Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-06-18SecurityScorecardRyan Sherstobitoff
@online{sherstobitoff:20210618:securityscorecard:0000641, author = {Ryan Sherstobitoff}, title = {{SecurityScorecard Finds USAID Hack Much Larger Than Initially Thought}}, date = {2021-06-18}, organization = {SecurityScorecard}, url = {https://securityscorecard.com/blog/securityscorecard-finds-usaid-hack-much-larger-than-initially-thought}, language = {English}, urldate = {2021-06-22} } SecurityScorecard Finds USAID Hack Much Larger Than Initially Thought
Cobalt Strike
2021-05-12SecurityScorecardRyan Sherstobitoff
@online{sherstobitoff:20210512:new:06b17ad, author = {Ryan Sherstobitoff}, title = {{New Evidence Supports Assessment that DarkSide Likely Responsible for Colonial Pipeline Ransomware Attack; Others Targeted}}, date = {2021-05-12}, organization = {SecurityScorecard}, url = {https://securityscorecard.com/blog/new-evidence-supports-assessment-that-darkside-likely-responsible-for-colonial-pipeline-ransomware-attack-others-targeted}, language = {English}, urldate = {2021-05-17} } New Evidence Supports Assessment that DarkSide Likely Responsible for Colonial Pipeline Ransomware Attack; Others Targeted
DarkSide DarkSide
2020-11-05McAfeeChristiaan Beek, Ryan Sherstobitoff
@online{beek:20201105:operation:ca0ac54, author = {Christiaan Beek and Ryan Sherstobitoff}, title = {{Operation North Star: Behind The Scenes}}, date = {2020-11-05}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-behind-the-scenes/}, language = {English}, urldate = {2023-07-31} } Operation North Star: Behind The Scenes
NedDnLoader Torisma
2019-10-20McAfeeJessica Saavedra-Morales, Ryan Sherstobitoff, Christiaan Beek
@online{saavedramorales:20191020:mcafee:237cd1b, author = {Jessica Saavedra-Morales and Ryan Sherstobitoff and Christiaan Beek}, title = {{McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo}}, date = {2019-10-20}, organization = {McAfee}, url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-crescendo/}, language = {English}, urldate = {2020-01-09} } McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo
REvil
2018-12-12McAfeeRyan Sherstobitoff, Asheer Malhotra
@online{sherstobitoff:20181212:operation:df0b2d2, author = {Ryan Sherstobitoff and Asheer Malhotra}, title = {{‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure}}, date = {2018-12-12}, organization = {McAfee}, url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/}, language = {English}, urldate = {2020-01-13} } ‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure
Rising Sun Lazarus Group Operation Sharpshooter
2018-12-12McAfeeRyan Sherstobitoff, Asheer Malhotra
@techreport{sherstobitoff:20181212:operation:f8b490f, author = {Ryan Sherstobitoff and Asheer Malhotra}, title = {{Operation Sharpshooter: Campaign Targets Global Defense, Critical Infrastructure}}, date = {2018-12-12}, institution = {McAfee}, url = {https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-sharpshooter.pdf}, language = {English}, urldate = {2019-12-18} } Operation Sharpshooter: Campaign Targets Global Defense, Critical Infrastructure
Rising Sun
2018-10-18McAfeeRyan Sherstobitoff, Asheer Malhotra
@techreport{sherstobitoff:20181018:operation:f7a178c, author = {Ryan Sherstobitoff and Asheer Malhotra}, title = {{‘Operation Oceansalt’ Attacks South Korea, U.S., and Canada With Source Code From Chinese Hacker Group}}, date = {2018-10-18}, institution = {McAfee}, url = {https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-oceansalt.pdf}, language = {English}, urldate = {2020-01-07} } ‘Operation Oceansalt’ Attacks South Korea, U.S., and Canada With Source Code From Chinese Hacker Group
Oceansalt APT1
2018-10-17Raj Samani, Ryan Sherstobitoff
@online{samani:20181017:operation:0b1d8ce, author = {Raj Samani and Ryan Sherstobitoff}, title = {{‘Operation Oceansalt’ Delivers Wave After Wave}}, date = {2018-10-17}, url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-oceansalt-delivers-wave-after-wave/}, language = {English}, urldate = {2019-10-17} } ‘Operation Oceansalt’ Delivers Wave After Wave
APT1
2018-05-03McAfeeRyan Sherstobitoff, Itai Liba, James Walter
@techreport{sherstobitoff:20180503:dissecting:13102f0, author = {Ryan Sherstobitoff and Itai Liba and James Walter}, title = {{Dissecting Operation Troy: Cyberespionage in South Korea}}, date = {2018-05-03}, institution = {McAfee}, url = {https://www.mcafee.com/enterprise/en-us/assets/white-papers/wp-dissecting-operation-troy.pdf}, language = {English}, urldate = {2020-01-10} } Dissecting Operation Troy: Cyberespionage in South Korea
