Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-13CitizenLabBill Marczak, John Scott-Railton, Bahr Abdul Razzak, Noura Al-Jizawi, Siena Anstis, Kristin Berdan, Ron Deibert
@online{marczak:20210913:forcedentry:7427f45, author = {Bill Marczak and John Scott-Railton and Bahr Abdul Razzak and Noura Al-Jizawi and Siena Anstis and Kristin Berdan and Ron Deibert}, title = {{FORCEDENTRY NSO Group iMessage Zero-Click Exploit Captured in the Wild (CVE-2021-30860)}}, date = {2021-09-13}, organization = {CitizenLab}, url = {https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/}, language = {English}, urldate = {2021-09-14} } FORCEDENTRY NSO Group iMessage Zero-Click Exploit Captured in the Wild (CVE-2021-30860)
2021-08-27Seguranca InformaticaPedro Tavares
@online{tavares:20210827:fraude:0e0b29a, author = {Pedro Tavares}, title = {{Fraude personificando a marca Continente espalha-se através do WhatsApp: Não se deixe enganar!}}, date = {2021-08-27}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/fraude-personificando-a-marca-continente-espalha-se-atraves-do-whatsapp-nao-se-deixe-enganar/}, language = {Portugese}, urldate = {2021-09-12} } Fraude personificando a marca Continente espalha-se através do WhatsApp: Não se deixe enganar!
2021-08-24CitizenLabBill Marczak, Ali Abdulemam, Noura Al-Jizawi, Siena Anstis, Kristin Berdan, John Scott-Railton, Ron Deibert
@online{marczak:20210824:from:6363bde, author = {Bill Marczak and Ali Abdulemam and Noura Al-Jizawi and Siena Anstis and Kristin Berdan and John Scott-Railton and Ron Deibert}, title = {{From Pearl to Pegasus Bahraini Government Hacks Activists with NSO Group Zero-Click iPhone Exploits}}, date = {2021-08-24}, organization = {CitizenLab}, url = {https://citizenlab.ca/2021/08/bahrain-hacks-activists-with-nso-group-zero-click-iphone-exploits/}, language = {English}, urldate = {2021-08-24} } From Pearl to Pegasus Bahraini Government Hacks Activists with NSO Group Zero-Click iPhone Exploits
Chrysaor
2021-08-23Marco Ramilli
@online{ramilli:20210823:paradise:2539869, author = {Marco Ramilli}, title = {{Paradise Ransomware: The Builder}}, date = {2021-08-23}, url = {https://marcoramilli.com/2021/08/23/paradise-ransomware-the-builder/}, language = {English}, urldate = {2021-08-23} } Paradise Ransomware: The Builder
Paradise
2021-07-18Twitter (@billmarczak)Bill Marczak
@online{marczak:20210718:twitter:d1f4dfe, author = {Bill Marczak}, title = {{Twitter thread with a couple of interesting bits from AmnestyTech's new report on Pegasus}}, date = {2021-07-18}, organization = {Twitter (@billmarczak)}, url = {https://twitter.com/billmarczak/status/1416801439402262529}, language = {English}, urldate = {2021-07-24} } Twitter thread with a couple of interesting bits from AmnestyTech's new report on Pegasus
Chrysaor
2021-07-18CitizenLabBill Marczak, John Scott-Railton, Siena Anstis, Ron Deibert
@online{marczak:20210718:independent:f943436, author = {Bill Marczak and John Scott-Railton and Siena Anstis and Ron Deibert}, title = {{Independent Peer Review of Amnesty International’s Forensic Methods for Identifying Pegasus Spyware}}, date = {2021-07-18}, organization = {CitizenLab}, url = {https://citizenlab.ca/2021/07/amnesty-peer-review/}, language = {English}, urldate = {2021-07-21} } Independent Peer Review of Amnesty International’s Forensic Methods for Identifying Pegasus Spyware
Chrysaor
2021-07-15CitizenLabBill Marczak, John Scott-Railton, Kristin Berdan, Bahr Abdul Razzak, Ron Deibert
@online{marczak:20210715:hooking:7f3adbe, author = {Bill Marczak and John Scott-Railton and Kristin Berdan and Bahr Abdul Razzak and Ron Deibert}, title = {{Hooking Candiru Another Mercenary Spyware Vendor Comes into Focus}}, date = {2021-07-15}, organization = {CitizenLab}, url = {https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/}, language = {English}, urldate = {2021-07-20} } Hooking Candiru Another Mercenary Spyware Vendor Comes into Focus
Chainshot
2021-07-04Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20210704:babuk:3ba79a8, author = {Marco Ramilli}, title = {{Babuk Ransomware: The Builder}}, date = {2021-07-04}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2021/07/05/babuk-ransomware-the-builder/}, language = {English}, urldate = {2021-07-06} } Babuk Ransomware: The Builder
Babuk Babuk
2021-06-24SentinelOneMarco Figueroa
@online{figueroa:20210624:evasive:7f0d507, author = {Marco Figueroa}, title = {{Evasive Maneuvers | Massive IcedID Campaign Aims For Stealth with Benign Macros}}, date = {2021-06-24}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/evasive-maneuvers-massive-icedid-campaign-aims-for-stealth-with-benign-macros/}, language = {English}, urldate = {2021-06-29} } Evasive Maneuvers | Massive IcedID Campaign Aims For Stealth with Benign Macros
IcedID
2021-06-17KasperskyMarc Rivero López
