Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-06LeMagITValéry Rieß-Marchive
@online{riemarchive:20220506:ransomware:0a466dc, author = {Valéry Rieß-Marchive}, title = {{Ransomware: LockBit 3.0 Starts Using in Cyberattacks}}, date = {2022-05-06}, organization = {LeMagIT}, url = {https://www.lemagit.fr/actualites/252516821/Ransomware-LockBit-30-commence-a-etre-utilise-dans-des-cyberattaques}, language = {French}, urldate = {2022-05-08} } Ransomware: LockBit 3.0 Starts Using in Cyberattacks
LockBit
2022-04-18CitizenLabJohn Scott-Railton, Elies Campo, Bill Marczak, Bahr Abdul Razzak, Siena Anstis, Gözde Böcü, Salvatore Solimano, Ron Deibert
@online{scottrailton:20220418:catalangate:95aa638, author = {John Scott-Railton and Elies Campo and Bill Marczak and Bahr Abdul Razzak and Siena Anstis and Gözde Böcü and Salvatore Solimano and Ron Deibert}, title = {{CatalanGate Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru}}, date = {2022-04-18}, organization = {CitizenLab}, url = {https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/}, language = {English}, urldate = {2022-04-20} } CatalanGate Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru
Chrysaor
2022-04-18TrellixMarc Elias, Jambul Tologonov, Alexandre Mundo
@online{elias:20220418:conti:b15356d, author = {Marc Elias and Jambul Tologonov and Alexandre Mundo}, title = {{Conti Group Targets ESXi Hypervisors With its Linux Variant}}, date = {2022-04-18}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/conti-group-targets-esxi-hypervisors-with-its-linux-variant.html}, language = {English}, urldate = {2022-04-20} } Conti Group Targets ESXi Hypervisors With its Linux Variant
Conti Conti
2022-04-12Check PointCheck Point Research
@online{research:20220412:march:2c56dc6, author = {Check Point Research}, title = {{March 2022’s Most Wanted Malware: Easter Phishing Scams Help Emotet Assert its Dominance}}, date = {2022-04-12}, organization = {Check Point}, url = {https://www.checkpoint.com/press/2022/march-2022s-most-wanted-malware-easter-phishing-scams-help-emotet-assert-its-dominance/}, language = {English}, urldate = {2022-04-20} } March 2022’s Most Wanted Malware: Easter Phishing Scams Help Emotet Assert its Dominance
Alien FluBot Agent Tesla Emotet
2022-04-05CitizenLabMohammed Al-Maskati, Front Line Defenders, Bill Marczak, Siena Anstis, Ron Deibert, CitizenLab
@online{almaskati:20220405:peace:8678b53, author = {Mohammed Al-Maskati and Front Line Defenders and Bill Marczak and Siena Anstis and Ron Deibert and CitizenLab}, title = {{Peace through Pegasus Jordanian Human Rights Defenders and Journalists Hacked with Pegasus Spyware}}, date = {2022-04-05}, organization = {CitizenLab}, url = {https://citizenlab.ca/2022/04/peace-through-pegasus-jordanian-human-rights-defenders-and-journalists-hacked-with-pegasus-spyware/}, language = {English}, urldate = {2022-04-07} } Peace through Pegasus Jordanian Human Rights Defenders and Journalists Hacked with Pegasus Spyware
Chrysaor
2022-03-28TrellixMax Kersten, Marc Elias
@online{kersten:20220328:plugx:37256d5, author = {Max Kersten and Marc Elias}, title = {{PlugX: A Talisman to Behold}}, date = {2022-03-28}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/plugx-a-talisman-to-behold.html}, language = {English}, urldate = {2022-03-30} } PlugX: A Talisman to Behold
PlugX
2022-03-25GOV.UAState Service of Special Communication and Information Protection of Ukraine (CIP)
