Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-30CrowdStrikeFalcon OverWatch Team
@online{team:20210930:hunting:bc2e59d, author = {Falcon OverWatch Team}, title = {{Hunting for the Confluence Exploitation: When Falcon OverWatch Becomes the First Line of Defense}}, date = {2021-09-30}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-crowdstrike-threat-hunters-identified-a-confluence-exploit/}, language = {English}, urldate = {2021-10-05} } Hunting for the Confluence Exploitation: When Falcon OverWatch Becomes the First Line of Defense
Cobalt Strike
2021-09-17CrowdStrikeFalcon OverWatch Team
@online{team:20210917:falcon:76aa03b, author = {Falcon OverWatch Team}, title = {{Falcon OverWatch Hunts Down Adversaries Where They Hide}}, date = {2021-09-17}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/four-popular-defensive-evasion-techniques-in-2021/}, language = {English}, urldate = {2021-10-05} } Falcon OverWatch Hunts Down Adversaries Where They Hide
BazarBackdoor Cobalt Strike
2021-09-15CrowdStrikeFalcon OverWatch Team
@online{team:20210915:shining:138fc96, author = {Falcon OverWatch Team}, title = {{Shining a Light on DarkOxide}}, date = {2021-09-15}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/darkoxide-technical-analysis/}, language = {English}, urldate = {2021-09-19} } Shining a Light on DarkOxide
2021-09-14CrowdStrikeCrowdStrike Intelligence Team
@online{team:20210914:big:b345561, author = {CrowdStrike Intelligence Team}, title = {{Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack}}, date = {2021-09-14}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-big-game-hunting-ttps-shifted-after-darkside-pipeline-attack/}, language = {English}, urldate = {2021-09-19} } Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack
BlackMatter DarkSide REvil Avaddon BlackMatter Clop Conti CryptoLocker DarkSide DoppelPaymer Hades REvil
2021-08-31CrowdStrikeAlexander Hanel
@online{hanel:20210831:sidoh:8a5c018, author = {Alexander Hanel}, title = {{Sidoh: WIZARD SPIDER’s Mysterious Exfiltration Tool}}, date = {2021-08-31}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/sidoh-wizard-spiders-mysterious-exfiltration-tool/}, language = {English}, urldate = {2021-09-02} } Sidoh: WIZARD SPIDER’s Mysterious Exfiltration Tool
Ryuk Stealer
2021-08-30CrowdStrikeEric Loui, Josh Reynolds
@online{loui:20210830:carbon:66be3f3, author = {Eric Loui and Josh Reynolds}, title = {{CARBON SPIDER Embraces Big Game Hunting, Part 1}}, date = {2021-08-30}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/carbon-spider-embraces-big-game-hunting-part-1/}, language = {English}, urldate = {2021-08-31} } CARBON SPIDER Embraces Big Game Hunting, Part 1
Bateleur Griffon Carbanak DarkSide JSSLoader PILLOWMINT REvil
2021-08-30CrowdStrikeMichael Dawson
@online{dawson:20210830:hypervisor:81ca39b, author = {Michael Dawson}, title = {{Hypervisor Jackpotting, Part 2: eCrime Actors Increase Targeting of ESXi Servers with Ransomware}}, date = {2021-08-30}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/hypervisor-jackpotting-ecrime-actors-increase-targeting-of-esxi-servers/}, language = {English}, urldate = {2021-08-31} } Hypervisor Jackpotting, Part 2: eCrime Actors Increase Targeting of ESXi Servers with Ransomware
Babuk HelloKitty REvil
2021-08-26CrowdStrikeYaron Zinar
@online{zinar:20210826:ntlm:9a3faa5, author = {Yaron Zinar}, title = {{NTLM Keeps Haunting Microsoft}}, date = {2021-08-26}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/ntlm-keeps-haunting-microsoft/}, language = {English}, urldate = {2021-08-31} } NTLM Keeps Haunting Microsoft
2021-08-11CrowdStrikeLiviu Arsene
@online{arsene:20210811:teaching:aeec28a, author = {Liviu Arsene}, title = {{Teaching an Old Dog New Tricks: 2017 Magniber Ransomware Uses PrintNightmare Vulnerability to Infect Victims in South Korea}}, date = {2021-08-11}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/}, language = {English}, urldate = {2021-09-02} } Teaching an Old Dog New Tricks: 2017 Magniber Ransomware Uses PrintNightmare Vulnerability to Infect Victims in South Korea
Magniber
2021-08-04CrowdStrikeFalcon OverWatch Team, CrowdStrike Intelligence Team, CrowdStrike IR
@online{team:20210804:prophet:e6e6a99, author = {Falcon OverWatch Team and CrowdStrike Intelligence Team and CrowdStrike IR}, title = {{PROPHET SPIDER Exploits Oracle WebLogic to Facilitate Ransomware Activity}}, date = {2021-08-04}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/prophet-spider-exploits-oracle-weblogic-to-facilitate-ransomware-activity/}, language = {English}, urldate = {2021-09-02} } PROPHET SPIDER Exploits Oracle WebLogic to Facilitate Ransomware Activity
