Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-08-30NSFOCUSNSFOCUS
@online{nsfocus:20230830:apt34:0be5a70, author = {NSFOCUS}, title = {{APT34 Unleashes New Wave of Phishing Attack with Variant of SideTwist Trojan}}, date = {2023-08-30}, organization = {NSFOCUS}, url = {https://nsfocusglobal.com/apt34-unleashes-new-wave-of-phishing-attack-with-variant-of-sidetwist-trojan/}, language = {English}, urldate = {2023-09-07} } APT34 Unleashes New Wave of Phishing Attack with Variant of SideTwist Trojan
SideTwist
2023-08-18TEAMT5Still Hsu, Zih-Cing Liao
@techreport{hsu:20230818:unmasking:61bd6b5, author = {Still Hsu and Zih-Cing Liao}, title = {{Unmasking CamoFei: An In-depth Analysis of an Emerging APT Group Focused on Healthcare Sectors in East Asia}}, date = {2023-08-18}, institution = {TEAMT5}, url = {http://stillu.cc/assets/slides/2023-08-Unmasking%20CamoFei.pdf}, language = {English}, urldate = {2023-08-23} } Unmasking CamoFei: An In-depth Analysis of an Emerging APT Group Focused on Healthcare Sectors in East Asia
CatB Cobalt Strike DoorMe GIMMICK
2023-08-10KasperskyKurt Baumgartner
@online{baumgartner:20230810:focus:2b93571, author = {Kurt Baumgartner}, title = {{Focus on DroxiDat/SystemBC}}, date = {2023-08-10}, organization = {Kaspersky}, url = {https://securelist.com/focus-on-droxidat-systembc/110302/}, language = {English}, urldate = {2023-08-11} } Focus on DroxiDat/SystemBC
SystemBC
2023-04-19GoogleBilly Leonard, Google Threat Analysis Group
@online{leonard:20230419:ukraine:6c3440b, author = {Billy Leonard and Google Threat Analysis Group}, title = {{Ukraine remains Russia’s biggest cyber focus in 2023}}, date = {2023-04-19}, organization = {Google}, url = {https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023}, language = {English}, urldate = {2023-04-22} } Ukraine remains Russia’s biggest cyber focus in 2023
Rhadamanthys
2023-04-19GoogleGoogle Threat Analysis Group
@online{group:20230419:ukraine:a273927, author = {Google Threat Analysis Group}, title = {{Ukraine remains Russia’s biggest cyber focus in 2023}}, date = {2023-04-19}, organization = {Google}, url = {https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023/}, language = {English}, urldate = {2023-07-12} } Ukraine remains Russia’s biggest cyber focus in 2023
ROMCOM RAT
2022-08-18NSFOCUSNSFOCUS
@online{nsfocus:20220818:new:05df980, author = {NSFOCUS}, title = {{New APT group MURENSHARK investigative report: Torpedoes hit Turkish Navy}}, date = {2022-08-18}, organization = {NSFOCUS}, url = {http://blog.nsfocus.net/murenshark/}, language = {English}, urldate = {2022-08-28} } New APT group MURENSHARK investigative report: Torpedoes hit Turkish Navy
LetMeOut
2022-08-18NSFOCUSNSFOCUS
@online{nsfocus:20220818:new:223b88b, author = {NSFOCUS}, title = {{New APT group MURENSHARK investigative report: Torpedoes hit Turkish Navy}}, date = {2022-08-18}, organization = {NSFOCUS}, url = {http://blog.nsfocus.net/murenshark}, language = {Chinese}, urldate = {2022-08-22} } New APT group MURENSHARK investigative report: Torpedoes hit Turkish Navy
Cobalt Strike
2022-08-15SymantecThreat Hunter Team
@online{team:20220815:shuckworm:1cd6e54, author = {Threat Hunter Team}, title = {{Shuckworm: Russia-Linked Group Maintains Ukraine Focus}}, date = {2022-08-15}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/russia-ukraine-shuckworm}, language = {English}, urldate = {2022-08-18} } Shuckworm: Russia-Linked Group Maintains Ukraine Focus
2022-07-13Check PointCheck Point Research
@online{research:20220713:hit:79199ac, author = {Check Point Research}, title = {{A Hit is made: Suspected India-based Sidewinder APT successfully cyber attacks Pakistan military focused targets}}, date = {2022-07-13}, organization = {Check Point}, url = {https://blog.checkpoint.com/2022/07/13/a-hit-is-made-suspected-india-based-sidewinder-apt-successfully-cyber-attacks-pakistan-military-focused-targets/}, language = {English}, urldate = {2022-07-15} } A Hit is made: Suspected India-based Sidewinder APT successfully cyber attacks Pakistan military focused targets
Unidentified 093 (Sidewinder)
2022-05-30NSFOCUSNSFOCUS
@online{nsfocus:20220530:operation:676690f, author = {NSFOCUS}, title = {{Operation DarkCasino: In-Depth Analysis of Recent Attacks by APT Group EVILNUM}}, date = {2022-05-30}, organization = {NSFOCUS}, url = {http://blog.nsfocus.net/darkcasino-apt-evilnum/}, language = {Chinese}, urldate = {2022-08-08} } Operation DarkCasino: In-Depth Analysis of Recent Attacks by APT Group EVILNUM
DarkMe
2022-05-04Twitter (@ESETresearch)Twitter (@ESETresearch)
