Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-06-02MandiantNader Zaveri, Jeremy Kennelly, Genevieve Stark, Matthew McWhirt, DAN NUTTING, Kimberly Goody, Justin Moore, JOE PISANO, Zander Work, PETER UKHANOV, Juraj Sucik, WILL SILVERSTONE, ZACH SCHRAMM, Greg Blaum, OLLIE STYLES, NICHOLAS BENNETT, Josh Murchie
@online{zaveri:20230602:zeroday:a5ec238, author = {Nader Zaveri and Jeremy Kennelly and Genevieve Stark and Matthew McWhirt and DAN NUTTING and Kimberly Goody and Justin Moore and JOE PISANO and Zander Work and PETER UKHANOV and Juraj Sucik and WILL SILVERSTONE and ZACH SCHRAMM and Greg Blaum and OLLIE STYLES and NICHOLAS BENNETT and Josh Murchie}, title = {{Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft}}, date = {2023-06-02}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft}, language = {English}, urldate = {2023-07-31} } Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft
2023-05-22eSentireJoe Stewart, Keegan Keplinger
@online{stewart:20230522:hunt:4c2c843, author = {Joe Stewart and Keegan Keplinger}, title = {{The Hunt for VENOM SPIDER PART 2}}, date = {2023-05-22}, organization = {eSentire}, url = {https://www.esentire.com/web-native-pages/the-hunt-for-venom-spider-part-2}, language = {English}, urldate = {2023-08-11} } The Hunt for VENOM SPIDER PART 2
2023-04-28DISCARDED PodcastJoe Wise, Pim Trouerbach
@online{wise:20230428:beyond:b45d805, author = {Joe Wise and Pim Trouerbach}, title = {{Beyond Banking: IcedID Gets Forked}}, date = {2023-04-28}, organization = {DISCARDED Podcast}, url = {https://www.spreaker.com/user/16860719/proofpoint-e29-mix-v1}, language = {English}, urldate = {2023-05-04} } Beyond Banking: IcedID Gets Forked
IcedID PhotoLoader
2023-04-26eSentireJoe Stewart, Keegan Keplinger
@online{stewart:20230426:gootloader:eb8526b, author = {Joe Stewart and Keegan Keplinger}, title = {{Gootloader Unloaded: Researchers Launch Multi-Pronged Offensive Against Gootloader, Cutting Off Traffic to Thousands of Gootloader Web Pages and Using the Operator’s Very Own Tactics to Protect End-Users}}, date = {2023-04-26}, organization = {eSentire}, url = {https://www.esentire.com/web-native-pages/gootloader-unloaded}, language = {English}, urldate = {2023-04-26} } Gootloader Unloaded: Researchers Launch Multi-Pronged Offensive Against Gootloader, Cutting Off Traffic to Thousands of Gootloader Web Pages and Using the Operator’s Very Own Tactics to Protect End-Users
GootLoader
2023-03-30ElasticDaniel Stepanic, Remco Sprooten, Joe Desimone, Samir Bousseaden, Devon Kerr
@online{stepanic:20230330:elastic:8671074, author = {Daniel Stepanic and Remco Sprooten and Joe Desimone and Samir Bousseaden and Devon Kerr}, title = {{Elastic users protected from SUDDENICON’s supply chain attack}}, date = {2023-03-30}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack}, language = {English}, urldate = {2023-04-02} } Elastic users protected from SUDDENICON’s supply chain attack
3CX Backdoor
2023-03-28MandiantFred Plan, Van Ta, Michael Barnhart, Jeffery Johnson, Dan Perez, JOE DOBSON
@online{plan:20230328:apt43:878de2c, author = {Fred Plan and Van Ta and Michael Barnhart and Jeffery Johnson and Dan Perez and JOE DOBSON}, title = {{APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations}}, date = {2023-03-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/apt43-north-korea-cybercrime-espionage}, language = {English}, urldate = {2023-08-11} } APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations
2023-03-28MandiantFred Plan, Van Ta, Michael Barnhart, JEFF JOHNSON, Dan Perez, JOE DOBSON
@online{plan:20230328:apt43:2cb37c1, author = {Fred Plan and Van Ta and Michael Barnhart and JEFF JOHNSON and Dan Perez and JOE DOBSON}, title = {{APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations}}, date = {2023-03-28}, organization = {Mandiant}, url = {https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report}, language = {English}, urldate = {2023-04-25} } APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations
APT43 Kimsuky
2023-03-27ProofpointPim Trouerbach, Kelsey Merriman, Joe Wise
@online{trouerbach:20230327:fork:62e7699, author = {Pim Trouerbach and Kelsey Merriman and Joe Wise}, title = {{Fork in the Ice: The New Era of IcedID}}, date = {2023-03-27}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/fork-ice-new-era-icedid}, language = {English}, urldate = {2023-08-11} } Fork in the Ice: The New Era of IcedID
IcedID PHOTOFORK PHOTOLITE PhotoLoader
2023-03-23SentinelOneAleksandar Milenkoski, Juan Andrés Guerrero-Saade, Joey Chen, QGroup
@online{milenkoski:20230323:operation:2263a72, author = {Aleksandar Milenkoski and Juan Andrés Guerrero-Saade and Joey Chen and QGroup}, title = {{Operation Tainted Love | Chinese APTs Target Telcos in New Attacks}}, date = {2023-03-23}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/operation-tainted-love-chinese-apts-target-telcos-in-new-attacks/}, language = {English}, urldate = {2023-03-27} } Operation Tainted Love | Chinese APTs Target Telcos in New Attacks
