Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-03-08SymantecThreat Hunter Team
@online{team:20210308:how:752e42e, author = {Threat Hunter Team}, title = {{How Symantec Stops Microsoft Exchange Server Attacks}}, date = {2021-03-08}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/microsoft-exchange-server-protection}, language = {English}, urldate = {2021-03-12} } How Symantec Stops Microsoft Exchange Server Attacks
CHINACHOPPER MimiKatz
2021-01-22SymantecThreat Hunter Team
@online{team:20210122:solarwinds:b82c2df, author = {Threat Hunter Team}, title = {{SolarWinds: How Sunburst Sends Data Back to the Attackers}}, date = {2021-01-22}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-sunburst-sending-data}, language = {English}, urldate = {2021-01-25} } SolarWinds: How Sunburst Sends Data Back to the Attackers
SUNBURST
2021-01-18SymantecThreat Hunter Team
@online{team:20210118:raindrop:9ab1262, author = {Threat Hunter Team}, title = {{Raindrop: New Malware Discovered in SolarWinds Investigation}}, date = {2021-01-18}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-raindrop-malware}, language = {English}, urldate = {2021-01-21} } Raindrop: New Malware Discovered in SolarWinds Investigation
Cobalt Strike Raindrop SUNBURST TEARDROP
2021-01-15SymantecThreat Hunter Team
@online{team:20210115:solarwinds:46d0db6, author = {Threat Hunter Team}, title = {{SolarWinds: Insights into Attacker Command and Control Process}}, date = {2021-01-15}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-sunburst-command-control}, language = {English}, urldate = {2021-01-21} } SolarWinds: Insights into Attacker Command and Control Process
SUNBURST
2021-01-07SymantecThreat Hunter Team
@online{team:20210107:solarwinds:29f7094, author = {Threat Hunter Team}, title = {{SolarWinds: How a Rare DGA Helped Attacker Communications Fly Under the Radar}}, date = {2021-01-07}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-unique-dga}, language = {English}, urldate = {2021-01-11} } SolarWinds: How a Rare DGA Helped Attacker Communications Fly Under the Radar
SUNBURST
2020-12-22SymantecThreat Hunter Team
@online{team:20201222:solarwinds:b77e372, author = {Threat Hunter Team}, title = {{SolarWinds Attacks: Stealthy Attackers Attempted To Evade Detection}}, date = {2020-12-22}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-attacks-stealthy-attackers-attempted-evade-detection}, language = {English}, urldate = {2020-12-23} } SolarWinds Attacks: Stealthy Attackers Attempted To Evade Detection
SUNBURST
2020-12-14SymantecThreat Hunter Team
@online{team:20201214:sunburst:12e5814, author = {Threat Hunter Team}, title = {{Sunburst: Supply Chain Attack Targets SolarWinds Users}}, date = {2020-12-14}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/sunburst-supply-chain-attack-solarwinds}, language = {English}, urldate = {2020-12-19} } Sunburst: Supply Chain Attack Targets SolarWinds Users
SUNBURST TEARDROP
2020-11-17SymantecThreat Hunter Team
@online{team:20201117:japanlinked:42c6320, author = {Threat Hunter Team}, title = {{Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign}}, date = {2020-11-17}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage}, language = {English}, urldate = {2020-11-19} } Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign
Quasar RAT
2020-10-21SymantecThreat Hunter Team
@online{team:20201021:seedworm:7df9e09, author = {Threat Hunter Team}, title = {{Seedworm: Iran-Linked Group Continues to Target Organizations in the Middle East}}, date = {2020-10-21}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/seedworm-apt-iran-middle-east}, language = {English}, urldate = {2020-10-23} } Seedworm: Iran-Linked Group Continues to Target Organizations in the Middle East
PowGoop
2020-10-12SymantecThreat Hunter Team
@online{team:20201012:trickbot:5c1e5bf, author = {Threat Hunter Team}, title = {{Trickbot: U.S. Court Order Hits Botnet’s Infrastructure}}, date = {2020-10-12}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/trickbot-botnet-ransomware-disruption}, language = {English}, urldate = {2020-10-12} } Trickbot: U.S. Court Order Hits Botnet’s Infrastructure
Ryuk TrickBot
2020-09-29SymantecThreat Hunter Team
@online{team:20200929:palmerworm:4a96e3b, author = {Threat Hunter Team}, title = {{Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors}}, date = {2020-09-29}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt}, language = {English}, urldate = {2020-10-04} } Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors
KIVARS PLEAD BlackTech
2020-09-18SymantecThreat Hunter Team
@online{team:20200918:elfin:dff6499, author = {Threat Hunter Team}, title = {{Elfin: Latest U.S. Indictments Appear to Target Iranian Espionage Group}}, date = {2020-09-18}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/elfin-indictments-iran-espionage}, language = {English}, urldate = {2020-09-23} } Elfin: Latest U.S. Indictments Appear to Target Iranian Espionage Group
Nanocore RAT
2020-09-18SymantecThreat Hunter Team
@online{team:20200918:apt41:363daa8, author = {Threat Hunter Team}, title = {{APT41: Indictments Put Chinese Espionage Group in the Spotlight}}, date = {2020-09-18}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/apt41-indictments-china-espionage}, language = {English}, urldate = {2020-09-23} } APT41: Indictments Put Chinese Espionage Group in the Spotlight
CROSSWALK PlugX poisonplug ShadowPad Winnti
2020-08-31SymantecThreat Hunter Team
@techreport{team:20200831:sophisticated:7cf4dfe, author = {Threat Hunter Team}, title = {{Sophisticated Groups and Cyber Criminals Set Sights on Lucrative Financial Sector}}, date = {2020-08-31}, institution = {Symantec}, url = {https://symantec.broadcom.com/hubfs/SED-Threats-Financial-Sector.pdf}, language = {English}, urldate = {2020-09-23} } Sophisticated Groups and Cyber Criminals Set Sights on Lucrative Financial Sector
WastedLocker
2020-06-26SymantecCritical Attack Discovery and Intelligence Team
@online{team:20200626:wastedlocker:0e9c75c, author = {Critical Attack Discovery and Intelligence Team}, title = {{WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations}}, date = {2020-06-26}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us}, language = {English}, urldate = {2020-06-26} } WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations
donut_injector WastedLocker
2020-06-23SymantecCritical Attack Discovery and Intelligence Team
@online{team:20200623:sodinokibi:7eff193, author = {Critical Attack Discovery and Intelligence Team}, title = {{Sodinokibi: Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike}}, date = {2020-06-23}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/sodinokibi-ransomware-cobalt-strike-pos}, language = {English}, urldate = {2020-06-23} } Sodinokibi: Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike
Cobalt Strike REvil
2020-05-19SymantecCritical Attack Discovery and Intelligence Team
@online{team:20200519:sophisticated:023b1bd, author = {Critical Attack Discovery and Intelligence Team}, title = {{Sophisticated Espionage Group Turns Attention to Telecom Providers in South Asia}}, date = {2020-05-19}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/greenbug-espionage-telco-south-asia}, language = {English}, urldate = {2020-05-20} } Sophisticated Espionage Group Turns Attention to Telecom Providers in South Asia
ISMAgent ISMDoor
2020-05-14paloalto Networks Unit 42Ruchna Nigam
@online{nigam:20200514:mirai:65d9d83, author = {Ruchna Nigam}, title = {{Mirai and Hoaxcalls Botnets Target Legacy Symantec Web Gateways}}, date = {2020-05-14}, organization = {paloalto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/hoaxcalls-mirai-target-legacy-symantec-web-gateways/}, language = {English}, urldate = {2020-05-18} } Mirai and Hoaxcalls Botnets Target Legacy Symantec Web Gateways
Bashlite Mirai
2020-03-30SymantecNguyen Hoang Giang, Mingwei Zhang
@online{giang:20200330:emotet:6034d14, author = {Nguyen Hoang Giang and Mingwei Zhang}, title = {{Emotet: Dangerous Malware Keeps on Evolving}}, date = {2020-03-30}, organization = {Symantec}, url = {https://medium.com/threat-intel/emotet-dangerous-malware-keeps-on-evolving-ac84aadbb8de}, language = {English}, urldate = {2020-04-01} } Emotet: Dangerous Malware Keeps on Evolving
Emotet
2019-11-04SymantecNguyen Hoang Giang, Eduardo Altares, Muhammad Hasib Latif
@online{giang:20191104:nemty:6f237c6, author = {Nguyen Hoang Giang and Eduardo Altares and Muhammad Hasib Latif}, title = {{Nemty Ransomware Expands Its Reach, Also Delivered by Trik Botnet}}, date = {2019-11-04}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nemty-ransomware-trik-botnet}, language = {English}, urldate = {2020-06-02} } Nemty Ransomware Expands Its Reach, Also Delivered by Trik Botnet
Nemty Phorpiex