Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-26IBMKevin Henson, Dave McMillen
@online{henson:20220526:black:f789f1b, author = {Kevin Henson and Dave McMillen}, title = {{Black Basta Besting Your Network?}}, date = {2022-05-26}, organization = {IBM}, url = {https://securityintelligence.com/posts/black-basta-ransomware-group-besting-network/}, language = {English}, urldate = {2022-06-09} } Black Basta Besting Your Network?
Black Basta
2022-05-19IBMCharlotte Hammond, Ole Villadsen, Golo Mühr
@online{hammond:20220519:itg23:eab10e2, author = {Charlotte Hammond and Ole Villadsen and Golo Mühr}, title = {{ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups}}, date = {2022-05-19}, organization = {IBM}, url = {https://securityintelligence.com/posts/itg23-crypters-cooperation-between-cybercriminal-groups/}, language = {English}, urldate = {2022-05-25} } ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups
IcedID ISFB Mount Locker
2022-04-26IBMMelissa Frydrych, Claire Zaboeva, David Bryant
@online{frydrych:20220426:hive0117:2ddea35, author = {Melissa Frydrych and Claire Zaboeva and David Bryant}, title = {{Hive0117 Continues Fileless Malware Delivery in Eastern Europe}}, date = {2022-04-26}, organization = {IBM}, url = {https://securityintelligence.com/posts/hive00117-fileless-malware-delivery-eastern-europe/}, language = {English}, urldate = {2022-05-04} } Hive0117 Continues Fileless Malware Delivery in Eastern Europe
DarkWatchman
2022-03-04IBMJohn Dwyer, Kevin Henson
@online{dwyer:20220304:new:c661960, author = {John Dwyer and Kevin Henson}, title = {{New Wiper Malware Used Against Ukranian Organizations}}, date = {2022-03-04}, organization = {IBM}, url = {https://securityintelligence.com/posts/new-wiper-malware-used-against-ukranian-organizations/}, language = {English}, urldate = {2022-03-07} } New Wiper Malware Used Against Ukranian Organizations
IsaacWiper
2022-02-25IBMCharlotte Hammond, Ole Villadsen
@online{hammond:20220225:trickbot:fdf2254, author = {Charlotte Hammond and Ole Villadsen}, title = {{Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail}}, date = {2022-02-25}, organization = {IBM}, url = {https://securityintelligence.com/posts/new-malware-trickbot-anchordns-backdoor-upgrades-anchormail/}, language = {English}, urldate = {2022-03-02} } Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail
AnchorDNS AnchorMail
2022-02-24IBMAnne Jobmann, Claire Zaboeva, Richard Emerson, Christopher Del Fierro, John Dwyer
@online{jobmann:20220224:ibm:deaac04, author = {Anne Jobmann and Claire Zaboeva and Richard Emerson and Christopher Del Fierro and John Dwyer}, title = {{IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine}}, date = {2022-02-24}, organization = {IBM}, url = {https://securityintelligence.com/posts/new-destructive-malware-cyber-attacks-ukraine/}, language = {English}, urldate = {2022-03-02} } IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine
HermeticWiper
2022-02-02IBMKevin Henson
@online{henson:20220202:trickbot:fd4964d, author = {Kevin Henson}, title = {{TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware}}, date = {2022-02-02}, organization = {IBM}, url = {https://securityintelligence.com/posts/trickbot-gang-template-based-metaprogramming-bazar-malware/}, language = {English}, urldate = {2022-02-04} } TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware
BazarBackdoor TrickBot
2022-01-31IBMLimor Kessem, Itzik Chimino
@online{kessem:20220131:topranking:4f697c1, author = {Limor Kessem and Itzik Chimino}, title = {{Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data}}, date = {2022-01-31}, organization = {IBM}, url = {https://securityintelligence.com/posts/ramnit-banking-trojan-stealing-card-data/}, language = {English}, urldate = {2022-02-02} } Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data
Ramnit
2022-01-24IBMMichael Gal, Segev Fogel, Itzik Chimino, Limor Kessem, Charlotte Hammond
@online{gal:20220124:trickbot:8a030b3, author = {Michael Gal and Segev Fogel and Itzik Chimino and Limor Kessem and Charlotte Hammond}, title = {{TrickBot Bolsters Layered Defenses to Prevent Injection Research}}, date = {2022-01-24}, organization = {IBM}, url = {https://securityintelligence.com/posts/trickbot-bolsters-layered-defenses-prevent-injection/}, language = {English}, urldate = {2022-01-25} } TrickBot Bolsters Layered Defenses to Prevent Injection Research
TrickBot
2021-11-17IBMShahar Tavor
@online{tavor:20211117:brazking:8153d89, author = {Shahar Tavor}, title = {{BrazKing Android Malware Upgraded and Targeting Brazilian Banks}}, date = {2021-11-17}, organization = {IBM}, url = {https://securityintelligence.com/posts/brazking-android-malware-upgraded-targeting-brazilian-banks/}, language = {English}, urldate = {2021-11-18} } BrazKing Android Malware Upgraded and Targeting Brazilian Banks
