Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-11ProofpointAndrew Northern, Pim Trouerbach, Tony Robinson, Axel F
@online{northern:20220511:nerbian:bd26bbb, author = {Andrew Northern and Pim Trouerbach and Tony Robinson and Axel F}, title = {{Nerbian RAT Using COVID-19 Themes Features Sophisticated Evasion Techniques}}, date = {2022-05-11}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/nerbian-rat-using-covid-19-themes-features-sophisticated-evasion-techniques}, language = {English}, urldate = {2022-05-11} } Nerbian RAT Using COVID-19 Themes Features Sophisticated Evasion Techniques
Nerbian RAT
2022-04-28ProofpointKelsey Merriman, Pim Trouerbach
@online{merriman:20220428:this:4b5ea2a, author = {Kelsey Merriman and Pim Trouerbach}, title = {{This isn't Optimus Prime's Bumblebee but it's Still Transforming}}, date = {2022-04-28}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming}, language = {English}, urldate = {2022-04-29} } This isn't Optimus Prime's Bumblebee but it's Still Transforming
BumbleBee TA578 TA579
2022-04-26ProofpointAxel F
@online{f:20220426:emotet:afb4f87, author = {Axel F}, title = {{Emotet Tests New Delivery Techniques}}, date = {2022-04-26}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/emotet-tests-new-delivery-techniques}, language = {English}, urldate = {2022-04-29} } Emotet Tests New Delivery Techniques
Emotet
2022-03-21ProofpointBryan Campbell, Zachary Abzug, Andrew Northern, Selena Larson
@online{campbell:20220321:serpent:12b3381, author = {Bryan Campbell and Zachary Abzug and Andrew Northern and Selena Larson}, title = {{Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain}}, date = {2022-03-21}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain}, language = {English}, urldate = {2022-03-22} } Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain
Serpent
2022-03-07ProofpointMichael Raggi, Myrtus 0x0
@online{raggi:20220307:good:4e4acd6, author = {Michael Raggi and Myrtus 0x0}, title = {{The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates}}, date = {2022-03-07}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european}, language = {English}, urldate = {2022-03-08} } The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates
PlugX
2022-03-03ProofpointProofpoint Cloud Security Research
@online{research:20220303:cloud:979361d, author = {Proofpoint Cloud Security Research}, title = {{Cloud Credential Compromise Campaign Originating from Russian-Affiliated Infrastructure}}, date = {2022-03-03}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/cloud-security/cloud-credential-compromise-campaign-originating-russian-affiliated}, language = {English}, urldate = {2022-03-07} } Cloud Credential Compromise Campaign Originating from Russian-Affiliated Infrastructure
2022-03-03ProofpointRyan Kalember
@online{kalember:20220303:proofpoint:a74b82c, author = {Ryan Kalember}, title = {{Proofpoint is Closely Monitoring the Rapidly Evolving Threat Landscape Related to Ukraine and Russia}}, date = {2022-03-03}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/corporate-news/proofpoint-closely-monitoring-rapidly-evolving-threat-landscape-related-ukraine}, language = {English}, urldate = {2022-03-07} } Proofpoint is Closely Monitoring the Rapidly Evolving Threat Landscape Related to Ukraine and Russia
2022-03-01ProofpointMichael Raggi, Zydeca Cass, Proofpoint Threat Research Team
@online{raggi:20220301:asylum:27cfa43, author = {Michael Raggi and Zydeca Cass and Proofpoint Threat Research Team}, title = {{Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement}}, date = {2022-03-01}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails}, language = {English}, urldate = {2022-03-10} } Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement
SunSeed
2022-02-15ProofpointSelena Larson, Joe Wise
@online{larson:20220215:charting:0205206, author = {Selena Larson and Joe Wise}, title = {{Charting TA2541's Flight}}, date = {2022-02-15}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight}, language = {English}, urldate = {2022-02-16} } Charting TA2541's Flight
AsyncRAT TA2541
2022-02-08ProofpointKonstantin Klinger, Joshua Miller, Georgi Mladenov
@online{klinger:20220208:ugg:dc05453, author = {Konstantin Klinger and Joshua Miller and Georgi Mladenov}, title = {{Ugg Boots 4 Sale: A Tale of Palestinian-Aligned Espionage}}, date = {2022-02-08}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/ugg-boots-4-sale-tale-palestinian-aligned-espionage}, language = {English}, urldate = {2022-02-09} } Ugg Boots 4 Sale: A Tale of Palestinian-Aligned Espionage
BrittleBush NimbleMamba
2022-01-24ProofpointProofpoint
