Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-02-16Twitter (@craiu)Costin Raiu
@online{raiu:20210216:twitter:97496ec, author = {Costin Raiu}, title = {{Twitter thread on Exaramel Linux backdoor used by Russian Group Sandworm}}, date = {2021-02-16}, organization = {Twitter (@craiu)}, url = {https://twitter.com/craiu/status/1361581668092493824}, language = {English}, urldate = {2021-02-20} } Twitter thread on Exaramel Linux backdoor used by Russian Group Sandworm
Exaramel
2021-01-11Kaspersky LabsGeorgy Kucherin, Igor Kuznetsov, Costin Raiu
@online{kucherin:20210111:sunburst:a4ecf12, author = {Georgy Kucherin and Igor Kuznetsov and Costin Raiu}, title = {{Sunburst backdoor – code overlaps with Kazuar}}, date = {2021-01-11}, organization = {Kaspersky Labs}, url = {https://securelist.com/sunburst-backdoor-kazuar/99981/}, language = {English}, urldate = {2021-01-11} } Sunburst backdoor – code overlaps with Kazuar
Kazuar SUNBURST
2020-12-18Kaspersky LabsIgor Kuznetsov, Costin Raiu
@online{kuznetsov:20201218:sunburst:85b411a, author = {Igor Kuznetsov and Costin Raiu}, title = {{Sunburst: connecting the dots in the DNS requests}}, date = {2020-12-18}, organization = {Kaspersky Labs}, url = {https://securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/}, language = {English}, urldate = {2020-12-18} } Sunburst: connecting the dots in the DNS requests
SUNBURST
2020-12-18Costin Raiu
@online{raiu:20201218:from:4f8eb88, author = {Costin Raiu}, title = {{Tweet from Costin Raiu about confirmed TEARDROP sample}}, date = {2020-12-18}, url = {https://twitter.com/craiu/status/1339954817247158272}, language = {English}, urldate = {2020-12-19} } Tweet from Costin Raiu about confirmed TEARDROP sample
TEARDROP
2020-10-02Twitter (@craiu)Costin Raiu
@online{raiu:20201002:about:2637de0, author = {Costin Raiu}, title = {{Tweet about IAmTheKing / PowerPool actor naming}}, date = {2020-10-02}, organization = {Twitter (@craiu)}, url = {https://twitter.com/craiu/status/1311920398259367942}, language = {English}, urldate = {2020-10-12} } Tweet about IAmTheKing / PowerPool actor naming
PowerPool
2020-06-09Kaspersky LabsCostin Raiu
@online{raiu:20200609:looking:3038dce, author = {Costin Raiu}, title = {{Looking at Big Threats Using Code Similarity. Part 1}}, date = {2020-06-09}, organization = {Kaspersky Labs}, url = {https://securelist.com/big-threats-using-code-similarity-part-1/97239/}, language = {English}, urldate = {2020-08-18} } Looking at Big Threats Using Code Similarity. Part 1
Penquin Turla CCleaner Backdoor EternalPetya Regin WannaCryptor XTunnel
2019-05-20Youtube (Kaspersky)Costin Raiu, Vitaly Kamluk
@online{raiu:20190520:operation:fc54347, author = {Costin Raiu and Vitaly Kamluk}, title = {{Operation ShadowHammer: Costin Raiu and Vitaly Kamlyuk at #TheSAS2019}}, date = {2019-05-20}, organization = {Youtube (Kaspersky)}, url = {https://attack.mitre.org/wiki/Groups}, language = {English}, urldate = {2020-01-06} } Operation ShadowHammer: Costin Raiu and Vitaly Kamlyuk at #TheSAS2019
DragonOK Poseidon Group Scarlet Mimic
2019-05-20YouTubeKaspersky
@online{kaspersky:20190520:video:148e81f, author = {Kaspersky}, title = {{Video: Operation ShadowHammer: Costin Raiu and Vitaly Kamlyuk at #TheSAS2019}}, date = {2019-05-20}, organization = {YouTube}, url = {https://www.youtube.com/watch?v=T5wPwvLrBYU}, language = {English}, urldate = {2020-01-08} } Video: Operation ShadowHammer: Costin Raiu and Vitaly Kamlyuk at #TheSAS2019
shadowhammer
2018-06-15Youtube (defconswitzerland)Costin Raiu
@online{raiu:20180615:area41:6009950, author = {Costin Raiu}, title = {{Area41 Keynote}}, date = {2018-06-15}, organization = {Youtube (defconswitzerland)}, url = {https://www.youtube.com/watch?v=jeLd-gw2bWo}, language = {English}, urldate = {2020-01-09} } Area41 Keynote
Lambert Regin
2018-03Kaspersky LabsJuan Andrés Guerrero-Saade, Costin Raiu, Daniel Moore, Thomas Rid
@techreport{guerrerosaade:201803:penquins:1c6305e, author = {Juan Andrés Guerrero-Saade and Costin Raiu and Daniel Moore and Thomas Rid}, title = {{Penquin's Moonlit Maze}}, date = {2018-03}, institution = {Kaspersky Labs}, url = {https://securelist.com/files/2017/04/Penquins_Moonlit_Maze_PDF_eng.pdf}, language = {English}, urldate = {2019-11-25} } Penquin's Moonlit Maze
Penquin Turla
2017-09-19Twitter (@craiu)Costin Raiu
