Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-17CrowdStrikeThomas Moses, Sarang Sonawane, Liviu Arsene
@online{moses:20211117:ransomware:5d7431b, author = {Thomas Moses and Sarang Sonawane and Liviu Arsene}, title = {{Ransomware (R)evolution Plagues Organizations, But CrowdStrike Protection Never Wavers}}, date = {2021-11-17}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-crowdstrike-prevents-volume-shadow-tampering-by-lockbit-ransomware/}, language = {English}, urldate = {2021-11-19} } Ransomware (R)evolution Plagues Organizations, But CrowdStrike Protection Never Wavers
LockBit
2021-10-26cyjaxwilliam thomas
@online{thomas:20211026:mercenary:4f7e570, author = {william thomas}, title = {{Mercenary APTs – An Exploration}}, date = {2021-10-26}, organization = {cyjax}, url = {https://www.cyjax.com/2021/10/26/mercenary-apts-an-exploration/}, language = {English}, urldate = {2021-11-03} } Mercenary APTs – An Exploration
Chrysaor
2021-09-14TelekomThomas Barabosch
@online{barabosch:20210914:flubots:a0b25c3, author = {Thomas Barabosch}, title = {{Flubot’s Smishing Campaigns under the Microscope}}, date = {2021-09-14}, organization = {Telekom}, url = {https://www.telekom.com/en/blog/group/article/flubot-under-the-microscope-636368}, language = {English}, urldate = {2021-09-22} } Flubot’s Smishing Campaigns under the Microscope
Anatsa FluBot
2021-08-24VolexityDamien Cash, Josh Grunzweig, Steven Adair, Thomas Lancaster
@online{cash:20210824:north:aab532f, author = {Damien Cash and Josh Grunzweig and Steven Adair and Thomas Lancaster}, title = {{North Korean BLUELIGHT Special: InkySquid Deploys RokRAT}}, date = {2021-08-24}, organization = {Volexity}, url = {https://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/}, language = {English}, urldate = {2021-08-31} } North Korean BLUELIGHT Special: InkySquid Deploys RokRAT
RokRAT
2021-08-17Volatility LabsDamien Cash, Josh Grunzweig, Matthew Meltzer, Steven Adair, Thomas Lancaster
@online{cash:20210817:north:e84fb02, author = {Damien Cash and Josh Grunzweig and Matthew Meltzer and Steven Adair and Thomas Lancaster}, title = {{North Korean APT37 / InkySquid Infects Victims Using Browser Exploits}}, date = {2021-08-17}, organization = {Volatility Labs}, url = {https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/}, language = {English}, urldate = {2021-08-20} } North Korean APT37 / InkySquid Infects Victims Using Browser Exploits
APT37
2021-07-26MalwarebytesThomas Reed
@online{reed:20210726:osxxloader:b3818a3, author = {Thomas Reed}, title = {{OSX.XLoader hides little except its main purpose: What we learned in the installation process}}, date = {2021-07-26}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/mac/2021/07/osx-xloader-hides-little-except-its-main-purpose-what-we-learned-in-the-installation-process/}, language = {English}, urldate = {2021-08-02} } OSX.XLoader hides little except its main purpose: What we learned in the installation process
Xloader
2021-06-21RAND CorporationNathan Beauchamp-Mustafaga, Derek Grossman, Kristen Gunness, Michael S. Chase, Marigold Black, Natalia D. Simmons-Thomas
@techreport{beauchampmustafaga:20210621:deciphering:997606b, author = {Nathan Beauchamp-Mustafaga and Derek Grossman and Kristen Gunness and Michael S. Chase and Marigold Black and Natalia D. Simmons-Thomas}, title = {{Deciphering Chinese Deterrence Signalling in the New Era An Analytic Framework and Seven Case Studies}}, date = {2021-06-21}, institution = {RAND Corporation}, url = {https://www.rand.org/content/dam/rand/pubs/research_reports/RRA1000/RR-A1074-1/RAND_RRA1074-1.pdf}, language = {English}, urldate = {2021-07-24} } Deciphering Chinese Deterrence Signalling in the New Era An Analytic Framework and Seven Case Studies
2021-06-09ESET ResearchThomas Dupuy, Matthieu Faou
@online{dupuy:20210609:gelsemium:34ccc46, author = {Thomas Dupuy and Matthieu Faou}, title = {{Gelsemium: When threat actors go gardening}}, date = {2021-06-09}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/06/09/gelsemium-when-threat-actors-go-gardening/}, language = {English}, urldate = {2021-06-16} } Gelsemium: When threat actors go gardening
Gelsemium
2021-06-09ESET ResearchThomas Dupuy, Matthieu Faou
@techreport{dupuy:20210609:gelsemium:05483d4, author = {Thomas Dupuy and Matthieu Faou}, title = {{Gelsemium: When threat actors go gardening}}, date = {2021-06-09}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2021/06/eset_gelsemium.pdf}, language = {English}, urldate = {2021-06-09} } Gelsemium: When threat actors go gardening
Owlproxy
2021-05-27cyjaxwilliam thomas
@online{thomas:20210527:financial:14d8565, author = {william thomas}, title = {{Financial spear-phishing campaigns pushing RATs}}, date = {2021-05-27}, organization = {cyjax}, url = {https://www.cyjax.com/2021/05/27/financial-spear-phishing-campaigns-pushing-rats/}, language = {English}, urldate = {2021-06-16} } Financial spear-phishing campaigns pushing RATs
