Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-30VolexityAnkur Saini, Callum Roxan, Charlie Gardner, Paul Rascagnères, Steven Adair, Thomas Lancaster
@online{saini:20230330:3cx:82b291e, author = {Ankur Saini and Callum Roxan and Charlie Gardner and Paul Rascagnères and Steven Adair and Thomas Lancaster}, title = {{3CX Supply Chain Compromise Leads to ICONIC Incident}}, date = {2023-03-30}, organization = {Volexity}, url = {https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/}, language = {English}, urldate = {2023-03-30} } 3CX Supply Chain Compromise Leads to ICONIC Incident
3CX Backdoor IconicStealer
2023-03-07VolexityPaul Rascagnères
@online{rascagnres:20230307:using:2e572ed, author = {Paul Rascagnères}, title = {{Using Memory Analysis to Detect EDR-Nullifying Malware}}, date = {2023-03-07}, organization = {Volexity}, url = {https://www.volexity.com/blog/2023/03/07/using-memory-analysis-to-detect-edr-nullifying-malware/}, language = {English}, urldate = {2023-03-20} } Using Memory Analysis to Detect EDR-Nullifying Malware
2021-12-14Kaspersky LabsPaul Rascagnères, Pierre Delcher
@online{rascagnres:20211214:owowa:4a26756, author = {Paul Rascagnères and Pierre Delcher}, title = {{Owowa: the add-on that turns your OWA into a credential stealer and remote access panel}}, date = {2021-12-14}, organization = {Kaspersky Labs}, url = {https://securelist.com/owowa-credential-stealer-and-remote-access/105219/}, language = {English}, urldate = {2021-12-17} } Owowa: the add-on that turns your OWA into a credential stealer and remote access panel
Owowa
2021-10-07KasperskyAseel Kayal, Mark Lechtik, Paul Rascagnères
@techreport{kayal:20211007:lyceum:395a41f, author = {Aseel Kayal and Mark Lechtik and Paul Rascagnères}, title = {{LYCEUM Reborn: Counterintelligence in the Middle East}}, date = {2021-10-07}, institution = {Kaspersky}, url = {https://vblocalhost.com/uploads/VB2021-Kayal-etal.pdf}, language = {English}, urldate = {2021-10-25} } LYCEUM Reborn: Counterintelligence in the Middle East
danbot LYCEUM
2021-09-30KasperskyMark Lechtik, Aseel Kayal, Paul Rascagnères, Vasily Berdnikov
@online{lechtik:20210930:ghostemperor:f7bdb63, author = {Mark Lechtik and Aseel Kayal and Paul Rascagnères and Vasily Berdnikov}, title = {{GhostEmperor: From ProxyLogon to kernel mode}}, date = {2021-09-30}, organization = {Kaspersky}, url = {https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/}, language = {English}, urldate = {2021-10-05} } GhostEmperor: From ProxyLogon to kernel mode
GhostEmperor
2021-07-14KasperskyMark Lechtik, Paul Rascagnères, Aseel Kayal
@online{lechtik:20210714:luminousmoth:a5cf19d, author = {Mark Lechtik and Paul Rascagnères and Aseel Kayal}, title = {{LuminousMoth APT: Sweeping attacks for the chosen few}}, date = {2021-07-14}, organization = {Kaspersky}, url = {https://securelist.com/apt-luminousmoth/103332/}, language = {English}, urldate = {2021-07-20} } LuminousMoth APT: Sweeping attacks for the chosen few
Cobalt Strike
2020-10-29Cisco TalosWarren Mercer, Paul Rascagnères, Vitor Ventura
@online{mercer:20201029:donots:850f31b, author = {Warren Mercer and Paul Rascagnères and Vitor Ventura}, title = {{DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread}}, date = {2020-10-29}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/10/donot-firestarter.html}, language = {English}, urldate = {2023-07-24} } DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread
KnSpy
2020-10-06TalosWarren Mercer, Paul Rascagnères, Vitor Ventura
@online{mercer:20201006:poetrat:17f845e, author = {Warren Mercer and Paul Rascagnères and Vitor Ventura}, title = {{PoetRAT: Malware targeting public and private sector in Azerbaijan evolves}}, date = {2020-10-06}, organization = {Talos}, url = {https://blog.talosintelligence.com/2020/10/poetrat-update.html}, language = {English}, urldate = {2020-10-07} } PoetRAT: Malware targeting public and private sector in Azerbaijan evolves
Poet RAT
2020-08-13Talos IntelligenceMartin Lee, Paul Rascagnères, Vitor Ventura
@online{lee:20200813:attribution:ced59ff, author = {Martin Lee and Paul Rascagnères and Vitor Ventura}, title = {{Attribution: A Puzzle}}, date = {2020-08-13}, organization = {Talos Intelligence}, url = {https://blog.talosintelligence.com/2020/08/attribution-puzzle.html}, language = {English}, urldate = {2020-08-14} } Attribution: A Puzzle
WellMail elf.wellmess AcidBox WellMess
2020-06-29Cisco TalosWarren Mercer, Paul Rascagnères, Vitor Ventura
@online{mercer:20200629:promethium:e80cd47, author = {Warren Mercer and Paul Rascagnères and Vitor Ventura}, title = {{PROMETHIUM extends global reach with StrongPity3 APT}}, date = {2020-06-29}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html}, language = {English}, urldate = {2020-06-30} } PROMETHIUM extends global reach with StrongPity3 APT
StrongPity
2020-05-19Cisco TalosWarren Mercer, Paul Rascagnères, Vitor Ventura
@online{mercer:20200519:wolf:8e65365, author = {Warren Mercer and Paul Rascagnères and Vitor Ventura}, title = {{The wolf is back...}}, date = {2020-05-19}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html}, language = {English}, urldate = {2020-05-20} } The wolf is back...
WolfRAT
2020-04-16Cisco TalosWarren Mercer, Paul Rascagnères, Vitor Ventura
@online{mercer:20200416:poetrat:ab5659a, author = {Warren Mercer and Paul Rascagnères and Vitor Ventura}, title = {{PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors}}, date = {2020-04-16}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/04/poetrat-covid-19-lures.html}, language = {English}, urldate = {2020-05-05} } PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors
Poet RAT
2020-03-05Cisco TalosWarren Mercer, Paul Rascagnères, Vitor Ventura
@online{mercer:20200305:bisonal:7885944, author = {Warren Mercer and Paul Rascagnères and Vitor Ventura}, title = {{Bisonal: 10 years of play}}, date = {2020-03-05}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/03/bisonal-10-years-of-play.html}, language = {English}, urldate = {2020-03-05} } Bisonal: 10 years of play
Korlia
2020-01-16Cisco TalosWarren Mercer, Paul Rascagnères, Vitor Ventura, Eric Kuhla
@online{mercer:20200116:jhonerat:b41f102, author = {Warren Mercer and Paul Rascagnères and Vitor Ventura and Eric Kuhla}, title = {{JhoneRAT: Cloud based python RAT targeting Middle Eastern countries}}, date = {2020-01-16}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/01/jhonerat.html}, language = {English}, urldate = {2020-01-27} } JhoneRAT: Cloud based python RAT targeting Middle Eastern countries
JhoneRAT
2019-11-07Virus BulletinWarren Mercer, Paul Rascagnères
@online{mercer:20191107:dns:cd6b2d9, author = {Warren Mercer and Paul Rascagnères}, title = {{DNS on FIre}}, date = {2019-11-07}, organization = {Virus Bulletin}, url = {https://www.youtube.com/watch?v=ws1k44ZhJ3g}, language = {English}, urldate = {2023-08-11} } DNS on FIre
DNSpionage
2019-11-07Virus BulletinWarren Mercer, Paul Rascagnères
@techreport{mercer:20191107:dns:fd516d8, author = {Warren Mercer and Paul Rascagnères}, title = {{DNS on Fire}}, date = {2019-11-07}, institution = {Virus Bulletin}, url = {https://www.virusbulletin.com/uploads/pdf/magazine/2019/VB2019-Mercer-Rascagneres.pdf}, language = {English}, urldate = {2023-08-11} } DNS on Fire
DNSpionage
2019-09-24Cisco TalosWarren Mercer, Paul Rascagnères, Jungsoo An
@online{mercer:20190924:how:ac2b53e, author = {Warren Mercer and Paul Rascagnères and Jungsoo An}, title = {{How Tortoiseshell created a fake veteran hiring website to host malware}}, date = {2019-09-24}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html}, language = {English}, urldate = {2019-12-02} } How Tortoiseshell created a fake veteran hiring website to host malware
Liderc SysKit
2019-08-27Cisco TalosPaul Rascagnères, Vanja Svajcer
@online{rascagnres:20190827:china:2d2bbb8, author = {Paul Rascagnères and Vanja Svajcer}, title = {{China Chopper still active 9 years later}}, date = {2019-08-27}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2019/08/china-chopper-still-active-9-years-later.html}, language = {English}, urldate = {2019-10-14} } China Chopper still active 9 years later
CHINACHOPPER
2019-07-09Cisco TalosPaul Rascagnères
@online{rascagnres:20190709:sea:508ca73, author = {Paul Rascagnères}, title = {{Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques}}, date = {2019-07-09}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/sea-turtle-keeps-on-swimming}, language = {English}, urldate = {2023-08-11} } Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques
2019-07-09Talos IntelligenceDanny Adamitis, Paul Rascagnères
@online{adamitis:20190709:sea:62515b8, author = {Danny Adamitis and Paul Rascagnères}, title = {{Sea Turtle Keeps on Swimming}}, date = {2019-07-09}, organization = {Talos Intelligence}, url = {https://blog.talosintelligence.com/2019/07/sea-turtle-keeps-on-swimming.html}, language = {English}, urldate = {2020-06-08} } Sea Turtle Keeps on Swimming