Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-07-28DomainToolsChad Anderson
@online{anderson:20210728:finding:e853c97, author = {Chad Anderson}, title = {{Finding AnchorDNS C2s With Iris Investigate}}, date = {2021-07-28}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/finding-anchordns-c2s-with-iris-investigate}, language = {English}, urldate = {2021-08-02} } Finding AnchorDNS C2s With Iris Investigate
Anchor_DNS
2021-07-15DomainToolsChad Anderson
@online{anderson:20210715:american:b688a5d, author = {Chad Anderson}, title = {{American Rescue Plan Act Lures in the Wild}}, date = {2021-07-15}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/american-rescue-plan-act-lures-in-the-wild}, language = {English}, urldate = {2021-07-24} } American Rescue Plan Act Lures in the Wild
2021-07-01DomainToolsChad Anderson
@online{anderson:20210701:most:39f64b8, author = {Chad Anderson}, title = {{The Most Prolific Ransomware Families: A Defenders Guide}}, date = {2021-07-01}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/the-most-prolific-ransomware-families-a-defenders-guide}, language = {English}, urldate = {2021-07-11} } The Most Prolific Ransomware Families: A Defenders Guide
REvil Conti Egregor Maze REvil
2021-06-10DomainToolsChad Anderson
@online{anderson:20210610:cloud:c2efde5, author = {Chad Anderson}, title = {{Cloud Atlas Navigates Us Into New Waters}}, date = {2021-06-10}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/cloud-atlas-navigates-us-into-new-waters}, language = {English}, urldate = {2021-06-21} } Cloud Atlas Navigates Us Into New Waters
2021-05-25DomainToolsTim Helming
@online{helming:20210525:indicators:bbe2bdb, author = {Tim Helming}, title = {{Indicators Over Cocktails: Exporting Indicators from Iris (UNC1151)}}, date = {2021-05-25}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/indicators-over-cocktails-exporting-indicators-from-iris}, language = {English}, urldate = {2021-06-16} } Indicators Over Cocktails: Exporting Indicators from Iris (UNC1151)
2021-05-13DomainToolsTim Helming, John “Turbo” Conwell
@online{helming:20210513:domain:792cc58, author = {Tim Helming and John “Turbo” Conwell}, title = {{Domain Blooms: Identifying Domain Name Themes Targeted By Threat Actors}}, date = {2021-05-13}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/domain-blooms-identifying-domain-name-themes-targeted-by-threat-actors}, language = {English}, urldate = {2021-05-17} } Domain Blooms: Identifying Domain Name Themes Targeted By Threat Actors
2021-04-29DomainToolsJoe Slowik
@online{slowik:20210429:leaping:b1c6f2f, author = {Joe Slowik}, title = {{Leaping Down a Rabbit Hole of Fraud and Misdirection}}, date = {2021-04-29}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/leaping-down-a-rabbit-hole-of-fraud-and-misdirection}, language = {English}, urldate = {2021-05-03} } Leaping Down a Rabbit Hole of Fraud and Misdirection
2021-04-29DomainToolsChad Anderson
@online{anderson:20210429:domaintools:d9fc32c, author = {Chad Anderson}, title = {{DomainTools And Digital Archeology: A Look At RotaJakiro}}, date = {2021-04-29}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/domaintools-and-digital-archeology-a-look-at-rotajakiro}, language = {English}, urldate = {2021-05-04} } DomainTools And Digital Archeology: A Look At RotaJakiro
RotaJakiro
2021-04-27DomainToolsChad Anderson
@online{anderson:20210427:winter:da59fc3, author = {Chad Anderson}, title = {{Winter Vivern: A Look At Re-Crafted Government MalDocs Targeting Multiple Languages}}, date = {2021-04-27}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/winter-vivern-a-look-at-re-crafted-government-maldocs}, language = {English}, urldate = {2021-04-29} } Winter Vivern: A Look At Re-Crafted Government MalDocs Targeting Multiple Languages
2021-04-22DomainToolsJoe Slowik
@online{slowik:20210422:undersea:b41a1d6, author = {Joe Slowik}, title = {{An Undersea Royal Road: Exploring Malicious Documents and Associated Malware}}, date = {2021-04-22}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/an-undersea-royal-road-exploring-malicious-documents-and-associated-malware}, language = {English}, urldate = {2021-04-28} } An Undersea Royal Road: Exploring Malicious Documents and Associated Malware
