Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-12-17Trend MicroAbraham Camba, Jonna Santos, Gilbert Sison, Jay Yaneza
@online{camba:20211217:staging:0ec37d9, author = {Abraham Camba and Jonna Santos and Gilbert Sison and Jay Yaneza}, title = {{Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager}}, date = {2021-12-17}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/l/staging-a-quack-reverse-analyzing-fileless-qakbot-stager.html}, language = {English}, urldate = {2021-12-31} } Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager
QakBot
2021-12-14Trend MicroNick Dai, Ted Lee, Vickie Su
@online{dai:20211214:collecting:3d6dd34, author = {Nick Dai and Ted Lee and Vickie Su}, title = {{Collecting In the Dark: Tropic Trooper Targets Transportation and Government}}, date = {2021-12-14}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/l/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government-organizations.html}, language = {English}, urldate = {2022-03-30} } Collecting In the Dark: Tropic Trooper Targets Transportation and Government
ChiserClient Ghost RAT Lilith Quasar RAT xPack
2021-12-13Trend MicroJay Yaneza, Abdelrhman Sharshar, Sherif Magdy
@online{yaneza:20211213:look:41dc207, author = {Jay Yaneza and Abdelrhman Sharshar and Sherif Magdy}, title = {{A Look Into Purple Fox’s Server Infrastructure}}, date = {2021-12-13}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/l/a-look-into-purple-fox-server-infrastructure.html}, language = {English}, urldate = {2021-12-31} } A Look Into Purple Fox’s Server Infrastructure
PurpleFox
2021-12-10Trend MicroDon Ovid Ladores
@online{ladores:20211210:new:baec85c, author = {Don Ovid Ladores}, title = {{New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes}}, date = {2021-12-10}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/l/yanluowang-ransomware-code-signed-terminates-database-processes.html}, language = {English}, urldate = {2021-12-31} } New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes
2021-12-09Trend MicroVeronica Chierzi
@online{chierzi:20211209:evolution:f5eb0ca, author = {Veronica Chierzi}, title = {{The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs}}, date = {2021-12-09}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/l/the-evolution-of-iot-linux-malware-based-on-mitre-att&ck-ttps.html}, language = {English}, urldate = {2022-01-05} } The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs
Dark Nexus QSnatch
2021-12-03Trend MicroNitesh Surana
@online{surana:20211203:vulnerabilities:a406a52, author = {Nitesh Surana}, title = {{Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify}}, date = {2021-12-03}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/l/vulnerabilities-exploited-for-monero-mining-malware-delivered-via-gitHub-netlify.html}, language = {English}, urldate = {2021-12-07} } Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify
2021-12-01Trend MicroTrend Micro
@online{micro:20211201:ransomware:8af82b0, author = {Trend Micro}, title = {{Ransomware Spotlight: Conti}}, date = {2021-12-01}, organization = {Trend Micro}, url = {https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-conti}, language = {English}, urldate = {2022-03-02} } Ransomware Spotlight: Conti
Conti
2021-12-01Trend MicroTrend Micro Research
@online{research:20211201:analyzing:18167cf, author = {Trend Micro Research}, title = {{Analyzing How TeamTNT Used Compromised Docker Hub Accounts}}, date = {2021-12-01}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/l/more-tools-in-the-arsenal-how-teamtnt-used-compromised-docker-hu.html}, language = {English}, urldate = {2021-12-07} } Analyzing How TeamTNT Used Compromised Docker Hub Accounts
TeamTNT
2021-11-29Trend MicroJaromír Hořejší
@online{hoej:20211129:campaign:6e23cf5, author = {Jaromír Hořejší}, title = {{Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites}}, date = {2021-11-29}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/k/campaign-abusing-rats-uses-fake-websites.html}, language = {English}, urldate = {2021-12-07} } Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites
AsyncRAT Azorult Nanocore RAT NjRAT RedLine Stealer Remcos
2021-11-23Trend MicroIan Kenefick
@online{kenefick:20211123:bazarloader:794de7c, author = {Ian Kenefick}, title = {{BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors}}, date = {2021-11-23}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/k/bazarloader-adds-compromised-installers-iso-to-arrival-delivery-vectors.html}, language = {English}, urldate = {2021-11-26} } BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors
BazarBackdoor
2021-11-19Trend MicroMohamed Fahmy, Sherif Magdy, Abdelrhman Sharshar
