Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-22Cluster25Cluster25 Threat Intel Team
@online{team:20230522:back:fdaaa98, author = {Cluster25 Threat Intel Team}, title = {{Back in Black: BlackByte Ransomware returns with its New Technology (NT) version}}, date = {2023-05-22}, organization = {Cluster25}, url = {https://blog.cluster25.duskrise.com/2023/05/22/back-in-black-blackbyte-nt}, language = {English}, urldate = {2023-05-23} } Back in Black: BlackByte Ransomware returns with its New Technology (NT) version
BlackByte
2023-05-22Trend MicroMahmoud Zohdy, Sherif Magdy, Mohamed Fahmy, Bahaa Yamany
@online{zohdy:20230522:blackcat:d839f8e, author = {Mahmoud Zohdy and Sherif Magdy and Mohamed Fahmy and Bahaa Yamany}, title = {{BlackCat Ransomware Deploys New Signed Kernel Driver}}, date = {2023-05-22}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver.html}, language = {English}, urldate = {2023-05-23} } BlackCat Ransomware Deploys New Signed Kernel Driver
BlackCat
2023-05-15ASECAhnLab ASEC Analysis Team
@online{team:20230515:lokilocker:684344c, author = {AhnLab ASEC Analysis Team}, title = {{LokiLocker, a Ransomware Similar to BlackBit Being Distributed in Korea}}, date = {2023-05-15}, organization = {ASEC}, url = {https://asec.ahnlab.com/en/52570/}, language = {English}, urldate = {2023-05-17} } LokiLocker, a Ransomware Similar to BlackBit Being Distributed in Korea
LokiLocker
2023-05-08BlackberryBlackBerry Research & Intelligence Team
@online{team:20230508:sidewinder:ab9205d, author = {BlackBerry Research & Intelligence Team}, title = {{SideWinder Uses Server-side Polymorphism to Attack Pakistan Government Officials — and Is Now Targeting Turkey}}, date = {2023-05-08}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2023/05/sidewinder-uses-server-side-polymorphism-to-target-pakistan}, language = {English}, urldate = {2023-05-10} } SideWinder Uses Server-side Polymorphism to Attack Pakistan Government Officials — and Is Now Targeting Turkey
2023-04-11MicrosoftMicrosoft Incident Response
@online{response:20230411:guidance:ddf000c, author = {Microsoft Incident Response}, title = {{Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign}}, date = {2023-04-11}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/04/11/guidance-for-investigating-attacks-using-cve-2022-21894-the-blacklotus-campaign/}, language = {English}, urldate = {2023-04-18} } Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
BlackLotus
2023-03-31BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20230331:initial:6f10f80, author = {The BlackBerry Research & Intelligence Team}, title = {{Initial Implants and Network Analysis Suggest the 3CX Supply Chain Operation Goes Back to Fall 2022}}, date = {2023-03-31}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2023/03/initial-implants-and-network-analysis-suggest-the-3cx-supply-chain-operation-goes-back-to-fall-2022}, language = {English}, urldate = {2023-04-02} } Initial Implants and Network Analysis Suggest the 3CX Supply Chain Operation Goes Back to Fall 2022
3CX Backdoor
2023-03-21Github (rivitna)Andrey Zhdanov
@online{zhdanov:20230321:blackcat:2da310d, author = {Andrey Zhdanov}, title = {{BlackCat v3 Decryptor Scripts}}, date = {2023-03-21}, organization = {Github (rivitna)}, url = {https://github.com/rivitna/Malware/tree/main/BlackCat/ALPHV3}, language = {English}, urldate = {2023-03-22} } BlackCat v3 Decryptor Scripts
BlackCat BlackCat
2023-03-21Twitter (@splinter_code)Antonio Cocomazzi
@online{cocomazzi:20230321:blackbyte:f11b8c4, author = {Antonio Cocomazzi}, title = {{Tweet on BlackByte ransomware rewrite in C++}}, date = {2023-03-21}, organization = {Twitter (@splinter_code)}, url = {https://twitter.com/splinter_code/status/1628057204954652674}, language = {English}, urldate = {2023-03-24} } Tweet on BlackByte ransomware rewrite in C++
BlackByte
2023-03-15ReliaquestRELIAQUEST THREAT RESEARCH TEAM
@online{team:20230315:qbot:cf3b85f, author = {RELIAQUEST THREAT RESEARCH TEAM}, title = {{QBot: Laying the Foundations for Black Basta Ransomware Activity}}, date = {2023-03-15}, organization = {Reliaquest}, url = {https://www.reliaquest.com/blog/qbot-black-basta-ransomware/}, language = {English}, urldate = {2023-04-18} } QBot: Laying the Foundations for Black Basta Ransomware Activity
Black Basta QakBot
2023-03-14BlackberryBlackBerry Research & Intelligence Team
@online{team:20230314:nobelium:f35029b, author = {BlackBerry Research & Intelligence Team}, title = {{NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine}}, date = {2023-03-14}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2023/03/nobelium-targets-eu-governments-assisting-ukraine}, language = {English}, urldate = {2023-03-14} } NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine
EnvyScout GraphicalNeutrino
2023-03-09Cyble
@online{cyble:20230309:blacksnake:fa8970a, author = {Cyble}, title = {{BlackSnake Ransomware Emerges from Chaos Ransomware’s Shadow}}, date = {2023-03-09}, url = {https://blog.cyble.com/2023/03/09/blacksnake-ransomware-emerges-from-chaos-ransomwares-shadow/}, language = {English}, urldate = {2023-03-13} } BlackSnake Ransomware Emerges from Chaos Ransomware’s Shadow
BlackSnake
2023-03-09binarlyAleksandr Matrosov
@online{matrosov:20230309:untold:ccb6198, author = {Aleksandr Matrosov}, title = {{The Untold Story of the BlackLotus UEFI Bootkit}}, date = {2023-03-09}, organization = {binarly}, url = {https://www.binarly.io/posts/The_Untold_Story_of_the_BlackLotus_UEFI_Bootkit/index.html}, language = {English}, urldate = {2023-03-20} } The Untold Story of the BlackLotus UEFI Bootkit
BlackLotus
2023-03-06LumenBlack Lotus Labs
@online{labs:20230306:new:5e68769, author = {Black Lotus Labs}, title = {{New HiatusRAT Router Malware Covertly Spies On Victims}}, date = {2023-03-06}, organization = {Lumen}, url = {https://blog.lumen.com/new-hiatusrat-router-malware-covertly-spies-on-victims/}, language = {English}, urldate = {2023-03-13} } New HiatusRAT Router Malware Covertly Spies On Victims
HiatusRAT
2023-03-01ESET ResearchMartin Smolár
@online{smolr:20230301:blacklotus:5ce99dc, author = {Martin Smolár}, title = {{BlackLotus UEFI bootkit: Myth confirmed}}, date = {2023-03-01}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/}, language = {English}, urldate = {2023-03-04} } BlackLotus UEFI bootkit: Myth confirmed
BlackLotus
2023-02-15BlackberryBlackBerry Research & Intelligence Team
@online{team:20230215:darkbit:3185762, author = {BlackBerry Research & Intelligence Team}, title = {{DarkBit Ransomware Targets Israel with Command-Line Options and Optimized Encryption Routines}}, date = {2023-02-15}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2023/02/darkbit-ransomware-targets-israel}, language = {English}, urldate = {2023-02-16} } DarkBit Ransomware Targets Israel with Command-Line Options and Optimized Encryption Routines
DarkBit
2023-02-01SeqriteSathwik Ram Prakki
@online{prakki:20230201:uncovering:16a8f71, author = {Sathwik Ram Prakki}, title = {{Uncovering LockBit Black’s Attack Chain and Anti-forensic activity}}, date = {2023-02-01}, organization = {Seqrite}, url = {https://www.seqrite.com/blog/uncovering-lockbit-blacks-attack-chain-and-anti-forensic-activity/}, language = {English}, urldate = {2023-03-13} } Uncovering LockBit Black’s Attack Chain and Anti-forensic activity
LockBit
2023-01-25Quadrant Information SecurityQuadrant Information Security
@online{security:20230125:technical:eb69781, author = {Quadrant Information Security}, title = {{Technical Analysis: Black Basta Malware Overview}}, date = {2023-01-25}, organization = {Quadrant Information Security}, url = {https://quadrantsec.com/resource/technical-analysis/black-basta-malware-overview}, language = {English}, urldate = {2023-02-21} } Technical Analysis: Black Basta Malware Overview
Black Basta Black Basta
2023-01-23KrollStephen Green, Elio Biasiotto
@online{green:20230123:black:dd89d21, author = {Stephen Green and Elio Biasiotto}, title = {{Black Basta – Technical Analysis}}, date = {2023-01-23}, organization = {Kroll}, url = {https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis}, language = {English}, urldate = {2023-04-22} } Black Basta – Technical Analysis
Black Basta Cobalt Strike MimiKatz QakBot SystemBC
2023-01-20BlackberryBlackBerry Research & Intelligence Team
@online{team:20230120:emotet:3d5fe7f, author = {BlackBerry Research & Intelligence Team}, title = {{Emotet Returns With New Methods of Evasion}}, date = {2023-01-20}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2023/01/emotet-returns-with-new-methods-of-evasion}, language = {English}, urldate = {2023-01-25} } Emotet Returns With New Methods of Evasion
Emotet IcedID
2023-01-19BlackberryBlackBerry Research & Intelligence Team
@online{team:20230119:gamaredon:ed20055, author = {BlackBerry Research & Intelligence Team}, title = {{Gamaredon (Ab)uses Telegram to Target Ukrainian Organizations}}, date = {2023-01-19}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2023/01/gamaredon-abuses-telegram-to-target-ukrainian-organizations}, language = {English}, urldate = {2023-01-25} } Gamaredon (Ab)uses Telegram to Target Ukrainian Organizations
Unidentified VBS 006 (Telegram Loader)