Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-10-19SymantecThreat Hunter Team
@online{team:20231019:crambus:9e0aec9, author = {Threat Hunter Team}, title = {{Crambus: New Campaign Targets Middle Eastern Government}}, date = {2023-10-19}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/crambus-middle-east-government}, language = {English}, urldate = {2023-10-20} } Crambus: New Campaign Targets Middle Eastern Government
Clipog
2023-10-10SymantecThreat Hunter Team
@online{team:20231010:grayling:ebc3b74, author = {Threat Hunter Team}, title = {{Grayling: Previously Unseen Threat Actor Targets Multiple Organizations in Taiwan}}, date = {2023-10-10}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayling-taiwan-cyber-attacks}, language = {English}, urldate = {2023-10-11} } Grayling: Previously Unseen Threat Actor Targets Multiple Organizations in Taiwan
Cobalt Strike Havoc MimiKatz Grayling
2023-08-22SymantecThreat Hunter Team
@online{team:20230822:carderbee:927bbd8, author = {Threat Hunter Team}, title = {{Carderbee: APT Group use Legit Software in Supply Chain Attack Targeting Orgs in Hong Kong}}, date = {2023-08-22}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/carderbee-software-supply-chain-certificate-abuse}, language = {English}, urldate = {2023-08-24} } Carderbee: APT Group use Legit Software in Supply Chain Attack Targeting Orgs in Hong Kong
PlugX Carderbee
2023-07-18SymantecThreat Hunter Team
@online{team:20230718:fin8:6850531, author = {Threat Hunter Team}, title = {{FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware}}, date = {2023-07-18}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/syssphinx-fin8-backdoor}, language = {English}, urldate = {2023-07-20} } FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware
BlackCat Unidentified 103 (FIN8)
2023-06-21SymantecThreat Hunter Team
@online{team:20230621:graphican:2379d97, author = {Threat Hunter Team}, title = {{Graphican: Flea Uses New Backdoor in Attacks Targeting Foreign Ministries}}, date = {2023-06-21}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/flea-backdoor-microsoft-graph-apt15}, language = {English}, urldate = {2023-09-08} } Graphican: Flea Uses New Backdoor in Attacks Targeting Foreign Ministries
Graphican
2023-06-15SymantecThreat Hunter Team
@online{team:20230615:shuckworm:041bcc8, author = {Threat Hunter Team}, title = {{Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine}}, date = {2023-06-15}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-russia-ukraine-military}, language = {English}, urldate = {2023-06-19} } Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine
Pteranodon
2023-05-15SymantecThreat Hunter Team
@online{team:20230515:lancefly:49fd53e, author = {Threat Hunter Team}, title = {{Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors}}, date = {2023-05-15}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lancefly-merdoor-zxshell-custom-backdoor}, language = {English}, urldate = {2023-05-26} } Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors
Merdoor PlugX ShadowPad ZXShell Lancefly
2023-04-21SymantecThreat Hunter Team
@online{team:20230421:xtrader:f5f0e26, author = {Threat Hunter Team}, title = {{X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe}}, date = {2023-04-21}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain}, language = {English}, urldate = {2023-05-26} } X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe
VEILEDSIGNAL
2023-04-20SymantecThreat Hunter Team
@online{team:20230420:daggerfly:48977fc, author = {Threat Hunter Team}, title = {{Daggerfly: APT Actor Targets Telecoms Company in Africa}}, date = {2023-04-20}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/apt-attacks-telecoms-africa-mgbot}, language = {English}, urldate = {2023-05-24} } Daggerfly: APT Actor Targets Telecoms Company in Africa
MgBot
2023-04-19SymantecThreat Hunter Team
@online{team:20230419:play:01359b7, author = {Threat Hunter Team}, title = {{Play Ransomware Group Using New Custom Data-Gathering Tools}}, date = {2023-04-19}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/play-ransomware-volume-shadow-copy}, language = {English}, urldate = {2023-07-31} } Play Ransomware Group Using New Custom Data-Gathering Tools
PLAY SystemBC
2023-04-04SymantecThreat Hunter Team
