Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-11-21TrellixErnesto Fernández Provecho, Pham Duy Phuc, Ciana Driscoll, Vinoo Thomas
@online{provecho:20231121:continued:8a0bc28, author = {Ernesto Fernández Provecho and Pham Duy Phuc and Ciana Driscoll and Vinoo Thomas}, title = {{The Continued Evolution of the DarkGate Malware-as-a-Service}}, date = {2023-11-21}, organization = {Trellix}, url = {https://www.trellix.com/about/newsroom/stories/research/the-continued-evolution-of-the-darkgate-malware-as-a-service/}, language = {English}, urldate = {2023-11-27} } The Continued Evolution of the DarkGate Malware-as-a-Service
DarkGate
2023-11-17Cisco TalosGuilherme Venere
@online{venere:20231117:deep:b5f97e0, author = {Guilherme Venere}, title = {{A deep dive into Phobos ransomware, recently deployed by 8Base group}}, date = {2023-11-17}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/}, language = {English}, urldate = {2023-11-27} } A deep dive into Phobos ransomware, recently deployed by 8Base group
8Base Phobos
2023-11-17Cisco TalosGuilherme Venere
@online{venere:20231117:understanding:0f7a321, author = {Guilherme Venere}, title = {{Understanding the Phobos affiliate structure and activity}}, date = {2023-11-17}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/understanding-the-phobos-affiliate-structure/}, language = {English}, urldate = {2023-11-23} } Understanding the Phobos affiliate structure and activity
Phobos
2023-11-01SANS ISCXavier Mertens
@online{mertens:20231101:malware:c5ceeb2, author = {Xavier Mertens}, title = {{Malware Dropped Through a ZPAQ Archive}}, date = {2023-11-01}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/Malware+Dropped+Through+a+ZPAQ+Archive/30366/}, language = {English}, urldate = {2023-11-13} } Malware Dropped Through a ZPAQ Archive
2023-10-13ElasticCyril François
@online{franois:20231013:disclosing:d78b876, author = {Cyril François}, title = {{Disclosing the BLOODALCHEMY backdoor}}, date = {2023-10-13}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor}, language = {English}, urldate = {2023-11-14} } Disclosing the BLOODALCHEMY backdoor
win.trojan.bloodalchemy REF5961
2023-09-25NSFOCUSNSFOCUS
@online{nsfocus:20230925:warning:51a3324, author = {NSFOCUS}, title = {{Warning: Newly Discovered APT Attacker AtlasCross Exploits Red Cross Blood Drive Phishing for Cyberattack}}, date = {2023-09-25}, organization = {NSFOCUS}, url = {https://nsfocusglobal.com/warning-newly-discovered-apt-attacker-atlascross-exploits-red-cross-blood-drive-phishing-for-cyberattack/}, language = {English}, urldate = {2023-10-16} } Warning: Newly Discovered APT Attacker AtlasCross Exploits Red Cross Blood Drive Phishing for Cyberattack
AtlasAgent AtlasCross
2023-09-19Cisco TalosAsheer Malhotra, Caitlin Huey, Sean Taylor, Vitor Ventura, Arnaud Zobec
@online{malhotra:20230919:new:a39af36, author = {Asheer Malhotra and Caitlin Huey and Sean Taylor and Vitor Ventura and Arnaud Zobec}, title = {{New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants}}, date = {2023-09-19}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/introducing-shrouded-snooper/}, language = {English}, urldate = {2023-09-20} } New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants
HTTPSnoop PipeSnoop ShroudedSnooper
2023-09-11SymantecSymantec Threat Intelligence
@online{intelligence:20230911:about:e53f947, author = {Symantec Threat Intelligence}, title = {{Tweet about Symantec discovering a new variant of SiestaGraph}}, date = {2023-09-11}, organization = {Symantec}, url = {https://x.com/threatintel/status/1701259256199090217}, language = {English}, urldate = {2023-09-18} } Tweet about Symantec discovering a new variant of SiestaGraph
SiestaGraph
2023-09-07Silent PushSilent Push
@online{push:20230907:from:455edff, author = {Silent Push}, title = {{'From Russia with a 71': Uncovering Gamaredon's fast flux infrastructure. New apex domains and ASN/IP diversity patterns discovered}}, date = {2023-09-07}, organization = {Silent Push}, url = {https://www.silentpush.com/blog/from-russia-with-a-71}, language = {English}, urldate = {2023-09-08} } 'From Russia with a 71': Uncovering Gamaredon's fast flux infrastructure. New apex domains and ASN/IP diversity patterns discovered
2023-09-04AhnLabSanseo
@online{sanseo:20230904:chm:0194a5a, author = {Sanseo}, title = {{CHM Malware Using Fukushima Contaminated Water Discharge: RedEyes (ScarCruft)}}, date = {2023-09-04}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/56654/}, language = {English}, urldate = {2023-09-07} } CHM Malware Using Fukushima Contaminated Water Discharge: RedEyes (ScarCruft)
