FIN is a group targeting financial assets including assets able to do financial transaction including PoS.
2020-01-14 ⋅ Bleeping Computer ⋅ Lawrence Abrams
@online{abrams:20200114:ryuk:b2e47fa,
author = {Lawrence Abrams},
title = {{Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices}},
date = {2020-01-14},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/ryuk-ransomware-uses-wake-on-lan-to-encrypt-offline-devices/},
language = {English},
urldate = {2020-01-15}
}
Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices
Ryuk |
2019-12-26 ⋅ Bleeping Computer ⋅ Lawrence Abrams
@online{abrams:20191226:ryuk:acc2284,
author = {Lawrence Abrams},
title = {{Ryuk Ransomware Stops Encrypting Linux Folders}},
date = {2019-12-26},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/ryuk-ransomware-stops-encrypting-linux-folders/},
language = {English},
urldate = {2020-01-08}
}
Ryuk Ransomware Stops Encrypting Linux Folders
Ryuk |
2019-12-23 ⋅ Norfolk
@online{norfolk:20191223:pos:5862d6d,
author = {Norfolk},
title = {{POS Malware Used at Fuel Pumps}},
date = {2019-12-23},
url = {https://norfolkinfosec.com/pos-malware-used-at-fuel-pumps/},
language = {English},
urldate = {2020-01-07}
}
POS Malware Used at Fuel Pumps
Grateful POS |
2019-12-23 ⋅ Bleeping Computer ⋅ Lawrence Abrams
@online{abrams:20191223:fbi:7c11cf8,
author = {Lawrence Abrams},
title = {{FBI Issues Alert For LockerGoga and MegaCortex Ransomware}},
date = {2019-12-23},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/fbi-issues-alert-for-lockergoga-and-megacortex-ransomware/},
language = {English},
urldate = {2020-01-08}
}
FBI Issues Alert For LockerGoga and MegaCortex Ransomware
LockerGoga MegaCortex |
2019-12-21 ⋅ Decrypt ⋅ Adriana Hamacher
@online{hamacher:20191221:how:9d026a8,
author = {Adriana Hamacher},
title = {{How ransomware exploded in the age of Bitcoin}},
date = {2019-12-21},
organization = {Decrypt},
url = {https://decrypt.co/15394/how-ransomware-exploded-in-the-age-of-btc},
language = {English},
urldate = {2020-01-13}
}
How ransomware exploded in the age of Bitcoin
Ryuk |
2019-12-19 ⋅ Malwarebytes ⋅ Jovi Umawing
@online{umawing:20191219:threat:552a941,
author = {Jovi Umawing},
title = {{Threat spotlight: the curious case of Ryuk ransomware}},
date = {2019-12-19},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/},
language = {English},
urldate = {2020-01-08}
}
Threat spotlight: the curious case of Ryuk ransomware
Ryuk |
2019-12-15 ⋅ Bleeping Computer ⋅ Lawrence Abrams
@online{abrams:20191215:ryuk:74f6eab,
author = {Lawrence Abrams},
title = {{Ryuk Ransomware Likely Behind New Orleans Cyberattack}},
date = {2019-12-15},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/ryuk-ransomware-likely-behind-new-orleans-cyberattack/},
language = {English},
urldate = {2020-01-13}
}
Ryuk Ransomware Likely Behind New Orleans Cyberattack
Ryuk |
2019-12-09 ⋅ Emsisoft ⋅ EmsiSoft Malware Lab
@online{lab:20191209:caution:05ff83a,
author = {EmsiSoft Malware Lab},
title = {{Caution! Ryuk Ransomware decryptor damages larger files, even if you pay}},
date = {2019-12-09},
organization = {Emsisoft},
url = {https://blog.emsisoft.com/en/35023/bug-in-latest-ryuk-decryptor-may-cause-data-loss/},
language = {English},
urldate = {2020-01-07}
}
Caution! Ryuk Ransomware decryptor damages larger files, even if you pay
Ryuk |
2019-12-05 ⋅ Raphael Mudge
@online{mudge:20191205:cobalt:219044e,
author = {Raphael Mudge},
title = {{Cobalt Strike 4.0 – Bring Your Own Weaponization}},
