Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-11-15SymantecThreat Hunter Team
@online{team:20221115:billbug:f11d48d, author = {Threat Hunter Team}, title = {{Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries}}, date = {2022-11-15}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-asia-governments-cert-authority}, language = {English}, urldate = {2022-11-15} } Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries
Sagerunex
2022-10-21SymantecThreat Hunter Team
@online{team:20221021:exbyte:f068ce7, author = {Threat Hunter Team}, title = {{Exbyte: BlackByte Ransomware Attackers Deploy New Exfiltration Tool}}, date = {2022-10-21}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/blackbyte-exbyte-ransomware}, language = {English}, urldate = {2022-11-09} } Exbyte: BlackByte Ransomware Attackers Deploy New Exfiltration Tool
ExByte
2022-09-29SymantecThreat Hunter Team
@online{team:20220929:witchetty:628f1c4, author = {Threat Hunter Team}, title = {{Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East}}, date = {2022-09-29}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/witchetty-steganography-espionage}, language = {English}, urldate = {2022-09-30} } Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East
CHINACHOPPER Lookback MimiKatz PlugX Unidentified 096 (Keylogger) x4
2022-09-22BroadcomSymantec Threat Hunter Team
@online{team:20220922:noberus:fc868b9, author = {Symantec Threat Hunter Team}, title = {{Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics}}, date = {2022-09-22}, organization = {Broadcom}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-ransomware-ttps}, language = {English}, urldate = {2022-09-26} } Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics
BlackCat BlackMatter DarkSide
2022-09-15SymantecThreat Hunter Team
@online{team:20220915:webworm:500c850, author = {Threat Hunter Team}, title = {{Webworm: Espionage Attackers Testing and Using Older Modified RATs}}, date = {2022-09-15}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/webworm-espionage-rats}, language = {English}, urldate = {2022-09-20} } Webworm: Espionage Attackers Testing and Using Older Modified RATs
9002 RAT Ghost RAT Trochilus RAT
2022-09-13SymantecThreat Hunter Team
@online{team:20220913:new:2ff2e98, author = {Threat Hunter Team}, title = {{New Wave of Espionage Activity Targets Asian Governments}}, date = {2022-09-13}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-asia-governments}, language = {English}, urldate = {2022-09-20} } New Wave of Espionage Activity Targets Asian Governments
MimiKatz PlugX Quasar RAT ShadowPad Trochilus RAT
2022-08-15SymantecThreat Hunter Team
@online{team:20220815:shuckworm:1cd6e54, author = {Threat Hunter Team}, title = {{Shuckworm: Russia-Linked Group Maintains Ukraine Focus}}, date = {2022-08-15}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/russia-ukraine-shuckworm}, language = {English}, urldate = {2022-08-18} } Shuckworm: Russia-Linked Group Maintains Ukraine Focus
2022-07-20SymantecVishal Kamble, Lahu Khatal
@online{kamble:20220720:lockbit:e4515c8, author = {Vishal Kamble and Lahu Khatal}, title = {{LockBit: Ransomware Puts Servers in the Crosshairs}}, date = {2022-07-20}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lockbit-targets-servers}, language = {English}, urldate = {2022-07-20} } LockBit: Ransomware Puts Servers in the Crosshairs
LockBit
2022-06-28SymantecThreat Hunter Team, Vishal Kamble
@online{team:20220628:bumblebee:29809dd, author = {Threat Hunter Team and Vishal Kamble}, title = {{Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem}}, date = {2022-06-28}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bumblebee-loader-cybercrime}, language = {English}, urldate = {2022-07-20} } Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem
BumbleBee
2022-06-08SymantecKarthikeyan C Kasiviswanathan, Yuvaraj Megavarnadu
@online{kasiviswanathan:20220608:attackers:6a247ab, author = {Karthikeyan C Kasiviswanathan and Yuvaraj Megavarnadu}, title = {{Attackers Exploit MSDT Follina Bug to Drop RAT, Infostealer}}, date = {2022-06-08}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/follina-msdt-exploit-malware}, language = {English}, urldate = {2022-07-20} } Attackers Exploit MSDT Follina Bug to Drop RAT, Infostealer
