Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-06-22ProofpointSherrod DeGrippo, Proofpoint Threat Research Team
@online{degrippo:20200622:hakbit:4d8be82, author = {Sherrod DeGrippo and Proofpoint Threat Research Team}, title = {{Hakbit Ransomware Campaign Against Germany, Austria, Switzerland}}, date = {2020-06-22}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/hakbit-ransomware-campaign-against-germany-austria-switzerland}, language = {English}, urldate = {2020-06-23} } Hakbit Ransomware Campaign Against Germany, Austria, Switzerland
CloudEyE Hakbit
2020-06-10ProofpointDennis Schwarz
@online{schwarz:20200610:flowcloud:c0b42c0, author = {Dennis Schwarz}, title = {{FlowCloud Version 4.1.3 Malware Analysis}}, date = {2020-06-10}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/flowcloud-version-413-malware-analysis}, language = {English}, urldate = {2020-06-12} } FlowCloud Version 4.1.3 Malware Analysis
FlowCloud
2020-06-08ProofpointMichael Raggi, Dennis Schwarz, Georgi Mladenov, Proofpoint Threat Research Team
@online{raggi:20200608:ta410:f838522, author = {Michael Raggi and Dennis Schwarz and Georgi Mladenov and Proofpoint Threat Research Team}, title = {{TA410: The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware}}, date = {2020-06-08}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/ta410-group-behind-lookback-attacks-against-us-utilities-sector-returns-new}, language = {English}, urldate = {2020-06-09} } TA410: The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware
FlowCloud Lookback
2020-05-20ProofpointDennis Schwarz, Matthew Mesa, Proofpoint Threat Research Team
@online{schwarz:20200520:zloader:e3c523e, author = {Dennis Schwarz and Matthew Mesa and Proofpoint Threat Research Team}, title = {{ZLoader Loads Again: New ZLoader Variant Returns}}, date = {2020-05-20}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/zloader-loads-again-new-zloader-variant-returns}, language = {English}, urldate = {2020-05-23} } ZLoader Loads Again: New ZLoader Variant Returns
Zloader
2020-04-23ProofpointProofpoint Threat Research Team
@online{team:20200423:threat:af989e1, author = {Proofpoint Threat Research Team}, title = {{Threat Actors Repurpose Hupigon in Adult Dating Attacks Targeting US Universities}}, date = {2020-04-23}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/threat-actors-repurpose-hupigon-adult-dating-attacks-targeting-us-universities}, language = {English}, urldate = {2020-05-02} } Threat Actors Repurpose Hupigon in Adult Dating Attacks Targeting US Universities
Hupigon
2020-03-18ProofpointAxel F, Sam Scholten
@online{f:20200318:coronavirus:8fe12a3, author = {Axel F and Sam Scholten}, title = {{Coronavirus Threat Landscape Update}}, date = {2020-03-18}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/coronavirus-threat-landscape-update}, language = {English}, urldate = {2020-03-26} } Coronavirus Threat Landscape Update
Agent Tesla Get2 ISFB Remcos
2020-03-16ProofpointSherrod DeGrippo
@online{degrippo:20200316:ta505:6cfbbb0, author = {Sherrod DeGrippo}, title = {{TA505 and Others Launch New Coronavirus Campaigns; Now the Largest Collection of Attack Types in Years}}, date = {2020-03-16}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/ta505-and-others-launch-new-coronavirus-campaigns-now-largest-collection-attack}, language = {English}, urldate = {2020-04-26} } TA505 and Others Launch New Coronavirus Campaigns; Now the Largest Collection of Attack Types in Years
RedLine Stealer
2020-03-16ProofpointJeremy H, Axel F, Proofpoint Threat Insight Team
@online{h:20200316:new:60f8c3d, author = {Jeremy H and Axel F and Proofpoint Threat Insight Team}, title = {{New RedLine Stealer Distributed Using Coronavirus-themed Email Campaign}}, date = {2020-03-16}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/new-redline-stealer-distributed-using-coronavirus-themed-email-campaign}, language = {English}, urldate = {2020-03-17} } New RedLine Stealer Distributed Using Coronavirus-themed Email Campaign
RedLine Stealer
2020-03-05ProofpointProofpoint Threat Research Team
@online{team:20200305:guloader:9972f51, author = {Proofpoint Threat Research Team}, title = {{GuLoader: A Popular New VB6 Downloader that Abuses Cloud Services}}, date = {2020-03-05}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/guloader-popular-new-vb6-downloader-abuses-cloud-services}, language = {English}, urldate = {2020-03-05} } GuLoader: A Popular New VB6 Downloader that Abuses Cloud Services
2019-12-04ProofpointKelsey Merriman, Dennis Schwarz, Kafeine, Axel F
@online{merriman:20191204:buer:6c413aa, author = {Kelsey Merriman and Dennis Schwarz and Kafeine and Axel F}, title = {{Buer, a new loader emerges in the underground marketplace}}, date = {2019-12-04}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/buer-new-loader-emerges-underground-marketplace}, language = {English}, urldate = {2020-01-06} } Buer, a new loader emerges in the underground marketplace
Buer
2019-11-14ProofpointBryan Campbell, Proofpoint Threat Insight Team