@online{proofpoint:20220124:dtpacker:6d34c1b, author = {Proofpoint}, title = {{DTPacker – a .NET Packer with a Curious Password}}, date = {2022-01-24}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/dtpacker-net-packer-curious-password-1}, language = {English}, urldate = {2022-01-25} } DTPacker – a .NET Packer with a Curious Password
Agent Tesla
2021-12-07ProofpointSelena Larson, Jake G
@online{larson:20211207:university:1fd4da4, author = {Selena Larson and Jake G}, title = {{University Targeted Credential Phishing Campaigns Use COVID-19, Omicron Themes}}, date = {2021-12-07}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/university-targeted-credential-phishing-campaigns-use-covid-19-omicron-themes}, language = {English}, urldate = {2021-12-08} } University Targeted Credential Phishing Campaigns Use COVID-19, Omicron Themes
2021-12-01ProofpointMichael Raggi
@online{raggi:20211201:injection:75b61f9, author = {Michael Raggi}, title = {{Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors}}, date = {2021-12-01}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/injection-new-black-novel-rtf-template-inject-technique-poised-widespread}, language = {English}, urldate = {2021-12-06} } Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors
2021-11-18ProofpointDarien Huss, Selena Larson
@techreport{huss:20211118:triple:dd07fa8, author = {Darien Huss and Selena Larson}, title = {{Triple Threat: North Korea-Aligned TA406 Steals, Scams and Spies}}, date = {2021-11-18}, institution = {Proofpoint}, url = {https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-threat-insight-paper-triple-threat-N-Korea-aligned-TA406-steals-scams-spies.pdf}, language = {English}, urldate = {2021-12-15} } Triple Threat: North Korea-Aligned TA406 Steals, Scams and Spies
YoreKey
2021-11-18ProofpointDarien Huss, Selena Larson
@online{huss:20211118:triple:62c1c14, author = {Darien Huss and Selena Larson}, title = {{Triple Threat: North Korea-Aligned TA406 Scams, Spies, and Steals}}, date = {2021-11-18}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/triple-threat-north-korea-aligned-ta406-scams-spies-and-steals}, language = {English}, urldate = {2021-12-15} } Triple Threat: North Korea-Aligned TA406 Scams, Spies, and Steals
YoreKey
2021-11-04ProofpointSelena Larson, Sam Scholten, Timothy Kromphardt
@online{larson:20211104:caught:a80a9f0, author = {Selena Larson and Sam Scholten and Timothy Kromphardt}, title = {{Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery}}, date = {2021-11-04}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/caught-beneath-landline-411-telephone-oriented-attack-delivery}, language = {English}, urldate = {2021-11-08} } Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery
2021-10-28ProofpointAxel F, Selena Larson
@online{f:20211028:ta575:c1cfdd7, author = {Axel F and Selena Larson}, title = {{TA575 Uses ‘Squid Game’ Lures to Distribute Dridex malware}}, date = {2021-10-28}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/ta575-uses-squid-game-lures-distribute-dridex-malware}, language = {English}, urldate = {2021-11-03} } TA575 Uses ‘Squid Game’ Lures to Distribute Dridex malware
DoppelDridex
2021-10-27ProofpointSelena Larson, Joe Wise
@online{larson:20211027:new:0d80a57, author = {Selena Larson and Joe Wise}, title = {{New Threat Actor Spoofs Philippine Government, COVID-19 Health Data in Widespread RAT Campaigns}}, date = {2021-10-27}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/new-threat-actor-spoofs-philippine-government-covid-19-health-data-widespread}, language = {English}, urldate = {2021-11-03} } New Threat Actor Spoofs Philippine Government, COVID-19 Health Data in Widespread RAT Campaigns
Nanocore RAT Remcos
2021-10-20ProofpointBryan Campbell, Proofpoint Threat Insight Team
@online{campbell:20211020:ta551:aa5f9d9, author = {Bryan Campbell and Proofpoint Threat Insight Team}, title = {{TA551 Uses ‘SLIVER’ Red Team Tool in New Activity}}, date = {2021-10-20}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/security-briefs/ta551-uses-sliver-red-team-tool-new-activity}, language = {English}, urldate = {2021-10-26} } TA551 Uses ‘SLIVER’ Red Team Tool in New Activity
2021-10-19ProofpointZydeca Cass, Axel F, Crista Giering, Matthew Mesa, Georgi Mladenov, Brandon Murphy
@online{cass:20211019:whatta:4d969e1, author = {Zydeca Cass and Axel F and Crista Giering and Matthew Mesa and Georgi Mladenov and Brandon Murphy}, title = {{Whatta TA: TA505 Ramps Up Activity, Delivers New FlawedGrace Variant}}, date = {2021-10-19}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant}, language = {English}, urldate = {2021-10-24} } Whatta TA: TA505 Ramps Up Activity, Delivers New FlawedGrace Variant
FlawedGrace MirrorBlast