Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-16CiscoChetan Raghuprasad, Vanja Svajcer, Asheer Malhotra
@online{raghuprasad:20211116:attackers:c31ad77, author = {Chetan Raghuprasad and Vanja Svajcer and Asheer Malhotra}, title = {{Attackers use domain fronting technique to target Myanmar with Cobalt Strike}}, date = {2021-11-16}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/11/attackers-use-domain-fronting-technique.html}, language = {English}, urldate = {2021-11-17} } Attackers use domain fronting technique to target Myanmar with Cobalt Strike
Cobalt Strike
2021-11-10RandoriRandori Attack Team
@online{team:20211110:zeroday:3c362f3, author = {Randori Attack Team}, title = {{Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064}}, date = {2021-11-10}, organization = {Randori}, url = {https://www.randori.com/blog/cve-2021-3064/}, language = {English}, urldate = {2021-11-17} } Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064
2021-11-10Twitter (@ESETresearch)ESET Research
@online{research:20211110:discovered:c5ef2c6, author = {ESET Research}, title = {{Tweet on a discovered a trojanized IDA Pro installer, distributed by the Lazarus APT group.}}, date = {2021-11-10}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1458438155149922312}, language = {English}, urldate = {2021-11-12} } Tweet on a discovered a trojanized IDA Pro installer, distributed by the Lazarus APT group.
2021-11-10Cisco TalosJungsoo An, Asheer Malhotra, Kendall McKay
@online{an:20211110:north:feab945, author = {Jungsoo An and Asheer Malhotra and Kendall McKay}, title = {{North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets}}, date = {2021-11-10}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html}, language = {English}, urldate = {2021-11-17} } North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets
GoldDragon
2021-11-09Cisco TalosClaudio Bozzato, Lilith Wyatt
@online{bozzato:20211109:cisco:2f6a349, author = {Claudio Bozzato and Lilith Wyatt}, title = {{Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton}}, date = {2021-11-09}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/11/cisco-talos-finds-10-vulnerabilities-in.html}, language = {English}, urldate = {2021-11-11} } Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton
2021-11-03Cisco TalosChetan Raghuprasad, Vanja Svajcer, Caitlin Huey
@online{raghuprasad:20211103:microsoft:2b6de43, author = {Chetan Raghuprasad and Vanja Svajcer and Caitlin Huey}, title = {{Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk}}, date = {2021-11-03}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html}, language = {English}, urldate = {2021-11-03} } Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk
Babuk CHINACHOPPER
2021-11-02GoSecureLilly Chalupowski
@online{chalupowski:20211102:new:b68bd68, author = {Lilly Chalupowski}, title = {{New Malware “Gameloader” in Discord Malspam Campaign Identified by GoSecure Titan Labs}}, date = {2021-11-02}, organization = {GoSecure}, url = {https://www.gosecure.net/blog/2021/11/02/new-malware-gameloader-in-discord-malspam-campaign-identified-by-gosecure-titan-labs/}, language = {English}, urldate = {2021-11-03} } New Malware “Gameloader” in Discord Malspam Campaign Identified by GoSecure Titan Labs
2021-10-28LookoutKristina Balaam, Paul Shunk
@online{balaam:20211028:rooting:fbbe47f, author = {Kristina Balaam and Paul Shunk}, title = {{Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign}}, date = {2021-10-28}, organization = {Lookout}, url = {https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign}, language = {English}, urldate = {2021-11-03} } Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign
AbstractEmu
2021-10-26Cisco TalosEdmund Brumaghin, Mariano Graziano, Nick Mavis
@online{brumaghin:20211026:squirrelwaffle:88c5943, author = {Edmund Brumaghin and Mariano Graziano and Nick Mavis}, title = {{SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike}}, date = {2021-10-26}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/10/squirrelwaffle-emerges.html}, language = {English}, urldate = {2021-11-02} } SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike
Cobalt Strike QakBot Squirrelwaffle
2021-10-21NetskopeGustavo Palazolo
@online{palazolo:20211021:dbatloader:7074875, author = {Gustavo Palazolo}, title = {{DBatLoader: Abusing Discord to Deliver Warzone RAT}}, date = {2021-10-21}, organization = {Netskope}, url = {https://www.netskope.com/blog/dbatloader-abusing-discord-to-deliver-warzone-rat}, language = {English}, urldate = {2021-10-26} } DBatLoader: Abusing Discord to Deliver Warzone RAT
