Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-12-08SophosSean Gallagher, Anand Aijan, Gabor Szappanos, Syed Shahram, Bill Kearney, Mark Loman, Peter Mackenzie, Sergio Bestulic
@online{gallagher:20201208:egregor:fe48cfd, author = {Sean Gallagher and Anand Aijan and Gabor Szappanos and Syed Shahram and Bill Kearney and Mark Loman and Peter Mackenzie and Sergio Bestulic}, title = {{Egregor ransomware: Maze’s heir apparent}}, date = {2020-12-08}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2020/12/08/egregor-ransomware-mazes-heir-apparent/}, language = {English}, urldate = {2020-12-08} } Egregor ransomware: Maze’s heir apparent
Egregor Maze
2020-11-16ESET ResearchAnton Cherepanov, Peter Kálnai
@online{cherepanov:20201116:lazarus:6b90a77, author = {Anton Cherepanov and Peter Kálnai}, title = {{Lazarus supply‑chain attack in South Korea}}, date = {2020-11-16}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2020/11/16/lazarus-supply-chain-attack-south-korea/}, language = {English}, urldate = {2020-11-18} } Lazarus supply‑chain attack in South Korea
BookCodes RAT Lazarus Group
2020-10-28SophosLabs UncutSean Gallagher, Peter Mackenzie, Elida Leite, Syed Shahram, Bill Kearny, Anand Ajjan, Brett Cove, Gabor Szappanos
@online{gallagher:20201028:hacks:8e1d051, author = {Sean Gallagher and Peter Mackenzie and Elida Leite and Syed Shahram and Bill Kearny and Anand Ajjan and Brett Cove and Gabor Szappanos}, title = {{Hacks for sale: inside the Buer Loader malware-as-a-service}}, date = {2020-10-28}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2020/10/28/hacks-for-sale-inside-the-buer-loader-malware-as-a-service/}, language = {English}, urldate = {2020-11-02} } Hacks for sale: inside the Buer Loader malware-as-a-service
Buer Ryuk Zloader
2020-09-17SophosLabs UncutAndrew Brandt, Peter Mackenzie
@online{brandt:20200917:maze:714f603, author = {Andrew Brandt and Peter Mackenzie}, title = {{Maze attackers adopt Ragnar Locker virtual machine technique}}, date = {2020-09-17}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2020/09/17/maze-attackers-adopt-ragnar-locker-virtual-machine-technique/}, language = {English}, urldate = {2020-09-21} } Maze attackers adopt Ragnar Locker virtual machine technique
Maze
2020-07-11TrustwavePeter Evans, Rodel Mendrez
@online{evans:20200711:injecting:3d78e32, author = {Peter Evans and Rodel Mendrez}, title = {{Injecting Magecart into Magento Global Config}}, date = {2020-07-11}, organization = {Trustwave}, url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/injecting-magecart-into-magento-global-config/}, language = {English}, urldate = {2020-07-15} } Injecting Magecart into Magento Global Config
magecart
2020-05-14ESET ResearchPeter Kálnai
@online{klnai:20200514:mikroceen:b259a8c, author = {Peter Kálnai}, title = {{Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia}}, date = {2020-05-14}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2020/05/14/mikroceen-spying-backdoor-high-profile-networks-central-asia/}, language = {English}, urldate = {2020-05-14} } Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia
BYEBY Microcin
2020-05-14ESET ResearchPeter Kálnai
@online{klnai:20200514:mikroceen:3e541ad, author = {Peter Kálnai}, title = {{Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia}}, date = {2020-05-14}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2020/05/14/mikroceen-spying-backdoor-high-profile-networks-central-asia}, language = {English}, urldate = {2022-07-25} } Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia
Microcin Vicious Panda
2020-01-31Virus BulletinMichal Poslušný, Peter Kálnai
@online{poslun:20200131:rich:c25f156, author = {Michal Poslušný and Peter Kálnai}, title = {{Rich Headers: leveraging this mysterious artifact of the PE format}}, date = {2020-01-31}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/01/vb2019-paper-rich-headers-leveraging-mysterious-artifact-pe-format/}, language = {English}, urldate = {2020-02-03} } Rich Headers: leveraging this mysterious artifact of the PE format
Dridex Exaramel Industroyer Neutrino RCS Sathurbot
2020-01-13GigamonWilliam Peteroy, Ed Miles
@online{peteroy:20200113:emotet:60abae1, author = {William Peteroy and Ed Miles}, title = {{Emotet: Not your Run-of-the-mill Malware}}, date = {2020-01-13}, organization = {Gigamon}, url = {https://atr-blog.gigamon.com/2020/01/13/emotet-not-your-run-of-the-mill-malware/}, language = {English}, urldate = {2020-01-17} } Emotet: Not your Run-of-the-mill Malware
Emotet
2019-12-12mrfr05t
@online{mrfr05t:20191212:mrpeter:8ba7456, author = {mrfr05t}, title = {{Mr.Peter}}, date = {2019-12-12}, url = {https://github.com/mrfr05t/Mr.Peter}, language = {English}, urldate = {2020-03-13} } Mr.Peter
