Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-04-28FireEyeLee Foster, David Mainor, Ben Read, Sam Riddell, Gabby Roncone, Lindsay Smith, Alden Wahlstrom
@online{foster:20210428:ghostwriter:3455770, author = {Lee Foster and David Mainor and Ben Read and Sam Riddell and Gabby Roncone and Lindsay Smith and Alden Wahlstrom}, title = {{Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity}}, date = {2021-04-28}, organization = {FireEye}, url = {https://content.fireeye.com/web-assets/rpt-unc1151-ghostwriter-update}, language = {English}, urldate = {2021-05-03} } Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity
2021-03-31TagesschauHakan Tanriverdi, Florian Flade
@online{tanriverdi:20210331:attack:65b2f39, author = {Hakan Tanriverdi and Florian Flade}, title = {{Attack of the "chaos troops" (Ghostwriter)}}, date = {2021-03-31}, organization = {Tagesschau}, url = {https://www.tagesschau.de/investigativ/wdr/hackerangriffe-105.html}, language = {German}, urldate = {2021-03-31} } Attack of the "chaos troops" (Ghostwriter)
2021-03-31Twitter (@hatr)Hakan Tanriverdi
@online{tanriverdi:20210331:ghostwriter:28526c7, author = {Hakan Tanriverdi}, title = {{Tweet on Ghostwriter}}, date = {2021-03-31}, organization = {Twitter (@hatr)}, url = {https://twitter.com/hatr/status/1377220336597483520}, language = {English}, urldate = {2021-04-06} } Tweet on Ghostwriter
Ghostwriter
2021-03-26Der SpiegelDer Spiegel
@online{spiegel:20210326:russian:f756fe0, author = {Der Spiegel}, title = {{Russian group "Ghostwriters" apparently attacked parliamentarians}}, date = {2021-03-26}, organization = {Der Spiegel}, url = {https://www.spiegel.de/politik/deutschland/russischer-hack-erneute-attacke-hack-auf-bundestag-sieben-abgeordnete-betroffen-a-75e1adbe-4462-4e30-bd94-96796aed6b8a}, language = {German}, urldate = {2021-03-30} } Russian group "Ghostwriters" apparently attacked parliamentarians
2021-01-26SophosLabs UncutMichael Heller, David Anderson, Peter Mackenzie, Sergio Bestulic, Bill Kearney
@online{heller:20210126:nefilim:6b20ee0, author = {Michael Heller and David Anderson and Peter Mackenzie and Sergio Bestulic and Bill Kearney}, title = {{Nefilim Ransomware Attack Uses “Ghost” Credentials}}, date = {2021-01-26}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/01/26/nefilim-ransomware-attack-uses-ghost-credentials/}, language = {English}, urldate = {2021-02-18} } Nefilim Ransomware Attack Uses “Ghost” Credentials
Nefilim
2021-01-26Team CymruJosh Hopkins, Manabu Niseki, CERT-BR
@online{hopkins:20210126:ghostdnsbusters:d295f93, author = {Josh Hopkins and Manabu Niseki and CERT-BR}, title = {{GhostDNSbusters (Part 3) Illuminating GhostDNS Infrastructure}}, date = {2021-01-26}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/01/26/illuminating-ghostdns-infrastructure-part-3/}, language = {English}, urldate = {2021-01-29} } GhostDNSbusters (Part 3) Illuminating GhostDNS Infrastructure
2021-01-18AreteAdam Brown, Harold Rodriguez
@techreport{brown:20210118:egregor:a2ab774, author = {Adam Brown and Harold Rodriguez}, title = {{Egregor: The Ghost of Soviet Bears Past Haunts On}}, date = {2021-01-18}, institution = {Arete}, url = {https://areteir.com/wp-content/uploads/2021/01/01182021_Egregor_Insight.pdf}, language = {English}, urldate = {2021-02-02} } Egregor: The Ghost of Soviet Bears Past Haunts On
Egregor
2020-10-07Team CymruBrian Eckman
@online{eckman:20201007:ghostdnsbusters:9a32391, author = {Brian Eckman}, title = {{GhostDNSbusters (Part 2)}}, date = {2020-10-07}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2020/10/07/ghostdnsbusters-part-2/}, language = {English}, urldate = {2020-10-12} } GhostDNSbusters (Part 2)
2020-09-25360netlabAlex Turing, Hui Wang
@online{turing:20200925:ghost:4b56424, author = {Alex Turing and Hui Wang}, title = {{Ghost in action: the Specter botnet}}, date = {2020-09-25}, organization = {360netlab}, url = {https://blog.netlab.360.com/ghost-in-action-the-specter-botnet/}, language = {English}, urldate = {2020-10-04} } Ghost in action: the Specter botnet
Specter
2020-09-08Team CymruNick Byers, Manabu Niseki, CERT-BR
@online{byers:20200908:ghostdnsbusters:9531dcd, author = {Nick Byers and Manabu Niseki and CERT-BR}, title = {{GhostDNSbusters: Illuminating GhostDNS Infrastructure}}, date = {2020-09-08}, organization = {Team Cymru}, url = {https://team-cymru.com/2020/09/08/ghostdnsbusters/}, language = {English}, urldate = {2020-09-15} } GhostDNSbusters: Illuminating GhostDNS Infrastructure