@online{fahmy:20211119:squirrelwaffle:1e8fa78, author = {Mohamed Fahmy and Sherif Magdy and Abdelrhman Sharshar}, title = {{Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains}}, date = {2021-11-19}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html}, language = {English}, urldate = {2021-11-25} } Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains
Cobalt Strike QakBot Squirrelwaffle
2021-11-17Trend MicroMohamed Fahmy, Abdelrhman Sharshar, Sherif Magdy, Ryan Maglaque
@online{fahmy:20211117:analyzing:c6c52d1, author = {Mohamed Fahmy and Abdelrhman Sharshar and Sherif Magdy and Ryan Maglaque}, title = {{Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR}}, date = {2021-11-17}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_in/research/21/k/analyzing-proxyshell-related-incidents-via-trend-micro-managed-x.html}, language = {English}, urldate = {2021-11-18} } Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR
Cobalt Strike Cotx RAT
2021-11-16Trend MicroTrend Micro
@online{micro:20211116:global:5b996d3, author = {Trend Micro}, title = {{Global Operations Lead to Arrests of Alleged Members of GandCrab/REvil and Cl0p Cartels}}, date = {2021-11-16}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_in/research/21/k/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab.html}, language = {English}, urldate = {2021-11-18} } Global Operations Lead to Arrests of Alleged Members of GandCrab/REvil and Cl0p Cartels
REvil Clop Gandcrab REvil
2021-11-15Trend MicroDavid Fiser, Alfredo Oliveira
@online{fiser:20211115:groups:f889118, author = {David Fiser and Alfredo Oliveira}, title = {{Groups Target Alibaba ECS Instances for Cryptojacking}}, date = {2021-11-15}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_in/research/21/k/groups-target-alibaba-ecs-instances-for-cryptojacking.html}, language = {English}, urldate = {2021-11-19} } Groups Target Alibaba ECS Instances for Cryptojacking
2021-11-13Trend MicroIan Kenefick, Vladimir Kropotov
@online{kenefick:20211113:qakbot:3138b93, author = {Ian Kenefick and Vladimir Kropotov}, title = {{QAKBOT Loader Returns With New Techniques and Tools}}, date = {2021-11-13}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/k/qakbot-loader-returns-with-new-techniques-and-tools.html}, language = {English}, urldate = {2021-11-17} } QAKBOT Loader Returns With New Techniques and Tools
QakBot
2021-11-12Trend MicroIan Kenefick, Vladimir Kropotov
@techreport{kenefick:20211112:prelude:781d4d7, author = {Ian Kenefick and Vladimir Kropotov}, title = {{The Prelude to Ransomware: A Look into Current QAKBOT Capabilities and Global Activities}}, date = {2021-11-12}, institution = {Trend Micro}, url = {https://documents.trendmicro.com/assets/pdf/Technical-Brief---The-Prelude-to-Ransomware-A-Look-into-Current-QAKBOT-Capabilities-and-Activity.pdf}, language = {English}, urldate = {2021-11-17} } The Prelude to Ransomware: A Look into Current QAKBOT Capabilities and Global Activities
QakBot
2021-11-11Trend MicroDavid Fiser, Alfredo Oliveira
@online{fiser:20211111:teamtnt:fe67ef2, author = {David Fiser and Alfredo Oliveira}, title = {{TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments}}, date = {2021-11-11}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/k/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-env.html}, language = {English}, urldate = {2021-11-12} } TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments
2021-11-10Trend MicroTrend Micro Research
@techreport{research:20211110:void:e3ef7db, author = {Trend Micro Research}, title = {{Void Balaur and the Rise of the Cybermercenary Industry}}, date = {2021-11-10}, institution = {Trend Micro}, url = {https://documents.trendmicro.com/assets/white_papers/wp-void-balaur-tracking-a-cybermercenarys-activities.pdf}, language = {English}, urldate = {2021-11-17} } Void Balaur and the Rise of the Cybermercenary Industry
ZStealer
2021-11-10Trend MicroTrend Micro Research
@online{research:20211110:void:f925ba5, author = {Trend Micro Research}, title = {{Void Balaur and the Rise of the Cybermercenary Industry (IOCs)}}, date = {2021-11-10}, organization = {Trend Micro}, url = {https://documents.trendmicro.com/assets/txt/IOCs-void-balaur-tracking-a-cybermercenary-activities.txt}, language = {English}, urldate = {2021-11-17} } Void Balaur and the Rise of the Cybermercenary Industry (IOCs)
2021-11-09Trend MicroTrend Micro Research
@online{research:20211109:compromised:47958cb, author = {Trend Micro Research}, title = {{Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT}}, date = {2021-11-09}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/k/compromised-docker-hub-accounts-abused-for-cryptomining-linked-t.html}, language = {English}, urldate = {2021-11-25} } Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT