Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-01-24eSentireJoe Stewart, Keegan Keplinger
@online{stewart:20230124:unmasking:c26cfce, author = {Joe Stewart and Keegan Keplinger}, title = {{Unmasking Venom Spider}}, date = {2023-01-24}, organization = {eSentire}, url = {https://www.esentire.com/web-native-pages/unmasking-venom-spider}, language = {English}, urldate = {2023-01-25} } Unmasking Venom Spider
More_eggs TerraPreter TerraLoader VenomLNK
2023-01-03Security JoesSecurityJoes
@online{securityjoes:20230103:raspberry:c992c68, author = {SecurityJoes}, title = {{Raspberry Robin Detected ITW Targeting Insurance & Financial Institutes In Europe}}, date = {2023-01-03}, organization = {Security Joes}, url = {https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe}, language = {English}, urldate = {2023-01-04} } Raspberry Robin Detected ITW Targeting Insurance & Financial Institutes In Europe
Raspberry Robin
2022-11-23Stranded on Pylos BlogJoe Slowik
@online{slowik:20221123:detailing:3a1ddea, author = {Joe Slowik}, title = {{Detailing Daily Domain Hunting}}, date = {2022-11-23}, organization = {Stranded on Pylos Blog}, url = {https://pylos.co/2022/11/23/detailing-daily-domain-hunting/}, language = {English}, urldate = {2022-11-25} } Detailing Daily Domain Hunting
2022-10-12SentinelOneJoey Chen, Amitai Ben Shushan Ehrlich
@online{chen:20221012:wip19:672e865, author = {Joey Chen and Amitai Ben Shushan Ehrlich}, title = {{WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware}}, date = {2022-10-12}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/wip19-espionage-new-chinese-apt-targets-it-service-providers-and-telcos-with-signed-malware/}, language = {English}, urldate = {2022-10-24} } WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware
Maggie ScreenCap
2022-09-29ReutersJoel Schectman, Bozorgmehr Sharafedin
@online{schectman:20220929:americas:b89f590, author = {Joel Schectman and Bozorgmehr Sharafedin}, title = {{America’s Throwaway Spies How the CIA failed Iranian informants in its secret war with Tehran}}, date = {2022-09-29}, organization = {Reuters}, url = {https://www.reuters.com/investigates/special-report/usa-spies-iran/}, language = {English}, urldate = {2022-09-30} } America’s Throwaway Spies How the CIA failed Iranian informants in its secret war with Tehran
2022-09-14Security JoesFelipe Duarte
@techreport{duarte:20220914:dissecting:6ab0659, author = {Felipe Duarte}, title = {{Dissecting PlugX to Extract Its Crown Jewels}}, date = {2022-09-14}, institution = {Security Joes}, url = {https://secjoes-reports.s3.eu-central-1.amazonaws.com/Dissecting+PlugX+to+Extract+Its+Crown+Jewels.pdf}, language = {English}, urldate = {2022-09-16} } Dissecting PlugX to Extract Its Crown Jewels
PlugX
2022-08-18ProofpointJoe Wise, Selena Larson, Proofpoint Threat Research Team
@online{wise:20220818:reservations:c2f9faf, author = {Joe Wise and Selena Larson and Proofpoint Threat Research Team}, title = {{Reservations Requested: TA558 Targets Hospitality and Travel}}, date = {2022-08-18}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel}, language = {English}, urldate = {2022-08-18} } Reservations Requested: TA558 Targets Hospitality and Travel
AsyncRAT Loda NjRAT Ozone RAT Revenge RAT Vjw0rm
2022-08-050xIvanTwitter (@viljoenivan)
@online{viljoenivan:20220805:lokibot:bb5fd5d, author = {Twitter (@viljoenivan)}, title = {{LokiBot Analysis}}, date = {2022-08-05}, organization = {0xIvan}, url = {https://ivanvza.github.io/posts/lokibot_analysis}, language = {English}, urldate = {2022-08-17} } LokiBot Analysis
Loki Password Stealer (PWS)
2022-08-04YouTube (Security Joes)Ido Naor, Felipe Duarte
@online{naor:20220804:sockbot:c6eedb6, author = {Ido Naor and Felipe Duarte}, title = {{Sockbot In Goland - Linking APT Actors With Ransomware Gangs}}, date = {2022-08-04}, organization = {YouTube (Security Joes)}, url = {https://www.youtube.com/watch?v=CAMnuhg-Qos}, language = {English}, urldate = {2022-08-08} } Sockbot In Goland - Linking APT Actors With Ransomware Gangs
Sockbot
2022-07-20Trend MicroJoelson Soares, Buddy Tancio, Erika Mendoza, Jessie Prevost, Nusrath Iqra
@online{soares:20220720:analyzing:8753d99, author = {Joelson Soares and Buddy Tancio and Erika Mendoza and Jessie Prevost and Nusrath Iqra}, title = {{Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data}}, date = {2022-07-20}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/g/analyzing-penetration-testing-tools-that-threat-actors-use-to-br.html}, language = {English}, urldate = {2022-07-25} } Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data
2022-07-18YouTube (Security Joes)Felipe Duarte
@online{duarte:20220718:plugx:bfdba72, author = {Felipe Duarte}, title = {{PlugX DLL Side-Loading Technique}}, date = {2022-07-18}, organization = {YouTube (Security Joes)}, url = {https://www.youtube.com/watch?v=E2_DTQJjDYc}, language = {English}, urldate = {2022-07-19} } PlugX DLL Side-Loading Technique
PlugX
2022-07-11BBCJoe Tidy
@online{tidy:20220711:predatory:441dbbc, author = {Joe Tidy}, title = {{Predatory Sparrow: Who are the hackers who say they started a fire in Iran?}}, date = {2022-07-11}, organization = {BBC}, url = {https://www.bbc.com/news/technology-62072480}, language = {English}, urldate = {2022-07-13} } Predatory Sparrow: Who are the hackers who say they started a fire in Iran?
Predatory Sparrow
2022-06-15Security JoesCharles Lomboni, Venkat Rajgor, Felipe Duarte
@techreport{lomboni:20220615:backdoor:8d43d9e, author = {Charles Lomboni and Venkat Rajgor and Felipe Duarte}, title = {{Backdoor via XFF: Mysterious Threat Actor Under Radar}}, date = {2022-06-15}, institution = {Security Joes}, url = {https://secjoes-reports.s3.eu-central-1.amazonaws.com/Backdoor%2Bvia%2BXFF%2BMysterious%2BThreat%2BActor%2BUnder%2BRadar.pdf}, language = {English}, urldate = {2022-06-16} } Backdoor via XFF: Mysterious Threat Actor Under Radar
CHINACHOPPER
2022-06-09Sentinel LABSJoey Chen
@online{chen:20220609:aoqin:134698f, author = {Joey Chen}, title = {{Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years}}, date = {2022-06-09}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/aoqin-dragon-newly-discovered-chinese-linked-apt-has-been-quietly-spying-on-organizations-for-10-years/}, language = {English}, urldate = {2022-06-09} } Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years
heyoka mongall Aoqin Dragon
2022-05-08IronNetMichael Leardi, Joey Fitzpatrick, Brent Eskridge
@online{leardi:20220508:tracking:8f52310, author = {Michael Leardi and Joey Fitzpatrick and Brent Eskridge}, title = {{Tracking Cobalt Strike Servers Used in Cyberattacks on Ukraine}}, date = {2022-05-08}, organization = {IronNet}, url = {https://www.ironnet.com/blog/tracking-cobalt-strike-servers-used-in-cyberattacks-on-ukraine}, language = {English}, urldate = {2022-05-09} } Tracking Cobalt Strike Servers Used in Cyberattacks on Ukraine
Cobalt Strike
2022-05-02Sentinel LABSJoey Chen, Amitai Ben Shushan Ehrlich
@online{chen:20220502:moshen:1969df2, author = {Joey Chen and Amitai Ben Shushan Ehrlich}, title = {{Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad}}, date = {2022-05-02}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/}, language = {English}, urldate = {2022-05-04} } Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad
PlugX ShadowPad
2022-04-23Stranded on Pylos BlogJoe Slowik
@online{slowik:20220423:industroyer2:c8064df, author = {Joe Slowik}, title = {{Industroyer2 in Perspective}}, date = {2022-04-23}, organization = {Stranded on Pylos Blog}, url = {https://pylos.co/2022/04/23/industroyer2-in-perspective/}, language = {English}, urldate = {2022-04-25} } Industroyer2 in Perspective
INDUSTROYER2
2022-04-08Secure RoboticsJoel Yonts
@techreport{yonts:20220408:securing:3a54566, author = {Joel Yonts}, title = {{Securing Chatbot Technology - Part1: Chatbot Weaponization And ChatRATS}}, date = {2022-04-08}, institution = {Secure Robotics}, url = {https://static1.squarespace.com/static/60e9e4c7f46b2d2b9a99ae76/t/6251e30d7776fd348c188888/1649533710217/SR+Chatbot+Weaponization.pdf}, language = {English}, urldate = {2022-04-25} } Securing Chatbot Technology - Part1: Chatbot Weaponization And ChatRATS
2022-03-09Security JoesFelipe Duarte, Ido Naor
@techreport{duarte:20220309:sockbot:a9095cc, author = {Felipe Duarte and Ido Naor}, title = {{Sockbot in GoLand}}, date = {2022-03-09}, institution = {Security Joes}, url = {https://secjoes-reports.s3.eu-central-1.amazonaws.com/Sockbot%2Bin%2BGoLand.pdf}, language = {English}, urldate = {2022-03-10} } Sockbot in GoLand
lsassDumper Sockbot
2022-03-07ElasticDaniel Stepanic, Derek Ditch, Joe Desimone, Cyril François, Github (@1337-42), Samir Bousseaden, Andrew Pease
@online{stepanic:20220307:phoreal:f982397, author = {Daniel Stepanic and Derek Ditch and Joe Desimone and Cyril François and Github (@1337-42) and Samir Bousseaden and Andrew Pease}, title = {{PHOREAL Malware Targets the Southeast Asian Financial Sector}}, date = {2022-03-07}, organization = {Elastic}, url = {https://elastic.github.io/security-research/intelligence/2022/03/02.phoreal-targets-southeast-asia-financial-sector/article/}, language = {English}, urldate = {2022-03-08} } PHOREAL Malware Targets the Southeast Asian Financial Sector
PHOREAL