Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2018-02-20Twitter (@JohnLaTwC)John Lambert
@online{lambert:20180220:evilosx:4d3473b, author = {John Lambert}, title = {{Tweet on EvilOSX}}, date = {2018-02-20}, organization = {Twitter (@JohnLaTwC)}, url = {https://twitter.com/JohnLaTwC/status/966139336436498432}, language = {English}, urldate = {2020-01-09} } Tweet on EvilOSX
EvilOSX
2018-02-06ForcepointJohn Bergbom
@online{bergbom:20180206:danderspritzpeddlecheap:b09bc8f, author = {John Bergbom}, title = {{DanderSpritz/PeddleCheap traffic analysis (Part 1 of 2)}}, date = {2018-02-06}, organization = {Forcepoint}, url = {https://www.forcepoint.com/fr/blog/security-labs/new-whitepaper-danderspritzpeddlecheap-traffic-analysis-part-1-2#}, language = {English}, urldate = {2020-05-07} } DanderSpritz/PeddleCheap traffic analysis (Part 1 of 2)
PeddleCheap
2017-12-14FireEyeBlake Johnson, Dan Caban, Marina Krotofil, Dan Scali, Nathan Brubaker, Christopher Glyer
@online{johnson:20171214:attackers:6b0be76, author = {Blake Johnson and Dan Caban and Marina Krotofil and Dan Scali and Nathan Brubaker and Christopher Glyer}, title = {{Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure}}, date = {2017-12-14}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html}, language = {English}, urldate = {2019-12-20} } Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure
Triton TEMP.Veles
2017-12-06The Citizen LabBill Marczak, Geoffrey Alexander, Sarah McKune, John Scott-Railton, Ron Deibert
@online{marczak:20171206:champing:4cb4525, author = {Bill Marczak and Geoffrey Alexander and Sarah McKune and John Scott-Railton and Ron Deibert}, title = {{Champing at the Cyberbit Ethiopian Dissidents Targeted with New Commercial Spyware}}, date = {2017-12-06}, organization = {The Citizen Lab}, url = {https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-commercial-spyware/}, language = {English}, urldate = {2019-11-23} } Champing at the Cyberbit Ethiopian Dissidents Targeted with New Commercial Spyware
PC Surveillance System
2017-10-04Twitter (@JohnLaTwC)John Lambert
@online{lambert:20171004:turla:904593f, author = {John Lambert}, title = {{Tweet on Turla JS backdoor}}, date = {2017-10-04}, organization = {Twitter (@JohnLaTwC)}, url = {https://twitter.com/JohnLaTwC/status/915590893155098629}, language = {English}, urldate = {2019-10-23} } Tweet on Turla JS backdoor
Maintools.js
2017-09-22Kaspersky LabsJohn Snow
@online{snow:20170922:nransom:28b3829, author = {John Snow}, title = {{NRansom: Ransomware that demands your nudes}}, date = {2017-09-22}, organization = {Kaspersky Labs}, url = {https://www.kaspersky.com/blog/nransom-nude-ransomware/18597/}, language = {English}, urldate = {2019-12-02} } NRansom: Ransomware that demands your nudes
nRansom
2017-08-18Trend MicroJohn Sanchez
@online{sanchez:20170818:kovter:31e1e79, author = {John Sanchez}, title = {{KOVTER: An Evolving Malware Gone Fileless}}, date = {2017-08-18}, organization = {Trend Micro}, url = {https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/kovter-an-evolving-malware-gone-fileless}, language = {English}, urldate = {2020-01-08} } KOVTER: An Evolving Malware Gone Fileless
Kovter
2017-04-10SymantecA L Johnson
@online{johnson:20170410:longhorn:811e6dc, author = {A L Johnson}, title = {{Longhorn: Tools used by cyberespionage group linked to Vault 7}}, date = {2017-04-10}, organization = {Symantec}, url = {https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7ca2e331-2209-46a8-9e60-4cb83f9602de&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments}, language = {English}, urldate = {2020-04-21} } Longhorn: Tools used by cyberespionage group linked to Vault 7
Lambert Longhorn
2017-02-27SymantecA L Johnson
@online{johnson:20170227:shamoon:0188f39, author = {A L Johnson}, title = {{Shamoon: Multi-staged destructive attacks limited to specific targets}}, date = {2017-02-27}, organization = {Symantec}, url = {https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=5758557d-6e3a-4174-90f3-fa92a712ecd9&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments}, language = {English}, urldate = {2020-04-21} } Shamoon: Multi-staged destructive attacks limited to specific targets
DistTrack MimiKatz Rocket Kitten
2017-02-12SymantecA L Johnson
@online{johnson:20170212:attackers:2fdd5b5, author = {A L Johnson}, title = {{Attackers target dozens of global banks with new malware}}, date = {2017-02-12}, organization = {Symantec}, url = {https://community.broadcom.com/symantecenterprise/viewdocument/attackers-target-dozens-of-global-b}, language = {English}, urldate = {2023-08-13} } Attackers target dozens of global banks with new malware
Ratankba Lazarus Group
2017-02-12SymantecA L Johnson
@online{johnson:20170212:attackers:c338fa3, author = {A L Johnson}, title = {{Attackers target dozens of global banks with new malware}}, date = {2017-02-12}, organization = {Symantec}, url = {https://www.symantec.com/connect/blogs/attackers-target-dozens-global-banks-new-malware}, language = {English}, urldate = {2020-04-21} } Attackers target dozens of global banks with new malware
Joanap Ratankba Sierra(Alfa,Bravo, ...) Lazarus Group
2016-11-30SymantecA L Johnson
@online{johnson:20161130:shamoon:50feb7c, author = {A L Johnson}, title = {{Shamoon: Back from the dead and destructive as ever}}, date = {2016-11-30}, organization = {Symantec}, url = {https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=ad6f8259-2bb4-4f7f-b8e1-710b35a4cbed&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments}, language = {English}, urldate = {2020-04-21} } Shamoon: Back from the dead and destructive as ever
DistTrack OilRig
2016-11-17CitizenLabAdam Hulcoop, Matt Brooks, Etienne Maynier, John Scott-Railton, Masashi Crete-Nishihata
@online{hulcoop:20161117:its:b644801, author = {Adam Hulcoop and Matt Brooks and Etienne Maynier and John Scott-Railton and Masashi Crete-Nishihata}, title = {{It’s Parliamentary - KeyBoy and the targeting of the Tibetan Community}}, date = {2016-11-17}, organization = {CitizenLab}, url = {https://citizenlab.ca/2016/11/parliament-keyboy/}, language = {English}, urldate = {2019-07-11} } It’s Parliamentary - KeyBoy and the targeting of the Tibetan Community
KeyBoy
2016-08-08SymantecA L Johnson
@online{johnson:20160808:strider:49d9d44, author = {A L Johnson}, title = {{Strider: Cyberespionage group turns eye of Sauron on targets}}, date = {2016-08-08}, organization = {Symantec}, url = {https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=ce2df4da-afe9-4a24-b28c-0fb3ba671d95&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments}, language = {English}, urldate = {2020-04-21} } Strider: Cyberespionage group turns eye of Sauron on targets
Flame Regin Remsec ProjectSauron
2016-05-29CitizenLabBill Marczak, John Scott-Railton
@online{marczak:20160529:keep:8f48d9e, author = {Bill Marczak and John Scott-Railton}, title = {{Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents}}, date = {2016-05-29}, organization = {CitizenLab}, url = {https://citizenlab.ca/2016/05/stealth-falcon/}, language = {English}, urldate = {2020-04-06} } Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents
Stealth Falcon
2016-05-02John BambenekJohn Bambenek
@online{bambenek:20160502:osint:54b6791, author = {John Bambenek}, title = {{OSINT Feed}}, date = {2016-05-02}, organization = {John Bambenek}, url = {http://osint.bambenekconsulting.com/feeds/}, language = {English}, urldate = {2020-01-06} } OSINT Feed
Mirai Banjori
2016-02-22SymantecA L Johnson
@online{johnson:20160222:russian:cc3bc7b, author = {A L Johnson}, title = {{Russian bank employees received fake job offers in targeted email attack}}, date = {2016-02-22}, organization = {Symantec}, url = {https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=8e498912-44f8-4ea0-ac50-4544f0fedd6c&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments}, language = {English}, urldate = {2020-04-21} } Russian bank employees received fake job offers in targeted email attack
Buhtrap BuhTrap
2016-01-12FireEyeJohn Miller, Barry Vengerik
@online{miller:20160112:magnificent:2aeb339, author = {John Miller and Barry Vengerik}, title = {{The Magnificent FIN7: Revealing a Cybercriminal Threat Group}}, date = {2016-01-12}, organization = {FireEye}, url = {https://www.infosecurityeurope.com/__novadocuments/367989?v=636338290033030000}, language = {English}, urldate = {2019-11-21} } The Magnificent FIN7: Revealing a Cybercriminal Threat Group
BABYMETAL
2015-12-08The CitizenlabJohn Scott-Railton, Morgan Marquis-Boire, Claudio Guarnieri, Marion Marschalek
@online{scottrailton:20151208:packrat:5f9bffa, author = {John Scott-Railton and Morgan Marquis-Boire and Claudio Guarnieri and Marion Marschalek}, title = {{Packrat: Seven Years of a South American Threat Actor}}, date = {2015-12-08}, organization = {The Citizenlab}, url = {https://citizenlab.ca/2015/12/packrat-report/}, language = {English}, urldate = {2020-05-18} } Packrat: Seven Years of a South American Threat Actor
AdWind Adzok CyberGate Xtreme RAT Packrat
2015-10-26SymantecA L Johnson
@online{johnson:20151026:duuzer:e87f194, author = {A L Johnson}, title = {{Duuzer back door Trojan targets South Korea to take over computers}}, date = {2015-10-26}, organization = {Symantec}, url = {https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=5b9850b9-0fdd-48a9-b595-9234207ae7df&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments}, language = {English}, urldate = {2020-04-21} } Duuzer back door Trojan targets South Korea to take over computers
Brambul Duuzer Joanap Lazarus Group