Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-19CrowdStrikeCrowdStrike Intelligence Team
@online{team:20220119:technical:8a81c7e, author = {CrowdStrike Intelligence Team}, title = {{Technical Analysis of the WhisperGate Malicious Bootloader}}, date = {2022-01-19}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/technical-analysis-of-whispergate-malware/}, language = {English}, urldate = {2022-01-20} } Technical Analysis of the WhisperGate Malicious Bootloader
WhisperGate
2022-01-13CrowdStrikeMihai Maganu
@online{maganu:20220113:linuxtargeted:66d730c, author = {Mihai Maganu}, title = {{Linux-Targeted Malware Increases by 35% in 2021: XorDDoS, Mirai and Mozi Most Prevalent}}, date = {2022-01-13}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/linux-targeted-malware-increased-by-35-percent-in-2021/}, language = {English}, urldate = {2022-01-18} } Linux-Targeted Malware Increases by 35% in 2021: XorDDoS, Mirai and Mozi Most Prevalent
Mirai Mozi XOR DDoS
2022-01-11CrowdStrikeAnmol Maurya
@online{maurya:20220111:tellyouthepass:b31fcb8, author = {Anmol Maurya}, title = {{TellYouThePass Ransomware Analysis Reveals a Modern Reinterpretation Using Golang}}, date = {2022-01-11}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/tellyouthepass-ransomware-analysis-reveals-modern-reinterpretation-using-golang/}, language = {English}, urldate = {2022-01-18} } TellYouThePass Ransomware Analysis Reveals a Modern Reinterpretation Using Golang
TellYouThePass
2021-12-29CrowdStrikeBenjamin Wiley, Falcon OverWatch Team
@online{wiley:20211229:overwatch:35d7dee, author = {Benjamin Wiley and Falcon OverWatch Team}, title = {{OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt}}, date = {2021-12-29}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools/}, language = {English}, urldate = {2021-12-31} } OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt
Cobalt Strike AQUATIC PANDA
2021-12-28CrowdStrikeTimo Kreuzer, Yarden Shafir, satoshi tanda, Blair Foster
@online{kreuzer:20211228:crowdstrike:32ba306, author = {Timo Kreuzer and Yarden Shafir and satoshi tanda and Blair Foster}, title = {{CrowdStrike Strengthens Exploit Protection Using Intel CPU Telemetry}}, date = {2021-12-28}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/introducing-falcon-hardware-enhanced-exploit-detection/}, language = {English}, urldate = {2022-01-03} } CrowdStrike Strengthens Exploit Protection Using Intel CPU Telemetry
2021-12-22CrowdStrikeRandy Burton, Ian Barton
@online{burton:20211222:crowdstrike:bdf017f, author = {Randy Burton and Ian Barton}, title = {{CrowdStrike Launches Free Targeted Log4j Search Tool}}, date = {2021-12-22}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/free-targeted-log4j-search-tool/}, language = {English}, urldate = {2022-01-05} } CrowdStrike Launches Free Targeted Log4j Search Tool
2021-12-10CrowdStrikeCrowdStrike Intelligence Team
@online{team:20211210:log4j2:cd1787f, author = {CrowdStrike Intelligence Team}, title = {{Log4j2 Vulnerability “Log4Shell” (CVE-2021-44228)}}, date = {2021-12-10}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/log4j2-vulnerability-analysis-and-mitigation-recommendations/}, language = {English}, urldate = {2022-01-05} } Log4j2 Vulnerability “Log4Shell” (CVE-2021-44228)
2021-12-07CrowdStrikeShaun Hurley
@online{hurley:20211207:critical:959de2e, author = {Shaun Hurley}, title = {{Critical Hit: How DoppelPaymer Hunts and Kills Windows Processes}}, date = {2021-12-07}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-doppelpaymer-hunts-and-kills-windows-processes/}, language = {English}, urldate = {2021-12-08} } Critical Hit: How DoppelPaymer Hunts and Kills Windows Processes
DoppelPaymer
2021-11-29CrowdStrikeFalcon OverWatch Team
@online{team:20211129:nowhere:e0fedba, author = {Falcon OverWatch Team}, title = {{Nowhere to Hide: Detecting SILENT CHOLLIMA’s Custom Tooling}}, date = {2021-11-29}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-falcon-overwatch-detected-silent-chollima-custom-tooling/}, language = {English}, urldate = {2021-12-01} } Nowhere to Hide: Detecting SILENT CHOLLIMA’s Custom Tooling
2021-11-17CrowdStrikeThomas Moses, Sarang Sonawane, Liviu Arsene
@online{moses:20211117:ransomware:5d7431b, author = {Thomas Moses and Sarang Sonawane and Liviu Arsene}, title = {{Ransomware (R)evolution Plagues Organizations, But CrowdStrike Protection Never Wavers}}, date = {2021-11-17}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-crowdstrike-prevents-volume-shadow-tampering-by-lockbit-ransomware/}, language = {English}, urldate = {2021-11-19} } Ransomware (R)evolution Plagues Organizations, But CrowdStrike Protection Never Wavers
