Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-08MandiantCameron Sabel, Kelli Vanderlee, Alice Revelli, Sam Riddell, Alden Wahlstrom, Jon Ford, Luke McNamara
@online{sabel:20220908:what:3293d01, author = {Cameron Sabel and Kelli Vanderlee and Alice Revelli and Sam Riddell and Alden Wahlstrom and Jon Ford and Luke McNamara}, title = {{What to Expect When You’re Electing: Preparing for Cyber Threats to the 2022 U.S. Midterm Elections}}, date = {2022-09-08}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/2022-midterm-election-threats}, language = {English}, urldate = {2022-09-19} } What to Expect When You’re Electing: Preparing for Cyber Threats to the 2022 U.S. Midterm Elections
2022-07-13MicrosoftJonathan Bar Or, Microsoft 365 Defender Research Team
@online{or:20220713:uncovering:7e215ef, author = {Jonathan Bar Or and Microsoft 365 Defender Research Team}, title = {{Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706}}, date = {2022-07-13}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/}, language = {English}, urldate = {2022-08-18} } Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706
2022-05-03Talos IntelligenceJON MUNSHAW
@online{munshaw:20220503:conti:ae16fc1, author = {JON MUNSHAW}, title = {{Conti and Hive ransomware operations: What we learned from these groups' victim chats}}, date = {2022-05-03}, organization = {Talos Intelligence}, url = {https://blog.talosintelligence.com/2022/05/conti-and-hive-ransomware-operations.html}, language = {English}, urldate = {2022-05-04} } Conti and Hive ransomware operations: What we learned from these groups' victim chats
Conti Hive
2022-04-29The RecordJonathan Greig
@online{greig:20220429:german:d7fd313, author = {Jonathan Greig}, title = {{German wind farm operator confirms cybersecurity incident}}, date = {2022-04-29}, organization = {The Record}, url = {https://therecord.media/german-wind-farm-operator-confirms-cybersecurity-incident-after-ransomware-group/}, language = {English}, urldate = {2022-05-03} } German wind farm operator confirms cybersecurity incident
Black Basta BlackCat
2022-04-07ANALYST1Jon DiMaggio
@online{dimaggio:20220407:north:ab16006, author = {Jon DiMaggio}, title = {{North Korea: Intelligence Assessment 2022}}, date = {2022-04-07}, organization = {ANALYST1}, url = {https://analyst1.com/digital-report/north-korea-2022-intelligence-assessment}, language = {English}, urldate = {2022-04-15} } North Korea: Intelligence Assessment 2022
2022-04-05Medium jsecurity101Jonathan Johnson
@online{johnson:20220405:bypassing:2397ea1, author = {Jonathan Johnson}, title = {{Bypassing Access Mask Auditing Strategies}}, date = {2022-04-05}, organization = {Medium jsecurity101}, url = {https://jsecurity101.medium.com/bypassing-access-mask-auditing-strategies-480fb641c158}, language = {English}, urldate = {2022-04-15} } Bypassing Access Mask Auditing Strategies
2022-03-30The RecordJonathan Greig
@online{greig:20220330:hive:b23a103, author = {Jonathan Greig}, title = {{Hive ransomware shuts down California health care organization}}, date = {2022-03-30}, organization = {The Record}, url = {https://therecord.media/hive-ransomware-shuts-down-california-health-care-organization/}, language = {English}, urldate = {2022-03-31} } Hive ransomware shuts down California health care organization
Hive Hive
2022-03-24CSO OnlineJon Gold
@online{gold:20220324:microsoft:1a7616f, author = {Jon Gold}, title = {{Microsoft help files repurposed to contain Vidar malware in new campaign}}, date = {2022-03-24}, organization = {CSO Online}, url = {https://www.csoonline.com/article/3654849/microsoft-help-files-repurposed-to-contain-vidar-malware-in-new-campaign.html}, language = {English}, urldate = {2022-03-25} } Microsoft help files repurposed to contain Vidar malware in new campaign
Vidar
2022-02-28ZDNetJonathan Greig
@online{greig:20220228:microsoft:0e59d45, author = {Jonathan Greig}, title = {{Microsoft finds FoxBlade malware on Ukrainian systems, removes RT from Windows app store}}, date = {2022-02-28}, organization = {ZDNet}, url = {https://www.zdnet.com/article/microsoft-finds-foxblade-malware-on-ukrainian-systems-removing-rt-from-windows-app-store/}, language = {English}, urldate = {2022-03-07} } Microsoft finds FoxBlade malware on Ukrainian systems, removes RT from Windows app store
HermeticWiper
2022-02-18Kookmin UniversityGiyoon Kim, Soram Kim, Soojin Kang, Jongsung Kim
@techreport{kim:20220218:method:4b41876, author = {Giyoon Kim and Soram Kim and Soojin Kang and Jongsung Kim}, title = {{A Method for Decrypting Data Infected with Hive Ransomware}}, date = {2022-02-18}, institution = {Kookmin University}, url = {https://arxiv.org/pdf/2202.08477.pdf}, language = {English}, urldate = {2022-02-19} } A Method for Decrypting Data Infected with Hive Ransomware
Hive Hive
2022-02-02ZDNetJonathan Greig
