Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-07-19CrowdStrikeAspen Lindblom, Joseph Godwin, Chris Sheldon
@online{lindblom:20210719:shlayer:5fc616d, author = {Aspen Lindblom and Joseph Godwin and Chris Sheldon}, title = {{Shlayer Malvertising Campaigns Still Using Flash Update Disguise}}, date = {2021-07-19}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/shlayer-malvertising-campaigns-still-using-flash-update-disguise/}, language = {English}, urldate = {2021-07-26} } Shlayer Malvertising Campaigns Still Using Flash Update Disguise
Shlayer
2021-07-07CrowdStrikeKaran Sood, Liviu Arsene
@online{sood:20210707:how:84886a9, author = {Karan Sood and Liviu Arsene}, title = {{How CrowdStrike Falcon Stops REvil Ransomware Used in the Kaseya Attack}}, date = {2021-07-07}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-crowdstrike-stops-revil-ransomware-from-kaseya-attack/}, language = {English}, urldate = {2021-07-19} } How CrowdStrike Falcon Stops REvil Ransomware Used in the Kaseya Attack
REvil
2021-07-06CrowdStrikeAdam Meyers
@online{meyers:20210706:evolution:7d985ff, author = {Adam Meyers}, title = {{The Evolution of PINCHY SPIDER from GandCrab to REvil}}, date = {2021-07-06}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/the-evolution-of-revil-ransomware-and-pinchy-spider/}, language = {English}, urldate = {2021-07-19} } The Evolution of PINCHY SPIDER from GandCrab to REvil
Gandcrab REvil
2021-06-28CrowdStrikeAlexandru Ghita
@online{ghita:20210628:new:85c558c, author = {Alexandru Ghita}, title = {{New Ransomware Variant Uses Golang Packer}}, date = {2021-06-28}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/new-ransomware-variant-uses-golang-packer/}, language = {English}, urldate = {2021-06-29} } New Ransomware Variant Uses Golang Packer
FiveHands HelloKitty
2021-06-22CrowdStrikeThe Falcon Complete Team
@online{team:20210622:response:13a8ee6, author = {The Falcon Complete Team}, title = {{Response When Minutes Matter: Falcon Complete Disrupts WIZARD SPIDER eCrime Operators}}, date = {2021-06-22}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-falcon-complete-disrupts-ecrime-operators-wizard-spider/}, language = {English}, urldate = {2021-06-24} } Response When Minutes Matter: Falcon Complete Disrupts WIZARD SPIDER eCrime Operators
Cobalt Strike
2021-06-22CrowdStrikerich seymour
@online{seymour:20210622:preventing:641f2fb, author = {rich seymour}, title = {{Preventing Exploitation of the ZIP File Format}}, date = {2021-06-22}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-to-prevent-zip-file-exploitation/}, language = {English}, urldate = {2021-06-24} } Preventing Exploitation of the ZIP File Format
2021-06-18CrowdStrikeJosh Dalman, Heather Smith
@online{dalman:20210618:ransomware:2c31db2, author = {Josh Dalman and Heather Smith}, title = {{Ransomware Actors Evolved Their Operations in 2020}}, date = {2021-06-18}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/ransomware-actors-evolved-operations-in-2020/}, language = {English}, urldate = {2021-06-22} } Ransomware Actors Evolved Their Operations in 2020
2021-06-10CrowdStrikeFalcon Spotlight Team
@online{team:20210610:june:5b6689e, author = {Falcon Spotlight Team}, title = {{June 2021 Patch Tuesday: Six Actively Exploited Zero-Day Vulnerabilities and More Critical CVEs}}, date = {2021-06-10}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/patch-tuesday-analysis-june-2021/}, language = {English}, urldate = {2021-06-21} } June 2021 Patch Tuesday: Six Actively Exploited Zero-Day Vulnerabilities and More Critical CVEs
2021-06-10CrowdStrikeFarid Hendi, Liviu Arsene
@online{hendi:20210610:crowdstrike:ed1b61b, author = {Farid Hendi and Liviu Arsene}, title = {{CrowdStrike Falcon Protects Customers from Recent COZY BEAR Sophisticated Phishing Campaign}}, date = {2021-06-10}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-crowdstrike-protects-against-recent-cozy-bear-phishing-campaign/}, language = {English}, urldate = {2021-06-24} } CrowdStrike Falcon Protects Customers from Recent COZY BEAR Sophisticated Phishing Campaign
2021-06-08CrowdStrikeHeather Smith, Hanno Heinrichs
@online{smith:20210608:another:8ed0192, author = {Heather Smith and Hanno Heinrichs}, title = {{Another Brick in the Wall: eCrime Groups Leverage SonicWall VPN Vulnerability}}, date = {2021-06-08}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-ecrime-groups-leverage-sonicwall-vulnerability-cve-2019-7481/}, language = {English}, urldate = {2021-06-09} } Another Brick in the Wall: eCrime Groups Leverage SonicWall VPN Vulnerability
2021-06-08CrowdStrikePatrick Bennett
