Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-22deepwatchEric Ford, Ben Nichols
@techreport{ford:20220922:is:9ff086f, author = {Eric Ford and Ben Nichols}, title = {{Is Gootloader Working with a Foreign Intelligence Service?}}, date = {2022-09-22}, institution = {deepwatch}, url = {https://5556002.fs1.hubspotusercontent-na1.net/hubfs/5556002/2022%20PDF%20Download%20Assets/ADA%20Compliant%20pdfs/Reports/PUBLIC_Gootloader%20-%20Foreign%20Intelligence%20Service.pdf}, language = {English}, urldate = {2022-09-30} } Is Gootloader Working with a Foreign Intelligence Service?
GootKit
2022-09-21MicrosoftMicrosoft 365 Defender Research Team, Shivang Desai, Abhishek Pustakala, Harshita Tripathi
@online{team:20220921:rewards:daf8b35, author = {Microsoft 365 Defender Research Team and Shivang Desai and Abhishek Pustakala and Harshita Tripathi}, title = {{Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices}}, date = {2022-09-21}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/21/rewards-plus-fake-mobile-banking-rewards-apps-lure-users-to-install-info-stealing-rat-on-android-devices/}, language = {English}, urldate = {2022-09-26} } Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices
2022-09-15SekoiaThreat & Detection Research Team
@online{team:20220915:privateloader:d88c7b2, author = {Threat & Detection Research Team}, title = {{PrivateLoader: the loader of the prevalent ruzki PPI service}}, date = {2022-09-15}, organization = {Sekoia}, url = {https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/}, language = {English}, urldate = {2022-09-19} } PrivateLoader: the loader of the prevalent ruzki PPI service
Agent Tesla Coinminer DanaBot DCRat Eternity Stealer Glupteba Mars Stealer NetSupportManager RAT Nymaim Nymaim2 Phoenix Keylogger PrivateLoader Raccoon RedLine Stealer SmokeLoader Socelars STOP Vidar YTStealer
2022-09-06CISAUS-CERT, FBI, CISA, MS-ISAC
@online{uscert:20220906:alert:4058a6d, author = {US-CERT and FBI and CISA and MS-ISAC}, title = {{Alert (AA22-249A) #StopRansomware: Vice Society}}, date = {2022-09-06}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-249a}, language = {English}, urldate = {2022-09-16} } Alert (AA22-249A) #StopRansomware: Vice Society
Cobalt Strike Empire Downloader FiveHands HelloKitty SystemBC Zeppelin
2022-09-06Palo Alto Networks Unit 42Chao Lei, Zhibin Zhang, Cecilia Hu, Aveek Das
@online{lei:20220906:mirai:7fbf864, author = {Chao Lei and Zhibin Zhang and Cecilia Hu and Aveek Das}, title = {{Mirai Variant MooBot Targeting D-Link Devices}}, date = {2022-09-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/moobot-d-link-devices/}, language = {English}, urldate = {2022-09-16} } Mirai Variant MooBot Targeting D-Link Devices
MooBot Mirai
2022-09-05ResecurityResecurity
@online{resecurity:20220905:evilproxy:2c76d6b, author = {Resecurity}, title = {{EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web}}, date = {2022-09-05}, organization = {Resecurity}, url = {https://resecurity.com/blog/article/evilproxy-phishing-as-a-service-with-mfa-bypass-emerged-in-dark-web}, language = {English}, urldate = {2022-09-19} } EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web
2022-08-31BitSightAndré Tavares
@online{tavares:20220831:tracking:5b4130e, author = {André Tavares}, title = {{Tracking PrivateLoader: Malware Distribution Service}}, date = {2022-08-31}, organization = {BitSight}, url = {https://www.bitsight.com/blog/tracking-privateloader-malware-distribution-service}, language = {English}, urldate = {2022-08-31} } Tracking PrivateLoader: Malware Distribution Service
PrivateLoader RedLine Stealer SmokeLoader
2022-08-17VirusTotalVicente Diaz, Alexey Firsh
@online{diaz:20220817:hunting:fb2520c, author = {Vicente Diaz and Alexey Firsh}, title = {{Hunting Follina}}, date = {2022-08-17}, organization = {VirusTotal}, url = {https://blog.virustotal.com/2022/08/hunting-follina.html}, language = {English}, urldate = {2022-08-22} } Hunting Follina
2022-08-08Medium CSIS TechblogBenoît Ancel
@online{ancel:20220808:inside:67ef9a0, author = {Benoît Ancel}, title = {{An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure}}, date = {2022-08-08}, organization = {Medium CSIS Techblog}, url = {https://medium.com/csis-techblog/inside-view-of-brazzzersff-infrastructure-89b9188fd145}, language = {English}, urldate = {2022-08-28} } An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure
Riltok magecart Anubis Azorult BetaBot Buer CoalaBot CryptBot DiamondFox DreamBot GCleaner ISFB Loki Password Stealer (PWS) MedusaLocker MeguminTrojan Nemty PsiX RedLine Stealer SmokeLoader STOP TinyNuke Vidar Zloader
2022-08-04NetskopeGustavo Palazolo
@online{palazolo:20220804:ousaban:270a6b9, author = {Gustavo Palazolo}, title = {{Ousaban: LATAM Banking Malware Abusing Cloud Services}}, date = {2022-08-04}, organization = {Netskope}, url = {https://www.netskope.com/blog/ousaban-latam-banking-malware-abusing-cloud-services}, language = {English}, urldate = {2022-08-05} } Ousaban: LATAM Banking Malware Abusing Cloud Services