date = {2019-12-05},
url = {https://blog.cobaltstrike.com/},
language = {English},
urldate = {2019-12-06}
}
Cobalt Strike 4.0 – Bring Your Own Weaponization
Cobalt Strike |
2019-12-05 ⋅ Github (blackorbird) ⋅ blackorbird
@techreport{blackorbird:20191205:apt32:0afe4e7,
author = {blackorbird},
title = {{APT32 Report}},
date = {2019-12-05},
institution = {Github (blackorbird)},
url = {https://github.com/blackorbird/APT_REPORT/blob/master/Oceanlotus/apt32_report_2019.pdf},
language = {Japanese},
urldate = {2020-01-10}
}
APT32 Report
Cobalt Strike |
2019-11-27 ⋅ Twitter (@Prosegur) ⋅ Prosegur
@online{prosegur:20191127:incident:bd76c3f,
author = {Prosegur},
title = {{Tweet on Incident of Information Security}},
date = {2019-11-27},
organization = {Twitter (@Prosegur)},
url = {https://twitter.com/Prosegur/status/1199732264386596864},
language = {English},
urldate = {2020-01-09}
}
Tweet on Incident of Information Security
Ryuk |
2019-11-06 ⋅ Heise Security ⋅ Thomas Hungenberg
@online{hungenberg:20191106:emotet:1605954,
author = {Thomas Hungenberg},
title = {{Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail}},
date = {2019-11-06},
organization = {Heise Security},
url = {https://www.heise.de/security/artikel/Emotet-Trickbot-Ryuk-ein-explosiver-Malware-Cocktail-4573848.html},
language = {German},
urldate = {2020-01-06}
}
Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail
Emotet Ryuk TrickBot |
2019-11-05 ⋅ tccontre Blog ⋅ tccontre
@online{tccontre:20191105:cobaltstrike:02e37af,
author = {tccontre},
title = {{CobaltStrike - beacon.dll : Your No Ordinary MZ Header}},
date = {2019-11-05},
organization = {tccontre Blog},
url = {https://tccontre.blogspot.com/2019/11/cobaltstrike-beacondll-your-not.html},
language = {English},
urldate = {2019-12-17}
}
CobaltStrike - beacon.dll : Your No Ordinary MZ Header
Cobalt Strike |
2019-11 ⋅ CCN-CERT ⋅ CCN-CERT
@online{ccncert:201911:informe:69b39b5,
author = {CCN-CERT},
title = {{Informe Código Dañino CCN-CERT ID-26/19}},
date = {2019-11},
organization = {CCN-CERT},
url = {https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos/4217-ccn-cert-id-26-19-ryuk-1/file.html},
language = {Espanyol},
urldate = {2020-01-10}
}
Informe Código Dañino CCN-CERT ID-26/19
Ryuk |
2019-11-01 ⋅ CrowdStrike ⋅ Alexander Hanel, Brett Stone-Gross
@online{hanel:20191101:wizard:a34a09e,
author = {Alexander Hanel and Brett Stone-Gross},
title = {{WIZARD SPIDER Adds New Features to Ryuk for Targeting Hosts on LAN}},
date = {2019-11-01},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/wizard-spider-adds-new-feature-to-ryuk-ransomware/},
language = {English},
urldate = {2019-12-20}
}
WIZARD SPIDER Adds New Features to Ryuk for Targeting Hosts on LAN
Ryuk WIZARD SPIDER |
2019-08-29 ⋅ Security Intelligence ⋅ Ole Villadsen, Kevin Henson, Melissa Frydrych, Joey Victorino
@online{villadsen:20190829:moreeggs:8ff7351,
author = {Ole Villadsen and Kevin Henson and Melissa Frydrych and Joey Victorino},
title = {{More_eggs, Anyone? Threat Actor ITG08 Strikes Again}},
date = {2019-08-29},
organization = {Security Intelligence},
url = {https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/},
language = {English},
urldate = {2020-01-13}
}
More_eggs, Anyone? Threat Actor ITG08 Strikes Again
More_eggs FIN6 |
2019-06-04 ⋅ Bitdefender ⋅ Bitdefender
@techreport{bitdefender:20190604:blueprint:ce0583c,
author = {Bitdefender},
title = {{An APT Blueprint: Gaining New Visibility into Financial Threats}},
