Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-19splunkSplunk Threat Research Team
@online{team:20220519:threat:63b1c42, author = {Splunk Threat Research Team}, title = {{Threat Update: AcidRain Wiper}}, date = {2022-05-19}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/threat-update-acidrain-wiper.html}, language = {English}, urldate = {2022-05-29} } Threat Update: AcidRain Wiper
AcidRain
2022-04-15splunkSplunk Threat Research Team
@online{team:20220415:strtta03:9292c09, author = {Splunk Threat Research Team}, title = {{STRT-TA03 CPE - Destructive Software}}, date = {2022-04-15}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/strt-ta03-cpe-destructive-software.html}, language = {English}, urldate = {2022-04-29} } STRT-TA03 CPE - Destructive Software
AcidRain CyclopsBlink
2022-04-07splunkSplunk Threat Research Team
@online{team:20220407:you:2d088bc, author = {Splunk Threat Research Team}, title = {{You Bet Your Lsass: Hunting LSASS Access}}, date = {2022-04-07}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/you-bet-your-lsass-hunting-lsass-access.html}, language = {English}, urldate = {2022-05-04} } You Bet Your Lsass: Hunting LSASS Access
Cobalt Strike MimiKatz
2022-04-01splunkSplunk Threat Research Team
@online{team:20220401:threat:1955941, author = {Splunk Threat Research Team}, title = {{Threat Update: CaddyWiper}}, date = {2022-04-01}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/threat-update-caddywiper.html}, language = {English}, urldate = {2022-04-12} } Threat Update: CaddyWiper
CaddyWiper
2022-03-28splunkSplunk Threat Research Team
@online{team:20220328:threat:5310e19, author = {Splunk Threat Research Team}, title = {{Threat Update DoubleZero Destructor}}, date = {2022-03-28}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/threat-update-doublezero-destructor.html}, language = {English}, urldate = {2022-03-30} } Threat Update DoubleZero Destructor
DoubleZero
2022-03-10splunkSplunk Threat Research Team
@online{team:20220310:detecting:d1cb280, author = {Splunk Threat Research Team}, title = {{Detecting HermeticWiper}}, date = {2022-03-10}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-hermeticwiper.html}, language = {English}, urldate = {2022-03-22} } Detecting HermeticWiper
HermeticWiper PartyTicket
2022-03-03Avast DecodedThreat Research Team
@online{team:20220303:help:d086921, author = {Threat Research Team}, title = {{Help for Ukraine: Free decryptor for HermeticRansom ransomware}}, date = {2022-03-03}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatresearch/help-for-ukraine-free-decryptor-for-hermeticransom-ransomware/}, language = {English}, urldate = {2022-03-03} } Help for Ukraine: Free decryptor for HermeticRansom ransomware
PartyTicket
2022-03-01ProofpointMichael Raggi, Zydeca Cass, Proofpoint Threat Research Team
@online{raggi:20220301:asylum:27cfa43, author = {Michael Raggi and Zydeca Cass and Proofpoint Threat Research Team}, title = {{Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement}}, date = {2022-03-01}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails}, language = {English}, urldate = {2022-03-10} } Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement
SunSeed
2022-02-08SansecSansec Threat Research Team
@online{team:20220208:naturalfreshmall:0a354ba, author = {Sansec Threat Research Team}, title = {{NaturalFreshMall: a mass store hack}}, date = {2022-02-08}, organization = {Sansec}, url = {https://sansec.io/research/naturalfreshmall-mass-hack}, language = {English}, urldate = {2022-02-10} } NaturalFreshMall: a mass store hack
2022-02-07Avast DecodedAvast Threat Research Team
@online{team:20220207:decrypted:f204a1f, author = {Avast Threat Research Team}, title = {{Decrypted: TargetCompany Ransomware}}, date = {2022-02-07}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatresearch/decrypted-targetcompany-ransomware/}, language = {English}, urldate = {2022-02-10} } Decrypted: TargetCompany Ransomware
TargetCompany
2022-01-27splunkSplunk Threat Research Team
