Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-09-18KrebsOnSecurityBrian Krebs
@online{krebs:20230918:whos:a141b00, author = {Brian Krebs}, title = {{Who's Behind the 8Base Ransomware Website?}}, date = {2023-09-18}, organization = {KrebsOnSecurity}, url = {https://krebsonsecurity.com/2023/09/whos-behind-the-8base-ransomware-website/}, language = {English}, urldate = {2023-09-22} } Who's Behind the 8Base Ransomware Website?
8Base
2023-09-04Cert-UACert-UA
@online{certua:20230904:apt28:5db5c7c, author = {Cert-UA}, title = {{APT28 cyberattack: msedge as a bootloader, TOR and mockbin.org/website.hook services as a control center (CERT-UA#7469)}}, date = {2023-09-04}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/5702579}, language = {Ukrainian}, urldate = {2023-09-07} } APT28 cyberattack: msedge as a bootloader, TOR and mockbin.org/website.hook services as a control center (CERT-UA#7469)
2023-06-14CISAFBI, MS-ISAC, Australian Cyber Security Centre (ACSC), Bundesamt für Sicherheit in der Informationstechnik (BSI), NCSC UK, Canadian Centre for Cyber Security (CCCS), ANSSI, CERT NZ, New Zealand National Cyber Security Centre (NZ NCSC)
@techreport{fbi:20230614:understanding:05abf47, author = {FBI and MS-ISAC and Australian Cyber Security Centre (ACSC) and Bundesamt für Sicherheit in der Informationstechnik (BSI) and NCSC UK and Canadian Centre for Cyber Security (CCCS) and ANSSI and CERT NZ and New Zealand National Cyber Security Centre (NZ NCSC)}, title = {{Understanding Ransomware Threat Actors: Lockbit}}, date = {2023-06-14}, institution = {CISA}, url = {https://www.cisa.gov/sites/default/files/2023-06/aa23-165a_understanding_TA_LockBit_0.pdf}, language = {English}, urldate = {2023-06-19} } Understanding Ransomware Threat Actors: Lockbit
LockBit
2023-05-25YouTube (BSidesCharm)Asheer Malhotra
@online{malhotra:20230525:its:a79abe4, author = {Asheer Malhotra}, title = {{it’s all Magic(RAT) – A look into recent North Korean nation-state attacks}}, date = {2023-05-25}, organization = {YouTube (BSidesCharm)}, url = {https://www.youtube.com/watch?v=nUjxH1gW53s}, language = {English}, urldate = {2023-08-28} } it’s all Magic(RAT) – A look into recent North Korean nation-state attacks
MagicRAT VSingle YamaBot
2023-03-02Wiz.ioAmitai Cohen, Barak Sharoni
@online{cohen:20230302:redirection:99da152, author = {Amitai Cohen and Barak Sharoni}, title = {{Redirection Roulette: Thousands of hijacked websites in East Asia redirecting visitors to other sites}}, date = {2023-03-02}, organization = {Wiz.io}, url = {https://www.wiz.io/blog/redirection-roulette}, language = {English}, urldate = {2023-03-13} } Redirection Roulette: Thousands of hijacked websites in East Asia redirecting visitors to other sites
2022-11-21BSides SydneyThomas Roccia
@online{roccia:20221121:xray:da154d3, author = {Thomas Roccia}, title = {{X-Ray of Malware Evasion Techniques - Analysis, Dissection, Cure?}}, date = {2022-11-21}, organization = {BSides Sydney}, url = {https://speakerdeck.com/fr0gger/x-ray-of-malware-evasion-techniques-analysis-dissection-cure}, language = {English}, urldate = {2022-12-29} } X-Ray of Malware Evasion Techniques - Analysis, Dissection, Cure?
Emotet
2022-10-07YouTube (BSides Portland)Pim Trouerbach
@online{trouerbach:20221007:smokeloader:7c5e5b3, author = {Pim Trouerbach}, title = {{SmokeLoader - The Pandora's box of Tricks}}, date = {2022-10-07}, organization = {YouTube (BSides Portland)}, url = {https://youtu.be/QOypldw6hnY?t=3237}, language = {English}, urldate = {2022-10-11} } SmokeLoader - The Pandora's box of Tricks
SmokeLoader
2022-10-06YouTube ( BSides Budapest IT Security Conference)Kurt Baumgartner, Georgy Kucherin
@online{baumgartner:20221006:diceyf:f69a639, author = {Kurt Baumgartner and Georgy Kucherin}, title = {{DiceyF deploys GamePlayerFramework (Video)}}, date = {2022-10-06}, organization = {YouTube ( BSides Budapest IT Security Conference)}, url = {https://www.youtube.com/watch?v=yVqALLtvkN8&t=8117s}, language = {English}, urldate = {2022-10-25} } DiceyF deploys GamePlayerFramework (Video)
GamePlayerFramework
2022-08-16SUCURIDenis Sinegubko
@online{sinegubko:20220816:socgholish:2e4f75e, author = {Denis Sinegubko}, title = {{SocGholish: 5+ Years of Massive Website Infections}}, date = {2022-08-16}, organization = {SUCURI}, url = {https://blog.sucuri.net/2022/08/socgholish-5-years-of-massive-website-infections.html}, language = {English}, urldate = {2022-08-19} } SocGholish: 5+ Years of Massive Website Infections
FAKEUPDATES
2022-08-02cybleCyble Research Labs
@online{labs:20220802:fake:9770cab, author = {Cyble Research Labs}, title = {{Fake Atomic Wallet Website Distributing Mars Stealer}}, date = {2022-08-02}, organization = {cyble}, url = {https://blog.cyble.com/2022/08/02/fake-atomic-wallet-website-distributing-mars-stealer/}, language = {English}, urldate = {2022-08-08} } Fake Atomic Wallet Website Distributing Mars Stealer
