Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-08MandiantDANIEL LEE, Stephen Eckels, Ben Read
@online{lee:20230308:suspected:ebbc1c8, author = {DANIEL LEE and Stephen Eckels and Ben Read}, title = {{Suspected Chinese Campaign to Persist on SonicWall Devices, Highlights Importance of Monitoring Edge Devices}}, date = {2023-03-08}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall}, language = {English}, urldate = {2023-04-22} } Suspected Chinese Campaign to Persist on SonicWall Devices, Highlights Importance of Monitoring Edge Devices
2022-06-21SonicWallSonicWall
@online{sonicwall:20220621:html:63e527d, author = {SonicWall}, title = {{HTML Application Files are being used to distribute Smoke Loader Malware}}, date = {2022-06-21}, organization = {SonicWall}, url = {https://securitynews.sonicwall.com/xmlpost/html-application-hta-files-are-being-used-to-distribute-smoke-loader-malware/}, language = {English}, urldate = {2022-06-29} } HTML Application Files are being used to distribute Smoke Loader Malware
SmokeLoader
2021-08-06SonicWallSonicWall
@online{sonicwall:20210806:redosdruv:d5fa008, author = {SonicWall}, title = {{Redosdru.v Malware that hides in encrypted DLL Files to avoid Detection by Firewalls}}, date = {2021-08-06}, organization = {SonicWall}, url = {https://securitynews.sonicwall.com/xmlpost/redosdru-v-malware-that-hides-in-encrypted-dll-files-to-avoid-detection-by-firewalls-may-112016/}, language = {English}, urldate = {2021-08-06} } Redosdru.v Malware that hides in encrypted DLL Files to avoid Detection by Firewalls
Redosdru
2021-07-17Bleeping ComputerSergiu Gatlan
@online{gatlan:20210717:hellokitty:96a6fe5, author = {Sergiu Gatlan}, title = {{HelloKitty ransomware is targeting vulnerable SonicWall devices}}, date = {2021-07-17}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-is-targeting-vulnerable-sonicwall-devices/}, language = {English}, urldate = {2021-07-20} } HelloKitty ransomware is targeting vulnerable SonicWall devices
HelloKitty
2021-06-08CrowdStrikeHeather Smith, Hanno Heinrichs
@online{smith:20210608:another:8ed0192, author = {Heather Smith and Hanno Heinrichs}, title = {{Another Brick in the Wall: eCrime Groups Leverage SonicWall VPN Vulnerability}}, date = {2021-06-08}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-ecrime-groups-leverage-sonicwall-vulnerability-cve-2019-7481/}, language = {English}, urldate = {2021-06-09} } Another Brick in the Wall: eCrime Groups Leverage SonicWall VPN Vulnerability
2021-04-20FireEyeJosh Fleischer, Chris DiGiamo, Alex Pennino
@online{fleischer:20210420:zeroday:0641c6a, author = {Josh Fleischer and Chris DiGiamo and Alex Pennino}, title = {{Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise}}, date = {2021-04-20}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/04/zero-day-exploits-in-sonicwall-email-security-lead-to-compromise.html}, language = {English}, urldate = {2021-04-28} } Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise
2021-03-26SonicWallSonicWall CaptureLabs Threats Research Team
@online{team:20210326:chinas:d31ffa4, author = {SonicWall CaptureLabs Threats Research Team}, title = {{China’s “Winnti” Spyder Module}}, date = {2021-03-26}, organization = {SonicWall}, url = {https://securitynews.sonicwall.com/xmlpost/chinas-winnti-spyder-module/}, language = {English}, urldate = {2021-07-20} } China’s “Winnti” Spyder Module
Spyder
2021-02-01SonicWallSonicWall
@online{sonicwall:20210201:urgent:1b2f884, author = {SonicWall}, title = {{Urgent Security Notice: SonicWall Confirms SMA 100 Series 10. X Zero-Day Vulnerability}}, date = {2021-02-01}, organization = {SonicWall}, url = {https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-confirms-sma-100-series-10-x-zero-day-vulnerability-feb-1-2-p-m-cst/210122173415410/}, language = {English}, urldate = {2021-02-02} } Urgent Security Notice: SonicWall Confirms SMA 100 Series 10. X Zero-Day Vulnerability
