Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-10-27KasperskySeongsu Park
@online{park:20231027:cascade:444482f, author = {Seongsu Park}, title = {{A cascade of compromise: unveiling Lazarus’ new campaign}}, date = {2023-10-27}, organization = {Kaspersky}, url = {https://securelist.com/unveiling-lazarus-new-campaign/110888/}, language = {English}, urldate = {2023-11-13} } A cascade of compromise: unveiling Lazarus’ new campaign
LPEClient PostNapTea
2023-10-20Twitter (@embee_research)Embee_research
@online{embeeresearch:20231020:decoding:85adeaa, author = {Embee_research}, title = {{Decoding a Cobalt Strike .hta Loader Using CyberChef and Emulation}}, date = {2023-10-20}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/malware-analysis-decoding-a-simple-hta-loader/}, language = {English}, urldate = {2023-10-20} } Decoding a Cobalt Strike .hta Loader Using CyberChef and Emulation
Cobalt Strike
2023-10-18Twitter (@embee_research)Embee_research
@online{embeeresearch:20231018:ghidra:1253f8d, author = {Embee_research}, title = {{Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function}}, date = {2023-10-18}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/ghidra-entropy-analysis-locating-decryption-functions/}, language = {English}, urldate = {2023-10-20} } Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function
Cobalt Strike
2023-10-12Cluster25Cluster25 Threat Intel Team
@online{team:20231012:cve202338831:6b50b62, author = {Cluster25 Threat Intel Team}, title = {{CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations}}, date = {2023-10-12}, organization = {Cluster25}, url = {https://blog.cluster25.duskrise.com/2023/10/12/cve-2023-38831-russian-attack}, language = {English}, urldate = {2023-10-13} } CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations
Agent Tesla Crimson RAT Nanocore RAT SmokeLoader
2023-09-12ANSSIANSSI
@techreport{anssi:20230912:fin12:b0a08e2, author = {ANSSI}, title = {{FIN12: A Cybercriminal Group with Multiple Ransomware}}, date = {2023-09-12}, institution = {ANSSI}, url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2023-CTI-007.pdf}, language = {French}, urldate = {2023-09-20} } FIN12: A Cybercriminal Group with Multiple Ransomware
BlackCat Cobalt Strike Conti Hive MimiKatz Nokoyawa Ransomware PLAY Royal Ransom Ryuk SystemBC
2023-09-04AhnLabSanseo
@online{sanseo:20230904:chm:0194a5a, author = {Sanseo}, title = {{CHM Malware Using Fukushima Contaminated Water Discharge: RedEyes (ScarCruft)}}, date = {2023-09-04}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/56654/}, language = {English}, urldate = {2023-09-07} } CHM Malware Using Fukushima Contaminated Water Discharge: RedEyes (ScarCruft)
2023-09-04Cert-UACert-UA
@online{certua:20230904:apt28:5db5c7c, author = {Cert-UA}, title = {{APT28 cyberattack: msedge as a bootloader, TOR and mockbin.org/website.hook services as a control center (CERT-UA#7469)}}, date = {2023-09-04}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/5702579}, language = {Ukrainian}, urldate = {2023-09-07} } APT28 cyberattack: msedge as a bootloader, TOR and mockbin.org/website.hook services as a control center (CERT-UA#7469)
2023-08-08Security Service of UkraineSecurity Service of Ukraine
@techreport{ukraine:20230808:cyber:8bbe546, author = {Security Service of Ukraine}, title = {{Cyber Operation of Russian Intelligence Services as a Component of Confrontation on the Battlefield}}, date = {2023-08-08}, institution = {Security Service of Ukraine}, url = {https://ssu.gov.ua/uploads/files/DKIB/technical-report.pdf}, language = {English}, urldate = {2023-08-09} } Cyber Operation of Russian Intelligence Services as a Component of Confrontation on the Battlefield
2023-08-07SentinelOneTom Hegel, Aleksandar Milenkoski
@online{hegel:20230807:comrades:d449b68, author = {Tom Hegel and Aleksandar Milenkoski}, title = {{Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company}}, date = {2023-08-07}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/comrades-in-arms-north-korea-compromises-sanctioned-russian-missile-engineering-company/}, language = {English}, urldate = {2023-08-07} } Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company
OpenCarrot
2023-08-07Trend MicroJunestherry Dela Cruz
@online{cruz:20230807:latest:064e40e, author = {Junestherry Dela Cruz}, title = {{Latest Batloader Campaigns Use Pyarmor Pro for Evasion}}, date = {2023-08-07}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/23/h/batloader-campaigns-use-pyarmor-pro-for-evasion.html}, language = {English}, urldate = {2023-08-09} } Latest Batloader Campaigns Use Pyarmor Pro for Evasion
BATLOADER
