Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-03-01ProofpointMichael Raggi, Zydeca Cass, Proofpoint Threat Research Team
@online{raggi:20220301:asylum:27cfa43, author = {Michael Raggi and Zydeca Cass and Proofpoint Threat Research Team}, title = {{Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement}}, date = {2022-03-01}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails}, language = {English}, urldate = {2022-03-10} } Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement
SunSeed
2022-02-15ProofpointSelena Larson, Joe Wise
@online{larson:20220215:charting:0205206, author = {Selena Larson and Joe Wise}, title = {{Charting TA2541's Flight}}, date = {2022-02-15}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight}, language = {English}, urldate = {2022-02-16} } Charting TA2541's Flight
AsyncRAT TA2541
2022-02-08ProofpointKonstantin Klinger, Joshua Miller, Georgi Mladenov
@online{klinger:20220208:ugg:dc05453, author = {Konstantin Klinger and Joshua Miller and Georgi Mladenov}, title = {{Ugg Boots 4 Sale: A Tale of Palestinian-Aligned Espionage}}, date = {2022-02-08}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/ugg-boots-4-sale-tale-palestinian-aligned-espionage}, language = {English}, urldate = {2022-02-09} } Ugg Boots 4 Sale: A Tale of Palestinian-Aligned Espionage
BrittleBush NimbleMamba
2022-01-24ProofpointProofpoint
@online{proofpoint:20220124:dtpacker:6d34c1b, author = {Proofpoint}, title = {{DTPacker – a .NET Packer with a Curious Password}}, date = {2022-01-24}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/dtpacker-net-packer-curious-password-1}, language = {English}, urldate = {2022-01-25} } DTPacker – a .NET Packer with a Curious Password
Agent Tesla
2021-12-07ProofpointSelena Larson, Jake G
@online{larson:20211207:university:1fd4da4, author = {Selena Larson and Jake G}, title = {{University Targeted Credential Phishing Campaigns Use COVID-19, Omicron Themes}}, date = {2021-12-07}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/university-targeted-credential-phishing-campaigns-use-covid-19-omicron-themes}, language = {English}, urldate = {2021-12-08} } University Targeted Credential Phishing Campaigns Use COVID-19, Omicron Themes
2021-12-01ProofpointMichael Raggi
@online{raggi:20211201:injection:75b61f9, author = {Michael Raggi}, title = {{Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors}}, date = {2021-12-01}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/injection-new-black-novel-rtf-template-inject-technique-poised-widespread}, language = {English}, urldate = {2021-12-06} } Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors
2021-11-18ProofpointDarien Huss, Selena Larson
@techreport{huss:20211118:triple:dd07fa8, author = {Darien Huss and Selena Larson}, title = {{Triple Threat: North Korea-Aligned TA406 Steals, Scams and Spies}}, date = {2021-11-18}, institution = {Proofpoint}, url = {https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-threat-insight-paper-triple-threat-N-Korea-aligned-TA406-steals-scams-spies.pdf}, language = {English}, urldate = {2021-12-15} } Triple Threat: North Korea-Aligned TA406 Steals, Scams and Spies
YoreKey
2021-11-18ProofpointDarien Huss, Selena Larson
@online{huss:20211118:triple:62c1c14, author = {Darien Huss and Selena Larson}, title = {{Triple Threat: North Korea-Aligned TA406 Scams, Spies, and Steals}}, date = {2021-11-18}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/triple-threat-north-korea-aligned-ta406-scams-spies-and-steals}, language = {English}, urldate = {2021-12-15} } Triple Threat: North Korea-Aligned TA406 Scams, Spies, and Steals
YoreKey
2021-11-04ProofpointSelena Larson, Sam Scholten, Timothy Kromphardt
@online{larson:20211104:caught:a80a9f0, author = {Selena Larson and Sam Scholten and Timothy Kromphardt}, title = {{Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery}}, date = {2021-11-04}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/caught-beneath-landline-411-telephone-oriented-attack-delivery}, language = {English}, urldate = {2021-11-08} } Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery
2021-10-28ProofpointAxel F, Selena Larson
@online{f:20211028:ta575:c1cfdd7, author = {Axel F and Selena Larson}, title = {{TA575 Uses ‘Squid Game’ Lures to Distribute Dridex malware}}, date = {2021-10-28}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/ta575-uses-squid-game-lures-distribute-dridex-malware}, language = {English}, urldate = {2021-11-03} } TA575 Uses ‘Squid Game’ Lures to Distribute Dridex malware
DoppelDridex
2021-10-27ProofpointSelena Larson, Joe Wise
