Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-07-20Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy, Marley Smith
@online{kremez:20220720:anatomy:cd94a81, author = {Vitali Kremez and Yelisey Boguslavskiy and Marley Smith}, title = {{Anatomy of Attack: Truth Behind the Costa Rica Government Ransomware 5-Day Intrusion}}, date = {2022-07-20}, organization = {Advanced Intelligence}, url = {https://www.advintel.io/post/anatomy-of-attack-truth-behind-the-costa-rica-government-ransomware-5-day-intrusion}, language = {English}, urldate = {2022-07-25} } Anatomy of Attack: Truth Behind the Costa Rica Government Ransomware 5-Day Intrusion
Cobalt Strike
2022-06-07AdvIntelVitali Kremez, Marley Smith, Yelisey Boguslavskiy
@online{kremez:20220607:blackcat:3dc977e, author = {Vitali Kremez and Marley Smith and Yelisey Boguslavskiy}, title = {{BlackCat — In a Shifting Threat Landscape, It Helps to Land on Your Feet: Tech Dive}}, date = {2022-06-07}, organization = {AdvIntel}, url = {https://www.advintel.io/post/blackcat-in-a-shifting-threat-landscape-it-helps-to-land-on-your-feet-tech-dive}, language = {English}, urldate = {2022-06-08} } BlackCat — In a Shifting Threat Landscape, It Helps to Land on Your Feet: Tech Dive
BlackCat BlackCat Cobalt Strike
2022-05-20AdvIntelYelisey Boguslavskiy, Vitali Kremez, Marley Smith
@online{boguslavskiy:20220520:discontinued:de13f97, author = {Yelisey Boguslavskiy and Vitali Kremez and Marley Smith}, title = {{DisCONTInued: The End of Conti’s Brand Marks New Chapter For Cybercrime Landscape}}, date = {2022-05-20}, organization = {AdvIntel}, url = {https://www.advintel.io/post/discontinued-the-end-of-conti-s-brand-marks-new-chapter-for-cybercrime-landscape}, language = {English}, urldate = {2022-05-25} } DisCONTInued: The End of Conti’s Brand Marks New Chapter For Cybercrime Landscape
AvosLocker Black Basta BlackByte BlackCat Conti HelloKitty Hive
2022-05-17Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20220517:hydra:16615d9, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{Hydra with Three Heads: BlackByte & The Future of Ransomware Subsidiary Groups}}, date = {2022-05-17}, organization = {Advanced Intelligence}, url = {https://www.advintel.io/post/hydra-with-three-heads-blackbyte-the-future-of-ransomware-subsidiary-groups}, language = {English}, urldate = {2022-05-25} } Hydra with Three Heads: BlackByte & The Future of Ransomware Subsidiary Groups
BlackByte Conti
2022-04-18AdvIntelVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20220418:enter:2f9b689, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{Enter KaraKurt: Data Extortion Arm of Prolific Ransomware Group}}, date = {2022-04-18}, organization = {AdvIntel}, url = {https://www.advintel.io/post/enter-karakurt-data-extortion-arm-of-prolific-ransomware-group}, language = {English}, urldate = {2022-05-17} } Enter KaraKurt: Data Extortion Arm of Prolific Ransomware Group
AvosLocker BazarBackdoor BlackByte BlackCat Cobalt Strike HelloKitty Hive
2022-02-23AdvIntelVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20220223:24:59b3a28, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{24 Hours From Log4Shell to Local Admin: Deep-Dive Into Conti Gang Attack on Fortune 500 (DFIR)}}, date = {2022-02-23}, organization = {AdvIntel}, url = {https://www.advintel.io/post/24-hours-from-log4shell-to-local-admin-deep-dive-into-conti-gang-attack-on-fortune-500-dfir}, language = {English}, urldate = {2022-03-01} } 24 Hours From Log4Shell to Local Admin: Deep-Dive Into Conti Gang Attack on Fortune 500 (DFIR)
Cobalt Strike Conti
2022-02-16Advanced IntelligenceYelisey Boguslavskiy
