Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-11HPHP Wolf Security
@techreport{security:20220511:threat:bd460f0, author = {HP Wolf Security}, title = {{Threat Insights Report Q1 - 2022}}, date = {2022-05-11}, institution = {HP}, url = {https://threatresearch.ext.hp.com/wp-content/uploads/2022/05/HP-Wolf-Security-Threat-Insights-Report-Q1-2022.pdf}, language = {English}, urldate = {2022-05-13} } Threat Insights Report Q1 - 2022
AsyncRAT Emotet Mekotio Vjw0rm
2022-05-04HPPatrick Schläpfer
@online{schlpfer:20220504:tips:f12f7ba, author = {Patrick Schläpfer}, title = {{Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware}}, date = {2022-05-04}, organization = {HP}, url = {https://threatresearch.ext.hp.com/tips-for-automating-ioc-extraction-from-gootloader-a-changing-javascript-malware/}, language = {English}, urldate = {2022-05-05} } Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware
GootLoader
2022-04-12HPPatrick Schläpfer
@online{schlpfer:20220412:malware:5032799, author = {Patrick Schläpfer}, title = {{Malware Campaigns Targeting African Banking Sector}}, date = {2022-04-12}, organization = {HP}, url = {https://threatresearch.ext.hp.com/malware-campaigns-targeting-african-banking-sector/}, language = {English}, urldate = {2022-04-15} } Malware Campaigns Targeting African Banking Sector
CloudEyE Remcos
2022-03-30Twitter (@hpsecurity)HP Wolf Security
@online{security:20220330:recent:56ca1b3, author = {HP Wolf Security}, title = {{Tweet on recent Mekotio Banker campaign}}, date = {2022-03-30}, organization = {Twitter (@hpsecurity)}, url = {https://twitter.com/hpsecurity/status/1509185858146082816}, language = {English}, urldate = {2022-03-31} } Tweet on recent Mekotio Banker campaign
Mekotio
2022-02-09FlashpointFlashpoint
@online{flashpoint:20220209:russia:3367b7a, author = {Flashpoint}, title = {{Russia Seizes Ferum, Sky-Fraud, UAS, and Trump’s Dumps—and Signals More Takedowns to Come}}, date = {2022-02-09}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/press-post/russia-seizes-ferum-skyfraud-uas-trumpsdumps-carding-forums/}, language = {English}, urldate = {2022-02-14} } Russia Seizes Ferum, Sky-Fraud, UAS, and Trump’s Dumps—and Signals More Takedowns to Come
2022-02-08HPPatrick Schläpfer
@online{schlpfer:20220208:attackers:1a91251, author = {Patrick Schläpfer}, title = {{Attackers Disguise RedLine Stealer as a Windows 11 Upgrade}}, date = {2022-02-08}, organization = {HP}, url = {https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/}, language = {English}, urldate = {2022-02-14} } Attackers Disguise RedLine Stealer as a Windows 11 Upgrade
RedLine Stealer
2022-01-14HPPatrick Schläpfer
@online{schlpfer:20220114:how:0795917, author = {Patrick Schläpfer}, title = {{How Attackers Use XLL Malware to Infect Systems}}, date = {2022-01-14}, organization = {HP}, url = {https://threatresearch.ext.hp.com/how-attackers-use-xll-malware-to-infect-systems/}, language = {English}, urldate = {2022-01-18} } How Attackers Use XLL Malware to Infect Systems
2021-12-09HPPatrick Schläpfer
@online{schlpfer:20211209:emotets:aa090a7, author = {Patrick Schläpfer}, title = {{Emotet’s Return: What’s Different?}}, date = {2021-12-09}, organization = {HP}, url = {https://threatresearch.ext.hp.com/emotets-return-whats-different/}, language = {English}, urldate = {2022-01-18} } Emotet’s Return: What’s Different?
