Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-08-05SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20210805:detecting:235fe13, author = {Counter Threat Unit ResearchTeam}, title = {{Detecting Cobalt Strike: Government-Sponsored Threat Groups (APT32)}}, date = {2021-08-05}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/detecting-cobalt-strike-government-sponsored-threat-groups}, language = {English}, urldate = {2021-08-06} } Detecting Cobalt Strike: Government-Sponsored Threat Groups (APT32)
Cobalt Strike
2021-08-04SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20210804:detecting:b379acb, author = {Counter Threat Unit ResearchTeam}, title = {{Detecting Cobalt Strike: Cybercrime Attacks (GOLD LAGOON)}}, date = {2021-08-04}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/detecting-cobalt-strike-cybercrime-attacks}, language = {English}, urldate = {2021-08-06} } Detecting Cobalt Strike: Cybercrime Attacks (GOLD LAGOON)
Cobalt Strike
2021-07-20SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20210720:ongoing:1e6dbd0, author = {Counter Threat Unit ResearchTeam}, title = {{Ongoing Campaign Leveraging Exchange Vulnerability Potentially Linked to Iran}}, date = {2021-07-20}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/ongoing-campaign-leveraging-exchange-vulnerability-potentially-linked-to-iran}, language = {English}, urldate = {2021-07-26} } Ongoing Campaign Leveraging Exchange Vulnerability Potentially Linked to Iran
CHINACHOPPER MimiKatz RGDoor
2021-06-22SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20210622:lv:a58b99f, author = {Counter Threat Unit ResearchTeam}, title = {{LV Ransomware}}, date = {2021-06-22}, organization = {Secureworks}, url = {https://www.secureworks.com/research/lv-ransomware}, language = {English}, urldate = {2021-06-23} } LV Ransomware
REvil
2021-06-15SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20210615:hades:e1734d8, author = {Counter Threat Unit ResearchTeam}, title = {{Hades Ransomware Operators Use Distinctive Tactics and Infrastructure}}, date = {2021-06-15}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/hades-ransomware-operators-use-distinctive-tactics-and-infrastructure}, language = {English}, urldate = {2021-06-21} } Hades Ransomware Operators Use Distinctive Tactics and Infrastructure
Cobalt Strike Hades
2021-06-03SecureworksSecureworks Adversary Group, Counter Threat Unit ResearchTeam
@online{group:20210603:oauths:50516b7, author = {Secureworks Adversary Group and Counter Threat Unit ResearchTeam}, title = {{OAuth’s Device Code Flow Abused in Phishing Attacks}}, date = {2021-06-03}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/oauths-device-code-flow-abused-in-phishing-attacks}, language = {English}, urldate = {2021-06-22} } OAuth’s Device Code Flow Abused in Phishing Attacks
2021-05-13SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20210513:ransomware:1c6898a, author = {Counter Threat Unit ResearchTeam}, title = {{Ransomware Groups Use Tor-Based Backdoor for Persistent Access}}, date = {2021-05-13}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/ransomware-groups-use-tor-based-backdoor-for-persistent-access}, language = {English}, urldate = {2021-05-26} } Ransomware Groups Use Tor-Based Backdoor for Persistent Access
DarkSide Snatch GOLD WATERFALL
2021-03-08SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20210308:supernova:c12f8f7, author = {Counter Threat Unit ResearchTeam}, title = {{SUPERNOVA Web Shell Deployment Linked to SPIRAL Threat Group}}, date = {2021-03-08}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/supernova-web-shell-deployment-linked-to-spiral-threat-group}, language = {English}, urldate = {2021-03-10} } SUPERNOVA Web Shell Deployment Linked to SPIRAL Threat Group
SUPERNOVA BRONZE SPIRAL
2020-06-24Counter Threat Unit ResearchTeam
@online{researchteam:20200624:bronze:62b58ff, author = {Counter Threat Unit ResearchTeam}, title = {{BRONZE VINEWOOD Targets Supply Chains}}, date = {2020-06-24}, url = {https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains}, language = {English}, urldate = {2020-06-26} } BRONZE VINEWOOD Targets Supply Chains
MimiKatz Trochilus RAT APT31
2020-06-24SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20200624:dropboxaes:0d0c7be, author = {Counter Threat Unit ResearchTeam}, title = {{DropboxAES Remote Access Trojan}}, date = {2020-06-24}, organization = {Secureworks}, url = {https://www.secureworks.com/research/dropboxaes-remote-access-trojan}, language = {English}, urldate = {2020-08-18} } DropboxAES Remote Access Trojan