Ousaban
2022-08-03Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20220803:flight:a8efd82, author = {Brad Duncan}, title = {{Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware}}, date = {2022-08-03}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/bumblebee-malware-projector-libra/}, language = {English}, urldate = {2022-08-08} } Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware
BazarBackdoor BumbleBee Cobalt Strike Conti
2022-08-02ZscalerSudeep Singh, Jagadeeswar Ramanukolanu
@online{singh:20220802:largescale:ae7725e, author = {Sudeep Singh and Jagadeeswar Ramanukolanu}, title = {{Large-Scale AiTM Attack targeting enterprise users of Microsoft email services}}, date = {2022-08-02}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/large-scale-aitm-attack-targeting-enterprise-users-microsoft-email-services}, language = {English}, urldate = {2022-08-08} } Large-Scale AiTM Attack targeting enterprise users of Microsoft email services
2022-07-24Bleeping ComputerBill Toulas
@online{toulas:20220724:qbot:f6c03d9, author = {Bill Toulas}, title = {{QBot phishing uses Windows Calculator sideloading to infect devices}}, date = {2022-07-24}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/qbot-phishing-uses-windows-calculator-sideloading-to-infect-devices/}, language = {English}, urldate = {2022-07-29} } QBot phishing uses Windows Calculator sideloading to infect devices
QakBot
2022-07-19Cert-AgIDCert-AgID
@online{certagid:20220719:analysis:ab762a7, author = {Cert-AgID}, title = {{Analysis and technical insights on the Coper malware used to attack mobile devices}}, date = {2022-07-19}, organization = {Cert-AgID}, url = {https://cert-agid.gov.it/news/analisi-e-approfondimenti-tecnici-sul-malware-coper-utilizzato-per-attaccare-dispositivi-mobili/}, language = {Italian}, urldate = {2022-07-25} } Analysis and technical insights on the Coper malware used to attack mobile devices
Coper
2022-07-19Palo Alto Networks Unit 42Mike Harbison, Peter Renals
@online{harbison:20220719:russian:acbf388, author = {Mike Harbison and Peter Renals}, title = {{Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive}}, date = {2022-07-19}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/}, language = {English}, urldate = {2022-07-19} } Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive
Cobalt Strike EnvyScout Gdrive
2022-07-08SekoiaThreat & Detection Research Team
@online{team:20220708:vice:a611407, author = {Threat & Detection Research Team}, title = {{Vice Society: a discreet but steady double extortion ransomware group}}, date = {2022-07-08}, organization = {Sekoia}, url = {https://blog.sekoia.io/vice-society-a-discreet-but-steady-double-extortion-ransomware-group}, language = {English}, urldate = {2022-08-18} } Vice Society: a discreet but steady double extortion ransomware group
HelloKitty
2022-07-08BluelivJose Miguel Esparza
@online{esparza:20220708:ransomware:990e207, author = {Jose Miguel Esparza}, title = {{Ransomware as a Service: Behind the Scenes}}, date = {2022-07-08}, organization = {Blueliv}, url = {https://outpost24.com/blog/Ransomware-as-a-service-behind-the-scenes}, language = {English}, urldate = {2022-07-20} } Ransomware as a Service: Behind the Scenes
2022-07-07CybereasonLoïc Castel
@online{castel:20220707:threat:e7717e8, author = {Loïc Castel}, title = {{THREAT ALERT: Raspberry Robin Worm Abuses Windows Installer and QNAP Devices}}, date = {2022-07-07}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-alert-raspberry-robin-worm-abuses-windows-installer-and-qnap-devices}, language = {English}, urldate = {2022-07-12} } THREAT ALERT: Raspberry Robin Worm Abuses Windows Installer and QNAP Devices
Raspberry Robin
2022-07-06Trend MicroNathaniel Morales, Monte de Jesus, Ivan Nicole Chavez, Bren Matthew Ebriega, Joshua Paul Ignacio
@online{morales:20220706:brandnew:3a02441, author = {Nathaniel Morales and Monte de Jesus and Ivan Nicole Chavez and Bren Matthew Ebriega and Joshua Paul Ignacio}, title = {{Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server}}, date = {2022-07-06}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/g/brand-new-havanacrypt-ransomware-poses-as-google-software-update.html}, language = {English}, urldate = {2022-07-12} } Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server
HavanaCrypt
2022-06-06André Tavares
@online{tavares:20220606:hunting:9e20d11, author = {André Tavares}, title = {{Hunting PrivateLoader: Pay-Per-Install Service}}, date = {2022-06-06}, url = {https://tavares.re/blog/2022/06/06/hunting-privateloader-pay-per-install-service/}, language = {English}, urldate = {2022-06-09} } Hunting PrivateLoader: Pay-Per-Install Service
PrivateLoader