Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-04F-SecureRiccardo Ancarani
@online{ancarani:20220504:scheduled:9cd69c7, author = {Riccardo Ancarani}, title = {{Scheduled Task Tampering}}, date = {2022-05-04}, organization = {F-Secure}, url = {https://labs.f-secure.com/blog/scheduled-task-tampering/}, language = {English}, urldate = {2022-05-06} } Scheduled Task Tampering
2021-05-10F-SecureCallum Roxan, Sami Ruohonen
@online{roxan:20210510:prelude:1bb57bb, author = {Callum Roxan and Sami Ruohonen}, title = {{Prelude to Ransomware: SystemBC}}, date = {2021-05-10}, organization = {F-Secure}, url = {https://labs.f-secure.com/blog/prelude-to-ransomware-systembc/}, language = {English}, urldate = {2021-05-11} } Prelude to Ransomware: SystemBC
SystemBC
2021-04-09F-SecureRiccardo Ancarani, Giulio Ginesi
@online{ancarani:20210409:detecting:01d28ed, author = {Riccardo Ancarani and Giulio Ginesi}, title = {{Detecting Exposed Cobalt Strike DNS Redirectors}}, date = {2021-04-09}, organization = {F-Secure}, url = {https://labs.f-secure.com/blog/detecting-exposed-cobalt-strike-dns-redirectors}, language = {English}, urldate = {2021-04-14} } Detecting Exposed Cobalt Strike DNS Redirectors
Cobalt Strike
2021-03-30F-SecureF-Secure Labs
@techreport{labs:20210330:attack:1d19df0, author = {F-Secure Labs}, title = {{Attack landscape update: Ransomware 2.0, automated recon, and supply chain attacks}}, date = {2021-03-30}, institution = {F-Secure}, url = {https://blog-assets.f-secure.com/wp-content/uploads/2021/03/30120359/attack-landscape-update-h1-2021.pdf}, language = {English}, urldate = {2021-03-31} } Attack landscape update: Ransomware 2.0, automated recon, and supply chain attacks
2020-11-20F-Secure LabsRiccardo Ancarani
@online{ancarani:20201120:detecting:79afa40, author = {Riccardo Ancarani}, title = {{Detecting Cobalt Strike Default Modules via Named Pipe Analysis}}, date = {2020-11-20}, organization = {F-Secure Labs}, url = {https://labs.f-secure.com/blog/detecting-cobalt-strike-default-modules-via-named-pipe-analysis}, language = {English}, urldate = {2020-11-23} } Detecting Cobalt Strike Default Modules via Named Pipe Analysis
Cobalt Strike
2020-10-23F-Secure LabsGuillaume Couchard, Qimin Wang, Thiam Loong Siew
@online{couchard:20201023:catching:5788228, author = {Guillaume Couchard and Qimin Wang and Thiam Loong Siew}, title = {{Catching Lazarus: Threat Intelligence to Real Detection Logic - Part Two}}, date = {2020-10-23}, organization = {F-Secure Labs}, url = {https://labs.f-secure.com/blog/catching-lazarus-threat-intelligence-to-real-detection-logic-part-two}, language = {English}, urldate = {2020-10-26} } Catching Lazarus: Threat Intelligence to Real Detection Logic - Part Two
MimiKatz
2020-10-20F-SecureF-Secure Consulting
@techreport{consulting:20201020:incident:275ade2, author = {F-Secure Consulting}, title = {{Incident Readiness: Preparing a proactive response to attacks}}, date = {2020-10-20}, institution = {F-Secure}, url = {https://www.f-secure.com/content/dam/f-secure/en/consulting/our-thinking/collaterals/digital/f-secure-consulting-incident-readiness-proactive-response-guide-2020.pdf}, language = {English}, urldate = {2020-10-23} } Incident Readiness: Preparing a proactive response to attacks
MimiKatz
2020-09-25F-Secure LabsGuillaume Couchard, Qimin Wang, Thiam Loong Siew
@online{couchard:20200925:catching:f381664, author = {Guillaume Couchard and Qimin Wang and Thiam Loong Siew}, title = {{Catching Lazarus: Threat Intelligence to Real Detection Logic - Part One}}, date = {2020-09-25}, organization = {F-Secure Labs}, url = {https://labs.f-secure.com/blog/catching-lazarus-threat-intelligence-to-real-detection-logic}, language = {English}, urldate = {2020-10-05} } Catching Lazarus: Threat Intelligence to Real Detection Logic - Part One
2020-08-18F-Secure LabsF-Secure Labs
@online{labs:20200818:lazarus:f2dadaa, author = {F-Secure Labs}, title = {{Lazarus Group: Campaign Targeting the Cryptocurrency Vertical}}, date = {2020-08-18}, organization = {F-Secure Labs}, url = {https://labs.f-secure.com/publications/ti-report-lazarus-group-cryptocurrency-vertical/}, language = {English}, urldate = {2020-08-27} } Lazarus Group: Campaign Targeting the Cryptocurrency Vertical
2020-08-18F-SecureF-Secure Threat Intelligence Team
