Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-02Wiz.ioAmitai Cohen, Barak Sharoni
@online{cohen:20230302:redirection:99da152, author = {Amitai Cohen and Barak Sharoni}, title = {{Redirection Roulette: Thousands of hijacked websites in East Asia redirecting visitors to other sites}}, date = {2023-03-02}, organization = {Wiz.io}, url = {https://www.wiz.io/blog/redirection-roulette}, language = {English}, urldate = {2023-03-13} } Redirection Roulette: Thousands of hijacked websites in East Asia redirecting visitors to other sites
2022-11-21BSides SydneyThomas Roccia
@online{roccia:20221121:xray:da154d3, author = {Thomas Roccia}, title = {{X-Ray of Malware Evasion Techniques - Analysis, Dissection, Cure?}}, date = {2022-11-21}, organization = {BSides Sydney}, url = {https://speakerdeck.com/fr0gger/x-ray-of-malware-evasion-techniques-analysis-dissection-cure}, language = {English}, urldate = {2022-12-29} } X-Ray of Malware Evasion Techniques - Analysis, Dissection, Cure?
Emotet
2022-10-07YouTube (BSides Portland)Pim Trouerbach
@online{trouerbach:20221007:smokeloader:7c5e5b3, author = {Pim Trouerbach}, title = {{SmokeLoader - The Pandora's box of Tricks}}, date = {2022-10-07}, organization = {YouTube (BSides Portland)}, url = {https://youtu.be/QOypldw6hnY?t=3237}, language = {English}, urldate = {2022-10-11} } SmokeLoader - The Pandora's box of Tricks
SmokeLoader
2022-10-06YouTube ( BSides Budapest IT Security Conference)Kurt Baumgartner, Georgy Kucherin
@online{baumgartner:20221006:diceyf:f69a639, author = {Kurt Baumgartner and Georgy Kucherin}, title = {{DiceyF deploys GamePlayerFramework (Video)}}, date = {2022-10-06}, organization = {YouTube ( BSides Budapest IT Security Conference)}, url = {https://www.youtube.com/watch?v=yVqALLtvkN8&t=8117s}, language = {English}, urldate = {2022-10-25} } DiceyF deploys GamePlayerFramework (Video)
GamePlayerFramework
2022-08-16SUCURIDenis Sinegubko
@online{sinegubko:20220816:socgholish:2e4f75e, author = {Denis Sinegubko}, title = {{SocGholish: 5+ Years of Massive Website Infections}}, date = {2022-08-16}, organization = {SUCURI}, url = {https://blog.sucuri.net/2022/08/socgholish-5-years-of-massive-website-infections.html}, language = {English}, urldate = {2022-08-19} } SocGholish: 5+ Years of Massive Website Infections
FAKEUPDATES
2022-08-02cybleCyble Research Labs
@online{labs:20220802:fake:9770cab, author = {Cyble Research Labs}, title = {{Fake Atomic Wallet Website Distributing Mars Stealer}}, date = {2022-08-02}, organization = {cyble}, url = {https://blog.cyble.com/2022/08/02/fake-atomic-wallet-website-distributing-mars-stealer/}, language = {English}, urldate = {2022-08-08} } Fake Atomic Wallet Website Distributing Mars Stealer
Mars Stealer
2022-05-25ReutersRaphael Satter, James Pearson, Christopher Bing
@online{satter:20220525:russian:0d05639, author = {Raphael Satter and James Pearson and Christopher Bing}, title = {{Russian hackers are linked to new Brexit leak website, Google says}}, date = {2022-05-25}, organization = {Reuters}, url = {https://www.reuters.com/technology/exclusive-russian-hackers-are-linked-new-brexit-leak-website-google-says-2022-05-25/}, language = {English}, urldate = {2022-05-25} } Russian hackers are linked to new Brexit leak website, Google says
2022-05-17Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20220517:hydra:16615d9, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{Hydra with Three Heads: BlackByte & The Future of Ransomware Subsidiary Groups}}, date = {2022-05-17}, organization = {Advanced Intelligence}, url = {https://www.advintel.io/post/hydra-with-three-heads-blackbyte-the-future-of-ransomware-subsidiary-groups}, language = {English}, urldate = {2022-05-25} } Hydra with Three Heads: BlackByte & The Future of Ransomware Subsidiary Groups
BlackByte Conti
2022-04-27Trend MicroDaniel Lunghi, Jaromír Hořejší
@online{lunghi:20220427:new:9068f6e, author = {Daniel Lunghi and Jaromír Hořejší}, title = {{New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware}}, date = {2022-04-27}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/d/new-apt-group-earth-berberoka-targets-gambling-websites-with-old.html}, language = {English}, urldate = {2022-05-04} } New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
AsyncRAT Ghost RAT PlugX Quasar RAT Earth Berberoka
2022-04-22SUCURISucuri
@techreport{sucuri:20220422:2021:e28e63b, author = {Sucuri}, title = {{2021 Website Threat Research Report}}, date = {2022-04-22}, institution = {SUCURI}, url = {https://sucuri.net/wp-content/uploads/2022/04/22-sucuri-2021-hacked-report.pdf}, language = {English}, urldate = {2022-05-04} } 2021 Website Threat Research Report
2022-04-20Expats.czČTK
