Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-03METABen Nimmo, Nathaniel Gleicher
@online{nimmo:20230503:metas:b21c75a, author = {Ben Nimmo and Nathaniel Gleicher}, title = {{Meta’s Adversarial Threat Report, First Quarter 2023}}, date = {2023-05-03}, organization = {META}, url = {https://about.fb.com/news/2023/05/metas-adversarial-threat-report-first-quarter-2023/}, language = {English}, urldate = {2023-05-04} } Meta’s Adversarial Threat Report, First Quarter 2023
2023-01-05AttackIQFrancis Guibernau, Ken Towne
@online{guibernau:20230105:emulating:04eb5ed, author = {Francis Guibernau and Ken Towne}, title = {{Emulating the Highly Sophisticated North Korean Adversary Lazarus Group}}, date = {2023-01-05}, organization = {AttackIQ}, url = {https://www.attackiq.com/2023/01/05/emulating-the-highly-sophisticated-north-korean-adversary-lazarus-group/}, language = {English}, urldate = {2023-01-10} } Emulating the Highly Sophisticated North Korean Adversary Lazarus Group
MagicRAT Tiger RAT
2022-12-20Palo Alto Networks Unit 42Unit42
@online{unit42:20221220:russias:75dec0c, author = {Unit42}, title = {{Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine}}, date = {2022-12-20}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/trident-ursa/}, language = {English}, urldate = {2023-01-25} } Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine
Unidentified VBS 005 (Telegram Loader)
2022-09-14Seguranca InformaticaPedro Tavares
@online{tavares:20220914:ursa:add3756, author = {Pedro Tavares}, title = {{URSA trojan is back with a new dance}}, date = {2022-09-14}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/ursa-trojan-is-back-with-a-new-dance/#.YyXEkaRBzIU}, language = {English}, urldate = {2022-09-19} } URSA trojan is back with a new dance
Mispadu
2022-09-01Medium michaelkoczwaraMichael Koczwara
@online{koczwara:20220901:hunting:45c54de, author = {Michael Koczwara}, title = {{Hunting C2/Adversaries Infrastructure with Shodan and Censys}}, date = {2022-09-01}, organization = {Medium michaelkoczwara}, url = {https://michaelkoczwara.medium.com/hunting-c2-with-shodan-223ca250d06f}, language = {English}, urldate = {2023-01-19} } Hunting C2/Adversaries Infrastructure with Shodan and Censys
Brute Ratel C4 Cobalt Strike Deimos GRUNT IcedID Merlin Meterpreter Nighthawk PoshC2 Sliver
2022-08-31FourcoreHardik Manocha
@online{manocha:20220831:ryuk:478c7d7, author = {Hardik Manocha}, title = {{Ryuk Ransomware: History, Timeline, And Adversary Simulation}}, date = {2022-08-31}, organization = {Fourcore}, url = {https://fourcore.io/blogs/ryuk-ransomware-simulation-mitre-ttp}, language = {English}, urldate = {2022-09-13} } Ryuk Ransomware: History, Timeline, And Adversary Simulation
Ryuk
2022-08-23ZscalerMitesh Wani, Kaivalya Khursale
@online{wani:20220823:making:37c9914, author = {Mitesh Wani and Kaivalya Khursale}, title = {{Making victims pay, infostealer malwares mimick pirated-software download sites}}, date = {2022-08-23}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/making-victims-pay-infostealer-malwares-mimick-pirated-software-download}, language = {English}, urldate = {2022-09-07} } Making victims pay, infostealer malwares mimick pirated-software download sites
RedLine Stealer
2022-08-16Huntress LabsDray Agha
@online{agha:20220816:cleartext:3262c13, author = {Dray Agha}, title = {{Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY}}, date = {2022-08-16}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy}, language = {English}, urldate = {2022-09-12} } Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY
2022-08-04METABen Nimmo, David Agranovich, Margarita Franklin, Mike Dvilyanski, Nathaniel Gleicher
