Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-09Medium s2wlabS2W TALON
@online{talon:20210909:case:fdbe983, author = {S2W TALON}, title = {{Case Analysis of Suncrypt Ransomware Negotiation and Bitcoin Transaction}}, date = {2021-09-09}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/case-analysis-of-suncrypt-ransomware-negotiation-and-bitcoin-transaction-43a2194ac0bc}, language = {English}, urldate = {2021-09-12} } Case Analysis of Suncrypt Ransomware Negotiation and Bitcoin Transaction
SunCrypt
2021-09-03FireEyeAdrian Sanchez Hernandez, Govand Sinjari, Joshua Goddard, Brendan McKeague, John Wolfram, Alex Pennino, Andrew Rector, Harris Ansari, Yash Gupta
@online{hernandez:20210903:pst:a8de902, author = {Adrian Sanchez Hernandez and Govand Sinjari and Joshua Goddard and Brendan McKeague and John Wolfram and Alex Pennino and Andrew Rector and Harris Ansari and Yash Gupta}, title = {{PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers}}, date = {2021-09-03}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/09/proxyshell-exploiting-microsoft-exchange-servers.html}, language = {English}, urldate = {2021-09-06} } PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers
CHINACHOPPER HTran
2021-08-06ESET ResearchZuzana Hromcová
@online{hromcov:20210806:iistealer:d9957ab, author = {Zuzana Hromcová}, title = {{IIStealer: A server‑side threat to e‑commerce transactions}}, date = {2021-08-06}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/08/06/iistealer-server-side-threat-ecommerce-transactions/}, language = {English}, urldate = {2021-08-09} } IIStealer: A server‑side threat to e‑commerce transactions
2021-07-01CISA, FBI, NSA, NCSC UK
@techreport{cisa:20210701:russian:4127fc7, author = {CISA and FBI and NSA and NCSC UK}, title = {{Russian GRU (APT28) Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments}}, date = {2021-07-01}, institution = {}, url = {https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/1/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF}, language = {English}, urldate = {2021-07-11} } Russian GRU (APT28) Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments
reGeorg
2021-05-12The RecordCatalin Cimpanu
@online{cimpanu:20210512:agents:975c354, author = {Catalin Cimpanu}, title = {{Agents raid home of Kansas man seeking info on botnet that infected DOD network}}, date = {2021-05-12}, organization = {The Record}, url = {https://therecord.media/agents-raid-home-of-kansas-man-seeking-info-on-botnet-that-infected-dod-network/}, language = {English}, urldate = {2021-05-13} } Agents raid home of Kansas man seeking info on botnet that infected DOD network
PerlBot
2021-05-07GCHQNCSC UK, CISA, FBI, NSA
@techreport{uk:20210507:further:400b6a8, author = {NCSC UK and CISA and FBI and NSA}, title = {{Further TTPs associated with SVR cyber actors: Use of multiple publicly available exploits and Sliver framework to target organisations globally}}, date = {2021-05-07}, institution = {GCHQ}, url = {https://www.ncsc.gov.uk/files/Advisory-further-TTPs-associated-with-SVR-cyber-actors.pdf}, language = {English}, urldate = {2021-05-08} } Further TTPs associated with SVR cyber actors: Use of multiple publicly available exploits and Sliver framework to target organisations globally
2021-04-19Washington ExaminerTom Rogan
@online{rogan:20210419:inside:4ef6ddb, author = {Tom Rogan}, title = {{Inside the CIA and NSA disagreement over Russian bounties story}}, date = {2021-04-19}, organization = {Washington Examiner}, url = {https://www.washingtonexaminer.com/opinion/inside-the-cia-and-nsa-disagreement-over-russian-bounties-story}, language = {English}, urldate = {2021-04-20} } Inside the CIA and NSA disagreement over Russian bounties story
2021-04-15NSA, CISA, FBI
@techreport{nsa:20210415:russian:9c18f60, author = {NSA and CISA and FBI}, title = {{Russian SVR Targets U.S. and Allied Networks}}, date = {2021-04-15}, institution = {}, url = {https://media.defense.gov/2021/Apr/15/2002621240/-1/-1/0/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF_US_ALLIES_UOO13234021.PDF}, language = {English}, urldate = {2021-04-16} } Russian SVR Targets U.S. and Allied Networks
2021SecureworksSecureWorks
@online{secureworks:2021:threat:b0aa2ab, author = {SecureWorks}, title = {{Threat Profile: GOLD MANSARD}}, date = {2021}, organization = {Secureworks}, url = {http://www.secureworks.com/research/threat-profiles/gold-mansard}, language = {English}, urldate = {2021-05-31} } Threat Profile: GOLD MANSARD
Nefilim Nemty GOLD MANSARD
2020-12-17NSANSA
@techreport{nsa:20201217:detecting:2191982, author = {NSA}, title = {{Detecting Abuse of Authentication Mechanisms}}, date = {2020-12-17}, institution = {NSA}, url = {https://media.defense.gov/2020/Dec/17/2002554125/-1/-1/0/AUTHENTICATION_MECHANISMS_CSA_U_OO_198854_20.PDF}, language = {English}, urldate = {2020-12-18} } Detecting Abuse of Authentication Mechanisms
