Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-12-19CrowdStrikeSarang Sonawane, Donato Onofri
@online{sonawane:20221219:malware:1e7d417, author = {Sarang Sonawane and Donato Onofri}, title = {{Malware Analysis: GuLoader Dissection Reveals New Anti-Analysis Techniques and Code Injection Redundancy}}, date = {2022-12-19}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/guloader-dissection-reveals-new-anti-analysis-techniques-and-code-injection-redundancy/}, language = {English}, urldate = {2022-12-24} } Malware Analysis: GuLoader Dissection Reveals New Anti-Analysis Techniques and Code Injection Redundancy
CloudEyE
2022-12-02CrowdStrikeTim Parisi
@online{parisi:20221202:not:7f9fee4, author = {Tim Parisi}, title = {{Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies}}, date = {2022-12-02}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/}, language = {English}, urldate = {2022-12-14} } Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies
2022-09-26CrowdStrikeIoan Iacob, Iulian Madalin Ionita
@online{iacob:20220926:anatomy:248e6ff, author = {Ioan Iacob and Iulian Madalin Ionita}, title = {{The Anatomy of Wiper Malware, Part 3: Input/Output Controls}}, date = {2022-09-26}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-3/}, language = {English}, urldate = {2022-09-29} } The Anatomy of Wiper Malware, Part 3: Input/Output Controls
CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper Meteor Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare
2022-08-24CrowdStrikeIoan Iacob, Iulian Madalin Ionita
@online{iacob:20220824:anatomy:64f6451, author = {Ioan Iacob and Iulian Madalin Ionita}, title = {{The Anatomy of Wiper Malware, Part 2: Third-Party Drivers}}, date = {2022-08-24}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-2}, language = {English}, urldate = {2022-08-31} } The Anatomy of Wiper Malware, Part 2: Third-Party Drivers
2022-08-12CrowdStrikeIoan Iacob, Iulian Madalin Ionita
@online{iacob:20220812:anatomy:b13ce32, author = {Ioan Iacob and Iulian Madalin Ionita}, title = {{The Anatomy of Wiper Malware, Part 1: Common Techniques}}, date = {2022-08-12}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-1/}, language = {English}, urldate = {2023-01-19} } The Anatomy of Wiper Malware, Part 1: Common Techniques
Apostle CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper IsraBye KillDisk Meteor Olympic Destroyer Ordinypt Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare
2022-06-02CrowdStrikeEPP Content Research Team
@online{team:20220602:crowdstrike:3ca0d32, author = {EPP Content Research Team}, title = {{CrowdStrike Uncovers New MacOS Browser Hijacking Campaign}}, date = {2022-06-02}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-crowdstrike-uncovered-a-new-macos-browser-hijacking-campaign/}, language = {English}, urldate = {2022-07-18} } CrowdStrike Uncovers New MacOS Browser Hijacking Campaign
Choziosi
2022-05-25CrowdStrikeJamie Harris
@online{harris:20220525:hunting:48d53ea, author = {Jamie Harris}, title = {{Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun}}, date = {2022-05-25}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-to-hunt-for-decisivearchitect-and-justforfun-implant/}, language = {English}, urldate = {2022-05-29} } Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun
BPFDoor
2022-05-20CrowdStrikeVlad Ciuleanu
@online{ciuleanu:20220520:mirai:77360aa, author = {Vlad Ciuleanu}, title = {{Mirai Malware Variants for Linux Double Down on Stronger Chips in Q1 2022}}, date = {2022-05-20}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/linux-mirai-malware-double-on-stronger-chips/}, language = {English}, urldate = {2022-05-25} } Mirai Malware Variants for Linux Double Down on Stronger Chips in Q1 2022
Mirai
2022-05-11CrowdStrikeAdrian Justice
@online{justice:20220511:proactive:a23c54f, author = {Adrian Justice}, title = {{Proactive Threat Hunting Bears Fruit: Falcon OverWatch Detects Novel IceApple Post-Exploitation Framework}}, date = {2022-05-11}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/falcon-overwatch-detects-iceapple-framework/}, language = {English}, urldate = {2022-05-11} } Proactive Threat Hunting Bears Fruit: Falcon OverWatch Detects Novel IceApple Post-Exploitation Framework
2022-05-11CrowdStrikeAdrian Justice, CrowdStrike Overwatch Team
@techreport{justice:20220511:iceapple:608746f, author = {Adrian Justice and CrowdStrike Overwatch Team}, title = {{IceApple: A Novel Internet Information Services (IIS) Post-Exploitation Framework}}, date = {2022-05-11}, institution = {CrowdStrike}, url = {https://www.crowdstrike.com/wp-content/uploads/2022/05/crowdstrike-iceapple-a-novel-internet-information-services-post-exploitation-framework.pdf}, language = {English}, urldate = {2022-05-11} } IceApple: A Novel Internet Information Services (IIS) Post-Exploitation Framework