@techreport{team:20200818:lazarus:9be8b2a, author = {F-Secure Threat Intelligence Team}, title = {{Lazarus Group Campaign Targeting the Cryptocurrency Vertical}}, date = {2020-08-18}, institution = {F-Secure}, url = {https://labs.f-secure.com/assets/BlogFiles/f-secureLABS-tlp-white-lazarus-threat-intel-report2.pdf}, language = {English}, urldate = {2020-08-31} } Lazarus Group Campaign Targeting the Cryptocurrency Vertical
2020-07-16F-SecureAdam Pilkey
@online{pilkey:20200716:us:aae453e, author = {Adam Pilkey}, title = {{US, UK, and Canada’s COVID-19 research targeted by APT29}}, date = {2020-07-16}, organization = {F-Secure}, url = {https://blog.f-secure.com/covid-19-vaccines/}, language = {English}, urldate = {2020-07-17} } US, UK, and Canada’s COVID-19 research targeted by APT29
2020-07-03F-Secure LabsAnartz Martin
@online{martin:20200703:attack:1454a0d, author = {Anartz Martin}, title = {{Attack Detection Fundamentals: Code Execution and Persistence - Lab #1}}, date = {2020-07-03}, organization = {F-Secure Labs}, url = {https://labs.f-secure.com/blog/attack-detection-fundamentals-code-execution-and-persistence-lab-1/}, language = {English}, urldate = {2020-09-21} } Attack Detection Fundamentals: Code Execution and Persistence - Lab #1
Astaroth
2020-05-06F-Secure LabsMelissa Michael, Artturi Lehtiö
@online{michael:20200506:039:49d4744, author = {Melissa Michael and Artturi Lehtiö}, title = {{039| Deconstructing the Dukes: A Researcher’s Retrospective of APT29}}, date = {2020-05-06}, organization = {F-Secure Labs}, url = {https://blog.f-secure.com/podcast-dukes-apt29/}, language = {English}, urldate = {2020-07-06} } 039| Deconstructing the Dukes: A Researcher’s Retrospective of APT29
OnionDuke
2019-03-29F-SecureBert Steppe
@online{steppe:20190329:hammer:44fb72d, author = {Bert Steppe}, title = {{A Hammer Lurking In The Shadows}}, date = {2019-03-29}, organization = {F-Secure}, url = {https://blog.f-secure.com/a-hammer-lurking-in-the-shadows/}, language = {English}, urldate = {2020-11-04} } A Hammer Lurking In The Shadows
shadowhammer
2019-03-28F-SecureF-Secure Global
@online{global:20190328:analysis:8b788ab, author = {F-Secure Global}, title = {{Analysis of ShadowHammer ASUS Attack First Stage Payload}}, date = {2019-03-28}, organization = {F-Secure}, url = {https://countercept.com/blog/analysis-shadowhammer-asus-attack-first-stage-payload/}, language = {English}, urldate = {2020-01-08} } Analysis of ShadowHammer ASUS Attack First Stage Payload
shadowhammer
2017-10-27F-SecureF-Secure Global
@online{global:20171027:big:916374a, author = {F-Secure Global}, title = {{The big difference with Bad Rabbit}}, date = {2017-10-27}, organization = {F-Secure}, url = {https://labsblog.f-secure.com/2017/10/27/the-big-difference-with-bad-rabbit/}, language = {English}, urldate = {2020-01-07} } The big difference with Bad Rabbit
EternalPetya
2017-04F-SecureF-Secure Labs
@techreport{labs:201704:callisto:5e97cb4, author = {F-Secure Labs}, title = {{CALLISTO GROUP}}, date = {2017-04}, institution = {F-Secure}, url = {https://www.f-secure.com/content/dam/f-secure/en/labs/whitepapers/Callisto_Group.pdf}, language = {English}, urldate = {2022-03-31} } CALLISTO GROUP
RCS Callisto
2016-08-05F-SecureF-Secure Labs
@techreport{labs:20160805:nanhaishu:cee830d, author = {F-Secure Labs}, title = {{NANHAISHU: RATing the South China Sea}}, date = {2016-08-05}, institution = {F-Secure}, url = {https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf}, language = {English}, urldate = {2020-01-13} } NANHAISHU: RATing the South China Sea
NanHaiShu
2015-09-17F-SecureF-Secure Global
@online{global:20150917:dukes:5dc47f5, author = {F-Secure Global}, title = {{The Dukes: 7 Years Of Russian Cyber-Espionage}}, date = {2015-09-17}, organization = {F-Secure}, url = {https://www.zdnet.com/article/source-code-of-iranian-cyber-espionage-tools-leaked-on-telegram/}, language = {English}, urldate = {2020-01-09} } The Dukes: 7 Years Of Russian Cyber-Espionage
TwoFace BONDUPDATER DNSpionage
2015-09-17F-SecureF-Secure Labs
@online{labs:20150917:dukes:767fbef, author = {F-Secure Labs}, title = {{The Dukes: 7 Years Of Russian Cyber-Espionage}}, date = {2015-09-17}, organization = {F-Secure}, url = {https://labsblog.f-secure.com/2015/09/17/the-dukes-7-years-of-russian-cyber-espionage/}, language = {English}, urldate = {2020-01-13} } The Dukes: 7 Years Of Russian Cyber-Espionage
APT29