Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-11-21vmwareThreat Analysis Unit
@online{unit:20221121:threat:7972abc, author = {Threat Analysis Unit}, title = {{Threat Analysis: Active C2 Discovery Using Protocol Emulation Part4 (Dacls, aka MATA)}}, date = {2022-11-21}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/11/threat-analysis-active-c2-discovery-using-protocol-emulation-part4-dacls-aka-mata.html}, language = {English}, urldate = {2022-11-28} } Threat Analysis: Active C2 Discovery Using Protocol Emulation Part4 (Dacls, aka MATA)
Dacls
2022-11-14vmwareBethany Hardin, Lavine Oluoch, Tatiana Vollbrecht, Deborah Snyder, Nikki Benoit
@online{hardin:20221114:batloader:879d974, author = {Bethany Hardin and Lavine Oluoch and Tatiana Vollbrecht and Deborah Snyder and Nikki Benoit}, title = {{BATLOADER: The Evasive Downloader Malware}}, date = {2022-11-14}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/11/batloader-the-evasive-downloader-malware.html}, language = {English}, urldate = {2022-11-28} } BATLOADER: The Evasive Downloader Malware
BATLOADER
2022-10-25VMware Threat Analysis UnitTakahiro Haruyama
@techreport{haruyama:20221025:tracking:1f60260, author = {Takahiro Haruyama}, title = {{Tracking the entire iceberg: long-term APT malware C2 protocol emulation and scanning}}, date = {2022-10-25}, institution = {VMware Threat Analysis Unit}, url = {https://www.virusbulletin.com/uploads/pdf/conference/vb2022/slides/VB2022-Tracking-the-entire-iceberg.pdf}, language = {English}, urldate = {2022-11-01} } Tracking the entire iceberg: long-term APT malware C2 protocol emulation and scanning
ShadowPad Winnti
2022-10-20FortinetCara Lin
@online{lin:20221020:mirai:6945658, author = {Cara Lin}, title = {{Mirai, RAR1Ransom, and GuardMiner – Multiple Malware Campaigns Target VMware Vulnerability}}, date = {2022-10-20}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/multiple-malware-campaigns-target-vmware-vulnerability}, language = {English}, urldate = {2022-11-21} } Mirai, RAR1Ransom, and GuardMiner – Multiple Malware Campaigns Target VMware Vulnerability
Mirai
2022-10-15vmwareDana Behling
@online{behling:20221015:lockbit:b6ba83c, author = {Dana Behling}, title = {{LockBit 3.0 Ransomware Unlocked}}, date = {2022-10-15}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/10/lockbit-3-0-also-known-as-lockbit-black.html}, language = {English}, urldate = {2022-10-24} } LockBit 3.0 Ransomware Unlocked
LockBit
2022-10-03vmwareThreat Analysis Unit
@techreport{unit:20221003:emotet:94323dc, author = {Threat Analysis Unit}, title = {{Emotet Exposed: A Look Inside the Cybercriminal Supply Chain}}, date = {2022-10-03}, institution = {vmware}, url = {https://www.vmware.com/content/dam/learn/en/amer/fy23/pdf/1669005_Emotet_Exposed_A_Look_Inside_the_Cybercriminal_Supply_Chain.pdf}, language = {English}, urldate = {2022-10-24} } Emotet Exposed: A Look Inside the Cybercriminal Supply Chain
Emotet
2022-09-28vmwareGiovanni Vigna
@online{vigna:20220928:esxitargeting:bd1ce9a, author = {Giovanni Vigna}, title = {{ESXi-Targeting Ransomware: The Threats That Are After Your Virtual Machines (Part 1)}}, date = {2022-09-28}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/09/esxi-targeting-ransomware-the-threats-that-are-after-your-virtual-machines-part-1.html}, language = {English}, urldate = {2022-10-10} } ESXi-Targeting Ransomware: The Threats That Are After Your Virtual Machines (Part 1)
Avoslocker Babuk Black Basta BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit Luna RansomEXX RedAlert Ransomware REvil
2022-09-20vmwareDana Behling
@online{behling:20220920:threat:8e95f5a, author = {Dana Behling}, title = {{Threat Research: New Method of Volume Shadow Backup Deletion Seen in Recent Ransomware}}, date = {2022-09-20}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/09/threat-research-new-method-of-volume-shadow-backup-deletion-seen-in-recent-ransomware.html}, language = {English}, urldate = {2022-09-26} } Threat Research: New Method of Volume Shadow Backup Deletion Seen in Recent Ransomware
2022-09-20vmwareDana Behling
@online{behling:20220920:threat:099a73a, author = {Dana Behling}, title = {{Threat Report: Illuminating Volume Shadow Deletion}}, date = {2022-09-20}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/09/threat-report-illuminating-volume-shadow-deletion.html}, language = {English}, urldate = {2022-09-26} } Threat Report: Illuminating Volume Shadow Deletion
Conti HelloKitty
2022-09-19vmwareAbe Schneider, Bethany Hardin, Lavine Oluoch
