Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-06NCC GroupRoss Inman, Peter Gurney
@online{inman:20220606:shining:4e6cd58, author = {Ross Inman and Peter Gurney}, title = {{Shining the Light on Black Basta}}, date = {2022-06-06}, organization = {NCC Group}, url = {https://research.nccgroup.com/2022/06/06/shining-the-light-on-black-basta/}, language = {English}, urldate = {2022-06-07} } Shining the Light on Black Basta
Black Basta
2022-05-05NCC GroupMichael Matthews, Nikolaos Pantazopoulos
@online{matthews:20220505:north:22bd1ef, author = {Michael Matthews and Nikolaos Pantazopoulos}, title = {{North Korea’s Lazarus: their initial access trade-craft using social media and social engineering}}, date = {2022-05-05}, organization = {NCC Group}, url = {https://research.nccgroup.com/2022/05/05/north-koreas-lazarus-and-their-initial-access-trade-craft-using-social-media-and-social-engineering/}, language = {English}, urldate = {2022-05-05} } North Korea’s Lazarus: their initial access trade-craft using social media and social engineering
LCPDot
2022-04-29NCC GroupMike Stokkel, Nikolaos Totosis, Nikolaos Pantazopoulos
@online{stokkel:20220429:adventures:7be43ad, author = {Mike Stokkel and Nikolaos Totosis and Nikolaos Pantazopoulos}, title = {{Adventures in the land of BumbleBee – a new malicious loader}}, date = {2022-04-29}, organization = {NCC Group}, url = {https://research.nccgroup.com/2022/04/29/adventures-in-the-land-of-bumblebee-a-new-malicious-loader/}, language = {English}, urldate = {2022-04-29} } Adventures in the land of BumbleBee – a new malicious loader
BazarBackdoor BumbleBee Conti
2022-03-03NCC GroupRIFT: Research and Intelligence Fusion Team
@online{team:20220303:sharkbot:da02f61, author = {RIFT: Research and Intelligence Fusion Team}, title = {{SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store}}, date = {2022-03-03}, organization = {NCC Group}, url = {https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/}, language = {English}, urldate = {2022-03-04} } SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
SharkBot
2022-02-17NCC GroupSimon Biggs, Richard Footman, Michael Mullen
@online{biggs:20220217:detecting:95e53bb, author = {Simon Biggs and Richard Footman and Michael Mullen}, title = {{Detecting Karakurt – an extortion focused threat actor}}, date = {2022-02-17}, organization = {NCC Group}, url = {https://research.nccgroup.com/2022/02/17/detecting-karakurt-an-extortion-focused-threat-actor/}, language = {English}, urldate = {2022-02-26} } Detecting Karakurt – an extortion focused threat actor
2021-12-12NCC GroupRIFT: Research and Intelligence Fusion Team
@online{team:20211212:log4shell:6021235, author = {RIFT: Research and Intelligence Fusion Team}, title = {{Log4Shell: Reconnaissance and post exploitation network detection}}, date = {2021-12-12}, organization = {NCC Group}, url = {https://research.nccgroup.com/2021/12/12/log4shell-reconnaissance-and-post-exploitation-network-detection/}, language = {English}, urldate = {2022-01-31} } Log4Shell: Reconnaissance and post exploitation network detection
2021-12-01NCC GroupNikolaos Pantazopoulos, Michael Sandee
@online{pantazopoulos:20211201:tracking:b67c8f7, author = {Nikolaos Pantazopoulos and Michael Sandee}, title = {{Tracking a P2P network related to TA505}}, date = {2021-12-01}, organization = {NCC Group}, url = {https://research.nccgroup.com/2021/12/01/tracking-a-p2p-network-related-with-ta505/}, language = {English}, urldate = {2021-12-01} } Tracking a P2P network related to TA505
FlawedGrace Necurs
2021-11-08NCC GroupRIFT: Research and Intelligence Fusion Team
@online{team:20211108:ta505:5a3c385, author = {RIFT: Research and Intelligence Fusion Team}, title = {{TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access}}, date = {2021-11-08}, organization = {NCC Group}, url = {https://research.nccgroup.com/2021/11/08/ta505-exploits-solarwinds-serv-u-vulnerability-cve-2021-35211-for-initial-access/}, language = {English}, urldate = {2021-11-09} } TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access
2021-10-11NCC GroupNCCGroup
@online{nccgroup:20211011:snapmc:d2395ab, author = {NCCGroup}, title = {{SnapMC skips ransomware, steals data}}, date = {2021-10-11}, organization = {NCC Group}, url = {https://blog.fox-it.com/2021/10/11/snapmc-skips-ransomware-steals-data/}, language = {English}, urldate = {2021-10-25} } SnapMC skips ransomware, steals data
2021-09-23NCC GroupMichael Gough
@online{gough:20210923:detecting:b1e724e, author = {Michael Gough}, title = {{Detecting and Hunting for the PetitPotam NTLM Relay Attack}}, date = {2021-09-23}, organization = {NCC Group}, url = {https://research.nccgroup.com/2021/09/23/detecting-and-hunting-for-the-petitpotam-ntlm-relay-attack/}, language = {English}, urldate = {2021-09-29} } Detecting and Hunting for the PetitPotam NTLM Relay Attack
