Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-04-16Team CymruJoshua Picolet
@online{picolet:20210416:transparent:645e443, author = {Joshua Picolet}, title = {{Transparent Tribe APT Infrastructure Mapping Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021}}, date = {2021-04-16}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/04/16/transparent-tribe-apt-infrastructure-mapping/}, language = {English}, urldate = {2021-04-19} } Transparent Tribe APT Infrastructure Mapping Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021
Crimson RAT
2021-04-13splunkSplunk Threat Research Team
@online{team:20210413:detecting:83655d0, author = {Splunk Threat Research Team}, title = {{Detecting Clop Ransomware}}, date = {2021-04-13}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-clop-ransomware.html}, language = {English}, urldate = {2021-04-14} } Detecting Clop Ransomware
Clop
2021-04-09AhnLabAhnLab ASEC Analysis Team
@online{team:20210409:dissemination:35e59c8, author = {AhnLab ASEC Analysis Team}, title = {{Dissemination of Korean document (HWP) titled inquiries related to North Korea}}, date = {2021-04-09}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/21873/}, language = {Korean}, urldate = {2021-04-14} } Dissemination of Korean document (HWP) titled inquiries related to North Korea
2021-04-09MicrosoftEmily Hacker, Justin Carroll, Microsoft 365 Defender Threat Intelligence Team
@online{hacker:20210409:investigating:2b6f30a, author = {Emily Hacker and Justin Carroll and Microsoft 365 Defender Threat Intelligence Team}, title = {{Investigating a unique “form” of email delivery for IcedID malware}}, date = {2021-04-09}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/04/09/investigating-a-unique-form-of-email-delivery-for-icedid-malware/}, language = {English}, urldate = {2021-04-12} } Investigating a unique “form” of email delivery for IcedID malware
IcedID
2021-04-07RiskIQTeam RiskIQ
@online{riskiq:20210407:yanbian:43530e8, author = {Team RiskIQ}, title = {{Yanbian Gang Malware Continues with Wide-Scale Distribution and C2}}, date = {2021-04-07}, organization = {RiskIQ}, url = {https://www.riskiq.com/blog/external-threat-management/yanbian-gang-malware-distribution/}, language = {English}, urldate = {2021-04-19} } Yanbian Gang Malware Continues with Wide-Scale Distribution and C2
Yanbian Gang
2021-04-06MalwarebytesThreat Intelligence Team
@online{team:20210406:deep:6279974, author = {Threat Intelligence Team}, title = {{A deep dive into Saint Bot, a new downloader}}, date = {2021-04-06}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2021/04/a-deep-dive-into-saint-bot-downloader/}, language = {English}, urldate = {2021-04-12} } A deep dive into Saint Bot, a new downloader
Saint Bot
2021-04-01MicrosoftCole Sodja, Justin Carroll, Melissa Turcotte, Joshua Neil, Microsoft 365 Defender Research Team
@online{sodja:20210401:automating:d24c8aa, author = {Cole Sodja and Justin Carroll and Melissa Turcotte and Joshua Neil and Microsoft 365 Defender Research Team}, title = {{Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting}}, date = {2021-04-01}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/04/01/automating-threat-actor-tracking-understanding-attacker-behavior-for-intelligence-and-contextual-alerting/}, language = {English}, urldate = {2021-04-06} } Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting
2021-03-31SophosMichael Heller
@online{heller:20210331:sophos:43ef878, author = {Michael Heller}, title = {{Sophos MTR in Real Time: What is Astro Locker Team?}}, date = {2021-03-31}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/03/31/sophos-mtr-in-real-time-what-is-astro-locker-team/}, language = {English}, urldate = {2021-04-06} } Sophos MTR in Real Time: What is Astro Locker Team?
