Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-05-20MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210520:phorpiex:1a8fb3c, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment}}, date = {2021-05-20}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/05/20/phorpiex-morphs-how-a-longstanding-botnet-persists-and-thrives-in-the-current-threat-environment/}, language = {English}, urldate = {2021-05-26} } Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment
Phorpiex
2021-05-18BlackberryBlackBerry Threat Research and Intelligence Team
@online{team:20210518:strong:97bf5b7, author = {BlackBerry Threat Research and Intelligence Team}, title = {{Strong ARMing with MacOS: Adventures in Cross-Platform Emulation}}, date = {2021-05-18}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/05/strong-arming-with-macos-adventures-in-cross-platform-emulation}, language = {English}, urldate = {2021-05-25} } Strong ARMing with MacOS: Adventures in Cross-Platform Emulation
2021-05-13BlackberryBlackBerry Threat Research and Intelligence Team
@online{team:20210513:threat:15f6212, author = {BlackBerry Threat Research and Intelligence Team}, title = {{Threat Thursday: SombRAT — Always Leave Yourself a Backdoor}}, date = {2021-05-13}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/05/threat-thursday-sombrat-always-leave-yourself-a-backdoor}, language = {English}, urldate = {2021-05-19} } Threat Thursday: SombRAT — Always Leave Yourself a Backdoor
SombRAT
2021-05-06BlackberryBlackBerry Research and Intelligence team
@online{team:20210506:threat:8bdd47b, author = {BlackBerry Research and Intelligence team}, title = {{Threat Thursday: Dr. REvil Ransomware Strikes Again, Employs Double Extortion Tactics}}, date = {2021-05-06}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/05/threat-thursday-dr-revil-ransomware-strikes-again-employs-double-extortion-tactics}, language = {English}, urldate = {2021-05-08} } Threat Thursday: Dr. REvil Ransomware Strikes Again, Employs Double Extortion Tactics
REvil
2021-04-22xorl %eax, %eaxAnastasios Pingios
@online{pingios:20210422:gentle:01201be, author = {Anastasios Pingios}, title = {{A gentle introduction to building a threat intelligence team}}, date = {2021-04-22}, organization = {xorl %eax, %eax}, url = {https://docs.google.com/presentation/d/1mrDttPZreFZg_q5RG9EGjtBzbd5cpyA1Y9CzhyQiDj0}, language = {English}, urldate = {2021-05-08} } A gentle introduction to building a threat intelligence team
2021-04-09MicrosoftEmily Hacker, Justin Carroll, Microsoft 365 Defender Threat Intelligence Team
@online{hacker:20210409:investigating:2b6f30a, author = {Emily Hacker and Justin Carroll and Microsoft 365 Defender Threat Intelligence Team}, title = {{Investigating a unique “form” of email delivery for IcedID malware}}, date = {2021-04-09}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/04/09/investigating-a-unique-form-of-email-delivery-for-icedid-malware/}, language = {English}, urldate = {2021-04-12} } Investigating a unique “form” of email delivery for IcedID malware
IcedID
2021-04-06MalwarebytesThreat Intelligence Team
@online{team:20210406:deep:6279974, author = {Threat Intelligence Team}, title = {{A deep dive into Saint Bot, a new downloader}}, date = {2021-04-06}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2021/04/a-deep-dive-into-saint-bot-downloader/}, language = {English}, urldate = {2021-04-12} } A deep dive into Saint Bot, a new downloader
Saint Bot
2021-03-25MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210325:analyzing:d9ddef0, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Analyzing attacks taking advantage of the Exchange Server vulnerabilities}}, date = {2021-03-25}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/25/analyzing-attacks-taking-advantage-of-the-exchange-server-vulnerabilities/}, language = {English}, urldate = {2021-03-30} } Analyzing attacks taking advantage of the Exchange Server vulnerabilities
CHINACHOPPER
2021-03-24MalwarebytesThreat Intelligence Team
@online{team:20210324:software:f896085, author = {Threat Intelligence Team}, title = {{Software renewal scammers unmasked}}, date = {2021-03-24}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2021/03/software-renewal-scammers-unmasked/}, language = {English}, urldate = {2021-03-25} } Software renewal scammers unmasked
2021-03-04WMC GlobalWMC Global Threat Intelligence Team
@online{team:20210304:compact:0e18165, author = {WMC Global Threat Intelligence Team}, title = {{The Compact Campaign}}, date = {2021-03-04}, organization = {WMC Global}, url = {https://www.wmcglobal.com/blog/the-compact-campaign}, language = {English}, urldate = {2021-03-06} } The Compact Campaign
2021-03-04MicrosoftRamin Nafisi, Andrea Lelli, Microsoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{nafisi:20210304:goldmax:3fa3f68, author = {Ramin Nafisi and Andrea Lelli and Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence}}, date = {2021-03-04}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware}, language = {English}, urldate = {2021-03-06} } GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
SUNBURST TEARDROP UNC2452
2021-03-02MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team, Microsoft 365 Security
@online{mstic:20210302:hafnium:c7d8588, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team and Microsoft 365 Security}, title = {{HAFNIUM targeting Exchange Servers with 0-day exploits}}, date = {2021-03-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers}, language = {English}, urldate = {2021-03-07} } HAFNIUM targeting Exchange Servers with 0-day exploits
CHINACHOPPER HAFNIUM
2021-02-12MalwarebytesThreat Intelligence Team
@online{team:20210212:malvertising:6f4c197, author = {Threat Intelligence Team}, title = {{Malvertising campaign on PornHub and other top adult brands exposes users to tech support scams}}, date = {2021-02-12}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2021/02/malvertising-campaign-on-top-adult-brands-exposes-users-to-tech-support-scams/}, language = {English}, urldate = {2021-02-18} } Malvertising campaign on PornHub and other top adult brands exposes users to tech support scams
2021-02-01MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210201:what:2e12897, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{What tracking an attacker email infrastructure tells us about persistent cybercriminal operations}}, date = {2021-02-01}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/02/01/what-tracking-an-attacker-email-infrastructure-tells-us-about-persistent-cybercriminal-operations/}, language = {English}, urldate = {2021-02-02} } What tracking an attacker email infrastructure tells us about persistent cybercriminal operations
Dridex Emotet Makop Ransomware SmokeLoader TrickBot
2021-01-29MalwarebytesThreat Intelligence Team
@online{team:20210129:cleaning:489c8b3, author = {Threat Intelligence Team}, title = {{Cleaning up after Emotet: the law enforcement file}}, date = {2021-01-29}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/}, language = {English}, urldate = {2021-02-02} } Cleaning up after Emotet: the law enforcement file
Emotet
2021-01-28MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20210128:zinc:9c8aff4, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{ZINC attacks against security researchers}}, date = {2021-01-28}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/}, language = {English}, urldate = {2021-01-29} } ZINC attacks against security researchers
ComeBacker Klackring
2021-01-11CrowdStrikeCrowdStrike Intelligence Team
@online{team:20210111:sunspot:70e8a4c, author = {CrowdStrike Intelligence Team}, title = {{SUNSPOT: An Implant in the Build Process}}, date = {2021-01-11}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/}, language = {English}, urldate = {2021-01-21} } SUNSPOT: An Implant in the Build Process
SUNBURST
2021-01-08ReaqtaReaQta Threat Intelligence Team
@online{team:20210108:leonardo:bf16884, author = {ReaQta Threat Intelligence Team}, title = {{Leonardo S.p.A. Data Breach Analysis}}, date = {2021-01-08}, organization = {Reaqta}, url = {https://reaqta.com/2021/01/fujinama-analysis-leonardo-spa/}, language = {English}, urldate = {2021-01-11} } Leonardo S.p.A. Data Breach Analysis
2020-12-11BlackberryBlackBerry Research and Intelligence team
@online{team:20201211:mountlocker:9c495cb, author = {BlackBerry Research and Intelligence team}, title = {{MountLocker Ransomware-as-a-Service Offers Double Extortion Capabilities to Affiliates}}, date = {2020-12-11}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2020/12/mountlocker-ransomware-as-a-service-offers-double-extortion-capabilities-to-affiliates}, language = {English}, urldate = {2020-12-14} } MountLocker Ransomware-as-a-Service Offers Double Extortion Capabilities to Affiliates
Cobalt Strike Mount Locker
2020-11-30MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20201130:threat:99a3844, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them}}, date = {2020-11-30}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/11/30/threat-actor-leverages-coin-miner-techniques-to-stay-under-the-radar-heres-how-to-spot-them}, language = {English}, urldate = {2020-12-15} } Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them
APT32