Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-11-20Trend MicroPeter Girnus
@online{girnus:20231120:cve202346604:a07428f, author = {Peter Girnus}, title = {{CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits}}, date = {2023-11-20}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html}, language = {English}, urldate = {2023-11-23} } CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits
2023-10-31Palo Alto Networks Unit 42Daniel Frank, Tom Fakterman
@online{frank:20231031:over:def0823, author = {Daniel Frank and Tom Fakterman}, title = {{Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla)}}, date = {2023-10-31}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/pensive-ursa-uses-upgraded-kazuar-backdoor/}, language = {English}, urldate = {2023-11-14} } Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla)
Kazuar
2023-10-24Sentinel LABSTom Hegel, Aleksandar Milenkoski
@online{hegel:20231024:israelhamas:313d369, author = {Tom Hegel and Aleksandar Milenkoski}, title = {{The Israel-Hamas War | Cyber Domain State-Sponsored Activity of Interest}}, date = {2023-10-24}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/the-israel-hamas-war-cyber-domain-state-sponsored-activity-of-interest/}, language = {English}, urldate = {2023-11-27} } The Israel-Hamas War | Cyber Domain State-Sponsored Activity of Interest
2023-09-25Video Games ChronicleTom Ivan
@online{ivan:20230925:ransomware:61b5db0, author = {Tom Ivan}, title = {{A ransomware group claims to have breached ‘all Sony systems’}}, date = {2023-09-25}, organization = {Video Games Chronicle}, url = {https://www.videogameschronicle.com/news/a-ransomware-group-claims-to-have-beached-all-sony-systems/}, language = {English}, urldate = {2023-12-04} } A ransomware group claims to have breached ‘all Sony systems’
2023-09-21Sentinel LABSTom Hegel
@online{hegel:20230921:cyber:9a6bb38, author = {Tom Hegel}, title = {{Cyber Soft Power | China’s Continental Takeover}}, date = {2023-09-21}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/cyber-soft-power-chinas-continental-takeover/}, language = {English}, urldate = {2023-09-22} } Cyber Soft Power | China’s Continental Takeover
Earth Estries
2023-09-06BitdefenderGraham Clueley
@online{clueley:20230906:pizza:5300b06, author = {Graham Clueley}, title = {{Pizza Hut Australia leaks one million customers' details, claims ShinyHunters hacking group}}, date = {2023-09-06}, organization = {Bitdefender}, url = {https://www.bitdefender.com/blog/hotforsecurity/pizza-hut-australia-leaks-one-million-customers-details-claims-shinyhunters-hacking-group/}, language = {English}, urldate = {2023-11-27} } Pizza Hut Australia leaks one million customers' details, claims ShinyHunters hacking group
2023-09-06MalwarebytesJérôme Segura
@online{segura:20230906:mac:22907a4, author = {Jérôme Segura}, title = {{Mac users targeted in new malvertising campaign delivering Atomic Stealer}}, date = {2023-09-06}, organization = {Malwarebytes}, url = {https://www.malwarebytes.com/blog/threat-intelligence/2023/09/atomic-macos-stealer-delivered-via-malvertising}, language = {English}, urldate = {2023-11-13} } Mac users targeted in new malvertising campaign delivering Atomic Stealer
AMOS NetSupportManager RAT
2023-09-05MorphisecHido Cohen, Arnold Osipov
@online{cohen:20230905:chae:28110b7, author = {Hido Cohen and Arnold Osipov}, title = {{Chae$ 4: New Chaes Malware Variant Targeting Financial and Logistics Customers}}, date = {2023-09-05}, organization = {Morphisec}, url = {https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers}, language = {English}, urldate = {2023-09-06} } Chae$ 4: New Chaes Malware Variant Targeting Financial and Logistics Customers
Chaes
2023-08-31Checkpointhasherezade
@online{hasherezade:20230831:from:dbe4160, author = {hasherezade}, title = {{From Hidden Bee to Rhadamanthys - The Evolution of Custom Executable Formats}}, date = {2023-08-31}, organization = {Checkpoint}, url = {https://research.checkpoint.com/2023/from-hidden-bee-to-rhadamanthys-the-evolution-of-custom-executable-formats/}, language = {English}, urldate = {2023-09-01} } From Hidden Bee to Rhadamanthys - The Evolution of Custom Executable Formats
Hidden Bee Rhadamanthys
2023-08-17SentinelOneAleksandar Milenkoski, Tom Hegel
@online{milenkoski:20230817:chinese:75e4289, author = {Aleksandar Milenkoski and Tom Hegel}, title = {{Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector}}, date = {2023-08-17}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/}, language = {English}, urldate = {2023-08-22} } Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector
Cobalt Strike HUI Loader
2023-08-07Cisco TalosChetan Raghuprasad
@online{raghuprasad:20230807:new:0147488, author = {Chetan Raghuprasad}, title = {{New threat actor targets Bulgaria, China, Vietnam and other countries with customized Yashma ransomware}}, date = {2023-08-07}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/new-threat-actor-using-yashma-ransomware/}, language = {English}, urldate = {2023-08-09} } New threat actor targets Bulgaria, China, Vietnam and other countries with customized Yashma ransomware
Chaos
2023-08-07SentinelOneTom Hegel, Aleksandar Milenkoski
@online{hegel:20230807:comrades:d449b68, author = {Tom Hegel and Aleksandar Milenkoski}, title = {{Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company}}, date = {2023-08-07}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/comrades-in-arms-north-korea-compromises-sanctioned-russian-missile-engineering-company/}, language = {English}, urldate = {2023-08-07} } Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company
OpenCarrot
2023-08-01SentinelOneTom Hegel
@online{hegel:20230801:illicit:d18e46c, author = {Tom Hegel}, title = {{Illicit Brand Impersonation | A Threat Hunting Approach}}, date = {2023-08-01}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/illicit-brand-impersonation-a-threat-hunting-approach/}, language = {English}, urldate = {2023-08-03} } Illicit Brand Impersonation | A Threat Hunting Approach
2023-07-20SentinelOneTom Hegel
@online{hegel:20230720:jumpcloud:691c0c8, author = {Tom Hegel}, title = {{JumpCloud Intrusion | Attacker Infrastructure Links Compromise to North Korean APT Activity}}, date = {2023-07-20}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/jumpcloud-intrusion-attacker-infrastructure-links-compromise-to-north-korean-apt-activity/}, language = {English}, urldate = {2023-07-24} } JumpCloud Intrusion | Attacker Infrastructure Links Compromise to North Korean APT Activity
2023-07-12DragosDragos
@online{dragos:20230712:mitigating:708bc0d, author = {Dragos}, title = {{Mitigating CVE-2023-3595 and CVE-2023-3596 Impacting Rockwell Automation ControlLogix Firmware}}, date = {2023-07-12}, organization = {Dragos}, url = {https://www.dragos.com/blog/mitigating-cves-impacting-rockwell-automation-controllogix-firmware/}, language = {English}, urldate = {2023-07-13} } Mitigating CVE-2023-3595 and CVE-2023-3596 Impacting Rockwell Automation ControlLogix Firmware
2023-07-12sekoia
@online{sekoia:20230712:customerloader:56338e3, author = {sekoia}, title = {{CustomerLoader: a new malware distributing a wide variety of payloads}}, date = {2023-07-12}, url = {https://blog.sekoia.io/customerloader-a-new-malware-distributing-a-wide-variety-of-payloads/#h-c2-servers}, language = {English}, urldate = {2023-07-13} } CustomerLoader: a new malware distributing a wide variety of payloads
CustomerLoader
2023-05-17ANY.RUNANY.RUN
@online{anyrun:20230517:deobfuscating:5a82be9, author = {ANY.RUN}, title = {{Deobfuscating the Latest GuLoader: Automating Analysis with Ghidra Scripting}}, date = {2023-05-17}, organization = {ANY.RUN}, url = {https://any.run/cybersecurity-blog/deobfuscating-guloader/}, language = {English}, urldate = {2023-05-26} } Deobfuscating the Latest GuLoader: Automating Analysis with Ghidra Scripting
CloudEyE
2023-05-16Check Point ResearchItay Cohen, Radoslaw Madej
@online{cohen:20230516:dragon:a2ec63b, author = {Itay Cohen and Radoslaw Madej}, title = {{The Dragon Who Sold his Camaro: Analyzing a Custom Router Implant}}, date = {2023-05-16}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/}, language = {English}, urldate = {2023-06-01} } The Dragon Who Sold his Camaro: Analyzing a Custom Router Implant
Horse Shell
2023-05-15SymantecThreat Hunter Team
@online{team:20230515:lancefly:49fd53e, author = {Threat Hunter Team}, title = {{Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors}}, date = {2023-05-15}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lancefly-merdoor-zxshell-custom-backdoor}, language = {English}, urldate = {2023-05-26} } Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors
Merdoor PlugX ShadowPad ZXShell Lancefly
2023-05-04SentinelOneTom Hegel
@online{hegel:20230504:kimsuky:6f04a16, author = {Tom Hegel}, title = {{Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign}}, date = {2023-05-04}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/kimsuky-evolves-reconnaissance-capabilities-in-new-global-campaign/}, language = {English}, urldate = {2023-05-05} } Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign
BabyShark