AsyncRAT
2022-06-02SymantecThreat Hunter Team
@online{team:20220602:clipminer:84da7a3, author = {Threat Hunter Team}, title = {{Clipminer Botnet Makes Operators at Least $1.7 Million}}, date = {2022-06-02}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/clipminer-bitcoin-mining-hijacking}, language = {English}, urldate = {2022-07-20} } Clipminer Botnet Makes Operators at Least $1.7 Million
2022-04-28SymantecKarthikeyan C Kasiviswanathan, Vishal Kamble
@online{kasiviswanathan:20220428:ransomware:95feafb, author = {Karthikeyan C Kasiviswanathan and Vishal Kamble}, title = {{Ransomware: How Attackers are Breaching Corporate Networks}}, date = {2022-04-28}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-hive-conti-avoslocker}, language = {English}, urldate = {2022-05-04} } Ransomware: How Attackers are Breaching Corporate Networks
AvosLocker Conti Emotet Hive IcedID PhotoLoader QakBot TrickBot
2022-04-27SymantecThreat Hunter Team
@online{team:20220427:stonefly:15dabdd, author = {Threat Hunter Team}, title = {{Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets}}, date = {2022-04-27}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/stonefly-north-korea-espionage}, language = {English}, urldate = {2022-04-29} } Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets
2022-04-20SymantecThreat Hunter Team
@online{team:20220420:shuckworm:f7b5ef7, author = {Threat Hunter Team}, title = {{Shuckworm: Espionage Group Continues Intense Campaign Against Ukraine}}, date = {2022-04-20}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-intense-campaign-ukraine}, language = {English}, urldate = {2022-04-25} } Shuckworm: Espionage Group Continues Intense Campaign Against Ukraine
Pteranodon
2022-04-14SymantecThreat Hunter Team
@online{team:20220414:lazarus:8e13a88, author = {Threat Hunter Team}, title = {{Lazarus Targets Chemical Sector}}, date = {2022-04-14}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical}, language = {English}, urldate = {2022-04-15} } Lazarus Targets Chemical Sector
2022-04-05SymantecThreat Hunter Team
@online{team:20220405:cicada:67f6b8c, author = {Threat Hunter Team}, title = {{Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity}}, date = {2022-04-05}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks}, language = {English}, urldate = {2022-04-07} } Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity
MimiKatz SodaMaster
2022-03-29SymantecThreat Hunter Team
@online{team:20220329:verblecon:0a3286b, author = {Threat Hunter Team}, title = {{Verblecon: Sophisticated New Loader Used in Low-level Attacks}}, date = {2022-03-29}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord}, language = {English}, urldate = {2022-03-30} } Verblecon: Sophisticated New Loader Used in Low-level Attacks
Verblecon
2022-03-16SymantecSymantec Threat Hunter Team
@techreport{team:20220316:ransomware:1c2a72a, author = {Symantec Threat Hunter Team}, title = {{The Ransomware Threat Landscape: What to Expect in 2022}}, date = {2022-03-16}, institution = {Symantec}, url = {https://www.symantec.broadcom.com/hubfs/SED/SED_Threat_Hunter_Reports_Alerts/SED_FY22Q2_SES_Ransomware-Threat-Landscape_WP.pdf}, language = {English}, urldate = {2022-03-22} } The Ransomware Threat Landscape: What to Expect in 2022
AvosLocker BlackCat BlackMatter Conti DarkSide DoppelPaymer Emotet Hive Karma Mespinoza Nemty Squirrelwaffle VegaLocker WastedLocker Yanluowang Zeppelin
2022-03-09SymantecThreat Hunter Team
@online{team:20220309:daxin:18d9025, author = {Threat Hunter Team}, title = {{Daxin Backdoor: In-Depth Analysis, Part Two}}, date = {2022-03-09}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage-analysis}, language = {English}, urldate = {2022-03-10} } Daxin Backdoor: In-Depth Analysis, Part Two
Daxin
2022-03-08SymantecThreat Hunter Team
@online{team:20220308:daxin:04deb91, author = {Threat Hunter Team}, title = {{Daxin Backdoor: In-Depth Analysis, Part One}}, date = {2022-03-08}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-malware-espionage-analysis}, language = {English}, urldate = {2022-03-14} } Daxin Backdoor: In-Depth Analysis, Part One
Daxin