Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-24GoogleGoogle Cybersecurity Action Team, Google Threat Analysis Group
@techreport{team:20211124:threat:a837017, author = {Google Cybersecurity Action Team and Google Threat Analysis Group}, title = {{Threat Horizons Cloud Threat Intelligence November 2021. Issue 1}}, date = {2021-11-24}, institution = {Google}, url = {https://services.google.com/fh/files/misc/gcat_threathorizons_full_nov2021.pdf}, language = {English}, urldate = {2021-11-29} } Threat Horizons Cloud Threat Intelligence November 2021. Issue 1
BlackMatter
2021-11-12360 netlabAlex.Turing, Hui Wang, YANG XU
@online{alexturing:20211112:malware:70f965d, author = {Alex.Turing and Hui Wang and YANG XU}, title = {{Malware uses namesilo Parking pages and Google's custom pages to spread}}, date = {2021-11-12}, organization = {360 netlab}, url = {https://blog.netlab.360.com/zhatuniubility-malware-uses-namesilo-parking-pages-and-googles-custom-pages-to-spread/}, language = {English}, urldate = {2021-11-17} } Malware uses namesilo Parking pages and Google's custom pages to spread
2021-11-11GoogleErye Hernandez, Google Threat Analysis Group
@online{hernandez:20211111:analyzing:8107f2e, author = {Erye Hernandez and Google Threat Analysis Group}, title = {{Analyzing a watering hole campaign using macOS exploits}}, date = {2021-11-11}, organization = {Google}, url = {https://blog.google/threat-analysis-group/analyzing-watering-hole-campaign-using-macos-exploits/}, language = {English}, urldate = {2021-11-17} } Analyzing a watering hole campaign using macOS exploits
CDDS
2021-11-10Twitter (@billyleonard)Billy Leonard, Google Threat Analysis Group
@online{leonard:20211110:rekoobe:2f64840, author = {Billy Leonard and Google Threat Analysis Group}, title = {{Tweet on Rekoobe (used by APT31), being a fork of open source tool called Tiny SHell, used by different actor since at least 2012}}, date = {2021-11-10}, organization = {Twitter (@billyleonard)}, url = {https://twitter.com/billyleonard/status/1458531997576572929}, language = {English}, urldate = {2021-11-17} } Tweet on Rekoobe (used by APT31), being a fork of open source tool called Tiny SHell, used by different actor since at least 2012
Rekoobe
2021-11-04The RecordCatalin Cimpanu
@online{cimpanu:20211104:google:340c884, author = {Catalin Cimpanu}, title = {{Google fixes Android zero-day exploited in the wild in targeted attacks (CVE-2021-1048)}}, date = {2021-11-04}, organization = {The Record}, url = {https://therecord.media/google-fixes-android-zero-day-exploited-in-the-wild-in-targeted-attacks/}, language = {English}, urldate = {2021-11-08} } Google fixes Android zero-day exploited in the wild in targeted attacks (CVE-2021-1048)
2021-10-29GoogleShane Huntley, Google Threat Analysis Group
@online{huntley:20211029:tag:49e2993, author = {Shane Huntley and Google Threat Analysis Group}, title = {{TAG Bulletin: Q3 2021}}, date = {2021-10-29}, organization = {Google}, url = {https://blog.google/threat-analysis-group/tag-bulletin-q3-2021/}, language = {English}, urldate = {2021-11-17} } TAG Bulletin: Q3 2021
2021-10-25AvastJakub Vávra
@online{vvra:20211025:ultimasms:9720c12, author = {Jakub Vávra}, title = {{UltimaSMS: A widespread premium SMS scam on the Google Play Store}}, date = {2021-10-25}, organization = {Avast}, url = {https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast}, language = {English}, urldate = {2021-11-03} } UltimaSMS: A widespread premium SMS scam on the Google Play Store
UltimaSMS
2021-10-20GoogleAshley Shen, Google Threat Analysis Group
@online{shen:20211020:phishing:b0fa074, author = {Ashley Shen and Google Threat Analysis Group}, title = {{Phishing campaign targets YouTube creators with cookie theft malware}}, date = {2021-10-20}, organization = {Google}, url = {https://blog.google/threat-analysis-group/phishing-campaign-targets-youtube-creators-cookie-theft-malware/}, language = {English}, urldate = {2021-10-26} } Phishing campaign targets YouTube creators with cookie theft malware
2021-10-14GoogleAjax Bash, Google Threat Analysis Group
@online{bash:20211014:countering:eef058c, author = {Ajax Bash and Google Threat Analysis Group}, title = {{Countering threats from Iran (APT35)}}, date = {2021-10-14}, organization = {Google}, url = {https://blog.google/threat-analysis-group/countering-threats-iran/}, language = {English}, urldate = {2021-10-25} } Countering threats from Iran (APT35)
2021-10-07Twitter (@billyleonard)Billy Leonard, Google Threat Analysis Group
@online{leonard:20211007:iocs:db42716, author = {Billy Leonard and Google Threat Analysis Group}, title = {{Tweet on IOCs related to APT28}}, date = {2021-10-07}, organization = {Twitter (@billyleonard)}, url = {https://twitter.com/billyleonard/status/1446226367008313344}, language = {English}, urldate = {2021-11-17} } Tweet on IOCs related to APT28