@online{team:20220127:threat:ea9f405, author = {Splunk Threat Research Team}, title = {{Threat Advisory: STRT-TA02 - Destructive Software}}, date = {2022-01-27}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/threat-advisory-strt-ta02-destructive-software.html}, language = {English}, urldate = {2022-02-01} } Threat Advisory: STRT-TA02 - Destructive Software
WhisperGate
2022-01-27splunkSplunk Threat Research Team
@online{team:20220127:threat:6829079, author = {Splunk Threat Research Team}, title = {{Threat Advisory: STRT-TA02 - Destructive Software}}, date = {2022-01-27}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/threat-advisory-strt-ta02-destructive-software.html?splunk}, language = {English}, urldate = {2022-02-02} } Threat Advisory: STRT-TA02 - Destructive Software
WhisperGate
2022-01-10splunkSplunk Threat Research Team
@online{team:20220110:detecting:a46a6e5, author = {Splunk Threat Research Team}, title = {{Detecting Malware Script Loaders using Remcos: Threat Research Release December 2021}}, date = {2022-01-10}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-malware-script-loaders-using-remcos-threat-research-release-december-2021.html}, language = {English}, urldate = {2022-01-25} } Detecting Malware Script Loaders using Remcos: Threat Research Release December 2021
Remcos
2021-11-24SansecSansec Threat Research Team
@online{team:20211124:cronrat:c716236, author = {Sansec Threat Research Team}, title = {{CronRAT malware hides behind February 31st}}, date = {2021-11-24}, organization = {Sansec}, url = {https://sansec.io/research/cronrat}, language = {English}, urldate = {2021-11-29} } CronRAT malware hides behind February 31st
CronRAT
2021-11-18SansecSansec Threat Research Team
@online{team:20211118:linux:c11c884, author = {Sansec Threat Research Team}, title = {{Linux malware agent hits eCommerce sites}}, date = {2021-11-18}, organization = {Sansec}, url = {https://sansec.io/research/ecommerce-malware-linux-avp}, language = {English}, urldate = {2021-11-19} } Linux malware agent hits eCommerce sites
2021-11-11splunkSplunk Threat Research Team
@online{team:20211111:fin7:cd0d233, author = {Splunk Threat Research Team}, title = {{FIN7 Tools Resurface in the Field – Splinter or Copycat?}}, date = {2021-11-11}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/fin7-tools-resurface-in-the-field-splinter-or-copycat.html}, language = {English}, urldate = {2021-11-12} } FIN7 Tools Resurface in the Field – Splinter or Copycat?
JSSLoader Remcos
2021-11-04splunkSplunk Threat Research Team
@online{team:20211104:detecting:d8aba5b, author = {Splunk Threat Research Team}, title = {{Detecting IcedID... Could It Be A Trickbot Copycat?}}, date = {2021-11-04}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-icedid-could-it-be-a-trickbot-copycat.html}, language = {English}, urldate = {2021-11-08} } Detecting IcedID... Could It Be A Trickbot Copycat?
IcedID
2021-07-21splunkSplunk Threat Research Team
@online{team:20210721:detecting:ceb179f, author = {Splunk Threat Research Team}, title = {{Detecting Trickbot with Splunk}}, date = {2021-07-21}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-trickbots.html}, language = {English}, urldate = {2021-07-22} } Detecting Trickbot with Splunk
TrickBot
2021-07-20Advanced threat research team
@online{team:20210720:lazarus:fca9f17, author = {Advanced threat research team}, title = {{Lazarus organizes social engineering attacks on the cryptocurrency industry}}, date = {2021-07-20}, url = {https://mp.weixin.qq.com/s/y-SHoh9f5qwAwqml3uf8vw}, language = {Chinese}, urldate = {2021-07-26} } Lazarus organizes social engineering attacks on the cryptocurrency industry
2021-07-19ProofpointJoe Wise, Konstantin Klinger, Selena Larson, Proofpoint Threat Research Team
@online{wise:20210719:new:cb02a85, author = {Joe Wise and Konstantin Klinger and Selena Larson and Proofpoint Threat Research Team}, title = {{New Threat Actor Uses Spanish Language Lures to Distribute Seldom Observed Bandook Malware}}, date = {2021-07-19}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/new-threat-actor-uses-spanish-language-lures-distribute-seldom-observed-bandook}, language = {English}, urldate = {2021-07-26} } New Threat Actor Uses Spanish Language Lures to Distribute Seldom Observed Bandook Malware
Bandook