Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-03-01Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20220301:diskkillhermeticwiper:e543742, author = {Marco Ramilli}, title = {{DiskKill/HermeticWiper and NotPetya (Dis)similarities}}, date = {2022-03-01}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2022/03/01/diskkill-hermeticwiper-and-notpetya-dissimilarities/}, language = {English}, urldate = {2022-03-02} } DiskKill/HermeticWiper and NotPetya (Dis)similarities
EternalPetya HermeticWiper
2021-11-07Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20211107:conti:1f13ec3, author = {Marco Ramilli}, title = {{CONTI Ransomware: Cheat Sheet}}, date = {2021-11-07}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2021/11/07/conti-ransomware-cheat-sheet/}, language = {English}, urldate = {2021-11-08} } CONTI Ransomware: Cheat Sheet
Conti
2021-08-23Marco Ramilli
@online{ramilli:20210823:paradise:2539869, author = {Marco Ramilli}, title = {{Paradise Ransomware: The Builder}}, date = {2021-08-23}, url = {https://marcoramilli.com/2021/08/23/paradise-ransomware-the-builder/}, language = {English}, urldate = {2021-08-23} } Paradise Ransomware: The Builder
Paradise
2021-07-04Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20210704:babuk:3ba79a8, author = {Marco Ramilli}, title = {{Babuk Ransomware: The Builder}}, date = {2021-07-04}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2021/07/05/babuk-ransomware-the-builder/}, language = {English}, urldate = {2021-07-06} } Babuk Ransomware: The Builder
Babuk Babuk
2021-06-14Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20210614:allegedly:ad3d608, author = {Marco Ramilli}, title = {{The Allegedly Ryuk Ransomware builder: #RyukJoke}}, date = {2021-06-14}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2021/06/14/the-allegedly-ryuk-ransomware-builder-ryukjoke/}, language = {English}, urldate = {2021-08-23} } The Allegedly Ryuk Ransomware builder: #RyukJoke
Chaos
2021-05-07Marco Ramilli
@online{ramilli:20210507:muddywater:a09bd20, author = {Marco Ramilli}, title = {{MuddyWater: Binder Project (Part 2)}}, date = {2021-05-07}, url = {https://marcoramilli.com/2021/05/07/muddywater-binder-project-part-2/}, language = {English}, urldate = {2021-05-17} } MuddyWater: Binder Project (Part 2)
2021-05-01Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20210501:muddywater:31657f7, author = {Marco Ramilli}, title = {{Muddywater: Binder Project}}, date = {2021-05-01}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2021/05/01/muddywater-binder-project-part-1/}, language = {English}, urldate = {2021-05-17} } Muddywater: Binder Project
2021-01-09Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20210109:command:d720b27, author = {Marco Ramilli}, title = {{Command and Control Traffic Patterns}}, date = {2021-01-09}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2021/01/09/c2-traffic-patterns-personal-notes/}, language = {English}, urldate = {2021-05-17} } Command and Control Traffic Patterns
ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot
2020-11-27Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20201127:threat:212be73, author = {Marco Ramilli}, title = {{Threat Actor: Unkown}}, date = {2020-11-27}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2020/11/27/threat-actor-unkown/}, language = {English}, urldate = {2020-12-01} } Threat Actor: Unkown
Unidentified JS 004
2020-06-24Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20200624:is:3ee7fad, author = {Marco Ramilli}, title = {{Is upatre downloader coming back ?}}, date = {2020-06-24}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2020/06/24/is-upatre-downloader-coming-back/}, language = {English}, urldate = {2020-06-24} } Is upatre downloader coming back ?
Upatre
2020-03-19YoroiMarco Ramilli
@online{ramilli:20200319:is:bc75e96, author = {Marco Ramilli}, title = {{Is APT 27 Abusing COVID-19 To Attack People ?!}}, date = {2020-03-19}, organization = {Yoroi}, url = {https://marcoramilli.com/2020/03/19/is-apt27-abusing-covid-19-to-attack-people/}, language = {English}, urldate = {2020-05-02} } Is APT 27 Abusing COVID-19 To Attack People ?!
2020-02-19YoroiMarco Ramilli
@online{ramilli:20200219:uncovering:4f04cd0, author = {Marco Ramilli}, title = {{Uncovering New Magecart Implant Attacking eCommerce}}, date = {2020-02-19}, organization = {Yoroi}, url = {https://marcoramilli.com/2020/02/19/uncovering-new-magecart-implant-attacking-ecommerce/}, language = {English}, urldate = {2020-02-20} } Uncovering New Magecart Implant Attacking eCommerce
magecart
2020-01-15Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20200115:iranian:d37840a, author = {Marco Ramilli}, title = {{Iranian Threat Actors: Preliminary Analysis}}, date = {2020-01-15}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2020/01/15/iranian-threat-actors-preliminary-analysis/}, language = {English}, urldate = {2020-01-17} } Iranian Threat Actors: Preliminary Analysis
POWERSTATS
2019-12-05Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20191205:apt28:aa3defd, author = {Marco Ramilli}, title = {{APT28 Attacks Evolution}}, date = {2019-12-05}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2019/12/05/apt28-attacks-evolution/}, language = {English}, urldate = {2019-12-17} } APT28 Attacks Evolution
Sofacy
2019-11-04Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20191104:is:79a8669, author = {Marco Ramilli}, title = {{Is Lazarus/APT38 Targeting Critical Infrastructures?}}, date = {2019-11-04}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2019/11/04/is-lazarus-apt38-targeting-critical-infrastructures/}, language = {English}, urldate = {2020-01-07} } Is Lazarus/APT38 Targeting Critical Infrastructures?
Dtrack
2019-10-28Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20191028:sweed:bce7adf, author = {Marco Ramilli}, title = {{SWEED Targeting Precision Engineering Companies in Italy}}, date = {2019-10-28}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2019/10/28/sweed-targeting-precision-engineering-companies-in-italy/}, language = {English}, urldate = {2019-12-17} } SWEED Targeting Precision Engineering Companies in Italy
Loki Password Stealer (PWS)
2019-10-14Marco Ramilli
@online{ramilli:20191014:is:de28de6, author = {Marco Ramilli}, title = {{Is Emotet gang targeting companies with external SOC?}}, date = {2019-10-14}, url = {https://marcoramilli.com/2019/10/14/is-emotet-gang-targeting-companies-with-external-soc/}, language = {English}, urldate = {2019-12-20} } Is Emotet gang targeting companies with external SOC?
Emotet
2019-07-13Marco Ramilli
@online{ramilli:20190713:free:8352c2a, author = {Marco Ramilli}, title = {{Free Tool: LooCipher Decryptor}}, date = {2019-07-13}, url = {https://marcoramilli.com/2019/07/13/free-tool-loocipher-decryptor/}, language = {English}, urldate = {2020-01-07} } Free Tool: LooCipher Decryptor
looChiper
2019-06-06Marco Ramilli
@online{ramilli:20190606:apt34:e2dbe80, author = {Marco Ramilli}, title = {{APT34: Jason project}}, date = {2019-06-06}, url = {https://marcoramilli.com/2019/06/06/apt34-jason-project/}, language = {English}, urldate = {2020-01-07} } APT34: Jason project
jason
2019-05-02Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20190502:apt34:06f5d53, author = {Marco Ramilli}, title = {{APT34: Glimpse project}}, date = {2019-05-02}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2019/05/02/apt34-glimpse-project/}, language = {English}, urldate = {2020-01-13} } APT34: Glimpse project
BONDUPDATER