Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-20SecurityIntelligenceJohn Dwyer
@online{dwyer:20230320:when:3f1345c, author = {John Dwyer}, title = {{When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule}}, date = {2023-03-20}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/posts/defensive-considerations-lazarus-fudmodule/}, language = {English}, urldate = {2023-03-21} } When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule
FudModule
2023-02-21SecurityIntelligenceRuben Boonen
@online{boonen:20230221:direct:6f70379, author = {Ruben Boonen}, title = {{Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers}}, date = {2023-02-21}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/posts/direct-kernel-object-manipulation-attacks-etw-providers/}, language = {English}, urldate = {2023-03-21} } Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers
FudModule
2022-03-15SecurityIntelligenceChristopher Del Fierro, John Dwyer
@online{fierro:20220315:caddywiper:6504bd2, author = {Christopher Del Fierro and John Dwyer}, title = {{CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations}}, date = {2022-03-15}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/posts/caddywiper-malware-targeting-ukrainian-organizations/}, language = {English}, urldate = {2022-03-16} } CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations
CaddyWiper
2021-05-10SecurityIntelligenceLimor Kessem
@online{kessem:20210510:shedding:c49ddab, author = {Limor Kessem}, title = {{Shedding Light on the DarkSide Ransomware Attack}}, date = {2021-05-10}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/posts/darkside-oil-pipeline-ransomware-attack/}, language = {English}, urldate = {2021-05-11} } Shedding Light on the DarkSide Ransomware Attack
DarkSide
2020-07-16SecurityIntelligenceAllison Wikoff, Richard Emerson
@online{wikoff:20200716:new:f118aec, author = {Allison Wikoff and Richard Emerson}, title = {{New Research Exposes Iranian Threat Group (APT35/ITG18) Operations}}, date = {2020-07-16}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/posts/new-research-exposes-iranian-threat-group-operations/}, language = {English}, urldate = {2020-07-16} } New Research Exposes Iranian Threat Group (APT35/ITG18) Operations
2020-05-11SecurityIntelligenceNir Shwarts, Limor Kessem
@online{shwarts:20200511:zeus:81e8585, author = {Nir Shwarts and Limor Kessem}, title = {{Zeus Sphinx Back in Business: Some Core Modifications Arise}}, date = {2020-05-11}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/posts/zeus-sphinx-back-in-business-some-core-modifications-arise/}, language = {English}, urldate = {2022-09-21} } Zeus Sphinx Back in Business: Some Core Modifications Arise
Zeus Sphinx
2020-04-14SecurityIntelligenceMelissa Frydrych
@online{frydrych:20200414:ta505:9b31f77, author = {Melissa Frydrych}, title = {{TA505 Continues to Infect Networks With SDBbot RAT}}, date = {2020-04-14}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/posts/ta505-continues-to-infect-networks-with-sdbbot-rat/}, language = {English}, urldate = {2023-02-17} } TA505 Continues to Infect Networks With SDBbot RAT
SDBbot TinyMet TA505
2020-04-07SecurityIntelligenceOle Villadsen
@online{villadsen:20200407:itg08:b0b782d, author = {Ole Villadsen}, title = {{ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework}}, date = {2020-04-07}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/posts/itg08-aka-fin6-partners-with-trickbot-gang-uses-anchor-framework/}, language = {English}, urldate = {2020-04-13} } ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework
More_eggs Anchor TrickBot
2019-05-16SecurityIntelligenceLimor Kessem
@online{kessem:20190516:goznym:cb4a177, author = {Limor Kessem}, title = {{GozNym Closure Comes in the Shape of a Europol and DOJ Arrest Operation}}, date = {2019-05-16}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/posts/goznym-closure-comes-in-the-shape-of-a-europol-and-doj-arrest-operation/}, language = {English}, urldate = {2019-12-05} } GozNym Closure Comes in the Shape of a Europol and DOJ Arrest Operation
Nymaim
2019-04-04SecurityIntelligenceNir Somech, Limor Kessem
@online{somech:20190404:icedid:54ba40f, author = {Nir Somech and Limor Kessem}, title = {{IcedID Banking Trojan Spruces Up Injection Tactics to Add Stealth}}, date = {2019-04-04}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/icedid-banking-trojan-spruces-up-injection-tactics-to-add-stealth/}, language = {English}, urldate = {2020-01-08} } IcedID Banking Trojan Spruces Up Injection Tactics to Add Stealth
IcedID
2019-02-06SecurityIntelligenceItzik Chimino, Limor Kessem, Ophir Harpaz
