Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-30IBM SecurityIBM Security X-Force Team
@online{team:20230530:blackcat:c65947f, author = {IBM Security X-Force Team}, title = {{BlackCat (ALPHV) ransomware levels up for stealth, speed and exfiltration}}, date = {2023-05-30}, organization = {IBM Security}, url = {https://securityintelligence.com/posts/blackcat-ransomware-levels-up-stealth-speed-exfiltration/}, language = {English}, urldate = {2023-08-22} } BlackCat (ALPHV) ransomware levels up for stealth, speed and exfiltration
BlackCat BlackCat
2023-04-14IBMCharlotte Hammond, Ole Villadsen
@online{hammond:20230414:exconti:67eb7a8, author = {Charlotte Hammond and Ole Villadsen}, title = {{Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor}}, date = {2023-04-14}, organization = {IBM}, url = {https://securityintelligence.com/posts/ex-conti-fin7-actors-collaborate-new-domino-backdoor}, language = {English}, urldate = {2023-04-18} } Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor
Minodo Nemesis
2023-03-30IBMJohn Dwyer, Fred Chidsey, Joseph Lozowski
@online{dwyer:20230330:xforce:75bb496, author = {John Dwyer and Fred Chidsey and Joseph Lozowski}, title = {{X-Force Prevents Zero Day from Going Anywhere}}, date = {2023-03-30}, organization = {IBM}, url = {https://securityintelligence.com/posts/x-force-prevents-zero-day-from-going-anywhere}, language = {English}, urldate = {2023-04-06} } X-Force Prevents Zero Day from Going Anywhere
Silence
2022-11-29IBM X-Force ExchangeIBM IRIS
@online{iris:20221129:cargobay:9f0719a, author = {IBM IRIS}, title = {{CargoBay BlackHat Backdoor Analysis Report (IRIS-14738)}}, date = {2022-11-29}, organization = {IBM X-Force Exchange}, url = {https://exchange.xforce.ibmcloud.com/malware-analysis/guid:87abff769352d8208e403331c86eb95f}, language = {English}, urldate = {2023-02-17} } CargoBay BlackHat Backdoor Analysis Report (IRIS-14738)
CargoBay
2022-09-01IBMKevin Henson, Emmy Ebanks
@online{henson:20220901:raspberry:b5b5946, author = {Kevin Henson and Emmy Ebanks}, title = {{Raspberry Robin and Dridex: Two Birds of a Feather}}, date = {2022-09-01}, organization = {IBM}, url = {https://securityintelligence.com/posts/raspberry-robin-worm-dridex-malware/}, language = {English}, urldate = {2022-09-06} } Raspberry Robin and Dridex: Two Birds of a Feather
Dridex Raspberry Robin
2022-08-18IBMCharlotte Hammond, Ole Villadsen
@online{hammond:20220818:from:501e8ac, author = {Charlotte Hammond and Ole Villadsen}, title = {{From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers}}, date = {2022-08-18}, organization = {IBM}, url = {https://securityintelligence.com/posts/from-ramnit-to-bumblebee-via-neverquest}, language = {English}, urldate = {2022-08-28} } From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers
BumbleBee Karius Ramnit TrickBot Vawtrak
2022-07-07IBMOle Villadsen, Charlotte Hammond, Kat Weinberger
@online{villadsen:20220707:unprecedented:d0a6add, author = {Ole Villadsen and Charlotte Hammond and Kat Weinberger}, title = {{Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine}}, date = {2022-07-07}, organization = {IBM}, url = {https://securityintelligence.com/posts/trickbot-group-systematically-attacking-ukraine}, language = {English}, urldate = {2022-07-12} } Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine
AnchorMail BumbleBee Cobalt Strike IcedID Meterpreter
2022-05-26IBMKevin Henson, Dave McMillen
@online{henson:20220526:black:f789f1b, author = {Kevin Henson and Dave McMillen}, title = {{Black Basta Besting Your Network?}}, date = {2022-05-26}, organization = {IBM}, url = {https://securityintelligence.com/posts/black-basta-ransomware-group-besting-network/}, language = {English}, urldate = {2022-06-09} } Black Basta Besting Your Network?
