Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-01-26Palo Alto Networks Unit 42Mike Harbison, Jen Miller-Osborn
@online{harbison:20230126:chinese:a83622f, author = {Mike Harbison and Jen Miller-Osborn}, title = {{Chinese PlugX Malware Hidden in Your USB Devices?}}, date = {2023-01-26}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/}, language = {English}, urldate = {2023-01-27} } Chinese PlugX Malware Hidden in Your USB Devices?
PlugX
2022-12-22Sentinel LABSAntonio Cocomazzi
@online{cocomazzi:20221222:custombranded:3f5dd45, author = {Antonio Cocomazzi}, title = {{Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development}}, date = {2022-12-22}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/}, language = {English}, urldate = {2023-01-05} } Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development
Curator PolyVice
2022-12-08ThreatFabricThreatFabric
@online{threatfabric:20221208:zombinder:e82734d, author = {ThreatFabric}, title = {{Zombinder: new obfuscation service used by Ermac, now distributed next to desktop stealers}}, date = {2022-12-08}, organization = {ThreatFabric}, url = {https://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html}, language = {English}, urldate = {2022-12-08} } Zombinder: new obfuscation service used by Ermac, now distributed next to desktop stealers
ERMAC Xenomorph
2022-11-26BushidoToken BlogBushidoToken
@online{bushidotoken:20221126:detecting:e5cee52, author = {BushidoToken}, title = {{Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms}}, date = {2022-11-26}, organization = {BushidoToken Blog}, url = {https://blog.bushidotoken.net/2022/11/detecting-and-fingerprinting.html}, language = {English}, urldate = {2022-11-28} } Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms
CollectorGoomba Misha TitanStealer
2022-11-09Security IntelligenceJonathan Reed
@online{reed:20221109:ransomwareasaservice:751e1a8, author = {Jonathan Reed}, title = {{Ransomware-as-a-Service Transforms Gangs Into Businesses}}, date = {2022-11-09}, organization = {Security Intelligence}, url = {https://securityintelligence.com/news/eternity-gang-ransomware-as-a-service-telegram/}, language = {English}, urldate = {2022-11-11} } Ransomware-as-a-Service Transforms Gangs Into Businesses
Eternity Stealer
2022-10-25MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221025:dev0832:5d16a04, author = {Microsoft Security Threat Intelligence}, title = {{DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector}}, date = {2022-10-25}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2022/10/25/dev-0832-vice-society-opportunistic-ransomware-campaigns-impacting-us-education-sector/}, language = {English}, urldate = {2023-02-03} } DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector
BlackCat Mount Locker Zeppelin
2022-10-24Medium s2wlabLee Sebin, Shin Yeongjae
@online{sebin:20221024:unveil:8034279, author = {Lee Sebin and Shin Yeongjae}, title = {{Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware}}, date = {2022-10-24}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/unveil-the-evolution-of-kimsuky-targeting-android-devices-with-newly-discovered-mobile-malware-280dae5a650f}, language = {English}, urldate = {2022-12-20} } Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware
FastFire FastSpy
2022-10-12SentinelOneJoey Chen, Amitai Ben Shushan Ehrlich
@online{chen:20221012:wip19:672e865, author = {Joey Chen and Amitai Ben Shushan Ehrlich}, title = {{WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware}}, date = {2022-10-12}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/wip19-espionage-new-chinese-apt-targets-it-service-providers-and-telcos-with-signed-malware/}, language = {English}, urldate = {2022-10-24} } WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware
Maggie ScreenCap
2022-10-06SOCRadarSOCRadar
@online{socradar:20221006:new:70756cc, author = {SOCRadar}, title = {{New Spyware RatMilad Targets Middle Eastern Mobile Devices}}, date = {2022-10-06}, organization = {SOCRadar}, url = {https://socradar.io/new-spyware-ratmilad-targets-middle-eastern-mobile-devices}, language = {English}, urldate = {2022-11-09} } New Spyware RatMilad Targets Middle Eastern Mobile Devices
RatMilad
2022-09-22deepwatchEric Ford, Ben Nichols
@techreport{ford:20220922:is:9ff086f, author = {Eric Ford and Ben Nichols}, title = {{Is Gootloader Working with a Foreign Intelligence Service?}}, date = {2022-09-22}, institution = {deepwatch}, url = {https://5556002.fs1.hubspotusercontent-na1.net/hubfs/5556002/2022%20PDF%20Download%20Assets/ADA%20Compliant%20pdfs/Reports/PUBLIC_Gootloader%20-%20Foreign%20Intelligence%20Service.pdf}, language = {English}, urldate = {2022-09-30} } Is Gootloader Working with a Foreign Intelligence Service?
