Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-12-01ZscalerZscaler
@online{zscaler:20221201:back:43320e6, author = {Zscaler}, title = {{Back in Black... Basta - Technical Analysis of BlackBasta Ransomware 2.0}}, date = {2022-12-01}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/back-black-basta}, language = {English}, urldate = {2022-12-02} } Back in Black... Basta - Technical Analysis of BlackBasta Ransomware 2.0
Black Basta
2022-11-30BitSightAndré Tavares
@online{tavares:20221130:unpacking:a15d3e0, author = {André Tavares}, title = {{Unpacking Colibri Loader: A Russian APT linked Campaign}}, date = {2022-11-30}, organization = {BitSight}, url = {https://www.bitsight.com/blog/unpacking-colibri-loader-russian-apt-linked-campaign}, language = {English}, urldate = {2022-12-02} } Unpacking Colibri Loader: A Russian APT linked Campaign
Colibri Loader PrivateLoader
2022-11-30ESET ResearchFilip Jurčacko
@online{juracko:20221130:whos:f177390, author = {Filip Jurčacko}, title = {{Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin}}, date = {2022-11-30}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/11/30/whos-swimming-south-korean-waters-meet-scarcrufts-dolphin/}, language = {English}, urldate = {2022-12-01} } Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin
2022-11-30SophosAndrew Brandt
@online{brandt:20221130:lockbit:7d7598f, author = {Andrew Brandt}, title = {{LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling}}, date = {2022-11-30}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/11/30/lockbit-3-0-black-attacks-and-leaks-reveal-wormable-capabilities-and-tooling/}, language = {English}, urldate = {2022-12-02} } LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling
LockBit
2022-11-29QianxinRed Raindrop Team
@online{team:20221129:job:1749e9c, author = {Red Raindrop Team}, title = {{Job hunting trap: Analysis of Lazarus attack activities using recruitment information such as Mizuho Bank of Japan as bait}}, date = {2022-11-29}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/nnLqUBPX8xZ3hCr5u-iSjQ}, language = {Chinese}, urldate = {2022-12-01} } Job hunting trap: Analysis of Lazarus attack activities using recruitment information such as Mizuho Bank of Japan as bait
2022-11-28MandiantRyan Tomcik, John Wolfram, Tommy Dacanay, Geoff Ackerman
@online{tomcik:20221128:always:f073a0d, author = {Ryan Tomcik and John Wolfram and Tommy Dacanay and Geoff Ackerman}, title = {{Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia}}, date = {2022-11-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/china-nexus-espionage-southeast-asia}, language = {English}, urldate = {2022-12-02} } Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia
BLUEHAZE DARKDEW MISTCLOAK
2022-11-25NL TimesNL Times
@online{times:20221125:russian:0a11bb6, author = {NL Times}, title = {{Russian hackers targeting Dutch gas terminal}}, date = {2022-11-25}, organization = {NL Times}, url = {https://nltimes.nl/2022/11/25/russian-hackers-targeting-dutch-gas-terminal-report}, language = {English}, urldate = {2022-12-01} } Russian hackers targeting Dutch gas terminal
2022-11-24Twitter (@strinsert1Na)MigawariIV
@online{migawariiv:20221124:recent:98d1c2e, author = {MigawariIV}, title = {{Tweet on recent Bifrose activity}}, date = {2022-11-24}, organization = {Twitter (@strinsert1Na)}, url = {https://twitter.com/strinsert1Na/status/1595553530579890176}, language = {English}, urldate = {2022-11-25} } Tweet on recent Bifrose activity
Bifrost
2022-11-23CybereasonCybereason Global SOC Team
@online{team:20221123:threat:17093cc, author = {Cybereason Global SOC Team}, title = {{THREAT ALERT: Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies}}, date = {2022-11-23}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-alert-aggressive-qakbot-campaign-and-the-black-basta-ransomware-group-targeting-u.s.-companies}, language = {English}, urldate = {2022-11-25} } THREAT ALERT: Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies
Black Basta QakBot
2022-11-22ProofpointAlexander Rausch, Proofpoint Threat Research Team
@online{rausch:20221122:nighthawk:48f730c, author = {Alexander Rausch and Proofpoint Threat Research Team}, title = {{Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice}}, date = {2022-11-22}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice}, language = {English}, urldate = {2022-11-22} } Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice
Nighthawk
2022-11-21ZscalerSudeep Singh
@online{singh:20221121:black:9712dce, author = {Sudeep Singh}, title = {{Black Friday Alert: 4 Emerging Skimming Attacks to Watch for This Holiday Season}}, date = {2022-11-21}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/black-friday-scams-4-emerging-skimming-attacks-watch-holiday-season}, language = {English}, urldate = {2022-11-23} } Black Friday Alert: 4 Emerging Skimming Attacks to Watch for This Holiday Season
magecart
2022-11-21Palo Alto Networks Unit 42Kristopher Russo
@online{russo:20221121:threat:86205c7, author = {Kristopher Russo}, title = {{Threat Assessment: Luna Moth Callback Phishing Campaign}}, date = {2022-11-21}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/luna-moth-callback-phishing/}, language = {English}, urldate = {2022-11-25} } Threat Assessment: Luna Moth Callback Phishing Campaign
BazarBackdoor Conti
2022-11-21BlackberryBlackBerry Research & Intelligence Team
@online{team:20221121:gamaredon:da14d7a, author = {BlackBerry Research & Intelligence Team}, title = {{Gamaredon Leverages Microsoft Office Docs to Target Ukraine Government and Military}}, date = {2022-11-21}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/11/gamaredon-leverages-microsoft-office-docs-to-target-ukraine-government}, language = {English}, urldate = {2022-12-01} } Gamaredon Leverages Microsoft Office Docs to Target Ukraine Government and Military
Pteranodon
2022-11-21Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20221121:is:cfeafc3, author = {Marco Ramilli}, title = {{Is Hagga Threat Actor Abusing FSociety Framework ?}}, date = {2022-11-21}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2022/11/21/is-hagga-threat-actor-abusing-fsociety-framework/}, language = {English}, urldate = {2022-11-22} } Is Hagga Threat Actor Abusing FSociety Framework ?
2022-11-21vmwareThreat Analysis Unit
@online{unit:20221121:threat:7972abc, author = {Threat Analysis Unit}, title = {{Threat Analysis: Active C2 Discovery Using Protocol Emulation Part4 (Dacls, aka MATA)}}, date = {2022-11-21}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/11/threat-analysis-active-c2-discovery-using-protocol-emulation-part4-dacls-aka-mata.html}, language = {English}, urldate = {2022-11-28} } Threat Analysis: Active C2 Discovery Using Protocol Emulation Part4 (Dacls, aka MATA)
Dacls
2022-11-19MalwarologyRobert Simmons
@online{simmons:20221119:malicious:13718e6, author = {Robert Simmons}, title = {{Malicious Packer pkr_ce1a}}, date = {2022-11-19}, organization = {Malwarology}, url = {https://malwarology.substack.com/p/malicious-packer-pkr_ce1a?r=1lslzd}, language = {English}, urldate = {2022-11-25} } Malicious Packer pkr_ce1a
SmokeLoader Vidar
2022-11-17YoroiLuigi Martire, Carmelo Ragusa
@online{martire:20221117:reconstructing:5b546b1, author = {Luigi Martire and Carmelo Ragusa}, title = {{Reconstructing the last activities of Royal Ransomware}}, date = {2022-11-17}, organization = {Yoroi}, url = {https://yoroi.company/research/reconstructing-the-last-activities-of-royal-ransomware/}, language = {English}, urldate = {2022-11-18} } Reconstructing the last activities of Royal Ransomware
Royal Ransom
2022-11-15Kaspersky LabsKonstantin Zykov, Jornt van der Wiel
@online{zykov:20221115:dtrack:9f8ed2a, author = {Konstantin Zykov and Jornt van der Wiel}, title = {{DTrack activity targeting Europe and Latin America}}, date = {2022-11-15}, organization = {Kaspersky Labs}, url = {https://securelist.com/dtrack-targeting-europe-latin-america/107798/}, language = {English}, urldate = {2022-11-18} } DTrack activity targeting Europe and Latin America
Dtrack
2022-11-15SymantecThreat Hunter Team
@online{team:20221115:billbug:f11d48d, author = {Threat Hunter Team}, title = {{Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries}}, date = {2022-11-15}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-asia-governments-cert-authority}, language = {English}, urldate = {2022-11-15} } Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries
Sagerunex
2022-11-10IntezerNicole Fishbein
@online{fishbein:20221110:how:6b334be, author = {Nicole Fishbein}, title = {{How LNK Files Are Abused by Threat Actors}}, date = {2022-11-10}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/how-threat-actors-abuse-lnk-files/}, language = {English}, urldate = {2022-11-11} } How LNK Files Are Abused by Threat Actors
BumbleBee Emotet Mount Locker QakBot