@online{tk:20220420:russian:2925bf4, author = {ČTK}, title = {{Russian hackers target Czech websites in a series of cyberattacks}}, date = {2022-04-20}, organization = {Expats.cz}, url = {https://www.expats.cz/czech-news/article/pro-russian-hackers-target-czech-websites-in-a-series-of-attacks}, language = {English}, urldate = {2022-04-25} } Russian hackers target Czech websites in a series of cyberattacks
Killnet
2022-04-10Digital Information WorldHura Anwar
@online{anwar:20220410:threatening:784ed0e, author = {Hura Anwar}, title = {{Threatening Redirect Web Service Instills Malicious Campaigns In Over 16,500 Websites}}, date = {2022-04-10}, organization = {Digital Information World}, url = {https://www.digitalinformationworld.com/2022/04/threatening-redirect-web-service.html}, language = {English}, urldate = {2022-05-05} } Threatening Redirect Web Service Instills Malicious Campaigns In Over 16,500 Websites
FAKEUPDATES
2022-03-18RiskIQJennifer Grob, RiskIQ
@online{grob:20220318:riskiq:3c630e5, author = {Jennifer Grob and RiskIQ}, title = {{RiskIQ: Fraudulent Website Attempts to Collect Donations in Support of Ukraine Humanitarian Fund (UHF)}}, date = {2022-03-18}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/c9a9e8a6}, language = {English}, urldate = {2022-03-22} } RiskIQ: Fraudulent Website Attempts to Collect Donations in Support of Ukraine Humanitarian Fund (UHF)
2022-03-16RiskIQJennifer Grob, RiskIQ
@online{grob:20220316:riskiq:6615264, author = {Jennifer Grob and RiskIQ}, title = {{RiskIQ: Website Spoofed Ukrainian "Official site of the PrivatBank Charitable Foundation" to Skim Credit Card Data}}, date = {2022-03-16}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/57a3509b}, language = {English}, urldate = {2022-03-22} } RiskIQ: Website Spoofed Ukrainian "Official site of the PrivatBank Charitable Foundation" to Skim Credit Card Data
2022-03-10Bleeping ComputerBill Toulas
@online{toulas:20220310:corporate:30fac0b, author = {Bill Toulas}, title = {{Corporate website contact forms used to spread BazarBackdoor malware}}, date = {2022-03-10}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/corporate-website-contact-forms-used-to-spread-bazarbackdoor-malware/}, language = {English}, urldate = {2022-03-14} } Corporate website contact forms used to spread BazarBackdoor malware
BazarBackdoor
2022-03-09AbnormalBelem Regalado, Rachelle Chouinard
@online{regalado:20220309:bazarloader:09cc5d7, author = {Belem Regalado and Rachelle Chouinard}, title = {{BazarLoader Actors Initiate Contact via Website Contact Forms}}, date = {2022-03-09}, organization = {Abnormal}, url = {https://abnormalsecurity.com/blog/bazarloader-contact-form}, language = {English}, urldate = {2022-05-04} } BazarLoader Actors Initiate Contact via Website Contact Forms
BazarBackdoor
2022-03-01RiskIQJennifer Grob
@online{grob:20220301:riskiq:660957b, author = {Jennifer Grob}, title = {{RiskIQ: Fraudulent Website Spoofing UNHCR for Ukrainian Refugees Seeks Bitcoin Donations}}, date = {2022-03-01}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/1531a4e2}, language = {English}, urldate = {2022-03-07} } RiskIQ: Fraudulent Website Spoofing UNHCR for Ukrainian Refugees Seeks Bitcoin Donations
2022-02-20Cado SecurityCado Security
@online{security:20220220:technical:9232633, author = {Cado Security}, title = {{Technical Analysis of the DDoS Attacks against Ukrainian Websites}}, date = {2022-02-20}, organization = {Cado Security}, url = {https://www.cadosecurity.com/technical-analysis-of-the-ddos-attacks-against-ukrainian-websites/}, language = {English}, urldate = {2022-02-26} } Technical Analysis of the DDoS Attacks against Ukrainian Websites
Mirai
2021-12-31victory mediumZach Edwards
@online{edwards:20211231:compromised:3ee8044, author = {Zach Edwards}, title = {{Compromised Godaddy Infrastructure Attacking Numerous U.S. Government Websites to Promote “Canadian Pharmacy” Scam Websites}}, date = {2021-12-31}, organization = {victory medium}, url = {https://victorymedium.com/godaddy-global-issues-canadian-pharmacy-injections/}, language = {English}, urldate = {2022-01-25} } Compromised Godaddy Infrastructure Attacking Numerous U.S. Government Websites to Promote “Canadian Pharmacy” Scam Websites
2021-11-29Trend MicroJaromír Hořejší
@online{hoej:20211129:campaign:6e23cf5, author = {Jaromír Hořejší}, title = {{Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites}}, date = {2021-11-29}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/k/campaign-abusing-rats-uses-fake-websites.html}, language = {English}, urldate = {2021-12-07} } Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites
AsyncRAT Azorult Nanocore RAT NjRAT RedLine Stealer Remcos