Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-28BroadcomThreat Hunter Team, Vishal Kamble
@online{team:20220628:bumblebee:29809dd, author = {Threat Hunter Team and Vishal Kamble}, title = {{Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem}}, date = {2022-06-28}, organization = {Broadcom}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bumblebee-loader-cybercrime}, language = {English}, urldate = {2022-06-30} } Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem
BumbleBee
2022-06-28SekoiaThreat & Detection Research Team
@online{team:20220628:raccoon:98accde, author = {Threat & Detection Research Team}, title = {{Raccoon Stealer v2 – Part 1: The return of the dead}}, date = {2022-06-28}, organization = {Sekoia}, url = {https://blog.sekoia.io/raccoon-stealer-v2-part-1-the-return-of-the-dead/}, language = {English}, urldate = {2022-06-30} } Raccoon Stealer v2 – Part 1: The return of the dead
Raccoon
2022-06-23SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220623:bronze:8bccd74, author = {Counter Threat Unit ResearchTeam}, title = {{BRONZE STARLIGHT Ransomware Operations Use HUI Loader}}, date = {2022-06-23}, organization = {Secureworks}, url = {https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader}, language = {English}, urldate = {2022-06-27} } BRONZE STARLIGHT Ransomware Operations Use HUI Loader
ATOMSILO Cobalt Strike HUI Loader LockFile NightSky Pandora Rook
2022-06-21Malwarebytes LabsThreat Intelligence Team
@online{team:20220621:russias:a934a10, author = {Threat Intelligence Team}, title = {{Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine}}, date = {2022-06-21}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/06/russias-apt28-uses-fear-of-nuclear-war-to-spread-follina-docs-in-ukraine/}, language = {English}, urldate = {2022-06-22} } Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine
2022-06-15AttackIQJackson Wells, AttackIQ Adversary Research Team
@online{wells:20220615:attack:aa9fcfb, author = {Jackson Wells and AttackIQ Adversary Research Team}, title = {{Attack Graph Emulating the Conti Ransomware Team’s Behaviors}}, date = {2022-06-15}, organization = {AttackIQ}, url = {https://attackiq.com/2022/06/15/attack-graph-emulating-the-conti-ransomware-teams-behaviors/}, language = {English}, urldate = {2022-07-01} } Attack Graph Emulating the Conti Ransomware Team’s Behaviors
BazarBackdoor Conti TrickBot
2022-06-13SekoiaThreat & Detection Research Team
@online{team:20220613:bumblebee:0a56342, author = {Threat & Detection Research Team}, title = {{BumbleBee: a new trendy loader for Initial Access Brokers}}, date = {2022-06-13}, organization = {Sekoia}, url = {https://blog.sekoia.io/bumblebee-a-new-trendy-loader-for-initial-access-brokers/}, language = {English}, urldate = {2022-06-17} } BumbleBee: a new trendy loader for Initial Access Brokers
BumbleBee
2022-06-13MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20220613:many:7681eda, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{The many lives of BlackCat ransomware}}, date = {2022-06-13}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/}, language = {English}, urldate = {2022-06-15} } The many lives of BlackCat ransomware
BlackCat
2022-06-09BlackberryJoakim Kennedy, The BlackBerry Research & Intelligence Team
@online{kennedy:20220609:symbiote:fcc031b, author = {Joakim Kennedy and The BlackBerry Research & Intelligence Team}, title = {{Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat}}, date = {2022-06-09}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat}, language = {English}, urldate = {2022-06-09} } Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
Symbiote
2022-06-08Malwarebytes LabsThreat Intelligence Team
@online{team:20220608:makemoney:a8f6163, author = {Threat Intelligence Team}, title = {{MakeMoney malvertising campaign adds fake update template}}, date = {2022-06-08}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/06/makemoney-malvertising-campaign-adds-fake-update-template/}, language = {English}, urldate = {2022-06-15} } MakeMoney malvertising campaign adds fake update template
FAKEUPDATES
2022-06-08Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20220608:operation:3fe580d, author = {Red Raindrop Team}, title = {{Operation Tejas: A dying elephant curled up in the Kunlun Mountains}}, date = {2022-06-08}, organization = {Qianxin Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/8j_rHA7gdMxY1_X8alj8Zg}, language = {English}, urldate = {2022-06-09} } Operation Tejas: A dying elephant curled up in the Kunlun Mountains
HAZY TIGER RAZOR TIGER
