Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-23TrellixChristiaan Beek
@online{beek:20220623:sound:31e77bd, author = {Christiaan Beek}, title = {{The Sound of Malware}}, date = {2022-06-23}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/the-sound-of-malware.html}, language = {English}, urldate = {2022-06-27} } The Sound of Malware
Conti VHD Ransomware
2022-05-03TrellixChristiaan Beek
@online{beek:20220503:hermit:70ec592, author = {Christiaan Beek}, title = {{The Hermit Kingdom’s Ransomware play}}, date = {2022-05-03}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/the-hermit-kingdoms-ransomware-play.html}, language = {English}, urldate = {2022-05-04} } The Hermit Kingdom’s Ransomware play
VHD Ransomware
2022-02-17TrellixChristiaan Beek, Marc Elias
@online{beek:20220217:looking:0149198, author = {Christiaan Beek and Marc Elias}, title = {{Looking over the nation-state actors’ shoulders: Even they have a difficult day sometimes}}, date = {2022-02-17}, organization = {Trellix}, url = {https://www.trellix.com/en-gb/about/newsroom/stories/threat-labs/looking-over-the-nation-state-actors-shoulders.html}, language = {English}, urldate = {2022-03-01} } Looking over the nation-state actors’ shoulders: Even they have a difficult day sometimes
Empire Downloader
2022-01-25TrellixMarc Elias, Christiaan Beek, Alexandre Mundo, Leandro Velasco, Max Kersten
@online{elias:20220125:prime:20a5b0c, author = {Marc Elias and Christiaan Beek and Alexandre Mundo and Leandro Velasco and Max Kersten}, title = {{Prime Minister’s Office Compromised: Details of Recent Espionage Campaign}}, date = {2022-01-25}, organization = {Trellix}, url = {https://www.trellix.com/en-gb/about/newsroom/stories/threat-labs/prime-ministers-office-compromised.html}, language = {English}, urldate = {2022-01-25} } Prime Minister’s Office Compromised: Details of Recent Espionage Campaign
Graphite
2022-01-20TrellixChristiaan Beek, Max Kersten, Raj Samani
@online{beek:20220120:return:a89bce6, author = {Christiaan Beek and Max Kersten and Raj Samani}, title = {{Return of Pseudo Ransomware}}, date = {2022-01-20}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html}, language = {English}, urldate = {2022-01-24} } Return of Pseudo Ransomware
WhisperGate
2021-09-14McAfeeChristiaan Beek
@online{beek:20210914:operation:95aed8d, author = {Christiaan Beek}, title = {{Operation ‘Harvest’: A Deep Dive into a Long-term Campaign}}, date = {2021-09-14}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/operation-harvest-a-deep-dive-into-a-long-term-campaign/}, language = {English}, urldate = {2021-09-19} } Operation ‘Harvest’: A Deep Dive into a Long-term Campaign
MimiKatz PlugX Winnti
2021-06-29YouTube (C. Beek)Christiaan Beek
@online{beek:20210629:demo:2cbd075, author = {Christiaan Beek}, title = {{Demo of REvil/Sodinokibi Linux variant encrypting a Linux system}}, date = {2021-06-29}, organization = {YouTube (C. Beek)}, url = {https://www.youtube.com/watch?v=ptbNMlWxYnE}, language = {English}, urldate = {2021-06-29} } Demo of REvil/Sodinokibi Linux variant encrypting a Linux system
REvil
2021-05-14McAfeeRaj Samani, Christiaan Beek
@online{samani:20210514:darkside:e0b6b8d, author = {Raj Samani and Christiaan Beek}, title = {{Darkside Ransomware Victims Sold Short}}, date = {2021-05-14}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/darkside-ransomware-victims-sold-short/}, language = {English}, urldate = {2021-05-17} } Darkside Ransomware Victims Sold Short
DarkSide
2021-01-16Medium christiaanbeekChristiaan Beek
@online{beek:20210116:vhd:12336a8, author = {Christiaan Beek}, title = {{VHD Forensics — the sequel}}, date = {2021-01-16}, organization = {Medium christiaanbeek}, url = {https://christiaanbeek.medium.com/vhd-forensics-the-sequel-9fc39460bc1b}, language = {English}, urldate = {2021-02-20} } VHD Forensics — the sequel
2020-12-17McAfeeChristiaan Beek, Cedric Cochin, Raj Samani
