Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-04Twitter (@felixw3000)Felix
@online{felix:20220504:twitter:0fb7e35, author = {Felix}, title = {{Twitter Thread with info on infection chain with IcedId, Cobalt Strike, and Hidden VNC.}}, date = {2022-05-04}, organization = {Twitter (@felixw3000)}, url = {https://twitter.com/felixw3000/status/1521816045769662468}, language = {English}, urldate = {2022-05-09} } Twitter Thread with info on infection chain with IcedId, Cobalt Strike, and Hidden VNC.
Cobalt Strike IcedID PhotoLoader
2022-02-23SophosAndrew Brandt, Anand Ajjan, Colin Cowie, Abhijit Gupta, Steven Lott, Rahil Shah, Vikas Singh, Felix Weyne, Syed Zaidi, Xiaochuan Zhang
@online{brandt:20220223:dridex:51a6f80, author = {Andrew Brandt and Anand Ajjan and Colin Cowie and Abhijit Gupta and Steven Lott and Rahil Shah and Vikas Singh and Felix Weyne and Syed Zaidi and Xiaochuan Zhang}, title = {{Dridex bots deliver Entropy ransomware in recent attacks}}, date = {2022-02-23}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/02/23/dridex-bots-deliver-entropy-ransomware-in-recent-attacks/?cmp=30728}, language = {English}, urldate = {2022-03-01} } Dridex bots deliver Entropy ransomware in recent attacks
Entropy
2021-04-15Twitter (@felixw3000)Felix
@online{felix:20210415:dridexs:a39e123, author = {Felix}, title = {{Tweet on Dridex's evasion technique}}, date = {2021-04-15}, organization = {Twitter (@felixw3000)}, url = {https://twitter.com/felixw3000/status/1382614469713530883?s=20}, language = {English}, urldate = {2021-05-25} } Tweet on Dridex's evasion technique
Dridex
2020-10-15Kaspersky LabsIvan Kwiatkowski, Pierre Delcher, Félix Aime
@online{kwiatkowski:20201015:iamtheking:1c3917e, author = {Ivan Kwiatkowski and Pierre Delcher and Félix Aime}, title = {{IAmTheKing and the SlothfulMedia malware family}}, date = {2020-10-15}, organization = {Kaspersky Labs}, url = {https://securelist.com/iamtheking-and-the-slothfulmedia-malware-family/99000/}, language = {English}, urldate = {2020-10-16} } IAmTheKing and the SlothfulMedia malware family
SlothfulMedia
2020-07-28Kaspersky LabsIvan Kwiatkowski, Pierre Delcher, Félix Aime
@online{kwiatkowski:20200728:lazarus:5b1523a, author = {Ivan Kwiatkowski and Pierre Delcher and Félix Aime}, title = {{Lazarus on the hunt for big game}}, date = {2020-07-28}, organization = {Kaspersky Labs}, url = {https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/}, language = {English}, urldate = {2020-07-30} } Lazarus on the hunt for big game
Dacls Dacls Dacls VHD Ransomware
2020-03-31Kaspersky LabsIvan Kwiatkowski, Félix Aime, Pierre Delcher
@online{kwiatkowski:20200331:holy:857c397, author = {Ivan Kwiatkowski and Félix Aime and Pierre Delcher}, title = {{Holy water: ongoing targeted water-holing attack in Asia}}, date = {2020-03-31}, organization = {Kaspersky Labs}, url = {https://securelist.com/holy-water-ongoing-targeted-water-holing-attack-in-asia/96311/}, language = {English}, urldate = {2020-04-07} } Holy water: ongoing targeted water-holing attack in Asia
Godlike12
2020-03-23Kaspersky LabsFélix Aime, Yury Namestnikov
@online{aime:20200323:fin7:66bea6f, author = {Félix Aime and Yury Namestnikov}, title = {{Fin7 APT: how billion dollar crime ring remains active after leaders’ arrest}}, date = {2020-03-23}, organization = {Kaspersky Labs}, url = {https://www.brighttalk.com/webcast/15591/382191/fin7-apt-how-billion-dollar-crime-ring-remains-active-after-leaders-arrest}, language = {English}, urldate = {2020-04-07} } Fin7 APT: how billion dollar crime ring remains active after leaders’ arrest
Carbanak
2019-06-02VMRayFelix Seele
@techreport{seele:20190602:hypervisorbased:04c1731, author = {Felix Seele}, title = {{Hypervisor-based Analysis of macOS Malware}}, date = {2019-06-02}, institution = {VMRay}, url = {https://objectivebythesea.com/v2/talks/OBTS_v2_Seele.pdf}, language = {English}, urldate = {2020-01-07} } Hypervisor-based Analysis of macOS Malware
Coldroot RAT
2019-05-08Kaspersky LabsYury Namestnikov, Félix Aime
@online{namestnikov:20190508:fin75:443b111, author = {Yury Namestnikov and Félix Aime}, title = {{FIN7.5: the infamous cybercrime rig “FIN7” continues its activities}}, date = {2019-05-08}, organization = {Kaspersky Labs}, url = {https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/}, language = {English}, urldate = {2019-12-20} } FIN7.5: the infamous cybercrime rig “FIN7” continues its activities
Griffon Ave Maria FIN7
2019-05Felix Weyne
@online{weyne:201905:hancitors:9fccb0b, author = {Felix Weyne}, title = {{Hancitor's Packer Damystified}}, date = {2019-05}, url = {https://www.uperesia.com/hancitor-packer-demystified}, language = {English}, urldate = {2020-01-07} } Hancitor's Packer Damystified
Hancitor
2018-07-29SophosFelix Weyne
@online{weyne:20180729:adkoob:92f8951, author = {Felix Weyne}, title = {{AdKoob information thief targets Facebook ad purchase info}}, date = {2018-07-29}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2018/07/29/adkoob-information-thief-targets-facebook-ad-purchase-info/}, language = {English}, urldate = {2020-01-05} } AdKoob information thief targets Facebook ad purchase info
AdKoob
2018-07-26FireEyeSwapnil Patil
@online{patil:20180726:microsoft:f03d7c7, author = {Swapnil Patil}, title = {{Microsoft Office Vulnerabilities Used to Distribute FELIXROOT Backdoor in Recent Campaign}}, date = {2018-07-26}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html}, language = {English}, urldate = {2019-12-20} } Microsoft Office Vulnerabilities Used to Distribute FELIXROOT Backdoor in Recent Campaign
Felixroot
2016-08UperesiaFelix Weyne
@online{weyne:201608:analysis:10758de, author = {Felix Weyne}, title = {{Analysis of a packed Pony downloader}}, date = {2016-08}, organization = {Uperesia}, url = {https://www.uperesia.com/analysis-of-a-packed-pony-downloader}, language = {English}, urldate = {2020-01-06} } Analysis of a packed Pony downloader
Pony