Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-18Github (0x00-0x7f)Sadia Bashir
@online{bashir:20220518:case:986df17, author = {Sadia Bashir}, title = {{A Case of Vidar Infostealer - Part 2}}, date = {2022-05-18}, organization = {Github (0x00-0x7f)}, url = {https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/}, language = {English}, urldate = {2022-05-25} } A Case of Vidar Infostealer - Part 2
Vidar
2022-05-12cybleCyble Research Labs
@online{labs:20220512:closer:049ae54, author = {Cyble Research Labs}, title = {{A Closer Look At Eternity Malware: Threat Actors Leveraging Telegram To Build Malware}}, date = {2022-05-12}, organization = {cyble}, url = {https://blog.cyble.com/2022/05/12/a-closer-look-at-eternity-malware/}, language = {English}, urldate = {2022-05-25} } A Closer Look At Eternity Malware: Threat Actors Leveraging Telegram To Build Malware
Eternity Clipper Eternity Ransomware Eternity Stealer Eternity Worm
2022-05-04HPPatrick Schläpfer
@online{schlpfer:20220504:tips:f12f7ba, author = {Patrick Schläpfer}, title = {{Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware}}, date = {2022-05-04}, organization = {HP}, url = {https://threatresearch.ext.hp.com/tips-for-automating-ioc-extraction-from-gootloader-a-changing-javascript-malware/}, language = {English}, urldate = {2022-05-05} } Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware
GootLoader
2022-04-26Intel 471Intel 471
@online{471:20220426:conti:6bcff7d, author = {Intel 471}, title = {{Conti and Emotet: A constantly destructive duo}}, date = {2022-04-26}, organization = {Intel 471}, url = {https://intel471.com/blog/conti-emotet-ransomware-conti-leaks}, language = {English}, urldate = {2022-04-29} } Conti and Emotet: A constantly destructive duo
Cobalt Strike Conti Emotet IcedID QakBot TrickBot
2022-04-18National Intelligence UniversityKevin P. Riehle
@techreport{riehle:20220418:russian:baaf138, author = {Kevin P. Riehle}, title = {{Russian Intelligence: A Case-based Study of Russian Services and Missions Past and Present}}, date = {2022-04-18}, institution = {National Intelligence University}, url = {https://ni-u.edu/wp/wp-content/uploads/2022/05/Riehle_Russian-Intelligence.pdf}, language = {English}, urldate = {2022-05-11} } Russian Intelligence: A Case-based Study of Russian Services and Missions Past and Present
2022-03-31CrowdStrikeChristopher Romano, Vaishnav Murthy
@online{romano:20220331:cloudy:15ac5c7, author = {Christopher Romano and Vaishnav Murthy}, title = {{Cloudy with a Chance of Unclear Mailbox Sync: CrowdStrike Services Identifies Logging Inconsistencies in Microsoft 365}}, date = {2022-03-31}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/crowdstrike-services-identifies-logging-inconsistencies-in-microsoft-365/}, language = {English}, urldate = {2022-04-05} } Cloudy with a Chance of Unclear Mailbox Sync: CrowdStrike Services Identifies Logging Inconsistencies in Microsoft 365
2022-03-27Github (0x00-0x7f)Sadia Bashir
@online{bashir:20220327:case:80e7471, author = {Sadia Bashir}, title = {{A Case of Vidar Infostealer - Part 1 (Unpacking)}}, date = {2022-03-27}, organization = {Github (0x00-0x7f)}, url = {https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/}, language = {English}, urldate = {2022-03-31} } A Case of Vidar Infostealer - Part 1 (Unpacking)
Vidar
2022-03-26n0p BlogAli Mosajjal
@online{mosajjal:20220326:analysis:b94c029, author = {Ali Mosajjal}, title = {{Analysis of a Caddy Wiper Sample Targeting Ukraine}}, date = {2022-03-26}, organization = {n0p Blog}, url = {https://n0p.me/2022/03/2022-03-26-caddywiper/}, language = {English}, urldate = {2022-03-28} } Analysis of a Caddy Wiper Sample Targeting Ukraine
CaddyWiper
2022-03-23KrebsOnSecurityBrian Krebs
@online{krebs:20220323:closer:411208b, author = {Brian Krebs}, title = {{A Closer Look at the LAPSUS$ Data Extortion Group}}, date = {2022-03-23}, organization = {KrebsOnSecurity}, url = {https://krebsonsecurity.com/2022/03/a-closer-look-at-the-lapsus-data-extortion-group/}, language = {English}, urldate = {2022-03-24} } A Closer Look at the LAPSUS$ Data Extortion Group
RedLine Stealer
2022-03-23splunkShannon Davis
@online{davis:20220323:gone:56f570f, author = {Shannon Davis}, title = {{Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed}}, date = {2022-03-23}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/gone-in-52-seconds-and-42-minutes-a-comparative-analysis-of-ransomware-encryption-speed.html}, language = {English}, urldate = {2022-03-25} } Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed
Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk
2022-03-22The Hacker NewsRavie Lakshmanan
@online{lakshmanan:20220322:microsoft:3373c3d, author = {Ravie Lakshmanan}, title = {{Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group}}, date = {2022-03-22}, organization = {The Hacker News}, url = {https://thehackernews.com/2022/03/microsoft-and-okta-confirm-breach-by.html}, language = {English}, urldate = {2022-03-23} } Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group
RedLine Stealer
2022-03-21Github (trendmicro)Trend Micro Research
@online{research:20220321:python:7dbe8dd, author = {Trend Micro Research}, title = {{Python script to check a Cyclops Blink C&C}}, date = {2022-03-21}, organization = {Github (trendmicro)}, url = {https://github.com/trendmicro/research/blob/main/cyclops_blink/c2-scripts/check.py}, language = {English}, urldate = {2022-03-28} } Python script to check a Cyclops Blink C&C
CyclopsBlink
2022-03-13Security AffairsPierluigi Paganini
@online{paganini:20220313:hidden:c809849, author = {Pierluigi Paganini}, title = {{The hidden C2: Lampion trojan release 212 is on the rise and using a C2 server for two years}}, date = {2022-03-13}, organization = {Security Affairs}, url = {https://securityaffairs.co/wordpress/128975/malware/hidden-c2-lampion-trojan-release-212.html}, language = {English}, urldate = {2022-03-14} } The hidden C2: Lampion trojan release 212 is on the rise and using a C2 server for two years
lampion
2022-03-03LIFARSLIFARS
@online{lifars:20220303:closer:f29cc25, author = {LIFARS}, title = {{A Closer Look at the Russian Actors Targeting Organizations in Ukraine}}, date = {2022-03-03}, organization = {LIFARS}, url = {https://lifars.com/2022/03/a-closer-look-at-the-russian-actors-targeting-organizations-in-ukraine/}, language = {English}, urldate = {2022-03-04} } A Closer Look at the Russian Actors Targeting Organizations in Ukraine
HermeticWiper IsaacWiper Saint Bot WhisperGate
2022-03-01ProofpointMichael Raggi, Zydeca Cass, Proofpoint Threat Research Team
@online{raggi:20220301:asylum:27cfa43, author = {Michael Raggi and Zydeca Cass and Proofpoint Threat Research Team}, title = {{Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement}}, date = {2022-03-01}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails}, language = {English}, urldate = {2022-03-10} } Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement
SunSeed
2022-02-26Seguranca InformaticaPedro Tavares
@online{tavares:20220226:hidden:544b0bd, author = {Pedro Tavares}, title = {{The hidden C2: Lampion trojan release 212 is on the rise and using a C2 server for two years}}, date = {2022-02-26}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/the-hidden-c2-lampion-trojan-release-212-is-on-the-rise-and-using-a-c2-server-for-two-years}, language = {English}, urldate = {2022-03-04} } The hidden C2: Lampion trojan release 212 is on the rise and using a C2 server for two years
lampion
2022-02-24nvisoMichel Coene
@online{coene:20220224:threat:f0dba09, author = {Michel Coene}, title = {{Threat Update – Ukraine & Russia conflict}}, date = {2022-02-24}, organization = {nviso}, url = {https://blog.nviso.eu/2022/02/24/threat-update-ukraine-russia-tensions/}, language = {English}, urldate = {2022-03-01} } Threat Update – Ukraine & Russia conflict
EternalPetya GreyEnergy HermeticWiper Industroyer KillDisk WhisperGate
2022-02-17Twitter (@Honeymoon_IoC)Gi7w0rm
@online{gi7w0rm:20220217:tweets:a96e458, author = {Gi7w0rm}, title = {{Tweets on win.prometei caught via Cowrie}}, date = {2022-02-17}, organization = {Twitter (@Honeymoon_IoC)}, url = {https://twitter.com/honeymoon_ioc/status/1494311182550904840}, language = {English}, urldate = {2022-02-17} } Tweets on win.prometei caught via Cowrie
Prometei
2022-02-14MorphisecHido Cohen, Arnold Osipov
@techreport{cohen:20220214:journey:6c209dc, author = {Hido Cohen and Arnold Osipov}, title = {{Journey of a Crypto Scammer - NFT-001}}, date = {2022-02-14}, institution = {Morphisec}, url = {https://blog.morphisec.com/hubfs/Journey%20of%20a%20Crypto%20Scammer%20-%20NFT-001%20%7C%20Morphisec%20%7C%20Threat%20Report.pdf}, language = {English}, urldate = {2022-02-19} } Journey of a Crypto Scammer - NFT-001
AsyncRAT BitRAT Remcos
2022-02-09CiscoVanja Svajcer, Vitor Ventura
@online{svajcer:20220209:whats:91fb2d8, author = {Vanja Svajcer and Vitor Ventura}, title = {{What’s with the shared VBA code between Transparent Tribe and other threat actors?}}, date = {2022-02-09}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/02/whats-with-shared-vba-code.html}, language = {English}, urldate = {2022-02-14} } What’s with the shared VBA code between Transparent Tribe and other threat actors?