Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-11-30FFRI SecurityMatsumoto
@online{matsumoto:20221130:evolution:29e9b4c, author = {Matsumoto}, title = {{Evolution of the PlugX loader}}, date = {2022-11-30}, organization = {FFRI Security}, url = {https://engineers.ffri.jp/entry/2022/11/30/141346}, language = {Japanese}, urldate = {2022-12-01} } Evolution of the PlugX loader
PlugX Poison Ivy
2022-11-27SecurityScorecardVlad Pasca
@online{pasca:20221127:technical:c2326cf, author = {Vlad Pasca}, title = {{A Technical Analysis of Royal Ransomware}}, date = {2022-11-27}, organization = {SecurityScorecard}, url = {https://securityscorecard.pathfactory.com/research/the-royal-ransomware}, language = {English}, urldate = {2022-11-28} } A Technical Analysis of Royal Ransomware
Royal Ransom
2022-11-16Ruptura InfoSecurityRad Kawar
@online{kawar:20221116:writing:5bf0a41, author = {Rad Kawar}, title = {{Writing Tiny, Stealthy & Reliable Malware}}, date = {2022-11-16}, organization = {Ruptura InfoSecurity}, url = {https://ruptura-infosec.com/blog/writing-tiny-stealthy-reliable-malware/}, language = {English}, urldate = {2022-11-18} } Writing Tiny, Stealthy & Reliable Malware
2022-11-09Security IntelligenceJonathan Reed
@online{reed:20221109:ransomwareasaservice:751e1a8, author = {Jonathan Reed}, title = {{Ransomware-as-a-Service Transforms Gangs Into Businesses}}, date = {2022-11-09}, organization = {Security Intelligence}, url = {https://securityintelligence.com/news/eternity-gang-ransomware-as-a-service-telegram/}, language = {English}, urldate = {2022-11-11} } Ransomware-as-a-Service Transforms Gangs Into Businesses
Eternity Stealer
2022-10-31Security homeworkChristophe Rieunier
@online{rieunier:20221031:qakbot:e82f924, author = {Christophe Rieunier}, title = {{QakBot CCs prioritization and new record types}}, date = {2022-10-31}, organization = {Security homework}, url = {https://www.securityhomework.net/articles/qakbot_ccs_prioritization_and_new_record_types/qakbot_ccs_prioritization_and_new_record_types.php}, language = {English}, urldate = {2022-10-31} } QakBot CCs prioritization and new record types
QakBot
2022-10-28Elastic@rsprooten, Elastic Security Intelligence & Analytics Team
@online{rsprooten:20221028:emotet:ffabd03, author = {@rsprooten and Elastic Security Intelligence & Analytics Team}, title = {{EMOTET dynamic config extraction}}, date = {2022-10-28}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction}, language = {English}, urldate = {2022-10-30} } EMOTET dynamic config extraction
Emotet
2022-10-27MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221027:raspberry:b6d1ce4, author = {Microsoft Security Threat Intelligence}, title = {{Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity}}, date = {2022-10-27}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/}, language = {English}, urldate = {2022-11-11} } Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
FAKEUPDATES Fauppod Raspberry Robin Roshtyak
2022-10-22MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221022:dev0952:21116ee, author = {Microsoft Security Threat Intelligence}, title = {{DEV-0952 deploys Daixin ransomware at hospitals}}, date = {2022-10-22}, organization = {Microsoft}, url = {https://community.riskiq.com/article/2f515d18}, language = {English}, urldate = {2022-10-24} } DEV-0952 deploys Daixin ransomware at hospitals
2022-10-14MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221014:new:96a6fbd, author = {Microsoft Security Threat Intelligence}, title = {{New “Prestige” ransomware impacts organizations in Ukraine and Poland}}, date = {2022-10-14}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/}, language = {English}, urldate = {2022-10-14} } New “Prestige” ransomware impacts organizations in Ukraine and Poland
Prestige
2022-10-06YouTube ( BSides Budapest IT Security Conference)Kurt Baumgartner, Georgy Kucherin
@online{baumgartner:20221006:diceyf:f69a639, author = {Kurt Baumgartner and Georgy Kucherin}, title = {{DiceyF deploys GamePlayerFramework (Video)}}, date = {2022-10-06}, organization = {YouTube ( BSides Budapest IT Security Conference)}, url = {https://www.youtube.com/watch?v=yVqALLtvkN8&t=8117s}, language = {English}, urldate = {2022-10-25} } DiceyF deploys GamePlayerFramework (Video)
GamePlayerFramework
