Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-11-11DomainToolsJoe Slowik
@online{slowik:20201111:extrapolating:8998b55, author = {Joe Slowik}, title = {{Extrapolating Adversary Intent Through Infrastructure}}, date = {2020-11-11}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/extrapolating-adversary-intent-through-infrastructure}, language = {English}, urldate = {2020-11-19} } Extrapolating Adversary Intent Through Infrastructure
2020-11-05Github (scythe-io)SCYTHE
@online{scythe:20201105:ryuk:8d7c4de, author = {SCYTHE}, title = {{Ryuk Adversary Emulation Plan}}, date = {2020-11-05}, organization = {Github (scythe-io)}, url = {https://github.com/scythe-io/community-threats/tree/master/Ryuk}, language = {English}, urldate = {2020-11-11} } Ryuk Adversary Emulation Plan
Ryuk
2020-10-27Sophos Managed Threat Response (MTR)Greg Iddon
@online{iddon:20201027:mtr:3b62ca9, author = {Greg Iddon}, title = {{MTR Casebook: An active adversary caught in the act}}, date = {2020-10-27}, organization = {Sophos Managed Threat Response (MTR)}, url = {https://news.sophos.com/en-us/2020/10/27/mtr-casebook-an-active-adversary-caught-in-the-act/}, language = {English}, urldate = {2020-11-02} } MTR Casebook: An active adversary caught in the act
Cobalt Strike
2020-09-15Seguranca InformaticaPedro Tavares
@online{tavares:20200915:threat:e046dec, author = {Pedro Tavares}, title = {{Threat analysis: The emergent URSA trojan impacts many countries using a sophisticated loader}}, date = {2020-09-15}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/}, language = {English}, urldate = {2020-09-16} } Threat analysis: The emergent URSA trojan impacts many countries using a sophisticated loader
2020-08-11FireEyeNick Schroeder, Harris Ansari, Brendan McKeague, Tim Martin, Alex Pennino
@online{schroeder:20200811:cookiejar:8fd0fd9, author = {Nick Schroeder and Harris Ansari and Brendan McKeague and Tim Martin and Alex Pennino}, title = {{COOKIEJAR: Tracking Adversaries With FireEye Endpoint Security’s Logon Tracker Module}}, date = {2020-08-11}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/08/cookiejar-tracking-adversaries-with-fireeye-endpoint-security-module.html}, language = {English}, urldate = {2020-08-14} } COOKIEJAR: Tracking Adversaries With FireEye Endpoint Security’s Logon Tracker Module
2020-07-14CrowdStrikeFalcon OverWatch Team
@online{team:20200714:manufacturing:3e552ec, author = {Falcon OverWatch Team}, title = {{Manufacturing Industry in the Adversaries’ Crosshairs}}, date = {2020-07-14}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/adversaries-targeting-the-manufacturing-industry/}, language = {English}, urldate = {2020-07-23} } Manufacturing Industry in the Adversaries’ Crosshairs
ShadowPad Snake Ransomware
2020-05-20Avast DecodedDavid Jursa, Simi Musilova, Jan Rubín, Alexej Savčin
@online{jursa:20200520:ghostdns:43190d5, author = {David Jursa and Simi Musilova and Jan Rubín and Alexej Savčin}, title = {{GhostDNS Source Code Leaked}}, date = {2020-05-20}, organization = {Avast Decoded}, url = {https://decoded.avast.io/simonamusilova/ghostdns-source-code-leaked/}, language = {English}, urldate = {2020-05-23} } GhostDNS Source Code Leaked
2020-03-31FireEyeVan Ta, Aaron Stephens
@online{ta:20200331:its:632dfca, author = {Van Ta and Aaron Stephens}, title = {{It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit}}, date = {2020-03-31}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/03/the-cycle-of-adversary-pursuit.html}, language = {English}, urldate = {2020-04-06} } It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit
Ryuk TrickBot UNC1878
2020-03-02Virus BulletinAlex Hinchliffe
@online{hinchliffe:20200302:pulling:35771e7, author = {Alex Hinchliffe}, title = {{Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary}}, date = {2020-03-02}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-pulling-pkplug-adversary-playbook-long-standing-espionage-activity-chinese-nation-state-adversary/}, language = {English}, urldate = {2020-03-02} } Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary
HenBox Farseer PlugX Poison Ivy
2020-02-25RSA ConferenceJoel DeCapua
@online{decapua:20200225:feds:423f929, author = {Joel DeCapua}, title = {{Feds Fighting Ransomware: How the FBI Investigates and How You Can Help}}, date = {2020-02-25}, organization = {RSA Conference}, url = {https://www.youtube.com/watch?v=LUxOcpIRxmg}, language = {English}, urldate = {2020-03-04} } Feds Fighting Ransomware: How the FBI Investigates and How You Can Help
FastCash Cerber Defray Dharma FriedEx Gandcrab GlobeImposter Mamba Phobos Ransomware Rapid Ransom REvil Ryuk SamSam Zeus
2019-11-21Bleeping ComputerLawrence Abrams
