Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-11-21TrellixErnesto Fernández Provecho, Pham Duy Phuc, Ciana Driscoll, Vinoo Thomas
@online{provecho:20231121:continued:8a0bc28, author = {Ernesto Fernández Provecho and Pham Duy Phuc and Ciana Driscoll and Vinoo Thomas}, title = {{The Continued Evolution of the DarkGate Malware-as-a-Service}}, date = {2023-11-21}, organization = {Trellix}, url = {https://www.trellix.com/about/newsroom/stories/research/the-continued-evolution-of-the-darkgate-malware-as-a-service/}, language = {English}, urldate = {2023-11-27} } The Continued Evolution of the DarkGate Malware-as-a-Service
DarkGate
2023-08-31Rapid7 LabsNatalie Zargarov, Thomas Elkins, Evan McCann, Tyler McGraw
@online{zargarov:20230831:fake:4b8ef57, author = {Natalie Zargarov and Thomas Elkins and Evan McCann and Tyler McGraw}, title = {{Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers}}, date = {2023-08-31}, organization = {Rapid7 Labs}, url = {https://www.rapid7.com/blog/post/2023/08/31/fake-update-utilizes-new-idat-loader-to-execute-stealc-and-lumma-infostealers/}, language = {English}, urldate = {2023-11-22} } Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers
FAKEUPDATES Amadey HijackLoader Lumma Stealer SectopRAT
2023-08-30ForbesThomas Brewster
@online{brewster:20230830:fake:5e4a7a3, author = {Thomas Brewster}, title = {{A Fake Signal App Was Planted On Google Play By China-Linked Hackers}}, date = {2023-08-30}, organization = {Forbes}, url = {https://www.forbes.com/sites/thomasbrewster/2023/08/30/malicious-signal-app-planted-on-google-play-by-china-linked-cyber-spies/?sh=5873befb48e9}, language = {English}, urldate = {2023-09-11} } A Fake Signal App Was Planted On Google Play By China-Linked Hackers
2023-05-14unfinished.bikeThomas Strömberg
@online{strmberg:20230514:fun:778ad3b, author = {Thomas Strömberg}, title = {{Fun with the new bpfdoor (2023)}}, date = {2023-05-14}, organization = {unfinished.bike}, url = {https://unfinished.bike/fun-with-the-new-bpfdoor-2023}, language = {English}, urldate = {2023-05-24} } Fun with the new bpfdoor (2023)
BPFDoor
2023-05-10Github (MythicAgents)Cody Thomas
@online{thomas:20230510:github:f61310d, author = {Cody Thomas}, title = {{Github Repository for Poseidon}}, date = {2023-05-10}, organization = {Github (MythicAgents)}, url = {https://github.com/MythicAgents/poseidon}, language = {English}, urldate = {2023-10-12} } Github Repository for Poseidon
Poseidon Poseidon
2023-05-10Github (MythicAgents)Cody Thomas
@online{thomas:20230510:github:d1d30c9, author = {Cody Thomas}, title = {{Github Repository for Nimplant}}, date = {2023-05-10}, organization = {Github (MythicAgents)}, url = {https://github.com/MythicAgents/nimplant}, language = {English}, urldate = {2023-10-12} } Github Repository for Nimplant
Nimplant
2023-03-30VolexityAnkur Saini, Callum Roxan, Charlie Gardner, Paul Rascagnères, Steven Adair, Thomas Lancaster
@online{saini:20230330:3cx:82b291e, author = {Ankur Saini and Callum Roxan and Charlie Gardner and Paul Rascagnères and Steven Adair and Thomas Lancaster}, title = {{3CX Supply Chain Compromise Leads to ICONIC Incident}}, date = {2023-03-30}, organization = {Volexity}, url = {https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/}, language = {English}, urldate = {2023-03-30} } 3CX Supply Chain Compromise Leads to ICONIC Incident
3CX Backdoor IconicStealer
2022-12-05AccenturePaul Mansfield, Thomas Willkan
@online{mansfield:20221205:popularity:9c1ed9c, author = {Paul Mansfield and Thomas Willkan}, title = {{Popularity spikes for information stealer malware on the dark web}}, date = {2022-12-05}, organization = {Accenture}, url = {https://www.accenture.com/us-en/blogs/security/information-stealer-malware-on-dark-web}, language = {English}, urldate = {2023-04-28} } Popularity spikes for information stealer malware on the dark web
MetaStealer Rhadamanthys
2022-11-21BSides SydneyThomas Roccia
@online{roccia:20221121:xray:da154d3, author = {Thomas Roccia}, title = {{X-Ray of Malware Evasion Techniques - Analysis, Dissection, Cure?}}, date = {2022-11-21}, organization = {BSides Sydney}, url = {https://speakerdeck.com/fr0gger/x-ray-of-malware-evasion-techniques-analysis-dissection-cure}, language = {English}, urldate = {2022-12-29} } X-Ray of Malware Evasion Techniques - Analysis, Dissection, Cure?