2023-08-31Cisco TalosEdmund Brumaghin
@online{brumaghin:20230831:sapphirestealer:59b335d, author = {Edmund Brumaghin}, title = {{SapphireStealer: Open-source information stealer enables credential and data theft}}, date = {2023-08-31}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/sapphirestealer-goes-open-source/}, language = {English}, urldate = {2023-09-01} } SapphireStealer: Open-source information stealer enables credential and data theft
2023-08-24Cisco TalosAsheer Malhotra, Vitor Ventura, Jungsoo An
@online{malhotra:20230824:lazarus:094409b, author = {Asheer Malhotra and Vitor Ventura and Jungsoo An}, title = {{Lazarus Group's infrastructure reuse leads to discovery of new malware}}, date = {2023-08-24}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/lazarus-collectionrat/}, language = {English}, urldate = {2023-08-28} } Lazarus Group's infrastructure reuse leads to discovery of new malware
Collection RAT
2023-08-24Cisco TalosAsheer Malhotra, Vitor Ventura, Jungsoo An
@online{malhotra:20230824:lazarus:f5c3c14, author = {Asheer Malhotra and Vitor Ventura and Jungsoo An}, title = {{Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT}}, date = {2023-08-24}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/lazarus-quiterat/}, language = {English}, urldate = {2023-08-25} } Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
QuiteRAT
2023-08-23LogpointAnish Bogati, Nischal khadgi
@online{bogati:20230823:defending:9322a16, author = {Anish Bogati and Nischal khadgi}, title = {{Defending Against 8base: Uncovering Their Arsenal and Crafting Responses}}, date = {2023-08-23}, organization = {Logpoint}, url = {https://www.logpoint.com/en/blog/emerging-threat/defending-against-8base/}, language = {English}, urldate = {2023-09-05} } Defending Against 8base: Uncovering Their Arsenal and Crafting Responses
8Base SmokeLoader SystemBC
2023-08-14Group-IBPavel Naumov, Artem Grischenko
@online{naumov:20230814:breaking:9fe9961, author = {Pavel Naumov and Artem Grischenko}, title = {{Breaking down Gigabud banking malware with Group-IB Fraud Matrix}}, date = {2023-08-14}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/gigabud-banking-malware/}, language = {English}, urldate = {2023-08-30} } Breaking down Gigabud banking malware with Group-IB Fraud Matrix
Gigabud
2023-08-10Twitter (@malwrhunterteam)MalwareHunterTeam
@online{malwarehunterteam:20230810:sample:41b581f, author = {MalwareHunterTeam}, title = {{Tweet on the sample discovery}}, date = {2023-08-10}, organization = {Twitter (@malwrhunterteam)}, url = {https://twitter.com/malwrhunterteam/status/1689533484597952514}, language = {English}, urldate = {2023-08-11} } Tweet on the sample discovery
Unidentified 109 (Lazarus?)
2023-08-10CrowdStrikeNicolas Zilio, Marco Ortisi, Ken Balint, Counter Adversary Operations
@online{zilio:20230810:discovering:6b246d9, author = {Nicolas Zilio and Marco Ortisi and Ken Balint and Counter Adversary Operations}, title = {{Discovering and Blocking a Zero-Day Exploit with CrowdStrike Falcon Complete: The Case of CVE-2023-36874}}, date = {2023-08-10}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/falcon-complete-zero-day-exploit-cve-2023-36874/}, language = {English}, urldate = {2023-08-13} } Discovering and Blocking a Zero-Day Exploit with CrowdStrike Falcon Complete: The Case of CVE-2023-36874
2023-08-08Cisco TalosCisco Talos
@online{talos:20230808:what:0316750, author = {Cisco Talos}, title = {{What Cisco Talos knows about the Rhysida ransomware}}, date = {2023-08-08}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/rhysida-ransomware/}, language = {English}, urldate = {2023-08-10} } What Cisco Talos knows about the Rhysida ransomware
Rhysida
2023-08-07Cisco TalosChetan Raghuprasad
@online{raghuprasad:20230807:new:0147488, author = {Chetan Raghuprasad}, title = {{New threat actor targets Bulgaria, China, Vietnam and other countries with customized Yashma ransomware}}, date = {2023-08-07}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/new-threat-actor-using-yashma-ransomware/}, language = {English}, urldate = {2023-08-09} } New threat actor targets Bulgaria, China, Vietnam and other countries with customized Yashma ransomware
Chaos
2023-07-14ProofpointThreat Insight
@online{insight:20230714:tweets:e33d6c6, author = {Threat Insight}, title = {{Tweets on Discovery of WikiLoader}}, date = {2023-07-14}, organization = {Proofpoint}, url = {https://twitter.com/threatinsight/status/1679864625544978432}, language = {English}, urldate = {2023-07-16} } Tweets on Discovery of WikiLoader
WikiLoader