Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-23MorphisecHido Cohen, Arnold Osipov
@online{cohen:20211123:babadeda:ae0d0ac, author = {Hido Cohen and Arnold Osipov}, title = {{Babadeda Crypter targeting crypto, NFT, and DeFi communities}}, date = {2021-11-23}, organization = {Morphisec}, url = {https://blog.morphisec.com/the-babadeda-crypter-targeting-crypto-nft-defi-communities}, language = {English}, urldate = {2021-11-29} } Babadeda Crypter targeting crypto, NFT, and DeFi communities
2021-11-19IronNetMorgan Demboski
@online{demboski:20211119:is:d05360d, author = {Morgan Demboski}, title = {{Is a coordinated cyberattack brewing in the escalating Russian-Ukrainian conflict?}}, date = {2021-11-19}, organization = {IronNet}, url = {https://www.ironnet.com/blog/is-a-coordinated-cyberattack-brewing-in-the-escalating-russian-ukrainian-conflict}, language = {English}, urldate = {2021-11-25} } Is a coordinated cyberattack brewing in the escalating Russian-Ukrainian conflict?
2021-11-17ARMORARMOR
@online{armor:20211117:astaroth:04788ff, author = {ARMOR}, title = {{Astaroth: Banking Trojan}}, date = {2021-11-17}, organization = {ARMOR}, url = {https://www.armor.com/resources/threat-intelligence/astaroth-banking-trojan/}, language = {English}, urldate = {2021-11-18} } Astaroth: Banking Trojan
Astaroth
2021-11-16IronNetIronNet Threat Research, Morgan Demboski, Joey Fitzpatrick, Peter Rydzynski
@online{research:20211116:how:d7fdaf8, author = {IronNet Threat Research and Morgan Demboski and Joey Fitzpatrick and Peter Rydzynski}, title = {{How IronNet's Behavioral Analytics Detect REvil and Conti Ransomware}}, date = {2021-11-16}, organization = {IronNet}, url = {https://www.ironnet.com/blog/ransomware-graphic-blog}, language = {English}, urldate = {2021-11-25} } How IronNet's Behavioral Analytics Detect REvil and Conti Ransomware
Cobalt Strike Conti IcedID REvil
2021-11-12CrowdStrikeAnmol Maurya
@online{maurya:20211112:golang:aadabd9, author = {Anmol Maurya}, title = {{Golang Malware Is More than a Fad: Financial Motivation Drives Adoption}}, date = {2021-11-12}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/financial-motivation-drives-golang-malware-adoption/}, language = {English}, urldate = {2021-11-17} } Golang Malware Is More than a Fad: Financial Motivation Drives Adoption
Snatch
2021-11-11AT&TOfer Caspi
@online{caspi:20211111:att:4c2bbed, author = {Ofer Caspi}, title = {{AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits}}, date = {2021-11-11}, organization = {AT&T}, url = {https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits}, language = {English}, urldate = {2021-11-17} } AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits
BotenaGo
2021-11-04Security Service of UkraineSecurity Service of Ukraine
@online{ukraine:20211104:ssu:d4fcd5b, author = {Security Service of Ukraine}, title = {{SSU identified FSB hackers who carried out more than 5,000 cyberattacks on state bodies of Ukraine (video)}}, date = {2021-11-04}, organization = {Security Service of Ukraine}, url = {https://ssu.gov.ua/en/novyny/sbu-vstanovyla-khakeriv-fsb-yaki-zdiisnyly-ponad-5-tys-kiberatak-na-derzhavni-orhany-ukrainy}, language = {English}, urldate = {2021-11-08} } SSU identified FSB hackers who carried out more than 5,000 cyberattacks on state bodies of Ukraine (video)
2021-11-03nvisoDidier Stevens
@online{stevens:20211103:cobalt:8f8223d, author = {Didier Stevens}, title = {{Cobalt Strike: Using Process Memory To Decrypt Traffic – Part 3}}, date = {2021-11-03}, organization = {nviso}, url = {https://blog.nviso.eu/2021/11/03/cobalt-strike-using-process-memory-to-decrypt-traffic-part-3/}, language = {English}, urldate = {2021-11-08} } Cobalt Strike: Using Process Memory To Decrypt Traffic – Part 3
Cobalt Strike
2021-11-02MinervaNatalie Zargarov
@online{zargarov:20211102:underminer:f03f426, author = {Natalie Zargarov}, title = {{Underminer Exploit Kit: The More You Check The More Evasive You Become}}, date = {2021-11-02}, organization = {Minerva}, url = {https://blog.minerva-labs.com/underminer-exploit-kit-the-more-you-check-the-more-evasive-you-become}, language = {English}, urldate = {2021-11-03} } Underminer Exploit Kit: The More You Check The More Evasive You Become
Amadey Oski Stealer RedLine Stealer UnderminerEK
2021-11-01IBMAaron Gdanski, Limor Kessem
@online{gdanski:20211101:from:dc06d28, author = {Aaron Gdanski and Limor Kessem}, title = {{From Thanos to Prometheus: When Ransomware Encryption Goes Wrong}}, date = {2021-11-01}, organization = {IBM}, url = {https://securityintelligence.com/posts/ransomware-encryption-goes-wrong/}, language = {English}, urldate = {2021-11-08} } From Thanos to Prometheus: When Ransomware Encryption Goes Wrong
