Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-12-20ZscalerBrett Stone-Gross
@online{stonegross:20221220:nokoyawa:345657b, author = {Brett Stone-Gross}, title = {{Nokoyawa Ransomware: Rust or Bust}}, date = {2022-12-20}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/nokoyawa-ransomware-rust-or-bust}, language = {English}, urldate = {2022-12-24} } Nokoyawa Ransomware: Rust or Bust
Nokoyawa Ransomware
2022-09-06ZscalerBrett Stone-Gross
@online{stonegross:20220906:ares:e7ddb5d, author = {Brett Stone-Gross}, title = {{The Ares Banking Trojan Learns Old Tricks: Adds the Defunct Qakbot DGA}}, date = {2022-09-06}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/ares-banking-trojan-learns-old-tricks-adds-defunct-qakbot-dga}, language = {English}, urldate = {2022-09-07} } The Ares Banking Trojan Learns Old Tricks: Adds the Defunct Qakbot DGA
Ares QakBot
2022-09-01ZscalerAtinderpal Singh, Brett Stone-Gross
@online{singh:20220901:no:82c1b51, author = {Atinderpal Singh and Brett Stone-Gross}, title = {{No Honor Among Thieves - Prynt Stealer’s Backdoor Exposed}}, date = {2022-09-01}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/no-honor-among-thieves-prynt-stealers-backdoor-exposed}, language = {English}, urldate = {2022-09-07} } No Honor Among Thieves - Prynt Stealer’s Backdoor Exposed
DarkEye Prynt Stealer WorldWind
2022-05-19ZscalerSudeep Singh, Santiago Vicente, Brett Stone-Gross
@online{singh:20220519:vidar:1c68f0e, author = {Sudeep Singh and Santiago Vicente and Brett Stone-Gross}, title = {{Vidar distributed through backdoored Windows 11 downloads and abusing Telegram}}, date = {2022-05-19}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/vidar-distributed-through-backdoored-windows-11-downloads-and-abusing}, language = {English}, urldate = {2022-05-25} } Vidar distributed through backdoored Windows 11 downloads and abusing Telegram
Vidar
2022-05-03ZscalerJavier Vicente, Brett Stone-Gross
@online{vicente:20220503:analysis:ae8a3cc, author = {Javier Vicente and Brett Stone-Gross}, title = {{Analysis of BlackByte Ransomware's Go-Based Variants}}, date = {2022-05-03}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/analysis-blackbyte-ransomwares-go-based-variants}, language = {English}, urldate = {2022-05-04} } Analysis of BlackByte Ransomware's Go-Based Variants
BlackByte
2022-04-28ZscalerDennis Schwarz, Brett Stone-Gross
@online{schwarz:20220428:peeking:f8226bb, author = {Dennis Schwarz and Brett Stone-Gross}, title = {{Peeking into PrivateLoader}}, date = {2022-04-28}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/peeking-privateloader}, language = {English}, urldate = {2022-05-04} } Peeking into PrivateLoader
PrivateLoader
2022-04-27ZscalerDennis Schwarz, Brett Stone-Gross
@online{schwarz:20220427:targeted:7d4de4a, author = {Dennis Schwarz and Brett Stone-Gross}, title = {{Targeted attack on Thailand Pass customers delivers AsyncRAT}}, date = {2022-04-27}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/targeted-attack-thailand-pass-customers-delivers-asyncrat}, language = {English}, urldate = {2022-05-03} } Targeted attack on Thailand Pass customers delivers AsyncRAT
AsyncRAT
2022-03-25ZscalerBrett Stone-Gross
@online{stonegross:20220325:conti:0d568cc, author = {Brett Stone-Gross}, title = {{Conti Ransomware Attacks Persist With an Updated Version Despite Leaks}}, date = {2022-03-25}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/conti-ransomware-attacks-persist-updated-version-despite-leaks}, language = {English}, urldate = {2022-03-28} } Conti Ransomware Attacks Persist With an Updated Version Despite Leaks
Conti
2022-03-02ZscalerDennis Schwarz, Brett Stone-Gross
@online{schwarz:20220302:danabot:b734fd3, author = {Dennis Schwarz and Brett Stone-Gross}, title = {{DanaBot Launches DDoS Attack Against the Ukrainian Ministry of Defense}}, date = {2022-03-02}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/danabot-launches-ddos-attack-against-ukrainian-ministry-defense}, language = {English}, urldate = {2022-03-04} } DanaBot Launches DDoS Attack Against the Ukrainian Ministry of Defense
DanaBot
2022-01-21ZscalerJavier Vicente, Brett Stone-Gross
@online{vicente:20220121:analysis:419182f, author = {Javier Vicente and Brett Stone-Gross}, title = {{Analysis of Xloader’s C2 Network Encryption}}, date = {2022-01-21}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/analysis-xloaders-c2-network-encryption}, language = {English}, urldate = {2022-01-25} } Analysis of Xloader’s C2 Network Encryption
Xloader Formbook
