Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-04Twitter (@ESETresearch)Twitter (@ESETresearch)
@online{esetresearch:20220504:twitter:48f1a89, author = {Twitter (@ESETresearch)}, title = {{Twitter thread on code similarity analysis, focussing on IsaacWiper and recent Cluster25 publication}}, date = {2022-05-04}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1521910890072842240}, language = {English}, urldate = {2022-05-05} } Twitter thread on code similarity analysis, focussing on IsaacWiper and recent Cluster25 publication
IsaacWiper
2022-05-03Cluster25Cluster25
@online{cluster25:20220503:strange:1481afa, author = {Cluster25}, title = {{The Strange Link Between A Destructive Malware And A Ransomware-Gang Linked Custom Loader: IsaacWiper Vs Vatet}}, date = {2022-05-03}, organization = {Cluster25}, url = {https://cluster25.io/2022/05/03/a-strange-link-between-a-destructive-malware-and-the-loader-of-a-ransomware-group-isaacwiper-vs-vatet/}, language = {English}, urldate = {2022-05-04} } The Strange Link Between A Destructive Malware And A Ransomware-Gang Linked Custom Loader: IsaacWiper Vs Vatet
Cobalt Strike IsaacWiper PyXie
2022-05-02Trend MicroChristoper Ordonez, Alvin Nieto
@online{ordonez:20220502:avoslocker:3e0cddd, author = {Christoper Ordonez and Alvin Nieto}, title = {{AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell}}, date = {2022-05-02}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html}, language = {English}, urldate = {2022-05-04} } AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
AvosLocker
2022-04-27CISACISA, NSA, FBI, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), United Kingdom’s National Cyber Security Centre (NCSC-UK)
@online{cisa:20220427:alert:e02c831, author = {CISA and NSA and FBI and Australian Cyber Security Centre (ACSC) and Canadian Centre for Cyber Security (CCCS) and New Zealand National Cyber Security Centre (NZ NCSC) and United Kingdom’s National Cyber Security Centre (NCSC-UK)}, title = {{Alert (AA22-117A) 2021 Top Routinely Exploited Vulnerabilities}}, date = {2022-04-27}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-117a}, language = {English}, urldate = {2022-04-29} } Alert (AA22-117A) 2021 Top Routinely Exploited Vulnerabilities
2022-04-20CISACISA, NSA, FBI, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), Government Communications Security Bureau, NCSC UK, National Crime Agency (NCA)
@techreport{cisa:20220420:aa22110a:4fde5d6, author = {CISA and NSA and FBI and Australian Cyber Security Centre (ACSC) and Canadian Centre for Cyber Security (CCCS) and Government Communications Security Bureau and NCSC UK and National Crime Agency (NCA)}, title = {{AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure}}, date = {2022-04-20}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-110A_Joint_CSA_Russian_State-Sponsored_and_Criminal_Cyber_Threats_to_Critical_Infrastructure_4_20_22_Final.pdf}, language = {English}, urldate = {2022-04-25} } AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader
2022-04-20CISACISA
@online{cisa:20220420:alert:529e28c, author = {CISA}, title = {{Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure}}, date = {2022-04-20}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-110a}, language = {English}, urldate = {2022-04-25} } Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader Killnet
2022-04-18CISACISA, U.S. Department of the Treasury, FBI
@techreport{cisa:20220418:aa22108a:a0a81c6, author = {CISA and U.S. Department of the Treasury and FBI}, title = {{AA22-108A: TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies (PDF)}}, date = {2022-04-18}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-108A-TraderTraitor-North_Korea_APT_Targets_Blockchain_Companies.pdf}, language = {English}, urldate = {2022-04-20} } AA22-108A: TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies (PDF)
FastCash Bankshot
2022-04-18CISACISA, FBI, U.S. Department of the Treasury
@online{cisa:20220418:alert:dcc72c0, author = {CISA and FBI and U.S. Department of the Treasury}, title = {{Alert (AA22-108A): TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies}}, date = {2022-04-18}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-108a}, language = {English}, urldate = {2022-04-25} } Alert (AA22-108A): TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
Bankshot
2022-04-14Group-IBIvan Pisarev
@online{pisarev:20220414:old:8265433, author = {Ivan Pisarev}, title = {{Old Gremlins, new methods}}, date = {2022-04-14}, organization = {Group-IB}, url = {https://blog.group-ib.com/oldgremlin_comeback}, language = {English}, urldate = {2022-04-15} } Old Gremlins, new methods
