Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-29Trend MicroAliakbar Zahravi, William Gamazo Sanchez, Kamlapati Choubey, Peter Girnus
@online{zahravi:20210929:formbook:54b9f08, author = {Aliakbar Zahravi and William Gamazo Sanchez and Kamlapati Choubey and Peter Girnus}, title = {{FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal}}, date = {2021-09-29}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/i/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-404.html}, language = {English}, urldate = {2021-10-05} } FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal
Formbook
2021-09-20Trend MicroAliakbar Zahravi, William Gamazo Sanchez
@online{zahravi:20210920:water:63df486, author = {Aliakbar Zahravi and William Gamazo Sanchez}, title = {{Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads}}, date = {2021-09-20}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/i/Water-Basilisk-Uses-New-HCrypt-Variant-to-Flood-Victims-with-RAT-Payloads.html}, language = {English}, urldate = {2021-09-22} } Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads
Ave Maria BitRAT LimeRAT Nanocore RAT NjRAT Quasar RAT
2021-08-25Trend MicroWilliam Gamazo Sanchez, Bin Lin
@online{sanchez:20210825:new:f09ef7d, author = {William Gamazo Sanchez and Bin Lin}, title = {{New Campaign Sees LokiBot Delivered Via Multiple Methods}}, date = {2021-08-25}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/h/new-campaign-sees-lokibot-delivered-via-multiple-methods.html}, language = {English}, urldate = {2021-08-31} } New Campaign Sees LokiBot Delivered Via Multiple Methods
Loki Password Stealer (PWS)
2021-07-01Trend MicroWilliam Gamazo Sanchez
@online{sanchez:20210701:purplefox:fb8c3c4, author = {William Gamazo Sanchez}, title = {{PurpleFox Using WPAD to Target Indonesian Users}}, date = {2021-07-01}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/g/purplefox-using-wpad-to-targent-indonesian-users.html}, language = {English}, urldate = {2021-07-02} } PurpleFox Using WPAD to Target Indonesian Users
win.purplefox
2020-12-17Trend MicroWilliam Gamazo Sanchez, Aliakbar Zahravi
@online{sanchez:20201217:credential:8d0de6b, author = {William Gamazo Sanchez and Aliakbar Zahravi}, title = {{Credential Stealer Targets US, Canadian Bank Customers}}, date = {2020-12-17}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/20/l/stealth-credential-stealer-targets-us-canadian-bank-customers.html}, language = {English}, urldate = {2020-12-18} } Credential Stealer Targets US, Canadian Bank Customers
2020-12-15Trend MicroWilliam Gamazo Sanchez
@online{sanchez:20201215:who:c723930, author = {William Gamazo Sanchez}, title = {{Who is the Threat Actor Behind Operation Earth Kitsune?}}, date = {2020-12-15}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/20/l/who-is-the-threat-actor-behind-operation-earth-kitsune-.html}, language = {English}, urldate = {2020-12-16} } Who is the Threat Actor Behind Operation Earth Kitsune?
Freenki Loader SLUB
2020-10-28Trend MicroWilliam Gamazo Sanchez, Aliakbar Zahravi, Elliot Cao, Cedric Pernet, Daniel Lunghi, Jaromír Hořejší, Joseph C Chen, John Zhang
@online{sanchez:20201028:operation:7f4b906, author = {William Gamazo Sanchez and Aliakbar Zahravi and Elliot Cao and Cedric Pernet and Daniel Lunghi and Jaromír Hořejší and Joseph C Chen and John Zhang}, title = {{Operation Earth Kitsune: A Dance of Two New Backdoors}}, date = {2020-10-28}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/20/j/operation-earth-kitsune-a-dance-of-two-new-backdoors.html}, language = {English}, urldate = {2020-10-29} } Operation Earth Kitsune: A Dance of Two New Backdoors
AgfSpy DneSpy SLUB
2020-10-19Trend MicroNelson William Gamazo Sanchez, Aliakbar Zahravi, John Zhang, Eliot Cao, Cedric Pernet, Daniel Lunghi, Jaromír Hořejší, Joseph C. Chen
@techreport{sanchez:20201019:operation:e613dd2, author = {Nelson William Gamazo Sanchez and Aliakbar Zahravi and John Zhang and Eliot Cao and Cedric Pernet and Daniel Lunghi and Jaromír Hořejší and Joseph C. Chen}, title = {{Operation Earth Kitsune: Tracking SLUB’s Current Operations}}, date = {2020-10-19}, institution = {Trend Micro}, url = {https://documents.trendmicro.com/assets/white_papers/wp-operation-earth-kitsune.pdf}, language = {English}, urldate = {2020-10-21} } Operation Earth Kitsune: Tracking SLUB’s Current Operations
SLUB
2020-03-24Trend MicroElliot Cao, Joseph Chen, William Gamazo Sanchez, Lilang Wu, Ecular Xu
@online{cao:20200324:operation:89da9bd, author = {Elliot Cao and Joseph Chen and William Gamazo Sanchez and Lilang Wu and Ecular Xu}, title = {{Operation Poisoned News: Hong Kong Users Targeted With Mobile Malware via Local News Links}}, date = {2020-03-24}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/}, language = {English}, urldate = {2020-03-25} } Operation Poisoned News: Hong Kong Users Targeted With Mobile Malware via Local News Links
dmsSpy lightSpy
2020-03-24Trend MicroElliot Cao, Joseph Chen, William Gamazo Sanchez, Lilang Wu, Ecular Xu
@techreport{cao:20200324:technical:dc23839, author = {Elliot Cao and Joseph Chen and William Gamazo Sanchez and Lilang Wu and Ecular Xu}, title = {{Technical Brief: Operation Poisoned News: Hong Kong Users Targeted with Mobile Malware via Local News Links}}, date = {2020-03-24}, institution = {Trend Micro}, url = {https://documents.trendmicro.com/assets/Tech-Brief-Operation-Poisoned-News-Hong-Kong-Users-Targeted-with-Mobile-Malware-via-Local-News-Links.pdf}, language = {English}, urldate = {2020-03-25} } Technical Brief: Operation Poisoned News: Hong Kong Users Targeted with Mobile Malware via Local News Links
dmsSpy lightSpy
2016-09-14Trend MicroStephen Hilt, William Gamazo Sanchez
@online{hilt:20160914:bksod:f75ef88, author = {Stephen Hilt and William Gamazo Sanchez}, title = {{BkSoD by Ransomware: HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs}}, date = {2016-09-14}, organization = {Trend Micro}, url = {http://blog.trendmicro.com/trendlabs-security-intelligence/bksod-by-ransomware-hddcryptor-uses-commercial-tools-to-encrypt-network-shares-and-lock-hdds/}, language = {English}, urldate = {2020-01-09} } BkSoD by Ransomware: HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs
Mamba
2014-11-10Trend MicroWilliam Gamazo Sanchez
@online{sanchez:20141110:timeline:fd77607, author = {William Gamazo Sanchez}, title = {{Timeline of Sandworm Attacks}}, date = {2014-11-10}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/timeline-of-sandworm-attacks/}, language = {English}, urldate = {2020-01-09} } Timeline of Sandworm Attacks
Sandworm TeleBots