Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-11-03paloalto Netoworks: Unit42Durgesh Sangvikar, Chris Navarrete, Matthew Tennis, Yanhui Jia, Yu Fu, Siddhart Shibiraj
@online{sangvikar:20221103:cobalt:9a81f6f, author = {Durgesh Sangvikar and Chris Navarrete and Matthew Tennis and Yanhui Jia and Yu Fu and Siddhart Shibiraj}, title = {{Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild}}, date = {2022-11-03}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-team-server/}, language = {English}, urldate = {2022-11-03} } Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild
Cobalt Strike
2022-10-31Security homeworkChristophe Rieunier
@online{rieunier:20221031:qakbot:e82f924, author = {Christophe Rieunier}, title = {{QakBot CCs prioritization and new record types}}, date = {2022-10-31}, organization = {Security homework}, url = {https://www.securityhomework.net/articles/qakbot_ccs_prioritization_and_new_record_types/qakbot_ccs_prioritization_and_new_record_types.php}, language = {English}, urldate = {2022-10-31} } QakBot CCs prioritization and new record types
QakBot
2022-07-26MandiantThibault van Geluwe de Berlaere, Jay Christiansen, Daniel Kapellmann Zafra, Ken Proska, Keith Lunden
@online{berlaere:20220726:mandiant:c1c4498, author = {Thibault van Geluwe de Berlaere and Jay Christiansen and Daniel Kapellmann Zafra and Ken Proska and Keith Lunden}, title = {{Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers}}, date = {2022-07-26}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/mandiant-red-team-emulates-fin11-tactics}, language = {English}, urldate = {2023-01-19} } Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers
Clop Industroyer MimiKatz Triton
2022-07-13Palo Alto Networks Unit 42Chris Navarrete, Durgesh Sangvikar, Yu Fu, Yanhui Jia, Siddhart Shibiraj
@online{navarrete:20220713:cobalt:dd907c3, author = {Chris Navarrete and Durgesh Sangvikar and Yu Fu and Yanhui Jia and Siddhart Shibiraj}, title = {{Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption}}, date = {2022-07-13}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-metadata-encryption-decryption/}, language = {English}, urldate = {2022-07-15} } Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption
Cobalt Strike
2022-07-01Malwarebytes LabsChristopher Boyd
@online{boyd:20220701:astralocker:7ef70a2, author = {Christopher Boyd}, title = {{AstraLocker 2.0 ransomware isn’t going to give you your files back}}, date = {2022-07-01}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/ransomware/2022/07/astralocker-2-0-ransomware-isnt-going-to-give-you-your-files-back/}, language = {English}, urldate = {2022-07-05} } AstraLocker 2.0 ransomware isn’t going to give you your files back
AstraLocker
2022-06-23TrellixChristiaan Beek
@online{beek:20220623:sound:31e77bd, author = {Christiaan Beek}, title = {{The Sound of Malware}}, date = {2022-06-23}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/the-sound-of-malware.html}, language = {English}, urldate = {2022-06-27} } The Sound of Malware
Conti VHD Ransomware
2022-06-21Cisco TalosFlavio Costa, Chris Neal, Guilherme Venere
@online{costa:20220621:avos:b60a2ad, author = {Flavio Costa and Chris Neal and Guilherme Venere}, title = {{Avos ransomware group expands with new attack arsenal}}, date = {2022-06-21}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/06/avoslocker-new-arsenal.html}, language = {English}, urldate = {2022-06-22} } Avos ransomware group expands with new attack arsenal
AvosLocker Cobalt Strike DarkComet MimiKatz
2022-06-07Lacework LabsChris Hall
@online{hall:20220607:kinsing:8e96c1f, author = {Chris Hall}, title = {{Kinsing & Dark.IoT botnet among threats targeting CVE-2022-26134}}, date = {2022-06-07}, organization = {Lacework Labs}, url = {https://www.lacework.com/blog/kinsing-dark-iot-botnet-among-threats-targeting-cve-2022-26134/}, language = {English}, urldate = {2022-06-15} } Kinsing & Dark.IoT botnet among threats targeting CVE-2022-26134
Dark Kinsing
2022-05-25ReutersRaphael Satter, James Pearson, Christopher Bing
@online{satter:20220525:russian:0d05639, author = {Raphael Satter and James Pearson and Christopher Bing}, title = {{Russian hackers are linked to new Brexit leak website, Google says}}, date = {2022-05-25}, organization = {Reuters}, url = {https://www.reuters.com/technology/exclusive-russian-hackers-are-linked-new-brexit-leak-website-google-says-2022-05-25/}, language = {English}, urldate = {2022-05-25} } Russian hackers are linked to new Brexit leak website, Google says
2022-05-19Trend MicroAdolph Christian Silverio, Jeric Miguel Abordo, Khristian Joseph Morales, Maria Emreen Viray
