Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-04-21Virus BulletinKurt Natvig
@techreport{natvig:20210421:run:6b843e0, author = {Kurt Natvig}, title = {{Run Your Malicious VBA Macros Anywhere!}}, date = {2021-04-21}, institution = {Virus Bulletin}, url = {https://www.virusbulletin.com/uploads/pdf/magazine/2021/202104-run-your-malicious-vba-anywhere.pdf}, language = {English}, urldate = {2021-04-28} } Run Your Malicious VBA Macros Anywhere!
2021-01-28Youtube (Virus Bulletin)Benoît Ancel
@online{ancel:20210128:bagsu:7de60de, author = {Benoît Ancel}, title = {{The Bagsu banker case}}, date = {2021-01-28}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=EyDiIAt__dI}, language = {English}, urldate = {2021-02-01} } The Bagsu banker case
Azorult DreamBot Emotet Pony TrickBot ZeusAction
2021-01-08Youtube (Virus Bulletin)Hajime Takai, Shogo Hayashi, Rintaro Koike
@online{takai:20210108:unveiling:3080aa9, author = {Hajime Takai and Shogo Hayashi and Rintaro Koike}, title = {{Unveiling the CryptoMimic}}, date = {2021-01-08}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=8K_aG1d6dzo}, language = {English}, urldate = {2021-06-22} } Unveiling the CryptoMimic
2021-01-08Youtube (Virus Bulletin)Fumio Ozawa, Shogo Hayashi, Rintaro Koike
@online{ozawa:20210108:operation:18eec5e, author = {Fumio Ozawa and Shogo Hayashi and Rintaro Koike}, title = {{Operation LagTime IT: colourful Panda footprint}}, date = {2021-01-08}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=1WfPlgtfWnQ}, language = {English}, urldate = {2021-02-06} } Operation LagTime IT: colourful Panda footprint
Cotx RAT nccTrojan Poison Ivy Tmanger
2020-09-30Virus BulletinMatthieu Faou, Francis Labelle
@techreport{faou:20200930:xdspy:3189c15, author = {Matthieu Faou and Francis Labelle}, title = {{XDSPY: STEALING GOVERNMENT SECRETS SINCE 2011}}, date = {2020-09-30}, institution = {Virus Bulletin}, url = {https://vblocalhost.com/uploads/VB2020-Faou-Labelle.pdf}, language = {English}, urldate = {2020-10-08} } XDSPY: STEALING GOVERNMENT SECRETS SINCE 2011
XDSpy XDSpy
2020-09-22Youtube (Virus Bulletin)Ignacio Sanmillan
@online{sanmillan:20200922:ramsay:efa8b8c, author = {Ignacio Sanmillan}, title = {{Ramsay: A cyber-espionage toolkit tailored for air-gapped networks}}, date = {2020-09-22}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=SKIu4LqMrns}, language = {English}, urldate = {2020-11-19} } Ramsay: A cyber-espionage toolkit tailored for air-gapped networks
Ramsay
2020-03-11Virus BulletinGhareeb Saad, Michael Raggi
@online{saad:20200311:attribution:3efcc0a, author = {Ghareeb Saad and Michael Raggi}, title = {{Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers}}, date = {2020-03-11}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-attribution-object-using-rtf-object-dimensions-track-apt-phishing-weaponizers/}, language = {English}, urldate = {2020-03-13} } Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers
8.t Dropper
2020-03-10Virus BulletinJaeki Kim, Kyoung-Ju Kwak (郭炅周), Min-Chang Jang
@online{kim:20200310:kimsuky:f634a21, author = {Jaeki Kim and Kyoung-Ju Kwak (郭炅周) and Min-Chang Jang}, title = {{Kimsuky group: tracking the king of the spear phishing}}, date = {2020-03-10}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-kimsuky-group-tracking-king-spearphishing/}, language = {English}, urldate = {2020-09-23} } Kimsuky group: tracking the king of the spear phishing
Kimsuky MyDogs
2020-03-02Virus BulletinAlex Hinchliffe
@online{hinchliffe:20200302:pulling:35771e7, author = {Alex Hinchliffe}, title = {{Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary}}, date = {2020-03-02}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-pulling-pkplug-adversary-playbook-long-standing-espionage-activity-chinese-nation-state-adversary/}, language = {English}, urldate = {2020-03-02} } Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary
HenBox Farseer PlugX Poison Ivy
2020-02-14Virus BulletinAditya K. Sood
@online{sood:20200214:lokibot:c4e5d9d, author = {Aditya K. Sood}, title = {{LokiBot: dissecting the C&C panel deployments}}, date = {2020-02-14}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/02/lokibot-dissecting-cc-panel-deployments/}, language = {English}, urldate = {2020-02-25} } LokiBot: dissecting the C&C panel deployments
Loki Password Stealer (PWS)
2020-01-31Virus BulletinMichal Poslušný, Peter Kálnai
@online{poslun:20200131:rich:c25f156, author = {Michal Poslušný and Peter Kálnai}, title = {{Rich Headers: leveraging this mysterious artifact of the PE format}}, date = {2020-01-31}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/01/vb2019-paper-rich-headers-leveraging-mysterious-artifact-pe-format/}, language = {English}, urldate = {2020-02-03} } Rich Headers: leveraging this mysterious artifact of the PE format
