Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-03-17CrowdStrikeAdam Podlosky, Brendon Feeley
@online{podlosky:20210317:indrik:65d1f3f, author = {Adam Podlosky and Brendon Feeley}, title = {{INDRIK SPIDER Supersedes WastedLocker with Hades Ransomware to Circumvent OFAC Sanctions}}, date = {2021-03-17}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/hades-ransomware-successor-to-indrik-spiders-wastedlocker/}, language = {English}, urldate = {2021-03-19} } INDRIK SPIDER Supersedes WastedLocker with Hades Ransomware to Circumvent OFAC Sanctions
FriedEx WastedLocker
2021-03-05Reddit CrowdstrikeAndrew-CS
@online{andrewcs:20210305:20210305:e34f0e7, author = {Andrew-CS}, title = {{2021-03-05 - Cool Query Friday - Hunting For Renamed Command Line Programs}}, date = {2021-03-05}, organization = {Reddit Crowdstrike}, url = {https://www.reddit.com/r/crowdstrike/comments/lyhga8/20210305_cool_query_friday_hunting_for_renamed/}, language = {English}, urldate = {2021-03-11} } 2021-03-05 - Cool Query Friday - Hunting For Renamed Command Line Programs
2021-03-04CrowdStrikeThe Falcon Complete Team
@online{team:20210304:falcon:6170749, author = {The Falcon Complete Team}, title = {{Falcon Complete Stops Microsoft Exchange Server Zero-Day Exploits}}, date = {2021-03-04}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/falcon-complete-stops-microsoft-exchange-server-zero-day-exploits}, language = {English}, urldate = {2021-03-10} } Falcon Complete Stops Microsoft Exchange Server Zero-Day Exploits
CHINACHOPPER HAFNIUM
2021-02-26CrowdStrikeEric Loui, Sergei Frankoff
@online{loui:20210226:hypervisor:8dadf9c, author = {Eric Loui and Sergei Frankoff}, title = {{Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact}}, date = {2021-02-26}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/?utm_campaign=blog&utm_medium=soc&utm_source=twtr&utm_content=sprout}, language = {English}, urldate = {2021-03-02} } Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact
RansomEXX Griffon Carbanak Cobalt Strike IcedID MimiKatz PyXie RansomEXX REvil
2021-02-23CrowdStrikeCrowdStrike
@techreport{crowdstrike:20210223:2021:bf5bc4f, author = {CrowdStrike}, title = {{2021 Global Threat Report}}, date = {2021-02-23}, institution = {CrowdStrike}, url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf}, language = {English}, urldate = {2021-02-25} } 2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon Ransomware BazarBackdoor Clop Cobalt Strike Conti Ransomware Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet Ransomware ShadowPad SmokeLoader Snake Ransomware SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader
2021-02-17CrowdStrikeStrategic Threat Advisory Group, Falcon OverWatch Team
@online{group:20210217:dont:807d211, author = {Strategic Threat Advisory Group and Falcon OverWatch Team}, title = {{Don’t Get Schooled: Understanding the Threats to the Academic Industry}}, date = {2021-02-17}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/academia-threat-landscape-2020-analysis/}, language = {English}, urldate = {2021-02-20} } Don’t Get Schooled: Understanding the Threats to the Academic Industry
2021-02-11CrowdStrikeRadu Vlad
@online{vlad:20210211:press:b7ea157, author = {Radu Vlad}, title = {{Press #1 to Play: A Look Into eCrime Menu-style Toolkits}}, date = {2021-02-11}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/analysis-of-ecrime-menu-style-toolkits/}, language = {English}, urldate = {2021-02-20} } Press #1 to Play: A Look Into eCrime Menu-style Toolkits
Mailto
2021-02-08CrowdStrikeTom Simpson, Tom Henry, Seb Walla
@online{simpson:20210208:blocking:c4fb4be, author = {Tom Simpson and Tom Henry and Seb Walla}, title = {{Blocking SolarMarker Backdoor}}, date = {2021-02-08}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/solarmarker-backdoor-technical-analysis/}, language = {English}, urldate = {2021-02-09} } Blocking SolarMarker Backdoor
Jupyter Stealer solarmarker
2021-01-11CrowdStrikeCrowdStrike Intelligence Team
@online{team:20210111:sunspot:70e8a4c, author = {CrowdStrike Intelligence Team}, title = {{SUNSPOT: An Implant in the Build Process}}, date = {2021-01-11}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/}, language = {English}, urldate = {2021-01-21} } SUNSPOT: An Implant in the Build Process
SUNBURST
2020-12-23CrowdStrikeMichael Sentonas
@online{sentonas:20201223:crowdstrike:ee76d67, author = {Michael Sentonas}, title = {{CrowdStrike Launches Free Tool to Identify and Help Mitigate Risks in Azure Active Directory}}, date = {2020-12-23}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/crowdstrike-launches-free-tool-to-identify-and-help-mitigate-risks-in-azure-active-directory/}, language = {English}, urldate = {2021-01-01} } CrowdStrike Launches Free Tool to Identify and Help Mitigate Risks in Azure Active Directory
SUNBURST
