Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-13Sansec Threat ResearchSansec Threat Research Team
@online{team:20220913:magento:5f0f103, author = {Sansec Threat Research Team}, title = {{Magento vendor Fishpig hacked, backdoors added}}, date = {2022-09-13}, organization = {Sansec Threat Research}, url = {https://sansec.io/research/rekoobe-fishpig-magento}, language = {English}, urldate = {2022-09-15} } Magento vendor Fishpig hacked, backdoors added
Rekoobe
2022-06-06HPPatrick Schläpfer
@online{schlpfer:20220606:svcready:c673858, author = {Patrick Schläpfer}, title = {{SVCReady: A New Loader Gets Ready}}, date = {2022-06-06}, organization = {HP}, url = {https://threatresearch.ext.hp.com/svcready-a-new-loader-reveals-itself/}, language = {English}, urldate = {2022-06-08} } SVCReady: A New Loader Gets Ready
SVCReady
2022-05-20HPPatrick Schläpfer
@online{schlpfer:20220520:pdf:34ac538, author = {Patrick Schläpfer}, title = {{PDF Malware Is Not Yet Dead}}, date = {2022-05-20}, organization = {HP}, url = {https://threatresearch.ext.hp.com/pdf-malware-is-not-yet-dead/}, language = {English}, urldate = {2022-05-24} } PDF Malware Is Not Yet Dead
404 Keylogger
2022-05-16FBIFBI
@techreport{fbi:20220516:fbi:0ff55a3, author = {FBI}, title = {{FBI Flash MC-000170-MW: Cyber Actors Scrape Credit Card Data from US Business’ Online Checkout Page and Maintain Persistence by Injecting Malicious PHP Code}}, date = {2022-05-16}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2022/220516.pdf}, language = {English}, urldate = {2022-05-25} } FBI Flash MC-000170-MW: Cyber Actors Scrape Credit Card Data from US Business’ Online Checkout Page and Maintain Persistence by Injecting Malicious PHP Code
2022-05-11HPHP Wolf Security
@techreport{security:20220511:threat:bd460f0, author = {HP Wolf Security}, title = {{Threat Insights Report Q1 - 2022}}, date = {2022-05-11}, institution = {HP}, url = {https://threatresearch.ext.hp.com/wp-content/uploads/2022/05/HP-Wolf-Security-Threat-Insights-Report-Q1-2022.pdf}, language = {English}, urldate = {2022-05-13} } Threat Insights Report Q1 - 2022
AsyncRAT Emotet Mekotio Vjw0rm
2022-05-04HPPatrick Schläpfer
@online{schlpfer:20220504:tips:f12f7ba, author = {Patrick Schläpfer}, title = {{Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware}}, date = {2022-05-04}, organization = {HP}, url = {https://threatresearch.ext.hp.com/tips-for-automating-ioc-extraction-from-gootloader-a-changing-javascript-malware/}, language = {English}, urldate = {2022-05-05} } Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware
GootLoader
2022-04-12HPPatrick Schläpfer
@online{schlpfer:20220412:malware:5032799, author = {Patrick Schläpfer}, title = {{Malware Campaigns Targeting African Banking Sector}}, date = {2022-04-12}, organization = {HP}, url = {https://threatresearch.ext.hp.com/malware-campaigns-targeting-african-banking-sector/}, language = {English}, urldate = {2022-04-15} } Malware Campaigns Targeting African Banking Sector
CloudEyE Remcos
2022-03-30Twitter (@hpsecurity)HP Wolf Security
@online{security:20220330:recent:56ca1b3, author = {HP Wolf Security}, title = {{Tweet on recent Mekotio Banker campaign}}, date = {2022-03-30}, organization = {Twitter (@hpsecurity)}, url = {https://twitter.com/hpsecurity/status/1509185858146082816}, language = {English}, urldate = {2022-03-31} } Tweet on recent Mekotio Banker campaign
Mekotio
2022-02-09FlashpointFlashpoint
@online{flashpoint:20220209:russia:3367b7a, author = {Flashpoint}, title = {{Russia Seizes Ferum, Sky-Fraud, UAS, and Trump’s Dumps—and Signals More Takedowns to Come}}, date = {2022-02-09}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/press-post/russia-seizes-ferum-skyfraud-uas-trumpsdumps-carding-forums/}, language = {English}, urldate = {2022-02-14} } Russia Seizes Ferum, Sky-Fraud, UAS, and Trump’s Dumps—and Signals More Takedowns to Come
2022-02-08HPPatrick Schläpfer
@online{schlpfer:20220208:attackers:1a91251, author = {Patrick Schläpfer}, title = {{Attackers Disguise RedLine Stealer as a Windows 11 Upgrade}}, date = {2022-02-08}, organization = {HP}, url = {https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/}, language = {English}, urldate = {2022-02-14} } Attackers Disguise RedLine Stealer as a Windows 11 Upgrade
RedLine Stealer
2022-01-14HPPatrick Schläpfer
@online{schlpfer:20220114:how:0795917, author = {Patrick Schläpfer}, title = {{How Attackers Use XLL Malware to Infect Systems}}, date = {2022-01-14}, organization = {HP}, url = {https://threatresearch.ext.hp.com/how-attackers-use-xll-malware-to-infect-systems/}, language = {English}, urldate = {2022-01-18} } How Attackers Use XLL Malware to Infect Systems
2021-12-09HPPatrick Schläpfer
@online{schlpfer:20211209:emotets:aa090a7, author = {Patrick Schläpfer}, title = {{Emotet’s Return: What’s Different?}}, date = {2021-12-09}, organization = {HP}, url = {https://threatresearch.ext.hp.com/emotets-return-whats-different/}, language = {English}, urldate = {2022-01-18} } Emotet’s Return: What’s Different?
