Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-10-12Boris Larin, Costin Raiu
@online{larin:20211012:mysterysnail:35bdc92, author = {Boris Larin and Costin Raiu}, title = {{MysterySnail attacks with Windows zero-day}}, date = {2021-10-12}, url = {https://securelist.com/mysterysnail-attacks-with-windows-zero-day/104509/}, language = {English}, urldate = {2021-10-14} } MysterySnail attacks with Windows zero-day
MysterySnail
2021-06-08KasperskyBoris Larin, Costin Raiu, Alexey Kulaev
@online{larin:20210608:puzzlemaker:43c7dfa, author = {Boris Larin and Costin Raiu and Alexey Kulaev}, title = {{PuzzleMaker attacks with Chrome zero-day exploit chain}}, date = {2021-06-08}, organization = {Kaspersky}, url = {https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/}, language = {English}, urldate = {2021-06-16} } PuzzleMaker attacks with Chrome zero-day exploit chain
Chainshot puzzlemaker
2021-04-13KasperskyBoris Larin, Brian Bartholomew, Costin Raiu
@online{larin:20210413:zeroday:8f9d6e3, author = {Boris Larin and Brian Bartholomew and Costin Raiu}, title = {{Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild}}, date = {2021-04-13}, organization = {Kaspersky}, url = {https://securelist.com/zero-day-vulnerability-in-desktop-window-manager-cve-2021-28310-used-in-the-wild/101898/}, language = {English}, urldate = {2021-04-14} } Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild
2021-02-16Twitter (@craiu)Costin Raiu
@online{raiu:20210216:twitter:97496ec, author = {Costin Raiu}, title = {{Twitter thread on Exaramel Linux backdoor used by Russian Group Sandworm}}, date = {2021-02-16}, organization = {Twitter (@craiu)}, url = {https://twitter.com/craiu/status/1361581668092493824}, language = {English}, urldate = {2021-02-20} } Twitter thread on Exaramel Linux backdoor used by Russian Group Sandworm
Exaramel
2021-01-11Kaspersky LabsGeorgy Kucherin, Igor Kuznetsov, Costin Raiu
@online{kucherin:20210111:sunburst:a4ecf12, author = {Georgy Kucherin and Igor Kuznetsov and Costin Raiu}, title = {{Sunburst backdoor – code overlaps with Kazuar}}, date = {2021-01-11}, organization = {Kaspersky Labs}, url = {https://securelist.com/sunburst-backdoor-kazuar/99981/}, language = {English}, urldate = {2021-01-11} } Sunburst backdoor – code overlaps with Kazuar
Kazuar SUNBURST
2020-12-18Kaspersky LabsIgor Kuznetsov, Costin Raiu
@online{kuznetsov:20201218:sunburst:85b411a, author = {Igor Kuznetsov and Costin Raiu}, title = {{Sunburst: connecting the dots in the DNS requests}}, date = {2020-12-18}, organization = {Kaspersky Labs}, url = {https://securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/}, language = {English}, urldate = {2020-12-18} } Sunburst: connecting the dots in the DNS requests
SUNBURST
2020-12-18Costin Raiu
@online{raiu:20201218:from:4f8eb88, author = {Costin Raiu}, title = {{Tweet from Costin Raiu about confirmed TEARDROP sample}}, date = {2020-12-18}, url = {https://twitter.com/craiu/status/1339954817247158272}, language = {English}, urldate = {2020-12-19} } Tweet from Costin Raiu about confirmed TEARDROP sample
TEARDROP
2020-10-02Twitter (@craiu)Costin Raiu
@online{raiu:20201002:about:2637de0, author = {Costin Raiu}, title = {{Tweet about IAmTheKing / PowerPool actor naming}}, date = {2020-10-02}, organization = {Twitter (@craiu)}, url = {https://twitter.com/craiu/status/1311920398259367942}, language = {English}, urldate = {2020-10-12} } Tweet about IAmTheKing / PowerPool actor naming
PowerPool
2020-06-09Kaspersky LabsCostin Raiu
@online{raiu:20200609:looking:3038dce, author = {Costin Raiu}, title = {{Looking at Big Threats Using Code Similarity. Part 1}}, date = {2020-06-09}, organization = {Kaspersky Labs}, url = {https://securelist.com/big-threats-using-code-similarity-part-1/97239/}, language = {English}, urldate = {2020-08-18} } Looking at Big Threats Using Code Similarity. Part 1
Penquin Turla CCleaner Backdoor EternalPetya Regin WannaCryptor XTunnel
2019-05-20Youtube (Kaspersky)Costin Raiu, Vitaly Kamluk
@online{raiu:20190520:operation:fc54347, author = {Costin Raiu and Vitaly Kamluk}, title = {{Operation ShadowHammer: Costin Raiu and Vitaly Kamlyuk at #TheSAS2019}}, date = {2019-05-20}, organization = {Youtube (Kaspersky)}, url = {https://www.youtube.com/watch?v=T5wPwvLrBYU}, language = {English}, urldate = {2021-07-20} } Operation ShadowHammer: Costin Raiu and Vitaly Kamlyuk at #TheSAS2019