2022-06-03AttackIQJackson Wells, AttackIQ Adversary Research Team
@online{wells:20220603:attack:5e4e9c6, author = {Jackson Wells and AttackIQ Adversary Research Team}, title = {{Attack Graph Response to US CERT AA22-152A: Karakurt Data Extortion Group}}, date = {2022-06-03}, organization = {AttackIQ}, url = {https://attackiq.com/2022/06/03/attack-graph-response-to-us-cert-aa22-152a-karakurt-data-extortion-group/}, language = {English}, urldate = {2022-06-18} } Attack Graph Response to US CERT AA22-152A: Karakurt Data Extortion Group
Cobalt Strike MimiKatz
2022-06-02CrowdStrikeEPP Content Research Team
@online{team:20220602:crowdstrike:3ca0d32, author = {EPP Content Research Team}, title = {{CrowdStrike Uncovers New MacOS Browser Hijacking Campaign}}, date = {2022-06-02}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-crowdstrike-uncovered-a-new-macos-browser-hijacking-campaign/}, language = {English}, urldate = {2022-06-04} } CrowdStrike Uncovers New MacOS Browser Hijacking Campaign
2022-05-25Team CymruS2 Research Team
@online{team:20220525:bablosoft:90f50c4, author = {S2 Research Team}, title = {{Bablosoft; Lowering the Barrier of Entry for Malicious Actors}}, date = {2022-05-25}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2022/05/25/bablosoft-lowering-the-barrier-of-entry-for-malicious-actors/}, language = {English}, urldate = {2022-05-29} } Bablosoft; Lowering the Barrier of Entry for Malicious Actors
BlackGuard BumbleBee RedLine Stealer
2022-05-24BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220524:yashma:33b80cb, author = {The BlackBerry Research & Intelligence Team}, title = {{Yashma Ransomware, Tracing the Chaos Family Tree}}, date = {2022-05-24}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/05/yashma-ransomware-tracing-the-chaos-family-tree}, language = {English}, urldate = {2022-05-24} } Yashma Ransomware, Tracing the Chaos Family Tree
Chaos
2022-05-19BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220519:net:ecf311c, author = {The BlackBerry Research & Intelligence Team}, title = {{.NET Stubs: Sowing the Seeds of Discord (PureCrypter)}}, date = {2022-05-19}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord}, language = {English}, urldate = {2022-06-09} } .NET Stubs: Sowing the Seeds of Discord (PureCrypter)
Aberebot AbstractEmu AdoBot 404 Keylogger Agent Tesla Amadey AsyncRAT Ave Maria BitRAT BluStealer Formbook LimeRAT Loki Password Stealer (PWS) Nanocore RAT Orcus RAT Quasar RAT Raccoon RedLine Stealer WhisperGate
2022-05-19BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220519:net:64662b5, author = {The BlackBerry Research & Intelligence Team}, title = {{.NET Stubs: Sowing the Seeds of Discord}}, date = {2022-05-19}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord?}, language = {English}, urldate = {2022-05-23} } .NET Stubs: Sowing the Seeds of Discord
Agent Tesla Quasar RAT WhisperGate
2022-05-19splunkSplunk Threat Research Team
@online{team:20220519:threat:63b1c42, author = {Splunk Threat Research Team}, title = {{Threat Update: AcidRain Wiper}}, date = {2022-05-19}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/threat-update-acidrain-wiper.html}, language = {English}, urldate = {2022-05-29} } Threat Update: AcidRain Wiper
AcidRain
2022-05-19MicrosoftMicrosoft 365 Defender Research Team
@online{team:20220519:rise:2087702, author = {Microsoft 365 Defender Research Team}, title = {{Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices}}, date = {2022-05-19}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/}, language = {English}, urldate = {2022-05-20} } Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
XOR DDoS
2022-05-17SekoiaThreat & Detection Research Team
@online{team:20220517:eternityteam:daf058d, author = {Threat & Detection Research Team}, title = {{EternityTeam: a new prominent threat group on underground forums}}, date = {2022-05-17}, organization = {Sekoia}, url = {https://blog.sekoia.io/eternityteam-a-new-prominent-threat-group-on-underground-forums/}, language = {English}, urldate = {2022-05-23} } EternityTeam: a new prominent threat group on underground forums
Eternity Stealer
2022-05-16Malwarebytes LabsThreat Intelligence Team
@online{team:20220516:custom:5fe917a, author = {Threat Intelligence Team}, title = {{Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis}}, date = {2022-05-16}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/05/custom-powershell-rat-targets-germans-seeking-information-about-the-ukraine-crisis/}, language = {English}, urldate = {2022-05-17} } Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis
Unidentified PS 003 (RAT)