Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-11-06VolexitySteven Adair, Thomas Lancaster, Volexity Threat Research
@online{adair:20201106:oceanlotus:f7b11ac, author = {Steven Adair and Thomas Lancaster and Volexity Threat Research}, title = {{OceanLotus: Extending Cyber Espionage Operations Through Fake Websites}}, date = {2020-11-06}, organization = {Volexity}, url = {https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-websites/}, language = {English}, urldate = {2020-11-09} } OceanLotus: Extending Cyber Espionage Operations Through Fake Websites
Cobalt Strike KerrDown APT32
2020-10-20Bundesamt für Sicherheit in der InformationstechnikBSI
@online{bsi:20201020:die:0683ad4, author = {BSI}, title = {{Die Lage der IT-Sicherheit in Deutschland 2020}}, date = {2020-10-20}, organization = {Bundesamt für Sicherheit in der Informationstechnik}, url = {https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Lageberichte/Lagebericht2020.pdf?__blob=publicationFile&v=2}, language = {German}, urldate = {2020-10-21} } Die Lage der IT-Sicherheit in Deutschland 2020
Clop Emotet REvil Ryuk TrickBot
2020-10-14FBIFBI
@techreport{fbi:20201014:cp000135dm:13d0f65, author = {FBI}, title = {{CP-000135-DM: Unattributed Entities Register Domains Spoofing the US Census Bureau’s Websites, Likely for Malicious Use}}, date = {2020-10-14}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2020/201106.pdf}, language = {English}, urldate = {2020-11-09} } CP-000135-DM: Unattributed Entities Register Domains Spoofing the US Census Bureau’s Websites, Likely for Malicious Use
2020-07-29MandiantMandiant
@techreport{mandiant:20200729:ghostwriter:c81a10a, author = {Mandiant}, title = {{‘Ghostwriter’ Influence Campaign: Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned with Russian Security Interests}}, date = {2020-07-29}, institution = {Mandiant}, url = {https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/Ghostwriter-Influence-Campaign.pdf}, language = {English}, urldate = {2020-07-30} } ‘Ghostwriter’ Influence Campaign: Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned with Russian Security Interests
2020-06-26Department of JusticeDepartment of Justice
@online{justice:20200626:russian:276b274, author = {Department of Justice}, title = {{Russian National (Aleksei Burkov, Cardplanet) Sentenced to Prison for Operating Websites Devoted to Fraud and Malicious Cyber Activities}}, date = {2020-06-26}, organization = {Department of Justice}, url = {https://www.justice.gov/opa/pr/russian-national-sentenced-prison-operating-websites-devoted-fraud-and-malicious-cyber}, language = {English}, urldate = {2020-06-29} } Russian National (Aleksei Burkov, Cardplanet) Sentenced to Prison for Operating Websites Devoted to Fraud and Malicious Cyber Activities
2020-06-15ZDNetCatalin Cimpanu
@online{cimpanu:20200615:web:a10a55d, author = {Catalin Cimpanu}, title = {{Web skimmers found on the websites of Intersport, Claire's, and Icing}}, date = {2020-06-15}, organization = {ZDNet}, url = {https://www.zdnet.com/article/web-skimmers-found-on-the-websites-of-intersport-claires-and-icing/}, language = {English}, urldate = {2020-06-16} } Web skimmers found on the websites of Intersport, Claire's, and Icing
magecart
2020-01-27Group-IBVesta Matveeva
@online{matveeva:20200127:operation:0a2260a, author = {Vesta Matveeva}, title = {{Operation Night Fury: Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world}}, date = {2020-01-27}, organization = {Group-IB}, url = {https://www.group-ib.com/media/night-fury/}, language = {English}, urldate = {2020-01-28} } Operation Night Fury: Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world
2020-01-03Youtube (BSides Belfast)Brian Bartholomew
@online{bartholomew:20200103:nice:ddc5c57, author = {Brian Bartholomew}, title = {{Nice One, Dad: Dissecting A Rare Malware Used By Leviathan}}, date = {2020-01-03}, organization = {Youtube (BSides Belfast)}, url = {https://www.youtube.com/watch?v=vx9IB88wXSE}, language = {English}, urldate = {2020-01-13} } Nice One, Dad: Dissecting A Rare Malware Used By Leviathan
DADJOKE
2020-01-03Youtube (BSides Belfast)Nick Summerlin, Jorge Rodriguez
@online{summerlin:20200103:demystifying:c0a1a19, author = {Nick Summerlin and Jorge Rodriguez}, title = {{Demystifying QBot Banking Trojan}}, date = {2020-01-03}, organization = {Youtube (BSides Belfast)}, url = {https://www.youtube.com/watch?v=iB1psRMtlqg}, language = {English}, urldate = {2020-02-21} } Demystifying QBot Banking Trojan
QakBot
2019-09-24Cisco TalosWarren Mercer, Paul Rascagnères, Jungsoo An
@online{mercer:20190924:how:ac2b53e, author = {Warren Mercer and Paul Rascagnères and Jungsoo An}, title = {{How Tortoiseshell created a fake veteran hiring website to host malware}}, date = {2019-09-24}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html}, language = {English}, urldate = {2019-12-02} } How Tortoiseshell created a fake veteran hiring website to host malware
