├── Blogs & Reports ├── Blogs │ ├── 2021-08-19 - Threat Thursday TA575-Dridex │ │ ├── README.md │ │ └── TA575-Dridex-iocs.csv │ ├── 2021-10-05 - Drawing a Dragon Connecting the Dots to Find APT41 │ │ ├── APT41.csv │ │ └── README.md │ ├── 2022-08-12 - Black Hat Look-Back Linux Implants - A Silent, Long-Living Threat │ │ ├── Linux_Implants-TTPs.json │ │ └── README.md │ ├── 2022-09-07 - The Curious Case of Monti Ransomware A Real-World Doppelganger │ │ ├── MONTI_Strain_ChaCha8_version_IOCs.csv │ │ ├── README.md │ │ ├── Veeam_Credential_Dumper_IOCs.csv │ │ ├── monti_ransomware.yar │ │ └── veeamp_dumper.yar │ ├── 2022-10-13 - BianLian Ransomware Encrypts Files in the Blink of an Eye │ │ ├── BianLian-iocs.csv │ │ ├── BianLian_Go_ransomware.yar │ │ └── README.md │ ├── 2022-10-22 - Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries │ │ ├── README.md │ │ ├── RomCom_RAT-iocs.csv │ │ └── RomCom_RAT_UA.yar │ ├── 2022-11-02 - RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom │ │ ├── MISP_RomCom_ThreatActor_Abuses_KeePass_and_SolarWinds.json │ │ ├── README.md │ │ ├── RomCom_RAT-iocs.csv │ │ ├── RomCom_RAT_UA.yar │ │ └── STIX_RomCom_Threat_Actor_Abuses_KeePass_and_SolarWinds.json │ ├── 2022-11-03 - ChromeLoader Infects the Browser by Loading Malicious Extension │ │ ├── ChromeLoader-iocs.csv │ │ ├── ChromeLoader.yar │ │ └── README.md │ ├── 2022-11-16 - ARCrypter Ransomware Expands its Operations From Latin America to the World │ │ ├── ARCrypter-iocs.csv │ │ └── README.md │ ├── 2022-12-06 - Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets │ │ ├── MustangPanda-iocs.csv │ │ └── README.md │ ├── 2022-12-08 - BlackByte Ransomware Takes an Extra Bite Using Double Extortion Methods │ │ ├── Blackbyte-iocs.csv │ │ ├── Blackbyte.yar │ │ └── README.md │ ├── 2023-01-19 - Gamaredon (Ab)uses Telegram to Target Ukrainian Organizations │ │ ├── Gamaredon-iocs.csv │ │ └── README.md │ ├── 2023-02-06 - ESXiArgs Ransomware Kicking out unpatched VMware ESXi Linux servers worldwide │ │ ├── ESXiArgs_Ransomware.yar │ │ └── README.md │ ├── 2023-02-09 - NewsPenguin, a Previously Unknown Threat Actor, Targets Pakistan with Advanced Espionage Tool │ │ ├── NewsPenguin-iocs.csv │ │ └── README.md │ ├── 2023-02-15 - DarkBit Ransomware Targets Israel with Command-Line Options and Optimized Encryption Routines │ │ ├── DarkBit-iocs.csv │ │ ├── DarkBit_Ransomware.yar │ │ └── README.md │ ├── 2023-02-27 - Blind Eagle Deploys Fake UUE Files and Fsociety to Target Colombia's Judiciary, Financial, Public, and Law Enforcement Entities │ │ ├── BlindEagle-iocs.csv │ │ ├── BlindEagle.yar │ │ └── README.md │ ├── 2023-03-14 - NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine │ │ ├── README.md │ │ ├── nobelium-iocs.csv │ │ └── nobelium.yar │ ├── 2023-04-18 - From Google Ads Abuse to a Massive Spear-Phishing Campaign Impersonating Spains Tax Agency │ │ ├── README.md │ │ └── spanish-campaign-iocs.csv │ ├── 2023-05-30 - Operation CMDStealer Financially Motivated Campaign Leverages CMD-Based Scripts and LOLBaS for Online Banking Theft │ │ ├── README.md │ │ └── cmdstealer-iocs.csv │ ├── 2023-06-07 - RomCom Resurfaces Targeting Politicians in Ukraine and U.S.-Based Healthcare │ │ ├── README.md │ │ └── RomCom-March-iocs.csv │ └── 2023-07-08 - RomCom Threat Actor Suspected of Targeting Ukraine's NATO Membership Talks at the NATO Summit │ │ ├── README.md │ │ └── romcom_nato_campaign-iocs.csv └── Reports │ ├── 2022 - Q4 CTI Insights Report │ ├── ATT&CK MITRE │ │ └── BB-Q4_Techniques_navigator.json │ └── MITRE D3FEND │ │ └── BB-Q4_MITRE_D3FEND_Full.xlsx │ ├── 2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence │ ├── BazarLoader-iocs.csv │ ├── Conti-iocs.csv │ ├── Darkside-iocs.csv │ ├── DopplePaymer-iocs.csv │ ├── FIN7-iocs.csv │ ├── HiddenDragon-iocs.csv │ ├── IcedID-iocs.csv │ ├── MAN1-iocs.csv │ ├── README.md │ ├── Ryuk-iocs.csv │ ├── Salfram-iocs.csv │ ├── Trickbot-iocs.csv │ └── Ursnif-iocs.csv │ ├── 2023 - Q1 CTI Insights Report │ ├── ATT&CK MITRE │ │ └── BB-Q1_Techniques_navigator.json │ └── MITRE D3FEND │ │ └── BB-Q1_MITRE_D3FEND_Full.xlsx │ └── 2023 - Q2 CTI Insights Report │ ├── ATT&CK MITRE │ └── BB-Q2_Techniques_navigator.json │ └── MITRE D3FEND │ └── BB-Q2_MITRE_D3FEND_Full.xlsx ├── LICENSE ├── README.md └── Talks ├── 2022-11-25 - XVI Jornadas STIC CCN-CERT ├── Donde esta Carmen Sandiego_CCN-CERT-STIC-FINAL.pdf ├── README.md ├── jupyter notebooks │ ├── argentina-threat_actors-v2.csv │ ├── attack-mappings-ttps.csv │ ├── brasil-threat_actors-v2.csv │ ├── chile-threat_actors-v2.csv │ ├── colombia-threat_actors-v2.csv │ ├── ecuador-threat_actors-v2.csv │ ├── mexico-threat_actors-v2.csv │ ├── spain-threat_actors-v2.csv │ └── threat-actors-TM-STIC.ipynb └── threat sighting │ ├── Threat Sighing outcomes │ ├── 7e70bb32-5774-4a68-a524-48e36ed2bcd4_OpenIOC_Operation_Wocao.ioc │ ├── ATT&CK_Navigator_Sighting_Operation_Wocao.json │ ├── README.md │ ├── STIX_highLevel_Operation_Wocao.json │ ├── STIX_lowLevel_Operation_Wocao.json │ ├── maltegoHighLevel_Operation_Wocao.csv │ ├── maltegoLowLevel_Operation_Wocao.csv │ └── statistics_Operation_Wocao.json │ └── Threat_Sighting_Operation_Wocao.yml ├── 2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023 ├── MITRE ATT&CK Navigator │ ├── Chaos_ATT&CK_navigator.json │ ├── CoinMiner_ATT&CK_navigator.json │ ├── Downloaders_ATT&CK_navigator.json │ ├── Lockbit_ATT&CK_navigator.json │ ├── Orbit_ATT&CK_navigator.json │ ├── Symbiote_ATT&CK_navigator.json │ └── Trojans_ATT&CK_navigator.json ├── Pedro Drimel, Jose Luis Sanchez Martinez - Practical CTI Analysis Over 2022 ITW Linux Implants.pdf ├── README.md └── sigma rules │ ├── proc_creation_lnx_cp_passwd_tmp.yml │ ├── proc_creation_lnx_disable_ufw.yml │ ├── proc_creation_lnx_iptables_flush_ufw.yml │ ├── proc_creation_lnx_mount_hidepid.yml │ └── proc_creation_lnx_touch_susp.yml ├── 2023-03-21 - Uncovering the Tactics of RomCom RAT in the Ukraine-Russia Conflict ├── AISA_Canberra_RomCom_EoinHealy_March_2023.pdf └── README.md ├── 2023-10-18 - Australian Cyber Conference 2023 ├── EoinHealy_AISA_Melbourne_Slidedeck_Master.pdf └── Readme.md └── README.md /Blogs & Reports/Blogs/2021-08-19 - Threat Thursday TA575-Dridex/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2021-08-19 - Threat Thursday TA575-Dridex/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2021-08-19 - Threat Thursday TA575-Dridex/TA575-Dridex-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2021-08-19 - Threat Thursday TA575-Dridex/TA575-Dridex-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2021-10-05 - Drawing a Dragon Connecting the Dots to Find APT41/APT41.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2021-10-05 - Drawing a Dragon Connecting the Dots to Find APT41/APT41.csv -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2021-10-05 - Drawing a Dragon Connecting the Dots to Find APT41/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2021-10-05 - Drawing a Dragon Connecting the Dots to Find APT41/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-08-12 - Black Hat Look-Back Linux Implants - A Silent, Long-Living Threat/Linux_Implants-TTPs.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-08-12 - Black Hat Look-Back Linux Implants - A Silent, Long-Living Threat/Linux_Implants-TTPs.json -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-08-12 - Black Hat Look-Back Linux Implants - A Silent, Long-Living Threat/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-08-12 - Black Hat Look-Back Linux Implants - A Silent, Long-Living Threat/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-09-07 - The Curious Case of Monti Ransomware A Real-World Doppelganger/MONTI_Strain_ChaCha8_version_IOCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-09-07 - The Curious Case of Monti Ransomware A Real-World Doppelganger/MONTI_Strain_ChaCha8_version_IOCs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-09-07 - The Curious Case of Monti Ransomware A Real-World Doppelganger/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-09-07 - The Curious Case of Monti Ransomware A Real-World Doppelganger/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-09-07 - The Curious Case of Monti Ransomware A Real-World Doppelganger/Veeam_Credential_Dumper_IOCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-09-07 - The Curious Case of Monti Ransomware A Real-World Doppelganger/Veeam_Credential_Dumper_IOCs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-09-07 - The Curious Case of Monti Ransomware A Real-World Doppelganger/monti_ransomware.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-09-07 - The Curious Case of Monti Ransomware A Real-World Doppelganger/monti_ransomware.yar -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-09-07 - The Curious Case of Monti Ransomware A Real-World Doppelganger/veeamp_dumper.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-09-07 - The Curious Case of Monti Ransomware A Real-World Doppelganger/veeamp_dumper.yar -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-10-13 - BianLian Ransomware Encrypts Files in the Blink of an Eye/BianLian-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-10-13 - BianLian Ransomware Encrypts Files in the Blink of an Eye/BianLian-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-10-13 - BianLian Ransomware Encrypts Files in the Blink of an Eye/BianLian_Go_ransomware.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-10-13 - BianLian Ransomware Encrypts Files in the Blink of an Eye/BianLian_Go_ransomware.yar -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-10-13 - BianLian Ransomware Encrypts Files in the Blink of an Eye/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-10-13 - BianLian Ransomware Encrypts Files in the Blink of an Eye/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-10-22 - Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-10-22 - Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-10-22 - Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries/RomCom_RAT-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-10-22 - Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries/RomCom_RAT-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-10-22 - Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries/RomCom_RAT_UA.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-10-22 - Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries/RomCom_RAT_UA.yar -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-11-02 - RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom/MISP_RomCom_ThreatActor_Abuses_KeePass_and_SolarWinds.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-11-02 - RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom/MISP_RomCom_ThreatActor_Abuses_KeePass_and_SolarWinds.json -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-11-02 - RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-11-02 - RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-11-02 - RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom/RomCom_RAT-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-11-02 - RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom/RomCom_RAT-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-11-02 - RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom/RomCom_RAT_UA.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-11-02 - RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom/RomCom_RAT_UA.yar -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-11-02 - RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom/STIX_RomCom_Threat_Actor_Abuses_KeePass_and_SolarWinds.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-11-02 - RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom/STIX_RomCom_Threat_Actor_Abuses_KeePass_and_SolarWinds.json -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-11-03 - ChromeLoader Infects the Browser by Loading Malicious Extension/ChromeLoader-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-11-03 - ChromeLoader Infects the Browser by Loading Malicious Extension/ChromeLoader-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-11-03 - ChromeLoader Infects the Browser by Loading Malicious Extension/ChromeLoader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-11-03 - ChromeLoader Infects the Browser by Loading Malicious Extension/ChromeLoader.yar -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-11-03 - ChromeLoader Infects the Browser by Loading Malicious Extension/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-11-03 - ChromeLoader Infects the Browser by Loading Malicious Extension/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-11-16 - ARCrypter Ransomware Expands its Operations From Latin America to the World/ARCrypter-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-11-16 - ARCrypter Ransomware Expands its Operations From Latin America to the World/ARCrypter-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-11-16 - ARCrypter Ransomware Expands its Operations From Latin America to the World/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-11-16 - ARCrypter Ransomware Expands its Operations From Latin America to the World/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-12-06 - Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets/MustangPanda-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-12-06 - Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets/MustangPanda-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-12-06 - Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-12-06 - Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-12-08 - BlackByte Ransomware Takes an Extra Bite Using Double Extortion Methods/Blackbyte-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-12-08 - BlackByte Ransomware Takes an Extra Bite Using Double Extortion Methods/Blackbyte-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-12-08 - BlackByte Ransomware Takes an Extra Bite Using Double Extortion Methods/Blackbyte.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-12-08 - BlackByte Ransomware Takes an Extra Bite Using Double Extortion Methods/Blackbyte.yar -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2022-12-08 - BlackByte Ransomware Takes an Extra Bite Using Double Extortion Methods/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2022-12-08 - BlackByte Ransomware Takes an Extra Bite Using Double Extortion Methods/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-01-19 - Gamaredon (Ab)uses Telegram to Target Ukrainian Organizations/Gamaredon-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-01-19 - Gamaredon (Ab)uses Telegram to Target Ukrainian Organizations/Gamaredon-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-01-19 - Gamaredon (Ab)uses Telegram to Target Ukrainian Organizations/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-01-19 - Gamaredon (Ab)uses Telegram to Target Ukrainian Organizations/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-02-06 - ESXiArgs Ransomware Kicking out unpatched VMware ESXi Linux servers worldwide/ESXiArgs_Ransomware.