2020-06-24SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20200624:bronze:a4d2ead, author = {Counter Threat Unit ResearchTeam}, title = {{BRONZE VINEWOOD Uses HanaLoader to Target Government Supply Chain}}, date = {2020-06-24}, organization = {Secureworks}, url = {https://www.secureworks.com/research/bronz-vinewood-uses-hanaloader-to-target-government-supply-chain}, language = {English}, urldate = {2020-06-26} } BRONZE VINEWOOD Uses HanaLoader to Target Government Supply Chain
APT31
2020-04-08SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20200408:how:192d583, author = {Counter Threat Unit ResearchTeam}, title = {{How Cyber Adversaries are Adapting to Exploit the Global Pandemic}}, date = {2020-04-08}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/how-cyber-adversaries-are-adapting-to-exploit-the-global-pandemic}, language = {English}, urldate = {2021-05-28} } How Cyber Adversaries are Adapting to Exploit the Global Pandemic
GOLD SOUTHFIELD TA2101 TA505 WIZARD SPIDER
2020-02-26SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20200226:business:22f0dba, author = {Counter Threat Unit ResearchTeam}, title = {{Business as Usual For Iranian Operations Despite Increased Tensions}}, date = {2020-02-26}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/business-as-usual-for-iranian-operations-despite-increased-tensions}, language = {English}, urldate = {2020-11-19} } Business as Usual For Iranian Operations Despite Increased Tensions
2018-09-27SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20180927:cybercriminals:a7f1c24, author = {Counter Threat Unit ResearchTeam}, title = {{Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish}}, date = {2018-09-27}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/cybercriminals-increasingly-trying-to-ensnare-the-big-financial-fish}, language = {English}, urldate = {2020-01-08} } Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish
More_eggs Cobalt
2018-04-18SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20180418:gold:c342756, author = {Counter Threat Unit ResearchTeam}, title = {{GOLD GALLEON: How a Nigerian Cyber Crew Plunders the Shipping Industry}}, date = {2018-04-18}, organization = {Secureworks}, url = {https://www.secureworks.com/research/gold-galleon-how-a-nigerian-cyber-crew-plunders-the-shipping-industry}, language = {English}, urldate = {2021-06-01} } GOLD GALLEON: How a Nigerian Cyber Crew Plunders the Shipping Industry
Agent Tesla HawkEye Keylogger Pony GOLD GALLEON
2018-02-15SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20180215:samsam:bd6d65d, author = {Counter Threat Unit ResearchTeam}, title = {{SamSam Ransomware Campaigns}}, date = {2018-02-15}, organization = {Secureworks}, url = {https://www.secureworks.com/research/samsam-ransomware-campaigns}, language = {English}, urldate = {2021-05-28} } SamSam Ransomware Campaigns
MimiKatz reGeorg SamSam BOSS SPIDER
2018-02-15SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20180215:samsam:cb3f804, author = {Counter Threat Unit ResearchTeam}, title = {{SamSam: Converting Opportunity into Profit}}, date = {2018-02-15}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/samsam-converting-opportunity-into-profit}, language = {English}, urldate = {2021-05-28} } SamSam: Converting Opportunity into Profit
SamSam BOSS SPIDER
2017-05-15SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20170515:evolution:d0e74ea, author = {Counter Threat Unit ResearchTeam}, title = {{Evolution of the GOLD EVERGREEN Threat Group}}, date = {2017-05-15}, organization = {Secureworks}, url = {https://www.secureworks.com/research/evolution-of-the-gold-evergreen-threat-group}, language = {English}, urldate = {2021-05-28} } Evolution of the GOLD EVERGREEN Threat Group
CryptoLocker Dridex Dyre Gameover P2P Murofet TrickBot Zeus GOLD EVERGREEN
2016-03-30SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20160330:ransomware:d1b6fe3, author = {Counter Threat Unit ResearchTeam}, title = {{Ransomware Deployed by Adversary with Established Foothold}}, date = {2016-03-30}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/ransomware-deployed-by-adversary}, language = {English}, urldate = {2021-05-28} } Ransomware Deployed by Adversary with Established Foothold
MimiKatz reGeorg SamSam BOSS SPIDER
2014-02-14SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20140214:analysis:0417082, author = {Counter Threat Unit ResearchTeam}, title = {{Analysis of DHS NCCIC Indicators}}, date = {2014-02-14}, organization = {Secureworks}, url = {https://www.secureworks.com/research/analysis-of-dhs-nccic-indicators}, language = {English}, urldate = {2020-05-26} } Analysis of DHS NCCIC Indicators
jspRAT BeepService DDKeylogger LinseningSvr ONHAT SimpleFileMover ZiyangRAT