Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-08-12Trend MicroDaniel Lunghi, Jaromír Hořejší
@online{lunghi:20220812:iron:c55d0cd, author = {Daniel Lunghi and Jaromír Hořejší}, title = {{Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users}}, date = {2022-08-12}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/h/irontiger-compromises-chat-app-Mimi-targets-windows-mac-linux-users.html}, language = {English}, urldate = {2022-08-18} } Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users
Rshell HyperBro
2022-08-12Trend MicroDaniel Lunghi, Jaromír Hořejší
@online{lunghi:20220812:iron:38c15d7, author = {Daniel Lunghi and Jaromír Hořejší}, title = {{Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users (IOCs)}}, date = {2022-08-12}, organization = {Trend Micro}, url = {https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/iron-tiger-compromises-chat-application-mimi,-targets-windows,-mac,-and-linux-users/IOCs-IronTiger-compromises-chat-application-mimi-targets-windows-mac-linux-users.txt}, language = {English}, urldate = {2022-08-18} } Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users (IOCs)
HyperBro
2022-08-11Trend MicroJaromír Hořejší, Joseph C Chen
@online{hoej:20220811:copperstealer:9382550, author = {Jaromír Hořejší and Joseph C Chen}, title = {{CopperStealer Distributes Malicious Chromium-based Browser Extension to Steal Cryptocurrencies}}, date = {2022-08-11}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/h/copperstealer-distributes-malicious-chromium-browser-extension-steal-cryptocurrencies.html}, language = {English}, urldate = {2022-08-15} } CopperStealer Distributes Malicious Chromium-based Browser Extension to Steal Cryptocurrencies
CopperStealer
2022-05-23Trend MicroDaniel Lunghi, Jaromír Hořejší
@techreport{lunghi:20220523:operation:e3c402b, author = {Daniel Lunghi and Jaromír Hořejší}, title = {{Operation Earth Berberoka}}, date = {2022-05-23}, institution = {Trend Micro}, url = {https://documents.trendmicro.com/assets/white_papers/wp-operation-earth-berberoka.pdf}, language = {English}, urldate = {2022-07-25} } Operation Earth Berberoka
reptile oRAT Ghost RAT PlugX pupy Earth Berberoka
2022-05-07YouTube (botconf eu)Daniel Lunghi, Jaromír Hořejší
@online{lunghi:20220507:operation:749c341, author = {Daniel Lunghi and Jaromír Hořejší}, title = {{Operation Gamblingpuppet: Analysis Of A Multiplatform Campaign Targeting Online Gambling Customers}}, date = {2022-05-07}, organization = {YouTube (botconf eu)}, url = {https://www.youtube.com/watch?v=QXGO4RJaUPQ}, language = {English}, urldate = {2022-07-25} } Operation Gamblingpuppet: Analysis Of A Multiplatform Campaign Targeting Online Gambling Customers
Earth Berberoka
2022-04-27Trend MicroDaniel Lunghi, Jaromír Hořejší
@online{lunghi:20220427:new:9068f6e, author = {Daniel Lunghi and Jaromír Hořejší}, title = {{New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware}}, date = {2022-04-27}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/d/new-apt-group-earth-berberoka-targets-gambling-websites-with-old.html}, language = {English}, urldate = {2022-05-04} } New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
AsyncRAT Ghost RAT PlugX Quasar RAT Earth Berberoka
2022-04-27TrendmicroDaniel Lunghi, Jaromír Hořejší
@techreport{lunghi:20220427:operation:bdba881, author = {Daniel Lunghi and Jaromír Hořejší}, title = {{Operation Gambling Puppet}}, date = {2022-04-27}, institution = {Trendmicro}, url = {https://www.botconf.eu/wp-content/uploads/2022/05/Botconf2022-40-LunghiHorejsi.pdf}, language = {English}, urldate = {2022-07-25} } Operation Gambling Puppet
reptile oRAT AsyncRAT Cobalt Strike DCRat Ghost RAT PlugX Quasar RAT Trochilus RAT Earth Berberoka
2022-03-08Trend MicroJaromír Hořejší, Cedric Pernet
@online{hoej:20220308:new:7d4d70f, author = {Jaromír Hořejší and Cedric Pernet}, title = {{New RURansom Wiper Targets Russia}}, date = {2022-03-08}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/c/new-ruransom-wiper-targets-russia.html}, language = {English}, urldate = {2022-03-10} } New RURansom Wiper Targets Russia
RURansom
2022-01-17Trend MicroJoseph Chen, Kenney Lu, Gloria Chen, Jaromír Hořejší, Daniel Lunghi, Cedric Pernet
@techreport{chen:20220117:delving:4cd2b1c, author = {Joseph Chen and Kenney Lu and Gloria Chen and Jaromír Hořejší and Daniel Lunghi and Cedric Pernet}, title = {{Delving Deep: An Analysis of Earth Lusca’s Operations}}, date = {2022-01-17}, institution = {Trend Micro}, url = {https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf}, language = {English}, urldate = {2022-07-25} } Delving Deep: An Analysis of Earth Lusca’s Operations
BIOPASS Cobalt Strike FunnySwitch JuicyPotato ShadowPad Winnti Earth Lusca
2021-11-29Trend MicroJaromír Hořejší
@online{hoej:20211129:campaign:6e23cf5, author = {Jaromír Hořejší}, title = {{Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites}}, date = {2021-11-29}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/k/campaign-abusing-rats-uses-fake-websites.html}, language = {English}, urldate = {2021-12-07} } Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites
AsyncRAT Azorult Nanocore RAT NjRAT RedLine Stealer Remcos
2021-09-13Trend MicroJaromír Hořejší, Daniel Lunghi
@online{hoej:20210913:aptc36:d6456f8, author = {Jaromír Hořejší and Daniel Lunghi}, title = {{APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (IOCs)}}, date = {2021-09-13}, organization = {Trend Micro}, url = {https://www.trendmicro.com/content/dam/trendmicro/global/en/research/21/i/apt-c-36-updates-its-long-term-spam-campaign-against-south-american-entities-with-commodity-rats/BlindEagleIOCList.txt}, language = {English}, urldate = {2021-09-14} } APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (IOCs)
AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos
2021-09-13Trend MicroJaromír Hořejší, Daniel Lunghi
@online{hoej:20210913:aptc36:9b97238, author = {Jaromír Hořejší and Daniel Lunghi}, title = {{APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs}}, date = {2021-09-13}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/i/apt-c-36-updates-its-long-term-spam-campaign-against-south-ameri.html}, language = {English}, urldate = {2021-09-14} } APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs
AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos
2021-08-09Trend MicroJaromír Hořejší, Joseph C. Chen
@online{hoej:20210809:cinobi:8d229dc, author = {Jaromír Hořejší and Joseph C. Chen}, title = {{Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising}}, date = {2021-08-09}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/h/cinobi-banking-trojan-targets-users-of-cryptocurrency-exchanges-.html}, language = {English}, urldate = {2021-08-09} } Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
Cinobi
2021-07-07Trend MicroJoseph C Chen, Kenney Lu, Jaromír Hořejší, Gloria Chen
@online{chen:20210707:biopass:88dcdc2, author = {Joseph C Chen and Kenney Lu and Jaromír Hořejší and Gloria Chen}, title = {{BIOPASS RAT: New Malware Sniffs Victims via Live Streaming}}, date = {2021-07-07}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/g/biopass-rat-new-malware-sniffs-victims-via-live-streaming.html}, language = {English}, urldate = {2021-07-19} } BIOPASS RAT: New Malware Sniffs Victims via Live Streaming
