Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-04-27LookoutKyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht
@online{schmittle:20230427:lookout:3956976, author = {Kyle Schmittle and Alemdar Islamoglu and Paul Shunk and Justin Albrecht}, title = {{Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy}}, date = {2023-04-27}, organization = {Lookout}, url = {https://www.lookout.com/blog/iranian-spyware-bouldspy}, language = {English}, urldate = {2023-05-30} } Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy
DAAM
2023-04-19MicrosoftJustin Warner, Microsoft Threat Intelligence Center (MSTIC)
@online{warner:20230419:exploring:c68c1d0, author = {Justin Warner and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Exploring STRONTIUM's Abuse of Cloud Services}}, date = {2023-04-19}, organization = {Microsoft}, url = {https://www.youtube.com/watch?v=_qdCGgQlHJE}, language = {English}, urldate = {2023-04-22} } Exploring STRONTIUM's Abuse of Cloud Services
FusionDrive
2022-12-13Margin ResearchJustin Sherman
@online{sherman:20221213:analyzing:a56b53e, author = {Justin Sherman}, title = {{Analyzing Russian SDK Pushwoosh and Russian Code Contributions}}, date = {2022-12-13}, organization = {Margin Research}, url = {https://margin.re/2022/12/analyzing-russian-sdk-pushwoosh-and-russian-code-contributions/}, language = {English}, urldate = {2022-12-15} } Analyzing Russian SDK Pushwoosh and Russian Code Contributions
2022-11-18Atlantic CouncilJustin Sherman
@online{sherman:20221118:gru:afc977c, author = {Justin Sherman}, title = {{GRU 26165: The Russian cyber unit that hacks targets on-site}}, date = {2022-11-18}, organization = {Atlantic Council}, url = {https://www.atlanticcouncil.org/content-series/tech-at-the-leading-edge/the-russian-cyber-unit-that-hacks-targets-on-site/}, language = {English}, urldate = {2022-12-20} } GRU 26165: The Russian cyber unit that hacks targets on-site
EternalPetya
2022-06-16LookoutJustin Albrecht, Paul Shunk
@online{albrecht:20220616:lookout:854484b, author = {Justin Albrecht and Paul Shunk}, title = {{Lookout Uncovers Android Spyware Deployed in Kazakhstan}}, date = {2022-06-16}, organization = {Lookout}, url = {https://www.lookout.com/blog/hermit-spyware-discovery}, language = {English}, urldate = {2022-07-01} } Lookout Uncovers Android Spyware Deployed in Kazakhstan
2022-06-16Justin Albrecht, Paul Shunk
@online{albrecht:20220616:lookout:9bc50ad, author = {Justin Albrecht and Paul Shunk}, title = {{Lookout Uncovers Android Spyware Deployed in Kazakhstan}}, date = {2022-06-16}, url = {https://de.lookout.com/blog/hermit-spyware-discovery}, language = {English}, urldate = {2022-07-01} } Lookout Uncovers Android Spyware Deployed in Kazakhstan
Hermit
2022-05-25Trend MicroArianne Dela Cruz, Byron Gelera, McJustine De Guzman, Warren Sto.Tomas
@online{cruz:20220525:new:43d8257, author = {Arianne Dela Cruz and Byron Gelera and McJustine De Guzman and Warren Sto.Tomas}, title = {{New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices}}, date = {2022-05-25}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/e/new-linux-based-ransomware-cheerscrypt-targets-exsi-devices.html}, language = {English}, urldate = {2022-05-29} } New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices
2022-05-05Cisco TalosJung soo An, Asheer Malhotra, Justin Thattil, Aliza Berk, Kendall McKay
@online{an:20220505:mustang:cbc06e9, author = {Jung soo An and Asheer Malhotra and Justin Thattil and Aliza Berk and Kendall McKay}, title = {{Mustang Panda deploys a new wave of malware targeting Europe}}, date = {2022-05-05}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/05/mustang-panda-targets-europe.html}, language = {English}, urldate = {2022-05-05} } Mustang Panda deploys a new wave of malware targeting Europe
Cobalt Strike Meterpreter PlugX
2022-03-29Cisco TalosAsheer Malhotra, Justin Thattil, Kendall McKay
@online{malhotra:20220329:transparent:dcf66a7, author = {Asheer Malhotra and Justin Thattil and Kendall McKay}, title = {{Transparent Tribe campaign uses new bespoke malware to target Indian government officials}}, date = {2022-03-29}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html?m=1}, language = {English}, urldate = {2022-03-30} } Transparent Tribe campaign uses new bespoke malware to target Indian government officials
Crimson RAT
2022-01-09Twitter (@sixdub)Justin Warner
@online{warner:20220109:malicious:69c6805, author = {Justin Warner}, title = {{Tweet on malicious document used by Gamaredon aka DEV-0157}}, date = {2022-01-09}, organization = {Twitter (@sixdub)}, url = {https://twitter.com/sixdub/status/1480188400795803652}, language = {English}, urldate = {2022-01-18} } Tweet on malicious document used by Gamaredon aka DEV-0157
2021-12-08DarktraceJustin Fier
@online{fier:20211208:double:d7f9207, author = {Justin Fier}, title = {{The double extortion business: Conti Ransomware Gang finds new avenues of negotiation}}, date = {2021-12-08}, organization = {Darktrace}, url = {https://www.darktrace.com/en/blog/the-double-extortion-business-conti-ransomware-gang-finds-new-avenues-of-negotiation/}, language = {English}, urldate = {2021-12-09} } The double extortion business: Conti Ransomware Gang finds new avenues of negotiation
Conti
2021-09-23TalosAsheer Malhotra, Vanja Svajcer, Justin Thattil
@online{malhotra:20210923:operation:056c76c, author = {Asheer Malhotra and Vanja Svajcer and Justin Thattil}, title = {{Operation “Armor Piercer:” Targeted attacks in the Indian subcontinent using commercial RATs}}, date = {2021-09-23}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/09/operation-armor-piercer.html}, language = {English}, urldate = {2021-10-05} } Operation “Armor Piercer:” Targeted attacks in the Indian subcontinent using commercial RATs
Ave Maria NetWire RC
2021-07-15Kryptos LogicKryptos Logic Vantage Team
@online{team:20210715:adjusting:3aa9a65, author = {Kryptos Logic Vantage Team}, title = {{Adjusting the Anchor}}, date = {2021-07-15}, organization = {Kryptos Logic}, url = {https://www.kryptoslogic.com/blog/2021/07/adjusting-the-anchor/}, language = {English}, urldate = {2021-07-24} } Adjusting the Anchor
Anchor
2021-07-07TalosAsheer Malhotra, Justin Thattil
@techreport{malhotra:20210707:insidecopy:107d438, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal}}, date = {2021-07-07}, institution = {Talos}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/591/original/062521_SideCopy_%281%29.pdf}, language = {English}, urldate = {2021-07-09} } InSideCopy: How this APT continues to evolve its arsenal
AllaKore Lilith NjRAT
2021-07-07Talos IntelligenceAsheer Malhotra, Justin Thattil
@online{malhotra:20210707:insidecopy:eca169d, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal}}, date = {2021-07-07}, organization = {Talos Intelligence}, url = {https://blog.talosintelligence.com/2021/07/sidecopy.html}, language = {English}, urldate = {2021-07-08} } InSideCopy: How this APT continues to evolve its arsenal
AllaKore NjRAT SideCopy
2021-07-07TalosAsheer Malhotra, Justin Thattil
@online{malhotra:20210707:insidecopy:ac5b778, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal (Network IOCs)}}, date = {2021-07-07}, organization = {Talos}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/594/original/Network_IOCs_list_for_coverage.txt?1625657479}, language = {English}, urldate = {2021-07-09} } InSideCopy: How this APT continues to evolve its arsenal (Network IOCs)
AllaKore Lilith NjRAT
2021-07-07TalosAsheer Malhotra, Justin Thattil
@online{malhotra:20210707:insidecopy:e6b25bb, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal (IOCs)}}, date = {2021-07-07}, organization = {Talos}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/592/original/Hashes_IOCs_for_coverage.txt}, language = {English}, urldate = {2021-07-09} } InSideCopy: How this APT continues to evolve its arsenal (IOCs)
AllaKore Lilith NjRAT
2021-07-02CiscoAsheer Malhotra, Justin Thattil
@online{malhotra:20210702:insidecopy:c85188c, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal}}, date = {2021-07-02}, organization = {Cisco}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/591/original/062521_SideCopy_%281%29.pdf?1625657388}, language = {English}, urldate = {2022-01-25} } InSideCopy: How this APT continues to evolve its arsenal
AllaKore CetaRAT Lilith NjRAT ReverseRAT
2021-06-16FireEyeTyler McLellan, Robert Dean, Justin Moore, Nick Harbour, Mike Hunhoff, Jared Wilson
@online{mclellan:20210616:smoking:fa6559d, author = {Tyler McLellan and Robert Dean and Justin Moore and Nick Harbour and Mike Hunhoff and Jared Wilson}, title = {{Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise}}, date = {2021-06-16}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html}, language = {English}, urldate = {2021-12-01} } Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
Cobalt Strike SMOKEDHAM
2021-06-16MandiantTyler McLellan, Robert Dean, Justin Moore, Nick Harbour, Mike Hunhoff, Jared Wilson, Jordan Nuce
@online{mclellan:20210616:smoking:a03a78c, author = {Tyler McLellan and Robert Dean and Justin Moore and Nick Harbour and Mike Hunhoff and Jared Wilson and Jordan Nuce}, title = {{Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise}}, date = {2021-06-16}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/darkside-affiliate-supply-chain-software-compromise}, language = {English}, urldate = {2021-12-01} } Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
Cobalt Strike SMOKEDHAM