Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-02-16EclecticIQEclecticIQ Threat Research Team
@online{team:20230216:three:f838713, author = {EclecticIQ Threat Research Team}, title = {{Three Cases of Cyber Attacks on the Security Service of Ukraine and NATO Allies, Likely by Russian State-Sponsored Gamaredon}}, date = {2023-02-16}, organization = {EclecticIQ}, url = {https://blog.eclecticiq.com/three-cases-of-cyber-attacks-on-the-security-service-of-ukraine-and-nato-allies-likely-by-russian-state-sponsored-gamaredon}, language = {English}, urldate = {2023-02-21} } Three Cases of Cyber Attacks on the Security Service of Ukraine and NATO Allies, Likely by Russian State-Sponsored Gamaredon
2023-02-02EclecticIQEclecticIQ Threat Research Team
@online{team:20230202:mustang:cac147b, author = {EclecticIQ Threat Research Team}, title = {{Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware}}, date = {2023-02-02}, organization = {EclecticIQ}, url = {https://blog.eclecticiq.com/mustang-panda-apt-group-uses-european-commission-themed-lure-to-deliver-plugx-malware}, language = {English}, urldate = {2023-02-06} } Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware
PlugX
2023-01-25ProofpointGreg Lesnewich, Proofpoint Threat Research Team
@online{lesnewich:20230125:ta444:ae76e7b, author = {Greg Lesnewich and Proofpoint Threat Research Team}, title = {{TA444: The APT Startup Aimed at Acquisition (of Your Funds)}}, date = {2023-01-25}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/ta444-apt-startup-aimed-at-your-funds}, language = {English}, urldate = {2023-01-25} } TA444: The APT Startup Aimed at Acquisition (of Your Funds)
CageyChameleon
2023-01-12EclecticIQEclecticIQ Threat Research Team
@online{team:20230112:qakbot:a26156d, author = {EclecticIQ Threat Research Team}, title = {{QakBot Malware Used Unpatched Vulnerability to Bypass Windows OS Security Feature}}, date = {2023-01-12}, organization = {EclecticIQ}, url = {https://blog.eclecticiq.com/qakbot-malware-used-unpatched-vulnerability-to-bypass-windows-os-security-feature}, language = {English}, urldate = {2023-01-16} } QakBot Malware Used Unpatched Vulnerability to Bypass Windows OS Security Feature
QakBot
2022-12-01splunkSplunk Threat Research Team
@online{team:20221201:from:4ac8d82, author = {Splunk Threat Research Team}, title = {{From Macros to No Macros: Continuous Malware Improvements by QakBot}}, date = {2022-12-01}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/from-macros-to-no-macros-continuous-malware-improvements-by-qakbot.html}, language = {English}, urldate = {2022-12-05} } From Macros to No Macros: Continuous Malware Improvements by QakBot
QakBot
2022-11-22ProofpointAlexander Rausch, Proofpoint Threat Research Team
@online{rausch:20221122:nighthawk:48f730c, author = {Alexander Rausch and Proofpoint Threat Research Team}, title = {{Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice}}, date = {2022-11-22}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice}, language = {English}, urldate = {2022-11-22} } Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice
Nighthawk
2022-11-16splunkSplunk Threat Research Team
@online{team:20221116:inside:6c4f291, author = {Splunk Threat Research Team}, title = {{Inside the Mind of a ‘Rat’ - Agent Tesla Detection and Analysis}}, date = {2022-11-16}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/inside-the-mind-of-a-rat-agent-tesla-detection-and-analysis.html}, language = {English}, urldate = {2022-11-28} } Inside the Mind of a ‘Rat’ - Agent Tesla Detection and Analysis
Agent Tesla
2022-10-04splunkSplunk Threat Research Team
@online{team:20221004:deliver:dba14df, author = {Splunk Threat Research Team}, title = {{Deliver a Strike by Reversing a Badger: Brute Ratel Detection and Analysis}}, date = {2022-10-04}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/deliver-a-strike-by-reversing-a-badger-brute-ratel-detection-and-analysis.html}, language = {English}, urldate = {2022-10-06} } Deliver a Strike by Reversing a Badger: Brute Ratel Detection and Analysis
Brute Ratel C4
2022-09-13Sansec Threat ResearchSansec Threat Research Team
@online{team:20220913:magento:5f0f103, author = {Sansec Threat Research Team}, title = {{Magento vendor Fishpig hacked, backdoors added}}, date = {2022-09-13}, organization = {Sansec Threat Research}, url = {https://sansec.io/research/rekoobe-fishpig-magento}, language = {English}, urldate = {2022-09-15} } Magento vendor Fishpig hacked, backdoors added
Rekoobe
2022-08-25splunkSplunk Threat Research Team
@online{team:20220825:applocker:7ed5b33, author = {Splunk Threat Research Team}, title = {{AppLocker Rules as Defense Evasion: Complete Analysis}}, date = {2022-08-25}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/-applocker-rules-as-defense-evasion-complete-analysis.html}, language = {English}, urldate = {2022-08-30} } AppLocker Rules as Defense Evasion: Complete Analysis