Ave Maria DBatLoader TempleLoader
2021-10-20RiskIQJennifer Grob
@online{grob:20211020:overview:f51c170, author = {Jennifer Grob}, title = {{Overview of Malware Hosted on Discord's Content Delivery Network}}, date = {2021-10-20}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/fe25847f}, language = {English}, urldate = {2021-10-26} } Overview of Malware Hosted on Discord's Content Delivery Network
2021-10-19Cisco TalosAsheer Malhotra
@online{malhotra:20211019:malicious:6889662, author = {Asheer Malhotra}, title = {{Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India}}, date = {2021-10-19}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html}, language = {English}, urldate = {2021-11-02} } Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India
DCRat Quasar RAT
2021-10-19CiscoArtsiom Holub
@online{holub:20211019:strrat:4522f11, author = {Artsiom Holub}, title = {{STRRAT, ZLoader, and HoneyGain}}, date = {2021-10-19}, organization = {Cisco}, url = {https://umbrella.cisco.com/blog/cybersecurity-threat-spotlight-strrat-zloader-honeygain}, language = {English}, urldate = {2021-10-26} } STRRAT, ZLoader, and HoneyGain
STRRAT Zloader
2021-10-04CiscoTiago Pereira
@online{pereira:20211004:threat:9f493e1, author = {Tiago Pereira}, title = {{Threat hunting in large datasets by clustering security events}}, date = {2021-10-04}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/10/threat-hunting-in-large-datasets-by.html}, language = {English}, urldate = {2021-10-20} } Threat hunting in large datasets by clustering security events
BazarBackdoor TrickBot
2021-09-30CiscoVitor Ventura, Arnaud Zobec
@online{ventura:20210930:wolf:5617c7f, author = {Vitor Ventura and Arnaud Zobec}, title = {{A wolf in sheep's clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus}}, date = {2021-09-30}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/09/fakeantipegasusamnesty.html}, language = {English}, urldate = {2021-10-20} } A wolf in sheep's clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus
2021-09-27Security Soup BlogRyan Campbell
@online{campbell:20210927:doppeldridex:daa5f69, author = {Ryan Campbell}, title = {{DoppelDridex Delivered via Slack and Discord}}, date = {2021-09-27}, organization = {Security Soup Blog}, url = {https://security-soup.net/doppeldridex-delivered-via-slack-and-discord/}, language = {English}, urldate = {2021-09-29} } DoppelDridex Delivered via Slack and Discord
DoppelDridex
2021-09-21Trend MicroNikki Madayag, Josefino Fajilago IV
@online{madayag:20210921:cryptominer:39afc6e, author = {Nikki Madayag and Josefino Fajilago IV}, title = {{Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage}}, date = {2021-09-21}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/i/cryptominer-z0miner-uses-newly-discovered-vulnerability-cve-2021.html}, language = {English}, urldate = {2021-09-28} } Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage
2021-09-19The RecordCatalin Cimpanu
@online{cimpanu:20210919:alaska:5238129, author = {Catalin Cimpanu}, title = {{Alaska discloses ‘sophisticated’ nation-state cyberattack on health service}}, date = {2021-09-19}, organization = {The Record}, url = {https://therecord.media/alaska-discloses-sophisticated-nation-state-cyberattack-on-health-service/}, language = {English}, urldate = {2021-09-22} } Alaska discloses ‘sophisticated’ nation-state cyberattack on health service
2021-09-16CiscoTiago Pereira, Vitor Ventura
@online{pereira:20210916:operation:133992d, author = {Tiago Pereira and Vitor Ventura}, title = {{Operation Layover: How we tracked an attack on the aviation industry to five years of compromise}}, date = {2021-09-16}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/09/operation-layover-how-we-tracked-attack.html}, language = {English}, urldate = {2021-09-19} } Operation Layover: How we tracked an attack on the aviation industry to five years of compromise
AsyncRAT Houdini NjRAT
2021-09-09SymantecThreat Hunter Team
@online{team:20210909:grayfly:60c5478, author = {Threat Hunter Team}, title = {{Grayfly: Chinese Threat Actor Uses Newly-discovered Sidewalk Malware}}, date = {2021-09-09}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayfly-china-sidewalk-malware}, language = {English}, urldate = {2021-09-10} } Grayfly: Chinese Threat Actor Uses Newly-discovered Sidewalk Malware
CROSSWALK MimiKatz SideWalk