Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-09-28ConfiantBOZOSLIVEHERE
@online{bozoslivehere:20230928:exploring:3cc7b21, author = {BOZOSLIVEHERE}, title = {{Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees}}, date = {2023-09-28}, organization = {Confiant}, url = {https://blog.confiant.com/exploring-scamclub-payloads-via-deobfuscation-using-abstract-syntax-trees-65ef7f412537}, language = {English}, urldate = {2023-09-29} } Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
2023-09-20ProofpointProofpoint Threat Research Team
@online{team:20230920:chinese:25abe7e, author = {Proofpoint Threat Research Team}, title = {{Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape}}, date = {2023-09-20}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/chinese-malware-appears-earnest-across-cybercrime-threat-landscape}, language = {English}, urldate = {2023-09-22} } Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape
FatalRat PurpleFox ValleyRAT
2023-09-19Recorded FutureInsikt Group
@techreport{group:20230919:multiyear:84b50f8, author = {Insikt Group}, title = {{Multi-year Chinese APT Campaign Targets South Korean Academic, Government, and Political Entities}}, date = {2023-09-19}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2023-0919.pdf}, language = {English}, urldate = {2023-09-20} } Multi-year Chinese APT Campaign Targets South Korean Academic, Government, and Political Entities
Korlia
2023-09-19Cisco TalosAsheer Malhotra, Caitlin Huey, Sean Taylor, Vitor Ventura, Arnaud Zobec
@online{malhotra:20230919:new:a39af36, author = {Asheer Malhotra and Caitlin Huey and Sean Taylor and Vitor Ventura and Arnaud Zobec}, title = {{New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants}}, date = {2023-09-19}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/introducing-shrouded-snooper/}, language = {English}, urldate = {2023-09-20} } New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants
HTTPSnoop PipeSnoop
2023-09-18Trend MicroJoseph Chen, Jaromír Hořejší
@online{chen:20230918:earth:e01f24c, author = {Joseph Chen and Jaromír Hořejší}, title = {{Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement}}, date = {2023-09-18}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html}, language = {English}, urldate = {2023-09-18} } Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
SprySOCKS
2023-09-18Alpine SecurityBorja Merino
@online{merino:20230918:hijackloader:e047216, author = {Borja Merino}, title = {{HijackLoader Targets Hotels: A Technical Analysis}}, date = {2023-09-18}, organization = {Alpine Security}, url = {https://alpine-sec.medium.com/hijackloader-targets-hotels-a-technical-analysis-c2795fc4f3a3}, language = {English}, urldate = {2023-09-29} } HijackLoader Targets Hotels: A Technical Analysis
HijackLoader
2023-09-18SentinelOneAlex Delamotte
@online{delamotte:20230918:capratube:77604c8, author = {Alex Delamotte}, title = {{CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones}}, date = {2023-09-18}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/}, language = {English}, urldate = {2023-09-20} } CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones
CapraRAT
2023-09-15CyberCXPhill Moore, Zach Stanford, Suyash Tripathi, Yogesh Khatri
@online{moore:20230915:weaponising:debcaf2, author = {Phill Moore and Zach Stanford and Suyash Tripathi and Yogesh Khatri}, title = {{Weaponising VMs to bypass EDR – Akira ransomware}}, date = {2023-09-15}, organization = {CyberCX}, url = {https://cybercx.com.au/blog/akira-ransomware/}, language = {English}, urldate = {2023-09-15} } Weaponising VMs to bypass EDR – Akira ransomware
Akira
2023-09-12MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230912:malware:3a31afc, author = {Microsoft Threat Intelligence}, title = {{Malware distributor Storm-0324 facilitates ransomware access}}, date = {2023-09-12}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/09/12/malware-distributor-storm-0324-facilitates-ransomware-access/}, language = {English}, urldate = {2023-09-13} } Malware distributor Storm-0324 facilitates ransomware access
JSSLoader
2023-09-08Gi7w0rm
@online{gi7w0rm:20230908:uncovering:e0089d9, author = {Gi7w0rm}, title = {{Uncovering DDGroup — A long-time threat actor}}, date = {2023-09-08}, url = {https://gi7w0rm.medium.com/uncovering-ddgroup-a-long-time-threat-actor-d3b3020625a4}, language = {English}, urldate = {2023-09-08} } Uncovering DDGroup — A long-time threat actor
AsyncRAT Ave Maria BitRAT DBatLoader NetWire RC Quasar RAT XWorm
