Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-10-24Youtube (Virus Bulletin)Axelle Apvrille
@online{apvrille:20221024:hunting:8eeb90d, author = {Axelle Apvrille}, title = {{Hunting the AndroidBianLian botnet}}, date = {2022-10-24}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=DPFcvSy4OZk}, language = {English}, urldate = {2022-11-11} } Hunting the AndroidBianLian botnet
BianLian
2022-09-19Virus BulletinTakahiro Haruyama
@techreport{haruyama:20220919:tracking:bffa146, author = {Takahiro Haruyama}, title = {{Tracking the entire iceberg - long-term APT malware C2 protocol emulation and scanning}}, date = {2022-09-19}, institution = {Virus Bulletin}, url = {https://www.virusbulletin.com/uploads/pdf/conference/vb2022/papers/VB2022-Tracking-the-entire-iceberg-long-term-APT-malware-C2-protocol-emulation-and-scanning.pdf}, language = {English}, urldate = {2022-11-01} } Tracking the entire iceberg - long-term APT malware C2 protocol emulation and scanning
ShadowPad Winnti
2021-11-04Youtube (Virus Bulletin)Yi-Jhen Hsieh, Joey Chen
@online{hsieh:20211104:shadowpad:8dbd5c7, author = {Yi-Jhen Hsieh and Joey Chen}, title = {{ShadowPad: the masterpiece of privately sold malware in Chinese espionage}}, date = {2021-11-04}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=r1zAVX_HnJg}, language = {English}, urldate = {2022-08-08} } ShadowPad: the masterpiece of privately sold malware in Chinese espionage
PlugX ShadowPad
2021-04-21Virus BulletinKurt Natvig
@techreport{natvig:20210421:run:6b843e0, author = {Kurt Natvig}, title = {{Run Your Malicious VBA Macros Anywhere!}}, date = {2021-04-21}, institution = {Virus Bulletin}, url = {https://www.virusbulletin.com/uploads/pdf/magazine/2021/202104-run-your-malicious-vba-anywhere.pdf}, language = {English}, urldate = {2021-04-28} } Run Your Malicious VBA Macros Anywhere!
2021-01-28Youtube (Virus Bulletin)Benoît Ancel
@online{ancel:20210128:bagsu:7de60de, author = {Benoît Ancel}, title = {{The Bagsu banker case}}, date = {2021-01-28}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=EyDiIAt__dI}, language = {English}, urldate = {2021-02-01} } The Bagsu banker case
Azorult DreamBot Emotet Pony TrickBot ZeusAction
2021-01-08Youtube (Virus Bulletin)Hajime Takai, Shogo Hayashi, Rintaro Koike
@online{takai:20210108:unveiling:3080aa9, author = {Hajime Takai and Shogo Hayashi and Rintaro Koike}, title = {{Unveiling the CryptoMimic}}, date = {2021-01-08}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=8K_aG1d6dzo}, language = {English}, urldate = {2021-06-22} } Unveiling the CryptoMimic
2021-01-08Youtube (Virus Bulletin)Fumio Ozawa, Shogo Hayashi, Rintaro Koike
@online{ozawa:20210108:operation:18eec5e, author = {Fumio Ozawa and Shogo Hayashi and Rintaro Koike}, title = {{Operation LagTime IT: colourful Panda footprint}}, date = {2021-01-08}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=1WfPlgtfWnQ}, language = {English}, urldate = {2021-02-06} } Operation LagTime IT: colourful Panda footprint
Cotx RAT nccTrojan Poison Ivy Tmanger TA428
2020-09-30Virus BulletinMatthieu Faou, Francis Labelle
@techreport{faou:20200930:xdspy:3189c15, author = {Matthieu Faou and Francis Labelle}, title = {{XDSPY: STEALING GOVERNMENT SECRETS SINCE 2011}}, date = {2020-09-30}, institution = {Virus Bulletin}, url = {https://vblocalhost.com/uploads/VB2020-Faou-Labelle.pdf}, language = {English}, urldate = {2020-10-08} } XDSPY: STEALING GOVERNMENT SECRETS SINCE 2011
XDSpy XDSpy
2020-09-30Youtube (Virus Bulletin)Hossein Jazi, Jérôme Segura
@online{jazi:20200930:evasive:0a411f9, author = {Hossein Jazi and Jérôme Segura}, title = {{Evasive Panda}}, date = {2020-09-30}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=LeKi0KfzOow&list=PLffioUnqXWkdzWcZXH-bzPVgcs2R4r7iS&index=1&t=2154s}, language = {English}, urldate = {2022-07-25} } Evasive Panda
MgBot BRONZE HIGHLAND
2020-09-22Youtube (Virus Bulletin)Ignacio Sanmillan
@online{sanmillan:20200922:ramsay:efa8b8c, author = {Ignacio Sanmillan}, title = {{Ramsay: A cyber-espionage toolkit tailored for air-gapped networks}}, date = {2020-09-22}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=SKIu4LqMrns}, language = {English}, urldate = {2020-11-19} } Ramsay: A cyber-espionage toolkit tailored for air-gapped networks
Ramsay
2020-03-11Virus BulletinGhareeb Saad, Michael Raggi
@online{saad:20200311:attribution:3efcc0a, author = {Ghareeb Saad and Michael Raggi}, title = {{Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers}}, date = {2020-03-11}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-attribution-object-using-rtf-object-dimensions-track-apt-phishing-weaponizers/}, language = {English}, urldate = {2020-03-13} } Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers
8.t Dropper
2020-03-10Virus BulletinJaeki Kim, Kyoung-Ju Kwak (郭炅周), Min-Chang Jang
@online{kim:20200310:kimsuky:f634a21, author = {Jaeki Kim and Kyoung-Ju Kwak (郭炅周) and Min-Chang Jang}, title = {{Kimsuky group: tracking the king of the spear phishing}}, date = {2020-03-10}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-kimsuky-group-tracking-king-spearphishing/}, language = {English}, urldate = {2020-09-23} } Kimsuky group: tracking the king of the spear phishing
Kimsuky MyDogs
2020-03-02Virus BulletinAlex Hinchliffe
@online{hinchliffe:20200302:pulling:35771e7, author = {Alex Hinchliffe}, title = {{Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary}}, date = {2020-03-02}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-pulling-pkplug-adversary-playbook-long-standing-espionage-activity-chinese-nation-state-adversary/}, language = {English}, urldate = {2020-03-02} } Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary
HenBox Farseer PlugX Poison Ivy
2020-02-14Virus BulletinAditya K. Sood
@online{sood:20200214:lokibot:c4e5d9d, author = {Aditya K. Sood}, title = {{LokiBot: dissecting the C&C panel deployments}}, date = {2020-02-14}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/02/lokibot-dissecting-cc-panel-deployments/}, language = {English}, urldate = {2020-02-25} } LokiBot: dissecting the C&C panel deployments
Loki Password Stealer (PWS)
2020-01-31Virus BulletinMichal Poslušný, Peter Kálnai
@online{poslun:20200131:rich:c25f156, author = {Michal Poslušný and Peter Kálnai}, title = {{Rich Headers: leveraging this mysterious artifact of the PE format}}, date = {2020-01-31}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/01/vb2019-paper-rich-headers-leveraging-mysterious-artifact-pe-format/}, language = {English}, urldate = {2020-02-03} } Rich Headers: leveraging this mysterious artifact of the PE format
Dridex Exaramel Industroyer Neutrino RCS Sathurbot
2020-01-20Virus BulletinAhnLab Security Analysis Team
@online{team:20200120:behind:edefc01, author = {AhnLab Security Analysis Team}, title = {{Behind the scenes of GandCrab’s operation}}, date = {2020-01-20}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/01/behind-scenes-gandcrabs-operation/}, language = {English}, urldate = {2020-01-20} } Behind the scenes of GandCrab’s operation
Gandcrab
2019-12-12Virus BulletinPatrick Wardle
@online{wardle:20191212:cyber:50cf0cd, author = {Patrick Wardle}, title = {{Cyber espionage in the Middle East: unravelling OSX.WindTail}}, date = {2019-12-12}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/04/vb2019-paper-cyber-espionage-middle-east-unravelling-osxwindtail/}, language = {English}, urldate = {2020-04-08} } Cyber espionage in the Middle East: unravelling OSX.WindTail
WindTail
2019-11-11Virus BulletinShusei Tomonaga, Tomoaki Tani, Hiroshi Soeda, Wataru Takahashi
@online{tomonaga:20191111:cases:ac5f1b3, author = {Shusei Tomonaga and Tomoaki Tani and Hiroshi Soeda and Wataru Takahashi}, title = {{APT cases exploiting vulnerabilities in region‑specific software}}, date = {2019-11-11}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/05/vb2019-paper-apt-cases-exploiting-vulnerabilities-regionspecific-software/}, language = {English}, urldate = {2020-05-13} } APT cases exploiting vulnerabilities in region‑specific software
NodeRAT Emdivi PlugX
2019-11Virus BulletinAlexandre Mundo Alguacil, John Fokker
@online{alguacil:201911:vb2019:a565e76, author = {Alexandre Mundo Alguacil and John Fokker}, title = {{VB2019 paper: Different ways to cook a crab: GandCrab ransomware-as-a-service (RaaS) analysed in depth}}, date = {2019-11}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2019/11/vb2019-paper-different-ways-cook-crab-gandcrab-ransomware-service-raas-analysed-indepth/}, language = {English}, urldate = {2020-01-08} } VB2019 paper: Different ways to cook a crab: GandCrab ransomware-as-a-service (RaaS) analysed in depth
Gandcrab
2019-10-23Virus BulletinJan Širmer, Luigino Camastra, Adolf Středa
@online{irmer:20191023:spoofing:369e661, author = {Jan Širmer and Luigino Camastra and Adolf Středa}, title = {{Spoofing in the reeds with Rietspoof}}, date = {2019-10-23}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/01/vb2019-paper-spoofing-reeds-rietspoof/}, language = {English}, urldate = {2020-01-27} } Spoofing in the reeds with Rietspoof
Rietspoof