Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-23ESET ResearchLukáš Štefanko
@online{tefanko:20230523:android:7ca1c6e, author = {Lukáš Štefanko}, title = {{Android app breaking bad: From legitimate screen recording to file exfiltration within a year}}, date = {2023-05-23}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/}, language = {English}, urldate = {2023-05-23} } Android app breaking bad: From legitimate screen recording to file exfiltration within a year
2023-04-26ESET ResearchFacundo Muñoz
@online{muoz:20230426:evasive:ee1ca61, author = {Facundo Muñoz}, title = {{Evasive Panda APT group delivers malware via updates for popular Chinese software}}, date = {2023-04-26}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/04/26/evasive-panda-apt-group-malware-updates-popular-chinese-software/}, language = {English}, urldate = {2023-04-27} } Evasive Panda APT group delivers malware via updates for popular Chinese software
MgBot
2023-04-20ESET ResearchPeter Kálnai, Marc-Etienne M.Léveillé
@online{klnai:20230420:linux:fd293b6, author = {Peter Kálnai and Marc-Etienne M.Léveillé}, title = {{Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack}}, date = {2023-04-20}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/04/20/linux-malware-strengthens-links-lazarus-3cx-supply-chain-attack}, language = {English}, urldate = {2023-04-25} } Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack
BADCALL 3CX Backdoor BADCALL IconicStealer
2023-03-14ESET ResearchFacundo Muñoz
@online{muoz:20230314:slow:328edad, author = {Facundo Muñoz}, title = {{The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia}}, date = {2023-03-14}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/03/14/slow-ticking-time-bomb-tick-apt-group-dlp-software-developer-east-asia/}, language = {English}, urldate = {2023-03-20} } The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia
2023-03-07ESET ResearchLukáš Štefanko
@online{tefanko:20230307:love:51d570c, author = {Lukáš Štefanko}, title = {{Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials}}, date = {2023-03-07}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/}, language = {English}, urldate = {2023-03-13} } Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials
CapraRAT
2023-03-02ESET ResearchAlexandre Côté Cyr
@online{cyr:20230302:mqsttang:b7dee51, author = {Alexandre Côté Cyr}, title = {{MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT}}, date = {2023-03-02}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/03/02/mqsttang-mustang-panda-latest-backdoor-treads-new-ground-qt-mqtt/}, language = {English}, urldate = {2023-03-13} } MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT
MQsTTang
2023-03-01ESET ResearchMartin Smolár
@online{smolr:20230301:blacklotus:5ce99dc, author = {Martin Smolár}, title = {{BlackLotus UEFI bootkit: Myth confirmed}}, date = {2023-03-01}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/}, language = {English}, urldate = {2023-03-04} } BlackLotus UEFI bootkit: Myth confirmed
BlackLotus
2023-02-23ESET ResearchVladislav Hrčka
@online{hrka:20230223:winordll64:73e8cbf, author = {Vladislav Hrčka}, title = {{WinorDLL64: A backdoor from the vast Lazarus arsenal?}}, date = {2023-02-23}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/}, language = {English}, urldate = {2023-02-27} } WinorDLL64: A backdoor from the vast Lazarus arsenal?
