Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-14ESET ResearchFacundo Muñoz
@online{muoz:20230314:slow:328edad, author = {Facundo Muñoz}, title = {{The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia}}, date = {2023-03-14}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/03/14/slow-ticking-time-bomb-tick-apt-group-dlp-software-developer-east-asia/}, language = {English}, urldate = {2023-03-20} } The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia
2023-03-07ESET ResearchLukáš Štefanko
@online{tefanko:20230307:love:51d570c, author = {Lukáš Štefanko}, title = {{Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials}}, date = {2023-03-07}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/}, language = {English}, urldate = {2023-03-13} } Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials
CapraRAT
2023-03-02ESET ResearchAlexandre Côté Cyr
@online{cyr:20230302:mqsttang:b7dee51, author = {Alexandre Côté Cyr}, title = {{MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT}}, date = {2023-03-02}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/03/02/mqsttang-mustang-panda-latest-backdoor-treads-new-ground-qt-mqtt/}, language = {English}, urldate = {2023-03-13} } MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT
MQsTTang
2023-03-01ESET ResearchMartin Smolár
@online{smolr:20230301:blacklotus:5ce99dc, author = {Martin Smolár}, title = {{BlackLotus UEFI bootkit: Myth confirmed}}, date = {2023-03-01}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/}, language = {English}, urldate = {2023-03-04} } BlackLotus UEFI bootkit: Myth confirmed
BlackLotus
2023-02-23ESET ResearchVladislav Hrčka
@online{hrka:20230223:winordll64:73e8cbf, author = {Vladislav Hrčka}, title = {{WinorDLL64: A backdoor from the vast Lazarus arsenal?}}, date = {2023-02-23}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/}, language = {English}, urldate = {2023-02-27} } WinorDLL64: A backdoor from the vast Lazarus arsenal?
WinorDLL64
2023-02-01ESET ResearchESET Research
@techreport{research:20230201:threat:4fee32c, author = {ESET Research}, title = {{Threat Report T3 2022}}, date = {2023-02-01}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2023/02/eset_threat_report_t32022.pdf}, language = {English}, urldate = {2023-03-13} } Threat Report T3 2022
2023-01-30ESET ResearchESET Research
@techreport{research:20230130:activity:38410c4, author = {ESET Research}, title = {{APT Activity Report T3 2022: Sandworm Deploying its Enhanced Wiper Arsenal}}, date = {2023-01-30}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2023/01/eset_apt_activity_report_t32022.pdf}, language = {English}, urldate = {2023-02-21} } APT Activity Report T3 2022: Sandworm Deploying its Enhanced Wiper Arsenal
2023-01-27ESET ResearchESET Research
@online{research:20230127:tweets:ac3dd59, author = {ESET Research}, title = {{Tweets on SwiftSlicer}}, date = {2023-01-27}, organization = {ESET Research}, url = {https://twitter.com/ESETresearch/status/1618960022150729728}, language = {English}, urldate = {2023-02-03} } Tweets on SwiftSlicer
SwiftSlicer
2023-01-27ESET ResearchESET Research
@online{research:20230127:swiftslicer:0877e07, author = {ESET Research}, title = {{SwiftSlicer: New destructive wiper malware strikes Ukraine}}, date = {2023-01-27}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/01/27/swiftslicer-new-destructive-wiper-malware-ukraine/}, language = {English}, urldate = {2023-02-03} } SwiftSlicer: New destructive wiper malware strikes Ukraine
SwiftSlicer
2023-01-10ESET ResearchLukáš Štefanko
@online{tefanko:20230110:strongpity:be928e7, author = {Lukáš Štefanko}, title = {{StrongPity espionage campaign targeting Android users}}, date = {2023-01-10}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users/}, language = {English}, urldate = {2023-01-13} } StrongPity espionage campaign targeting Android users
2022-12-14ESET ResearchDominik Breitenbacher
