Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-11-21Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20221121:is:cfeafc3, author = {Marco Ramilli}, title = {{Is Hagga Threat Actor Abusing FSociety Framework ?}}, date = {2022-11-21}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2022/11/21/is-hagga-threat-actor-abusing-fsociety-framework/}, language = {English}, urldate = {2022-11-22} } Is Hagga Threat Actor Abusing FSociety Framework ?
2022-10-03Check PointMarc Salinas Fernandez
@online{fernandez:20221003:bumblebee:25732bf, author = {Marc Salinas Fernandez}, title = {{Bumblebee: increasing its capacity and evolving its TTPs}}, date = {2022-10-03}, organization = {Check Point}, url = {https://research.checkpoint.com/2022/bumblebee-increasing-its-capacity-and-evolving-its-ttps/}, language = {English}, urldate = {2022-10-07} } Bumblebee: increasing its capacity and evolving its TTPs
BumbleBee Cobalt Strike Meterpreter Sliver Vidar
2022-09-07GooglePierre-Marc Bureau, Google Threat Analysis Group
@online{bureau:20220907:initial:d1975b3, author = {Pierre-Marc Bureau and Google Threat Analysis Group}, title = {{Initial access broker repurposing techniques in targeted attacks against Ukraine}}, date = {2022-09-07}, organization = {Google}, url = {https://blog.google/threat-analysis-group/initial-access-broker-repurposing-techniques-in-targeted-attacks-against-ukraine/}, language = {English}, urldate = {2022-09-13} } Initial access broker repurposing techniques in targeted attacks against Ukraine
AnchorMail Cobalt Strike IcedID
2022-07-20KasperskyMarc Rivero López, Jornt van der Wiel, Dmitry Galov, Sergey Lozhkin
@online{lpez:20220720:luna:176a613, author = {Marc Rivero López and Jornt van der Wiel and Dmitry Galov and Sergey Lozhkin}, title = {{Luna and Black Basta — new ransomware for Windows, Linux and ESXi}}, date = {2022-07-20}, organization = {Kaspersky}, url = {https://securelist.com/luna-black-basta-ransomware/106950}, language = {English}, urldate = {2022-07-25} } Luna and Black Basta — new ransomware for Windows, Linux and ESXi
Black Basta Conti
2022-07-19ESET ResearchMarc-Etienne M.Léveillé
@online{mlveill:20220719:i:d9dc1d5, author = {Marc-Etienne M.Léveillé}, title = {{I see what you did there: A look at the CloudMensis macOS spyware}}, date = {2022-07-19}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/}, language = {English}, urldate = {2022-07-20} } I see what you did there: A look at the CloudMensis macOS spyware
CloudMensis
2022-05-10Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20220510:malware:915e04f, author = {Marco Ramilli}, title = {{A Malware Analysis in RU-AU conflict}}, date = {2022-05-10}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2022/05/10/a-malware-analysis-in-ru-au-conflict/}, language = {English}, urldate = {2022-11-22} } A Malware Analysis in RU-AU conflict
Cobalt Strike
2022-05-06LeMagITValéry Rieß-Marchive
@online{riemarchive:20220506:ransomware:0a466dc, author = {Valéry Rieß-Marchive}, title = {{Ransomware: LockBit 3.0 Starts Using in Cyberattacks}}, date = {2022-05-06}, organization = {LeMagIT}, url = {https://www.lemagit.fr/actualites/252516821/Ransomware-LockBit-30-commence-a-etre-utilise-dans-des-cyberattaques}, language = {French}, urldate = {2022-05-08} } Ransomware: LockBit 3.0 Starts Using in Cyberattacks
LockBit
2022-04-18CitizenLabJohn Scott-Railton, Elies Campo, Bill Marczak, Bahr Abdul Razzak, Siena Anstis, Gözde Böcü, Salvatore Solimano, Ron Deibert
