Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-07-07Lab52Lab52
@online{lab52:20230707:beyond:8a89022, author = {Lab52}, title = {{Beyond appearances: unknown actor using APT29’s TTP against Chinese users}}, date = {2023-07-07}, organization = {Lab52}, url = {https://lab52.io/blog/beyond-appearances-unknown-actor-using-apt29s-ttp-against-chinese-users/}, language = {English}, urldate = {2023-07-13} } Beyond appearances: unknown actor using APT29’s TTP against Chinese users
Cobalt Strike
2023-06-01Kaspersky LabsIgor Kuznetsov, Valentin Pashkov, Leonid Bezvershenko, Georgy Kucherin
@online{kuznetsov:20230601:operation:ad8eded, author = {Igor Kuznetsov and Valentin Pashkov and Leonid Bezvershenko and Georgy Kucherin}, title = {{Operation Triangulation: iOS devices targeted with previously unknown malware}}, date = {2023-06-01}, organization = {Kaspersky Labs}, url = {https://securelist.com/operation-triangulation/109842/}, language = {English}, urldate = {2023-06-01} } Operation Triangulation: iOS devices targeted with previously unknown malware
2023-02-22SymantecSymantec Threat Hunter Team
@online{team:20230222:hydrochasma:21d30af, author = {Symantec Threat Hunter Team}, title = {{Hydrochasma: Previously Unknown Group Targets Medical and Shipping Organizations in Asia}}, date = {2023-02-22}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/hydrochasma-asia-medical-shipping-intelligence-gathering}, language = {English}, urldate = {2023-10-05} } Hydrochasma: Previously Unknown Group Targets Medical and Shipping Organizations in Asia
Cobalt Strike
2022-08-25DarktraceEmma Foulger, Max Heinemeyer
@online{foulger:20220825:detecting:95564b0, author = {Emma Foulger and Max Heinemeyer}, title = {{Detecting the Unknown: Revealing Uncategorized Ransomware Using Darktrace}}, date = {2022-08-25}, organization = {Darktrace}, url = {https://de.darktrace.com/blog/detecting-the-unknown-revealing-uncategorised-ransomware-using-darktrace}, language = {English}, urldate = {2022-08-30} } Detecting the Unknown: Revealing Uncategorized Ransomware Using Darktrace
BlackByte
2022-06-21KasperskyGiampaolo Dedola
@online{dedola:20220621:toddycat:20bf8db, author = {Giampaolo Dedola}, title = {{APT ToddyCat: Unveiling an unknown APT actor attacking high-profile entities in Europe and Asia}}, date = {2022-06-21}, organization = {Kaspersky}, url = {https://securelist.com/toddycat/106799/}, language = {English}, urldate = {2022-06-22} } APT ToddyCat: Unveiling an unknown APT actor attacking high-profile entities in Europe and Asia
ToddyCat
2022-01-12Lab52Jagaimo Kawaii
@online{kawaii:20220112:tokyox:809eda0, author = {Jagaimo Kawaii}, title = {{TokyoX: DLL side-loading an unknown artifact (Part 2)}}, date = {2022-01-12}, organization = {Lab52}, url = {https://lab52.io/blog/tokyox-dll-side-loading-an-unknown-artifact-part-2/}, language = {English}, urldate = {2022-01-18} } TokyoX: DLL side-loading an unknown artifact (Part 2)
TokyoX
2022-01-10Lab52ml10
@online{ml10:20220110:tokyox:ac76bdb, author = {ml10}, title = {{TokyoX: DLL side-loading an unknown artifact}}, date = {2022-01-10}, organization = {Lab52}, url = {https://lab52.io/blog/tokyox-dll-side-loading-an-unknown-artifact/}, language = {English}, urldate = {2022-01-18} } TokyoX: DLL side-loading an unknown artifact
TokyoX
2021-10-07ESET ResearchVladislav Hrčka
@online{hrka:20211007:fontonlake:03cadd5, author = {Vladislav Hrčka}, title = {{FontOnLake: Previously unknown malware family targeting Linux}}, date = {2021-10-07}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/}, language = {English}, urldate = {2021-10-11} } FontOnLake: Previously unknown malware family targeting Linux
FontOnLake
2021-09-16Twitter (@GossiTheDog)Kevin Beaumont
@online{beaumont:20210916:some:550bbaa, author = {Kevin Beaumont}, title = {{Tweet on some unknown threat actor dropping Mgbot, custom IIS modular backdoor and cobalstrike using exploiting ProxyShell}}, date = {2021-09-16}, organization = {Twitter (@GossiTheDog)}, url = {https://twitter.com/GossiTheDog/status/1438500100238577670}, language = {English}, urldate = {2021-09-20} } Tweet on some unknown threat actor dropping Mgbot, custom IIS modular backdoor and cobalstrike using exploiting ProxyShell
Cobalt Strike MgBot
2021-09-01FireEyeAdrien Bataille, Blaine Stancill
@online{bataille:20210901:too:5f62b52, author = {Adrien Bataille and Blaine Stancill}, title = {{Too Log; Didn't Read — Unknown Actor Using CLFS Log Files for Stealth}}, date = {2021-09-01}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html}, language = {English}, urldate = {2021-09-02} } Too Log; Didn't Read — Unknown Actor Using CLFS Log Files for Stealth
PRIVATELOG STASHLOG
2021-07-29KasperskyKaspersky
