Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-18Red CanaryThe Red Canary Team
@online{team:20211118:intelligence:7b00cb9, author = {The Red Canary Team}, title = {{Intelligence Insights: November 2021}}, date = {2021-11-18}, organization = {Red Canary}, url = {https://redcanary.com/blog/intelligence-insights-november-2021/}, language = {English}, urldate = {2021-11-19} } Intelligence Insights: November 2021
Andromeda Conti LockBit QakBot Squirrelwaffle
2021-09-22Red CanaryThe Red Canary Team
@online{team:20210922:intelligence:98e291c, author = {The Red Canary Team}, title = {{Intelligence Insights: September 2021}}, date = {2021-09-22}, organization = {Red Canary}, url = {https://redcanary.com/blog/intel-insights-sept-2021/}, language = {English}, urldate = {2021-09-29} } Intelligence Insights: September 2021
2021-08-05Red CanaryTony Lambert, Brian Donohue, Dan Cotton
@online{lambert:20210805:when:aeb7b10, author = {Tony Lambert and Brian Donohue and Dan Cotton}, title = {{When Dridex and Cobalt Strike give you Grief}}, date = {2021-08-05}, organization = {Red Canary}, url = {https://redcanary.com/blog/grief-ransomware/}, language = {English}, urldate = {2021-09-10} } When Dridex and Cobalt Strike give you Grief
Cobalt Strike DoppelDridex DoppelPaymer
2021-05-04Red CanaryJustin Schoenfeld, Aaron Didier
@online{schoenfeld:20210504:transferring:ed44b55, author = {Justin Schoenfeld and Aaron Didier}, title = {{Transferring leverage in a ransomware attack}}, date = {2021-05-04}, organization = {Red Canary}, url = {https://redcanary.com/blog/rclone-mega-extortion/}, language = {English}, urldate = {2021-05-07} } Transferring leverage in a ransomware attack
2021-03-31Red CanaryRed Canary
@techreport{canary:20210331:2021:cd81f2d, author = {Red Canary}, title = {{2021 Threat Detection Report}}, date = {2021-03-31}, institution = {Red Canary}, url = {https://resource.redcanary.com/rs/003-YRU-314/images/2021-Threat-Detection-Report.pdf}, language = {English}, urldate = {2021-04-06} } 2021 Threat Detection Report
Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot
2021-03-09Red CanaryTony Lambert, Brian Donohue, Katie Nickels
@online{lambert:20210309:microsoft:6a37334, author = {Tony Lambert and Brian Donohue and Katie Nickels}, title = {{Microsoft Exchange server exploitation: how to detect, mitigate, and stay calm}}, date = {2021-03-09}, organization = {Red Canary}, url = {https://redcanary.com/blog/microsoft-exchange-attacks}, language = {English}, urldate = {2021-03-11} } Microsoft Exchange server exploitation: how to detect, mitigate, and stay calm
CHINACHOPPER
2021-02-18Red CanaryTony Lambert
@online{lambert:20210218:clipping:ec693c2, author = {Tony Lambert}, title = {{Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight}}, date = {2021-02-18}, organization = {Red Canary}, url = {https://redcanary.com/blog/clipping-silver-sparrows-wings/#technical-analysis}, language = {English}, urldate = {2021-02-20} } Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight
Silver Sparrow
2021-01-06Red CanaryTony Lambert
@online{lambert:20210106:hunting:272410b, author = {Tony Lambert}, title = {{Hunting for GetSystem in offensive security tools}}, date = {2021-01-06}, organization = {Red Canary}, url = {https://redcanary.com/blog/getsystem-offsec/}, language = {English}, urldate = {2021-01-11} } Hunting for GetSystem in offensive security tools
Cobalt Strike Empire Downloader Meterpreter PoshC2
2020-12-08Red CanaryMatt Graeber
@online{graeber:20201208:why:31709f3, author = {Matt Graeber}, title = {{The why, what, and how of threat research}}, date = {2020-12-08}, organization = {Red Canary}, url = {https://redcanary.com/blog/threat-research-questions}, language = {English}, urldate = {2020-12-10} } The why, what, and how of threat research
2020-12-04Red CanaryRed Canary
