Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-08-19vmwareOleg Boyarchuk, Stefano Ortolani
@online{boyarchuk:20220819:how:a43d0e2, author = {Oleg Boyarchuk and Stefano Ortolani}, title = {{How to Replicate Emotet Lateral Movement}}, date = {2022-08-19}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/08/how-to-replicate-emotet-lateral-movement.html}, language = {English}, urldate = {2022-08-31} } How to Replicate Emotet Lateral Movement
Emotet
2022-06-29vmwareStefano Ortolani, Giovanni Vigna
@online{ortolani:20220629:lateral:2da51bb, author = {Stefano Ortolani and Giovanni Vigna}, title = {{Lateral Movement in the Real World: A Quantitative Analysis}}, date = {2022-06-29}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/06/lateral-movement-in-the-real-world-a-quantitative-analysis.html}, language = {English}, urldate = {2022-08-31} } Lateral Movement in the Real World: A Quantitative Analysis
2022-05-25vmwareOleg Boyarchuk, Stefano Ortolani
@online{boyarchuk:20220525:emotet:ada82ac, author = {Oleg Boyarchuk and Stefano Ortolani}, title = {{Emotet Config Redux}}, date = {2022-05-25}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/05/emotet-config-redux.html}, language = {English}, urldate = {2022-05-29} } Emotet Config Redux
Emotet
2022-05-16vmwareOleg Boyarchuk, Stefano Ortolani, Jason Zhang, Threat Analysis Unit
@online{boyarchuk:20220516:emotet:6392ff3, author = {Oleg Boyarchuk and Stefano Ortolani and Jason Zhang and Threat Analysis Unit}, title = {{Emotet Moves to 64 bit and Updates its Loader}}, date = {2022-05-16}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/05/emotet-moves-to-64-bit-and-updates-its-loader.html}, language = {English}, urldate = {2022-05-17} } Emotet Moves to 64 bit and Updates its Loader
Emotet
2022-03-04vmwareGiovanni Vigna, Oleg Boyarchuk, Stefano Ortolani, Threat Analysis Unit
@online{vigna:20220304:hermetic:78d4550, author = {Giovanni Vigna and Oleg Boyarchuk and Stefano Ortolani and Threat Analysis Unit}, title = {{Hermetic Malware: Multi-component Threat Targeting Ukraine Organizations}}, date = {2022-03-04}, organization = {vmware}, url = {https://blogs.vmware.com/networkvirtualization/2022/03/hermetic-malware-multi-component-threat-targeting-ukraine-organizations.html/}, language = {English}, urldate = {2022-03-22} } Hermetic Malware: Multi-component Threat Targeting Ukraine Organizations
HermeticWiper
2021-11-11vmwareJason Zhang, Stefano Ortolani, Giovanni Vigna, Threat Analysis Unit
@online{zhang:20211111:research:b254ed6, author = {Jason Zhang and Stefano Ortolani and Giovanni Vigna and Threat Analysis Unit}, title = {{Research Recap: How To Automate Malware Campaign Detection With Telemetry Peak Analyzer}}, date = {2021-11-11}, organization = {vmware}, url = {https://blogs.vmware.com/security/2021/11/telemetry-peak-analyzer-an-automatic-malware-campaign-detector.html}, language = {English}, urldate = {2022-03-22} } Research Recap: How To Automate Malware Campaign Detection With Telemetry Peak Analyzer
Phorpiex QakBot
2020-06-02Lastline LabsJames Haughom, Stefano Ortolani
@online{haughom:20200602:evolution:3286d87, author = {James Haughom and Stefano Ortolani}, title = {{Evolution of Excel 4.0 Macro Weaponization}}, date = {2020-06-02}, organization = {Lastline Labs}, url = {https://www.lastline.com/labsblog/evolution-of-excel-4-0-macro-weaponization/}, language = {English}, urldate = {2020-06-03} } Evolution of Excel 4.0 Macro Weaponization
Agent Tesla DanaBot ISFB TrickBot Zloader
2020-02-18LastlineJason Zhang, Stefano Ortolani
@online{zhang:20200218:nemty:8d6340a, author = {Jason Zhang and Stefano Ortolani}, title = {{Nemty Ransomware Scaling UP: APAC Mailboxes Swarmed by Dual Downloaders}}, date = {2020-02-18}, organization = {Lastline}, url = {https://www.lastline.com/labsblog/nemty-ransomware-scaling-up-apac-mailboxes-swarmed-dual-downloaders/}, language = {English}, urldate = {2020-02-23} } Nemty Ransomware Scaling UP: APAC Mailboxes Swarmed by Dual Downloaders
Nemty Phorpiex
2019-09-30LastlineJason Zhang, Stefano Ortolani
@online{zhang:20190930:helo:559ed11, author = {Jason Zhang and Stefano Ortolani}, title = {{HELO Winnti: Attack or Scan?}}, date = {2019-09-30}, organization = {Lastline}, url = {https://www.lastline.com/labsblog/helo-winnti-attack-scan/}, language = {English}, urldate = {2019-10-23} } HELO Winnti: Attack or Scan?
Winnti
2018-05-31LastlineDavid Wells, Stefano Ortolani, Andy Norton, Luukas Larinkoski
@online{wells:20180531:apt28:2b7cdb5, author = {David Wells and Stefano Ortolani and Andy Norton and Luukas Larinkoski}, title = {{APT28 Rollercoaster: The Lowdown on Hijacked Lo}}, date = {2018-05-31}, organization = {Lastline}, url = {https://www.lastline.com/labsblog/apt28-rollercoaster-the-lowdown-on-hijacked-lojack/}, language = {English}, urldate = {2020-01-10} } APT28 Rollercoaster: The Lowdown on Hijacked Lo
2018-02-21LastlineAlexander Sevtsov, Stefano Ortolani
@online{sevtsov:20180221:olympic:6584ecb, author = {Alexander Sevtsov and Stefano Ortolani}, title = {{Olympic Destroyer: A new Candidate in South Korea}}, date = {2018-02-21}, organization = {Lastline}, url = {https://www.lastline.com/labsblog/olympic-destroyer-south-korea/}, language = {English}, urldate = {2019-10-23} } Olympic Destroyer: A new Candidate in South Korea
Olympic Destroyer