Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-22Bleeping ComputerSergiu Gatlan
@online{gatlan:20220522:google:d2a26d5, author = {Sergiu Gatlan}, title = {{Google: Predator spyware infected Android devices using zero-days}}, date = {2022-05-22}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/google-predator-spyware-infected-android-devices-using-zero-days/}, language = {English}, urldate = {2022-05-24} } Google: Predator spyware infected Android devices using zero-days
Alien Chrysaor
2022-05-19ZscalerSudeep Singh, Santiago Vicente, Brett Stone-Gross
@online{singh:20220519:vidar:1c68f0e, author = {Sudeep Singh and Santiago Vicente and Brett Stone-Gross}, title = {{Vidar distributed through backdoored Windows 11 downloads and abusing Telegram}}, date = {2022-05-19}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/vidar-distributed-through-backdoored-windows-11-downloads-and-abusing}, language = {English}, urldate = {2022-05-25} } Vidar distributed through backdoored Windows 11 downloads and abusing Telegram
Vidar
2022-05-19MicrosoftMicrosoft 365 Defender Research Team
@online{team:20220519:rise:2087702, author = {Microsoft 365 Defender Research Team}, title = {{Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices}}, date = {2022-05-19}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/}, language = {English}, urldate = {2022-05-20} } Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
XOR DDoS
2022-05-11CrowdStrikeAdrian Justice, CrowdStrike Overwatch Team
@techreport{justice:20220511:iceapple:608746f, author = {Adrian Justice and CrowdStrike Overwatch Team}, title = {{IceApple: A Novel Internet Information Services (IIS) Post-Exploitation Framework}}, date = {2022-05-11}, institution = {CrowdStrike}, url = {https://www.crowdstrike.com/wp-content/uploads/2022/05/crowdstrike-iceapple-a-novel-internet-information-services-post-exploitation-framework.pdf}, language = {English}, urldate = {2022-05-11} } IceApple: A Novel Internet Information Services (IIS) Post-Exploitation Framework
2022-05-09TEAMT5TeamT5
@online{teamt5:20220509:hiding:5e7c212, author = {TeamT5}, title = {{Hiding in Plain Sight: Obscuring C2s by Abusing CDN Services}}, date = {2022-05-09}, organization = {TEAMT5}, url = {https://teamt5.org/en/posts/hiding-in-plain-sight-obscuring-c2s-by-abusing-cdn-services}, language = {English}, urldate = {2022-05-11} } Hiding in Plain Sight: Obscuring C2s by Abusing CDN Services
Cobalt Strike
2022-05-09MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20220509:ransomwareasaservice:13ec472, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself}}, date = {2022-05-09}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself}, language = {English}, urldate = {2022-05-17} } Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker
2022-05-05Trend MicroAliakbar Zahravi, Leandro Froes, Trend Micro Research
@online{zahravi:20220505:netdooka:93197bf, author = {Aliakbar Zahravi and Leandro Froes and Trend Micro Research}, title = {{NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service}}, date = {2022-05-05}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/e/netdooka-framework-distributed-via-privateloader-ppi.html}, language = {English}, urldate = {2022-05-05} } NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service
NetDooka PrivateLoader
2022-05-04InkyRoger Kay
@online{kay:20220504:fresh:e1cef9c, author = {Roger Kay}, title = {{Fresh Phish: Britain’s National Health Service Infected by Massive Phishing Campaign}}, date = {2022-05-04}, organization = {Inky}, url = {https://www.inky.com/en/blog/fresh-phish-britains-national-health-service-infected-by-massive-phishing-campaign}, language = {English}, urldate = {2022-05-05} } Fresh Phish: Britain’s National Health Service Infected by Massive Phishing Campaign
2022-05-04MandiantBrandan Schondorfer, Nader Zaveri, Tyler McLellan, Jennifer Brito
@online{schondorfer:20220504:old:47943c4, author = {Brandan Schondorfer and Nader Zaveri and Tyler McLellan and Jennifer Brito}, title = {{Old Services, New Tricks: Cloud Metadata Abuse by UNC2903}}, date = {2022-05-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/cloud-metadata-abuse-unc2903}, language = {English}, urldate = {2022-05-05} } Old Services, New Tricks: Cloud Metadata Abuse by UNC2903
WSO
2022-05-03ZscalerJavier Vicente, Brett Stone-Gross
@online{vicente:20220503:analysis:ae8a3cc, author = {Javier Vicente and Brett Stone-Gross}, title = {{Analysis of BlackByte Ransomware's Go-Based Variants}}, date = {2022-05-03}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/analysis-blackbyte-ransomwares-go-based-variants}, language = {English}, urldate = {2022-05-04} } Analysis of BlackByte Ransomware's Go-Based Variants
BlackByte
2022-04-29Intel 471Souhail Hammou
