Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-13Twitter (@GoSecure_Inc)GoSecure
@online{gosecure:20210913:bluestealer:62a42aa, author = {GoSecure}, title = {{Tweet on BlueStealer}}, date = {2021-09-13}, organization = {Twitter (@GoSecure_Inc)}, url = {https://twitter.com/GoSecure_Inc/status/1437435265350397957}, language = {English}, urldate = {2021-09-22} } Tweet on BlueStealer
BluStealer
2021-09-02Twitter (@th3_protoCOL)Colin, GaborSzappanos
@online{colin:20210902:confluence:5bbf2cb, author = {Colin and GaborSzappanos}, title = {{Tweet on Confluence Server exploitation (CVE-2021-26084) in the wild and cobaltsrike activity (mentioned in replies by GaborSzappanos)}}, date = {2021-09-02}, organization = {Twitter (@th3_protoCOL)}, url = {https://twitter.com/th3_protoCOL/status/1433414685299142660?s=20}, language = {English}, urldate = {2021-09-06} } Tweet on Confluence Server exploitation (CVE-2021-26084) in the wild and cobaltsrike activity (mentioned in replies by GaborSzappanos)
Cobalt Strike
2021-08-05Twitter (@VK_intel)Vitali Kremez
@online{kremez:20210805:linux:e3796ad, author = {Vitali Kremez}, title = {{Tweet on Linux variant of BlackMatter}}, date = {2021-08-05}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1423188690126266370}, language = {English}, urldate = {2021-08-09} } Tweet on Linux variant of BlackMatter
BlackMatter
2021-07-30Twitter (@Unit42_Intel)Unit 42
@online{42:20210730:bazarloader:43bdc2c, author = {Unit 42}, title = {{Tweet on BazarLoader infection leading to cobaltstrike and Powershell script file for PrintNightmare vulnerability}}, date = {2021-07-30}, organization = {Twitter (@Unit42_Intel)}, url = {https://twitter.com/Unit42_Intel/status/1421117403644186629?s=20}, language = {English}, urldate = {2021-08-02} } Tweet on BazarLoader infection leading to cobaltstrike and Powershell script file for PrintNightmare vulnerability
BazarBackdoor Cobalt Strike
2021-07-26Twitter (@alex_lanstein)Alex Lanstein
@online{lanstein:20210726:bitter:8ab79ce, author = {Alex Lanstein}, title = {{Tweet on BITTER group widely targeting diplomats in Yangon}}, date = {2021-07-26}, organization = {Twitter (@alex_lanstein)}, url = {https://twitter.com/alex_lanstein/status/1419502826561097728}, language = {English}, urldate = {2021-08-02} } Tweet on BITTER group widely targeting diplomats in Yangon
2021-07-17Twitter (@_icebre4ker_)_icebre4ker_
@online{icebre4ker:20210717:new:0dbc455, author = {_icebre4ker_}, title = {{Tweet: new version of Teabot targeting also Portugal banks}}, date = {2021-07-17}, organization = {Twitter (@_icebre4ker_)}, url = {https://twitter.com/_icebre4ker_/status/1416409813467156482}, language = {English}, urldate = {2021-07-20} } Tweet: new version of Teabot targeting also Portugal banks
Anatsa
2021-07-16Twitter (@alex_lanstein)Alex Lanstein
@online{lanstein:20210716:attacks:e5901e5, author = {Alex Lanstein}, title = {{Tweet on attacks from UNC2652/NOBELIUM}}, date = {2021-07-16}, organization = {Twitter (@alex_lanstein)}, url = {https://twitter.com/alex_lanstein/status/1415761111891148800}, language = {English}, urldate = {2021-07-20} } Tweet on attacks from UNC2652/NOBELIUM
2021-07-16Twitter (@benkow_)Benoît Ancel
@online{ancel:20210716:deeprat:d7d7959, author = {Benoît Ancel}, title = {{Tweet on DeepRAT}}, date = {2021-07-16}, organization = {Twitter (@benkow_)}, url = {https://twitter.com/benkow_/status/1415797114794397701}, language = {English}, urldate = {2021-07-26} } Tweet on DeepRAT
DeepRAT
2021-07-07Twitter (@C0rk1_H)hyabcd
@online{hyabcd:20210707:purplefox:af42cde, author = {hyabcd}, title = {{Tweet on purplefox exploiting PrintNightmare (CVE-2021-34527) vulnerability in cryptocurrency mining campaign}}, date = {2021-07-07}, organization = {Twitter (@C0rk1_H)}, url = {https://twitter.com/C0rk1_H/status/1412801973628272641?s=20}, language = {English}, urldate = {2021-07-19} } Tweet on purplefox exploiting PrintNightmare (CVE-2021-34527) vulnerability in cryptocurrency mining campaign
win.purplefox
2021-07-07Twitter (@resecurity_com)Resecurity
