Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-07-21IntezerRyan Robinson
@online{robinson:20220721:lightning:738865f, author = {Ryan Robinson}, title = {{Lightning Framework: New Undetected “Swiss Army Knife” Linux Malware}}, date = {2022-07-21}, organization = {Intezer}, url = {https://www.intezer.com/blog/research/lightning-framework-new-linux-threat/}, language = {English}, urldate = {2022-07-25} } Lightning Framework: New Undetected “Swiss Army Knife” Linux Malware
Lightning Framework
2022-07-06IntezerNicole Fishbein
@online{fishbein:20220706:orbit:eacf07e, author = {Nicole Fishbein}, title = {{OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow}}, date = {2022-07-06}, organization = {Intezer}, url = {https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat/}, language = {English}, urldate = {2022-07-12} } OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow
HiddenWasp OrBit Symbiote
2022-06-29IntezerJoakim Kennedy
@online{kennedy:20220629:ytstealer:0c2bc5c, author = {Joakim Kennedy}, title = {{YTStealer Malware: “YouTube Cookies! Om Nom Nom Nom”}}, date = {2022-06-29}, organization = {Intezer}, url = {https://www.intezer.com/blog/research/ytstealer-malware-youtube-cookies/}, language = {English}, urldate = {2022-06-30} } YTStealer Malware: “YouTube Cookies! Om Nom Nom Nom”
YTStealer
2022-04-04IntezerJoakim Kennedy, Nicole Fishbein
@online{kennedy:20220404:elephant:b2c14b1, author = {Joakim Kennedy and Nicole Fishbein}, title = {{Elephant Framework Delivered in Phishing Attacks Against Ukrainian Organizations}}, date = {2022-04-04}, organization = {Intezer}, url = {https://www.intezer.com/blog/research/elephant-malware-targeting-ukrainian-orgs/}, language = {English}, urldate = {2022-04-07} } Elephant Framework Delivered in Phishing Attacks Against Ukrainian Organizations
GraphSteel GrimPlant SaintBear
2022-03-28IntezerJoakim Kennedy, Ryan Robinson
@online{kennedy:20220328:new:cede4da, author = {Joakim Kennedy and Ryan Robinson}, title = {{New Conversation Hijacking Campaign Delivering IcedID}}, date = {2022-03-28}, organization = {Intezer}, url = {https://www.intezer.com/blog/research/conversation-hijacking-campaign-delivering-icedid/}, language = {English}, urldate = {2022-04-05} } New Conversation Hijacking Campaign Delivering IcedID
IcedID PhotoLoader
2022-02-18IntezerIntezer
@online{intezer:20220218:teamtnt:354772f, author = {Intezer}, title = {{TeamTNT Cryptomining Explosion}}, date = {2022-02-18}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/teamtnt-cryptomining-explosion/}, language = {English}, urldate = {2022-02-26} } TeamTNT Cryptomining Explosion
TeamTNT
2022-01-11IntezerAvigayil Mechtinger, Ryan Robinson, Nicole Fishbein
@online{mechtinger:20220111:new:09e24da, author = {Avigayil Mechtinger and Ryan Robinson and Nicole Fishbein}, title = {{New SysJoker Backdoor Targets Windows, Linux, and macOS}}, date = {2022-01-11}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/}, language = {English}, urldate = {2022-01-13} } New SysJoker Backdoor Targets Windows, Linux, and macOS
SysJoker SysJoker SysJoker
2021-11-16IntezerJoakim Kennedy, Alik Koldobsky
@online{kennedy:20211116:new:f76a9f4, author = {Joakim Kennedy and Alik Koldobsky}, title = {{New Type of Supply Chain Attack Could Put Popular Admin Tools at Risk}}, date = {2021-11-16}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/chainjacking-supply-chain-attack-puts-popular-admin-tools-at-risk/}, language = {English}, urldate = {2021-11-18} } New Type of Supply Chain Attack Could Put Popular Admin Tools at Risk
2021-10-26IntezerTwitter (IntezerLabs)
@online{intezerlabs:20211026:linux:53febe2, author = {Twitter (IntezerLabs)}, title = {{Tweet on Linux version of REvil ransomware}}, date = {2021-10-26}, organization = {Intezer}, url = {https://twitter.com/IntezerLabs/status/1452980772953071619}, language = {English}, urldate = {2021-11-03} } Tweet on Linux version of REvil ransomware
REvil
2021-09-13IntezerAvigayil Mechtinger, Ryan Robinson, Joakim Kennedy
@online{mechtinger:20210913:vermilion:ff1ee5f, author = {Avigayil Mechtinger and Ryan Robinson and Joakim Kennedy}, title = {{Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike}}, date = {2021-09-13}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/vermilionstrike-reimplementation-cobaltstrike/}, language = {English}, urldate = {2021-09-14} } Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike
Vermilion Strike Vermilion Strike
2021-09IntezerIntezer
@techreport{intezer:202109:teamtnt:425ab21, author = {Intezer}, title = {{TeamTNT: Cryptomining Explosion}}, date = {2021-09}, institution = {Intezer}, url = {https://www.intezer.com/wp-content/uploads/2021/09/TeamTNT-Cryptomining-Explosion.pdf}, language = {English}, urldate = {2021-09-19} } TeamTNT: Cryptomining Explosion
TeamTNT Tsunami
2021-08-18IntezerRyan Robinson
@online{robinson:20210818:cobalt:965e1a9, author = {Ryan Robinson}, title = {{Cobalt Strike: Detect this Persistent Threat}}, date = {2021-08-18}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/cobalt-strike-detect-this-persistent-threat/}, language = {English}, urldate = {2021-08-25} } Cobalt Strike: Detect this Persistent Threat
Cobalt Strike
2021-08-10IntezerGiancarlo Lezama
@online{lezama:20210810:fast:0b4334e, author = {Giancarlo Lezama}, title = {{Fast Insights for a Microsoft-Signed Netfilter Rootkit}}, date = {2021-08-10}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/fast-insights-for-a-microsoft-signed-netfilter-rootkit/}, language = {English}, urldate = {2021-08-25} } Fast Insights for a Microsoft-Signed Netfilter Rootkit
NetfilterRootkit
2021-07-14IntezerAvigayil Mechtinger
@online{mechtinger:20210714:targeted:ca00788, author = {Avigayil Mechtinger}, title = {{Targeted Phishing Attack against Ukrainian Government Expands to Georgia}}, date = {2021-07-14}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/}, language = {English}, urldate = {2021-07-20} } Targeted Phishing Attack against Ukrainian Government Expands to Georgia
Unidentified 083 (AutoIT Stealer)
2021-07-07IntezerRyan Robinson, Nicole Fishbein
@online{robinson:20210707:global:ffc5f8e, author = {Ryan Robinson and Nicole Fishbein}, title = {{Global Phishing Campaign Targets Energy Sector and its Suppliers}}, date = {2021-07-07}, organization = {Intezer}, url = {https://www.intezer.com/blog/research/global-phishing-campaign-targets-energy-sector-and-its-suppliers/}, language = {English}, urldate = {2021-07-09} } Global Phishing Campaign Targets Energy Sector and its Suppliers
2021-06-29Twitter (@IntezerLabs)Intezer
@online{intezer:20210629:unknown:1f1f2d3, author = {Intezer}, title = {{Tweet on unknown elf backdoor based on an open source remote shell named "amcsh"}}, date = {2021-06-29}, organization = {Twitter (@IntezerLabs)}, url = {https://twitter.com/IntezerLabs/status/1409844721992749059}, language = {English}, urldate = {2021-08-11} } Tweet on unknown elf backdoor based on an open source remote shell named "amcsh"
BioSet
2021-06-23Twitter (@IntezerLabs)Intezer
@online{intezer:20210623:linux:310f62b, author = {Intezer}, title = {{Tweet on linux version of Derusbi}}, date = {2021-06-23}, organization = {Twitter (@IntezerLabs)}, url = {https://twitter.com/IntezerLabs/status/1407676522534735873?s=20}, language = {English}, urldate = {2021-07-26} } Tweet on linux version of Derusbi
Derusbi
2021-06-17IntezerRyan Robinson
@online{robinson:20210617:klingon:ed4d44f, author = {Ryan Robinson}, title = {{Klingon RAT Holding on for Dear Life}}, date = {2021-06-17}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/klingon-rat-holding-on-for-dear-life/}, language = {English}, urldate = {2021-06-21} } Klingon RAT Holding on for Dear Life
KlingonRAT
2021-04-20IntezerJoakim Kennedy
@online{kennedy:20210420:habitsrat:66ff4cf, author = {Joakim Kennedy}, title = {{HabitsRAT Used to Target Linux and Windows Servers}}, date = {2021-04-20}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/habitsrat-used-to-target-linux-and-windows-servers/}, language = {English}, urldate = {2021-04-20} } HabitsRAT Used to Target Linux and Windows Servers
HabitsRAT
2021-04-20IntezerJoakim Kennedy
@online{kennedy:20210420:habitsrat:0cfa312, author = {Joakim Kennedy}, title = {{HabitsRAT Used to Target Linux and Windows Servers}}, date = {2021-04-20}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/habitsrat-used-to-target-linux-and-windows-servers/}, language = {English}, urldate = {2021-04-28} } HabitsRAT Used to Target Linux and Windows Servers
HabitsRAT