Emotet
2021-11-23HPPatrick Schläpfer
@online{schlpfer:20211123:ratdispenser:4677686, author = {Patrick Schläpfer}, title = {{RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild}}, date = {2021-11-23}, organization = {HP}, url = {https://threatresearch.ext.hp.com/javascript-malware-dispensing-rats-into-the-wild/}, language = {English}, urldate = {2021-11-29} } RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild
AdWind Ratty STRRAT CloudEyE Formbook Houdini Panda Stealer Remcos
2021-11-16FlashpointFlashpoint
@online{flashpoint:20211116:ramp:c1804cf, author = {Flashpoint}, title = {{RAMP Ransomware’s Apparent Overture to Chinese Threat Actors}}, date = {2021-11-16}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/ramp-ransomware-chinese-threat-actors/}, language = {English}, urldate = {2021-11-18} } RAMP Ransomware’s Apparent Overture to Chinese Threat Actors
2021-10-18FlashpointFlashpoint
@online{flashpoint:20211018:revil:104ed52, author = {Flashpoint}, title = {{REvil Disappears Again: ‘Something Is Rotten in the State of Ransomware’}}, date = {2021-10-18}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/revil-disappears-again/}, language = {English}, urldate = {2021-10-24} } REvil Disappears Again: ‘Something Is Rotten in the State of Ransomware’
REvil REvil
2021-10HPHP Wolf Security
@techreport{security:202110:threat:49f8fc2, author = {HP Wolf Security}, title = {{Threat Insights Report Q3 - 2021}}, date = {2021-10}, institution = {HP}, url = {https://threatresearch.ext.hp.com/wp-content/uploads/2021/10/HP-Wolf-Security-Threat-Insights-Report-Q3-2021.pdf}, language = {English}, urldate = {2021-10-25} } Threat Insights Report Q3 - 2021
STRRAT CloudEyE NetWire RC Remcos TrickBot Vjw0rm
2021-09-29FlashpointFlashpoint
@online{flashpoint:20210929:russian:565e147, author = {Flashpoint}, title = {{Russian hacker Q&A: An Interview With REvil-Affiliated Ransomware Contractor}}, date = {2021-09-29}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/interview-with-revil-affiliated-ransomware-contractor/}, language = {English}, urldate = {2021-10-26} } Russian hacker Q&A: An Interview With REvil-Affiliated Ransomware Contractor
REvil REvil
2021-09-28FlashpointFlashpoint
@online{flashpoint:20210928:revils:ffcbfac, author = {Flashpoint}, title = {{REvil’s “Cryptobackdoor” Con: Ransomware Group’s Tactics Roil Affiliates, Sparking a Fallout}}, date = {2021-09-28}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/revils-cryptobackdoor-con-ransomware-groups-tactics-roil-affiliates-sparking-a-fallout/}, language = {English}, urldate = {2021-10-13} } REvil’s “Cryptobackdoor” Con: Ransomware Group’s Tactics Roil Affiliates, Sparking a Fallout
REvil
2021-09-19HPPatrick Schläpfer
@online{schlpfer:20210919:mirrorblast:a81e63c, author = {Patrick Schläpfer}, title = {{MirrorBlast and TA505: Examining Similarities in Tactics, Techniques and Procedures}}, date = {2021-09-19}, organization = {HP}, url = {https://threatresearch.ext.hp.com/mirrorblast-and-ta505-examining-similarities-in-tactics-techniques-and-procedures/}, language = {English}, urldate = {2021-10-24} } MirrorBlast and TA505: Examining Similarities in Tactics, Techniques and Procedures
MirrorBlast
2021-08-10FlashpointFlashpoint
@online{flashpoint:20210810:revil:8be7760, author = {Flashpoint}, title = {{REvil Master Key for Kaseya Attack Posted to XSS}}, date = {2021-08-10}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/possible-universal-revil-master-key-posted-to-xss/}, language = {English}, urldate = {2021-08-11} } REvil Master Key for Kaseya Attack Posted to XSS
REvil
2021-07-30HPPatrick Schläpfer
@online{schlpfer:20210730:detecting:2291323, author = {Patrick Schläpfer}, title = {{Detecting TA551 domains}}, date = {2021-07-30}, organization = {HP}, url = {https://threatresearch.ext.hp.com/detecting-ta551-domains/}, language = {English}, urldate = {2021-08-02} } Detecting TA551 domains
Valak Dridex IcedID ISFB QakBot
2021-07-27FlashpointFlashpoint
@online{flashpoint:20210727:chatter:08a4080, author = {Flashpoint}, title = {{Chatter Indicates BlackMatter as REvil Successor}}, date = {2021-07-27}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/chatter-indicates-blackmatter-as-revil-successor/}, language = {English}, urldate = {2021-08-02} } Chatter Indicates BlackMatter as REvil Successor
REvil
2021-07-09SeqriteChaitanya Haritash, Nihar Deshpande, Shayak Tarafdar
@techreport{haritash:20210709:seqrite:8d36786, author = {Chaitanya Haritash and Nihar Deshpande and Shayak Tarafdar}, title = {{Seqrite uncovers second wave of Operation SideCopy targeting Indian critical infrastructure PSUs}}, date = {2021-07-09}, institution = {Seqrite}, url = {https://www.seqrite.com/documents/en/white-papers/Whitepaper-OperationSideCopy.pdf}, language = {English}, urldate = {2021-07-20} } Seqrite uncovers second wave of Operation SideCopy targeting Indian critical infrastructure PSUs
NjRAT ReverseRAT
2021-06-28HPPatrick Schläpfer
@online{schlpfer:20210628:snake:bf10d9d, author = {Patrick Schläpfer}, title = {{Snake Keylogger’s Many Skins: Analysing Code Reuse Among Infostealers}}, date = {2021-06-28}, organization = {HP}, url = {https://threatresearch.ext.hp.com/the-many-skins-of-snake-keylogger/}, language = {English}, urldate = {2021-06-29} } Snake Keylogger’s Many Skins: Analysing Code Reuse Among Infostealers
404 Keylogger Phoenix Keylogger