Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-02-03Huntress LabsChad Hudson
@online{hudson:20230203:ave:688ad0d, author = {Chad Hudson}, title = {{Ave Maria and the Chambers of Warzone RAT}}, date = {2023-02-03}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/ave-maria-and-the-chambers-of-warzone-rat}, language = {English}, urldate = {2023-02-03} } Ave Maria and the Chambers of Warzone RAT
Ave Maria
2022-10-12Twitter (@embee_research)Embee_research, Huntress Labs
@online{embeeresearch:20221012:tweets:3284cd3, author = {Embee_research and Huntress Labs}, title = {{Tweets on detection of Brute Ratel via API Hashes}}, date = {2022-10-12}, organization = {Twitter (@embee_research)}, url = {https://twitter.com/embee_research/status/1580030303950995456?s=20&t=0vfXnrCXaVSX-P-hiSrFwA}, language = {English}, urldate = {2022-11-21} } Tweets on detection of Brute Ratel via API Hashes
Brute Ratel C4
2022-10-11Twitter (@embee_research)Embee_research, Huntress Labs
@online{embeeresearch:20221011:havoc:3bc6fb5, author = {Embee_research and Huntress Labs}, title = {{Tweet on Havoc C2 - Static Detection Via Ntdll API Hashes}}, date = {2022-10-11}, organization = {Twitter (@embee_research)}, url = {https://twitter.com/embee_research/status/1579668721777643520?s=20&t=nDJOv1Yf5mQZKCou7qMrhQ}, language = {English}, urldate = {2022-11-21} } Tweet on Havoc C2 - Static Detection Via Ntdll API Hashes
Havoc
2022-08-16Huntress LabsDray Agha
@online{agha:20220816:cleartext:3262c13, author = {Dray Agha}, title = {{Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY}}, date = {2022-08-16}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy}, language = {English}, urldate = {2022-09-12} } Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY
2022-03-01Huntress LabsJohn Hammond
@online{hammond:20220301:targeted:c462269, author = {John Hammond}, title = {{Targeted APT Activity: BABYSHARK Is Out for Blood}}, date = {2022-03-01}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/targeted-apt-activity-babyshark-is-out-for-blood}, language = {English}, urldate = {2022-03-07} } Targeted APT Activity: BABYSHARK Is Out for Blood
BabyShark
2022-02-18Huntress LabsMatthew Brennan
@online{brennan:20220218:hackers:243d8b8, author = {Matthew Brennan}, title = {{Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection}}, date = {2022-02-18}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection}, language = {English}, urldate = {2022-02-26} } Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection
Cobalt Strike
2022-01-15Huntress LabsTeam Huntress
@online{huntress:20220115:threat:cb103f0, author = {Team Huntress}, title = {{Threat Advisory: VMware Horizon Servers Actively Being Hit With Cobalt Strike (by DEV-0401)}}, date = {2022-01-15}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/cybersecurity-advisory-vmware-horizon-servers-actively-being-hit-with-cobalt-strike}, language = {English}, urldate = {2022-03-07} } Threat Advisory: VMware Horizon Servers Actively Being Hit With Cobalt Strike (by DEV-0401)
Cobalt Strike
2021-10-22Huntress LabsCaleb Stewart
@online{stewart:20211022:threat:0cab124, author = {Caleb Stewart}, title = {{Threat Advisory: Hackers Are Exploiting a Vulnerability in Popular Billing Software to Deploy Ransomware}}, date = {2021-10-22}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware}, language = {English}, urldate = {2021-11-02} } Threat Advisory: Hackers Are Exploiting a Vulnerability in Popular Billing Software to Deploy Ransomware
2021-08-19Huntress LabsJohn Hammond
@online{hammond:20210819:microsoft:a25f571, author = {John Hammond}, title = {{Microsoft Exchange Servers Still Vulnerable to ProxyShell Exploit}}, date = {2021-08-19}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/rapid-response-microsoft-exchange-servers-still-vulnerable-to-proxyshell-exploit}, language = {English}, urldate = {2021-08-25} } Microsoft Exchange Servers Still Vulnerable to ProxyShell Exploit
2021-08-17Huntress LabsMatthew Brennan
@online{brennan:20210817:snakes:1b4d004, author = {Matthew Brennan}, title = {{Snakes on a Domain: An Analysis of a Python Malware Loader}}, date = {2021-08-17}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader}, language = {English}, urldate = {2021-08-20} } Snakes on a Domain: An Analysis of a Python Malware Loader