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-02-06 - ESXiArgs Ransomware Kicking out unpatched VMware ESXi Linux servers worldwide/ESXiArgs_Ransomware.yar -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-02-06 - ESXiArgs Ransomware Kicking out unpatched VMware ESXi Linux servers worldwide/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-02-06 - ESXiArgs Ransomware Kicking out unpatched VMware ESXi Linux servers worldwide/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-02-09 - NewsPenguin, a Previously Unknown Threat Actor, Targets Pakistan with Advanced Espionage Tool/NewsPenguin-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-02-09 - NewsPenguin, a Previously Unknown Threat Actor, Targets Pakistan with Advanced Espionage Tool/NewsPenguin-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-02-09 - NewsPenguin, a Previously Unknown Threat Actor, Targets Pakistan with Advanced Espionage Tool/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-02-09 - NewsPenguin, a Previously Unknown Threat Actor, Targets Pakistan with Advanced Espionage Tool/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-02-15 - DarkBit Ransomware Targets Israel with Command-Line Options and Optimized Encryption Routines/DarkBit-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-02-15 - DarkBit Ransomware Targets Israel with Command-Line Options and Optimized Encryption Routines/DarkBit-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-02-15 - DarkBit Ransomware Targets Israel with Command-Line Options and Optimized Encryption Routines/DarkBit_Ransomware.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-02-15 - DarkBit Ransomware Targets Israel with Command-Line Options and Optimized Encryption Routines/DarkBit_Ransomware.yar -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-02-15 - DarkBit Ransomware Targets Israel with Command-Line Options and Optimized Encryption Routines/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-02-15 - DarkBit Ransomware Targets Israel with Command-Line Options and Optimized Encryption Routines/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-02-27 - Blind Eagle Deploys Fake UUE Files and Fsociety to Target Colombia's Judiciary, Financial, Public, and Law Enforcement Entities/BlindEagle-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-02-27 - Blind Eagle Deploys Fake UUE Files and Fsociety to Target Colombia's Judiciary, Financial, Public, and Law Enforcement Entities/BlindEagle-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-02-27 - Blind Eagle Deploys Fake UUE Files and Fsociety to Target Colombia's Judiciary, Financial, Public, and Law Enforcement Entities/BlindEagle.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-02-27 - Blind Eagle Deploys Fake UUE Files and Fsociety to Target Colombia's Judiciary, Financial, Public, and Law Enforcement Entities/BlindEagle.yar -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-02-27 - Blind Eagle Deploys Fake UUE Files and Fsociety to Target Colombia's Judiciary, Financial, Public, and Law Enforcement Entities/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-02-27 - Blind Eagle Deploys Fake UUE Files and Fsociety to Target Colombia's Judiciary, Financial, Public, and Law Enforcement Entities/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-03-14 - NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-03-14 - NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-03-14 - NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine/nobelium-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-03-14 - NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine/nobelium-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-03-14 - NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine/nobelium.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-03-14 - NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine/nobelium.yar -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-04-18 - From Google Ads Abuse to a Massive Spear-Phishing Campaign Impersonating Spains Tax Agency/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-04-18 - From Google Ads Abuse to a Massive Spear-Phishing Campaign Impersonating Spains Tax Agency/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-04-18 - From Google Ads Abuse to a Massive Spear-Phishing Campaign Impersonating Spains Tax Agency/spanish-campaign-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-04-18 - From Google Ads Abuse to a Massive Spear-Phishing Campaign Impersonating Spains Tax Agency/spanish-campaign-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-05-30 - Operation CMDStealer Financially Motivated Campaign Leverages CMD-Based Scripts and LOLBaS for Online Banking Theft/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-05-30 - Operation CMDStealer Financially Motivated Campaign Leverages CMD-Based Scripts and LOLBaS for Online Banking Theft/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-05-30 - Operation CMDStealer Financially Motivated Campaign Leverages CMD-Based Scripts and LOLBaS for Online Banking Theft/cmdstealer-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-05-30 - Operation CMDStealer Financially Motivated Campaign Leverages CMD-Based Scripts and LOLBaS for Online Banking Theft/cmdstealer-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-06-07 - RomCom Resurfaces Targeting Politicians in Ukraine and U.S.-Based Healthcare/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-06-07 - RomCom Resurfaces Targeting Politicians in Ukraine and U.S.-Based Healthcare/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-06-07 - RomCom Resurfaces Targeting Politicians in Ukraine and U.S.-Based Healthcare/RomCom-March-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-06-07 - RomCom Resurfaces Targeting Politicians in Ukraine and U.S.