Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2017-06-14ThreatConnectThreatConnect Research Team
@online{team:20170614:phantom:0078e23, author = {ThreatConnect Research Team}, title = {{Phantom of the Opaera: New KASPERAGENT Malware Campaign}}, date = {2017-06-14}, organization = {ThreatConnect}, url = {https://www.threatconnect.com/blog/kasperagent-malware-campaign/}, language = {English}, urldate = {2019-10-14} } Phantom of the Opaera: New KASPERAGENT Malware Campaign
KasperAgent AridViper
2017-05-16ThreatpostTom Spring
@online{spring:20170516:docusign:5ae0c57, author = {Tom Spring}, title = {{DocuSign Phishing Campaign Includes Hancitor Downloader}}, date = {2017-05-16}, organization = {Threatpost}, url = {https://threatpost.com/docusign-phishing-campaign-includes-hancitor-downloader/125724/}, language = {English}, urldate = {2020-01-08} } DocuSign Phishing Campaign Includes Hancitor Downloader
2017-05-02ThreatpostTom Spring
@online{spring:20170502:shamoon:56ac4ae, author = {Tom Spring}, title = {{Shamoon Collaborator Greenbug Adopts New Communication Tool}}, date = {2017-05-02}, organization = {Threatpost}, url = {https://threatpost.com/shamoon-collaborator-greenbug-adopts-new-communication-tool/125383/}, language = {English}, urldate = {2019-12-10} } Shamoon Collaborator Greenbug Adopts New Communication Tool
Greenbug
2017-04-25ProofpointProofpoint Staff
@online{staff:20170425:philadelphia:4e673f5, author = {Proofpoint Staff}, title = {{Philadelphia Ransomware Brings Customization to Commodity Malware}}, date = {2017-04-25}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/philadelphia-ransomware-customization-commodity-malware}, language = {English}, urldate = {2019-12-20} } Philadelphia Ransomware Brings Customization to Commodity Malware
Philadephia Ransom
2017-04-05Palo Alto Networks Unit 42Tomer Bar, Tom Lancaster
@online{bar:20170405:targeted:feb4b54, author = {Tomer Bar and Tom Lancaster}, title = {{Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA}}, date = {2017-04-05}, organization = {Palo Alto Networks Unit 42}, url = {http://researchcenter.paloaltonetworks.com/2017/04/unit42-targeted-attacks-middle-east-using-kasperagent-micropsia/}, language = {English}, urldate = {2019-12-20} } Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA
KasperAgent Micropsia
2017-04-05Palo Alto Networks Unit 42Tomer Bar, Tom Lancaster
@online{bar:20170405:targeted:49e76a6, author = {Tomer Bar and Tom Lancaster}, title = {{Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA}}, date = {2017-04-05}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/unit42-targeted-attacks-middle-east-using-kasperagent-micropsia/}, language = {English}, urldate = {2019-12-10} } Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA
vamp
2017-04-03JPCERT/CCShusei Tomonaga
@online{tomonaga:20170403:redleaves:211a123, author = {Shusei Tomonaga}, title = {{RedLeaves - Malware Based on Open Source RAT}}, date = {2017-04-03}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2017/04/redleaves---malware-based-on-open-source-rat.html}, language = {English}, urldate = {2022-06-22} } RedLeaves - Malware Based on Open Source RAT
PlugX RedLeaves Trochilus RAT
2017-04-03JPCERT/CCShusei Tomonaga
@online{tomonaga:20170403:ratredleaves:c0d1a92, author = {Shusei Tomonaga}, title = {{オープンソースのRATを改良したマルウエアRedLeaves}}, date = {2017-04-03}, organization = {JPCERT/CC}, url = {https://www.jpcert.or.jp/magazine/acreport-redleaves.html}, language = {Japanese}, urldate = {2020-01-06} } オープンソースのRATを改良したマルウエアRedLeaves
RedLeaves
2017-03-29ForcepointRoland Dela Paz
@online{paz:20170329:trojanized:867a7ca, author = {Roland Dela Paz}, title = {{Trojanized Adobe installer used to install DragonOK’s new custom backdoor}}, date = {2017-03-29}, organization = {Forcepoint}, url = {https://www.forcepoint.com/de/blog/x-labs/trojanized-adobe-installer-used-install-dragonok-s-new-custom-backdoor}, language = {English}, urldate = {2020-04-06} } Trojanized Adobe installer used to install DragonOK’s new custom backdoor
KHRAT DragonOK
2017-03-15Bleeping ComputerLawrence Abrams
@online{abrams:20170315:revenge:b047d2f, author = {Lawrence Abrams}, title = {{Revenge Ransomware, a CryptoMix Variant, Being Distributed by RIG Exploit Kit}}, date = {2017-03-15}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/revenge-ransomware-a-cryptomix-variant-being-distributed-by-rig-exploit-kit/}, language = {English}, urldate = {2019-12-20} } Revenge Ransomware, a CryptoMix Variant, Being Distributed by RIG Exploit Kit
CryptoShield
2017-02-28Security IntelligenceMagal Baz, Or Safran
