Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-09-20ProofpointProofpoint Threat Research Team
@online{team:20230920:chinese:25abe7e, author = {Proofpoint Threat Research Team}, title = {{Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape}}, date = {2023-09-20}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/chinese-malware-appears-earnest-across-cybercrime-threat-landscape}, language = {English}, urldate = {2023-09-22} } Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape
FatalRat PurpleFox ValleyRAT
2023-07-25splunkSplunk Threat Research Team
@online{team:20230725:amadey:cbe9d5b, author = {Splunk Threat Research Team}, title = {{Amadey Threat Analysis and Detections}}, date = {2023-07-25}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/amadey-threat-analysis-and-detections.html}, language = {English}, urldate = {2023-07-27} } Amadey Threat Analysis and Detections
Amadey
2023-06-29Avast DecodedThreat Research Team
@online{team:20230629:decrypted:9d80eb8, author = {Threat Research Team}, title = {{Decrypted: Akira Ransomware}}, date = {2023-06-29}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatresearch/decrypted-akira-ransomware/}, language = {English}, urldate = {2023-07-02} } Decrypted: Akira Ransomware
Akira
2023-03-31splunkSplunk Threat Research Team
@online{team:20230331:splunk:38f1f9f, author = {Splunk Threat Research Team}, title = {{Splunk Insights: Investigating the 3CXDesktopApp Supply Chain Compromise}}, date = {2023-03-31}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/splunk-insights-investigating-the-3cxdesktopapp-supply-chain-compromise.html}, language = {English}, urldate = {2023-04-02} } Splunk Insights: Investigating the 3CXDesktopApp Supply Chain Compromise
3CX Backdoor
2023-03-27splunkSplunk Threat Research Team
@online{team:20230327:asyncrat:7bf3c13, author = {Splunk Threat Research Team}, title = {{AsyncRAT Crusade: Detections and Defense}}, date = {2023-03-27}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/asyncrat-crusade-detections-and-defense.html}, language = {English}, urldate = {2023-03-30} } AsyncRAT Crusade: Detections and Defense
AsyncRAT
2023-03-15ReliaquestRELIAQUEST THREAT RESEARCH TEAM
@online{team:20230315:qbot:cf3b85f, author = {RELIAQUEST THREAT RESEARCH TEAM}, title = {{QBot: Laying the Foundations for Black Basta Ransomware Activity}}, date = {2023-03-15}, organization = {Reliaquest}, url = {https://www.reliaquest.com/blog/qbot-black-basta-ransomware/}, language = {English}, urldate = {2023-04-18} } QBot: Laying the Foundations for Black Basta Ransomware Activity
Black Basta QakBot
2023-02-16EclecticIQEclecticIQ Threat Research Team
@online{team:20230216:three:f838713, author = {EclecticIQ Threat Research Team}, title = {{Three Cases of Cyber Attacks on the Security Service of Ukraine and NATO Allies, Likely by Russian State-Sponsored Gamaredon}}, date = {2023-02-16}, organization = {EclecticIQ}, url = {https://blog.eclecticiq.com/three-cases-of-cyber-attacks-on-the-security-service-of-ukraine-and-nato-allies-likely-by-russian-state-sponsored-gamaredon}, language = {English}, urldate = {2023-02-21} } Three Cases of Cyber Attacks on the Security Service of Ukraine and NATO Allies, Likely by Russian State-Sponsored Gamaredon
2023-02-02EclecticIQEclecticIQ Threat Research Team
@online{team:20230202:mustang:cac147b, author = {EclecticIQ Threat Research Team}, title = {{Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware}}, date = {2023-02-02}, organization = {EclecticIQ}, url = {https://blog.eclecticiq.com/mustang-panda-apt-group-uses-european-commission-themed-lure-to-deliver-plugx-malware}, language = {English}, urldate = {2023-02-06} } Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware
PlugX
2023-01-25ProofpointGreg Lesnewich, Proofpoint Threat Research Team
@online{lesnewich:20230125:ta444:ae76e7b, author = {Greg Lesnewich and Proofpoint Threat Research Team}, title = {{TA444: The APT Startup Aimed at Acquisition (of Your Funds)}}, date = {2023-01-25}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/ta444-apt-startup-aimed-at-your-funds}, language = {English}, urldate = {2023-01-25} } TA444: The APT Startup Aimed at Acquisition (of Your Funds)
CageyChameleon
2023-01-12EclecticIQEclecticIQ Threat Research Team
@online{team:20230112:qakbot:a26156d, author = {EclecticIQ Threat Research Team}, title = {{QakBot Malware Used Unpatched Vulnerability to Bypass Windows OS Security Feature}}, date = {2023-01-12}, organization = {EclecticIQ}, url = {https://blog.eclecticiq.com/qakbot-malware-used-unpatched-vulnerability-to-bypass-windows-os-security-feature}, language = {English}, urldate = {2023-01-16} } QakBot Malware Used Unpatched Vulnerability to Bypass Windows OS Security Feature