concealment_troy http_troy Lazarus Group
2018-04-24McAfeeRyan Sherstobitoff
@online{sherstobitoff:20180424:analyzing:4383088, author = {Ryan Sherstobitoff}, title = {{Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide}}, date = {2018-04-24}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/}, language = {English}, urldate = {2023-02-27} } Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide
GhostSecret
2018-04-24McAfeeRyan Sherstobitoff, Asheer Malhotra
@online{sherstobitoff:20180424:analyzing:9aac21f, author = {Ryan Sherstobitoff and Asheer Malhotra}, title = {{Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide}}, date = {2018-04-24}, organization = {McAfee}, url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/}, language = {English}, urldate = {2020-01-10} } Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide
Lazarus Group
2018-03-08McAfeeRyan Sherstobitoff, Asheer Malhotra, Charles Crawford, Jessica Saavedra-Morales
@online{sherstobitoff:20180308:hidden:c1459ef, author = {Ryan Sherstobitoff and Asheer Malhotra and Charles Crawford and Jessica Saavedra-Morales}, title = {{Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant}}, date = {2018-03-08}, organization = {McAfee}, url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant/}, language = {English}, urldate = {2019-10-14} } Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant
Lazarus Group
2018-03-02McAfeeRyan Sherstobitoff, Jessica Saavedra-Morales, Thomas Roccia, Asheer Malhotra
@online{sherstobitoff:20180302:mcafee:979740e, author = {Ryan Sherstobitoff and Jessica Saavedra-Morales and Thomas Roccia and Asheer Malhotra}, title = {{McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups}}, date = {2018-03-02}, organization = {McAfee}, url = {https://securingtomorrow.mcafee.com/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/}, language = {English}, urldate = {2019-07-09} } McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups
Syscon
2018-03-02McAfeeRyan Sherstobitoff
@online{sherstobitoff:20180302:mcafee:fd9192f, author = {Ryan Sherstobitoff}, title = {{McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups}}, date = {2018-03-02}, organization = {McAfee}, url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/}, language = {English}, urldate = {2019-12-04} } McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups
Honeybee
2018-02-12McAfeeRyan Sherstobitoff, Asheer Malhotra, Jessica Saavedra-Morales, Thomas Roccia
@online{sherstobitoff:20180212:lazarus:0c034e1, author = {Ryan Sherstobitoff and Asheer Malhotra and Jessica Saavedra-Morales and Thomas Roccia}, title = {{Lazarus Resurfaces, Targets Global Banks and Bitcoin Users}}, date = {2018-02-12}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/lazarus-resurfaces-targets-global-banks-bitcoin-users/}, language = {English}, urldate = {2020-10-28} } Lazarus Resurfaces, Targets Global Banks and Bitcoin Users
CoreDN
2018-02-02McAfeeRyan Sherstobitoff
@online{sherstobitoff:20180202:gold:8fc5b52, author = {Ryan Sherstobitoff}, title = {{Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims’ Systems}}, date = {2018-02-02}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/}, language = {English}, urldate = {2023-01-05} } Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims’ Systems
Running RAT
2018-01-01McAfeeRyan Sherstobitoff, Itai Liba, James Walter
@techreport{sherstobitoff:20180101:dissecting:73712a7, author = {Ryan Sherstobitoff and Itai Liba and James Walter}, title = {{Dissecting Operation Troy: Cyberespionage in South Korea}}, date = {2018-01-01}, institution = {McAfee}, url = {http://www.mcafee.com/us/resources/white-papers/wp-dissecting-operation-troy.pdf}, language = {English}, urldate = {2019-10-15} } Dissecting Operation Troy: Cyberespionage in South Korea
Lazarus Group
2013McAfeeRyan Sherstobitoff, Itai Liba, James Walter
@techreport{sherstobitoff:2013:dissecting:74f9183, author = {Ryan Sherstobitoff and Itai Liba and James Walter}, title = {{Dissecting Operation Troy: Cyberespionage in South Korea}}, date = {2013}, institution = {McAfee}, url = {https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/dissecting-operation-troy.pdf}, language = {English}, urldate = {2020-01-08} } Dissecting Operation Troy: Cyberespionage in South Korea
httpdropper