Liderc SysKit
2019-09-20Trend MicroLuis Magisa
@online{magisa:20190920:mac:c83a228, author = {Luis Magisa}, title = {{Mac Malware that Spoofs Trading App Steals User Information, Uploads it to Website}}, date = {2019-09-20}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/mac-malware-that-spoofs-trading-app-steals-user-information-uploads-it-to-website/}, language = {English}, urldate = {2020-05-19} } Mac Malware that Spoofs Trading App Steals User Information, Uploads it to Website
Gmera
2019-04-11Dr.WebDr. Web
@online{web:20190411:official:b0ce6e2, author = {Dr. Web}, title = {{The official website of a popular video editing software was infected with a banking trojan}}, date = {2019-04-11}, organization = {Dr.Web}, url = {https://news.drweb.com/show/?i=13242&lng=en}, language = {English}, urldate = {2020-01-10} } The official website of a popular video editing software was infected with a banking trojan
KPOT Stealer
2019-03-02Ido Naor
@online{naor:20190302:israeli:f2685e6, author = {Ido Naor}, title = {{An Israeli website nagish[.]co[.]il was compromised and one of its subdomains (embedded in dozens of websites (including gov and media) became temporary water holes for Israeli residents.}}, date = {2019-03-02}, url = {https://twitter.com/IdoNaor1/status/1101936940297924608}, language = {English}, urldate = {2019-10-17} } An Israeli website nagish[.]co[.]il was compromised and one of its subdomains (embedded in dozens of websites (including gov and media) became temporary water holes for Israeli residents.
JCry
2019-02-11The RegisterChris Williams
@online{williams:20190211:620:aaa3de4, author = {Chris Williams}, title = {{620 million accounts stolen from 16 hacked websites now for sale on dark web, seller boasts}}, date = {2019-02-11}, organization = {The Register}, url = {https://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/}, language = {English}, urldate = {2020-01-08} } 620 million accounts stolen from 16 hacked websites now for sale on dark web, seller boasts
Gnosticplayers
2018-10-08Youtube VideoSaher Naumaan
@online{naumaan:20181008:bsides:26586e2, author = {Saher Naumaan}, title = {{BSides Belfast 2018: Lazarus On The Rise: Insights From SWIFT Bank Attacks}}, date = {2018-10-08}, organization = {Youtube Video}, url = {https://youtu.be/_kzFNQySEMw?t=789}, language = {English}, urldate = {2019-10-15} } BSides Belfast 2018: Lazarus On The Rise: Insights From SWIFT Bank Attacks
NESTEGG
2018-09-18Trend MicroJoseph C Chen
@online{chen:20180918:magecart:af83872, author = {Joseph C Chen}, title = {{Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites}}, date = {2018-09-18}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/magecart-skimming-attack-targets-mobile-users-of-hotel-chain-booking-websites/}, language = {English}, urldate = {2020-01-08} } Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites
magecart
2018-05-15BSides DetroitKeven Murphy, Stefano Maccaglia
@online{murphy:20180515:ir:ac5b561, author = {Keven Murphy and Stefano Maccaglia}, title = {{IR in Heterogeneous Environment}}, date = {2018-05-15}, organization = {BSides Detroit}, url = {https://www.slideshare.net/StefanoMaccaglia/bsides-ir-in-heterogeneous-environment}, language = {English}, urldate = {2020-07-20} } IR in Heterogeneous Environment
Korlia Poison Ivy
2017-06-07Zerophage
@online{zerophage:20170607:rig:7e32e84, author = {Zerophage}, title = {{Rig EK via Fake EVE Online website drops Bunitu}}, date = {2017-06-07}, url = {https://zerophagemalware.com/2017/06/07/rig-ek-via-fake-eve-online-website-drops-bunitu/}, language = {English}, urldate = {2019-11-29} } Rig EK via Fake EVE Online website drops Bunitu
Bunitu
2017-03-30ClearSkyClearSky Research Team
@online{team:20170330:jerusalem:833dcce, author = {ClearSky Research Team}, title = {{Jerusalem Post and other Israeli websites compromised by Iranian threat agent CopyKitten}}, date = {2017-03-30}, organization = {ClearSky}, url = {http://www.clearskysec.com/copykitten-jpost/}, language = {English}, urldate = {2020-01-09} } Jerusalem Post and other Israeli websites compromised by Iranian threat agent CopyKitten
CopyKittens
2016-09-28Palo Alto Networks Unit 42Tom Lancaster, Micah Yates
@online{lancaster:20160928:confucius:24e8de3, author = {Tom Lancaster and Micah Yates}, title = {{Confucius Says…Malware Families Get Further By Abusing Legitimate Websites}}, date = {2016-09-28}, organization = {Palo Alto Networks Unit 42}, url = {https://researchcenter.paloaltonetworks.com/2016/09/unit42-confucius-says-malware-families-get-further-by-abusing-legitimate-websites/}, language = {English}, urldate = {2019-12-20} } Confucius Says…Malware Families Get Further By Abusing Legitimate Websites
Confucius SNEEPY