Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-18BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20211118:threat:7fd07f8, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: DanaBot’s Evolution from Bank Fraud to DDos Attacks}}, date = {2021-11-18}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/11/threat-thursday-danabot-malware-as-a-service}, language = {English}, urldate = {2021-11-25} } Threat Thursday: DanaBot’s Evolution from Bank Fraud to DDos Attacks
DanaBot
2021-11-18Red CanaryThe Red Canary Team
@online{team:20211118:intelligence:7b00cb9, author = {The Red Canary Team}, title = {{Intelligence Insights: November 2021}}, date = {2021-11-18}, organization = {Red Canary}, url = {https://redcanary.com/blog/intelligence-insights-november-2021/}, language = {English}, urldate = {2021-11-19} } Intelligence Insights: November 2021
Andromeda Conti LockBit QakBot Squirrelwaffle
2021-11-18SansecSansec Threat Research Team
@online{team:20211118:linux:c11c884, author = {Sansec Threat Research Team}, title = {{Linux malware agent hits eCommerce sites}}, date = {2021-11-18}, organization = {Sansec}, url = {https://sansec.io/research/ecommerce-malware-linux-avp}, language = {English}, urldate = {2021-11-19} } Linux malware agent hits eCommerce sites
2021-11-16Digital ShadowsPhoton Research Team
@online{team:20211116:vulnerability:c57b42b, author = {Photon Research Team}, title = {{Vulnerability Intelligence: What’s the Word in Dark Web Forums?}}, date = {2021-11-16}, organization = {Digital Shadows}, url = {https://www.digitalshadows.com/blog-and-research/vulnerability-intelligence-whats-the-word-in-dark-web-forums/}, language = {English}, urldate = {2021-11-18} } Vulnerability Intelligence: What’s the Word in Dark Web Forums?
2021-11-16MandiantGabriella Roncone, Alden Wahlstrom, Alice Revelli, David Mainor, Sam Riddell, Ben Read, Mandiant Research Team
@online{roncone:20211116:unc1151:a2da6dc, author = {Gabriella Roncone and Alden Wahlstrom and Alice Revelli and David Mainor and Sam Riddell and Ben Read and Mandiant Research Team}, title = {{UNC1151 Assessed with High Confidence to have Links to Belarus, Ghostwriter Campaign Aligned with Belarusian Government Interests}}, date = {2021-11-16}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/unc1151-linked-to-belarus-government}, language = {English}, urldate = {2021-11-17} } UNC1151 Assessed with High Confidence to have Links to Belarus, Ghostwriter Campaign Aligned with Belarusian Government Interests
2021-11-16AhnLabAhnLab ASEC Analysis Team
@techreport{team:20211116:kimsuky:77a82f6, author = {AhnLab ASEC Analysis Team}, title = {{Kimsuky 그룹의 APT 공격 분석 보고서 (AppleSeed, PebbleDash)}}, date = {2021-11-16}, institution = {AhnLab}, url = {https://asec.ahnlab.com/wp-content/uploads/2021/11/Kimsuky-%EA%B7%B8%EB%A3%B9%EC%9D%98-APT-%EA%B3%B5%EA%B2%A9-%EB%B6%84%EC%84%9D-%EB%B3%B4%EA%B3%A0%EC%84%9C-AppleSeed-PebbleDash.pdf}, language = {English}, urldate = {2021-11-17} } Kimsuky 그룹의 APT 공격 분석 보고서 (AppleSeed, PebbleDash)
Appleseed PEBBLEDASH
2021-11-16MalwarebytesMalwarebytes Threat Intelligence Team
@online{team:20211116:trickbot:b624694, author = {Malwarebytes Threat Intelligence Team}, title = {{TrickBot helps Emotet come back from the dead}}, date = {2021-11-16}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/11/trickbot-helps-emotet-come-back-from-the-dead/}, language = {English}, urldate = {2021-11-17} } TrickBot helps Emotet come back from the dead
Emotet TrickBot
2021-11-15binarlyBinarly Team
@online{team:20211115:design:f220a4c, author = {Binarly Team}, title = {{Design issues of modern EDRs: bypassing ETW-based solutions}}, date = {2021-11-15}, organization = {binarly}, url = {https://www.binarly.io/posts/Design_issues_of_modern_EDR%E2%80%99s_bypassing_ETW-based_solutions/index.html}, language = {English}, urldate = {2021-11-19} } Design issues of modern EDRs: bypassing ETW-based solutions
ESPecter FinFisher RAT
2021-11-11Trend MicroDavid Fiser, Alfredo Oliveira
@online{fiser:20211111:teamtnt:fe67ef2, author = {David Fiser and Alfredo Oliveira}, title = {{TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments}}, date = {2021-11-11}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/k/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-env.html}, language = {English}, urldate = {2021-11-12} } TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments
2021-11-11BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20211111:threat:7b2544e, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: SquirrelWaffle Takes a Bite Out of Victim's Bank Accounts}}, date = {2021-11-11}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/11/threat-thursday-squirrelwaffle-loader}, language = {English}, urldate = {2021-11-17} } Threat Thursday: SquirrelWaffle Takes a Bite Out of Victim's Bank Accounts
Squirrelwaffle
2021-11-11splunkSplunk Threat Research Team
@online{team:20211111:fin7:cd0d233, author = {Splunk Threat Research Team}, title = {{FIN7 Tools Resurface in the Field – Splinter or Copycat?}}, date = {2021-11-11}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/fin7-tools-resurface-in-the-field-splinter-or-copycat.html}, language = {English}, urldate = {2021-11-12} } FIN7 Tools Resurface in the Field – Splinter or Copycat?
JSSLoader Remcos
2021-11-11MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20211111:html:410a27f, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks}}, date = {2021-11-11}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/}, language = {English}, urldate = {2021-11-12} } HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks
AsyncRAT Mekotio NjRAT
2021-11-10RandoriRandori Attack Team
@online{team:20211110:zeroday:3c362f3, author = {Randori Attack Team}, title = {{Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064}}, date = {2021-11-10}, organization = {Randori}, url = {https://www.randori.com/blog/cve-2021-3064/}, language = {English}, urldate = {2021-11-17} } Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064
2021-11-10SekoiaCyber Threat Intelligence team
@online{team:20211110:walking:cc41f24, author = {Cyber Threat Intelligence team}, title = {{Walking on APT31 infrastructure footprints}}, date = {2021-11-10}, organization = {Sekoia}, url = {https://www.sekoia.io/en/walking-on-apt31-infrastructure-footprints/}, language = {English}, urldate = {2021-11-11} } Walking on APT31 infrastructure footprints
Rekoobe Unidentified ELF 004 Cobalt Strike
2021-11-09Trend MicroTrend Micro Research
@online{research:20211109:compromised:47958cb, author = {Trend Micro Research}, title = {{Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT}}, date = {2021-11-09}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/k/compromised-docker-hub-accounts-abused-for-cryptomining-linked-t.html}, language = {English}, urldate = {2021-11-25} } Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT
2021-11-09CybereasonCybereason Global SOC Team
@online{team:20211109:threat:9f898c9, author = {Cybereason Global SOC Team}, title = {{THREAT ANALYSIS REPORT: From Shatak Emails to the Conti Ransomware}}, date = {2021-11-09}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-from-shatak-emails-to-the-conti-ransomware}, language = {English}, urldate = {2021-11-25} } THREAT ANALYSIS REPORT: From Shatak Emails to the Conti Ransomware
Cobalt Strike Conti
2021-11-08NCC GroupRIFT: Research and Intelligence Fusion Team
@online{team:20211108:ta505:5a3c385, author = {RIFT: Research and Intelligence Fusion Team}, title = {{TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access}}, date = {2021-11-08}, organization = {NCC Group}, url = {https://research.nccgroup.com/2021/11/08/ta505-exploits-solarwinds-serv-u-vulnerability-cve-2021-35211-for-initial-access/}, language = {English}, urldate = {2021-11-09} } TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access
2021-11-05BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20211105:hunter:3c7bab9, author = {The BlackBerry Research & Intelligence Team}, title = {{Hunter Becomes Hunted: Zebra2104 Hides a Herd of Malware}}, date = {2021-11-05}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/11/zebra2104}, language = {English}, urldate = {2021-11-08} } Hunter Becomes Hunted: Zebra2104 Hides a Herd of Malware
Cobalt Strike DoppelDridex Mount Locker Phobos StrongPity
2021-11-04BlackberryBlackBerry Research & Intelligence Team
@online{team:20211104:threat:41a70b2, author = {BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: Karma Ransomware}}, date = {2021-11-04}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/11/threat-thursday-karma-ransomware}, language = {English}, urldate = {2021-11-08} } Threat Thursday: Karma Ransomware
karma
2021-11-04splunkSplunk Threat Research Team
@online{team:20211104:detecting:d8aba5b, author = {Splunk Threat Research Team}, title = {{Detecting IcedID... Could It Be A Trickbot Copycat?}}, date = {2021-11-04}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-icedid-could-it-be-a-trickbot-copycat.html}, language = {English}, urldate = {2021-11-08} } Detecting IcedID... Could It Be A Trickbot Copycat?
IcedID