@online{team:20230404:mantis:dc4d88d, author = {Threat Hunter Team}, title = {{Mantis: New Tooling Used in Attacks Against Palestinian Targets}}, date = {2023-04-04}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mantis-palestinian-attacks}, language = {English}, urldate = {2023-04-25} } Mantis: New Tooling Used in Attacks Against Palestinian Targets
Arid Gopher Micropsia
2023-03-30SymantecThreat Hunter Team
@online{team:20230330:3cx:fb5b214, author = {Threat Hunter Team}, title = {{3CX: Supply Chain Attack Affects Thousands of Users Worldwide}}, date = {2023-03-30}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3cx-supply-chain-attack}, language = {English}, urldate = {2023-04-02} } 3CX: Supply Chain Attack Affects Thousands of Users Worldwide
3CX Backdoor IconicStealer
2023-02-23SymantecThreat Hunter Team
@online{team:20230223:clasiopa:de5bce2, author = {Threat Hunter Team}, title = {{Clasiopa: New Group Targets Materials Research}}, date = {2023-02-23}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/clasiopa-materials-research}, language = {English}, urldate = {2023-11-28} } Clasiopa: New Group Targets Materials Research
Atharvan Lilith
2023-02-22SymantecSymantec Threat Hunter Team
@online{team:20230222:hydrochasma:21d30af, author = {Symantec Threat Hunter Team}, title = {{Hydrochasma: Previously Unknown Group Targets Medical and Shipping Organizations in Asia}}, date = {2023-02-22}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/hydrochasma-asia-medical-shipping-intelligence-gathering}, language = {English}, urldate = {2023-10-05} } Hydrochasma: Previously Unknown Group Targets Medical and Shipping Organizations in Asia
Cobalt Strike
2023-02-08BroadcomThreat Hunter Team
@online{team:20230208:graphiron:64d8665, author = {Threat Hunter Team}, title = {{Graphiron: New Russian Information Stealing Malware Deployed Against Ukraine}}, date = {2023-02-08}, organization = {Broadcom}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer}, language = {English}, urldate = {2023-02-13} } Graphiron: New Russian Information Stealing Malware Deployed Against Ukraine
Graphiron SaintBear
2023-01-05SymantecThreat Hunter Team
@online{team:20230105:bluebottle:031223f, author = {Threat Hunter Team}, title = {{Bluebottle: Campaign Hits Banks in French-speaking Countries in Africa}}, date = {2023-01-05}, organization = {Symantec}, url = {http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa}, language = {English}, urldate = {2023-11-17} } Bluebottle: Campaign Hits Banks in French-speaking Countries in Africa
CloudEyE Cobalt Strike MimiKatz NetWire RC POORTRY Quasar RAT
2022-11-15SymantecThreat Hunter Team
@online{team:20221115:billbug:f11d48d, author = {Threat Hunter Team}, title = {{Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries}}, date = {2022-11-15}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-asia-governments-cert-authority}, language = {English}, urldate = {2022-11-15} } Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries
Sagerunex
2022-10-21SymantecThreat Hunter Team
@online{team:20221021:exbyte:f068ce7, author = {Threat Hunter Team}, title = {{Exbyte: BlackByte Ransomware Attackers Deploy New Exfiltration Tool}}, date = {2022-10-21}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/blackbyte-exbyte-ransomware}, language = {English}, urldate = {2022-11-09} } Exbyte: BlackByte Ransomware Attackers Deploy New Exfiltration Tool
ExByte
2022-09-29SymantecThreat Hunter Team
@online{team:20220929:witchetty:628f1c4, author = {Threat Hunter Team}, title = {{Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East}}, date = {2022-09-29}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/witchetty-steganography-espionage}, language = {English}, urldate = {2022-09-30} } Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East
CHINACHOPPER Lookback MimiKatz PlugX Unidentified 096 (Keylogger) x4 Witchetty
2022-09-22BroadcomSymantec Threat Hunter Team
@online{team:20220922:noberus:fc868b9, author = {Symantec Threat Hunter Team}, title = {{Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics}}, date = {2022-09-22}, organization = {Broadcom}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-ransomware-ttps}, language = {English}, urldate = {2022-09-26} } Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics
BlackCat BlackMatter DarkSide