date = {2019-06-04},
institution = {Bitdefender},
url = {https://www.bitdefender.com/files/News/CaseStudies/study/262/Bitdefender-WhitePaper-An-APT-Blueprint-Gaining-New-Visibility-into-Financial-Threats-interactive.pdf},
language = {English},
urldate = {2019-12-18}
}
An APT Blueprint: Gaining New Visibility into Financial Threats
More_eggs Cobalt Strike |
2019-05-19 ⋅ nrk ⋅ Henrik Lied, Peter Svaar, Dennis Ravndal, Anders Brekke, Kristine Hirsti
@online{lied:20190519:skreddersydd:e16c8d8,
author = {Henrik Lied and Peter Svaar and Dennis Ravndal and Anders Brekke and Kristine Hirsti},
title = {{Skreddersydd dobbeltangrep mot Hydro}},
date = {2019-05-19},
organization = {nrk},
url = {https://www.nrk.no/norge/skreddersydd-dobbeltangrep-mot-hydro-1.14480202},
language = {Norwegian},
urldate = {2019-11-21}
}
Skreddersydd dobbeltangrep mot Hydro
LockerGoga |
2019-05-09 ⋅ GovCERT.ch ⋅ GovCERT.ch
@online{govcertch:20190509:severe:2767782,
author = {GovCERT.ch},
title = {{Severe Ransomware Attacks Against Swiss SMEs}},
date = {2019-05-09},
organization = {GovCERT.ch},
url = {https://www.govcert.admin.ch/blog/36/severe-ransomware-attacks-against-swiss-smes},
language = {English},
urldate = {2019-07-11}
}
Severe Ransomware Attacks Against Swiss SMEs
Emotet LockerGoga Ryuk TrickBot |
2019-05-04 ⋅ Abuse.io ⋅ Abuse.io
@online{abuseio:20190504:abuseio:d5062ca,
author = {Abuse.io},
title = {{Abuse.io Report - Lockergoga}},
date = {2019-05-04},
organization = {Abuse.io},
url = {https://www.abuse.io/lockergoga.txt},
language = {English},
urldate = {2020-01-07}
}
Abuse.io Report - Lockergoga
LockerGoga |
2019-04-24 ⋅ Weixin ⋅ Tencent
@online{tencent:20190424:sea:a722d68,
author = {Tencent},
title = {{"Sea Lotus" APT organization's attack techniques against China in the first quarter of 2019 revealed}},
date = {2019-04-24},
organization = {Weixin},
url = {https://mp.weixin.qq.com/s/xPsEXp2J5IE7wNSMEVC24A},
language = {English},
urldate = {2020-01-13}
}
"Sea Lotus" APT organization's attack techniques against China in the first quarter of 2019 revealed
Cobalt Strike SOUNDBITE |
2019-04-16 ⋅ Youtube (Norsk Hydro) ⋅ Norsk Hydro
@online{hydro:20190416:cyber:ada48a4,
author = {Norsk Hydro},
title = {{The cyber attack rescue operation in Hydro Toulouse}},
date = {2019-04-16},
organization = {Youtube (Norsk Hydro)},
url = {https://www.youtube.com/watch?v=o6eEN0mUakM},
language = {English},
urldate = {2020-01-13}
}
The cyber attack rescue operation in Hydro Toulouse
LockerGoga |
2019-04-15 ⋅ PenTestPartners ⋅ Neil Lines
@online{lines:20190415:cobalt:7b3c086,
author = {Neil Lines},
title = {{Cobalt Strike. Walkthrough for Red Teamers}},
date = {2019-04-15},
organization = {PenTestPartners},
url = {https://www.pentestpartners.com/security-blog/cobalt-strike-walkthrough-for-red-teamers/},
language = {English},
urldate = {2019-12-17}
}
Cobalt Strike. Walkthrough for Red Teamers
Cobalt Strike |
2019-04-05 ⋅ FireEye ⋅ Brendan McKeague, Van Ta, Ben Fedore, Geoff Ackerman, Alex Pennino, Andrew Thompson, Douglas Bienstock
@online{mckeague:20190405:picksix:d101a59,
author = {Brendan McKeague and Van Ta and Ben Fedore and Geoff Ackerman and Alex Pennino and Andrew Thompson and Douglas Bienstock},
title = {{Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware}},
date = {2019-04-05},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html},
language = {English},
urldate = {2019-12-20}
}
Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware
LockerGoga Ryuk FIN6 |
2019-04-02 ⋅ HelpNetSecurity ⋅ Zeljka Zorz
@online{zorz:20190402:lockergoga:7fe224d,
author = {Zeljka Zorz},
title = {{A LockerGoga primer and decrypters for Mira and Aurora ransomwares}},
date = {2019-04-02},
organization = {HelpNetSecurity},
url = {https://www.helpnetsecurity.com/2019/04/02/aurora-decrypter-mira-decrypter/},
language = {English},
urldate = {2019-12-16}
}
A LockerGoga primer and decrypters for Mira and Aurora ransomwares
LockerGoga |
2019-04-02 ⋅ Cybereason ⋅ Noa Pinkas, Lior Rochberger, Matan Zatz
@online{pinkas:20190402:triple:10a3e37,
author = {Noa Pinkas and Lior Rochberger and Matan Zatz},
title = {{Triple Threat: Emotet Deploys Trickbot to Steal Data & Spread Ryuk}},
date = {2019-04-02},
organization = {Cybereason},
url = {https://www.cybereason.com/blog/triple-threat-emotet-deploys-trickbot-to-steal-data-spread-ryuk-ransomware},
language = {English},
urldate = {2020-01-09}
}
Triple Threat: Emotet Deploys Trickbot to Steal Data & Spread Ryuk
Ryuk TrickBot |
2019-03-26 ⋅ ANSSI ⋅ ANSSI
@techreport{anssi:20190326:informations:7965c3d,
author = {ANSSI},
title = {{INFORMATIONS CONCERNANTLES RANÇONGICIELSLOCKERGOGA ET RYUK}},
date = {2019-03-26},
institution = {ANSSI},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2019-ACT-005.pdf},
language = {French},
urldate = {2020-01-10}
}
INFORMATIONS CONCERNANTLES RANÇONGICIELSLOCKERGOGA ET RYUK
Ryuk |
2019-03-21 ⋅ DoublePulsar ⋅ Kevin Beaumont
@online{beaumont:20190321:how:ecfbbf1,
author = {Kevin Beaumont},
title = {{How Lockergoga took down Hydro — ransomware used in targeted attacks aimed at big business}},
date = {2019-03-21},
organization = {DoublePulsar},
url = {https://doublepulsar.com/how-lockergoga-took-down-hydro-ransomware-used-in-targeted-attacks-aimed-at-big-business-c666551f5880},
language = {English},
urldate = {2019-11-29}
}
How Lockergoga took down Hydro — ransomware used in targeted attacks aimed at big business
LockerGoga |
2019-02-27 ⋅ Morphisec ⋅ Michael Gorelik, Alon Groisman
@online{gorelik:20190227:new:5296a0b,
author = {Michael Gorelik and Alon Groisman},
title = {{New Global Cyber Attack on Point of Sale Sytem}},
date = {2019-02-27},
organization = {Morphisec},
url = {http://blog.morphisec.com/new-global-attack-on-point-of-sale-systems},
language = {English},
urldate = {2020-01-09}
}
New Global Cyber Attack on Point of Sale Sytem
Cobalt Strike |
2019-02-21 ⋅ Proofpoint ⋅ Proofpoint Threat Insight Team
@online{team:20190221:fake:e94f77a,
author = {Proofpoint Threat Insight Team},
title = {{Fake Jobs: Campaigns Delivering More_eggs Backdoor via Fake Job Offers}},
date = {2019-02-21},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers},
language = {English},
urldate = {2019-12-20}
}
Fake Jobs: Campaigns Delivering More_eggs Backdoor via Fake Job Offers
More_eggs |
2019-01-30 ⋅ Bleeping Computer ⋅ Ionut Ilascu
@online{ilascu:20190130:new:5c2d8da,
author = {Ionut Ilascu},
title = {{New LockerGoga Ransomware Allegedly Used in Altran Attack}},
date = {2019-01-30},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/new-lockergoga-ransomware-allegedly-used-in-altran-attack/},
language = {English},
urldate = {2019-12-20}
}
New LockerGoga Ransomware Allegedly Used in Altran Attack
LockerGoga |
2019-01-11 ⋅ FireEye ⋅ Kimberly Goody, Jeremy Kennelly, Jaideep Natu, Christopher Glyer
@online{goody:20190111:nasty:3c872d4,
author = {Kimberly Goody and Jeremy Kennelly and Jaideep Natu and Christopher Glyer},
