Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-07AdvIntelVitali Kremez, Marley Smith, Yelisey Boguslavskiy
@online{kremez:20220607:blackcat:3dc977e, author = {Vitali Kremez and Marley Smith and Yelisey Boguslavskiy}, title = {{BlackCat — In a Shifting Threat Landscape, It Helps to Land on Your Feet: Tech Dive}}, date = {2022-06-07}, organization = {AdvIntel}, url = {https://www.advintel.io/post/blackcat-in-a-shifting-threat-landscape-it-helps-to-land-on-your-feet-tech-dive}, language = {English}, urldate = {2022-06-08} } BlackCat — In a Shifting Threat Landscape, It Helps to Land on Your Feet: Tech Dive
BlackCat BlackCat Cobalt Strike
2022-05-20AdvIntelYelisey Boguslavskiy, Vitali Kremez, Marley Smith
@online{boguslavskiy:20220520:discontinued:de13f97, author = {Yelisey Boguslavskiy and Vitali Kremez and Marley Smith}, title = {{DisCONTInued: The End of Conti’s Brand Marks New Chapter For Cybercrime Landscape}}, date = {2022-05-20}, organization = {AdvIntel}, url = {https://www.advintel.io/post/discontinued-the-end-of-conti-s-brand-marks-new-chapter-for-cybercrime-landscape}, language = {English}, urldate = {2022-05-25} } DisCONTInued: The End of Conti’s Brand Marks New Chapter For Cybercrime Landscape
AvosLocker Black Basta BlackByte BlackCat Conti HelloKitty Hive
2022-05-17Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20220517:hydra:16615d9, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{Hydra with Three Heads: BlackByte & The Future of Ransomware Subsidiary Groups}}, date = {2022-05-17}, organization = {Advanced Intelligence}, url = {https://www.advintel.io/post/hydra-with-three-heads-blackbyte-the-future-of-ransomware-subsidiary-groups}, language = {English}, urldate = {2022-05-25} } Hydra with Three Heads: BlackByte & The Future of Ransomware Subsidiary Groups
BlackByte Conti
2022-05-01Github (k-vitali)Vitali Kremez
@online{kremez:20220501:revil:6146a35, author = {Vitali Kremez}, title = {{REvil Reborn Ransom Config}}, date = {2022-05-01}, organization = {Github (k-vitali)}, url = {https://raw.githubusercontent.com/k-vitali/Malware-Misc-RE/master/2022-05-01-revil-reborn-ransom.vk.cfg.txt}, language = {English}, urldate = {2022-05-04} } REvil Reborn Ransom Config
REvil
2022-04-18AdvIntelVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20220418:enter:2f9b689, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{Enter KaraKurt: Data Extortion Arm of Prolific Ransomware Group}}, date = {2022-04-18}, organization = {AdvIntel}, url = {https://www.advintel.io/post/enter-karakurt-data-extortion-arm-of-prolific-ransomware-group}, language = {English}, urldate = {2022-05-17} } Enter KaraKurt: Data Extortion Arm of Prolific Ransomware Group
AvosLocker BazarBackdoor BlackByte BlackCat Cobalt Strike HelloKitty Hive
2022-02-23AdvIntelVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20220223:24:59b3a28, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{24 Hours From Log4Shell to Local Admin: Deep-Dive Into Conti Gang Attack on Fortune 500 (DFIR)}}, date = {2022-02-23}, organization = {AdvIntel}, url = {https://www.advintel.io/post/24-hours-from-log4shell-to-local-admin-deep-dive-into-conti-gang-attack-on-fortune-500-dfir}, language = {English}, urldate = {2022-03-01} } 24 Hours From Log4Shell to Local Admin: Deep-Dive Into Conti Gang Attack on Fortune 500 (DFIR)
Cobalt Strike Conti
2021-12-17Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20211217:ransomware:767cb9b, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{Ransomware Advisory: Log4Shell Exploitation for Initial Access & Lateral Movement}}, date = {2021-12-17}, organization = {Advanced Intelligence}, url = {https://www.advintel.io/post/ransomware-advisory-log4shell-exploitation-for-initial-access-lateral-movement}, language = {English}, urldate = {2021-12-20} } Ransomware Advisory: Log4Shell Exploitation for Initial Access & Lateral Movement
Conti
2021-11-20Advanced IntelligenceYelisey Boguslavskiy, Vitali Kremez
@online{boguslavskiy:20211120:corporate:a8b0a1c, author = {Yelisey Boguslavskiy and Vitali Kremez}, title = {{Corporate Loader "Emotet": History of "X" Project Return for Ransomware}}, date = {2021-11-20}, organization = {Advanced Intelligence}, url = {https://www.advintel.io/post/corporate-loader-emotet-history-of-x-project-return-for-ransomware}, language = {English}, urldate = {2021-11-25} } Corporate Loader "Emotet": History of "X" Project Return for Ransomware
Emotet
2021-09-29Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20210929:backup:4aebe4e, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{Backup “Removal” Solutions - From Conti Ransomware With Love}}, date = {2021-09-29}, organization = {Advanced Intelligence}, url = {https://www.advintel.io/post/backup-removal-solutions-from-conti-ransomware-with-love}, language = {English}, urldate = {2021-10-20} } Backup “Removal” Solutions - From Conti Ransomware With Love
Cobalt Strike Conti
2021-08-17Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20210817:hunting:1dc14d0, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{Hunting for Corporate Insurance Policies: Indicators of [Ransom] Exfiltration}}, date = {2021-08-17}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/hunting-for-corporate-insurance-policies-indicators-of-ransom-exfiltrations}, language = {English}, urldate = {2021-08-31} } Hunting for Corporate Insurance Policies: Indicators of [Ransom] Exfiltration
Cobalt Strike Conti
2021-08-11Advanced IntelligenceVitali Kremez
@online{kremez:20210811:secret:5c5f06c, author = {Vitali Kremez}, title = {{Secret "Backdoor" Behind Conti Ransomware Operation: Introducing Atera Agent}}, date = {2021-08-11}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/secret-backdoor-behind-conti-ransomware-operation-introducing-atera-agent}, language = {English}, urldate = {2021-08-31} } Secret "Backdoor" Behind Conti Ransomware Operation: Introducing Atera Agent
Cobalt Strike Conti
2021-08-05Twitter (@VK_intel)Vitali Kremez
@online{kremez:20210805:linux:e3796ad, author = {Vitali Kremez}, title = {{Tweet on Linux variant of BlackMatter}}, date = {2021-08-05}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1423188690126266370}, language = {English}, urldate = {2021-08-09} } Tweet on Linux variant of BlackMatter
BlackMatter
2021-07-02Twitter (@VK_intel)Vitali Kremez
@online{kremez:20210702:revil:2a1c66a, author = {Vitali Kremez}, title = {{Tweet on Revil ransomware analysis used in Kaseya attack}}, date = {2021-07-02}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1411066870350942213}, language = {English}, urldate = {2021-07-24} } Tweet on Revil ransomware analysis used in Kaseya attack
REvil
2021-06-29Twitter (@VK_intel)Vitali Kremez
@online{kremez:20210629:linux:1b5367c, author = {Vitali Kremez}, title = {{Tweet on Linux version of REvil ransomware}}, date = {2021-06-29}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1409601311092490248?s=20}, language = {English}, urldate = {2021-06-29} } Tweet on Linux version of REvil ransomware
REvil
2021-06-28Twitter (@VK_intel)Vitali Kremez
@online{kremez:20210628:elf:3036ab2, author = {Vitali Kremez}, title = {{Tweet on ELF version of REvil}}, date = {2021-06-28}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1409601311092490248}, language = {English}, urldate = {2021-06-29} } Tweet on ELF version of REvil
REvil
2021-06-16Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20210616:rise:8cfe240, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{The Rise & Demise of Multi-Million Ransomware Business Empire}}, date = {2021-06-16}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/the-rise-demise-of-multi-million-ransomware-business-empire}, language = {English}, urldate = {2021-06-21} } The Rise & Demise of Multi-Million Ransomware Business Empire
Avaddon
2021-06-08Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20210608:from:62f4d20, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{From QBot...with REvil Ransomware: Initial Attack Exposure of JBS}}, date = {2021-06-08}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/from-qbot-with-revil-ransomware-initial-attack-exposure-of-jbs}, language = {English}, urldate = {2021-06-09} } From QBot...with REvil Ransomware: Initial Attack Exposure of JBS
QakBot REvil
2021-05-14Advanced IntelligenceVitali Kremez
@online{kremez:20210514:from:958e38d, author = {Vitali Kremez}, title = {{From Dawn to "Silent Night": "DarkSide Ransomware" Initial Attack Vector Evolution}}, date = {2021-05-14}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/from-dawn-to-silent-night-darkside-ransomware-initial-attack-vector-evolution}, language = {English}, urldate = {2021-05-17} } From Dawn to "Silent Night": "DarkSide Ransomware" Initial Attack Vector Evolution
DarkSide
2021-04-17Advanced IntelligenceVitali Kremez, Al Calleo, Yelisey Boguslavskiy
@online{kremez:20210417:adversary:197fcfa, author = {Vitali Kremez and Al Calleo and Yelisey Boguslavskiy}, title = {{Adversary Dossier: Ryuk Ransomware Anatomy of an Attack in 2021}}, date = {2021-04-17}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/adversary-dossier-ryuk-ransomware-anatomy-of-an-attack-in-2021}, language = {English}, urldate = {2021-04-19} } Adversary Dossier: Ryuk Ransomware Anatomy of an Attack in 2021
Ryuk
2021-03-24Twitter (@VK_intel)Vitali Kremez
@online{kremez:20210324:revil:ae29dd2, author = {Vitali Kremez}, title = {{Tweet on REvil ransomware}}, date = {2021-03-24}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1374571480370061312?s=20}, language = {English}, urldate = {2021-03-31} } Tweet on REvil ransomware
REvil