@online{bennett:20210608:ual:12fb9fb, author = {Patrick Bennett}, title = {{UAL Thank Us Later: Leveraging User Access Logging for Forensic Investigations}}, date = {2021-06-08}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/user-access-logging-ual-overview/}, language = {English}, urldate = {2021-06-09} } UAL Thank Us Later: Leveraging User Access Logging for Forensic Investigations
2021-06-02CrowdStrikeJosh Dalman, Heather Smith
@online{dalman:20210602:under:2e7083b, author = {Josh Dalman and Heather Smith}, title = {{Under Attack: Protecting Against Conti, DarkSide, REvil and Other Ransomware}}, date = {2021-06-02}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-to-defend-against-conti-darkside-revil-and-other-ransomware/}, language = {English}, urldate = {2021-06-09} } Under Attack: Protecting Against Conti, DarkSide, REvil and Other Ransomware
DarkSide Conti DarkSide REvil
2021-05-20CrowdStrikejoshua fraser
@online{fraser:20210520:response:649c607, author = {joshua fraser}, title = {{Response When Minutes Matter: When Good Tools Are Used for (R)Evil}}, date = {2021-05-20}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-falcon-complete-thwarted-a-revil-ransomware-attack/}, language = {English}, urldate = {2021-06-09} } Response When Minutes Matter: When Good Tools Are Used for (R)Evil
REvil
2021-05-11CrowdStrikeThe Falcon Complete Team
@online{team:20210511:response:7e4cf2d, author = {The Falcon Complete Team}, title = {{Response When Minutes Matter: Rising Up Against Ransomware}}, date = {2021-05-11}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-falcon-complete-stopped-a-big-game-hunting-ransomware-attack/}, language = {English}, urldate = {2021-05-13} } Response When Minutes Matter: Rising Up Against Ransomware
TinyMet
2021-04-27CrowdStrikeJosh Dalman, Kamil Janton, Eben Kaplan
@online{dalman:20210427:ransomware:8242ac5, author = {Josh Dalman and Kamil Janton and Eben Kaplan}, title = {{Ransomware Preparedness: A Call to Action}}, date = {2021-04-27}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/ransomware-preparedness-a-call-to-action/}, language = {English}, urldate = {2021-05-31} } Ransomware Preparedness: A Call to Action
Dharma GlobeImposter Maze Phobos CIRCUS SPIDER TRAVELING SPIDER
2021-03-17CrowdStrikeAdam Podlosky, Brendon Feeley
@online{podlosky:20210317:indrik:65d1f3f, author = {Adam Podlosky and Brendon Feeley}, title = {{INDRIK SPIDER Supersedes WastedLocker with Hades Ransomware to Circumvent OFAC Sanctions}}, date = {2021-03-17}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/hades-ransomware-successor-to-indrik-spiders-wastedlocker/}, language = {English}, urldate = {2021-03-19} } INDRIK SPIDER Supersedes WastedLocker with Hades Ransomware to Circumvent OFAC Sanctions
FriedEx WastedLocker
2021-03-05Reddit CrowdstrikeAndrew-CS
@online{andrewcs:20210305:20210305:e34f0e7, author = {Andrew-CS}, title = {{2021-03-05 - Cool Query Friday - Hunting For Renamed Command Line Programs}}, date = {2021-03-05}, organization = {Reddit Crowdstrike}, url = {https://www.reddit.com/r/crowdstrike/comments/lyhga8/20210305_cool_query_friday_hunting_for_renamed/}, language = {English}, urldate = {2021-03-11} } 2021-03-05 - Cool Query Friday - Hunting For Renamed Command Line Programs
2021-03-04CrowdStrikeThe Falcon Complete Team
@online{team:20210304:falcon:6170749, author = {The Falcon Complete Team}, title = {{Falcon Complete Stops Microsoft Exchange Server Zero-Day Exploits}}, date = {2021-03-04}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/falcon-complete-stops-microsoft-exchange-server-zero-day-exploits}, language = {English}, urldate = {2021-03-10} } Falcon Complete Stops Microsoft Exchange Server Zero-Day Exploits
CHINACHOPPER HAFNIUM
2021-02-26CrowdStrikeEric Loui, Sergei Frankoff
@online{loui:20210226:hypervisor:8dadf9c, author = {Eric Loui and Sergei Frankoff}, title = {{Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact}}, date = {2021-02-26}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/?utm_campaign=blog&utm_medium=soc&utm_source=twtr&utm_content=sprout}, language = {English}, urldate = {2021-05-26} } Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact
DarkSide RansomEXX Griffon Carbanak Cobalt Strike DarkSide IcedID MimiKatz PyXie RansomEXX REvil
2021-02-23CrowdStrikeCrowdStrike
@techreport{crowdstrike:20210223:2021:bf5bc4f, author = {CrowdStrike}, title = {{2021 Global Threat Report}}, date = {2021-02-23}, institution = {CrowdStrike}, url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf}, language = {English}, urldate = {2021-02-25} } 2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader KNOCKOUT SPIDER OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER