Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-02CrowdStrikeEPP Content Research Team
@online{team:20220602:crowdstrike:3ca0d32, author = {EPP Content Research Team}, title = {{CrowdStrike Uncovers New MacOS Browser Hijacking Campaign}}, date = {2022-06-02}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-crowdstrike-uncovered-a-new-macos-browser-hijacking-campaign/}, language = {English}, urldate = {2022-06-04} } CrowdStrike Uncovers New MacOS Browser Hijacking Campaign
2022-05-25CrowdStrikeJamie Harris
@online{harris:20220525:hunting:48d53ea, author = {Jamie Harris}, title = {{Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun}}, date = {2022-05-25}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-to-hunt-for-decisivearchitect-and-justforfun-implant/}, language = {English}, urldate = {2022-05-29} } Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun
BPFDoor
2022-05-20CrowdStrikeVlad Ciuleanu
@online{ciuleanu:20220520:mirai:77360aa, author = {Vlad Ciuleanu}, title = {{Mirai Malware Variants for Linux Double Down on Stronger Chips in Q1 2022}}, date = {2022-05-20}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/linux-mirai-malware-double-on-stronger-chips/}, language = {English}, urldate = {2022-05-25} } Mirai Malware Variants for Linux Double Down on Stronger Chips in Q1 2022
Mirai
2022-05-11CrowdStrikeAdrian Justice
@online{justice:20220511:proactive:a23c54f, author = {Adrian Justice}, title = {{Proactive Threat Hunting Bears Fruit: Falcon OverWatch Detects Novel IceApple Post-Exploitation Framework}}, date = {2022-05-11}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/falcon-overwatch-detects-iceapple-framework/}, language = {English}, urldate = {2022-05-11} } Proactive Threat Hunting Bears Fruit: Falcon OverWatch Detects Novel IceApple Post-Exploitation Framework
2022-05-11CrowdStrikeAdrian Justice, CrowdStrike Overwatch Team
@techreport{justice:20220511:iceapple:608746f, author = {Adrian Justice and CrowdStrike Overwatch Team}, title = {{IceApple: A Novel Internet Information Services (IIS) Post-Exploitation Framework}}, date = {2022-05-11}, institution = {CrowdStrike}, url = {https://www.crowdstrike.com/wp-content/uploads/2022/05/crowdstrike-iceapple-a-novel-internet-information-services-post-exploitation-framework.pdf}, language = {English}, urldate = {2022-05-11} } IceApple: A Novel Internet Information Services (IIS) Post-Exploitation Framework
2022-05-06CrowdStrikePaul-Danut Urian
@online{urian:20220506:macos:59df492, author = {Paul-Danut Urian}, title = {{macOS Malware Is More Reality Than Myth: Popular Threats and Challenges in Analysis}}, date = {2022-05-06}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-crowdstrike-analyzes-macos-malware-to-optimize-automated-detection-capabilities}, language = {English}, urldate = {2022-05-11} } macOS Malware Is More Reality Than Myth: Popular Threats and Challenges in Analysis
EvilQuest FlashBack Shlayer XCSSET
2022-05-06CrowdStrikePaul-Danut Urian
@online{urian:20220506:macos:f1223a9, author = {Paul-Danut Urian}, title = {{macOS Malware Is More Reality Than Myth: Popular Threats and Challenges in Analysis}}, date = {2022-05-06}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-crowdstrike-analyzes-macos-malware-to-optimize-automated-detection-capabilities/}, language = {English}, urldate = {2022-05-17} } macOS Malware Is More Reality Than Myth: Popular Threats and Challenges in Analysis
Lador
2022-05-04CrowdStrikeSebastian Walla
@online{walla:20220504:compromised:b2b1f9b, author = {Sebastian Walla}, title = {{Compromised Docker Honeypots Used for Pro-Ukrainian DoS Attack}}, date = {2022-05-04}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/compromised-docker-honeypots-used-for-pro-ukrainian-dos-attack/}, language = {English}, urldate = {2022-05-05} } Compromised Docker Honeypots Used for Pro-Ukrainian DoS Attack
2022-04-21CrowdStrikeManoj Ahuje
@online{ahuje:20220421:lemonduck:6b61d01, author = {Manoj Ahuje}, title = {{LemonDuck Targets Docker for Cryptomining Operations}}, date = {2022-04-21}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/lemonduck-botnet-targets-docker-for-cryptomining-operations/}, language = {English}, urldate = {2022-04-24} } LemonDuck Targets Docker for Cryptomining Operations
Lemon Duck
2022-04-01CrowdStrikeCristian Popa
@online{popa:20220401:bert:08bcb1b, author = {Cristian Popa}, title = {{BERT Embeddings: A Modern Machine-learning Approach for Detecting Malware from Command Lines (Part 2 of 2)}}, date = {2022-04-01}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/bert-embeddings-new-approach-for-command-line-anomaly-detection-part-2/}, language = {English}, urldate = {2022-04-05} } BERT Embeddings: A Modern Machine-learning Approach for Detecting Malware from Command Lines (Part 2 of 2)
2022-03-31CrowdStrikeChristopher Romano, Vaishnav Murthy
@online{romano:20220331:cloudy:15ac5c7, author = {Christopher Romano and Vaishnav Murthy}, title = {{Cloudy with a Chance of Unclear Mailbox Sync: CrowdStrike Services Identifies Logging Inconsistencies in Microsoft 365}}, date = {2022-03-31}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/crowdstrike-services-identifies-logging-inconsistencies-in-microsoft-365/}, language = {English}, urldate = {2022-04-05} } Cloudy with a Chance of Unclear Mailbox Sync: CrowdStrike Services Identifies Logging Inconsistencies in Microsoft 365
2022-03-30CrowdStrikeCrowdStrike Threat Intel Team
@online{team:20220330:who:f73e255, author = {CrowdStrike Threat Intel Team}, title = {{Who is EMBER BEAR?}}, date = {2022-03-30}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/who-is-ember-bear/}, language = {English}, urldate = {2022-03-31} } Who is EMBER BEAR?
