Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-08JuniperPaul Kimayong
@online{kimayong:20210908:aggah:8508369, author = {Paul Kimayong}, title = {{Aggah Malware Campaign Expands to Zendesk and GitHub to Host Its Malware}}, date = {2021-09-08}, organization = {Juniper}, url = {https://blogs.juniper.net/en-us/security/aggah-malware-campaign-expands-to-zendesk-and-github-to-host-its-malware}, language = {English}, urldate = {2021-09-10} } Aggah Malware Campaign Expands to Zendesk and GitHub to Host Its Malware
Agent Tesla
2021-08-25Github (StrangerealIntel)StrangerealIntel
@online{strangerealintel:20210825:fin7:3e180fc, author = {StrangerealIntel}, title = {{FIN7 still active}}, date = {2021-08-25}, organization = {Github (StrangerealIntel)}, url = {https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/cybercriminal%20groups/FIN7/2021-08-24/Analysis.md}, language = {English}, urldate = {2021-08-25} } FIN7 still active
2021-07-23Github (Lastline-Inc)Quentin Fois, Pavankumar Chaudhari
@online{fois:20210723:yara:e9a8a22, author = {Quentin Fois and Pavankumar Chaudhari}, title = {{YARA rules, IOCs and Scripts for extracting IcedID C2s}}, date = {2021-07-23}, organization = {Github (Lastline-Inc)}, url = {https://github.com/Lastline-Inc/iocs-tools/tree/main/2021-07-IcedID-Part-2}, language = {English}, urldate = {2021-07-27} } YARA rules, IOCs and Scripts for extracting IcedID C2s
IcedID
2021-07-18Github (AmnestyTech)Amnesty International
@online{international:20210718:nso:e92b282, author = {Amnesty International}, title = {{NSO Group Pegasus Indicator of Compromise}}, date = {2021-07-18}, organization = {Github (AmnestyTech)}, url = {https://github.com/AmnestyTech/investigations/tree/master/2021-07-18_nso}, language = {English}, urldate = {2021-07-24} } NSO Group Pegasus Indicator of Compromise
Chrysaor
2021-07-18Github (mvt-project)mvt-project
@online{mvtproject:20210718:mobile:15d676b, author = {mvt-project}, title = {{Mobile Verification Toolkit}}, date = {2021-07-18}, organization = {Github (mvt-project)}, url = {https://github.com/mvt-project/mvt}, language = {English}, urldate = {2021-07-24} } Mobile Verification Toolkit
2021-07-05Github (f0wl)Marius Genheimer
@online{genheimer:20210705:revil:7f67df1, author = {Marius Genheimer}, title = {{REvil Linux Configuration Extractor}}, date = {2021-07-05}, organization = {Github (f0wl)}, url = {https://github.com/f0wl/REconfig-linux}, language = {English}, urldate = {2021-07-05} } REvil Linux Configuration Extractor
REvil
2021-07-02Github (fwosar)Fabian Wosar
@online{wosar:20210702:revil:17a628b, author = {Fabian Wosar}, title = {{REvil configuration dump used in Kaseya attack}}, date = {2021-07-02}, organization = {Github (fwosar)}, url = {https://gist.githubusercontent.com/fwosar/a63e1249bfccb8395b961d3d780c0354/raw/312b2bbc566cbee2dac7b143dc143c1913ddb729/revil.json}, language = {English}, urldate = {2021-07-24} } REvil configuration dump used in Kaseya attack
REvil
2021-06-28Github (Finch4)Finch
@online{finch:20210628:delta:eeea60b, author = {Finch}, title = {{Delta Ransomware Analysis}}, date = {2021-06-28}, organization = {Github (Finch4)}, url = {https://github.com/Finch4/Malware-Analysis-Reports/tree/master/Delta%20Ransomware}, language = {English}, urldate = {2021-07-20} } Delta Ransomware Analysis
2021-06-01Github (Albocoder)Erin Avllazagaj
@online{avllazagaj:20210601:inside:e8edbce, author = {Erin Avllazagaj}, title = {{Inside commercial malware sandboxes}}, date = {2021-06-01}, organization = {Github (Albocoder)}, url = {https://web.archive.org/web/20210613070852/https://albocoder.github.io/malware/2021/06/01/SandboxStudy.html}, language = {English}, urldate = {2021-07-27} } Inside commercial malware sandboxes
2021-05-20Github (microsoft)Microsoft
@online{microsoft:20210520:microsoft:41112d3, author = {Microsoft}, title = {{Microsoft 365 Defender Hunting Queries for hunting multiple threat actors' TTPs and malwares}}, date = {2021-05-20}, organization = {Github (microsoft)}, url = {https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries}, language = {English}, urldate = {2021-05-25} } Microsoft 365 Defender Hunting Queries for hunting multiple threat actors' TTPs and malwares
STRRAT OceanLotus BabyShark Elise Revenge RAT WastedLocker Zebrocy
2021-05-18Github (Finch4)Finch
@online{finch:20210518:analysis:434b2ec, author = {Finch}, title = {{Analysis of MountLocker}}, date = {2021-05-18}, organization = {Github (Finch4)}, url = {https://github.com/Finch4/Malware-Analysis-Reports/tree/main/MountLocker}, language = {English}, urldate = {2021-05-26} } Analysis of MountLocker
Mount Locker
2021-05-17Github (telekom-security)Deutsche Telekom Security GmbH
@online{gmbh:20210517:icedidanalysis:e985983, author = {Deutsche Telekom Security GmbH}, title = {{icedid_analysis}}, date = {2021-05-17}, organization = {Github (telekom-security)}, url = {https://github.com/telekom-security/icedid_analysis}, language = {English}, urldate = {2021-05-17} } icedid_analysis
IcedID
2021-04-25Nightwatch CybersecurityNightwatch Cybersecurity
@online{cybersecurity:20210425:supply:a36f451, author = {Nightwatch Cybersecurity}, title = {{Supply Chain Attacks via GitHub.com Releases}}, date = {2021-04-25}, organization = {Nightwatch Cybersecurity}, url = {https://wwws.nightwatchcybersecurity.com/2021/04/25/supply-chain-attacks-via-github-com-releases/}, language = {English}, urldate = {2021-04-29} } Supply Chain Attacks via GitHub.com Releases
2021-04-20Github (fireeye)FireEye, Mandiant
@online{fireeye:20210420:fireeye:287db5f, author = {FireEye and Mandiant}, title = {{FireEye Mandiant PulseSecure Exploitation Countermeasures}}, date = {2021-04-20}, organization = {Github (fireeye)}, url = {https://github.com/fireeye/pulsesecure_exploitation_countermeasures/}, language = {English}, urldate = {2021-04-20} } FireEye Mandiant PulseSecure Exploitation Countermeasures
2021-04-12Github (NightfallGT)NightfallGT
@online{nightfallgt:20210412:nitro:03bef54, author = {NightfallGT}, title = {{Nitro Ransomware - Proof of Concept}}, date = {2021-04-12}, organization = {Github (NightfallGT)}, url = {https://github.com/nightfallgt/nitro-ransomware}, language = {English}, urldate = {2021-08-27} } Nitro Ransomware - Proof of Concept
win.nitro
2021-04-03Github (carbreal)Carlos Brendel
@online{brendel:20210403:hubnr:950251c, author = {Carlos Brendel}, title = {{Hubnr Botnet}}, date = {2021-04-03}, organization = {Github (carbreal)}, url = {https://github.com/carbreal/Malware_Analysis/tree/master/Hubnr_botnet}, language = {English}, urldate = {2021-04-14} } Hubnr Botnet
Hubnr
2021-03-27Github (StrangerealIntel)Twitter (@Arkbird_SOLG)
@online{arkbirdsolg:20210327:terraloader:73371d5, author = {Twitter (@Arkbird_SOLG)}, title = {{Terraloader: Congrats, you have a new fake job!}}, date = {2021-03-27}, organization = {Github (StrangerealIntel)}, url = {https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/Additional%20Analysis/Terraloader/2021-03-25/Analysis.md#terraloader--congrats-you-have-a-new-fake-job-}, language = {English}, urldate = {2021-05-03} } Terraloader: Congrats, you have a new fake job!
TerraLoader
2021-03-18Github (lacework)lacework-labs
@online{laceworklabs:20210318:dga:9b57724, author = {lacework-labs}, title = {{DGA and decoder scripts for n3cr0morph IRC malware}}, date = {2021-03-18}, organization = {Github (lacework)}, url = {https://github.com/lacework/lacework-labs/tree/master/keksec}, language = {English}, urldate = {2021-03-25} } DGA and decoder scripts for n3cr0morph IRC malware
N3Cr0m0rPh
2021-03-18Github (cisagov)CISA
@online{cisa:20210318:cisa:49f510f, author = {CISA}, title = {{CISA Hunt and Incident Response Program (CHIRP)}}, date = {2021-03-18}, organization = {Github (cisagov)}, url = {https://github.com/cisagov/CHIRP}, language = {English}, urldate = {2021-03-19} } CISA Hunt and Incident Response Program (CHIRP)
SUNBURST
2021-03-06Github (microsoft)Microsoft
@online{microsoft:20210306:security:7dca242, author = {Microsoft}, title = {{Security scripts}}, date = {2021-03-06}, organization = {Github (microsoft)}, url = {https://github.com/microsoft/CSS-Exchange/tree/main/Security}, language = {English}, urldate = {2021-03-10} } Security scripts
HAFNIUM