Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-07-10MandiantMatthew McWhirt, Thirumalai Natarajan Muthiah, Phil Pearce, Jennifer Guzzetta
@online{mcwhirt:20230710:defend:9fcdf9f, author = {Matthew McWhirt and Thirumalai Natarajan Muthiah and Phil Pearce and Jennifer Guzzetta}, title = {{Defend Against the Latest Active Directory Certificate Services Threats}}, date = {2023-07-10}, organization = {Mandiant}, url = {https://www.mandiant.com/blog/resources/defend-ad-cs-threats}, language = {English}, urldate = {2023-07-31} } Defend Against the Latest Active Directory Certificate Services Threats
2023-06-15MandiantAustin Larsen, John Palmisano, Mathew Potaczek, John Wolfram, Matthew McWhirt
@online{larsen:20230615:barracuda:f81b131, author = {Austin Larsen and John Palmisano and Mathew Potaczek and John Wolfram and Matthew McWhirt}, title = {{Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China}}, date = {2023-06-15}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally}, language = {English}, urldate = {2023-06-19} } Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China
SALTWATER SEASPY
2023-06-02MandiantNader Zaveri, Jeremy Kennelly, Genevieve Stark, Matthew McWhirt, DAN NUTTING, Kimberly Goody, Justin Moore, JOE PISANO, Zander Work, PETER UKHANOV, Juraj Sucik, WILL SILVERSTONE, ZACH SCHRAMM, Greg Blaum, OLLIE STYLES, NICHOLAS BENNETT, Josh Murchie
@online{zaveri:20230602:zeroday:a5ec238, author = {Nader Zaveri and Jeremy Kennelly and Genevieve Stark and Matthew McWhirt and DAN NUTTING and Kimberly Goody and Justin Moore and JOE PISANO and Zander Work and PETER UKHANOV and Juraj Sucik and WILL SILVERSTONE and ZACH SCHRAMM and Greg Blaum and OLLIE STYLES and NICHOLAS BENNETT and Josh Murchie}, title = {{Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft}}, date = {2023-06-02}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft}, language = {English}, urldate = {2023-07-31} } Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft
2023-05-09Huntress LabsMatthew Brennan
@online{brennan:20230509:advanced:eaca988, author = {Matthew Brennan}, title = {{Advanced Cyberchef Tips - AsyncRAT Loader}}, date = {2023-05-09}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/advanced-cyberchef-tips-asyncrat-loader}, language = {English}, urldate = {2023-05-11} } Advanced Cyberchef Tips - AsyncRAT Loader
AsyncRAT
2023-05-07Twitter (@embee_research)Matthew
@online{matthew:20230507:agenttesla:65bf8af, author = {Matthew}, title = {{AgentTesla - Full Loader Analysis - Resolving API Hashes Using Conditional Breakpoints}}, date = {2023-05-07}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/agenttesla-full-analysis-api-hashing/}, language = {English}, urldate = {2023-05-08} } AgentTesla - Full Loader Analysis - Resolving API Hashes Using Conditional Breakpoints
Agent Tesla
2023-04-18Cisco TalosMatthew Olney
@online{olney:20230418:statesponsored:9bf8908, author = {Matthew Olney}, title = {{State-sponsored campaigns target global network infrastructure}}, date = {2023-04-18}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/state-sponsored-campaigns-target-global-network-infrastructure/}, language = {English}, urldate = {2023-04-22} } State-sponsored campaigns target global network infrastructure
2023-04-10Twitter (@embee_research)Matthew
@online{matthew:20230410:redline:397ebbf, author = {Matthew}, title = {{Redline Stealer - Static Analysis and C2 Extraction}}, date = {2023-04-10}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/redline-stealer-basic-static-analysis-and-c2-extraction/}, language = {English}, urldate = {2023-04-14} } Redline Stealer - Static Analysis and C2 Extraction
Amadey RedLine Stealer
2022-11-14Twitter (@embee_research)Matthew
@online{matthew:20221114:twitter:9b57525, author = {Matthew}, title = {{Twitter thread on Yara Signatures for Qakbot Encryption Routines}}, date = {2022-11-14}, organization = {Twitter (@embee_research)}, url = {https://twitter.com/embee_research/status/1592067841154756610?s=20}, language = {English}, urldate = {2022-11-18} } Twitter thread on Yara Signatures for Qakbot Encryption Routines
IcedID QakBot
2022-11-03paloalto Netoworks: Unit42Durgesh Sangvikar, Chris Navarrete, Matthew Tennis, Yanhui Jia, Yu Fu, Siddhart Shibiraj
@online{sangvikar:20221103:cobalt:9a81f6f, author = {Durgesh Sangvikar and Chris Navarrete and Matthew Tennis and Yanhui Jia and Yu Fu and Siddhart Shibiraj}, title = {{Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild}}, date = {2022-11-03}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-team-server/}, language = {English}, urldate = {2022-11-03} } Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild
Cobalt Strike
2022-07-06Trend MicroNathaniel Morales, Monte de Jesus, Ivan Nicole Chavez, Bren Matthew Ebriega, Joshua Paul Ignacio
@online{morales:20220706:brandnew:3a02441, author = {Nathaniel Morales and Monte de Jesus and Ivan Nicole Chavez and Bren Matthew Ebriega and Joshua Paul Ignacio}, title = {{Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server}}, date = {2022-07-06}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/g/brand-new-havanacrypt-ransomware-poses-as-google-software-update.html}, language = {English}, urldate = {2022-07-12} } Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server