WhisperGate
2022-03-23CrowdStrikeFalcon OverWatch Team
@online{team:20220323:falcon:eb9c44f, author = {Falcon OverWatch Team}, title = {{Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack}}, date = {2022-03-23}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/falcon-overwatch-contributes-to-blackcat-protection/}, language = {English}, urldate = {2022-03-25} } Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack
BlackCat
2022-03-14CrowdStrikeFalcon OverWatch Team
@online{team:20220314:falcon:6dc1944, author = {Falcon OverWatch Team}, title = {{Falcon OverWatch Threat Hunting Uncovers Ongoing NIGHT SPIDER Zloader Campaign}}, date = {2022-03-14}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/falcon-overwatch-uncovers-ongoing-night-spider-zloader-campaign/}, language = {English}, urldate = {2022-03-15} } Falcon OverWatch Threat Hunting Uncovers Ongoing NIGHT SPIDER Zloader Campaign
Zloader
2022-03-07CrowdStrikeChris Nguyen, Eric Loui
@online{nguyen:20220307:prophet:1acbba8, author = {Chris Nguyen and Eric Loui}, title = {{PROPHET SPIDER Exploits Citrix ShareFile Remote Code Execution Vulnerability CVE-2021-22941 to Deliver Webshell}}, date = {2022-03-07}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/}, language = {English}, urldate = {2022-03-08} } PROPHET SPIDER Exploits Citrix ShareFile Remote Code Execution Vulnerability CVE-2021-22941 to Deliver Webshell
2022-03-02TechtargetArielle Waldman
@online{waldman:20220302:crowdstrike:2967602, author = {Arielle Waldman}, title = {{CrowdStrike cracks PartyTicket ransomware targeting Ukraine}}, date = {2022-03-02}, organization = {Techtarget}, url = {https://www.techtarget.com/searchsecurity/news/252514091/CrowdStrike-cracks-PartyTicket-ransomware-targeting-Ukraine}, language = {English}, urldate = {2022-03-07} } CrowdStrike cracks PartyTicket ransomware targeting Ukraine
PartyTicket
2022-03-01CrowdStrikeCrowdStrike Intelligence Team
@online{team:20220301:decryptable:27c195e, author = {CrowdStrike Intelligence Team}, title = {{Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities}}, date = {2022-03-01}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine/}, language = {English}, urldate = {2022-03-07} } Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities
PartyTicket
2022-02-25CrowdStrikewilliam thomas, Adrian Liviu Arsene, Farid Hendi
@online{thomas:20220225:crowdstrike:6af36f9, author = {william thomas and Adrian Liviu Arsene and Farid Hendi}, title = {{CrowdStrike Falcon Protects from New Wiper Malware Used in Ukraine Cyberattacks}}, date = {2022-02-25}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-crowdstrike-falcon-protects-against-wiper-malware-used-in-ukraine-attacks/}, language = {English}, urldate = {2022-03-02} } CrowdStrike Falcon Protects from New Wiper Malware Used in Ukraine Cyberattacks
HermeticWiper
2022-02-23CrowdStrikeCrowdStrike Intelligence Team
@online{team:20220223:access:7ca6777, author = {CrowdStrike Intelligence Team}, title = {{Access Brokers: Who Are the Targets, and What Are They Worth?}}, date = {2022-02-23}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/access-brokers-targets-and-worth/}, language = {English}, urldate = {2022-03-02} } Access Brokers: Who Are the Targets, and What Are They Worth?
2022-02-22CrowdStrikeJoseph Goodwin, Aspen Lindblom
@online{goodwin:20220222:crowdstrike:0518322, author = {Joseph Goodwin and Aspen Lindblom}, title = {{CrowdStrike Research Investigates Exploit Behavior to Strengthen Customer Protection}}, date = {2022-02-22}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/exploit-research-strengthens-customer-protection/}, language = {English}, urldate = {2022-03-02} } CrowdStrike Research Investigates Exploit Behavior to Strengthen Customer Protection