Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-04-27Trend MicroDaniel Lunghi, Jaromír Hořejší
@online{lunghi:20220427:new:9068f6e, author = {Daniel Lunghi and Jaromír Hořejší}, title = {{New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware}}, date = {2022-04-27}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/d/new-apt-group-earth-berberoka-targets-gambling-websites-with-old.html}, language = {English}, urldate = {2022-05-04} } New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
AsyncRAT Ghost RAT PlugX Quasar RAT
2022-03-08Trend MicroJaromír Hořejší, Cedric Pernet
@online{hoej:20220308:new:7d4d70f, author = {Jaromír Hořejší and Cedric Pernet}, title = {{New RURansom Wiper Targets Russia}}, date = {2022-03-08}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/c/new-ruransom-wiper-targets-russia.html}, language = {English}, urldate = {2022-03-10} } New RURansom Wiper Targets Russia
RURansom
2021-11-29Trend MicroJaromír Hořejší
@online{hoej:20211129:campaign:6e23cf5, author = {Jaromír Hořejší}, title = {{Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites}}, date = {2021-11-29}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/k/campaign-abusing-rats-uses-fake-websites.html}, language = {English}, urldate = {2021-12-07} } Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites
AsyncRAT Azorult Nanocore RAT NjRAT RedLine Stealer Remcos
2021-09-13Trend MicroJaromír Hořejší, Daniel Lunghi
@online{hoej:20210913:aptc36:d6456f8, author = {Jaromír Hořejší and Daniel Lunghi}, title = {{APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (IOCs)}}, date = {2021-09-13}, organization = {Trend Micro}, url = {https://www.trendmicro.com/content/dam/trendmicro/global/en/research/21/i/apt-c-36-updates-its-long-term-spam-campaign-against-south-american-entities-with-commodity-rats/BlindEagleIOCList.txt}, language = {English}, urldate = {2021-09-14} } APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (IOCs)
AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos
2021-09-13Trend MicroJaromír Hořejší, Daniel Lunghi
@online{hoej:20210913:aptc36:9b97238, author = {Jaromír Hořejší and Daniel Lunghi}, title = {{APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs}}, date = {2021-09-13}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/i/apt-c-36-updates-its-long-term-spam-campaign-against-south-ameri.html}, language = {English}, urldate = {2021-09-14} } APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs
AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos
2021-08-09Trend MicroJaromír Hořejší, Joseph C. Chen
@online{hoej:20210809:cinobi:8d229dc, author = {Jaromír Hořejší and Joseph C. Chen}, title = {{Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising}}, date = {2021-08-09}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/h/cinobi-banking-trojan-targets-users-of-cryptocurrency-exchanges-.html}, language = {English}, urldate = {2021-08-09} } Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
Cinobi
2021-07-07Trend MicroJoseph C Chen, Kenney Lu, Jaromír Hořejší, Gloria Chen
@online{chen:20210707:biopass:88dcdc2, author = {Joseph C Chen and Kenney Lu and Jaromír Hořejší and Gloria Chen}, title = {{BIOPASS RAT: New Malware Sniffs Victims via Live Streaming}}, date = {2021-07-07}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/g/biopass-rat-new-malware-sniffs-victims-via-live-streaming.html}, language = {English}, urldate = {2021-07-19} } BIOPASS RAT: New Malware Sniffs Victims via Live Streaming
BIOPASS Cobalt Strike Derusbi
2021-04-28Trend MicroJaromír Hořejší, Joseph C Chen
@online{hoej:20210428:water:f769ce2, author = {Jaromír Hořejší and Joseph C Chen}, title = {{Water Pamola Attacked Online Shops Via Malicious Orders}}, date = {2021-04-28}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/d/water-pamola-attacked-online-shops-via-malicious-orders.html}, language = {English}, urldate = {2021-05-04} } Water Pamola Attacked Online Shops Via Malicious Orders
Ghost RAT
2021-04-28Trend MicroJaromír Hořejší, Joseph C Chen
@techreport{hoej:20210428:water:479b0ec, author = {Jaromír Hořejší and Joseph C Chen}, title = {{Water Pamola Attacked Online Shops Via Malicious Orders (APPENDIX)}}, date = {2021-04-28}, institution = {Trend Micro}, url = {https://documents.trendmicro.com/assets/Appendix_Water-Pamola-Attacked-Online-Shops-Via-Malicious-Orders.pdf}, language = {English}, urldate = {2021-05-08} } Water Pamola Attacked Online Shops Via Malicious Orders (APPENDIX)
2020-12-09Trend MicroJoseph C Chen, Jaromír Hořejší, Ecular Xu
@online{chen:20201209:sidewinder:a454abd, author = {Joseph C Chen and Jaromír Hořejší and Ecular Xu}, title = {{SideWinder Leverages South Asian Territorial Issues for Spear Phishing and Mobile Device Attacks}}, date = {2020-12-09}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/20/l/sidewinder-leverages-south-asian-territorial-issues-for-spear-ph.html}, language = {English}, urldate = {2020-12-10} } SideWinder Leverages South Asian Territorial Issues for Spear Phishing and Mobile Device Attacks
Meterpreter SideWinder SideWinder
2020-11-24Trend MicroJaromír Hořejší, David Fiser
@online{hoej:20201124:analysis:9e93ede, author = {Jaromír Hořejší and David Fiser}, title = {{Analysis of Kinsing Malware's Use of Rootkit}}, date = {2020-11-24}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/20/k/analysis-of-kinsing-malwares-use-of-rootkit.html}, language = {English}, urldate = {2020-11-25} } Analysis of Kinsing Malware's Use of Rootkit
Kinsing
2020-10-28Trend MicroWilliam Gamazo Sanchez, Aliakbar Zahravi, Elliot Cao, Cedric Pernet, Daniel Lunghi, Jaromír Hořejší, Joseph C Chen, John Zhang
@online{sanchez:20201028:operation:7f4b906, author = {William Gamazo Sanchez and Aliakbar Zahravi and Elliot Cao and Cedric Pernet and Daniel Lunghi and Jaromír Hořejší and Joseph C Chen and John Zhang}, title = {{Operation Earth Kitsune: A Dance of Two New Backdoors}}, date = {2020-10-28}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/20/j/operation-earth-kitsune-a-dance-of-two-new-backdoors.html}, language = {English}, urldate = {2020-10-29} } Operation Earth Kitsune: A Dance of Two New Backdoors
AgfSpy DneSpy SLUB
2020-10-19Trend MicroNelson William Gamazo Sanchez, Aliakbar Zahravi, John Zhang, Eliot Cao, Cedric Pernet, Daniel Lunghi, Jaromír Hořejší, Joseph C. Chen
@techreport{sanchez:20201019:operation:e613dd2, author = {Nelson William Gamazo Sanchez and Aliakbar Zahravi and John Zhang and Eliot Cao and Cedric Pernet and Daniel Lunghi and Jaromír Hořejší and Joseph C. Chen}, title = {{Operation Earth Kitsune: Tracking SLUB’s Current Operations}}, date = {2020-10-19}, institution = {Trend Micro}, url = {https://documents.trendmicro.com/assets/white_papers/wp-operation-earth-kitsune.pdf}, language = {English}, urldate = {2020-10-21} } Operation Earth Kitsune: Tracking SLUB’s Current Operations
SLUB
2020-10-03Trend MicroJaromír Hořejší, Daniel Lunghi, Cedric Pernet, Kazuki Fujisawa
@techreport{hoej:20201003:earth:688aaf8, author = {Jaromír Hořejší and Daniel Lunghi and Cedric Pernet and Kazuki Fujisawa}, title = {{Earth Akhlut: Exploring the Tools, Tactics, and Procedures of an Advanced Threat Actor Operating a Large Infrastructure}}, date = {2020-10-03}, institution = {Trend Micro}, url = {https://vblocalhost.com/uploads/VB2020-Lunghi-Horejsi.pdf}, language = {English}, urldate = {2020-10-06} } Earth Akhlut: Exploring the Tools, Tactics, and Procedures of an Advanced Threat Actor Operating a Large Infrastructure
Dexbia TypeHash
2020-03-11Trend MicroJaromír Hořejší, Joseph Chen
@techreport{hoej:20200311:operation:782b803, author = {Jaromír Hořejší and Joseph Chen}, title = {{Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan: Technical Brief}}, date = {2020-03-11}, institution = {Trend Micro}, url = {https://documents.trendmicro.com/assets/pdf/Tech%20Brief_Operation%20Overtrap%20Targets%20Japanese%20Online%20Banking%20Users.pdf}, language = {English}, urldate = {2020-03-11} } Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan: Technical Brief
Cinobi
2020-03-11Trend MicroJaromír Hořejší, Joseph Chen
@online{hoej:20200311:operation:f03d64e, author = {Jaromír Hořejší and Joseph Chen}, title = {{Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan}}, date = {2020-03-11}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/operation-overtrap-targets-japanese-online-banking-users-via-bottle-exploit-kit-and-brand-new-cinobi-banking-trojan/}, language = {English}, urldate = {2020-03-11} } Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan
Cinobi
2019-10-02Virus BulletinDaniel Lunghi, Jaromír Hořejší
@techreport{lunghi:20191002:abusing:3c9a1b7, author = {Daniel Lunghi and Jaromír Hořejší}, title = {{Abusing third-party cloud services in targeted attacks}}, date = {2019-10-02}, institution = {Virus Bulletin}, url = {https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-LunghiHorejsi.pdf}, language = {English}, urldate = {2020-01-13} } Abusing third-party cloud services in targeted attacks
BadNews SLUB
2019-10-01Trend MicroJaromír Hořejší, Joseph C. Chen
@techreport{hoej:20191001:new:4a49a90, author = {Jaromír Hořejší and Joseph C. Chen}, title = {{New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign}}, date = {2019-10-01}, institution = {Trend Micro}, url = {https://documents.trendmicro.com/assets/Tech-Brief-New-Fileless-Botnet-Novter-Distributed-by-KovCoreG-Malvertising-Campaign.pdf}, language = {English}, urldate = {2019-12-18} } New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign
Divergent
2019-10-01Trend MicroJaromír Hořejší, Joseph C. Chen
@online{hoej:20191001:new:feb95a9, author = {Jaromír Hořejší and Joseph C. Chen}, title = {{New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign}}, date = {2019-10-01}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/new-fileless-botnet-novter-distributed-by-kovcoreg-malvertising-campaign/}, language = {English}, urldate = {2019-10-15} } New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign
Divergent
2019-09-04Trend MicroJaromír Hořejší, Joseph C. Chen
@online{hoej:20190904:glupteba:230e916, author = {Jaromír Hořejší and Joseph C. Chen}, title = {{Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions}}, date = {2019-09-04}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/glupteba-campaign-hits-network-routers-and-updates-cc-servers-with-data-from-bitcoin-transactions/}, language = {English}, urldate = {2020-01-10} } Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions
Glupteba