Dridex Exaramel Industroyer Neutrino RCS Sathurbot
2020-01-20Virus BulletinAhnLab Security Analysis Team
@online{team:20200120:behind:edefc01, author = {AhnLab Security Analysis Team}, title = {{Behind the scenes of GandCrab’s operation}}, date = {2020-01-20}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/01/behind-scenes-gandcrabs-operation/}, language = {English}, urldate = {2020-01-20} } Behind the scenes of GandCrab’s operation
Gandcrab
2019-12-12Virus BulletinPatrick Wardle
@online{wardle:20191212:cyber:50cf0cd, author = {Patrick Wardle}, title = {{Cyber espionage in the Middle East: unravelling OSX.WindTail}}, date = {2019-12-12}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/04/vb2019-paper-cyber-espionage-middle-east-unravelling-osxwindtail/}, language = {English}, urldate = {2020-04-08} } Cyber espionage in the Middle East: unravelling OSX.WindTail
WindTail
2019-11-11Virus BulletinShusei Tomonaga, Tomoaki Tani, Hiroshi Soeda, Wataru Takahashi
@online{tomonaga:20191111:cases:ac5f1b3, author = {Shusei Tomonaga and Tomoaki Tani and Hiroshi Soeda and Wataru Takahashi}, title = {{APT cases exploiting vulnerabilities in region‑specific software}}, date = {2019-11-11}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/05/vb2019-paper-apt-cases-exploiting-vulnerabilities-regionspecific-software/}, language = {English}, urldate = {2020-05-13} } APT cases exploiting vulnerabilities in region‑specific software
NodeRAT Emdivi PlugX
2019-11Virus BulletinAlexandre Mundo Alguacil, John Fokker
@online{alguacil:201911:vb2019:a565e76, author = {Alexandre Mundo Alguacil and John Fokker}, title = {{VB2019 paper: Different ways to cook a crab: GandCrab ransomware-as-a-service (RaaS) analysed in depth}}, date = {2019-11}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2019/11/vb2019-paper-different-ways-cook-crab-gandcrab-ransomware-service-raas-analysed-indepth/}, language = {English}, urldate = {2020-01-08} } VB2019 paper: Different ways to cook a crab: GandCrab ransomware-as-a-service (RaaS) analysed in depth
Gandcrab
2019-10-23Virus BulletinJan Širmer, Luigino Camastra, Adolf Středa
@online{irmer:20191023:spoofing:369e661, author = {Jan Širmer and Luigino Camastra and Adolf Středa}, title = {{Spoofing in the reeds with Rietspoof}}, date = {2019-10-23}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/01/vb2019-paper-spoofing-reeds-rietspoof/}, language = {English}, urldate = {2020-01-27} } Spoofing in the reeds with Rietspoof
Rietspoof
2019-10-04Virus BulletinJaeki Kim, Kyoung-ju Kwak, Min-Chang Jang
@techreport{kim:20191004:kimsuky:5780914, author = {Jaeki Kim and Kyoung-ju Kwak and Min-Chang Jang}, title = {{Kimsuky group: tracking the king of the spear-phishing}}, date = {2019-10-04}, institution = {Virus Bulletin}, url = {https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-Kim.pdf}, language = {English}, urldate = {2020-09-23} } Kimsuky group: tracking the king of the spear-phishing
Kimsuky
2019-10-02Virus BulletinAseel Kayal, Lotem Finkelstein
@online{kayal:20191002:domestic:f400298, author = {Aseel Kayal and Lotem Finkelstein}, title = {{Domestic Kitten: an Iranian surveillance program}}, date = {2019-10-02}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/conference/vb2019/abstracts/domestic-kitten-iranian-surveillance-program}, language = {English}, urldate = {2021-02-09} } Domestic Kitten: an Iranian surveillance program
FurBall
2019-10-02Virus BulletinDaniel Lunghi, Jaromír Hořejší
@techreport{lunghi:20191002:abusing:3c9a1b7, author = {Daniel Lunghi and Jaromír Hořejší}, title = {{Abusing third-party cloud services in targeted attacks}}, date = {2019-10-02}, institution = {Virus Bulletin}, url = {https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-LunghiHorejsi.pdf}, language = {English}, urldate = {2020-01-13} } Abusing third-party cloud services in targeted attacks
BadNews SLUB
2019-10Virus BulletinSebastian García, María José Erquiaga, Anna Shirokova
@online{garca:201910:geost:fb6829c, author = {Sebastian García and María José Erquiaga and Anna Shirokova}, title = {{Geost botnet. The story of the discovery of a new Android banking trojan from an OpSec error}}, date = {2019-10}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2019/10/vb2019-paper-geost-botnet-story-discovery-new-android-banking-trojan-opsec-error/}, language = {English}, urldate = {2020-12-08} } Geost botnet. The story of the discovery of a new Android banking trojan from an OpSec error
Geost