@online{breitenbacher:20221214:unmasking:a20b445, author = {Dominik Breitenbacher}, title = {{Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities}}, date = {2022-12-14}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/12/14/unmasking-mirrorface-operation-liberalface-targeting-japanese-political-entities/}, language = {English}, urldate = {2022-12-20} } Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities
LODEINFO
2022-12-07ESET ResearchAdam Burgher
@online{burgher:20221207:fantasy:dcf8f84, author = {Adam Burgher}, title = {{Fantasy – a new Agrius wiper deployed through a supply‑chain attack}}, date = {2022-12-07}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/}, language = {English}, urldate = {2022-12-08} } Fantasy – a new Agrius wiper deployed through a supply‑chain attack
Apostle DEADWOOD
2022-11-30ESET ResearchFilip Jurčacko
@online{juracko:20221130:whos:f177390, author = {Filip Jurčacko}, title = {{Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin}}, date = {2022-11-30}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/11/30/whos-swimming-south-korean-waters-meet-scarcrufts-dolphin/}, language = {English}, urldate = {2022-12-01} } Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin
2022-11-25Twitter (@ESETresearch)ESET Research
@online{research:20221125:twitter:22e36a6, author = {ESET Research}, title = {{Twitter thread about RansomBoggs campaign against Ukraine}}, date = {2022-11-25}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1596181925663760386}, language = {English}, urldate = {2022-12-29} } Twitter thread about RansomBoggs campaign against Ukraine
2022-11-23ESET ResearchLukáš Štefanko
@online{tefanko:20221123:bahamut:7e7453f, author = {Lukáš Štefanko}, title = {{Bahamut cybermercenary group targets Android users with fake VPN apps}}, date = {2022-11-23}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/11/23/bahamut-cybermercenary-group-targets-android-users-fake-vpn-apps/}, language = {English}, urldate = {2022-11-25} } Bahamut cybermercenary group targets Android users with fake VPN apps
Bahamut
2022-11-22Twitter (@ESETresearch)ESET Research
@online{research:20221122:tweets:518c665, author = {ESET Research}, title = {{Tweets on SysUpdate / Soldier / HyperSSL}}, date = {2022-11-22}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1594937054303236096}, language = {English}, urldate = {2022-11-25} } Tweets on SysUpdate / Soldier / HyperSSL
HyperSSL
2022-10-11ESET ResearchMatías Porolli
@online{porolli:20221011:polonium:1dbdd2d, author = {Matías Porolli}, title = {{POLONIUM targets Israel with Creepy malware}}, date = {2022-10-11}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/}, language = {English}, urldate = {2022-10-12} } POLONIUM targets Israel with Creepy malware
CreepySnail CreepExfil DeepCreep MegaCreep Unidentified 097 (Polonium Keylogger)
2022-10-06Twitter (@ESETresearch)ESET Research
@online{research:20221006:bumblebee:bd949dd, author = {ESET Research}, title = {{Tweet on Bumblebee being modularized like trickbot}}, date = {2022-10-06}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1577963080096555008}, language = {English}, urldate = {2022-10-10} } Tweet on Bumblebee being modularized like trickbot
BumbleBee
2022-09-30ESET ResearchPeter Kálnai, Matěj Havránek
@techreport{klnai:20220930:lazarus:efbd75d, author = {Peter Kálnai and Matěj Havránek}, title = {{Lazarus & BYOVD: evil to the Windows core}}, date = {2022-09-30}, institution = {ESET Research}, url = {https://www.virusbulletin.com/uploads/pdf/conference/vb2022/papers/VB2022-Lazarus-and-BYOVD-evil-to-the-Windows-core.pdf}, language = {English}, urldate = {2022-12-24} } Lazarus & BYOVD: evil to the Windows core
FudModule
2022-09-30ESET ResearchPeter Kálnai
@online{klnai:20220930:amazonthemed:bf959b5, author = {Peter Kálnai}, title = {{Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium}}, date = {2022-09-30}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/09/30/amazon-themed-campaigns-lazarus-netherlands-belgium/}, language = {English}, urldate = {2022-12-29} } Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium
BLINDINGCAN FudModule