Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-21CISAFBI, CISA
@techreport{fbi:20220921:aa22264a:9ac5793, author = {FBI and CISA}, title = {{AA22-264A: Iranian State Actors Conduct Cyber Operations Against the Government of Albania (PDF)}}, date = {2022-09-21}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/aa22-264a-iranian-cyber-actors-conduct-cyber-operations-against-the-government-of-albania.pdf}, language = {English}, urldate = {2022-09-26} } AA22-264A: Iranian State Actors Conduct Cyber Operations Against the Government of Albania (PDF)
Unidentified 095 (Iranian Wiper)
2022-09-21CISAFBI, CISA
@online{fbi:20220921:alert:215e4f3, author = {FBI and CISA}, title = {{Alert (AA22-264A) Iranian State Actors Conduct Cyber Operations Against the Government of Albania}}, date = {2022-09-21}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-264a}, language = {English}, urldate = {2022-09-26} } Alert (AA22-264A) Iranian State Actors Conduct Cyber Operations Against the Government of Albania
Unidentified 095 (Iranian Wiper)
2022-09-14Mandiantmacla, Mathew Potaczek, Nino Isakovic, Matt Williams, Yash Gupta
@online{macla:20220914:its:1d63d78, author = {macla and Mathew Potaczek and Nino Isakovic and Matt Williams and Yash Gupta}, title = {{It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp}}, date = {2022-09-14}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/dprk-whatsapp-phishing}, language = {English}, urldate = {2022-09-19} } It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp
BLINDINGCAN
2022-09-14KISAKISA
@techreport{kisa:20220914:ttps7:cd9faff, author = {KISA}, title = {{TTPs#7: Analysis on Lateral Movement Strategy Using SMB/Admin Share}}, date = {2022-09-14}, institution = {KISA}, url = {https://www.boho.or.kr/filedownload.do?attach_file_seq=3669&attach_file_id=EpF3669.pdf}, language = {English}, urldate = {2022-09-19} } TTPs#7: Analysis on Lateral Movement Strategy Using SMB/Admin Share
2022-09-14CISAFBI, US-CERT, NSA, U.S. Cyber Command, U.S. Department of the Treasury, Australian Cyber Security Centre (ACSC), CSE Canada, NCSC UK
@online{fbi:20220914:alert:c9a3789, author = {FBI and US-CERT and NSA and U.S. Cyber Command and U.S. Department of the Treasury and Australian Cyber Security Centre (ACSC) and CSE Canada and NCSC UK}, title = {{Alert (AA22-257A): Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations}}, date = {2022-09-14}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-257a}, language = {English}, urldate = {2022-09-20} } Alert (AA22-257A): Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations
2022-09-06CISAUS-CERT, FBI, CISA, MS-ISAC
@online{uscert:20220906:alert:4058a6d, author = {US-CERT and FBI and CISA and MS-ISAC}, title = {{Alert (AA22-249A) #StopRansomware: Vice Society}}, date = {2022-09-06}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-249a}, language = {English}, urldate = {2022-09-16} } Alert (AA22-249A) #StopRansomware: Vice Society
Cobalt Strike Empire Downloader FiveHands HelloKitty SystemBC Zeppelin
2022-08-11CISACISA, FBI
@online{cisa:20220811:alert:d9f4fc0, author = {CISA and FBI}, title = {{Alert (AA22-223A) #StopRansomware: Zeppelin Ransomware}}, date = {2022-08-11}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-223a}, language = {English}, urldate = {2022-08-12} } Alert (AA22-223A) #StopRansomware: Zeppelin Ransomware
Zeppelin
2022-08-11CISAFBI, CISA
@techreport{fbi:20220811:stopransomware:d37ee96, author = {FBI and CISA}, title = {{#StopRansomware: Zeppelin Ransomware (PDF)}}, date = {2022-08-11}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-223A_Zeppelin_CSA.pdf}, language = {English}, urldate = {2022-08-15} } #StopRansomware: Zeppelin Ransomware (PDF)
Zeppelin
2022-07-29ENISAIfigeneia Lella, Eleni Tsekmezoglou, Rossen Naydenov, Apostolos Malatras, Sebastian García, Veronica Valeros
@online{lella:20220729:enisa:5967745, author = {Ifigeneia Lella and Eleni Tsekmezoglou and Rossen Naydenov and Apostolos Malatras and Sebastian García and Veronica Valeros}, title = {{ENISA Threat Landscape for Ransomware Attacks}}, date = {2022-07-29}, organization = {ENISA}, url = {https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-ransomware-attacks}, language = {English}, urldate = {2022-08-28} } ENISA Threat Landscape for Ransomware Attacks
2022-07-06CISAFBI, CISA, Department of the Treasury (Treasury)
@techreport{fbi:20220706:csa:fcffb49, author = {FBI and CISA and Department of the Treasury (Treasury)}, title = {{CSA AA22-187A: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector (PDF)}}, date = {2022-07-06}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/aa22-187a-north-korean%20state-sponsored-cyber-actors-use-maui-ransomware-to-target-the-hph-sector.pdf}, language = {English}, urldate = {2022-07-13} } CSA AA22-187A: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector (PDF)
