Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-08-01Twitter (@sekoia_io)sekoia
@online{sekoia:20220801:turlas:ec60a74, author = {sekoia}, title = {{Tweet on Turla's CyberAzov activity}}, date = {2022-08-01}, organization = {Twitter (@sekoia_io)}, url = {https://twitter.com/sekoia_io/status/1554086468104196096}, language = {English}, urldate = {2022-08-02} } Tweet on Turla's CyberAzov activity
CyberAzov
2022-07-26Cert-UACert-UA
@online{certua:20220726:uac0010:e697f18, author = {Cert-UA}, title = {{UAC-0010 (Armageddon) cyberattacks using the GammaLoad.PS1_v2 malware (CERT-UA#5003,5013,5069,5071)}}, date = {2022-07-26}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/971405}, language = {Ukrainian}, urldate = {2022-07-28} } UAC-0010 (Armageddon) cyberattacks using the GammaLoad.PS1_v2 malware (CERT-UA#5003,5013,5069,5071)
2022-06-28Twitter (@_CPResearch_)Check Point Research
@online{research:20220628:malware:896fb41, author = {Check Point Research}, title = {{Tweet on malware used against Steel Industry in Iran}}, date = {2022-06-28}, organization = {Twitter (@_CPResearch_)}, url = {https://twitter.com/_cpresearch_/status/1541753913732366338}, language = {English}, urldate = {2022-07-25} } Tweet on malware used against Steel Industry in Iran
Meteor Predatory Sparrow
2022-06-28Twitter (@_icebre4ker_)Fr4
@online{fr4:20220628:revive:7582d22, author = {Fr4}, title = {{Revive and Coper are using similar phishing template and app}}, date = {2022-06-28}, organization = {Twitter (@_icebre4ker_)}, url = {https://twitter.com/_icebre4ker_/status/1541875982684094465}, language = {English}, urldate = {2022-06-29} } Revive and Coper are using similar phishing template and app
Coper
2022-05-12Cert-UACert-UA
@online{certua:20220512:uac0010:582178b, author = {Cert-UA}, title = {{Uac-0010 (Armageddon) cyberattacks using GammaLoad.PS1_v2 malware (CERT-UA#4634,4648)}}, date = {2022-05-12}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/40240}, language = {Ukrainian}, urldate = {2022-05-17} } Uac-0010 (Armageddon) cyberattacks using GammaLoad.PS1_v2 malware (CERT-UA#4634,4648)
2022-04-27Binary Defenseshade_vx
@online{shadevx:20220427:detecting:ebc3f20, author = {shade_vx}, title = {{Detecting Ransomware’s Stealthy Boot Configuration Edits}}, date = {2022-04-27}, organization = {Binary Defense}, url = {https://www.binarydefense.com/detecting-ransomwares-stealthy-boot-configuration-edits/}, language = {English}, urldate = {2022-05-09} } Detecting Ransomware’s Stealthy Boot Configuration Edits
2022-04-21eSentireeSentire Threat Response Unit (TRU)
@online{tru:20220421:hackers:e10086f, author = {eSentire Threat Response Unit (TRU)}, title = {{Hackers Spearphish Corporate Hiring Managers with Poisoned Resumes, Infecting Them with the More_Eggs Malware, Warns eSentire}}, date = {2022-04-21}, organization = {eSentire}, url = {https://www.esentire.com/blog/hackers-spearphish-corporate-hiring-managers-with-poisoned-resumes-infecting-them-with-the-more-eggs-malware}, language = {English}, urldate = {2022-05-24} } Hackers Spearphish Corporate Hiring Managers with Poisoned Resumes, Infecting Them with the More_Eggs Malware, Warns eSentire
More_eggs
2022-04-14Medium (@DCSO_CyTec)DCSO CyTec
@online{cytec:20220414:404:a7dc53d, author = {DCSO CyTec}, title = {{404 — File still found}}, date = {2022-04-14}, organization = {Medium (@DCSO_CyTec)}, url = {https://medium.com/@DCSO_CyTec/404-file-still-found-d52c3834084c}, language = {English}, urldate = {2022-05-31} } 404 — File still found
SideWinder
2022-04-04The DFIR Report@0xtornado, @yatinwad, @MettalicHack, @_pete_0
@online{0xtornado:20220404:stolen:3df91a7, author = {@0xtornado and @yatinwad and @MettalicHack and @_pete_0}, title = {{Stolen Images Campaign Ends in Conti Ransomware}}, date = {2022-04-04}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2022/04/04/stolen-images-campaign-ends-in-conti-ransomware/}, language = {English}, urldate = {2022-04-04} } Stolen Images Campaign Ends in Conti Ransomware
Conti IcedID
2022-03-12Twitter (@ET_Labs)ET Labs
