Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-13IntezerAvigayil Mechtinger, Ryan Robinson, Joakim Kennedy
@online{mechtinger:20210913:vermilion:ff1ee5f, author = {Avigayil Mechtinger and Ryan Robinson and Joakim Kennedy}, title = {{Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike}}, date = {2021-09-13}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/vermilionstrike-reimplementation-cobaltstrike/}, language = {English}, urldate = {2021-09-14} } Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike
Vermilion Strike Vermilion Strike
2021-09IntezerIntezer
@techreport{intezer:202109:teamtnt:425ab21, author = {Intezer}, title = {{TeamTNT: Cryptomining Explosion}}, date = {2021-09}, institution = {Intezer}, url = {https://www.intezer.com/wp-content/uploads/2021/09/TeamTNT-Cryptomining-Explosion.pdf}, language = {English}, urldate = {2021-09-19} } TeamTNT: Cryptomining Explosion
TeamTNT Tsunami
2021-08-18IntezerRyan Robinson
@online{robinson:20210818:cobalt:965e1a9, author = {Ryan Robinson}, title = {{Cobalt Strike: Detect this Persistent Threat}}, date = {2021-08-18}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/cobalt-strike-detect-this-persistent-threat/}, language = {English}, urldate = {2021-08-25} } Cobalt Strike: Detect this Persistent Threat
Cobalt Strike
2021-08-10IntezerGiancarlo Lezama
@online{lezama:20210810:fast:0b4334e, author = {Giancarlo Lezama}, title = {{Fast Insights for a Microsoft-Signed Netfilter Rootkit}}, date = {2021-08-10}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/fast-insights-for-a-microsoft-signed-netfilter-rootkit/}, language = {English}, urldate = {2021-08-25} } Fast Insights for a Microsoft-Signed Netfilter Rootkit
NetfilterRootkit
2021-07-14IntezerAvigayil Mechtinger
@online{mechtinger:20210714:targeted:ca00788, author = {Avigayil Mechtinger}, title = {{Targeted Phishing Attack against Ukrainian Government Expands to Georgia}}, date = {2021-07-14}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/}, language = {English}, urldate = {2021-07-20} } Targeted Phishing Attack against Ukrainian Government Expands to Georgia
Unidentified 083 (AutoIT Stealer)
2021-07-07IntezerRyan Robinson, Nicole Fishbein
@online{robinson:20210707:global:ffc5f8e, author = {Ryan Robinson and Nicole Fishbein}, title = {{Global Phishing Campaign Targets Energy Sector and its Suppliers}}, date = {2021-07-07}, organization = {Intezer}, url = {https://www.intezer.com/blog/research/global-phishing-campaign-targets-energy-sector-and-its-suppliers/}, language = {English}, urldate = {2021-07-09} } Global Phishing Campaign Targets Energy Sector and its Suppliers
2021-06-29Twitter (@IntezerLabs)Intezer
@online{intezer:20210629:unknown:1f1f2d3, author = {Intezer}, title = {{Tweet on unknown elf backdoor based on an open source remote shell named "amcsh"}}, date = {2021-06-29}, organization = {Twitter (@IntezerLabs)}, url = {https://twitter.com/IntezerLabs/status/1409844721992749059}, language = {English}, urldate = {2021-08-11} } Tweet on unknown elf backdoor based on an open source remote shell named "amcsh"
BioSet
2021-06-23Twitter (@IntezerLabs)Intezer
@online{intezer:20210623:linux:310f62b, author = {Intezer}, title = {{Tweet on linux version of Derusbi}}, date = {2021-06-23}, organization = {Twitter (@IntezerLabs)}, url = {https://twitter.com/IntezerLabs/status/1407676522534735873?s=20}, language = {English}, urldate = {2021-07-26} } Tweet on linux version of Derusbi
Derusbi
2021-06-17IntezerRyan Robinson
@online{robinson:20210617:klingon:ed4d44f, author = {Ryan Robinson}, title = {{Klingon RAT Holding on for Dear Life}}, date = {2021-06-17}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/klingon-rat-holding-on-for-dear-life/}, language = {English}, urldate = {2021-06-21} } Klingon RAT Holding on for Dear Life
KlingonRAT
2021-04-20IntezerJoakim Kennedy
@online{kennedy:20210420:habitsrat:0cfa312, author = {Joakim Kennedy}, title = {{HabitsRAT Used to Target Linux and Windows Servers}}, date = {2021-04-20}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/habitsrat-used-to-target-linux-and-windows-servers/}, language = {English}, urldate = {2021-04-28} } HabitsRAT Used to Target Linux and Windows Servers
HabitsRAT
2021-04-20IntezerJoakim Kennedy
