Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-24Trend MicroTrend Micro
@online{micro:20220124:investigating:a7e6049, author = {Trend Micro}, title = {{Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal (IOCs)}}, date = {2022-01-24}, organization = {Trend Micro}, url = {https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/investigating-apt36-or-earth-karkaddan-attack-chain-and-malware-arsenal/IoCs_Investigating%20APT36%20or%20Earth%20Karkaddan%20Attack%20Chain%20and%20Malware%20Arsenal.rtf}, language = {English}, urldate = {2022-01-25} } Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal (IOCs)
Crimson RAT Oblique RAT
2022-01-24Trend MicroTrend Micro
@techreport{micro:20220124:investigating:7727327, author = {Trend Micro}, title = {{Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal}}, date = {2022-01-24}, institution = {Trend Micro}, url = {https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/investigating-apt36-or-earth-karkaddan-attack-chain-and-malware-arsenal/Earth%20Karkaddan%20APT-%20Adversary%20Intelligence%20and%20Monitoring%20Report.pdf}, language = {English}, urldate = {2022-01-25} } Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal
Crimson RAT Oblique RAT
2022-01-24Trend MicroJunestherry Dela Cruz
@online{cruz:20220124:analysis:5807286, author = {Junestherry Dela Cruz}, title = {{Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant}}, date = {2022-01-24}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/a/analysis-and-Impact-of-lockbit-ransomwares-first-linux-and-vmware-esxi-variant.html}, language = {English}, urldate = {2022-01-25} } Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant
LockBit LockBit
2022-01-24Trend MicroTrend Micro
@online{micro:20220124:investigating:5e9386a, author = {Trend Micro}, title = {{Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal}}, date = {2022-01-24}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html}, language = {English}, urldate = {2022-01-25} } Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal
CapraRAT Crimson RAT Oblique RAT
2022-01-21Trend MicroIan Kenefick
@online{kenefick:20220121:emotet:daddaf1, author = {Ian Kenefick}, title = {{Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware}}, date = {2022-01-21}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/a/emotet-spam-abuses-unconventional-ip-address-formats-spread-malware.html}, language = {English}, urldate = {2022-01-25} } Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware
Emotet
2022-01-20Trend MicroStephen Hilt, Fernando Mercês
@techreport{hilt:20220120:backing:9498542, author = {Stephen Hilt and Fernando Mercês}, title = {{Backing Your Backup Defending NAS Devices Against Evolving Threats}}, date = {2022-01-20}, institution = {Trend Micro}, url = {https://documents.trendmicro.com/assets/pdf/wp-backing-your-backup-defending-nas-devices-against-evolving-threats.pdf}, language = {English}, urldate = {2022-01-24} } Backing Your Backup Defending NAS Devices Against Evolving Threats
QNAPCrypt QSnatch
2022-01-18Trend MicroArianne Dela Cruz, Bren Matthew Ebriega, Don Ovid Ladores, Mary Yambao
@online{cruz:20220118:new:c7bdfeb, author = {Arianne Dela Cruz and Bren Matthew Ebriega and Don Ovid Ladores and Mary Yambao}, title = {{New Ransomware Spotted: White Rabbit and Its Evasion Tactics}}, date = {2022-01-18}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/a/new-ransomware-spotted-white-rabbit-and-its-evasion-tactics.html}, language = {English}, urldate = {2022-01-24} } New Ransomware Spotted: White Rabbit and Its Evasion Tactics
2021-12-20Trend MicroTrend Micro Research
@online{research:20211220:ransomware:d613fb1, author = {Trend Micro Research}, title = {{Ransomware Spotlight: REvil}}, date = {2021-12-20}, organization = {Trend Micro}, url = {https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-revil}, language = {English}, urldate = {2022-01-05} } Ransomware Spotlight: REvil
REvil REvil
2021-12-17Trend MicroAbraham Camba, Jonna Santos, Gilbert Sison, Jay Yaneza
@online{camba:20211217:staging:0ec37d9, author = {Abraham Camba and Jonna Santos and Gilbert Sison and Jay Yaneza}, title = {{Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager}}, date = {2021-12-17}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/l/staging-a-quack-reverse-analyzing-fileless-qakbot-stager.html}, language = {English}, urldate = {2021-12-31} } Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager
QakBot
2021-12-14Trend MicroNick Dai, Ted Lee, Vickie Su
@online{dai:20211214:collecting:3d6dd34, author = {Nick Dai and Ted Lee and Vickie Su}, title = {{Collecting In the Dark: Tropic Trooper Targets Transportation and Government}}, date = {2021-12-14}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/l/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government-organizations.html}, language = {English}, urldate = {2021-12-31} } Collecting In the Dark: Tropic Trooper Targets Transportation and Government
