Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-08-30Trend MicroTed Lee, Lenart Bermejo, Hara Hiroaki, Leon M Chang, Gilbert Sison
@online{lee:20230830:earth:c1b8496, author = {Ted Lee and Lenart Bermejo and Hara Hiroaki and Leon M Chang and Gilbert Sison}, title = {{Earth Estries Targets Government, Tech for Cyberespionage}}, date = {2023-08-30}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/23/h/earth-estries-targets-government-tech-for-cyberespionage.html}, language = {English}, urldate = {2023-12-04} } Earth Estries Targets Government, Tech for Cyberespionage
Cobalt Strike HemiGate
2023-06-21Kaspersky LabsGeorgy Kucherin, Leonid Bezvershenko, Igor Kuznetsov
@online{kucherin:20230621:dissecting:2caf8b9, author = {Georgy Kucherin and Leonid Bezvershenko and Igor Kuznetsov}, title = {{Dissecting TriangleDB, a Triangulation spyware implant}}, date = {2023-06-21}, organization = {Kaspersky Labs}, url = {https://securelist.com/triangledb-triangulation-implant/110050/}, language = {English}, urldate = {2023-06-26} } Dissecting TriangleDB, a Triangulation spyware implant
TriangleDB
2023-06-01Kaspersky LabsIgor Kuznetsov, Valentin Pashkov, Leonid Bezvershenko, Georgy Kucherin
@online{kuznetsov:20230601:operation:ad8eded, author = {Igor Kuznetsov and Valentin Pashkov and Leonid Bezvershenko and Georgy Kucherin}, title = {{Operation Triangulation: iOS devices targeted with previously unknown malware}}, date = {2023-06-01}, organization = {Kaspersky Labs}, url = {https://securelist.com/operation-triangulation/109842/}, language = {English}, urldate = {2023-06-01} } Operation Triangulation: iOS devices targeted with previously unknown malware
2023-05-19Kaspersky LabsLeonid Bezvershenko, Georgy Kucherin, Igor Kuznetsov
@online{bezvershenko:20230519:cloudwizard:7ad05b6, author = {Leonid Bezvershenko and Georgy Kucherin and Igor Kuznetsov}, title = {{CloudWizard APT: the bad magic story goes on}}, date = {2023-05-19}, organization = {Kaspersky Labs}, url = {https://securelist.com/cloudwizard-apt/109722/}, language = {English}, urldate = {2023-06-01} } CloudWizard APT: the bad magic story goes on
PowerMagic CloudWizard CommonMagic Prikormka
2023-04-19GoogleBilly Leonard, Google Threat Analysis Group
@online{leonard:20230419:ukraine:6c3440b, author = {Billy Leonard and Google Threat Analysis Group}, title = {{Ukraine remains Russia’s biggest cyber focus in 2023}}, date = {2023-04-19}, organization = {Google}, url = {https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023}, language = {English}, urldate = {2023-04-22} } Ukraine remains Russia’s biggest cyber focus in 2023
Rhadamanthys
2023-04-13cybleCyble
@online{cyble:20230413:chameleon:a65a7fa, author = {Cyble}, title = {{Chameleon: A New Android Malware Spotted In The Wild}}, date = {2023-04-13}, organization = {cyble}, url = {https://blog.cyble.com/2023/04/13/chameleon-a-new-android-malware-spotted-in-the-wild/}, language = {English}, urldate = {2023-06-22} } Chameleon: A New Android Malware Spotted In The Wild
Chameleon
2023-03-21Kaspersky LabsLeonid Bezvershenko, Georgy Kucherin, Igor Kuznetsov
@online{bezvershenko:20230321:bad:054dcba, author = {Leonid Bezvershenko and Georgy Kucherin and Igor Kuznetsov}, title = {{Bad magic: new APT found in the area of Russo-Ukrainian conflict}}, date = {2023-03-21}, organization = {Kaspersky Labs}, url = {https://securelist.com/bad-magic-apt/109087/?s=31}, language = {English}, urldate = {2023-03-21} } Bad magic: new APT found in the area of Russo-Ukrainian conflict
PowerMagic CommonMagic
2023-03-21Kaspersky LabsLeonid Bezvershenko, Georgy Kucherin, Igor Kuznetsov
@online{bezvershenko:20230321:bad:5749404, author = {Leonid Bezvershenko and Georgy Kucherin and Igor Kuznetsov}, title = {{Bad magic: new APT found in the area of Russo-Ukrainian conflict}}, date = {2023-03-21}, organization = {Kaspersky Labs}, url = {https://securelist.com/bad-magic-apt/109087/}, language = {English}, urldate = {2023-12-04} } Bad magic: new APT found in the area of Russo-Ukrainian conflict
PowerMagic CommonMagic
2023-01-13Metabase QLeonardo Beltran, Diana Tadeo
@online{beltran:20230113:grandoreiro:751868d, author = {Leonardo Beltran and Diana Tadeo}, title = {{Grandoreiro banking malware: deciphering the DGA}}, date = {2023-01-13}, organization = {Metabase Q}, url = {https://www.metabaseq.com/grandoreiro-banking-malware-deciphering-the-dga/}, language = {English}, urldate = {2023-08-30} } Grandoreiro banking malware: deciphering the DGA
Grandoreiro
2022-12-30InterlabOvi Liber
@online{liber:20221230:cyber:63533ed, author = {Ovi Liber}, title = {{Cyber Threat Report: RambleOn Android Malware - Detailed analysis report of cyber threat targeting journalist in South Korea through APT phishing campaign with malicious APK}}, date = {2022-12-30}, organization = {Interlab}, url = {https://interlab.or.kr/archives/2567}, language = {English}, urldate = {2023-02-21} } Cyber Threat Report: RambleOn Android Malware - Detailed analysis report of cyber threat targeting journalist in South Korea through APT phishing campaign with malicious APK
