Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-11-09CrowdStrikeCounter Adversary Operations
@online{operations:20231109:imperial:8a2f4d0, author = {Counter Adversary Operations}, title = {{IMPERIAL KITTEN Deploys Novel Malware Families in Middle East-Focused Operations}}, date = {2023-11-09}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/imperial-kitten-deploys-novel-malware-families/}, language = {English}, urldate = {2023-11-14} } IMPERIAL KITTEN Deploys Novel Malware Families in Middle East-Focused Operations
IMAPLoader
2023-10-31Palo Alto Networks Unit 42Daniel Frank, Tom Fakterman
@online{frank:20231031:over:def0823, author = {Daniel Frank and Tom Fakterman}, title = {{Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla)}}, date = {2023-10-31}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/pensive-ursa-uses-upgraded-kazuar-backdoor/}, language = {English}, urldate = {2023-11-14} } Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla)
Kazuar
2023-08-26BushidoToken BlogBushidoToken
@online{bushidotoken:20230826:tracking:b81bab9, author = {BushidoToken}, title = {{Tracking Adversaries: Scattered Spider, the BlackCat affiliate}}, date = {2023-08-26}, organization = {BushidoToken Blog}, url = {https://blog.bushidotoken.net/2023/08/tracking-adversaries-scattered-spider.html}, language = {English}, urldate = {2023-11-17} } Tracking Adversaries: Scattered Spider, the BlackCat affiliate
BlackLotus POORTRY
2023-08-10CrowdStrikeNicolas Zilio, Marco Ortisi, Ken Balint, Counter Adversary Operations
@online{zilio:20230810:discovering:6b246d9, author = {Nicolas Zilio and Marco Ortisi and Ken Balint and Counter Adversary Operations}, title = {{Discovering and Blocking a Zero-Day Exploit with CrowdStrike Falcon Complete: The Case of CVE-2023-36874}}, date = {2023-08-10}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/falcon-complete-zero-day-exploit-cve-2023-36874/}, language = {English}, urldate = {2023-08-13} } Discovering and Blocking a Zero-Day Exploit with CrowdStrike Falcon Complete: The Case of CVE-2023-36874
2023-07-12Palo Alto Networks Unit 42Unit 42
@online{42:20230712:diplomats:53b84ac, author = {Unit 42}, title = {{Diplomats Beware: Cloaked Ursa Phishing With a Twist}}, date = {2023-07-12}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cloaked-ursa-phishing/#post-129063-_odp1m3lxt5m2}, language = {English}, urldate = {2023-07-13} } Diplomats Beware: Cloaked Ursa Phishing With a Twist
2023-07-12Palo Alto Networks Unit 42Unit 42
@online{42:20230712:diplomats:ff60fd1, author = {Unit 42}, title = {{Diplomats Beware: Cloaked Ursa Phishing With a Twist}}, date = {2023-07-12}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cloaked-ursa-phishing/}, language = {English}, urldate = {2023-07-17} } Diplomats Beware: Cloaked Ursa Phishing With a Twist
GraphDrop
2023-06-23FourcoreJones Martin
@online{martin:20230623:clop:ed4b8f0, author = {Jones Martin}, title = {{Clop Ransomware: History, Timeline, And Adversary Simulation}}, date = {2023-06-23}, organization = {Fourcore}, url = {https://fourcore.io/blogs/clop-ransomware-history-adversary-simulation}, language = {English}, urldate = {2023-07-28} } Clop Ransomware: History, Timeline, And Adversary Simulation
Clop
2023-05-15CrowdStrikeCrowdStrike
@online{crowdstrike:20230515:hypervisor:2fc5adc, author = {CrowdStrike}, title = {{Hypervisor Jackpotting, Part 3: Lack of Antivirus Support Opens the Door to Adversary Attacks}}, date = {2023-05-15}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/hypervisor-jackpotting-lack-of-antivirus-support-opens-the-door-to-adversaries/}, language = {English}, urldate = {2023-07-31} } Hypervisor Jackpotting, Part 3: Lack of Antivirus Support Opens the Door to Adversary Attacks
BlackCat SystemBC
2023-05-03METABen Nimmo, Nathaniel Gleicher
@online{nimmo:20230503:metas:b21c75a, author = {Ben Nimmo and Nathaniel Gleicher}, title = {{Meta’s Adversarial Threat Report, First Quarter 2023}}, date = {2023-05-03}, organization = {META}, url = {https://about.fb.com/news/2023/05/metas-adversarial-threat-report-first-quarter-2023/}, language = {English}, urldate = {2023-05-04} } Meta’s Adversarial Threat Report, First Quarter 2023
2023-01-05AttackIQFrancis Guibernau, Ken Towne
