Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-08-06Group-IBAndrey Zhdanov
@online{zhdanov:20210806:its:e5b4483, author = {Andrey Zhdanov}, title = {{It's alive! The story behind the BlackMatter ransomware strain}}, date = {2021-08-06}, organization = {Group-IB}, url = {https://blog.group-ib.com/blackmatter#}, language = {English}, urldate = {2021-08-09} } It's alive! The story behind the BlackMatter ransomware strain
BlackMatter DarkSide BlackMatter DarkSide
2021-08-05Group-IBViktor Okorokov, Nikita Rostovcev
@online{okorokov:20210805:prometheus:38ab6a6, author = {Viktor Okorokov and Nikita Rostovcev}, title = {{Prometheus TDS The key to success for Campo Loader, Hancitor, IcedID, and QBot}}, date = {2021-08-05}, organization = {Group-IB}, url = {https://blog.group-ib.com/prometheus-tds}, language = {English}, urldate = {2021-08-06} } Prometheus TDS The key to success for Campo Loader, Hancitor, IcedID, and QBot
Buer campoloader Hancitor IcedID QakBot
2021-08-03Group-IBAnastasia Tikhonova, Dmitry Kupin
@online{tikhonova:20210803:art:d715071, author = {Anastasia Tikhonova and Dmitry Kupin}, title = {{The Art of Cyberwarfare Chinese APTs attack Russia}}, date = {2021-08-03}, organization = {Group-IB}, url = {https://blog.group-ib.com/task}, language = {English}, urldate = {2021-08-06} } The Art of Cyberwarfare Chinese APTs attack Russia
Albaniiutas Mail-O SManager
2021-07-22Group-IBRoberto Martinez, Anton Ushakov
@online{martinez:20210722:fraud:9f095b0, author = {Roberto Martinez and Anton Ushakov}, title = {{The Fraud Family Fraud-as-a-Service operation targeting Dutch residents}}, date = {2021-07-22}, organization = {Group-IB}, url = {https://blog.group-ib.com/fraud_family_nl/}, language = {English}, urldate = {2021-07-22} } The Fraud Family Fraud-as-a-Service operation targeting Dutch residents
2021-07-06Group-IBStephen Kavanagh, Dmitry Volkov
@online{kavanagh:20210706:operation:315c918, author = {Stephen Kavanagh and Dmitry Volkov}, title = {{Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide}}, date = {2021-07-06}, organization = {Group-IB}, url = {https://www.group-ib.com/media/gib-interpol-lyrebird/}, language = {English}, urldate = {2021-07-11} } Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide
2021-07-02Group-IBAlbert Priego
@online{priego:20210702:brothers:74e06d3, author = {Albert Priego}, title = {{The Brothers Grim - The reversing tale of GrimAgent malware used by Ryuk}}, date = {2021-07-02}, organization = {Group-IB}, url = {https://blog.group-ib.com/grimagent}, language = {English}, urldate = {2021-07-05} } The Brothers Grim - The reversing tale of GrimAgent malware used by Ryuk
GRIMAGENT
2021-07-02Group-IBGroup-IB
@online{groupib:20210702:brothers:0b68ead, author = {Group-IB}, title = {{The Brothers Grim - The reversing tale of GrimAgent malware used by Ryuk}}, date = {2021-07-02}, organization = {Group-IB}, url = {https://gibnc.group-ib.com/s/Group-IB_GrimAgent_analysis#pdfviewer}, language = {English}, urldate = {2021-07-06} } The Brothers Grim - The reversing tale of GrimAgent malware used by Ryuk
GRIMAGENT
2021-06-30Group-IBOleg Skulkin
@online{skulkin:20210630:revil:63bb524, author = {Oleg Skulkin}, title = {{REvil Twins Deep Dive into Prolific RaaS Affiliates' TTPs}}, date = {2021-06-30}, organization = {Group-IB}, url = {https://blog.group-ib.com/REvil_RaaS}, language = {English}, urldate = {2021-07-02} } REvil Twins Deep Dive into Prolific RaaS Affiliates' TTPs
Cobalt Strike REvil
2021-06-10Group-IBNikita Rostovcev
@online{rostovcev:20210610:big:4d0a5f2, author = {Nikita Rostovcev}, title = {{Big airline heist APT41 likely behind massive supply chain attack}}, date = {2021-06-10}, organization = {Group-IB}, url = {https://blog.group-ib.com/colunmtk_apt41}, language = {English}, urldate = {2021-06-16} } Big airline heist APT41 likely behind massive supply chain attack
Cobalt Strike
2021-06-03Group-IBNikita Rostovtsev
@online{rostovtsev:20210603:fontpack:79d9762, author = {Nikita Rostovtsev}, title = {{FontPack: A dangerous update Attribution secrets: Who is behind stealing credentials and bank card data by asking to install fake Flash Player, browser or font updates?}}, date = {2021-06-03}, organization = {Group-IB}, url = {https://blog.group-ib.com/fontpack}, language = {English}, urldate = {2021-06-16} } FontPack: A dangerous update Attribution secrets: Who is behind stealing credentials and bank card data by asking to install fake Flash Player, browser or font updates?
