Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-03-29VMWare Carbon BlackJason Zhang, Oleg Boyarchuk, Giovanni Vigna
@online{zhang:20210329:dridex:7692f65, author = {Jason Zhang and Oleg Boyarchuk and Giovanni Vigna}, title = {{Dridex Reloaded: Analysis of a New Dridex Campaign}}, date = {2021-03-29}, organization = {VMWare Carbon Black}, url = {https://blogs.vmware.com/networkvirtualization/2021/03/analysis-of-a-new-dridex-campaign.html/}, language = {English}, urldate = {2021-04-09} } Dridex Reloaded: Analysis of a New Dridex Campaign
Dridex
2021-03-25VMWare Carbon BlackThreat Analysis Unit, Baibhav Singh, Giovanni Vigna
@online{unit:20210325:memory:6fb3ce4, author = {Threat Analysis Unit and Baibhav Singh and Giovanni Vigna}, title = {{Memory Forensics for Virtualized Hosts}}, date = {2021-03-25}, organization = {VMWare Carbon Black}, url = {https://blogs.vmware.com/networkvirtualization/2021/03/memory-forensics-for-virtualized-hosts.html/?src=so_601c8a71b87d7&cid=7012H000001YsJA}, language = {English}, urldate = {2021-04-09} } Memory Forensics for Virtualized Hosts
2021-02-24VMWare Carbon BlackTakahiro Haruyama
@techreport{haruyama:20210224:knock:f4903a2, author = {Takahiro Haruyama}, title = {{Knock, knock, Neo. - Active C2 Discovery Using Protocol Emulation}}, date = {2021-02-24}, institution = {VMWare Carbon Black}, url = {https://jsac.jpcert.or.jp/archive/2021/pdf/JSAC2021_201_haruyama_jp.pdf}, language = {Japanese}, urldate = {2021-02-26} } Knock, knock, Neo. - Active C2 Discovery Using Protocol Emulation
Cobalt Strike
2020-07-24VMWare Carbon BlackAndrew Costis
@online{costis:20200724:tau:2730a2c, author = {Andrew Costis}, title = {{TAU Threat Discovery: Cryptocurrency Clipper Malware Evolves}}, date = {2020-07-24}, organization = {VMWare Carbon Black}, url = {https://www.carbonblack.com/blog/tau-threat-discovery-cryptocurrency-clipper-malware-evolves/}, language = {English}, urldate = {2020-08-05} } TAU Threat Discovery: Cryptocurrency Clipper Malware Evolves
Poulight Stealer
2020-07-08VMWare Carbon BlackBrian Baskin
@online{baskin:20200708:tau:4b05a00, author = {Brian Baskin}, title = {{TAU Threat Discovery: Conti Ransomware}}, date = {2020-07-08}, organization = {VMWare Carbon Black}, url = {https://www.carbonblack.com/blog/tau-threat-discovery-conti-ransomware/}, language = {English}, urldate = {2020-07-08} } TAU Threat Discovery: Conti Ransomware
Conti
2020-06-15VMWare Carbon BlackA C
@online{c:20200615:tau:c60e41f, author = {A C}, title = {{TAU Threat Analysis: Relations to Hakbit Ransomware}}, date = {2020-06-15}, organization = {VMWare Carbon Black}, url = {https://www.carbonblack.com/2020/06/15/tau-threat-analysis-relations-to-hakbit-ransomware/}, language = {English}, urldate = {2020-06-16} } TAU Threat Analysis: Relations to Hakbit Ransomware
Hakbit
2020-06-08VMWare Carbon BlackA C
@online{c:20200608:tau:f5b25ff, author = {A C}, title = {{TAU Threat Analysis: Hakbit Ransomware}}, date = {2020-06-08}, organization = {VMWare Carbon Black}, url = {https://www.carbonblack.com/2020/06/08/tau-threat-analysis-hakbit-ransomware/}, language = {English}, urldate = {2020-06-10} } TAU Threat Analysis: Hakbit Ransomware
Hakbit
2020-06-03VMWare Carbon BlackBrian Baskin
@online{baskin:20200603:medusa:8d92754, author = {Brian Baskin}, title = {{Medusa Locker Ransomware}}, date = {2020-06-03}, organization = {VMWare Carbon Black}, url = {https://www.carbonblack.com/2020/06/03/tau-threat-analyis-medusa-locker-ransomware/}, language = {English}, urldate = {2020-06-04} } Medusa Locker Ransomware
MedusaLocker
2020-05-28VMWare Carbon BlackTom Kellermann, Ryan Murphy
@techreport{kellermann:20200528:modern:8155ea4, author = {Tom Kellermann and Ryan Murphy}, title = {{Modern Bank Heists 3.0}}, date = {2020-05-28}, institution = {VMWare Carbon Black}, url = {https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/docs/vmwcb-report-modern-bank-heists-2020.pdf}, language = {English}, urldate = {2022-04-25} } Modern Bank Heists 3.0
