Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-04-28DISCARDED PodcastJoe Wise, Pim Trouerbach
@online{wise:20230428:beyond:b45d805, author = {Joe Wise and Pim Trouerbach}, title = {{Beyond Banking: IcedID Gets Forked}}, date = {2023-04-28}, organization = {DISCARDED Podcast}, url = {https://www.spreaker.com/user/16860719/proofpoint-e29-mix-v1}, language = {English}, urldate = {2023-05-04} } Beyond Banking: IcedID Gets Forked
IcedID PhotoLoader
2023-04-26eSentireJoe Stewart, Keegan Keplinger
@online{stewart:20230426:gootloader:eb8526b, author = {Joe Stewart and Keegan Keplinger}, title = {{Gootloader Unloaded: Researchers Launch Multi-Pronged Offensive Against Gootloader, Cutting Off Traffic to Thousands of Gootloader Web Pages and Using the Operator’s Very Own Tactics to Protect End-Users}}, date = {2023-04-26}, organization = {eSentire}, url = {https://www.esentire.com/web-native-pages/gootloader-unloaded}, language = {English}, urldate = {2023-04-26} } Gootloader Unloaded: Researchers Launch Multi-Pronged Offensive Against Gootloader, Cutting Off Traffic to Thousands of Gootloader Web Pages and Using the Operator’s Very Own Tactics to Protect End-Users
GootLoader
2023-03-30ElasticDaniel Stepanic, Remco Sprooten, Joe Desimone, Samir Bousseaden, Devon Kerr
@online{stepanic:20230330:elastic:8671074, author = {Daniel Stepanic and Remco Sprooten and Joe Desimone and Samir Bousseaden and Devon Kerr}, title = {{Elastic users protected from SUDDENICON’s supply chain attack}}, date = {2023-03-30}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack}, language = {English}, urldate = {2023-04-02} } Elastic users protected from SUDDENICON’s supply chain attack
3CX Backdoor
2023-03-28MandiantFred Plan, Van Ta, Michael Barnhart, JEFF JOHNSON, Dan Perez, JOE DOBSON
@online{plan:20230328:apt43:2cb37c1, author = {Fred Plan and Van Ta and Michael Barnhart and JEFF JOHNSON and Dan Perez and JOE DOBSON}, title = {{APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations}}, date = {2023-03-28}, organization = {Mandiant}, url = {https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report}, language = {English}, urldate = {2023-04-25} } APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations
2023-03-27ProofpointPim Trouerbach, Kelsey Merriman, Joe Wise
@online{trouerbach:20230327:fork:62e7699, author = {Pim Trouerbach and Kelsey Merriman and Joe Wise}, title = {{Fork in the Ice: The New Era of IcedID}}, date = {2023-03-27}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/fork-ice-new-era-icedid}, language = {English}, urldate = {2023-03-27} } Fork in the Ice: The New Era of IcedID
IcedID
2023-03-23SentinelOneAleksandar Milenkoski, Juan Andrés Guerrero-Saade, Joey Chen, QGroup
@online{milenkoski:20230323:operation:2263a72, author = {Aleksandar Milenkoski and Juan Andrés Guerrero-Saade and Joey Chen and QGroup}, title = {{Operation Tainted Love | Chinese APTs Target Telcos in New Attacks}}, date = {2023-03-23}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/operation-tainted-love-chinese-apts-target-telcos-in-new-attacks/}, language = {English}, urldate = {2023-03-27} } Operation Tainted Love | Chinese APTs Target Telcos in New Attacks
mim221
2023-02-16SentinelOneAleksandar Milenkoski, Collin Farr, Joey Chen, QGroup
@online{milenkoski:20230216:wip26:637cfde, author = {Aleksandar Milenkoski and Collin Farr and Joey Chen and QGroup}, title = {{WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks}}, date = {2023-02-16}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/wip26-espionage-threat-actors-abuse-cloud-infrastructure-in-targeted-telco-attacks/}, language = {English}, urldate = {2023-05-24} } WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks
2023-02-08Huntress LabsJoe Slowik, Matt Anderson
@online{slowik:20230208:investigating:4b8fbaf, author = {Joe Slowik and Matt Anderson}, title = {{Investigating Intrusions From Intriguing Exploits}}, date = {2023-02-08}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/investigating-intrusions-from-intriguing-exploits}, language = {English}, urldate = {2023-04-06} } Investigating Intrusions From Intriguing Exploits
Silence
2023-01-24eSentireJoe Stewart, Keegan Keplinger
@online{stewart:20230124:unmasking:c26cfce, author = {Joe Stewart and Keegan Keplinger}, title = {{Unmasking Venom Spider}}, date = {2023-01-24}, organization = {eSentire}, url = {https://www.esentire.com/web-native-pages/unmasking-venom-spider}, language = {English}, urldate = {2023-01-25} } Unmasking Venom Spider
More_eggs TerraPreter TerraLoader VenomLNK
2023-01-03Security JoesSecurityJoes
