Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-05-07Bleeping ComputerLawrence Abrams
@online{abrams:20210507:data:c674b2b, author = {Lawrence Abrams}, title = {{Data leak marketplaces aim to take over the extortion economy}}, date = {2021-05-07}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/data-leak-marketplaces-aim-to-take-over-the-extortion-economy/}, language = {English}, urldate = {2021-05-08} } Data leak marketplaces aim to take over the extortion economy
Babuk Ransomware Maze
2021-05-06BlackberryBlackBerry Research and Intelligence team
@online{team:20210506:threat:8bdd47b, author = {BlackBerry Research and Intelligence team}, title = {{Threat Thursday: Dr. REvil Ransomware Strikes Again, Employs Double Extortion Tactics}}, date = {2021-05-06}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/05/threat-thursday-dr-revil-ransomware-strikes-again-employs-double-extortion-tactics}, language = {English}, urldate = {2021-05-08} } Threat Thursday: Dr. REvil Ransomware Strikes Again, Employs Double Extortion Tactics
REvil
2021-05-04Lacework LabsChris Hall
@online{hall:20210504:cpuminer:db7b10e, author = {Chris Hall}, title = {{Cpuminer & Friends}}, date = {2021-05-04}, organization = {Lacework Labs}, url = {https://www.lacework.com/cpuminer-friends/}, language = {English}, urldate = {2021-05-08} } Cpuminer & Friends
2021-04-22laceworkChris Hall, Jared Stroud
@online{hall:20210422:sysrvhello:2c8a477, author = {Chris Hall and Jared Stroud}, title = {{Sysrv-Hello Expands Infrastructure}}, date = {2021-04-22}, organization = {lacework}, url = {https://www.lacework.com/sysrv-hello-expands-infrastructure/}, language = {English}, urldate = {2021-04-29} } Sysrv-Hello Expands Infrastructure
2021-04-13laceworkTom Hegel
@online{hegel:20210413:carbine:c4dd5ef, author = {Tom Hegel}, title = {{Carbine Loader Cryptojacking Campaign}}, date = {2021-04-13}, organization = {lacework}, url = {https://www.lacework.com/carbine-loader-cryptojacking-campaign/}, language = {English}, urldate = {2021-04-20} } Carbine Loader Cryptojacking Campaign
2021-03-29VMWare Carbon BlackJason Zhang, Oleg Boyarchuk, Giovanni Vigna
@online{zhang:20210329:dridex:7692f65, author = {Jason Zhang and Oleg Boyarchuk and Giovanni Vigna}, title = {{Dridex Reloaded: Analysis of a New Dridex Campaign}}, date = {2021-03-29}, organization = {VMWare Carbon Black}, url = {https://blogs.vmware.com/networkvirtualization/2021/03/analysis-of-a-new-dridex-campaign.html/}, language = {English}, urldate = {2021-04-09} } Dridex Reloaded: Analysis of a New Dridex Campaign
Dridex
2021-03-25VMWare Carbon BlackThreat Analysis Unit, Baibhav Singh, Giovanni Vigna
@online{unit:20210325:memory:6fb3ce4, author = {Threat Analysis Unit and Baibhav Singh and Giovanni Vigna}, title = {{Memory Forensics for Virtualized Hosts}}, date = {2021-03-25}, organization = {VMWare Carbon Black}, url = {https://blogs.vmware.com/networkvirtualization/2021/03/memory-forensics-for-virtualized-hosts.html/?src=so_601c8a71b87d7&cid=7012H000001YsJA}, language = {English}, urldate = {2021-04-09} } Memory Forensics for Virtualized Hosts
2021-03-24SophosLabs UncutMark Loman
@online{loman:20210324:black:c1494bc, author = {Mark Loman}, title = {{Black Kingdom ransomware begins appearing on Exchange servers}}, date = {2021-03-24}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/03/23/black-kingdom/?cmp=30728}, language = {English}, urldate = {2021-03-25} } Black Kingdom ransomware begins appearing on Exchange servers
2021-03-23SophosMark Loman
@online{loman:20210323:black:527bf66, author = {Mark Loman}, title = {{Black Kingdom ransomware begins appearing on Exchange servers}}, date = {2021-03-23}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/03/23/black-kingdom/}, language = {English}, urldate = {2021-03-25} } Black Kingdom ransomware begins appearing on Exchange servers
BlackKingdom Ransomware
2021-03-21BlackberryBlackberry Research
@techreport{research:20210321:2021:a393473, author = {Blackberry Research}, title = {{2021 Threat Report}}, date = {2021-03-21}, institution = {Blackberry}, url = {https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-bb-2021-threat-report.pdf}, language = {English}, urldate = {2021-03-25} } 2021 Threat Report
Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot
2021-03-18Github (lacework)lacework-labs
