Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-04-06CybereasonCybereason Nocturnus
@online{nocturnus:20220406:operation:f2775e3, author = {Cybereason Nocturnus}, title = {{Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials}}, date = {2022-04-06}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials#iocs}, language = {English}, urldate = {2022-06-09} } Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials
2022-04-06CybereasonCybereason Nocturnus
@online{nocturnus:20220406:operation:5add58e, author = {Cybereason Nocturnus}, title = {{Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials}}, date = {2022-04-06}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials}, language = {English}, urldate = {2022-06-27} } Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials
Barb(ie) Downloader BarbWire
2021-07-15CybereasonCybereason Nocturnus
@online{nocturnus:20210715:cybereason:06113e5, author = {Cybereason Nocturnus}, title = {{cybereason vs. prometheus ransomware}}, date = {2021-07-15}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/cybereason-vs.-prometheus-ransomware}, language = {English}, urldate = {2021-08-03} } cybereason vs. prometheus ransomware
Hakbit Prometheus
2021-04-01CybereasonCybereason Nocturnus
@online{nocturnus:20210401:cybereason:9e1c43e, author = {Cybereason Nocturnus}, title = {{Cybereason vs. DarkSide Ransomware}}, date = {2021-04-01}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware}, language = {English}, urldate = {2021-05-11} } Cybereason vs. DarkSide Ransomware
DarkSide
2020-12-09CybereasonCybereason Nocturnus
@online{nocturnus:20201209:new:ef00418, author = {Cybereason Nocturnus}, title = {{New Malware Arsenal Abusing Cloud Platforms in Middle East Espionage Campaign}}, date = {2020-12-09}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/new-malware-arsenal-abusing-cloud-platforms-in-middle-east-espionage-campaign}, language = {English}, urldate = {2020-12-10} } New Malware Arsenal Abusing Cloud Platforms in Middle East Espionage Campaign
DropBook MoleNet Quasar RAT SharpStage Spark
2020-12-09CybereasonCybereason Nocturnus Team
@techreport{team:20201209:molerats:a13c569, author = {Cybereason Nocturnus Team}, title = {{MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign}}, date = {2020-12-09}, institution = {Cybereason}, url = {https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf}, language = {English}, urldate = {2022-02-09} } MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign
DropBook JhoneRAT Molerat Loader Pierogi Quasar RAT SharpStage Spark
2020-11-26CybereasonLior Rochberger, Cybereason Nocturnus
@online{rochberger:20201126:cybereason:8301aeb, author = {Lior Rochberger and Cybereason Nocturnus}, title = {{Cybereason vs. Egregor Ransomware}}, date = {2020-11-26}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/cybereason-vs-egregor-ransomware}, language = {English}, urldate = {2020-12-08} } Cybereason vs. Egregor Ransomware
Cobalt Strike Egregor IcedID ISFB QakBot
2020-11-22Twitter (@Nocturnus)Cybereason Nocturnus
@online{nocturnus:20201122:new:fe7e4a3, author = {Cybereason Nocturnus}, title = {{Tweet on new modular stealer that steals passwords, credit cards data, cryptocurrency wallets and downloads further plugins.}}, date = {2020-11-22}, organization = {Twitter (@Nocturnus)}, url = {https://twitter.com/Nocturnus/status/1330545589591879681}, language = {English}, urldate = {2020-11-23} } Tweet on new modular stealer that steals passwords, credit cards data, cryptocurrency wallets and downloads further plugins.
2020-09-22Twitter (@Nocturnus)Cybereason Nocturnus
@online{nocturnus:20200922:outlaw:e50621a, author = {Cybereason Nocturnus}, title = {{Tweet on Outlaw Group using IRCBot, SSH bruteforce tool, port Scanner, and an XMRIG crypto miner for their hacking operation}}, date = {2020-09-22}, organization = {Twitter (@Nocturnus)}, url = {https://twitter.com/Nocturnus/status/1308430959512092673}, language = {English}, urldate = {2020-09-25} } Tweet on Outlaw Group using IRCBot, SSH bruteforce tool, port Scanner, and an XMRIG crypto miner for their hacking operation
PerlBot
2020-02-13CybereasonCybereason Nocturnus
@online{nocturnus:20200213:new:ca8e240, author = {Cybereason Nocturnus}, title = {{New Cyber Espionage Campaigns Targeting Palestinians - Part 1: The Spark Campaign}}, date = {2020-02-13}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one}, language = {English}, urldate = {2020-02-13} } New Cyber Espionage Campaigns Targeting Palestinians - Part 1: The Spark Campaign
Spark
2020-02-13CybereasonCybereason Nocturnus
@online{nocturnus:20200213:new:4006ede, author = {Cybereason Nocturnus}, title = {{New Cyber Espionage Campaigns Targeting Palestinians - Part 2: The Discovery of the New, Mysterious Pierogi Backdoor}}, date = {2020-02-13}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-2-the-discovery-of-the-new-mysterious-pierogi-backdoor}, language = {English}, urldate = {2020-02-13} } New Cyber Espionage Campaigns Targeting Palestinians - Part 2: The Discovery of the New, Mysterious Pierogi Backdoor
Pierogi
2019-10-24CybereasonCybereason Nocturnus, Assaf Dahan, Lior Rochberger
@online{nocturnus:20191024:hunting:79a2141, author = {Cybereason Nocturnus and Assaf Dahan and Lior Rochberger}, title = {{Hunting Raccoon: The new Masked Bandit on the Block}}, date = {2019-10-24}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/hunting-raccoon-stealer-the-new-masked-bandit-on-the-block}, language = {English}, urldate = {2019-12-03} } Hunting Raccoon: The new Masked Bandit on the Block
Raccoon
2019-06-25CybereasonCybereason Nocturnus
@online{nocturnus:20190625:operation:21efa8f, author = {Cybereason Nocturnus}, title = {{OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS}}, date = {2019-06-25}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers}, language = {English}, urldate = {2022-07-01} } OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS
CHINACHOPPER HTran MimiKatz Poison Ivy Operation Soft Cell
2019-04-25CybereasonCybereason Nocturnus
@online{nocturnus:20190425:threat:63e7d51, author = {Cybereason Nocturnus}, title = {{Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware}}, date = {2019-04-25}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-new-backdoor-malware}, language = {English}, urldate = {2020-01-08} } Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware
ServHelper TA505
2019-03-12CybereasonAssaf Dahan, Cybereason Nocturnus
@online{dahan:20190312:new:a435b52, author = {Assaf Dahan and Cybereason Nocturnus}, title = {{New Ursnif Variant targets Japan packed with new Features}}, date = {2019-03-12}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/new-ursnif-variant-targets-japan-packed-with-new-features}, language = {English}, urldate = {2019-11-28} } New Ursnif Variant targets Japan packed with new Features
ISFB UrlZone
2018-09-18CybereasonCybereason Nocturnus
@online{nocturnus:20180918:vai:5118173, author = {Cybereason Nocturnus}, title = {{VAI MALANDRA: A LOOK INTO THE LIFECYCLE OF BRAZILIAN FINANCIAL MALWARE: PART ONE}}, date = {2018-09-18}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/brazilian-financial-malware-dll-hijacking}, language = {English}, urldate = {2019-11-28} } VAI MALANDRA: A LOOK INTO THE LIFECYCLE OF BRAZILIAN FINANCIAL MALWARE: PART ONE
Overlay RAT