Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-09-11KasperskyAlexander Kirichenko, Gleb Ivanov
@online{kirichenko:20230911:from:7fe2d83, author = {Alexander Kirichenko and Gleb Ivanov}, title = {{From Caribbean shores to your devices: analyzing Cuba ransomware}}, date = {2023-09-11}, organization = {Kaspersky}, url = {https://securelist.com/cuba-ransomware/110533/}, language = {English}, urldate = {2023-09-13} } From Caribbean shores to your devices: analyzing Cuba ransomware
Cuba
2023-09-04Cert-UACert-UA
@online{certua:20230904:apt28:5db5c7c, author = {Cert-UA}, title = {{APT28 cyberattack: msedge as a bootloader, TOR and mockbin.org/website.hook services as a control center (CERT-UA#7469)}}, date = {2023-09-04}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/5702579}, language = {Ukrainian}, urldate = {2023-09-07} } APT28 cyberattack: msedge as a bootloader, TOR and mockbin.org/website.hook services as a control center (CERT-UA#7469)
2023-08-23EclecticIQAleksander W. Jarosz
@online{jarosz:20230823:malwareasaservice:020b650, author = {Aleksander W. Jarosz}, title = {{Malware-as-a-Service: Redline Stealer Variants Demonstrate a Low-Barrier-to-Entry Threat}}, date = {2023-08-23}, organization = {EclecticIQ}, url = {https://blog.eclecticiq.com/redline-stealer-variants-demonstrate-a-low-barrier-to-entry-threat}, language = {English}, urldate = {2023-08-25} } Malware-as-a-Service: Redline Stealer Variants Demonstrate a Low-Barrier-to-Entry Threat
RedLine Stealer
2023-08-08Security Service of UkraineSecurity Service of Ukraine
@techreport{ukraine:20230808:cyber:8bbe546, author = {Security Service of Ukraine}, title = {{Cyber Operation of Russian Intelligence Services as a Component of Confrontation on the Battlefield}}, date = {2023-08-08}, institution = {Security Service of Ukraine}, url = {https://ssu.gov.ua/uploads/files/DKIB/technical-report.pdf}, language = {English}, urldate = {2023-08-09} } Cyber Operation of Russian Intelligence Services as a Component of Confrontation on the Battlefield
2023-08-08Security Service of UkraineSecurity Service of Ukraine
@online{ukraine:20230808:sbu:3a0ed3b, author = {Security Service of Ukraine}, title = {{SBU exposes russian intelligence attempts to penetrate Armed Forces' planning operations system}}, date = {2023-08-08}, organization = {Security Service of Ukraine}, url = {https://ssu.gov.ua/en/novyny/sbu-exposes-russian-intelligence-attempts-to-penetrate-armed-forces-planning-operations-system}, language = {English}, urldate = {2023-08-09} } SBU exposes russian intelligence attempts to penetrate Armed Forces' planning operations system
2023-08-08CheckpointCheckpoint Research
@online{research:20230808:rhysida:d28daad, author = {Checkpoint Research}, title = {{THE RHYSIDA RANSOMWARE: ACTIVITY ANALYSIS AND TIES TO VICE SOCIETY}}, date = {2023-08-08}, organization = {Checkpoint}, url = {https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/}, language = {English}, urldate = {2023-08-10} } THE RHYSIDA RANSOMWARE: ACTIVITY ANALYSIS AND TIES TO VICE SOCIETY
Rhysida
2023-08LinkedIn (PRODAFT)PRODAFT
@online{prodaft:202308:organic:4714845, author = {PRODAFT}, title = {{An organic relationship between the #Rhysida and #ViceSociety ransomware teams}}, date = {2023-08}, organization = {LinkedIn (PRODAFT)}, url = {https://www.linkedin.com/posts/prodaft_organic-relationship-between-rhysida-vice-activity-7091777236663427072-NQEs}, language = {English}, urldate = {2023-08-10} } An organic relationship between the #Rhysida and #ViceSociety ransomware teams
Rhysida
2023-07-26SPURRiley Kilmer
@online{kilmer:20230726:christmas:5221879, author = {Riley Kilmer}, title = {{Christmas in July: A finely wrapped Malware Proxy Service}}, date = {2023-07-26}, organization = {SPUR}, url = {https://spur.us/2023/07/christmas-in-july-a-finely-wrapped-proxy-service/}, language = {English}, urldate = {2023-07-31} } Christmas in July: A finely wrapped Malware Proxy Service
AVrecon
2023-07-25KrebsOnSecurityBrian Krebs
@online{krebs:20230725:who:55175fa, author = {Brian Krebs}, title = {{Who and What is Behind the Malware Proxy Service SocksEscort?}}, date = {2023-07-25}, organization = {KrebsOnSecurity}, url = {https://krebsonsecurity.com/2023/07/who-and-what-is-behind-the-malware-proxy-service-socksescort/}, language = {English}, urldate = {2023-07-31} } Who and What is Behind the Malware Proxy Service SocksEscort?
AVrecon
2023-07-24MandiantRyan Serabian, Daniel Kapellmann Zafra, Conor Quigley, David Mainor
@online{serabian:20230724:proprc:500b383, author = {Ryan Serabian and Daniel Kapellmann Zafra and Conor Quigley and David Mainor}, title = {{Pro-PRC HaiEnergy Campaign Exploits U.S. News Outlets via Newswire Services to Target U.S. Audiences; Evidence of Commissioned Protests in Washington, D.C.}}, date = {2023-07-24}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/pro-prc-haienergy-us-news}, language = {English}, urldate = {2023-07-31} } Pro-PRC HaiEnergy Campaign Exploits U.S. News Outlets via Newswire Services to Target U.S. Audiences; Evidence of Commissioned Protests in Washington, D.C.
