Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-10-07KasperskyAseel Kayal, Mark Lechtik, Paul Rascagnères
@techreport{kayal:20211007:lyceum:395a41f, author = {Aseel Kayal and Mark Lechtik and Paul Rascagnères}, title = {{LYCEUM Reborn: Counterintelligence in the Middle East}}, date = {2021-10-07}, institution = {Kaspersky}, url = {https://vblocalhost.com/uploads/VB2021-Kayal-etal.pdf}, language = {English}, urldate = {2021-10-25} } LYCEUM Reborn: Counterintelligence in the Middle East
danbot
2021-09-30KasperskyMark Lechtik, Aseel Kayal, Paul Rascagnères, Vasily Berdnikov
@online{lechtik:20210930:ghostemperor:f7bdb63, author = {Mark Lechtik and Aseel Kayal and Paul Rascagnères and Vasily Berdnikov}, title = {{GhostEmperor: From ProxyLogon to kernel mode}}, date = {2021-09-30}, organization = {Kaspersky}, url = {https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/}, language = {English}, urldate = {2021-10-05} } GhostEmperor: From ProxyLogon to kernel mode
GhostEmperor
2021-07-14KasperskyMark Lechtik, Paul Rascagnères, Aseel Kayal
@online{lechtik:20210714:luminousmoth:a5cf19d, author = {Mark Lechtik and Paul Rascagnères and Aseel Kayal}, title = {{LuminousMoth APT: Sweeping attacks for the chosen few}}, date = {2021-07-14}, organization = {Kaspersky}, url = {https://securelist.com/apt-luminousmoth/103332/}, language = {English}, urldate = {2021-07-20} } LuminousMoth APT: Sweeping attacks for the chosen few
Cobalt Strike
2021-05-06KasperskyMark Lechtik, Giampaolo Dedola
@online{lechtik:20210506:operation:b437cc1, author = {Mark Lechtik and Giampaolo Dedola}, title = {{Operation TunnelSnake}}, date = {2021-05-06}, organization = {Kaspersky}, url = {https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/}, language = {English}, urldate = {2021-05-08} } Operation TunnelSnake
Moriya
2021-04-05KasperskyIvan Kwiatkowski, Pierre Delcher, Mark Lechtik
@online{kwiatkowski:20210405:leap:9f488d4, author = {Ivan Kwiatkowski and Pierre Delcher and Mark Lechtik}, title = {{The leap of a Cycldek-related threat actor}}, date = {2021-04-05}, organization = {Kaspersky}, url = {https://securelist.com/the-leap-of-a-cycldek-related-threat-actor/101243/}, language = {English}, urldate = {2021-04-14} } The leap of a Cycldek-related threat actor
2020-10-05Kaspersky LabsMark Lechtik, Igor Kuznetsov
@techreport{lechtik:20201005:mosaicregressor:9e14a30, author = {Mark Lechtik and Igor Kuznetsov}, title = {{MosaicRegressor: Lurking in the Shadows of UEFI (Technical Details)}}, date = {2020-10-05}, institution = {Kaspersky Labs}, url = {https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/10/05094208/MosaicRegressor_Technical-details.pdf}, language = {English}, urldate = {2020-10-08} } MosaicRegressor: Lurking in the Shadows of UEFI (Technical Details)
2020-10-05Kaspersky LabsMark Lechtik, Igor Kuznetsov
@online{lechtik:20201005:mosaicregressor:66ce234, author = {Mark Lechtik and Igor Kuznetsov}, title = {{MosaicRegressor: Lurking in the Shadows of UEFI}}, date = {2020-10-05}, organization = {Kaspersky Labs}, url = {https://securelist.com/mosaicregressor/98849/}, language = {English}, urldate = {2020-10-08} } MosaicRegressor: Lurking in the Shadows of UEFI
2020-09-24CAROMark Lechtik, Giampaolo Dedola
@online{lechtik:20200924:cycldek:8b488b1, author = {Mark Lechtik and Giampaolo Dedola}, title = {{Cycldek aka Goblin Panda: Chronicles of the Goblin}}, date = {2020-09-24}, organization = {CARO}, url = {https://drive.google.com/file/d/11otA_VmL061KcFC5MhDYuNdIKHYbpyrd/view}, language = {English}, urldate = {2020-09-25} } Cycldek aka Goblin Panda: Chronicles of the Goblin
NewCore RAT USBCulprit
2020-06-03Kaspersky LabsGReAT, Mark Lechtik, Giampaolo Dedola
@online{great:20200603:cycldek:ed9a830, author = {GReAT and Mark Lechtik and Giampaolo Dedola}, title = {{Cycldek: Bridging the (air) gap}}, date = {2020-06-03}, organization = {Kaspersky Labs}, url = {https://securelist.com/cycldek-bridging-the-air-gap/97157/}, language = {English}, urldate = {2020-06-03} } Cycldek: Bridging the (air) gap
8.t Dropper NewCore RAT PlugX USBCulprit Hellsing
2020-05-07AVARMark Lechtik, Ariel Jugnheit
@online{lechtik:20200507:north:3cfaf43, author = {Mark Lechtik and Ariel Jugnheit}, title = {{The North Korean AV Anthology: a unique look on DPRK’s Anti-Virus market}}, date = {2020-05-07}, organization = {AVAR}, url = {https://drive.google.com/file/d/1lq0Sjw4FKBxf017Ss7W7uGMvs7CgFzcA/view}, language = {English}, urldate = {2020-05-07} } The North Korean AV Anthology: a unique look on DPRK’s Anti-Virus market
Volgmer
2018-06-12Check Point ResearchMark Lechtik
@online{lechtik:20180612:deep:67efc2c, author = {Mark Lechtik}, title = {{Deep Dive into UPAS Kit vs. Kronos}}, date = {2018-06-12}, organization = {Check Point Research}, url = {https://research.checkpoint.com/deep-dive-upas-kit-vs-kronos/}, language = {English}, urldate = {2020-01-07} } Deep Dive into UPAS Kit vs. Kronos
UPAS
2018-02-04Check PointMark Lechtik
@online{lechtik:20180204:dorkbot:7c9daf2, author = {Mark Lechtik}, title = {{DorkBot: An Investigation}}, date = {2018-02-04}, organization = {Check Point}, url = {https://research.checkpoint.com/dorkbot-an-investigation/}, language = {English}, urldate = {2020-01-09} } DorkBot: An Investigation
NgrBot