Maui Ransomware
2022-07-06CISAFBI, CISA, Department of the Treasury (Treasury)
@online{fbi:20220706:alert:4231af8, author = {FBI and CISA and Department of the Treasury (Treasury)}, title = {{Alert (AA22-187A): North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector}}, date = {2022-07-06}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-187a}, language = {English}, urldate = {2022-07-13} } Alert (AA22-187A): North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector
Maui Ransomware
2022-07-01CISACISA, FBI, Department of the Treasury (Treasury), FINCEN
@online{cisa:20220701:alert:12e80c1, author = {CISA and FBI and Department of the Treasury (Treasury) and FINCEN}, title = {{Alert (AA22-181A): #StopRansomware: MedusaLocker}}, date = {2022-07-01}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-181a}, language = {English}, urldate = {2022-07-05} } Alert (AA22-181A): #StopRansomware: MedusaLocker
MedusaLocker
2022-06-30CISACISA, FBI, Department of the Treasury (Treasury), FINCEN
@techreport{cisa:20220630:csa:59d0928, author = {CISA and FBI and Department of the Treasury (Treasury) and FINCEN}, title = {{CSA (AA22-181A): #StopRansomware: MedusaLocker}}, date = {2022-06-30}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-181A_stopransomware_medusalocker.pdf}, language = {English}, urldate = {2022-07-05} } CSA (AA22-181A): #StopRansomware: MedusaLocker
MedusaLocker
2022-06-27InQuestIsabelle Quinn
@online{quinn:20220627:glowsand:deff96a, author = {Isabelle Quinn}, title = {{GlowSand}}, date = {2022-06-27}, organization = {InQuest}, url = {https://inquest.net/blog/2022/06/27/glowsand}, language = {English}, urldate = {2022-06-30} } GlowSand
2022-06-01CISACISA, FBI, Department of the Treasury (Treasury), FINCEN
@online{cisa:20220601:alert:f73857d, author = {CISA and FBI and Department of the Treasury (Treasury) and FINCEN}, title = {{Alert (AA22-152A): Karakurt Data Extortion Group}}, date = {2022-06-01}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-152a}, language = {English}, urldate = {2022-06-02} } Alert (AA22-152A): Karakurt Data Extortion Group
MimiKatz
2022-06-01CISAFBI, CISA, Department of the Treasury (Treasury), FINCEN
@techreport{fbi:20220601:joint:366b0d0, author = {FBI and CISA and Department of the Treasury (Treasury) and FINCEN}, title = {{Joint Cybersecurity Advisory (Product ID AA22-152A): Karakurt Data Extortion Group}}, date = {2022-06-01}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-152A_Karakurt_Data_Extortion_Group.pdf}, language = {English}, urldate = {2022-06-02} } Joint Cybersecurity Advisory (Product ID AA22-152A): Karakurt Data Extortion Group
MimiKatz
2022-05-04Twitter (@ESETresearch)Twitter (@ESETresearch)
@online{esetresearch:20220504:twitter:48f1a89, author = {Twitter (@ESETresearch)}, title = {{Twitter thread on code similarity analysis, focussing on IsaacWiper and recent Cluster25 publication}}, date = {2022-05-04}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1521910890072842240}, language = {English}, urldate = {2022-05-05} } Twitter thread on code similarity analysis, focussing on IsaacWiper and recent Cluster25 publication
IsaacWiper
2022-05-03Cluster25Cluster25
@online{cluster25:20220503:strange:1481afa, author = {Cluster25}, title = {{The Strange Link Between A Destructive Malware And A Ransomware-Gang Linked Custom Loader: IsaacWiper Vs Vatet}}, date = {2022-05-03}, organization = {Cluster25}, url = {https://cluster25.io/2022/05/03/a-strange-link-between-a-destructive-malware-and-the-loader-of-a-ransomware-group-isaacwiper-vs-vatet/}, language = {English}, urldate = {2022-05-04} } The Strange Link Between A Destructive Malware And A Ransomware-Gang Linked Custom Loader: IsaacWiper Vs Vatet
Cobalt Strike IsaacWiper PyXie
2022-05-02Trend MicroChristoper Ordonez, Alvin Nieto
@online{ordonez:20220502:avoslocker:3e0cddd, author = {Christoper Ordonez and Alvin Nieto}, title = {{AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell}}, date = {2022-05-02}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html}, language = {English}, urldate = {2022-05-04} } AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
AvosLocker
2022-04-27CISACISA, NSA, FBI, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), United Kingdom’s National Cyber Security Centre (NCSC-UK)
@online{cisa:20220427:alert:e02c831, author = {CISA and NSA and FBI and Australian Cyber Security Centre (ACSC) and Canadian Centre for Cyber Security (CCCS) and New Zealand National Cyber Security Centre (NZ NCSC) and United Kingdom’s National Cyber Security Centre (NCSC-UK)}, title = {{Alert (AA22-117A) 2021 Top Routinely Exploited Vulnerabilities}}, date = {2022-04-27}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-117a}, language = {English}, urldate = {2022-04-29} } Alert (AA22-117A) 2021 Top Routinely Exploited Vulnerabilities