Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-14Seguranca InformaticaPedro Tavares
@online{tavares:20220914:ursa:add3756, author = {Pedro Tavares}, title = {{URSA trojan is back with a new dance}}, date = {2022-09-14}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/ursa-trojan-is-back-with-a-new-dance/#.YyXEkaRBzIU}, language = {English}, urldate = {2022-09-19} } URSA trojan is back with a new dance
Mispadu
2022-08-31FourcoreHardik Manocha
@online{manocha:20220831:ryuk:478c7d7, author = {Hardik Manocha}, title = {{Ryuk Ransomware: History, Timeline, And Adversary Simulation}}, date = {2022-08-31}, organization = {Fourcore}, url = {https://fourcore.io/blogs/ryuk-ransomware-simulation-mitre-ttp}, language = {English}, urldate = {2022-09-13} } Ryuk Ransomware: History, Timeline, And Adversary Simulation
Ryuk
2022-08-23ZscalerMitesh Wani, Kaivalya Khursale
@online{wani:20220823:making:37c9914, author = {Mitesh Wani and Kaivalya Khursale}, title = {{Making victims pay, infostealer malwares mimick pirated-software download sites}}, date = {2022-08-23}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/making-victims-pay-infostealer-malwares-mimick-pirated-software-download}, language = {English}, urldate = {2022-09-07} } Making victims pay, infostealer malwares mimick pirated-software download sites
RedLine Stealer
2022-08-16Huntress LabsDray Agha
@online{agha:20220816:cleartext:3262c13, author = {Dray Agha}, title = {{Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY}}, date = {2022-08-16}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy}, language = {English}, urldate = {2022-09-12} } Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY
2022-08-04METABen Nimmo, David Agranovich, Margarita Franklin, Mike Dvilyanski, Nathaniel Gleicher
@techreport{nimmo:20220804:quarterly:012f23e, author = {Ben Nimmo and David Agranovich and Margarita Franklin and Mike Dvilyanski and Nathaniel Gleicher}, title = {{Quarterly Adversarial Threat Report AUGUST 2022}}, date = {2022-08-04}, institution = {META}, url = {https://about.fb.com/wp-content/uploads/2022/08/Quarterly-Adversarial-Threat-Report-Q2-2022.pdf}, language = {English}, urldate = {2022-08-11} } Quarterly Adversarial Threat Report AUGUST 2022
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:trident:0e9c23b, author = {Unit 42}, title = {{Trident Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/tridentursa/}, language = {English}, urldate = {2022-07-29} } Trident Ursa
Gamaredon Group
2022-07-18Palo Alto Networks Unit 42Unit42
@online{unit42:20220718:clean:f042eb1, author = {Unit42}, title = {{Clean Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/clean-ursa}, language = {English}, urldate = {2022-08-26} } Clean Ursa
PowerShower Inception Framework
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:clean:053c441, author = {Unit 42}, title = {{Clean Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/clean-ursa/}, language = {English}, urldate = {2022-07-29} } Clean Ursa
PowerShower Inception Framework
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:trident:310d54a, author = {Unit 42}, title = {{Trident Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/tridentursa}, language = {English}, urldate = {2022-08-25} } Trident Ursa
Gamaredon Group
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:fighting:865c81e, author = {Unit 42}, title = {{Fighting Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/fighting-ursa/}, language = {English}, urldate = {2022-07-29} } Fighting Ursa
Cannon Zebrocy APT28
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:cloaked:ae3f3ab, author = {Unit 42}, title = {{Cloaked Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/cloaked-ursa/}, language = {English}, urldate = {2022-07-29} } Cloaked Ursa
APT29
