Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-08-14Group-IBPavel Naumov, Artem Grischenko
@online{naumov:20230814:breaking:9fe9961, author = {Pavel Naumov and Artem Grischenko}, title = {{Breaking down Gigabud banking malware with Group-IB Fraud Matrix}}, date = {2023-08-14}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/gigabud-banking-malware/}, language = {English}, urldate = {2023-08-30} } Breaking down Gigabud banking malware with Group-IB Fraud Matrix
Gigabud
2023-05-17Group-IBNikita Rostovtsev, Joshua Penny, Yashraj Solanki
@online{rostovtsev:20230517:distinctive:c4bc5d4, author = {Nikita Rostovtsev and Joshua Penny and Yashraj Solanki}, title = {{The distinctive rattle of APT SideWinder}}, date = {2023-05-17}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/hunting-sidewinder/}, language = {English}, urldate = {2023-05-17} } The distinctive rattle of APT SideWinder
SideWinder
2023-04-04Group-IBAndrey Zhdanov, Vladislav Azersky
@online{zhdanov:20230404:old:fba2117, author = {Andrey Zhdanov and Vladislav Azersky}, title = {{The old way: BabLock, new ransomware quietly cruising around Europe, Middle East, and Asia}}, date = {2023-04-04}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/bablock-ransomware/}, language = {English}, urldate = {2023-04-25} } The old way: BabLock, new ransomware quietly cruising around Europe, Middle East, and Asia
Rorschach Ransomware
2023-03-31Group-IBGroup-IB
@online{groupib:20230331:36gate:9107003, author = {Group-IB}, title = {{36gate: supply chain attack}}, date = {2023-03-31}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/3cx-supply-chain-attack/?utm_source=twitter&utm_campaign=3cx-blog&utm_medium=social}, language = {English}, urldate = {2023-04-02} } 36gate: supply chain attack
3CX Backdoor
2023-01-11Group-IBGroup-IB
@online{groupib:20230111:dark:70a89b8, author = {Group-IB}, title = {{Dark Pink: New APT group targets governmental, military organizations in APAC, Europe}}, date = {2023-01-11}, organization = {Group-IB}, url = {https://www.group-ib.com/media-center/press-releases/dark-pink-apt/}, language = {English}, urldate = {2023-03-24} } Dark Pink: New APT group targets governmental, military organizations in APAC, Europe
DarkPink
2023-01-11Group-IBAndrey Polovinkin
@online{polovinkin:20230111:dark:abb723d, author = {Andrey Polovinkin}, title = {{Dark Pink - New APT hitting Asia-Pacific, Europe that goes deeper and darker}}, date = {2023-01-11}, organization = {Group-IB}, url = {https://blog.group-ib.com/dark-pink-apt}, language = {English}, urldate = {2023-01-12} } Dark Pink - New APT hitting Asia-Pacific, Europe that goes deeper and darker
2022-12-21Group-IBArtem Grischenko
@online{grischenko:20221221:godfather:fbc2595, author = {Artem Grischenko}, title = {{Godfather: A banking Trojan that is impossible to refuse}}, date = {2022-12-21}, organization = {Group-IB}, url = {https://blog.group-ib.com/godfather-trojan}, language = {English}, urldate = {2022-12-24} } Godfather: A banking Trojan that is impossible to refuse
Godfather
2022-11-03Group-IBGroup-IB
@online{groupib:20221103:opera1er:19d5499, author = {Group-IB}, title = {{OPERA1ER: Playing god without permission}}, date = {2022-11-03}, organization = {Group-IB}, url = {https://explore.group-ib.com/opera1er-eng/report-opera1er-eng}, language = {English}, urldate = {2022-11-06} } OPERA1ER: Playing god without permission
2022-11-03Group-IBRustam Mirkasymov
@online{mirkasymov:20221103:financially:cd6ff5b, author = {Rustam Mirkasymov}, title = {{Financially motivated, dangerously activated: OPERA1ER APT in Africa}}, date = {2022-11-03}, organization = {Group-IB}, url = {https://blog.group-ib.com/opera1er-apt}, language = {English}, urldate = {2023-01-19} } Financially motivated, dangerously activated: OPERA1ER APT in Africa
Cobalt Strike Common Raven
2022-09-16Group-IBTwitter (@GroupIB_GIB)
@online{groupibgib:20220916:uber:255f13d, author = {Twitter (@GroupIB_GIB)}, title = {{Tweet on Uber Employees potentially infected with Raccoon and Vidar stealer}}, date = {2022-09-16}, organization = {Group-IB}, url = {https://twitter.com/GroupIB_GIB/status/1570821174736850945}, language = {English}, urldate = {2022-09-19} } Tweet on Uber Employees potentially infected with Raccoon and Vidar stealer
Raccoon Vidar
2022-08-25Group-IBRoberto Martinez, Rustam Mirkasymov
@online{martinez:20220825:roasting:adb6ea2, author = {Roberto Martinez and Rustam Mirkasymov}, title = {{Roasting 0ktapus: The phishing campaign going after Okta identity credentials}}, date = {2022-08-25}, organization = {Group-IB}, url = {https://blog.group-ib.com/0ktapus}, language = {English}, urldate = {2022-08-30} } Roasting 0ktapus: The phishing campaign going after Okta identity credentials
2022-08-18Group-IBNikita Rostovtsev
@online{rostovtsev:20220818:apt41:57ffddb, author = {Nikita Rostovtsev}, title = {{APT41 World Tour 2021 on a tight schedule}}, date = {2022-08-18}, organization = {Group-IB}, url = {https://blog.group-ib.com/apt41-world-tour-2021}, language = {English}, urldate = {2022-08-18} } APT41 World Tour 2021 on a tight schedule
Cobalt Strike
2022-08-17Group-IBVictor Okorokov
@online{okorokov:20220817:switching:1ffd85f, author = {Victor Okorokov}, title = {{Switching side jobs Links between ATMZOW JS-sniffer and Hancitor}}, date = {2022-08-17}, organization = {Group-IB}, url = {https://blog.group-ib.com/switching-side-jobs}, language = {English}, urldate = {2022-08-22} } Switching side jobs Links between ATMZOW JS-sniffer and Hancitor
Hancitor
2022-08-11Group-IBGroup-IB
@online{groupib:20220811:challenge:114c383, author = {Group-IB}, title = {{Challenge accepted Detecting MaliBot, a fresh Android banking trojan, with a Fraud Protection solution}}, date = {2022-08-11}, organization = {Group-IB}, url = {https://blog.group-ib.com/malibot}, language = {English}, urldate = {2022-08-17} } Challenge accepted Detecting MaliBot, a fresh Android banking trojan, with a Fraud Protection solution
2022-07-29Group-IBReza Rafati, Yaroslav Kargalev
@online{rafati:20220729:fake:c31ccc4, author = {Reza Rafati and Yaroslav Kargalev}, title = {{Fake investment scams in Europe How we almost got rich}}, date = {2022-07-29}, organization = {Group-IB}, url = {https://blog.group-ib.com/investment-scams-europe}, language = {English}, urldate = {2022-08-17} } Fake investment scams in Europe How we almost got rich
2022-06-29Group-IBAndrey Zhdanov, Oleg Skulkin
@online{zhdanov:20220629:fat:7056ba6, author = {Andrey Zhdanov and Oleg Skulkin}, title = {{Fat Cats - An analysis of the BlackCat ransomware affiliate program}}, date = {2022-06-29}, organization = {Group-IB}, url = {https://blog.group-ib.com/blackcat}, language = {English}, urldate = {2022-08-17} } Fat Cats - An analysis of the BlackCat ransomware affiliate program
BlackCat BlackCat
2022-06-24Group-IBAlbert Priego
@online{priego:20220624:we:0ed77e2, author = {Albert Priego}, title = {{We see you, Gozi Hunting the latest TTPs used for delivering the Trojan}}, date = {2022-06-24}, organization = {Group-IB}, url = {https://blog.group-ib.com/gozi-latest-ttps}, language = {English}, urldate = {2022-08-17} } We see you, Gozi Hunting the latest TTPs used for delivering the Trojan
ISFB
2022-06-16Group-IBAnastasia Tikhonova
@online{tikhonova:20220616:thousands:16405e0, author = {Anastasia Tikhonova}, title = {{Thousands of IDs exposed in yet another data breach in Brazil}}, date = {2022-06-16}, organization = {Group-IB}, url = {https://blog.group-ib.com/brazil-exposed-db}, language = {English}, urldate = {2022-08-17} } Thousands of IDs exposed in yet another data breach in Brazil
2022-06-09Group-IBYaroslav Kargalev, Ivan Lebedev
@online{kargalev:20220609:swiss:1382ebc, author = {Yaroslav Kargalev and Ivan Lebedev}, title = {{Swiss Army Knife Phishing Group-IB identifies massive campaign capable of targeting clients of major Vietnamese banks}}, date = {2022-06-09}, organization = {Group-IB}, url = {https://blog.group-ib.com/phishing-vietnam-banks}, language = {English}, urldate = {2022-08-17} } Swiss Army Knife Phishing Group-IB identifies massive campaign capable of targeting clients of major Vietnamese banks
2022-06-01Group-IBNikita Rostovcev, Alexander Badaev
@online{rostovcev:20220601:sidewinderantibotscript:62cb932, author = {Nikita Rostovcev and Alexander Badaev}, title = {{SideWinder.AntiBot.Script Analysis of SideWinder's new infrastructure and tool that narrows their reach to Pakistan}}, date = {2022-06-01}, organization = {Group-IB}, url = {https://blog.group-ib.com/sidewinder-antibot}, language = {English}, urldate = {2022-06-02} } SideWinder.AntiBot.Script Analysis of SideWinder's new infrastructure and tool that narrows their reach to Pakistan