@online{greig:20220202:blackcat:dba8722, author = {Jonathan Greig}, title = {{BlackCat ransomware implicated in attack on German oil companies}}, date = {2022-02-02}, organization = {ZDNet}, url = {https://www.zdnet.com/article/blackcat-ransomware-implicated-in-attack-on-german-oil-companies/}, language = {English}, urldate = {2022-02-07} } BlackCat ransomware implicated in attack on German oil companies
BlackCat BlackCat
2022-02-01Medium walmartglobaltechJoshua Platt, Jonathan Mccay, Jason Reaves
@online{platt:20220201:sugar:ba25cd3, author = {Joshua Platt and Jonathan Mccay and Jason Reaves}, title = {{Sugar Ransomware, a new RaaS}}, date = {2022-02-01}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/sugar-ransomware-a-new-raas-a5d94d58d9fb}, language = {English}, urldate = {2022-02-02} } Sugar Ransomware, a new RaaS
Sugar
2022-01-27ANALYST1Jon DiMaggio
@techreport{dimaggio:20220127:history:921d98f, author = {Jon DiMaggio}, title = {{A History of Revil}}, date = {2022-01-27}, institution = {ANALYST1}, url = {https://analyst1.com/file-assets/History-of-REvil.pdf}, language = {English}, urldate = {2022-02-01} } A History of Revil
REvil REvil
2022-01-27Medium jonahacksJon
@online{jon:20220127:malware:e37a723, author = {Jon}, title = {{Malware Analysis —Manual Unpacking of Redaman}}, date = {2022-01-27}, organization = {Medium jonahacks}, url = {https://jonahacks.medium.com/malware-analysis-manual-unpacking-of-redaman-ec1782352cfb}, language = {English}, urldate = {2022-04-04} } Malware Analysis —Manual Unpacking of Redaman
RTM
2021-12-17Trend MicroAbraham Camba, Jonna Santos, Gilbert Sison, Jay Yaneza
@online{camba:20211217:staging:0ec37d9, author = {Abraham Camba and Jonna Santos and Gilbert Sison and Jay Yaneza}, title = {{Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager}}, date = {2021-12-17}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/l/staging-a-quack-reverse-analyzing-fileless-qakbot-stager.html}, language = {English}, urldate = {2021-12-31} } Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager
QakBot
2021-12-06MandiantLuke Jenkins, Sarah Hawley, Parnian Najafi, Doug Bienstock, Luis Rocha, Marius Fodoreanu, Mitchell Clarke, Manfred Erjak, Josh Madeley, Ashraf Abdalhalim, Juraj Sucik, Wojciech Ledzion, Gabriella Roncone, Jonathan Leathery, Ben Read, Microsoft Threat Intelligence Center (MSTIC), Microsoft Detection and Response Team (DART)
@online{jenkins:20211206:suspected:d9da4ec, author = {Luke Jenkins and Sarah Hawley and Parnian Najafi and Doug Bienstock and Luis Rocha and Marius Fodoreanu and Mitchell Clarke and Manfred Erjak and Josh Madeley and Ashraf Abdalhalim and Juraj Sucik and Wojciech Ledzion and Gabriella Roncone and Jonathan Leathery and Ben Read and Microsoft Threat Intelligence Center (MSTIC) and Microsoft Detection and Response Team (DART)}, title = {{Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)}}, date = {2021-12-06}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/russian-targeting-gov-business}, language = {English}, urldate = {2021-12-07} } Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)
Cobalt Strike CryptBot
2021-12-01ESET ResearchAlexis Dorais-Joncas, Facundo Muñoz
@techreport{doraisjoncas:20211201:jumping:00bc8f5, author = {Alexis Dorais-Joncas and Facundo Muñoz}, title = {{Jumping the air gap: 15 years of nation‑state effort}}, date = {2021-12-01}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2021/12/eset_jumping_the_air_gap_wp.pdf}, language = {English}, urldate = {2021-12-17} } Jumping the air gap: 15 years of nation‑state effort
Agent.BTZ Fanny Flame Gauss PlugX Ramsay Retro Stuxnet USBCulprit USBferry
2021-11-26Twitter (@jhencinski)Jon Hencinski
@online{hencinski:20211126:twitter:ca58fb5, author = {Jon Hencinski}, title = {{Twitter Thread on weelky MDR recap from expel.io}}, date = {2021-11-26}, organization = {Twitter (@jhencinski)}, url = {https://twitter.com/jhencinski/status/1464268732096815105}, language = {English}, urldate = {2021-11-29} } Twitter Thread on weelky MDR recap from expel.io
GootKit Squirrelwaffle
2021-09-23CloudmarkFelipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil
@online{naves:20210923:tanglebot:6c8a246, author = {Felipe Naves and Andrew Conway and W. Stuart Jones and Adam McNeil}, title = {{TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures}}, date = {2021-09-23}, organization = {Cloudmark}, url = {https://www.cloudmark.com/en/blog/mobile/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19}, language = {English}, urldate = {2021-09-28} } TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures
2021-08-11ANALYST1Jon DiMaggio
@techreport{dimaggio:20210811:nation:815fed9, author = {Jon DiMaggio}, title = {{Nation State Ransomware}}, date = {2021-08-11}, institution = {ANALYST1}, url = {https://analyst1.com/file-assets/Nationstate_ransomware_with_consecutive_endnotes.pdf}, language = {English}, urldate = {2021-08-17} } Nation State Ransomware
Ryuk Stealer