2021-06-15NCC GroupNCC RIFT, Michael Matthews, William Backhouse
@online{rift:20210615:handy:b76df78, author = {NCC RIFT and Michael Matthews and William Backhouse}, title = {{Handy guide to a new Fivehands ransomware variant}}, date = {2021-06-15}, organization = {NCC Group}, url = {https://research.nccgroup.com/2021/06/15/handy-guide-to-a-new-fivehands-ransomware-variant/}, language = {English}, urldate = {2021-06-16} } Handy guide to a new Fivehands ransomware variant
FiveHands
2021-05-04NCC Groupfumik0, NCC RIFT
@online{fumik0:20210504:rm3:cd994e6, author = {fumik0 and NCC RIFT}, title = {{RM3 – Curiosities of the wildest banking malware}}, date = {2021-05-04}, organization = {NCC Group}, url = {https://research.nccgroup.com/2021/05/04/rm3-curiosities-of-the-wildest-banking-malware/}, language = {English}, urldate = {2021-05-19} } RM3 – Curiosities of the wildest banking malware
ISFB
2021-03-04NCC GroupOllie Whitehouse
@online{whitehouse:20210304:deception:7435450, author = {Ollie Whitehouse}, title = {{Deception Engineering: exploring the use of Windows Service Canaries against ransomware}}, date = {2021-03-04}, organization = {NCC Group}, url = {https://research.nccgroup.com/2021/03/04/deception-engineering-exploring-the-use-of-windows-service-canaries-against-ransomware/}, language = {English}, urldate = {2021-03-11} } Deception Engineering: exploring the use of Windows Service Canaries against ransomware
Ryuk
2021-01-23NCC GroupNCC RIFT
@online{rift:20210123:rift:deea717, author = {NCC RIFT}, title = {{RIFT: Analysing a Lazarus Shellcode Execution Method}}, date = {2021-01-23}, organization = {NCC Group}, url = {https://research.nccgroup.com/2021/01/23/rift-analysing-a-lazarus-shellcode-execution-method/}, language = {English}, urldate = {2021-01-25} } RIFT: Analysing a Lazarus Shellcode Execution Method
2020-07-05NCC GroupNCC RIFT
@online{rift:20200705:rift:8b05486, author = {NCC RIFT}, title = {{RIFT: F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 Intelligence}}, date = {2020-07-05}, organization = {NCC Group}, url = {https://research.nccgroup.com/2020/07/05/rift-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902-intelligence/}, language = {English}, urldate = {2020-07-08} } RIFT: F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 Intelligence
2020-06-23NCC GroupNikolaos Pantazopoulos, Stefano Antenucci, Michael Sandee
@online{pantazopoulos:20200623:wastedlocker:112d6b3, author = {Nikolaos Pantazopoulos and Stefano Antenucci and Michael Sandee}, title = {{WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group}}, date = {2020-06-23}, organization = {NCC Group}, url = {https://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/}, language = {English}, urldate = {2020-06-23} } WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group
Cobalt Strike ISFB WastedLocker
2020-06-15NCC GroupExploit Development Group
@online{group:20200615:striking:8fdf4bb, author = {Exploit Development Group}, title = {{Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability}}, date = {2020-06-15}, organization = {NCC Group}, url = {https://research.nccgroup.com/2020/06/15/striking-back-at-retired-cobalt-strike-a-look-at-a-legacy-vulnerability/}, language = {English}, urldate = {2020-06-16} } Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability
Cobalt Strike
2020-06-02NCC GroupNikolaos Pantazopoulos, Stefano Antenucci
@online{pantazopoulos:20200602:indepth:bc09c9f, author = {Nikolaos Pantazopoulos and Stefano Antenucci}, title = {{In-depth analysis of the new Team9 malware family}}, date = {2020-06-02}, organization = {NCC Group}, url = {https://research.nccgroup.com/2020/06/02/in-depth-analysis-of-the-new-team9-malware-family/}, language = {English}, urldate = {2020-06-03} } In-depth analysis of the new Team9 malware family
BazarBackdoor
2020-05-27NCC GroupAaron Greetham
@online{greetham:20200527:detecting:ec59314, author = {Aaron Greetham}, title = {{Detecting Rclone – An Effective Tool for Exfiltration}}, date = {2020-05-27}, organization = {NCC Group}, url = {https://research.nccgroup.com/2021/05/27/detecting-rclone-an-effective-tool-for-exfiltration/}, language = {English}, urldate = {2021-06-11} } Detecting Rclone – An Effective Tool for Exfiltration
2018-06-12NCC GroupBen Humphrey
@online{humphrey:20180612:cve20178570:4d94250, author = {Ben Humphrey}, title = {{CVE-2017-8570 RTF and the Sisfader RAT}}, date = {2018-06-12}, organization = {NCC Group}, url = {https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/june/cve-2017-8750-rtf-and-the-sisfader-rat/}, language = {English}, urldate = {2020-01-07} } CVE-2017-8570 RTF and the Sisfader RAT
Sisfader