Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-04-20VirusTotalVicente Diaz
@online{diaz:20230420:apt43:ada14ec, author = {Vicente Diaz}, title = {{APT43: An investigation into the North Korean group’s cybercrime operations}}, date = {2023-04-20}, organization = {VirusTotal}, url = {https://blog.virustotal.com/2023/04/apt43-investigation-into-north-korean.html}, language = {English}, urldate = {2023-04-25} } APT43: An investigation into the North Korean group’s cybercrime operations
2023-04-19MicrosoftJustin Warner, Microsoft Threat Intelligence Center (MSTIC)
@online{warner:20230419:exploring:c68c1d0, author = {Justin Warner and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Exploring STRONTIUM's Abuse of Cloud Services}}, date = {2023-04-19}, organization = {Microsoft}, url = {https://www.youtube.com/watch?v=_qdCGgQlHJE}, language = {English}, urldate = {2023-04-22} } Exploring STRONTIUM's Abuse of Cloud Services
FusionDrive
2023-04-18NCSC UKUnited Kingdom’s National Cyber Security Centre (NCSC-UK)
@techreport{ncscuk:20230418:jaguar:421e6fb, author = {United Kingdom’s National Cyber Security Centre (NCSC-UK)}, title = {{Jaguar Tooth - Cisco IOS malware that collects device information and enables backdoor access}}, date = {2023-04-18}, institution = {NCSC UK}, url = {https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/jaguar-tooth/NCSC-MAR-Jaguar-Tooth.pdf}, language = {English}, urldate = {2023-04-22} } Jaguar Tooth - Cisco IOS malware that collects device information and enables backdoor access
2023-04-13GOV.PLgov.pl
@online{govpl:20230413:espionage:089263f, author = {gov.pl}, title = {{Espionage campaign linked to Russian intelligence services}}, date = {2023-04-13}, organization = {GOV.PL}, url = {https://www.gov.pl/web/baza-wiedzy/espionage-campaign-linked-to-russian-intelligence-services}, language = {English}, urldate = {2023-04-18} } Espionage campaign linked to Russian intelligence services
2023-03-23Medium s2wlabBLKSMTH, S2W TALON
@online{blksmth:20230323:scarcruft:82ba4d6, author = {BLKSMTH and S2W TALON}, title = {{Scarcruft Bolsters Arsenal for targeting individual Android devices}}, date = {2023-03-23}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/scarcruft-bolsters-arsenal-for-targeting-individual-android-devices-97d2bcef4ab}, language = {English}, urldate = {2023-03-27} } Scarcruft Bolsters Arsenal for targeting individual Android devices
RambleOn RokRAT
2023-03-13SentinelOneJim Walter
@online{walter:20230313:catb:ea73312, author = {Jim Walter}, title = {{CatB Ransomware | File Locker Sharpens Its Claws to Steal Data with MSDTC Service DLL Hijacking}}, date = {2023-03-13}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/decrypting-catb-ransomware-analyzing-their-latest-attack-methods/}, language = {English}, urldate = {2023-03-15} } CatB Ransomware | File Locker Sharpens Its Claws to Steal Data with MSDTC Service DLL Hijacking
CatB
2023-03-09State Service of Special Communication and Information Protection of Ukraine (CIP)
@online{cip:20230309:russias:f40dc09, author = {State Service of Special Communication and Information Protection of Ukraine (CIP)}, title = {{Russia's Cyber Tactics: Lessons Learned 2022}}, date = {2023-03-09}, url = {https://cip.gov.ua/services/cm/api/attachment/download?id=53466}, language = {English}, urldate = {2023-03-13} } Russia's Cyber Tactics: Lessons Learned 2022
2023-03-08MandiantDANIEL LEE, Stephen Eckels, Ben Read
@online{lee:20230308:suspected:ebbc1c8, author = {DANIEL LEE and Stephen Eckels and Ben Read}, title = {{Suspected Chinese Campaign to Persist on SonicWall Devices, Highlights Importance of Monitoring Edge Devices}}, date = {2023-03-08}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall}, language = {English}, urldate = {2023-04-22} } Suspected Chinese Campaign to Persist on SonicWall Devices, Highlights Importance of Monitoring Edge Devices
2023-02-16EclecticIQEclecticIQ Threat Research Team
@online{team:20230216:three:f838713, author = {EclecticIQ Threat Research Team}, title = {{Three Cases of Cyber Attacks on the Security Service of Ukraine and NATO Allies, Likely by Russian State-Sponsored Gamaredon}}, date = {2023-02-16}, organization = {EclecticIQ}, url = {https://blog.eclecticiq.com/three-cases-of-cyber-attacks-on-the-security-service-of-ukraine-and-nato-allies-likely-by-russian-state-sponsored-gamaredon}, language = {English}, urldate = {2023-02-21} } Three Cases of Cyber Attacks on the Security Service of Ukraine and NATO Allies, Likely by Russian State-Sponsored Gamaredon
2023-02-14IntrinsecIntrinsec, CTI Intrinsec
@online{intrinsec:20230214:vicesociety:2dffe2e, author = {Intrinsec and CTI Intrinsec}, title = {{Vice-Society spreads its own ransomware}}, date = {2023-02-14}, organization = {Intrinsec}, url = {https://www.intrinsec.com/vice-society-spreads-its-own-ransomware/}, language = {English}, urldate = {2023-02-15} } Vice-Society spreads its own ransomware
HelloKitty PolyVice Zeppelin
2023-01-26Palo Alto Networks Unit 42Mike Harbison, Jen Miller-Osborn
@online{harbison:20230126:chinese:a83622f, author = {Mike Harbison and Jen Miller-Osborn}, title = {{Chinese PlugX Malware Hidden in Your USB Devices?}}, date = {2023-01-26}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/}, language = {English}, urldate = {2023-01-27} } Chinese PlugX Malware Hidden in Your USB Devices?
