Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-02-15YoroiLuigi Martire, Carmelo Ragusa
@online{martire:20230215:hunting:eb09f70, author = {Luigi Martire and Carmelo Ragusa}, title = {{Hunting Cyber Evil Ratels: From the targeted attacks to the widespread usage of Brute Ratel}}, date = {2023-02-15}, organization = {Yoroi}, url = {https://web.archive.org/web/20230216110153/https://yoroi.company/research/hunting-cyber-evil-ratels-from-the-targeted-attacks-to-the-widespread-usage-of-brute-ratel/}, language = {English}, urldate = {2023-02-16} } Hunting Cyber Evil Ratels: From the targeted attacks to the widespread usage of Brute Ratel
Brute Ratel C4
2022-11-17YoroiLuigi Martire, Carmelo Ragusa
@online{martire:20221117:reconstructing:5b546b1, author = {Luigi Martire and Carmelo Ragusa}, title = {{Reconstructing the last activities of Royal Ransomware}}, date = {2022-11-17}, organization = {Yoroi}, url = {https://yoroi.company/research/reconstructing-the-last-activities-of-royal-ransomware/}, language = {English}, urldate = {2022-11-18} } Reconstructing the last activities of Royal Ransomware
Royal Ransom
2022-09-30YoroiLuigi Martire, Carmelo Ragusa
@online{martire:20220930:dissecting:6f63f37, author = {Luigi Martire and Carmelo Ragusa}, title = {{Dissecting BlueSky Ransomware Payload}}, date = {2022-09-30}, organization = {Yoroi}, url = {https://yoroi.company/research/dissecting-bluesky-ransomware-payload/}, language = {English}, urldate = {2022-09-30} } Dissecting BlueSky Ransomware Payload
BlueSky
2022-07-26YoroiLuigi Martire, Carmelo Ragusa
@online{martire:20220726:footsteps:cd2ba49, author = {Luigi Martire and Carmelo Ragusa}, title = {{On the FootSteps of Hive Ransomware}}, date = {2022-07-26}, organization = {Yoroi}, url = {https://yoroi.company/research/on-the-footsteps-of-hive-ransomware/}, language = {English}, urldate = {2022-07-28} } On the FootSteps of Hive Ransomware
Hive Hive
2022-07-22YoroiLuigi Martire, Carmelo Ragusa
@techreport{martire:20220722:footsteps:138e516, author = {Luigi Martire and Carmelo Ragusa}, title = {{On The Footsteps of Hive Ransomware}}, date = {2022-07-22}, institution = {Yoroi}, url = {https://yoroi.company/wp-content/uploads/2022/07/Yoroi-On-The-Footsteps-of-Hive-Ransomware.pdf}, language = {English}, urldate = {2022-07-28} } On The Footsteps of Hive Ransomware
Hive Hive
2022-05-18YoroiYoroi Malware ZLab, Luigi Martire, Carmelo Ragusa
@online{zlab:20220518:deep:86d9bee, author = {Yoroi Malware ZLab and Luigi Martire and Carmelo Ragusa}, title = {{A deep dive into Eternity Group: A new emerging Cyber Threat}}, date = {2022-05-18}, organization = {Yoroi}, url = {https://yoroi.company/research/a-deep-dive-into-eternity-group-a-new-emerging-cyber-threat/}, language = {English}, urldate = {2022-07-28} } A deep dive into Eternity Group: A new emerging Cyber Threat
Eternity Ransomware Eternity Stealer Eternity Worm Lilith
2022-03-08YoroiLuigi Martire, Carmelo Ragusa, Luca Mella
@online{martire:20220308:conti:bc6c20c, author = {Luigi Martire and Carmelo Ragusa and Luca Mella}, title = {{Conti Ransomware source code: a well-designed COTS ransomware}}, date = {2022-03-08}, organization = {Yoroi}, url = {https://yoroi.company/research/conti-ransomware-source-code-a-well-designed-cots-ransomware/}, language = {English}, urldate = {2022-03-10} } Conti Ransomware source code: a well-designed COTS ransomware
