Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2019-03-05Bleeping ComputerLawrence Abrams
@online{abrams:20190305:cryptomix:33e7eac, author = {Lawrence Abrams}, title = {{CryptoMix Clop Ransomware Says It's Targeting Networks, Not Computers}}, date = {2019-03-05}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/cryptomix-clop-ransomware-says-its-targeting-networks-not-computers/}, language = {English}, urldate = {2020-01-13} } CryptoMix Clop Ransomware Says It's Targeting Networks, Not Computers
Clop
2019-02-19JPCERT/CCShusei Tomonaga
@online{tomonaga:20190219:tick:83ca850, author = {Shusei Tomonaga}, title = {{攻撃グループTickによる日本の組織をターゲットにした攻撃活動}}, date = {2019-02-19}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/ja/2019/02/tick-activity.html}, language = {Japanese}, urldate = {2020-04-01} } 攻撃グループTickによる日本の組織をターゲットにした攻撃活動
NodeRAT
2019-01-23NSHC RedAlert LabsThreatRecon Team
@online{team:20190123:sectora01:963118e, author = {ThreatRecon Team}, title = {{SectorA01 Custom Proxy Utility Tool Analysis}}, date = {2019-01-23}, organization = {NSHC RedAlert Labs}, url = {https://threatrecon.nshc.net/2019/01/23/sectora01-custom-proxy-utility-tool-analysis/}, language = {English}, urldate = {2019-10-18} } SectorA01 Custom Proxy Utility Tool Analysis
FastCash
2019-01-18Dell SecureworksYou Nakatsuru
@techreport{nakatsuru:20190118:understanding:15cc8b9, author = {You Nakatsuru}, title = {{Understanding Command and Control - An Anatomy of xxmm Communication}}, date = {2019-01-18}, institution = {Dell Secureworks}, url = {https://jsac.jpcert.or.jp/archive/2019/pdf/JSAC2019_8_nakatsuru_en.pdf}, language = {English}, urldate = {2019-12-10} } Understanding Command and Control - An Anatomy of xxmm Communication
xxmm
2019Kaspersky LabsSuguru Ishimaru, Manabu Niseki, Hiroaki Ogawa
@techreport{ishimaru:2019:roaming:23097da, author = {Suguru Ishimaru and Manabu Niseki and Hiroaki Ogawa}, title = {{Roaming Mantis: an Anatomy of a DNS Hijacking Campaign}}, date = {2019}, institution = {Kaspersky Labs}, url = {https://hitcon.org/2019/CMT/slide-files/d2_s1_r1.pdf}, language = {English}, urldate = {2022-07-13} } Roaming Mantis: an Anatomy of a DNS Hijacking Campaign
MoqHao Roaming Mantis
2018-12-30Github (Tomasuh)Tomasuh
@online{tomasuh:20181230:retefe:96e64b4, author = {Tomasuh}, title = {{Retefe unpacker}}, date = {2018-12-30}, organization = {Github (Tomasuh)}, url = {https://github.com/Tomasuh/retefe-unpacker}, language = {English}, urldate = {2020-01-07} } Retefe unpacker
Retefe
2018-12-10BotconfJakub Souček, Jakub Tomanek, Peter Kálnai
@online{souek:20181210:collecting:fe52669, author = {Jakub Souček and Jakub Tomanek and Peter Kálnai}, title = {{Collecting Malicious Particles from Neutrino Botnets}}, date = {2018-12-10}, organization = {Botconf}, url = {https://journal.cecyf.fr/ojs/index.php/cybin/article/view/22}, language = {English}, urldate = {2020-01-13} } Collecting Malicious Particles from Neutrino Botnets
Neutrino
2018-11-12JPCERT/CCShusei Tomonaga
@online{tomonaga:20181112:bug:fe13af3, author = {Shusei Tomonaga}, title = {{Bug in Malware “TSCookie” - Fails to Read Configuration}}, date = {2018-11-12}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2018/11/tscookie2.html}, language = {English}, urldate = {2019-10-28} } Bug in Malware “TSCookie” - Fails to Read Configuration
PLEAD
2018-11-05Palo Alto Networks Unit 42Tom Lancaster
@online{lancaster:20181105:inception:09bda7d, author = {Tom Lancaster}, title = {{Inception Attackers Target Europe with Year-old Office Vulnerability}}, date = {2018-11-05}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/unit42-inception-attackers-target-europe-year-old-office-vulnerability}, language = {English}, urldate = {2022-08-26} } Inception Attackers Target Europe with Year-old Office Vulnerability
PowerShower Inception Framework
2018-11-05Palo Alto Networks Unit 42Tom Lancaster
@online{lancaster:20181105:inception:4eb9f99, author = {Tom Lancaster}, title = {{Inception Attackers Target Europe with Year-old Office Vulnerability}}, date = {2018-11-05}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/unit42-inception-attackers-target-europe-year-old-office-vulnerability/}, language = {English}, urldate = {2019-12-20} } Inception Attackers Target Europe with Year-old Office Vulnerability
PowerShower
2018-10-23FireEyeFireEye Intelligence