Mars Stealer
2022-07-17The Times of IsraelTOI Staff
@online{staff:20220717:cyberattack:c7b8eb8, author = {TOI Staff}, title = {{Cyberattack on Health Ministry website blocks overseas access}}, date = {2022-07-17}, organization = {The Times of Israel}, url = {https://www.timesofisrael.com/cyberattack-on-health-ministry-website-blocks-overseas-access/}, language = {English}, urldate = {2023-11-27} } Cyberattack on Health Ministry website blocks overseas access
2022-05-25ReutersRaphael Satter, James Pearson, Christopher Bing
@online{satter:20220525:russian:0d05639, author = {Raphael Satter and James Pearson and Christopher Bing}, title = {{Russian hackers are linked to new Brexit leak website, Google says}}, date = {2022-05-25}, organization = {Reuters}, url = {https://www.reuters.com/technology/exclusive-russian-hackers-are-linked-new-brexit-leak-website-google-says-2022-05-25/}, language = {English}, urldate = {2022-05-25} } Russian hackers are linked to new Brexit leak website, Google says
2022-05-17Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20220517:hydra:16615d9, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{Hydra with Three Heads: BlackByte & The Future of Ransomware Subsidiary Groups}}, date = {2022-05-17}, organization = {Advanced Intelligence}, url = {https://www.advintel.io/post/hydra-with-three-heads-blackbyte-the-future-of-ransomware-subsidiary-groups}, language = {English}, urldate = {2022-05-25} } Hydra with Three Heads: BlackByte & The Future of Ransomware Subsidiary Groups
BlackByte Conti
2022-04-27Trend MicroDaniel Lunghi, Jaromír Hořejší
@online{lunghi:20220427:new:9068f6e, author = {Daniel Lunghi and Jaromír Hořejší}, title = {{New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware}}, date = {2022-04-27}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/d/new-apt-group-earth-berberoka-targets-gambling-websites-with-old.html}, language = {English}, urldate = {2023-04-18} } New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
HelloBot AsyncRAT Ghost RAT HelloBot PlugX Quasar RAT Earth Berberoka
2022-04-22SUCURISucuri
@techreport{sucuri:20220422:2021:e28e63b, author = {Sucuri}, title = {{2021 Website Threat Research Report}}, date = {2022-04-22}, institution = {SUCURI}, url = {https://sucuri.net/wp-content/uploads/2022/04/22-sucuri-2021-hacked-report.pdf}, language = {English}, urldate = {2022-05-04} } 2021 Website Threat Research Report
2022-04-20Expats.czČTK
@online{tk:20220420:russian:2925bf4, author = {ČTK}, title = {{Russian hackers target Czech websites in a series of cyberattacks}}, date = {2022-04-20}, organization = {Expats.cz}, url = {https://www.expats.cz/czech-news/article/pro-russian-hackers-target-czech-websites-in-a-series-of-attacks}, language = {English}, urldate = {2022-04-25} } Russian hackers target Czech websites in a series of cyberattacks
Killnet
2022-04-10Digital Information WorldHura Anwar
@online{anwar:20220410:threatening:784ed0e, author = {Hura Anwar}, title = {{Threatening Redirect Web Service Instills Malicious Campaigns In Over 16,500 Websites}}, date = {2022-04-10}, organization = {Digital Information World}, url = {https://www.digitalinformationworld.com/2022/04/threatening-redirect-web-service.html}, language = {English}, urldate = {2022-05-05} } Threatening Redirect Web Service Instills Malicious Campaigns In Over 16,500 Websites
FAKEUPDATES
2022-03-18RiskIQJennifer Grob, RiskIQ
@online{grob:20220318:riskiq:3c630e5, author = {Jennifer Grob and RiskIQ}, title = {{RiskIQ: Fraudulent Website Attempts to Collect Donations in Support of Ukraine Humanitarian Fund (UHF)}}, date = {2022-03-18}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/c9a9e8a6}, language = {English}, urldate = {2022-03-22} } RiskIQ: Fraudulent Website Attempts to Collect Donations in Support of Ukraine Humanitarian Fund (UHF)
2022-03-16RiskIQJennifer Grob, RiskIQ
@online{grob:20220316:riskiq:6615264, author = {Jennifer Grob and RiskIQ}, title = {{RiskIQ: Website Spoofed Ukrainian "Official site of the PrivatBank Charitable Foundation" to Skim Credit Card Data}}, date = {2022-03-16}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/57a3509b}, language = {English}, urldate = {2022-03-22} } RiskIQ: Website Spoofed Ukrainian "Official site of the PrivatBank Charitable Foundation" to Skim Credit Card Data
2022-03-10Bleeping ComputerBill Toulas
@online{toulas:20220310:corporate:30fac0b, author = {Bill Toulas}, title = {{Corporate website contact forms used to spread BazarBackdoor malware}}, date = {2022-03-10}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/corporate-website-contact-forms-used-to-spread-bazarbackdoor-malware/}, language = {English}, urldate = {2022-03-14} } Corporate website contact forms used to spread BazarBackdoor malware
BazarBackdoor