2022-04-13CISAUS-CERT
@online{uscert:20220413:alert:e8e47a3, author = {US-CERT}, title = {{Alert (AA22-103A) APT Cyber Tools Targeting ICS/SCADA Devices}}, date = {2022-04-13}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-103a}, language = {English}, urldate = {2022-04-14} } Alert (AA22-103A) APT Cyber Tools Targeting ICS/SCADA Devices
2022-04-13MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20220413:dismantling:ace8546, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware}}, date = {2022-04-13}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/04/13/dismantling-zloader-how-malicious-ads-led-to-disabled-security-tools-and-ransomware/}, language = {English}, urldate = {2022-04-14} } Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
BlackMatter Cobalt Strike DarkSide Ryuk Zloader
2022-04-13Department of Energy (DOE), NSA, FBI, CISA
@techreport{doe:20220413:cyber:1dee54e, author = {Department of Energy (DOE) and NSA and FBI and CISA}, title = {{APT Cyber Tools Targeting ICS/SCADA Devices}}, date = {2022-04-13}, institution = {}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/Joint_Cybersecurity_Advisory_APT%20Cyber%20Tools%20Targeting%20ICS%20SCADA%20Devices.pdf}, language = {English}, urldate = {2022-04-15} } APT Cyber Tools Targeting ICS/SCADA Devices
2022-04-11Bleeping ComputerSergiu Gatlan
@online{gatlan:20220411:cisa:3a96fe3, author = {Sergiu Gatlan}, title = {{CISA warns orgs of WatchGuard bug exploited by Russian state hackers}}, date = {2022-04-11}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/cisa-warns-orgs-of-watchguard-bug-exploited-by-russian-state-hackers/}, language = {English}, urldate = {2022-05-04} } CISA warns orgs of WatchGuard bug exploited by Russian state hackers
CyclopsBlink
2022-03-24Recorded FutureInsikt Group®
@online{group:20220324:isaacwiper:ee6aace, author = {Insikt Group®}, title = {{IsaacWiper Continues Trend of Wiper Attacks Against Ukraine}}, date = {2022-03-24}, organization = {Recorded Future}, url = {https://www.recordedfuture.com/isaacwiper-continues-trend-wiper-attacks-against-ukraine/}, language = {English}, urldate = {2022-03-25} } IsaacWiper Continues Trend of Wiper Attacks Against Ukraine
IsaacWiper
2022-03-24CISAUS-CERT
@online{uscert:20220324:alert:03a7f21, author = {US-CERT}, title = {{Alert (AA22-083A) Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector}}, date = {2022-03-24}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-083a}, language = {English}, urldate = {2022-03-25} } Alert (AA22-083A) Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector
Havex RAT Triton
2022-03-24Recorded FutureInsikt Group
@techreport{group:20220324:isaacwiper:82f3d6d, author = {Insikt Group}, title = {{IsaacWiper Continues Trend of Wiper Attacks Against Ukraine}}, date = {2022-03-24}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/mtp-2022-0324.pdf}, language = {English}, urldate = {2022-03-25} } IsaacWiper Continues Trend of Wiper Attacks Against Ukraine
IsaacWiper
2022-03-21Threat PostLisa Vaas
@online{vaas:20220321:conti:0b203c8, author = {Lisa Vaas}, title = {{Conti Ransomware V. 3, Including Decryptor, Leaked}}, date = {2022-03-21}, organization = {Threat Post}, url = {https://threatpost.com/conti-ransomware-v-3-including-decryptor-leaked/179006/}, language = {English}, urldate = {2022-03-22} } Conti Ransomware V. 3, Including Decryptor, Leaked
Cobalt Strike Conti TrickBot
2022-03-18MalwarebytesThreat Intelligence Team
@online{team:20220318:double:fde615f, author = {Threat Intelligence Team}, title = {{Double header: IsaacWiper and CaddyWiper}}, date = {2022-03-18}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/03/double-header-isaacwiper-and-caddywiper/}, language = {English}, urldate = {2022-03-28} } Double header: IsaacWiper and CaddyWiper
CaddyWiper IsaacWiper
2022-03-17CISAUS-CERT
@techreport{uscert:20220317:alert:5cbab55, author = {US-CERT}, title = {{Alert (AA22-076A) Strengthening Cybersecurity of SATCOM Network Providers and Customers}}, date = {2022-03-17}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-076_Strengthening_Cybersecurity_of_SATCOM_Network_Providers_and_Customers.pdf}, language = {English}, urldate = {2022-04-07} } Alert (AA22-076A) Strengthening Cybersecurity of SATCOM Network Providers and Customers
2022-03-15CISAUS-CERT
@online{uscert:20220315:alert:2cd6a44, author = {US-CERT}, title = {{Alert (AA22-074A) Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability}}, date = {2022-03-15}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-074a}, language = {English}, urldate = {2022-03-17} } Alert (AA22-074A) Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability