Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-08-25BitdefenderBogdan Botezatu, Victor Vrabie, Cristina Vatamanu, Eduard Budaca
@techreport{botezatu:20210825:fin8:44ba5b3, author = {Bogdan Botezatu and Victor Vrabie and Cristina Vatamanu and Eduard Budaca}, title = {{FIN8 Threat Actor Goes Agile with New Sardonic Backdoor}}, date = {2021-08-25}, institution = {Bitdefender}, url = {https://www.bitdefender.com/files/News/CaseStudies/study/401/Bitdefender-PR-Whitepaper-FIN8-creat5619-en-EN.pdf}, language = {English}, urldate = {2021-09-02} } FIN8 Threat Actor Goes Agile with New Sardonic Backdoor
2021-07-27BitdefenderMartin Zugec
@online{zugec:20210727:deep:862489c, author = {Martin Zugec}, title = {{Deep dive into a FIN8 attack – A forensic investigation}}, date = {2021-07-27}, organization = {Bitdefender}, url = {https://businessinsights.bitdefender.com/deep-dive-into-a-fin8-attack-a-forensic-investigation}, language = {English}, urldate = {2021-08-02} } Deep dive into a FIN8 attack – A forensic investigation
2021-07-21BitdefenderBogdan Botezatu, Victor Vrabie
@online{botezatu:20210721:luminousmoth:7ed907d, author = {Bogdan Botezatu and Victor Vrabie}, title = {{LuminousMoth – PlugX, File Exfiltration and Persistence Revisited}}, date = {2021-07-21}, organization = {Bitdefender}, url = {https://www.bitdefender.com/blog/labs/luminousmoth-plugx-file-exfiltration-and-persistence-revisited}, language = {English}, urldate = {2021-07-26} } LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
PlugX
2021-07-19BitdefenderBitdefender
@techreport{bitdefender:20210719:debugging:48353a0, author = {Bitdefender}, title = {{Debugging MosaicLoader, One Step at a Time}}, date = {2021-07-19}, institution = {Bitdefender}, url = {https://www.bitdefender.com/files/News/CaseStudies/study/400/Bitdefender-PR-Whitepaper-MosaicLoader-creat5540-en-EN.pdf}, language = {English}, urldate = {2021-07-20} } Debugging MosaicLoader, One Step at a Time
AsyncRAT Glupteba
2021-07-14BitdefenderBitdefender
@online{bitdefender:20210714:how:3e51ccd, author = {Bitdefender}, title = {{How We Tracked a Threat Group Running an Active Cryptojacking Campaign}}, date = {2021-07-14}, organization = {Bitdefender}, url = {https://www.bitdefender.com/blog/labs/how-we-tracked-a-threat-group-running-an-active-cryptojacking-campaign}, language = {English}, urldate = {2021-07-20} } How We Tracked a Threat Group Running an Active Cryptojacking Campaign
2021-07-12BitdefenderRadu Tudorica, Bogdan Botezatu
@techreport{tudorica:20210712:fresh:d1d9d75, author = {Radu Tudorica and Bogdan Botezatu}, title = {{A Fresh Look at Trickbot’s Ever-Improving VNC Module}}, date = {2021-07-12}, institution = {Bitdefender}, url = {https://www.bitdefender.com/files/News/CaseStudies/study/399/Bitdefender-PR-Whitepaper-Trickbot-creat5515-en-EN.pdf}, language = {English}, urldate = {2021-07-19} } A Fresh Look at Trickbot’s Ever-Improving VNC Module
TrickBot
2021-06-01BitdefenderAlin Mihai Barbatei, Oana Asoltanei, Silviu Stahie
@online{barbatei:20210601:threat:83b0dfc, author = {Alin Mihai Barbatei and Oana Asoltanei and Silviu Stahie}, title = {{Threat Actors Use Mockups of Popular Apps to Spread Teabot and Flubot Malware on Android}}, date = {2021-06-01}, organization = {Bitdefender}, url = {https://labs.bitdefender.com/2021/06/threat-actors-use-mockups-of-popular-apps-to-spread-teabot-and-flubot-malware-on-android/}, language = {English}, urldate = {2021-06-09} } Threat Actors Use Mockups of Popular Apps to Spread Teabot and Flubot Malware on Android