Hakbit Prometheus
2021-10-28MorphisecHido Cohen, Michael Dereviashkin
@online{cohen:20211028:decaf:d22e18a, author = {Hido Cohen and Michael Dereviashkin}, title = {{DECAF Ransomware: A New Golang Threat Makes Its Appearance}}, date = {2021-10-28}, organization = {Morphisec}, url = {https://blog.morphisec.com/decaf-ransomware-a-new-golang-threat-makes-its-appearance}, language = {English}, urldate = {2021-11-03} } DECAF Ransomware: A New Golang Threat Makes Its Appearance
DECAF
2021-10-15Volatility LabsVolatility Labs
@online{labs:20211015:memory:53ea6d8, author = {Volatility Labs}, title = {{Memory Forensics R&D Illustrated: Detecting Mimikatz's Skeleton Key Attack}}, date = {2021-10-15}, organization = {Volatility Labs}, url = {https://volatility-labs.blogspot.com/2021/10/memory-forensics-r-illustrated.html}, language = {English}, urldate = {2021-11-17} } Memory Forensics R&D Illustrated: Detecting Mimikatz's Skeleton Key Attack
MimiKatz
2021-10-14MorphisecArnold Osipov
@online{osipov:20211014:explosive:d6c6eb7, author = {Arnold Osipov}, title = {{Explosive New MirrorBlast Campaign Targets Financial Companies}}, date = {2021-10-14}, organization = {Morphisec}, url = {https://blog.morphisec.com/explosive-new-mirrorblast-campaign-targets-financial-companies}, language = {English}, urldate = {2021-10-24} } Explosive New MirrorBlast Campaign Targets Financial Companies
MirrorBlast
2021-10-12IronNetBrett Fitzpatrick, Joey Fitzpatrick, Morgan Demboski, Peter Rydzynski, IronNet Threat Research
@online{fitzpatrick:20211012:continued:e1f2eb4, author = {Brett Fitzpatrick and Joey Fitzpatrick and Morgan Demboski and Peter Rydzynski and IronNet Threat Research}, title = {{Continued Exploitation of CVE-2021-26084}}, date = {2021-10-12}, organization = {IronNet}, url = {https://www.ironnet.com/blog/continued-exploitation-of-cve-2021-26084}, language = {English}, urldate = {2021-10-25} } Continued Exploitation of CVE-2021-26084
2021-09-30Medium proferosec-osmBrenton Morris
@online{morris:20210930:ransomexx:2ca1e51, author = {Brenton Morris}, title = {{RansomEXX, Fixing Corrupted Ransom}}, date = {2021-09-30}, organization = {Medium proferosec-osm}, url = {https://medium.com/proferosec-osm/ransomexx-fixing-corrupted-ransom-8e379bcaf701}, language = {English}, urldate = {2021-10-20} } RansomEXX, Fixing Corrupted Ransom
RansomEXX
2021-09-23TalosAsheer Malhotra, Vanja Svajcer, Justin Thattil
@online{malhotra:20210923:operation:056c76c, author = {Asheer Malhotra and Vanja Svajcer and Justin Thattil}, title = {{Operation “Armor Piercer:” Targeted attacks in the Indian subcontinent using commercial RATs}}, date = {2021-09-23}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/09/operation-armor-piercer.html}, language = {English}, urldate = {2021-10-05} } Operation “Armor Piercer:” Targeted attacks in the Indian subcontinent using commercial RATs
Ave Maria NetWire RC
2021-09-21MorphisecNadav Lorber
@online{lorber:20210921:new:117cc51, author = {Nadav Lorber}, title = {{New Jupyter Evasive Delivery through MSI Installer}}, date = {2021-09-21}, organization = {Morphisec}, url = {https://blog.morphisec.com/new-jupyter-evasive-delivery-through-msi-installer}, language = {English}, urldate = {2021-09-22} } New Jupyter Evasive Delivery through MSI Installer
Jupyter Stealer solarmarker
2021-09-15TelsyTelsy
@online{telsy:20210915:remcos:83c0670, author = {Telsy}, title = {{REMCOS and Agent Tesla loaded into memory with Rezer0 loader}}, date = {2021-09-15}, organization = {Telsy}, url = {https://www.telsy.com/download/4832/}, language = {English}, urldate = {2021-09-23} } REMCOS and Agent Tesla loaded into memory with Rezer0 loader
Agent Tesla Remcos
2021-09-14FortinetJohn Simmons
@online{simmons:20210914:more:f8ade2c, author = {John Simmons}, title = {{More ProxyShell? Web Shells Lead to ZeroLogon and Application Impersonation Attacks}}, date = {2021-09-14}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/more-proxyshell-web-shells-lead-to-zerologon-and-application-impersonation-attacks}, language = {English}, urldate = {2021-09-19} } More ProxyShell? Web Shells Lead to ZeroLogon and Application Impersonation Attacks
2021-09-01YouTube (Black Hat)Aragorn Tseng, Charles Li
@online{tseng:20210901:mem2img:7817a5d, author = {Aragorn Tseng and Charles Li}, title = {{Mem2Img: Memory-Resident Malware Detection via Convolution Neural Network}}, date = {2021-09-01}, organization = {YouTube (Black Hat)}, url = {https://www.youtube.com/watch?v=6SDdUVejR2w}, language = {English}, urldate = {2021-09-12} } Mem2Img: Memory-Resident Malware Detection via Convolution Neural Network
Cobalt Strike PlugX Waterbear