@online{cip:20220325:who:e75f0ac, author = {State Service of Special Communication and Information Protection of Ukraine (CIP)}, title = {{Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22}}, date = {2022-03-25}, organization = {GOV.UA}, url = {https://cip.gov.ua/en/news/khto-stoyit-za-kiberatakami-na-ukrayinsku-kritichnu-informaciinu-infrastrukturu-statistika-15-22-bereznya}, language = {English}, urldate = {2022-03-28} } Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22
Xloader Agent Tesla CaddyWiper Cobalt Strike DoubleZero GraphSteel GrimPlant HeaderTip HermeticWiper IsaacWiper MicroBackdoor Pandora
2022-03-10Cisco TalosChris Neal
@online{neal:20220310:wednesday:fc375b1, author = {Chris Neal}, title = {{WEDNESDAY, MARCH 9, 2022 Threat advisory: Cybercriminals compromise users with malware disguised as pro-Ukraine cyber tools}}, date = {2022-03-10}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.html}, language = {English}, urldate = {2022-03-14} } WEDNESDAY, MARCH 9, 2022 Threat advisory: Cybercriminals compromise users with malware disguised as pro-Ukraine cyber tools
2022-03-10BrightTALK (Kaspersky GReAT)Costin Raiu, Marco Preuss, Kurt Baumgartner, Dan Demeter, Ivan Kwiatkowski
@online{raiu:20220310:brighttalk:a3d9072, author = {Costin Raiu and Marco Preuss and Kurt Baumgartner and Dan Demeter and Ivan Kwiatkowski}, title = {{BrightTALK: A look at current cyberattacks in Ukraine}}, date = {2022-03-10}, organization = {BrightTALK (Kaspersky GReAT)}, url = {https://www.brighttalk.com/webcast/15591/534324}, language = {English}, urldate = {2022-04-05} } BrightTALK: A look at current cyberattacks in Ukraine
HermeticWiper HermeticWizard IsaacWiper PartyTicket WhisperGate
2022-03-09BreachQuestMarco Figueroa, Napoleon Bing, Bernard Silvestrini
@online{figueroa:20220309:conti:d237b64, author = {Marco Figueroa and Napoleon Bing and Bernard Silvestrini}, title = {{The Conti Leaks | Insight into a Ransomware Unicorn}}, date = {2022-03-09}, organization = {BreachQuest}, url = {https://www.breachquest.com/conti-leaks-insight-into-a-ransomware-unicorn/}, language = {English}, urldate = {2022-03-14} } The Conti Leaks | Insight into a Ransomware Unicorn
Cobalt Strike MimiKatz TrickBot
2022-03-01Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20220301:diskkillhermeticwiper:e543742, author = {Marco Ramilli}, title = {{DiskKill/HermeticWiper and NotPetya (Dis)similarities}}, date = {2022-03-01}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2022/03/01/diskkill-hermeticwiper-and-notpetya-dissimilarities/}, language = {English}, urldate = {2022-03-02} } DiskKill/HermeticWiper and NotPetya (Dis)similarities
EternalPetya HermeticWiper
2022-02-22USENIXAndrea Marcelli, Mariano Graziano, Xabier Ugarte-Pedrero, Yanick Fratantonio, Mohamad Mansouri, Davide Balzarotti
@techreport{marcelli:20220222:how:75eb4eb, author = {Andrea Marcelli and Mariano Graziano and Xabier Ugarte-Pedrero and Yanick Fratantonio and Mohamad Mansouri and Davide Balzarotti}, title = {{How Machine Learning Is Solving the Binary Function Similarity Problem}}, date = {2022-02-22}, institution = {USENIX}, url = {https://www.usenix.org/system/files/sec22fall_marcelli.pdf}, language = {English}, urldate = {2022-05-05} } How Machine Learning Is Solving the Binary Function Similarity Problem
2022-02-17TrellixChristiaan Beek, Marc Elias
@online{beek:20220217:looking:0149198, author = {Christiaan Beek and Marc Elias}, title = {{Looking over the nation-state actors’ shoulders: Even they have a difficult day sometimes}}, date = {2022-02-17}, organization = {Trellix}, url = {https://www.trellix.com/en-gb/about/newsroom/stories/threat-labs/looking-over-the-nation-state-actors-shoulders.html}, language = {English}, urldate = {2022-03-01} } Looking over the nation-state actors’ shoulders: Even they have a difficult day sometimes