Anatsa FluBot
2021-05-18BitdefenderMihai Neagu, Bogdan Botezatu, George Mihali, Aron Radu, Ștefan Trifescu
@techreport{neagu:20210518:new:52eb07f, author = {Mihai Neagu and Bogdan Botezatu and George Mihali and Aron Radu and Ștefan Trifescu}, title = {{New WastedLoader Campaign Delivered Through RIG Exploit Kit}}, date = {2021-05-18}, institution = {Bitdefender}, url = {https://www.bitdefender.com/files/News/CaseStudies/study/397/Bitdefender-PR-Whitepaper-RIG-creat5362-en-EN.pdf}, language = {English}, urldate = {2021-05-19} } New WastedLoader Campaign Delivered Through RIG Exploit Kit
WastedLocker
2021-04-28BitdefenderVictor Vrabie, Bogdan Botezatu
@techreport{vrabie:20210428:new:5e28909, author = {Victor Vrabie and Bogdan Botezatu}, title = {{New Nebulae Backdoor Linked with the NAIKON Group}}, date = {2021-04-28}, institution = {Bitdefender}, url = {https://www.bitdefender.com/files/News/CaseStudies/study/396/Bitdefender-PR-Whitepaper-NAIKON-creat5397-en-EN.pdf}, language = {English}, urldate = {2021-05-04} } New Nebulae Backdoor Linked with the NAIKON Group
Nebulae
2021-04-13BitdefenderEduard Budaca, Bogdan Botezatu
@online{budaca:20210413:from:5df70c8, author = {Eduard Budaca and Bogdan Botezatu}, title = {{From Cracks to Empty Wallets – How Popular Cracks Lead to Digital Currency and Data Theft}}, date = {2021-04-13}, organization = {Bitdefender}, url = {https://labs.bitdefender.com/2021/04/from-cracks-to-empty-wallets-how-popular-cracks-lead-to-digital-currency-and-data-theft/}, language = {English}, urldate = {2021-05-04} } From Cracks to Empty Wallets – How Popular Cracks Lead to Digital Currency and Data Theft
2021-03-24BitdefenderSilvia Pripoae, Silviu Stahie
@online{pripoae:20210324:golang:3b5156a, author = {Silvia Pripoae and Silviu Stahie}, title = {{Golang Bot Starts Targeting WordPress Websites}}, date = {2021-03-24}, organization = {Bitdefender}, url = {https://labs.bitdefender.com/2021/03/golang-bot-starts-targeting-wordpress-websites/}, language = {English}, urldate = {2021-03-25} } Golang Bot Starts Targeting WordPress Websites
2021-03-10BitdefenderVictor Vrabie, Bogdan Botezatu
@techreport{vrabie:20210310:fin8:5da0a40, author = {Victor Vrabie and Bogdan Botezatu}, title = {{FIN8 Returns with Improved BADHATCH Toolkit}}, date = {2021-03-10}, institution = {Bitdefender}, url = {https://www.bitdefender.com/files/News/CaseStudies/study/394/Bitdefender-PR-Whitepaper-BADHATCH-creat5237-en-EN.pdf}, language = {English}, urldate = {2021-03-11} } FIN8 Returns with Improved BADHATCH Toolkit
BADHATCH
2021-02-18BitdefenderGheorghe Adrian Schipor, Rickey Gevers, Cristina Vatamanu
@techreport{schipor:20210218:iranian:a6516fb, author = {Gheorghe Adrian Schipor and Rickey Gevers and Cristina Vatamanu}, title = {{Iranian APT Makes a Comeback with “Thunder and Lightning” Backdoor and Espionage Combo}}, date = {2021-02-18}, institution = {Bitdefender}, url = {https://download.bitdefender.com/resources/files/News/CaseStudies/study/393/Bitdefender-Whitepaper-Iranian-APT-Makes-a-Comeback-with-Thunder-and-Lightning-Backdoor-and-Espionage-Combo.pdf}, language = {English}, urldate = {2021-02-20} } Iranian APT Makes a Comeback with “Thunder and Lightning” Backdoor and Espionage Combo