ChiserClient Ghost RAT Lilith Quasar RAT
2021-12-13Trend MicroJay Yaneza, Abdelrhman Sharshar, Sherif Magdy
@online{yaneza:20211213:look:41dc207, author = {Jay Yaneza and Abdelrhman Sharshar and Sherif Magdy}, title = {{A Look Into Purple Fox’s Server Infrastructure}}, date = {2021-12-13}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/l/a-look-into-purple-fox-server-infrastructure.html}, language = {English}, urldate = {2021-12-31} } A Look Into Purple Fox’s Server Infrastructure
win.purplefox
2021-12-10Trend MicroDon Ovid Ladores
@online{ladores:20211210:new:baec85c, author = {Don Ovid Ladores}, title = {{New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes}}, date = {2021-12-10}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/l/yanluowang-ransomware-code-signed-terminates-database-processes.html}, language = {English}, urldate = {2021-12-31} } New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes
2021-12-09Trend MicroVeronica Chierzi
@online{chierzi:20211209:evolution:f5eb0ca, author = {Veronica Chierzi}, title = {{The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs}}, date = {2021-12-09}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/l/the-evolution-of-iot-linux-malware-based-on-mitre-att&ck-ttps.html}, language = {English}, urldate = {2022-01-05} } The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs
Dark Nexus QSnatch
2021-12-03Trend MicroNitesh Surana
@online{surana:20211203:vulnerabilities:a406a52, author = {Nitesh Surana}, title = {{Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify}}, date = {2021-12-03}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/l/vulnerabilities-exploited-for-monero-mining-malware-delivered-via-gitHub-netlify.html}, language = {English}, urldate = {2021-12-07} } Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify
2021-12-01Trend MicroTrend Micro Research
@online{research:20211201:analyzing:18167cf, author = {Trend Micro Research}, title = {{Analyzing How TeamTNT Used Compromised Docker Hub Accounts}}, date = {2021-12-01}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/l/more-tools-in-the-arsenal-how-teamtnt-used-compromised-docker-hu.html}, language = {English}, urldate = {2021-12-07} } Analyzing How TeamTNT Used Compromised Docker Hub Accounts
TeamTNT
2021-11-29Trend MicroJaromír Hořejší
@online{hoej:20211129:campaign:6e23cf5, author = {Jaromír Hořejší}, title = {{Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites}}, date = {2021-11-29}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/k/campaign-abusing-rats-uses-fake-websites.html}, language = {English}, urldate = {2021-12-07} } Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites
AsyncRAT Azorult Nanocore RAT NjRAT RedLine Stealer Remcos
2021-11-23Trend MicroIan Kenefick
@online{kenefick:20211123:bazarloader:794de7c, author = {Ian Kenefick}, title = {{BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors}}, date = {2021-11-23}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/k/bazarloader-adds-compromised-installers-iso-to-arrival-delivery-vectors.html}, language = {English}, urldate = {2021-11-26} } BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors
BazarBackdoor
2021-11-19Trend MicroMohamed Fahmy, Sherif Magdy, Abdelrhman Sharshar
@online{fahmy:20211119:squirrelwaffle:1e8fa78, author = {Mohamed Fahmy and Sherif Magdy and Abdelrhman Sharshar}, title = {{Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains}}, date = {2021-11-19}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html}, language = {English}, urldate = {2021-11-25} } Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains
Cobalt Strike QakBot Squirrelwaffle
2021-11-17Trend MicroMohamed Fahmy, Abdelrhman Sharshar, Sherif Magdy, Ryan Maglaque
@online{fahmy:20211117:analyzing:c6c52d1, author = {Mohamed Fahmy and Abdelrhman Sharshar and Sherif Magdy and Ryan Maglaque}, title = {{Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR}}, date = {2021-11-17}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_in/research/21/k/analyzing-proxyshell-related-incidents-via-trend-micro-managed-x.html}, language = {English}, urldate = {2021-11-18} } Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR
Cobalt Strike Cotx RAT
2021-11-16Trend MicroTrend Micro
@online{micro:20211116:global:5b996d3, author = {Trend Micro}, title = {{Global Operations Lead to Arrests of Alleged Members of GandCrab/REvil and Cl0p Cartels}}, date = {2021-11-16}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_in/research/21/k/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab.html}, language = {English}, urldate = {2021-11-18} } Global Operations Lead to Arrests of Alleged Members of GandCrab/REvil and Cl0p Cartels
REvil Clop Gandcrab REvil