Empire Downloader
2022-02-14DR.DKAllan Nisgaard, Marcel Mirzaei-Fard, Kenrik Moltke, Ingeborg Munk Toft
@online{nisgaard:20220214:var:75495c9, author = {Allan Nisgaard and Marcel Mirzaei-Fard and Kenrik Moltke and Ingeborg Munk Toft}, title = {{Var tæt på at slukke tusindvis af vindmøller: Nu fortæller Vestas om cyberangreb}}, date = {2022-02-14}, organization = {DR.DK}, url = {https://www.dr.dk/nyheder/viden/teknologi/frygtede-skulle-lukke-alle-vindmoeller-nu-aabner-vestas-op-om-hacking-angreb}, language = {Danish}, urldate = {2022-02-14} } Var tæt på at slukke tusindvis af vindmøller: Nu fortæller Vestas om cyberangreb
LockBit
2022-01-25ESET ResearchMarc-Etienne M.Léveillé, Anton Cherepanov
@online{mlveill:20220125:watering:e1afb71, author = {Marc-Etienne M.Léveillé and Anton Cherepanov}, title = {{Watering hole deploys new macOS malware, DazzleSpy, in Asia}}, date = {2022-01-25}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/}, language = {English}, urldate = {2022-01-25} } Watering hole deploys new macOS malware, DazzleSpy, in Asia
2022-01-25TrellixMarc Elias, Christiaan Beek, Alexandre Mundo, Leandro Velasco, Max Kersten
@online{elias:20220125:prime:20a5b0c, author = {Marc Elias and Christiaan Beek and Alexandre Mundo and Leandro Velasco and Max Kersten}, title = {{Prime Minister’s Office Compromised: Details of Recent Espionage Campaign}}, date = {2022-01-25}, organization = {Trellix}, url = {https://www.trellix.com/en-gb/about/newsroom/stories/threat-labs/prime-ministers-office-compromised.html}, language = {English}, urldate = {2022-01-25} } Prime Minister’s Office Compromised: Details of Recent Espionage Campaign
Graphite
2021-12-31CERT.PLMarcin Dudek, Michał Praszmo
@online{dudek:20211231:iko:bd137c3, author = {Marcin Dudek and Michał Praszmo}, title = {{IKO activation - Malware campaign}}, date = {2021-12-31}, organization = {CERT.PL}, url = {https://cert.pl/posts/2021/12/aktywacja-aplikacji-iko/}, language = {Polish}, urldate = {2022-01-05} } IKO activation - Malware campaign
Coper
2021-12-16CitizenLabKristin Berdan, John Scott-Railton, Bill Marczak, Noura Al-Jizawi, Bahr Abdul Razzak, Ron Deibert, Siena Anstis
@online{berdan:20211216:pegasus:c1c06eb, author = {Kristin Berdan and John Scott-Railton and Bill Marczak and Noura Al-Jizawi and Bahr Abdul Razzak and Ron Deibert and Siena Anstis}, title = {{Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware}}, date = {2021-12-16}, organization = {CitizenLab}, url = {https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/}, language = {English}, urldate = {2022-01-24} } Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware
Chrysaor
2021-12-10Mississippi State UniversityDeMarcus M. Thomas Sr.
@online{sr:20211210:detecting:8a6e597, author = {DeMarcus M. Thomas Sr.}, title = {{Detecting malware in memory with memory object relationships}}, date = {2021-12-10}, organization = {Mississippi State University}, url = {https://scholarsjunction.msstate.edu/cgi/viewcontent.cgi?article=6309&context=td}, language = {English}, urldate = {2021-12-31} } Detecting malware in memory with memory object relationships
2021-11-17MalwareTechMarcus Hutchins
@online{hutchins:20211117:indepth:8fa7808, author = {Marcus Hutchins}, title = {{An in-depth look at hacking back, active defense, and cyber letters of marque}}, date = {2021-11-17}, organization = {MalwareTech}, url = {https://www.malwaretech.com/2021/11/an-in-depth-look-at-hacking-back-active-defense-and-cyber-letters-of-marque.html}, language = {English}, urldate = {2021-11-19} } An in-depth look at hacking back, active defense, and cyber letters of marque