Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-28Twitter (@_icebre4ker_)Fr4
@online{fr4:20220628:revive:7582d22, author = {Fr4}, title = {{Revive and Coper are using similar phishing template and app}}, date = {2022-06-28}, organization = {Twitter (@_icebre4ker_)}, url = {https://twitter.com/_icebre4ker_/status/1541875982684094465}, language = {English}, urldate = {2022-06-29} } Revive and Coper are using similar phishing template and app
Coper
2022-06-17Github (NtQuerySystemInformation)Twitter (@kasua02)
@techreport{kasua02:20220617:reverse:b218c67, author = {Twitter (@kasua02)}, title = {{A reverse engineer primer on Qakbot Dll Stager: From initial execution to multithreading.}}, date = {2022-06-17}, institution = {Github (NtQuerySystemInformation)}, url = {https://raw.githubusercontent.com/NtQuerySystemInformation/Malware-RE-papers/main/Qakbot%20report.pdf}, language = {English}, urldate = {2022-07-01} } A reverse engineer primer on Qakbot Dll Stager: From initial execution to multithreading.
QakBot
2022-06-14Twitter (@3xp0rtblog)3xp0rt
@online{3xp0rt:20220614:keona:a8f556d, author = {3xp0rt}, title = {{Tweet on Keona Clipper}}, date = {2022-06-14}, organization = {Twitter (@3xp0rtblog)}, url = {https://twitter.com/3xp0rtblog/status/1536704209760010241}, language = {English}, urldate = {2022-07-01} } Tweet on Keona Clipper
Keona
2022-06-02Twitter (@sysopfb)Jason Reaves
@online{reaves:20220602:tweets:b70da25, author = {Jason Reaves}, title = {{Tweets on UpdateAgent - GolangVersion}}, date = {2022-06-02}, organization = {Twitter (@sysopfb)}, url = {https://twitter.com/sysopfb/status/1532442456343691273}, language = {English}, urldate = {2022-06-04} } Tweets on UpdateAgent - GolangVersion
UpdateAgent
2022-05-08Twitter (@cyb3rops)Florian Roth
@online{roth:20220508:source:86add3e, author = {Florian Roth}, title = {{Tweet on source code for BPFDoor found on VT}}, date = {2022-05-08}, organization = {Twitter (@cyb3rops)}, url = {https://twitter.com/cyb3rops/status/1523227511551033349}, language = {English}, urldate = {2022-05-09} } Tweet on source code for BPFDoor found on VT
BPFDoor
2022-05-08Twitter (@CraigHRowland)Craig Rowland
@online{rowland:20220508:twitter:bf58ca0, author = {Craig Rowland}, title = {{Twitter Thread with description of functionality for BPFDoor}}, date = {2022-05-08}, organization = {Twitter (@CraigHRowland)}, url = {https://twitter.com/CraigHRowland/status/1523266585133457408}, language = {English}, urldate = {2022-06-09} } Twitter Thread with description of functionality for BPFDoor
BPFDoor
2022-05-06Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20220506:twitter:7a00df8, author = {Microsoft Security Intelligence}, title = {{Twitter Thread on initial infeciton of SocGholish/ FAKEUPDATES campaigns lead to BLISTER Loader, CobaltStrike, Lockbit and followed by Hands On Keyboard activity}}, date = {2022-05-06}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1522690116979855360}, language = {English}, urldate = {2022-05-09} } Twitter Thread on initial infeciton of SocGholish/ FAKEUPDATES campaigns lead to BLISTER Loader, CobaltStrike, Lockbit and followed by Hands On Keyboard activity
FAKEUPDATES Blister Cobalt Strike LockBit
2022-05-04Twitter (@felixw3000)Felix
@online{felix:20220504:twitter:0fb7e35, author = {Felix}, title = {{Twitter Thread with info on infection chain with IcedId, Cobalt Strike, and Hidden VNC.}}, date = {2022-05-04}, organization = {Twitter (@felixw3000)}, url = {https://twitter.com/felixw3000/status/1521816045769662468}, language = {English}, urldate = {2022-05-09} } Twitter Thread with info on infection chain with IcedId, Cobalt Strike, and Hidden VNC.