@online{canary:20201204:yellow:1633ca2, author = {Red Canary}, title = {{Yellow Cockatoo: Search engine redirects, in-memory remote access trojan, and more}}, date = {2020-12-04}, organization = {Red Canary}, url = {https://redcanary.com/blog/yellow-cockatoo/}, language = {English}, urldate = {2020-12-08} } Yellow Cockatoo: Search engine redirects, in-memory remote access trojan, and more
Jupyter Stealer Yellow Cockatoo RAT
2020-12-02Red Canarytwitter (@redcanary)
@online{redcanary:20201202:increased:5db5dce, author = {twitter (@redcanary)}, title = {{Tweet on increased #Qbot activity delivering Cobalt Strike & #Egregor ransomware}}, date = {2020-12-02}, organization = {Red Canary}, url = {https://twitter.com/redcanary/status/1334224861628039169}, language = {English}, urldate = {2020-12-08} } Tweet on increased #Qbot activity delivering Cobalt Strike & #Egregor ransomware
Cobalt Strike Egregor QakBot
2020-10-29Red CanaryThe Red Canary Team
@online{team:20201029:bazar:1846b93, author = {The Red Canary Team}, title = {{A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak}}, date = {2020-10-29}, organization = {Red Canary}, url = {https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/}, language = {English}, urldate = {2020-11-02} } A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak
Cobalt Strike Ryuk TrickBot
2020-07-22Red CanaryTony Lambert
@online{lambert:20200722:connecting:eb1b19a, author = {Tony Lambert}, title = {{Connecting Kinsing malware to Citrix and SaltStack campaigns}}, date = {2020-07-22}, organization = {Red Canary}, url = {https://redcanary.com/blog/kinsing-malware-citrix-saltstack/}, language = {English}, urldate = {2020-07-30} } Connecting Kinsing malware to Citrix and SaltStack campaigns
Kinsing
2020-06-17Youtube (Red Canary)Red Canary
@online{canary:20200617:threat:3a7f962, author = {Red Canary}, title = {{Threat Detection: Blue Mockingbird}}, date = {2020-06-17}, organization = {Youtube (Red Canary)}, url = {https://www.youtube.com/watch?v=6t_E8KOmZSs}, language = {English}, urldate = {2020-06-19} } Threat Detection: Blue Mockingbird
2020-06-17Youtube (Red Canary)Erika Noerenberg, Matt Graeber, Adam Pennington, David Kaplan
@online{noerenberg:20200617:attck:934d73c, author = {Erika Noerenberg and Matt Graeber and Adam Pennington and David Kaplan}, title = {{ATT&CK® Deep Dive: Process Injection}}, date = {2020-06-17}, organization = {Youtube (Red Canary)}, url = {https://redcanary.com/resources/webinars/deep-dive-process-injection/}, language = {English}, urldate = {2020-06-19} } ATT&CK® Deep Dive: Process Injection
ISFB Ramnit TrickBot
2020-05-07Red CanaryTony Lambert
@online{lambert:20200507:introducing:04e15eb, author = {Tony Lambert}, title = {{Introducing Blue Mockingbird}}, date = {2020-05-07}, organization = {Red Canary}, url = {https://redcanary.com/blog/blue-mockingbird-cryptominer/}, language = {English}, urldate = {2020-06-02} } Introducing Blue Mockingbird
2020-05-07Red CanaryJesse Brown
@online{brown:20200507:detecting:5059f43, author = {Jesse Brown}, title = {{Detecting COR_PROFILER manipulation for persistence}}, date = {2020-05-07}, organization = {Red Canary}, url = {https://redcanary.com/blog/cor_profiler-for-persistence/}, language = {English}, urldate = {2020-06-02} } Detecting COR_PROFILER manipulation for persistence
2019-06-27Red CanaryCasey Smith, Michael Haag
@online{smith:20190627:tracking:747ae87, author = {Casey Smith and Michael Haag}, title = {{Tracking driver inventory to unearth rootkits}}, date = {2019-06-27}, organization = {Red Canary}, url = {https://redcanary.com/blog/tracking-driver-inventory-to-expose-rootkits/}, language = {English}, urldate = {2021-09-20} } Tracking driver inventory to unearth rootkits
NuggetPhantom
2019-05-01Red CanaryTony Lambert
@online{lambert:20190501:frameworkpos:376a823, author = {Tony Lambert}, title = {{FrameworkPOS and the adequate persistent threat}}, date = {2019-05-01}, organization = {Red Canary}, url = {https://redcanary.com/blog/frameworkpos-and-the-adequate-persistent-threat/}, language = {English}, urldate = {2020-01-29} } FrameworkPOS and the adequate persistent threat
Grateful POS