2021-01-31Twitter (@NCCGroupInfosec)NCCGroup
@online{nccgroup:20210131:itw:c033bfc, author = {NCCGroup}, title = {{Tweet on ITW exploitation of 0-day in SonicWall SMA 100 series}}, date = {2021-01-31}, organization = {Twitter (@NCCGroupInfosec)}, url = {https://twitter.com/NCCGroupInfosec/status/1355850304596680705}, language = {English}, urldate = {2021-02-02} } Tweet on ITW exploitation of 0-day in SonicWall SMA 100 series
2021-01-24Darren’s WebsiteDarren Martyn
@online{martyn:20210124:visualdoor:3e91780, author = {Darren Martyn}, title = {{VisualDoor: SonicWall SSL-VPN Exploit}}, date = {2021-01-24}, organization = {Darren’s Website}, url = {https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/amp/?__twitter_impression=true}, language = {English}, urldate = {2021-01-25} } VisualDoor: SonicWall SSL-VPN Exploit
2020-01-09SonicWallSonicWall
@online{sonicwall:20200109:servhelper:3e6a00c, author = {SonicWall}, title = {{ServHelper 2.0: Enriched with bot capabilities and allow remote desktop access}}, date = {2020-01-09}, organization = {SonicWall}, url = {https://securitynews.sonicwall.com/xmlpost/servhelper-2-0-enriched-with-bot-capabilities-and-allow-remote-desktop-access/}, language = {English}, urldate = {2020-09-18} } ServHelper 2.0: Enriched with bot capabilities and allow remote desktop access
ServHelper
2019-12-13SonicWallSonicWall
@online{sonicwall:20191213:lalala:082f090, author = {SonicWall}, title = {{LALALA InfoStealer which comes with Batch and PowerShell scripting combo}}, date = {2019-12-13}, organization = {SonicWall}, url = {https://securitynews.sonicwall.com/xmlpost/lalala-infostealer-which-comes-with-batch-and-powershell-scripting-combo/}, language = {English}, urldate = {2020-05-29} } LALALA InfoStealer which comes with Batch and PowerShell scripting combo
LALALA Stealer
2018-09-21SonicWallSonicWall CaptureLabs Threats Research Team
@online{team:20180921:vigilante:ede26ef, author = {SonicWall CaptureLabs Threats Research Team}, title = {{VIGILANTE MALWARE REMOVES CRYPTOMINERS FROM THE INFECTED DEVICE}}, date = {2018-09-21}, organization = {SonicWall}, url = {https://securitynews.sonicwall.com/xmlpost/vigilante-malware-removes-cryptominers-from-the-infected-device/}, language = {English}, urldate = {2019-10-13} } VIGILANTE MALWARE REMOVES CRYPTOMINERS FROM THE INFECTED DEVICE
FBot
2018-09-09Palo Alto Networks Unit 42Ruchna Nigam
@online{nigam:20180909:multiexploit:c3960d3, author = {Ruchna Nigam}, title = {{Multi-exploit IoT/Linux Botnets Mirai and Gafgyt Target Apache Struts, SonicWall}}, date = {2018-09-09}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall/}, language = {English}, urldate = {2023-08-28} } Multi-exploit IoT/Linux Botnets Mirai and Gafgyt Target Apache Struts, SonicWall
Bashlite Mirai
2015SonicWallSonicWall
@online{sonicwall:2015:laziok:5d02cc8, author = {SonicWall}, title = {{Laziok Malware Targets Energy Companies}}, date = {2015}, organization = {SonicWall}, url = {https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=802}, language = {English}, urldate = {2019-10-23} } Laziok Malware Targets Energy Companies
Laziok
2014-02-21SonicWallEd Miles
@online{miles:20140221:cve:fec48e2, author = {Ed Miles}, title = {{CVE 2014-0322 Malware - Sakurel (Feb 21, 2014)}}, date = {2014-02-21}, organization = {SonicWall}, url = {https://web.archive.org/web/20151001235506/https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=654}, language = {English}, urldate = {2022-06-02} } CVE 2014-0322 Malware - Sakurel (Feb 21, 2014)
Sakula RAT