-Based Healthcare/RomCom-March-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-07-08 - RomCom Threat Actor Suspected of Targeting Ukraine's NATO Membership Talks at the NATO Summit/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-07-08 - RomCom Threat Actor Suspected of Targeting Ukraine's NATO Membership Talks at the NATO Summit/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Blogs/2023-07-08 - RomCom Threat Actor Suspected of Targeting Ukraine's NATO Membership Talks at the NATO Summit/romcom_nato_campaign-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Blogs/2023-07-08 - RomCom Threat Actor Suspected of Targeting Ukraine's NATO Membership Talks at the NATO Summit/romcom_nato_campaign-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Reports/2022 - Q4 CTI Insights Report/ATT&CK MITRE/BB-Q4_Techniques_navigator.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Reports/2022 - Q4 CTI Insights Report/ATT&CK MITRE/BB-Q4_Techniques_navigator.json -------------------------------------------------------------------------------- /Blogs & Reports/Reports/2022 - Q4 CTI Insights Report/MITRE D3FEND/BB-Q4_MITRE_D3FEND_Full.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Reports/2022 - Q4 CTI Insights Report/MITRE D3FEND/BB-Q4_MITRE_D3FEND_Full.xlsx -------------------------------------------------------------------------------- /Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/BazarLoader-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/BazarLoader-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/Conti-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/Conti-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/Darkside-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/Darkside-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/DopplePaymer-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/DopplePaymer-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/FIN7-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/FIN7-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/HiddenDragon-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/HiddenDragon-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/IcedID-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/IcedID-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/MAN1-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/MAN1-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/README.md -------------------------------------------------------------------------------- /Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/Ryuk-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/Ryuk-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/Salfram-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/Salfram-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/Trickbot-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/Trickbot-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/Ursnif-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Reports/2022-07-01 - Finding Beacons in the Dark - A Guide to Cyber Threat Intelligence/Ursnif-iocs.csv -------------------------------------------------------------------------------- /Blogs & Reports/Reports/2023 - Q1 CTI Insights Report/ATT&CK MITRE/BB-Q1_Techniques_navigator.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Reports/2023 - Q1 CTI Insights Report/ATT&CK MITRE/BB-Q1_Techniques_navigator.json -------------------------------------------------------------------------------- /Blogs & Reports/Reports/2023 - Q1 CTI Insights Report/MITRE D3FEND/BB-Q1_MITRE_D3FEND_Full.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Reports/2023 - Q1 CTI Insights Report/MITRE D3FEND/BB-Q1_MITRE_D3FEND_Full.xlsx -------------------------------------------------------------------------------- /Blogs & Reports/Reports/2023 - Q2 CTI Insights Report/ATT&CK MITRE/BB-Q2_Techniques_navigator.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Reports/2023 - Q2 CTI Insights Report/ATT&CK MITRE/BB-Q2_Techniques_navigator.json -------------------------------------------------------------------------------- /Blogs & Reports/Reports/2023 - Q2 CTI Insights Report/MITRE D3FEND/BB-Q2_MITRE_D3FEND_Full.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Blogs & Reports/Reports/2023 - Q2 CTI Insights Report/MITRE D3FEND/BB-Q2_MITRE_D3FEND_Full.xlsx -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/README.md -------------------------------------------------------------------------------- /Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/Donde esta Carmen Sandiego_CCN-CERT-STIC-FINAL.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/Donde esta Carmen Sandiego_CCN-CERT-STIC-FINAL.pdf -------------------------------------------------------------------------------- /Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/README.md -------------------------------------------------------------------------------- /Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/jupyter notebooks/argentina-threat_actors-v2.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/jupyter notebooks/argentina-threat_actors-v2.csv -------------------------------------------------------------------------------- /Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/jupyter notebooks/attack-mappings-ttps.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/jupyter notebooks/attack-mappings-ttps.csv -------------------------------------------------------------------------------- /Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/jupyter notebooks/brasil-threat_actors-v2.