@online{scottrailton:20220418:catalangate:95aa638, author = {John Scott-Railton and Elies Campo and Bill Marczak and Bahr Abdul Razzak and Siena Anstis and Gözde Böcü and Salvatore Solimano and Ron Deibert}, title = {{CatalanGate Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru}}, date = {2022-04-18}, organization = {CitizenLab}, url = {https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/}, language = {English}, urldate = {2022-04-20} } CatalanGate Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru
Chrysaor
2022-04-18TrellixMarc Elias, Jambul Tologonov, Alexandre Mundo
@online{elias:20220418:conti:b15356d, author = {Marc Elias and Jambul Tologonov and Alexandre Mundo}, title = {{Conti Group Targets ESXi Hypervisors With its Linux Variant}}, date = {2022-04-18}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/conti-group-targets-esxi-hypervisors-with-its-linux-variant.html}, language = {English}, urldate = {2022-04-20} } Conti Group Targets ESXi Hypervisors With its Linux Variant
Conti Conti
2022-04-12Check PointCheck Point Research
@online{research:20220412:march:2c56dc6, author = {Check Point Research}, title = {{March 2022’s Most Wanted Malware: Easter Phishing Scams Help Emotet Assert its Dominance}}, date = {2022-04-12}, organization = {Check Point}, url = {https://www.checkpoint.com/press/2022/march-2022s-most-wanted-malware-easter-phishing-scams-help-emotet-assert-its-dominance/}, language = {English}, urldate = {2022-04-20} } March 2022’s Most Wanted Malware: Easter Phishing Scams Help Emotet Assert its Dominance
Alien FluBot Agent Tesla Emotet
2022-04-05CitizenLabMohammed Al-Maskati, Front Line Defenders, Bill Marczak, Siena Anstis, Ron Deibert, CitizenLab
@online{almaskati:20220405:peace:8678b53, author = {Mohammed Al-Maskati and Front Line Defenders and Bill Marczak and Siena Anstis and Ron Deibert and CitizenLab}, title = {{Peace through Pegasus Jordanian Human Rights Defenders and Journalists Hacked with Pegasus Spyware}}, date = {2022-04-05}, organization = {CitizenLab}, url = {https://citizenlab.ca/2022/04/peace-through-pegasus-jordanian-human-rights-defenders-and-journalists-hacked-with-pegasus-spyware/}, language = {English}, urldate = {2022-04-07} } Peace through Pegasus Jordanian Human Rights Defenders and Journalists Hacked with Pegasus Spyware
Chrysaor
2022-03-28TrellixMax Kersten, Marc Elias
@online{kersten:20220328:plugx:37256d5, author = {Max Kersten and Marc Elias}, title = {{PlugX: A Talisman to Behold}}, date = {2022-03-28}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/plugx-a-talisman-to-behold.html}, language = {English}, urldate = {2022-03-30} } PlugX: A Talisman to Behold
PlugX
2022-03-25GOV.UAState Service of Special Communication and Information Protection of Ukraine (CIP)
@online{cip:20220325:who:e75f0ac, author = {State Service of Special Communication and Information Protection of Ukraine (CIP)}, title = {{Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22}}, date = {2022-03-25}, organization = {GOV.UA}, url = {https://cip.gov.ua/en/news/khto-stoyit-za-kiberatakami-na-ukrayinsku-kritichnu-informaciinu-infrastrukturu-statistika-15-22-bereznya}, language = {English}, urldate = {2022-08-05} } Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22
Xloader Agent Tesla CaddyWiper Cobalt Strike DoubleZero GraphSteel GrimPlant HeaderTip HermeticWiper IsaacWiper MicroBackdoor Pandora RAT
2022-03-10Cisco TalosChris Neal
@online{neal:20220310:wednesday:fc375b1, author = {Chris Neal}, title = {{WEDNESDAY, MARCH 9, 2022 Threat advisory: Cybercriminals compromise users with malware disguised as pro-Ukraine cyber tools}}, date = {2022-03-10}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.html}, language = {English}, urldate = {2022-03-14} } WEDNESDAY, MARCH 9, 2022 Threat advisory: Cybercriminals compromise users with malware disguised as pro-Ukraine cyber tools