2021-05-08Group-IBSergei Kokurin
@online{kokurin:20210508:when:d913040, author = {Sergei Kokurin}, title = {{When Karma Comes Back: The rise and fall of illicit cardshop breached twice in two years}}, date = {2021-05-08}, organization = {Group-IB}, url = {https://blog.group-ib.com/swarmshop}, language = {English}, urldate = {2021-06-16} } When Karma Comes Back: The rise and fall of illicit cardshop breached twice in two years
2021-05-07Group-IBOleg Skulkin, Semyon Rogachev
@online{skulkin:20210507:connecting:49c0b13, author = {Oleg Skulkin and Semyon Rogachev}, title = {{Connecting the Bots Hancitor fuels Cuba Ransomware Operations}}, date = {2021-05-07}, organization = {Group-IB}, url = {https://blog.group-ib.com/hancitor-cuba-ransomware}, language = {English}, urldate = {2021-05-08} } Connecting the Bots Hancitor fuels Cuba Ransomware Operations
Cuba Hancitor
2021-05-06Group-IBViktor Okorokov
@online{okorokov:20210506:grelosgtm:7324b2c, author = {Viktor Okorokov}, title = {{GrelosGTM group abuses Google Tag Manager to attack e-commerce websites}}, date = {2021-05-06}, organization = {Group-IB}, url = {https://blog.group-ib.com/grelosgtm}, language = {English}, urldate = {2021-06-16} } GrelosGTM group abuses Google Tag Manager to attack e-commerce websites
2021-04-29International Computing CentreInternational Computing Centre
@online{centre:20210429:saving:cdbd9ca, author = {International Computing Centre}, title = {{Saving World Health Day: UNICC and Group-IB Take Down Scam Campaign Impersonating the World Health Organization}}, date = {2021-04-29}, organization = {International Computing Centre}, url = {https://www.unicc.org/news/2021/04/29/unicc-and-group-ib-take-down-scam-campaign/}, language = {English}, urldate = {2021-05-03} } Saving World Health Day: UNICC and Group-IB Take Down Scam Campaign Impersonating the World Health Organization
2021-04-14Group-IBVictor Okorokov
@online{okorokov:20210414:lazarus:6f74781, author = {Victor Okorokov}, title = {{Lazarus BTC Changer Back in action with JS sniffers redesigned to steal crypto}}, date = {2021-04-14}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/btc_changer}, language = {English}, urldate = {2021-06-16} } Lazarus BTC Changer Back in action with JS sniffers redesigned to steal crypto
2021-04-12Group-IBIvan Lebedev
@online{lebedev:20210412:deep:9094f6c, author = {Ivan Lebedev}, title = {{Deep water: exploring phishing kits}}, date = {2021-04-12}, organization = {Group-IB}, url = {https://blog.group-ib.com/phishing-kits}, language = {English}, urldate = {2021-06-16} } Deep water: exploring phishing kits
2021-04-05Group-IBGroup-IB
@online{groupib:20210405:kremlin:8dce4d6, author = {Group-IB}, title = {{Kremlin RATs from Nigeria}}, date = {2021-04-05}, organization = {Group-IB}, url = {https://blog.group-ib.com/rats_nigeria}, language = {English}, urldate = {2021-06-16} } Kremlin RATs from Nigeria
2021-03-15Group-IBVictor Okorokov
@online{okorokov:20210315:javascript:ec4f3b6, author = {Victor Okorokov}, title = {{JavaScript sniffers' new tricks: Analysis of the E1RB JS sniffer family}}, date = {2021-03-15}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/e1rb}, language = {English}, urldate = {2021-03-18} } JavaScript sniffers' new tricks: Analysis of the E1RB JS sniffer family
2021-03Group-IBOleg Skulkin, Roman Rezvukhin, Semyon Rogachev
@techreport{skulkin:202103:ransomware:992ca10, author = {Oleg Skulkin and Roman Rezvukhin and Semyon Rogachev}, title = {{Ransomware Uncovered 2020/2021}}, date = {2021-03}, institution = {Group-IB}, url = {https://web.archive.org/web/20210305181115/https://cisoclub.ru/doc/otchet-kompanii-group-ib-ransomware-uncovered-2020-2021/?bp-attachment=group-ib_ransomware_uncovered_2020-2021.pdf}, language = {English}, urldate = {2021-06-16} } Ransomware Uncovered 2020/2021
RansomEXX BazarBackdoor Buer Clop Conti DoppelPaymer Dridex Egregor IcedID Maze PwndLocker QakBot RansomEXX REvil Ryuk SDBbot TrickBot Zloader
2020-12-23Group-IBViktor Okorokov
@online{okorokov:20201223:new:b6c974d, author = {Viktor Okorokov}, title = {{New attacks by UltraRank group}}, date = {2020-12-23}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/ultrarank}, language = {English}, urldate = {2020-12-26} } New attacks by UltraRank group