Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-17Group-IBNikita Rostovtsev, Joshua Penny, Yashraj Solanki
@online{rostovtsev:20230517:distinctive:c4bc5d4, author = {Nikita Rostovtsev and Joshua Penny and Yashraj Solanki}, title = {{The distinctive rattle of APT SideWinder}}, date = {2023-05-17}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/hunting-sidewinder/}, language = {English}, urldate = {2023-05-17} } The distinctive rattle of APT SideWinder
SideWinder
2023-05-08cocomelonccocomelonc
@online{cocomelonc:20230508:malware:d344f4a, author = {cocomelonc}, title = {{Malware analysis report: WinDealer (LuoYu Threat Group)}}, date = {2023-05-08}, organization = {cocomelonc}, url = {https://mssplab.github.io/threat-hunting/2023/05/08/malware-analysis-windealer.html}, language = {English}, urldate = {2023-05-10} } Malware analysis report: WinDealer (LuoYu Threat Group)
WinDealer
2023-05-08BlackberryBlackBerry Research & Intelligence Team
@online{team:20230508:sidewinder:ab9205d, author = {BlackBerry Research & Intelligence Team}, title = {{SideWinder Uses Server-side Polymorphism to Attack Pakistan Government Officials — and Is Now Targeting Turkey}}, date = {2023-05-08}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2023/05/sidewinder-uses-server-side-polymorphism-to-target-pakistan}, language = {English}, urldate = {2023-05-10} } SideWinder Uses Server-side Polymorphism to Attack Pakistan Government Officials — and Is Now Targeting Turkey
2023-04-24CoinDeskNikhilesh De, Jesse Hamilton
@online{de:20230424:us:baa28b6, author = {Nikhilesh De and Jesse Hamilton}, title = {{U.S. Sanctions 3 North Koreans for Supporting Hacking Group Known for Crypto Thefts}}, date = {2023-04-24}, organization = {CoinDesk}, url = {https://www.coindesk.com/policy/2023/04/24/us-sanctions-3-north-koreans-for-supporting-hacking-group-known-for-crypto-thefts/}, language = {English}, urldate = {2023-04-25} } U.S. Sanctions 3 North Koreans for Supporting Hacking Group Known for Crypto Thefts
2023-01-05Check Point ResearchMarc Salinas Fernandez
@online{fernandez:20230105:blindeagle:28f3d1c, author = {Marc Salinas Fernandez}, title = {{Blindeagle Targeting Ecuador with Sharpened Tools}}, date = {2023-01-05}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2023/blindeagle-targeting-ecuador-with-sharpened-tools/}, language = {English}, urldate = {2023-12-04} } Blindeagle Targeting Ecuador with Sharpened Tools
2022-12-08ThreatFabricThreatFabric
@online{threatfabric:20221208:zombinder:e82734d, author = {ThreatFabric}, title = {{Zombinder: new obfuscation service used by Ermac, now distributed next to desktop stealers}}, date = {2022-12-08}, organization = {ThreatFabric}, url = {https://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html}, language = {English}, urldate = {2022-12-08} } Zombinder: new obfuscation service used by Ermac, now distributed next to desktop stealers
ERMAC Xenomorph
2022-11-04Github (hktalent)51pwn
@online{51pwn:20221104:behinder:2fe7382, author = {51pwn}, title = {{Behinder Mem Shell}}, date = {2022-11-04}, organization = {Github (hktalent)}, url = {https://github.com/hktalent/MyDocs/blob/main/BehinderShell.md}, language = {Chinese}, urldate = {2023-02-22} } Behinder Mem Shell
Behinder
2022-09-01ZscalerAtinderpal Singh, Brett Stone-Gross
@online{singh:20220901:no:82c1b51, author = {Atinderpal Singh and Brett Stone-Gross}, title = {{No Honor Among Thieves - Prynt Stealer’s Backdoor Exposed}}, date = {2022-09-01}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/no-honor-among-thieves-prynt-stealers-backdoor-exposed}, language = {English}, urldate = {2022-09-07} } No Honor Among Thieves - Prynt Stealer’s Backdoor Exposed
DarkEye Prynt Stealer WorldWind
2022-08-01ZscalerAtinderpal Singh
@online{singh:20220801:technical:ab3b0b8, author = {Atinderpal Singh}, title = {{Technical Analysis of Industrial Spy Ransomware}}, date = {2022-08-01}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/technical-analysis-industrial-spy-ransomware}, language = {English}, urldate = {2022-08-02} } Technical Analysis of Industrial Spy Ransomware
Industrial Spy
2022-07-20QianxinRed Raindrops Team
@online{team:20220720:sidewinder:8d70604, author = {Red Raindrops Team}, title = {{The Sidewinder (APT-Q-39) uses Google Play to spread an analysis of malicious Android software}}, date = {2022-07-20}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/analysis-of-malware-android-software-spread-by-sidewinder-using-google-play/}, language = {Chinese}, urldate = {2022-08-02} } The Sidewinder (APT-Q-39) uses Google Play to spread an analysis of malicious Android software
SideWinder
2022-07-14SophosAndrew Brandt, Sergio Bestulic, Harinder Bhathal, Andy French, Bill Kearney, Lee Kirkpatrick, Elida Leite, Peter Mackenzie, Robert Weiland
