Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-29NTTNTT Security Holdings Corporation
@techreport{corporation:20220929:report:1615dab, author = {NTT Security Holdings Corporation}, title = {{Report on APT Attacks by BlackTech}}, date = {2022-09-29}, institution = {NTT}, url = {https://jp.security.ntt/resources/EN-BlackTech_2021.pdf}, language = {English}, urldate = {2022-09-30} } Report on APT Attacks by BlackTech
Bifrost PLEAD TSCookie Flagpro Gh0stTimes SelfMake Loader SPIDERPIG RAT
2022-07-20Cert-UACert-UA
@online{certua:20220720:cyberattack:3450ba8, author = {Cert-UA}, title = {{Cyberattack on State Organizations of Ukraine using the topic OK "South" and the malicious program AgentTesla (CERT-UA#4987)}}, date = {2022-07-20}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/861292}, language = {Ukrainian}, urldate = {2022-07-25} } Cyberattack on State Organizations of Ukraine using the topic OK "South" and the malicious program AgentTesla (CERT-UA#4987)
Agent Tesla
2022-05-11NTT Security HoldingsNTT Security Holdings
@online{holdings:20220511:analysis:646c94e, author = {NTT Security Holdings}, title = {{Analysis of an Iranian APTs “E400” PowGoop Variant Reveals Dozens of Control Servers Dating Back to 2020}}, date = {2022-05-11}, organization = {NTT Security Holdings}, url = {https://www.security.ntt/blog/analysis-of-an-iranian-apts-e400-powgoop-variant}, language = {English}, urldate = {2022-05-25} } Analysis of an Iranian APTs “E400” PowGoop Variant Reveals Dozens of Control Servers Dating Back to 2020
PowGoop
2022-05-11NTTRyu Hiyoshi
@online{hiyoshi:20220511:operation:b5a845d, author = {Ryu Hiyoshi}, title = {{Operation RestyLink: Targeted attack campaign targeting Japanese companies}}, date = {2022-05-11}, organization = {NTT}, url = {https://insight-jp.nttsecurity.com/post/102ho8o/operation-restylink}, language = {Japanese}, urldate = {2022-05-11} } Operation RestyLink: Targeted attack campaign targeting Japanese companies
Cobalt Strike
2022-03-26forensicitguyTony Lambert
@online{lambert:20220326:agenttesla:edea93d, author = {Tony Lambert}, title = {{An AgentTesla Sample Using VBA Macros and Certutil}}, date = {2022-03-26}, organization = {forensicitguy}, url = {https://forensicitguy.github.io/agenttesla-vba-certutil-download/}, language = {English}, urldate = {2022-03-28} } An AgentTesla Sample Using VBA Macros and Certutil
Agent Tesla
2022-02-06forensicitguyTony Lambert
@online{lambert:20220206:agenttesla:6d362f7, author = {Tony Lambert}, title = {{AgentTesla From RTF Exploitation to .NET Tradecraft}}, date = {2022-02-06}, organization = {forensicitguy}, url = {https://forensicitguy.github.io/agenttesla-rtf-dotnet-tradecraft/}, language = {English}, urldate = {2022-02-07} } AgentTesla From RTF Exploitation to .NET Tradecraft
Agent Tesla
2021-12-28NTTHiroki Hada
@online{hada:20211228:flagpro:1263fb7, author = {Hiroki Hada}, title = {{Flagpro: The new malware used by BlackTech}}, date = {2021-12-28}, organization = {NTT}, url = {https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech}, language = {English}, urldate = {2021-12-31} } Flagpro: The new malware used by BlackTech
Flagpro
2021-12-08YouTube ( DuMp-GuY TrIcKsTeR)Jiří Vinopal
@online{vinopal:20211208:full:4bf6148, author = {Jiří Vinopal}, title = {{Full malware analysis Work-Flow of AgentTesla Malware}}, date = {2021-12-08}, organization = {YouTube ( DuMp-GuY TrIcKsTeR)}, url = {https://youtu.be/QQuRp7Qiuzg}, language = {English}, urldate = {2021-12-08} } Full malware analysis Work-Flow of AgentTesla Malware
Agent Tesla
2021-12-02AhnLabASEC Analysis Team
@online{team:20211202:spreading:82866e8, author = {ASEC Analysis Team}, title = {{Spreading AgentTesla through more sophisticated malicious PPT}}, date = {2021-12-02}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/29133/}, language = {Korean}, urldate = {2021-12-07} } Spreading AgentTesla through more sophisticated malicious PPT
Agent Tesla
2021-11-22YouTube ( DuMp-GuY TrIcKsTeR)Jiří Vinopal
@online{vinopal:20211122:powershell:37baf25, author = {Jiří Vinopal}, title = {{Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part1]}}, date = {2021-11-22}, organization = {YouTube ( DuMp-GuY TrIcKsTeR)}, url = {https://youtu.be/hxaeWyK8gMI}, language = {English}, urldate = {2021-11-26} } Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part1]
Agent Tesla
