Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-04CybereasonChen Erlich, Fusao Tanida, Ofir Ozer, Akihiro Tomita, Niv Yona, Daniel Frank, Assaf Dahan
@online{erlich:20220504:operation:0d23595, author = {Chen Erlich and Fusao Tanida and Ofir Ozer and Akihiro Tomita and Niv Yona and Daniel Frank and Assaf Dahan}, title = {{Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques}}, date = {2022-05-04}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-cuckoobees-deep-dive-into-stealthy-winnti-techniques}, language = {English}, urldate = {2022-05-09} } Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques
PRIVATELOG Spyder STASHLOG Winnti
2022-05-04CybereasonChen Erlich, Fusao Tanida, Ofir Ozer, Akihiro Tomita, Niv Yona, Daniel Frank, Assaf Dahan
@online{erlich:20220504:operation:e40ec58, author = {Chen Erlich and Fusao Tanida and Ofir Ozer and Akihiro Tomita and Niv Yona and Daniel Frank and Assaf Dahan}, title = {{Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive}}, date = {2022-05-04}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive}, language = {English}, urldate = {2022-05-05} } Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive
PRIVATELOG Spyder STASHLOG Winnti
2022-04-30CybereasonDaniel Frank, Assaf Dahan
@online{frank:20220430:portdoor:1dca82a, author = {Daniel Frank and Assaf Dahan}, title = {{PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector}}, date = {2022-04-30}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/research/portdoor-new-chinese-apt-backdoor-attack-targets-russian-defense-sector}, language = {English}, urldate = {2022-08-09} } PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector
PortDoor
2022-02-01CybereasonDaniel Frank
@online{frank:20220201:powerless:2b9c48c, author = {Daniel Frank}, title = {{PowerLess Trojan: Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage}}, date = {2022-02-01}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/powerless-trojan-iranian-apt-phosphorus-adds-new-powershell-backdoor-for-espionage}, language = {English}, urldate = {2022-02-02} } PowerLess Trojan: Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage
2021-10-06CybereasonTom Fakterman, Daniel Frank, Chen Erlich, Assaf Dahan
@online{fakterman:20211006:operation:9a1ec21, author = {Tom Fakterman and Daniel Frank and Chen Erlich and Assaf Dahan}, title = {{Operation GhostShell: Novel RAT Targets Global Aerospace and Telecoms Firms}}, date = {2021-10-06}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-ghostshell-novel-rat-targets-global-aerospace-and-telecoms-firms}, language = {English}, urldate = {2021-10-24} } Operation GhostShell: Novel RAT Targets Global Aerospace and Telecoms Firms
ShellClient RAT
2021-08-03CybereasonAssaf Dahan, Lior Rochberger, Daniel Frank, Tom Fakterman
@online{dahan:20210803:deadringer:908e8d5, author = {Assaf Dahan and Lior Rochberger and Daniel Frank and Tom Fakterman}, title = {{DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos}}, date = {2021-08-03}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/deadringer-exposing-chinese-threat-actors-targeting-major-telcos}, language = {English}, urldate = {2021-08-06} } DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos
CHINACHOPPER Cobalt Strike MimiKatz Nebulae
2021-03-18CybereasonDaniel Frank
@online{frank:20210318:cybereason:22a301a, author = {Daniel Frank}, title = {{Cybereason Exposes Campaign Targeting US Taxpayers with NetWire and Remcos Malware}}, date = {2021-03-18}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/cybereason-exposes-malware-targeting-us-taxpayers}, language = {English}, urldate = {2021-03-19} } Cybereason Exposes Campaign Targeting US Taxpayers with NetWire and Remcos Malware
NetWire RC Remcos
2021-01-26CybereasonDaniel Frank
@online{frank:20210126:cybereason:8b4d681, author = {Daniel Frank}, title = {{Cybereason vs. RansomEXX Ransomware}}, date = {2021-01-26}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/cybereason-vs.-ransomexx-ransomware}, language = {English}, urldate = {2021-01-27} } Cybereason vs. RansomEXX Ransomware
RansomEXX RansomEXX
2020-11-02CybereasonAssaf Dahan, Lior Rochberger, Daniel Frank, Tom Fakterman
@online{dahan:20201102:back:64a6991, author = {Assaf Dahan and Lior Rochberger and Daniel Frank and Tom Fakterman}, title = {{Back to the Future: Inside the Kimsuky KGH Spyware Suite}}, date = {2020-11-02}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite}, language = {English}, urldate = {2020-11-02} } Back to the Future: Inside the Kimsuky KGH Spyware Suite
BabyShark GoldDragon KGH_SPY Kimsuky
2020-07-16CybereasonDaniel Frank, Mary Zhao, Assaf Dahan
@techreport{frank:20200716:bazar:1349d7d, author = {Daniel Frank and Mary Zhao and Assaf Dahan}, title = {{A Bazar of Tricks: Following Team9’s Development Cycles (IOCs)}}, date = {2020-07-16}, institution = {Cybereason}, url = {https://www.cybereason.com/hubfs/A%20Bazar%20of%20Tricks%20Following%20Team9%E2%80%99s%20Development%20Cycles%20IOCs.pdf}, language = {English}, urldate = {2021-05-08} } A Bazar of Tricks: Following Team9’s Development Cycles (IOCs)
BazarBackdoor
2020-07-16CybereasonDaniel Frank, Mary Zhao, Assaf Dahan
@online{frank:20200716:bazar:3ed900d, author = {Daniel Frank and Mary Zhao and Assaf Dahan}, title = {{A Bazar of Tricks: Following Team9’s Development Cycles}}, date = {2020-07-16}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/a-bazar-of-tricks-following-team9s-development-cycles}, language = {English}, urldate = {2020-07-16} } A Bazar of Tricks: Following Team9’s Development Cycles
BazarBackdoor
2020-04-30CybereasonDaniel Frank, Lior Rochberger, Yaron Rimmer, Assaf Dahan
@online{frank:20200430:eventbot:f5a167d, author = {Daniel Frank and Lior Rochberger and Yaron Rimmer and Assaf Dahan}, title = {{EVENTBOT: A NEW MOBILE BANKING TROJAN IS BORN}}, date = {2020-04-30}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born}, language = {English}, urldate = {2020-05-04} } EVENTBOT: A NEW MOBILE BANKING TROJAN IS BORN
Eventbot