Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-12-02Avast DecodedThreat Intelligence Team
@online{team:20221202:hitching:0cb7557, author = {Threat Intelligence Team}, title = {{Hitching a ride with Mustang Panda}}, date = {2022-12-02}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatintel/apt-treasure-trove-avast-suspects-chinese-apt-group-mustang-panda-is-collecting-data-from-burmese-government-agencies-and-opposition-groups/}, language = {English}, urldate = {2022-12-02} } Hitching a ride with Mustang Panda
PlugX
2022-08-25MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Research Team, Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20220825:mercury:a02a670, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team and Microsoft 365 Defender Threat Intelligence Team}, title = {{MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations}}, date = {2022-08-25}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/25/mercury-leveraging-log4j-2-vulnerabilities-in-unpatched-systems-to-target-israeli-organizations}, language = {English}, urldate = {2022-08-30} } MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
MimiKatz
2022-08-15MalwarebytesThreat Intelligence Team
@online{team:20220815:threat:791daf7, author = {Threat Intelligence Team}, title = {{Threat Intelligence - JSSLoader: the shellcode edition}}, date = {2022-08-15}, organization = {Malwarebytes}, url = {https://malwarebytes.app.box.com/s/ym6r7o5hq0rx2nxjbctfv2sw5vx386ni}, language = {English}, urldate = {2022-08-19} } Threat Intelligence - JSSLoader: the shellcode edition
JSSLoader
2022-08-15MalwarebytesThreat Intelligence Team
@online{team:20220815:jssloader:8dde76b, author = {Threat Intelligence Team}, title = {{JSSLoader: the shellcode edition}}, date = {2022-08-15}, organization = {Malwarebytes}, url = {https://www.malwarebytes.com/blog/threat-intelligence/2022/08/jssloader-the-shellcode-edition}, language = {English}, urldate = {2022-08-19} } JSSLoader: the shellcode edition
JSSLoader
2022-07-20MalwarebytesThreat Intelligence Team
@online{team:20220720:google:562a515, author = {Threat Intelligence Team}, title = {{Google Ads Lead to Major Malvertising Campaign}}, date = {2022-07-20}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/07/google-ads-lead-to-major-malvertising-campaign}, language = {English}, urldate = {2022-07-25} } Google Ads Lead to Major Malvertising Campaign
2022-06-21Malwarebytes LabsThreat Intelligence Team
@online{team:20220621:russias:a934a10, author = {Threat Intelligence Team}, title = {{Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine}}, date = {2022-06-21}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/06/russias-apt28-uses-fear-of-nuclear-war-to-spread-follina-docs-in-ukraine/}, language = {English}, urldate = {2022-06-22} } Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine
2022-06-13MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20220613:many:7681eda, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{The many lives of BlackCat ransomware}}, date = {2022-06-13}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/}, language = {English}, urldate = {2022-06-15} } The many lives of BlackCat ransomware
BlackCat
2022-06-08Malwarebytes LabsThreat Intelligence Team
@online{team:20220608:makemoney:a8f6163, author = {Threat Intelligence Team}, title = {{MakeMoney malvertising campaign adds fake update template}}, date = {2022-06-08}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/06/makemoney-malvertising-campaign-adds-fake-update-template/}, language = {English}, urldate = {2022-06-15} } MakeMoney malvertising campaign adds fake update template
FAKEUPDATES
2022-06-03Avast DecodedThreat Intelligence Team
@online{team:20220603:outbreak:f121601, author = {Threat Intelligence Team}, title = {{Outbreak of Follina in Australia}}, date = {2022-06-03}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatintel/outbreak-of-follina-in-australia}, language = {English}, urldate = {2022-08-30} } Outbreak of Follina in Australia
AsyncRAT APT40
2022-06-03AvastThreat Intelligence Team
@online{team:20220603:outbreak:ee565fa, author = {Threat Intelligence Team}, title = {{Outbreak of Follina in Australia}}, date = {2022-06-03}, organization = {Avast}, url = {https://decoded.avast.io/threatintel/outbreak-of-follina-in-australia/}, language = {English}, urldate = {2022-07-25} } Outbreak of Follina in Australia
AsyncRAT
2022-05-16Malwarebytes LabsThreat Intelligence Team
