Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-29Github (vc0RExor)Aaron Jornet Sales
@techreport{sales:20220629:machete:a0bb28d, author = {Aaron Jornet Sales}, title = {{Machete Weapons Lokibot - A Malware Report}}, date = {2022-06-29}, institution = {Github (vc0RExor)}, url = {https://github.com/vc0RExor/Malware-Threat-Reports/blob/main/Lokibot/Machete-Weapons-Lokibot/Machete%20weapons-Lokibot_EN.pdf}, language = {English}, urldate = {2022-06-30} } Machete Weapons Lokibot - A Malware Report
LokiBot
2022-06-28AhnLabASEC
@online{asec:20220628:new:df3f9bf, author = {ASEC}, title = {{New Info-stealer Disguised as Crack Being Distributed}}, date = {2022-06-28}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/35981/}, language = {English}, urldate = {2022-06-30} } New Info-stealer Disguised as Crack Being Distributed
ClipBanker CryptBot Raccoon RedLine Stealer
2022-06-28LumenBlack Lotus Labs
@online{labs:20220628:zuorat:f60583e, author = {Black Lotus Labs}, title = {{ZuoRAT Hijacks SOHO Routers To Silently Stalk Networks}}, date = {2022-06-28}, organization = {Lumen}, url = {https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/}, language = {English}, urldate = {2022-06-30} } ZuoRAT Hijacks SOHO Routers To Silently Stalk Networks
ZuoRAT Cobalt Strike
2022-06-28GBHackers on SecurityGurubaran S
@online{s:20220628:black:e69f497, author = {Gurubaran S}, title = {{Black Basta Ransomware Emerging From Underground to Attack Corporate Networks}}, date = {2022-06-28}, organization = {GBHackers on Security}, url = {https://gbhackers.com/black-basta-ransomware/}, language = {English}, urldate = {2022-06-30} } Black Basta Ransomware Emerging From Underground to Attack Corporate Networks
Black Basta
2022-06-28SekoiaThreat & Detection Research Team
@online{team:20220628:raccoon:98accde, author = {Threat & Detection Research Team}, title = {{Raccoon Stealer v2 – Part 1: The return of the dead}}, date = {2022-06-28}, organization = {Sekoia}, url = {https://blog.sekoia.io/raccoon-stealer-v2-part-1-the-return-of-the-dead/}, language = {English}, urldate = {2022-06-30} } Raccoon Stealer v2 – Part 1: The return of the dead
Raccoon
2022-06-27NetskopeGustavo Palazolo
@online{palazolo:20220627:emotet:e01f0fb, author = {Gustavo Palazolo}, title = {{Emotet: Still Abusing Microsoft Office Macros}}, date = {2022-06-27}, organization = {Netskope}, url = {https://www.netskope.com/blog/emotet-still-abusing-microsoft-office-macros}, language = {English}, urldate = {2022-06-30} } Emotet: Still Abusing Microsoft Office Macros
Emotet
2022-06-27Kaspersky ICS CERTArtem Snegirev, Kirill Kruglov
@online{snegirev:20220627:attacks:100c151, author = {Artem Snegirev and Kirill Kruglov}, title = {{Attacks on industrial control systems using ShadowPad}}, date = {2022-06-27}, organization = {Kaspersky ICS CERT}, url = {https://ics-cert.kaspersky.com/publications/reports/2022/06/27/attacks-on-industrial-control-systems-using-shadowpad/}, language = {English}, urldate = {2022-06-29} } Attacks on industrial control systems using ShadowPad
Cobalt Strike PlugX ShadowPad
2022-06-24Cert-UACert-UA
@online{certua:20220624:cyberattack:c247b3d, author = {Cert-UA}, title = {{Cyberattack against Ukrainian telecommunications operators using DarkCrystal RAT malware (CERT-UA # 4874)}}, date = {2022-06-24}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/405538}, language = {Ukrainian}, urldate = {2022-06-27} } Cyberattack against Ukrainian telecommunications operators using DarkCrystal RAT malware (CERT-UA # 4874)
DCRat
2022-06-21Cisco TalosFlavio Costa, Chris Neal, Guilherme Venere
@online{costa:20220621:avos:b60a2ad, author = {Flavio Costa and Chris Neal and Guilherme Venere}, title = {{Avos ransomware group expands with new attack arsenal}}, date = {2022-06-21}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/06/avoslocker-new-arsenal.html}, language = {English}, urldate = {2022-06-22} } Avos ransomware group expands with new attack arsenal
AvosLocker Cobalt Strike DarkComet MimiKatz
2022-06-21BleepingComputerSergiu Gatlan
@online{gatlan:20220621:microsoft:dc02b91, author = {Sergiu Gatlan}, title = {{Microsoft Exchange servers hacked by new ToddyCat APT gang}}, date = {2022-06-21}, organization = {BleepingComputer}, url = {https://www.bleepingcomputer.com/news/security/new-toddycat-apt-group-targets-exchange-servers-in-asia-europe/}, language = {English}, urldate = {2022-06-27} } Microsoft Exchange servers hacked by new ToddyCat APT gang