2020-12-22CrowdStrikeJai Minton
@online{minton:20201222:leftover:656cc14, author = {Jai Minton}, title = {{Leftover Lunch: Finding, Hunting and Eradicating Spicy Hot Pot, a Persistent Browser Hijacking Rootkit}}, date = {2020-12-22}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/spicy-hot-pot-rootkit-explained/}, language = {English}, urldate = {2020-12-23} } Leftover Lunch: Finding, Hunting and Eradicating Spicy Hot Pot, a Persistent Browser Hijacking Rootkit
Spicy Hot Pot
2020-12-16CrowdStrikeDavid Rojas, Mark Robinson
@online{rojas:20201216:hiding:b5c41f6, author = {David Rojas and Mark Robinson}, title = {{Hiding in Plain Sight: Remediating “Hidden” Malware with Real Time Response}}, date = {2020-12-16}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-to-remediate-hidden-malware-real-time-response/}, language = {English}, urldate = {2021-01-04} } Hiding in Plain Sight: Remediating “Hidden” Malware with Real Time Response
Andromeda
2020-12-09CrowdStrikeJosh Burgess, Jason Rivera
@techreport{burgess:20201209:from:1811e9c, author = {Josh Burgess and Jason Rivera}, title = {{From Zero to SixtyThe Story of North Korea’s Rapid Ascent to Becoming a Global Cyber Superpower}}, date = {2020-12-09}, institution = {CrowdStrike}, url = {https://i.blackhat.com/eu-20/Wednesday/eu-20-Rivera-From-Zero-To-Sixty-The-Story-Of-North-Koreas-Rapid-Ascent-To-Becoming-A-Global-Cyber-Superpower.pdf}, language = {English}, urldate = {2020-12-11} } From Zero to SixtyThe Story of North Korea’s Rapid Ascent to Becoming a Global Cyber Superpower
FastCash Hermes WannaCryptor
2020-11-18CrowdStrikeFalcon OverWatch Team, CrowdStrike Intelligence Team
@online{team:20201118:hacking:3fb3539, author = {Falcon OverWatch Team and CrowdStrike Intelligence Team}, title = {{Hacking Farm to Table: Threat Hunters Uncover Rise in Attacks Against Agriculture}}, date = {2020-11-18}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-threat-hunting-uncovered-attacks-in-the-agriculture-industry}, language = {English}, urldate = {2020-11-23} } Hacking Farm to Table: Threat Hunters Uncover Rise in Attacks Against Agriculture
2020-10-16CrowdStrikeThe Crowdstrike Intel Team
@online{team:20201016:wizard:12b648a, author = {The Crowdstrike Intel Team}, title = {{WIZARD SPIDER Update: Resilient, Reactive and Resolute}}, date = {2020-10-16}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/wizard-spider-adversary-update/}, language = {English}, urldate = {2020-10-21} } WIZARD SPIDER Update: Resilient, Reactive and Resolute
BazarBackdoor Conti Ransomware Ryuk TrickBot
2020-10-14CrowdStrikeThe Falcon Complete Team
@online{team:20201014:duck:d227846, author = {The Falcon Complete Team}, title = {{Duck Hunting with Falcon Complete: Remediating a Fowl Banking Trojan, Part 3}}, date = {2020-10-14}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/duck-hunting-with-falcon-complete-qakbot-countermeasures/}, language = {English}, urldate = {2020-11-09} } Duck Hunting with Falcon Complete: Remediating a Fowl Banking Trojan, Part 3
QakBot
2020-10-07CrowdStrikeThe Falcon Complete Team
@online{team:20201007:duck:69360c9, author = {The Falcon Complete Team}, title = {{Duck Hunting with Falcon Complete: Analyzing a Fowl Banking Trojan, Part 2}}, date = {2020-10-07}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/duck-hunting-with-falcon-complete-qakbot-zip-based-campaign/}, language = {English}, urldate = {2020-10-12} } Duck Hunting with Falcon Complete: Analyzing a Fowl Banking Trojan, Part 2
QakBot Zloader
2020-10-06CrowdStrikeThe Crowdstrike Intel Team
@online{team:20201006:double:bb0f240, author = {The Crowdstrike Intel Team}, title = {{Double Trouble: Ransomware with Data Leak Extortion, Part 2}}, date = {2020-10-06}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-2/}, language = {English}, urldate = {2020-10-12} } Double Trouble: Ransomware with Data Leak Extortion, Part 2
Maze MedusaLocker REvil
2020-10-01CrowdStrikeDylan Barker, Quinten Bowen, Ryan Campbell
@online{barker:20201001:duck:edcc017, author = {Dylan Barker and Quinten Bowen and Ryan Campbell}, title = {{Duck Hunting with Falcon Complete: Analyzing a Fowl Banking Trojan, Part 1}}, date = {2020-10-01}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/duck-hunting-with-falcon-complete-analyzing-a-fowl-banking-trojan-part-1/}, language = {English}, urldate = {2020-10-07} } Duck Hunting with Falcon Complete: Analyzing a Fowl Banking Trojan, Part 1
QakBot
2020-09-29CrowdStrikeKareem Hamdan, Lucas Miller
@online{hamdan:20200929:getting:c01923a, author = {Kareem Hamdan and Lucas Miller}, title = {{Getting the Bacon from the Beacon}}, date = {2020-09-29}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/getting-the-bacon-from-cobalt-strike-beacon/}, language = {English}, urldate = {2020-10-05} } Getting the Bacon from the Beacon
Cobalt Strike