Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-12-06MandiantLuke Jenkins, Sarah Hawley, Parnian Najafi, Doug Bienstock, Luis Rocha, Marius Fodoreanu, Mitchell Clarke, Manfred Erjak, Josh Madeley, Ashraf Abdalhalim, Juraj Sucik, Wojciech Ledzion, Gabriella Roncone, Jonathan Leathery, Ben Read, Microsoft Threat Intelligence Center (MSTIC), Microsoft Detection and Response Team (DART)
@online{jenkins:20211206:suspected:d9da4ec, author = {Luke Jenkins and Sarah Hawley and Parnian Najafi and Doug Bienstock and Luis Rocha and Marius Fodoreanu and Mitchell Clarke and Manfred Erjak and Josh Madeley and Ashraf Abdalhalim and Juraj Sucik and Wojciech Ledzion and Gabriella Roncone and Jonathan Leathery and Ben Read and Microsoft Threat Intelligence Center (MSTIC) and Microsoft Detection and Response Team (DART)}, title = {{Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)}}, date = {2021-12-06}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/russian-targeting-gov-business}, language = {English}, urldate = {2021-12-07} } Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)
Cobalt Strike CryptBot
2021-12-03KrebsOnSecurityBrian Krebs
@online{krebs:20211203:who:0e59797, author = {Brian Krebs}, title = {{Who Is the Network Access Broker ‘Babam’?}}, date = {2021-12-03}, organization = {KrebsOnSecurity}, url = {https://krebsonsecurity.com/2021/12/who-is-the-network-access-broker-babam/}, language = {English}, urldate = {2021-12-06} } Who Is the Network Access Broker ‘Babam’?
2021-12-02CISAUS-CERT
@online{uscert:20211202:alert:ac0edaf, author = {US-CERT}, title = {{Alert (AA21-336A): APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus}}, date = {2021-12-02}, organization = {CISA}, url = {https://us-cert.cisa.gov/ncas/alerts/aa21-336a}, language = {English}, urldate = {2021-12-07} } Alert (AA21-336A): APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
KDC Sponge NGLite
2021-12-02laceworkLacework Labs
@online{labs:20211202:abc:84ea824, author = {Lacework Labs}, title = {{ABC Botnet Attacks on the Rise}}, date = {2021-12-02}, organization = {lacework}, url = {https://www.lacework.com/blog/abc-botnet-attacks-on-the-rise/}, language = {English}, urldate = {2021-12-06} } ABC Botnet Attacks on the Rise
Abcbot
2021-12-02Palo Alto Networks Unit 42Robert Falcone, Peter Renals
@online{falcone:20211202:expands:dfaebce, author = {Robert Falcone and Peter Renals}, title = {{APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus}}, date = {2021-12-02}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/tiltedtemple-manageengine-servicedesk-plus/}, language = {English}, urldate = {2021-12-02} } APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus
Godzilla Webshell
2021-12-02CiscoTiago Pereira
@online{pereira:20211202:magnat:15dcabb, author = {Tiago Pereira}, title = {{Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension}}, date = {2021-12-02}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/12/magnat-campaigns-use-malvertising-to.html}, language = {English}, urldate = {2021-12-07} } Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension
Azorult RedLine Stealer
2021-12-01ProofpointMichael Raggi
@online{raggi:20211201:injection:75b61f9, author = {Michael Raggi}, title = {{Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors}}, date = {2021-12-01}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/injection-new-black-novel-rtf-template-inject-technique-poised-widespread}, language = {English}, urldate = {2021-12-06} } Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors
2021-12-01Trend MicroTrend Micro Research
@online{research:20211201:analyzing:18167cf, author = {Trend Micro Research}, title = {{Analyzing How TeamTNT Used Compromised Docker Hub Accounts}}, date = {2021-12-01}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/l/more-tools-in-the-arsenal-how-teamtnt-used-compromised-docker-hu.html}, language = {English}, urldate = {2021-12-07} } Analyzing How TeamTNT Used Compromised Docker Hub Accounts
TeamTNT
2021-12-01Microstep Intelligence BureauMicrostep Online Research Response Center
@online{center:20211201:blacktech:b5f8a20, author = {Microstep Online Research Response Center}, title = {{BlackTech, an East Asian hacking group, has launched attacks in sectors such as finance and education}}, date = {2021-12-01}, organization = {Microstep Intelligence Bureau}, url = {https://mp.weixin.qq.com/s/m7wo0AD4yiAFfTm1Jhq2NQ}, language = {Chinese}, urldate = {2021-12-07} } BlackTech, an East Asian hacking group, has launched attacks in sectors such as finance and education
2021-12-01NCC GroupNikolaos Pantazopoulos, Michael Sandee
@online{pantazopoulos:20211201:tracking:b67c8f7, author = {Nikolaos Pantazopoulos and Michael Sandee}, title = {{Tracking a P2P network related to TA505}}, date = {2021-12-01}, organization = {NCC Group}, url = {https://research.nccgroup.com/2021/12/01/tracking-a-p2p-network-related-with-ta505/}, language = {English}, urldate = {2021-12-01} } Tracking a P2P network related to TA505
FlawedGrace Necurs
2021-11-30Red CanaryHarrison van Riper
@online{riper:20211130:proxyshell:060517d, author = {Harrison van Riper}, title = {{ProxyShell exploitation leads to BlackByte ransomware}}, date = {2021-11-30}, organization = {Red Canary}, url = {https://redcanary.com/blog/blackbyte-ransomware/}, language = {English}, urldate = {2021-12-06} } ProxyShell exploitation leads to BlackByte ransomware
BlackByte
2021-11-30CYBER GEEKS All Things InfosecCyberMasterV
@online{cybermasterv:20211130:just:d5f53c9, author = {CyberMasterV}, title = {{Just another analysis of the njRAT malware – A step-by-step approach}}, date = {2021-11-30}, organization = {CYBER GEEKS All Things Infosec}, url = {https://cybergeeks.tech/just-another-analysis-of-the-njrat-malware-a-step-by-step-approach/}, language = {English}, urldate = {2021-12-06} } Just another analysis of the njRAT malware – A step-by-step approach
NjRAT
2021-11-30Medium nusenunusenu
@online{nusenu:20211130:is:99e6cf1, author = {nusenu}, title = {{Is "KAX17" performing de-anonymization Attacks against Tor Users?}}, date = {2021-11-30}, organization = {Medium nusenu}, url = {https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8}, language = {English}, urldate = {2021-12-06} } Is "KAX17" performing de-anonymization Attacks against Tor Users?
