Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-10-12Cluster25Cluster25 Threat Intel Team
@online{team:20231012:cve202338831:6b50b62, author = {Cluster25 Threat Intel Team}, title = {{CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations}}, date = {2023-10-12}, organization = {Cluster25}, url = {https://blog.cluster25.duskrise.com/2023/10/12/cve-2023-38831-russian-attack}, language = {English}, urldate = {2023-10-13} } CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations
Agent Tesla Crimson RAT Nanocore RAT SmokeLoader
2023-05-22Cluster25Cluster25 Threat Intel Team
@online{team:20230522:back:fdaaa98, author = {Cluster25 Threat Intel Team}, title = {{Back in Black: BlackByte Ransomware returns with its New Technology (NT) version}}, date = {2023-05-22}, organization = {Cluster25}, url = {https://blog.cluster25.duskrise.com/2023/05/22/back-in-black-blackbyte-nt}, language = {English}, urldate = {2023-05-23} } Back in Black: BlackByte Ransomware returns with its New Technology (NT) version
BlackByte
2022-09-23Cluster25Cluster25
@online{cluster25:20220923:in:ea96772, author = {Cluster25}, title = {{In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants}}, date = {2022-09-23}, organization = {Cluster25}, url = {https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/}, language = {English}, urldate = {2022-09-26} } In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants
Graphite
2022-09-15DuskRiseCluster25 Threat Intel Team
@online{team:20220915:erbium:ed02078, author = {Cluster25 Threat Intel Team}, title = {{Erbium InfoStealer Enters the Scene: Characteristics and Origins}}, date = {2022-09-15}, organization = {DuskRise}, url = {https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer}, language = {English}, urldate = {2022-09-30} } Erbium InfoStealer Enters the Scene: Characteristics and Origins
Erbium Stealer
2022-07-06Cluster25Cluster25
@online{cluster25:20220706:lockbit:5228074, author = {Cluster25}, title = {{LockBit 3.0: “Making The Ransomware Great Again”}}, date = {2022-07-06}, organization = {Cluster25}, url = {https://cluster25.io/2022/07/06/lockbit-3-0-making-the-ransomware-great-again/}, language = {English}, urldate = {2022-07-13} } LockBit 3.0: “Making The Ransomware Great Again”
LockBit
2022-05-13Cluster25Cluster25
@online{cluster25:20220513:cozy:44aa396, author = {Cluster25}, title = {{Cozy Smuggled Into The Box: APT29 Abusing Legitimate Software For Targeted Operations In Europe}}, date = {2022-05-13}, organization = {Cluster25}, url = {https://cluster25.io/2022/05/13/cozy-smuggled-into-the-box/}, language = {English}, urldate = {2022-05-17} } Cozy Smuggled Into The Box: APT29 Abusing Legitimate Software For Targeted Operations In Europe
2022-05-04Twitter (@ESETresearch)Twitter (@ESETresearch)
@online{esetresearch:20220504:twitter:48f1a89, author = {Twitter (@ESETresearch)}, title = {{Twitter thread on code similarity analysis, focussing on IsaacWiper and recent Cluster25 publication}}, date = {2022-05-04}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1521910890072842240}, language = {English}, urldate = {2022-05-05} } Twitter thread on code similarity analysis, focussing on IsaacWiper and recent Cluster25 publication
IsaacWiper
2022-05-03Cluster25Cluster25
@online{cluster25:20220503:strange:1481afa, author = {Cluster25}, title = {{The Strange Link Between A Destructive Malware And A Ransomware-Gang Linked Custom Loader: IsaacWiper Vs Vatet}}, date = {2022-05-03}, organization = {Cluster25}, url = {https://cluster25.io/2022/05/03/a-strange-link-between-a-destructive-malware-and-the-loader-of-a-ransomware-group-isaacwiper-vs-vatet/}, language = {English}, urldate = {2022-05-04} } The Strange Link Between A Destructive Malware And A Ransomware-Gang Linked Custom Loader: IsaacWiper Vs Vatet
Cobalt Strike IsaacWiper PyXie
2022-04-29Cluster25Cluster25
@online{cluster25:20220429:lotus:c5520e5, author = {Cluster25}, title = {{The LOTUS PANDA Is Awake, Again. Analysis Of Its Last Strike.}}, date = {2022-04-29}, organization = {Cluster25}, url = {https://cluster25.io/2022/04/29/lotus-panda-awake-last-strike/}, language = {English}, urldate = {2022-04-29} } The LOTUS PANDA Is Awake, Again. Analysis Of Its Last Strike.