@online{kennedy:20210420:habitsrat:66ff4cf, author = {Joakim Kennedy}, title = {{HabitsRAT Used to Target Linux and Windows Servers}}, date = {2021-04-20}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/habitsrat-used-to-target-linux-and-windows-servers/}, language = {English}, urldate = {2021-04-20} } HabitsRAT Used to Target Linux and Windows Servers
HabitsRAT
2021-04-06IntezerNicole Fishbein
@online{fishbein:20210406:rocke:bf33dc9, author = {Nicole Fishbein}, title = {{Rocke Group Actively Targeting the Cloud: Wants Your SSH Keys}}, date = {2021-04-06}, organization = {Intezer}, url = {https://www.intezer.com/blog/cloud-security/rocke-group-actively-targeting-the-cloud-wants-your-ssh-keys}, language = {English}, urldate = {2021-04-06} } Rocke Group Actively Targeting the Cloud: Wants Your SSH Keys
2021-03-10IntezerAvigayil Mechtinger, Joakim Kennedy
@online{mechtinger:20210310:new:1e588f7, author = {Avigayil Mechtinger and Joakim Kennedy}, title = {{New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor}}, date = {2021-03-10}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/new-linux-backdoor-redxor-likely-operated-by-chinese-nation-state-actor/}, language = {English}, urldate = {2021-03-11} } New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor
RedXOR XOR DDoS
2021-03-02IntezerJoakim Kennedy
@online{kennedy:20210302:when:b33af31, author = {Joakim Kennedy}, title = {{When Viruses Mutate: Did SunCrypt Ransomware Evolve from QNAPCrypt?}}, date = {2021-03-02}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/when-viruses-mutate-did-suncrypt-ransomware-evolve-from-qnapcrypt}, language = {English}, urldate = {2021-03-04} } When Viruses Mutate: Did SunCrypt Ransomware Evolve from QNAPCrypt?
QNAPCrypt SunCrypt
2021-02-25IntezerIntezer
@techreport{intezer:20210225:year:eb47cd1, author = {Intezer}, title = {{Year of the Gopher A 2020 Go Malware Round-Up}}, date = {2021-02-25}, institution = {Intezer}, url = {https://www.intezer.com/wp-content/uploads/2021/02/Intezer-2020-Go-Malware-Round-Up.pdf}, language = {English}, urldate = {2021-06-30} } Year of the Gopher A 2020 Go Malware Round-Up
NiuB WellMail elf.wellmess ArdaMax AsyncRAT CyberGate DarkComet Glupteba Nanocore RAT Nefilim NjRAT Quasar RAT WellMess Zebrocy
2021-02-17IntezerAvigayil Mechtinger
@online{mechtinger:20210217:elf:8a511f1, author = {Avigayil Mechtinger}, title = {{ELF Malware Analysis 101: Part 3 - Advanced Analysis}}, date = {2021-02-17}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/elf-malware-analysis-101-part-3-advanced-analysis/}, language = {English}, urldate = {2021-02-18} } ELF Malware Analysis 101: Part 3 - Advanced Analysis
Rekoobe
2021-01-27IntezerPaul Litvak
@online{litvak:20210127:how:6561882, author = {Paul Litvak}, title = {{How We Hacked Azure Functions and Escaped Docker}}, date = {2021-01-27}, organization = {Intezer}, url = {https://www.intezer.com/blog/research/how-we-hacked-azure-functions-and-escaped-docker/}, language = {English}, urldate = {2021-01-27} } How We Hacked Azure Functions and Escaped Docker
2021-01-13IntezerNicole Fishbein
@online{fishbein:20210113:rare:b2fe9e5, author = {Nicole Fishbein}, title = {{A Rare Look Inside a Cryptojacking Campaign and its Profit}}, date = {2021-01-13}, organization = {Intezer}, url = {https://www.intezer.com/blog/research/a-rare-look-inside-a-cryptojacking-campaign-and-its-profit/}, language = {English}, urldate = {2021-01-18} } A Rare Look Inside a Cryptojacking Campaign and its Profit
2021-01-05IntezerAvigayil Mechtinger
@online{mechtinger:20210105:operation:f1c8f31, author = {Avigayil Mechtinger}, title = {{Operation ElectroRAT: Attacker Creates Fake Companies to Drain Your Crypto Wallets}}, date = {2021-01-05}, organization = {Intezer}, url = {https://www.intezer.com/blog/research/operation-electrorat-attacker-creates-fake-companies-to-drain-your-crypto-wallets/}, language = {English}, urldate = {2021-01-11} } Operation ElectroRAT: Attacker Creates Fake Companies to Drain Your Crypto Wallets
ElectroRAT
2020-12-29IntezerAvigayil Mechtinger
@online{mechtinger:20201229:early:b25a2da, author = {Avigayil Mechtinger}, title = {{Early Bird Catches the Worm: New Golang Worm Drops XMRig Miner on Servers}}, date = {2020-12-29}, organization = {Intezer}, url = {https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/}, language = {English}, urldate = {2021-01-05} } Early Bird Catches the Worm: New Golang Worm Drops XMRig Miner on Servers