@online{esetresearch:20220504:twitter:48f1a89, author = {Twitter (@ESETresearch)}, title = {{Twitter thread on code similarity analysis, focussing on IsaacWiper and recent Cluster25 publication}}, date = {2022-05-04}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1521910890072842240}, language = {English}, urldate = {2022-05-05} } Twitter thread on code similarity analysis, focussing on IsaacWiper and recent Cluster25 publication
IsaacWiper
2022-03-10TalosVitor Ventura, Asheer Malhotra, Arnaud Zobec
@online{ventura:20220310:iranian:02ae681, author = {Vitor Ventura and Asheer Malhotra and Arnaud Zobec}, title = {{Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups}}, date = {2022-03-10}, organization = {Talos}, url = {https://blog.talosintelligence.com/iranian-supergroup-muddywater/}, language = {English}, urldate = {2022-12-02} } Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
STARWHALE
2022-02-17NCC GroupSimon Biggs, Richard Footman, Michael Mullen
@online{biggs:20220217:detecting:95e53bb, author = {Simon Biggs and Richard Footman and Michael Mullen}, title = {{Detecting Karakurt – an extortion focused threat actor}}, date = {2022-02-17}, organization = {NCC Group}, url = {https://research.nccgroup.com/2022/02/17/detecting-karakurt-an-extortion-focused-threat-actor/}, language = {English}, urldate = {2022-02-26} } Detecting Karakurt – an extortion focused threat actor
2022-01-27GigamonJoe Slowik
@online{slowik:20220127:focusing:5b47208, author = {Joe Slowik}, title = {{Focusing on “Left of Boom”}}, date = {2022-01-27}, organization = {Gigamon}, url = {https://blog.gigamon.com/2022/01/28/focusing-on-left-of-boom/}, language = {English}, urldate = {2022-02-02} } Focusing on “Left of Boom”
WhisperGate
2021-12-07MandiantVan Ta, Jake Nicastro, Rufus Brown, Nick Richard
@online{ta:20211207:fin13:e5e2255, author = {Van Ta and Jake Nicastro and Rufus Brown and Nick Richard}, title = {{FIN13: A Cybercriminal Threat Actor Focused on Mexico}}, date = {2021-12-07}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/fin13-cybercriminal-mexico}, language = {English}, urldate = {2021-12-08} } FIN13: A Cybercriminal Threat Actor Focused on Mexico
jspRAT win.rekoobe FIN13
2021-11-19FOCUSJan-Philipp Hein
@online{hein:20211119:im:ebe4c69, author = {Jan-Philipp Hein}, title = {{Im Rätsel um gruselige Spionage-Software führt die Spur über Wirecard in den Kreml}}, date = {2021-11-19}, organization = {FOCUS}, url = {https://www.focus.de/politik/vorab-aus-dem-focus-volle-kontrolle-ueber-zielcomputer-das-raetsel-um-die-spionage-app-fuehrt-ueber-wirecard-zu-putin_id_24442733.html}, language = {German}, urldate = {2022-08-01} } Im Rätsel um gruselige Spionage-Software führt die Spur über Wirecard in den Kreml
Subzero
2021-11-11Trend MicroDavid Fiser, Alfredo Oliveira
@online{fiser:20211111:teamtnt:fe67ef2, author = {David Fiser and Alfredo Oliveira}, title = {{TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments}}, date = {2021-11-11}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/k/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-env.html}, language = {English}, urldate = {2021-11-12} } TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments
2021-11-03Trend MicroDavid Fiser, Alfredo Oliveira
@online{fiser:20211103:teamtnt:180af48, author = {David Fiser and Alfredo Oliveira}, title = {{TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments}}, date = {2021-11-03}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_ae/research/21/k/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-env.html}, language = {English}, urldate = {2021-11-08} } TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments
TeamTNT
2021-10-25GigamonJoe Slowik
@online{slowik:20211025:bear:ea7ac23, author = {Joe Slowik}, title = {{Bear in the Net: A Network-Focused Perspective on Berserk Bear}}, date = {2021-10-25}, organization = {Gigamon}, url = {https://blog.gigamon.com/2021/10/25/bear-in-the-net-a-network-focused-perspective-on-berserk-bear/}, language = {English}, urldate = {2022-02-10} } Bear in the Net: A Network-Focused Perspective on Berserk Bear
2021-09-26NSFOCUSJie Ji
@online{ji:20210926:insights:51c06b8, author = {Jie Ji}, title = {{Insights into Ransomware Spread Using Exchange 1-Day Vulnerabilities 1-2}}, date = {2021-09-26}, organization = {NSFOCUS}, url = {https://nsfocusglobal.com/insights-into-ransomware-spread-using-exchange-1-day-vulnerabilities-1-2/}, language = {English}, urldate = {2021-11-25} } Insights into Ransomware Spread Using Exchange 1-Day Vulnerabilities 1-2
Cobalt Strike LockFile