2021-11-22YouTube ( DuMp-GuY TrIcKsTeR)Jiří Vinopal
@online{vinopal:20211122:powershell:b15c355, author = {Jiří Vinopal}, title = {{Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part2]}}, date = {2021-11-22}, organization = {YouTube ( DuMp-GuY TrIcKsTeR)}, url = {https://youtu.be/BM38OshcozE}, language = {English}, urldate = {2021-11-26} } Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part2]
Agent Tesla
2021-11-12Living CodeDominik Degroot
@online{degroot:20211112:agenttesla:d69002b, author = {Dominik Degroot}, title = {{AgentTesla dropped via NSIS installer}}, date = {2021-11-12}, organization = {Living Code}, url = {http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/}, language = {English}, urldate = {2021-11-17} } AgentTesla dropped via NSIS installer
Agent Tesla
2021-10-19NTTThreat Detection Team Security division of NTT
@online{ntt:20211019:layered:92e34d1, author = {Threat Detection Team Security division of NTT}, title = {{The layered infrastructure operated by APT29}}, date = {2021-10-19}, organization = {NTT}, url = {https://services.global.ntt/en-us/insights/blog/the-layered-infrastructure-operated-by-apt29}, language = {English}, urldate = {2021-12-31} } The layered infrastructure operated by APT29
elf.wellmess
2021-10-13Anchored Narratives on Threat Intelligence and GeopoliticsRJM
@online{rjm:20211013:trouble:c988e46, author = {RJM}, title = {{Trouble in Asia and the Middle East. Tracking the TransparentTribe threat actor.}}, date = {2021-10-13}, organization = {Anchored Narratives on Threat Intelligence and Geopolitics}, url = {https://anchorednarratives.substack.com/p/trouble-in-asia-and-the-middle-east}, language = {English}, urldate = {2021-10-14} } Trouble in Asia and the Middle East. Tracking the TransparentTribe threat actor.
Crimson RAT
2021-10-08NTTHiroki Hada, Rintaro Koike, Fumio Ozawa
@online{hada:20211008:malware:bfcbd46, author = {Hiroki Hada and Rintaro Koike and Fumio Ozawa}, title = {{Malware Flagpro used by targeted attack group BlackTech}}, date = {2021-10-08}, organization = {NTT}, url = {https://insight-jp.nttsecurity.com/post/102h7vx/blacktechflagpro}, language = {Japanese}, urldate = {2021-10-24} } Malware Flagpro used by targeted attack group BlackTech
Flagpro
2021-06-18YouTube (jnpc)Yuu Arai, Twitter (@yarai1978)
@online{arai:20210618:cyber:efd5b54, author = {Yuu Arai and Twitter (@yarai1978)}, title = {{"Cyber ​​Security" Yu Arai, NTT DATA Executive Security Analyst}}, date = {2021-06-18}, organization = {YouTube (jnpc)}, url = {https://www.youtube.com/watch?v=2GRhJgF49vA&ab_channel=jnpc}, language = {Japanese}, urldate = {2021-06-22} } "Cyber ​​Security" Yu Arai, NTT DATA Executive Security Analyst
2021-05-11Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210511:snip3:69a4650, author = {Microsoft Security Intelligence}, title = {{Tweet on Snip3 crypter delivering AsyncRAT or AgentTesla}}, date = {2021-05-11}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1392219299696152578}, language = {English}, urldate = {2021-05-13} } Tweet on Snip3 crypter delivering AsyncRAT or AgentTesla
Agent Tesla AsyncRAT
2021-04-29NTTThreat Detection NTT Ltd.
@techreport{ltd:20210429:operations:a7ad0d4, author = {Threat Detection NTT Ltd.}, title = {{The Operations of Winnti group}}, date = {2021-04-29}, institution = {NTT}, url = {https://hello.global.ntt/-/media/ntt/global/insights/white-papers/the-operations-of-winnti-group.pdf}, language = {English}, urldate = {2021-08-09} } The Operations of Winnti group
Cobalt Strike ShadowPad Spyder Winnti Earth Lusca
2021-04-04menshaway blogspotMahmoud Morsy
@online{morsy:20210404:technical:197b7c7, author = {Mahmoud Morsy}, title = {{Technical report of AgentTesla}}, date = {2021-04-04}, organization = {menshaway blogspot}, url = {https://menshaway.blogspot.com/2021/04/agenttesla-malware.html}, language = {English}, urldate = {2021-04-06} } Technical report of AgentTesla
Agent Tesla
2021-04-01Medium mikko-kenttalaMikko Kenttälä
@online{kenttl:20210401:zero:76c0fc0, author = {Mikko Kenttälä}, title = {{Zero click vulnerability in Apple’s macOS Mail}}, date = {2021-04-01}, organization = {Medium mikko-kenttala}, url = {https://mikko-kenttala.medium.com/zero-click-vulnerability-in-apples-macos-mail-59e0c14b106c}, language = {English}, urldate = {2021-04-06} } Zero click vulnerability in Apple’s macOS Mail