2022-05-06CrowdStrikePaul-Danut Urian
@online{urian:20220506:macos:59df492, author = {Paul-Danut Urian}, title = {{macOS Malware Is More Reality Than Myth: Popular Threats and Challenges in Analysis}}, date = {2022-05-06}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-crowdstrike-analyzes-macos-malware-to-optimize-automated-detection-capabilities}, language = {English}, urldate = {2022-05-11} } macOS Malware Is More Reality Than Myth: Popular Threats and Challenges in Analysis
EvilQuest FlashBack Shlayer XCSSET
2022-05-06CrowdStrikePaul-Danut Urian
@online{urian:20220506:macos:f1223a9, author = {Paul-Danut Urian}, title = {{macOS Malware Is More Reality Than Myth: Popular Threats and Challenges in Analysis}}, date = {2022-05-06}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-crowdstrike-analyzes-macos-malware-to-optimize-automated-detection-capabilities/}, language = {English}, urldate = {2022-05-17} } macOS Malware Is More Reality Than Myth: Popular Threats and Challenges in Analysis
Lador
2022-05-04CrowdStrikeSebastian Walla
@online{walla:20220504:compromised:b2b1f9b, author = {Sebastian Walla}, title = {{Compromised Docker Honeypots Used for Pro-Ukrainian DoS Attack}}, date = {2022-05-04}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/compromised-docker-honeypots-used-for-pro-ukrainian-dos-attack/}, language = {English}, urldate = {2022-05-05} } Compromised Docker Honeypots Used for Pro-Ukrainian DoS Attack
2022-04-21CrowdStrikeManoj Ahuje
@online{ahuje:20220421:lemonduck:6b61d01, author = {Manoj Ahuje}, title = {{LemonDuck Targets Docker for Cryptomining Operations}}, date = {2022-04-21}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/lemonduck-botnet-targets-docker-for-cryptomining-operations/}, language = {English}, urldate = {2022-04-24} } LemonDuck Targets Docker for Cryptomining Operations
Lemon Duck
2022-04-01CrowdStrikeCristian Popa
@online{popa:20220401:bert:08bcb1b, author = {Cristian Popa}, title = {{BERT Embeddings: A Modern Machine-learning Approach for Detecting Malware from Command Lines (Part 2 of 2)}}, date = {2022-04-01}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/bert-embeddings-new-approach-for-command-line-anomaly-detection-part-2/}, language = {English}, urldate = {2022-04-05} } BERT Embeddings: A Modern Machine-learning Approach for Detecting Malware from Command Lines (Part 2 of 2)
2022-03-31CrowdStrikeChristopher Romano, Vaishnav Murthy
@online{romano:20220331:cloudy:15ac5c7, author = {Christopher Romano and Vaishnav Murthy}, title = {{Cloudy with a Chance of Unclear Mailbox Sync: CrowdStrike Services Identifies Logging Inconsistencies in Microsoft 365}}, date = {2022-03-31}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/crowdstrike-services-identifies-logging-inconsistencies-in-microsoft-365/}, language = {English}, urldate = {2022-04-05} } Cloudy with a Chance of Unclear Mailbox Sync: CrowdStrike Services Identifies Logging Inconsistencies in Microsoft 365
2022-03-30CrowdStrikeCrowdStrike Threat Intel Team
@online{team:20220330:who:f73e255, author = {CrowdStrike Threat Intel Team}, title = {{Who is EMBER BEAR?}}, date = {2022-03-30}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/who-is-ember-bear/}, language = {English}, urldate = {2022-03-31} } Who is EMBER BEAR?
WhisperGate
2022-03-23CrowdStrikeFalcon OverWatch Team
@online{team:20220323:falcon:eb9c44f, author = {Falcon OverWatch Team}, title = {{Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack}}, date = {2022-03-23}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/falcon-overwatch-contributes-to-blackcat-protection/}, language = {English}, urldate = {2022-03-25} } Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack
BlackCat
2022-03-14CrowdStrikeFalcon OverWatch Team
@online{team:20220314:falcon:6dc1944, author = {Falcon OverWatch Team}, title = {{Falcon OverWatch Threat Hunting Uncovers Ongoing NIGHT SPIDER Zloader Campaign}}, date = {2022-03-14}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/falcon-overwatch-uncovers-ongoing-night-spider-zloader-campaign/}, language = {English}, urldate = {2022-03-15} } Falcon OverWatch Threat Hunting Uncovers Ongoing NIGHT SPIDER Zloader Campaign
Zloader
2022-03-07CrowdStrikeChris Nguyen, Eric Loui
@online{nguyen:20220307:prophet:1acbba8, author = {Chris Nguyen and Eric Loui}, title = {{PROPHET SPIDER Exploits Citrix ShareFile Remote Code Execution Vulnerability CVE-2021-22941 to Deliver Webshell}}, date = {2022-03-07}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/}, language = {English}, urldate = {2022-03-08} } PROPHET SPIDER Exploits Citrix ShareFile Remote Code Execution Vulnerability CVE-2021-22941 to Deliver Webshell