Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-14SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220914:opsec:b493562, author = {Counter Threat Unit ResearchTeam}, title = {{Opsec Mistakes Reveal COBALT MIRAGE Threat Actors}}, date = {2022-09-14}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/opsec-mistakes-reveal-cobalt-mirage-threat-actors}, language = {English}, urldate = {2022-09-19} } Opsec Mistakes Reveal COBALT MIRAGE Threat Actors
TUNNELFISH
2022-09-08SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220908:bronze:1975ebf, author = {Counter Threat Unit ResearchTeam}, title = {{BRONZE PRESIDENT Targets Government Officials}}, date = {2022-09-08}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/bronze-president-targets-government-officials}, language = {English}, urldate = {2022-09-13} } BRONZE PRESIDENT Targets Government Officials
PlugX
2022-08-17SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220817:darktortilla:9a00612, author = {Counter Threat Unit ResearchTeam}, title = {{DarkTortilla Malware Analysis}}, date = {2022-08-17}, organization = {Secureworks}, url = {https://www.secureworks.com/research/darktortilla-malware-analysis}, language = {English}, urldate = {2023-01-05} } DarkTortilla Malware Analysis
Agent Tesla AsyncRAT Cobalt Strike DarkTortilla Nanocore RAT RedLine Stealer
2022-06-23SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220623:bronze:8bccd74, author = {Counter Threat Unit ResearchTeam}, title = {{BRONZE STARLIGHT Ransomware Operations Use HUI Loader}}, date = {2022-06-23}, organization = {Secureworks}, url = {https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader}, language = {English}, urldate = {2022-09-20} } BRONZE STARLIGHT Ransomware Operations Use HUI Loader
ATOMSILO Cobalt Strike HUI Loader LockFile NightSky Pandora PlugX Quasar RAT Rook SodaMaster
2022-05-12SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220512:cobalt:6d50163, author = {Counter Threat Unit ResearchTeam}, title = {{COBALT MIRAGE Conducts Ransomware Operations in U.S.}}, date = {2022-05-12}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/cobalt-mirage-conducts-ransomware-operations-in-us}, language = {English}, urldate = {2022-05-13} } COBALT MIRAGE Conducts Ransomware Operations in U.S.
CobaltMirage FRP
2022-05-09SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220509:revil:53c819e, author = {Counter Threat Unit ResearchTeam}, title = {{REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence}}, date = {2022-05-09}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/revil-development-adds-confidence-about-gold-southfield-reemergence?linkId=164334801}, language = {English}, urldate = {2022-05-11} } REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence
REvil
2022-04-27SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220427:bronze:34ac36a, author = {Counter Threat Unit ResearchTeam}, title = {{BRONZE PRESIDENT Targets Russian Speakers with Updated PlugX}}, date = {2022-04-27}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/bronze-president-targets-russian-speakers-with-updated-plugx}, language = {English}, urldate = {2022-04-29} } BRONZE PRESIDENT Targets Russian Speakers with Updated PlugX
PlugX
2022-04-21SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220421:gold:5d6ad6d, author = {Counter Threat Unit ResearchTeam}, title = {{GOLD ULRICK Continues Conti Operations Despite Public Disclosures}}, date = {2022-04-21}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/gold-ulrick-continues-conti-operations-despite-public-disclosures}, language = {English}, urldate = {2022-04-29} } GOLD ULRICK Continues Conti Operations Despite Public Disclosures
Conti Conti
2022-04-05SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220405:azure:818fbe9, author = {Counter Threat Unit ResearchTeam}, title = {{Azure Active Directory Exposes Internal Information}}, date = {2022-04-05}, organization = {Secureworks}, url = {https://www.secureworks.com/research/azure-active-directory-exposes-internal-information}, language = {English}, urldate = {2022-04-07} } Azure Active Directory Exposes Internal Information
2022-03-23SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220323:gold:0f3da90, author = {Counter Threat Unit ResearchTeam}, title = {{GOLD ULRICK Leaks Reveal Organizational Structure and Relationships}}, date = {2022-03-23}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/gold-ulrick-leaks-reveal-organizational-structure-and-relationships}, language = {English}, urldate = {2022-03-25} } GOLD ULRICK Leaks Reveal Organizational Structure and Relationships