2022-10-05MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221005:detecting:76c0e4f, author = {Microsoft Security Threat Intelligence}, title = {{Detecting and preventing LSASS credential dumping attacks}}, date = {2022-10-05}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/10/05/detecting-and-preventing-lsass-credential-dumping-attacks/}, language = {English}, urldate = {2022-10-17} } Detecting and preventing LSASS credential dumping attacks
2022-09-30MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20220930:analyzing:115d508, author = {Microsoft Security Threat Intelligence}, title = {{Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082}}, date = {2022-09-30}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082}, language = {English}, urldate = {2022-10-17} } Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082
2022-09-29NTTNTT Security Holdings Corporation
@techreport{corporation:20220929:report:1615dab, author = {NTT Security Holdings Corporation}, title = {{Report on APT Attacks by BlackTech}}, date = {2022-09-29}, institution = {NTT}, url = {https://jp.security.ntt/resources/EN-BlackTech_2021.pdf}, language = {English}, urldate = {2022-09-30} } Report on APT Attacks by BlackTech
Bifrost PLEAD TSCookie Flagpro Gh0stTimes SelfMake Loader SPIDERPIG RAT
2022-09-29MicrosoftMicrosoft Security Threat Intelligence, LinkedIn Threat Prevention and Defense
@online{intelligence:20220929:zinc:4b8e6c0, author = {Microsoft Security Threat Intelligence and LinkedIn Threat Prevention and Defense}, title = {{ZINC weaponizing open-source software}}, date = {2022-09-29}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/29/zinc-weaponizing-open-source-software/}, language = {English}, urldate = {2022-09-30} } ZINC weaponizing open-source software
2022-09-29GTSCGTSC SECURITY TEAM
@online{team:20220929:warning:e0972dc, author = {GTSC SECURITY TEAM}, title = {{Warning Campaign Attack Using Zero Day Vulnerability on Microsoft Exchange Server}}, date = {2022-09-29}, organization = {GTSC}, url = {https://www.gteltsc.vn/blog/canh-bao-chien-dich-tan-cong-su-dung-lo-hong-zero-day-tren-microsoft-exchange-server-12714.html}, language = {Vietnamese}, urldate = {2022-09-30} } Warning Campaign Attack Using Zero Day Vulnerability on Microsoft Exchange Server
2022-09-28SecuronixD. Iuzvyk, T. Peck, O. Kolesnikov
@online{iuzvyk:20220928:securonix:7e14e6e, author = {D. Iuzvyk and T. Peck and O. Kolesnikov}, title = {{Securonix Threat Labs Security Advisory: Detecting STEEP#MAVERICK: New Covert Attack Campaign Targeting Military Contractors}}, date = {2022-09-28}, organization = {Securonix}, url = {https://www.securonix.com/blog/detecting-steepmaverick-new-covert-attack-campaign-targeting-military-contractors/}, language = {English}, urldate = {2022-09-30} } Securonix Threat Labs Security Advisory: Detecting STEEP#MAVERICK: New Covert Attack Campaign Targeting Military Contractors
2022-09-27SecurityScorecardVlad Pasca
@online{pasca:20220927:deep:203b1f0, author = {Vlad Pasca}, title = {{A Deep Dive Into the APT28’s stealer called CredoMap}}, date = {2022-09-27}, organization = {SecurityScorecard}, url = {https://securityscorecard.com/research/apt28s-stealer-called-credomap}, language = {English}, urldate = {2022-09-29} } A Deep Dive Into the APT28’s stealer called CredoMap
CredoMap
2022-09-26K7 SecurityGaurav Yadav
@online{yadav:20220926:dcdcrypt:b3ac294, author = {Gaurav Yadav}, title = {{DcDcrypt Ransomware Decryptor}}, date = {2022-09-26}, organization = {K7 Security}, url = {https://labs.k7computing.com/index.php/dcdcrypt-ransomware-decryptor/}, language = {English}, urldate = {2022-09-30} } DcDcrypt Ransomware Decryptor
DcDcrypt
2022-09-23humansecuritySatori Threat Intelligence and Research Team
@online{team:20220923:poseidons:c9c3ead, author = {Satori Threat Intelligence and Research Team}, title = {{Poseidon’s Offspring: Charybdis and Scylla}}, date = {2022-09-23}, organization = {humansecurity}, url = {https://www.humansecurity.com/learn/blog/poseidons-offspring-charybdis-and-scylla}, language = {English}, urldate = {2022-09-30} } Poseidon’s Offspring: Charybdis and Scylla
2022-09-21MicrosoftMicrosoft Security Experts, Microsoft Detection and Response Team (DART)
@online{experts:20220921:art:657254d, author = {Microsoft Security Experts and Microsoft Detection and Response Team (DART)}, title = {{The art and science behind Microsoft threat hunting: Part 2}}, date = {2022-09-21}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/21/the-art-and-science-behind-microsoft-threat-hunting-part-2/}, language = {English}, urldate = {2022-09-26} } The art and science behind Microsoft threat hunting: Part 2