@online{kaspersky:20210729:ghostemperor:c9ddfe4, author = {Kaspersky}, title = {{GhostEmperor: Chinese-speaking APT targets high-profile victims using unknown rootkit}}, date = {2021-07-29}, organization = {Kaspersky}, url = {https://www.kaspersky.com/about/press-releases/2021_ghostemperor-chinese-speaking-apt-targets-high-profile-victims-using-unknown-rootkit}, language = {English}, urldate = {2021-10-07} } GhostEmperor: Chinese-speaking APT targets high-profile victims using unknown rootkit
GhostEmperor
2021-06-29Twitter (@IntezerLabs)Intezer
@online{intezer:20210629:unknown:1f1f2d3, author = {Intezer}, title = {{Tweet on unknown elf backdoor based on an open source remote shell named "amcsh"}}, date = {2021-06-29}, organization = {Twitter (@IntezerLabs)}, url = {https://twitter.com/IntezerLabs/status/1409844721992749059}, language = {English}, urldate = {2021-08-11} } Tweet on unknown elf backdoor based on an open source remote shell named "amcsh"
BioSet
2021-06-24fumik0 blogfumik0
@online{fumik0:20210624:lu0bot:9b9e569, author = {fumik0}, title = {{Lu0bot – An unknown NodeJS malware using UDP}}, date = {2021-06-24}, organization = {fumik0 blog}, url = {https://fumik0.com/2021/06/24/lu0bot-an-unknown-nodejs-malware-using-udp/}, language = {English}, urldate = {2021-06-25} } Lu0bot – An unknown NodeJS malware using UDP
2021-06-02Check Point ResearchCheck Point Research
@online{research:20210602:sharppanda:5a21952, author = {Check Point Research}, title = {{SharpPanda: Chinese APT Group Targets Southeast Asian Government With Previously Unknown Backdoor}}, date = {2021-06-02}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2021/chinese-apt-group-targets-southeast-asian-government-with-previously-unknown-backdoor/}, language = {English}, urldate = {2021-06-04} } SharpPanda: Chinese APT Group Targets Southeast Asian Government With Previously Unknown Backdoor
SharpPanda
2021-03-26AccentureEric Welling, Jeff Beley, Ryan Leininger
@online{welling:20210326:its:33085a3, author = {Eric Welling and Jeff Beley and Ryan Leininger}, title = {{It's getting hot in here! Unknown threat group using Hades ransomware to turn up the heat on their victims}}, date = {2021-03-26}, organization = {Accenture}, url = {https://www.accenture.com/us-en/blogs/cyber-defense/unknown-threat-group-using-hades-ransomware}, language = {English}, urldate = {2021-03-30} } It's getting hot in here! Unknown threat group using Hades ransomware to turn up the heat on their victims
Hades
2021-03-16The RecordDmitry Smilyanets
@online{smilyanets:20210316:i:cf06d4f, author = {Dmitry Smilyanets}, title = {{‘I scrounged through the trash heaps… now I’m a millionaire:’ An interview with REvil’s Unknown}}, date = {2021-03-16}, organization = {The Record}, url = {https://therecord.media/i-scrounged-through-the-trash-heaps-now-im-a-millionaire-an-interview-with-revils-unknown/}, language = {English}, urldate = {2021-03-19} } ‘I scrounged through the trash heaps… now I’m a millionaire:’ An interview with REvil’s Unknown
REvil
2021-03-04FlashpointFlashpoint
@online{flashpoint:20210304:breaking:f6dfffc, author = {Flashpoint}, title = {{Breaking: Elite Cybercrime Forum “Maza” Breached by Unknown Attacker}}, date = {2021-03-04}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/breelite-cybercrime-forum-maza-breached-by-unknown-attacker/}, language = {English}, urldate = {2021-03-04} } Breaking: Elite Cybercrime Forum “Maza” Breached by Unknown Attacker
2021-02-22Check Point ResearchEyal Itkin, Itay Cohen
@online{itkin:20210222:story:6f59f06, author = {Eyal Itkin and Itay Cohen}, title = {{The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day}}, date = {2021-02-22}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2021/the-story-of-jian/}, language = {English}, urldate = {2021-02-25} } The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day
2021-02-22Check Point ResearchEyal Itkin, Itay Cohen
@online{itkin:20210222:story:a3a3da9, author = {Eyal Itkin and Itay Cohen}, title = {{The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day}}, date = {2021-02-22}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2021/the-story-of-jian}, language = {English}, urldate = {2021-07-22} } The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day
APT31
2020-09-04KrabsOnSecurityMr. Krabs
@online{krabs:20200904:bitrat:bd0d3cd, author = {Mr. Krabs}, title = {{BitRAT pt. 2: Hidden Browser, SOCKS5 proxy, and UnknownProducts Unmasked}}, date = {2020-09-04}, organization = {KrabsOnSecurity}, url = {https://krabsonsecurity.com/2020/09/04/bitrat-pt-2-hidden-browser-socks5-proxy-and-unknownproducts-unmasked/}, language = {English}, urldate = {2020-09-05} } BitRAT pt. 2: Hidden Browser, SOCKS5 proxy, and UnknownProducts Unmasked
BitRAT WebMonitor RAT