Conti Emotet IcedID TrickBot
2022-03-23SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220323:threat:84ad46c, author = {Counter Threat Unit ResearchTeam}, title = {{Threat Intelligence Executive Report Volume 2022, Number 2}}, date = {2022-03-23}, organization = {Secureworks}, url = {https://content.secureworks.com/-/media/Files/US/Reports/Monthly%20Threat%20Intelligence/Secureworks_ECO1_ThreatIntelligenceExecutiveReport2022Vol2.ashx}, language = {English}, urldate = {2022-03-25} } Threat Intelligence Executive Report Volume 2022, Number 2
Conti Emotet IcedID TrickBot
2022-03-08SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220308:excel:0f4e5c9, author = {Counter Threat Unit ResearchTeam}, title = {{Excel Add-ins Deliver JSSLoader Malware}}, date = {2022-03-08}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/excel-add-ins-deliver-jssloader-malware}, language = {English}, urldate = {2022-03-22} } Excel Add-ins Deliver JSSLoader Malware
JSSLoader
2022-03-02SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220302:domains:ae50314, author = {Counter Threat Unit ResearchTeam}, title = {{Domains Linked to Phishing Attacks Targeting Ukraine}}, date = {2022-03-02}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/domains-linked-to-phishing-attacks-targeting-ukraine}, language = {English}, urldate = {2022-03-22} } Domains Linked to Phishing Attacks Targeting Ukraine
2022-02-25SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220225:disruptive:d6c7b5d, author = {Counter Threat Unit ResearchTeam}, title = {{Disruptive HermeticWiper Attacks Targeting Ukrainian Organizations}}, date = {2022-02-25}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/disruptive-hermeticwiper-attacks-targeting-ukrainian-organizations}, language = {English}, urldate = {2022-03-01} } Disruptive HermeticWiper Attacks Targeting Ukrainian Organizations
HermeticWiper
2022-02-15SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220215:shadowpad:cd3fa10, author = {Counter Threat Unit ResearchTeam}, title = {{ShadowPad Malware Analysis}}, date = {2022-02-15}, organization = {Secureworks}, url = {https://www.secureworks.com/research/shadowpad-malware-analysis}, language = {English}, urldate = {2022-02-17} } ShadowPad Malware Analysis
ShadowPad
2022-01-25SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220125:ransoms:5ec60a6, author = {Counter Threat Unit ResearchTeam}, title = {{Ransoms Demanded for Hijacked Instagram Accounts}}, date = {2022-01-25}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/ransoms-demanded-for-hijacked-instagram-accounts}, language = {English}, urldate = {2022-01-28} } Ransoms Demanded for Hijacked Instagram Accounts
2022-01-21SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220121:disruptive:fff238c, author = {Counter Threat Unit ResearchTeam}, title = {{Disruptive Attacks in Ukraine Likely Linked to Escalating Tensions}}, date = {2022-01-21}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/disruptive-attacks-in-ukraine-likely-linked-to-escalating-tensions}, language = {English}, urldate = {2022-01-25} } Disruptive Attacks in Ukraine Likely Linked to Escalating Tensions
WhisperGate
2022-01-21SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220121:whispergate:bcdbf9d, author = {Counter Threat Unit ResearchTeam}, title = {{WhisperGate: Not NotPetya}}, date = {2022-01-21}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/whispergate-not-notpetya}, language = {English}, urldate = {2022-01-25} } WhisperGate: Not NotPetya
WhisperGate
2021-12-17SecureworksCounter Threat Unit ResearchTeam, Secureworks Incident Response Team
@online{researchteam:20211217:nopac:2dd9d15, author = {Counter Threat Unit ResearchTeam and Secureworks Incident Response Team}, title = {{noPac: A Tale of Two Vulnerabilities That Could End in Ransomware}}, date = {2021-12-17}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/nopac-a-tale-of-two-vulnerabilities-that-could-end-in-ransomware}, language = {English}, urldate = {2022-01-25} } noPac: A Tale of Two Vulnerabilities That Could End in Ransomware
2021-09-22SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20210922:revil:5b97baf, author = {Counter Threat Unit ResearchTeam}, title = {{REvil Ransomware Reemerges After Shutdown; Universal Decryptor Released}}, date = {2021-09-22}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/revil-ransomware-reemerges-after-shutdown-universal-decryptor-released}, language = {English}, urldate = {2021-09-28} } REvil Ransomware Reemerges After Shutdown; Universal Decryptor Released
REvil REvil