@online{boguslavskiy:20220216:trickbot:a431e84, author = {Yelisey Boguslavskiy}, title = {{The TrickBot Saga’s Finale Has Aired: Spinoff is Already in the Works}}, date = {2022-02-16}, organization = {Advanced Intelligence}, url = {https://www.advintel.io/post/the-trickbot-saga-s-finale-has-aired-but-a-spinoff-is-already-in-the-works}, language = {English}, urldate = {2022-02-19} } The TrickBot Saga’s Finale Has Aired: Spinoff is Already in the Works
TrickBot
2022-01-14Advanced IntelligenceYelisey Boguslavskiy
@online{boguslavskiy:20220114:storm:ad0e3d7, author = {Yelisey Boguslavskiy}, title = {{Storm in "Safe Haven": Takeaways from Russian Authorities Takedown of REvil}}, date = {2022-01-14}, organization = {Advanced Intelligence}, url = {https://www.advintel.io/post/storm-in-safe-haven-takeaways-from-russian-authorities-takedown-of-revil}, language = {English}, urldate = {2022-01-24} } Storm in "Safe Haven": Takeaways from Russian Authorities Takedown of REvil
REvil REvil
2021-12-17Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20211217:ransomware:767cb9b, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{Ransomware Advisory: Log4Shell Exploitation for Initial Access & Lateral Movement}}, date = {2021-12-17}, organization = {Advanced Intelligence}, url = {https://www.advintel.io/post/ransomware-advisory-log4shell-exploitation-for-initial-access-lateral-movement}, language = {English}, urldate = {2021-12-20} } Ransomware Advisory: Log4Shell Exploitation for Initial Access & Lateral Movement
Conti
2021-11-20Advanced IntelligenceYelisey Boguslavskiy, Vitali Kremez
@online{boguslavskiy:20211120:corporate:a8b0a1c, author = {Yelisey Boguslavskiy and Vitali Kremez}, title = {{Corporate Loader "Emotet": History of "X" Project Return for Ransomware}}, date = {2021-11-20}, organization = {Advanced Intelligence}, url = {https://www.advintel.io/post/corporate-loader-emotet-history-of-x-project-return-for-ransomware}, language = {English}, urldate = {2021-11-25} } Corporate Loader "Emotet": History of "X" Project Return for Ransomware
Emotet
2021-09-29Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20210929:backup:4aebe4e, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{Backup “Removal” Solutions - From Conti Ransomware With Love}}, date = {2021-09-29}, organization = {Advanced Intelligence}, url = {https://www.advintel.io/post/backup-removal-solutions-from-conti-ransomware-with-love}, language = {English}, urldate = {2021-10-20} } Backup “Removal” Solutions - From Conti Ransomware With Love
Cobalt Strike Conti
2021-09-09Advanced IntelligenceYelisey Boguslavskiy, Anastasia Sentsova
@online{boguslavskiy:20210909:groove:f678f6d, author = {Yelisey Boguslavskiy and Anastasia Sentsova}, title = {{Groove VS Babuk; Groove Ransom Manifesto & RAMP Underground Platform Secret Inner Workings}}, date = {2021-09-09}, organization = {Advanced Intelligence}, url = {https://www.advintel.io/post/groove-vs-babuk-groove-ransom-manifesto-ramp-underground-platform-secret-inner-workings}, language = {English}, urldate = {2021-09-12} } Groove VS Babuk; Groove Ransom Manifesto & RAMP Underground Platform Secret Inner Workings
Babuk Babuk
2021-08-17Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20210817:hunting:1dc14d0, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{Hunting for Corporate Insurance Policies: Indicators of [Ransom] Exfiltration}}, date = {2021-08-17}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/hunting-for-corporate-insurance-policies-indicators-of-ransom-exfiltrations}, language = {English}, urldate = {2021-08-31} } Hunting for Corporate Insurance Policies: Indicators of [Ransom] Exfiltration