Emotet
2020-05-21VMWare Carbon BlackJared Myers
@online{myers:20200521:tau:4f64594, author = {Jared Myers}, title = {{TAU Technical Report: New Attack Combines TinyPOS With Living-off-the-Land Techniques for Scraping Credit Card Data}}, date = {2020-05-21}, organization = {VMWare Carbon Black}, url = {https://www.carbonblack.com/2020/05/21/tau-technical-report-new-attack-combines-tinypos-with-living-off-the-land-techniques-for-scraping-credit-card-data/}, language = {English}, urldate = {2020-05-23} } TAU Technical Report: New Attack Combines TinyPOS With Living-off-the-Land Techniques for Scraping Credit Card Data
AbaddonPOS
2020-04-16VMWare Carbon BlackScott Knight
@online{knight:20200416:evolution:39b90c0, author = {Scott Knight}, title = {{The Evolution of Lazarus}}, date = {2020-04-16}, organization = {VMWare Carbon Black}, url = {https://www.carbonblack.com/2020/04/16/vmware-carbon-black-tau-threat-analysis-the-evolution-of-lazarus/}, language = {English}, urldate = {2020-04-17} } The Evolution of Lazarus
HOTCROISSANT Rifdoor
2020-03-26VMWare Carbon BlackScott Knight
@online{knight:20200326:dukes:df85f94, author = {Scott Knight}, title = {{The Dukes of Moscow}}, date = {2020-03-26}, organization = {VMWare Carbon Black}, url = {https://www.carbonblack.com/2020/03/26/the-dukes-of-moscow/}, language = {English}, urldate = {2020-05-18} } The Dukes of Moscow
Cobalt Strike LiteDuke MiniDuke OnionDuke PolyglotDuke PowerDuke
2020-02-12VMWare Carbon BlackRachel E. King, AC
@online{king:20200212:ryuk:720c14e, author = {Rachel E. King and AC}, title = {{Ryuk Ransomware Technical Analysis}}, date = {2020-02-12}, organization = {VMWare Carbon Black}, url = {https://www.carbonblack.com/blog/vmware-carbon-black-tau-ryuk-ransomware-technical-analysis/}, language = {English}, urldate = {2020-11-19} } Ryuk Ransomware Technical Analysis
Ryuk
2019-11-19VMWare Carbon BlackVMWare
@online{vmware:20191119:threat:a26b43b, author = {VMWare}, title = {{Threat Analysis Unit (TAU) Threat Intelligence Notification: AsyncRAT}}, date = {2019-11-19}, organization = {VMWare Carbon Black}, url = {https://blogs.vmware.com/security/2019/11/threat-analysis-unit-tau-threat-intelligence-notification-asyncrat.html}, language = {English}, urldate = {2021-11-08} } Threat Analysis Unit (TAU) Threat Intelligence Notification: AsyncRAT
AsyncRAT
2018-02-27VMWare Carbon BlackJared Myers
@online{myers:20180227:threat:11a58a0, author = {Jared Myers}, title = {{Threat Analysis: ROKRAT Malware}}, date = {2018-02-27}, organization = {VMWare Carbon Black}, url = {https://www.carbonblack.com/2018/02/27/threat-analysis-rokrat-malware/}, language = {English}, urldate = {2019-10-23} } Threat Analysis: ROKRAT Malware
RokRAT
2017-05-09VMWare Carbon BlackJared Myers
@online{myers:20170509:carbon:63860ae, author = {Jared Myers}, title = {{Carbon Black Threat Research Dissects Red Leaves Malware, Which Leverages DLL Side Loading}}, date = {2017-05-09}, organization = {VMWare Carbon Black}, url = {https://www.carbonblack.com/2017/05/09/carbon-black-threat-research-dissects-red-leaves-malware-leverages-dll-side-loading/}, language = {English}, urldate = {2020-03-11} } Carbon Black Threat Research Dissects Red Leaves Malware, Which Leverages DLL Side Loading
RedLeaves
2013-02-08VMWare Carbon BlackPatrick Morley
@online{morley:20130208:bit9:edaa56d, author = {Patrick Morley}, title = {{Bit9 and Our Customers’ Security}}, date = {2013-02-08}, organization = {VMWare Carbon Black}, url = {https://www.carbonblack.com/2013/02/08/bit9-and-our-customers-security/}, language = {English}, urldate = {2020-05-18} } Bit9 and Our Customers’ Security
APT17