Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-23laceworkJared Stroud, Tom Hegel
@online{stroud:20210923:hcrootkit:5100508, author = {Jared Stroud and Tom Hegel}, title = {{HCRootkit / Sutersu Linux Rootkit Analysis}}, date = {2021-09-23}, organization = {lacework}, url = {https://www.lacework.com/blog/hcrootkit-sutersu-linux-rootkit-analysis/}, language = {English}, urldate = {2021-09-29} } HCRootkit / Sutersu Linux Rootkit Analysis
2021-06-21laceworkTom Hegel
@online{hegel:20210621:threat:105ce11, author = {Tom Hegel}, title = {{Threat Hunting SSH Keys – Bash Script Feature Pivoting}}, date = {2021-06-21}, organization = {lacework}, url = {https://www.lacework.com/blog/threat-hunting-ssh-keys-bash-script-feature-pivoting/}, language = {English}, urldate = {2021-06-24} } Threat Hunting SSH Keys – Bash Script Feature Pivoting
2021-05-20laceworkJared Stroud, Chris Hall, Tom Hegel
@online{stroud:20210520:8220:c309f60, author = {Jared Stroud and Chris Hall and Tom Hegel}, title = {{8220 Gangs Recent use of Custom Miner and Botnet}}, date = {2021-05-20}, organization = {lacework}, url = {https://www.lacework.com/8220-gangs-recent-use-of-custom-miner-and-botnet/}, language = {English}, urldate = {2021-05-26} } 8220 Gangs Recent use of Custom Miner and Botnet
2021-04-13laceworkTom Hegel
@online{hegel:20210413:carbine:c4dd5ef, author = {Tom Hegel}, title = {{Carbine Loader Cryptojacking Campaign}}, date = {2021-04-13}, organization = {lacework}, url = {https://www.lacework.com/carbine-loader-cryptojacking-campaign/}, language = {English}, urldate = {2021-04-20} } Carbine Loader Cryptojacking Campaign
2021-01-13AlienVaultTom Hegel
@techreport{hegel:20210113:global:72b7b9d, author = {Tom Hegel}, title = {{A Global Perspective of the SideWinder APT}}, date = {2021-01-13}, institution = {AlienVault}, url = {https://cdn-cybersecurity.att.com/docs/global-perspective-of-the-sidewinder-apt.pdf}, language = {English}, urldate = {2021-01-18} } A Global Perspective of the SideWinder APT
8.t Dropper Koadic SideWinder
2018-05-03ProtectWiseTom Hegel
@online{hegel:20180503:burning:2837854, author = {Tom Hegel}, title = {{Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers}}, date = {2018-05-03}, organization = {ProtectWise}, url = {https://401trg.com/burning-umbrella/}, language = {English}, urldate = {2019-10-15} } Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers
Axiom
2017-10-16401TRGTom Hegel
@online{hegel:20171016:update:9033e56, author = {Tom Hegel}, title = {{An Update on Winnti (LEAD/APT17)}}, date = {2017-10-16}, organization = {401TRG}, url = {https://401trg.pw/an-update-on-winnti/}, language = {English}, urldate = {2019-08-05} } An Update on Winnti (LEAD/APT17)
2017-07-11401 TRGTom Hegel, Nate Marx
@online{hegel:20170711:winnti:e03c673, author = {Tom Hegel and Nate Marx}, title = {{Winnti (LEAD/APT17) Evolution - Going Open Source}}, date = {2017-07-11}, organization = {401 TRG}, url = {https://401trg.pw/winnti-evolution-going-open-source/}, language = {English}, urldate = {2019-12-18} } Winnti (LEAD/APT17) Evolution - Going Open Source