DragonOK Poseidon Group Scarlet Mimic
2019-05-20YouTubeKaspersky
@online{kaspersky:20190520:video:148e81f, author = {Kaspersky}, title = {{Video: Operation ShadowHammer: Costin Raiu and Vitaly Kamlyuk at #TheSAS2019}}, date = {2019-05-20}, organization = {YouTube}, url = {https://www.youtube.com/watch?v=T5wPwvLrBYU}, language = {English}, urldate = {2020-01-08} } Video: Operation ShadowHammer: Costin Raiu and Vitaly Kamlyuk at #TheSAS2019
shadowhammer
2018-06-15Youtube (defconswitzerland)Costin Raiu
@online{raiu:20180615:area41:6009950, author = {Costin Raiu}, title = {{Area41 Keynote}}, date = {2018-06-15}, organization = {Youtube (defconswitzerland)}, url = {https://www.youtube.com/watch?v=jeLd-gw2bWo}, language = {English}, urldate = {2020-01-09} } Area41 Keynote
Lambert Regin
2018-03Kaspersky LabsJuan Andrés Guerrero-Saade, Costin Raiu, Daniel Moore, Thomas Rid
@techreport{guerrerosaade:201803:penquins:1c6305e, author = {Juan Andrés Guerrero-Saade and Costin Raiu and Daniel Moore and Thomas Rid}, title = {{Penquin's Moonlit Maze}}, date = {2018-03}, institution = {Kaspersky Labs}, url = {https://securelist.com/files/2017/04/Penquins_Moonlit_Maze_PDF_eng.pdf}, language = {English}, urldate = {2019-11-25} } Penquin's Moonlit Maze
Penquin Turla
2017-09-19Twitter (@craiu)Costin Raiu
@online{raiu:20170919:shared:2d7f9a4, author = {Costin Raiu}, title = {{Tweet on Shared Code between CCleaner and APT17 Missl backdoor}}, date = {2017-09-19}, organization = {Twitter (@craiu)}, url = {https://twitter.com/craiu/status/910148928796061696}, language = {English}, urldate = {2020-01-13} } Tweet on Shared Code between CCleaner and APT17 Missl backdoor
CCleaner Backdoor
2017-04-03Kaspersky LabsCostin Raiu, Daniel Moore, Juan Andrés Guerrero-Saade, Thomas Rid
@techreport{raiu:20170403:moonlight:99d2089, author = {Costin Raiu and Daniel Moore and Juan Andrés Guerrero-Saade and Thomas Rid}, title = {{Moonlight Maze Technical Report (Appendix B)}}, date = {2017-04-03}, institution = {Kaspersky Labs}, url = {https://securelist.com/files/2017/04/Penquins_Moonlit_Maze_AppendixB.pdf}, language = {English}, urldate = {2019-11-29} } Moonlight Maze Technical Report (Appendix B)
Penquin Turla
2016-06-17Kaspersky LabsCostin Raiu, Anton Ivanov
@online{raiu:20160617:operation:2dfcedd, author = {Costin Raiu and Anton Ivanov}, title = {{Operation Daybreak}}, date = {2016-06-17}, organization = {Kaspersky Labs}, url = {https://securelist.com/operation-daybreak/75100/}, language = {English}, urldate = {2019-12-20} } Operation Daybreak
StarCruft APT37
2016-06-14Kaspersky LabsCostin Raiu
@online{raiu:20160614:cve20164171:6d0a7c9, author = {Costin Raiu}, title = {{CVE-2016-4171 – Adobe Flash Zero-day used in targeted attacks}}, date = {2016-06-14}, organization = {Kaspersky Labs}, url = {https://securelist.com/cve-2016-4171-adobe-flash-zero-day-used-in-targeted-attacks/75082/}, language = {English}, urldate = {2019-12-20} } CVE-2016-4171 – Adobe Flash Zero-day used in targeted attacks
APT37
2015-04-15Kaspersky LabsCostin Raiu, Maxim Golovkin
@online{raiu:20150415:chronicles:49b4463, author = {Costin Raiu and Maxim Golovkin}, title = {{The Chronicles of the Hellsing APT: the Empire Strikes Back}}, date = {2015-04-15}, organization = {Kaspersky Labs}, url = {https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/}, language = {English}, urldate = {2019-12-20} } The Chronicles of the Hellsing APT: the Empire Strikes Back
Hellsing
2015-04-15Kaspersky LabsCostin Raiu, Maxim Golovkin
@online{raiu:20150415:chronicles:aa4af84, author = {Costin Raiu and Maxim Golovkin}, title = {{The Chronicles of the Hellsing APT: the Empire Strikes Back}}, date = {2015-04-15}, organization = {Kaspersky Labs}, url = {https://securelist.com/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/69567/}, language = {English}, urldate = {2021-02-06} } The Chronicles of the Hellsing APT: the Empire Strikes Back
GRILLMARK Naikon
2015-03-31Kaspersky LabsKurt Baumgartner, Costin Raiu
@online{baumgartner:20150331:sinkholing:7a359b4, author = {Kurt Baumgartner and Costin Raiu}, title = {{Sinkholing Volatile Cedar DGA Infrastructure}}, date = {2015-03-31}, organization = {Kaspersky Labs}, url = {https://securelist.com/sinkholing-volatile-cedar-dga-infrastructure/69421/}, language = {English}, urldate = {2019-12-20} } Sinkholing Volatile Cedar DGA Infrastructure
Volatile Cedar