Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-11-20DomainToolsJoe Slowik, Black Lotus Labs, Lumen
@online{slowik:20201120:current:f9956c6, author = {Joe Slowik and Black Lotus Labs and Lumen}, title = {{Current Events to Widespread Campaigns: Pivoting from Samples to Identify Activity}}, date = {2020-11-20}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/current-events-to-widespread-campaigns-pivoting-from-samples-to-identify}, language = {English}, urldate = {2020-11-23} } Current Events to Widespread Campaigns: Pivoting from Samples to Identify Activity
2020-11-20360 netlabJiaYu
@online{jiayu:20201120:blackrota:ee43da1, author = {JiaYu}, title = {{Blackrota, a highly obfuscated backdoor developed by Go}}, date = {2020-11-20}, organization = {360 netlab}, url = {https://blog.netlab.360.com/blackrota-an-obfuscated-backdoor-written-in-go/}, language = {Chinese}, urldate = {2020-11-23} } Blackrota, a highly obfuscated backdoor developed by Go
Cobalt Strike
2020-11-19GEMINIGEMINI
@online{gemini:20201119:chinese:ffd0136, author = {GEMINI}, title = {{Chinese Scam Shops Lure Black Friday Shoppers}}, date = {2020-11-19}, organization = {GEMINI}, url = {https://geminiadvisory.io/chinese-scam-shops/}, language = {English}, urldate = {2020-11-23} } Chinese Scam Shops Lure Black Friday Shoppers
2020-11-16Trend MicroTrendmicro
@online{trendmicro:20201116:malicious:b459c3f, author = {Trendmicro}, title = {{Malicious Actors Target Comm Apps such as Zoom, Slack, Discord}}, date = {2020-11-16}, organization = {Trend Micro}, url = {https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/malicious-actors-target-comm-apps-such-as-zoom-slack-discord}, language = {English}, urldate = {2020-11-19} } Malicious Actors Target Comm Apps such as Zoom, Slack, Discord
WebMonitor RAT
2020-11-16JPCERT/CCShusei Tomonaga
@online{tomonaga:20201116:elfplead:3bb79c4, author = {Shusei Tomonaga}, title = {{ELF_PLEAD - Linux Malware Used by BlackTech}}, date = {2020-11-16}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2020/11/elf-plead.html}, language = {English}, urldate = {2020-11-17} } ELF_PLEAD - Linux Malware Used by BlackTech
PLEAD
2020-11-12BlackberryBlackBerry Research and Intelligence team
@online{team:20201112:costaricto:1d1b0c8, author = {BlackBerry Research and Intelligence team}, title = {{The CostaRicto Campaign: Cyber-Espionage Outsourced}}, date = {2020-11-12}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2020/11/the-costaricto-campaign-cyber-espionage-outsourced}, language = {English}, urldate = {2020-11-19} } The CostaRicto Campaign: Cyber-Espionage Outsourced
SombRAT
2020-11-10laceworkChris Hall
@online{hall:20201110:meet:a741348, author = {Chris Hall}, title = {{Meet Muhstik – IoT Botnet Infecting Cloud Servers}}, date = {2020-11-10}, organization = {lacework}, url = {https://www.lacework.com/meet-muhstik-iot-botnet-infecting-cloud-servers/}, language = {English}, urldate = {2020-11-12} } Meet Muhstik – IoT Botnet Infecting Cloud Servers
Tsunami
2020-11-06LAC WATCHMatsumoto, Takagen, Ishikawa
@online{matsumoto:20201106:emotetzloader:ba310e4, author = {Matsumoto and Takagen and Ishikawa}, title = {{分析レポート:Emotetの裏で動くバンキングマルウェア「Zloader」に注意}}, date = {2020-11-06}, organization = {LAC WATCH}, url = {https://www.lac.co.jp/lacwatch/people/20201106_002321.html}, language = {Japanese}, urldate = {2020-11-09} } 分析レポート:Emotetの裏で動くバンキングマルウェア「Zloader」に注意
Emotet Zloader
2020-10-15laceworkChris Hall
@online{hall:20201015:moobots:2aaf302, author = {Chris Hall}, title = {{Moobot's Cloud Migration}}, date = {2020-10-15}, organization = {lacework}, url = {https://www.lacework.com/moobots-cloud-migration/}, language = {English}, urldate = {2020-10-23} } Moobot's Cloud Migration
2020-10-13blackarrowBorja Merino
@online{merino:20201013:attackers:48848a5, author = {Borja Merino}, title = {{Attackers Abuse MobileIron’s RCE to deliver Kaiten}}, date = {2020-10-13}, organization = {blackarrow}, url = {https://www.blackarrow.net/attackers-abuse-mobileirons-rce-to-deliver-kaiten/}, language = {English}, urldate = {2020-10-23} } Attackers Abuse MobileIron’s RCE to deliver Kaiten
Kaiten
2020-10-12LumenBlack Lotus Labs