Emotet
2021-11-23HPPatrick Schläpfer
@online{schlpfer:20211123:ratdispenser:4677686, author = {Patrick Schläpfer}, title = {{RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild}}, date = {2021-11-23}, organization = {HP}, url = {https://threatresearch.ext.hp.com/javascript-malware-dispensing-rats-into-the-wild/}, language = {English}, urldate = {2021-11-29} } RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild
AdWind Ratty STRRAT CloudEyE Formbook Houdini Panda Stealer Remcos
2021-11-16FlashpointFlashpoint
@online{flashpoint:20211116:ramp:c1804cf, author = {Flashpoint}, title = {{RAMP Ransomware’s Apparent Overture to Chinese Threat Actors}}, date = {2021-11-16}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/ramp-ransomware-chinese-threat-actors/}, language = {English}, urldate = {2021-11-18} } RAMP Ransomware’s Apparent Overture to Chinese Threat Actors
2021-10-18FlashpointFlashpoint
@online{flashpoint:20211018:revil:104ed52, author = {Flashpoint}, title = {{REvil Disappears Again: ‘Something Is Rotten in the State of Ransomware’}}, date = {2021-10-18}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/revil-disappears-again/}, language = {English}, urldate = {2021-10-24} } REvil Disappears Again: ‘Something Is Rotten in the State of Ransomware’
REvil REvil
2021-10HPHP Wolf Security
@techreport{security:202110:threat:49f8fc2, author = {HP Wolf Security}, title = {{Threat Insights Report Q3 - 2021}}, date = {2021-10}, institution = {HP}, url = {https://threatresearch.ext.hp.com/wp-content/uploads/2021/10/HP-Wolf-Security-Threat-Insights-Report-Q3-2021.pdf}, language = {English}, urldate = {2021-10-25} } Threat Insights Report Q3 - 2021
STRRAT CloudEyE NetWire RC Remcos TrickBot Vjw0rm
2021-09-29FlashpointFlashpoint
@online{flashpoint:20210929:russian:565e147, author = {Flashpoint}, title = {{Russian hacker Q&A: An Interview With REvil-Affiliated Ransomware Contractor}}, date = {2021-09-29}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/interview-with-revil-affiliated-ransomware-contractor/}, language = {English}, urldate = {2021-10-26} } Russian hacker Q&A: An Interview With REvil-Affiliated Ransomware Contractor
REvil REvil
2021-09-28FlashpointFlashpoint
@online{flashpoint:20210928:revils:ffcbfac, author = {Flashpoint}, title = {{REvil’s “Cryptobackdoor” Con: Ransomware Group’s Tactics Roil Affiliates, Sparking a Fallout}}, date = {2021-09-28}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/revils-cryptobackdoor-con-ransomware-groups-tactics-roil-affiliates-sparking-a-fallout/}, language = {English}, urldate = {2021-10-13} } REvil’s “Cryptobackdoor” Con: Ransomware Group’s Tactics Roil Affiliates, Sparking a Fallout
REvil
2021-09-19HPPatrick Schläpfer
@online{schlpfer:20210919:mirrorblast:a81e63c, author = {Patrick Schläpfer}, title = {{MirrorBlast and TA505: Examining Similarities in Tactics, Techniques and Procedures}}, date = {2021-09-19}, organization = {HP}, url = {https://threatresearch.ext.hp.com/mirrorblast-and-ta505-examining-similarities-in-tactics-techniques-and-procedures/}, language = {English}, urldate = {2021-10-24} } MirrorBlast and TA505: Examining Similarities in Tactics, Techniques and Procedures
MirrorBlast
2021-08-10FlashpointFlashpoint
@online{flashpoint:20210810:revil:8be7760, author = {Flashpoint}, title = {{REvil Master Key for Kaseya Attack Posted to XSS}}, date = {2021-08-10}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/possible-universal-revil-master-key-posted-to-xss/}, language = {English}, urldate = {2021-08-11} } REvil Master Key for Kaseya Attack Posted to XSS
REvil