Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-17Cado SecurityCado Security
@online{security:20220117:resources:a47b0a6, author = {Cado Security}, title = {{Resources for DFIR Professionals Responding to WhisperGate Malware}}, date = {2022-01-17}, organization = {Cado Security}, url = {https://www.cadosecurity.com/resources-for-dfir-professionals-responding-to-whispergate-malware/}, language = {English}, urldate = {2022-01-18} } Resources for DFIR Professionals Responding to WhisperGate Malware
WhisperGate
2022-01-15MicrosoftMicrosoft, Microsoft Security Intelligence, Microsoft Digital Security Unit (DSU), Microsoft Detection and Response Team (DART), Microsoft 365 Defender Threat Intelligence Team
@online{microsoft:20220115:destructive:77ac2f5, author = {Microsoft and Microsoft Security Intelligence and Microsoft Digital Security Unit (DSU) and Microsoft Detection and Response Team (DART) and Microsoft 365 Defender Threat Intelligence Team}, title = {{Destructive malware targeting Ukrainian organizations (DEV-0586)}}, date = {2022-01-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/}, language = {English}, urldate = {2022-01-18} } Destructive malware targeting Ukrainian organizations (DEV-0586)
WhisperGate
2022-01-10Cado SecurityMatt Muir
@online{muir:20220110:abcbot:ace96ad, author = {Matt Muir}, title = {{Abcbot - An Evolution of Xanthe}}, date = {2022-01-10}, organization = {Cado Security}, url = {https://www.cadosecurity.com/abcbot-an-evolution-of-xanthe/}, language = {English}, urldate = {2022-01-17} } Abcbot - An Evolution of Xanthe
Abcbot Xanthe
2022-01-04The Cyber Security TimesJohn Greenwood
@online{greenwood:20220104:purple:98da376, author = {John Greenwood}, title = {{Purple Fox malware is actively distributed via Telegram Installers}}, date = {2022-01-04}, organization = {The Cyber Security Times}, url = {https://www.thecybersecuritytimes.com/purple-fox-malware-is-actively-distributed-via-telegram-installers/}, language = {English}, urldate = {2022-01-06} } Purple Fox malware is actively distributed via Telegram Installers
win.purplefox
2021-12-30GovInfo SecurityMathew J. Schwartz
@online{schwartz:20211230:vice:70dac62, author = {Mathew J. Schwartz}, title = {{Vice Society: Ransomware Gang Disrupted Spar Stores}}, date = {2021-12-30}, organization = {GovInfo Security}, url = {https://www.govinfosecurity.com/vice-society-ransomware-gang-disrupted-spar-stores-a-18225}, language = {English}, urldate = {2022-01-03} } Vice Society: Ransomware Gang Disrupted Spar Stores
HelloKitty
2021-12-23ElasticJoe Desimone, Samir Bousseaden
@online{desimone:20211223:elastic:0e1caf7, author = {Joe Desimone and Samir Bousseaden}, title = {{Elastic Security uncovers BLISTER malware campaign}}, date = {2021-12-23}, organization = {Elastic}, url = {https://www.elastic.co/blog/elastic-security-uncovers-blister-malware-campaign}, language = {English}, urldate = {2021-12-23} } Elastic Security uncovers BLISTER malware campaign
Blister
2021-12-22CISACISA, FBI, NSA, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), Computer Emergency Response Team New Zealand (CERT NZ), New Zealand National Cyber Security Centre (NZ NCSC), United Kingdom’s National Cyber Security Centre (NCSC-UK)
@online{cisa:20211222:alert:635c59b, author = {CISA and FBI and NSA and Australian Cyber Security Centre (ACSC) and Canadian Centre for Cyber Security (CCCS) and Computer Emergency Response Team New Zealand (CERT NZ) and New Zealand National Cyber Security Centre (NZ NCSC) and United Kingdom’s National Cyber Security Centre (NCSC-UK)}, title = {{Alert (AA21-356A) Mitigating Log4Shell and Other Log4j-Related Vulnerabilities}}, date = {2021-12-22}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa21-356a}, language = {English}, urldate = {2021-12-23} } Alert (AA21-356A) Mitigating Log4Shell and Other Log4j-Related Vulnerabilities
2021-12-21Cado SecurityMatt Muir
@online{muir:20211221:continued:61d7698, author = {Matt Muir}, title = {{The Continued Evolution of Abcbot}}, date = {2021-12-21}, organization = {Cado Security}, url = {https://www.cadosecurity.com/the-continued-evolution-of-abcbot/}, language = {English}, urldate = {2022-01-05} } The Continued Evolution of Abcbot
Abcbot
2021-12-14Cado SecurityMatt Muir
@online{muir:20211214:analysis:fb34f1a, author = {Matt Muir}, title = {{Analysis of Novel Khonsari Ransomware Deployed by the Log4Shell Vulnerability}}, date = {2021-12-14}, organization = {Cado Security}, url = {https://www.cadosecurity.com/analysis-of-novel-khonsari-ransomware-deployed-by-the-log4shell-vulnerability/}, language = {English}, urldate = {2022-01-18} } Analysis of Novel Khonsari Ransomware Deployed by the Log4Shell Vulnerability
Khonsari
2021-12-13Cado SecurityCado Security
@online{security:20211213:analysis:6199122, author = {Cado Security}, title = {{Analysis of Initial In The Wild Attacks Exploiting Log4Shell/Log4J/CVE-2021-44228}}, date = {2021-12-13}, organization = {Cado Security}, url = {https://www.cadosecurity.com/analysis-of-initial-in-the-wild-attacks-exploiting-log4shell-log4j-cve-2021-44228/}, language = {English}, urldate = {2022-01-18} } Analysis of Initial In The Wild Attacks Exploiting Log4Shell/Log4J/CVE-2021-44228
Kinsing Mirai Tsunami
2021-12-06MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20211206:nickel:115c365, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{NICKEL targeting government organizations across Latin America and Europe}}, date = {2021-12-06}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/12/06/nickel-targeting-government-organizations-across-latin-america-and-europe/}, language = {English}, urldate = {2021-12-08} } NICKEL targeting government organizations across Latin America and Europe
MimiKatz
2021-12-03KrebsOnSecurityBrian Krebs
@online{krebs:20211203:who:0e59797, author = {Brian Krebs}, title = {{Who Is the Network Access Broker ‘Babam’?}}, date = {2021-12-03}, organization = {KrebsOnSecurity}, url = {https://krebsonsecurity.com/2021/12/who-is-the-network-access-broker-babam/}, language = {English}, urldate = {2021-12-06} } Who Is the Network Access Broker ‘Babam’?