HavanaCrypt
2022-05-05NCC GroupMichael Matthews, Nikolaos Pantazopoulos
@online{matthews:20220505:north:22bd1ef, author = {Michael Matthews and Nikolaos Pantazopoulos}, title = {{North Korea’s Lazarus: their initial access trade-craft using social media and social engineering}}, date = {2022-05-05}, organization = {NCC Group}, url = {https://research.nccgroup.com/2022/05/05/north-koreas-lazarus-and-their-initial-access-trade-craft-using-social-media-and-social-engineering/}, language = {English}, urldate = {2022-05-05} } North Korea’s Lazarus: their initial access trade-craft using social media and social engineering
LCPDot
2022-04-28nccgroupDavid Brown, Michael Matthews, Rob Smallridge
@online{brown:20220428:lapsus:c7cd787, author = {David Brown and Michael Matthews and Rob Smallridge}, title = {{LAPSUS$: Recent techniques, tactics and procedures}}, date = {2022-04-28}, organization = {nccgroup}, url = {https://research.nccgroup.com/2022/04/28/lapsus-recent-techniques-tactics-and-procedures/}, language = {English}, urldate = {2022-04-29} } LAPSUS$: Recent techniques, tactics and procedures
2022-04-12SophosAndrew Brandt, Angela Gunn, Melissa Kelly, Peter Mackenzie, Ferenc László Nagy, Mauricio Valdivieso, Sergio Bestulic, Johnathan Fern, Linda Smith, Matthew Everts
@online{brandt:20220412:attackers:f9f5c52, author = {Andrew Brandt and Angela Gunn and Melissa Kelly and Peter Mackenzie and Ferenc László Nagy and Mauricio Valdivieso and Sergio Bestulic and Johnathan Fern and Linda Smith and Matthew Everts}, title = {{Attackers linger on government agency computers before deploying Lockbit ransomware}}, date = {2022-04-12}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/04/12/attackers-linger-on-government-agency-computers-before-deploying-lockbit-ransomware/}, language = {English}, urldate = {2022-04-15} } Attackers linger on government agency computers before deploying Lockbit ransomware
LockBit
2022-02-22Bankinfo SecurityMatthew J. Schwartz
@online{schwartz:20220222:cybercrime:ccc094e, author = {Matthew J. Schwartz}, title = {{Cybercrime Moves: Conti Ransomware Absorbs TrickBot Malware}}, date = {2022-02-22}, organization = {Bankinfo Security}, url = {https://www.bankinfosecurity.com/cybercrime-moves-conti-ransomware-absorbs-trickbot-malware-a-18573}, language = {English}, urldate = {2022-02-26} } Cybercrime Moves: Conti Ransomware Absorbs TrickBot Malware
Conti TrickBot
2022-02-18Huntress LabsMatthew Brennan
@online{brennan:20220218:hackers:243d8b8, author = {Matthew Brennan}, title = {{Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection}}, date = {2022-02-18}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection}, language = {English}, urldate = {2022-02-26} } Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection
Cobalt Strike
2022-02-15SophosMatthew Everts, Stephen McNally
@online{everts:20220215:vulnerable:9c3b451, author = {Matthew Everts and Stephen McNally}, title = {{Vulnerable Exchange server hit by Squirrelwaffle and financial fraud}}, date = {2022-02-15}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/02/15/vulnerable-exchange-server-hit-by-squirrelwaffle-and-financial-fraud/}, language = {English}, urldate = {2022-02-17} } Vulnerable Exchange server hit by Squirrelwaffle and financial fraud
Squirrelwaffle
2022-01-27CrowdStrikeMatthew Hartzell
@online{hartzell:20220127:programs:788148e, author = {Matthew Hartzell}, title = {{Programs Hacking Programs: How to Extract Memory Information to Spot Linux Malware}}, date = {2022-01-27}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-to-extract-memory-information-to-spot-linux-malware/}, language = {English}, urldate = {2022-02-01} } Programs Hacking Programs: How to Extract Memory Information to Spot Linux Malware
2022-01-20BrightTALK (Mandiant)John Hultquist, Matthew McWhirt
@online{hultquist:20220120:anticipating:b2d356a, author = {John Hultquist and Matthew McWhirt}, title = {{Anticipating and Preparing for Russian Cyber Activity}}, date = {2022-01-20}, organization = {BrightTALK (Mandiant)}, url = {https://www.brighttalk.com/webcast/7451/527124}, language = {English}, urldate = {2022-02-14} } Anticipating and Preparing for Russian Cyber Activity
2022-01-18Trend MicroArianne Dela Cruz, Bren Matthew Ebriega, Don Ovid Ladores, Mary Yambao
@online{cruz:20220118:new:c7bdfeb, author = {Arianne Dela Cruz and Bren Matthew Ebriega and Don Ovid Ladores and Mary Yambao}, title = {{New Ransomware Spotted: White Rabbit and Its Evasion Tactics}}, date = {2022-01-18}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/a/new-ransomware-spotted-white-rabbit-and-its-evasion-tactics.html}, language = {English}, urldate = {2022-01-24} } New Ransomware Spotted: White Rabbit and Its Evasion Tactics
2022-01-14Trend MicroBren Matthew Ebriega
@online{ebriega:20220114:ransomwin32whiterabbityacaet:85d2e5a, author = {Bren Matthew Ebriega}, title = {{Ransom.Win32.WHITERABBIT.YACAET}}, date = {2022-01-14}, organization = {Trend Micro}, url = {https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/Ransom.Win32.WHITERABBIT.YACAET}, language = {English}, urldate = {2023-04-25} } Ransom.Win32.WHITERABBIT.YACAET
WhiteRabbit