Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-16ESET ResearchMatthieu Faou
@online{faou:20211116:strategic:303fda6, author = {Matthieu Faou}, title = {{Strategic web compromises in the Middle East with a pinch of Candiru}}, date = {2021-11-16}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/11/16/strategic-web-compromises-middle-east-pinch-candiru/}, language = {English}, urldate = {2021-11-17} } Strategic web compromises in the Middle East with a pinch of Candiru
2021-11-10Twitter (@ESETresearch)ESET Research
@online{research:20211110:discovery:c5ef2c6, author = {ESET Research}, title = {{Tweet on a discovery of a trojanized IDA Pro installer, distributed by the LABYRINTH CHOLLIMA group.}}, date = {2021-11-10}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1458438155149922312}, language = {English}, urldate = {2021-12-01} } Tweet on a discovery of a trojanized IDA Pro installer, distributed by the LABYRINTH CHOLLIMA group.
2021-10-29Twitter (@ESETresearch)ESET Research
@online{research:20211029:freebsd:f994b0c, author = {ESET Research}, title = {{Tweet on FreeBSD and LInux version of Hive ransomware}}, date = {2021-10-29}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1454100591261667329}, language = {English}, urldate = {2021-11-03} } Tweet on FreeBSD and LInux version of Hive ransomware
Hive
2021-10-27ESET ResearchVladislav Hrčka
@online{hrka:20211027:wslink:39610dc, author = {Vladislav Hrčka}, title = {{Wslink: Unique and undocumented malicious loader that runs as a server}}, date = {2021-10-27}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/10/27/wslink-unique-undocumented-malicious-loader-runs-server/}, language = {English}, urldate = {2021-12-06} } Wslink: Unique and undocumented malicious loader that runs as a server
Wslink
2021-10-15ESET ResearchESET Research
@online{research:20211015:malicious:04da9c1, author = {ESET Research}, title = {{Tweet on a malicious campaign targeting governmental and education entities in Colombia using multiple stages to drop AsyncRAT or njRAT Keylogger on their victims}}, date = {2021-10-15}, organization = {ESET Research}, url = {https://twitter.com/ESETresearch/status/1449132020613922828}, language = {English}, urldate = {2021-11-08} } Tweet on a malicious campaign targeting governmental and education entities in Colombia using multiple stages to drop AsyncRAT or njRAT Keylogger on their victims
AsyncRAT NjRAT
2021-10-07ESET ResearchVladislav Hrčka
@online{hrka:20211007:fontonlake:03cadd5, author = {Vladislav Hrčka}, title = {{FontOnLake: Previously unknown malware family targeting Linux}}, date = {2021-10-07}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/}, language = {English}, urldate = {2021-10-11} } FontOnLake: Previously unknown malware family targeting Linux
FontOnLake
2021-10-06ESET ResearchMartina López
@online{lpez:20211006:to:8e09f8a, author = {Martina López}, title = {{To the moon and hack: Fake SafeMoon app drops malware to spy on you}}, date = {2021-10-06}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/10/06/moon-hack-fake-safemoon-cryptocurrency-app-drops-malware-spy/}, language = {English}, urldate = {2021-10-11} } To the moon and hack: Fake SafeMoon app drops malware to spy on you
Remcos
2021-10-06Twitter (@ESETresearch)ESET Research
@online{research:20211006:ermac:62d2cc4, author = {ESET Research}, title = {{Tweet on ERMAC android malware}}, date = {2021-10-06}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1445618031464357888}, language = {English}, urldate = {2021-10-20} } Tweet on ERMAC android malware
ERMAC
2021-10-05ESET ResearchMartin Smolár, Anton Cherepanov
@online{smolr:20211005:uefi:eacd169, author = {Martin Smolár and Anton Cherepanov}, title = {{UEFI threats moving to the ESP: Introducing ESPecter bootkit}}, date = {2021-10-05}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/10/05/uefi-threats-moving-esp-introducing-especter-bootkit/}, language = {English}, urldate = {2021-10-24} } UEFI threats moving to the ESP: Introducing ESPecter bootkit
ESPecter
2021-09-23ESET ResearchTahseen Bin Taj, Matthieu Faou
@online{taj:20210923:famoussparrow:5f0d606, author = {Tahseen Bin Taj and Matthieu Faou}, title = {{FamousSparrow: A suspicious hotel guest}}, date = {2021-09-23}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/}, language = {English}, urldate = {2021-09-24} } FamousSparrow: A suspicious hotel guest
SparrowDoor
2021-09-23ESET ResearchESET Research
@online{research:20210923:c:02fc0f8, author = {ESET Research}, title = {{Tweet on C# variant of the nccTrojan}}, date = {2021-09-23}, organization = {ESET Research}, url = {https://twitter.com/ESETresearch/status/1441139057682104325?s=20}, language = {English}, urldate = {2021-09-29} } Tweet on C# variant of the nccTrojan
nccTrojan
2021-09-20Twitter (@ESETresearch)ESET Research
@online{research:20210920:darkiot:0693e33, author = {ESET Research}, title = {{Tweet on Dark.IoT Botnet exploiting critical Azure vulnerability CVE-2021-38647 #OMIGOD}}, date = {2021-09-20}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1440052837820428298?s=20}, language = {English}, urldate = {2021-09-22} } Tweet on Dark.IoT Botnet exploiting critical Azure vulnerability CVE-2021-38647 #OMIGOD
Dark
2021-09-17ESET ResearchESET Research
@online{research:20210917:numando:a7866e5, author = {ESET Research}, title = {{Numando: Count once, code twice}}, date = {2021-09-17}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/09/17/numando-latam-banking-trojan/}, language = {English}, urldate = {2021-09-19} } Numando: Count once, code twice
Numando
2021-09-07ESET ResearchLukáš Štefanko
@online{tefanko:20210907:bladehawk:a5ce5a7, author = {Lukáš Štefanko}, title = {{BladeHawk group: Android espionage against Kurdish ethnic group}}, date = {2021-09-07}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/09/07/bladehawk-android-espionage-kurdish/}, language = {English}, urldate = {2021-09-14} } BladeHawk group: Android espionage against Kurdish ethnic group
888 RAT
2021-09-03Twitter (@ESETresearch)ESET Research
@online{research:20210903:twitter:1e08c95, author = {ESET Research}, title = {{Twitter thread on SPARKLOG, a launcher component for PRIVATELOG along with STASHLOG}}, date = {2021-09-03}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1433819369784610828}, language = {English}, urldate = {2021-09-14} } Twitter thread on SPARKLOG, a launcher component for PRIVATELOG along with STASHLOG
PRIVATELOG STASHLOG
2021-08-24ESET ResearchThibaut Passilly, Mathieu Tartare
@online{passilly:20210824:sidewalk:75d39db, author = {Thibaut Passilly and Mathieu Tartare}, title = {{The SideWalk may be as dangerous as the CROSSWALK}}, date = {2021-08-24}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/}, language = {English}, urldate = {2021-08-31} } The SideWalk may be as dangerous as the CROSSWALK
Cobalt Strike CROSSWALK SideWalk
2021-08-11ESET ResearchZuzana Hromcová
@online{hromcov:20210811:iiserpent:7f68773, author = {Zuzana Hromcová}, title = {{IISerpent: Malware‑driven SEO fraud as a service}}, date = {2021-08-11}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/08/11/iiserpent-malware-driven-seo-fraud-service/}, language = {English}, urldate = {2021-08-16} } IISerpent: Malware‑driven SEO fraud as a service
2021-08-09ESET ResearchZuzana Hromcová
@online{hromcov:20210809:iispy:c0b6ad3, author = {Zuzana Hromcová}, title = {{IISpy: A complex server‑side backdoor with anti‑forensic features}}, date = {2021-08-09}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/08/09/iispy-complex-server-side-backdoor-antiforensic-features/}, language = {English}, urldate = {2021-09-19} } IISpy: A complex server‑side backdoor with anti‑forensic features
IISpy JuicyPotato
2021-08-06ESET ResearchZuzana Hromcová, Anton Cherepanov
@online{hromcov:20210806:anatomy:27b293f, author = {Zuzana Hromcová and Anton Cherepanov}, title = {{Anatomy of native IIS malware}}, date = {2021-08-06}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/08/06/anatomy-native-iis-malware/}, language = {English}, urldate = {2021-08-09} } Anatomy of native IIS malware
IISniff RGDoor
2021-08-06ESET ResearchZuzana Hromcová
@online{hromcov:20210806:iistealer:d9957ab, author = {Zuzana Hromcová}, title = {{IIStealer: A server‑side threat to e‑commerce transactions}}, date = {2021-08-06}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/08/06/iistealer-server-side-threat-ecommerce-transactions/}, language = {English}, urldate = {2021-08-09} } IIStealer: A server‑side threat to e‑commerce transactions