Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-11-07DarktraceTaisiia Garkava, Dillon Ashmore
@online{garkava:20221107:inside:43d468a, author = {Taisiia Garkava and Dillon Ashmore}, title = {{Inside the Yanluowang Leak: Organization, Members, and Tactics}}, date = {2022-11-07}, organization = {Darktrace}, url = {https://de.darktrace.com/blog/inside-the-yanluowang-leak-organization-members-and-tactics}, language = {English}, urldate = {2022-11-07} } Inside the Yanluowang Leak: Organization, Members, and Tactics
Yanluowang
2022-10-13Booz Allen HamiltonBooz Allen Hamilton
@techreport{hamilton:20221013:same:8e18bf4, author = {Booz Allen Hamilton}, title = {{Same Cloak, More Dagger: Decoding how the People's Republic of China uses Cyberattacks}}, date = {2022-10-13}, institution = {Booz Allen Hamilton}, url = {https://www.boozallen.com/content/dam/home/pdf/natsec/china-cyber-report.pdf}, language = {English}, urldate = {2022-10-24} } Same Cloak, More Dagger: Decoding how the People's Republic of China uses Cyberattacks
2022-09-27Palo Alto Networks Unit 42Mark Lim
@online{lim:20220927:more:5992cc3, author = {Mark Lim}, title = {{More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID}}, date = {2022-09-27}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/polyglot-file-icedid-payload/}, language = {English}, urldate = {2022-09-30} } More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID
PhotoLoader
2022-09-22MorphisecMorphisec Labs
@online{labs:20220922:watch:0f6c6c3, author = {Morphisec Labs}, title = {{Watch Out For The New NFT-001}}, date = {2022-09-22}, organization = {Morphisec}, url = {https://blog.morphisec.com/nft-malware-new-evasion-abilities}, language = {English}, urldate = {2022-11-21} } Watch Out For The New NFT-001
Eternity Stealer Remcos
2022-09-15AquasecAssaf Morag, Asaf Eitani
@online{morag:20220915:threat:b35ec09, author = {Assaf Morag and Asaf Eitani}, title = {{Threat Alert: New Malware in the Cloud By TeamTNT}}, date = {2022-09-15}, organization = {Aquasec}, url = {https://blog.aquasec.com/new-malware-in-the-cloud-by-teamtnt}, language = {English}, urldate = {2022-09-19} } Threat Alert: New Malware in the Cloud By TeamTNT
Tsunami
2022-09-12Arctic WolfMarkus Neis, Ross Phillips, Steven Campbell, Teresa Whitmore, Alex Ammons, Arctic Wolf Labs Team
@online{neis:20220912:chiseling:58925b9, author = {Markus Neis and Ross Phillips and Steven Campbell and Teresa Whitmore and Alex Ammons and Arctic Wolf Labs Team}, title = {{Chiseling In: Lorenz Ransomware Group Cracks MiVoice And Calls Back For Free}}, date = {2022-09-12}, organization = {Arctic Wolf}, url = {https://arcticwolf.com/resources/blog/lorenz-ransomware-chiseling-in/}, language = {English}, urldate = {2022-09-15} } Chiseling In: Lorenz Ransomware Group Cracks MiVoice And Calls Back For Free
Chisel Lorenz
2022-08-29InQuestDavid Ledbetter
@online{ledbetter:20220829:office:efe24cb, author = {David Ledbetter}, title = {{Office Files, RTF files, Shellcode and more shenanigans}}, date = {2022-08-29}, organization = {InQuest}, url = {https://inquest.net/blog/2022/08/29/office-files-rtf-files-shellcode-and-more-shenanigans}, language = {English}, urldate = {2022-08-31} } Office Files, RTF files, Shellcode and more shenanigans
CloudEyE
2022-08-29360 netlabwanghao
@online{wanghao:20220829:purecrypter:4d81329, author = {wanghao}, title = {{PureCrypter Loader continues to be active and has spread to more than 10 other families}}, date = {2022-08-29}, organization = {360 netlab}, url = {https://blog.netlab.360.com/purecrypter}, language = {Chinese}, urldate = {2022-09-06} } PureCrypter Loader continues to be active and has spread to more than 10 other families
404 Keylogger Agent Tesla AsyncRAT Formbook RedLine Stealer
2022-08-25ExpelKyle Pellett, Andrew Jerry
@online{pellett:20220825:moreeggs:f309813, author = {Kyle Pellett and Andrew Jerry}, title = {{MORE_EGGS and Some LinkedIn Resumé Spearphishing}}, date = {2022-08-25}, organization = {Expel}, url = {https://expel.com/blog/more-eggs-and-some-linkedin-resume-spearphishing}, language = {English}, urldate = {2022-08-31} } MORE_EGGS and Some LinkedIn Resumé Spearphishing
More_eggs
2022-08-18FortinetShunichi Imano, James Slaughter
@online{imano:20220818:ransomware:a073b3f, author = {Shunichi Imano and James Slaughter}, title = {{Ransomware Roundup: Gwisin, Kriptor, Cuba, and More}}, date = {2022-08-18}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/ransomware-roundup-gwisin-kriptor-cuba-and-more}, language = {English}, urldate = {2022-08-28} } Ransomware Roundup: Gwisin, Kriptor, Cuba, and More
Cuba
2022-08-16KasperskyLeonid Bezvershenko, Igor Kuznetsov
@online{bezvershenko:20220816:two:89002d5, author = {Leonid Bezvershenko and Igor Kuznetsov}, title = {{Two more malicious Python packages in the PyPI}}, date = {2022-08-16}, organization = {Kaspersky}, url = {https://securelist.com/two-more-malicious-python-packages-in-the-pypi/107218/}, language = {English}, urldate = {2022-08-28} } Two more malicious Python packages in the PyPI