2023-07-10MandiantMatthew McWhirt, Thirumalai Natarajan Muthiah, Phil Pearce, Jennifer Guzzetta
@online{mcwhirt:20230710:defend:9fcdf9f, author = {Matthew McWhirt and Thirumalai Natarajan Muthiah and Phil Pearce and Jennifer Guzzetta}, title = {{Defend Against the Latest Active Directory Certificate Services Threats}}, date = {2023-07-10}, organization = {Mandiant}, url = {https://www.mandiant.com/blog/resources/defend-ad-cs-threats}, language = {English}, urldate = {2023-07-31} } Defend Against the Latest Active Directory Certificate Services Threats
2023-06-01Kaspersky LabsIgor Kuznetsov, Valentin Pashkov, Leonid Bezvershenko, Georgy Kucherin
@online{kuznetsov:20230601:operation:ad8eded, author = {Igor Kuznetsov and Valentin Pashkov and Leonid Bezvershenko and Georgy Kucherin}, title = {{Operation Triangulation: iOS devices targeted with previously unknown malware}}, date = {2023-06-01}, organization = {Kaspersky Labs}, url = {https://securelist.com/operation-triangulation/109842/}, language = {English}, urldate = {2023-06-01} } Operation Triangulation: iOS devices targeted with previously unknown malware
2023-05-04SOCRadarSOCRadar
@online{socradar:20230504:sandworm:da4d4f4, author = {SOCRadar}, title = {{Sandworm Attackers Use WinRAR to Wipe Data from Government Devices}}, date = {2023-05-04}, organization = {SOCRadar}, url = {https://socradar.io/sandworm-attackers-use-winrar-to-wipe-data-from-government-devices/}, language = {English}, urldate = {2023-07-20} } Sandworm Attackers Use WinRAR to Wipe Data from Government Devices
RoarBAT
2023-04-20VirusTotalVicente Diaz
@online{diaz:20230420:apt43:ada14ec, author = {Vicente Diaz}, title = {{APT43: An investigation into the North Korean group’s cybercrime operations}}, date = {2023-04-20}, organization = {VirusTotal}, url = {https://blog.virustotal.com/2023/04/apt43-investigation-into-north-korean.html}, language = {English}, urldate = {2023-04-25} } APT43: An investigation into the North Korean group’s cybercrime operations
2023-04-19MicrosoftJustin Warner, Microsoft Threat Intelligence Center (MSTIC)
@online{warner:20230419:exploring:c68c1d0, author = {Justin Warner and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Exploring STRONTIUM's Abuse of Cloud Services}}, date = {2023-04-19}, organization = {Microsoft}, url = {https://www.youtube.com/watch?v=_qdCGgQlHJE}, language = {English}, urldate = {2023-04-22} } Exploring STRONTIUM's Abuse of Cloud Services
FusionDrive
2023-04-18NCSC UKUnited Kingdom’s National Cyber Security Centre (NCSC-UK)
@techreport{ncscuk:20230418:jaguar:421e6fb, author = {United Kingdom’s National Cyber Security Centre (NCSC-UK)}, title = {{Jaguar Tooth - Cisco IOS malware that collects device information and enables backdoor access}}, date = {2023-04-18}, institution = {NCSC UK}, url = {https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/jaguar-tooth/NCSC-MAR-Jaguar-Tooth.pdf}, language = {English}, urldate = {2023-04-22} } Jaguar Tooth - Cisco IOS malware that collects device information and enables backdoor access
2023-04-13GOV.PLgov.pl
@online{govpl:20230413:espionage:089263f, author = {gov.pl}, title = {{Espionage campaign linked to Russian intelligence services}}, date = {2023-04-13}, organization = {GOV.PL}, url = {https://www.gov.pl/web/baza-wiedzy/espionage-campaign-linked-to-russian-intelligence-services}, language = {English}, urldate = {2023-04-18} } Espionage campaign linked to Russian intelligence services
2023-04-13GOV.PLMilitary Counterintelligence Service, CERT.PL
@online{service:20230413:snowyamber:f5404f6, author = {Military Counterintelligence Service and CERT.PL}, title = {{SNOWYAMBER - Malware Analysis Report}}, date = {2023-04-13}, organization = {GOV.PL}, url = {https://www.gov.pl/attachment/ee91f24d-3e67-436d-aa50-7fa56acf789d}, language = {English}, urldate = {2023-06-01} } SNOWYAMBER - Malware Analysis Report
GraphicalNeutrino
2023-04-13GOV.PLMilitary Counterintelligence Service, CERT.PL
@online{service:20230413:halfrig:787dcfb, author = {Military Counterintelligence Service and CERT.PL}, title = {{HALFRIG - Malware Analysis Report}}, date = {2023-04-13}, organization = {GOV.PL}, url = {https://www.gov.pl/attachment/64193e8d-05e2-4cbf-bb4c-5f58da21fefb}, language = {English}, urldate = {2023-06-01} } HALFRIG - Malware Analysis Report
HALFRIG
2023-04-13GOV.PLMilitary Counterintelligence Service, CERT.PL
@online{service:20230413:quarterrig:0435e72, author = {Military Counterintelligence Service and CERT.PL}, title = {{QUARTERRIG - Malware Analysis Report}}, date = {2023-04-13}, organization = {GOV.PL}, url = {https://www.gov.pl/attachment/6f51bb1a-3ad2-461c-a16d-408915a56f77}, language = {English}, urldate = {2023-06-01} } QUARTERRIG - Malware Analysis Report
QUARTERRIG