Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-18ProofpointDarien Huss, Selena Larson
@techreport{huss:20211118:triple:dd07fa8, author = {Darien Huss and Selena Larson}, title = {{Triple Threat: North Korea-Aligned TA406 Steals, Scams and Spies}}, date = {2021-11-18}, institution = {Proofpoint}, url = {https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-threat-insight-paper-triple-threat-N-Korea-aligned-TA406-steals-scams-spies.pdf}, language = {English}, urldate = {2021-12-15} } Triple Threat: North Korea-Aligned TA406 Steals, Scams and Spies
YoreKey
2021-11-18ProofpointDarien Huss, Selena Larson
@online{huss:20211118:triple:62c1c14, author = {Darien Huss and Selena Larson}, title = {{Triple Threat: North Korea-Aligned TA406 Scams, Spies, and Steals}}, date = {2021-11-18}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/triple-threat-north-korea-aligned-ta406-scams-spies-and-steals}, language = {English}, urldate = {2021-12-15} } Triple Threat: North Korea-Aligned TA406 Scams, Spies, and Steals
YoreKey
2021-10-27Twitter (@darienhuss)Darien Huss
@online{huss:20211027:finickyfrogfishwslink:ad743d9, author = {Darien Huss}, title = {{Tweet on FinickyFrogfish/Wslink malware used by TA444}}, date = {2021-10-27}, organization = {Twitter (@darienhuss)}, url = {https://twitter.com/darienhuss/status/1453342652682981378}, language = {English}, urldate = {2021-12-06} } Tweet on FinickyFrogfish/Wslink malware used by TA444
Wslink
2018-01-29ProofpointDarien Huss
@techreport{huss:20180129:north:438b45d, author = {Darien Huss}, title = {{North Korea Bitten by Bitcoin Bug}}, date = {2018-01-29}, institution = {Proofpoint}, url = {https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug-180129.pdf}, language = {English}, urldate = {2020-01-05} } North Korea Bitten by Bitcoin Bug
Bitsran
2017-12-19ProofpointDarien Huss
@techreport{huss:20171219:north:b2da03e, author = {Darien Huss}, title = {{North Korea Bitten by Bitcoin Bug}}, date = {2017-12-19}, institution = {Proofpoint}, url = {https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug.pdf}, language = {English}, urldate = {2019-10-18} } North Korea Bitten by Bitcoin Bug
QUICKCAFE PowerSpritz Ghost RAT PowerRatankba
2017-12-19ProofpointDarien Huss
@online{huss:20171219:north:e5ef6da, author = {Darien Huss}, title = {{North Korea Bitten by Bitcoin Bug: Financially motivated campaigns reveal new dimension of the Lazarus Group}}, date = {2017-12-19}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new}, language = {English}, urldate = {2019-12-20} } North Korea Bitten by Bitcoin Bug: Financially motivated campaigns reveal new dimension of the Lazarus Group
Ghost RAT
2017-08-25ProofpointDarien Huss, Matthew Mesa
@online{huss:20170825:operation:87e2e2b, author = {Darien Huss and Matthew Mesa}, title = {{Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures}}, date = {2017-08-25}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-apt-actors-use-fake-game-thrones-leaks-lures}, language = {English}, urldate = {2019-12-20} } Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures
9002 RAT
2017-08-17ProofpointDarien Huss
@online{huss:20170817:turla:b519667, author = {Darien Huss}, title = {{Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack}}, date = {2017-08-17}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiluwak-javascript-backdoor-use-g20-themed-attack}, language = {English}, urldate = {2019-12-20} } Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack
KopiLuwak
2017-07-31ProofpointMatthew Mesa, Darien Huss
@online{mesa:20170731:fin7carbanak:2eef6f2, author = {Matthew Mesa and Darien Huss}, title = {{FIN7/Carbanak threat actor unleashes Bateleur JScript backdoor}}, date = {2017-07-31}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor}, language = {English}, urldate = {2019-12-20} } FIN7/Carbanak threat actor unleashes Bateleur JScript backdoor
Bateleur FIN7
2017-02-02ProofpointDarien Huss, Pierre T, Axel F, Proofpoint Staff
@online{huss:20170202:oops:ea454d5, author = {Darien Huss and Pierre T and Axel F and Proofpoint Staff}, title = {{Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX}}, date = {2017-02-02}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx}, language = {English}, urldate = {2019-12-20} } Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX
ZeroT
2016-05-10ProofpointMatthew Mesa, Darien Huss
@online{mesa:20160510:setting:2b54ce3, author = {Matthew Mesa and Darien Huss}, title = {{Setting Sights On Retail: AbaddonPOS Now Targeting Specific POS Software}}, date = {2016-05-10}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/abaddonpos-now-targeting-specific-pos-software}, language = {English}, urldate = {2019-12-20} } Setting Sights On Retail: AbaddonPOS Now Targeting Specific POS Software
AbaddonPOS TinyLoader
2016-03-01ProofpointDarien Huss
@techreport{huss:20160301:operation:65330f0, author = {Darien Huss}, title = {{Operation Transparent Tribe}}, date = {2016-03-01}, institution = {Proofpoint}, url = {https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf}, language = {English}, urldate = {2019-12-02} } Operation Transparent Tribe
Andromeda beendoor Bezigate Crimson RAT Luminosity RAT Operation C-Major
2016-01-28ProofpointDarien Huss
@online{huss:20160128:exploring:7f85d44, author = {Darien Huss}, title = {{Exploring Bergard: Old Malware with New Tricks}}, date = {2016-01-28}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks}, language = {English}, urldate = {2019-12-20} } Exploring Bergard: Old Malware with New Tricks
virdetdoor APT19
2015-11-11ProofpointDarien Huss
@online{huss:20151111:abaddonpos:ca72c4c, author = {Darien Huss}, title = {{AbaddonPOS: A new point of sale threat linked to Vawtrak}}, date = {2015-11-11}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/AbaddonPOS-A-New-Point-Of-Sale-Threat-Linked-To-Vawtrak}, language = {English}, urldate = {2019-12-20} } AbaddonPOS: A new point of sale threat linked to Vawtrak
AbaddonPOS TinyLoader