Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-16BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20210916:threat:ae9400e, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: NetWire RAT is Coming Down the Line}}, date = {2021-09-16}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/09/threat-thursday-netwire-rat-is-coming-down-the-line}, language = {English}, urldate = {2021-09-19} } Threat Thursday: NetWire RAT is Coming Down the Line
NetWire RC
2021-09-15MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20210915:analyzing:37b6528, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability}}, date = {2021-09-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/}, language = {English}, urldate = {2021-09-19} } Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability
Cobalt Strike
2021-09-14CrowdStrikeCrowdStrike Intelligence Team
@online{team:20210914:big:b345561, author = {CrowdStrike Intelligence Team}, title = {{Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack}}, date = {2021-09-14}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-big-game-hunting-ttps-shifted-after-darkside-pipeline-attack/}, language = {English}, urldate = {2021-09-19} } Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack
BlackMatter DarkSide REvil Avaddon BlackMatter Clop Conti CryptoLocker DarkSide DoppelPaymer Hades REvil
2021-09-09BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20210909:threat:79cd668, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: Get Your Paws Off My Data, Raccoon Infostealer}}, date = {2021-09-09}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/09/threat-thursday-raccoon-infostealer}, language = {English}, urldate = {2021-09-19} } Threat Thursday: Get Your Paws Off My Data, Raccoon Infostealer
Raccoon
2021-09-01Medium s2wlabS2W LAB INTELLIGENCE TEAM, Denise Dasom Kim, Jungyeon Lim, Yeonghyeon Jeong, Sujin Lim, Chaewon Moon
@online{team:20210901:blackmatter:6a2a025, author = {S2W LAB INTELLIGENCE TEAM and Denise Dasom Kim and Jungyeon Lim and Yeonghyeon Jeong and Sujin Lim and Chaewon Moon}, title = {{BlackMatter x Babuk : Using the same web server for sharing leaked files}}, date = {2021-09-01}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/blackmatter-x-babuk-using-the-same-web-server-for-sharing-leaked-files-d01c20a74751}, language = {English}, urldate = {2021-09-06} } BlackMatter x Babuk : Using the same web server for sharing leaked files
Babuk BlackMatter Babuk BlackMatter
2021-08-26MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210826:widespread:16ba3cc, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Widespread credential phishing campaign abuses open redirector links}}, date = {2021-08-26}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/}, language = {English}, urldate = {2021-08-31} } Widespread credential phishing campaign abuses open redirector links
2021-08-19BlackberryBlackBerry Research & Intelligence Team
@online{team:20210819:blackberry:2eec433, author = {BlackBerry Research & Intelligence Team}, title = {{BlackBerry Prevents: Threat Actor Group TA575 and Dridex Malware}}, date = {2021-08-19}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/08/blackberry-prevents-threat-actor-group-ta575-and-dridex-malware}, language = {English}, urldate = {2021-08-23} } BlackBerry Prevents: Threat Actor Group TA575 and Dridex Malware
Cobalt Strike Dridex
2021-08-12BlackberryBlackBerry Research & Intelligence Team
@online{team:20210812:threat:254ba6c, author = {BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: Ficker Infostealer Malware}}, date = {2021-08-12}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/08/threat-thursday-ficker-infostealer-malware}, language = {English}, urldate = {2021-08-17} } Threat Thursday: Ficker Infostealer Malware
Ficker Stealer
2021-08-04CrowdStrikeFalcon OverWatch Team, CrowdStrike Intelligence Team, CrowdStrike IR
@online{team:20210804:prophet:e6e6a99, author = {Falcon OverWatch Team and CrowdStrike Intelligence Team and CrowdStrike IR}, title = {{PROPHET SPIDER Exploits Oracle WebLogic to Facilitate Ransomware Activity}}, date = {2021-08-04}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/prophet-spider-exploits-oracle-weblogic-to-facilitate-ransomware-activity/}, language = {English}, urldate = {2021-09-02} } PROPHET SPIDER Exploits Oracle WebLogic to Facilitate Ransomware Activity
Cobalt Strike Egregor Mount Locker
