Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-05-12Palo Alto Networks Unit 42Ramarcus Baylor
@online{baylor:20210512:darkside:f63c2c2, author = {Ramarcus Baylor}, title = {{DarkSide Ransomware Gang: An Overview}}, date = {2021-05-12}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/darkside-ransomware/}, language = {English}, urldate = {2021-05-13} } DarkSide Ransomware Gang: An Overview
DarkSide
2021-05-07Marco Ramilli
@online{ramilli:20210507:muddywater:a09bd20, author = {Marco Ramilli}, title = {{MuddyWater: Binder Project (Part 2)}}, date = {2021-05-07}, url = {https://marcoramilli.com/2021/05/07/muddywater-binder-project-part-2/}, language = {English}, urldate = {2021-05-17} } MuddyWater: Binder Project (Part 2)
2021-05-01Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20210501:muddywater:31657f7, author = {Marco Ramilli}, title = {{Muddywater: Binder Project}}, date = {2021-05-01}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2021/05/01/muddywater-binder-project-part-1/}, language = {English}, urldate = {2021-05-17} } Muddywater: Binder Project
2021-04-23xorl %eax, %eaxAnastasios Pingios
@online{pingios:20210423:analysis:d263296, author = {Anastasios Pingios}, title = {{Analysis of the CardingMafia March 2021 data breach}}, date = {2021-04-23}, organization = {xorl %eax, %eax}, url = {https://xorl.wordpress.com/2021/04/23/analysis-of-the-cardingmafia-march-2021-data-breach/}, language = {English}, urldate = {2021-05-08} } Analysis of the CardingMafia March 2021 data breach
2021-04-22splunkJohn Stoner, Mick Baccio, Katie Brown, James Brodsky, Drew Church, Dave Herrald, Ryan Kovar, Marcus LaFerrera, Michael Natkin
@online{stoner:20210422:supernova:53b895c, author = {John Stoner and Mick Baccio and Katie Brown and James Brodsky and Drew Church and Dave Herrald and Ryan Kovar and Marcus LaFerrera and Michael Natkin}, title = {{SUPERNOVA Redux, with a Generous Portion of Masquerading}}, date = {2021-04-22}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/supernova-redux-with-a-generous-portion-of-masquerading.html}, language = {English}, urldate = {2021-04-28} } SUPERNOVA Redux, with a Generous Portion of Masquerading
SUPERNOVA
2021-04-21splunkDave Herrald, Mick Baccio, James Brodsky, Tamara Chacon, Shannon Davis, Kelly Huang, Ryan Kovar, Marcus LaFerrerra, Michael Natkin, John Stoner, Bill Wright
@online{herrald:20210421:monitoring:088de4c, author = {Dave Herrald and Mick Baccio and James Brodsky and Tamara Chacon and Shannon Davis and Kelly Huang and Ryan Kovar and Marcus LaFerrerra and Michael Natkin and John Stoner and Bill Wright}, title = {{Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)}}, date = {2021-04-21}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/monitoring-pulse-connect-secure-with-splunk-cisa-emergency-directive-21-03.html}, language = {English}, urldate = {2021-04-28} } Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)
2021-04-19Sentinel LABSMarco Figueroa
@online{figueroa:20210419:deep:f5cf649, author = {Marco Figueroa}, title = {{A Deep Dive into Zebrocy’s Dropper Docs}}, date = {2021-04-19}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/a-deep-dive-into-zebrocys-dropper-docs/}, language = {English}, urldate = {2021-04-20} } A Deep Dive into Zebrocy’s Dropper Docs
Downdelph
2021-04-16Team CymruJoshua Picolet
@online{picolet:20210416:transparent:645e443, author = {Joshua Picolet}, title = {{Transparent Tribe APT Infrastructure Mapping Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021}}, date = {2021-04-16}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/04/16/transparent-tribe-apt-infrastructure-mapping/}, language = {English}, urldate = {2021-04-19} } Transparent Tribe APT Infrastructure Mapping Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021
Crimson RAT
2021-04-12Trend MicroRaphael Centeno, Don Ovid Ladores, Lala Manly, Junestherry Salvador, Frankylnn Uy
@online{centeno:20210412:spike:d67dcb0, author = {Raphael Centeno and Don Ovid Ladores and Lala Manly and Junestherry Salvador and Frankylnn Uy}, title = {{A Spike in BazarCall and IcedID Activity Detected in March}}, date = {2021-04-12}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/d/a-spike-in-bazarcall-and-icedid-activity.html}, language = {English}, urldate = {2021-04-14} } A Spike in BazarCall and IcedID Activity Detected in March
BazarBackdoor IcedID
2021-04-06FacebookFacebook
@techreport{facebook:20210406:march:b34b593, author = {Facebook}, title = {{March 2021 Coordinated Inauthentic Behavior Report}}, date = {2021-04-06}, institution = {Facebook}, url = {https://about.fb.com/wp-content/uploads/2021/04/March-2021-CIB-Report.pdf}, language = {English}, urldate = {2021-04-09} } March 2021 Coordinated Inauthentic Behavior Report