@online{labs:20220312:quick:ef9cb00, author = {ET Labs}, title = {{A quick thread examining the network artifacts of the HermeticWizard spreading}}, date = {2022-03-12}, organization = {Twitter (@ET_Labs)}, url = {https://twitter.com/ET_Labs/status/1502494650640351236}, language = {English}, urldate = {2022-03-28} } A quick thread examining the network artifacts of the HermeticWizard spreading
HermeticWizard
2022-03-10Twitter (@teamcymru_S2)Team Cymru
@online{cymru:20220310:crimson:a646aac, author = {Team Cymru}, title = {{Tweet on Crimson RAT infrastructure used by APT36}}, date = {2022-03-10}, organization = {Twitter (@teamcymru_S2)}, url = {https://twitter.com/teamcymru_S2/status/1501955802025836546}, language = {English}, urldate = {2022-03-14} } Tweet on Crimson RAT infrastructure used by APT36
Crimson RAT
2022-02-28Twitter (@M_haggis)The Haag
@online{haag:20220228:parsing:7eb8f68, author = {The Haag}, title = {{Tweet on parsing Daxin driver metadata using powershell}}, date = {2022-02-28}, organization = {Twitter (@M_haggis)}, url = {https://twitter.com/M_haggis/status/1498399791276912640}, language = {English}, urldate = {2022-03-07} } Tweet on parsing Daxin driver metadata using powershell
Daxin
2022-02-26Atomic Matryoshkaz3r0day_504
@online{z3r0day504:20220226:infographic:7bb195e, author = {z3r0day_504}, title = {{Infographic: APTs in South America}}, date = {2022-02-26}, organization = {Atomic Matryoshka}, url = {https://www.atomicmatryoshka.com/post/infographic-apts-in-south-america}, language = {English}, urldate = {2022-03-01} } Infographic: APTs in South America
Imminent Monitor RAT Machete
2022-02-21Atomic Matryoshkaz3r0day_504
@online{z3r0day504:20220221:ousaban:38cdf0b, author = {z3r0day_504}, title = {{Ousaban MSI Installer Analysis}}, date = {2022-02-21}, organization = {Atomic Matryoshka}, url = {https://www.atomicmatryoshka.com/post/ousaban-msi-installer-analysis}, language = {English}, urldate = {2022-02-26} } Ousaban MSI Installer Analysis
Ousaban
2022-02-17Twitter (@Honeymoon_IoC)Gi7w0rm
@online{gi7w0rm:20220217:tweets:a96e458, author = {Gi7w0rm}, title = {{Tweets on win.prometei caught via Cowrie}}, date = {2022-02-17}, organization = {Twitter (@Honeymoon_IoC)}, url = {https://twitter.com/honeymoon_ioc/status/1494311182550904840}, language = {English}, urldate = {2022-02-17} } Tweets on win.prometei caught via Cowrie
Prometei
2022-01-28Atomic Matryoshkaz3r0day_504
@online{z3r0day504:20220128:malware:3628b1b, author = {z3r0day_504}, title = {{Malware Headliners: LokiBot}}, date = {2022-01-28}, organization = {Atomic Matryoshka}, url = {https://www.atomicmatryoshka.com/post/malware-headliners-lokibot}, language = {English}, urldate = {2022-02-01} } Malware Headliners: LokiBot
Loki Password Stealer (PWS)
2022-01-24Twitter (@_icebre4ker_)_icebre4ker_
@online{icebre4ker:20220124:vultur:3eda891, author = {_icebre4ker_}, title = {{Vultur Dropper on Google Play Store}}, date = {2022-01-24}, organization = {Twitter (@_icebre4ker_)}, url = {https://twitter.com/_icebre4ker_/status/1485651238175846400}, language = {English}, urldate = {2022-02-02} } Vultur Dropper on Google Play Store
Vultur
2022-01-22Atomic Matryoshkaz3r0day_504
@online{z3r0day504:20220122:malware:1ec08ef, author = {z3r0day_504}, title = {{Malware Headliners: Emotet}}, date = {2022-01-22}, organization = {Atomic Matryoshka}, url = {https://www.atomicmatryoshka.com/post/malware-headliners-emotet}, language = {English}, urldate = {2022-02-01} } Malware Headliners: Emotet
Emotet
2022-01-21Twitter (@_CPResearch_)Check Point Research
@online{research:20220121:whitelambert:e5581c9, author = {Check Point Research}, title = {{Tweet on WhiteLambert malware}}, date = {2022-01-21}, organization = {Twitter (@_CPResearch_)}, url = {https://twitter.com/_CPResearch_/status/1484502090068242433}, language = {English}, urldate = {2022-01-25} } Tweet on WhiteLambert malware
Lambert
2022-01-20CybleincCyble
@online{cyble:20220120:deep:e172620, author = {Cyble}, title = {{Deep Dive Into Ragnar_locker Ransomware Gang}}, date = {2022-01-20}, organization = {Cybleinc}, url = {https://blog.cyble.com/2022/01/20/deep-dive-into-ragnar-locker-ransomware-gang/}, language = {English}, urldate = {2022-01-25} } Deep Dive Into Ragnar_locker Ransomware Gang
RagnarLocker