@online{securityjoes:20230103:raspberry:c992c68, author = {SecurityJoes}, title = {{Raspberry Robin Detected ITW Targeting Insurance & Financial Institutes In Europe}}, date = {2023-01-03}, organization = {Security Joes}, url = {https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe}, language = {English}, urldate = {2023-01-04} } Raspberry Robin Detected ITW Targeting Insurance & Financial Institutes In Europe
Raspberry Robin
2022-11-23Stranded on Pylos BlogJoe Slowik
@online{slowik:20221123:detailing:3a1ddea, author = {Joe Slowik}, title = {{Detailing Daily Domain Hunting}}, date = {2022-11-23}, organization = {Stranded on Pylos Blog}, url = {https://pylos.co/2022/11/23/detailing-daily-domain-hunting/}, language = {English}, urldate = {2022-11-25} } Detailing Daily Domain Hunting
2022-10-12SentinelOneJoey Chen, Amitai Ben Shushan Ehrlich
@online{chen:20221012:wip19:672e865, author = {Joey Chen and Amitai Ben Shushan Ehrlich}, title = {{WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware}}, date = {2022-10-12}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/wip19-espionage-new-chinese-apt-targets-it-service-providers-and-telcos-with-signed-malware/}, language = {English}, urldate = {2022-10-24} } WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware
Maggie ScreenCap
2022-09-29ReutersJoel Schectman, Bozorgmehr Sharafedin
@online{schectman:20220929:americas:b89f590, author = {Joel Schectman and Bozorgmehr Sharafedin}, title = {{America’s Throwaway Spies How the CIA failed Iranian informants in its secret war with Tehran}}, date = {2022-09-29}, organization = {Reuters}, url = {https://www.reuters.com/investigates/special-report/usa-spies-iran/}, language = {English}, urldate = {2022-09-30} } America’s Throwaway Spies How the CIA failed Iranian informants in its secret war with Tehran
2022-09-14Security JoesFelipe Duarte
@techreport{duarte:20220914:dissecting:6ab0659, author = {Felipe Duarte}, title = {{Dissecting PlugX to Extract Its Crown Jewels}}, date = {2022-09-14}, institution = {Security Joes}, url = {https://secjoes-reports.s3.eu-central-1.amazonaws.com/Dissecting+PlugX+to+Extract+Its+Crown+Jewels.pdf}, language = {English}, urldate = {2022-09-16} } Dissecting PlugX to Extract Its Crown Jewels
PlugX
2022-08-18ProofpointJoe Wise, Selena Larson, Proofpoint Threat Research Team
@online{wise:20220818:reservations:c2f9faf, author = {Joe Wise and Selena Larson and Proofpoint Threat Research Team}, title = {{Reservations Requested: TA558 Targets Hospitality and Travel}}, date = {2022-08-18}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel}, language = {English}, urldate = {2022-08-18} } Reservations Requested: TA558 Targets Hospitality and Travel
AsyncRAT Loda NjRAT Ozone RAT Revenge RAT Vjw0rm
2022-08-050xIvanTwitter (@viljoenivan)
@online{viljoenivan:20220805:lokibot:bb5fd5d, author = {Twitter (@viljoenivan)}, title = {{LokiBot Analysis}}, date = {2022-08-05}, organization = {0xIvan}, url = {https://ivanvza.github.io/posts/lokibot_analysis}, language = {English}, urldate = {2022-08-17} } LokiBot Analysis
Loki Password Stealer (PWS)
2022-08-04YouTube (Security Joes)Ido Naor, Felipe Duarte
@online{naor:20220804:sockbot:c6eedb6, author = {Ido Naor and Felipe Duarte}, title = {{Sockbot In Goland - Linking APT Actors With Ransomware Gangs}}, date = {2022-08-04}, organization = {YouTube (Security Joes)}, url = {https://www.youtube.com/watch?v=CAMnuhg-Qos}, language = {English}, urldate = {2022-08-08} } Sockbot In Goland - Linking APT Actors With Ransomware Gangs
Sockbot
2022-07-20Trend MicroJoelson Soares, Buddy Tancio, Erika Mendoza, Jessie Prevost, Nusrath Iqra
@online{soares:20220720:analyzing:8753d99, author = {Joelson Soares and Buddy Tancio and Erika Mendoza and Jessie Prevost and Nusrath Iqra}, title = {{Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data}}, date = {2022-07-20}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/g/analyzing-penetration-testing-tools-that-threat-actors-use-to-br.html}, language = {English}, urldate = {2022-07-25} } Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data
2022-07-18YouTube (Security Joes)Felipe Duarte
@online{duarte:20220718:plugx:bfdba72, author = {Felipe Duarte}, title = {{PlugX DLL Side-Loading Technique}}, date = {2022-07-18}, organization = {YouTube (Security Joes)}, url = {https://www.youtube.com/watch?v=E2_DTQJjDYc}, language = {English}, urldate = {2022-07-19} } PlugX DLL Side-Loading Technique
PlugX
2022-07-11BBCJoe Tidy
@online{tidy:20220711:predatory:441dbbc, author = {Joe Tidy}, title = {{Predatory Sparrow: Who are the hackers who say they started a fire in Iran?}}, date = {2022-07-11}, organization = {BBC}, url = {https://www.bbc.com/news/technology-62072480}, language = {English}, urldate = {2022-07-13} } Predatory Sparrow: Who are the hackers who say they started a fire in Iran?
Predatory Sparrow