Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-07-21TrendmicroTrend Micro Research
@online{research:20230721:ransomware:3c5345e, author = {Trend Micro Research}, title = {{Ransomware Spotlight: Play}}, date = {2023-07-21}, organization = {Trendmicro}, url = {https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-play}, language = {English}, urldate = {2023-07-24} } Ransomware Spotlight: Play
PLAY
2023-06-23TrendmicroArianne Dela Cruz, Paul Pajares, Ivan Nicole Chavez, Ieriz Nicolle Gonzalez, Nathaniel Morales
@online{cruz:20230623:overview:58e7e29, author = {Arianne Dela Cruz and Paul Pajares and Ivan Nicole Chavez and Ieriz Nicolle Gonzalez and Nathaniel Morales}, title = {{An Overview of the Different Versions of the Trigona Ransomware}}, date = {2023-06-23}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/23/f/an-overview-of-the-trigona-ransomware.html}, language = {English}, urldate = {2023-07-05} } An Overview of the Different Versions of the Trigona Ransomware
Trigona
2023-05-09TrendmicroKhristian Joseph Morales, Gilbert Sison
@online{morales:20230509:managed:63d09f1, author = {Khristian Joseph Morales and Gilbert Sison}, title = {{Managed XDR Investigation of Ducktail in Trend Micro Vision One}}, date = {2023-05-09}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/23/e/managed-xdr-investigation-of-ducktail-in-trend-micro-vision-one.html}, language = {English}, urldate = {2023-05-11} } Managed XDR Investigation of Ducktail in Trend Micro Vision One
DUCKTAIL
2023-03-13TrendmicroIan Kenefick
@online{kenefick:20230313:emotet:7dc342d, author = {Ian Kenefick}, title = {{Emotet Returns, Now Adopts Binary Padding for Evasion}}, date = {2023-03-13}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_no/research/23/c/emotet-returns-now-adopts-binary-padding-for-evasion.html}, language = {English}, urldate = {2023-03-14} } Emotet Returns, Now Adopts Binary Padding for Evasion
Emotet
2023-02-20TrendmicroNathaniel Morales, Ivan Nicole Chavez, Byron Gelera
@online{morales:20230220:royal:36bcea3, author = {Nathaniel Morales and Ivan Nicole Chavez and Byron Gelera}, title = {{Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers}}, date = {2023-02-20}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/23/b/royal-ransomware-expands-attacks-by-targeting-linux-esxi-servers.html}, language = {English}, urldate = {2023-03-04} } Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers
Royal Ransom Royal Ransom
2023-01-26TrendmicroNathaniel Morales, Earle Maui Earnshaw, Don Ovid Ladores, Nick Dai, Nathaniel Gregory Ragasa
@online{morales:20230126:new:c7aa03b, author = {Nathaniel Morales and Earle Maui Earnshaw and Don Ovid Ladores and Nick Dai and Nathaniel Gregory Ragasa}, title = {{New Mimic Ransomware Abuses Everything APIs for its Encryption Process}}, date = {2023-01-26}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/23/a/new-mimic-ransomware-abuses-everything-apis-for-its-encryption-p.html}, language = {English}, urldate = {2023-01-31} } New Mimic Ransomware Abuses Everything APIs for its Encryption Process
Mimic Ransomware
2023-01-17TrendmicroJunestherry Dela Cruz
@online{cruz:20230117:batloader:594298e, author = {Junestherry Dela Cruz}, title = {{Batloader Malware Abuses Legitimate Tools, Uses Obfuscated JavaScript Files in Q4 2022 Attacks}}, date = {2023-01-17}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/23/a/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html}, language = {English}, urldate = {2023-01-19} } Batloader Malware Abuses Legitimate Tools, Uses Obfuscated JavaScript Files in Q4 2022 Attacks
BATLOADER
2023-01-09TrendmicroHitomi Kimura, Ryan Maglaque, Fe Cureg, Trent Bessell
@online{kimura:20230109:gootkit:585185a, author = {Hitomi Kimura and Ryan Maglaque and Fe Cureg and Trent Bessell}, title = {{Gootkit Loader Actively Targets Australian Healthcare Industry}}, date = {2023-01-09}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html}, language = {English}, urldate = {2023-01-13} } Gootkit Loader Actively Targets Australian Healthcare Industry
GootKit
2022-12-23TrendmicroIan Kenefick
@online{kenefick:20221223:icedid:df95b05, author = {Ian Kenefick}, title = {{IcedID Botnet Distributors Abuse Google PPC to Distribute Malware}}, date = {2022-12-23}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_ie/research/22/l/icedid-botnet-distributors-abuse-google-ppc-to-distribute-malware.html}, language = {English}, urldate = {2022-12-24} } IcedID Botnet Distributors Abuse Google PPC to Distribute Malware
IcedID
2022-12-21TrendmicroIvan Nicole Chavez, Byron Gelera, Monte de Jesus, Don Ovid Ladores, Khristian Joseph Morales