@online{campbell:20191114:ta2101:e79f6fb, author = {Bryan Campbell and Proofpoint Threat Insight Team}, title = {{TA2101 plays government imposter to distribute malware to German, Italian, and US organizations}}, date = {2019-11-14}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us}, language = {English}, urldate = {2019-11-27} } TA2101 plays government imposter to distribute malware to German, Italian, and US organizations
Maze TA2101
2019-10-16ProofpointProofpoint
@online{proofpoint:20191016:ta505:9bca8d0, author = {Proofpoint}, title = {{TA505 Timeline}}, date = {2019-10-16}, organization = {Proofpoint}, url = {https://www.proofpoint.com/sites/default/files/ta505_timeline_final4_0.png}, language = {English}, urldate = {2020-01-08} } TA505 Timeline
TA505
2019-10-16ProofpointDennis Schwarz, Kafeine, Matthew Mesa, Axel F, Proofpoint Threat Insight Team
@online{schwarz:20191016:ta505:9d7155a, author = {Dennis Schwarz and Kafeine and Matthew Mesa and Axel F and Proofpoint Threat Insight Team}, title = {{TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader}}, date = {2019-10-16}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-trojan-get2-downloader}, language = {English}, urldate = {2020-01-10} } TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader
Get2 SDBbot TA505
2019-10-14ProofpointProofpoint Threat Insight Team
@online{team:20191014:threat:42bffb4, author = {Proofpoint Threat Insight Team}, title = {{Threat Actor Profile: TA407, the Silent Librarian}}, date = {2019-10-14}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta407-silent-librarian}, language = {English}, urldate = {2019-10-18} } Threat Actor Profile: TA407, the Silent Librarian
Silent Librarian
2019-09-26ProofpointBryan Campbell, Jeremy Hedges, Proofpoint Threat Insight Team
@online{campbell:20190926:new:d228362, author = {Bryan Campbell and Jeremy Hedges and Proofpoint Threat Insight Team}, title = {{New WhiteShadow downloader uses Microsoft SQL to retrieve malware}}, date = {2019-09-26}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/new-whiteshadow-downloader-uses-microsoft-sql-retrieve-malware}, language = {English}, urldate = {2020-02-26} } New WhiteShadow downloader uses Microsoft SQL to retrieve malware
WhiteShadow Agent Tesla Azorult Crimson RAT Formbook Nanocore RAT NetWire RC NjRAT Remcos
2019-09-22ProofpointMichael Raggi, Proofpoint Threat Insight Team
@online{raggi:20190922:lookback:51454f7, author = {Michael Raggi and Proofpoint Threat Insight Team}, title = {{LookBack Forges Ahead: Continued Targeting of the United States’ Utilities Sector Reveals Additional Adversary TTPs}}, date = {2019-09-22}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/lookback-forges-ahead-continued-targeting-united-states-utilities-sector-reveals}, language = {English}, urldate = {2019-12-20} } LookBack Forges Ahead: Continued Targeting of the United States’ Utilities Sector Reveals Additional Adversary TTPs
Lookback LookBack
2019-09-06ProofpointProofpoint Threat Insight Team
@online{team:20190906:psixbot:7f87948, author = {Proofpoint Threat Insight Team}, title = {{PsiXBot Now Using Google DNS over HTTPS and Possible New Sexploitation Module}}, date = {2019-09-06}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/psixbot-now-using-google-dns-over-https-and-possible-new-sexploitation-module}, language = {English}, urldate = {2019-12-20} } PsiXBot Now Using Google DNS over HTTPS and Possible New Sexploitation Module
PsiX
2019-09-05ProofpointMichael Walsh, Proofpoint Threat Insight Team
@online{walsh:20190905:seems:5cb0fb8, author = {Michael Walsh and Proofpoint Threat Insight Team}, title = {{Seems Phishy: Back to School Lures Target University Students and Staff}}, date = {2019-09-05}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/seems-phishy-back-school-lures-target-university-students-and-staff}, language = {English}, urldate = {2019-11-26} } Seems Phishy: Back to School Lures Target University Students and Staff
Silent Librarian
2019-08-12ProofpointProofpoint Threat Insight Team
@online{team:20190812:psixbot:14fd373, author = {Proofpoint Threat Insight Team}, title = {{PsiXBot Continues to Evolve with Updated DNS Infrastructure}}, date = {2019-08-12}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/psixbot-continues-evolve-updated-dns-infrastructure}, language = {English}, urldate = {2019-12-20} } PsiXBot Continues to Evolve with Updated DNS Infrastructure
PsiX
2019-08-01ProofpointMichael Raggi, Dennis Schwarz, Proofpoint Threat Insight Team
@online{raggi:20190801:lookback:f258db4, author = {Michael Raggi and Dennis Schwarz and Proofpoint Threat Insight Team}, title = {{LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards}}, date = {2019-08-01}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/lookback-malware-targets-united-states-utilities-sector-phishing-attacks}, language = {English}, urldate = {2019-12-20} } LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards
GUP Proxy Tool Lookback LookBack