Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-05-07Group-IBOleg Skulkin, Semyon Rogachev
@online{skulkin:20210507:connecting:49c0b13, author = {Oleg Skulkin and Semyon Rogachev}, title = {{Connecting the Bots Hancitor fuels Cuba Ransomware Operations}}, date = {2021-05-07}, organization = {Group-IB}, url = {https://blog.group-ib.com/hancitor-cuba-ransomware}, language = {English}, urldate = {2021-05-08} } Connecting the Bots Hancitor fuels Cuba Ransomware Operations
Cuba Ransomware Hancitor
2021-04-29International Computing CentreInternational Computing Centre
@online{centre:20210429:saving:cdbd9ca, author = {International Computing Centre}, title = {{Saving World Health Day: UNICC and Group-IB Take Down Scam Campaign Impersonating the World Health Organization}}, date = {2021-04-29}, organization = {International Computing Centre}, url = {https://www.unicc.org/news/2021/04/29/unicc-and-group-ib-take-down-scam-campaign/}, language = {English}, urldate = {2021-05-03} } Saving World Health Day: UNICC and Group-IB Take Down Scam Campaign Impersonating the World Health Organization
2021-04-14Group-IBVictor Okorokov
@online{okorokov:20210414:lazarus:6f74781, author = {Victor Okorokov}, title = {{Lazarus BTC Changer Back in action with JS sniffers redesigned to steal crypto https://www.group-ib.com/blog/btc_changer}}, date = {2021-04-14}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/btc_changer}, language = {English}, urldate = {2021-04-20} } Lazarus BTC Changer Back in action with JS sniffers redesigned to steal crypto https://www.group-ib.com/blog/btc_changer
2021-03-15Group-IBVictor Okorokov
@online{okorokov:20210315:javascript:ec4f3b6, author = {Victor Okorokov}, title = {{JavaScript sniffers' new tricks: Analysis of the E1RB JS sniffer family}}, date = {2021-03-15}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/e1rb}, language = {English}, urldate = {2021-03-18} } JavaScript sniffers' new tricks: Analysis of the E1RB JS sniffer family
2021-03Group-IBOleg Skulkin, Roman Rezvukhin, Semyon Rogachev
@techreport{skulkin:202103:ransomware:992ca10, author = {Oleg Skulkin and Roman Rezvukhin and Semyon Rogachev}, title = {{RANSOMWARE UNCOVERED 2020—2021}}, date = {2021-03}, institution = {Group-IB}, url = {https://web.archive.org/web/20210305181115/https://cisoclub.ru/doc/otchet-kompanii-group-ib-ransomware-uncovered-2020-2021/?bp-attachment=group-ib_ransomware_uncovered_2020-2021.pdf}, language = {English}, urldate = {2021-04-16} } RANSOMWARE UNCOVERED 2020—2021
RansomEXX BazarBackdoor Buer Clop Conti Ransomware DoppelPaymer Dridex Egregor IcedID Maze PwndLocker QakBot RansomEXX REvil Ryuk SDBbot TrickBot Zloader
2020-12-23Group-IBViktor Okorokov
@online{okorokov:20201223:new:b6c974d, author = {Viktor Okorokov}, title = {{New attacks by UltraRank group}}, date = {2020-12-23}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/ultrarank}, language = {English}, urldate = {2020-12-26} } New attacks by UltraRank group
2020-12-07Group-IBNikita Rostovcev
@online{rostovcev:20201207:footprints:c2a90df, author = {Nikita Rostovcev}, title = {{The footprints of Raccoon: a story about operators of JS-sniffer FakeSecurity distributing Raccoon stealer}}, date = {2020-12-07}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/fakesecurity_raccoon}, language = {English}, urldate = {2020-12-08} } The footprints of Raccoon: a story about operators of JS-sniffer FakeSecurity distributing Raccoon stealer
Raccoon
2020-12-07Group-IBVictor Okorokov
@online{okorokov:20201207:massive:177c4eb, author = {Victor Okorokov}, title = {{Massive malicious campaign by FakeSecurity JS-sniffer}}, date = {2020-12-07}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/fakesecurity}, language = {English}, urldate = {2020-12-08} } Massive malicious campaign by FakeSecurity JS-sniffer
2020-12-01Group-IBGroup-IB, Oleg Skulkin, Semyon Rogachev, Roman Rezvukhin
@techreport{groupib:20201201:egregor:37e5698, author = {Group-IB and Oleg Skulkin and Semyon Rogachev and Roman Rezvukhin}, title = {{Egregor ransomware: The legacy of Maze lives on}}, date = {2020-12-01}, institution = {Group-IB}, url = {https://web.archive.org/web/20201207094648/https://go.group-ib.com/rs/689-LRE-818/images/Group-IB_Egregor_Ransomware.pdf}, language = {English}, urldate = {2021-01-21} } Egregor ransomware: The legacy of Maze lives on
Egregor QakBot
2020-11-20Group-IBOleg Skulkin, Roman Rezvukhin, Semyon Rogachev
@online{skulkin:20201120:locking:cdb06cf, author = {Oleg Skulkin and Roman Rezvukhin and Semyon Rogachev}, title = {{The Locking Egregor}}, date = {2020-11-20}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/egregor}, language = {English}, urldate = {2020-11-23} } The Locking Egregor
Egregor QakBot
2020-09-23Group-IBRustam Mirkasymov, Oleg Skulkin
@online{mirkasymov:20200923:big:c5c62a3, author = {Rustam Mirkasymov and Oleg Skulkin}, title = {{Big Game Hunting: Now in Russia}}, date = {2020-09-23}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/oldgremlin}, language = {English}, urldate = {2020-09-24} } Big Game Hunting: Now in Russia
2020-09-10Group-IBOleg Skulkin, Semyon Rogachev
@online{skulkin:20200910:lock:a6f630a, author = {Oleg Skulkin and Semyon Rogachev}, title = {{Lock Like a Pro: Dive in Recent ProLock's Big Game Hunting}}, date = {2020-09-10}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/prolock_evolution}, language = {English}, urldate = {2020-09-15} } Lock Like a Pro: Dive in Recent ProLock's Big Game Hunting
PwndLocker QakBot
2020-08-24Group-IBOleg Skulkin
@online{skulkin:20200824:cybercriminal:f1959f3, author = {Oleg Skulkin}, title = {{Cybercriminal greeners from Iran attack companies worldwide for financial gain}}, date = {2020-08-24}, organization = {Group-IB}, url = {https://www.group-ib.com/media/iran-cybercriminals/}, language = {English}, urldate = {2020-08-25} } Cybercriminal greeners from Iran attack companies worldwide for financial gain
Dharma
2020-08Group-IBGroup-IB
@techreport{groupib:202008:redcurl:f95e316, author = {Group-IB}, title = {{RedCurl: The pentest you didn’t know about}}, date = {2020-08}, institution = {Group-IB}, url = {https://edu.anarcho-copy.org/Against%20Security%20&%20%20Self%20Security/Group-IB%20RedCurl.pdf}, language = {English}, urldate = {2021-03-02} } RedCurl: The pentest you didn’t know about
LaZagne
2020-05-29Group-IBIvan Pisarev
@online{pisarev:20200529:icedid:9627fda, author = {Ivan Pisarev}, title = {{IcedID: When ice burns through bank accounts}}, date = {2020-05-29}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/icedid}, language = {English}, urldate = {2020-06-02} } IcedID: When ice burns through bank accounts
IcedID
2020-05-14Group-IBOleg Skulkin
@online{skulkin:20200514:attcking:6b770ce, author = {Oleg Skulkin}, title = {{ATT&CKing ProLock Ransomware}}, date = {2020-05-14}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/prolock}, language = {English}, urldate = {2020-05-18} } ATT&CKing ProLock Ransomware
PwndLocker
2020-01-27Group-IBVesta Matveeva
@online{matveeva:20200127:operation:0a2260a, author = {Vesta Matveeva}, title = {{Operation Night Fury: Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world}}, date = {2020-01-27}, organization = {Group-IB}, url = {https://www.group-ib.com/media/night-fury/}, language = {English}, urldate = {2020-01-28} } Operation Night Fury: Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world
2019-11-27Group-IBIlya Pomerantsev
@online{pomerantsev:20191127::4345ace, author = {Ilya Pomerantsev}, title = {{Кейлоггер с сюрпризом: анализ клавиатурного шпиона и деанон его разработчика}}, date = {2019-11-27}, organization = {Group-IB}, url = {https://habr.com/ru/company/group-ib/blog/477198/}, language = {Russian}, urldate = {2020-03-23} } Кейлоггер с сюрпризом: анализ клавиатурного шпиона и деанон его разработчика
404 Keylogger
2019-08Group-IBGroup-IB
@techreport{groupib:201908:silence:1845381, author = {Group-IB}, title = {{Silence 2.0 - Going Global}}, date = {2019-08}, institution = {Group-IB}, url = {https://www.group-ib.com/resources/threat-research/silence_2.0.going_global.pdf}, language = {English}, urldate = {2019-12-17} } Silence 2.0 - Going Global
Silence
2019-08Group-IBGroup-IB
@online{groupib:201908:attacks:9da5611, author = {Group-IB}, title = {{Attacks by Silence}}, date = {2019-08}, organization = {Group-IB}, url = {https://www.group-ib.com/resources/threat-research/silence.html}, language = {English}, urldate = {2020-01-07} } Attacks by Silence
Silence DDoS Kikothac Silence