Conti
2022-02-26YoroiLuigi Martire, Carmelo Ragusa, Luca Mella
@online{martire:20220226:diskkillhermeticwiper:b3582b9, author = {Luigi Martire and Carmelo Ragusa and Luca Mella}, title = {{DiskKill/HermeticWiper, a disruptive cyber-weapon targeting Ukraine’s critical infrastructures}}, date = {2022-02-26}, organization = {Yoroi}, url = {https://yoroi.company/research/diskkill-hermeticwiper-a-disruptive-cyber-weapon-targeting-ukraines-critical-infrastructures/}, language = {English}, urldate = {2022-03-10} } DiskKill/HermeticWiper, a disruptive cyber-weapon targeting Ukraine’s critical infrastructures
HermeticWiper
2021-12-17YoroiLuigi Martire, Carmelo Ragusa, Luca Mella
@online{martire:20211217:serverless:1d4e81c, author = {Luigi Martire and Carmelo Ragusa and Luca Mella}, title = {{Serverless InfoStealer delivered in Est European Countries}}, date = {2021-12-17}, organization = {Yoroi}, url = {https://yoroi.company/research/serverless-infostealer-delivered-in-est-european-countries/}, language = {English}, urldate = {2021-12-17} } Serverless InfoStealer delivered in Est European Countries
Agent Tesla
2021-11-16YoroiLuigi Martire, Carmelo Ragusa, Luca Mella
@online{martire:20211116:office:2dba65a, author = {Luigi Martire and Carmelo Ragusa and Luca Mella}, title = {{Office Documents: May the XLL technique change the threat Landscape in 2022?}}, date = {2021-11-16}, organization = {Yoroi}, url = {https://yoroi.company/research/office-documents-may-the-xll-technique-change-the-threat-landscape-in-2022/}, language = {English}, urldate = {2021-11-17} } Office Documents: May the XLL technique change the threat Landscape in 2022?
Agent Tesla Dridex Formbook
2021-10YoroiLuigi Martire, Carmelo Ragusa, Luca Mella
@online{martire:202110:spectre:d4c34d7, author = {Luigi Martire and Carmelo Ragusa and Luca Mella}, title = {{Spectre v4.0: the speed of malware threats after the pandemics}}, date = {2021-10}, organization = {Yoroi}, url = {https://yoroi.company/research/spectre-v4-0-the-speed-of-malware-threats-after-the-pandemics/}, language = {English}, urldate = {2021-10-22} } Spectre v4.0: the speed of malware threats after the pandemics
Spectre Rat
2021-09-24YoroiLuigi Martire, Luca Mella
@online{martire:20210924:hunting:d29a5e6, author = {Luigi Martire and Luca Mella}, title = {{Hunting the LockBit Gang's Exfiltration Infrastructures}}, date = {2021-09-24}, organization = {Yoroi}, url = {https://yoroi.company/research/hunting-the-lockbit-gangs-exfiltration-infrastructures/}, language = {English}, urldate = {2021-09-24} } Hunting the LockBit Gang's Exfiltration Infrastructures
LockBit StealBit
2021-08-31YoroiLuigi Martire, Luca Mella, Yoroi
@online{martire:20210831:financial:e78f0cc, author = {Luigi Martire and Luca Mella and Yoroi}, title = {{Financial Institutions in the Sight of New JsOutProx Attack Waves}}, date = {2021-08-31}, organization = {Yoroi}, url = {https://yoroi.company/research/financial-institutions-in-the-sight-of-new-jsoutprox-attack-waves/}, language = {English}, urldate = {2021-09-09} } Financial Institutions in the Sight of New JsOutProx Attack Waves
JSOutProx
2021-06-29YoroiLuigi Martire, Luca Mella