MrPeter
2019-09-18SophosLabs UncutPeter Mackenzie
@online{mackenzie:20190918:wannacry:7aeb8e1, author = {Peter Mackenzie}, title = {{The WannaCry hangover}}, date = {2019-09-18}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2019/09/18/the-wannacry-hangover/}, language = {English}, urldate = {2022-03-18} } The WannaCry hangover
WannaCryptor
2019-09-17SophosLabsPeter Mackenzie
@techreport{mackenzie:20190917:wannacry:250bb80, author = {Peter Mackenzie}, title = {{WannaCry Aftershock}}, date = {2019-09-17}, institution = {SophosLabs}, url = {https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/WannaCry-Aftershock.pdf}, language = {English}, urldate = {2022-03-22} } WannaCry Aftershock
WannaCryptor
2019-05-19nrkHenrik Lied, Peter Svaar, Dennis Ravndal, Anders Brekke, Kristine Hirsti
@online{lied:20190519:skreddersydd:e16c8d8, author = {Henrik Lied and Peter Svaar and Dennis Ravndal and Anders Brekke and Kristine Hirsti}, title = {{Skreddersydd dobbeltangrep mot Hydro}}, date = {2019-05-19}, organization = {nrk}, url = {https://www.nrk.no/norge/skreddersydd-dobbeltangrep-mot-hydro-1.14480202}, language = {Norwegian}, urldate = {2019-11-21} } Skreddersydd dobbeltangrep mot Hydro
LockerGoga
2019CSISBenoît Ancel, Peter Kruse
@techreport{ancel:2019:dreambot:e29023e, author = {Benoît Ancel and Peter Kruse}, title = {{Dreambot Business overview 2019}}, date = {2019}, institution = {CSIS}, url = {http://benkow.cc/DreambotSAS19.pdf}, language = {English}, urldate = {2019-12-10} } Dreambot Business overview 2019
ISFB
2018-12-10BotconfJakub Souček, Jakub Tomanek, Peter Kálnai
@online{souek:20181210:collecting:fe52669, author = {Jakub Souček and Jakub Tomanek and Peter Kálnai}, title = {{Collecting Malicious Particles from Neutrino Botnets}}, date = {2018-12-10}, organization = {Botconf}, url = {https://journal.cecyf.fr/ojs/index.php/cybin/article/view/22}, language = {English}, urldate = {2020-01-13} } Collecting Malicious Particles from Neutrino Botnets
Neutrino
2018-10-03Virus BulletinPeter Kálnai, Michal Poslušný
@techreport{klnai:20181003:lazarus:bebf0ad, author = {Peter Kálnai and Michal Poslušný}, title = {{Lazarus Group A Mahjong Game Played with Different Sets of Tiles}}, date = {2018-10-03}, institution = {Virus Bulletin}, url = {https://www.virusbulletin.com/uploads/pdf/magazine/2018/VB2018-Kalnai-Poslusny.pdf}, language = {English}, urldate = {2023-08-31} } Lazarus Group A Mahjong Game Played with Different Sets of Tiles
Bankshot BanPolMex RAT FuwuqiDrama HOTWAX KillDisk (Lazarus) NACHOCHEESE REDSHAWL WannaCryptor
2018-08-01SophosLabsPeter Mackenzie, Dorka Palotay, Andrew Brandt, Mark Stockley, Luca Nagy, Simon Porter, Hajnalka Kope, Claire Mackenzie
@techreport{mackenzie:20180801:samsam:73fdb9a, author = {Peter Mackenzie and Dorka Palotay and Andrew Brandt and Mark Stockley and Luca Nagy and Simon Porter and Hajnalka Kope and Claire Mackenzie}, title = {{SamSam: The (Almost) Six Million Dollar Ransomware}}, date = {2018-08-01}, institution = {SophosLabs}, url = {https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-The-Almost-Six-Million-Dollar-Ransomware.pdf}, language = {English}, urldate = {2022-03-22} } SamSam: The (Almost) Six Million Dollar Ransomware
SamSam
2018-07-13Trend MicroTony Yang, Peter Lee
@online{yang:20180713:vpnfilteraffected:a08c4ae, author = {Tony Yang and Peter Lee}, title = {{VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities}}, date = {2018-07-13}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/vpnfilter-affected-devices-still-riddled-with-19-vulnerabilities}, language = {English}, urldate = {2020-01-08} } VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities
VPNFilter
2018-04-03ESET ResearchPeter Kálnai, Anton Cherepanov
@online{klnai:20180403:lazarus:14ff18c, author = {Peter Kálnai and Anton Cherepanov}, title = {{Lazarus KillDisks Central American casino}}, date = {2018-04-03}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2018/04/03/lazarus-killdisk-central-american-casino/}, language = {English}, urldate = {2023-03-27} } Lazarus KillDisks Central American casino
KillDisk (Lazarus) Lazarus Group
2018-04SophosDorka Palotay, Peter Mackenzie
@online{palotay:201804:samsam:9ca3687, author = {Dorka Palotay and Peter Mackenzie}, title = {{SamSam Ransomware Chooses Its Targets Carefully}}, date = {2018-04}, organization = {Sophos}, url = {https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/samsam-ransomware-chooses-its-targets-carefully-wpna.aspx}, language = {English}, urldate = {2019-12-20} } SamSam Ransomware Chooses Its Targets Carefully
SamSam