GootKit
2022-09-21MicrosoftMicrosoft 365 Defender Research Team, Shivang Desai, Abhishek Pustakala, Harshita Tripathi
@online{team:20220921:rewards:daf8b35, author = {Microsoft 365 Defender Research Team and Shivang Desai and Abhishek Pustakala and Harshita Tripathi}, title = {{Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices}}, date = {2022-09-21}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/21/rewards-plus-fake-mobile-banking-rewards-apps-lure-users-to-install-info-stealing-rat-on-android-devices/}, language = {English}, urldate = {2022-09-26} } Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices
2022-09-15SekoiaThreat & Detection Research Team
@online{team:20220915:privateloader:d88c7b2, author = {Threat & Detection Research Team}, title = {{PrivateLoader: the loader of the prevalent ruzki PPI service}}, date = {2022-09-15}, organization = {Sekoia}, url = {https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/}, language = {English}, urldate = {2022-09-19} } PrivateLoader: the loader of the prevalent ruzki PPI service
Agent Tesla Coinminer DanaBot DCRat Eternity Stealer Glupteba Mars Stealer NetSupportManager RAT Nymaim Nymaim2 Phoenix Keylogger PrivateLoader Raccoon RedLine Stealer SmokeLoader Socelars STOP Vidar YTStealer
2022-09-06CISAUS-CERT, FBI, CISA, MS-ISAC
@online{uscert:20220906:alert:4058a6d, author = {US-CERT and FBI and CISA and MS-ISAC}, title = {{Alert (AA22-249A) #StopRansomware: Vice Society}}, date = {2022-09-06}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-249a}, language = {English}, urldate = {2022-09-16} } Alert (AA22-249A) #StopRansomware: Vice Society
Cobalt Strike Empire Downloader FiveHands HelloKitty SystemBC Zeppelin
2022-09-06Palo Alto Networks Unit 42Chao Lei, Zhibin Zhang, Cecilia Hu, Aveek Das
@online{lei:20220906:mirai:7fbf864, author = {Chao Lei and Zhibin Zhang and Cecilia Hu and Aveek Das}, title = {{Mirai Variant MooBot Targeting D-Link Devices}}, date = {2022-09-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/moobot-d-link-devices/}, language = {English}, urldate = {2022-09-16} } Mirai Variant MooBot Targeting D-Link Devices
MooBot Mirai
2022-09-05ResecurityResecurity
@online{resecurity:20220905:evilproxy:2c76d6b, author = {Resecurity}, title = {{EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web}}, date = {2022-09-05}, organization = {Resecurity}, url = {https://resecurity.com/blog/article/evilproxy-phishing-as-a-service-with-mfa-bypass-emerged-in-dark-web}, language = {English}, urldate = {2022-09-19} } EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web
2022-08-31BitSightAndré Tavares
@online{tavares:20220831:tracking:5b4130e, author = {André Tavares}, title = {{Tracking PrivateLoader: Malware Distribution Service}}, date = {2022-08-31}, organization = {BitSight}, url = {https://www.bitsight.com/blog/tracking-privateloader-malware-distribution-service}, language = {English}, urldate = {2022-08-31} } Tracking PrivateLoader: Malware Distribution Service
PrivateLoader RedLine Stealer SmokeLoader
2022-08-17VirusTotalVicente Diaz, Alexey Firsh
@online{diaz:20220817:hunting:fb2520c, author = {Vicente Diaz and Alexey Firsh}, title = {{Hunting Follina}}, date = {2022-08-17}, organization = {VirusTotal}, url = {https://blog.virustotal.com/2022/08/hunting-follina.html}, language = {English}, urldate = {2022-08-22} } Hunting Follina
2022-08-08Medium CSIS TechblogBenoît Ancel
@online{ancel:20220808:inside:67ef9a0, author = {Benoît Ancel}, title = {{An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure}}, date = {2022-08-08}, organization = {Medium CSIS Techblog}, url = {https://medium.com/csis-techblog/inside-view-of-brazzzersff-infrastructure-89b9188fd145}, language = {English}, urldate = {2022-08-28} } An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure
Riltok magecart Anubis Azorult BetaBot Buer CoalaBot CryptBot DiamondFox DreamBot GCleaner ISFB Loki Password Stealer (PWS) MedusaLocker MeguminTrojan Nemty PsiX RedLine Stealer SmokeLoader STOP TinyNuke Vidar Zloader
2022-08-04NetskopeGustavo Palazolo
@online{palazolo:20220804:ousaban:270a6b9, author = {Gustavo Palazolo}, title = {{Ousaban: LATAM Banking Malware Abusing Cloud Services}}, date = {2022-08-04}, organization = {Netskope}, url = {https://www.netskope.com/blog/ousaban-latam-banking-malware-abusing-cloud-services}, language = {English}, urldate = {2022-08-05} } Ousaban: LATAM Banking Malware Abusing Cloud Services
Ousaban
2022-08-03Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20220803:flight:a8efd82, author = {Brad Duncan}, title = {{Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware}}, date = {2022-08-03}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/bumblebee-malware-projector-libra/}, language = {English}, urldate = {2022-08-08} } Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware
BazarBackdoor BumbleBee Cobalt Strike Conti