@online{team:20220516:custom:5fe917a, author = {Threat Intelligence Team}, title = {{Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis}}, date = {2022-05-16}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/05/custom-powershell-rat-targets-germans-seeking-information-about-the-ukraine-crisis/}, language = {English}, urldate = {2022-05-17} } Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis
Unidentified PS 003 (RAT)
2022-05-10Malwarebytes LabsThreat Intelligence Team
@online{team:20220510:apt34:b733b84, author = {Threat Intelligence Team}, title = {{APT34 targets Jordan Government using new Saitama backdoor}}, date = {2022-05-10}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/05/apt34-targets-jordan-government-using-new-saitama-backdoor/}, language = {English}, urldate = {2022-05-13} } APT34 targets Jordan Government using new Saitama backdoor
Saitama Backdoor
2022-05-09MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20220509:ransomwareasaservice:13ec472, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself}}, date = {2022-05-09}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself}, language = {English}, urldate = {2022-05-17} } Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT
2022-05-09Microsoft SecurityMicrosoft Threat Intelligence Center, Microsoft 365 Defender Threat Intelligence Team
@online{center:20220509:ransomwareasaservice:3dac44d, author = {Microsoft Threat Intelligence Center and Microsoft 365 Defender Threat Intelligence Team}, title = {{Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself}}, date = {2022-05-09}, organization = {Microsoft Security}, url = {https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/}, language = {English}, urldate = {2022-06-02} } Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
Griffon BazarBackdoor BlackCat BlackMatter Blister Gozi LockBit Pandora Rook SystemBC TrickBot
2022-05-05Malwarebytes LabsThreat Intelligence Team
@online{team:20220505:nigerian:4c047d9, author = {Threat Intelligence Team}, title = {{Nigerian Tesla: 419 scammer gone malware distributor unmasked}}, date = {2022-05-05}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/05/nigerian-tesla-419-scammer-gone-malware-distributor-unmasked/}, language = {English}, urldate = {2022-05-08} } Nigerian Tesla: 419 scammer gone malware distributor unmasked
Agent Tesla
2022-04-13MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20220413:dismantling:ace8546, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware}}, date = {2022-04-13}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/04/13/dismantling-zloader-how-malicious-ads-led-to-disabled-security-tools-and-ransomware/}, language = {English}, urldate = {2022-04-14} } Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
BlackMatter Cobalt Strike DarkSide Ryuk Zloader
2022-03-28AvastThreat Intelligence Team
@online{team:20220328:avast:03620fb, author = {Threat Intelligence Team}, title = {{Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool}}, date = {2022-03-28}, organization = {Avast}, url = {https://decoded.avast.io/threatintel/avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool/}, language = {English}, urldate = {2022-04-05} } Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool
Unidentified 091
2022-03-22MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Detection and Response Team (DART), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20220322:dev0537:eea56dc, author = {Microsoft Threat Intelligence Center (MSTIC) and Detection and Response Team (DART) and Microsoft 365 Defender Threat Intelligence Team}, title = {{DEV-0537 (UNC3661) criminal actor targeting organizations for data exfiltration and destruction}}, date = {2022-03-22}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/}, language = {English}, urldate = {2022-08-05} } DEV-0537 (UNC3661) criminal actor targeting organizations for data exfiltration and destruction
RedLine Stealer LAPSUS
2022-03-18MalwarebytesThreat Intelligence Team
@online{team:20220318:double:fde615f, author = {Threat Intelligence Team}, title = {{Double header: IsaacWiper and CaddyWiper}}, date = {2022-03-18}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/03/double-header-isaacwiper-and-caddywiper/}, language = {English}, urldate = {2022-03-28} } Double header: IsaacWiper and CaddyWiper
CaddyWiper IsaacWiper
2022-02-02MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20220202:evolution:4f55642, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{The evolution of a Mac trojan: UpdateAgent’s progression}}, date = {2022-02-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/02/02/the-evolution-of-a-mac-trojan-updateagents-progression/}, language = {English}, urldate = {2022-02-04} } The evolution of a Mac trojan: UpdateAgent’s progression
UpdateAgent