2021-04-01DomainToolsJoe Slowik
@online{slowik:20210401:covid19:6a96e45, author = {Joe Slowik}, title = {{COVID-19 Phishing With a Side of Cobalt Strike}}, date = {2021-04-01}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/covid-19-phishing-with-a-side-of-cobalt-strike#}, language = {English}, urldate = {2021-04-06} } COVID-19 Phishing With a Side of Cobalt Strike
Cobalt Strike
2021-03-10DomainToolsJoe Slowik
@online{slowik:20210310:examining:e3eee78, author = {Joe Slowik}, title = {{Examining Exchange Exploitation and its Lessons for Defenders}}, date = {2021-03-10}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/examining-exchange-exploitation-and-its-lessons-for-defenders}, language = {English}, urldate = {2021-03-12} } Examining Exchange Exploitation and its Lessons for Defenders
CHINACHOPPER
2021-03-03DomainToolsJoe Slowik
@online{slowik:20210303:centreon:f590f6e, author = {Joe Slowik}, title = {{Centreon to Exim and Back: On the Trail of Sandworm}}, date = {2021-03-03}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/centreon-to-exim-and-back-on-the-trail-of-sandworm}, language = {English}, urldate = {2021-03-06} } Centreon to Exim and Back: On the Trail of Sandworm
Exaramel PAS
2021-02-25DomainToolsJoe Slowik
@online{slowik:20210225:continuous:34f997e, author = {Joe Slowik}, title = {{The Continuous Conundrum of Cloud Atlas}}, date = {2021-02-25}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/the-continuous-conundrum-of-cloud-atlas}, language = {English}, urldate = {2021-02-25} } The Continuous Conundrum of Cloud Atlas
2021-02-11DomainToolsJoe Slowik
@online{slowik:20210211:visibility:5d2f96e, author = {Joe Slowik}, title = {{Visibility, Monitoring, and Critical Infrastructure Security}}, date = {2021-02-11}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/visibility-monitoring-and-critical-infrastructure-security}, language = {English}, urldate = {2021-02-20} } Visibility, Monitoring, and Critical Infrastructure Security
Industroyer Stuxnet Triton
2021-01-22DomainToolsJoe Slowik
@online{slowik:20210122:change:ed52aef, author = {Joe Slowik}, title = {{Change in Perspective on the Utility of SUNBURST-related Network Indicators}}, date = {2021-01-22}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/change-in-perspective-on-the-utility-of-sunburst-related-network-indicators#}, language = {English}, urldate = {2021-01-25} } Change in Perspective on the Utility of SUNBURST-related Network Indicators
SUNBURST
2021-01-14DomainToolsJoe Slowik
@online{slowik:20210114:devils:ce9d4c8, author = {Joe Slowik}, title = {{The Devil’s in the Details: SUNBURST Attribution}}, date = {2021-01-14}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/the-devils-in-the-details-sunburst-attribution}, language = {English}, urldate = {2021-01-18} } The Devil’s in the Details: SUNBURST Attribution
SUNBURST
2021-01-06DomainToolsJoe Slowik
@online{slowik:20210106:holiday:6ef0c9d, author = {Joe Slowik}, title = {{Holiday Bazar: Tracking a TrickBot-Related Ransomware Incident}}, date = {2021-01-06}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/tracking-a-trickbot-related-ransomware-incident}, language = {English}, urldate = {2021-01-10} } Holiday Bazar: Tracking a TrickBot-Related Ransomware Incident
BazarBackdoor TrickBot
2020-12-18DomainToolsJoe Slowik
@online{slowik:20201218:continuous:71ffa78, author = {Joe Slowik}, title = {{Continuous Eruption: Further Analysis of the SolarWinds Supply Chain Incident}}, date = {2020-12-18}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/continuous-eruption-further-analysis-of-the-solarwinds-supply-incident}, language = {English}, urldate = {2020-12-18} } Continuous Eruption: Further Analysis of the SolarWinds Supply Chain Incident
SUNBURST
2020-12-14DomainToolsJoe Slowik
@online{slowik:20201214:unraveling:d212099, author = {Joe Slowik}, title = {{Unraveling Network Infrastructure Linked to the SolarWinds Hack}}, date = {2020-12-14}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/unraveling-network-infrastructure-linked-to-the-solarwinds-hack}, language = {English}, urldate = {2020-12-15} } Unraveling Network Infrastructure Linked to the SolarWinds Hack
SUNBURST