2020-12-16Twitter (@0xrb)R. Bansal
@online{bansal:20201216:list:aa0388d, author = {R. Bansal}, title = {{List of domain infrastructure including DGA domain used by UNC2452}}, date = {2020-12-16}, organization = {Twitter (@0xrb)}, url = {https://twitter.com/0xrb/status/1339199268146442241}, language = {English}, urldate = {2020-12-17} } List of domain infrastructure including DGA domain used by UNC2452
SUNBURST
2020-12-07NSANSA
@techreport{nsa:20201207:russian:9dbda97, author = {NSA}, title = {{Russian State-Sponsored Actors Exploiting Vulnerability in VMware® Workspace ONE Access Using Compromised Credentials}}, date = {2020-12-07}, institution = {NSA}, url = {https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF}, language = {English}, urldate = {2020-12-08} } Russian State-Sponsored Actors Exploiting Vulnerability in VMware® Workspace ONE Access Using Compromised Credentials
2020-08-23Github (Insane-Forensics)Insane-Forensics
@online{insaneforensics:20200823:dispatches:0a019d4, author = {Insane-Forensics}, title = {{Dispatches from Drovorub: Network Threat Hunting for Russia GRU GTsSS' Malware at Scale}}, date = {2020-08-23}, organization = {Github (Insane-Forensics)}, url = {https://github.com/Insane-Forensics/drovorub-hunt}, language = {English}, urldate = {2020-08-25} } Dispatches from Drovorub: Network Threat Hunting for Russia GRU GTsSS' Malware at Scale
2020-08-13NSANSA
@online{nsa:20200813:nsa:7f5e901, author = {NSA}, title = {{NSA and FBI Expose Russian Previously Undisclosed Malware “Drovorub” in Cybersecurity Advisory}}, date = {2020-08-13}, organization = {NSA}, url = {https://www.nsa.gov/news-features/press-room/Article/2311407/nsa-and-fbi-expose-russian-previously-undisclosed-malware-drovorub-in-cybersecu/}, language = {English}, urldate = {2020-08-17} } NSA and FBI Expose Russian Previously Undisclosed Malware “Drovorub” in Cybersecurity Advisory
2020-08-11FireEyeNick Schroeder, Harris Ansari, Brendan McKeague, Tim Martin, Alex Pennino
@online{schroeder:20200811:cookiejar:8fd0fd9, author = {Nick Schroeder and Harris Ansari and Brendan McKeague and Tim Martin and Alex Pennino}, title = {{COOKIEJAR: Tracking Adversaries With FireEye Endpoint Security’s Logon Tracker Module}}, date = {2020-08-11}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/08/cookiejar-tracking-adversaries-with-fireeye-endpoint-security-module.html}, language = {English}, urldate = {2020-08-14} } COOKIEJAR: Tracking Adversaries With FireEye Endpoint Security’s Logon Tracker Module
2020-05-28WiredAndy Greenberg
@online{greenberg:20200528:nsa:c35f45e, author = {Andy Greenberg}, title = {{NSA: Russia's Sandworm Hackers Have Hijacked Mail Servers}}, date = {2020-05-28}, organization = {Wired}, url = {https://www.wired.com/story/nsa-sandworm-exim-mail-server-warning/}, language = {English}, urldate = {2020-05-29} } NSA: Russia's Sandworm Hackers Have Hijacked Mail Servers
2020-01-05NSA, FBI, CISA, ODNI
@online{nsa:20200105:joint:ba51a6d, author = {NSA and FBI and CISA and ODNI}, title = {{Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA)}}, date = {2020-01-05}, url = {https://www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure}, language = {English}, urldate = {2021-01-11} } Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA)
SUNBURST
2019-12-24Bleeping ComputerLawrence Abrams
@online{abrams:20191224:maze:33a4e28, author = {Lawrence Abrams}, title = {{Maze Ransomware Releases Files Stolen from City of Pensacola}}, date = {2019-12-24}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/maze-ransomware-releases-files-stolen-from-city-of-pensacola/}, language = {English}, urldate = {2020-02-13} } Maze Ransomware Releases Files Stolen from City of Pensacola
Maze
2019-12-11Bleeping ComputerLawrence Abrams
@online{abrams:20191211:maze:acb23da, author = {Lawrence Abrams}, title = {{Maze Ransomware Behind Pensacola Cyberattack, $1M Ransom Demand}}, date = {2019-12-11}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/maze-ransomware-behind-pensacola-cyberattack-1m-ransom-demand/}, language = {English}, urldate = {2020-01-09} } Maze Ransomware Behind Pensacola Cyberattack, $1M Ransom Demand
Maze
2019-09-04Trend MicroJaromír Hořejší, Joseph C. Chen
@online{hoej:20190904:glupteba:230e916, author = {Jaromír Hořejší and Joseph C. Chen}, title = {{Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions}}, date = {2019-09-04}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/glupteba-campaign-hits-network-routers-and-updates-cc-servers-with-data-from-bitcoin-transactions/}, language = {English}, urldate = {2020-01-10} } Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions
Glupteba