@online{resecurity:20210707:revil:fb53320, author = {Resecurity}, title = {{Tweet REvil attack chain used against Kaseya}}, date = {2021-07-07}, organization = {Twitter (@resecurity_com)}, url = {https://twitter.com/resecurity_com/status/1412662343796813827}, language = {English}, urldate = {2021-07-24} } Tweet REvil attack chain used against Kaseya
REvil
2021-07-060ffset BlogDaniel Bunce, 0verfl0w_
@online{bunce:20210706:new:36ccc46, author = {Daniel Bunce and 0verfl0w_}, title = {{New TA402/MOLERATS Malware – Decrypting .NET Reactor Strings}}, date = {2021-07-06}, organization = {0ffset Blog}, url = {https://www.0ffset.net/reverse-engineering/malware-analysis/molerats-string-decryption/}, language = {English}, urldate = {2021-07-11} } New TA402/MOLERATS Malware – Decrypting .NET Reactor Strings
SharpStage
2021-07-06Twitter (@_alex_il_)Alex Ilgayev
@online{ilgayev:20210706:revil:500a59e, author = {Alex Ilgayev}, title = {{Tweet on REvil ransomware actor using vulnerable defender executable in its infection flow in early may before Kaseya attack}}, date = {2021-07-06}, organization = {Twitter (@_alex_il_)}, url = {https://twitter.com/_alex_il_/status/1412403420217159694}, language = {English}, urldate = {2021-07-26} } Tweet on REvil ransomware actor using vulnerable defender executable in its infection flow in early may before Kaseya attack
REvil
2021-07-02Twitter (@VK_intel)Vitali Kremez
@online{kremez:20210702:revil:2a1c66a, author = {Vitali Kremez}, title = {{Tweet on Revil ransomware analysis used in Kaseya attack}}, date = {2021-07-02}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1411066870350942213}, language = {English}, urldate = {2021-07-24} } Tweet on Revil ransomware analysis used in Kaseya attack
REvil
2021-07-01360 netlabHui Wang, Alex.Turing, Jinye, houliuyang, Chai Linyuan
@online{wang:20210701:miraiptea:3ba235e, author = {Hui Wang and Alex.Turing and Jinye and houliuyang and Chai Linyuan}, title = {{Mirai_ptea Botnet is Exploiting Undisclosed KGUARD DVR Vulnerability}}, date = {2021-07-01}, organization = {360 netlab}, url = {https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/}, language = {English}, urldate = {2021-07-11} } Mirai_ptea Botnet is Exploiting Undisclosed KGUARD DVR Vulnerability
Mirai
2021-06-29Twitter (@VK_intel)Vitali Kremez
@online{kremez:20210629:linux:1b5367c, author = {Vitali Kremez}, title = {{Tweet on Linux version of REvil ransomware}}, date = {2021-06-29}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1409601311092490248?s=20}, language = {English}, urldate = {2021-06-29} } Tweet on Linux version of REvil ransomware
REvil
2021-06-28Twitter (@VK_intel)Vitali Kremez
@online{kremez:20210628:elf:3036ab2, author = {Vitali Kremez}, title = {{Tweet on ELF version of REvil}}, date = {2021-06-28}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1409601311092490248}, language = {English}, urldate = {2021-06-29} } Tweet on ELF version of REvil
REvil
2021-06-21Back Engineering_xeroxz
@online{xeroxz:20210621:vmprotect:13008c0, author = {_xeroxz}, title = {{VMProtect 2 - Part Two, Complete Static Analysis}}, date = {2021-06-21}, organization = {Back Engineering}, url = {https://back.engineering/21/06/2021/}, language = {English}, urldate = {2021-07-02} } VMProtect 2 - Part Two, Complete Static Analysis
2021-06-16nur.pubTwitter (@1umos_)
@online{1umos:20210616:cerberus:9fc9528, author = {Twitter (@1umos_)}, title = {{Cerberus Analysis - Android Banking Trojan}}, date = {2021-06-16}, organization = {nur.pub}, url = {https://nur.pub/cerberus-analysis}, language = {English}, urldate = {2021-06-21} } Cerberus Analysis - Android Banking Trojan
Cerberus
2021-06-13Twitter (@alberto__segura)Alberto Segura
@online{segura:20210613:flubot:f2d4a14, author = {Alberto Segura}, title = {{Tweet on Flubot version 4.6}}, date = {2021-06-13}, organization = {Twitter (@alberto__segura)}, url = {https://twitter.com/alberto__segura/status/1404098461440659459}, language = {English}, urldate = {2021-06-21} } Tweet on Flubot version 4.6
FluBot
2021-06-09Twitter (@alberto__segura)Alberto Segura
@online{segura:20210609:flubt:d365192, author = {Alberto Segura}, title = {{Tweet on Flubt version 4.5}}, date = {2021-06-09}, organization = {Twitter (@alberto__segura)}, url = {https://twitter.com/alberto__segura/status/1402615237296148483}, language = {English}, urldate = {2021-06-21} } Tweet on Flubt version 4.5
FluBot