Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-08-01Twitter (@sekoia_io)sekoia
@online{sekoia:20220801:turlas:ec60a74, author = {sekoia}, title = {{Tweet on Turla's CyberAzov activity}}, date = {2022-08-01}, organization = {Twitter (@sekoia_io)}, url = {https://twitter.com/sekoia_io/status/1554086468104196096}, language = {English}, urldate = {2022-08-02} } Tweet on Turla's CyberAzov activity
CyberAzov
2022-07-28SekoiaThreat & Detection Research Team
@techreport{team:20220728:sekoiaio:2aa9d7b, author = {Threat & Detection Research Team}, title = {{SEKOIA.IO Mid-2022 Ransomware Threat Landscape}}, date = {2022-07-28}, institution = {Sekoia}, url = {https://blog.sekoia.io/wp-content/uploads/2022/07/FLINT_2022_039___Mid_2022_Ransomware_Overview__TLP_WHITE.pdf}, language = {English}, urldate = {2022-08-18} } SEKOIA.IO Mid-2022 Ransomware Threat Landscape
2022-07-22SekoiaThreat & Detection Research Team
@online{team:20220722:calisto:c64f3a5, author = {Threat & Detection Research Team}, title = {{CALISTO continues its credential harvesting campaign}}, date = {2022-07-22}, organization = {Sekoia}, url = {https://blog.sekoia.io/calisto-continues-its-credential-harvesting-campaign}, language = {English}, urldate = {2022-08-25} } CALISTO continues its credential harvesting campaign
Callisto
2022-07-18SekoiaThreat & Detection Research Team
@online{team:20220718:ongoing:e5bd178, author = {Threat & Detection Research Team}, title = {{Ongoing Roaming Mantis smishing campaign targeting France}}, date = {2022-07-18}, organization = {Sekoia}, url = {https://blog.sekoia.io/ongoing-roaming-mantis-smishing-campaign-targeting-france/}, language = {English}, urldate = {2022-07-18} } Ongoing Roaming Mantis smishing campaign targeting France
MoqHao
2022-07-08SekoiaThreat & Detection Research Team
@online{team:20220708:vice:a611407, author = {Threat & Detection Research Team}, title = {{Vice Society: a discreet but steady double extortion ransomware group}}, date = {2022-07-08}, organization = {Sekoia}, url = {https://blog.sekoia.io/vice-society-a-discreet-but-steady-double-extortion-ransomware-group}, language = {English}, urldate = {2022-08-18} } Vice Society: a discreet but steady double extortion ransomware group
HelloKitty
2022-07-08Sekoiasekoia
@online{sekoia:20220708:vice:d66b5b2, author = {sekoia}, title = {{Vice Society: a discreet but steady double extortion ransomware group}}, date = {2022-07-08}, organization = {Sekoia}, url = {https://blog.sekoia.io/vice-society-a-discreet-but-steady-double-extortion-ransomware-group/}, language = {English}, urldate = {2023-02-03} } Vice Society: a discreet but steady double extortion ransomware group
HelloKitty Zeppelin
2022-06-29SekoiaThreat & Detection Research Team
@online{team:20220629:raccoon:a59b65c, author = {Threat & Detection Research Team}, title = {{Raccoon Stealer v2 – Part 2: In-depth analysis}}, date = {2022-06-29}, organization = {Sekoia}, url = {https://blog.sekoia.io/raccoon-stealer-v2-part-2-in-depth-analysis/}, language = {English}, urldate = {2022-07-25} } Raccoon Stealer v2 – Part 2: In-depth analysis
Raccoon
2022-06-28SekoiaThreat & Detection Research Team
@online{team:20220628:raccoon:98accde, author = {Threat & Detection Research Team}, title = {{Raccoon Stealer v2 – Part 1: The return of the dead}}, date = {2022-06-28}, organization = {Sekoia}, url = {https://blog.sekoia.io/raccoon-stealer-v2-part-1-the-return-of-the-dead/}, language = {English}, urldate = {2022-06-30} } Raccoon Stealer v2 – Part 1: The return of the dead
Raccoon
2022-06-13SekoiaThreat & Detection Research Team
@online{team:20220613:bumblebee:0a56342, author = {Threat & Detection Research Team}, title = {{BumbleBee: a new trendy loader for Initial Access Brokers}}, date = {2022-06-13}, organization = {Sekoia}, url = {https://blog.sekoia.io/bumblebee-a-new-trendy-loader-for-initial-access-brokers/}, language = {English}, urldate = {2022-06-17} } BumbleBee: a new trendy loader for Initial Access Brokers
BumbleBee
2022-05-17SekoiaThreat & Detection Research Team
@online{team:20220517:eternityteam:daf058d, author = {Threat & Detection Research Team}, title = {{EternityTeam: a new prominent threat group on underground forums}}, date = {2022-05-17}, organization = {Sekoia}, url = {https://blog.sekoia.io/eternityteam-a-new-prominent-threat-group-on-underground-forums/}, language = {English}, urldate = {2022-05-23} } EternityTeam: a new prominent threat group on underground forums