Infy Tonnerre
2021-02-04BitdefenderBogdan Botezatu
@online{botezatu:20210204:fonix:9d53bd8, author = {Bogdan Botezatu}, title = {{Fonix Ransomware Decryptor}}, date = {2021-02-04}, organization = {Bitdefender}, url = {https://labs.bitdefender.com/2021/02/fonix-ransomware-decryptor/}, language = {English}, urldate = {2021-05-04} } Fonix Ransomware Decryptor
FONIX
2021-01-13BitdefenderJanos Gergo Szeles
@techreport{szeles:20210113:remcos:5ffdb28, author = {Janos Gergo Szeles}, title = {{Remcos RAT Revisited: A Colombian Coronavirus-Themed Campaign}}, date = {2021-01-13}, institution = {Bitdefender}, url = {https://www.bitdefender.com/files/News/CaseStudies/study/390/Bitdefender-PR-Whitepaper-Remcos-creat5080-en-EN-GenericUse.pdf}, language = {English}, urldate = {2021-01-18} } Remcos RAT Revisited: A Colombian Coronavirus-Themed Campaign
Remcos
2021-01-11BitdefenderBitdefender Team
@online{team:20210111:darkside:96759f7, author = {Bitdefender Team}, title = {{Darkside Ransomware Decryption Tool}}, date = {2021-01-11}, organization = {Bitdefender}, url = {https://labs.bitdefender.com/2021/01/darkside-ransomware-decryption-tool/}, language = {English}, urldate = {2021-01-18} } Darkside Ransomware Decryption Tool
DarkSide
2020-11-23BitdefenderLiviu Arsene, Radu Tudorica
@online{arsene:20201123:trickbot:bcf3c42, author = {Liviu Arsene and Radu Tudorica}, title = {{TrickBot is Dead. Long Live TrickBot!}}, date = {2020-11-23}, organization = {Bitdefender}, url = {https://labs.bitdefender.com/2020/11/trickbot-is-dead-long-live-trickbot/}, language = {English}, urldate = {2020-11-25} } TrickBot is Dead. Long Live TrickBot!
TrickBot
2020-11-16BitdefenderVictor Vrabie, Liviu Arsene
@techreport{vrabie:20201116:dissecting:1b39d4d, author = {Victor Vrabie and Liviu Arsene}, title = {{Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions}}, date = {2020-11-16}, institution = {Bitdefender}, url = {https://www.bitdefender.com/files/News/CaseStudies/study/379/Bitdefender-Whitepaper-Chinese-APT.pdf}, language = {English}, urldate = {2020-11-18} } Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions
Chinoxy FunnyDream
2020-10-28BitdefenderRuben Andrei Condor
@techreport{condor:20201028:decade:b8d7422, author = {Ruben Andrei Condor}, title = {{A Decade of WMI Abuse – an Overview of Techniques in Modern Malware}}, date = {2020-10-28}, institution = {Bitdefender}, url = {https://www.bitdefender.com/files/News/CaseStudies/study/377/Bitdefender-Whitepaper-WMI-creat4871-en-EN-GenericUse.pdf}, language = {English}, urldate = {2020-11-02} } A Decade of WMI Abuse – an Overview of Techniques in Modern Malware
sLoad Emotet Maze
2020-10-15BitdefenderSilvia Pripoae, Liviu Arsene
@techreport{pripoae:20201015:looking:9414244, author = {Silvia Pripoae and Liviu Arsene}, title = {{Looking Into the Eye of the Interplanetary Storm}}, date = {2020-10-15}, institution = {Bitdefender}, url = {https://www.bitdefender.com/files/News/CaseStudies/study/376/Bitdefender-Whitepaper-IPStorm.pdf}, language = {English}, urldate = {2020-10-23} } Looking Into the Eye of the Interplanetary Storm
IPStorm IPStorm