@online{lpez:20210617:black:f563c4b, author = {Marc Rivero López}, title = {{Black Kingdom ransomware}}, date = {2021-06-17}, organization = {Kaspersky}, url = {https://securelist.com/black-kingdom-ransomware/102873/}, language = {English}, urldate = {2021-06-21} } Black Kingdom ransomware
BlackKingdom Ransomware
2021-06-14Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20210614:allegedly:ad3d608, author = {Marco Ramilli}, title = {{The Allegedly Ryuk Ransomware builder: #RyukJoke}}, date = {2021-06-14}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2021/06/14/the-allegedly-ryuk-ransomware-builder-ryukjoke/}, language = {English}, urldate = {2021-08-23} } The Allegedly Ryuk Ransomware builder: #RyukJoke
Chaos
2021-05-20SentinelOneMarco Figueroa
@online{figueroa:20210520:caught:04692f1, author = {Marco Figueroa}, title = {{Caught in the Cloud | How a Monero Cryptominer Exploits Docker Containers}}, date = {2021-05-20}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/caught-in-the-cloud-how-a-monero-cryptominer-exploits-docker-containers/}, language = {English}, urldate = {2021-05-26} } Caught in the Cloud | How a Monero Cryptominer Exploits Docker Containers
2021-05-12Palo Alto Networks Unit 42Ramarcus Baylor
@online{baylor:20210512:darkside:f63c2c2, author = {Ramarcus Baylor}, title = {{DarkSide Ransomware Gang: An Overview}}, date = {2021-05-12}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/darkside-ransomware/}, language = {English}, urldate = {2021-05-13} } DarkSide Ransomware Gang: An Overview
DarkSide
2021-05-07Marco Ramilli
@online{ramilli:20210507:muddywater:a09bd20, author = {Marco Ramilli}, title = {{MuddyWater: Binder Project (Part 2)}}, date = {2021-05-07}, url = {https://marcoramilli.com/2021/05/07/muddywater-binder-project-part-2/}, language = {English}, urldate = {2021-05-17} } MuddyWater: Binder Project (Part 2)
2021-05-01Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20210501:muddywater:31657f7, author = {Marco Ramilli}, title = {{Muddywater: Binder Project}}, date = {2021-05-01}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2021/05/01/muddywater-binder-project-part-1/}, language = {English}, urldate = {2021-05-17} } Muddywater: Binder Project
2021-04-23xorl %eax, %eaxAnastasios Pingios
@online{pingios:20210423:analysis:d263296, author = {Anastasios Pingios}, title = {{Analysis of the CardingMafia March 2021 data breach}}, date = {2021-04-23}, organization = {xorl %eax, %eax}, url = {https://xorl.wordpress.com/2021/04/23/analysis-of-the-cardingmafia-march-2021-data-breach/}, language = {English}, urldate = {2021-05-08} } Analysis of the CardingMafia March 2021 data breach
2021-04-22splunkJohn Stoner, Mick Baccio, Katie Brown, James Brodsky, Drew Church, Dave Herrald, Ryan Kovar, Marcus LaFerrera, Michael Natkin
@online{stoner:20210422:supernova:53b895c, author = {John Stoner and Mick Baccio and Katie Brown and James Brodsky and Drew Church and Dave Herrald and Ryan Kovar and Marcus LaFerrera and Michael Natkin}, title = {{SUPERNOVA Redux, with a Generous Portion of Masquerading}}, date = {2021-04-22}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/supernova-redux-with-a-generous-portion-of-masquerading.html}, language = {English}, urldate = {2021-04-28} } SUPERNOVA Redux, with a Generous Portion of Masquerading
SUPERNOVA
2021-04-21splunkDave Herrald, Mick Baccio, James Brodsky, Tamara Chacon, Shannon Davis, Kelly Huang, Ryan Kovar, Marcus LaFerrerra, Michael Natkin, John Stoner, Bill Wright
@online{herrald:20210421:monitoring:088de4c, author = {Dave Herrald and Mick Baccio and James Brodsky and Tamara Chacon and Shannon Davis and Kelly Huang and Ryan Kovar and Marcus LaFerrerra and Michael Natkin and John Stoner and Bill Wright}, title = {{Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)}}, date = {2021-04-21}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/monitoring-pulse-connect-secure-with-splunk-cisa-emergency-directive-21-03.html}, language = {English}, urldate = {2021-04-28} } Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)
2021-04-19Sentinel LABSMarco Figueroa
@online{figueroa:20210419:deep:f5cf649, author = {Marco Figueroa}, title = {{A Deep Dive into Zebrocy’s Dropper Docs}}, date = {2021-04-19}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/a-deep-dive-into-zebrocys-dropper-docs/}, language = {English}, urldate = {2021-04-20} } A Deep Dive into Zebrocy’s Dropper Docs
Downdelph
2021-04-16Team CymruJoshua Picolet
@online{picolet:20210416:transparent:645e443, author = {Joshua Picolet}, title = {{Transparent Tribe APT Infrastructure Mapping Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021}}, date = {2021-04-16}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/04/16/transparent-tribe-apt-infrastructure-mapping/}, language = {English}, urldate = {2021-04-19} } Transparent Tribe APT Infrastructure Mapping Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021
Crimson RAT