Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-15SekoiaThreat & Detection Research Team
@online{team:20220915:privateloader:d88c7b2, author = {Threat & Detection Research Team}, title = {{PrivateLoader: the loader of the prevalent ruzki PPI service}}, date = {2022-09-15}, organization = {Sekoia}, url = {https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/}, language = {English}, urldate = {2022-09-19} } PrivateLoader: the loader of the prevalent ruzki PPI service
Agent Tesla Coinminer DanaBot DCRat Eternity Stealer Glupteba Mars Stealer NetSupportManager RAT Nymaim Nymaim2 Phoenix Keylogger PrivateLoader Raccoon RedLine Stealer SmokeLoader Socelars STOP Vidar YTStealer
2022-08-29SekoiaThreat & Detection Research Team
@online{team:20220829:traffers:8b7930b, author = {Threat & Detection Research Team}, title = {{Traffers: a deep dive into the information stealer ecosystem}}, date = {2022-08-29}, organization = {Sekoia}, url = {https://blog.sekoia.io/traffers-a-deep-dive-into-the-information-stealer-ecosystem}, language = {English}, urldate = {2022-08-31} } Traffers: a deep dive into the information stealer ecosystem
MetaStealer PrivateLoader Raccoon RedLine Stealer Vidar
2022-08-12SekoiaThreat & Detection Research Team
@online{team:20220812:luckymouse:2667f45, author = {Threat & Detection Research Team}, title = {{LuckyMouse uses a backdoored Electron app to target MacOS}}, date = {2022-08-12}, organization = {Sekoia}, url = {https://blog.sekoia.io/luckymouse-uses-a-backdoored-electron-app-to-target-macos/}, language = {English}, urldate = {2022-08-18} } LuckyMouse uses a backdoored Electron app to target MacOS
HyperBro
2022-08-01Twitter (@sekoia_io)sekoia
@online{sekoia:20220801:turlas:ec60a74, author = {sekoia}, title = {{Tweet on Turla's CyberAzov activity}}, date = {2022-08-01}, organization = {Twitter (@sekoia_io)}, url = {https://twitter.com/sekoia_io/status/1554086468104196096}, language = {English}, urldate = {2022-08-02} } Tweet on Turla's CyberAzov activity
CyberAzov
2022-07-28SekoiaThreat & Detection Research Team
@techreport{team:20220728:sekoiaio:2aa9d7b, author = {Threat & Detection Research Team}, title = {{SEKOIA.IO Mid-2022 Ransomware Threat Landscape}}, date = {2022-07-28}, institution = {Sekoia}, url = {https://blog.sekoia.io/wp-content/uploads/2022/07/FLINT_2022_039___Mid_2022_Ransomware_Overview__TLP_WHITE.pdf}, language = {English}, urldate = {2022-08-18} } SEKOIA.IO Mid-2022 Ransomware Threat Landscape
2022-07-22SekoiaThreat & Detection Research Team
@online{team:20220722:calisto:c64f3a5, author = {Threat & Detection Research Team}, title = {{CALISTO continues its credential harvesting campaign}}, date = {2022-07-22}, organization = {Sekoia}, url = {https://blog.sekoia.io/calisto-continues-its-credential-harvesting-campaign}, language = {English}, urldate = {2022-08-25} } CALISTO continues its credential harvesting campaign
Callisto
2022-07-18SekoiaThreat & Detection Research Team
@online{team:20220718:ongoing:e5bd178, author = {Threat & Detection Research Team}, title = {{Ongoing Roaming Mantis smishing campaign targeting France}}, date = {2022-07-18}, organization = {Sekoia}, url = {https://blog.sekoia.io/ongoing-roaming-mantis-smishing-campaign-targeting-france/}, language = {English}, urldate = {2022-07-18} } Ongoing Roaming Mantis smishing campaign targeting France
MoqHao
2022-07-08SekoiaThreat & Detection Research Team
@online{team:20220708:vice:a611407, author = {Threat & Detection Research Team}, title = {{Vice Society: a discreet but steady double extortion ransomware group}}, date = {2022-07-08}, organization = {Sekoia}, url = {https://blog.sekoia.io/vice-society-a-discreet-but-steady-double-extortion-ransomware-group}, language = {English}, urldate = {2022-08-18} } Vice Society: a discreet but steady double extortion ransomware group
HelloKitty
2022-06-29SekoiaThreat & Detection Research Team
@online{team:20220629:raccoon:a59b65c, author = {Threat & Detection Research Team}, title = {{Raccoon Stealer v2 – Part 2: In-depth analysis}}, date = {2022-06-29}, organization = {Sekoia}, url = {https://blog.sekoia.io/raccoon-stealer-v2-part-2-in-depth-analysis/}, language = {English}, urldate = {2022-07-25} } Raccoon Stealer v2 – Part 2: In-depth analysis
Raccoon
2022-06-28SekoiaThreat & Detection Research Team
@online{team:20220628:raccoon:98accde, author = {Threat & Detection Research Team}, title = {{Raccoon Stealer v2 – Part 1: The return of the dead}}, date = {2022-06-28}, organization = {Sekoia}, url = {https://blog.sekoia.io/raccoon-stealer-v2-part-1-the-return-of-the-dead/}, language = {English}, urldate = {2022-06-30} } Raccoon Stealer v2 – Part 1: The return of the dead
