Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-11-21IBMCharlotte Hammond, Ole Villadsen, Kat Metrick
@online{hammond:20231121:stealthy:057553f, author = {Charlotte Hammond and Ole Villadsen and Kat Metrick}, title = {{Stealthy WailingCrab Malware misuses MQTT Messaging Protocol}}, date = {2023-11-21}, organization = {IBM}, url = {https://securityintelligence.com/x-force/wailingcrab-malware-misues-mqtt-messaging-protocol/}, language = {English}, urldate = {2023-11-27} } Stealthy WailingCrab Malware misuses MQTT Messaging Protocol
Gozi WikiLoader
2023-11-06Security IntelligenceGolo Mühr, Ole Villadsen
@online{mhr:20231106:gootbot:e37a082, author = {Golo Mühr and Ole Villadsen}, title = {{GootBot – Gootloader’s new approach to post-exploitation}}, date = {2023-11-06}, organization = {Security Intelligence}, url = {https://securityintelligence.com/x-force/gootbot-gootloaders-new-approach-to-post-exploitation/}, language = {English}, urldate = {2023-11-27} } GootBot – Gootloader’s new approach to post-exploitation
GootLoader
2023-09-12Security IntelligenceOle Villadsen, Golo Mühr, Kat Metrick
@online{villadsen:20230912:email:21d359c, author = {Ole Villadsen and Golo Mühr and Kat Metrick}, title = {{Email campaigns leverage updated DBatLoader to deliver RATs, stealers}}, date = {2023-09-12}, organization = {Security Intelligence}, url = {https://securityintelligence.com/posts/email-campaigns-leverage-updated-dbatloader-deliver-rats-stealers/}, language = {English}, urldate = {2023-09-25} } Email campaigns leverage updated DBatLoader to deliver RATs, stealers
DBatLoader
2023-06-27SecurityIntelligenceCharlotte Hammond, Ole Villadsen
@online{hammond:20230627:trickbotconti:5e1f20d, author = {Charlotte Hammond and Ole Villadsen}, title = {{The Trickbot/Conti Crypters: Where Are They Now?}}, date = {2023-06-27}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/posts/trickbot-conti-crypters-where-are-they-now/}, language = {English}, urldate = {2023-07-31} } The Trickbot/Conti Crypters: Where Are They Now?
Black Basta Conti Mount Locker PhotoLoader Royal Ransom SystemBC TrickBot
2023-04-14IBMCharlotte Hammond, Ole Villadsen
@online{hammond:20230414:exconti:67eb7a8, author = {Charlotte Hammond and Ole Villadsen}, title = {{Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor}}, date = {2023-04-14}, organization = {IBM}, url = {https://securityintelligence.com/posts/ex-conti-fin7-actors-collaborate-new-domino-backdoor}, language = {English}, urldate = {2023-04-18} } Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor
Minodo Nemesis
2023-04-14Security IntelligenceCharlotte Hammond, Ole Villadsen
@online{hammond:20230414:exconti:6b1a7b5, author = {Charlotte Hammond and Ole Villadsen}, title = {{Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor}}, date = {2023-04-14}, organization = {Security Intelligence}, url = {https://securityintelligence.com/posts/ex-conti-fin7-actors-collaborate-new-domino-backdoor/}, language = {English}, urldate = {2023-04-17} } Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor
Minodo
2022-08-18IBMCharlotte Hammond, Ole Villadsen
@online{hammond:20220818:from:501e8ac, author = {Charlotte Hammond and Ole Villadsen}, title = {{From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers}}, date = {2022-08-18}, organization = {IBM}, url = {https://securityintelligence.com/posts/from-ramnit-to-bumblebee-via-neverquest}, language = {English}, urldate = {2022-08-28} } From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers
BumbleBee Karius Ramnit TrickBot Vawtrak
2022-07-07IBMOle Villadsen, Charlotte Hammond, Kat Weinberger
@online{villadsen:20220707:unprecedented:d0a6add, author = {Ole Villadsen and Charlotte Hammond and Kat Weinberger}, title = {{Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine}}, date = {2022-07-07}, organization = {IBM}, url = {https://securityintelligence.com/posts/trickbot-group-systematically-attacking-ukraine}, language = {English}, urldate = {2022-07-12} } Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine
AnchorMail BumbleBee Cobalt Strike IcedID Meterpreter
2022-05-19IBMCharlotte Hammond, Ole Villadsen, Golo Mühr
@online{hammond:20220519:itg23:eab10e2, author = {Charlotte Hammond and Ole Villadsen and Golo Mühr}, title = {{ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups}}, date = {2022-05-19}, organization = {IBM}, url = {https://securityintelligence.com/posts/itg23-crypters-cooperation-between-cybercriminal-groups/}, language = {English}, urldate = {2022-05-25} } ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups
IcedID ISFB Mount Locker
2022-02-25IBMCharlotte Hammond, Ole Villadsen
@online{hammond:20220225:trickbot:fdf2254, author = {Charlotte Hammond and Ole Villadsen}, title = {{Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail}}, date = {2022-02-25}, organization = {IBM}, url = {https://securityintelligence.com/posts/new-malware-trickbot-anchordns-backdoor-upgrades-anchormail/}, language = {English}, urldate = {2022-03-02} } Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail
AnchorDNS AnchorMail
2021-10-13IBMOle Villadsen, Charlotte Hammond
@online{villadsen:20211013:trickbot:e0d4233, author = {Ole Villadsen and Charlotte Hammond}, title = {{Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds}}, date = {2021-10-13}, organization = {IBM}, url = {https://securityintelligence.com/posts/trickbot-gang-doubles-down-enterprise-infection/}, language = {English}, urldate = {2021-10-25} } Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds
BazarBackdoor TrickBot
2020-04-07SecurityIntelligenceOle Villadsen
@online{villadsen:20200407:itg08:b0b782d, author = {Ole Villadsen}, title = {{ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework}}, date = {2020-04-07}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/posts/itg08-aka-fin6-partners-with-trickbot-gang-uses-anchor-framework/}, language = {English}, urldate = {2020-04-13} } ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework
More_eggs Anchor TrickBot
2019-08-29Security IntelligenceOle Villadsen, Kevin Henson, Melissa Frydrych, Joey Victorino
@online{villadsen:20190829:moreeggs:8ff7351, author = {Ole Villadsen and Kevin Henson and Melissa Frydrych and Joey Victorino}, title = {{More_eggs, Anyone? Threat Actor ITG08 Strikes Again}}, date = {2019-08-29}, organization = {Security Intelligence}, url = {https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/}, language = {English}, urldate = {2020-01-13} } More_eggs, Anyone? Threat Actor ITG08 Strikes Again
More_eggs FIN6