Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-07-18Positive TechnologiesPTSecurity
@online{ptsecurity:20230718:space:762049d, author = {PTSecurity}, title = {{Space Pirates: a look into the group's unconventional techniques, new attack vectors, and tools}}, date = {2023-07-18}, organization = {Positive Technologies}, url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/space-pirates-a-look-into-the-group-s-unconventional-techniques-new-attack-vectors-and-tools/#id4}, language = {English}, urldate = {2023-07-19} } Space Pirates: a look into the group's unconventional techniques, new attack vectors, and tools
Voidoor
2022-12-09Positive TechnologiesPTSecurity
@online{ptsecurity:20221209:cloud:8e95b60, author = {PTSecurity}, title = {{APT Cloud Atlas: Unbroken Threat}}, date = {2022-12-09}, organization = {Positive Technologies}, url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/}, language = {English}, urldate = {2022-12-20} } APT Cloud Atlas: Unbroken Threat
2022-08-04PTSecurityPT Expert Security Center
@online{center:20220804:flying:a16b831, author = {PT Expert Security Center}, title = {{Flying in the clouds: APT31 renews its attacks on Russian companies through cloud storage}}, date = {2022-08-04}, organization = {PTSecurity}, url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt31-cloud-attacks/}, language = {English}, urldate = {2022-08-15} } Flying in the clouds: APT31 renews its attacks on Russian companies through cloud storage
Stealer0x3401 YaRAT
2022-08-04PTSecurityPT ESC Threat Intelligence
@online{intelligence:20220804:flying:99dfe7f, author = {PT ESC Threat Intelligence}, title = {{Flying in the clouds: APT31 renews its attacks on Russian companies through cloud storage}}, date = {2022-08-04}, organization = {PTSecurity}, url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt31-cloud-attacks}, language = {English}, urldate = {2022-08-09} } Flying in the clouds: APT31 renews its attacks on Russian companies through cloud storage
Stealer0x3401 YaRAT
2022-05-27PTSecurityAnton Belousov, Aleksey Vishnyakov
@online{belousov:20220527:how:d00c942, author = {Anton Belousov and Aleksey Vishnyakov}, title = {{How bootkits are implemented in modern firmware and how UEFI differs from Legacy BIOS}}, date = {2022-05-27}, organization = {PTSecurity}, url = {https://habr.com/ru/amp/post/668154/}, language = {Russian}, urldate = {2022-05-29} } How bootkits are implemented in modern firmware and how UEFI differs from Legacy BIOS
LoJax MoonBounce
2021-09-30PTSecurityPT Expert Security Center
@online{center:20210930:masters:a5ec8ee, author = {PT Expert Security Center}, title = {{Masters of Mimicry: new APT group ChamelGang and its arsenal}}, date = {2021-09-30}, organization = {PTSecurity}, url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/}, language = {English}, urldate = {2021-10-22} } Masters of Mimicry: new APT group ChamelGang and its arsenal
DoorMe
2021-09-30PTSecurityPT ESC Threat Intelligence
@online{intelligence:20210930:masters:4394504, author = {PT ESC Threat Intelligence}, title = {{Masters of Mimicry: new APT group ChamelGang and its arsenal}}, date = {2021-09-30}, organization = {PTSecurity}, url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/#id3}, language = {English}, urldate = {2021-11-29} } Masters of Mimicry: new APT group ChamelGang and its arsenal
Cobalt Strike
2021-08-03PTSecurityPT Expert Security Center
@online{center:20210803:apt31:db50b02, author = {PT Expert Security Center}, title = {{APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere}}, date = {2021-08-03}, organization = {PTSecurity}, url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt31-new-attacks/}, language = {English}, urldate = {2021-08-06} } APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere
2021-07-08PTSecurityDenis Kuvshinov
@techreport{kuvshinov:20210708:how:2e5a659, author = {Denis Kuvshinov}, title = {{How winnti APT grouping works}}, date = {2021-07-08}, institution = {PTSecurity}, url = {https://www.ptsecurity.com/upload/corporate/ru-ru/webinars/ics/winnti-shadowpad.pdf}, language = {Russian}, urldate = {2021-09-20} } How winnti APT grouping works
Korlia ShadowPad Winnti
2021-04-12PTSecurityPTSecurity
@online{ptsecurity:20210412:paas:1d06836, author = {PTSecurity}, title = {{PaaS, or how hackers evade antivirus software}}, date = {2021-04-12}, organization = {PTSecurity}, url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/paas-or-how-hackers-evade-antivirus-software/}, language = {English}, urldate = {2021-04-12} } PaaS, or how hackers evade antivirus software
Amadey Bunitu Cerber Dridex ISFB KPOT Stealer Mailto Nemty Phobos Pony Predator The Thief QakBot Raccoon RTM SmokeLoader Zloader
