Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-04-28WithSecureMarkus Tuominen, Mehmet Mert Surmeli
@online{tuominen:20230428:unleashing:d6f503c, author = {Markus Tuominen and Mehmet Mert Surmeli}, title = {{Unleashing the Power of Shimcache with Chainsaw}}, date = {2023-04-28}, organization = {WithSecure}, url = {https://labs.withsecure.com/tools/chainsaw-analyse-shimcache?utm_campaign=640efe1da5e1bd000157d4df&utm_content=644a517fcf5b690001477a59&utm_medium=smarpshare&utm_source=twitter&utm_term=Our+incident+responders+recently+battled+TheDukes_CozyBear_APT29+out+of+a+customer+environment_+We+also+developed+tooling+to+help+investigate+the+timeline+of+the+breach_+We+added+3+techniques+for+the+analysis+_+timestamp+enrichment+of+Shimcache+entries}, language = {English}, urldate = {2023-04-28} } Unleashing the Power of Shimcache with Chainsaw
2023-04-18NCSC UKNCSC UK, CISA, FBI, NSA
@techreport{uk:20230418:apt28:f50b70e, author = {NCSC UK and CISA and FBI and NSA}, title = {{APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers}}, date = {2023-04-18}, institution = {NCSC UK}, url = {https://www.ncsc.gov.uk/files/Advisory_APT28-exploits-known-vulnerability.pdf}, language = {English}, urldate = {2023-04-22} } APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers
2023-02-09NSA, FBI, CISA, HHS, ROK, DSA
@techreport{nsa:20230209:stopransomware:87d3a94, author = {NSA and FBI and CISA and HHS and ROK and DSA}, title = {{#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities}}, date = {2023-02-09}, institution = {}, url = {https://media.defense.gov/2023/Feb/09/2003159161/-1/-1/0/CSA_RANSOMWARE_ATTACKS_ON_CI_FUND_DPRK_ACTIVITIES.PDF}, language = {English}, urldate = {2023-08-25} } #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Dtrack MagicRAT Maui Ransomware SiennaBlue SiennaPurple Tiger RAT YamaBot
2022-10-31Twitter (@CryptoInsane)CryptoInsane
@online{cryptoinsane:20221031:about:f607cf7, author = {CryptoInsane}, title = {{Tweet about Yanluowang Leaks}}, date = {2022-10-31}, organization = {Twitter (@CryptoInsane)}, url = {https://twitter.com/CryptoInsane/status/1586967110504398853}, language = {English}, urldate = {2022-12-29} } Tweet about Yanluowang Leaks
Yanluowang
2022-10-06CISAUS-CERT, NSA, FBI
@online{uscert:20221006:alert:07aeb24, author = {US-CERT and NSA and FBI}, title = {{Alert (AA22-279A) Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors}}, date = {2022-10-06}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-279a}, language = {English}, urldate = {2022-10-19} } Alert (AA22-279A) Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors
2022-09-22CISAUS-CERT, NSA
@online{uscert:20220922:alert:8d8a111, author = {US-CERT and NSA}, title = {{Alert (AA22-265A) Control System Defense: Know the Opponent}}, date = {2022-09-22}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-265a}, language = {English}, urldate = {2022-10-19} } Alert (AA22-265A) Control System Defense: Know the Opponent
2022-09-14CISAFBI, US-CERT, NSA, U.S. Cyber Command, U.S. Department of the Treasury, Australian Cyber Security Centre (ACSC), CSE Canada, NCSC UK
@online{fbi:20220914:alert:c9a3789, author = {FBI and US-CERT and NSA and U.S. Cyber Command and U.S. Department of the Treasury and Australian Cyber Security Centre (ACSC) and CSE Canada and NCSC UK}, title = {{Alert (AA22-257A): Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations}}, date = {2022-09-14}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-257a}, language = {English}, urldate = {2022-09-20} } Alert (AA22-257A): Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations
2022-08-05360 netlab360 Netlab
@online{netlab:20220805:new:d4f6a02, author = {360 Netlab}, title = {{A new botnet Orchard Generates DGA Domains with Bitcoin Transaction Information}}, date = {2022-08-05}, organization = {360 netlab}, url = {https://blog.netlab.360.com/a-new-botnet-orchard-generates-dga-domains-with-bitcoin-transaction-information/}, language = {English}, urldate = {2022-08-30} } A new botnet Orchard Generates DGA Domains with Bitcoin Transaction Information
Orchard
2022-08-05360 netlabDaji, suqitian
@online{daji:20220805:dga:b184bd8, author = {Daji and suqitian}, title = {{The DGA family Orchard continues to change, and the new version generates DGA domain names using Bitcoin transaction information}}, date = {2022-08-05}, organization = {360 netlab}, url = {https://blog.netlab.360.com/orchard-dga/}, language = {Chinese}, urldate = {2022-09-21} } The DGA family Orchard continues to change, and the new version generates DGA domain names using Bitcoin transaction information
Orchard
2022-07-14Cert-UACert-UA
@online{certua:20220714:uac0100:6e00cea, author = {Cert-UA}, title = {{UAC-0100 - Online fraud using the subject of "monetary compensation" (CERT-UA#4964)}}, date = {2022-07-14}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/761668}, language = {Ukrainian}, urldate = {2022-07-25} } UAC-0100 - Online fraud using the subject of "monetary compensation" (CERT-UA#4964)
2022-04-27CISACISA, NSA, FBI, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), United Kingdom’s National Cyber Security Centre (NCSC-UK)
@online{cisa:20220427:alert:e02c831, author = {CISA and NSA and FBI and Australian Cyber Security Centre (ACSC) and Canadian Centre for Cyber Security (CCCS) and New Zealand National Cyber Security Centre (NZ NCSC) and United Kingdom’s National Cyber Security Centre (NCSC-UK)}, title = {{Alert (AA22-117A) 2021 Top Routinely Exploited Vulnerabilities}}, date = {2022-04-27}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-117a}, language = {English}, urldate = {2022-04-29} } Alert (AA22-117A) 2021 Top Routinely Exploited Vulnerabilities
2022-04-26cocomelonccocomelonc
@online{cocomelonc:20220426:malware:a69279c, author = {cocomelonc}, title = {{Malware development: persistence - part 2. Screensaver hijack. C++ example.}}, date = {2022-04-26}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/tutorial/2022/04/26/malware-pers-2.html}, language = {English}, urldate = {2022-12-01} } Malware development: persistence - part 2. Screensaver hijack. C++ example.