@online{beek:20201217:additional:cd38b54, author = {Christiaan Beek and Cedric Cochin and Raj Samani}, title = {{Additional Analysis into the SUNBURST Backdoor}}, date = {2020-12-17}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/additional-analysis-into-the-sunburst-backdoor/}, language = {English}, urldate = {2020-12-18} } Additional Analysis into the SUNBURST Backdoor
SUNBURST
2020-11-05McAfeeChristiaan Beek, Ryan Sherstobitoff
@online{beek:20201105:operation:ca0ac54, author = {Christiaan Beek and Ryan Sherstobitoff}, title = {{Operation North Star: Behind The Scenes}}, date = {2020-11-05}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-behind-the-scenes/}, language = {English}, urldate = {2023-07-31} } Operation North Star: Behind The Scenes
NedDnLoader Torisma
2020-07-10ReversingLabsVitali Kremez, Christiaan Beek, Tom Ueltschi, Hilko Bengen, Jo Johnson, Cooper Quintin, Wyatt Roersma, Tomislav Pericin
@online{kremez:20200710:yara:9b51a77, author = {Vitali Kremez and Christiaan Beek and Tom Ueltschi and Hilko Bengen and Jo Johnson and Cooper Quintin and Wyatt Roersma and Tomislav Pericin}, title = {{YARA Rules talks and presentation of REVERSING 2020}}, date = {2020-07-10}, organization = {ReversingLabs}, url = {https://register.reversinglabs.com/reversing2020/session-videos}, language = {English}, urldate = {2020-07-11} } YARA Rules talks and presentation of REVERSING 2020
2020-02-20McAfeeChristiaan Beek, Eamonn Ryan, Darren Fitzpatrick
@online{beek:20200220:csi:8525a7b, author = {Christiaan Beek and Eamonn Ryan and Darren Fitzpatrick}, title = {{CSI: Evidence Indicators for Targeted Ransomware Attacks – Part II}}, date = {2020-02-20}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/csi-evidence-indicators-for-targeted-ransomware-attacks-part-ii/}, language = {English}, urldate = {2021-05-13} } CSI: Evidence Indicators for Targeted Ransomware Attacks – Part II
Cobalt Strike LockerGoga Maze MegaCortex
2020-02-12McAfeeChristiaan Beek
@online{beek:20200212:csi:4308ee0, author = {Christiaan Beek}, title = {{CSI: Evidence Indicators for Targeted Ransomware Attacks – Part I}}, date = {2020-02-12}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/csi-evidence-indicators-for-targeted-ransomware-attacks/}, language = {English}, urldate = {2021-05-13} } CSI: Evidence Indicators for Targeted Ransomware Attacks – Part I
FriedEx
2019-10-20McAfeeJessica Saavedra-Morales, Ryan Sherstobitoff, Christiaan Beek
@online{saavedramorales:20191020:mcafee:237cd1b, author = {Jessica Saavedra-Morales and Ryan Sherstobitoff and Christiaan Beek}, title = {{McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo}}, date = {2019-10-20}, organization = {McAfee}, url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-crescendo/}, language = {English}, urldate = {2020-01-09} } McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo
REvil
2019-01-09McAfeeJohn Fokker, Christiaan Beek
@online{fokker:20190109:ryuk:350f477, author = {John Fokker and Christiaan Beek}, title = {{Ryuk Ransomware Attack: Rush to Attribution Misses the Point}}, date = {2019-01-09}, organization = {McAfee}, url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/ryuk-ransomware-attack-rush-to-attribution-misses-the-point/}, language = {English}, urldate = {2020-01-09} } Ryuk Ransomware Attack: Rush to Attribution Misses the Point
Ryuk
2018-12-19McAfeeThomas Roccia, Jessica Saavedra-Morales, Christiaan Beek
@online{roccia:20181219:shamoon:8ffbc81, author = {Thomas Roccia and Jessica Saavedra-Morales and Christiaan Beek}, title = {{Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems}}, date = {2018-12-19}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems}, language = {English}, urldate = {2020-02-01} } Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems
Filerase
2018-12-19Thomas Roccia, Jessica Saavedra-Morales, Christiaan Beek
@online{roccia:20181219:shamoon:a69d9d2, author = {Thomas Roccia and Jessica Saavedra-Morales and Christiaan Beek}, title = {{Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems}}, date = {2018-12-19}, url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/}, language = {English}, urldate = {2019-11-08} } Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems
OilRig