Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-01IBMKevin Henson, Emmy Ebanks
@online{henson:20220901:raspberry:b5b5946, author = {Kevin Henson and Emmy Ebanks}, title = {{Raspberry Robin and Dridex: Two Birds of a Feather}}, date = {2022-09-01}, organization = {IBM}, url = {https://securityintelligence.com/posts/raspberry-robin-worm-dridex-malware/}, language = {English}, urldate = {2022-09-06} } Raspberry Robin and Dridex: Two Birds of a Feather
Dridex Raspberry Robin
2022-08-18IBMCharlotte Hammond, Ole Villadsen
@online{hammond:20220818:from:501e8ac, author = {Charlotte Hammond and Ole Villadsen}, title = {{From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers}}, date = {2022-08-18}, organization = {IBM}, url = {https://securityintelligence.com/posts/from-ramnit-to-bumblebee-via-neverquest}, language = {English}, urldate = {2022-08-28} } From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers
BumbleBee Karius Ramnit TrickBot Vawtrak
2022-07-07IBMOle Villadsen, Charlotte Hammond, Kat Weinberger
@online{villadsen:20220707:unprecedented:d0a6add, author = {Ole Villadsen and Charlotte Hammond and Kat Weinberger}, title = {{Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine}}, date = {2022-07-07}, organization = {IBM}, url = {https://securityintelligence.com/posts/trickbot-group-systematically-attacking-ukraine}, language = {English}, urldate = {2022-07-12} } Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine
AnchorMail BumbleBee Cobalt Strike IcedID Meterpreter
2022-05-26IBMKevin Henson, Dave McMillen
@online{henson:20220526:black:f789f1b, author = {Kevin Henson and Dave McMillen}, title = {{Black Basta Besting Your Network?}}, date = {2022-05-26}, organization = {IBM}, url = {https://securityintelligence.com/posts/black-basta-ransomware-group-besting-network/}, language = {English}, urldate = {2022-06-09} } Black Basta Besting Your Network?
Black Basta
2022-05-19IBMCharlotte Hammond, Ole Villadsen, Golo Mühr
@online{hammond:20220519:itg23:eab10e2, author = {Charlotte Hammond and Ole Villadsen and Golo Mühr}, title = {{ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups}}, date = {2022-05-19}, organization = {IBM}, url = {https://securityintelligence.com/posts/itg23-crypters-cooperation-between-cybercriminal-groups/}, language = {English}, urldate = {2022-05-25} } ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups
IcedID ISFB Mount Locker
2022-04-26IBMMelissa Frydrych, Claire Zaboeva, David Bryant
@online{frydrych:20220426:hive0117:2ddea35, author = {Melissa Frydrych and Claire Zaboeva and David Bryant}, title = {{Hive0117 Continues Fileless Malware Delivery in Eastern Europe}}, date = {2022-04-26}, organization = {IBM}, url = {https://securityintelligence.com/posts/hive00117-fileless-malware-delivery-eastern-europe/}, language = {English}, urldate = {2022-05-04} } Hive0117 Continues Fileless Malware Delivery in Eastern Europe
DarkWatchman
2022-03-04IBMJohn Dwyer, Kevin Henson
@online{dwyer:20220304:new:c661960, author = {John Dwyer and Kevin Henson}, title = {{New Wiper Malware Used Against Ukranian Organizations}}, date = {2022-03-04}, organization = {IBM}, url = {https://securityintelligence.com/posts/new-wiper-malware-used-against-ukranian-organizations/}, language = {English}, urldate = {2022-03-07} } New Wiper Malware Used Against Ukranian Organizations
IsaacWiper
2022-02-25IBMCharlotte Hammond, Ole Villadsen
@online{hammond:20220225:trickbot:fdf2254, author = {Charlotte Hammond and Ole Villadsen}, title = {{Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail}}, date = {2022-02-25}, organization = {IBM}, url = {https://securityintelligence.com/posts/new-malware-trickbot-anchordns-backdoor-upgrades-anchormail/}, language = {English}, urldate = {2022-03-02} } Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail
AnchorDNS AnchorMail
2022-02-24IBMAnne Jobmann, Claire Zaboeva, Richard Emerson, Christopher Del Fierro, John Dwyer
@online{jobmann:20220224:ibm:deaac04, author = {Anne Jobmann and Claire Zaboeva and Richard Emerson and Christopher Del Fierro and John Dwyer}, title = {{IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine}}, date = {2022-02-24}, organization = {IBM}, url = {https://securityintelligence.com/posts/new-destructive-malware-cyber-attacks-ukraine/}, language = {English}, urldate = {2022-03-02} } IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine
HermeticWiper
2022-02-02IBMKevin Henson
@online{henson:20220202:trickbot:fd4964d, author = {Kevin Henson}, title = {{TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware}}, date = {2022-02-02}, organization = {IBM}, url = {https://securityintelligence.com/posts/trickbot-gang-template-based-metaprogramming-bazar-malware/}, language = {English}, urldate = {2022-02-04} } TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware
BazarBackdoor TrickBot
2022-01-31IBMLimor Kessem, Itzik Chimino
@online{kessem:20220131:topranking:4f697c1, author = {Limor Kessem and Itzik Chimino}, title = {{Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data}}, date = {2022-01-31}, organization = {IBM}, url = {https://securityintelligence.com/posts/ramnit-banking-trojan-stealing-card-data/}, language = {English}, urldate = {2022-02-02} } Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data
Ramnit
2022-01-24IBMMichael Gal, Segev Fogel, Itzik Chimino, Limor Kessem, Charlotte Hammond
@online{gal:20220124:trickbot:8a030b3, author = {Michael Gal and Segev Fogel and Itzik Chimino and Limor Kessem and Charlotte Hammond}, title = {{TrickBot Bolsters Layered Defenses to Prevent Injection Research}}, date = {2022-01-24}, organization = {IBM}, url = {https://securityintelligence.com/posts/trickbot-bolsters-layered-defenses-prevent-injection/}, language = {English}, urldate = {2022-01-25} } TrickBot Bolsters Layered Defenses to Prevent Injection Research
TrickBot
2021-11-17IBMShahar Tavor
@online{tavor:20211117:brazking:8153d89, author = {Shahar Tavor}, title = {{BrazKing Android Malware Upgraded and Targeting Brazilian Banks}}, date = {2021-11-17}, organization = {IBM}, url = {https://securityintelligence.com/posts/brazking-android-malware-upgraded-targeting-brazilian-banks/}, language = {English}, urldate = {2021-11-18} } BrazKing Android Malware Upgraded and Targeting Brazilian Banks
PixStealer
2021-11-01IBMAaron Gdanski, Limor Kessem
@online{gdanski:20211101:from:dc06d28, author = {Aaron Gdanski and Limor Kessem}, title = {{From Thanos to Prometheus: When Ransomware Encryption Goes Wrong}}, date = {2021-11-01}, organization = {IBM}, url = {https://securityintelligence.com/posts/ransomware-encryption-goes-wrong/}, language = {English}, urldate = {2021-11-08} } From Thanos to Prometheus: When Ransomware Encryption Goes Wrong
Hakbit Prometheus
2021-10-13IBMOle Villadsen, Charlotte Hammond
@online{villadsen:20211013:trickbot:e0d4233, author = {Ole Villadsen and Charlotte Hammond}, title = {{Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds}}, date = {2021-10-13}, organization = {IBM}, url = {https://securityintelligence.com/posts/trickbot-gang-doubles-down-enterprise-infection/}, language = {English}, urldate = {2021-10-25} } Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds
BazarBackdoor TrickBot
2021-09-23IBMNir Somech, Chen Nahman
@online{somech:20210923:new:7fc798f, author = {Nir Somech and Chen Nahman}, title = {{New ZE Loader Targets Online Banking Users}}, date = {2021-09-23}, organization = {IBM}, url = {https://securityintelligence.com/posts/new-ze-loader-targets-online-banking/}, language = {English}, urldate = {2021-09-28} } New ZE Loader Targets Online Banking Users
2021-09-20IBMIBM SECURITY X-FORCE
@online{xforce:20210920:2021:41cf9ce, author = {IBM SECURITY X-FORCE}, title = {{2021 IBM SecurityX-Force Cloud Threat Landscape Report}}, date = {2021-09-20}, organization = {IBM}, url = {https://www.ibm.com/downloads/cas/WMDZOWK6?social_post=5483919673&linkId=131648775}, language = {English}, urldate = {2021-09-22} } 2021 IBM SecurityX-Force Cloud Threat Landscape Report
Kaiji Kinsing Tsunami Xanthe XOR DDoS
2021-09-09IBMMegan Roddie
@online{roddie:20210909:lockbit:8b80ed5, author = {Megan Roddie}, title = {{LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment}}, date = {2021-09-09}, organization = {IBM}, url = {https://securityintelligence.com/posts/lockbit-ransomware-attacks-surge-affiliate-recruitment/}, language = {English}, urldate = {2021-09-10} } LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment
LockBit
2021-09-03IBMCamille Singleton, Andrew Gorecki, John Dwyer
@online{singleton:20210903:dissecting:4d56786, author = {Camille Singleton and Andrew Gorecki and John Dwyer}, title = {{Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight}}, date = {2021-09-03}, organization = {IBM}, url = {https://securityintelligence.com/posts/sodinokibi-ransomware-incident-response-intelligence-together/}, language = {English}, urldate = {2021-09-09} } Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight
Valak QakBot REvil
2021-08-17IBM X-Force ExchangeCharlotte Hammond, Chris Caridi
@online{hammond:20210817:analysis:03981d3, author = {Charlotte Hammond and Chris Caridi}, title = {{Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang}}, date = {2021-08-17}, organization = {IBM X-Force Exchange}, url = {https://securityintelligence.com/posts/analysis-of-diavol-ransomware-link-trickbot-gang/}, language = {English}, urldate = {2021-08-18} } Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang
Diavol