2021-10-07The RecordCatalin Cimpanu
@online{cimpanu:20211007:google:653f25d, author = {Catalin Cimpanu}, title = {{Google notifies 14,000 Gmail users of targeted APT28 attacks}}, date = {2021-10-07}, organization = {The Record}, url = {https://therecord.media/google-notifies-14000-gmail-users-of-targeted-apt28-attacks/}, language = {English}, urldate = {2021-10-13} } Google notifies 14,000 Gmail users of targeted APT28 attacks
2021-09-29TelsyTelsy Research Team
@online{team:20210929:google:127939e, author = {Telsy Research Team}, title = {{Google Drive abused in document exfiltration operation against Afghanistan}}, date = {2021-09-29}, organization = {Telsy}, url = {https://www.telsy.com/google-drive-abused-in-document-exfiltration-operation-against-afghanistan/}, language = {English}, urldate = {2021-10-11} } Google Drive abused in document exfiltration operation against Afghanistan
2021-09-26Medium BlueteamOpsBlueteamOps
@online{blueteamops:20210926:supercharging:aad33da, author = {BlueteamOps}, title = {{Supercharging Bulk DFIR triage with Node-RED, Google’s Log2timeline & Google’s Timesketch}}, date = {2021-09-26}, organization = {Medium BlueteamOps}, url = {https://blueteamops.medium.com/super-charging-bulk-dfir-triage-with-node-red-google-log2timeline-google-timesketch-2d78e1ee335c}, language = {English}, urldate = {2021-09-28} } Supercharging Bulk DFIR triage with Node-RED, Google’s Log2timeline & Google’s Timesketch
2021-09-23GoogleNeel Mehta, Google Threat Analysis Group
@online{mehta:20210923:financially:8f507b2, author = {Neel Mehta and Google Threat Analysis Group}, title = {{Financially motivated actor breaks certificate parsing to avoid detection}}, date = {2021-09-23}, organization = {Google}, url = {https://blog.google/threat-analysis-group/financially-motivated-actor-breaks-certificate-parsing-avoid-detection/}, language = {English}, urldate = {2021-09-29} } Financially motivated actor breaks certificate parsing to avoid detection
OpenSUpdater
2021-09-23SophosSean Gallagher
@online{gallagher:20210923:phishing:0753a1d, author = {Sean Gallagher}, title = {{Phishing and malware actors abuse Google Forms for credentials, data exfiltration}}, date = {2021-09-23}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/09/23/phishing-and-malware-actors-abuse-google-forms-for-credentials-data-exfiltration/}, language = {English}, urldate = {2021-09-28} } Phishing and malware actors abuse Google Forms for credentials, data exfiltration
2021-07-14GoogleMaddie Stone, Clement Lecigne, Google Threat Analysis Group
@online{stone:20210714:how:38dfdc6, author = {Maddie Stone and Clement Lecigne and Google Threat Analysis Group}, title = {{How We Protect Users From 0-Day Attacks (CVE-2021-21166, CVE-2021-30551, CVE-2021-33742, CVE-2021-1879)}}, date = {2021-07-14}, organization = {Google}, url = {https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/}, language = {English}, urldate = {2021-07-26} } How We Protect Users From 0-Day Attacks (CVE-2021-21166, CVE-2021-30551, CVE-2021-33742, CVE-2021-1879)
Cobalt Strike
2021-06-02MorphisecMichael Gorelik
@online{gorelik:20210602:google:eb1bf13, author = {Michael Gorelik}, title = {{Google PPC Ads Deliver Redline, Taurus, and mini-Redline Infostealers}}, date = {2021-06-02}, organization = {Morphisec}, url = {https://blog.morphisec.com/google-ppc-ads-deliver-redline-taurus-and-mini-redline-infostealers}, language = {English}, urldate = {2021-06-16} } Google PPC Ads Deliver Redline, Taurus, and mini-Redline Infostealers
RedLine Stealer Taurus Stealer
2021-05-26RiskIQJordan Herman
@online{herman:20210526:mobileinter:bfb90e8, author = {Jordan Herman}, title = {{The MobileInter Skimmer: Hosted by Google, Hiding in Images}}, date = {2021-05-26}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/8109e7ab}, language = {English}, urldate = {2021-06-09} } The MobileInter Skimmer: Hosted by Google, Hiding in Images
2021-05-06Group-IBViktor Okorokov
@online{okorokov:20210506:grelosgtm:7324b2c, author = {Viktor Okorokov}, title = {{GrelosGTM group abuses Google Tag Manager to attack e-commerce websites}}, date = {2021-05-06}, organization = {Group-IB}, url = {https://blog.group-ib.com/grelosgtm}, language = {English}, urldate = {2021-06-16} } GrelosGTM group abuses Google Tag Manager to attack e-commerce websites
2021-03-31GoogleAdam Weidemann, Google Threat Analysis Group
@online{weidemann:20210331:update:592d9dc, author = {Adam Weidemann and Google Threat Analysis Group}, title = {{Update on campaign targeting security researchers}}, date = {2021-03-31}, organization = {Google}, url = {https://blog.google/threat-analysis-group/update-campaign-targeting-security-researchers/}, language = {English}, urldate = {2021-04-06} } Update on campaign targeting security researchers