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/jupyter notebooks/brasil-threat_actors-v2.csv -------------------------------------------------------------------------------- /Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/jupyter notebooks/chile-threat_actors-v2.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/jupyter notebooks/chile-threat_actors-v2.csv -------------------------------------------------------------------------------- /Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/jupyter notebooks/colombia-threat_actors-v2.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/jupyter notebooks/colombia-threat_actors-v2.csv -------------------------------------------------------------------------------- /Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/jupyter notebooks/ecuador-threat_actors-v2.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/jupyter notebooks/ecuador-threat_actors-v2.csv -------------------------------------------------------------------------------- /Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/jupyter notebooks/mexico-threat_actors-v2.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/jupyter notebooks/mexico-threat_actors-v2.csv -------------------------------------------------------------------------------- /Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/jupyter notebooks/spain-threat_actors-v2.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/jupyter notebooks/spain-threat_actors-v2.csv -------------------------------------------------------------------------------- /Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/jupyter notebooks/threat-actors-TM-STIC.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/jupyter notebooks/threat-actors-TM-STIC.ipynb -------------------------------------------------------------------------------- /Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/threat sighting/Threat Sighing outcomes/7e70bb32-5774-4a68-a524-48e36ed2bcd4_OpenIOC_Operation_Wocao.ioc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/threat sighting/Threat Sighing outcomes/7e70bb32-5774-4a68-a524-48e36ed2bcd4_OpenIOC_Operation_Wocao.ioc -------------------------------------------------------------------------------- /Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/threat sighting/Threat Sighing outcomes/ATT&CK_Navigator_Sighting_Operation_Wocao.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/threat sighting/Threat Sighing outcomes/ATT&CK_Navigator_Sighting_Operation_Wocao.json -------------------------------------------------------------------------------- /Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/threat sighting/Threat Sighing outcomes/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/threat sighting/Threat Sighing outcomes/README.md -------------------------------------------------------------------------------- /Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/threat sighting/Threat Sighing outcomes/STIX_highLevel_Operation_Wocao.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/threat sighting/Threat Sighing outcomes/STIX_highLevel_Operation_Wocao.json -------------------------------------------------------------------------------- /Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/threat sighting/Threat Sighing outcomes/STIX_lowLevel_Operation_Wocao.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/threat sighting/Threat Sighing outcomes/STIX_lowLevel_Operation_Wocao.json -------------------------------------------------------------------------------- /Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/threat sighting/Threat Sighing outcomes/maltegoHighLevel_Operation_Wocao.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/threat sighting/Threat Sighing outcomes/maltegoHighLevel_Operation_Wocao.csv -------------------------------------------------------------------------------- /Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/threat sighting/Threat Sighing outcomes/maltegoLowLevel_Operation_Wocao.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/threat sighting/Threat Sighing outcomes/maltegoLowLevel_Operation_Wocao.csv -------------------------------------------------------------------------------- /Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/threat sighting/Threat Sighing outcomes/statistics_Operation_Wocao.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/threat sighting/Threat Sighing outcomes/statistics_Operation_Wocao.json -------------------------------------------------------------------------------- /Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/threat sighting/Threat_Sighting_Operation_Wocao.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2022-11-25 - XVI Jornadas STIC CCN-CERT/threat sighting/Threat_Sighting_Operation_Wocao.yml -------------------------------------------------------------------------------- /Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/MITRE ATT&CK Navigator/Chaos_ATT&CK_navigator.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/MITRE ATT&CK Navigator/Chaos_ATT&CK_navigator.json -------------------------------------------------------------------------------- /Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/MITRE ATT&CK Navigator/CoinMiner_ATT&CK_navigator.