@online{guibernau:20230105:emulating:04eb5ed, author = {Francis Guibernau and Ken Towne}, title = {{Emulating the Highly Sophisticated North Korean Adversary Lazarus Group}}, date = {2023-01-05}, organization = {AttackIQ}, url = {https://www.attackiq.com/2023/01/05/emulating-the-highly-sophisticated-north-korean-adversary-lazarus-group/}, language = {English}, urldate = {2023-01-10} } Emulating the Highly Sophisticated North Korean Adversary Lazarus Group
MagicRAT Tiger RAT
2022-12-20Palo Alto Networks Unit 42Unit42
@online{unit42:20221220:russias:75dec0c, author = {Unit42}, title = {{Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine}}, date = {2022-12-20}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/trident-ursa/}, language = {English}, urldate = {2023-01-25} } Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine
Unidentified VBS 005 (Telegram Loader)
2022-09-14Seguranca InformaticaPedro Tavares
@online{tavares:20220914:ursa:add3756, author = {Pedro Tavares}, title = {{URSA trojan is back with a new dance}}, date = {2022-09-14}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/ursa-trojan-is-back-with-a-new-dance/#.YyXEkaRBzIU}, language = {English}, urldate = {2022-09-19} } URSA trojan is back with a new dance
Mispadu
2022-09-01Medium michaelkoczwaraMichael Koczwara
@online{koczwara:20220901:hunting:45c54de, author = {Michael Koczwara}, title = {{Hunting C2/Adversaries Infrastructure with Shodan and Censys}}, date = {2022-09-01}, organization = {Medium michaelkoczwara}, url = {https://michaelkoczwara.medium.com/hunting-c2-with-shodan-223ca250d06f}, language = {English}, urldate = {2023-01-19} } Hunting C2/Adversaries Infrastructure with Shodan and Censys
Brute Ratel C4 Cobalt Strike Deimos GRUNT IcedID Merlin Meterpreter Nighthawk PoshC2 Sliver
2022-08-31FourcoreHardik Manocha
@online{manocha:20220831:ryuk:478c7d7, author = {Hardik Manocha}, title = {{Ryuk Ransomware: History, Timeline, And Adversary Simulation}}, date = {2022-08-31}, organization = {Fourcore}, url = {https://fourcore.io/blogs/ryuk-ransomware-simulation-mitre-ttp}, language = {English}, urldate = {2022-09-13} } Ryuk Ransomware: History, Timeline, And Adversary Simulation
Ryuk
2022-08-23ZscalerMitesh Wani, Kaivalya Khursale
@online{wani:20220823:making:37c9914, author = {Mitesh Wani and Kaivalya Khursale}, title = {{Making victims pay, infostealer malwares mimick pirated-software download sites}}, date = {2022-08-23}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/making-victims-pay-infostealer-malwares-mimick-pirated-software-download}, language = {English}, urldate = {2022-09-07} } Making victims pay, infostealer malwares mimick pirated-software download sites
RedLine Stealer
2022-08-16Huntress LabsDray Agha
@online{agha:20220816:cleartext:3262c13, author = {Dray Agha}, title = {{Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY}}, date = {2022-08-16}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy}, language = {English}, urldate = {2022-09-12} } Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY
2022-08-04METABen Nimmo, David Agranovich, Margarita Franklin, Mike Dvilyanski, Nathaniel Gleicher
@techreport{nimmo:20220804:quarterly:012f23e, author = {Ben Nimmo and David Agranovich and Margarita Franklin and Mike Dvilyanski and Nathaniel Gleicher}, title = {{Quarterly Adversarial Threat Report AUGUST 2022}}, date = {2022-08-04}, institution = {META}, url = {https://about.fb.com/wp-content/uploads/2022/08/Quarterly-Adversarial-Threat-Report-Q2-2022.pdf}, language = {English}, urldate = {2022-08-11} } Quarterly Adversarial Threat Report AUGUST 2022
2022-07-18Palo Alto Networks Unit 42Unit42
@online{unit42:20220718:clean:f042eb1, author = {Unit42}, title = {{Clean Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/clean-ursa}, language = {English}, urldate = {2022-08-26} } Clean Ursa
PowerShower Inception Framework
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:trident:310d54a, author = {Unit 42}, title = {{Trident Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/tridentursa}, language = {English}, urldate = {2022-08-25} } Trident Ursa
Gamaredon Group
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:fighting:865c81e, author = {Unit 42}, title = {{Fighting Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/fighting-ursa/}, language = {English}, urldate = {2022-07-29} } Fighting Ursa
Cannon Zebrocy APT28