BIOPASS Cobalt Strike Derusbi
2021-04-28Trend MicroJaromír Hořejší, Joseph C Chen
@techreport{hoej:20210428:water:479b0ec, author = {Jaromír Hořejší and Joseph C Chen}, title = {{Water Pamola Attacked Online Shops Via Malicious Orders (APPENDIX)}}, date = {2021-04-28}, institution = {Trend Micro}, url = {https://documents.trendmicro.com/assets/Appendix_Water-Pamola-Attacked-Online-Shops-Via-Malicious-Orders.pdf}, language = {English}, urldate = {2021-05-08} } Water Pamola Attacked Online Shops Via Malicious Orders (APPENDIX)
2021-04-28Trend MicroJaromír Hořejší, Joseph C Chen
@online{hoej:20210428:water:f769ce2, author = {Jaromír Hořejší and Joseph C Chen}, title = {{Water Pamola Attacked Online Shops Via Malicious Orders}}, date = {2021-04-28}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/d/water-pamola-attacked-online-shops-via-malicious-orders.html}, language = {English}, urldate = {2021-05-04} } Water Pamola Attacked Online Shops Via Malicious Orders
Ghost RAT
2020-12-09Trend MicroJoseph C Chen, Jaromír Hořejší, Ecular Xu
@online{chen:20201209:sidewinder:a454abd, author = {Joseph C Chen and Jaromír Hořejší and Ecular Xu}, title = {{SideWinder Leverages South Asian Territorial Issues for Spear Phishing and Mobile Device Attacks}}, date = {2020-12-09}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/20/l/sidewinder-leverages-south-asian-territorial-issues-for-spear-ph.html}, language = {English}, urldate = {2020-12-10} } SideWinder Leverages South Asian Territorial Issues for Spear Phishing and Mobile Device Attacks
Meterpreter SideWinder RAZOR TIGER
2020-11-24Trend MicroJaromír Hořejší, David Fiser
@online{hoej:20201124:analysis:9e93ede, author = {Jaromír Hořejší and David Fiser}, title = {{Analysis of Kinsing Malware's Use of Rootkit}}, date = {2020-11-24}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/20/k/analysis-of-kinsing-malwares-use-of-rootkit.html}, language = {English}, urldate = {2020-11-25} } Analysis of Kinsing Malware's Use of Rootkit
Kinsing Kinsing
2020-10-28Trend MicroWilliam Gamazo Sanchez, Aliakbar Zahravi, Elliot Cao, Cedric Pernet, Daniel Lunghi, Jaromír Hořejší, Joseph C Chen, John Zhang
@online{sanchez:20201028:operation:7f4b906, author = {William Gamazo Sanchez and Aliakbar Zahravi and Elliot Cao and Cedric Pernet and Daniel Lunghi and Jaromír Hořejší and Joseph C Chen and John Zhang}, title = {{Operation Earth Kitsune: A Dance of Two New Backdoors}}, date = {2020-10-28}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/20/j/operation-earth-kitsune-a-dance-of-two-new-backdoors.html}, language = {English}, urldate = {2020-10-29} } Operation Earth Kitsune: A Dance of Two New Backdoors
AgfSpy DneSpy SLUB
2020-10-19Trend MicroNelson William Gamazo Sanchez, Aliakbar Zahravi, John Zhang, Eliot Cao, Cedric Pernet, Daniel Lunghi, Jaromír Hořejší, Joseph C. Chen
@techreport{sanchez:20201019:operation:e613dd2, author = {Nelson William Gamazo Sanchez and Aliakbar Zahravi and John Zhang and Eliot Cao and Cedric Pernet and Daniel Lunghi and Jaromír Hořejší and Joseph C. Chen}, title = {{Operation Earth Kitsune: Tracking SLUB’s Current Operations}}, date = {2020-10-19}, institution = {Trend Micro}, url = {https://documents.trendmicro.com/assets/white_papers/wp-operation-earth-kitsune.pdf}, language = {English}, urldate = {2020-10-21} } Operation Earth Kitsune: Tracking SLUB’s Current Operations
SLUB