@online{silverio:20220519:bruised:f5c6775, author = {Adolph Christian Silverio and Jeric Miguel Abordo and Khristian Joseph Morales and Maria Emreen Viray}, title = {{Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware}}, date = {2022-05-19}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/e/bruised-but-not-broken--the-resurgence-of-the-emotet-botnet-malw.html}, language = {English}, urldate = {2022-05-25} } Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware
Emotet QakBot
2022-05-19GoogleClement Lecigne, Christian Resell, Google Threat Analysis Group
@online{lecigne:20220519:protecting:847f98a, author = {Clement Lecigne and Christian Resell and Google Threat Analysis Group}, title = {{Protecting Android users from 0-Day attacks}}, date = {2022-05-19}, organization = {Google}, url = {https://blog.google/threat-analysis-group/protecting-android-users-from-0-day-attacks/}, language = {English}, urldate = {2022-05-25} } Protecting Android users from 0-Day attacks
2022-05-12Lacework LabsChris Hall, Jared Stroud
@online{hall:20220512:malware:ff2f6a5, author = {Chris Hall and Jared Stroud}, title = {{Malware targeting latest F5 vulnerability}}, date = {2022-05-12}, organization = {Lacework Labs}, url = {https://www.lacework.com/blog/malware-targeting-latest-f5-vulnerability/}, language = {English}, urldate = {2022-05-17} } Malware targeting latest F5 vulnerability
Mirai
2022-05-06Palo Alto Networks Unit 42Chris Navarrete, Durgesh Sangvikar, Yu Fu, Yanhui Jia, Siddhart Shibiraj
@online{navarrete:20220506:cobalt:8248108, author = {Chris Navarrete and Durgesh Sangvikar and Yu Fu and Yanhui Jia and Siddhart Shibiraj}, title = {{Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding}}, date = {2022-05-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-metadata-encoding-decoding/}, language = {English}, urldate = {2022-05-09} } Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding
Cobalt Strike
2022-05-05BrightTALK (Mandiant)Christopher Gardner
@online{gardner:20220505:sample:66178f9, author = {Christopher Gardner}, title = {{The Sample: Beating the Malware Piñata}}, date = {2022-05-05}, organization = {BrightTALK (Mandiant)}, url = {https://www.brighttalk.com/webcast/7451/538775}, language = {English}, urldate = {2022-06-09} } The Sample: Beating the Malware Piñata
Jaku
2022-05-05YouTube (Chris Greer)Chris Greer
@online{greer:20220505:malware:d2996ea, author = {Chris Greer}, title = {{MALWARE Analysis with Wireshark // TRICKBOT Infection}}, date = {2022-05-05}, organization = {YouTube (Chris Greer)}, url = {https://www.youtube.com/watch?v=Brx4cygfmg8}, language = {English}, urldate = {2022-05-05} } MALWARE Analysis with Wireshark // TRICKBOT Infection
TrickBot
2022-05-03TrellixChristiaan Beek
@online{beek:20220503:hermit:70ec592, author = {Christiaan Beek}, title = {{The Hermit Kingdom’s Ransomware play}}, date = {2022-05-03}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/the-hermit-kingdoms-ransomware-play.html}, language = {English}, urldate = {2022-05-04} } The Hermit Kingdom’s Ransomware play
VHD Ransomware
2022-05-02Trend MicroChristoper Ordonez, Alvin Nieto
@online{ordonez:20220502:avoslocker:3e0cddd, author = {Christoper Ordonez and Alvin Nieto}, title = {{AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell}}, date = {2022-05-02}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html}, language = {English}, urldate = {2022-05-04} } AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
AvosLocker
2022-05-02MandiantDoug Bienstock, Melissa Derr, Josh Madeley, Tyler McLellan, Chris Gardner
@online{bienstock:20220502:unc3524:5948892, author = {Doug Bienstock and Melissa Derr and Josh Madeley and Tyler McLellan and Chris Gardner}, title = {{UNC3524: Eye Spy on Your Email}}, date = {2022-05-02}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/unc3524-eye-spy-email}, language = {English}, urldate = {2022-05-03} } UNC3524: Eye Spy on Your Email
QUIETEXIT UNC3524
2022-04-25MandiantDaniel Kapellmann Zafra, Raymond Leong, Chris Sistrunk, Ken Proska, Corey Hildebrandt, Keith Lunden, Nathan Brubaker
@online{zafra:20220425:industroyerv2:5548d98, author = {Daniel Kapellmann Zafra and Raymond Leong and Chris Sistrunk and Ken Proska and Corey Hildebrandt and Keith Lunden and Nathan Brubaker}, title = {{INDUSTROYER.V2: Old Malware Learns New Tricks}}, date = {2022-04-25}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/industroyer-v2-old-malware-new-tricks}, language = {English}, urldate = {2022-04-29} } INDUSTROYER.V2: Old Malware Learns New Tricks
INDUSTROYER2
2022-04-06Cado SecurityMatt Muir, Chris Doman, Al Carchrie, Paul Scott
@online{muir:20220406:cado:8544515, author = {Matt Muir and Chris Doman and Al Carchrie and Paul Scott}, title = {{Cado Discovers Denonia: The First Malware Specifically Targeting Lambda}}, date = {2022-04-06}, organization = {Cado Security}, url = {https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/}, language = {English}, urldate = {2022-08-08} } Cado Discovers Denonia: The First Malware Specifically Targeting Lambda
Denonia