@online{brandt:20220714:blackcat:745470a, author = {Andrew Brandt and Sergio Bestulic and Harinder Bhathal and Andy French and Bill Kearney and Lee Kirkpatrick and Elida Leite and Peter Mackenzie and Robert Weiland}, title = {{BlackCat ransomware attacks not merely a byproduct of bad luck}}, date = {2022-07-14}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/07/14/blackcat-ransomware-attacks-not-merely-a-byproduct-of-bad-luck/}, language = {English}, urldate = {2022-07-25} } BlackCat ransomware attacks not merely a byproduct of bad luck
BlackCat BlackCat
2022-07-13Check PointCheck Point Research
@online{research:20220713:hit:79199ac, author = {Check Point Research}, title = {{A Hit is made: Suspected India-based Sidewinder APT successfully cyber attacks Pakistan military focused targets}}, date = {2022-07-13}, organization = {Check Point}, url = {https://blog.checkpoint.com/2022/07/13/a-hit-is-made-suspected-india-based-sidewinder-apt-successfully-cyber-attacks-pakistan-military-focused-targets/}, language = {English}, urldate = {2022-07-15} } A Hit is made: Suspected India-based Sidewinder APT successfully cyber attacks Pakistan military focused targets
Unidentified 093 (Sidewinder)
2022-06-30BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220630:threat:555a16b, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: China-Based APT Plays Auto-Updater Card to Deliver WinDealer Malware}}, date = {2022-06-30}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/06/threat-thursday-china-based-apt-plays-auto-updater-card-to-deliver-windealer-malware}, language = {English}, urldate = {2022-07-18} } Threat Thursday: China-Based APT Plays Auto-Updater Card to Deliver WinDealer Malware
WinDealer Red Nue
2022-06-02Kaspersky LabsGReAT
@online{great:20220602:windealer:a54c8c9, author = {GReAT}, title = {{WinDealer dealing on the side}}, date = {2022-06-02}, organization = {Kaspersky Labs}, url = {https://securelist.com/windealer-dealing-on-the-side/105946}, language = {English}, urldate = {2022-07-25} } WinDealer dealing on the side
WinDealer Red Nue
2022-06-02Kaspersky LabsGReAT
@online{great:20220602:windealer:04ad2d0, author = {GReAT}, title = {{WinDealer dealing on the side}}, date = {2022-06-02}, organization = {Kaspersky Labs}, url = {https://securelist.com/windealer-dealing-on-the-side/105946/}, language = {English}, urldate = {2022-06-04} } WinDealer dealing on the side
WinDealer
2022-06-01Group-IBNikita Rostovcev, Alexander Badaev
@online{rostovcev:20220601:sidewinderantibotscript:62cb932, author = {Nikita Rostovcev and Alexander Badaev}, title = {{SideWinder.AntiBot.Script Analysis of SideWinder's new infrastructure and tool that narrows their reach to Pakistan}}, date = {2022-06-01}, organization = {Group-IB}, url = {https://blog.group-ib.com/sidewinder-antibot}, language = {English}, urldate = {2022-06-02} } SideWinder.AntiBot.Script Analysis of SideWinder's new infrastructure and tool that narrows their reach to Pakistan
2022-05-18Weixin360 Threat Intelligence Center
@online{center:20220518:filesyncshelldll:4266601, author = {360 Threat Intelligence Center}, title = {{filesyncshell.dll hijacked? APT-C-24 Sidewinder Briefing on the Latest Attack Activity}}, date = {2022-05-18}, organization = {Weixin}, url = {https://mp.weixin.qq.com/s/qsGxZIiTsuI7o-_XmiHLHg}, language = {Chinese}, urldate = {2022-05-25} } filesyncshell.dll hijacked? APT-C-24 Sidewinder Briefing on the Latest Attack Activity
2022-01-06VMRayVMRay Labs Team
@online{team:20220106:malware:f4efbd5, author = {VMRay Labs Team}, title = {{Malware Analysis Spotlight: XLoader’ Cross-platform Support Utilizing XBinder}}, date = {2022-01-06}, organization = {VMRay}, url = {https://www.vmray.com/cyber-security-blog/malware-analysis-spotlight-xbinder-xloader/}, language = {English}, urldate = {2022-01-25} } Malware Analysis Spotlight: XLoader’ Cross-platform Support Utilizing XBinder
Xloader
2021-11-18SophosSean Gallagher, Vikas Singh, Robert Weiland, Elida Leite, Kyle Link, Ratul Ghosh, Harinder Bhathal, Sergio Bestuilic, Ferenc László Nagy, Rahul Dugar, Nirav Parekh, Gabor Szappanos
@online{gallagher:20211118:new:31668c5, author = {Sean Gallagher and Vikas Singh and Robert Weiland and Elida Leite and Kyle Link and Ratul Ghosh and Harinder Bhathal and Sergio Bestuilic and Ferenc László Nagy and Rahul Dugar and Nirav Parekh and Gabor Szappanos}, title = {{New ransomware actor uses password-protected archives to bypass encryption protection}}, date = {2021-11-18}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/?cmp=30728}, language = {English}, urldate = {2021-11-19} } New ransomware actor uses password-protected archives to bypass encryption protection
2021-10-26JPCERT/CCYuma Masubuchi
@online{masubuchi:20211026:malware:44bce23, author = {Yuma Masubuchi}, title = {{Malware WinDealer used by LuoYu Attack Group}}, date = {2021-10-26}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2021/10/windealer.html}, language = {English}, urldate = {2021-11-03} } Malware WinDealer used by LuoYu Attack Group
WinDealer Red Nue