@online{hammou:20220429:privateloader:1378b6b, author = {Souhail Hammou}, title = {{Privateloader – The Malware Behind A Havoc-Wreaking Pay-Per-Install Service}}, date = {2022-04-29}, organization = {Intel 471}, url = {https://www.youtube.com/watch?v=Ldp7eESQotM}, language = {English}, urldate = {2022-05-09} } Privateloader – The Malware Behind A Havoc-Wreaking Pay-Per-Install Service
PrivateLoader
2022-04-26Trend MicroRyan Flores, Stephen Hilt, Lord Alfred Remorin
@online{flores:20220426:how:28d9476, author = {Ryan Flores and Stephen Hilt and Lord Alfred Remorin}, title = {{How Cybercriminals Abuse Cloud Tunneling Services}}, date = {2022-04-26}, organization = {Trend Micro}, url = {https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/how-cybercriminals-abuse-cloud-tunneling-services}, language = {English}, urldate = {2022-05-03} } How Cybercriminals Abuse Cloud Tunneling Services
AsyncRAT Cobalt Strike DarkComet Meterpreter Nanocore RAT
2022-04-18National Intelligence UniversityKevin P. Riehle
@techreport{riehle:20220418:russian:baaf138, author = {Kevin P. Riehle}, title = {{Russian Intelligence: A Case-based Study of Russian Services and Missions Past and Present}}, date = {2022-04-18}, institution = {National Intelligence University}, url = {https://ni-u.edu/wp/wp-content/uploads/2022/05/Riehle_Russian-Intelligence.pdf}, language = {English}, urldate = {2022-05-11} } Russian Intelligence: A Case-based Study of Russian Services and Missions Past and Present
2022-04-13Schneider ElectricSchneider Electric
@online{electric:20220413:schneider:d9acfdc, author = {Schneider Electric}, title = {{Schneider Electric Security Bulletin SESB-2022-01: APT Cyber Tools Targeting ICS/SCADA Devices}}, date = {2022-04-13}, organization = {Schneider Electric}, url = {https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2022-01}, language = {English}, urldate = {2022-04-15} } Schneider Electric Security Bulletin SESB-2022-01: APT Cyber Tools Targeting ICS/SCADA Devices
2022-04-13CISAUS-CERT
@online{uscert:20220413:alert:e8e47a3, author = {US-CERT}, title = {{Alert (AA22-103A) APT Cyber Tools Targeting ICS/SCADA Devices}}, date = {2022-04-13}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-103a}, language = {English}, urldate = {2022-04-14} } Alert (AA22-103A) APT Cyber Tools Targeting ICS/SCADA Devices
2022-04-13Department of Energy (DOE), NSA, FBI, CISA
@techreport{doe:20220413:cyber:1dee54e, author = {Department of Energy (DOE) and NSA and FBI and CISA}, title = {{APT Cyber Tools Targeting ICS/SCADA Devices}}, date = {2022-04-13}, institution = {}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/Joint_Cybersecurity_Advisory_APT%20Cyber%20Tools%20Targeting%20ICS%20SCADA%20Devices.pdf}, language = {English}, urldate = {2022-04-15} } APT Cyber Tools Targeting ICS/SCADA Devices
2022-04-10Digital Information WorldHura Anwar
@online{anwar:20220410:threatening:784ed0e, author = {Hura Anwar}, title = {{Threatening Redirect Web Service Instills Malicious Campaigns In Over 16,500 Websites}}, date = {2022-04-10}, organization = {Digital Information World}, url = {https://www.digitalinformationworld.com/2022/04/threatening-redirect-web-service.html}, language = {English}, urldate = {2022-05-05} } Threatening Redirect Web Service Instills Malicious Campaigns In Over 16,500 Websites
FAKEUPDATES
2022-04-08ThreatFabricThreatFabric
@online{threatfabric:20220408:look:2387c96, author = {ThreatFabric}, title = {{Look out for Octo's tentacles! A new on-device fraud Android Banking Trojan with a rich legacy}}, date = {2022-04-08}, organization = {ThreatFabric}, url = {https://threatfabric.com/blogs/octo-new-odf-banking-trojan.html}, language = {English}, urldate = {2022-04-08} } Look out for Octo's tentacles! A new on-device fraud Android Banking Trojan with a rich legacy
Coper
2022-04-07Bleeping ComputerBill Toulas
@online{toulas:20220407:malicious:f10fb8e, author = {Bill Toulas}, title = {{Malicious web redirect service infects 16,500 sites to push malware}}, date = {2022-04-07}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/malicious-web-redirect-service-infects-16-500-sites-to-push-malware/}, language = {English}, urldate = {2022-04-12} } Malicious web redirect service infects 16,500 sites to push malware
NetSupportManager RAT
2022-04-07DomainToolsDomainTools
@online{domaintools:20220407:spm55:dd2a4c8, author = {DomainTools}, title = {{SPM55: Ascending the Ranks of Indonesian Phishing As A Service Offerings}}, date = {2022-04-07}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/spm55-ascending-the-ranks-of-indonesian-phishing-as-a-service-offerings}, language = {English}, urldate = {2022-04-08} } SPM55: Ascending the Ranks of Indonesian Phishing As A Service Offerings