@online{baz:20170228:dridexs:f72a5ec, author = {Magal Baz and Or Safran}, title = {{Dridex’s Cold War: Enter AtomBombing}}, date = {2017-02-28}, organization = {Security Intelligence}, url = {https://securityintelligence.com/dridexs-cold-war-enter-atombombing/}, language = {English}, urldate = {2019-12-16} } Dridex’s Cold War: Enter AtomBombing
Dridex
2017-02-21JPCERT/CCShusei Tomonaga
@online{tomonaga:20170221:plugx:f9e4817, author = {Shusei Tomonaga}, title = {{PlugX + Poison Ivy = PlugIvy? - PlugX Integrating Poison Ivy’s Code}}, date = {2017-02-21}, organization = {JPCERT/CC}, url = {http://blog.jpcert.or.jp/2017/02/plugx-poison-iv-919a.html}, language = {English}, urldate = {2020-01-13} } PlugX + Poison Ivy = PlugIvy? - PlugX Integrating Poison Ivy’s Code
PlugX
2017-02-10JPCERT/CCShusei Tomonaga
@online{tomonaga:20170210:malware:4f2c9aa, author = {Shusei Tomonaga}, title = {{Malware that infects using PowerSploit}}, date = {2017-02-10}, organization = {JPCERT/CC}, url = {https://blog.cyber4sight.com/2017/02/malicious-powershell-script-analysis-indicates-shamoon-actors-used-pupy-rat/}, language = {Japanese}, urldate = {2020-01-08} } Malware that infects using PowerSploit
pupy
2017-02-10JPCERT/CCShusei Tomonaga
@online{tomonaga:20170210:powersploit:8c4789a, author = {Shusei Tomonaga}, title = {{PowerSploit}}, date = {2017-02-10}, organization = {JPCERT/CC}, url = {https://www.jpcert.or.jp/magazine/acreport-ChChes_ps1.html}, language = {Japanese}, urldate = {2020-01-09} } PowerSploit
ChChes
2017-01-30Palo Alto Networks Unit 42Mashav Sapir, Tomer Bar, Netanel Rimer, Taras Malivanchuk, Yaron Samuel, Simon Conant
@online{sapir:20170130:downeks:8ed6329, author = {Mashav Sapir and Tomer Bar and Netanel Rimer and Taras Malivanchuk and Yaron Samuel and Simon Conant}, title = {{Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments}}, date = {2017-01-30}, organization = {Palo Alto Networks Unit 42}, url = {http://researchcenter.paloaltonetworks.com/2017/01/unit42-downeks-and-quasar-rat-used-in-recent-targeted-attacks-against-governments}, language = {English}, urldate = {2019-12-20} } Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments
Quasar RAT
2017-01-30Palo Alto Networks Unit 42Mashav Sapir, Tomer Bar, Netanel Rimer, Taras Malivanchuk, Yaron Samuel, Simon Conant
@online{sapir:20170130:downeks:07fcd1e, author = {Mashav Sapir and Tomer Bar and Netanel Rimer and Taras Malivanchuk and Yaron Samuel and Simon Conant}, title = {{Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments}}, date = {2017-01-30}, organization = {Palo Alto Networks Unit 42}, url = {http://researchcenter.paloaltonetworks.com/2017/01/unit42-downeks-and-quasar-rat-used-in-recent-targeted-attacks-against-governments/?adbsc=social69739136&adbid=826218465723756545&adbpl=tw&adbpr=4487645412}, language = {English}, urldate = {2019-12-20} } Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments
Downeks
2017-01-04CERT.PLJarosław Jedynak
@online{jedynak:20170104:technical:9cf0ab7, author = {Jarosław Jedynak}, title = {{Technical analysis of CryptoMix/CryptFile2 ransomware}}, date = {2017-01-04}, organization = {CERT.PL}, url = {https://www.cert.pl/en/news/single/technical-analysis-of-cryptomixcryptfile2-ransomware/}, language = {English}, urldate = {2020-01-13} } Technical analysis of CryptoMix/CryptFile2 ransomware
CryptoMix
2016-11-22Palo Alto Networks Unit 42Vicky Ray, Robert Falcone, Jen Miller-Osborn, Tom Lancaster
@online{ray:20161122:tropic:7f503e7, author = {Vicky Ray and Robert Falcone and Jen Miller-Osborn and Tom Lancaster}, title = {{Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy}}, date = {2016-11-22}, organization = {Palo Alto Networks Unit 42}, url = {https://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/}, language = {English}, urldate = {2019-12-20} } Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy
Poison Ivy
2016-11-22Palo Alto Networks Unit 42Vicky Ray, Robert Falcone, Jen Miller-Osborn, Tom Lancaster
@online{ray:20161122:tropic:6be7f53, author = {Vicky Ray and Robert Falcone and Jen Miller-Osborn and Tom Lancaster}, title = {{Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy}}, date = {2016-11-22}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/}, language = {English}, urldate = {2020-01-09} } Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy
APT23
2016-11-22Palo Alto Networks Unit 42Vicky Ray, Robert Falcone, Jen Miller-Osborn, Tom Lancaster
@online{ray:20161122:tropic:7857947, author = {Vicky Ray and Robert Falcone and Jen Miller-Osborn and Tom Lancaster}, title = {{Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy}}, date = {2016-11-22}, organization = {Palo Alto Networks Unit 42}, url = {http://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/}, language = {English}, urldate = {2019-12-20} } Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy
Winsloader Yahoyah APT23