Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-09-12Security IntelligenceOle Villadsen, Golo Mühr, Kat Metrick
@online{villadsen:20230912:email:21d359c, author = {Ole Villadsen and Golo Mühr and Kat Metrick}, title = {{Email campaigns leverage updated DBatLoader to deliver RATs, stealers}}, date = {2023-09-12}, organization = {Security Intelligence}, url = {https://securityintelligence.com/posts/email-campaigns-leverage-updated-dbatloader-deliver-rats-stealers/}, language = {English}, urldate = {2023-09-25} } Email campaigns leverage updated DBatLoader to deliver RATs, stealers
DBatLoader
2023-06-06Security IntelligenceJoshua Chung, Melissa Frydrych, Claire Zaboeva, Agnes Ramos-Beauchamp
@online{chung:20230606:itg10:83811e5, author = {Joshua Chung and Melissa Frydrych and Claire Zaboeva and Agnes Ramos-Beauchamp}, title = {{ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People’s Republic of Korea (DPRK)}}, date = {2023-06-06}, organization = {Security Intelligence}, url = {https://securityintelligence.com/posts/itg10-targeting-south-korean-entities/}, language = {English}, urldate = {2023-06-09} } ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People’s Republic of Korea (DPRK)
RokRAT
2023-04-14Security IntelligenceCharlotte Hammond, Ole Villadsen
@online{hammond:20230414:exconti:6b1a7b5, author = {Charlotte Hammond and Ole Villadsen}, title = {{Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor}}, date = {2023-04-14}, organization = {Security Intelligence}, url = {https://securityintelligence.com/posts/ex-conti-fin7-actors-collaborate-new-domino-backdoor/}, language = {English}, urldate = {2023-04-17} } Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor
Minodo
2022-11-09Security IntelligenceJonathan Reed
@online{reed:20221109:ransomwareasaservice:751e1a8, author = {Jonathan Reed}, title = {{Ransomware-as-a-Service Transforms Gangs Into Businesses}}, date = {2022-11-09}, organization = {Security Intelligence}, url = {https://securityintelligence.com/news/eternity-gang-ransomware-as-a-service-telegram/}, language = {English}, urldate = {2022-11-11} } Ransomware-as-a-Service Transforms Gangs Into Businesses
Eternity Stealer
2022-10-28Elastic@rsprooten, Elastic Security Intelligence & Analytics Team
@online{rsprooten:20221028:emotet:ffabd03, author = {@rsprooten and Elastic Security Intelligence & Analytics Team}, title = {{EMOTET dynamic config extraction}}, date = {2022-10-28}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction}, language = {English}, urldate = {2022-10-30} } EMOTET dynamic config extraction
Emotet
2022-05-06Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20220506:twitter:7a00df8, author = {Microsoft Security Intelligence}, title = {{Twitter Thread on initial infeciton of SocGholish/ FAKEUPDATES campaigns lead to BLISTER Loader, CobaltStrike, Lockbit and followed by Hands On Keyboard activity}}, date = {2022-05-06}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1522690116979855360}, language = {English}, urldate = {2022-05-09} } Twitter Thread on initial infeciton of SocGholish/ FAKEUPDATES campaigns lead to BLISTER Loader, CobaltStrike, Lockbit and followed by Hands On Keyboard activity
FAKEUPDATES Blister Cobalt Strike LockBit
2022-03-01AkamaiSecurity Intelligence Response Team
@online{team:20220301:tcp:ea95946, author = {Security Intelligence Response Team}, title = {{TCP Middlebox Reflection: Coming to a DDoS Near You}}, date = {2022-03-01}, organization = {Akamai}, url = {https://www.akamai.com/blog/security/tcp-middlebox-reflection}, language = {English}, urldate = {2022-03-02} } TCP Middlebox Reflection: Coming to a DDoS Near You
2022-01-15MicrosoftMicrosoft, Microsoft Security Intelligence, Microsoft Digital Security Unit (DSU), Microsoft Detection and Response Team (DART), Microsoft 365 Defender Threat Intelligence Team
@online{microsoft:20220115:destructive:77ac2f5, author = {Microsoft and Microsoft Security Intelligence and Microsoft Digital Security Unit (DSU) and Microsoft Detection and Response Team (DART) and Microsoft 365 Defender Threat Intelligence Team}, title = {{Destructive malware targeting Ukrainian organizations (DEV-0586)}}, date = {2022-01-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/}, language = {English}, urldate = {2022-01-18} } Destructive malware targeting Ukrainian organizations (DEV-0586)
WhisperGate DEV-0586
2021-12-15Security IntelligenceIBM SECURITY X-FORCE
@online{xforce:20211215:nation:dd1a3c4, author = {IBM SECURITY X-FORCE}, title = {{Nation State Threat Group Targets Airline with Aclip Backdoor}}, date = {2021-12-15}, organization = {Security Intelligence}, url = {https://securityintelligence.com/posts/nation-state-threat-group-targets-airline-aclip-backdoor/}, language = {English}, urldate = {2023-06-19} } Nation State Threat Group Targets Airline with Aclip Backdoor