ToddyCat
2022-06-21KasperskyGiampaolo Dedola
@online{dedola:20220621:toddycat:20bf8db, author = {Giampaolo Dedola}, title = {{APT ToddyCat: Unveiling an unknown APT actor attacking high-profile entities in Europe and Asia}}, date = {2022-06-21}, organization = {Kaspersky}, url = {https://securelist.com/toddycat/106799/}, language = {English}, urldate = {2022-06-22} } APT ToddyCat: Unveiling an unknown APT actor attacking high-profile entities in Europe and Asia
ToddyCat
2022-06-19CyberIntShmuel Gihon
@online{gihon:20220619:blackguard:43ebdca, author = {Shmuel Gihon}, title = {{BlackGuard Stealer Targets the Gaming Community}}, date = {2022-06-19}, organization = {CyberInt}, url = {https://cyberint.com/blog/research/blackguard-stealer/}, language = {English}, urldate = {2022-06-22} } BlackGuard Stealer Targets the Gaming Community
BlackGuard
2022-06-17Github (0xchrollo)Motawkkel Abdulrhman
@online{abdulrhman:20220617:unpacking:50af663, author = {Motawkkel Abdulrhman}, title = {{Unpacking Kovter malware}}, date = {2022-06-17}, organization = {Github (0xchrollo)}, url = {https://0xchrollo.github.io/articles/unpacking-kovter-malware/}, language = {English}, urldate = {2022-06-27} } Unpacking Kovter malware
Kovter
2022-06-17ZscalerSudeep Singh, Kaivalya Khursale
@online{singh:20220617:resurgence:736636f, author = {Sudeep Singh and Kaivalya Khursale}, title = {{Resurgence of Voicemail-themed phishing attacks targeting key industry verticals in the US}}, date = {2022-06-17}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/resurgence-voicemail-themed-phishing-attacks-targeting-key-industry}, language = {English}, urldate = {2022-07-01} } Resurgence of Voicemail-themed phishing attacks targeting key industry verticals in the US
2022-06-16Medium s2wlabS2W TALON
@online{talon:20220616:raccoon:de7df76, author = {S2W TALON}, title = {{Raccoon Stealer is Back with a New Version}}, date = {2022-06-16}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/raccoon-stealer-is-back-with-a-new-version-5f436e04b20d}, language = {English}, urldate = {2022-06-17} } Raccoon Stealer is Back with a New Version
Raccoon
2022-06-16SANS ISCXavier Mertens
@online{mertens:20220616:houdini:1d61640, author = {Xavier Mertens}, title = {{Houdini is Back Delivered Through a JavaScript Dropper}}, date = {2022-06-16}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/}, language = {English}, urldate = {2022-06-17} } Houdini is Back Delivered Through a JavaScript Dropper
Houdini
2022-06-16ESET ResearchRene Holt
@online{holt:20220616:how:d3225fc, author = {Rene Holt}, title = {{How Emotet is changing tactics in response to Microsoft’s tightening of Office macro security}}, date = {2022-06-16}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/06/16/how-emotet-is-changing-tactics-microsoft-tightening-office-macro-security/}, language = {English}, urldate = {2022-06-17} } How Emotet is changing tactics in response to Microsoft’s tightening of Office macro security
Emotet
2022-06-15VolexitySteven Adair, Thomas Lancaster, Volexity Threat Research
@online{adair:20220615:driftingcloud:58322a8, author = {Steven Adair and Thomas Lancaster and Volexity Threat Research}, title = {{DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach}}, date = {2022-06-15}, organization = {Volexity}, url = {https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/}, language = {English}, urldate = {2022-06-17} } DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach
pupy Sliver
2022-06-15QualysAkshat Pradhan
@techreport{pradhan:20220615:fake:f00033d, author = {Akshat Pradhan}, title = {{Fake Cracked Software Caught Peddling Redline Stealers}}, date = {2022-06-15}, institution = {Qualys}, url = {https://www.qualys.com/docs/whitepapers/qualys-wp-fake-cracked-software-caught-peddling-redline-stealers-v220606.pdf}, language = {English}, urldate = {2022-06-17} } Fake Cracked Software Caught Peddling Redline Stealers
RedLine Stealer
2022-06-15AttackIQJackson Wells, AttackIQ Adversary Research Team
@online{wells:20220615:attack:aa9fcfb, author = {Jackson Wells and AttackIQ Adversary Research Team}, title = {{Attack Graph Emulating the Conti Ransomware Team’s Behaviors}}, date = {2022-06-15}, organization = {AttackIQ}, url = {https://attackiq.com/2022/06/15/attack-graph-emulating-the-conti-ransomware-teams-behaviors/}, language = {English}, urldate = {2022-07-01} } Attack Graph Emulating the Conti Ransomware Team’s Behaviors
BazarBackdoor Conti TrickBot