APT30 Naikon
2022-04-11Cluster25APT + Intelligence
@online{intelligence:20220411:dprknexus:48d0d85, author = {APT + Intelligence}, title = {{DPRK-Nexus Adversary Targets South-Korean Individuals In A New Chapter of Kitty Phishing Operation}}, date = {2022-04-11}, organization = {Cluster25}, url = {https://cluster25.io/2022/04/11/dprk-nexus-adversary-new-kitty-phishing/}, language = {English}, urldate = {2022-05-04} } DPRK-Nexus Adversary Targets South-Korean Individuals In A New Chapter of Kitty Phishing Operation
2022-03-08Cluster25Cluster25
@online{cluster25:20220308:ghostwriter:3f0d3c1, author = {Cluster25}, title = {{GhostWriter / UNC1151 adopts MicroBackdoor Variants in Cyber Operations against Ukraine}}, date = {2022-03-08}, organization = {Cluster25}, url = {https://cluster25.io/2022/03/08/ghostwriter-unc1151-adopts-microbackdoor-variants-in-cyber-operations-against-targets-in-ukraine/}, language = {English}, urldate = {2022-03-10} } GhostWriter / UNC1151 adopts MicroBackdoor Variants in Cyber Operations against Ukraine
MicroBackdoor
2022-03-02Cluster25Cluster25
@online{cluster25:20220302:contis:27cb79d, author = {Cluster25}, title = {{Conti's Source Code: Deep-Dive Into}}, date = {2022-03-02}, organization = {Cluster25}, url = {https://cluster25.io/2022/03/02/contis-source-code-deep-dive-into/}, language = {English}, urldate = {2022-03-07} } Conti's Source Code: Deep-Dive Into
Conti
2022-02-24Cluster25
@online{cluster25:20220224:ukraine:3000c86, author = {Cluster25}, title = {{Ukraine: Analysis Of The New Disk-Wiping Malware (HermeticWiper)}}, date = {2022-02-24}, url = {https://cluster25.io/2022/02/24/ukraine-analysis-of-the-new-disk-wiping-malware/}, language = {English}, urldate = {2022-03-01} } Ukraine: Analysis Of The New Disk-Wiping Malware (HermeticWiper)
HermeticWiper
2022-01-03Cluster25Cluster25
@techreport{cluster25:20220103:north:b362bcd, author = {Cluster25}, title = {{North Korean Group “KONNI” Targets The Russian Diplomatic Sector With New Versions Of Malware Implants}}, date = {2022-01-03}, institution = {Cluster25}, url = {https://cluster25.io/wp-content/uploads/2022/01/Konni_targeting_Russian_diplomatic_sector.pdf}, language = {English}, urldate = {2022-07-25} } North Korean Group “KONNI” Targets The Russian Diplomatic Sector With New Versions Of Malware Implants
Konni
2021-09-10Cluster25Cluster25
@techreport{cluster25:20210910:rattlesnake:7bbbd1f, author = {Cluster25}, title = {{A rattlesnake in the Navy}}, date = {2021-09-10}, institution = {Cluster25}, url = {https://cluster25.io/wp-content/uploads/2021/09/a_rattlesnake_in_the_navy.pdf}, language = {English}, urldate = {2021-09-12} } A rattlesnake in the Navy
2021-05Cluster25Cluster25
@techreport{cluster25:202105:not:0bf7be8, author = {Cluster25}, title = {{A Not So Fancy Game: Exploring the New SkinnyBoy Bear's Backdoor}}, date = {2021-05}, institution = {Cluster25}, url = {https://cluster25.io/wp-content/uploads/2021/05/2021-05_FancyBear.pdf}, language = {English}, urldate = {2021-06-07} } A Not So Fancy Game: Exploring the New SkinnyBoy Bear's Backdoor
SkinnyBoy