Mount Locker
2021-03-30ProofpointJoshua Miller, Proofpoint Threat Research Team
@online{miller:20210330:badblood:3cab448, author = {Joshua Miller and Proofpoint Threat Research Team}, title = {{BadBlood: TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns}}, date = {2021-03-30}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/badblood-ta453-targets-us-and-israeli-medical-research-personnel-credential}, language = {English}, urldate = {2021-03-31} } BadBlood: TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns
2021-03-26SonicWallSonicWall CaptureLabs Threats Research Team
@online{team:20210326:chinas:d31ffa4, author = {SonicWall CaptureLabs Threats Research Team}, title = {{China’s “Winnti” Spyder Module}}, date = {2021-03-26}, organization = {SonicWall}, url = {https://securitynews.sonicwall.com/xmlpost/chinas-winnti-spyder-module/}, language = {English}, urldate = {2021-04-14} } China’s “Winnti” Spyder Module
Winnti
2021-03-26MIT Technology ReviewPatrick Howell O'Neill
@online{oneill:20210326:googles:7524453, author = {Patrick Howell O'Neill}, title = {{Google’s top security teams unilaterally shut down a counterterrorism operation}}, date = {2021-03-26}, organization = {MIT Technology Review}, url = {https://www.technologyreview.com/2021/03/26/1021318/google-security-shut-down-counter-terrorist-us-ally/}, language = {English}, urldate = {2021-03-30} } Google’s top security teams unilaterally shut down a counterterrorism operation
2021-03-25MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210325:analyzing:d9ddef0, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Analyzing attacks taking advantage of the Exchange Server vulnerabilities}}, date = {2021-03-25}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/25/analyzing-attacks-taking-advantage-of-the-exchange-server-vulnerabilities/}, language = {English}, urldate = {2021-03-30} } Analyzing attacks taking advantage of the Exchange Server vulnerabilities
CHINACHOPPER
2021-03-24MalwarebytesThreat Intelligence Team
@online{team:20210324:software:f896085, author = {Threat Intelligence Team}, title = {{Software renewal scammers unmasked}}, date = {2021-03-24}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2021/03/software-renewal-scammers-unmasked/}, language = {English}, urldate = {2021-03-25} } Software renewal scammers unmasked
2021-03-22AhnLabAhnLab ASEC Analysis Team
@online{team:20210322:external:334c7ce, author = {AhnLab ASEC Analysis Team}, title = {{대북관련 본문 내용의 External 링크를 이용한 악성 워드 문서}}, date = {2021-03-22}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/21359/}, language = {Korean}, urldate = {2021-03-25} } 대북관련 본문 내용의 External 링크를 이용한 악성 워드 문서
2021-03-18ProofpointBrandon Murphy, Dennis Schwarz, Jack Mott, Proofpoint Threat Research Team
@online{murphy:20210318:now:d4bd40e, author = {Brandon Murphy and Dennis Schwarz and Jack Mott and Proofpoint Threat Research Team}, title = {{Now You See It, Now You Don’t: CopperStealer Performs Widespread Theft}}, date = {2021-03-18}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/now-you-see-it-now-you-dont-copperstealer-performs-widespread-theft}, language = {English}, urldate = {2021-03-19} } Now You See It, Now You Don’t: CopperStealer Performs Widespread Theft
CopperStealer SmokeLoader
2021-03-16MicrosoftMSRC Team
@online{team:20210316:guidance:c9a881b, author = {MSRC Team}, title = {{Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities}}, date = {2021-03-16}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2021/03/16/guidance-for-responders-investigating-and-remediating-on-premises-exchange-server-vulnerabilities/}, language = {English}, urldate = {2021-03-19} } Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities
2021-03-15Team CymruJosh Hopkins
@online{hopkins:20210315:fin8:838cdc2, author = {Josh Hopkins}, title = {{FIN8: BADHATCH Threat Indicator Enrichmen}}, date = {2021-03-15}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/03/15/fin8-badhatch-threat-indicator-enrichment/}, language = {English}, urldate = {2021-03-18} } FIN8: BADHATCH Threat Indicator Enrichmen
BADHATCH
2021-03-10ProofpointDennis Schwarz, Matthew Mesa, Proofpoint Threat Research Team
@online{schwarz:20210310:nimzaloader:f6960d4, author = {Dennis Schwarz and Matthew Mesa and Proofpoint Threat Research Team}, title = {{NimzaLoader: TA800’s New Initial Access Malware}}, date = {2021-03-10}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware}, language = {English}, urldate = {2021-03-12} } NimzaLoader: TA800’s New Initial Access Malware
BazarNimrod Cobalt Strike
2021-03-09MicrosoftMSRC Team
@online{team:20210309:microsoft:3e03bbf, author = {MSRC Team}, title = {{Microsoft Exchange Server Vulnerabilities Mitigations – updated March 9, 2021}}, date = {2021-03-09}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021}, language = {English}, urldate = {2021-03-10} } Microsoft Exchange Server Vulnerabilities Mitigations – updated March 9, 2021
HAFNIUM
2021-03-09splunkSecurity Research Team
@online{team:20210309:cloud:4deeb78, author = {Security Research Team}, title = {{Cloud Federated Credential Abuse & Cobalt Strike: Threat Research February 2021}}, date = {2021-03-09}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/cloud-federated-credential-abuse-cobalt-strike-threat-research-feb-2021.html}, language = {English}, urldate = {2021-03-11} } Cloud Federated Credential Abuse & Cobalt Strike: Threat Research February 2021
Cobalt Strike