2022-03-10BrightTALK (Kaspersky GReAT)Costin Raiu, Marco Preuss, Kurt Baumgartner, Dan Demeter, Ivan Kwiatkowski
@online{raiu:20220310:brighttalk:a3d9072, author = {Costin Raiu and Marco Preuss and Kurt Baumgartner and Dan Demeter and Ivan Kwiatkowski}, title = {{BrightTALK: A look at current cyberattacks in Ukraine}}, date = {2022-03-10}, organization = {BrightTALK (Kaspersky GReAT)}, url = {https://www.brighttalk.com/webcast/15591/534324}, language = {English}, urldate = {2022-04-05} } BrightTALK: A look at current cyberattacks in Ukraine
HermeticWiper HermeticWizard IsaacWiper PartyTicket WhisperGate
2022-03-09BreachQuestMarco Figueroa, Napoleon Bing, Bernard Silvestrini
@online{figueroa:20220309:conti:d237b64, author = {Marco Figueroa and Napoleon Bing and Bernard Silvestrini}, title = {{The Conti Leaks | Insight into a Ransomware Unicorn}}, date = {2022-03-09}, organization = {BreachQuest}, url = {https://www.breachquest.com/conti-leaks-insight-into-a-ransomware-unicorn/}, language = {English}, urldate = {2022-03-14} } The Conti Leaks | Insight into a Ransomware Unicorn
Cobalt Strike MimiKatz TrickBot
2022-03-01Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20220301:diskkillhermeticwiper:e543742, author = {Marco Ramilli}, title = {{DiskKill/HermeticWiper and NotPetya (Dis)similarities}}, date = {2022-03-01}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2022/03/01/diskkill-hermeticwiper-and-notpetya-dissimilarities/}, language = {English}, urldate = {2022-03-02} } DiskKill/HermeticWiper and NotPetya (Dis)similarities
EternalPetya HermeticWiper
2022-02-22USENIXAndrea Marcelli, Mariano Graziano, Xabier Ugarte-Pedrero, Yanick Fratantonio, Mohamad Mansouri, Davide Balzarotti
@techreport{marcelli:20220222:how:75eb4eb, author = {Andrea Marcelli and Mariano Graziano and Xabier Ugarte-Pedrero and Yanick Fratantonio and Mohamad Mansouri and Davide Balzarotti}, title = {{How Machine Learning Is Solving the Binary Function Similarity Problem}}, date = {2022-02-22}, institution = {USENIX}, url = {https://www.usenix.org/system/files/sec22fall_marcelli.pdf}, language = {English}, urldate = {2022-05-05} } How Machine Learning Is Solving the Binary Function Similarity Problem
2022-02-17TrellixChristiaan Beek, Marc Elias
@online{beek:20220217:looking:0149198, author = {Christiaan Beek and Marc Elias}, title = {{Looking over the nation-state actors’ shoulders: Even they have a difficult day sometimes}}, date = {2022-02-17}, organization = {Trellix}, url = {https://www.trellix.com/en-gb/about/newsroom/stories/threat-labs/looking-over-the-nation-state-actors-shoulders.html}, language = {English}, urldate = {2022-03-01} } Looking over the nation-state actors’ shoulders: Even they have a difficult day sometimes
Empire Downloader
2022-02-14DR.DKAllan Nisgaard, Marcel Mirzaei-Fard, Kenrik Moltke, Ingeborg Munk Toft
@online{nisgaard:20220214:var:75495c9, author = {Allan Nisgaard and Marcel Mirzaei-Fard and Kenrik Moltke and Ingeborg Munk Toft}, title = {{Var tæt på at slukke tusindvis af vindmøller: Nu fortæller Vestas om cyberangreb}}, date = {2022-02-14}, organization = {DR.DK}, url = {https://www.dr.dk/nyheder/viden/teknologi/frygtede-skulle-lukke-alle-vindmoeller-nu-aabner-vestas-op-om-hacking-angreb}, language = {Danish}, urldate = {2022-02-14} } Var tæt på at slukke tusindvis af vindmøller: Nu fortæller Vestas om cyberangreb
LockBit