2023-07-25ZscalerMeghraj Nandanwar, Satyam Singh, Pradeep Mahato
@online{nandanwar:20230725:hibernating:7cf0533, author = {Meghraj Nandanwar and Satyam Singh and Pradeep Mahato}, title = {{Hibernating Qakbot: A Comprehensive Study and In-depth Campaign Analysis}}, date = {2023-07-25}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis}, language = {English}, urldate = {2023-07-31} } Hibernating Qakbot: A Comprehensive Study and In-depth Campaign Analysis
QakBot
2023-07-07Rapid7 LabsCaitlin Condon
@online{condon:20230707:exploitation:1930f05, author = {Caitlin Condon}, title = {{Exploitation of Mitel MiVoice Connect SA CVE-2022-29499}}, date = {2023-07-07}, organization = {Rapid7 Labs}, url = {https://www.rapid7.com/blog/post/2022/07/07/exploitation-of-mitel-mivoice-connect-sa-cve-2022-29499/}, language = {English}, urldate = {2023-08-01} } Exploitation of Mitel MiVoice Connect SA CVE-2022-29499
2023-07-04The RecordJonathan Greig
@online{greig:20230704:fort:2dec664, author = {Jonathan Greig}, title = {{Fort Worth officials say leaked data came from Public Information Act request}}, date = {2023-07-04}, organization = {The Record}, url = {https://therecord.media/fort-worth-officials-say-leaked-data-was-public}, language = {English}, urldate = {2023-12-04} } Fort Worth officials say leaked data came from Public Information Act request
2023-06-23TrendmicroArianne Dela Cruz, Paul Pajares, Ivan Nicole Chavez, Ieriz Nicolle Gonzalez, Nathaniel Morales
@online{cruz:20230623:overview:58e7e29, author = {Arianne Dela Cruz and Paul Pajares and Ivan Nicole Chavez and Ieriz Nicolle Gonzalez and Nathaniel Morales}, title = {{An Overview of the Different Versions of the Trigona Ransomware}}, date = {2023-06-23}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/23/f/an-overview-of-the-trigona-ransomware.html}, language = {English}, urldate = {2023-07-05} } An Overview of the Different Versions of the Trigona Ransomware
Trigona
2023-06-06Security IntelligenceJoshua Chung, Melissa Frydrych, Claire Zaboeva, Agnes Ramos-Beauchamp
@online{chung:20230606:itg10:83811e5, author = {Joshua Chung and Melissa Frydrych and Claire Zaboeva and Agnes Ramos-Beauchamp}, title = {{ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People’s Republic of Korea (DPRK)}}, date = {2023-06-06}, organization = {Security Intelligence}, url = {https://securityintelligence.com/posts/itg10-targeting-south-korean-entities/}, language = {English}, urldate = {2023-06-09} } ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People’s Republic of Korea (DPRK)
RokRAT
2023-05-18zimperiumNicolás Chiaraviglio
@online{chiaraviglio:20230518:zimperiums:c7583a2, author = {Nicolás Chiaraviglio}, title = {{Zimperium’s MTD Against OilAlpha: A Comprehensive Defense Strategy}}, date = {2023-05-18}, organization = {zimperium}, url = {https://www.zimperium.com/blog/zimperium-mtd-against-oilalpha-a-comprehensive-defense-strategy/}, language = {English}, urldate = {2023-12-04} } Zimperium’s MTD Against OilAlpha: A Comprehensive Defense Strategy
2023-05-16Check Point ResearchItay Cohen, Radoslaw Madej
@online{cohen:20230516:dragon:a2ec63b, author = {Itay Cohen and Radoslaw Madej}, title = {{The Dragon Who Sold his Camaro: Analyzing a Custom Router Implant}}, date = {2023-05-16}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/}, language = {English}, urldate = {2023-06-01} } The Dragon Who Sold his Camaro: Analyzing a Custom Router Implant
Horse Shell
2023-05-10DragosDragos
@online{dragos:20230510:deconstructing:e2efdbd, author = {Dragos}, title = {{Deconstructing a Cybersecurity Event}}, date = {2023-05-10}, organization = {Dragos}, url = {https://www.dragos.com/blog/deconstructing-a-cybersecurity-event/}, language = {English}, urldate = {2023-05-15} } Deconstructing a Cybersecurity Event
2023-05-04SecurityScorecardVlad Pasca
@online{pasca:20230504:how:a820c7a, author = {Vlad Pasca}, title = {{How to Analyze Java Malware – A Case Study of STRRAT}}, date = {2023-05-04}, organization = {SecurityScorecard}, url = {https://resources.securityscorecard.com/cybersecurity/analyze-java-malware-strrat#page=1}, language = {English}, urldate = {2023-05-10} } How to Analyze Java Malware – A Case Study of STRRAT
STRRAT
2023-04-28Twitter (@MalGamy12)Gameel Ali
@online{ali:20230428:explaning:21f000e, author = {Gameel Ali}, title = {{Tweet explaning similarity between Conti and Akira code}}, date = {2023-04-28}, organization = {Twitter (@MalGamy12)}, url = {https://twitter.com/MalGamy12/status/1651972583615602694}, language = {English}, urldate = {2023-05-25} } Tweet explaning similarity between Conti and Akira code
Akira