2023-09-08ZscalerZscaler
@online{zscaler:20230908:technical:32525b9, author = {Zscaler}, title = {{Technical Analysis of HijackLoader}}, date = {2023-09-08}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/technical-analysis-hijackloader}, language = {English}, urldate = {2023-09-13} } Technical Analysis of HijackLoader
HijackLoader
2023-09-07eSentireeSentire
@online{esentire:20230907:case:fd86e6b, author = {eSentire}, title = {{The Case of LummaC2 v4.0}}, date = {2023-09-07}, organization = {eSentire}, url = {https://www.esentire.com/blog/the-case-of-lummac2-v4-0}, language = {English}, urldate = {2023-09-12} } The Case of LummaC2 v4.0
Lumma Stealer
2023-09-07GoogleClement Lecigne, Maddie Stone, Google Threat Analysis Group
@online{lecigne:20230907:active:d42dacb, author = {Clement Lecigne and Maddie Stone and Google Threat Analysis Group}, title = {{Active North Korean campaign targeting security researchers}}, date = {2023-09-07}, organization = {Google}, url = {https://blog.google/threat-analysis-group/active-north-korean-campaign-targeting-security-researchers/}, language = {English}, urldate = {2023-09-08} } Active North Korean campaign targeting security researchers
2023-09-07CISACISA
@techreport{cisa:20230907:multiple:e867413, author = {CISA}, title = {{Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475}}, date = {2023-09-07}, institution = {CISA}, url = {https://www.cisa.gov/sites/default/files/2023-09/aa23-250a-apt-actors-exploit-cve-2022-47966-and-cve-2022-42475.pdf}, language = {English}, urldate = {2023-09-11} } Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
Meterpreter MimiKatz
2023-09-07CISACISA
@online{cisa:20230907:mar10454006r5v1:3dce99f, author = {CISA}, title = {{MAR-10454006.r5.v1 SUBMARINE, SKIPJACK, SEASPRAY, WHIRLPOOL, and SALTWATER Backdoors}}, date = {2023-09-07}, organization = {CISA}, url = {https://www.cisa.gov/news-events/analysis-reports/ar23-250a-0}, language = {English}, urldate = {2023-09-08} } MAR-10454006.r5.v1 SUBMARINE, SKIPJACK, SEASPRAY, WHIRLPOOL, and SALTWATER Backdoors
WHIRLPOOL
2023-09-07Medium (@simone.kraus)Simone Kraus
@online{kraus:20230907:critical:0746f72, author = {Simone Kraus}, title = {{Critical Energy Infrastructure Facility Attack In Ukraine}}, date = {2023-09-07}, organization = {Medium (@simone.kraus)}, url = {https://medium.com/@simone.kraus/critical-engergy-infrastructure-facility-in-ukraine-attack-b15638f6a402}, language = {English}, urldate = {2023-09-11} } Critical Energy Infrastructure Facility Attack In Ukraine
2023-09-07Department of JusticeOffice of Public Affairs
@online{affairs:20230907:multiple:8952f60, author = {Office of Public Affairs}, title = {{Multiple Foreign Nationals Charged in Connection with Trickbot Malware and Conti Ransomware Conspiracies}}, date = {2023-09-07}, organization = {Department of Justice}, url = {https://www.justice.gov/opa/pr/multiple-foreign-nationals-charged-connection-trickbot-malware-and-conti-ransomware}, language = {English}, urldate = {2023-09-08} } Multiple Foreign Nationals Charged in Connection with Trickbot Malware and Conti Ransomware Conspiracies
Conti Conti TrickBot
2023-09-07MicrosoftMicrosoft Threat Analysis Center (MTAC)
@online{mtac:20230907:sophistication:0ef654f, author = {Microsoft Threat Analysis Center (MTAC)}, title = {{Sophistication, scope, and scale: Digital threats from East Asia increase in breadth and effectiveness}}, date = {2023-09-07}, organization = {Microsoft}, url = {https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW}, language = {English}, urldate = {2023-09-11} } Sophistication, scope, and scale: Digital threats from East Asia increase in breadth and effectiveness
2023-09-06MicrosoftMicrosoft Security Response Center (MSRC)
@online{msrc:20230906:results:7ed992f, author = {Microsoft Security Response Center (MSRC)}, title = {{Results of Major Technical Investigations for Storm-0558 Key Acquisition}}, date = {2023-09-06}, organization = {Microsoft}, url = {https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition}, language = {English}, urldate = {2023-09-11} } Results of Major Technical Investigations for Storm-0558 Key Acquisition
2023-09-06DarktraceDarkTrace
@online{darktrace:20230906:rise:496a284, author = {DarkTrace}, title = {{The Rise of the Lumma Info-Stealer}}, date = {2023-09-06}, organization = {Darktrace}, url = {https://darktrace.com/blog/the-rise-of-the-lumma-info-stealer}, language = {English}, urldate = {2023-09-11} } The Rise of the Lumma Info-Stealer
Lumma Stealer