2021-09-28ZscalerAvinash Kumar, Brett Stone-Gross
@online{kumar:20210928:squirrelwaffle:9b1cffc, author = {Avinash Kumar and Brett Stone-Gross}, title = {{Squirrelwaffle: New Loader Delivering Cobalt Strike}}, date = {2021-09-28}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/squirrelwaffle-new-loader-delivering-cobalt-strike}, language = {English}, urldate = {2021-10-11} } Squirrelwaffle: New Loader Delivering Cobalt Strike
Cobalt Strike Squirrelwaffle
2021-07-28ZscalerBrett Stone-Gross
@online{stonegross:20210728:doppelpaymer:5deeffe, author = {Brett Stone-Gross}, title = {{DoppelPaymer Continues to Cause Grief Through Rebranding}}, date = {2021-07-28}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/doppelpaymer-continues-cause-grief-through-rebranding}, language = {English}, urldate = {2021-08-02} } DoppelPaymer Continues to Cause Grief Through Rebranding
DoppelPaymer
2021-03-30ZscalerBrett Stone-Gross
@online{stonegross:20210330:ares:6bae793, author = {Brett Stone-Gross}, title = {{Ares Malware: The Grandson of the Kronos Banking Trojan}}, date = {2021-03-30}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/ares-malware-grandson-kronos-banking-trojan}, language = {English}, urldate = {2021-03-31} } Ares Malware: The Grandson of the Kronos Banking Trojan
Ares Kronos
2019-11-01CrowdStrikeAlexander Hanel, Brett Stone-Gross
@online{hanel:20191101:wizard:a34a09e, author = {Alexander Hanel and Brett Stone-Gross}, title = {{WIZARD SPIDER Adds New Features to Ryuk for Targeting Hosts on LAN}}, date = {2019-11-01}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/wizard-spider-adds-new-feature-to-ryuk-ransomware/}, language = {English}, urldate = {2019-12-20} } WIZARD SPIDER Adds New Features to Ryuk for Targeting Hosts on LAN
Ryuk WIZARD SPIDER
2019-07-12CrowdStrikeBrett Stone-Gross, Sergei Frankoff, Bex Hartley
@online{stonegross:20190712:bitpaymer:113a037, author = {Brett Stone-Gross and Sergei Frankoff and Bex Hartley}, title = {{BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0}}, date = {2019-07-12}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/}, language = {English}, urldate = {2020-04-25} } BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0
DoppelPaymer Dridex FriedEx
2019-03-20CrowdStrikeBrendon Feeley, Brett Stone-Gross
@online{feeley:20190320:new:07bf05b, author = {Brendon Feeley and Brett Stone-Gross}, title = {{New Evidence Proves Ongoing WIZARD SPIDER / LUNAR SPIDER Collaboration}}, date = {2019-03-20}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/wizard-spider-lunar-spider-shared-proxy-module/}, language = {English}, urldate = {2019-12-20} } New Evidence Proves Ongoing WIZARD SPIDER / LUNAR SPIDER Collaboration
LUNAR SPIDER WIZARD SPIDER
2018-12-05CrowdStrikeBrett Stone-Gross, Tillmann Werner, Bex Hartley
@online{stonegross:20181205:farewell:54e18a4, author = {Brett Stone-Gross and Tillmann Werner and Bex Hartley}, title = {{Farewell to Kelihos and ZOMBIE SPIDER}}, date = {2018-12-05}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/farewell-to-kelihos-and-zombie-spider/}, language = {English}, urldate = {2021-05-31} } Farewell to Kelihos and ZOMBIE SPIDER
Kelihos ZOMBIE SPIDER
2018-10-25CrowdStrikeSebastian Eschweiler, Brett Stone-Gross, Bex Hartley
@online{eschweiler:20181025:cutwail:494e458, author = {Sebastian Eschweiler and Brett Stone-Gross and Bex Hartley}, title = {{Cutwail Spam Campaign Uses Steganography to Distribute URLZone}}, date = {2018-10-25}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/cutwail-spam-campaign-uses-steganography-to-distribute-urlzone/}, language = {English}, urldate = {2019-12-20} } Cutwail Spam Campaign Uses Steganography to Distribute URLZone
BAMBOO SPIDER
2015-10-13SecureworksBrett Stone-Gross
@online{stonegross:20151013:dridex:46d9a58, author = {Brett Stone-Gross}, title = {{Dridex (Bugat v5) Botnet Takeover Operation}}, date = {2015-10-13}, organization = {Secureworks}, url = {https://www.secureworks.com/research/dridex-bugat-v5-botnet-takeover-operation}, language = {English}, urldate = {2020-01-08} } Dridex (Bugat v5) Botnet Takeover Operation
Dridex Evil Corp
2014-12-17SecureworksBrett Stone-Gross, Pallav Khandhar
@online{stonegross:20141217:dyre:8486e19, author = {Brett Stone-Gross and Pallav Khandhar}, title = {{Dyre Banking Trojan}}, date = {2014-12-17}, organization = {Secureworks}, url = {https://www.secureworks.com/research/dyre-banking-trojan}, language = {English}, urldate = {2021-05-28} } Dyre Banking Trojan
Dyre Vawtrak WIZARD SPIDER