Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-30ProofpointMichael Raggi, Proofpoint Threat Insight Team
@online{raggi:20230330:exploitation:68f9fd6, author = {Michael Raggi and Proofpoint Threat Insight Team}, title = {{Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe}}, date = {2023-03-30}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability}, language = {English}, urldate = {2023-03-30} } Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe
2023-03-27ProofpointPim Trouerbach, Kelsey Merriman, Joe Wise
@online{trouerbach:20230327:fork:62e7699, author = {Pim Trouerbach and Kelsey Merriman and Joe Wise}, title = {{Fork in the Ice: The New Era of IcedID}}, date = {2023-03-27}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/fork-ice-new-era-icedid}, language = {English}, urldate = {2023-03-27} } Fork in the Ice: The New Era of IcedID
IcedID
2023-02-08ProofpointAxel F
@online{f:20230208:screentime:6bc258a, author = {Axel F}, title = {{Screentime: Sometimes It Feels Like Somebody's Watching Me}}, date = {2023-02-08}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/screentime-sometimes-it-feels-like-somebodys-watching-me}, language = {English}, urldate = {2023-02-13} } Screentime: Sometimes It Feels Like Somebody's Watching Me
WasabiSeed
2023-01-25ProofpointGreg Lesnewich, Proofpoint Threat Research Team
@online{lesnewich:20230125:ta444:ae76e7b, author = {Greg Lesnewich and Proofpoint Threat Research Team}, title = {{TA444: The APT Startup Aimed at Acquisition (of Your Funds)}}, date = {2023-01-25}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/ta444-apt-startup-aimed-at-your-funds}, language = {English}, urldate = {2023-01-25} } TA444: The APT Startup Aimed at Acquisition (of Your Funds)
CageyChameleon
2022-11-22ProofpointAlexander Rausch, Proofpoint Threat Research Team
@online{rausch:20221122:nighthawk:48f730c, author = {Alexander Rausch and Proofpoint Threat Research Team}, title = {{Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice}}, date = {2022-11-22}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice}, language = {English}, urldate = {2022-11-22} } Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice
Nighthawk
2022-11-16ProofpointPim Trouerbach, Axel F
@online{trouerbach:20221116:comprehensive:8278b4e, author = {Pim Trouerbach and Axel F}, title = {{A Comprehensive Look at Emotet Virus’ Fall 2022 Return}}, date = {2022-11-16}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/comprehensive-look-emotets-fall-2022-return}, language = {English}, urldate = {2022-12-29} } A Comprehensive Look at Emotet Virus’ Fall 2022 Return
BumbleBee Emotet IcedID
2022-09-13ProofpointJoshua Miller, Kyle Eaton, Alexander Rausch
@online{miller:20220913:look:781be66, author = {Joshua Miller and Kyle Eaton and Alexander Rausch}, title = {{Look What You Made Me Do: TA453 Uses Multi-Persona Impersonation to Capitalize on FOMO}}, date = {2022-09-13}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/ta453-uses-multi-persona-impersonation-capitalize-fomo}, language = {English}, urldate = {2022-09-19} } Look What You Made Me Do: TA453 Uses Multi-Persona Impersonation to Capitalize on FOMO
2022-08-30ProofpointMichael Raggi, Sveva Vittoria Scenarelli, PWC UK
@online{raggi:20220830:rising:650b12e, author = {Michael Raggi and Sveva Vittoria Scenarelli and PWC UK}, title = {{Rising Tide: Chasing the Currents of Espionage in the South China Sea}}, date = {2022-08-30}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/chasing-currents-espionage-south-china-sea}, language = {English}, urldate = {2022-08-31} } Rising Tide: Chasing the Currents of Espionage in the South China Sea
scanbox Meterpreter APT40
2022-08-18ProofpointJoe Wise, Selena Larson, Proofpoint Threat Research Team
@online{wise:20220818:reservations:c2f9faf, author = {Joe Wise and Selena Larson and Proofpoint Threat Research Team}, title = {{Reservations Requested: TA558 Targets Hospitality and Travel}}, date = {2022-08-18}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel}, language = {English}, urldate = {2022-08-18} } Reservations Requested: TA558 Targets Hospitality and Travel
AsyncRAT Loda NjRAT Ozone RAT Revenge RAT Vjw0rm
2022-07-21ProofpointBryan Campbell, Pim Trouerbach, Selena Larson, Proofpoint Threat Research Team
@online{campbell:20220721:buy:bf7d3c4, author = {Bryan Campbell and Pim Trouerbach and Selena Larson and Proofpoint Threat Research Team}, title = {{Buy, Sell, Steal, EvilNum Targets Cryptocurrency, Forex, Commodities}}, date = {2022-07-21}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/buy-sell-steal-evilnum-targets-cryptocurrency-forex-commodities}, language = {English}, urldate = {2022-07-25} } Buy, Sell, Steal, EvilNum Targets Cryptocurrency, Forex, Commodities
EVILNUM
2022-07-14ProofpointCrista Giering, Joshua Miller, Michael Raggi, Proofpoint Threat Research Team
@online{giering:20220714:above:06891ca, author = {Crista Giering and Joshua Miller and Michael Raggi and Proofpoint Threat Research Team}, title = {{Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media}}, date = {2022-07-14}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists}, language = {English}, urldate = {2022-07-15} } Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media
Chinoxy
2022-05-11ProofpointAndrew Northern, Pim Trouerbach, Tony Robinson, Axel F
@online{northern:20220511:nerbian:bd26bbb, author = {Andrew Northern and Pim Trouerbach and Tony Robinson and Axel F}, title = {{Nerbian RAT Using COVID-19 Themes Features Sophisticated Evasion Techniques}}, date = {2022-05-11}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/nerbian-rat-using-covid-19-themes-features-sophisticated-evasion-techniques}, language = {English}, urldate = {2022-05-11} } Nerbian RAT Using COVID-19 Themes Features Sophisticated Evasion Techniques
Nerbian RAT
2022-04-28ProofpointKelsey Merriman, Pim Trouerbach
@online{merriman:20220428:this:4b5ea2a, author = {Kelsey Merriman and Pim Trouerbach}, title = {{This isn't Optimus Prime's Bumblebee but it's Still Transforming}}, date = {2022-04-28}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming}, language = {English}, urldate = {2022-04-29} } This isn't Optimus Prime's Bumblebee but it's Still Transforming
BumbleBee TA578 TA579
2022-04-26ProofpointAxel F
@online{f:20220426:emotet:afb4f87, author = {Axel F}, title = {{Emotet Tests New Delivery Techniques}}, date = {2022-04-26}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/emotet-tests-new-delivery-techniques}, language = {English}, urldate = {2022-04-29} } Emotet Tests New Delivery Techniques
Emotet
2022-03-21ProofpointBryan Campbell, Zachary Abzug, Andrew Northern, Selena Larson
@online{campbell:20220321:serpent:12b3381, author = {Bryan Campbell and Zachary Abzug and Andrew Northern and Selena Larson}, title = {{Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain}}, date = {2022-03-21}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain}, language = {English}, urldate = {2022-03-22} } Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain
Serpent
2022-03-07ProofpointMichael Raggi, Myrtus 0x0
@online{raggi:20220307:good:4e4acd6, author = {Michael Raggi and Myrtus 0x0}, title = {{The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates}}, date = {2022-03-07}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european}, language = {English}, urldate = {2022-03-08} } The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates
PlugX
2022-03-03ProofpointProofpoint Cloud Security Research
@online{research:20220303:cloud:979361d, author = {Proofpoint Cloud Security Research}, title = {{Cloud Credential Compromise Campaign Originating from Russian-Affiliated Infrastructure}}, date = {2022-03-03}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/cloud-security/cloud-credential-compromise-campaign-originating-russian-affiliated}, language = {English}, urldate = {2022-03-07} } Cloud Credential Compromise Campaign Originating from Russian-Affiliated Infrastructure
2022-03-03ProofpointRyan Kalember
@online{kalember:20220303:proofpoint:a74b82c, author = {Ryan Kalember}, title = {{Proofpoint is Closely Monitoring the Rapidly Evolving Threat Landscape Related to Ukraine and Russia}}, date = {2022-03-03}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/corporate-news/proofpoint-closely-monitoring-rapidly-evolving-threat-landscape-related-ukraine}, language = {English}, urldate = {2022-03-07} } Proofpoint is Closely Monitoring the Rapidly Evolving Threat Landscape Related to Ukraine and Russia
2022-03-01ProofpointMichael Raggi, Zydeca Cass, Proofpoint Threat Research Team
@online{raggi:20220301:asylum:27cfa43, author = {Michael Raggi and Zydeca Cass and Proofpoint Threat Research Team}, title = {{Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement}}, date = {2022-03-01}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails}, language = {English}, urldate = {2022-03-10} } Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement
SunSeed
2022-02-15ProofpointSelena Larson, Joe Wise
@online{larson:20220215:charting:0205206, author = {Selena Larson and Joe Wise}, title = {{Charting TA2541's Flight}}, date = {2022-02-15}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight}, language = {English}, urldate = {2022-02-16} } Charting TA2541's Flight
AsyncRAT TA2541