W4SP Stealer
2022-08-11MorphisecHido Cohen, Arnold Osipov
@online{cohen:20220811:aptc35:bc731cd, author = {Hido Cohen and Arnold Osipov}, title = {{APT-C-35 GETS A NEW UPGRADE}}, date = {2022-08-11}, organization = {Morphisec}, url = {https://blog.morphisec.com/apt-c-35-new-windows-framework-revealed}, language = {English}, urldate = {2022-08-12} } APT-C-35 GETS A NEW UPGRADE
2022-08-04FortinetShunichi Imano, James Slaughter
@online{imano:20220804:ransomware:64610c9, author = {Shunichi Imano and James Slaughter}, title = {{Ransomware Roundup: Redeemer, Beamed, and More}}, date = {2022-08-04}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/ransomware-roundup-redeemer-beamed-and-more}, language = {English}, urldate = {2022-08-11} } Ransomware Roundup: Redeemer, Beamed, and More
2022-08-02Trend MicroNathaniel Morales, Ivan Nicole Chavez, Monte de Jesus, Lala Manly, Nathaniel Gregory Ragasa
@online{morales:20220802:solidbit:a4f9af7, author = {Nathaniel Morales and Ivan Nicole Chavez and Monte de Jesus and Lala Manly and Nathaniel Gregory Ragasa}, title = {{SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant}}, date = {2022-08-02}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/h/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamer.html}, language = {English}, urldate = {2022-08-08} } SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant
SolidBit
2022-07-25Trend MicroIvan Nicole Chavez, Byron Gelera, Katherine Casona, Nathaniel Morales, Ieriz Nicolle Gonzalez, Nathaniel Gregory Ragasa
@online{chavez:20220725:lockbit:a660282, author = {Ivan Nicole Chavez and Byron Gelera and Katherine Casona and Nathaniel Morales and Ieriz Nicolle Gonzalez and Nathaniel Gregory Ragasa}, title = {{LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities}}, date = {2022-07-25}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/g/lockbit-ransomware-group-augments-its-latest-variant--lockbit-3-.html}, language = {English}, urldate = {2022-08-11} } LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
BlackMatter LockBit
2022-07-19SUCURIMatt Morrow
@online{morrow:20220719:prestashop:55554b0, author = {Matt Morrow}, title = {{PrestaShop Skimmer Concealed in One Page Checkout Module}}, date = {2022-07-19}, organization = {SUCURI}, url = {https://blog.sucuri.net/2022/07/prestashop-skimmer-concealed-in-one-page-checkout-module.html}, language = {English}, urldate = {2022-07-25} } PrestaShop Skimmer Concealed in One Page Checkout Module
2022-07-06Trend MicroNathaniel Morales, Monte de Jesus, Ivan Nicole Chavez, Bren Matthew Ebriega, Joshua Paul Ignacio
@online{morales:20220706:brandnew:3a02441, author = {Nathaniel Morales and Monte de Jesus and Ivan Nicole Chavez and Bren Matthew Ebriega and Joshua Paul Ignacio}, title = {{Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server}}, date = {2022-07-06}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/g/brand-new-havanacrypt-ransomware-poses-as-google-software-update.html}, language = {English}, urldate = {2022-07-12} } Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server
HavanaCrypt
2022-06-24Palo Alto Networks Unit 42Mark Lim, Riley Porter
@online{lim:20220624:there:7a3b762, author = {Mark Lim and Riley Porter}, title = {{There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families}}, date = {2022-06-24}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/api-hammering-malware-families/}, language = {English}, urldate = {2022-06-27} } There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families
BazarBackdoor Zloader
2022-06-02Trend MicroIeriz Nicolle Gonzalez, Nathaniel Morales, Monte de Jesus
@online{gonzalez:20220602:yourcyanide:0e8d1cb, author = {Ieriz Nicolle Gonzalez and Nathaniel Morales and Monte de Jesus}, title = {{YourCyanide: A CMD-Based Ransomware With Multiple Layers of Obfuscation}}, date = {2022-06-02}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/f/yourcyanide-a-cmd-based-ransomware.html}, language = {English}, urldate = {2022-06-07} } YourCyanide: A CMD-Based Ransomware With Multiple Layers of Obfuscation
YourCyanide
2022-05-19Trend MicroAdolph Christian Silverio, Jeric Miguel Abordo, Khristian Joseph Morales, Maria Emreen Viray
@online{silverio:20220519:bruised:f5c6775, author = {Adolph Christian Silverio and Jeric Miguel Abordo and Khristian Joseph Morales and Maria Emreen Viray}, title = {{Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware}}, date = {2022-05-19}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/e/bruised-but-not-broken--the-resurgence-of-the-emotet-botnet-malw.html}, language = {English}, urldate = {2022-05-25} } Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware
Emotet QakBot