Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-12-17Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20211217:ransomware:767cb9b, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{Ransomware Advisory: Log4Shell Exploitation for Initial Access & Lateral Movement}}, date = {2021-12-17}, organization = {Advanced Intelligence}, url = {https://www.advintel.io/post/ransomware-advisory-log4shell-exploitation-for-initial-access-lateral-movement}, language = {English}, urldate = {2021-12-20} } Ransomware Advisory: Log4Shell Exploitation for Initial Access & Lateral Movement
Conti
2021-11-20Advanced IntelligenceYelisey Boguslavskiy, Vitali Kremez
@online{boguslavskiy:20211120:corporate:a8b0a1c, author = {Yelisey Boguslavskiy and Vitali Kremez}, title = {{Corporate Loader "Emotet": History of "X" Project Return for Ransomware}}, date = {2021-11-20}, organization = {Advanced Intelligence}, url = {https://www.advintel.io/post/corporate-loader-emotet-history-of-x-project-return-for-ransomware}, language = {English}, urldate = {2021-11-25} } Corporate Loader "Emotet": History of "X" Project Return for Ransomware
Emotet
2021-09-29Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20210929:backup:4aebe4e, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{Backup “Removal” Solutions - From Conti Ransomware With Love}}, date = {2021-09-29}, organization = {Advanced Intelligence}, url = {https://www.advintel.io/post/backup-removal-solutions-from-conti-ransomware-with-love}, language = {English}, urldate = {2021-10-20} } Backup “Removal” Solutions - From Conti Ransomware With Love
Cobalt Strike Conti
2021-08-17Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20210817:hunting:1dc14d0, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{Hunting for Corporate Insurance Policies: Indicators of [Ransom] Exfiltration}}, date = {2021-08-17}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/hunting-for-corporate-insurance-policies-indicators-of-ransom-exfiltrations}, language = {English}, urldate = {2021-08-31} } Hunting for Corporate Insurance Policies: Indicators of [Ransom] Exfiltration
Cobalt Strike Conti
2021-08-11Advanced IntelligenceVitali Kremez
@online{kremez:20210811:secret:5c5f06c, author = {Vitali Kremez}, title = {{Secret "Backdoor" Behind Conti Ransomware Operation: Introducing Atera Agent}}, date = {2021-08-11}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/secret-backdoor-behind-conti-ransomware-operation-introducing-atera-agent}, language = {English}, urldate = {2021-08-31} } Secret "Backdoor" Behind Conti Ransomware Operation: Introducing Atera Agent
Cobalt Strike Conti
2021-08-05Twitter (@VK_intel)Vitali Kremez
@online{kremez:20210805:linux:e3796ad, author = {Vitali Kremez}, title = {{Tweet on Linux variant of BlackMatter}}, date = {2021-08-05}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1423188690126266370}, language = {English}, urldate = {2021-08-09} } Tweet on Linux variant of BlackMatter
BlackMatter
2021-07-02Twitter (@VK_intel)Vitali Kremez
@online{kremez:20210702:revil:2a1c66a, author = {Vitali Kremez}, title = {{Tweet on Revil ransomware analysis used in Kaseya attack}}, date = {2021-07-02}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1411066870350942213}, language = {English}, urldate = {2021-07-24} } Tweet on Revil ransomware analysis used in Kaseya attack
REvil
2021-06-29Twitter (@VK_intel)Vitali Kremez
@online{kremez:20210629:linux:1b5367c, author = {Vitali Kremez}, title = {{Tweet on Linux version of REvil ransomware}}, date = {2021-06-29}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1409601311092490248?s=20}, language = {English}, urldate = {2021-06-29} } Tweet on Linux version of REvil ransomware
REvil
2021-06-28Twitter (@VK_intel)Vitali Kremez
@online{kremez:20210628:elf:3036ab2, author = {Vitali Kremez}, title = {{Tweet on ELF version of REvil}}, date = {2021-06-28}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1409601311092490248}, language = {English}, urldate = {2021-06-29} } Tweet on ELF version of REvil
REvil
2021-06-16Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20210616:rise:8cfe240, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{The Rise & Demise of Multi-Million Ransomware Business Empire}}, date = {2021-06-16}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/the-rise-demise-of-multi-million-ransomware-business-empire}, language = {English}, urldate = {2021-06-21} } The Rise & Demise of Multi-Million Ransomware Business Empire
Avaddon
