Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-03-18Recorded FutureInsikt Group®
@techreport{group:20220318:ghostwriter:907199b, author = {Insikt Group®}, title = {{Ghostwriter in the Shell: Expanding on Mandiant’s Attribution of UNC1151 to Belarus}}, date = {2022-03-18}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2022-0318.pdf}, language = {English}, urldate = {2022-03-22} } Ghostwriter in the Shell: Expanding on Mandiant’s Attribution of UNC1151 to Belarus
2022-03-08Cluster25Cluster25
@online{cluster25:20220308:ghostwriter:3f0d3c1, author = {Cluster25}, title = {{GhostWriter / UNC1151 adopts MicroBackdoor Variants in Cyber Operations against Ukraine}}, date = {2022-03-08}, organization = {Cluster25}, url = {https://cluster25.io/2022/03/08/ghostwriter-unc1151-adopts-microbackdoor-variants-in-cyber-operations-against-targets-in-ukraine/}, language = {English}, urldate = {2022-03-10} } GhostWriter / UNC1151 adopts MicroBackdoor Variants in Cyber Operations against Ukraine
MicroBackdoor
2022-02-28Bleeping ComputerSergiu Gatlan
@online{gatlan:20220228:meta:7d5b51a, author = {Sergiu Gatlan}, title = {{Meta: Ukrainian officials, military targeted by Ghostwriter hackers}}, date = {2022-02-28}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/meta-ukrainian-officials-military-targeted-by-ghostwriter-hackers/}, language = {English}, urldate = {2022-03-07} } Meta: Ukrainian officials, military targeted by Ghostwriter hackers
Ghostwriter
2022-02-25RiskIQRiskIQ
@online{riskiq:20220225:riskiq:07f3da6, author = {RiskIQ}, title = {{RiskIQ: UNC1151/GhostWriter Phishing Attacks Target Ukrainian Soldiers}}, date = {2022-02-25}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/e3a7ceea}, language = {English}, urldate = {2022-03-02} } RiskIQ: UNC1151/GhostWriter Phishing Attacks Target Ukrainian Soldiers
2022-02-25360 netlabGhost
@online{ghost:20220225:some:268b2df, author = {Ghost}, title = {{Some details of the DDoS attacks targeting Ukraine and Russia in recent days}}, date = {2022-02-25}, organization = {360 netlab}, url = {https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/}, language = {English}, urldate = {2022-03-02} } Some details of the DDoS attacks targeting Ukraine and Russia in recent days
Bashlite Mirai MooBot PerlBot
2022-02-25360 netlabGhost
@online{ghost:20220225:details:66e35e3, author = {Ghost}, title = {{Details of the DDoS attacks we have seen recently against Ukraine and Russia}}, date = {2022-02-25}, organization = {360 netlab}, url = {https://blog.netlab.360.com/wo-men-kan-dao-de-wu-ke-lan-bei-ddosgong-ji-xi-jie/}, language = {Chinese}, urldate = {2022-03-01} } Details of the DDoS attacks we have seen recently against Ukraine and Russia
Bashlite Mirai Mirai
2021-11-16MandiantGabriella Roncone, Alden Wahlstrom, Alice Revelli, David Mainor, Sam Riddell, Ben Read, Mandiant Research Team
@online{roncone:20211116:unc1151:a2da6dc, author = {Gabriella Roncone and Alden Wahlstrom and Alice Revelli and David Mainor and Sam Riddell and Ben Read and Mandiant Research Team}, title = {{UNC1151 Assessed with High Confidence to have Links to Belarus, Ghostwriter Campaign Aligned with Belarusian Government Interests}}, date = {2021-11-16}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/unc1151-linked-to-belarus-government}, language = {English}, urldate = {2021-11-17} } UNC1151 Assessed with High Confidence to have Links to Belarus, Ghostwriter Campaign Aligned with Belarusian Government Interests
Ghostwriter
2021-11-16WiredLily Hay Newman
@online{newman:20211116:ghostwriter:970c096, author = {Lily Hay Newman}, title = {{‘Ghostwriter’ Looks Like a Purely Russian Op - Except It's Not}}, date = {2021-11-16}, organization = {Wired}, url = {https://www.wired.com/story/ghostwriter-hackers-belarus-russia-misinformationo/}, language = {English}, urldate = {2021-11-17} } ‘Ghostwriter’ Looks Like a Purely Russian Op - Except It's Not
2021-10-29360 netlabGhost
@online{ghost:20211029:pink:1464c64, author = {Ghost}, title = {{Pink, a botnet that competed with the vendor to control the massive infected devices}}, date = {2021-10-29}, organization = {360 netlab}, url = {https://blog.netlab.360.com/pink-en/}, language = {English}, urldate = {2021-11-03} } Pink, a botnet that competed with the vendor to control the massive infected devices
Pink
2021-10-06CybereasonTom Fakterman, Daniel Frank, Chen Erlich, Assaf Dahan
@online{fakterman:20211006:operation:9a1ec21, author = {Tom Fakterman and Daniel Frank and Chen Erlich and Assaf Dahan}, title = {{Operation GhostShell: Novel RAT Targets Global Aerospace and Telecoms Firms}}, date = {2021-10-06}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-ghostshell-novel-rat-targets-global-aerospace-and-telecoms-firms}, language = {English}, urldate = {2021-10-24} } Operation GhostShell: Novel RAT Targets Global Aerospace and Telecoms Firms
ShellClient RAT
2021-09-30KasperskyMark Lechtik, Aseel Kayal, Paul Rascagnères, Vasily Berdnikov
@online{lechtik:20210930:ghostemperor:f7bdb63, author = {Mark Lechtik and Aseel Kayal and Paul Rascagnères and Vasily Berdnikov}, title = {{GhostEmperor: From ProxyLogon to kernel mode}}, date = {2021-09-30}, organization = {Kaspersky}, url = {https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/}, language = {English}, urldate = {2021-10-05} } GhostEmperor: From ProxyLogon to kernel mode
GhostEmperor
2021-09-01PrevailionPrevailion
@online{prevailion:20210901:diving:a8fed12, author = {Prevailion}, title = {{Diving Deep into UNC1151’s Infrastructure: Ghostwriter and beyond}}, date = {2021-09-01}, organization = {Prevailion}, url = {https://www.prevailion.com/diving-deep-into-unc1151s-infrastructure-ghostwriter-and-beyond/}, language = {English}, urldate = {2021-09-02} } Diving Deep into UNC1151’s Infrastructure: Ghostwriter and beyond
2021-08-13vsquareAnna Gielewska, Julia Dauksza
@online{gielewska:20210813:ghostwriter:d39a4a6, author = {Anna Gielewska and Julia Dauksza}, title = {{The Ghostwriter Scenario (UNC1151)}}, date = {2021-08-13}, organization = {vsquare}, url = {https://vsquare.org/the-ghostwriter-scenario/}, language = {English}, urldate = {2021-08-25} } The Ghostwriter Scenario (UNC1151)
2021-07-29KasperskyKaspersky
@online{kaspersky:20210729:ghostemperor:c9ddfe4, author = {Kaspersky}, title = {{GhostEmperor: Chinese-speaking APT targets high-profile victims using unknown rootkit}}, date = {2021-07-29}, organization = {Kaspersky}, url = {https://www.kaspersky.com/about/press-releases/2021_ghostemperor-chinese-speaking-apt-targets-high-profile-victims-using-unknown-rootkit}, language = {English}, urldate = {2021-10-07} } GhostEmperor: Chinese-speaking APT targets high-profile victims using unknown rootkit
GhostEmperor
2021-07-27GigamonJoe Slowik
@online{slowik:20210727:ghosts:af3dc18, author = {Joe Slowik}, title = {{Ghosts on the Wire: Expanding Conceptions of Network Anomalies}}, date = {2021-07-27}, organization = {Gigamon}, url = {https://blog.gigamon.com/2021/07/27/ghosts-on-the-wire-expanding-conceptions-of-network-anomalies/}, language = {English}, urldate = {2021-08-02} } Ghosts on the Wire: Expanding Conceptions of Network Anomalies
SUNBURST
2021-06-24FortinetDavid Maciejak, Joie Salvio
@online{maciejak:20210624:ghosts:75b5f92, author = {David Maciejak and Joie Salvio}, title = {{The Ghosts of Mirai}}, date = {2021-06-24}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai}, language = {English}, urldate = {2021-06-29} } The Ghosts of Mirai
Mirai
2021-06-15ElasticGabriel Landau
@online{landau:20210615:what:78dc82d, author = {Gabriel Landau}, title = {{What you need to know about Process Ghosting, a new executable image tampering attack}}, date = {2021-06-15}, organization = {Elastic}, url = {https://www.elastic.co/blog/process-ghosting-a-new-executable-image-tampering-attack}, language = {English}, urldate = {2021-06-21} } What you need to know about Process Ghosting, a new executable image tampering attack
2021-04-28FireEyeLee Foster, David Mainor, Ben Read, Sam Riddell, Gabby Roncone, Lindsay Smith, Alden Wahlstrom
@online{foster:20210428:ghostwriter:3455770, author = {Lee Foster and David Mainor and Ben Read and Sam Riddell and Gabby Roncone and Lindsay Smith and Alden Wahlstrom}, title = {{Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity}}, date = {2021-04-28}, organization = {FireEye}, url = {https://content.fireeye.com/web-assets/rpt-unc1151-ghostwriter-update}, language = {English}, urldate = {2021-05-03} } Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity
2021-03-31TagesschauHakan Tanriverdi, Florian Flade
@online{tanriverdi:20210331:attack:65b2f39, author = {Hakan Tanriverdi and Florian Flade}, title = {{Attack of the "chaos troops" (Ghostwriter)}}, date = {2021-03-31}, organization = {Tagesschau}, url = {https://www.tagesschau.de/investigativ/wdr/hackerangriffe-105.html}, language = {German}, urldate = {2021-03-31} } Attack of the "chaos troops" (Ghostwriter)
2021-03-31Twitter (@hatr)Hakan Tanriverdi
@online{tanriverdi:20210331:ghostwriter:28526c7, author = {Hakan Tanriverdi}, title = {{Tweet on Ghostwriter}}, date = {2021-03-31}, organization = {Twitter (@hatr)}, url = {https://twitter.com/hatr/status/1377220336597483520}, language = {English}, urldate = {2021-04-06} } Tweet on Ghostwriter
Ghostwriter