Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-11-17Cisco TalosGuilherme Venere
@online{venere:20231117:deep:b5f97e0, author = {Guilherme Venere}, title = {{A deep dive into Phobos ransomware, recently deployed by 8Base group}}, date = {2023-11-17}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/}, language = {English}, urldate = {2023-11-27} } A deep dive into Phobos ransomware, recently deployed by 8Base group
8Base Phobos
2023-11-17Cisco TalosGuilherme Venere
@online{venere:20231117:understanding:0f7a321, author = {Guilherme Venere}, title = {{Understanding the Phobos affiliate structure and activity}}, date = {2023-11-17}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/understanding-the-phobos-affiliate-structure/}, language = {English}, urldate = {2023-11-23} } Understanding the Phobos affiliate structure and activity
Phobos
2023-11-16CISACISA
@techreport{cisa:20231116:scattered:5864b37, author = {CISA}, title = {{Scattered Spider}}, date = {2023-11-16}, institution = {CISA}, url = {https://www.cisa.gov/sites/default/files/2023-11/aa23-320a_scattered_spider.pdf}, language = {English}, urldate = {2023-11-17} } Scattered Spider
BlackCat Ave Maria Raccoon Vidar
2023-11-16CISACISA
@online{cisa:20231116:scattered:ec1932d, author = {CISA}, title = {{Scattered Spider}}, date = {2023-11-16}, organization = {CISA}, url = {https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a}, language = {English}, urldate = {2023-11-22} } Scattered Spider
Ave Maria BlackCat Raccoon Vidar
2023-10-25Cisco TalosAsheer Malhotra, Vitor Ventura
@online{malhotra:20231025:kazakhstanassociated:5ed7b93, author = {Asheer Malhotra and Vitor Ventura}, title = {{Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan}}, date = {2023-10-25}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/attributing-yorotrooper/}, language = {English}, urldate = {2023-12-04} } Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan
Ave Maria Loda
2023-09-28Cisco TalosJonathan Munshaw
@online{munshaw:20230928:security:98925a0, author = {Jonathan Munshaw}, title = {{The security pitfalls of social media sites offering ID-based authentication}}, date = {2023-09-28}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/threat-source-newsletter-sept-28-2023/}, language = {English}, urldate = {2023-12-04} } The security pitfalls of social media sites offering ID-based authentication
2023-09-19Cisco TalosAsheer Malhotra, Caitlin Huey, Sean Taylor, Vitor Ventura, Arnaud Zobec
@online{malhotra:20230919:new:a39af36, author = {Asheer Malhotra and Caitlin Huey and Sean Taylor and Vitor Ventura and Arnaud Zobec}, title = {{New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants}}, date = {2023-09-19}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/introducing-shrouded-snooper/}, language = {English}, urldate = {2023-09-20} } New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants
HTTPSnoop PipeSnoop ShroudedSnooper
2023-09-07CISACISA
@techreport{cisa:20230907:multiple:e867413, author = {CISA}, title = {{Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475}}, date = {2023-09-07}, institution = {CISA}, url = {https://www.cisa.gov/sites/default/files/2023-09/aa23-250a-apt-actors-exploit-cve-2022-47966-and-cve-2022-42475.pdf}, language = {English}, urldate = {2023-09-11} } Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
Meterpreter MimiKatz
2023-09-07CISACISA
@online{cisa:20230907:mar10454006r5v1:3dce99f, author = {CISA}, title = {{MAR-10454006.r5.v1 SUBMARINE, SKIPJACK, SEASPRAY, WHIRLPOOL, and SALTWATER Backdoors}}, date = {2023-09-07}, organization = {CISA}, url = {https://www.cisa.gov/news-events/analysis-reports/ar23-250a-0}, language = {English}, urldate = {2023-09-08} } MAR-10454006.r5.v1 SUBMARINE, SKIPJACK, SEASPRAY, WHIRLPOOL, and SALTWATER Backdoors
WHIRLPOOL
2023-08-31Cisco TalosEdmund Brumaghin
@online{brumaghin:20230831:sapphirestealer:59b335d, author = {Edmund Brumaghin}, title = {{SapphireStealer: Open-source information stealer enables credential and data theft}}, date = {2023-08-31}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/sapphirestealer-goes-open-source/}, language = {English}, urldate = {2023-09-01} } SapphireStealer: Open-source information stealer enables credential and data theft
2023-08-24Cisco TalosAsheer Malhotra, Vitor Ventura, Jungsoo An