@online{intelligence:20181023:triton:95a881f, author = {FireEye Intelligence}, title = {{TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers}}, date = {2018-10-23}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html}, language = {English}, urldate = {2019-12-20} } TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers
Triton
2018-10-08NSFOCUSNSFOCUS
@techreport{nsfocus:20181008:nuggetphantom:1a8f696, author = {NSFOCUS}, title = {{NuggetPhantom Analysis Report}}, date = {2018-10-08}, institution = {NSFOCUS}, url = {https://staging.nsfocusglobal.com/wp-content/uploads/2018/10/NuggetPhantom-Analysis-Report-V4.1.pdf}, language = {English}, urldate = {2021-09-20} } NuggetPhantom Analysis Report
NuggetPhantom
2018-09-24Cisco TalosPaul Rascagnères, Vitor Ventura, Tomislav Pericin, Robert Perica
@online{rascagnres:20180924:adwind:9b737eb, author = {Paul Rascagnères and Vitor Ventura and Tomislav Pericin and Robert Perica}, title = {{Adwind Dodges AV via DDE}}, date = {2018-09-24}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2018/09/adwind-dodgesav-dde.html}, language = {English}, urldate = {2020-01-06} } Adwind Dodges AV via DDE
AdWind
2018-09-21SonicWallSonicWall CaptureLabs Threats Research Team
@online{team:20180921:vigilante:ede26ef, author = {SonicWall CaptureLabs Threats Research Team}, title = {{VIGILANTE MALWARE REMOVES CRYPTOMINERS FROM THE INFECTED DEVICE}}, date = {2018-09-21}, organization = {SonicWall}, url = {https://securitynews.sonicwall.com/xmlpost/vigilante-malware-removes-cryptominers-from-the-infected-device/}, language = {English}, urldate = {2019-10-13} } VIGILANTE MALWARE REMOVES CRYPTOMINERS FROM THE INFECTED DEVICE
FBot
2018-09-14CybereasonAmit Serper
@online{serper:20180914:wannamine:f438a36, author = {Amit Serper}, title = {{Wannamine cryptominer that uses EternalBlue still active}}, date = {2018-09-14}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/wannamine-cryptominer-eternalblue-wannacry}, language = {English}, urldate = {2020-11-25} } Wannamine cryptominer that uses EternalBlue still active
WannaMine
2018-09-04SecurityIntelligenceLimor Kessem, Maor Wiesen
@online{kessem:20180904:camubot:d0c8b12, author = {Limor Kessem and Maor Wiesen}, title = {{CamuBot: New Financial Malware Targets Brazilian Banking Customers}}, date = {2018-09-04}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/camubot-new-financial-malware-targets-brazilian-banking-customers/}, language = {English}, urldate = {2020-01-13} } CamuBot: New Financial Malware Targets Brazilian Banking Customers
CamuBot
2018-09-02Möbius Strip Reverse EngineeringRolf Rolles
@online{rolles:20180902:weekend:2f137ab, author = {Rolf Rolles}, title = {{Weekend Project: A Custom IDA Loader Module For The Hidden Bee Malware Family}}, date = {2018-09-02}, organization = {Möbius Strip Reverse Engineering}, url = {https://www.msreverseengineering.com/blog/2018/9/2/weekend-project-a-custom-ida-loader-module-for-the-hidden-bee-malware-family}, language = {English}, urldate = {2022-02-01} } Weekend Project: A Custom IDA Loader Module For The Hidden Bee Malware Family
Hidden Bee
2018-08-30Malwarebyteshasherezade
@online{hasherezade:20180830:reversing:21b283b, author = {hasherezade}, title = {{Reversing malware in a custom format: Hidden Bee elements}}, date = {2018-08-30}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2018/08/reversing-malware-in-a-custom-format-hidden-bee-elements/}, language = {English}, urldate = {2022-02-01} } Reversing malware in a custom format: Hidden Bee elements
Hidden Bee
2018-07-27Palo Alto Networks Unit 42Robert Falcone, Bryan Lee, Tom Lancaster
@online{falcone:20180727:new:90cdd2c, author = {Robert Falcone and Bryan Lee and Tom Lancaster}, title = {{New Threat Actor Group DarkHydrus Targets Middle East Government}}, date = {2018-07-27}, organization = {Palo Alto Networks Unit 42}, url = {https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/}, language = {English}, urldate = {2019-12-20} } New Threat Actor Group DarkHydrus Targets Middle East Government
RogueRobin DarkHydrus
2018-07-17Kaspersky LabsKaspersky
@online{kaspersky:20180717:return:1dcb99e, author = {Kaspersky}, title = {{The return of Fantomas, or how we deciphered Cryakl}}, date = {2018-07-17}, organization = {Kaspersky Labs}, url = {https://securelist.com/the-return-of-fantomas-or-how-we-deciphered-cryakl/86511/}, language = {English}, urldate = {2019-12-20} } The return of Fantomas, or how we deciphered Cryakl
Cryakl