Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-10-24Youtube (Virus Bulletin)Axelle Apvrille
@online{apvrille:20221024:hunting:8eeb90d, author = {Axelle Apvrille}, title = {{Hunting the AndroidBianLian botnet}}, date = {2022-10-24}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=DPFcvSy4OZk}, language = {English}, urldate = {2022-11-11} } Hunting the AndroidBianLian botnet
BianLian
2022-10-24Youtube (Virus Bulletin)Alexander Adamov
@online{adamov:20221024:russian:97d3e2a, author = {Alexander Adamov}, title = {{Russian wipers in the cyberwar against Ukraine}}, date = {2022-10-24}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=mrTdSdMMgnk}, language = {English}, urldate = {2023-03-20} } Russian wipers in the cyberwar against Ukraine
AcidRain CaddyWiper DesertBlade DoubleZero EternalPetya HermeticWiper HermeticWizard INDUSTROYER2 IsaacWiper KillDisk PartyTicket WhisperGate
2022-09-30Virus BulletinPeter Kálnai, Matěj Havránek
@techreport{klnai:20220930:lazarus:efbd75d, author = {Peter Kálnai and Matěj Havránek}, title = {{Lazarus & BYOVD: evil to the Windows core}}, date = {2022-09-30}, institution = {Virus Bulletin}, url = {https://www.virusbulletin.com/uploads/pdf/conference/vb2022/papers/VB2022-Lazarus-and-BYOVD-evil-to-the-Windows-core.pdf}, language = {English}, urldate = {2023-07-11} } Lazarus & BYOVD: evil to the Windows core
FudModule
2022-09-19Virus BulletinTakahiro Haruyama
@techreport{haruyama:20220919:tracking:bffa146, author = {Takahiro Haruyama}, title = {{Tracking the entire iceberg - long-term APT malware C2 protocol emulation and scanning}}, date = {2022-09-19}, institution = {Virus Bulletin}, url = {https://www.virusbulletin.com/uploads/pdf/conference/vb2022/papers/VB2022-Tracking-the-entire-iceberg-long-term-APT-malware-C2-protocol-emulation-and-scanning.pdf}, language = {English}, urldate = {2022-11-01} } Tracking the entire iceberg - long-term APT malware C2 protocol emulation and scanning
ShadowPad Winnti
2021-11-04Youtube (Virus Bulletin)Yi-Jhen Hsieh, Joey Chen
@online{hsieh:20211104:shadowpad:8dbd5c7, author = {Yi-Jhen Hsieh and Joey Chen}, title = {{ShadowPad: the masterpiece of privately sold malware in Chinese espionage}}, date = {2021-11-04}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=r1zAVX_HnJg}, language = {English}, urldate = {2022-08-08} } ShadowPad: the masterpiece of privately sold malware in Chinese espionage
PlugX ShadowPad
2021-10-08Virus BulletinSeongsu Park
@techreport{park:20211008:multiuniverse:87fc078, author = {Seongsu Park}, title = {{Multi-universe of adversary: multiple campaigns of the Lazarus group and their connections}}, date = {2021-10-08}, institution = {Virus Bulletin}, url = {https://vblocalhost.com/uploads/VB2021-Park.pdf}, language = {English}, urldate = {2023-07-24} } Multi-universe of adversary: multiple campaigns of the Lazarus group and their connections
Dacls AppleJeus AppleJeus Bankshot BookCodes RAT Dacls DRATzarus LCPDot LPEClient
2021-10-07Virus BulletinTaewoo Lee, Dongwook Kim, Byeongjae Kim
@techreport{lee:20211007:operation:0e74d68, author = {Taewoo Lee and Dongwook Kim and Byeongjae Kim}, title = {{Operation Bookcodes – targeting South Korea}}, date = {2021-10-07}, institution = {Virus Bulletin}, url = {https://vblocalhost.com/uploads/VB2021-Lee-etal.pdf}, language = {English}, urldate = {2023-07-24} } Operation Bookcodes – targeting South Korea
BookCodes RAT LPEClient
2021-04-21Virus BulletinKurt Natvig
@techreport{natvig:20210421:run:6b843e0, author = {Kurt Natvig}, title = {{Run Your Malicious VBA Macros Anywhere!}}, date = {2021-04-21}, institution = {Virus Bulletin}, url = {https://www.virusbulletin.com/uploads/pdf/magazine/2021/202104-run-your-malicious-vba-anywhere.pdf}, language = {English}, urldate = {2021-04-28} } Run Your Malicious VBA Macros Anywhere!