@online{malhotra:20230824:lazarus:094409b, author = {Asheer Malhotra and Vitor Ventura and Jungsoo An}, title = {{Lazarus Group's infrastructure reuse leads to discovery of new malware}}, date = {2023-08-24}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/lazarus-collectionrat/}, language = {English}, urldate = {2023-08-28} } Lazarus Group's infrastructure reuse leads to discovery of new malware
Collection RAT
2023-08-24Cisco TalosAsheer Malhotra, Vitor Ventura, Jungsoo An
@online{malhotra:20230824:lazarus:f5c3c14, author = {Asheer Malhotra and Vitor Ventura and Jungsoo An}, title = {{Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT}}, date = {2023-08-24}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/lazarus-quiterat/}, language = {English}, urldate = {2023-08-25} } Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
QuiteRAT
2023-08-08Cisco TalosCisco Talos
@online{talos:20230808:what:0316750, author = {Cisco Talos}, title = {{What Cisco Talos knows about the Rhysida ransomware}}, date = {2023-08-08}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/rhysida-ransomware/}, language = {English}, urldate = {2023-08-10} } What Cisco Talos knows about the Rhysida ransomware
Rhysida
2023-08-07Cisco TalosChetan Raghuprasad
@online{raghuprasad:20230807:new:0147488, author = {Chetan Raghuprasad}, title = {{New threat actor targets Bulgaria, China, Vietnam and other countries with customized Yashma ransomware}}, date = {2023-08-07}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/new-threat-actor-using-yashma-ransomware/}, language = {English}, urldate = {2023-08-09} } New threat actor targets Bulgaria, China, Vietnam and other countries with customized Yashma ransomware
Chaos
2023-07-28CISACISA
@online{cisa:20230728:cisa:6c1a592, author = {CISA}, title = {{CISA Releases Malware Analysis Reports on Barracuda Backdoors}}, date = {2023-07-28}, organization = {CISA}, url = {https://www.cisa.gov/news-events/alerts/2023/07/28/cisa-releases-malware-analysis-reports-barracuda-backdoors}, language = {English}, urldate = {2023-07-31} } CISA Releases Malware Analysis Reports on Barracuda Backdoors
SEASPY
2023-07-28CISACISA
@online{cisa:20230728:mar10454006r2v1:eac60db, author = {CISA}, title = {{MAR-10454006-r2.v1 SEASPY Backdoor}}, date = {2023-07-28}, organization = {CISA}, url = {https://www.cisa.gov/news-events/analysis-reports/ar23-209b}, language = {English}, urldate = {2023-07-31} } MAR-10454006-r2.v1 SEASPY Backdoor
SEASPY
2023-07-28CISA
@online{cisa:20230728:mar10454006r1v2:4a6a9c8, author = {CISA}, title = {{MAR-10454006-r1.v2 SUBMARINE Backdoor}}, date = {2023-07-28}, url = {https://www.cisa.gov/news-events/analysis-reports/ar23-209a}, language = {English}, urldate = {2023-07-31} } MAR-10454006-r1.v2 SUBMARINE Backdoor
2023-07-06CISACISA
@online{cisa:20230706:increased:7ff9690, author = {CISA}, title = {{Increased Truebot Activity Infects U.S. and Canada Based Networks}}, date = {2023-07-06}, organization = {CISA}, url = {https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a}, language = {English}, urldate = {2023-07-08} } Increased Truebot Activity Infects U.S. and Canada Based Networks
Silence
2023-06-14CISAFBI, MS-ISAC, Australian Cyber Security Centre (ACSC), Bundesamt für Sicherheit in der Informationstechnik (BSI), NCSC UK, Canadian Centre for Cyber Security (CCCS), ANSSI, CERT NZ, New Zealand National Cyber Security Centre (NZ NCSC)
@techreport{fbi:20230614:understanding:05abf47, author = {FBI and MS-ISAC and Australian Cyber Security Centre (ACSC) and Bundesamt für Sicherheit in der Informationstechnik (BSI) and NCSC UK and Canadian Centre for Cyber Security (CCCS) and ANSSI and CERT NZ and New Zealand National Cyber Security Centre (NZ NCSC)}, title = {{Understanding Ransomware Threat Actors: Lockbit}}, date = {2023-06-14}, institution = {CISA}, url = {https://www.cisa.gov/sites/default/files/2023-06/aa23-165a_understanding_TA_LockBit_0.pdf}, language = {English}, urldate = {2023-06-19} } Understanding Ransomware Threat Actors: Lockbit
LockBit
2023-05-31Trend MicroTrend Micro, Katherine Casona, Ivan Nicole Chavez, Ieriz Nicolle Gonzalez, Jeffrey Francis Bonaobra
@online{micro:20230531:investigating:77b7e51, author = {Trend Micro and Katherine Casona and Ivan Nicole Chavez and Ieriz Nicolle Gonzalez and Jeffrey Francis Bonaobra}, title = {{Investigating BlackSuit Ransomware’s Similarities to Royal}}, date = {2023-05-31}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/23/e/investigating-blacksuit-ransomwares-similarities-to-royal.html}, language = {English}, urldate = {2023-06-05} } Investigating BlackSuit Ransomware’s Similarities to Royal
BlackSuit BlackSuit