2021-06-08Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20210608:from:62f4d20, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{From QBot...with REvil Ransomware: Initial Attack Exposure of JBS}}, date = {2021-06-08}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/from-qbot-with-revil-ransomware-initial-attack-exposure-of-jbs}, language = {English}, urldate = {2021-06-09} } From QBot...with REvil Ransomware: Initial Attack Exposure of JBS
QakBot REvil
2021-05-14Advanced IntelligenceVitali Kremez
@online{kremez:20210514:from:958e38d, author = {Vitali Kremez}, title = {{From Dawn to "Silent Night": "DarkSide Ransomware" Initial Attack Vector Evolution}}, date = {2021-05-14}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/from-dawn-to-silent-night-darkside-ransomware-initial-attack-vector-evolution}, language = {English}, urldate = {2021-05-17} } From Dawn to "Silent Night": "DarkSide Ransomware" Initial Attack Vector Evolution
DarkSide
2021-04-17Advanced IntelligenceVitali Kremez, Al Calleo, Yelisey Boguslavskiy
@online{kremez:20210417:adversary:197fcfa, author = {Vitali Kremez and Al Calleo and Yelisey Boguslavskiy}, title = {{Adversary Dossier: Ryuk Ransomware Anatomy of an Attack in 2021}}, date = {2021-04-17}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/adversary-dossier-ryuk-ransomware-anatomy-of-an-attack-in-2021}, language = {English}, urldate = {2021-04-19} } Adversary Dossier: Ryuk Ransomware Anatomy of an Attack in 2021
Ryuk
2021-03-24Twitter (@VK_intel)Vitali Kremez
@online{kremez:20210324:revil:ae29dd2, author = {Vitali Kremez}, title = {{Tweet on REvil ransomware}}, date = {2021-03-24}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1374571480370061312?s=20}, language = {English}, urldate = {2021-03-31} } Tweet on REvil ransomware
REvil
2021-01-29Twitter (@VK_intel)Vitali Kremez
@online{kremez:20210129:analysis:7cb6acd, author = {Vitali Kremez}, title = {{Tweet on analysis of Vovalex ransomware written in DLang}}, date = {2021-01-29}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1355196321964109824}, language = {English}, urldate = {2021-02-06} } Tweet on analysis of Vovalex ransomware written in DLang
Vovalex
2021-01-07Advanced IntelligenceVitali Kremez, Brian Carter, HYAS
@online{kremez:20210107:crime:4c6f5c3, author = {Vitali Kremez and Brian Carter and HYAS}, title = {{Crime Laundering Primer: Inside Ryuk Crime (Crypto) Ledger & Risky Asian Crypto Traders}}, date = {2021-01-07}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/crime-laundering-primer-inside-ryuk-crime-crypto-ledger-risky-asian-crypto-traders}, language = {English}, urldate = {2021-01-11} } Crime Laundering Primer: Inside Ryuk Crime (Crypto) Ledger & Risky Asian Crypto Traders
Ryuk
2020-11-19Twitter (@VK_intel)Vitali Kremez
@online{kremez:20201119:trickbot:32c7d08, author = {Vitali Kremez}, title = {{Tweet on Trickbot Group pushing LIGHTBOT powershell script to gather information about AD Server}}, date = {2020-11-19}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1329511151202349057}, language = {English}, urldate = {2020-11-23} } Tweet on Trickbot Group pushing LIGHTBOT powershell script to gather information about AD Server
LightBot
2020-11-17Twitter (@VK_intel)Vitali Kremez
@online{kremez:20201117:new:2098c0a, author = {Vitali Kremez}, title = {{Tweet on a new fileless TrickBot loading method using code from MemoryModule}}, date = {2020-11-17}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1328578336021483522}, language = {English}, urldate = {2020-12-14} } Tweet on a new fileless TrickBot loading method using code from MemoryModule
TrickBot
2020-11-06Advanced IntelligenceVitali Kremez
@online{kremez:20201106:anatomy:b2ce3ae, author = {Vitali Kremez}, title = {{Anatomy of Attack: Inside BazarBackdoor to Ryuk Ransomware "one" Group via Cobalt Strike}}, date = {2020-11-06}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/anatomy-of-attack-inside-bazarbackdoor-to-ryuk-ransomware-one-group-via-cobalt-strike}, language = {English}, urldate = {2020-11-09} } Anatomy of Attack: Inside BazarBackdoor to Ryuk Ransomware "one" Group via Cobalt Strike
BazarBackdoor Cobalt Strike Ryuk
2020-10-12Advanced IntelligenceRoman Marshanski, Vitali Kremez
@online{marshanski:20201012:front:686add1, author = {Roman Marshanski and Vitali Kremez}, title = {{"Front Door" into BazarBackdoor: Stealthy Cybercrime Weapon}}, date = {2020-10-12}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/front-door-into-bazarbackdoor-stealthy-cybercrime-weapon}, language = {English}, urldate = {2020-10-13} } "Front Door" into BazarBackdoor: Stealthy Cybercrime Weapon
BazarBackdoor Cobalt Strike Ryuk