2021-07-29MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210729:bazacall:8d79cdf, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{BazaCall: Phony call centers lead to exfiltration and ransomware}}, date = {2021-07-29}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/07/29/bazacall-phony-call-centers-lead-to-exfiltration-and-ransomware/}, language = {English}, urldate = {2021-08-02} } BazaCall: Phony call centers lead to exfiltration and ransomware
BazarBackdoor Cobalt Strike
2021-07-29MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210729:when:5d75299, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks}}, date = {2021-07-29}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/07/29/when-coin-miners-evolve-part-2-hunting-down-lemonduck-and-lemoncat-attacks/}, language = {English}, urldate = {2021-08-02} } When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks
2021-07-27BlackberryBlackBerry Research & Intelligence Team
@techreport{team:20210727:old:3060d53, author = {BlackBerry Research & Intelligence Team}, title = {{Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages}}, date = {2021-07-27}, institution = {Blackberry}, url = {https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-old-dogs-new-tricks.pdf}, language = {English}, urldate = {2021-07-27} } Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages
elf.wellmess ElectroRAT BazarNimrod Buer Cobalt Strike Remcos Snake TeleBot WellMess Zebrocy
2021-07-22MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210722:when:d734e91, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure}}, date = {2021-07-22}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/}, language = {English}, urldate = {2021-07-22} } When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure
2021-07-08BlackberryThe BlackBerry Research and Intelligence Team
@online{team:20210708:threat:c31cba6, author = {The BlackBerry Research and Intelligence Team}, title = {{Threat Thursday: Redline Infostealer}}, date = {2021-07-08}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/07/threat-thursday-redline-infostealer}, language = {English}, urldate = {2021-07-19} } Threat Thursday: Redline Infostealer
RedLine Stealer
2021-07-08Avast DecodedThreat Intelligence Team
@online{team:20210708:decoding:04acb98, author = {Threat Intelligence Team}, title = {{Decoding Cobalt Strike: Understanding Payloads}}, date = {2021-07-08}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatintel/decoding-cobalt-strike-understanding-payloads/}, language = {English}, urldate = {2021-07-08} } Decoding Cobalt Strike: Understanding Payloads
Cobalt Strike Empire Downloader
2021-07-05S2W LAB Inc.S2W LAB INTELLIGENCE TEAM
@online{team:20210705:kaseya:a209d79, author = {S2W LAB INTELLIGENCE TEAM}, title = {{Kaseya supply chain attack delivers mass ransomware}}, date = {2021-07-05}, organization = {S2W LAB Inc.}, url = {https://drive.google.com/file/d/1ph1E0onZ7TiNyG87k4WjofCKNuCafMLk/view}, language = {Korean}, urldate = {2021-07-09} } Kaseya supply chain attack delivers mass ransomware
REvil
2021-06-24BlackberryThe BlackBerry Research and Intelligence Team
@online{team:20210624:threat:54b5162, author = {The BlackBerry Research and Intelligence Team}, title = {{Threat Thursday: Agent Tesla Infostealer}}, date = {2021-06-24}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/06/threat-thursday-agent-tesla-infostealer-malware}, language = {English}, urldate = {2021-07-02} } Threat Thursday: Agent Tesla Infostealer
Agent Tesla
2021-06-23BlackberryBlackBerry Research and Intelligence team
@online{team:20210623:pysa:ab64a25, author = {BlackBerry Research and Intelligence team}, title = {{PYSA Loves ChaChi: a New GoLang RAT}}, date = {2021-06-23}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/06/pysa-loves-chachi-a-new-golang-rat}, language = {English}, urldate = {2021-06-24} } PYSA Loves ChaChi: a New GoLang RAT
Mespinoza
2021-06-10McAfeeATR Operational Intelligence Team
@online{team:20210610:are:14ab8d0, author = {ATR Operational Intelligence Team}, title = {{Are Virtual Machines the New Gold for Cyber Criminals?}}, date = {2021-06-10}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/are-virtual-machines-the-new-gold-for-cyber-criminals/}, language = {English}, urldate = {2021-06-21} } Are Virtual Machines the New Gold for Cyber Criminals?
Babuk DarkSide
2021-06-01MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20210601:new:83aee4c, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{New sophisticated email-based attack from NOBELIUM}}, date = {2021-06-01}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/}, language = {English}, urldate = {2021-06-09} } New sophisticated email-based attack from NOBELIUM
Cobalt Strike