Eternity Stealer
2022-04-07SekoiaThreat & Detection Research Team
@online{team:20220407:mars:9a72e1f, author = {Threat & Detection Research Team}, title = {{Mars, a red-hot information stealer}}, date = {2022-04-07}, organization = {Sekoia}, url = {https://blog.sekoia.io/mars-a-red-hot-information-stealer/}, language = {English}, urldate = {2022-04-08} } Mars, a red-hot information stealer
Mars Stealer
2022-02-23Sekoiasekoia
@techreport{sekoia:20220223:banana:7ca43ed, author = {sekoia}, title = {{Banana Sulfate infrastructure cluster exposed}}, date = {2022-02-23}, institution = {Sekoia}, url = {https://7095517.fs1.hubspotusercontent-na1.net/hubfs/7095517/%5BMarketing%5D%20-%20Ebook-analyse/FLINT%202022-011%20-%20Banana%20Sulfate%20infrastructure%20exposed_WHITE.pdf}, language = {English}, urldate = {2022-04-05} } Banana Sulfate infrastructure cluster exposed
2022-02-17Sekoiasekoia
@online{sekoia:20220217:story:4255cb2, author = {sekoia}, title = {{The story of a ransomware builder: from Thanos to Spook and beyond (Part 1)}}, date = {2022-02-17}, organization = {Sekoia}, url = {https://www.sekoia.io/en/the-story-of-a-ransomware-builder-from-thanos-to-spook-and-beyond-part-1/}, language = {English}, urldate = {2022-03-02} } The story of a ransomware builder: from Thanos to Spook and beyond (Part 1)
Hakbit
2022-01-06Sekoiasekoia
@online{sekoia:20220106:nobeliums:de631e8, author = {sekoia}, title = {{NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies}}, date = {2022-01-06}, organization = {Sekoia}, url = {https://www.sekoia.io/en/nobeliums-envyscout-infection-chain-goes-in-the-registry-targeting-embassies/}, language = {English}, urldate = {2022-01-10} } NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies
Cobalt Strike EnvyScout
2021-11-10SekoiaCyber Threat Intelligence team
@online{team:20211110:walking:cc41f24, author = {Cyber Threat Intelligence team}, title = {{Walking on APT31 infrastructure footprints}}, date = {2021-11-10}, organization = {Sekoia}, url = {https://www.sekoia.io/en/walking-on-apt31-infrastructure-footprints/}, language = {English}, urldate = {2021-11-11} } Walking on APT31 infrastructure footprints
Rekoobe Unidentified ELF 004 Cobalt Strike
2021-08-19Sekoiasekoia
@online{sekoia:20210819:insider:ceb84de, author = {sekoia}, title = {{An insider insights into Conti operations – Part two}}, date = {2021-08-19}, organization = {Sekoia}, url = {https://www.sekoia.io/en/an-insider-insights-into-conti-operations-part-two/}, language = {English}, urldate = {2021-09-06} } An insider insights into Conti operations – Part two
Cobalt Strike Conti
2021-08-17Sekoiasekoia
@online{sekoia:20210817:insider:3b427c7, author = {sekoia}, title = {{An insider insights into Conti operations – Part one}}, date = {2021-08-17}, organization = {Sekoia}, url = {https://www.sekoia.io/en/an-insider-insights-into-conti-operations-part-one}, language = {English}, urldate = {2021-09-06} } An insider insights into Conti operations – Part one
Cobalt Strike Conti
2021-07-08Sekoiasekoia
@techreport{sekoia:20210708:kaseya:029b682, author = {sekoia}, title = {{Kaseya: Another Massive Heist by REvil}}, date = {2021-07-08}, institution = {Sekoia}, url = {https://f.hubspotusercontent10.net/hubfs/7095517/FLINT-Kaseya-Another%20Massive%20Heist%20by%20REvil.pdf}, language = {English}, urldate = {2021-09-20} } Kaseya: Another Massive Heist by REvil
REvil
2021-03-11Sekoiasekoia
@techreport{sekoia:20210311:qnap:e8c82c4, author = {sekoia}, title = {{QNAP worm: who bene}}, date = {2021-03-11}, institution = {Sekoia}, url = {https://7095517.fs1.hubspotusercontent-na1.net/hubfs/7095517/FLINT%202022-016%20-%20QNAP%20worm_%20who%20benefits%20from%20crime%20(1).pdf}, language = {English}, urldate = {2022-05-08} } QNAP worm: who bene
2019-06-13Sekoiasekoia
@online{sekoia:20190613:hunting:201a07e, author = {sekoia}, title = {{Hunting and detecting Cobalt Strike}}, date = {2019-06-13}, organization = {Sekoia}, url = {https://www.sekoia.io/en/hunting-and-detecting-cobalt-strike/}, language = {English}, urldate = {2021-08-02} } Hunting and detecting Cobalt Strike
Cobalt Strike