Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-16Twitter (@GossiTheDog)Kevin Beaumont
@online{beaumont:20210916:some:550bbaa, author = {Kevin Beaumont}, title = {{Tweet on some unknown threat actor dropping Mgbot, custom IIS modular backdoor and cobalstrike using exploiting ProxyShell}}, date = {2021-09-16}, organization = {Twitter (@GossiTheDog)}, url = {https://twitter.com/GossiTheDog/status/1438500100238577670}, language = {English}, urldate = {2021-09-20} } Tweet on some unknown threat actor dropping Mgbot, custom IIS modular backdoor and cobalstrike using exploiting ProxyShell
Cobalt Strike MgBot
2021-07-03Medium DoublepulsarKevin Beaumont
@online{beaumont:20210703:kaseya:8013669, author = {Kevin Beaumont}, title = {{Kaseya supply chain attack delivers mass ransomware event to US companies}}, date = {2021-07-03}, organization = {Medium Doublepulsar}, url = {https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b}, language = {English}, urldate = {2021-07-24} } Kaseya supply chain attack delivers mass ransomware event to US companies
REvil
2021-06-27Twitter (@GossiTheDog)Kevin Beaumont
@online{beaumont:20210627:babuk:a031da5, author = {Kevin Beaumont}, title = {{Tweet on babuk ransomware builder}}, date = {2021-06-27}, organization = {Twitter (@GossiTheDog)}, url = {https://twitter.com/GossiTheDog/status/1409117153182224386}, language = {English}, urldate = {2021-07-01} } Tweet on babuk ransomware builder
Babuk
2020-12-19Twitter (@GossiTheDog)Kevin Beaumont
@online{beaumont:20201219:twitter:7b4cb8f, author = {Kevin Beaumont}, title = {{A twitter thread on Azure sentinel hunting queries for detecting UNC2452 activity}}, date = {2020-12-19}, organization = {Twitter (@GossiTheDog)}, url = {https://twitter.com/GossiTheDog/status/1340035657838850048}, language = {English}, urldate = {2020-12-19} } A twitter thread on Azure sentinel hunting queries for detecting UNC2452 activity
2020-10-16Medium DoublepulsarKevin Beaumont
@online{beaumont:20201016:second:197ec38, author = {Kevin Beaumont}, title = {{Second Zerologon attacker seen exploiting internet honeypot}}, date = {2020-10-16}, organization = {Medium Doublepulsar}, url = {https://doublepulsar.com/second-zerologon-attacker-seen-exploiting-internet-honeypot-c7fb074451ef}, language = {English}, urldate = {2020-10-23} } Second Zerologon attacker seen exploiting internet honeypot
RemCom
2019-03-21DoublePulsarKevin Beaumont
@online{beaumont:20190321:how:ecfbbf1, author = {Kevin Beaumont}, title = {{How Lockergoga took down Hydro — ransomware used in targeted attacks aimed at big business}}, date = {2019-03-21}, organization = {DoublePulsar}, url = {https://doublepulsar.com/how-lockergoga-took-down-hydro-ransomware-used-in-targeted-attacks-aimed-at-big-business-c666551f5880}, language = {English}, urldate = {2019-11-29} } How Lockergoga took down Hydro — ransomware used in targeted attacks aimed at big business
LockerGoga