Cobalt Strike Egregor Mount Locker
2021-08-03CrowdStrikeMichael DeCristofaro, Eric Loui, Josh Reynolds
@online{decristofaro:20210803:squashing:ba231ef, author = {Michael DeCristofaro and Eric Loui and Josh Reynolds}, title = {{Squashing SPIDERS: Threat Intelligence, Threat Hunting and Rapid Response Stops SQL Injection Campaign}}, date = {2021-08-03}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-crowdstrike-stopped-an-sql-injection-campaign/}, language = {English}, urldate = {2021-08-31} } Squashing SPIDERS: Threat Intelligence, Threat Hunting and Rapid Response Stops SQL Injection Campaign
2021-07-19CrowdStrikeAspen Lindblom, Joseph Godwin, Chris Sheldon
@online{lindblom:20210719:shlayer:5fc616d, author = {Aspen Lindblom and Joseph Godwin and Chris Sheldon}, title = {{Shlayer Malvertising Campaigns Still Using Flash Update Disguise}}, date = {2021-07-19}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/shlayer-malvertising-campaigns-still-using-flash-update-disguise/}, language = {English}, urldate = {2021-07-26} } Shlayer Malvertising Campaigns Still Using Flash Update Disguise
Shlayer
2021-07-07CrowdStrikeKaran Sood, Liviu Arsene
@online{sood:20210707:how:84886a9, author = {Karan Sood and Liviu Arsene}, title = {{How CrowdStrike Falcon Stops REvil Ransomware Used in the Kaseya Attack}}, date = {2021-07-07}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-crowdstrike-stops-revil-ransomware-from-kaseya-attack/}, language = {English}, urldate = {2021-07-19} } How CrowdStrike Falcon Stops REvil Ransomware Used in the Kaseya Attack
REvil
2021-07-06CrowdStrikeAdam Meyers
@online{meyers:20210706:evolution:7d985ff, author = {Adam Meyers}, title = {{The Evolution of PINCHY SPIDER from GandCrab to REvil}}, date = {2021-07-06}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/the-evolution-of-revil-ransomware-and-pinchy-spider/}, language = {English}, urldate = {2021-07-19} } The Evolution of PINCHY SPIDER from GandCrab to REvil
Gandcrab REvil
2021-06-28CrowdStrikeAlexandru Ghita
@online{ghita:20210628:new:85c558c, author = {Alexandru Ghita}, title = {{New Ransomware Variant Uses Golang Packer}}, date = {2021-06-28}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/new-ransomware-variant-uses-golang-packer/}, language = {English}, urldate = {2021-06-29} } New Ransomware Variant Uses Golang Packer
FiveHands HelloKitty
2021-06-22CrowdStrikeThe Falcon Complete Team
@online{team:20210622:response:13a8ee6, author = {The Falcon Complete Team}, title = {{Response When Minutes Matter: Falcon Complete Disrupts WIZARD SPIDER eCrime Operators}}, date = {2021-06-22}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-falcon-complete-disrupts-ecrime-operators-wizard-spider/}, language = {English}, urldate = {2021-06-24} } Response When Minutes Matter: Falcon Complete Disrupts WIZARD SPIDER eCrime Operators
Cobalt Strike
2021-06-22CrowdStrikerich seymour
@online{seymour:20210622:preventing:641f2fb, author = {rich seymour}, title = {{Preventing Exploitation of the ZIP File Format}}, date = {2021-06-22}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-to-prevent-zip-file-exploitation/}, language = {English}, urldate = {2021-06-24} } Preventing Exploitation of the ZIP File Format
2021-06-18CrowdStrikeJosh Dalman, Heather Smith
@online{dalman:20210618:ransomware:2c31db2, author = {Josh Dalman and Heather Smith}, title = {{Ransomware Actors Evolved Their Operations in 2020}}, date = {2021-06-18}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/ransomware-actors-evolved-operations-in-2020/}, language = {English}, urldate = {2021-06-22} } Ransomware Actors Evolved Their Operations in 2020
2021-06-10CrowdStrikeFalcon Spotlight Team
@online{team:20210610:june:5b6689e, author = {Falcon Spotlight Team}, title = {{June 2021 Patch Tuesday: Six Actively Exploited Zero-Day Vulnerabilities and More Critical CVEs}}, date = {2021-06-10}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/patch-tuesday-analysis-june-2021/}, language = {English}, urldate = {2021-06-21} } June 2021 Patch Tuesday: Six Actively Exploited Zero-Day Vulnerabilities and More Critical CVEs
2021-06-10CrowdStrikeFarid Hendi, Liviu Arsene
@online{hendi:20210610:crowdstrike:ed1b61b, author = {Farid Hendi and Liviu Arsene}, title = {{CrowdStrike Falcon Protects Customers from Recent COZY BEAR Sophisticated Phishing Campaign}}, date = {2021-06-10}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-crowdstrike-protects-against-recent-cozy-bear-phishing-campaign/}, language = {English}, urldate = {2021-06-24} } CrowdStrike Falcon Protects Customers from Recent COZY BEAR Sophisticated Phishing Campaign