QakBot
2022-12-01splunkSplunk Threat Research Team
@online{team:20221201:from:4ac8d82, author = {Splunk Threat Research Team}, title = {{From Macros to No Macros: Continuous Malware Improvements by QakBot}}, date = {2022-12-01}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/from-macros-to-no-macros-continuous-malware-improvements-by-qakbot.html}, language = {English}, urldate = {2022-12-05} } From Macros to No Macros: Continuous Malware Improvements by QakBot
QakBot
2022-11-22ProofpointAlexander Rausch, Proofpoint Threat Research Team
@online{rausch:20221122:nighthawk:48f730c, author = {Alexander Rausch and Proofpoint Threat Research Team}, title = {{Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice}}, date = {2022-11-22}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice}, language = {English}, urldate = {2022-11-22} } Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice
Nighthawk
2022-11-16splunkSplunk Threat Research Team
@online{team:20221116:inside:6c4f291, author = {Splunk Threat Research Team}, title = {{Inside the Mind of a ‘Rat’ - Agent Tesla Detection and Analysis}}, date = {2022-11-16}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/inside-the-mind-of-a-rat-agent-tesla-detection-and-analysis.html}, language = {English}, urldate = {2022-11-28} } Inside the Mind of a ‘Rat’ - Agent Tesla Detection and Analysis
Agent Tesla
2022-10-04splunkSplunk Threat Research Team
@online{team:20221004:deliver:dba14df, author = {Splunk Threat Research Team}, title = {{Deliver a Strike by Reversing a Badger: Brute Ratel Detection and Analysis}}, date = {2022-10-04}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/deliver-a-strike-by-reversing-a-badger-brute-ratel-detection-and-analysis.html}, language = {English}, urldate = {2022-10-06} } Deliver a Strike by Reversing a Badger: Brute Ratel Detection and Analysis
Brute Ratel C4
2022-09-13Sansec Threat ResearchSansec Threat Research Team
@online{team:20220913:magento:5f0f103, author = {Sansec Threat Research Team}, title = {{Magento vendor Fishpig hacked, backdoors added}}, date = {2022-09-13}, organization = {Sansec Threat Research}, url = {https://sansec.io/research/rekoobe-fishpig-magento}, language = {English}, urldate = {2022-09-15} } Magento vendor Fishpig hacked, backdoors added
Rekoobe
2022-08-25splunkSplunk Threat Research Team
@online{team:20220825:applocker:7ed5b33, author = {Splunk Threat Research Team}, title = {{AppLocker Rules as Defense Evasion: Complete Analysis}}, date = {2022-08-25}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/-applocker-rules-as-defense-evasion-complete-analysis.html}, language = {English}, urldate = {2022-08-30} } AppLocker Rules as Defense Evasion: Complete Analysis
Azorult
2022-08-18ProofpointJoe Wise, Selena Larson, Proofpoint Threat Research Team
@online{wise:20220818:reservations:c2f9faf, author = {Joe Wise and Selena Larson and Proofpoint Threat Research Team}, title = {{Reservations Requested: TA558 Targets Hospitality and Travel}}, date = {2022-08-18}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel}, language = {English}, urldate = {2022-08-18} } Reservations Requested: TA558 Targets Hospitality and Travel
AsyncRAT Loda NjRAT Ozone RAT Revenge RAT Vjw0rm
2022-08-15MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Office 365 Threat Research Team, Digital Threat Analysis Center (DTAC)
@online{mstic:20220815:disrupting:6429d3a, author = {Microsoft Threat Intelligence Center (MSTIC) and Office 365 Threat Research Team and Digital Threat Analysis Center (DTAC)}, title = {{Disrupting SEABORGIUM’s ongoing phishing operations}}, date = {2022-08-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations}, language = {English}, urldate = {2022-08-18} } Disrupting SEABORGIUM’s ongoing phishing operations
Callisto
2022-08-15MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Office 365 Threat Research Team, Digital Threat Analysis Center (DTAC)
@online{mstic:20220815:disrupting:528a65e, author = {Microsoft Threat Intelligence Center (MSTIC) and Office 365 Threat Research Team and Digital Threat Analysis Center (DTAC)}, title = {{Disrupting SEABORGIUM’s ongoing phishing operations}}, date = {2022-08-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/}, language = {English}, urldate = {2022-08-17} } Disrupting SEABORGIUM’s ongoing phishing operations
2022-07-26splunkSplunk Threat Research Team
@online{team:20220726:ml:048aaa9, author = {Splunk Threat Research Team}, title = {{ML Detection of Risky Command Exploit}}, date = {2022-07-26}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/ml-detection-of-risky-command-exploit.html}, language = {English}, urldate = {2022-08-22} } ML Detection of Risky Command Exploit