2021-11-30360 netlabAlex.Turing, Hui Wang
@online{alexturing:20211130:ewdoor:aa6e76e, author = {Alex.Turing and Hui Wang}, title = {{EwDoor Botnet Is Attacking AT&T Customers}}, date = {2021-11-30}, organization = {360 netlab}, url = {https://blog.netlab.360.com/warning-ewdoor-botnet-is-attacking-att-customers/}, language = {English}, urldate = {2021-12-07} } EwDoor Botnet Is Attacking AT&T Customers
EwDoor
2021-11-30QianxinRed Raindrop Team
@online{team:20211130:cyberspaces:e8efd82, author = {Red Raindrop Team}, title = {{Cyberspace's Magic Eye: PROMETHIUM Fakes attack activity analysis of NotePads and installation packages}}, date = {2021-11-30}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/nQVUkIwkiQTj2pLaNYHeOA}, language = {Chinese}, urldate = {2021-12-07} } Cyberspace's Magic Eye: PROMETHIUM Fakes attack activity analysis of NotePads and installation packages
StrongPity
2021-11-29KasperskyGReAT
@online{great:20211129:scarcruft:986e7f4, author = {GReAT}, title = {{ScarCruft surveilling North Korean defectors and human rights activists}}, date = {2021-11-29}, organization = {Kaspersky}, url = {https://securelist.com/scarcruft-surveilling-north-korean-defectors-and-human-rights-activists/105074/}, language = {English}, urldate = {2021-12-07} } ScarCruft surveilling North Korean defectors and human rights activists
Chinotto Chinotto PoorWeb
2021-11-24TelsyTelsy Research Team
@online{team:20211124:possible:a1df559, author = {Telsy Research Team}, title = {{Possible attack to Telco company in Middle East}}, date = {2021-11-24}, organization = {Telsy}, url = {https://www.telsy.com/download/5776/?uid=aca91e397e}, language = {English}, urldate = {2021-12-06} } Possible attack to Telco company in Middle East
GRUNT
2021-11-24safebreachTomer Bar
@online{bar:20211124:new:3fc1309, author = {Tomer Bar}, title = {{New PowerShortShell Stealer Exploits Recent Microsoft MSHTML Vulnerability to Spy on Farsi Speakers}}, date = {2021-11-24}, organization = {safebreach}, url = {https://www.safebreach.com/blog/2021/new-powershortshell-stealer-exploits-recent-microsoft-mshtml-vulnerability-to-spy-on-farsi-speakers/}, language = {English}, urldate = {2021-11-29} } New PowerShortShell Stealer Exploits Recent Microsoft MSHTML Vulnerability to Spy on Farsi Speakers
PowerShortShell
2021-11-24vladtvvladtv
@online{vladtv:20211124:vladimir:7d21453, author = {vladtv}, title = {{Vladimir hacker, who developed a program for hacking banking systems, received a suspended sentence}}, date = {2021-11-24}, organization = {vladtv}, url = {https://vladtv.ru/incidents/127964/}, language = {Russian}, urldate = {2021-11-29} } Vladimir hacker, who developed a program for hacking banking systems, received a suspended sentence
2021-11-24GoogleGoogle Cybersecurity Action Team, Google Threat Analysis Group
@techreport{team:20211124:threat:a837017, author = {Google Cybersecurity Action Team and Google Threat Analysis Group}, title = {{Threat Horizons Cloud Threat Intelligence November 2021. Issue 1}}, date = {2021-11-24}, institution = {Google}, url = {https://services.google.com/fh/files/misc/gcat_threathorizons_full_nov2021.pdf}, language = {English}, urldate = {2021-11-29} } Threat Horizons Cloud Threat Intelligence November 2021. Issue 1
BlackMatter