@online{laceworklabs:20210318:dga:9b57724, author = {lacework-labs}, title = {{DGA and decoder scripts for n3cr0morph IRC malware}}, date = {2021-03-18}, organization = {Github (lacework)}, url = {https://github.com/lacework/lacework-labs/tree/master/keksec}, language = {English}, urldate = {2021-03-25} } DGA and decoder scripts for n3cr0morph IRC malware
N3Cr0m0rPh
2021-03-18laceworkChris Hall
@online{hall:20210318:kek:94c6e57, author = {Chris Hall}, title = {{The “Kek Security” Network}}, date = {2021-03-18}, organization = {lacework}, url = {https://www.lacework.com/the-kek-security-network/}, language = {English}, urldate = {2021-03-19} } The “Kek Security” Network
Kaiten N3Cr0m0rPh
2021-03-08Sentinel LABSJim Walter
@online{walter:20210308:hellokitty:e063f92, author = {Jim Walter}, title = {{HelloKitty Ransomware Lacks Stealth, But Still Strikes Home}}, date = {2021-03-08}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/hellokitty-ransomware-lacks-stealth-but-still-strikes-home/}, language = {English}, urldate = {2021-03-11} } HelloKitty Ransomware Lacks Stealth, But Still Strikes Home
HelloKitty
2021-03-05BlackberryCodi Starks, Kevin Finnigin
@online{starks:20210305:zerologon:efbc33c, author = {Codi Starks and Kevin Finnigin}, title = {{ZeroLogon to Ransomware}}, date = {2021-03-05}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/03/zerologon-to-ransomware}, language = {English}, urldate = {2021-03-11} } ZeroLogon to Ransomware
Mailto
2021-03-04FireEyeMatt Bromiley, Chris DiGiamo, Andrew Thompson, Robert Wallace
@online{bromiley:20210304:detection:3b8c16f, author = {Matt Bromiley and Chris DiGiamo and Andrew Thompson and Robert Wallace}, title = {{Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities}}, date = {2021-03-04}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/03/detection-response-to-exploitation-of-microsoft-exchange-zero-day-vulnerabilities.html}, language = {English}, urldate = {2021-03-10} } Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities
CHINACHOPPER HAFNIUM
2021-03-01sonatypeAx Sharma
@online{sharma:20210301:newly:eb852ff, author = {Ax Sharma}, title = {{Newly Identified Dependency Confusion Packages Target Amazon, Zillow, and Slack; Go Beyond Just Bug Bounties}}, date = {2021-03-01}, organization = {sonatype}, url = {https://blog.sonatype.com/malicious-dependency-confusion-copycats-exfiltrate-bash-history-and-etc-shadow-files}, language = {English}, urldate = {2021-03-04} } Newly Identified Dependency Confusion Packages Target Amazon, Zillow, and Slack; Go Beyond Just Bug Bounties
2021-02-26YouTube (Black Hat)Kevin Perlow
@online{perlow:20210226:fastcash:2daf61f, author = {Kevin Perlow}, title = {{FASTCash and INJX_Pure: How Threat Actors Use Public Standards for Financial Fraud}}, date = {2021-02-26}, organization = {YouTube (Black Hat)}, url = {https://www.youtube.com/watch?v=zGvQPtejX9w}, language = {English}, urldate = {2021-03-04} } FASTCash and INJX_Pure: How Threat Actors Use Public Standards for Financial Fraud
FastCash
2021-02-24VMWare Carbon BlackTakahiro Haruyama
@techreport{haruyama:20210224:knock:f4903a2, author = {Takahiro Haruyama}, title = {{Knock, knock, Neo. - Active C2 Discovery Using Protocol Emulation}}, date = {2021-02-24}, institution = {VMWare Carbon Black}, url = {https://jsac.jpcert.or.jp/archive/2021/pdf/JSAC2021_201_haruyama_jp.pdf}, language = {Japanese}, urldate = {2021-02-26} } Knock, knock, Neo. - Active C2 Discovery Using Protocol Emulation
Cobalt Strike
2021-02-16FireEyeMatt Bromiley, Andrew Rector, Robert Wallace
@online{bromiley:20210216:light:5541ad4, author = {Matt Bromiley and Andrew Rector and Robert Wallace}, title = {{Light in the Dark: Hunting for SUNBURST}}, date = {2021-02-16}, organization = {FireEye}, url = {https://www.fireeye.com/blog/products-and-services/2021/02/light-in-the-dark-hunting-for-sunburst.html}, language = {English}, urldate = {2021-02-20} } Light in the Dark: Hunting for SUNBURST
SUNBURST
2021-02-05Trend MicroRaphael Centeno, Monte de Jesus, Don Ovid Ladores, Junestherry Salvador, Nikko Tamana, Llalum Victoria
@online{centeno:20210205:new:33e89f1, author = {Raphael Centeno and Monte de Jesus and Don Ovid Ladores and Junestherry Salvador and Nikko Tamana and Llalum Victoria}, title = {{New in Ransomware: Seth-Locker, Babuk Locker, Maoloa, TeslaCrypt, and CobraLocker}}, date = {2021-02-05}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/b/new-in-ransomware.html}, language = {English}, urldate = {2021-02-09} } New in Ransomware: Seth-Locker, Babuk Locker, Maoloa, TeslaCrypt, and CobraLocker
Babuk Ransomware TeslaCrypt