@online{martire:20210629:wayback:fc8fa84, author = {Luigi Martire and Luca Mella}, title = {{The "WayBack” Campaign: a Large Scale Operation Hiding in Plain Sight}}, date = {2021-06-29}, organization = {Yoroi}, url = {https://yoroi.company/research/the-wayback-campaign-a-large-scale-operation-hiding-in-plain-sight/}, language = {English}, urldate = {2021-06-29} } The "WayBack” Campaign: a Large Scale Operation Hiding in Plain Sight
Agent Tesla Cobian RAT Oski Stealer
2021-04-16YoroiZLAB-Yoroi, Luigi Martire, Luca Mella
@online{zlabyoroi:20210416:ransomware:854f9f6, author = {ZLAB-Yoroi and Luigi Martire and Luca Mella}, title = {{Ransomware micro-criminals are still out here (and growing)}}, date = {2021-04-16}, organization = {Yoroi}, url = {https://yoroi.company/research/ransomware-micro-criminals-are-still-out-here-and-growing/}, language = {English}, urldate = {2021-06-16} } Ransomware micro-criminals are still out here (and growing)
2021-03-16YoroiLuigi Martire, Luca Mella
@online{martire:20210316:threatening:9158d9b, author = {Luigi Martire and Luca Mella}, title = {{Threatening within Budget: How WSH-RAT is abused by Cyber-Crooks}}, date = {2021-03-16}, organization = {Yoroi}, url = {https://yoroi.company/research/threatening-within-budget-how-wsh-rat-is-abused-by-cyber-crooks/}, language = {English}, urldate = {2021-06-16} } Threatening within Budget: How WSH-RAT is abused by Cyber-Crooks
Houdini
2021-02-04YoroiLuigi Martire, Luca Mella
@online{martire:20210204:connecting:9d49c15, author = {Luigi Martire and Luca Mella}, title = {{Connecting the dots inside the Italian APT Landscape}}, date = {2021-02-04}, organization = {Yoroi}, url = {https://yoroi.company/research/connecting-the-dots-inside-the-italian-apt-landscape/}, language = {English}, urldate = {2021-06-16} } Connecting the dots inside the Italian APT Landscape
2021-01-12YoroiLuigi Martire, Antonio Pirozzi, Luca Mella
@online{martire:20210112:opening:806667c, author = {Luigi Martire and Antonio Pirozzi and Luca Mella}, title = {{Opening “STEELCORGI”: A Sophisticated APT Swiss Army Knife}}, date = {2021-01-12}, organization = {Yoroi}, url = {https://yoroi.company/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/}, language = {English}, urldate = {2021-07-20} } Opening “STEELCORGI”: A Sophisticated APT Swiss Army Knife
STEELCORGI
2020-11-30YoroiLuigi Martire, Antonio Pirozzi, Luca Mella
@online{martire:20201130:shadows:2ef4813, author = {Luigi Martire and Antonio Pirozzi and Luca Mella}, title = {{Shadows From The Past Threaten Italian Enterprises}}, date = {2020-11-30}, organization = {Yoroi}, url = {https://yoroi.company/research/shadows-from-the-past-threaten-italian-enterprises/}, language = {English}, urldate = {2021-06-16} } Shadows From The Past Threaten Italian Enterprises
Rekoobe LaZagne Responder MimiKatz win.rekoobe
2020-05-22YoroiLuigi Martire, Giacomo d'Onofrio, Antonio Pirozzi, Luca Mella
@online{martire:20200522:cybercriminal:97a41b3, author = {Luigi Martire and Giacomo d'Onofrio and Antonio Pirozzi and Luca Mella}, title = {{Cyber-Criminal espionage Operation insists on Italian Manufacturing}}, date = {2020-05-22}, organization = {Yoroi}, url = {https://yoroi.company/research/cyber-criminal-espionage-operation-insists-on-italian-manufacturing/}, language = {English}, urldate = {2022-02-02} } Cyber-Criminal espionage Operation insists on Italian Manufacturing
Agent Tesla