max Kersten}, title = {{Akira Ransomware}}, date = {2023-11-29}, organization = {Trellix}, url = {https://www.trellix.com/about/newsroom/stories/research/akira-ransomware/}, language = {English}, urldate = {2023-11-30} } Akira Ransomware
Akira
2023-11-28ANY.RUNMaksim Mikhailov
@online{mikhailov:20231128:risepro:9e5dc7e, author = {Maksim Mikhailov}, title = {{RisePro Malware Analysis: Exploring C2 Communication of a New Version}}, date = {2023-11-28}, organization = {ANY.RUN}, url = {https://any.run/cybersecurity-blog/risepro-malware-communication-analysis/}, language = {English}, urldate = {2023-11-30} } RisePro Malware Analysis: Exploring C2 Communication of a New Version
RisePro
2023-11-27Twitter (@embee_research)Embee_research
@online{embeeresearch:20231127:building:3dd782a, author = {Embee_research}, title = {{Building Threat Intel Queries Utilising Regex and TLS Certificates - (BianLian)}}, date = {2023-11-27}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/building-advanced-censys-queries-utilising-regex-bianlian/}, language = {English}, urldate = {2023-11-27} } Building Threat Intel Queries Utilising Regex and TLS Certificates - (BianLian)
BianLian
2023-11-26Twitter (@embee_research)Embee_research
@online{embeeresearch:20231126:identifying:8b70097, author = {Embee_research}, title = {{Identifying Suspected PrivateLoader Servers with Censys}}, date = {2023-11-26}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/identifying-privateloader-servers-with-censys/}, language = {English}, urldate = {2023-11-27} } Identifying Suspected PrivateLoader Servers with Censys
PrivateLoader
2023-11-23Trend MicroAliakbar Zahravi, Peter Girnus
@online{zahravi:20231123:parasitesnatcher:74e8353, author = {Aliakbar Zahravi and Peter Girnus}, title = {{ParaSiteSnatcher: How Malicious Chrome Extensions Target Brazil}}, date = {2023-11-23}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/23/k/parasitesnatcher-how-malicious-chrome-extensions-target-brazil-.html}, language = {English}, urldate = {2023-11-27} } ParaSiteSnatcher: How Malicious Chrome Extensions Target Brazil
ParaSiteSnatcher
2023-11-22Twitter (@embee_research)Embee_research
@online{embeeresearch:20231122:practical:1847814, author = {Embee_research}, title = {{Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)}}, date = {2023-11-22}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/practical-queries-for-malware-infrastructure-part-3/}, language = {English}, urldate = {2023-11-22} } Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)
BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos
2023-11-22MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20231122:diamond:59a70c1, author = {Microsoft Threat Intelligence}, title = {{Diamond Sleet supply chain compromise distributes a modified CyberLink installer}}, date = {2023-11-22}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer/}, language = {English}, urldate = {2023-11-23} } Diamond Sleet supply chain compromise distributes a modified CyberLink installer
LambLoad
2023-11-21CensysAidan Holland
@online{holland:20231121:tracking:02f967b, author = {Aidan Holland}, title = {{Tracking Vidar Infrastructure with Censys}}, date = {2023-11-21}, organization = {Censys}, url = {https://censys.com/tracking-vidar-infrastructure/}, language = {English}, urldate = {2023-12-04} } Tracking Vidar Infrastructure with Censys
Vidar