Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-07-16CybereasonDaniel Frank, Mary Zhao, Assaf Dahan
@online{frank:20200716:bazar:3ed900d, author = {Daniel Frank and Mary Zhao and Assaf Dahan}, title = {{A Bazar of Tricks: Following Team9’s Development Cycles}}, date = {2020-07-16}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/a-bazar-of-tricks-following-team9s-development-cycles}, language = {English}, urldate = {2020-07-16} } A Bazar of Tricks: Following Team9’s Development Cycles
BazarBackdoor
2020-05-28CybereasonEli Salem, Assaf Dahan, Lior Rochberger
@online{salem:20200528:valak:bc76772, author = {Eli Salem and Assaf Dahan and Lior Rochberger}, title = {{Valak: More than Meets the Eye}}, date = {2020-05-28}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/valak-more-than-meets-the-eye}, language = {English}, urldate = {2020-06-02} } Valak: More than Meets the Eye
Valak
2020-04-30CybereasonDaniel Frank, Lior Rochberger, Yaron Rimmer, Assaf Dahan
@online{frank:20200430:eventbot:f5a167d, author = {Daniel Frank and Lior Rochberger and Yaron Rimmer and Assaf Dahan}, title = {{EVENTBOT: A NEW MOBILE BANKING TROJAN IS BORN}}, date = {2020-04-30}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born}, language = {English}, urldate = {2020-05-04} } EVENTBOT: A NEW MOBILE BANKING TROJAN IS BORN
Eventbot
2020-02-13CybereasonCybereason Nocturnus
@online{nocturnus:20200213:new:ca8e240, author = {Cybereason Nocturnus}, title = {{New Cyber Espionage Campaigns Targeting Palestinians - Part 1: The Spark Campaign}}, date = {2020-02-13}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one}, language = {English}, urldate = {2020-02-13} } New Cyber Espionage Campaigns Targeting Palestinians - Part 1: The Spark Campaign
Spark
2020-02-13CybereasonCybereason Nocturnus
@online{nocturnus:20200213:new:4006ede, author = {Cybereason Nocturnus}, title = {{New Cyber Espionage Campaigns Targeting Palestinians - Part 2: The Discovery of the New, Mysterious Pierogi Backdoor}}, date = {2020-02-13}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-2-the-discovery-of-the-new-mysterious-pierogi-backdoor}, language = {English}, urldate = {2020-02-13} } New Cyber Espionage Campaigns Targeting Palestinians - Part 2: The Discovery of the New, Mysterious Pierogi Backdoor
Pierogi
2020-02-05CybereasonLior Rochberger, Assaf Dahan
@online{rochberger:20200205:hole:b982e31, author = {Lior Rochberger and Assaf Dahan}, title = {{The Hole in the Bucket: Attackers Abuse Bitbucket to Deliver an Arsenal of Malware}}, date = {2020-02-05}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware}, language = {English}, urldate = {2020-02-09} } The Hole in the Bucket: Attackers Abuse Bitbucket to Deliver an Arsenal of Malware
Amadey Azorult Predator The Thief STOP Ransomware vidar
2019-12-11CybereasonAssaf Dahan, Lior Rochberger, Eli Salem, Mary Zhao, Niv Yona, Omer Yampel, Matt Hart
@online{dahan:20191211:dropping:0849f70, author = {Assaf Dahan and Lior Rochberger and Eli Salem and Mary Zhao and Niv Yona and Omer Yampel and Matt Hart}, title = {{Dropping Anchor: From a TrickBot Infection to the Discovery of the Anchor Malware}}, date = {2019-12-11}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/dropping-anchor-from-a-trickbot-infection-to-the-discovery-of-the-anchor-malware}, language = {English}, urldate = {2020-01-06} } Dropping Anchor: From a TrickBot Infection to the Discovery of the Anchor Malware
Anchor WIZARD SPIDER
2019-11-20CybereasonAssaf Dahan
@online{dahan:20191120:phoenix:9c5d752, author = {Assaf Dahan}, title = {{Phoenix: The Tale of the Resurrected Keylogger}}, date = {2019-11-20}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/phoenix-the-tale-of-the-resurrected-alpha-keylogger}, language = {English}, urldate = {2020-02-11} } Phoenix: The Tale of the Resurrected Keylogger
Phoenix Keylogger
2019-10-24CybereasonCybereason Nocturnus, Assaf Dahan, Lior Rochberger
@online{nocturnus:20191024:hunting:79a2141, author = {Cybereason Nocturnus and Assaf Dahan and Lior Rochberger}, title = {{Hunting Raccoon: The new Masked Bandit on the Block}}, date = {2019-10-24}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/hunting-raccoon-stealer-the-new-masked-bandit-on-the-block}, language = {English}, urldate = {2019-12-03} } Hunting Raccoon: The new Masked Bandit on the Block
Raccoon
2019-06-25CybereasonCybereason Nocturnus
