Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-11-22ProofpointAlexander Rausch, Proofpoint Threat Research Team
@online{rausch:20221122:nighthawk:48f730c, author = {Alexander Rausch and Proofpoint Threat Research Team}, title = {{Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice}}, date = {2022-11-22}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice}, language = {English}, urldate = {2022-11-22} } Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice
Nighthawk
2022-11-16splunkSplunk Threat Research Team
@online{team:20221116:inside:6c4f291, author = {Splunk Threat Research Team}, title = {{Inside the Mind of a ‘Rat’ - Agent Tesla Detection and Analysis}}, date = {2022-11-16}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/inside-the-mind-of-a-rat-agent-tesla-detection-and-analysis.html}, language = {English}, urldate = {2022-11-28} } Inside the Mind of a ‘Rat’ - Agent Tesla Detection and Analysis
Agent Tesla
2022-10-04splunkSplunk Threat Research Team
@online{team:20221004:deliver:dba14df, author = {Splunk Threat Research Team}, title = {{Deliver a Strike by Reversing a Badger: Brute Ratel Detection and Analysis}}, date = {2022-10-04}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/deliver-a-strike-by-reversing-a-badger-brute-ratel-detection-and-analysis.html}, language = {English}, urldate = {2022-10-06} } Deliver a Strike by Reversing a Badger: Brute Ratel Detection and Analysis
Brute Ratel C4
2022-09-13Sansec Threat ResearchSansec Threat Research Team
@online{team:20220913:magento:5f0f103, author = {Sansec Threat Research Team}, title = {{Magento vendor Fishpig hacked, backdoors added}}, date = {2022-09-13}, organization = {Sansec Threat Research}, url = {https://sansec.io/research/rekoobe-fishpig-magento}, language = {English}, urldate = {2022-09-15} } Magento vendor Fishpig hacked, backdoors added
Rekoobe
2022-08-25splunkSplunk Threat Research Team
@online{team:20220825:applocker:7ed5b33, author = {Splunk Threat Research Team}, title = {{AppLocker Rules as Defense Evasion: Complete Analysis}}, date = {2022-08-25}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/-applocker-rules-as-defense-evasion-complete-analysis.html}, language = {English}, urldate = {2022-08-30} } AppLocker Rules as Defense Evasion: Complete Analysis
Azorult
2022-08-18ProofpointJoe Wise, Selena Larson, Proofpoint Threat Research Team
@online{wise:20220818:reservations:c2f9faf, author = {Joe Wise and Selena Larson and Proofpoint Threat Research Team}, title = {{Reservations Requested: TA558 Targets Hospitality and Travel}}, date = {2022-08-18}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel}, language = {English}, urldate = {2022-08-18} } Reservations Requested: TA558 Targets Hospitality and Travel
AsyncRAT Loda NjRAT Ozone RAT Revenge RAT Vjw0rm
2022-08-15MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Office 365 Threat Research Team, Digital Threat Analysis Center (DTAC)
@online{mstic:20220815:disrupting:6429d3a, author = {Microsoft Threat Intelligence Center (MSTIC) and Office 365 Threat Research Team and Digital Threat Analysis Center (DTAC)}, title = {{Disrupting SEABORGIUM’s ongoing phishing operations}}, date = {2022-08-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations}, language = {English}, urldate = {2022-08-18} } Disrupting SEABORGIUM’s ongoing phishing operations
Callisto
2022-08-15MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Office 365 Threat Research Team, Digital Threat Analysis Center (DTAC)
@online{mstic:20220815:disrupting:528a65e, author = {Microsoft Threat Intelligence Center (MSTIC) and Office 365 Threat Research Team and Digital Threat Analysis Center (DTAC)}, title = {{Disrupting SEABORGIUM’s ongoing phishing operations}}, date = {2022-08-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/}, language = {English}, urldate = {2022-08-17} } Disrupting SEABORGIUM’s ongoing phishing operations
2022-07-26splunkSplunk Threat Research Team
@online{team:20220726:ml:048aaa9, author = {Splunk Threat Research Team}, title = {{ML Detection of Risky Command Exploit}}, date = {2022-07-26}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/ml-detection-of-risky-command-exploit.html}, language = {English}, urldate = {2022-08-22} } ML Detection of Risky Command Exploit
2022-07-21ProofpointBryan Campbell, Pim Trouerbach, Selena Larson, Proofpoint Threat Research Team