2021-02-18PTSecurityPTSecurity
@online{ptsecurity:20210218:httpswwwptsecuritycomwwenanalyticsantisandboxtechniques:d616c1f, author = {PTSecurity}, title = {{https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/}}, date = {2021-02-18}, organization = {PTSecurity}, url = {https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/}, language = {English}, urldate = {2021-02-25} } https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/
Poet RAT Gravity RAT Ketrican Okrum OopsIE Remcos RogueRobinNET RokRAT SmokeLoader
2021-01-14PTSecurityPT ESC Threat Intelligence
@online{intelligence:20210114:higaisa:4676ec7, author = {PT ESC Threat Intelligence}, title = {{Higaisa or Winnti? APT41 backdoors, old and new}}, date = {2021-01-14}, organization = {PTSecurity}, url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/higaisa-or-winnti-apt-41-backdoors-old-and-new/}, language = {English}, urldate = {2021-02-09} } Higaisa or Winnti? APT41 backdoors, old and new
Cobalt Strike CROSSWALK FunnySwitch PlugX ShadowPad
2021-01-14PTSecurityPTSecurity
@online{ptsecurity:20210114:higaisa:326f8ea, author = {PTSecurity}, title = {{Higaisa or Winnti? APT41 backdoors, old and new}}, date = {2021-01-14}, organization = {PTSecurity}, url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/higaisa-or-winnti-apt-41-backdoors-old-and-new/#id5-2}, language = {English}, urldate = {2021-01-18} } Higaisa or Winnti? APT41 backdoors, old and new
FunnySwitch
2020-11-27PTSecurityDenis Goydenko, Alexey Vishnyakov
@online{goydenko:20201127:investigation:7d12cee, author = {Denis Goydenko and Alexey Vishnyakov}, title = {{Investigation with a twist: an accidental APT attack and averted data destruction}}, date = {2020-11-27}, organization = {PTSecurity}, url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/incident-response-polar-ransomware-apt27/}, language = {English}, urldate = {2020-12-01} } Investigation with a twist: an accidental APT attack and averted data destruction
TwoFace CHINACHOPPER HyperBro MegaCortex MimiKatz
2020-09-08PTSecurityPTSecurity
@techreport{ptsecurity:20200908:shadowpad:2903f45, author = {PTSecurity}, title = {{ShadowPad: new activity from the Winnti group}}, date = {2020-09-08}, institution = {PTSecurity}, url = {https://www.ptsecurity.com/upload/corporate/ww-en/pt-esc/winnti-2020-eng.pdf}, language = {English}, urldate = {2020-10-08} } ShadowPad: new activity from the Winnti group
CCleaner Backdoor Korlia ShadowPad TypeHash
2020-07-23PTSecurityArseniy Sharoglazov
@online{sharoglazov:20200723:attacking:f5a1ee2, author = {Arseniy Sharoglazov}, title = {{Attacking MS Exchange Web Interfaces}}, date = {2020-07-23}, organization = {PTSecurity}, url = {https://swarm.ptsecurity.com/attacking-ms-exchange-web-interfaces/}, language = {English}, urldate = {2020-07-30} } Attacking MS Exchange Web Interfaces
2020-06-16PTSecurityPT ESC Threat Intelligence
@online{intelligence:20200616:cobalt:2071fd2, author = {PT ESC Threat Intelligence}, title = {{Cobalt: tactics and tools update}}, date = {2020-06-16}, organization = {PTSecurity}, url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/cobalt_upd_ttps/}, language = {English}, urldate = {2020-06-16} } Cobalt: tactics and tools update
CobInt
2020-06-04PTSecurityPT ESC Threat Intelligence
@online{intelligence:20200604:covid19:45fa7ba, author = {PT ESC Threat Intelligence}, title = {{COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group}}, date = {2020-06-04}, organization = {PTSecurity}, url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/covid-19-and-new-year-greetings-the-higaisa-group/}, language = {English}, urldate = {2020-06-05} } COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group
Ghost RAT
2020-05-20PTSecurityPT ESC Threat Intelligence
@online{intelligence:20200520:operation:7f6282e, author = {PT ESC Threat Intelligence}, title = {{Operation TA505: how we analyzed new tools from the creators of the Dridex trojan, Locky ransomware, and Neutrino botnet}}, date = {2020-05-20}, organization = {PTSecurity}, url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/operation-ta505/}, language = {English}, urldate = {2020-06-05} } Operation TA505: how we analyzed new tools from the creators of the Dridex trojan, Locky ransomware, and Neutrino botnet
FlawedAmmyy
2020-04-17Youtube (Positive Technologies)PTSecurity
@online{ptsecurity:20200417:mlw:583a7fe, author = {PTSecurity}, title = {{Mlw #41: новый сложный загрузчик APT-группировки TA505}}, date = {2020-04-17}, organization = {Youtube (Positive Technologies)}, url = {https://www.youtube.com/watch?v=k3sM88o_maM}, language = {Russian}, urldate = {2020-10-08} } Mlw #41: новый сложный загрузчик APT-группировки TA505
SnatchLoader