Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-04-11Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20220411:snow:b930f42, author = {Red Raindrop Team}, title = {{Snow Abuse: Analysis of the Suspected Lazarus Attack Activities against South Korean Companies}}, date = {2022-04-11}, organization = {Qianxin Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/kcIaoB8Yta1zI6Py-uxupA}, language = {Chinese}, urldate = {2022-05-04} } Snow Abuse: Analysis of the Suspected Lazarus Attack Activities against South Korean Companies
2022-04-05eSentireeSentire Threat Response Unit (TRU)
@online{tru:20220405:esentire:b691a78, author = {eSentire Threat Response Unit (TRU)}, title = {{eSentire Threat Intelligence Malware Analysis: DoubleZero}}, date = {2022-04-05}, organization = {eSentire}, url = {https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-doublezero}, language = {English}, urldate = {2022-05-23} } eSentire Threat Intelligence Malware Analysis: DoubleZero
DoubleZero
2022-04-05eSentireeSentire Threat Response Unit (TRU)
@online{tru:20220405:esentire:93d09ff, author = {eSentire Threat Response Unit (TRU)}, title = {{eSentire Threat Intelligence Malware Analysis: HeaderTip}}, date = {2022-04-05}, organization = {eSentire}, url = {https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-headertip}, language = {English}, urldate = {2022-05-23} } eSentire Threat Intelligence Malware Analysis: HeaderTip
HeaderTip
2022-04-02institute for advanced threats360 Threat Intelligence Center
@online{center:20220402:waves:5aa4f65, author = {360 Threat Intelligence Center}, title = {{WAVES LURKING IN THE CALM OF THE WIND AND WAVES: A DYNAMIC ANALYSIS OF THE ATTACK ACTIVITIES OF THE APT-C-00 (SEALOTUS) ORGANIZATION}}, date = {2022-04-02}, organization = {institute for advanced threats}, url = {https://mp.weixin.qq.com/s/tBQSbv55lJUipaPWFr1fKw}, language = {Chinese}, urldate = {2022-04-05} } WAVES LURKING IN THE CALM OF THE WIND AND WAVES: A DYNAMIC ANALYSIS OF THE ATTACK ACTIVITIES OF THE APT-C-00 (SEALOTUS) ORGANIZATION
2022-03-31eSentireeSentire Threat Response Unit (TRU)
@online{tru:20220331:esentire:287e4dd, author = {eSentire Threat Response Unit (TRU)}, title = {{eSentire Threat Intelligence Malware Analysis: CaddyWiper}}, date = {2022-03-31}, organization = {eSentire}, url = {https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-caddywiper}, language = {English}, urldate = {2022-05-23} } eSentire Threat Intelligence Malware Analysis: CaddyWiper
CaddyWiper
2022-03-28AvastThreat Intelligence Team
@online{team:20220328:avast:03620fb, author = {Threat Intelligence Team}, title = {{Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool}}, date = {2022-03-28}, organization = {Avast}, url = {https://decoded.avast.io/threatintel/avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool/}, language = {English}, urldate = {2022-04-05} } Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool
Unidentified 091
2022-03-23SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220323:threat:84ad46c, author = {Counter Threat Unit ResearchTeam}, title = {{Threat Intelligence Executive Report Volume 2022, Number 2}}, date = {2022-03-23}, organization = {Secureworks}, url = {https://content.secureworks.com/-/media/Files/US/Reports/Monthly%20Threat%20Intelligence/Secureworks_ECO1_ThreatIntelligenceExecutiveReport2022Vol2.ashx}, language = {English}, urldate = {2022-03-25} } Threat Intelligence Executive Report Volume 2022, Number 2
Conti Emotet IcedID TrickBot
2022-03-22MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Detection and Response Team (DART), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20220322:dev0537:eea56dc, author = {Microsoft Threat Intelligence Center (MSTIC) and Detection and Response Team (DART) and Microsoft 365 Defender Threat Intelligence Team}, title = {{DEV-0537 (LAPSUS$/UNC3661) criminal actor targeting organizations for data exfiltration and destruction}}, date = {2022-03-22}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/}, language = {English}, urldate = {2022-04-29} } DEV-0537 (LAPSUS$/UNC3661) criminal actor targeting organizations for data exfiltration and destruction
RedLine Stealer LAPSUS
2022-03-21eSentireeSentire
@online{esentire:20220321:esentire:d07192a, author = {eSentire}, title = {{eSentire Threat Intelligence Malware Analysis: HermeticWiper & PartyTicket}}, date = {2022-03-21}, organization = {eSentire}, url = {https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-hermeticwiper-partyticket}, language = {English}, urldate = {2022-03-25} } eSentire Threat Intelligence Malware Analysis: HermeticWiper & PartyTicket
HermeticWiper PartyTicket
2022-03-18MalwarebytesThreat Intelligence Team