title = {{A Nasty Trick: From Credential Theft Malware to Business Disruption}},
date = {2019-01-11},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2019/01/a-nasty-trick-from-credential-theft-malware-to-business-disruption.html},
language = {English},
urldate = {2019-12-20}
}
A Nasty Trick: From Credential Theft Malware to Business Disruption
Ryuk TrickBot GRIM SPIDER WIZARD SPIDER |
2019-01-10 ⋅ CrowdStrike ⋅ Alexander Hanel
@online{hanel:20190110:big:7e10bdf,
author = {Alexander Hanel},
title = {{Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware}},
date = {2019-01-10},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/},
language = {English},
urldate = {2019-12-20}
}
Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware
Ryuk GRIM SPIDER MUMMY SPIDER STARDUST CHOLLIMA WIZARD SPIDER |
2019-01-09 ⋅ McAfee ⋅ John Fokker, Christiaan Beek
@online{fokker:20190109:ryuk:350f477,
author = {John Fokker and Christiaan Beek},
title = {{Ryuk Ransomware Attack: Rush to Attribution Misses the Point}},
date = {2019-01-09},
organization = {McAfee},
url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/ryuk-ransomware-attack-rush-to-attribution-misses-the-point/},
language = {English},
urldate = {2020-01-09}
}
Ryuk Ransomware Attack: Rush to Attribution Misses the Point
Ryuk |
2019 ⋅ MITRE ⋅ MITRE ATT&CK
@online{attck:2019:fin6:791eaef,
author = {MITRE ATT&CK},
title = {{Group description: FIN6}},
date = {2019},
organization = {MITRE},
url = {https://attack.mitre.org/groups/G0037/},
language = {English},
urldate = {2019-12-20}
}
Group description: FIN6
FIN6 |
2019 ⋅ Virus Bulletin ⋅ Gabriela Nicolao, Luciano Martins
@techreport{nicolao:2019:shinigamis:8397861,
author = {Gabriela Nicolao and Luciano Martins},
title = {{Shinigami's Revenge: The Long Tail of Ryuk Malware}},
date = {2019},
institution = {Virus Bulletin},
url = {https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-NicolaoMartins.pdf},
language = {English},
urldate = {2020-01-05}
}
Shinigami's Revenge: The Long Tail of Ryuk Malware
Ryuk |
2018-12-29 ⋅ Los Angeles Times ⋅ Tony Barboza, Meg James, Emily Alpert Reyes
@online{barboza:20181229:malware:d5d8d0d,
author = {Tony Barboza and Meg James and Emily Alpert Reyes},
title = {{Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S.}},
date = {2018-12-29},
organization = {Los Angeles Times},
url = {https://www.latimes.com/local/lanow/la-me-ln-times-delivery-disruption-20181229-story.html},
language = {English},
urldate = {2020-01-10}
}
Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S.
Ryuk |
2018-11-19 ⋅ FireEye ⋅ Matthew Dunwoody, Andrew Thompson, Ben Withnell, Jonathan Leathery, Michael Matonis, Nick Carr
@online{dunwoody:20181119:not:e581291,
author = {Matthew Dunwoody and Andrew Thompson and Ben Withnell and Jonathan Leathery and Michael Matonis and Nick Carr},
title = {{Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign}},
date = {2018-11-19},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html},
language = {English},
urldate = {2019-12-20}
}
Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
Cobalt Strike |
2018-11-18 ⋅ Stranded on Pylos Blog ⋅ Joe
@online{joe:20181118:cozybear:4801301,
author = {Joe},
title = {{CozyBear – In from the Cold?}},
date = {2018-11-18},
organization = {Stranded on Pylos Blog},
url = {https://pylos.co/2018/11/18/cozybear-in-from-the-cold/},
language = {English},
urldate = {2020-01-09}
}
CozyBear – In from the Cold?
