Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-10-28MalwarebytesJérôme Segura, Hossein Jazi, hasherezade, Marcelo Rivero
@online{segura:20201028:fake:b7a76ac, author = {Jérôme Segura and Hossein Jazi and hasherezade and Marcelo Rivero}, title = {{Fake COVID-19 survey hides ransomware in Canadian university attack}}, date = {2020-10-28}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2020/10/fake-covid-19-survey-hides-ransomware-in-canadian-university-attack/}, language = {English}, urldate = {2020-10-29} } Fake COVID-19 survey hides ransomware in Canadian university attack
Vaggen
2020-10-22Sentinel LABSMarco Figueroa
@online{figueroa:20201022:inside:228798e, author = {Marco Figueroa}, title = {{An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques}}, date = {2020-10-22}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/an-inside-look-at-how-ryuk-evolved-its-encryption-and-evasion-techniques/}, language = {English}, urldate = {2020-10-26} } An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques
Ryuk
2020-09-25Github (sisoma2)Marc
@online{marc:20200925:turla:06db824, author = {Marc}, title = {{Turla Carbon System}}, date = {2020-09-25}, organization = {Github (sisoma2)}, url = {https://github.com/sisoma2/malware_analysis/tree/master/turla_carbon}, language = {English}, urldate = {2020-10-02} } Turla Carbon System
Cobra Carbon System
2020-07-16ESET ResearchMarc-Etienne M.Léveillé
@online{mlveill:20200716:mac:405cc1d, author = {Marc-Etienne M.Léveillé}, title = {{Mac cryptocurrency trading application rebranded, bundled with malware}}, date = {2020-07-16}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2020/07/16/mac-cryptocurrency-trading-application-rebranded-bundled-malware/}, language = {English}, urldate = {2020-07-16} } Mac cryptocurrency trading application rebranded, bundled with malware
Gmera
2020-06-24Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20200624:is:3ee7fad, author = {Marco Ramilli}, title = {{Is upatre downloader coming back ?}}, date = {2020-06-24}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2020/06/24/is-upatre-downloader-coming-back/}, language = {English}, urldate = {2020-06-24} } Is upatre downloader coming back ?
Upatre
2020-06-22security.neurolabsMarcos Alvares
@online{alvares:20200622:comparative:270905b, author = {Marcos Alvares}, title = {{Comparative analysis between Bindiff and Diaphora - Patched Smokeloader Study Case}}, date = {2020-06-22}, organization = {security.neurolabs}, url = {http://security.neurolabs.club/2020/04/diffing-malware-samples-using-bindiff.html}, language = {English}, urldate = {2020-06-24} } Comparative analysis between Bindiff and Diaphora - Patched Smokeloader Study Case
SmokeLoader
2020-06-09CitizenLabJohn Scott-Railton, Adam Hulcoop, Bahr Abdul Razzak, Bill Marczak, Siena Anstis, Ron Deibert
@online{scottrailton:20200609:dark:d3bdddb, author = {John Scott-Railton and Adam Hulcoop and Bahr Abdul Razzak and Bill Marczak and Siena Anstis and Ron Deibert}, title = {{Dark Basin Uncovering a Massive Hack-For-Hire Operation}}, date = {2020-06-09}, organization = {CitizenLab}, url = {https://citizenlab.ca/2020/06/dark-basin-uncovering-a-massive-hack-for-hire-operation/}, language = {English}, urldate = {2020-06-10} } Dark Basin Uncovering a Massive Hack-For-Hire Operation
Dark Basin
2020-04-02McAfeeAlexandre Mundo, Marc Rivero López
@online{mundo:20200402:nemty:96afa32, author = {Alexandre Mundo and Marc Rivero López}, title = {{Nemty Ransomware – Learning by Doing}}, date = {2020-04-02}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/nemty-ransomware-learning-by-doing/}, language = {English}, urldate = {2020-04-08} } Nemty Ransomware – Learning by Doing
Nemty
2020-03-20BitdefenderLiviu Arsene
@online{arsene:20200320:5:46813c6, author = {Liviu Arsene}, title = {{5 Times More Coronavirus-themed Malware Reports during March}}, date = {2020-03-20}, organization = {Bitdefender}, url = {https://labs.bitdefender.com/2020/03/5-times-more-coronavirus-themed-malware-reports-during-march/?utm_campaign=twitter&utm_medium=twitter&utm_source=twitter}, language = {English}, urldate = {2020-03-26} } 5 Times More Coronavirus-themed Malware Reports during March
ostap HawkEye Keylogger Koadic Loki Password Stealer (PWS) Nanocore RAT Remcos
2020-03-19YoroiMarco Ramilli
@online{ramilli:20200319:is:bc75e96, author = {Marco Ramilli}, title = {{Is APT 27 Abusing COVID-19 To Attack People ?!}}, date = {2020-03-19}, organization = {Yoroi}, url = {https://marcoramilli.com/2020/03/19/is-apt27-abusing-covid-19-to-attack-people/}, language = {English}, urldate = {2020-05-02} } Is APT 27 Abusing COVID-19 To Attack People ?!