2020-07-29FireEyeLee Foster, Sam Riddell, David Mainor, Gabby Roncone
@online{foster:20200729:ghostwriter:0d042f4, author = {Lee Foster and Sam Riddell and David Mainor and Gabby Roncone}, title = {{'Ghostwriter' Influence Campaign: Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned With Russian Security Interests}}, date = {2020-07-29}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/07/ghostwriter-influence-campaign.html}, language = {English}, urldate = {2021-04-06} } 'Ghostwriter' Influence Campaign: Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned With Russian Security Interests
Ghostwriter
2020-07-29MandiantMandiant
@techreport{mandiant:20200729:ghostwriter:c81a10a, author = {Mandiant}, title = {{‘Ghostwriter’ Influence Campaign: Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned with Russian Security Interests}}, date = {2020-07-29}, institution = {Mandiant}, url = {https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/Ghostwriter-Influence-Campaign.pdf}, language = {English}, urldate = {2020-07-30} } ‘Ghostwriter’ Influence Campaign: Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned with Russian Security Interests
2020-07-02AhnLabAhnLab ASEC Analysis Team
@techreport{team:20200702:malicious:700e400, author = {AhnLab ASEC Analysis Team}, title = {{Malicious Hangul Word Processor Files Exploiting Ghostscript Vulnerability}}, date = {2020-07-02}, institution = {AhnLab}, url = {https://global.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.99_ENG.pdf}, language = {English}, urldate = {2020-07-02} } Malicious Hangul Word Processor Files Exploiting Ghostscript Vulnerability
2020-05-20Avast DecodedDavid Jursa, Simi Musilova, Jan Rubín, Alexej Savčin
@online{jursa:20200520:ghostdns:43190d5, author = {David Jursa and Simi Musilova and Jan Rubín and Alexej Savčin}, title = {{GhostDNS Source Code Leaked}}, date = {2020-05-20}, organization = {Avast Decoded}, url = {https://decoded.avast.io/simonamusilova/ghostdns-source-code-leaked/}, language = {English}, urldate = {2020-05-23} } GhostDNS Source Code Leaked
2019-10-17ESET ResearchESET Research
@online{research:20191017:operation:812f836, author = {ESET Research}, title = {{Operation Ghost: The Dukes aren’t back – they never left}}, date = {2019-10-17}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/}, language = {English}, urldate = {2020-01-09} } Operation Ghost: The Dukes aren’t back – they never left
PolyglotDuke
2019-10-17ESET ResearchMatthieu Faou, Mathieu Tartare, Thomas Dupuy
@techreport{faou:20191017:operation:b695c9b, author = {Matthieu Faou and Mathieu Tartare and Thomas Dupuy}, title = {{OPERATION GHOST The Dukes aren’t back — they never left}}, date = {2019-10-17}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Operation_Ghost_Dukes.pdf}, language = {English}, urldate = {2020-05-18} } OPERATION GHOST The Dukes aren’t back — they never left
FatDuke
2019-09-19Trend MicroMaverick Pascual
@online{pascual:20190919:fileless:3c07209, author = {Maverick Pascual}, title = {{Fileless Cryptocurrency-Miner GhostMiner Weaponizes WMI Objects, Kills Other Cryptocurrency-Mining Payloads}}, date = {2019-09-19}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/fileless-cryptocurrency-miner-ghostminer-weaponizes-wmi-objects-kills-other-cryptocurrency-mining-payloads/}, language = {English}, urldate = {2020-01-07} } Fileless Cryptocurrency-Miner GhostMiner Weaponizes WMI Objects, Kills Other Cryptocurrency-Mining Payloads
GhostMiner
2019-03-28Malware Explorer BlogNart Villeneuve
@online{villeneuve:20190328:10:b49637d, author = {Nart Villeneuve}, title = {{10 Years Since Ghostnet}}, date = {2019-03-28}, organization = {Malware Explorer Blog}, url = {https://www.nartv.org/2019/03/28/10-years-since-ghostnet/}, language = {English}, urldate = {2020-01-06} } 10 Years Since Ghostnet
Gh0stnet
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:operation:207fc18, author = {Cyber Operations Tracker}, title = {{Operation GhostSecret}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/operation-ghostsecret}, language = {English}, urldate = {2019-12-20} } Operation GhostSecret
Lazarus Group
2018-04-24McAfeeRyan Sherstobitoff
@online{sherstobitoff:20180424:analyzing:4383088, author = {Ryan Sherstobitoff}, title = {{Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide}}, date = {2018-04-24}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/}, language = {English}, urldate = {2023-02-27} } Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide
GhostSecret