@online{abrams:20191121:allied:a3d69d7, author = {Lawrence Abrams}, title = {{Allied Universal Breached by Maze Ransomware, Stolen Data Leaked}}, date = {2019-11-21}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/allied-universal-breached-by-maze-ransomware-stolen-data-leaked/}, language = {English}, urldate = {2020-01-08} } Allied Universal Breached by Maze Ransomware, Stolen Data Leaked
Maze
2019-11-13CrowdStrikeJen Ayers, Jason Rivera
@techreport{ayers:20191113:through:70cc3b3, author = {Jen Ayers and Jason Rivera}, title = {{Through the Eyes of the Adversary}}, date = {2019-11-13}, institution = {CrowdStrike}, url = {https://na.eventscloud.com/file_uploads/6568237bca6dc156e5c5557c5989e97c_CrowdStrikeFal.Con2019_ThroughEyesOfAdversary_J.Ayers.pdf}, language = {English}, urldate = {2020-03-22} } Through the Eyes of the Adversary
TrickBot CLOCKWORD SPIDER
2019-09-22ProofpointMichael Raggi, Proofpoint Threat Insight Team
@online{raggi:20190922:lookback:51454f7, author = {Michael Raggi and Proofpoint Threat Insight Team}, title = {{LookBack Forges Ahead: Continued Targeting of the United States’ Utilities Sector Reveals Additional Adversary TTPs}}, date = {2019-09-22}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/lookback-forges-ahead-continued-targeting-united-states-utilities-sector-reveals}, language = {English}, urldate = {2019-12-20} } LookBack Forges Ahead: Continued Targeting of the United States’ Utilities Sector Reveals Additional Adversary TTPs
Lookback TA410
2019-06-20SymantecSymantec DeepSight Adversary Intelligence Team, Symantec Network Protection Security Labs
@online{team:20190620:waterbug:9c50dd1, author = {Symantec DeepSight Adversary Intelligence Team and Symantec Network Protection Security Labs}, title = {{Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments}}, date = {2019-06-20}, organization = {Symantec}, url = {https://www.symantec.com/blogs/threat-intelligence/waterbug-espionage-governments}, language = {English}, urldate = {2020-01-13} } Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments
LightNeuron
2019-04-12SpamTitantitanadmin
@online{titanadmin:20190412:emotet:12ca0e7, author = {titanadmin}, title = {{Emotet Malware Revives Old Email Conversations Threads to Increase Infection Rates}}, date = {2019-04-12}, organization = {SpamTitan}, url = {https://www.spamtitan.com/blog/emotet-malware-revives-old-email-conversations-threads-to-increase-infection-rates/}, language = {English}, urldate = {2020-01-09} } Emotet Malware Revives Old Email Conversations Threads to Increase Infection Rates
Emotet
2019-03-11MinervaMinerva Labs
@online{labs:20190311:attackers:013804a, author = {Minerva Labs}, title = {{Attackers Insert Themselves into the Email Conversation to Spread Malware}}, date = {2019-03-11}, organization = {Minerva}, url = {https://blog.minerva-labs.com/attackers-insert-themselves-into-the-email-conversation-to-spread-malware}, language = {English}, urldate = {2020-01-08} } Attackers Insert Themselves into the Email Conversation to Spread Malware
ISFB
2019DragosDragos
@online{dragos:2019:adversary:0237a20, author = {Dragos}, title = {{Adversary Reports}}, date = {2019}, organization = {Dragos}, url = {https://dragos.com/adversaries.html}, language = {English}, urldate = {2020-01-10} } Adversary Reports
ALLANITE CHRYSENE COVELLITE DYMALLOY ELECTRUM MAGNALLIUM XENOTIME
2018-12-21FireEyeGeoff Ackerman, Rick Cole, Andrew Thompson, Alex Orleans, Nick Carr
@online{ackerman:20181221:overruled:74ac7b4, author = {Geoff Ackerman and Rick Cole and Andrew Thompson and Alex Orleans and Nick Carr}, title = {{OVERRULED: Containing a Potentially Destructive Adversary}}, date = {2018-12-21}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html}, language = {English}, urldate = {2019-12-20} } OVERRULED: Containing a Potentially Destructive Adversary
POWERTON PoshC2 pupy
2018-12-10SymantecSymantec DeepSight Adversary Intelligence Team
@online{team:20181210:seedworm:d6dba3c, author = {Symantec DeepSight Adversary Intelligence Team}, title = {{Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms}}, date = {2018-12-10}, organization = {Symantec}, url = {https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group}, language = {English}, urldate = {2019-11-17} } Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms
MuddyWater
2018-11-27CrowdStrikeAdam Meyers
@online{meyers:20181127:meet:d6b13f0, author = {Adam Meyers}, title = {{Meet CrowdStrike’s Adversary of the Month for November: HELIX KITTEN}}, date = {2018-11-27}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-november-helix-kitten/}, language = {English}, urldate = {2019-12-20} } Meet CrowdStrike’s Adversary of the Month for November: HELIX KITTEN
OilRig