@online{larson:20211027:new:0d80a57, author = {Selena Larson and Joe Wise}, title = {{New Threat Actor Spoofs Philippine Government, COVID-19 Health Data in Widespread RAT Campaigns}}, date = {2021-10-27}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/new-threat-actor-spoofs-philippine-government-covid-19-health-data-widespread}, language = {English}, urldate = {2021-11-03} } New Threat Actor Spoofs Philippine Government, COVID-19 Health Data in Widespread RAT Campaigns
Nanocore RAT Remcos
2021-10-20ProofpointBryan Campbell, Proofpoint Threat Insight Team
@online{campbell:20211020:ta551:aa5f9d9, author = {Bryan Campbell and Proofpoint Threat Insight Team}, title = {{TA551 Uses ‘SLIVER’ Red Team Tool in New Activity}}, date = {2021-10-20}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/security-briefs/ta551-uses-sliver-red-team-tool-new-activity}, language = {English}, urldate = {2021-10-26} } TA551 Uses ‘SLIVER’ Red Team Tool in New Activity
2021-10-19ProofpointZydeca Cass, Axel F, Crista Giering, Matthew Mesa, Georgi Mladenov, Brandon Murphy
@online{cass:20211019:whatta:4d969e1, author = {Zydeca Cass and Axel F and Crista Giering and Matthew Mesa and Georgi Mladenov and Brandon Murphy}, title = {{Whatta TA: TA505 Ramps Up Activity, Delivers New FlawedGrace Variant}}, date = {2021-10-19}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant}, language = {English}, urldate = {2021-10-24} } Whatta TA: TA505 Ramps Up Activity, Delivers New FlawedGrace Variant
FlawedGrace MirrorBlast
2021-10-04ProofpointFelipe Naves, Adam McNeil, Andrew Conway
@online{naves:20211004:mobile:e0f89e7, author = {Felipe Naves and Adam McNeil and Andrew Conway}, title = {{Mobile Malware: TangleBot Untangled}}, date = {2021-10-04}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/mobile-malware-tanglebot-untangled}, language = {English}, urldate = {2021-10-24} } Mobile Malware: TangleBot Untangled
TangleBot
2021-09-29ProofpointSelena Larson, Proofpoint Staff
@online{larson:20210929:ta544:ab2f0d3, author = {Selena Larson and Proofpoint Staff}, title = {{TA544 Targets Italian Organizations with Ursnif Malware}}, date = {2021-09-29}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/security-briefs/ta544-targets-italian-organizations-ursnif-malware}, language = {English}, urldate = {2021-10-11} } TA544 Targets Italian Organizations with Ursnif Malware
ISFB
2021-09-24ProofpointProofpoint
@online{proofpoint:20210924:daily:403b8bd, author = {Proofpoint}, title = {{Daily Ruleset Update Summary 2021/09/24}}, date = {2021-09-24}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/daily-ruleset-update-summary-20210924}, language = {English}, urldate = {2021-10-05} } Daily Ruleset Update Summary 2021/09/24
MirrorBlast
2021-09-08ProofpointDavide Canali, Crista Giering, Tim Kromphardt, Sam Scholten
@online{davidecanali:20210908:advance:4742243, author = {Davide Canali and Crista Giering and Tim Kromphardt and Sam Scholten}, title = {{Advance Fee Fraud: The Emergence of Elaborate Crypto Schemes}}, date = {2021-09-08}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/advance-fee-fraud-emergence-elaborate-crypto-schemes}, language = {English}, urldate = {2021-09-14} } Advance Fee Fraud: The Emergence of Elaborate Crypto Schemes
2021-07-28ProofpointJoshua Miller, Michael Raggi, Crista Giering
@online{miller:20210728:i:23e9aad, author = {Joshua Miller and Michael Raggi and Crista Giering}, title = {{I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona}}, date = {2021-07-28}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/i-knew-you-were-trouble-ta456-targets-defense-contractor-alluring-social-media}, language = {English}, urldate = {2021-07-29} } I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona
Liderc SysKit
2021-07-19ProofpointJoe Wise, Konstantin Klinger, Selena Larson, Proofpoint Threat Research Team
@online{wise:20210719:new:cb02a85, author = {Joe Wise and Konstantin Klinger and Selena Larson and Proofpoint Threat Research Team}, title = {{New Threat Actor Uses Spanish Language Lures to Distribute Seldom Observed Bandook Malware}}, date = {2021-07-19}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/new-threat-actor-uses-spanish-language-lures-distribute-seldom-observed-bandook}, language = {English}, urldate = {2021-07-26} } New Threat Actor Uses Spanish Language Lures to Distribute Seldom Observed Bandook Malware
Bandook
2021-07-12ProofpointJoshua Miller, Crista Giering, Threat Research Team
@online{miller:20210712:operation:c819876, author = {Joshua Miller and Crista Giering and Threat Research Team}, title = {{Operation SpoofedScholars: A Conversation with TA453}}, date = {2021-07-12}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/operation-spoofedscholars-conversation-ta453}, language = {English}, urldate = {2021-07-20} } Operation SpoofedScholars: A Conversation with TA453