2021-11-30Canadian Centre for Cyber SecurityCanadian Centre for Cyber Security
@techreport{security:20211130:ransomware:aceee64, author = {Canadian Centre for Cyber Security}, title = {{Ransomware playbook ITSM.00.099}}, date = {2021-11-30}, institution = {Canadian Centre for Cyber Security}, url = {https://cyber.gc.ca/sites/default/files/2021-12/itsm00099-ransomware-playbook-2021-final2-en.pdf}, language = {English}, urldate = {2021-12-07} } Ransomware playbook ITSM.00.099
2021-11-24GoogleGoogle Cybersecurity Action Team, Google Threat Analysis Group
@techreport{team:20211124:threat:a837017, author = {Google Cybersecurity Action Team and Google Threat Analysis Group}, title = {{Threat Horizons Cloud Threat Intelligence November 2021. Issue 1}}, date = {2021-11-24}, institution = {Google}, url = {https://services.google.com/fh/files/misc/gcat_threathorizons_full_nov2021.pdf}, language = {English}, urldate = {2021-11-29} } Threat Horizons Cloud Threat Intelligence November 2021. Issue 1
BlackMatter
2021-11-24Lasq's Security BlogLasq's Security Blog
@online{blog:20211124:from:541a657, author = {Lasq's Security Blog}, title = {{From the archive #1: OSTap downloader deobfuscation and analysis}}, date = {2021-11-24}, organization = {Lasq's Security Blog}, url = {https://malfind.com/index.php/2021/11/24/from-the-archive-1-ostap-dropper-deobfuscation-and-analysis/}, language = {English}, urldate = {2021-11-29} } From the archive #1: OSTap downloader deobfuscation and analysis
ostap
2021-11-18MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20211118:iranian:911ab04, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{Iranian targeting of IT sector on the rise}}, date = {2021-11-18}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/18/iranian-targeting-of-it-sector-on-the-rise/}, language = {English}, urldate = {2021-11-19} } Iranian targeting of IT sector on the rise
MimiKatz ShellClient RAT
2021-11-17CISAFBI, CISA, Australian Cyber Security Centre (ACSC), NCSC UK
@techreport{fbi:20211117:alert:e4ba10a, author = {FBI and CISA and Australian Cyber Security Centre (ACSC) and NCSC UK}, title = {{Alert (AA21-321A): Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities}}, date = {2021-11-17}, institution = {CISA}, url = {https://us-cert.cisa.gov/sites/default/files/publications/AA21-321A-Iranian%20Government-Sponsored%20APT%20Actors%20Exploiting%20Microsoft%20Exchange%20and%20Fortinet%20Vulnerabilities.pdf}, language = {English}, urldate = {2022-01-03} } Alert (AA21-321A): Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities
2021-11-17CISACISA
@techreport{cisa:20211117:cybersecurity:28e0ecc, author = {CISA}, title = {{Cybersecurity Incident & Vulnerability Response Playbooks}}, date = {2021-11-17}, institution = {CISA}, url = {https://www.cisa.gov/sites/default/files/publications/Federal_Government_Cybersecurity_Incident_and_Vulnerability_Response_Playbooks_508C.pdf}, language = {English}, urldate = {2021-11-19} } Cybersecurity Incident & Vulnerability Response Playbooks
2021-11-16HornetsecuritySecurity Lab
@online{lab:20211116:comeback:7f2b540, author = {Security Lab}, title = {{Comeback of Emotet}}, date = {2021-11-16}, organization = {Hornetsecurity}, url = {https://www.hornetsecurity.com/en/threat-research/comeback-emotet/}, language = {English}, urldate = {2021-11-25} } Comeback of Emotet
Emotet
2021-11-14Github (gabrielcurrie)Gabriel Currie
@techreport{currie:20211114:ready:7398ccf, author = {Gabriel Currie}, title = {{Ready for (nearly) anything: Five things to prepare for a cyber security incident}}, date = {2021-11-14}, institution = {Github (gabrielcurrie)}, url = {https://raw.githubusercontent.com/gabrielcurrie/conference-talks/main/2021%20-%20BSides%20London%20-%20Five%20Things%20to%20Prepare%20for%20a%20Cyber%20Incident.pdf}, language = {English}, urldate = {2021-11-29} } Ready for (nearly) anything: Five things to prepare for a cyber security incident