Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-24ZscalerBrett Stone-Gross, Nikolaos Pantazopoulos
@online{stonegross:20230524:technical:0fd35e0, author = {Brett Stone-Gross and Nikolaos Pantazopoulos}, title = {{Technical Analysis of Pikabot}}, date = {2023-05-24}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/technical-analysis-pikabot}, language = {English}, urldate = {2023-05-26} } Technical Analysis of Pikabot
Pikabot
2023-03-30ZscalerJavier Vicente, Brett Stone-Gross, Nikolaos Pantazopoulos
@online{vicente:20230330:technical:99c71e1, author = {Javier Vicente and Brett Stone-Gross and Nikolaos Pantazopoulos}, title = {{Technical Analysis of Xloader’s Code Obfuscation in Version 4.3}}, date = {2023-03-30}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/technical-analysis-xloaders-code-obfuscation-version-43}, language = {English}, urldate = {2023-09-07} } Technical Analysis of Xloader’s Code Obfuscation in Version 4.3
Formbook
2023-02-21ZscalerNikolaos Pantazopoulos, Sarthak Misraa
@online{pantazopoulos:20230221:technical:f0dc423, author = {Nikolaos Pantazopoulos and Sarthak Misraa}, title = {{Technical Analysis of Rhadamanthys Obfuscation Techniques}}, date = {2023-02-21}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/technical-analysis-rhadamanthys-obfuscation-techniques}, language = {English}, urldate = {2023-08-16} } Technical Analysis of Rhadamanthys Obfuscation Techniques
Rhadamanthys
2022-09-30NCC GroupWilliam Backhouse, Michael Mullen, Nikolaos Pantazopoulos
@online{backhouse:20220930:glimpse:5194be6, author = {William Backhouse and Michael Mullen and Nikolaos Pantazopoulos}, title = {{A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion}}, date = {2022-09-30}, organization = {NCC Group}, url = {https://research.nccgroup.com/2022/09/30/a-glimpse-into-the-shadowy-realm-of-a-chinese-apt-detailed-analysis-of-a-shadowpad-intrusion/}, language = {English}, urldate = {2022-10-04} } A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion
ShadowPad
2022-05-05NCC GroupMichael Matthews, Nikolaos Pantazopoulos
@online{matthews:20220505:north:22bd1ef, author = {Michael Matthews and Nikolaos Pantazopoulos}, title = {{North Korea’s Lazarus: their initial access trade-craft using social media and social engineering}}, date = {2022-05-05}, organization = {NCC Group}, url = {https://research.nccgroup.com/2022/05/05/north-koreas-lazarus-and-their-initial-access-trade-craft-using-social-media-and-social-engineering/}, language = {English}, urldate = {2022-05-05} } North Korea’s Lazarus: their initial access trade-craft using social media and social engineering
LCPDot
2022-04-29NCC GroupMike Stokkel, Nikolaos Totosis, Nikolaos Pantazopoulos
@online{stokkel:20220429:adventures:7be43ad, author = {Mike Stokkel and Nikolaos Totosis and Nikolaos Pantazopoulos}, title = {{Adventures in the land of BumbleBee – a new malicious loader}}, date = {2022-04-29}, organization = {NCC Group}, url = {https://research.nccgroup.com/2022/04/29/adventures-in-the-land-of-bumblebee-a-new-malicious-loader/}, language = {English}, urldate = {2022-04-29} } Adventures in the land of BumbleBee – a new malicious loader
BazarBackdoor BumbleBee Conti
2022-03-31nccgroupNikolaos Pantazopoulos, Alex Jessop, Simon Biggs, RIFT: Research and Intelligence Fusion Team
@online{pantazopoulos:20220331:continuation:b38514d, author = {Nikolaos Pantazopoulos and Alex Jessop and Simon Biggs and RIFT: Research and Intelligence Fusion Team}, title = {{Conti-nuation: methods and techniques observed in operations post the leaks}}, date = {2022-03-31}, organization = {nccgroup}, url = {https://research.nccgroup.com/2022/03/31/conti-nuation-methods-and-techniques-observed-in-operations-post-the-leaks/}, language = {English}, urldate = {2022-03-31} } Conti-nuation: methods and techniques observed in operations post the leaks