PlugX
2022-12-22Sentinel LABSAntonio Cocomazzi
@online{cocomazzi:20221222:custombranded:3f5dd45, author = {Antonio Cocomazzi}, title = {{Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development}}, date = {2022-12-22}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/}, language = {English}, urldate = {2023-01-05} } Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development
Curator PolyVice
2022-12-08ThreatFabricThreatFabric
@online{threatfabric:20221208:zombinder:e82734d, author = {ThreatFabric}, title = {{Zombinder: new obfuscation service used by Ermac, now distributed next to desktop stealers}}, date = {2022-12-08}, organization = {ThreatFabric}, url = {https://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html}, language = {English}, urldate = {2022-12-08} } Zombinder: new obfuscation service used by Ermac, now distributed next to desktop stealers
ERMAC Xenomorph
2022-11-26BushidoToken BlogBushidoToken
@online{bushidotoken:20221126:detecting:e5cee52, author = {BushidoToken}, title = {{Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms}}, date = {2022-11-26}, organization = {BushidoToken Blog}, url = {https://blog.bushidotoken.net/2022/11/detecting-and-fingerprinting.html}, language = {English}, urldate = {2022-11-28} } Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms
CollectorGoomba Misha TitanStealer
2022-11-09Security IntelligenceJonathan Reed
@online{reed:20221109:ransomwareasaservice:751e1a8, author = {Jonathan Reed}, title = {{Ransomware-as-a-Service Transforms Gangs Into Businesses}}, date = {2022-11-09}, organization = {Security Intelligence}, url = {https://securityintelligence.com/news/eternity-gang-ransomware-as-a-service-telegram/}, language = {English}, urldate = {2022-11-11} } Ransomware-as-a-Service Transforms Gangs Into Businesses
Eternity Stealer
2022-10-25MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221025:dev0832:5d16a04, author = {Microsoft Security Threat Intelligence}, title = {{DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector}}, date = {2022-10-25}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2022/10/25/dev-0832-vice-society-opportunistic-ransomware-campaigns-impacting-us-education-sector/}, language = {English}, urldate = {2023-02-03} } DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector
BlackCat Mount Locker Zeppelin
2022-10-24Medium s2wlabLee Sebin, Shin Yeongjae
@online{sebin:20221024:unveil:8034279, author = {Lee Sebin and Shin Yeongjae}, title = {{Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware}}, date = {2022-10-24}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/unveil-the-evolution-of-kimsuky-targeting-android-devices-with-newly-discovered-mobile-malware-280dae5a650f}, language = {English}, urldate = {2022-12-20} } Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware
FastFire FastSpy
2022-10-12SentinelOneJoey Chen, Amitai Ben Shushan Ehrlich
@online{chen:20221012:wip19:672e865, author = {Joey Chen and Amitai Ben Shushan Ehrlich}, title = {{WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware}}, date = {2022-10-12}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/wip19-espionage-new-chinese-apt-targets-it-service-providers-and-telcos-with-signed-malware/}, language = {English}, urldate = {2022-10-24} } WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware
Maggie ScreenCap
2022-10-06AonAndre Maccarone, John Ailes, Chapin Bryce
@online{maccarone:20221006:amazon:2723756, author = {Andre Maccarone and John Ailes and Chapin Bryce}, title = {{Amazon Web Services: Exploring The Cost Of Exfil}}, date = {2022-10-06}, organization = {Aon}, url = {https://www.aon.com/cyber-solutions/aon_cyber_labs/amazon-web-services-exploring-the-cost-of-exfil/}, language = {English}, urldate = {2023-05-02} } Amazon Web Services: Exploring The Cost Of Exfil
2022-10-06SOCRadarSOCRadar
@online{socradar:20221006:new:70756cc, author = {SOCRadar}, title = {{New Spyware RatMilad Targets Middle Eastern Mobile Devices}}, date = {2022-10-06}, organization = {SOCRadar}, url = {https://socradar.io/new-spyware-ratmilad-targets-middle-eastern-mobile-devices}, language = {English}, urldate = {2022-11-09} } New Spyware RatMilad Targets Middle Eastern Mobile Devices
RatMilad