Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-11-21Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20221121:is:cfeafc3, author = {Marco Ramilli}, title = {{Is Hagga Threat Actor Abusing FSociety Framework ?}}, date = {2022-11-21}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2022/11/21/is-hagga-threat-actor-abusing-fsociety-framework/}, language = {English}, urldate = {2022-11-22} } Is Hagga Threat Actor Abusing FSociety Framework ?
2022-05-10Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20220510:malware:915e04f, author = {Marco Ramilli}, title = {{A Malware Analysis in RU-AU conflict}}, date = {2022-05-10}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2022/05/10/a-malware-analysis-in-ru-au-conflict/}, language = {English}, urldate = {2022-11-22} } A Malware Analysis in RU-AU conflict
Cobalt Strike
2022-03-01Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20220301:diskkillhermeticwiper:e543742, author = {Marco Ramilli}, title = {{DiskKill/HermeticWiper and NotPetya (Dis)similarities}}, date = {2022-03-01}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2022/03/01/diskkill-hermeticwiper-and-notpetya-dissimilarities/}, language = {English}, urldate = {2022-03-02} } DiskKill/HermeticWiper and NotPetya (Dis)similarities
EternalPetya HermeticWiper
2021-11-07Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20211107:conti:1f13ec3, author = {Marco Ramilli}, title = {{CONTI Ransomware: Cheat Sheet}}, date = {2021-11-07}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2021/11/07/conti-ransomware-cheat-sheet/}, language = {English}, urldate = {2021-11-08} } CONTI Ransomware: Cheat Sheet
Conti
2021-07-04Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20210704:babuk:3ba79a8, author = {Marco Ramilli}, title = {{Babuk Ransomware: The Builder}}, date = {2021-07-04}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2021/07/05/babuk-ransomware-the-builder/}, language = {English}, urldate = {2021-07-06} } Babuk Ransomware: The Builder
Babuk Babuk
2021-06-14Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20210614:allegedly:ad3d608, author = {Marco Ramilli}, title = {{The Allegedly Ryuk Ransomware builder: #RyukJoke}}, date = {2021-06-14}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2021/06/14/the-allegedly-ryuk-ransomware-builder-ryukjoke/}, language = {English}, urldate = {2021-08-23} } The Allegedly Ryuk Ransomware builder: #RyukJoke
Chaos
2021-05-01Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20210501:muddywater:31657f7, author = {Marco Ramilli}, title = {{Muddywater: Binder Project}}, date = {2021-05-01}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2021/05/01/muddywater-binder-project-part-1/}, language = {English}, urldate = {2021-05-17} } Muddywater: Binder Project
2021-01-09Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20210109:command:d720b27, author = {Marco Ramilli}, title = {{Command and Control Traffic Patterns}}, date = {2021-01-09}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2021/01/09/c2-traffic-patterns-personal-notes/}, language = {English}, urldate = {2021-05-17} } Command and Control Traffic Patterns
ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot
2020-11-27Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20201127:threat:212be73, author = {Marco Ramilli}, title = {{Threat Actor: Unkown}}, date = {2020-11-27}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2020/11/27/threat-actor-unkown/}, language = {English}, urldate = {2020-12-01} } Threat Actor: Unkown
Unidentified JS 004
2020-06-24Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20200624:is:3ee7fad, author = {Marco Ramilli}, title = {{Is upatre downloader coming back ?}}, date = {2020-06-24}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2020/06/24/is-upatre-downloader-coming-back/}, language = {English}, urldate = {2020-06-24} } Is upatre downloader coming back ?
Upatre
2020-01-15Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20200115:iranian:d37840a, author = {Marco Ramilli}, title = {{Iranian Threat Actors: Preliminary Analysis}}, date = {2020-01-15}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2020/01/15/iranian-threat-actors-preliminary-analysis/}, language = {English}, urldate = {2020-01-17} } Iranian Threat Actors: Preliminary Analysis
POWERSTATS
2019-12-05Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20191205:apt28:aa3defd, author = {Marco Ramilli}, title = {{APT28 Attacks Evolution}}, date = {2019-12-05}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2019/12/05/apt28-attacks-evolution/}, language = {English}, urldate = {2019-12-17} } APT28 Attacks Evolution
APT28
2019-11-04Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20191104:is:79a8669, author = {Marco Ramilli}, title = {{Is Lazarus/APT38 Targeting Critical Infrastructures?}}, date = {2019-11-04}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2019/11/04/is-lazarus-apt38-targeting-critical-infrastructures/}, language = {English}, urldate = {2020-01-07} } Is Lazarus/APT38 Targeting Critical Infrastructures?
Dtrack
2019-10-28Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20191028:sweed:bce7adf, author = {Marco Ramilli}, title = {{SWEED Targeting Precision Engineering Companies in Italy}}, date = {2019-10-28}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2019/10/28/sweed-targeting-precision-engineering-companies-in-italy/}, language = {English}, urldate = {2019-12-17} } SWEED Targeting Precision Engineering Companies in Italy
Loki Password Stealer (PWS)
2019-05-02Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20190502:apt34:06f5d53, author = {Marco Ramilli}, title = {{APT34: Glimpse project}}, date = {2019-05-02}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2019/05/02/apt34-glimpse-project/}, language = {English}, urldate = {2020-01-13} } APT34: Glimpse project
BONDUPDATER
2018-08-20Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20180820:interesting:14ea764, author = {Marco Ramilli}, title = {{Interesting hidden threat since years ?}}, date = {2018-08-20}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2018/08/20/interesting-hidden-threat-since-years/}, language = {English}, urldate = {2019-12-23} } Interesting hidden threat since years ?
AdWind