@online{chavez:20221221:conti:d755947, author = {Ivan Nicole Chavez and Byron Gelera and Monte de Jesus and Don Ovid Ladores and Khristian Joseph Morales}, title = {{Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks}}, date = {2022-12-21}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/22/l/conti-team-one-splinter-group-resurfaces-as-royal-ransomware-wit.html}, language = {English}, urldate = {2022-12-24} } Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks
Royal Ransom
2022-12-16TrendmicroNathaniel Morales, Ivan Nicole Chavez, Nathaniel Gregory Ragasa, Don Ovid Ladores, Jeffrey Francis Bonaobra, Monte de Jesus
@online{morales:20221216:agenda:7d354dd, author = {Nathaniel Morales and Ivan Nicole Chavez and Nathaniel Gregory Ragasa and Don Ovid Ladores and Jeffrey Francis Bonaobra and Monte de Jesus}, title = {{Agenda Ransomware Uses Rust to Target More Vital Industries}}, date = {2022-12-16}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/22/l/agenda-ransomware-uses-rust-to-target-more-vital-industries.html}, language = {English}, urldate = {2022-12-20} } Agenda Ransomware Uses Rust to Target More Vital Industries
AgendaCrypt
2022-04-27TrendmicroTrendmicro
@online{trendmicro:20220427:iocs:b6d7ab5, author = {Trendmicro}, title = {{IOCs for Earth Berberoka - Linux}}, date = {2022-04-27}, organization = {Trendmicro}, url = {https://documents.trendmicro.com/assets/txt/earth-berberoka-linux-iocs-2.txt}, language = {English}, urldate = {2022-07-25} } IOCs for Earth Berberoka - Linux
Rekoobe pupy Earth Berberoka
2022-04-27TrendmicroTrendmicro
@online{trendmicro:20220427:iocs:0e6090d, author = {Trendmicro}, title = {{IOCs for Earth Berberoka - MacOS}}, date = {2022-04-27}, organization = {Trendmicro}, url = {https://documents.trendmicro.com/assets/txt/earth-berberoka-macos-iocs-2.txt}, language = {English}, urldate = {2022-07-25} } IOCs for Earth Berberoka - MacOS
oRAT Earth Berberoka
2022-04-27TrendmicroDaniel Lunghi, Jaromír Hořejší
@techreport{lunghi:20220427:operation:bdba881, author = {Daniel Lunghi and Jaromír Hořejší}, title = {{Operation Gambling Puppet}}, date = {2022-04-27}, institution = {Trendmicro}, url = {https://www.botconf.eu/wp-content/uploads/2022/05/Botconf2022-40-LunghiHorejsi.pdf}, language = {English}, urldate = {2022-07-25} } Operation Gambling Puppet
reptile oRAT AsyncRAT Cobalt Strike DCRat Ghost RAT PlugX Quasar RAT Trochilus RAT Earth Berberoka
2022-04-27TrendmicroTrendmicro
@online{trendmicro:20220427:iocs:18f7e31, author = {Trendmicro}, title = {{IOCs for Earth Berberoka - Windows}}, date = {2022-04-27}, organization = {Trendmicro}, url = {https://documents.trendmicro.com/assets/txt/earth-berberoka-windows-iocs-2.txt}, language = {English}, urldate = {2022-07-25} } IOCs for Earth Berberoka - Windows
AsyncRAT Cobalt Strike PlugX Quasar RAT Earth Berberoka
2022-04-27TrendmicroTrendmicro
@online{trendmicro:20220427:iocs:8ae9d53, author = {Trendmicro}, title = {{IOCs for Earth Berberoka}}, date = {2022-04-27}, organization = {Trendmicro}, url = {https://documents.trendmicro.com/assets/txt/earth-berberoka-domains-2.txt}, language = {English}, urldate = {2022-07-25} } IOCs for Earth Berberoka
Earth Berberoka
2022-03-21Github (trendmicro)Trend Micro Research
@online{research:20220321:python:7dbe8dd, author = {Trend Micro Research}, title = {{Python script to check a Cyclops Blink C&C}}, date = {2022-03-21}, organization = {Github (trendmicro)}, url = {https://github.com/trendmicro/research/blob/main/cyclops_blink/c2-scripts/check.py}, language = {English}, urldate = {2022-03-28} } Python script to check a Cyclops Blink C&C
CyclopsBlink
2022-03-17TrendmicroFeike Hacquebord, Stephen Hilt, Fernando Mercês
@techreport{hacquebord:20220317:cyclops:dea832b, author = {Feike Hacquebord and Stephen Hilt and Fernando Mercês}, title = {{Cyclops Blink Sets Sights on Asus Routers (Appendix)}}, date = {2022-03-17}, institution = {Trendmicro}, url = {https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/c/cyclops-blink-sets-sights-on-asus-routers/Appendix_Cyclops%20Blink%20Sets%20Sights%20on%20ASUS%20Routers.pdf}, language = {English}, urldate = {2022-03-17} } Cyclops Blink Sets Sights on Asus Routers (Appendix)
CyclopsBlink
2022-03-17TrendmicroFeike Hacquebord, Stephen Hilt, Fernando Mercês
@online{hacquebord:20220317:cyclops:14c374f, author = {Feike Hacquebord and Stephen Hilt and Fernando Mercês}, title = {{Cyclops Blink Sets Sights on Asus Routers}}, date = {2022-03-17}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers--.html}, language = {English}, urldate = {2022-03-17} } Cyclops Blink Sets Sights on Asus Routers
CyclopsBlink
2022-03-09TrendmicroDon Ovid Ladores
@online{ladores:20220309:new:b6c2c2a, author = {Don Ovid Ladores}, title = {{New Nokoyawa Ransomware Possibly Related to Hive}}, date = {2022-03-09}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/22/c/nokoyawa-ransomware-possibly-related-to-hive-.html}, language = {English}, urldate = {2022-03-10} } New Nokoyawa Ransomware Possibly Related to Hive
Nokoyawa Ransomware