2021-10-21Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20211021:new:11cf9aa, author = {Microsoft Security Intelligence}, title = {{Tweet on new variant of mac malware UpdateAgent/WizardUpdate}}, date = {2021-10-21}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1451279679059488773}, language = {English}, urldate = {2021-10-26} } Tweet on new variant of mac malware UpdateAgent/WizardUpdate
Vigram
2021-10-19MicrosoftMicrosoft Security Intelligence
@online{intelligence:20211019:adwaremacosadloada:3119765, author = {Microsoft Security Intelligence}, title = {{Adware:MacOS/Adload.A}}, date = {2021-10-19}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Adware:MacOS/Adload.A&threatId=312991}, language = {English}, urldate = {2023-09-07} } Adware:MacOS/Adload.A
2021-10-12ElasticElastic Security Intelligence & Analytics Team
@online{team:20211012:going:5ac7c9d, author = {Elastic Security Intelligence & Analytics Team}, title = {{Going Coast to Coast - Climbing the Pyramid with the Deimos Implant}}, date = {2021-10-12}, organization = {Elastic}, url = {https://www.elastic.co/blog/going-coast-to-coast-climbing-the-pyramid-with-the-deimos-implant}, language = {English}, urldate = {2021-10-26} } Going Coast to Coast - Climbing the Pyramid with the Deimos Implant
Deimos
2021-09-29Silent PushSilent Push
@online{push:20210929:evaluating:e4d134d, author = {Silent Push}, title = {{Evaluating the Value of Security Intelligence Feeds with Silent Push}}, date = {2021-09-29}, organization = {Silent Push}, url = {https://www.silentpush.com/blog/evaluating-the-value-of-security-feeds-with-silent-push}, language = {English}, urldate = {2022-07-13} } Evaluating the Value of Security Intelligence Feeds with Silent Push
2021-09-25Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210925:thread:afea874, author = {Microsoft Security Intelligence}, title = {{Thread on Malicious Android apps posing as bank loan services are being widely distributed to targets in Asia}}, date = {2021-09-25}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1441524497924833282?s=20}, language = {English}, urldate = {2021-09-28} } Thread on Malicious Android apps posing as bank loan services are being widely distributed to targets in Asia
Unidentified APK 006
2021-08-04Security IntelligenceAllison Wikoff, Richard Emerson
@online{wikoff:20210804:itg18:f2f125f, author = {Allison Wikoff and Richard Emerson}, title = {{ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group}}, date = {2021-08-04}, organization = {Security Intelligence}, url = {https://securityintelligence.com/posts/itg18-operational-security-errors-plague-iranian-threat-group/}, language = {English}, urldate = {2021-08-23} } ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group
LittleLooter
2021-07-27ElasticElastic Security Intelligence & Analytics Team
@online{team:20210727:collecting:fb21718, author = {Elastic Security Intelligence & Analytics Team}, title = {{Collecting and operationalizing threat data from the Mozi botnet}}, date = {2021-07-27}, organization = {Elastic}, url = {https://www.elastic.co/blog/collecting-and-operationalizing-threat-data-from-the-mozi-botnet}, language = {English}, urldate = {2021-07-29} } Collecting and operationalizing threat data from the Mozi botnet
Mozi
2021-07-24Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210724:attackers:4a3d443, author = {Microsoft Security Intelligence}, title = {{Tweet on attackers increasingly using HTML smuggling in phishing and other email campaigns to deliver Casbaneiro}}, date = {2021-07-24}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1418706916922986504}, language = {English}, urldate = {2021-08-02} } Tweet on attackers increasingly using HTML smuggling in phishing and other email campaigns to deliver Casbaneiro
Metamorfo
2021-06-11Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210611:solarmarkerjupyter:86c4f14, author = {Microsoft Security Intelligence}, title = {{Tweet on solarmarker/Jupyter malware}}, date = {2021-06-11}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1403461397283950597}, language = {English}, urldate = {2021-06-21} } Tweet on solarmarker/Jupyter malware
solarmarker
2021-05-20Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210520:javabased:ce966f5, author = {Microsoft Security Intelligence}, title = {{Tweet on Java-based STRRAT malware campaign distributed via email}}, date = {2021-05-20}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1395138347601854465}, language = {English}, urldate = {2021-05-25} } Tweet on Java-based STRRAT malware campaign distributed via email
STRRAT
2021-05-11Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210511:snip3:69a4650, author = {Microsoft Security Intelligence}, title = {{Tweet on Snip3 crypter delivering AsyncRAT or AgentTesla}}, date = {2021-05-11}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1392219299696152578}, language = {English}, urldate = {2021-05-13} } Tweet on Snip3 crypter delivering AsyncRAT or AgentTesla
Agent Tesla AsyncRAT