2021-07-20Huntress LabsJohn Hammond
@online{hammond:20210720:security:50ec27a, author = {John Hammond}, title = {{Security Researchers’ Hunt to Discover Origins of the Kaseya VSA Mass Ransomware Incident}}, date = {2021-07-20}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/security-researchers-hunt-to-discover-origins-of-the-kaseya-vsa-mass-ransomware-incident}, language = {English}, urldate = {2021-07-26} } Security Researchers’ Hunt to Discover Origins of the Kaseya VSA Mass Ransomware Incident
REvil
2021-07-02Huntress LabsHuntress Labs
@online{labs:20210702:crticial:5dd39d2, author = {Huntress Labs}, title = {{Crticial Ransomware Incident in Progress}}, date = {2021-07-02}, organization = {Huntress Labs}, url = {https://www.reddit.com/r/msp/comments/ocggbv/crticial_ransomware_incident_in_progress/}, language = {English}, urldate = {2021-07-24} } Crticial Ransomware Incident in Progress
REvil
2021-05-25Huntress LabsMatthew Brennan
@online{brennan:20210525:cobalt:c428be0, author = {Matthew Brennan}, title = {{Cobalt Strikes Again: An Analysis of Obfuscated Malware}}, date = {2021-05-25}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware}, language = {English}, urldate = {2021-06-09} } Cobalt Strikes Again: An Analysis of Obfuscated Malware
Cobalt Strike
2021-04-05Huntress LabsJohn Hammond
@online{hammond:20210405:from:6062bef, author = {John Hammond}, title = {{From PowerShell to Payload: An Analysis of Weaponized Malware}}, date = {2021-04-05}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/from-powershell-to-payload-an-analysis-of-weaponized-malware}, language = {English}, urldate = {2021-05-26} } From PowerShell to Payload: An Analysis of Weaponized Malware
2021-03-05Huntress LabsHuntress Labs
@techreport{labs:20210305:operation:1248e05, author = {Huntress Labs}, title = {{Operation Exchange Marauder}}, date = {2021-03-05}, institution = {Huntress Labs}, url = {https://www.huntress.com/hubfs/Mass%20Exploitation%20of%20Microsoft%20Exchange%20(2).pdf}, language = {English}, urldate = {2021-03-06} } Operation Exchange Marauder
CHINACHOPPER
2021-03-04Huntress LabsHuntress Labs
@online{labs:20210304:operation:1187712, author = {Huntress Labs}, title = {{Operation Exchange Marauder}}, date = {2021-03-04}, organization = {Huntress Labs}, url = {https://www.huntress.com/hubfs/Videos/Webinars/Overlay-Mass_Exploitation_of_Exchange.mp4}, language = {English}, urldate = {2021-03-06} } Operation Exchange Marauder
CHINACHOPPER
2021-03-03Huntress LabsHuntress Labs
@online{labs:20210303:mass:a0ef74d, author = {Huntress Labs}, title = {{Mass exploitation of on-prem Exchange servers :(}}, date = {2021-03-03}, organization = {Huntress Labs}, url = {https://www.reddit.com/r/msp/comments/lwmo5c/mass_exploitation_of_onprem_exchange_servers}, language = {English}, urldate = {2021-03-10} } Mass exploitation of on-prem Exchange servers :(
CHINACHOPPER HAFNIUM
2021-03-03Huntress LabsJohn Hammond
@online{hammond:20210303:rapid:7c97ee5, author = {John Hammond}, title = {{Rapid Response: Mass Exploitation of On-Prem Exchange Servers}}, date = {2021-03-03}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/rapid-response-mass-exploitation-of-on-prem-exchange-servers}, language = {English}, urldate = {2021-03-10} } Rapid Response: Mass Exploitation of On-Prem Exchange Servers
CHINACHOPPER HAFNIUM
2021-01-28Huntress LabsJohn Hammond
@techreport{hammond:20210128:analyzing:2f8dae2, author = {John Hammond}, title = {{Analyzing Ryuk Another Link in the Cyber Attack Chain}}, date = {2021-01-28}, institution = {Huntress Labs}, url = {https://storage.pardot.com/652283/16118467480sqebwq7/MSP_Security_Summit___John_Hammond_Huntress___Analyzing_Ryuk.pdf}, language = {English}, urldate = {2021-01-29} } Analyzing Ryuk Another Link in the Cyber Attack Chain
BazarBackdoor Ryuk
2020-06-18Medium Huntress LabsJohn Ferrell
@online{ferrell:20200618:hiding:c2db03f, author = {John Ferrell}, title = {{Hiding In Plain Sight}}, date = {2020-06-18}, organization = {Medium Huntress Labs}, url = {https://blog.huntresslabs.com/hiding-in-plain-sight-556469e0a4e}, language = {English}, urldate = {2020-06-19} } Hiding In Plain Sight