RambleOn
2022-08-16KasperskyLeonid Bezvershenko, Igor Kuznetsov
@online{bezvershenko:20220816:two:89002d5, author = {Leonid Bezvershenko and Igor Kuznetsov}, title = {{Two more malicious Python packages in the PyPI}}, date = {2022-08-16}, organization = {Kaspersky}, url = {https://securelist.com/two-more-malicious-python-packages-in-the-pypi/107218/}, language = {English}, urldate = {2022-08-28} } Two more malicious Python packages in the PyPI
W4SP Stealer
2022-07-28KasperskyIgor Kuznetsov, Leonid Bezvershenko
@online{kuznetsov:20220728:lofylife:44645c7, author = {Igor Kuznetsov and Leonid Bezvershenko}, title = {{LofyLife: malicious npm packages steal Discord tokens and bank card data}}, date = {2022-07-28}, organization = {Kaspersky}, url = {https://securelist.com/lofylife-malicious-npm-packages/107014}, language = {English}, urldate = {2022-08-28} } LofyLife: malicious npm packages steal Discord tokens and bank card data
2022-07-28Kaspersky LabsIgor Kuznetsov, Leonid Bezvershenko
@online{kuznetsov:20220728:lofylife:0d316b3, author = {Igor Kuznetsov and Leonid Bezvershenko}, title = {{LofyLife: malicious npm packages steal Discord tokens and bank card data}}, date = {2022-07-28}, organization = {Kaspersky Labs}, url = {https://securelist.com/lofylife-malicious-npm-packages/107014/}, language = {English}, urldate = {2022-08-28} } LofyLife: malicious npm packages steal Discord tokens and bank card data
Lofy
2022-07-19GoogleBilly Leonard
@online{leonard:20220719:continued:2a97da1, author = {Billy Leonard}, title = {{Continued cyber activity in Eastern Europe observed by TAG}}, date = {2022-07-19}, organization = {Google}, url = {https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag}, language = {English}, urldate = {2022-08-05} } Continued cyber activity in Eastern Europe observed by TAG
CyberAzov APT28 Callisto Ghostwriter Sandworm Turla
2022-07-19GoogleBilly Leonard
@online{leonard:20220719:continued:e1dd77e, author = {Billy Leonard}, title = {{Continued cyber activity in Eastern Europe observed by TAG}}, date = {2022-07-19}, organization = {Google}, url = {https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag/}, language = {English}, urldate = {2022-07-25} } Continued cyber activity in Eastern Europe observed by TAG
CyberAzov
2022-07-08Twitter (@billyleonard)Billy Leonard
@online{leonard:20220708:twiiter:d77eb54, author = {Billy Leonard}, title = {{Twiiter thread about some recent Turla activity spoofing the Azov Regiment ... but targeting Android users.}}, date = {2022-07-08}, organization = {Twitter (@billyleonard)}, url = {https://twitter.com/billyleonard/status/1545461166377508865}, language = {English}, urldate = {2022-07-25} } Twiiter thread about some recent Turla activity spoofing the Azov Regiment ... but targeting Android users.
2022-05-12TEAMT5Leon Chang, Silvia Yeh
@techreport{chang:20220512:next:5fd8a83, author = {Leon Chang and Silvia Yeh}, title = {{The Next Gen PlugX/ShadowPad? A Dive into the Emerging China-Nexus Modular Trojan, Pangolin8RAT (slides)}}, date = {2022-05-12}, institution = {TEAMT5}, url = {https://i.blackhat.com/Asia-22/Thursday-Materials/AS-22-LeonSilvia-NextGenPlugXShadowPad.pdf}, language = {English}, urldate = {2022-08-08} } The Next Gen PlugX/ShadowPad? A Dive into the Emerging China-Nexus Modular Trojan, Pangolin8RAT (slides)
KEYPLUG Cobalt Strike CROSSWALK FunnySwitch PlugX ShadowPad Winnti SLIME29 TianWu
2022-05-03GoogleBilly Leonard, Google Threat Analysis Group
@online{leonard:20220503:update:cee4563, author = {Billy Leonard and Google Threat Analysis Group}, title = {{Update on cyber activity in Eastern Europe}}, date = {2022-05-03}, organization = {Google}, url = {https://blog.google/threat-analysis-group/update-on-cyber-activity-in-eastern-europe/}, language = {English}, urldate = {2022-05-04} } Update on cyber activity in Eastern Europe
Curious Gorge
2022-05-03GoogleBilly Leonard
@online{leonard:20220503:update:e2039f6, author = {Billy Leonard}, title = {{Update on cyber activity in Eastern Europe}}, date = {2022-05-03}, organization = {Google}, url = {https://blog.google/threat-analysis-group/update-on-cyber-activity-in-eastern-europe}, language = {English}, urldate = {2022-08-25} } Update on cyber activity in Eastern Europe
Callisto
2022-04-25MandiantDaniel Kapellmann Zafra, Raymond Leong, Chris Sistrunk, Ken Proska, Corey Hildebrandt, Keith Lunden, Nathan Brubaker
@online{zafra:20220425:industroyerv2:5548d98, author = {Daniel Kapellmann Zafra and Raymond Leong and Chris Sistrunk and Ken Proska and Corey Hildebrandt and Keith Lunden and Nathan Brubaker}, title = {{INDUSTROYER.V2: Old Malware Learns New Tricks}}, date = {2022-04-25}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/industroyer-v2-old-malware-new-tricks}, language = {English}, urldate = {2022-04-29} } INDUSTROYER.V2: Old Malware Learns New Tricks
INDUSTROYER2