2021-05-27VolexityDamien Cash, Josh Grunzweig, Matthew Meltzer, Sean Koessel, Steven Adair, Thomas Lancaster
@online{cash:20210527:suspected:beb9dd9, author = {Damien Cash and Josh Grunzweig and Matthew Meltzer and Sean Koessel and Steven Adair and Thomas Lancaster}, title = {{Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns}}, date = {2021-05-27}, organization = {Volexity}, url = {https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/}, language = {English}, urldate = {2021-06-09} } Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns
Cobalt Strike
2021-05-17TelekomThomas Barabosch
@online{barabosch:20210517:lets:04a8b63, author = {Thomas Barabosch}, title = {{Let’s set ice on fire: Hunting and detecting IcedID infections}}, date = {2021-05-17}, organization = {Telekom}, url = {https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240}, language = {English}, urldate = {2021-05-17} } Let’s set ice on fire: Hunting and detecting IcedID infections
IcedID
2021-05-10WirtschaftswocheThomas Kuhn
@online{kuhn:20210510:how:5f1953b, author = {Thomas Kuhn}, title = {{How one of the largest hacker networks in the world was paralyzed}}, date = {2021-05-10}, organization = {Wirtschaftswoche}, url = {https://www.wiwo.de/my/technologie/digitale-welt/emotet-netzwerk-wie-eines-der-groessten-hacker-netzwerke-der-welt-lahmgelegt-wurde/27164048.html}, language = {German}, urldate = {2021-05-13} } How one of the largest hacker networks in the world was paralyzed
Emotet
2021-04-06McAfeeThomas Roccia, Thibault Seret, Alexandre Mundo
@techreport{roccia:20210406:technical:3adb4cc, author = {Thomas Roccia and Thibault Seret and Alexandre Mundo}, title = {{Technical Analysis of Cuba Ransomware}}, date = {2021-04-06}, institution = {McAfee}, url = {https://www.mcafee.com/enterprise/en-us/assets/reports/rp-cuba-ransomware.pdf}, language = {English}, urldate = {2021-04-09} } Technical Analysis of Cuba Ransomware
Cuba
2021-04-06McAfeeThomas Roccia, Thibault Seret, Alexandre Mundo
@online{roccia:20210406:mcafee:1ad60c9, author = {Thomas Roccia and Thibault Seret and Alexandre Mundo}, title = {{McAfee ATR Threat Report: A Quick Primer on Cuba Ransomware}}, date = {2021-04-06}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-threat-report-a-quick-primer-on-cuba-ransomware}, language = {English}, urldate = {2021-05-13} } McAfee ATR Threat Report: A Quick Primer on Cuba Ransomware
Cuba
2021-03-10ESET ResearchThomas Dupuy, Matthieu Faou, Mathieu Tartare
@online{dupuy:20210310:exchange:8f65a1f, author = {Thomas Dupuy and Matthieu Faou and Mathieu Tartare}, title = {{Exchange servers under siege from at least 10 APT groups}}, date = {2021-03-10}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/}, language = {English}, urldate = {2021-03-11} } Exchange servers under siege from at least 10 APT groups
Microcin MimiKatz PlugX Winnti
2021-03-02VolexityJosh Grunzweig, Matthew Meltzer, Sean Koessel, Steven Adair, Thomas Lancaster
@online{grunzweig:20210302:operation:44c264f, author = {Josh Grunzweig and Matthew Meltzer and Sean Koessel and Steven Adair and Thomas Lancaster}, title = {{Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities}}, date = {2021-03-02}, organization = {Volexity}, url = {https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/}, language = {English}, urldate = {2021-03-07} } Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities
CHINACHOPPER HAFNIUM
2021-02-24McAfeeAlexandre Mundo, Thibault Seret, Thomas Roccia, John Fokker
@techreport{mundo:20210224:technical:4d09445, author = {Alexandre Mundo and Thibault Seret and Thomas Roccia and John Fokker}, title = {{Technical Analysis of Babuk Ransomware}}, date = {2021-02-24}, institution = {McAfee}, url = {https://www.mcafee.com/enterprise/en-us/assets/reports/rp-babuk-ransomware.pdf}, language = {English}, urldate = {2021-02-25} } Technical Analysis of Babuk Ransomware
Babuk
2021-01-280xC0DECAFEThomas Barabosch
@online{barabosch:20210128:learn:8ffa412, author = {Thomas Barabosch}, title = {{Learn how to fix PE magic numbers with Malduck}}, date = {2021-01-28}, organization = {0xC0DECAFE}, url = {https://0xc0decafe.com/fix-pe-magic-numbers-with-malduck/}, language = {English}, urldate = {2021-02-06} } Learn how to fix PE magic numbers with Malduck
2021-01-080xC0DECAFEThomas Barabosch
@online{barabosch:20210108:malware:27c7ee2, author = {Thomas Barabosch}, title = {{The malware analyst’s guide to aPLib decompression}}, date = {2021-01-08}, organization = {0xC0DECAFE}, url = {https://0xc0decafe.com/malware-analysts-guide-to-aplib-decompression/}, language = {English}, urldate = {2021-01-11} } The malware analyst’s guide to aPLib decompression
ISFB Rovnix