@online{chimino:20190206:icedid:ef0caad, author = {Itzik Chimino and Limor Kessem and Ophir Harpaz}, title = {{IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites}}, date = {2019-02-06}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/icedid-operators-using-atsengine-injection-panel-to-hit-e-commerce-sites/}, language = {English}, urldate = {2020-01-08} } IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites
IcedID
2018-09-10SecurityIntelligenceShahar Tavor, Limor Kessem
@online{tavor:20180910:ibm:74fe99b, author = {Shahar Tavor and Limor Kessem}, title = {{IBM X-Force Delves Into ExoBot’s Leaked Source Code}}, date = {2018-09-10}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/ibm-x-force-delves-into-exobots-leaked-source-code/}, language = {English}, urldate = {2020-01-07} } IBM X-Force Delves Into ExoBot’s Leaked Source Code
ExoBot
2018-09-04SecurityIntelligenceLimor Kessem, Maor Wiesen
@online{kessem:20180904:camubot:d0c8b12, author = {Limor Kessem and Maor Wiesen}, title = {{CamuBot: New Financial Malware Targets Brazilian Banking Customers}}, date = {2018-09-04}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/camubot-new-financial-malware-targets-brazilian-banking-customers/}, language = {English}, urldate = {2020-01-13} } CamuBot: New Financial Malware Targets Brazilian Banking Customers
CamuBot
2018-02-15SecurityIntelligenceOphir Harpaz, Magal Baz, Limor Kessem
@online{harpaz:20180215:trickbots:2cf1b53, author = {Ophir Harpaz and Magal Baz and Limor Kessem}, title = {{TrickBot’s Cryptocurrency Hunger: Tricking the Bitcoin Out of Wallets}}, date = {2018-02-15}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/trickbots-cryptocurrency-hunger-tricking-the-bitcoin-out-of-wallets/}, language = {English}, urldate = {2020-01-06} } TrickBot’s Cryptocurrency Hunger: Tricking the Bitcoin Out of Wallets
TrickBot
2017-11-13SecurityIntelligenceLimor Kessem, Maor Wiesen, Tal Darsan, Tomer Agayev
@online{kessem:20171113:new:bb937fd, author = {Limor Kessem and Maor Wiesen and Tal Darsan and Tomer Agayev}, title = {{New Banking Trojan IcedID Discovered by IBM X-Force Research}}, date = {2017-11-13}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-force-research/}, language = {English}, urldate = {2019-11-27} } New Banking Trojan IcedID Discovered by IBM X-Force Research
IcedID IcedID Downloader
2017-11-08SecurityIntelligenceGadi Ostrovsky, Limor Kessem
@online{ostrovsky:20171108:overlay:ad4efd8, author = {Gadi Ostrovsky and Limor Kessem}, title = {{Overlay RAT Malware Uses AutoIt Scripting to Bypass Antivirus Detection}}, date = {2017-11-08}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/overlay-rat-malware-uses-autoit-scripting-to-bypass-antivirus-detection/}, language = {English}, urldate = {2019-12-10} } Overlay RAT Malware Uses AutoIt Scripting to Bypass Antivirus Detection
Overlay RAT
2017-10-11SecurityIntelligenceLimor Kessem
@online{kessem:20171011:trickbot:57ebc20, author = {Limor Kessem}, title = {{TrickBot Takes to Latin America, Continues to Expand Its Global Reach}}, date = {2017-10-11}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/trickbot-takes-to-latin-america-continues-to-expand-its-global-reach/}, language = {English}, urldate = {2020-01-08} } TrickBot Takes to Latin America, Continues to Expand Its Global Reach
2017-06-02SecurityIntelligenceMike Oppenheim, Kevin Zuk, Matan Meir, Limor Kessem
@online{oppenheim:20170602:qakbot:ffff91a, author = {Mike Oppenheim and Kevin Zuk and Matan Meir and Limor Kessem}, title = {{QakBot Banking Trojan Causes Massive Active Directory Lockouts}}, date = {2017-06-02}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/qakbot-banking-trojan-causes-massive-active-directory-lockouts/}, language = {English}, urldate = {2020-01-10} } QakBot Banking Trojan Causes Massive Active Directory Lockouts
QakBot
2017-03-28SecurityIntelligenceLimor Kessem, Ilya Kolmanovich
@online{kessem:20170328:nukebot:2b33bbb, author = {Limor Kessem and Ilya Kolmanovich}, title = {{The NukeBot Trojan, a Bruised Ego and a Surprising Source Code Leak}}, date = {2017-03-28}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/the-nukebot-trojan-a-bruised-ego-and-a-surprising-source-code-leak/}, language = {English}, urldate = {2020-01-05} } The NukeBot Trojan, a Bruised Ego and a Surprising Source Code Leak
TinyNuke
2017-03-01SecurityIntelligenceGadi Ostrovsky, Limor Kessem
@online{ostrovsky:20170301:gootkit:ab4991e, author = {Gadi Ostrovsky and Limor Kessem}, title = {{GootKit Developers Dress It Up With Web Traffic Proxy}}, date = {2017-03-01}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/gootkit-developers-dress-it-up-with-web-traffic-proxy/}, language = {English}, urldate = {2020-01-07} } GootKit Developers Dress It Up With Web Traffic Proxy
GootKit