Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-17SekoiaThreat & Detection Research Team
@online{team:20220517:eternityteam:daf058d, author = {Threat & Detection Research Team}, title = {{EternityTeam: a new prominent threat group on underground forums}}, date = {2022-05-17}, organization = {Sekoia}, url = {https://blog.sekoia.io/eternityteam-a-new-prominent-threat-group-on-underground-forums/}, language = {English}, urldate = {2022-05-23} } EternityTeam: a new prominent threat group on underground forums
Eternity Stealer
2022-04-07SekoiaThreat & Detection Research Team
@online{team:20220407:mars:9a72e1f, author = {Threat & Detection Research Team}, title = {{Mars, a red-hot information stealer}}, date = {2022-04-07}, organization = {Sekoia}, url = {https://blog.sekoia.io/mars-a-red-hot-information-stealer/}, language = {English}, urldate = {2022-04-08} } Mars, a red-hot information stealer
Mars Stealer
2022-02-23Sekoiasekoia
@techreport{sekoia:20220223:banana:7ca43ed, author = {sekoia}, title = {{Banana Sulfate infrastructure cluster exposed}}, date = {2022-02-23}, institution = {Sekoia}, url = {https://7095517.fs1.hubspotusercontent-na1.net/hubfs/7095517/%5BMarketing%5D%20-%20Ebook-analyse/FLINT%202022-011%20-%20Banana%20Sulfate%20infrastructure%20exposed_WHITE.pdf}, language = {English}, urldate = {2022-04-05} } Banana Sulfate infrastructure cluster exposed
2022-02-17Sekoiasekoia
@online{sekoia:20220217:story:4255cb2, author = {sekoia}, title = {{The story of a ransomware builder: from Thanos to Spook and beyond (Part 1)}}, date = {2022-02-17}, organization = {Sekoia}, url = {https://www.sekoia.io/en/the-story-of-a-ransomware-builder-from-thanos-to-spook-and-beyond-part-1/}, language = {English}, urldate = {2022-03-02} } The story of a ransomware builder: from Thanos to Spook and beyond (Part 1)
Hakbit
2022-01-06Sekoiasekoia
@online{sekoia:20220106:nobeliums:de631e8, author = {sekoia}, title = {{NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies}}, date = {2022-01-06}, organization = {Sekoia}, url = {https://www.sekoia.io/en/nobeliums-envyscout-infection-chain-goes-in-the-registry-targeting-embassies/}, language = {English}, urldate = {2022-01-10} } NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies
Cobalt Strike EnvyScout
2021-11-10SekoiaCyber Threat Intelligence team
@online{team:20211110:walking:cc41f24, author = {Cyber Threat Intelligence team}, title = {{Walking on APT31 infrastructure footprints}}, date = {2021-11-10}, organization = {Sekoia}, url = {https://www.sekoia.io/en/walking-on-apt31-infrastructure-footprints/}, language = {English}, urldate = {2021-11-11} } Walking on APT31 infrastructure footprints
Rekoobe Unidentified ELF 004 Cobalt Strike
2021-08-19Sekoiasekoia
@online{sekoia:20210819:insider:ceb84de, author = {sekoia}, title = {{An insider insights into Conti operations – Part two}}, date = {2021-08-19}, organization = {Sekoia}, url = {https://www.sekoia.io/en/an-insider-insights-into-conti-operations-part-two/}, language = {English}, urldate = {2021-09-06} } An insider insights into Conti operations – Part two
Cobalt Strike Conti
2021-08-17Sekoiasekoia
@online{sekoia:20210817:insider:3b427c7, author = {sekoia}, title = {{An insider insights into Conti operations – Part one}}, date = {2021-08-17}, organization = {Sekoia}, url = {https://www.sekoia.io/en/an-insider-insights-into-conti-operations-part-one}, language = {English}, urldate = {2021-09-06} } An insider insights into Conti operations – Part one
Cobalt Strike Conti
2021-07-08Sekoiasekoia
@techreport{sekoia:20210708:kaseya:029b682, author = {sekoia}, title = {{Kaseya: Another Massive Heist by REvil}}, date = {2021-07-08}, institution = {Sekoia}, url = {https://f.hubspotusercontent10.net/hubfs/7095517/FLINT-Kaseya-Another%20Massive%20Heist%20by%20REvil.pdf}, language = {English}, urldate = {2021-09-20} } Kaseya: Another Massive Heist by REvil
REvil
2021-03-11Sekoiasekoia
@techreport{sekoia:20210311:qnap:e8c82c4, author = {sekoia}, title = {{QNAP worm: who bene}}, date = {2021-03-11}, institution = {Sekoia}, url = {https://7095517.fs1.hubspotusercontent-na1.net/hubfs/7095517/FLINT%202022-016%20-%20QNAP%20worm_%20who%20benefits%20from%20crime%20(1).pdf}, language = {English}, urldate = {2022-05-08} } QNAP worm: who bene
2019-06-13Sekoiasekoia
@online{sekoia:20190613:hunting:201a07e, author = {sekoia}, title = {{Hunting and detecting Cobalt Strike}}, date = {2019-06-13}, organization = {Sekoia}, url = {https://www.sekoia.io/en/hunting-and-detecting-cobalt-strike/}, language = {English}, urldate = {2021-08-02} } Hunting and detecting Cobalt Strike
Cobalt Strike
2016-10-27SekoiaPaul Rascagnères
@techreport{rascagnres:20161027:rootkit:2142773, author = {Paul Rascagnères}, title = {{Rootkit analysisUse case on HideDRV}}, date = {2016-10-27}, institution = {Sekoia}, url = {http://www.sekoia.fr/blog/wp-content/uploads/2016/10/Rootkit-analysis-Use-case-on-HIDEDRV-v1.6.pdf}, language = {English}, urldate = {2020-01-09} } Rootkit analysisUse case on HideDRV
HideDRV