@techreport{nimmo:20220804:quarterly:012f23e, author = {Ben Nimmo and David Agranovich and Margarita Franklin and Mike Dvilyanski and Nathaniel Gleicher}, title = {{Quarterly Adversarial Threat Report AUGUST 2022}}, date = {2022-08-04}, institution = {META}, url = {https://about.fb.com/wp-content/uploads/2022/08/Quarterly-Adversarial-Threat-Report-Q2-2022.pdf}, language = {English}, urldate = {2022-08-11} } Quarterly Adversarial Threat Report AUGUST 2022
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:trident:0e9c23b, author = {Unit 42}, title = {{Trident Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/tridentursa/}, language = {English}, urldate = {2022-07-29} } Trident Ursa
Gamaredon Group
2022-07-18Palo Alto Networks Unit 42Unit42
@online{unit42:20220718:clean:f042eb1, author = {Unit42}, title = {{Clean Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/clean-ursa}, language = {English}, urldate = {2022-08-26} } Clean Ursa
PowerShower Inception Framework
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:clean:053c441, author = {Unit 42}, title = {{Clean Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/clean-ursa/}, language = {English}, urldate = {2022-07-29} } Clean Ursa
PowerShower Inception Framework
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:trident:310d54a, author = {Unit 42}, title = {{Trident Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/tridentursa}, language = {English}, urldate = {2022-08-25} } Trident Ursa
Gamaredon Group
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:fighting:865c81e, author = {Unit 42}, title = {{Fighting Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/fighting-ursa/}, language = {English}, urldate = {2022-07-29} } Fighting Ursa
Cannon Zebrocy APT28
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:cloaked:ae3f3ab, author = {Unit 42}, title = {{Cloaked Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/cloaked-ursa/}, language = {English}, urldate = {2022-07-29} } Cloaked Ursa
APT29
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:nascent:4d2484b, author = {Unit 42}, title = {{Nascent Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/nascentursa/}, language = {English}, urldate = {2022-07-25} } Nascent Ursa
Saint Bot SaintBear
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:ruinous:c0bf32d, author = {Unit 42}, title = {{Ruinous Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/ruinousursa/}, language = {English}, urldate = {2022-07-25} } Ruinous Ursa
WhisperGate DEV-0586
2022-06-17ZscalerSudeep Singh, Kaivalya Khursale
@online{singh:20220617:resurgence:736636f, author = {Sudeep Singh and Kaivalya Khursale}, title = {{Resurgence of Voicemail-themed phishing attacks targeting key industry verticals in the US}}, date = {2022-06-17}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/resurgence-voicemail-themed-phishing-attacks-targeting-key-industry}, language = {English}, urldate = {2022-07-01} } Resurgence of Voicemail-themed phishing attacks targeting key industry verticals in the US
2022-06-15AttackIQJackson Wells, AttackIQ Adversary Research Team
@online{wells:20220615:attack:aa9fcfb, author = {Jackson Wells and AttackIQ Adversary Research Team}, title = {{Attack Graph Emulating the Conti Ransomware Team’s Behaviors}}, date = {2022-06-15}, organization = {AttackIQ}, url = {https://attackiq.com/2022/06/15/attack-graph-emulating-the-conti-ransomware-teams-behaviors/}, language = {English}, urldate = {2022-07-01} } Attack Graph Emulating the Conti Ransomware Team’s Behaviors
BazarBackdoor Conti TrickBot
2022-06-03AttackIQJackson Wells, AttackIQ Adversary Research Team
@online{wells:20220603:attack:5e4e9c6, author = {Jackson Wells and AttackIQ Adversary Research Team}, title = {{Attack Graph Response to US CERT AA22-152A: Karakurt Data Extortion Group}}, date = {2022-06-03}, organization = {AttackIQ}, url = {https://attackiq.com/2022/06/03/attack-graph-response-to-us-cert-aa22-152a-karakurt-data-extortion-group/}, language = {English}, urldate = {2022-06-18} } Attack Graph Response to US CERT AA22-152A: Karakurt Data Extortion Group
Cobalt Strike MimiKatz