LockBit
2021-11-12CrowdStrikeAnmol Maurya
@online{maurya:20211112:golang:aadabd9, author = {Anmol Maurya}, title = {{Golang Malware Is More than a Fad: Financial Motivation Drives Adoption}}, date = {2021-11-12}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/financial-motivation-drives-golang-malware-adoption/}, language = {English}, urldate = {2021-11-17} } Golang Malware Is More than a Fad: Financial Motivation Drives Adoption
Snatch
2021-11-10CrowdStrikeAntonio Parata
@online{parata:20211110:ploutus:7b4ca7b, author = {Antonio Parata}, title = {{Ploutus ATM Malware Case Study: Automated Deobfuscation of a Strongly Obfuscated .NET Binary}}, date = {2021-11-10}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/ploutus-atm-malware-deobfuscation-case-study}, language = {English}, urldate = {2021-11-17} } Ploutus ATM Malware Case Study: Automated Deobfuscation of a Strongly Obfuscated .NET Binary
Ploutus ATM
2021-11-09CrowdStrikeLukas Kupczyk, Max Julian Hofmann
@online{kupczyk:20211109:scheming:04a8e46, author = {Lukas Kupczyk and Max Julian Hofmann}, title = {{Scheming with URLs: One-Click Attack Surface in Linux Desktop Environments}}, date = {2021-11-09}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/one-click-attack-surface-in-linux-desktop-environments/}, language = {English}, urldate = {2021-11-17} } Scheming with URLs: One-Click Attack Surface in Linux Desktop Environments
2021-11-04CrowdStrikeEric Loui, Josh Reynolds
@online{loui:20211104:carbon:e3ef021, author = {Eric Loui and Josh Reynolds}, title = {{CARBON SPIDER Embraces Big Game Hunting, Part 2}}, date = {2021-11-04}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/carbon-spider-embraces-big-game-hunting-part-2/}, language = {English}, urldate = {2021-11-08} } CARBON SPIDER Embraces Big Game Hunting, Part 2
BlackMatter Griffon BlackMatter DarkSide HiddenTear JSSLoader
2021-10-27CrowdStrikeFalcon OverWatch Team
@online{team:20211027:tales:fbccf24, author = {Falcon OverWatch Team}, title = {{Tales From the Cryptojacking Front Lines}}, date = {2021-10-27}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/2021-cryptojacking-trends-and-investigation-recommendations/}, language = {English}, urldate = {2021-11-03} } Tales From the Cryptojacking Front Lines
2021-10-25CrowdStrikeMihai Maganu
@online{maganu:20211025:webassembly:91e667b, author = {Mihai Maganu}, title = {{WebAssembly Is Abused by eCriminals to Hide Malware}}, date = {2021-10-25}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/ecriminals-increasingly-use-webassembly-to-hide-malware/}, language = {English}, urldate = {2021-11-03} } WebAssembly Is Abused by eCriminals to Hide Malware
2021-10-25CrowdStrikeFalcon OverWatch Team
@online{team:20211025:overwatch:8fd2f9f, author = {Falcon OverWatch Team}, title = {{OverWatch Elite In Action: Prompt Call Escalation Proves Vital to Containing Attack}}, date = {2021-10-25}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/overwatch-elite-call-escalation-vital-to-containing-attack/}, language = {English}, urldate = {2021-11-03} } OverWatch Elite In Action: Prompt Call Escalation Proves Vital to Containing Attack
MimiKatz
2021-10-21CrowdStrikeAlex Clinton, Tasha Robinson
@online{clinton:20211021:stopping:3c26152, author = {Alex Clinton and Tasha Robinson}, title = {{Stopping GRACEFUL SPIDER: Falcon Complete’s Fast Response to Recent SolarWinds Serv-U Exploit Campaign}}, date = {2021-10-21}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-falcon-complete-stopped-a-solarwinds-serv-u-exploit-campaign/}, language = {English}, urldate = {2021-11-02} } Stopping GRACEFUL SPIDER: Falcon Complete’s Fast Response to Recent SolarWinds Serv-U Exploit Campaign
Cobalt Strike FlawedGrace TinyMet
2021-10-19CrowdStrikeJamie Harris, Dan Meyer
@online{harris:20211019:lightbasin:a69fe0b, author = {Jamie Harris and Dan Meyer}, title = {{LightBasin: A Roaming Threat to Telecommunications Companies}}, date = {2021-10-19}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/}, language = {English}, urldate = {2021-10-24} } LightBasin: A Roaming Threat to Telecommunications Companies
2021-10-12CrowdStrikeCrowdStrike Intelligence Team
@online{team:20211012:ecx:5540ee9, author = {CrowdStrike Intelligence Team}, title = {{ECX: Big Game Hunting on the Rise Following a Notable Reduction in Activity}}, date = {2021-10-12}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/big-game-hunting-on-the-rise-again-according-to-ecrime-index/}, language = {English}, urldate = {2021-11-02} } ECX: Big Game Hunting on the Rise Following a Notable Reduction in Activity
Babuk BlackMatter DarkSide REvil Avaddon Babuk BlackMatter DarkSide LockBit Mailto REvil