Black Basta
2022-05-19IBMCharlotte Hammond, Ole Villadsen, Golo Mühr
@online{hammond:20220519:itg23:eab10e2, author = {Charlotte Hammond and Ole Villadsen and Golo Mühr}, title = {{ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups}}, date = {2022-05-19}, organization = {IBM}, url = {https://securityintelligence.com/posts/itg23-crypters-cooperation-between-cybercriminal-groups/}, language = {English}, urldate = {2022-05-25} } ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups
IcedID ISFB Mount Locker
2022-04-26IBMMelissa Frydrych, Claire Zaboeva, David Bryant
@online{frydrych:20220426:hive0117:2ddea35, author = {Melissa Frydrych and Claire Zaboeva and David Bryant}, title = {{Hive0117 Continues Fileless Malware Delivery in Eastern Europe}}, date = {2022-04-26}, organization = {IBM}, url = {https://securityintelligence.com/posts/hive00117-fileless-malware-delivery-eastern-europe/}, language = {English}, urldate = {2022-05-04} } Hive0117 Continues Fileless Malware Delivery in Eastern Europe
DarkWatchman
2022-03-04IBMJohn Dwyer, Kevin Henson
@online{dwyer:20220304:new:c661960, author = {John Dwyer and Kevin Henson}, title = {{New Wiper Malware Used Against Ukranian Organizations}}, date = {2022-03-04}, organization = {IBM}, url = {https://securityintelligence.com/posts/new-wiper-malware-used-against-ukranian-organizations/}, language = {English}, urldate = {2022-03-07} } New Wiper Malware Used Against Ukranian Organizations
IsaacWiper
2022-02-25IBMCharlotte Hammond, Ole Villadsen
@online{hammond:20220225:trickbot:fdf2254, author = {Charlotte Hammond and Ole Villadsen}, title = {{Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail}}, date = {2022-02-25}, organization = {IBM}, url = {https://securityintelligence.com/posts/new-malware-trickbot-anchordns-backdoor-upgrades-anchormail/}, language = {English}, urldate = {2022-03-02} } Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail
AnchorDNS AnchorMail
2022-02-24IBMAnne Jobmann, Claire Zaboeva, Richard Emerson, Christopher Del Fierro, John Dwyer
@online{jobmann:20220224:ibm:deaac04, author = {Anne Jobmann and Claire Zaboeva and Richard Emerson and Christopher Del Fierro and John Dwyer}, title = {{IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine}}, date = {2022-02-24}, organization = {IBM}, url = {https://securityintelligence.com/posts/new-destructive-malware-cyber-attacks-ukraine/}, language = {English}, urldate = {2022-03-02} } IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine
HermeticWiper
2022-02-02IBMKevin Henson
@online{henson:20220202:trickbot:fd4964d, author = {Kevin Henson}, title = {{TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware}}, date = {2022-02-02}, organization = {IBM}, url = {https://securityintelligence.com/posts/trickbot-gang-template-based-metaprogramming-bazar-malware/}, language = {English}, urldate = {2022-02-04} } TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware
BazarBackdoor TrickBot
2022-01-31IBMLimor Kessem, Itzik Chimino
@online{kessem:20220131:topranking:4f697c1, author = {Limor Kessem and Itzik Chimino}, title = {{Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data}}, date = {2022-01-31}, organization = {IBM}, url = {https://securityintelligence.com/posts/ramnit-banking-trojan-stealing-card-data/}, language = {English}, urldate = {2022-02-02} } Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data
Ramnit
2022-01-24IBMMichael Gal, Segev Fogel, Itzik Chimino, Limor Kessem, Charlotte Hammond
@online{gal:20220124:trickbot:8a030b3, author = {Michael Gal and Segev Fogel and Itzik Chimino and Limor Kessem and Charlotte Hammond}, title = {{TrickBot Bolsters Layered Defenses to Prevent Injection Research}}, date = {2022-01-24}, organization = {IBM}, url = {https://securityintelligence.com/posts/trickbot-bolsters-layered-defenses-prevent-injection/}, language = {English}, urldate = {2022-01-25} } TrickBot Bolsters Layered Defenses to Prevent Injection Research
TrickBot
2021-12-15Security IntelligenceIBM SECURITY X-FORCE
@online{xforce:20211215:nation:dd1a3c4, author = {IBM SECURITY X-FORCE}, title = {{Nation State Threat Group Targets Airline with Aclip Backdoor}}, date = {2021-12-15}, organization = {Security Intelligence}, url = {https://securityintelligence.com/posts/nation-state-threat-group-targets-airline-aclip-backdoor/}, language = {English}, urldate = {2023-06-19} } Nation State Threat Group Targets Airline with Aclip Backdoor
2021-11-17IBMShahar Tavor
@online{tavor:20211117:brazking:8153d89, author = {Shahar Tavor}, title = {{BrazKing Android Malware Upgraded and Targeting Brazilian Banks}}, date = {2021-11-17}, organization = {IBM}, url = {https://securityintelligence.com/posts/brazking-android-malware-upgraded-targeting-brazilian-banks/}, language = {English}, urldate = {2021-11-18} } BrazKing Android Malware Upgraded and Targeting Brazilian Banks
PixStealer
2021-11-01IBMAaron Gdanski, Limor Kessem
@online{gdanski:20211101:from:dc06d28, author = {Aaron Gdanski and Limor Kessem}, title = {{From Thanos to Prometheus: When Ransomware Encryption Goes Wrong}}, date = {2021-11-01}, organization = {IBM}, url = {https://securityintelligence.com/posts/ransomware-encryption-goes-wrong/}, language = {English}, urldate = {2021-11-08} } From Thanos to Prometheus: When Ransomware Encryption Goes Wrong
Hakbit Prometheus
2021-10-13IBMOle Villadsen, Charlotte Hammond
@online{villadsen:20211013:trickbot:e0d4233, author = {Ole Villadsen and Charlotte Hammond}, title = {{Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds}}, date = {2021-10-13}, organization = {IBM}, url = {https://securityintelligence.com/posts/trickbot-gang-doubles-down-enterprise-infection/}, language = {English}, urldate = {2021-10-25} } Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds
BazarBackdoor TrickBot