Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-16Malwarebytes LabsThreat Intelligence Team
@online{team:20220516:custom:5fe917a, author = {Threat Intelligence Team}, title = {{Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis}}, date = {2022-05-16}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/05/custom-powershell-rat-targets-germans-seeking-information-about-the-ukraine-crisis/}, language = {English}, urldate = {2022-05-17} } Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis
Unidentified PS 003 (RAT)
2022-05-12BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220512:threat:c711afc, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: Malware Rebooted - How Industroyer2 Takes Aim at Ukraine Infrastructure}}, date = {2022-05-12}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/05/threat-thursday-malware-rebooted-how-industroyer2-takes-aim-at-ukraine-infrastructure}, language = {English}, urldate = {2022-05-17} } Threat Thursday: Malware Rebooted - How Industroyer2 Takes Aim at Ukraine Infrastructure
INDUSTROYER2
2022-05-10Malwarebytes LabsThreat Intelligence Team
@online{team:20220510:apt34:b733b84, author = {Threat Intelligence Team}, title = {{APT34 targets Jordan Government using new Saitama backdoor}}, date = {2022-05-10}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/05/apt34-targets-jordan-government-using-new-saitama-backdoor/}, language = {English}, urldate = {2022-05-13} } APT34 targets Jordan Government using new Saitama backdoor
Saitama Backdoor
2022-05-09MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20220509:ransomwareasaservice:13ec472, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself}}, date = {2022-05-09}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself}, language = {English}, urldate = {2022-05-17} } Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker
2022-05-09BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220509:dirty:76f87f1, author = {The BlackBerry Research & Intelligence Team}, title = {{Dirty Deeds Done Dirt Cheap: Russian RAT Offers Backdoor Bargains}}, date = {2022-05-09}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/05/dirty-deeds-done-dirt-cheap-russian-rat-offers-backdoor-bargains}, language = {English}, urldate = {2022-05-17} } Dirty Deeds Done Dirt Cheap: Russian RAT Offers Backdoor Bargains
DCRat NjRAT
2022-05-05Malwarebytes LabsThreat Intelligence Team
@online{team:20220505:nigerian:4c047d9, author = {Threat Intelligence Team}, title = {{Nigerian Tesla: 419 scammer gone malware distributor unmasked}}, date = {2022-05-05}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/05/nigerian-tesla-419-scammer-gone-malware-distributor-unmasked/}, language = {English}, urldate = {2022-05-08} } Nigerian Tesla: 419 scammer gone malware distributor unmasked
Agent Tesla
2022-05-05BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220505:threat:d338301, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: ZingoStealer – The Cost of “Free”}}, date = {2022-05-05}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/05/threat-thursday-zingostealer}, language = {English}, urldate = {2022-05-08} } Threat Thursday: ZingoStealer – The Cost of “Free”
ZingoStealer
2022-04-28BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220428:threat:f14a615, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: BoratRAT}}, date = {2022-04-28}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/04/threat-thursday-boratrat}, language = {English}, urldate = {2022-05-08} } Threat Thursday: BoratRAT
Borat RAT
2022-04-21BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220421:threat:6560ea5, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: BlackGuard Infostealer Rises from Russian Underground Markets}}, date = {2022-04-21}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/04/threat-thursday-blackguard-infostealer}, language = {English}, urldate = {2022-05-08} } Threat Thursday: BlackGuard Infostealer Rises from Russian Underground Markets
BlackGuard
2022-04-14BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220414:threat:df1d332, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: HeaderTip Backdoor Shows Attackers from China Preying on Ukraine}}, date = {2022-04-14}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/04/threat-thursday-headertip-backdoor-shows-attackers-from-china-preying-on-ukraine}, language = {English}, urldate = {2022-04-15} } Threat Thursday: HeaderTip Backdoor Shows Attackers from China Preying on Ukraine
HeaderTip
2022-04-13MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20220413:dismantling:ace8546, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware}}, date = {2022-04-13}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/04/13/dismantling-zloader-how-malicious-ads-led-to-disabled-security-tools-and-ransomware/}, language = {English}, urldate = {2022-04-14} } Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
BlackMatter Cobalt Strike DarkSide Ryuk Zloader
2022-04-07BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220407:threat:d5d3259, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: AvosLocker Prompts Advisory from FBI and FinCEN}}, date = {2022-04-07}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/04/threat-thursday-avoslocker-prompts-advisory-from-fbi-and-fincen}, language = {English}, urldate = {2022-04-15} } Threat Thursday: AvosLocker Prompts Advisory from FBI and FinCEN
Avoslocker AvosLocker
2022-03-31BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220331:threat:8b167d9, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: Malicious Macros Still Causing Chaos}}, date = {2022-03-31}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/03/threat-thursday-malicious-macros}, language = {English}, urldate = {2022-04-15} } Threat Thursday: Malicious Macros Still Causing Chaos
2022-03-28AvastThreat Intelligence Team
@online{team:20220328:avast:03620fb, author = {Threat Intelligence Team}, title = {{Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool}}, date = {2022-03-28}, organization = {Avast}, url = {https://decoded.avast.io/threatintel/avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool/}, language = {English}, urldate = {2022-04-05} } Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool
Unidentified 091
2022-03-24BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220324:threat:d1d2000, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: SunSeed Malware Targets Ukraine Refugee Aid Efforts}}, date = {2022-03-24}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/03/threat-thursday-sunseed-malware}, language = {English}, urldate = {2022-04-15} } Threat Thursday: SunSeed Malware Targets Ukraine Refugee Aid Efforts
SunSeed
2022-03-22MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Detection and Response Team (DART), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20220322:dev0537:eea56dc, author = {Microsoft Threat Intelligence Center (MSTIC) and Detection and Response Team (DART) and Microsoft 365 Defender Threat Intelligence Team}, title = {{DEV-0537 (LAPSUS$/UNC3661) criminal actor targeting organizations for data exfiltration and destruction}}, date = {2022-03-22}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/}, language = {English}, urldate = {2022-04-29} } DEV-0537 (LAPSUS$/UNC3661) criminal actor targeting organizations for data exfiltration and destruction
RedLine Stealer LAPSUS
2022-03-18MalwarebytesThreat Intelligence Team
@online{team:20220318:double:fde615f, author = {Threat Intelligence Team}, title = {{Double header: IsaacWiper and CaddyWiper}}, date = {2022-03-18}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/03/double-header-isaacwiper-and-caddywiper/}, language = {English}, urldate = {2022-03-28} } Double header: IsaacWiper and CaddyWiper
CaddyWiper IsaacWiper
2022-03-17BlackberryBlackBerry Research & Intelligence Team
@online{team:20220317:threat:115c4c5, author = {BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: HermeticWiper Targets Defense Sectors in Ukraine}}, date = {2022-03-17}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/03/threat-thursday-hermeticwiper}, language = {English}, urldate = {2022-03-18} } Threat Thursday: HermeticWiper Targets Defense Sectors in Ukraine
HermeticWiper
2022-03-16BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220316:new:e28d7c2, author = {The BlackBerry Research & Intelligence Team}, title = {{New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems}}, date = {2022-03-16}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/03/lokilocker-ransomware}, language = {English}, urldate = {2022-03-17} } New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems
LokiLocker
2022-03-01CrowdStrikeCrowdStrike Intelligence Team
@online{team:20220301:decryptable:27c195e, author = {CrowdStrike Intelligence Team}, title = {{Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities}}, date = {2022-03-01}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine/}, language = {English}, urldate = {2022-03-07} } Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities
PartyTicket