Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-11-23CybereasonCybereason Global SOC Team
@online{team:20221123:threat:17093cc, author = {Cybereason Global SOC Team}, title = {{THREAT ALERT: Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies}}, date = {2022-11-23}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-alert-aggressive-qakbot-campaign-and-the-black-basta-ransomware-group-targeting-u.s.-companies}, language = {English}, urldate = {2022-11-25} } THREAT ALERT: Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies
Black Basta QakBot
2022-11-21ZscalerSudeep Singh
@online{singh:20221121:black:9712dce, author = {Sudeep Singh}, title = {{Black Friday Alert: 4 Emerging Skimming Attacks to Watch for This Holiday Season}}, date = {2022-11-21}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/black-friday-scams-4-emerging-skimming-attacks-watch-holiday-season}, language = {English}, urldate = {2022-11-23} } Black Friday Alert: 4 Emerging Skimming Attacks to Watch for This Holiday Season
magecart
2022-11-09NetskopeGustavo Palazolo
@online{palazolo:20221109:blackcat:8205dee, author = {Gustavo Palazolo}, title = {{BlackCat Ransomware: Tactics and Techniques From a Targeted Attack}}, date = {2022-11-09}, organization = {Netskope}, url = {https://www.netskope.com/blog/blackcat-ransomware-tactics-and-techniques-from-a-targeted-attack}, language = {English}, urldate = {2022-11-18} } BlackCat Ransomware: Tactics and Techniques From a Targeted Attack
BlackCat ExMatter
2022-11-03SentinelOneSentinelLabs
@online{sentinellabs:20221103:black:0be02f3, author = {SentinelLabs}, title = {{Black Basta Ransomware | Attacks deploy Custom EDR Evasion Tools tied to FIN7 Threat Actor}}, date = {2022-11-03}, organization = {SentinelOne}, url = {https://assets.sentinelone.com/sentinellabs22/sentinellabs-blackbasta}, language = {English}, urldate = {2022-11-03} } Black Basta Ransomware | Attacks deploy Custom EDR Evasion Tools tied to FIN7 Threat Actor
Black Basta QakBot SocksBot
2022-11-03Sentinel LABSAntonio Cocomazzi
@online{cocomazzi:20221103:black:b0c2f05, author = {Antonio Cocomazzi}, title = {{Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor}}, date = {2022-11-03}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/}, language = {English}, urldate = {2022-11-15} } Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor
Black Basta
2022-10-31CynetMax Malyutin
@online{malyutin:20221031:orion:49e3b5c, author = {Max Malyutin}, title = {{Orion Threat Alert: Qakbot TTPs Arsenal and the Black Basta Ransomware}}, date = {2022-10-31}, organization = {Cynet}, url = {https://www.cynet.com/blog/orion-threat-alert-qakbot-ttps-arsenal-and-the-black-basta-ransomware/}, language = {English}, urldate = {2022-11-15} } Orion Threat Alert: Qakbot TTPs Arsenal and the Black Basta Ransomware
Black Basta Cobalt Strike QakBot
2022-10-23BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20221023:unattributed:b83a409, author = {The BlackBerry Research & Intelligence Team}, title = {{Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries}}, date = {2022-10-23}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/10/unattributed-romcom-threat-actor-spoofing-popular-apps-now-hits-ukrainian-militaries}, language = {English}, urldate = {2022-10-30} } Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries
ROMCOM RAT
2022-10-21SymantecThreat Hunter Team
@online{team:20221021:exbyte:f068ce7, author = {Threat Hunter Team}, title = {{Exbyte: BlackByte Ransomware Attackers Deploy New Exfiltration Tool}}, date = {2022-10-21}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/blackbyte-exbyte-ransomware}, language = {English}, urldate = {2022-11-09} } Exbyte: BlackByte Ransomware Attackers Deploy New Exfiltration Tool
ExByte
2022-10-13BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20221013:bianlian:76ad15a, author = {The BlackBerry Research & Intelligence Team}, title = {{BianLian Ransomware Encrypts Files in the Blink of an Eye}}, date = {2022-10-13}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/10/bianlian-ransomware-encrypts-files-in-the-blink-of-an-eye}, language = {English}, urldate = {2022-10-24} } BianLian Ransomware Encrypts Files in the Blink of an Eye
BianLian
2022-10-06BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20221006:mustang:a7e981c, author = {The BlackBerry Research & Intelligence Team}, title = {{Mustang Panda Abuses Legitimate Apps to Target Myanmar Based Victims}}, date = {2022-10-06}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/10/mustang-panda-abuses-legitimate-apps-to-target-myanmar-based-victims}, language = {English}, urldate = {2022-10-24} } Mustang Panda Abuses Legitimate Apps to Target Myanmar Based Victims