Gazer
2022-04-20CISACISA, NSA, FBI, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), Government Communications Security Bureau, NCSC UK, National Crime Agency (NCA)
@techreport{cisa:20220420:aa22110a:4fde5d6, author = {CISA and NSA and FBI and Australian Cyber Security Centre (ACSC) and Canadian Centre for Cyber Security (CCCS) and Government Communications Security Bureau and NCSC UK and National Crime Agency (NCA)}, title = {{AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure}}, date = {2022-04-20}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-110A_Joint_CSA_Russian_State-Sponsored_and_Criminal_Cyber_Threats_to_Critical_Infrastructure_4_20_22_Final.pdf}, language = {English}, urldate = {2022-04-25} } AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader
2022-04-13Department of Energy (DOE), NSA, FBI, CISA
@techreport{doe:20220413:cyber:1dee54e, author = {Department of Energy (DOE) and NSA and FBI and CISA}, title = {{APT Cyber Tools Targeting ICS/SCADA Devices}}, date = {2022-04-13}, institution = {}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/Joint_Cybersecurity_Advisory_APT%20Cyber%20Tools%20Targeting%20ICS%20SCADA%20Devices.pdf}, language = {English}, urldate = {2022-04-15} } APT Cyber Tools Targeting ICS/SCADA Devices
2022-03-22360 Threat Intelligence Center360 Threat Intelligence Center
@online{center:20220322:quantum:8629794, author = {360 Threat Intelligence Center}, title = {{Quantum Attack System – NSA "APT-C-40" Hacking Organization High-end Cyber Attack Weapon Technical Analysis Report (I)}}, date = {2022-03-22}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/lzf16Fchfv1fMG3IExq7XA}, language = {Chinese}, urldate = {2022-06-27} } Quantum Attack System – NSA "APT-C-40" Hacking Organization High-end Cyber Attack Weapon Technical Analysis Report (I)
2022-03-03NSANSA
@techreport{nsa:20220303:network:c5b4b09, author = {NSA}, title = {{Network Infrastructure Security Guidance}}, date = {2022-03-03}, institution = {NSA}, url = {https://media.defense.gov/2022/Mar/01/2002947139/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDANCE_20220301.PDF}, language = {English}, urldate = {2022-03-07} } Network Infrastructure Security Guidance
2022-02-24FBI, CISA, CNMF, NCSC UK, NSA
@techreport{fbi:20220224:iranian:9117e42, author = {FBI and CISA and CNMF and NCSC UK and NSA}, title = {{Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks}}, date = {2022-02-24}, institution = {}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-055A_Iranian_Government-Sponsored_Actors_Conduct_Cyber_Operations.pdf}, language = {English}, urldate = {2022-03-01} } Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks
POWERSTATS PowGoop GRAMDOOR MoriAgent
2022-02-23Bleeping ComputerIonut Ilascu
@online{ilascu:20220223:nsalinked:556c453, author = {Ionut Ilascu}, title = {{NSA-linked Bvp47 Linux backdoor widely undetected for 10 years}}, date = {2022-02-23}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/nsa-linked-bvp47-linux-backdoor-widely-undetected-for-10-years/}, language = {English}, urldate = {2022-03-01} } NSA-linked Bvp47 Linux backdoor widely undetected for 10 years
Bvp47
2022-02-23Pangu LabPangu Lab
@online{lab:20220223:bvp47:c8f2a2f, author = {Pangu Lab}, title = {{The Bvp47 - a Top-tier Backdoor of US NSA Equation Group}}, date = {2022-02-23}, organization = {Pangu Lab}, url = {https://www.pangulab.cn/en/post/the_bvp47_a_top-tier_backdoor_of_us_nsa_equation_group/}, language = {English}, urldate = {2022-03-01} } The Bvp47 - a Top-tier Backdoor of US NSA Equation Group
Bvp47
2022-02-23CISA, NCSC UK, FBI, NSA
@techreport{cisa:20220223:advisory:56f6379, author = {CISA and NCSC UK and FBI and NSA}, title = {{Advisory: New Sandworm malware Cyclops Blink replaces VPNFilter}}, date = {2022-02-23}, institution = {}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-054A%20New%20Sandworm%20Malware%20Cyclops%20Blink%20Replaces%20VPN%20Filter.pdf}, language = {English}, urldate = {2022-02-26} } Advisory: New Sandworm malware Cyclops Blink replaces VPNFilter
VPNFilter