Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-10-02ESET ResearchMatthieu Faou
@online{faou:20201002:xdspy:c3724c7, author = {Matthieu Faou}, title = {{XDSpy: Stealing government secrets since 2011}}, date = {2020-10-02}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2020/10/02/xdspy-stealing-government-secrets-since-2011/}, language = {English}, urldate = {2020-10-05} } XDSpy: Stealing government secrets since 2011
XDSpy XDSpy
2020-10-01Github (eset)Matthieu Faou
@online{faou:20201001:xdspy:33a6429, author = {Matthieu Faou}, title = {{XDSpy Indicators of Compromise}}, date = {2020-10-01}, organization = {Github (eset)}, url = {https://github.com/eset/malware-ioc/tree/master/xdspy/}, language = {English}, urldate = {2020-10-08} } XDSpy Indicators of Compromise
XDSpy XDSpy
2020-09-30Virus BulletinMatthieu Faou, Francis Labelle
@techreport{faou:20200930:xdspy:3189c15, author = {Matthieu Faou and Francis Labelle}, title = {{XDSPY: STEALING GOVERNMENT SECRETS SINCE 2011}}, date = {2020-09-30}, institution = {Virus Bulletin}, url = {https://vblocalhost.com/uploads/VB2020-Faou-Labelle.pdf}, language = {English}, urldate = {2020-10-08} } XDSPY: STEALING GOVERNMENT SECRETS SINCE 2011
XDSpy XDSpy
2020-09-02ESET ResearchMatthieu Faou, Alexandre Côté Cyr
@online{faou:20200902:kryptocibule:9fb272b, author = {Matthieu Faou and Alexandre Côté Cyr}, title = {{KryptoCibule: The multitasking multicurrency cryptostealer}}, date = {2020-09-02}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2020/09/02/kryptocibule-multitasking-multicurrency-cryptostealer/}, language = {English}, urldate = {2020-09-03} } KryptoCibule: The multitasking multicurrency cryptostealer
KryptoCibule
2020-05-26ESET ResearchMatthieu Faou
@techreport{faou:20200526:from:89e2854, author = {Matthieu Faou}, title = {{From Agent.BTZ to ComRAT v4: A ten‑year journey (White Paper)}}, date = {2020-05-26}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf}, language = {English}, urldate = {2020-05-27} } From Agent.BTZ to ComRAT v4: A ten‑year journey (White Paper)
Agent.BTZ
2020-05-26ESET ResearchMatthieu Faou
@online{faou:20200526:from:804e2da, author = {Matthieu Faou}, title = {{From Agent.BTZ to ComRAT v4: A ten‑year journey}}, date = {2020-05-26}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2020/05/26/agentbtz-comratv4-ten-year-journey/}, language = {English}, urldate = {2020-05-27} } From Agent.BTZ to ComRAT v4: A ten‑year journey
Agent.BTZ
2020-03-12ESET ResearchMatthieu Faou
@online{faou:20200312:tracking:913d16e, author = {Matthieu Faou}, title = {{Tracking Turla: New backdoor delivered via Armenian watering holes}}, date = {2020-03-12}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2020/03/12/tracking-turla-new-backdoor-armenian-watering-holes/}, language = {English}, urldate = {2020-03-13} } Tracking Turla: New backdoor delivered via Armenian watering holes
LightNeuron Mosquito NetFlash Skipper
2019-10-17ESET ResearchMatthieu Faou, Mathieu Tartare, Thomas Dupuy
@techreport{faou:20191017:operation:b695c9b, author = {Matthieu Faou and Mathieu Tartare and Thomas Dupuy}, title = {{OPERATION GHOST The Dukes aren’t back — they never left}}, date = {2019-10-17}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Operation_Ghost_Dukes.pdf}, language = {English}, urldate = {2020-05-18} } OPERATION GHOST The Dukes aren’t back — they never left
FatDuke
2019-05-29ESET ResearchMatthieu Faou, Romain Dumont
@online{faou:20190529:dive:3afd32e, author = {Matthieu Faou and Romain Dumont}, title = {{A dive into Turla PowerShell usage}}, date = {2019-05-29}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/}, language = {English}, urldate = {2019-11-14} } A dive into Turla PowerShell usage
PowerShellRunner TurlaRPC
2019-05-07ESET ResearchMatthieu Faou
@online{faou:20190507:turla:0300283, author = {Matthieu Faou}, title = {{Turla LightNeuron: An email too far}}, date = {2019-05-07}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2019/05/07/turla-lightneuron-email-too-far/}, language = {English}, urldate = {2019-11-14} } Turla LightNeuron: An email too far
LightNeuron
2019-05ESET ResearchMatthieu Faou
@techreport{faou:201905:turla:5a8a05f, author = {Matthieu Faou}, title = {{TURLA LIGHTNEURON: One email away from remote code execution}}, date = {2019-05}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf}, language = {English}, urldate = {2020-01-08} } TURLA LIGHTNEURON: One email away from remote code execution
LightNeuron
2018-09-05ESET ResearchMatthieu Faou
@online{faou:20180905:powerpool:5cde83e, author = {Matthieu Faou}, title = {{PowerPool malware exploits ALPC LPE zero‑day vulnerability}}, date = {2018-09-05}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2018/09/05/powerpool-malware-exploits-zero-day-vulnerability/}, language = {English}, urldate = {2019-11-14} } PowerPool malware exploits ALPC LPE zero‑day vulnerability
ALPC Local PrivEsc PowerPool
2017-07-20ESET ResearchFrédéric Vachon, Matthieu Faou
@online{vachon:20170720:stantinko:6ae2184, author = {Frédéric Vachon and Matthieu Faou}, title = {{Stantinko: A massive adware campaign operating covertly since 2012}}, date = {2017-07-20}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2017/07/20/stantinko-massive-adware-campaign-operating-covertly-since-2012/}, language = {English}, urldate = {2019-11-14} } Stantinko: A massive adware campaign operating covertly since 2012
Stantinko
2017-02ESET ResearchMatthieu Faou, Jean-Ian Boutin
@techreport{faou:201702:read:03c3c9e, author = {Matthieu Faou and Jean-Ian Boutin}, title = {{Read The Manual: A Guide to the RTM Banking Trojan}}, date = {2017-02}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf}, language = {English}, urldate = {2019-11-25} } Read The Manual: A Guide to the RTM Banking Trojan
RTM RTM