Cobalt Strike IcedID PhotoLoader
2022-05-04Twitter (@ESETresearch)Twitter (@ESETresearch)
@online{esetresearch:20220504:twitter:48f1a89, author = {Twitter (@ESETresearch)}, title = {{Twitter thread on code similarity analysis, focussing on IsaacWiper and recent Cluster25 publication}}, date = {2022-05-04}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1521910890072842240}, language = {English}, urldate = {2022-05-05} } Twitter thread on code similarity analysis, focussing on IsaacWiper and recent Cluster25 publication
IsaacWiper
2022-04-28vx-undergroundTwitter (@vxunderground)
@online{vxunderground:20220428:leaked:50e2110, author = {Twitter (@vxunderground)}, title = {{Tweet on leaked Prynt Stealer source code and similarity to AyncRAT}}, date = {2022-04-28}, organization = {vx-underground}, url = {https://twitter.com/vxunderground/status/1519632014361640960}, language = {English}, urldate = {2022-04-29} } Tweet on leaked Prynt Stealer source code and similarity to AyncRAT
AsyncRAT Prynt Stealer
2022-04-28Twitter (@vinopaljiri)Jiří Vinopal
@online{vinopal:20220428:onyx:b2312e0, author = {Jiří Vinopal}, title = {{#ONYX Ransomware is based on #Chaos Ransomware Builderv4}}, date = {2022-04-28}, organization = {Twitter (@vinopaljiri)}, url = {https://twitter.com/vinopaljiri/status/1519645742440329216}, language = {English}, urldate = {2022-05-03} } #ONYX Ransomware is based on #Chaos Ransomware Builderv4
Chaos
2022-04-19Twitter (@Cryptolaemus1)Cryptolaemus
@online{cryptolaemus:20220419:emotet:c68608b, author = {Cryptolaemus}, title = {{#Emotet Update: 64 bit upgrade of Epoch 5}}, date = {2022-04-19}, organization = {Twitter (@Cryptolaemus1)}, url = {https://twitter.com/Cryptolaemus1/status/1516535343281025032}, language = {English}, urldate = {2022-04-20} } #Emotet Update: 64 bit upgrade of Epoch 5
Emotet
2022-04-12Twitter (@apt773)Section 773
@online{773:20220412:tween:9f9a70c, author = {Section 773}, title = {{Tween on Lapsus$ (UNC3661) Attack chain of compromise via Sitel (Okta subprocessor)'s systems}}, date = {2022-04-12}, organization = {Twitter (@apt773)}, url = {https://twitter.com/apt773/status/1513909922643476485}, language = {English}, urldate = {2022-04-15} } Tween on Lapsus$ (UNC3661) Attack chain of compromise via Sitel (Okta subprocessor)'s systems
2022-04-12Twitter (@silascutler)Silas Cutler
@online{cutler:20220412:analysis:561c2a2, author = {Silas Cutler}, title = {{Tweet on analysis of CADDYWIPER used alongside with INDUSTROYER2}}, date = {2022-04-12}, organization = {Twitter (@silascutler)}, url = {https://twitter.com/silascutler/status/1513870210398363651}, language = {English}, urldate = {2022-05-25} } Tweet on analysis of CADDYWIPER used alongside with INDUSTROYER2
CaddyWiper INDUSTROYER2
2022-04-11Twitter (@3xp0rtblog)3xp0rt
@online{3xp0rt:20220411:safire:69718f1, author = {3xp0rt}, title = {{Tweet on Safire Miner}}, date = {2022-04-11}, organization = {Twitter (@3xp0rtblog)}, url = {https://twitter.com/3xp0rtblog/status/1513099720578801670}, language = {English}, urldate = {2022-05-04} } Tweet on Safire Miner
2022-04-07Twitter (@ChicagoCyber)Joshua Miller
@online{miller:20220407:ta455:32fe370, author = {Joshua Miller}, title = {{Tweet on TA455 (Iranian threat actor) IoCs}}, date = {2022-04-07}, organization = {Twitter (@ChicagoCyber)}, url = {https://twitter.com/ChicagoCyber/status/1512071759712817156}, language = {English}, urldate = {2022-04-12} } Tweet on TA455 (Iranian threat actor) IoCs
2022-04-01Twitter (@3xp0rtblog)3xp0rt
@online{3xp0rt:20220401:000stealer:8b1ea3c, author = {3xp0rt}, title = {{Tweet on 000stealer, written in GO and its panel}}, date = {2022-04-01}, organization = {Twitter (@3xp0rtblog)}, url = {https://twitter.com/3xp0rtblog/status/1509978637189419008}, language = {English}, urldate = {2022-05-04} } Tweet on 000stealer, written in GO and its panel
000Stealer
2022-03-31Twitter (@3xp0rtblog)3xp0rt
@online{3xp0rt:20220331:eternity:86e2c72, author = {3xp0rt}, title = {{Tweet on Eternity stealer}}, date = {2022-03-31}, organization = {Twitter (@3xp0rtblog)}, url = {https://twitter.com/3xp0rtblog/status/1509601846494695438}, language = {English}, urldate = {2022-05-04} } Tweet on Eternity stealer
Eternity Stealer
2022-03-31Twitter (@LukasStefanko)Lukáš Štefanko
@online{tefanko:20220331:vajraspy:1a8d32b, author = {Lukáš Štefanko}, title = {{Tweet on VajraSpy}}, date = {2022-03-31}, organization = {Twitter (@LukasStefanko)}, url = {https://twitter.com/LukasStefanko/status/1509451238366236674}, language = {English}, urldate = {2022-03-31} } Tweet on VajraSpy
VajraSpy
2022-03-30Twitter (@hpsecurity)HP Wolf Security
@online{security:20220330:recent:56ca1b3, author = {HP Wolf Security}, title = {{Tweet on recent Mekotio Banker campaign}}, date = {2022-03-30}, organization = {Twitter (@hpsecurity)}, url = {https://twitter.com/hpsecurity/status/1509185858146082816}, language = {English}, urldate = {2022-03-31} } Tweet on recent Mekotio Banker campaign
Mekotio