@online{team:20220318:double:fde615f, author = {Threat Intelligence Team}, title = {{Double header: IsaacWiper and CaddyWiper}}, date = {2022-03-18}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/03/double-header-isaacwiper-and-caddywiper/}, language = {English}, urldate = {2022-03-28} } Double header: IsaacWiper and CaddyWiper
CaddyWiper IsaacWiper
2022-03-17SophosTilly Travers
@online{travers:20220317:ransomware:df38f2f, author = {Tilly Travers}, title = {{The Ransomware Threat Intelligence Center}}, date = {2022-03-17}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/}, language = {English}, urldate = {2022-03-18} } The Ransomware Threat Intelligence Center
ATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry Dharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker Ragnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker
2022-03-16MicrosoftMicrosoft Defender for IoT Research Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20220316:uncovering:aae61b5, author = {Microsoft Defender for IoT Research Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure}}, date = {2022-03-16}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/03/16/uncovering-trickbots-use-of-iot-devices-in-command-and-control-infrastructure/}, language = {English}, urldate = {2022-03-17} } Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
TrickBot
2022-03-04MalwarebytesMalwarebytes Threat Intelligence
@online{intelligence:20220304:hermeticwiper:ba69b2a, author = {Malwarebytes Threat Intelligence}, title = {{HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine}}, date = {2022-03-04}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/}, language = {English}, urldate = {2022-03-04} } HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine
HermeticWiper
2022-02-23Weixin360 Threat Intelligence Center
@online{center:20220223:aptc58:fb10a0a, author = {360 Threat Intelligence Center}, title = {{APT-C-58 (Gorgon Group) attack warning}}, date = {2022-02-23}, organization = {Weixin}, url = {https://mp.weixin.qq.com/s/X0kAIHOSldiFDthb4IsmbQ}, language = {Chinese}, urldate = {2022-03-01} } APT-C-58 (Gorgon Group) attack warning
Agent Tesla
2022-02-23Twitter (@threatintel)Symantec Threat Intelligence
@online{intelligence:20220223:new:7beccbc, author = {Symantec Threat Intelligence}, title = {{Tweet on new wiper malware being used in attacks on Ukraine}}, date = {2022-02-23}, organization = {Twitter (@threatintel)}, url = {https://twitter.com/threatintel/status/1496578746014437376}, language = {English}, urldate = {2022-03-01} } Tweet on new wiper malware being used in attacks on Ukraine
HermeticWiper
2022-02-04MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20220204:actinium:739151c, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{ACTINIUM targets Ukrainian organizations}}, date = {2022-02-04}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/}, language = {English}, urldate = {2022-02-07} } ACTINIUM targets Ukrainian organizations
Pteranodon Gamaredon Group
2022-02-02MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20220202:evolution:4f55642, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{The evolution of a Mac trojan: UpdateAgent’s progression}}, date = {2022-02-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/02/02/the-evolution-of-a-mac-trojan-updateagents-progression/}, language = {English}, urldate = {2022-02-04} } The evolution of a Mac trojan: UpdateAgent’s progression
UpdateAgent
2022-02GoogleGoogle Cybersecurity Action Team
@techreport{team:202202:threat:66e29aa, author = {Google Cybersecurity Action Team}, title = {{Threat Horizons Cloud Threat Intelligence February 2022. Issue 2}}, date = {2022-02}, institution = {Google}, url = {https://services.google.com/fh/files/misc/gcat_threathorizons_full_feb2022.pdf}, language = {English}, urldate = {2022-03-02} } Threat Horizons Cloud Threat Intelligence February 2022. Issue 2
2022-01-25BluelivBlueliv
@techreport{blueliv:20220125:cyber:47bcefd, author = {Blueliv}, title = {{Cyber Threat Intelligence for Banking & Financial Services FOLLOW THE MONEY}}, date = {2022-01-25}, institution = {Blueliv}, url = {https://www.blueliv.com/resources/white-papers/financial_wp_21.pdf}, language = {English}, urldate = {2022-01-28} } Cyber Threat Intelligence for Banking & Financial Services FOLLOW THE MONEY
2022-01-20TrellixRaj Samani, Mo Cashman, Taylor Mullins
@online{samani:20220120:update:43f230d, author = {Raj Samani and Mo Cashman and Taylor Mullins}, title = {{Update on WhisperGate, Destructive Malware Targeting Ukraine – Threat Intelligence & Protections Update}}, date = {2022-01-20}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/update-on-whispergate-destructive-malware-targeting-ukraine.html}, language = {English}, urldate = {2022-01-25} } Update on WhisperGate, Destructive Malware Targeting Ukraine – Threat Intelligence & Protections Update
WhisperGate