WinorDLL64
2023-02-01ESET ResearchESET Research
@techreport{research:20230201:threat:4fee32c, author = {ESET Research}, title = {{Threat Report T3 2022}}, date = {2023-02-01}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2023/02/eset_threat_report_t32022.pdf}, language = {English}, urldate = {2023-03-13} } Threat Report T3 2022
2023-01-30ESET ResearchESET Research
@techreport{research:20230130:activity:38410c4, author = {ESET Research}, title = {{APT Activity Report T3 2022: Sandworm Deploying its Enhanced Wiper Arsenal}}, date = {2023-01-30}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2023/01/eset_apt_activity_report_t32022.pdf}, language = {English}, urldate = {2023-02-21} } APT Activity Report T3 2022: Sandworm Deploying its Enhanced Wiper Arsenal
2023-01-27ESET ResearchESET Research
@online{research:20230127:tweets:ac3dd59, author = {ESET Research}, title = {{Tweets on SwiftSlicer}}, date = {2023-01-27}, organization = {ESET Research}, url = {https://twitter.com/ESETresearch/status/1618960022150729728}, language = {English}, urldate = {2023-02-03} } Tweets on SwiftSlicer
SwiftSlicer
2023-01-27ESET ResearchESET Research
@online{research:20230127:swiftslicer:0877e07, author = {ESET Research}, title = {{SwiftSlicer: New destructive wiper malware strikes Ukraine}}, date = {2023-01-27}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/01/27/swiftslicer-new-destructive-wiper-malware-ukraine/}, language = {English}, urldate = {2023-02-03} } SwiftSlicer: New destructive wiper malware strikes Ukraine
SwiftSlicer
2023-01-10ESET ResearchLukáš Štefanko
@online{tefanko:20230110:strongpity:be928e7, author = {Lukáš Štefanko}, title = {{StrongPity espionage campaign targeting Android users}}, date = {2023-01-10}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users/}, language = {English}, urldate = {2023-01-13} } StrongPity espionage campaign targeting Android users
2022-12-14ESET ResearchDominik Breitenbacher
@online{breitenbacher:20221214:unmasking:a20b445, author = {Dominik Breitenbacher}, title = {{Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities}}, date = {2022-12-14}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/12/14/unmasking-mirrorface-operation-liberalface-targeting-japanese-political-entities/}, language = {English}, urldate = {2022-12-20} } Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities
LODEINFO
2022-12-07ESET ResearchAdam Burgher
@online{burgher:20221207:fantasy:dcf8f84, author = {Adam Burgher}, title = {{Fantasy – a new Agrius wiper deployed through a supply‑chain attack}}, date = {2022-12-07}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/}, language = {English}, urldate = {2022-12-08} } Fantasy – a new Agrius wiper deployed through a supply‑chain attack
Apostle DEADWOOD
2022-11-30ESET ResearchFilip Jurčacko
@online{juracko:20221130:whos:f177390, author = {Filip Jurčacko}, title = {{Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin}}, date = {2022-11-30}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/11/30/whos-swimming-south-korean-waters-meet-scarcrufts-dolphin/}, language = {English}, urldate = {2022-12-01} } Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin
2022-11-25Twitter (@ESETresearch)ESET Research
@online{research:20221125:twitter:22e36a6, author = {ESET Research}, title = {{Twitter thread about RansomBoggs campaign against Ukraine}}, date = {2022-11-25}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1596181925663760386}, language = {English}, urldate = {2022-12-29} } Twitter thread about RansomBoggs campaign against Ukraine
2022-11-23ESET ResearchLukáš Štefanko
@online{tefanko:20221123:bahamut:7e7453f, author = {Lukáš Štefanko}, title = {{Bahamut cybermercenary group targets Android users with fake VPN apps}}, date = {2022-11-23}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/11/23/bahamut-cybermercenary-group-targets-android-users-fake-vpn-apps/}, language = {English}, urldate = {2022-11-25} } Bahamut cybermercenary group targets Android users with fake VPN apps
Bahamut
2022-11-22Twitter (@ESETresearch)ESET Research
@online{research:20221122:tweets:518c665, author = {ESET Research}, title = {{Tweets on SysUpdate / Soldier / HyperSSL}}, date = {2022-11-22}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1594937054303236096}, language = {English}, urldate = {2022-11-25} } Tweets on SysUpdate / Soldier / HyperSSL
HyperSSL
2022-10-11ESET ResearchMatías Porolli
@online{porolli:20221011:polonium:1dbdd2d, author = {Matías Porolli}, title = {{POLONIUM targets Israel with Creepy malware}}, date = {2022-10-11}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/}, language = {English}, urldate = {2022-10-12} } POLONIUM targets Israel with Creepy malware
CreepySnail CreepExfil DeepCreep MegaCreep Unidentified 097 (Polonium Keylogger)