PlugX
2022-10-04SophosAndreas Klopsch
@online{klopsch:20221004:remove:a8a9121, author = {Andreas Klopsch}, title = {{Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse}}, date = {2022-10-04}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/10/04/blackbyte-ransomware-returns/}, language = {English}, urldate = {2022-10-24} } Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse
BlackByte
2022-09-29NTTNTT Security Holdings Corporation
@techreport{corporation:20220929:report:1615dab, author = {NTT Security Holdings Corporation}, title = {{Report on APT Attacks by BlackTech}}, date = {2022-09-29}, institution = {NTT}, url = {https://jp.security.ntt/resources/EN-BlackTech_2021.pdf}, language = {English}, urldate = {2022-09-30} } Report on APT Attacks by BlackTech
Bifrost PLEAD TSCookie Flagpro Gh0stTimes SelfMake Loader SPIDERPIG RAT
2022-09-28LumenBlack Lotus Labs
@online{labs:20220928:chaos:9918c3d, author = {Black Lotus Labs}, title = {{Chaos Is A Go-Based Swiss Army Knife Of Malware}}, date = {2022-09-28}, organization = {Lumen}, url = {https://blog.lumen.com/chaos-is-a-go-based-swiss-army-knife-of-malware/}, language = {English}, urldate = {2022-09-30} } Chaos Is A Go-Based Swiss Army Knife Of Malware
Chaos Kaiji
2022-09-27Github (blacklotuslabs)Black Lotus Labs
@online{labs:20220927:chaos:1389681, author = {Black Lotus Labs}, title = {{Chaos Is A Go-Based Swiss Army Knife Of Malware (IOCs)}}, date = {2022-09-27}, organization = {Github (blacklotuslabs)}, url = {https://github.com/blacklotuslabs/IOCs/blob/main/Chaos_IoCs.txt}, language = {English}, urldate = {2022-09-30} } Chaos Is A Go-Based Swiss Army Knife Of Malware (IOCs)
2022-09-24Cyber And Ramen blogMike R
@online{r:20220924:so:439a62f, author = {Mike R}, title = {{So Long (Go)Daddy | Tracking BlackTech Infrastructure}}, date = {2022-09-24}, organization = {Cyber And Ramen blog}, url = {https://cyberandramen.net/2022/09/24/so-long-godaddy-tracking-blacktech-infrastructure/}, language = {English}, urldate = {2022-09-30} } So Long (Go)Daddy | Tracking BlackTech Infrastructure
2022-09-22BroadcomSymantec Threat Hunter Team
@online{team:20220922:noberus:fc868b9, author = {Symantec Threat Hunter Team}, title = {{Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics}}, date = {2022-09-22}, organization = {Broadcom}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-ransomware-ttps}, language = {English}, urldate = {2022-09-26} } Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics
BlackCat BlackMatter DarkSide
2022-09-22Medium s2wlabYang HuiSeong, Jeong Hyunsik
@online{huiseong:20220922:quick:9184019, author = {Yang HuiSeong and Jeong Hyunsik}, title = {{Quick Overview of Leaked LockBit 3.0 (Black) builder program}}, date = {2022-09-22}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/quick-overview-of-leaked-lockbit-3-0-black-builder-program-880ae511d085}, language = {English}, urldate = {2022-10-24} } Quick Overview of Leaked LockBit 3.0 (Black) builder program
LockBit
2022-09-15JPCERT/CCShusei Tomonaga
@online{tomonaga:20220915:f5:717ee99, author = {Shusei Tomonaga}, title = {{F5 BIG-IP Vulnerability (CVE-2022-1388) Exploited by BlackTech}}, date = {2022-09-15}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2022/09/bigip-exploit.html}, language = {English}, urldate = {2022-09-19} } F5 BIG-IP Vulnerability (CVE-2022-1388) Exploited by BlackTech
Hipid
2022-09-07BlackberryAnuj Soni, Ryan Chapman
@online{soni:20220907:curious:80138f0, author = {Anuj Soni and Ryan Chapman}, title = {{The Curious Case of “Monti” Ransomware: A Real-World Doppelganger}}, date = {2022-09-07}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/09/the-curious-case-of-monti-ransomware-a-real-world-doppelganger}, language = {English}, urldate = {2022-09-10} } The Curious Case of “Monti” Ransomware: A Real-World Doppelganger
Conti MimiKatz Veeam Dumper
2022-09-06SecurityScorecardVlad Pasca
@online{pasca:20220906:ttps:e1c70ed, author = {Vlad Pasca}, title = {{TTPs Associated With a New Version of the BlackCat Ransomware}}, date = {2022-09-06}, organization = {SecurityScorecard}, url = {https://securityscorecard.com/blog/ttps-associated-with-new-version-of-blackcat-ransomware}, language = {English}, urldate = {2022-09-10} } TTPs Associated With a New Version of the BlackCat Ransomware
BlackCat