PixStealer
2021-11-01IBMAaron Gdanski, Limor Kessem
@online{gdanski:20211101:from:dc06d28, author = {Aaron Gdanski and Limor Kessem}, title = {{From Thanos to Prometheus: When Ransomware Encryption Goes Wrong}}, date = {2021-11-01}, organization = {IBM}, url = {https://securityintelligence.com/posts/ransomware-encryption-goes-wrong/}, language = {English}, urldate = {2021-11-08} } From Thanos to Prometheus: When Ransomware Encryption Goes Wrong
Hakbit Prometheus
2021-10-13IBMOle Villadsen, Charlotte Hammond
@online{villadsen:20211013:trickbot:e0d4233, author = {Ole Villadsen and Charlotte Hammond}, title = {{Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds}}, date = {2021-10-13}, organization = {IBM}, url = {https://securityintelligence.com/posts/trickbot-gang-doubles-down-enterprise-infection/}, language = {English}, urldate = {2021-10-25} } Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds
BazarBackdoor TrickBot
2021-09-23IBMNir Somech, Chen Nahman
@online{somech:20210923:new:7fc798f, author = {Nir Somech and Chen Nahman}, title = {{New ZE Loader Targets Online Banking Users}}, date = {2021-09-23}, organization = {IBM}, url = {https://securityintelligence.com/posts/new-ze-loader-targets-online-banking/}, language = {English}, urldate = {2021-09-28} } New ZE Loader Targets Online Banking Users
2021-09-20IBMIBM SECURITY X-FORCE
@online{xforce:20210920:2021:41cf9ce, author = {IBM SECURITY X-FORCE}, title = {{2021 IBM SecurityX-Force Cloud Threat Landscape Report}}, date = {2021-09-20}, organization = {IBM}, url = {https://www.ibm.com/downloads/cas/WMDZOWK6?social_post=5483919673&linkId=131648775}, language = {English}, urldate = {2021-09-22} } 2021 IBM SecurityX-Force Cloud Threat Landscape Report
Kaiji Kinsing Tsunami Xanthe XOR DDoS
2021-09-09IBMMegan Roddie
@online{roddie:20210909:lockbit:8b80ed5, author = {Megan Roddie}, title = {{LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment}}, date = {2021-09-09}, organization = {IBM}, url = {https://securityintelligence.com/posts/lockbit-ransomware-attacks-surge-affiliate-recruitment/}, language = {English}, urldate = {2021-09-10} } LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment
LockBit
2021-09-03IBMCamille Singleton, Andrew Gorecki, John Dwyer
@online{singleton:20210903:dissecting:4d56786, author = {Camille Singleton and Andrew Gorecki and John Dwyer}, title = {{Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight}}, date = {2021-09-03}, organization = {IBM}, url = {https://securityintelligence.com/posts/sodinokibi-ransomware-incident-response-intelligence-together/}, language = {English}, urldate = {2021-09-09} } Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight
Valak QakBot REvil
2021-08-17IBM X-Force ExchangeCharlotte Hammond, Chris Caridi
@online{hammond:20210817:analysis:03981d3, author = {Charlotte Hammond and Chris Caridi}, title = {{Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang}}, date = {2021-08-17}, organization = {IBM X-Force Exchange}, url = {https://securityintelligence.com/posts/analysis-of-diavol-ransomware-link-trickbot-gang/}, language = {English}, urldate = {2021-08-18} } Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang
Diavol
2021-07-21IBMChris Caridi, Allison Wikoff
@online{caridi:20210721:this:17b999a, author = {Chris Caridi and Allison Wikoff}, title = {{This Chat is Being Recorded: Egregor Ransomware Negotiations Uncovered}}, date = {2021-07-21}, organization = {IBM}, url = {https://securityintelligence.com/posts/egregor-ransomware-negotiations-uncovered/}, language = {English}, urldate = {2021-07-22} } This Chat is Being Recorded: Egregor Ransomware Negotiations Uncovered
Egregor
2021-07-12IBMMelissa Frydrych, Claire Zaboeva, Dan Dash
@online{frydrych:20210712:roboski:1f66418, author = {Melissa Frydrych and Claire Zaboeva and Dan Dash}, title = {{RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation}}, date = {2021-07-12}, organization = {IBM}, url = {https://securityintelligence.com/posts/roboski-global-recovery-automation/}, language = {English}, urldate = {2021-07-20} } RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos
2021-06-23IBMItzik Chimino
@online{chimino:20210623:ursnif:700b0a7, author = {Itzik Chimino}, title = {{Ursnif Leverages Cerberus to Automate Fraudulent Bank Transfers in Italy}}, date = {2021-06-23}, organization = {IBM}, url = {https://securityintelligence.com/posts/ursnif-cerberus-android-malware-bank-transfers-italy/}, language = {English}, urldate = {2021-06-24} } Ursnif Leverages Cerberus to Automate Fraudulent Bank Transfers in Italy
ISFB