Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-01-24DailySecUGil Min-kwon
@online{minkwon:20230124:urgent:71e54e3, author = {Gil Min-kwon}, title = {{[Urgent] A Chinese hacker organization that declared hacking war on Korea..."KISA will hack" notice}}, date = {2023-01-24}, organization = {DailySecU}, url = {https://www.dailysecu.com/news/articleView.html?idxno=143020}, language = {English}, urldate = {2023-01-24} } [Urgent] A Chinese hacker organization that declared hacking war on Korea..."KISA will hack" notice
2023-01-17TrendmicroJunestherry Dela Cruz
@online{cruz:20230117:batloader:594298e, author = {Junestherry Dela Cruz}, title = {{Batloader Malware Abuses Legitimate Tools, Uses Obfuscated JavaScript Files in Q4 2022 Attacks}}, date = {2023-01-17}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/23/a/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html}, language = {English}, urldate = {2023-01-19} } Batloader Malware Abuses Legitimate Tools, Uses Obfuscated JavaScript Files in Q4 2022 Attacks
BATLOADER
2023-01-10SecurityScorecardVlad Pasca
@online{pasca:20230110:how:f3b9788, author = {Vlad Pasca}, title = {{How to Analyze JavaScript Malware – A Case Study of Vjw0rm}}, date = {2023-01-10}, organization = {SecurityScorecard}, url = {https://resources.securityscorecard.com/research/acasestudyofVjw0rm#page=1}, language = {English}, urldate = {2023-01-18} } How to Analyze JavaScript Malware – A Case Study of Vjw0rm
Vjw0rm
2023-01-05LogpointAnish Bogati
@online{bogati:20230105:crowning:ee8f347, author = {Anish Bogati}, title = {{A crowning achievement: Exploring the exploit of Royal ransomware}}, date = {2023-01-05}, organization = {Logpoint}, url = {https://www.logpoint.com/en/blog/exploring-the-exploit-of-royal-ransomware/}, language = {English}, urldate = {2023-01-06} } A crowning achievement: Exploring the exploit of Royal ransomware
Royal Ransom
2022-12-12Trend MicroDavid Fiser, Alfredo Oliveira
@online{fiser:20221212:linux:62f9491, author = {David Fiser and Alfredo Oliveira}, title = {{Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT}}, date = {2022-12-12}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/l/linux-cryptomining-enhanced-via-chaos-rat-.html}, language = {English}, urldate = {2022-12-14} } Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT
Chaos
2022-12-07cybleCyble
@online{cyble:20221207:closer:f711811, author = {Cyble}, title = {{A Closer Look At BlackMagic Ransomware}}, date = {2022-12-07}, organization = {cyble}, url = {https://blog.cyble.com/2022/12/07/a-closer-look-at-blackmagic-ransomware/}, language = {English}, urldate = {2022-12-08} } A Closer Look At BlackMagic Ransomware
BlackMagic
2022-11-16ProofpointPim Trouerbach, Axel F
@online{trouerbach:20221116:comprehensive:8278b4e, author = {Pim Trouerbach and Axel F}, title = {{A Comprehensive Look at Emotet Virus’ Fall 2022 Return}}, date = {2022-11-16}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/comprehensive-look-emotets-fall-2022-return}, language = {English}, urldate = {2022-12-29} } A Comprehensive Look at Emotet Virus’ Fall 2022 Return
BumbleBee Emotet IcedID
2022-10-31The RecordAlexander Martin
@online{martin:20221031:mondelez:a33b8ce, author = {Alexander Martin}, title = {{Mondelez and Zurich reach settlement in NotPetya cyberattack insurance suit}}, date = {2022-10-31}, organization = {The Record}, url = {https://therecord.media/mondelez-and-zurich-reach-settlement-in-notpetya-cyberattack-insurance-suit/}, language = {English}, urldate = {2022-11-03} } Mondelez and Zurich reach settlement in NotPetya cyberattack insurance suit
EternalPetya
2022-09-30NCC GroupWilliam Backhouse, Michael Mullen, Nikolaos Pantazopoulos
@online{backhouse:20220930:glimpse:5194be6, author = {William Backhouse and Michael Mullen and Nikolaos Pantazopoulos}, title = {{A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion}}, date = {2022-09-30}, organization = {NCC Group}, url = {https://research.nccgroup.com/2022/09/30/a-glimpse-into-the-shadowy-realm-of-a-chinese-apt-detailed-analysis-of-a-shadowpad-intrusion/}, language = {English}, urldate = {2022-10-04} } A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion
ShadowPad
2022-09-29Perception PointIgal Lytzki
@online{lytzki:20220929:doenerium:06e117e, author = {Igal Lytzki}, title = {{Doenerium: It’s Not a Crime to Steal From Thieves}}, date = {2022-09-29}, organization = {Perception Point}, url = {https://perception-point.io/doenerium-malware/}, language = {English}, urldate = {2022-09-30} } Doenerium: It’s Not a Crime to Steal From Thieves
doenerium
2022-09-22Sentinel LABSTom Hegel
@online{hegel:20220922:void:edb8cef, author = {Tom Hegel}, title = {{Void Balaur | The Sprawling Infrastructure of a Careless Mercenary}}, date = {2022-09-22}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/the-sprawling-infrastructure-of-a-careless-mercenary/}, language = {English}, urldate = {2022-09-27} } Void Balaur | The Sprawling Infrastructure of a Careless Mercenary
Void Balaur
2022-08-31BitdefenderMartin Zugec
@online{zugec:20220831:deep:7f4cb6f, author = {Martin Zugec}, title = {{Deep Dive into a Corporate Espionage Operation}}, date = {2022-08-31}, organization = {Bitdefender}, url = {https://businessinsights.bitdefender.com/deep-dive-into-a-corporate-espionage-operation}, language = {English}, urldate = {2022-09-06} } Deep Dive into a Corporate Espionage Operation
2022-08-25BitdefenderAlexandru Maximciuc, Victor Vrabie
@techreport{maximciuc:20220825:hiding:365d9e5, author = {Alexandru Maximciuc and Victor Vrabie}, title = {{Hiding in the Shadows: Investigation of a Corporate Espionage Attack}}, date = {2022-08-25}, institution = {Bitdefender}, url = {https://www.bitdefender.com/files/News/CaseStudies/study/421/Bitdefender-PR-Whitepaper-IndEs-creat6269-en-EN.pdf}, language = {English}, urldate = {2022-09-19} } Hiding in the Shadows: Investigation of a Corporate Espionage Attack
2022-08-25Trend MicroMohamed Fahmy, Nathaniel Gregory Ragasa, Earle Maui Earnshaw, Bahaa Yamany, Jeffrey Francis Bonaobra, Jay Yaneza
@online{fahmy:20220825:new:62162e8, author = {Mohamed Fahmy and Nathaniel Gregory Ragasa and Earle Maui Earnshaw and Bahaa Yamany and Jeffrey Francis Bonaobra and Jay Yaneza}, title = {{New Golang Ransomware Agenda Customizes Attacks}}, date = {2022-08-25}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/h/new-golang-ransomware-agenda-customizes-attacks.html}, language = {English}, urldate = {2022-08-30} } New Golang Ransomware Agenda Customizes Attacks
AgendaCrypt
2022-08-25Trend MicroMohamed Fahmy, Nathaniel Gregory Ragasa, Earle Maui Earnshaw, Bahaa Yamany, Jeffrey Francis Bonaobra, Jay Yaneza
@online{fahmy:20220825:new:6f3ec79, author = {Mohamed Fahmy and Nathaniel Gregory Ragasa and Earle Maui Earnshaw and Bahaa Yamany and Jeffrey Francis Bonaobra and Jay Yaneza}, title = {{New Golang Ransomware Agenda Customizes Attacks (IoCs)}}, date = {2022-08-25}, organization = {Trend Micro}, url = {https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt}, language = {English}, urldate = {2022-08-30} } New Golang Ransomware Agenda Customizes Attacks (IoCs)
AgendaCrypt
2022-08-24TrellixAdithya Chandra, Sushant Kumar Arya
@online{chandra:20220824:demystifying:77609b2, author = {Adithya Chandra and Sushant Kumar Arya}, title = {{Demystifying Qbot Malware}}, date = {2022-08-24}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/demystifying-qbot-malware.html}, language = {English}, urldate = {2022-08-28} } Demystifying Qbot Malware
QakBot
2022-08-22Medium (Katie’s Five Cents)Katie Nickels
@online{nickels:20220822:cyber:7fd8ac5, author = {Katie Nickels}, title = {{A Cyber Threat Intelligence Self-Study Plan: Part 2}}, date = {2022-08-22}, organization = {Medium (Katie’s Five Cents)}, url = {https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-2-d04b7a529d36}, language = {English}, urldate = {2022-08-28} } A Cyber Threat Intelligence Self-Study Plan: Part 2
2022-08-16Recorded FutureInsikt Group®
@techreport{group:20220816:redalpha:5bfb9a3, author = {Insikt Group®}, title = {{RedAlpha Conducts Multi-Year Credential Theft Campaign Targeting Global Humanitarian, Think Tank, and Government Organizations}}, date = {2022-08-16}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/ta-2022-0816.pdf}, language = {English}, urldate = {2022-08-30} } RedAlpha Conducts Multi-Year Credential Theft Campaign Targeting Global Humanitarian, Think Tank, and Government Organizations
RedAlpha
2022-08-11Malcatmalcat team
@online{team:20220811:lnk:29e9765, author = {malcat team}, title = {{LNK forensic and config extraction of a cobalt strike beacon}}, date = {2022-08-11}, organization = {Malcat}, url = {https://malcat.fr/blog/lnk-forensic-and-config-extraction-of-a-cobalt-strike-beacon/}, language = {English}, urldate = {2022-08-12} } LNK forensic and config extraction of a cobalt strike beacon
Cobalt Strike
2022-08-02Cisco TalosAsheer Malhotra, Vitor Ventura
@online{malhotra:20220802:manjusaka:706c14a, author = {Asheer Malhotra and Vitor Ventura}, title = {{Manjusaka: A Chinese sibling of Sliver and Cobalt Strike}}, date = {2022-08-02}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html}, language = {English}, urldate = {2022-08-02} } Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Manjusaka Cobalt Strike Manjusaka