@online{nocturnus:20190625:operation:21efa8f, author = {Cybereason Nocturnus}, title = {{OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS}}, date = {2019-06-25}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers}, language = {English}, urldate = {2019-12-17} } OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS
MimiKatz Poison Ivy Operation Soft Cell
2019-06-13CybereasonAmit Serper, Mary Zhao
@online{serper:20190613:new:34a6ab0, author = {Amit Serper and Mary Zhao}, title = {{New Pervasive Worm Exploiting Linux Exim Server Vulnerability}}, date = {2019-06-13}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability}, language = {English}, urldate = {2020-01-09} } New Pervasive Worm Exploiting Linux Exim Server Vulnerability
Unidentified Linux 001
2019-04-25CybereasonCybereason Nocturnus
@online{nocturnus:20190425:threat:63e7d51, author = {Cybereason Nocturnus}, title = {{Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware}}, date = {2019-04-25}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-new-backdoor-malware}, language = {English}, urldate = {2020-01-08} } Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware
ServHelper TA505
2019-04-02CybereasonNoa Pinkas, Lior Rochberger, Matan Zatz
@online{pinkas:20190402:triple:10a3e37, author = {Noa Pinkas and Lior Rochberger and Matan Zatz}, title = {{Triple Threat: Emotet Deploys Trickbot to Steal Data & Spread Ryuk}}, date = {2019-04-02}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/triple-threat-emotet-deploys-trickbot-to-steal-data-spread-ryuk-ransomware}, language = {English}, urldate = {2020-01-09} } Triple Threat: Emotet Deploys Trickbot to Steal Data & Spread Ryuk
Ryuk TrickBot
2019-03-12CybereasonAssaf Dahan, Cybereason Nocturnus
@online{dahan:20190312:new:a435b52, author = {Assaf Dahan and Cybereason Nocturnus}, title = {{New Ursnif Variant targets Japan packed with new Features}}, date = {2019-03-12}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/new-ursnif-variant-targets-japan-packed-with-new-features}, language = {English}, urldate = {2019-11-28} } New Ursnif Variant targets Japan packed with new Features
ISFB UrlZone
2019-02-13CybereasonEli Salem
@online{salem:20190213:astaroth:ed892f0, author = {Eli Salem}, title = {{Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data}}, date = {2019-02-13}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil-full-research}, language = {English}, urldate = {2020-01-09} } Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data
Astaroth
2019-01-03CybereasonEli Salem, Lior Rochberger, Niv Yona
@online{salem:20190103:lolbins:08f0a5f, author = {Eli Salem and Lior Rochberger and Niv Yona}, title = {{LOLbins and trojans: How the Ramnit Trojan spreads via sLoad in a cyberattack}}, date = {2019-01-03}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/banking-trojan-delivered-by-lolbins-ramnit-trojan}, language = {English}, urldate = {2020-01-06} } LOLbins and trojans: How the Ramnit Trojan spreads via sLoad in a cyberattack
sLoad
2018-10-03CybereasonAssaf Dahan
@online{dahan:20181003:new:5f6c0b5, author = {Assaf Dahan}, title = {{New Betabot campaign under the microscope}}, date = {2018-10-03}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/betabot-banking-trojan-neurevt}, language = {English}, urldate = {2020-01-06} } New Betabot campaign under the microscope
BetaBot
2018-09-18CybereasonCybereason Nocturnus
@online{nocturnus:20180918:vai:5118173, author = {Cybereason Nocturnus}, title = {{VAI MALANDRA: A LOOK INTO THE LIFECYCLE OF BRAZILIAN FINANCIAL MALWARE: PART ONE}}, date = {2018-09-18}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/brazilian-financial-malware-dll-hijacking}, language = {English}, urldate = {2019-11-28} } VAI MALANDRA: A LOOK INTO THE LIFECYCLE OF BRAZILIAN FINANCIAL MALWARE: PART ONE
Overlay RAT
2017-05-24CybereasonAssaf Dahan
@online{dahan:20170524:operation:d79be79, author = {Assaf Dahan}, title = {{Operation Cobalt Kitty: A large-scale APT in Asia carried out by the OceanLotus Group}}, date = {2017-05-24}, organization = {Cybereason}, url = {https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/}, language = {English}, urldate = {2020-01-09} } Operation Cobalt Kitty: A large-scale APT in Asia carried out by the OceanLotus Group
APT32
2017-05-10CybereasonAmit Serper
@online{serper:20170510:protonb:c490472, author = {Amit Serper}, title = {{Proton.B: What this Mac malware actually does}}, date = {2017-05-10}, organization = {Cybereason}, url = {https://www.cybereason.com/labs-blog/labs-proton-b-what-this-mac-malware-actually-does}, language = {English}, urldate = {2020-01-09} } Proton.B: What this Mac malware actually does
Proton RAT