Cobalt Strike Conti
2021-07-14Advanced IntelligenceYelisey Boguslavskiy, AdvIntel Security & Development Team
@online{boguslavskiy:20210714:revil:7729e3d, author = {Yelisey Boguslavskiy and AdvIntel Security & Development Team}, title = {{REvil Vanishes From Underground - Infrastructure Down}}, date = {2021-07-14}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/revil-vanishes-from-underground-infrastructure-down-support-staff-adverts-silent}, language = {English}, urldate = {2021-07-20} } REvil Vanishes From Underground - Infrastructure Down
REvil
2021-06-30Advanced IntelligenceYelisey Boguslavskiy, Brandon Rudisel, AdvIntel Security & Development Team
@online{boguslavskiy:20210630:ransomwarecve:deae6a7, author = {Yelisey Boguslavskiy and Brandon Rudisel and AdvIntel Security & Development Team}, title = {{Ransomware-&-CVE: Industry Insights Into Exclusive High-Value Target Adversarial Datasets}}, date = {2021-06-30}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/adversarial-perspective-advintel-breach-avoidance-through-monitoring-initial-vulnerabilities}, language = {English}, urldate = {2021-07-01} } Ransomware-&-CVE: Industry Insights Into Exclusive High-Value Target Adversarial Datasets
BlackKingdom Ransomware Clop dearcry Hades REvil
2021-06-16Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20210616:rise:8cfe240, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{The Rise & Demise of Multi-Million Ransomware Business Empire}}, date = {2021-06-16}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/the-rise-demise-of-multi-million-ransomware-business-empire}, language = {English}, urldate = {2021-06-21} } The Rise & Demise of Multi-Million Ransomware Business Empire
Avaddon
2021-06-08Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
@online{kremez:20210608:from:62f4d20, author = {Vitali Kremez and Yelisey Boguslavskiy}, title = {{From QBot...with REvil Ransomware: Initial Attack Exposure of JBS}}, date = {2021-06-08}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/from-qbot-with-revil-ransomware-initial-attack-exposure-of-jbs}, language = {English}, urldate = {2021-06-09} } From QBot...with REvil Ransomware: Initial Attack Exposure of JBS
QakBot REvil
2021-05-03Twitter (@y_advintel)Yelisey Boguslavskiy
@online{boguslavskiy:20210503:tween:35cfbaf, author = {Yelisey Boguslavskiy}, title = {{Tween on new RaaS Galaxy Ransomware}}, date = {2021-05-03}, organization = {Twitter (@y_advintel)}, url = {https://twitter.com/y_advintel/status/1389330275616710657}, language = {English}, urldate = {2021-05-08} } Tween on new RaaS Galaxy Ransomware
2021-04-17Advanced IntelligenceVitali Kremez, Al Calleo, Yelisey Boguslavskiy
@online{kremez:20210417:adversary:197fcfa, author = {Vitali Kremez and Al Calleo and Yelisey Boguslavskiy}, title = {{Adversary Dossier: Ryuk Ransomware Anatomy of an Attack in 2021}}, date = {2021-04-17}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/adversary-dossier-ryuk-ransomware-anatomy-of-an-attack-in-2021}, language = {English}, urldate = {2021-04-19} } Adversary Dossier: Ryuk Ransomware Anatomy of an Attack in 2021
Ryuk
2020-07-15Advanced IntelligenceYelisey Boguslavskiy, Samantha van de Ven
@online{boguslavskiy:20200715:inside:f9b95b1, author = {Yelisey Boguslavskiy and Samantha van de Ven}, title = {{Inside REvil Extortionist “Machine”: Predictive Insights}}, date = {2020-07-15}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/inside-revil-extortionist-machine-predictive-insights}, language = {English}, urldate = {2020-07-16} } Inside REvil Extortionist “Machine”: Predictive Insights
Gandcrab REvil