Azorult
2022-08-18ProofpointJoe Wise, Selena Larson, Proofpoint Threat Research Team
@online{wise:20220818:reservations:c2f9faf, author = {Joe Wise and Selena Larson and Proofpoint Threat Research Team}, title = {{Reservations Requested: TA558 Targets Hospitality and Travel}}, date = {2022-08-18}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel}, language = {English}, urldate = {2022-08-18} } Reservations Requested: TA558 Targets Hospitality and Travel
AsyncRAT Loda NjRAT Ozone RAT Revenge RAT Vjw0rm
2022-08-15MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Office 365 Threat Research Team, Digital Threat Analysis Center (DTAC)
@online{mstic:20220815:disrupting:6429d3a, author = {Microsoft Threat Intelligence Center (MSTIC) and Office 365 Threat Research Team and Digital Threat Analysis Center (DTAC)}, title = {{Disrupting SEABORGIUM’s ongoing phishing operations}}, date = {2022-08-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations}, language = {English}, urldate = {2022-08-18} } Disrupting SEABORGIUM’s ongoing phishing operations
Callisto
2022-08-15MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Office 365 Threat Research Team, Digital Threat Analysis Center (DTAC)
@online{mstic:20220815:disrupting:528a65e, author = {Microsoft Threat Intelligence Center (MSTIC) and Office 365 Threat Research Team and Digital Threat Analysis Center (DTAC)}, title = {{Disrupting SEABORGIUM’s ongoing phishing operations}}, date = {2022-08-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/}, language = {English}, urldate = {2022-08-17} } Disrupting SEABORGIUM’s ongoing phishing operations
2022-07-26splunkSplunk Threat Research Team
@online{team:20220726:ml:048aaa9, author = {Splunk Threat Research Team}, title = {{ML Detection of Risky Command Exploit}}, date = {2022-07-26}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/ml-detection-of-risky-command-exploit.html}, language = {English}, urldate = {2022-08-22} } ML Detection of Risky Command Exploit
2022-07-21ProofpointBryan Campbell, Pim Trouerbach, Selena Larson, Proofpoint Threat Research Team
@online{campbell:20220721:buy:bf7d3c4, author = {Bryan Campbell and Pim Trouerbach and Selena Larson and Proofpoint Threat Research Team}, title = {{Buy, Sell, Steal, EvilNum Targets Cryptocurrency, Forex, Commodities}}, date = {2022-07-21}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/buy-sell-steal-evilnum-targets-cryptocurrency-forex-commodities}, language = {English}, urldate = {2022-07-25} } Buy, Sell, Steal, EvilNum Targets Cryptocurrency, Forex, Commodities
EVILNUM
2022-07-14ProofpointCrista Giering, Joshua Miller, Michael Raggi, Proofpoint Threat Research Team
@online{giering:20220714:above:06891ca, author = {Crista Giering and Joshua Miller and Michael Raggi and Proofpoint Threat Research Team}, title = {{Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media}}, date = {2022-07-14}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists}, language = {English}, urldate = {2022-07-15} } Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media
Chinoxy
2022-06-23splunkSplunk Threat Research Team
@online{team:20220623:threat:c75f097, author = {Splunk Threat Research Team}, title = {{Threat Update: Industroyer2}}, date = {2022-06-23}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/threat-update-industroyer2.html}, language = {English}, urldate = {2022-08-22} } Threat Update: Industroyer2
INDUSTROYER2
2022-05-19splunkSplunk Threat Research Team
@online{team:20220519:threat:63b1c42, author = {Splunk Threat Research Team}, title = {{Threat Update: AcidRain Wiper}}, date = {2022-05-19}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/threat-update-acidrain-wiper.html}, language = {English}, urldate = {2022-05-29} } Threat Update: AcidRain Wiper
AcidRain
2022-04-15splunkSplunk Threat Research Team
@online{team:20220415:strtta03:9292c09, author = {Splunk Threat Research Team}, title = {{STRT-TA03 CPE - Destructive Software}}, date = {2022-04-15}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/strt-ta03-cpe-destructive-software.html}, language = {English}, urldate = {2022-04-29} } STRT-TA03 CPE - Destructive Software
AcidRain CyclopsBlink
2022-04-07splunkSplunk Threat Research Team
@online{team:20220407:you:2d088bc, author = {Splunk Threat Research Team}, title = {{You Bet Your Lsass: Hunting LSASS Access}}, date = {2022-04-07}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/you-bet-your-lsass-hunting-lsass-access.html}, language = {English}, urldate = {2022-05-04} } You Bet Your Lsass: Hunting LSASS Access
Cobalt Strike MimiKatz