2021-01-28Youtube (Virus Bulletin)Benoît Ancel
@online{ancel:20210128:bagsu:7de60de, author = {Benoît Ancel}, title = {{The Bagsu banker case}}, date = {2021-01-28}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=EyDiIAt__dI}, language = {English}, urldate = {2021-02-01} } The Bagsu banker case
Azorult DreamBot Emotet Pony TrickBot ZeusAction
2021-01-08Youtube (Virus Bulletin)Hajime Takai, Shogo Hayashi, Rintaro Koike
@online{takai:20210108:unveiling:3080aa9, author = {Hajime Takai and Shogo Hayashi and Rintaro Koike}, title = {{Unveiling the CryptoMimic}}, date = {2021-01-08}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=8K_aG1d6dzo}, language = {English}, urldate = {2021-06-22} } Unveiling the CryptoMimic
2021-01-08Youtube (Virus Bulletin)Fumio Ozawa, Shogo Hayashi, Rintaro Koike
@online{ozawa:20210108:operation:18eec5e, author = {Fumio Ozawa and Shogo Hayashi and Rintaro Koike}, title = {{Operation LagTime IT: colourful Panda footprint}}, date = {2021-01-08}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=1WfPlgtfWnQ}, language = {English}, urldate = {2021-02-06} } Operation LagTime IT: colourful Panda footprint
Cotx RAT nccTrojan Poison Ivy Tmanger TA428
2020-09-30Virus BulletinMatthieu Faou, Francis Labelle
@techreport{faou:20200930:xdspy:3189c15, author = {Matthieu Faou and Francis Labelle}, title = {{XDSPY: STEALING GOVERNMENT SECRETS SINCE 2011}}, date = {2020-09-30}, institution = {Virus Bulletin}, url = {https://vblocalhost.com/uploads/VB2020-Faou-Labelle.pdf}, language = {English}, urldate = {2020-10-08} } XDSPY: STEALING GOVERNMENT SECRETS SINCE 2011
XDSpy XDSpy
2020-09-30Youtube (Virus Bulletin)Hossein Jazi, Jérôme Segura
@online{jazi:20200930:evasive:0a411f9, author = {Hossein Jazi and Jérôme Segura}, title = {{Evasive Panda}}, date = {2020-09-30}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=LeKi0KfzOow&list=PLffioUnqXWkdzWcZXH-bzPVgcs2R4r7iS&index=1&t=2154s}, language = {English}, urldate = {2022-07-25} } Evasive Panda
MgBot BRONZE HIGHLAND
2020-09-22Youtube (Virus Bulletin)Ignacio Sanmillan
@online{sanmillan:20200922:ramsay:efa8b8c, author = {Ignacio Sanmillan}, title = {{Ramsay: A cyber-espionage toolkit tailored for air-gapped networks}}, date = {2020-09-22}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=SKIu4LqMrns}, language = {English}, urldate = {2020-11-19} } Ramsay: A cyber-espionage toolkit tailored for air-gapped networks
Ramsay
2020-03-11Virus BulletinGhareeb Saad, Michael Raggi
@online{saad:20200311:attribution:3efcc0a, author = {Ghareeb Saad and Michael Raggi}, title = {{Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers}}, date = {2020-03-11}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-attribution-object-using-rtf-object-dimensions-track-apt-phishing-weaponizers/}, language = {English}, urldate = {2020-03-13} } Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers
8.t Dropper
2020-03-10Virus BulletinJaeki Kim, Kyoung-Ju Kwak (郭炅周), Min-Chang Jang
@online{kim:20200310:kimsuky:f634a21, author = {Jaeki Kim and Kyoung-Ju Kwak (郭炅周) and Min-Chang Jang}, title = {{Kimsuky group: tracking the king of the spear phishing}}, date = {2020-03-10}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-kimsuky-group-tracking-king-spearphishing/}, language = {English}, urldate = {2020-09-23} } Kimsuky group: tracking the king of the spear phishing
Kimsuky MyDogs
2020-03-02Virus BulletinAlex Hinchliffe
@online{hinchliffe:20200302:pulling:35771e7, author = {Alex Hinchliffe}, title = {{Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary}}, date = {2020-03-02}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-pulling-pkplug-adversary-playbook-long-standing-espionage-activity-chinese-nation-state-adversary/}, language = {English}, urldate = {2020-03-02} } Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary
HenBox Farseer PlugX Poison Ivy
2020-02-14Virus BulletinAditya K. Sood
@online{sood:20200214:lokibot:c4e5d9d, author = {Aditya K. Sood}, title = {{LokiBot: dissecting the C&C panel deployments}}, date = {2020-02-14}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/02/lokibot-dissecting-cc-panel-deployments/}, language = {English}, urldate = {2020-02-25} } LokiBot: dissecting the C&C panel deployments
Loki Password Stealer (PWS)
2020-01-31Virus BulletinMichal Poslušný, Peter Kálnai
@online{poslun:20200131:rich:c25f156, author = {Michal Poslušný and Peter Kálnai}, title = {{Rich Headers: leveraging this mysterious artifact of the PE format}}, date = {2020-01-31}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/01/vb2019-paper-rich-headers-leveraging-mysterious-artifact-pe-format/}, language = {English}, urldate = {2020-02-03} } Rich Headers: leveraging this mysterious artifact of the PE format
Dridex Exaramel Industroyer Neutrino RCS Sathurbot
2020-01-20Virus BulletinAhnLab Security Analysis Team
@online{team:20200120:behind:edefc01, author = {AhnLab Security Analysis Team}, title = {{Behind the scenes of GandCrab’s operation}}, date = {2020-01-20}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/01/behind-scenes-gandcrabs-operation/}, language = {English}, urldate = {2020-01-20} } Behind the scenes of GandCrab’s operation
Gandcrab