Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-14McAfeeChristiaan Beek
@online{beek:20210914:operation:95aed8d, author = {Christiaan Beek}, title = {{Operation ‘Harvest’: A Deep Dive into a Long-term Campaign}}, date = {2021-09-14}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/operation-harvest-a-deep-dive-into-a-long-term-campaign/}, language = {English}, urldate = {2021-09-19} } Operation ‘Harvest’: A Deep Dive into a Long-term Campaign
MimiKatz PlugX Winnti
2021-09-14CSO OnlineChristopher Burgess
@online{burgess:20210914:russia:5afacc3, author = {Christopher Burgess}, title = {{Russia is fully capable of shutting down cybercrime}}, date = {2021-09-14}, organization = {CSO Online}, url = {https://www.csoonline.com/article/3632943/russia-is-fully-capable-of-shutting-down-cybercrime.html}, language = {English}, urldate = {2021-09-14} } Russia is fully capable of shutting down cybercrime
2021-09-01YouTube (Black Hat)Tsuyoshi Taniguchi, Christian Doerr
@online{taniguchi:20210901:how:98ed0d5, author = {Tsuyoshi Taniguchi and Christian Doerr}, title = {{How Did the Adversaries Abusing the Bitcoin Blockchain Evade Our Takeover?}}, date = {2021-09-01}, organization = {YouTube (Black Hat)}, url = {https://www.youtube.com/watch?v=y8Z9KnL8s8s}, language = {English}, urldate = {2021-09-12} } How Did the Adversaries Abusing the Bitcoin Blockchain Evade Our Takeover?
Cerber Pony
2021-08-26The New York TimesPaul Mozur, Chris Buckley
@online{mozur:20210826:spies:3fe7b2b, author = {Paul Mozur and Chris Buckley}, title = {{Spies for Hire: China’s New Breed of Hackers Blends Espionage and Entrepreneurship}}, date = {2021-08-26}, organization = {The New York Times}, url = {https://www.nytimes.com/2021/08/26/technology/china-hackers.html}, language = {English}, urldate = {2021-09-12} } Spies for Hire: China’s New Breed of Hackers Blends Espionage and Entrepreneurship
2021-08-17IBM X-Force ExchangeCharlotte Hammond, Chris Caridi
@online{hammond:20210817:analysis:03981d3, author = {Charlotte Hammond and Chris Caridi}, title = {{Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang}}, date = {2021-08-17}, organization = {IBM X-Force Exchange}, url = {https://securityintelligence.com/posts/analysis-of-diavol-ransomware-link-trickbot-gang/}, language = {English}, urldate = {2021-08-18} } Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang
Diavol
2021-07-29Talos IntelligenceAndrew Windsor, Chris Neal
@online{windsor:20210729:talos:6cba25b, author = {Andrew Windsor and Chris Neal}, title = {{Talos Spotlight: Solarmarker}}, date = {2021-07-29}, organization = {Talos Intelligence}, url = {https://blog.talosintelligence.com/2021/07/threat-spotlight-solarmarker.html#more}, language = {English}, urldate = {2021-09-02} } Talos Spotlight: Solarmarker
Jupyter Stealer solarmarker
2021-07-21IBMChris Caridi, Allison Wikoff
@online{caridi:20210721:this:17b999a, author = {Chris Caridi and Allison Wikoff}, title = {{This Chat is Being Recorded: Egregor Ransomware Negotiations Uncovered}}, date = {2021-07-21}, organization = {IBM}, url = {https://securityintelligence.com/posts/egregor-ransomware-negotiations-uncovered/}, language = {English}, urldate = {2021-07-22} } This Chat is Being Recorded: Egregor Ransomware Negotiations Uncovered
Egregor
2021-07-19CrowdStrikeAspen Lindblom, Joseph Godwin, Chris Sheldon
@online{lindblom:20210719:shlayer:5fc616d, author = {Aspen Lindblom and Joseph Godwin and Chris Sheldon}, title = {{Shlayer Malvertising Campaigns Still Using Flash Update Disguise}}, date = {2021-07-19}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/shlayer-malvertising-campaigns-still-using-flash-update-disguise/}, language = {English}, urldate = {2021-07-26} } Shlayer Malvertising Campaigns Still Using Flash Update Disguise
Shlayer
2021-07-14Cado SecurityChristopher Doman
@online{doman:20210714:triage:5a7151d, author = {Christopher Doman}, title = {{Triage analysis of Serv-U FTP user backdoor deployed by CVE-2021-35211 (DEV-0322)}}, date = {2021-07-14}, organization = {Cado Security}, url = {https://www.cadosecurity.com/post/triage-analysis-of-serv-u-ftp-user-backdoor-deployed-by-cve-2021-35211}, language = {English}, urldate = {2021-07-20} } Triage analysis of Serv-U FTP user backdoor deployed by CVE-2021-35211 (DEV-0322)
2021-07-14MDSecChris Basnett