mim221
2023-02-16SentinelOneAleksandar Milenkoski, Collin Farr, Joey Chen, QGroup
@online{milenkoski:20230216:wip26:637cfde, author = {Aleksandar Milenkoski and Collin Farr and Joey Chen and QGroup}, title = {{WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks}}, date = {2023-02-16}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/wip26-espionage-threat-actors-abuse-cloud-infrastructure-in-targeted-telco-attacks/}, language = {English}, urldate = {2023-05-24} } WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks
2023-02-08Huntress LabsJoe Slowik, Matt Anderson
@online{slowik:20230208:investigating:4b8fbaf, author = {Joe Slowik and Matt Anderson}, title = {{Investigating Intrusions From Intriguing Exploits}}, date = {2023-02-08}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/investigating-intrusions-from-intriguing-exploits}, language = {English}, urldate = {2023-04-06} } Investigating Intrusions From Intriguing Exploits
Silence
2023-01-24eSentireJoe Stewart, Keegan Keplinger
@online{stewart:20230124:unmasking:c26cfce, author = {Joe Stewart and Keegan Keplinger}, title = {{Unmasking Venom Spider}}, date = {2023-01-24}, organization = {eSentire}, url = {https://www.esentire.com/web-native-pages/unmasking-venom-spider}, language = {English}, urldate = {2023-01-25} } Unmasking Venom Spider
More_eggs TerraPreter TerraLoader VenomLNK
2023-01-03Security JoesSecurityJoes
@online{securityjoes:20230103:raspberry:c992c68, author = {SecurityJoes}, title = {{Raspberry Robin Detected ITW Targeting Insurance & Financial Institutes In Europe}}, date = {2023-01-03}, organization = {Security Joes}, url = {https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe}, language = {English}, urldate = {2023-01-04} } Raspberry Robin Detected ITW Targeting Insurance & Financial Institutes In Europe
Raspberry Robin
2022-11-23Stranded on Pylos BlogJoe Slowik
@online{slowik:20221123:detailing:3a1ddea, author = {Joe Slowik}, title = {{Detailing Daily Domain Hunting}}, date = {2022-11-23}, organization = {Stranded on Pylos Blog}, url = {https://pylos.co/2022/11/23/detailing-daily-domain-hunting/}, language = {English}, urldate = {2022-11-25} } Detailing Daily Domain Hunting
2022-10-12SentinelOneJoey Chen, Amitai Ben Shushan Ehrlich
@online{chen:20221012:wip19:672e865, author = {Joey Chen and Amitai Ben Shushan Ehrlich}, title = {{WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware}}, date = {2022-10-12}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/wip19-espionage-new-chinese-apt-targets-it-service-providers-and-telcos-with-signed-malware/}, language = {English}, urldate = {2022-10-24} } WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware
Maggie ScreenCap
2022-09-29ReutersJoel Schectman, Bozorgmehr Sharafedin
@online{schectman:20220929:americas:b89f590, author = {Joel Schectman and Bozorgmehr Sharafedin}, title = {{America’s Throwaway Spies How the CIA failed Iranian informants in its secret war with Tehran}}, date = {2022-09-29}, organization = {Reuters}, url = {https://www.reuters.com/investigates/special-report/usa-spies-iran/}, language = {English}, urldate = {2022-09-30} } America’s Throwaway Spies How the CIA failed Iranian informants in its secret war with Tehran
2022-09-14Security JoesFelipe Duarte
@techreport{duarte:20220914:dissecting:6ab0659, author = {Felipe Duarte}, title = {{Dissecting PlugX to Extract Its Crown Jewels}}, date = {2022-09-14}, institution = {Security Joes}, url = {https://secjoes-reports.s3.eu-central-1.amazonaws.com/Dissecting+PlugX+to+Extract+Its+Crown+Jewels.pdf}, language = {English}, urldate = {2022-09-16} } Dissecting PlugX to Extract Its Crown Jewels
PlugX
2022-08-18ProofpointJoe Wise, Selena Larson, Proofpoint Threat Research Team
@online{wise:20220818:reservations:c2f9faf, author = {Joe Wise and Selena Larson and Proofpoint Threat Research Team}, title = {{Reservations Requested: TA558 Targets Hospitality and Travel}}, date = {2022-08-18}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel}, language = {English}, urldate = {2022-08-18} } Reservations Requested: TA558 Targets Hospitality and Travel
AsyncRAT Loda NjRAT Ozone RAT Revenge RAT Vjw0rm
2022-08-050xIvanTwitter (@viljoenivan)
@online{viljoenivan:20220805:lokibot:bb5fd5d, author = {Twitter (@viljoenivan)}, title = {{LokiBot Analysis}}, date = {2022-08-05}, organization = {0xIvan}, url = {https://ivanvza.github.io/posts/lokibot_analysis}, language = {English}, urldate = {2022-08-17} } LokiBot Analysis
Loki Password Stealer (PWS)
2022-08-04YouTube (Security Joes)Ido Naor, Felipe Duarte
@online{naor:20220804:sockbot:c6eedb6, author = {Ido Naor and Felipe Duarte}, title = {{Sockbot In Goland - Linking APT Actors With Ransomware Gangs}}, date = {2022-08-04}, organization = {YouTube (Security Joes)}, url = {https://www.youtube.com/watch?v=CAMnuhg-Qos}, language = {English}, urldate = {2022-08-08} } Sockbot In Goland - Linking APT Actors With Ransomware Gangs
Sockbot