2020-02-19YoroiMarco Ramilli
@online{ramilli:20200219:uncovering:4f04cd0, author = {Marco Ramilli}, title = {{Uncovering New Magecart Implant Attacking eCommerce}}, date = {2020-02-19}, organization = {Yoroi}, url = {https://marcoramilli.com/2020/02/19/uncovering-new-magecart-implant-attacking-ecommerce/}, language = {English}, urldate = {2020-02-20} } Uncovering New Magecart Implant Attacking eCommerce
magecart
2020-01-28CitizenLabBill Marczak, Siena Anstis, Masashi Crete-Nishihata, John Scott-Railton, Ron Deibert
@online{marczak:20200128:stopping:cda3173, author = {Bill Marczak and Siena Anstis and Masashi Crete-Nishihata and John Scott-Railton and Ron Deibert}, title = {{Stopping the Press: New York Times Journalist Targeted by Saudi-linked Pegasus Spyware Operator}}, date = {2020-01-28}, organization = {CitizenLab}, url = {https://citizenlab.ca/2020/01/stopping-the-press-new-york-times-journalist-targeted-by-saudi-linked-pegasus-spyware-operator/}, language = {English}, urldate = {2020-01-28} } Stopping the Press: New York Times Journalist Targeted by Saudi-linked Pegasus Spyware Operator
Chrysaor
2020-01-15Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20200115:iranian:d37840a, author = {Marco Ramilli}, title = {{Iranian Threat Actors: Preliminary Analysis}}, date = {2020-01-15}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2020/01/15/iranian-threat-actors-preliminary-analysis/}, language = {English}, urldate = {2020-01-17} } Iranian Threat Actors: Preliminary Analysis
POWERSTATS
2019-12-05Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20191205:apt28:aa3defd, author = {Marco Ramilli}, title = {{APT28 Attacks Evolution}}, date = {2019-12-05}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2019/12/05/apt28-attacks-evolution/}, language = {English}, urldate = {2019-12-17} } APT28 Attacks Evolution
Sofacy
2019-11-05McAfeeAlexandre Mundo, Marc Rivero López
@online{mundo:20191105:buran:4c6f9f5, author = {Alexandre Mundo and Marc Rivero López}, title = {{Buran Ransomware; the Evolution of VegaLocker}}, date = {2019-11-05}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/}, language = {English}, urldate = {2020-08-30} } Buran Ransomware; the Evolution of VegaLocker
VegaLocker
2019-11-04Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20191104:is:79a8669, author = {Marco Ramilli}, title = {{Is Lazarus/APT38 Targeting Critical Infrastructures?}}, date = {2019-11-04}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2019/11/04/is-lazarus-apt38-targeting-critical-infrastructures/}, language = {English}, urldate = {2020-01-07} } Is Lazarus/APT38 Targeting Critical Infrastructures?
Dtrack
2019-10-28Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20191028:sweed:bce7adf, author = {Marco Ramilli}, title = {{SWEED Targeting Precision Engineering Companies in Italy}}, date = {2019-10-28}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2019/10/28/sweed-targeting-precision-engineering-companies-in-italy/}, language = {English}, urldate = {2019-12-17} } SWEED Targeting Precision Engineering Companies in Italy
Loki Password Stealer (PWS)
2019-10-14Marco Ramilli
@online{ramilli:20191014:is:de28de6, author = {Marco Ramilli}, title = {{Is Emotet gang targeting companies with external SOC?}}, date = {2019-10-14}, url = {https://marcoramilli.com/2019/10/14/is-emotet-gang-targeting-companies-with-external-soc/}, language = {English}, urldate = {2019-12-20} } Is Emotet gang targeting companies with external SOC?
Emotet
2019-10-07ESET ResearchMarc-Etienne M.Léveillé, Mathieu Tartare
@techreport{mlveill:20191007:connecting:e59d4c8, author = {Marc-Etienne M.Léveillé and Mathieu Tartare}, title = {{CONNECTING THE DOTS: Exposing the arsenal and methods of the Winnti Group}}, date = {2019-10-07}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Winnti.pdf}, language = {English}, urldate = {2020-01-10} } CONNECTING THE DOTS: Exposing the arsenal and methods of the Winnti Group
LOWKEY shadowhammer ShadowPad
2019-10-02CertegoMatteo Lodi, Marco Bompani
@online{lodi:20191002:malware:4f9442c, author = {Matteo Lodi and Marco Bompani}, title = {{Malware Tales: FTCODE}}, date = {2019-10-02}, organization = {Certego}, url = {https://www.certego.net/en/news/malware-tales-ftcode/}, language = {English}, urldate = {2020-01-07} } Malware Tales: FTCODE
FTCODE