@online{labs:20201012:look:7b422f7, author = {Black Lotus Labs}, title = {{A Look Inside The TrickBot Botnet}}, date = {2020-10-12}, organization = {Lumen}, url = {https://blog.lumen.com/a-look-inside-the-trickbot-botnet/}, language = {English}, urldate = {2020-10-12} } A Look Inside The TrickBot Botnet
TrickBot
2020-10-08Bayerischer RundfunkHakan Tanriverdi, Max Zierer, Ann-Kathrin Wetter, Kai Biermann, Thi Do Nguyen
@online{tanriverdi:20201008:there:620f4e7, author = {Hakan Tanriverdi and Max Zierer and Ann-Kathrin Wetter and Kai Biermann and Thi Do Nguyen}, title = {{There is no safe place}}, date = {2020-10-08}, organization = {Bayerischer Rundfunk}, url = {https://web.br.de/interaktiv/ocean-lotus/en/}, language = {English}, urldate = {2020-10-12} } There is no safe place
Cobalt Strike
2020-10-06BlackberryBlackberry Research
@techreport{research:20201006:bahamut:2a6157f, author = {Blackberry Research}, title = {{BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps}}, date = {2020-10-06}, institution = {Blackberry}, url = {https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf}, language = {English}, urldate = {2020-10-08} } BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps
Bahamut Bahamut
2020-10-05paloalto Networks Unit 42Nathaniel Quist
@online{quist:20201005:blackt:d09e278, author = {Nathaniel Quist}, title = {{Black-T: New Cryptojacking Variant from TeamTnT}}, date = {2020-10-05}, organization = {paloalto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/}, language = {English}, urldate = {2020-10-08} } Black-T: New Cryptojacking Variant from TeamTnT
2020-09-18Github (gdbinit)Pedro Vilaça
@online{vilaa:20200918:evilquestthiefquest:a7625a8, author = {Pedro Vilaça}, title = {{EvilQuest/ThiefQuest strings decrypt/deobfuscator}}, date = {2020-09-18}, organization = {Github (gdbinit)}, url = {https://github.com/gdbinit/evilquest_deobfuscator}, language = {English}, urldate = {2020-09-19} } EvilQuest/ThiefQuest strings decrypt/deobfuscator
EvilQuest
2020-09-15CheckpointDavid Driker, Amir Landau
@online{driker:20200915:rudeminer:1cea628, author = {David Driker and Amir Landau}, title = {{Rudeminer, Blacksquid and Lucifer Walk Into A Bar}}, date = {2020-09-15}, organization = {Checkpoint}, url = {https://research.checkpoint.com/2020/rudeminer-blacksquid-and-lucifer-walk-into-a-bar/}, language = {English}, urldate = {2020-09-18} } Rudeminer, Blacksquid and Lucifer Walk Into A Bar
Lucifer
2020-09-02Cisco TalosHolger Unterbrink, Edmund Brumaghin
@online{unterbrink:20200902:salfram:74ae3c9, author = {Holger Unterbrink and Edmund Brumaghin}, title = {{Salfram: Robbing the place without removing your name tag}}, date = {2020-09-02}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/09/salfram-robbing-place-without-removing.html}, language = {English}, urldate = {2020-09-03} } Salfram: Robbing the place without removing your name tag
Ave Maria ISFB SmokeLoader Zloader
2020-08-21RiskIQSteve Ginty
@online{ginty:20200821:pinchy:24fe21a, author = {Steve Ginty}, title = {{Pinchy Spider: Ransomware Infrastructure Connected to Dark Web Marketplace}}, date = {2020-08-21}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/3315064b}, language = {English}, urldate = {2020-09-01} } Pinchy Spider: Ransomware Infrastructure Connected to Dark Web Marketplace
REvil
2020-08-10FR3D.HKFred HK
@online{hk:20200810:diamondfox:d2a194b, author = {Fred HK}, title = {{DiamondFox - Bank Robbers will be replaced}}, date = {2020-08-10}, organization = {FR3D.HK}, url = {https://fr3d.hk/blog/diamondfox-bank-robbers-will-be-replaced}, language = {English}, urldate = {2020-08-12} } DiamondFox - Bank Robbers will be replaced
DiamondFox
2020-08-07QuoScientQuoIntelligence
@online{quointelligence:20200807:blackwater:8bd9553, author = {QuoIntelligence}, title = {{BlackWater Malware Leveraging Beirut Tragedy in New Targeted Campaign}}, date = {2020-08-07}, organization = {QuoScient}, url = {https://quointelligence.eu/2020/08/blackwater-malware-leveraging-beirut-tragedy-in-new-targeted-campaign/}, language = {English}, urldate = {2020-08-12} } BlackWater Malware Leveraging Beirut Tragedy in New Targeted Campaign