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/MITRE ATT&CK Navigator/CoinMiner_ATT&CK_navigator.json -------------------------------------------------------------------------------- /Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/MITRE ATT&CK Navigator/Downloaders_ATT&CK_navigator.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/MITRE ATT&CK Navigator/Downloaders_ATT&CK_navigator.json -------------------------------------------------------------------------------- /Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/MITRE ATT&CK Navigator/Lockbit_ATT&CK_navigator.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/MITRE ATT&CK Navigator/Lockbit_ATT&CK_navigator.json -------------------------------------------------------------------------------- /Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/MITRE ATT&CK Navigator/Orbit_ATT&CK_navigator.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/MITRE ATT&CK Navigator/Orbit_ATT&CK_navigator.json -------------------------------------------------------------------------------- /Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/MITRE ATT&CK Navigator/Symbiote_ATT&CK_navigator.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/MITRE ATT&CK Navigator/Symbiote_ATT&CK_navigator.json -------------------------------------------------------------------------------- /Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/MITRE ATT&CK Navigator/Trojans_ATT&CK_navigator.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/MITRE ATT&CK Navigator/Trojans_ATT&CK_navigator.json -------------------------------------------------------------------------------- /Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/Pedro Drimel, Jose Luis Sanchez Martinez - Practical CTI Analysis Over 2022 ITW Linux Implants.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/Pedro Drimel, Jose Luis Sanchez Martinez - Practical CTI Analysis Over 2022 ITW Linux Implants.pdf -------------------------------------------------------------------------------- /Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/README.md -------------------------------------------------------------------------------- /Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/sigma rules/proc_creation_lnx_cp_passwd_tmp.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/sigma rules/proc_creation_lnx_cp_passwd_tmp.yml -------------------------------------------------------------------------------- /Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/sigma rules/proc_creation_lnx_disable_ufw.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/sigma rules/proc_creation_lnx_disable_ufw.yml -------------------------------------------------------------------------------- /Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/sigma rules/proc_creation_lnx_iptables_flush_ufw.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/sigma rules/proc_creation_lnx_iptables_flush_ufw.yml -------------------------------------------------------------------------------- /Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/sigma rules/proc_creation_lnx_mount_hidepid.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/sigma rules/proc_creation_lnx_mount_hidepid.yml -------------------------------------------------------------------------------- /Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/sigma rules/proc_creation_lnx_touch_susp.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2023-01-30 - SANS Cyber Threat Intelligence Summit & Training 2023/sigma rules/proc_creation_lnx_touch_susp.yml -------------------------------------------------------------------------------- /Talks/2023-03-21 - Uncovering the Tactics of RomCom RAT in the Ukraine-Russia Conflict/AISA_Canberra_RomCom_EoinHealy_March_2023.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2023-03-21 - Uncovering the Tactics of RomCom RAT in the Ukraine-Russia Conflict/AISA_Canberra_RomCom_EoinHealy_March_2023.pdf -------------------------------------------------------------------------------- /Talks/2023-03-21 - Uncovering the Tactics of RomCom RAT in the Ukraine-Russia Conflict/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2023-03-21 - Uncovering the Tactics of RomCom RAT in the Ukraine-Russia Conflict/README.md -------------------------------------------------------------------------------- /Talks/2023-10-18 - Australian Cyber Conference 2023/EoinHealy_AISA_Melbourne_Slidedeck_Master.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2023-10-18 - Australian Cyber Conference 2023/EoinHealy_AISA_Melbourne_Slidedeck_Master.pdf -------------------------------------------------------------------------------- /Talks/2023-10-18 - Australian Cyber Conference 2023/Readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/2023-10-18 - Australian Cyber Conference 2023/Readme.md -------------------------------------------------------------------------------- /Talks/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackberry/threat-research-and-intelligence/HEAD/Talks/README.md --------------------------------------------------------------------------------