Emotet
2022-06-15VolexitySteven Adair, Thomas Lancaster, Volexity Threat Research
@online{adair:20220615:driftingcloud:58322a8, author = {Steven Adair and Thomas Lancaster and Volexity Threat Research}, title = {{DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach}}, date = {2022-06-15}, organization = {Volexity}, url = {https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/}, language = {English}, urldate = {2022-06-17} } DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach
pupy Sliver
2022-03-22VolexityDamien Cash, Steven Adair, Thomas Lancaster
@online{cash:20220322:storm:236d2ad, author = {Damien Cash and Steven Adair and Thomas Lancaster}, title = {{Storm Cloud on the Horizon: GIMMICK Malware Strikes at macOS}}, date = {2022-03-22}, organization = {Volexity}, url = {https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/}, language = {English}, urldate = {2022-03-23} } Storm Cloud on the Horizon: GIMMICK Malware Strikes at macOS
GIMMICK GIMMICK
2022-02-25EnglertOneThomas Englert
@online{englert:20220225:reverse:fb0652a, author = {Thomas Englert}, title = {{Reverse Engineering | Hermetic Wiper}}, date = {2022-02-25}, organization = {EnglertOne}, url = {https://www.englert.one/hermetic-wiper-reverse-code-engineering}, language = {English}, urldate = {2022-03-01} } Reverse Engineering | Hermetic Wiper
HermeticWiper
2022-02-25Twitter (@fr0gger)Thomas Roccia
@online{roccia:20220225:tweets:68e5727, author = {Thomas Roccia}, title = {{Tweets with an overview of HermeticWiper}}, date = {2022-02-25}, organization = {Twitter (@fr0gger)}, url = {https://twitter.com/fr0gger_/status/1497121876870832128}, language = {English}, urldate = {2022-03-01} } Tweets with an overview of HermeticWiper
HermeticWiper
2022-02-25CrowdStrikewilliam thomas, Adrian Liviu Arsene, Farid Hendi
@online{thomas:20220225:crowdstrike:6af36f9, author = {william thomas and Adrian Liviu Arsene and Farid Hendi}, title = {{CrowdStrike Falcon Protects from New Wiper Malware Used in Ukraine Cyberattacks}}, date = {2022-02-25}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-crowdstrike-falcon-protects-against-wiper-malware-used-in-ukraine-attacks/}, language = {English}, urldate = {2022-03-02} } CrowdStrike Falcon Protects from New Wiper Malware Used in Ukraine Cyberattacks
HermeticWiper
2022-02-03VolexitySteven Adair, Thomas Lancaster
@online{adair:20220203:operation:fd96d5c, author = {Steven Adair and Thomas Lancaster}, title = {{Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra}}, date = {2022-02-03}, organization = {Volexity}, url = {https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/}, language = {English}, urldate = {2022-02-07} } Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra
2021-12-10Mississippi State UniversityDeMarcus M. Thomas Sr.
@online{sr:20211210:detecting:8a6e597, author = {DeMarcus M. Thomas Sr.}, title = {{Detecting malware in memory with memory object relationships}}, date = {2021-12-10}, organization = {Mississippi State University}, url = {https://scholarsjunction.msstate.edu/cgi/viewcontent.cgi?article=6309&context=td}, language = {English}, urldate = {2021-12-31} } Detecting malware in memory with memory object relationships
2021-11-17CrowdStrikeThomas Moses, Sarang Sonawane, Liviu Arsene
@online{moses:20211117:ransomware:5d7431b, author = {Thomas Moses and Sarang Sonawane and Liviu Arsene}, title = {{Ransomware (R)evolution Plagues Organizations, But CrowdStrike Protection Never Wavers}}, date = {2021-11-17}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-crowdstrike-prevents-volume-shadow-tampering-by-lockbit-ransomware/}, language = {English}, urldate = {2021-11-19} } Ransomware (R)evolution Plagues Organizations, But CrowdStrike Protection Never Wavers
LockBit
2021-10-26cyjaxwilliam thomas
@online{thomas:20211026:mercenary:4f7e570, author = {william thomas}, title = {{Mercenary APTs – An Exploration}}, date = {2021-10-26}, organization = {cyjax}, url = {https://www.cyjax.com/2021/10/26/mercenary-apts-an-exploration/}, language = {English}, urldate = {2021-11-03} } Mercenary APTs – An Exploration
Chrysaor
2021-09-14TelekomThomas Barabosch
@online{barabosch:20210914:flubots:a0b25c3, author = {Thomas Barabosch}, title = {{Flubot’s Smishing Campaigns under the Microscope}}, date = {2021-09-14}, organization = {Telekom}, url = {https://www.telekom.com/en/blog/group/article/flubot-under-the-microscope-636368}, language = {English}, urldate = {2021-09-22} } Flubot’s Smishing Campaigns under the Microscope
Anatsa FluBot
2021-08-24VolexityDamien Cash, Josh Grunzweig, Steven Adair, Thomas Lancaster
@online{cash:20210824:north:aab532f, author = {Damien Cash and Josh Grunzweig and Steven Adair and Thomas Lancaster}, title = {{North Korean BLUELIGHT Special: InkySquid Deploys RokRAT}}, date = {2021-08-24}, organization = {Volexity}, url = {https://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/}, language = {English}, urldate = {2021-08-31} } North Korean BLUELIGHT Special: InkySquid Deploys RokRAT
RokRAT