@online{basnett:20210714:investigating:585e2a1, author = {Chris Basnett}, title = {{Investigating a Suspicious Service}}, date = {2021-07-14}, organization = {MDSec}, url = {https://www.mdsec.co.uk/2021/07/investigating-a-suspicious-service/}, language = {English}, urldate = {2021-07-20} } Investigating a Suspicious Service
Cobalt Strike
2021-07-13Cado SecurityChristopher Doman
@online{doman:20210713:resources:13f690a, author = {Christopher Doman}, title = {{Resources for Investigating Cloud and Container Penetration Testing Tools}}, date = {2021-07-13}, organization = {Cado Security}, url = {https://www.cadosecurity.com/post/resources-for-investigating-cloud-and-container-penetration-testing-tools}, language = {English}, urldate = {2021-07-20} } Resources for Investigating Cloud and Container Penetration Testing Tools
2021-06-29YouTube (C. Beek)Christiaan Beek
@online{beek:20210629:demo:2cbd075, author = {Christiaan Beek}, title = {{Demo of REvil/Sodinokibi Linux variant encrypting a Linux system}}, date = {2021-06-29}, organization = {YouTube (C. Beek)}, url = {https://www.youtube.com/watch?v=ptbNMlWxYnE}, language = {English}, urldate = {2021-06-29} } Demo of REvil/Sodinokibi Linux variant encrypting a Linux system
REvil
2021-06-10laceworkChris Hall
@online{hall:20210610:keksec:53918f5, author = {Chris Hall}, title = {{Keksec & Tsunami-Ryuk}}, date = {2021-06-10}, organization = {lacework}, url = {https://www.lacework.com/keksec-tsunami-ryuk/}, language = {English}, urldate = {2021-06-16} } Keksec & Tsunami-Ryuk
N3Cr0m0rPh
2021-05-20laceworkJared Stroud, Chris Hall, Tom Hegel
@online{stroud:20210520:8220:c309f60, author = {Jared Stroud and Chris Hall and Tom Hegel}, title = {{8220 Gangs Recent use of Custom Miner and Botnet}}, date = {2021-05-20}, organization = {lacework}, url = {https://www.lacework.com/8220-gangs-recent-use-of-custom-miner-and-botnet/}, language = {English}, urldate = {2021-05-26} } 8220 Gangs Recent use of Custom Miner and Botnet
2021-05-14McAfeeRaj Samani, Christiaan Beek
@online{samani:20210514:darkside:e0b6b8d, author = {Raj Samani and Christiaan Beek}, title = {{Darkside Ransomware Victims Sold Short}}, date = {2021-05-14}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/darkside-ransomware-victims-sold-short/}, language = {English}, urldate = {2021-05-17} } Darkside Ransomware Victims Sold Short
DarkSide
2021-05-08ReutersChristopher Bing, Stephanie Kelly
@online{bing:20210508:cyber:0adb323, author = {Christopher Bing and Stephanie Kelly}, title = {{Cyber attack shuts down top U.S. fuel pipeline network}}, date = {2021-05-08}, organization = {Reuters}, url = {https://www.reuters.com/technology/colonial-pipeline-halts-all-pipeline-operations-after-cybersecurity-attack-2021-05-08/}, language = {English}, urldate = {2021-05-11} } Cyber attack shuts down top U.S. fuel pipeline network
DarkSide
2021-05-06Black HatTsuyoshi Taniguchi, Christian Doerr
@techreport{taniguchi:20210506:how:45b144d, author = {Tsuyoshi Taniguchi and Christian Doerr}, title = {{How Did the Adversaries Abusing Bitcoin Blockchain Evade Our Takeover}}, date = {2021-05-06}, institution = {Black Hat}, url = {https://i.blackhat.com/asia-21/Thursday-Handouts/as21-Taniguchi-How-Did-The-Adversaries-Abusing-The-Bitcoin-Blockchain-Evade-Our-Takeover.pdf}, language = {English}, urldate = {2021-09-12} } How Did the Adversaries Abusing Bitcoin Blockchain Evade Our Takeover
Cerber Pony
2021-05-04Lacework LabsChris Hall
@online{hall:20210504:cpuminer:db7b10e, author = {Chris Hall}, title = {{Cpuminer & Friends}}, date = {2021-05-04}, organization = {Lacework Labs}, url = {https://www.lacework.com/cpuminer-friends/}, language = {English}, urldate = {2021-05-08} } Cpuminer & Friends
2021-04-22laceworkChris Hall, Jared Stroud
@online{hall:20210422:sysrvhello:2c8a477, author = {Chris Hall and Jared Stroud}, title = {{Sysrv-Hello Expands Infrastructure}}, date = {2021-04-22}, organization = {lacework}, url = {https://www.lacework.com/sysrv-hello-expands-infrastructure/}, language = {English}, urldate = {2021-04-29} } Sysrv-Hello Expands Infrastructure
2021-04-20FireEyeJosh Fleischer, Chris DiGiamo, Alex Pennino
@online{fleischer:20210420:zeroday:0641c6a, author = {Josh Fleischer and Chris DiGiamo and Alex Pennino}, title = {{Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise}}, date = {2021-04-20}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/04/zero-day-exploits-in-sonicwall-email-security-lead-to-compromise.html}, language = {English}, urldate = {2021-04-28} } Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise