Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2019-10-16ProofpointDennis Schwarz, Kafeine, Matthew Mesa, Axel F, Proofpoint Threat Insight Team
@online{schwarz:20191016:ta505:9d7155a, author = {Dennis Schwarz and Kafeine and Matthew Mesa and Axel F and Proofpoint Threat Insight Team}, title = {{TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader}}, date = {2019-10-16}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-trojan-get2-downloader}, language = {English}, urldate = {2020-01-10} } TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader
Get2 SDBbot TA505
2019-09-02VolexityAndrew Case, Matthew Meltzer, Steven Adair
@online{case:20190902:digital:0f6cd23, author = {Andrew Case and Matthew Meltzer and Steven Adair}, title = {{Digital Crackdown: Large-Scale Surveillance and Exploitation of Uyghurs}}, date = {2019-09-02}, organization = {Volexity}, url = {https://www.volexity.com/blog/2019/09/02/digital-crackdown-large-scale-surveillance-and-exploitation-of-uyghurs/}, language = {English}, urldate = {2019-12-06} } Digital Crackdown: Large-Scale Surveillance and Exploitation of Uyghurs
scanbox POISON CARP
2019-07-02ProofpointMatthew Mesa, Dennis Schwarz, Proofpoint Threat Insight Team
@online{mesa:20190702:ta505:7f99961, author = {Matthew Mesa and Dennis Schwarz and Proofpoint Threat Insight Team}, title = {{TA505 begins summer campaigns with a new pet malware downloader, AndroMut, in the UAE, South Korea, Singapore, and the United States}}, date = {2019-07-02}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/ta505-begins-summer-campaigns-new-pet-malware-downloader-andromut-uae-south}, language = {English}, urldate = {2019-11-26} } TA505 begins summer campaigns with a new pet malware downloader, AndroMut, in the UAE, South Korea, Singapore, and the United States
AndroMut FlawedAmmyy
2019-04-17Cisco TalosDanny Adamitis, David Maynor, Warren Mercer, Matthew Olney, Paul Rascagnères
@online{adamitis:20190417:dns:0146532, author = {Danny Adamitis and David Maynor and Warren Mercer and Matthew Olney and Paul Rascagnères}, title = {{DNS Hijacking Abuses Trust In Core Internet Service}}, date = {2019-04-17}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2019/04/seaturtle.html}, language = {English}, urldate = {2020-01-09} } DNS Hijacking Abuses Trust In Core Internet Service
Sea Turtle
2019-02-20Cisco TalosNick Biasini, Edmund Brumaghin, Matthew Molyett
@online{biasini:20190220:combing:bdc059c, author = {Nick Biasini and Edmund Brumaghin and Matthew Molyett}, title = {{Combing Through Brushaloader Amid Massive Detection Uptick}}, date = {2019-02-20}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2019/02/combing-through-brushaloader.html}, language = {English}, urldate = {2019-11-29} } Combing Through Brushaloader Amid Massive Detection Uptick
BrushaLoader
2019-01-17AccentureMatthew Brady
@online{brady:20190117:pond:572e6e8, author = {Matthew Brady}, title = {{Pond Loach delivers BadCake malware}}, date = {2019-01-17}, organization = {Accenture}, url = {https://www.accenture.com/us-en/blogs/blogs-pond-loach-delivers-badcake-malware}, language = {English}, urldate = {2020-03-03} } Pond Loach delivers BadCake malware
Salgorea APT32
2018-11-19FireEyeMatthew Dunwoody, Andrew Thompson, Ben Withnell, Jonathan Leathery, Michael Matonis, Nick Carr
@online{dunwoody:20181119:not:e581291, author = {Matthew Dunwoody and Andrew Thompson and Ben Withnell and Jonathan Leathery and Michael Matonis and Nick Carr}, title = {{Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign}}, date = {2018-11-19}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html}, language = {English}, urldate = {2019-12-20} } Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
Cobalt Strike
2018-08-30Twitter (@mesa_matt)Matthew Mesa
@online{mesa:20180830:psix:18563f6, author = {Matthew Mesa}, title = {{Tweet on PsiX}}, date = {2018-08-30}, organization = {Twitter (@mesa_matt)}, url = {https://twitter.com/mesa_matt/status/1035211747957923840}, language = {English}, urldate = {2019-12-06} } Tweet on PsiX
PsiX
2018-06-07VolexityMatthew Meltzer, Sean Koessel, Steven Adair
@online{meltzer:20180607:patchwork:5b8d3c8, author = {Matthew Meltzer and Sean Koessel and Steven Adair}, title = {{Patchwork APT Group Targets US Think Tanks}}, date = {2018-06-07}, organization = {Volexity}, url = {https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/}, language = {English}, urldate = {2020-01-08} } Patchwork APT Group Targets US Think Tanks
Quasar RAT Unidentified 047 QUILTED TIGER
2018-04-20Booz Allen HamiltonJay Novak, Matthew Pennington
@online{novak:20180420:researchers:6764b0e, author = {Jay Novak and Matthew Pennington}, title = {{Researchers Discover New variants of APT34 Malware}}, date = {2018-04-20}, organization = {Booz Allen Hamilton}, url = {https://www.boozallen.com/s/insight/blog/dark-labs-discovers-apt34-malware-variants.html?cid=spo-csatb-2}, language = {English}, urldate = {2020-01-06} } Researchers Discover New variants of APT34 Malware
BONDUPDATER POWRUNER
2018-02-12CiscoWarren Mercer, Paul Rascagnères, Ben Baker, Matthew Molyett
@online{mercer:20180212:olympic:f3f8f87, author = {Warren Mercer and Paul Rascagnères and Ben Baker and Matthew Molyett}, title = {{Olympic Destroyer Takes Aim At Winter Olympics}}, date = {2018-02-12}, organization = {Cisco}, url = {http://blog.talosintelligence.com/2018/02/olympic-destroyer.html}, language = {English}, urldate = {2019-11-20} } Olympic Destroyer Takes Aim At Winter Olympics
Olympic Destroyer
2017-09-20Cisco TalosEdmund Brumaghin, Earl Carter, Warren Mercer, Matthew Molyett, Matthew Olney, Paul Rascagnères, Craig Williams
@online{brumaghin:20170920:ccleaner:e034063, author = {Edmund Brumaghin and Earl Carter and Warren Mercer and Matthew Molyett and Matthew Olney and Paul Rascagnères and Craig Williams}, title = {{CCleaner Command and Control Causes Concern}}, date = {2017-09-20}, organization = {Cisco Talos}, url = {http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html}, language = {English}, urldate = {2020-01-06} } CCleaner Command and Control Causes Concern
CCleaner Backdoor
2017-09-18Cisco TalosEdmund Brumaghin, Ross Gibb, Warren Mercer, Matthew Molyett, Craig Williams
@online{brumaghin:20170918:ccleanup:5ba0369, author = {Edmund Brumaghin and Ross Gibb and Warren Mercer and Matthew Molyett and Craig Williams}, title = {{CCleanup: A Vast Number of Machines at Risk}}, date = {2017-09-18}, organization = {Cisco Talos}, url = {http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html}, language = {English}, urldate = {2020-01-08} } CCleanup: A Vast Number of Machines at Risk
CCleaner Backdoor
2017-09-05Cisco TalosHolger Unterbrink, Matthew Molyett
@online{unterbrink:20170905:graftor:ed3b2a3, author = {Holger Unterbrink and Matthew Molyett}, title = {{Graftor - But I Never Asked for This…}}, date = {2017-09-05}, organization = {Cisco Talos}, url = {http://blog.talosintelligence.com/2017/09/graftor-but-i-never-asked-for-this.html}, language = {English}, urldate = {2020-01-10} } Graftor - But I Never Asked for This…
Graftor
2017-08-25ProofpointDarien Huss, Matthew Mesa
@online{huss:20170825:operation:87e2e2b, author = {Darien Huss and Matthew Mesa}, title = {{Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures}}, date = {2017-08-25}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-apt-actors-use-fake-game-thrones-leaks-lures}, language = {English}, urldate = {2019-12-20} } Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures
9002 RAT
2017-08-03Cisco TalosMatthew Molyett
@online{molyett:20170803:taking:b5c69af, author = {Matthew Molyett}, title = {{Taking the FIRST look at Crypt0l0cker}}, date = {2017-08-03}, organization = {Cisco Talos}, url = {http://blog.talosintelligence.com/2017/08/first-look-crypt0l0cker.html}, language = {English}, urldate = {2019-11-26} } Taking the FIRST look at Crypt0l0cker
Crypt0l0cker
2017-07-31ProofpointMatthew Mesa, Darien Huss
@online{mesa:20170731:fin7carbanak:2eef6f2, author = {Matthew Mesa and Darien Huss}, title = {{FIN7/Carbanak threat actor unleashes Bateleur JScript backdoor}}, date = {2017-07-31}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor}, language = {English}, urldate = {2019-12-20} } FIN7/Carbanak threat actor unleashes Bateleur JScript backdoor
Bateleur FIN7
2017-06-21CiscoAlex Chiu, Warren Mercer, Jaeson Schultz, Sean Baird, Matthew Molyett
@online{chiu:20170621:player:b44064a, author = {Alex Chiu and Warren Mercer and Jaeson Schultz and Sean Baird and Matthew Molyett}, title = {{Player 1 Limps Back Into the Ring - Hello again, Locky!}}, date = {2017-06-21}, organization = {Cisco}, url = {http://blog.talosintelligence.com/2017/06/necurs-locky-campaign.html}, language = {English}, urldate = {2019-12-17} } Player 1 Limps Back Into the Ring - Hello again, Locky!
Locky
2017-06-01ProofpointMatthew Mesa, Axel F, Pierre T, Travis Green
@online{mesa:20170601:microsoft:77dd3ab, author = {Matthew Mesa and Axel F and Pierre T and Travis Green}, title = {{Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions}}, date = {2017-06-01}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/microsoft-word-intruder-integrates-cve-2017-0199-utilized-cobalt-group-target}, language = {English}, urldate = {2019-12-20} } Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions
Cobalt
2017-05-03FireEyeMatthew McWhirt, Jon Erickson, DJ Palombo
@online{mcwhirt:20170503:to:0acd52b, author = {Matthew McWhirt and Jon Erickson and DJ Palombo}, title = {{To SDB, Or Not To SDB: FIN7 Leveraging Shim Databases for Persistence}}, date = {2017-05-03}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2017/05/fin7-shim-databases-persistence.html}, language = {English}, urldate = {2019-12-20} } To SDB, Or Not To SDB: FIN7 Leveraging Shim Databases for Persistence
FIN7