Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-11-30BlackberryBlackBerry Research & Intelligence Team, Dmitry Bestuzhev
@online{team:20231130:aeroblade:725b5e6, author = {BlackBerry Research & Intelligence Team and Dmitry Bestuzhev}, title = {{AeroBlade on the Hunt Targeting the U.S. Aerospace Industry}}, date = {2023-11-30}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2023/11/aeroblade-on-the-hunt-targeting-us-aerospace-industry}, language = {English}, urldate = {2023-12-05} } AeroBlade on the Hunt Targeting the U.S. Aerospace Industry
2023-11-16The RegisterConnor Jones
@online{jones:20231116:blackcat:4be2570, author = {Connor Jones}, title = {{BlackCat plays with malvertising traps to lure corporate victims}}, date = {2023-11-16}, organization = {The Register}, url = {https://www.theregister.com/2023/11/16/blackcat_ransomware_luring_corporate_targets/}, language = {English}, urldate = {2023-11-17} } BlackCat plays with malvertising traps to lure corporate victims
BlackCat
2023-11-16YouTube (Swiss Cyber Storm)Angelo Violetti
@online{violetti:20231116:resilience:666cdc2, author = {Angelo Violetti}, title = {{Resilience Rising: Countering the Threat Actors Behind Black Basta Ransomware}}, date = {2023-11-16}, organization = {YouTube (Swiss Cyber Storm)}, url = {https://www.youtube.com/watch?v=iD_KZAqNDZ0}, language = {English}, urldate = {2023-11-16} } Resilience Rising: Countering the Threat Actors Behind Black Basta Ransomware
Black Basta
2023-11-06VMWare Carbon BlackSwee Lai Lee, Bria Beathley, Abe Schneider, Alan Ngo
@online{lee:20231106:jupyter:58d6320, author = {Swee Lai Lee and Bria Beathley and Abe Schneider and Alan Ngo}, title = {{Jupyter Rising: An Update on Jupyter Infostealer}}, date = {2023-11-06}, organization = {VMWare Carbon Black}, url = {https://blogs.vmware.com/security/2023/11/jupyter-rising-an-update-on-jupyter-infostealer.html}, language = {English}, urldate = {2023-11-17} } Jupyter Rising: An Update on Jupyter Infostealer
solarmarker
2023-09-22MandiantLuke Jenkins, Josh Atkins, Dan Black
@online{jenkins:20230922:backchannel:6da10a8, author = {Luke Jenkins and Josh Atkins and Dan Black}, title = {{Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations}}, date = {2023-09-22}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/apt29-evolving-diplomatic-phishing}, language = {English}, urldate = {2023-10-18} } Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations
Brute Ratel C4 Cobalt Strike EnvyScout GraphDrop QUARTERRIG sRDI Unidentified 107 (APT29)
2023-08-26BushidoToken BlogBushidoToken
@online{bushidotoken:20230826:tracking:b81bab9, author = {BushidoToken}, title = {{Tracking Adversaries: Scattered Spider, the BlackCat affiliate}}, date = {2023-08-26}, organization = {BushidoToken Blog}, url = {https://blog.bushidotoken.net/2023/08/tracking-adversaries-scattered-spider.html}, language = {English}, urldate = {2023-11-17} } Tracking Adversaries: Scattered Spider, the BlackCat affiliate
BlackLotus POORTRY
2023-08-17LumenBlack Lotus Labs
@online{labs:20230817:no:8cc16d8, author = {Black Lotus Labs}, title = {{No Rest For The Wicked: HiatusRAT Takes Little Time Off In A Return To Action}}, date = {2023-08-17}, organization = {Lumen}, url = {https://blog.lumen.com/hiatusrat-takes-little-time-off-in-a-return-to-action/}, language = {English}, urldate = {2023-08-21} } No Rest For The Wicked: HiatusRAT Takes Little Time Off In A Return To Action
HiatusRAT
2023-07-27X (@BlackLotusLabs)Black Lotus Labs
@online{labs:20230727:update:67b9dd6, author = {Black Lotus Labs}, title = {{Tweet on update on AVrecon bot's migration to new infrastructure}}, date = {2023-07-27}, organization = {X (@BlackLotusLabs)}, url = {https://twitter.com/BlackLotusLabs/status/1684290046235484160}, language = {English}, urldate = {2023-07-31} } Tweet on update on AVrecon bot's migration to new infrastructure
AVrecon
2023-07-15MSSP Labcocomelonc
@online{cocomelonc:20230715:malware:8986fa9, author = {cocomelonc}, title = {{Malware source code investigation: BlackLotus - part 1}}, date = {2023-07-15}, organization = {MSSP Lab}, url = {https://mssplab.github.io/threat-hunting/2023/07/15/malware-src-blacklotus.html}, language = {English}, urldate = {2023-07-17} } Malware source code investigation: BlackLotus - part 1
BlackLotus
2023-07-13MSSP Labcocomelonc