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:nascent:4d2484b, author = {Unit 42}, title = {{Nascent Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/nascentursa/}, language = {English}, urldate = {2022-07-25} } Nascent Ursa
Saint Bot SaintBear
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:ruinous:c0bf32d, author = {Unit 42}, title = {{Ruinous Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/ruinousursa/}, language = {English}, urldate = {2022-07-25} } Ruinous Ursa
WhisperGate DEV-0586
2022-06-17ZscalerSudeep Singh, Kaivalya Khursale
@online{singh:20220617:resurgence:736636f, author = {Sudeep Singh and Kaivalya Khursale}, title = {{Resurgence of Voicemail-themed phishing attacks targeting key industry verticals in the US}}, date = {2022-06-17}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/resurgence-voicemail-themed-phishing-attacks-targeting-key-industry}, language = {English}, urldate = {2022-07-01} } Resurgence of Voicemail-themed phishing attacks targeting key industry verticals in the US
2022-06-15AttackIQJackson Wells, AttackIQ Adversary Research Team
@online{wells:20220615:attack:aa9fcfb, author = {Jackson Wells and AttackIQ Adversary Research Team}, title = {{Attack Graph Emulating the Conti Ransomware Team’s Behaviors}}, date = {2022-06-15}, organization = {AttackIQ}, url = {https://attackiq.com/2022/06/15/attack-graph-emulating-the-conti-ransomware-teams-behaviors/}, language = {English}, urldate = {2022-07-01} } Attack Graph Emulating the Conti Ransomware Team’s Behaviors
BazarBackdoor Conti TrickBot
2022-06-03AttackIQJackson Wells, AttackIQ Adversary Research Team
@online{wells:20220603:attack:5e4e9c6, author = {Jackson Wells and AttackIQ Adversary Research Team}, title = {{Attack Graph Response to US CERT AA22-152A: Karakurt Data Extortion Group}}, date = {2022-06-03}, organization = {AttackIQ}, url = {https://attackiq.com/2022/06/03/attack-graph-response-to-us-cert-aa22-152a-karakurt-data-extortion-group/}, language = {English}, urldate = {2022-06-18} } Attack Graph Response to US CERT AA22-152A: Karakurt Data Extortion Group
Cobalt Strike MimiKatz
2022-04-11Cluster25APT + Intelligence
@online{intelligence:20220411:dprknexus:48d0d85, author = {APT + Intelligence}, title = {{DPRK-Nexus Adversary Targets South-Korean Individuals In A New Chapter of Kitty Phishing Operation}}, date = {2022-04-11}, organization = {Cluster25}, url = {https://cluster25.io/2022/04/11/dprk-nexus-adversary-new-kitty-phishing/}, language = {English}, urldate = {2022-05-04} } DPRK-Nexus Adversary Targets South-Korean Individuals In A New Chapter of Kitty Phishing Operation
2022-04-04MandiantBryce Abdo, Zander Work, Ioana Teaca, Brendan McKeague
@online{abdo:20220404:fin7:305d62b, author = {Bryce Abdo and Zander Work and Ioana Teaca and Brendan McKeague}, title = {{FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7}}, date = {2022-04-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/evolution-of-fin7}, language = {English}, urldate = {2022-06-27} } FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7
Griffon BABYMETAL Carbanak Cobalt Strike JSSLoader Termite
2022-04META
@techreport{meta:202204:adversarial:92d4268, author = {META}, title = {{Adversarial Threat Report}}, date = {2022-04}, institution = {}, url = {https://about.fb.com/wp-content/uploads/2022/04/Meta-Quarterly-Adversarial-Threat-Report_Q1-2022.pdf}, language = {English}, urldate = {2022-04-12} } Adversarial Threat Report
2022-03-30ZscalerMitesh Wani, Kaivalya Khursale
@online{wani:20220330:analysis:d8f8261, author = {Mitesh Wani and Kaivalya Khursale}, title = {{Analysis of BlackGuard - a new info stealer malware being sold in a Russian hacking forum}}, date = {2022-03-30}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/analysis-blackguard-new-info-stealer-malware-being-sold-russian-hacking}, language = {English}, urldate = {2022-03-31} } Analysis of BlackGuard - a new info stealer malware being sold in a Russian hacking forum
BlackGuard