Cobalt Strike APT 29 |
2018-10-17 ⋅ MITRE ATT&CK ⋅ MITRE
@online{mitre:20181017:software:84822e8,
author = {MITRE},
title = {{Software Description: More_eggs}},
date = {2018-10-17},
organization = {MITRE ATT&CK},
url = {https://attack.mitre.org/software/S0284/},
language = {English},
urldate = {2020-01-10}
}
Software Description: More_eggs
More_eggs |
2018-10-08 ⋅ Morphisec ⋅ Michael Gorelik
@online{gorelik:20181008:cobalt:dece0e0,
author = {Michael Gorelik},
title = {{Cobalt Group 2.0}},
date = {2018-10-08},
organization = {Morphisec},
url = {https://blog.morphisec.com/cobalt-gang-2.0},
language = {English},
urldate = {2020-01-05}
}
Cobalt Group 2.0
More_eggs |
2018-09-27 ⋅ Secureworks ⋅ Counter Threat Unit ResearchTeam
@online{researchteam:20180927:cybercriminals:a7f1c24,
author = {Counter Threat Unit ResearchTeam},
title = {{Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish}},
date = {2018-09-27},
organization = {Secureworks},
url = {https://www.secureworks.com/blog/cybercriminals-increasingly-trying-to-ensnare-the-big-financial-fish},
language = {English},
urldate = {2020-01-08}
}
Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish
More_eggs Cobalt |
2018-08-30 ⋅ NetScout ⋅ ASERT Team
@online{team:20180830:double:e5d9e22,
author = {ASERT Team},
title = {{Double the Infection, Double the Fun}},
date = {2018-08-30},
organization = {NetScout},
url = {https://asert.arbornetworks.com/double-the-infection-double-the-fun/},
language = {English},
urldate = {2020-01-08}
}
Double the Infection, Double the Fun
More_eggs CobInt |
2018-08-20 ⋅ Check Point ⋅ Itay Cohen, Ben Herzog
@online{cohen:20180820:ryuk:5756495,
author = {Itay Cohen and Ben Herzog},
title = {{Ryuk Ransomware: A Targeted Campaign Break-Down}},
date = {2018-08-20},
organization = {Check Point},
url = {https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/},
language = {English},
urldate = {2019-12-10}
}
Ryuk Ransomware: A Targeted Campaign Break-Down
Ryuk |
2018-08-03 ⋅ JPCERT/CC ⋅ Takuya Endo, Yukako Uchida
@online{endo:20180803:volatility:4597ce0,
author = {Takuya Endo and Yukako Uchida},
title = {{Volatility Plugin for Detecting Cobalt Strike Beacon}},
date = {2018-08-03},
organization = {JPCERT/CC},
url = {https://blogs.jpcert.or.jp/en/2018/08/volatility-plugin-for-detecting-cobalt-strike-beacon.html},
language = {English},
urldate = {2019-07-11}
}
Volatility Plugin for Detecting Cobalt Strike Beacon
Cobalt Strike |
2018-07-31 ⋅ Github (JPCERTCC) ⋅ JPCERT/CC
@online{jpcertcc:20180731:scanner:d1757d9,
author = {JPCERT/CC},
title = {{Scanner for CobaltStrike}},
date = {2018-07-31},
organization = {Github (JPCERTCC)},
url = {https://github.com/JPCERTCC/aa-tools/blob/master/cobaltstrikescan.py},
language = {English},
urldate = {2020-01-13}
}
Scanner for CobaltStrike
Cobalt Strike |
2018-07-31 ⋅ Cisco Talos ⋅ Vanja Svajcer
@online{svajcer:20180731:multiple:15a3457,
author = {Vanja Svajcer},
title = {{Multiple Cobalt Personality Disorder}},
date = {2018-07-31},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2018/07/multiple-cobalt-personality-disorder.html},
language = {English},
urldate = {2019-12-15}
}
Multiple Cobalt Personality Disorder
More_eggs |
2018-05-21 ⋅ LAC ⋅ Yoshihiro Ishikawa
@online{ishikawa:20180521:confirmed:ad336b5,
author = {Yoshihiro Ishikawa},
title = {{Confirmed new attacks by APT attacker group menuPass (APT10)}},
date = {2018-05-21},
organization = {LAC},
url = {https://www.lac.co.jp/lacwatch/people/20180521_001638.html},
language = {Japanese},
urldate = {2019-10-27}
}
Confirmed new attacks by APT attacker group menuPass (APT10)
Cobalt Strike |
2018-03-02 ⋅ Reaqta ⋅ Reaqta
@online{reaqta:20180302:spearphishing:3d933a4,
author = {Reaqta},
title = {{Spear-phishing campaign leveraging on MSXSL}},
date = {2018-03-02},
organization = {Reaqta},