@online{cocomelonc:20230713:malware:3f2bf4a, author = {cocomelonc}, title = {{Malware analysis report: BlackCat ransomware}}, date = {2023-07-13}, organization = {MSSP Lab}, url = {https://mssplab.github.io/threat-hunting/2023/07/13/malware-analysis-blackcat.html}, language = {English}, urldate = {2023-07-17} } Malware analysis report: BlackCat ransomware
BlackCat BlackCat
2023-07-12LumenBlack Lotus Labs
@online{labs:20230712:routers:e2ed598, author = {Black Lotus Labs}, title = {{Routers From The Underground: Exposing AVrecon}}, date = {2023-07-12}, organization = {Lumen}, url = {https://blog.lumen.com/routers-from-the-underground-exposing-avrecon/}, language = {English}, urldate = {2023-07-21} } Routers From The Underground: Exposing AVrecon
AVrecon
2023-07-12MandiantDan Black, Gabby Roncone
@online{black:20230712:grus:7a7b81d, author = {Dan Black and Gabby Roncone}, title = {{The GRU's Disruptive Playbook}}, date = {2023-07-12}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/gru-disruptive-playbook}, language = {English}, urldate = {2023-07-13} } The GRU's Disruptive Playbook
CaddyWiper INDUSTROYER2 XakNet
2023-07-08BlackberryBlackBerry Research & Intelligence Team
@online{team:20230708:romcom:4c7d096, author = {BlackBerry Research & Intelligence Team}, title = {{RomCom Threat Actor Suspected of Targeting Ukraine's NATO Membership Talks at the NATO Summit}}, date = {2023-07-08}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2023/07/romcom-targets-ukraine-nato-membership-talks-at-nato-summit}, language = {English}, urldate = {2023-07-10} } RomCom Threat Actor Suspected of Targeting Ukraine's NATO Membership Talks at the NATO Summit
ROMCOM RAT
2023-07-06MicrosoftMicrosoft Incident Response
@online{response:20230706:fiveday:629ca44, author = {Microsoft Incident Response}, title = {{The five-day job: A BlackByte ransomware intrusion case study}}, date = {2023-07-06}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/}, language = {English}, urldate = {2023-08-25} } The five-day job: A BlackByte ransomware intrusion case study
BlackByte ExByte
2023-07-06Github (Helixo32)Helixo32
@online{helixo32:20230706:nimblackout:8095842, author = {Helixo32}, title = {{NimBlackout}}, date = {2023-07-06}, organization = {Github (Helixo32)}, url = {https://github.com/Helixo32/NimBlackout}, language = {English}, urldate = {2023-07-10} } NimBlackout
NimBlackout
2023-06-01vmwareFae Carlisle
@online{carlisle:20230601:carbon:a215566, author = {Fae Carlisle}, title = {{Carbon Black’s TrueBot Detection}}, date = {2023-06-01}, organization = {vmware}, url = {https://blogs.vmware.com/security/2023/06/carbon-blacks-truebot-detection.html}, language = {English}, urldate = {2023-07-13} } Carbon Black’s TrueBot Detection
Silence
2023-06-01LumenBlack Lotus Labs
@online{labs:20230601:qakbot:5dbdbb8, author = {Black Lotus Labs}, title = {{Qakbot: Retool, Reinfect, Recycle}}, date = {2023-06-01}, organization = {Lumen}, url = {https://blog.lumen.com/qakbot-retool-reinfect-recycle/}, language = {English}, urldate = {2023-06-02} } Qakbot: Retool, Reinfect, Recycle
QakBot
2023-05-31Trend MicroTrend Micro, Katherine Casona, Ivan Nicole Chavez, Ieriz Nicolle Gonzalez, Jeffrey Francis Bonaobra
@online{micro:20230531:investigating:77b7e51, author = {Trend Micro and Katherine Casona and Ivan Nicole Chavez and Ieriz Nicolle Gonzalez and Jeffrey Francis Bonaobra}, title = {{Investigating BlackSuit Ransomware’s Similarities to Royal}}, date = {2023-05-31}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/23/e/investigating-blacksuit-ransomwares-similarities-to-royal.html}, language = {English}, urldate = {2023-06-05} } Investigating BlackSuit Ransomware’s Similarities to Royal
BlackSuit BlackSuit
2023-05-30IBM SecurityIBM Security X-Force Team
@online{team:20230530:blackcat:c65947f, author = {IBM Security X-Force Team}, title = {{BlackCat (ALPHV) ransomware levels up for stealth, speed and exfiltration}}, date = {2023-05-30}, organization = {IBM Security}, url = {https://securityintelligence.com/posts/blackcat-ransomware-levels-up-stealth-speed-exfiltration/}, language = {English}, urldate = {2023-08-22} } BlackCat (ALPHV) ransomware levels up for stealth, speed and exfiltration
BlackCat BlackCat
2023-05-29kn0s-organization
@online{kn0sorganization:20230529:blacklotus:a73a7a0, author = {kn0s-organization}, title = {{BlackLotus stage 2 bootkit-rootkit analysis}}, date = {2023-05-29}, url = {https://kn0s-organization.gitbook.io/blacklotus-analysis-stage2-bootkit-rootkit-stage/}, language = {English}, urldate = {2023-06-05} } BlackLotus stage 2 bootkit-rootkit analysis
BlackLotus