@online{campbell:20220721:buy:bf7d3c4, author = {Bryan Campbell and Pim Trouerbach and Selena Larson and Proofpoint Threat Research Team}, title = {{Buy, Sell, Steal, EvilNum Targets Cryptocurrency, Forex, Commodities}}, date = {2022-07-21}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/buy-sell-steal-evilnum-targets-cryptocurrency-forex-commodities}, language = {English}, urldate = {2022-07-25} } Buy, Sell, Steal, EvilNum Targets Cryptocurrency, Forex, Commodities
EVILNUM
2022-07-14ProofpointCrista Giering, Joshua Miller, Michael Raggi, Proofpoint Threat Research Team
@online{giering:20220714:above:06891ca, author = {Crista Giering and Joshua Miller and Michael Raggi and Proofpoint Threat Research Team}, title = {{Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media}}, date = {2022-07-14}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists}, language = {English}, urldate = {2022-07-15} } Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media
Chinoxy
2022-06-23splunkSplunk Threat Research Team
@online{team:20220623:threat:c75f097, author = {Splunk Threat Research Team}, title = {{Threat Update: Industroyer2}}, date = {2022-06-23}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/threat-update-industroyer2.html}, language = {English}, urldate = {2022-08-22} } Threat Update: Industroyer2
INDUSTROYER2
2022-05-19splunkSplunk Threat Research Team
@online{team:20220519:threat:63b1c42, author = {Splunk Threat Research Team}, title = {{Threat Update: AcidRain Wiper}}, date = {2022-05-19}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/threat-update-acidrain-wiper.html}, language = {English}, urldate = {2022-05-29} } Threat Update: AcidRain Wiper
AcidRain
2022-04-15splunkSplunk Threat Research Team
@online{team:20220415:strtta03:9292c09, author = {Splunk Threat Research Team}, title = {{STRT-TA03 CPE - Destructive Software}}, date = {2022-04-15}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/strt-ta03-cpe-destructive-software.html}, language = {English}, urldate = {2022-04-29} } STRT-TA03 CPE - Destructive Software
AcidRain CyclopsBlink
2022-04-07splunkSplunk Threat Research Team
@online{team:20220407:you:2d088bc, author = {Splunk Threat Research Team}, title = {{You Bet Your Lsass: Hunting LSASS Access}}, date = {2022-04-07}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/you-bet-your-lsass-hunting-lsass-access.html}, language = {English}, urldate = {2022-05-04} } You Bet Your Lsass: Hunting LSASS Access
Cobalt Strike MimiKatz
2022-04-01splunkSplunk Threat Research Team
@online{team:20220401:threat:1955941, author = {Splunk Threat Research Team}, title = {{Threat Update: CaddyWiper}}, date = {2022-04-01}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/threat-update-caddywiper.html}, language = {English}, urldate = {2022-04-12} } Threat Update: CaddyWiper
CaddyWiper
2022-03-28splunkSplunk Threat Research Team
@online{team:20220328:threat:5310e19, author = {Splunk Threat Research Team}, title = {{Threat Update DoubleZero Destructor}}, date = {2022-03-28}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/threat-update-doublezero-destructor.html}, language = {English}, urldate = {2022-03-30} } Threat Update DoubleZero Destructor
DoubleZero
2022-03-10splunkSplunk Threat Research Team
@online{team:20220310:detecting:d1cb280, author = {Splunk Threat Research Team}, title = {{Detecting HermeticWiper}}, date = {2022-03-10}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-hermeticwiper.html}, language = {English}, urldate = {2022-03-22} } Detecting HermeticWiper
HermeticWiper PartyTicket
2022-03-03Avast DecodedThreat Research Team
@online{team:20220303:help:d086921, author = {Threat Research Team}, title = {{Help for Ukraine: Free decryptor for HermeticRansom ransomware}}, date = {2022-03-03}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatresearch/help-for-ukraine-free-decryptor-for-hermeticransom-ransomware/}, language = {English}, urldate = {2022-03-03} } Help for Ukraine: Free decryptor for HermeticRansom ransomware
PartyTicket
2022-03-01ProofpointMichael Raggi, Zydeca Cass, Proofpoint Threat Research Team
@online{raggi:20220301:asylum:27cfa43, author = {Michael Raggi and Zydeca Cass and Proofpoint Threat Research Team}, title = {{Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement}}, date = {2022-03-01}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails}, language = {English}, urldate = {2022-03-10} } Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement
SunSeed