url = {https://reaqta.com/2018/03/spear-phishing-campaign-leveraging-msxsl/},
language = {English},
urldate = {2020-01-08}
}
Spear-phishing campaign leveraging on MSXSL
More_eggs |
2017-12-13 ⋅ Vitali Kremez Blog ⋅ Vitali Kremez
@online{kremez:20171213:update:50a1f16,
author = {Vitali Kremez},
title = {{Update: Let's Learn: Reversing FIN6 "GratefulPOS" aka "FrameworkPOS" Point-of-Sale Malware in-Depth}},
date = {2017-12-13},
organization = {Vitali Kremez Blog},
url = {http://www.vkremez.com/2017/12/lets-learn-reversing-grateful-point-of.html},
language = {English},
urldate = {2020-01-08}
}
Update: Let's Learn: Reversing FIN6 "GratefulPOS" aka "FrameworkPOS" Point-of-Sale Malware in-Depth
Grateful POS |
2017-12-08 ⋅ RSA ⋅ Kent Beckman
@online{beckman:20171208:gratefulpos:0ba1053,
author = {Kent Beckman},
title = {{GratefulPOS credit card stealing malware - just in time for the shopping season}},
date = {2017-12-08},
organization = {RSA},
url = {https://community.rsa.com/community/products/netwitness/blog/2017/12/08/gratefulpos-credit-card-stealing-malware-just-in-time-for-the-shopping-season},
language = {English},
urldate = {2020-01-08}
}
GratefulPOS credit card stealing malware - just in time for the shopping season
Grateful POS |
2017-11-20 ⋅ Trend Micro ⋅ Ronnie Giagone, Lenart Bermejo, Fyodor Yarochkin
@online{giagone:20171120:cobalt:fb5c2ed,
author = {Ronnie Giagone and Lenart Bermejo and Fyodor Yarochkin},
title = {{Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks}},
date = {2017-11-20},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-8759-exploit/},
language = {English},
urldate = {2019-10-29}
}
Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks
More_eggs Cobalt |
2017-08-07 ⋅ Trend Micro ⋅ Lenart Bermejo, Ronnie Giagone, Rubio Wu, Fyodor Yarochkin
@online{bermejo:20170807:backdoorcarrying:317ebe3,
author = {Lenart Bermejo and Ronnie Giagone and Rubio Wu and Fyodor Yarochkin},
title = {{Backdoor-carrying Emails Set Sights on Russian-speaking Businesses}},
date = {2017-08-07},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-carrying-emails-set-sights-on-russian-speaking-businesses/},
language = {English},
urldate = {2020-01-09}
}
Backdoor-carrying Emails Set Sights on Russian-speaking Businesses
More_eggs |
2017-06-06 ⋅ FireEye ⋅ Ian Ahl
@online{ahl:20170606:privileges:9598d5f,
author = {Ian Ahl},
title = {{Privileges and Credentials: Phished at the Request of Counsel}},
date = {2017-06-06},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html},
language = {English},
urldate = {2019-12-20}
}
Privileges and Credentials: Phished at the Request of Counsel
Cobalt Strike |
2016-10-11 ⋅ Symantec ⋅ Symantec Security Response
@online{response:20161011:odinaff:36b35db,
author = {Symantec Security Response},
title = {{Odinaff: New Trojan used in high level financial attacks}},
date = {2016-10-11},
organization = {Symantec},
url = {https://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks},
language = {English},
urldate = {2019-12-05}
}
Odinaff: New Trojan used in high level financial attacks
Cobalt Strike KLRD MimiKatz Odinaff Anunak |
2012 ⋅ Cobalt Strike ⋅ Cobalt Strike
@online{strike:2012:cobalt:8522cdd,
author = {Cobalt Strike},
title = {{Cobalt Strike Website}},
date = {2012},
organization = {Cobalt Strike},
url = {https://www.cobaltstrike.com/support},
language = {English},
urldate = {2020-01-13}
}
Cobalt Strike Website
Cobalt Strike |
2011-06-29 ⋅ Symantec ⋅ John McDonald
@techreport{mcdonald:20110629:inside:5df2e81,
author = {John McDonald},
title = {{Inside a Back Door Attack}},
date = {2011-06-29},
institution = {Symantec},
url = {https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf},
language = {English},
urldate = {2019-11-29}
}
Inside a Back Door Attack
Grateful POS FIN6 |