@online{schneider:20220919:evolution:b793a9d, author = {Abe Schneider and Bethany Hardin and Lavine Oluoch}, title = {{The Evolution of the Chromeloader Malware}}, date = {2022-09-19}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/09/the-evolution-of-the-chromeloader-malware.html}, language = {English}, urldate = {2022-09-20} } The Evolution of the Chromeloader Malware
Choziosi
2022-08-19vmwareOleg Boyarchuk, Stefano Ortolani
@online{boyarchuk:20220819:how:a43d0e2, author = {Oleg Boyarchuk and Stefano Ortolani}, title = {{How to Replicate Emotet Lateral Movement}}, date = {2022-08-19}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/08/how-to-replicate-emotet-lateral-movement.html}, language = {English}, urldate = {2022-08-31} } How to Replicate Emotet Lateral Movement
Emotet
2022-07-22vmwareSneha Shekar
@online{shekar:20220722:how:284bd51, author = {Sneha Shekar}, title = {{How Push Notifications are Abused to Deliver Fraudulent Links}}, date = {2022-07-22}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/07/how-push-notifications-are-abused-to-deliver-fraudulent-links.html}, language = {English}, urldate = {2022-08-31} } How Push Notifications are Abused to Deliver Fraudulent Links
2022-07-05Bleeping ComputerLawrence Abrams
@online{abrams:20220705:new:6189686, author = {Lawrence Abrams}, title = {{New RedAlert Ransomware targets Windows, Linux VMware ESXi servers}}, date = {2022-07-05}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/new-redalert-ransomware-targets-windows-linux-vmware-esxi-servers/}, language = {English}, urldate = {2022-07-13} } New RedAlert Ransomware targets Windows, Linux VMware ESXi servers
RedAlert Ransomware
2022-06-29vmwareStefano Ortolani, Giovanni Vigna
@online{ortolani:20220629:lateral:2da51bb, author = {Stefano Ortolani and Giovanni Vigna}, title = {{Lateral Movement in the Real World: A Quantitative Analysis}}, date = {2022-06-29}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/06/lateral-movement-in-the-real-world-a-quantitative-analysis.html}, language = {English}, urldate = {2022-08-31} } Lateral Movement in the Real World: A Quantitative Analysis
2022-05-25vmwareOleg Boyarchuk, Stefano Ortolani
@online{boyarchuk:20220525:emotet:ada82ac, author = {Oleg Boyarchuk and Stefano Ortolani}, title = {{Emotet Config Redux}}, date = {2022-05-25}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/05/emotet-config-redux.html}, language = {English}, urldate = {2022-05-29} } Emotet Config Redux
Emotet
2022-05-16vmwareOleg Boyarchuk, Stefano Ortolani, Jason Zhang, Threat Analysis Unit
@online{boyarchuk:20220516:emotet:6392ff3, author = {Oleg Boyarchuk and Stefano Ortolani and Jason Zhang and Threat Analysis Unit}, title = {{Emotet Moves to 64 bit and Updates its Loader}}, date = {2022-05-16}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/05/emotet-moves-to-64-bit-and-updates-its-loader.html}, language = {English}, urldate = {2022-05-17} } Emotet Moves to 64 bit and Updates its Loader
Emotet
2022-04-27Sentinel LABSJames Haughom, Júlio Dantas, Jim Walter
@online{haughom:20220427:lockbit:f0328ef, author = {James Haughom and Júlio Dantas and Jim Walter}, title = {{LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility}}, date = {2022-04-27}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility}, language = {English}, urldate = {2022-07-25} } LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
Cobalt Strike LockBit BRONZE STARLIGHT
2022-04-27Sentinel LABSJames Haughom, Júlio Dantas, Jim Walter
@online{haughom:20220427:lockbit:da3d5d1, author = {James Haughom and Júlio Dantas and Jim Walter}, title = {{LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility}}, date = {2022-04-27}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility/}, language = {English}, urldate = {2022-04-29} } LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
Cobalt Strike LockBit
2022-04-25vmwareDarshan Rana
@online{rana:20220425:serpent:c60d8fd, author = {Darshan Rana}, title = {{Serpent – The Backdoor that Hides in Plain Sight}}, date = {2022-04-25}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/04/serpent-the-backdoor-that-hides-in-plain-sight.html}, language = {English}, urldate = {2022-05-03} } Serpent – The Backdoor that Hides in Plain Sight
Serpent
2022-04-25MorphisecMorphisec Labs
@online{labs:20220425:new:7b1c795, author = {Morphisec Labs}, title = {{New Core Impact Backdoor Delivered Via VMware Vulnerability}}, date = {2022-04-25}, organization = {Morphisec}, url = {https://blog.morphisec.com/vmware-identity-manager-attack-backdoor}, language = {English}, urldate = {2022-04-29} } New Core Impact Backdoor Delivered Via VMware Vulnerability
Cobalt Strike JSSLoader