@online{raiu:20170919:shared:2d7f9a4, author = {Costin Raiu}, title = {{Tweet on Shared Code between CCleaner and APT17 Missl backdoor}}, date = {2017-09-19}, organization = {Twitter (@craiu)}, url = {https://twitter.com/craiu/status/910148928796061696}, language = {English}, urldate = {2020-01-13} } Tweet on Shared Code between CCleaner and APT17 Missl backdoor
CCleaner Backdoor
2017-04-03Kaspersky LabsCostin Raiu, Daniel Moore, Juan Andrés Guerrero-Saade, Thomas Rid
@techreport{raiu:20170403:moonlight:99d2089, author = {Costin Raiu and Daniel Moore and Juan Andrés Guerrero-Saade and Thomas Rid}, title = {{Moonlight Maze Technical Report (Appendix B)}}, date = {2017-04-03}, institution = {Kaspersky Labs}, url = {https://securelist.com/files/2017/04/Penquins_Moonlit_Maze_AppendixB.pdf}, language = {English}, urldate = {2019-11-29} } Moonlight Maze Technical Report (Appendix B)
Penquin Turla
2016-06-17Kaspersky LabsCostin Raiu, Anton Ivanov
@online{raiu:20160617:operation:2dfcedd, author = {Costin Raiu and Anton Ivanov}, title = {{Operation Daybreak}}, date = {2016-06-17}, organization = {Kaspersky Labs}, url = {https://securelist.com/operation-daybreak/75100/}, language = {English}, urldate = {2019-12-20} } Operation Daybreak
StarCruft APT37
2016-06-14Kaspersky LabsCostin Raiu
@online{raiu:20160614:cve20164171:6d0a7c9, author = {Costin Raiu}, title = {{CVE-2016-4171 – Adobe Flash Zero-day used in targeted attacks}}, date = {2016-06-14}, organization = {Kaspersky Labs}, url = {https://securelist.com/cve-2016-4171-adobe-flash-zero-day-used-in-targeted-attacks/75082/}, language = {English}, urldate = {2019-12-20} } CVE-2016-4171 – Adobe Flash Zero-day used in targeted attacks
APT37
2015-04-15Kaspersky LabsCostin Raiu, Maxim Golovkin
@online{raiu:20150415:chronicles:49b4463, author = {Costin Raiu and Maxim Golovkin}, title = {{The Chronicles of the Hellsing APT: the Empire Strikes Back}}, date = {2015-04-15}, organization = {Kaspersky Labs}, url = {https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/}, language = {English}, urldate = {2019-12-20} } The Chronicles of the Hellsing APT: the Empire Strikes Back
Hellsing
2015-04-15Kaspersky LabsCostin Raiu, Maxim Golovkin
@online{raiu:20150415:chronicles:aa4af84, author = {Costin Raiu and Maxim Golovkin}, title = {{The Chronicles of the Hellsing APT: the Empire Strikes Back}}, date = {2015-04-15}, organization = {Kaspersky Labs}, url = {https://securelist.com/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/69567/}, language = {English}, urldate = {2021-02-06} } The Chronicles of the Hellsing APT: the Empire Strikes Back
GRILLMARK Naikon
2015-03-31Kaspersky LabsKurt Baumgartner, Costin Raiu
@online{baumgartner:20150331:sinkholing:7a359b4, author = {Kurt Baumgartner and Costin Raiu}, title = {{Sinkholing Volatile Cedar DGA Infrastructure}}, date = {2015-03-31}, organization = {Kaspersky Labs}, url = {https://securelist.com/sinkholing-volatile-cedar-dga-infrastructure/69421/}, language = {English}, urldate = {2019-12-20} } Sinkholing Volatile Cedar DGA Infrastructure
Volatile Cedar
2014-12-08Kaspersky LabsKurt Baumgartner, Costin Raiu
@online{baumgartner:20141208:penquin:afd9ae5, author = {Kurt Baumgartner and Costin Raiu}, title = {{The ‘Penquin’ Turla}}, date = {2014-12-08}, organization = {Kaspersky Labs}, url = {https://securelist.com/blog/research/67962/the-penquin-turla-2/}, language = {English}, urldate = {2019-12-20} } The ‘Penquin’ Turla
Turla Group
2014-08-29Kaspersky LabsCostin Raiu, Roel Schouwenberg, Ryan Naraine
@online{raiu:20140829:sinkholing:c8fbbad, author = {Costin Raiu and Roel Schouwenberg and Ryan Naraine}, title = {{Sinkholing the Backoff POS Trojan}}, date = {2014-08-29}, organization = {Kaspersky Labs}, url = {https://securelist.com/sinkholing-the-backoff-pos-trojan/66305/}, language = {English}, urldate = {2021-01-29} } Sinkholing the Backoff POS Trojan
Backoff POS
2014-01-14Kaspersky LabsVitaly Kamluk, Igor Soumenkov, Costin Raiu
@online{kamluk:20140114:icefog:bc79c50, author = {Vitaly Kamluk and Igor Soumenkov and Costin Raiu}, title = {{The Icefog APT Hits US Targets With Java Backdoor}}, date = {2014-01-14}, organization = {Kaspersky Labs}, url = {https://securelist.com/the-icefog-apt-hits-us-targets-with-java-backdoor/58209/}, language = {English}, urldate = {2019-12-20} } The Icefog APT Hits US Targets With Java Backdoor
Ice Fog