Raccoon
2022-06-13SekoiaThreat & Detection Research Team
@online{team:20220613:bumblebee:0a56342, author = {Threat & Detection Research Team}, title = {{BumbleBee: a new trendy loader for Initial Access Brokers}}, date = {2022-06-13}, organization = {Sekoia}, url = {https://blog.sekoia.io/bumblebee-a-new-trendy-loader-for-initial-access-brokers/}, language = {English}, urldate = {2022-06-17} } BumbleBee: a new trendy loader for Initial Access Brokers
BumbleBee
2022-05-17SekoiaThreat & Detection Research Team
@online{team:20220517:eternityteam:daf058d, author = {Threat & Detection Research Team}, title = {{EternityTeam: a new prominent threat group on underground forums}}, date = {2022-05-17}, organization = {Sekoia}, url = {https://blog.sekoia.io/eternityteam-a-new-prominent-threat-group-on-underground-forums/}, language = {English}, urldate = {2022-05-23} } EternityTeam: a new prominent threat group on underground forums
Eternity Stealer
2022-04-07SekoiaThreat & Detection Research Team
@online{team:20220407:mars:9a72e1f, author = {Threat & Detection Research Team}, title = {{Mars, a red-hot information stealer}}, date = {2022-04-07}, organization = {Sekoia}, url = {https://blog.sekoia.io/mars-a-red-hot-information-stealer/}, language = {English}, urldate = {2022-04-08} } Mars, a red-hot information stealer
Mars Stealer
2022-02-23Sekoiasekoia
@techreport{sekoia:20220223:banana:7ca43ed, author = {sekoia}, title = {{Banana Sulfate infrastructure cluster exposed}}, date = {2022-02-23}, institution = {Sekoia}, url = {https://7095517.fs1.hubspotusercontent-na1.net/hubfs/7095517/%5BMarketing%5D%20-%20Ebook-analyse/FLINT%202022-011%20-%20Banana%20Sulfate%20infrastructure%20exposed_WHITE.pdf}, language = {English}, urldate = {2022-04-05} } Banana Sulfate infrastructure cluster exposed
2022-02-17Sekoiasekoia
@online{sekoia:20220217:story:4255cb2, author = {sekoia}, title = {{The story of a ransomware builder: from Thanos to Spook and beyond (Part 1)}}, date = {2022-02-17}, organization = {Sekoia}, url = {https://www.sekoia.io/en/the-story-of-a-ransomware-builder-from-thanos-to-spook-and-beyond-part-1/}, language = {English}, urldate = {2022-03-02} } The story of a ransomware builder: from Thanos to Spook and beyond (Part 1)
Hakbit
2022-01-06Sekoiasekoia
@online{sekoia:20220106:nobeliums:de631e8, author = {sekoia}, title = {{NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies}}, date = {2022-01-06}, organization = {Sekoia}, url = {https://www.sekoia.io/en/nobeliums-envyscout-infection-chain-goes-in-the-registry-targeting-embassies/}, language = {English}, urldate = {2022-01-10} } NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies
Cobalt Strike EnvyScout
2021-11-10SekoiaCyber Threat Intelligence team
@online{team:20211110:walking:cc41f24, author = {Cyber Threat Intelligence team}, title = {{Walking on APT31 infrastructure footprints}}, date = {2021-11-10}, organization = {Sekoia}, url = {https://www.sekoia.io/en/walking-on-apt31-infrastructure-footprints/}, language = {English}, urldate = {2021-11-11} } Walking on APT31 infrastructure footprints
Rekoobe Unidentified ELF 004 Cobalt Strike
2021-08-19Sekoiasekoia
@online{sekoia:20210819:insider:ceb84de, author = {sekoia}, title = {{An insider insights into Conti operations – Part two}}, date = {2021-08-19}, organization = {Sekoia}, url = {https://www.sekoia.io/en/an-insider-insights-into-conti-operations-part-two/}, language = {English}, urldate = {2021-09-06} } An insider insights into Conti operations – Part two
Cobalt Strike Conti
2021-08-17Sekoiasekoia
@online{sekoia:20210817:insider:3b427c7, author = {sekoia}, title = {{An insider insights into Conti operations – Part one}}, date = {2021-08-17}, organization = {Sekoia}, url = {https://www.sekoia.io/en/an-insider-insights-into-conti-operations-part-one}, language = {English}, urldate = {2021-09-06} } An insider insights into Conti operations – Part one
Cobalt Strike Conti
2021-07-08Sekoiasekoia
@techreport{sekoia:20210708:kaseya:029b682, author = {sekoia}, title = {{Kaseya: Another Massive Heist by REvil}}, date = {2021-07-08}, institution = {Sekoia}, url = {https://f.hubspotusercontent10.net/hubfs/7095517/FLINT-Kaseya-Another%20Massive%20Heist%20by%20REvil.pdf}, language = {English}, urldate = {2021-09-20} } Kaseya: Another Massive Heist by REvil
REvil