2021-03-15MicrosoftMicrosoft Security Response Center
@online{center:20210315:oneclick:cafd441, author = {Microsoft Security Response Center}, title = {{One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021}}, date = {2021-03-15}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/}, language = {English}, urldate = {2021-03-22} } One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021
2021-03-12splunkJohn Stoner, Mick Baccio, James Brodsky, Shannon Davis, Michael Haag, Amy Heng, Jose Hernandez, Dave Herrald, Derek King, Ryan Kovar, Marcus LaFerrera
@online{stoner:20210312:detecting:b7b189e, author = {John Stoner and Mick Baccio and James Brodsky and Shannon Davis and Michael Haag and Amy Heng and Jose Hernandez and Dave Herrald and Derek King and Ryan Kovar and Marcus LaFerrera}, title = {{Detecting Microsoft Exchange Vulnerabilities - 0 + 8 Days Later…}}, date = {2021-03-12}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-microsoft-exchange-vulnerabilities-0-8-days-later.html}, language = {English}, urldate = {2021-03-16} } Detecting Microsoft Exchange Vulnerabilities - 0 + 8 Days Later…
2021-03-09MicrosoftMSRC Team
@online{team:20210309:microsoft:3e03bbf, author = {MSRC Team}, title = {{Microsoft Exchange Server Vulnerabilities Mitigations – updated March 9, 2021}}, date = {2021-03-09}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021}, language = {English}, urldate = {2021-03-10} } Microsoft Exchange Server Vulnerabilities Mitigations – updated March 9, 2021
HAFNIUM
2021-03-02MicrosoftMSRC Team
@online{team:20210302:multiple:d62f8de, author = {MSRC Team}, title = {{Multiple Security Updates Released for Exchange Server – updated March 8, 2021}}, date = {2021-03-02}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server}, language = {English}, urldate = {2021-03-10} } Multiple Security Updates Released for Exchange Server – updated March 8, 2021
HAFNIUM
2021-02-02ESET ResearchMarc-Etienne M.Léveillé, Ignacio Sanmillan
@online{mlveill:20210202:kobalos:5bb5548, author = {Marc-Etienne M.Léveillé and Ignacio Sanmillan}, title = {{Kobalos – A complex Linux threat to high performance computing infrastructure}}, date = {2021-02-02}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/}, language = {English}, urldate = {2021-02-02} } Kobalos – A complex Linux threat to high performance computing infrastructure
Kobalos
2021-01-22Trimarc SecurityScott W Blake
@online{blake:20210122:ldap:edfef67, author = {Scott W Blake}, title = {{LDAP Channel Binding and Signing}}, date = {2021-01-22}, organization = {Trimarc Security}, url = {https://www.hub.trimarcsecurity.com/post/ldap-channel-binding-and-signing}, language = {English}, urldate = {2021-01-29} } LDAP Channel Binding and Signing
2021-01-19MalwarebytesMarcin Kleczynski
@online{kleczynski:20210119:malwarebytes:2fe3d7d, author = {Marcin Kleczynski}, title = {{Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments}}, date = {2021-01-19}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/}, language = {English}, urldate = {2021-01-21} } Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments
2021-01-09Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20210109:command:d720b27, author = {Marco Ramilli}, title = {{Command and Control Traffic Patterns}}, date = {2021-01-09}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2021/01/09/c2-traffic-patterns-personal-notes/}, language = {English}, urldate = {2021-05-17} } Command and Control Traffic Patterns
ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot
2021-01-08splunkMarcus LaFerrera, John Stoner, Lily Lee, James Brodsky, Ryan Kovar
@online{laferrera:20210108:golden:d31442a, author = {Marcus LaFerrera and John Stoner and Lily Lee and James Brodsky and Ryan Kovar}, title = {{A Golden SAML Journey: SolarWinds Continued}}, date = {2021-01-08}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/a-golden-saml-journey-solarwinds-continued.html}, language = {English}, urldate = {2021-01-11} } A Golden SAML Journey: SolarWinds Continued
SUNBURST
2021-01-06MimecastMatthew Gardiner
@online{gardiner:20210106:how:b9e3a36, author = {Matthew Gardiner}, title = {{How to Slam a Door on the Cutwail Botnet: Enforce DMARC}}, date = {2021-01-06}, organization = {Mimecast}, url = {https://www.mimecast.com/blog/how-to-slam-a-door-on-the-cutwail-botnet-enforce-dmarc/}, language = {English}, urldate = {2021-01-27} } How to Slam a Door on the Cutwail Botnet: Enforce DMARC
Cutwail