Cobalt Strike Conti QakBot
2021-12-01NCC GroupNikolaos Pantazopoulos, Michael Sandee
@online{pantazopoulos:20211201:tracking:b67c8f7, author = {Nikolaos Pantazopoulos and Michael Sandee}, title = {{Tracking a P2P network related to TA505}}, date = {2021-12-01}, organization = {NCC Group}, url = {https://research.nccgroup.com/2021/12/01/tracking-a-p2p-network-related-with-ta505/}, language = {English}, urldate = {2021-12-01} } Tracking a P2P network related to TA505
FlawedGrace Necurs
2020-06-23NCC GroupNikolaos Pantazopoulos, Stefano Antenucci, Michael Sandee
@online{pantazopoulos:20200623:wastedlocker:112d6b3, author = {Nikolaos Pantazopoulos and Stefano Antenucci and Michael Sandee}, title = {{WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group}}, date = {2020-06-23}, organization = {NCC Group}, url = {https://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/}, language = {English}, urldate = {2020-06-23} } WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group
Cobalt Strike ISFB WastedLocker
2020-06-02Fox-ITNikolaos Pantazopoulos, Stefano Antenucci, NCC RIFT
@online{pantazopoulos:20200602:indepth:f43e58f, author = {Nikolaos Pantazopoulos and Stefano Antenucci and NCC RIFT}, title = {{In-depth analysis of the new Team9 malware family}}, date = {2020-06-02}, organization = {Fox-IT}, url = {https://blog.fox-it.com/2020/06/02/in-depth-analysis-of-the-new-team9-malware-family/}, language = {English}, urldate = {2020-06-03} } In-depth analysis of the new Team9 malware family
BazarBackdoor
2020-06-02NCC GroupNikolaos Pantazopoulos, Stefano Antenucci
@online{pantazopoulos:20200602:indepth:bc09c9f, author = {Nikolaos Pantazopoulos and Stefano Antenucci}, title = {{In-depth analysis of the new Team9 malware family}}, date = {2020-06-02}, organization = {NCC Group}, url = {https://research.nccgroup.com/2020/06/02/in-depth-analysis-of-the-new-team9-malware-family/}, language = {English}, urldate = {2020-06-03} } In-depth analysis of the new Team9 malware family
BazarBackdoor
2018-05-18NCC GroupNikolaos Pantazopoulos, Thomas Henry
@online{pantazopoulos:20180518:emissary:ed9583a, author = {Nikolaos Pantazopoulos and Thomas Henry}, title = {{Emissary Panda – A potential new malicious tool}}, date = {2018-05-18}, organization = {NCC Group}, url = {https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/may/emissary-panda-a-potential-new-malicious-tool/}, language = {English}, urldate = {2021-03-22} } Emissary Panda – A potential new malicious tool
HttpBrowser
2018-04-20NCC GroupNikolaos Pantazopoulos
@online{pantazopoulos:20180420:decoding:b4ca1d1, author = {Nikolaos Pantazopoulos}, title = {{Decoding network data from a Gh0st RAT variant}}, date = {2018-04-20}, organization = {NCC Group}, url = {https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant/}, language = {English}, urldate = {2022-10-07} } Decoding network data from a Gh0st RAT variant
Ghost RAT APT27
2018-04-17NCC GroupNikolaos Pantazopoulos
@online{pantazopoulos:20180417:decoding:7d5f713, author = {Nikolaos Pantazopoulos}, title = {{Decoding network data from a Gh0st RAT variant}}, date = {2018-04-17}, organization = {NCC Group}, url = {https://research.nccgroup.com/2018/04/17/decoding-network-data-from-a-gh0st-rat-variant/}, language = {English}, urldate = {2022-09-20} } Decoding network data from a Gh0st RAT variant
Ghost RAT APT27