http://www.secureworks.com/research/threat-profiles/gold-winter |
https://assets.sentinelone.com/sentinellabs/sentinellabs_EvilCorp |
https://awakesecurity.com/blog/incident-response-hades-ransomware-gang-or-hafnium/ |
https://blog.truesec.com/2021/05/05/are-the-notorious-cyber-criminals-evil-corp-actually-russian-spies/ |
https://docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3 |
https://killingthebear.jorgetesta.tech/actors/evil-corp |
https://symantec.broadcom.com/hubfs/The_Ransomware_Threat_September_2021.pdf |
https://twitter.com/inversecos/status/1381477874046169089?s=20 |
https://www.accenture.com/us-en/blogs/cyber-defense/unknown-threat-group-using-hades-ransomware |
https://www.accenture.com/us-en/blogs/security/ransomware-hades |
https://www.advanced-intel.com/post/adversarial-perspective-advintel-breach-avoidance-through-monitoring-initial-vulnerabilities |
https://www.bleepingcomputer.com/news/security/evil-corp-switches-to-hades-ransomware-to-evade-sanctions/ |
https://www.crowdstrike.com/blog/how-big-game-hunting-ttps-shifted-after-darkside-pipeline-attack/ |
https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox |
https://www.mandiant.com/resources/unc2165-shifts-to-evade-sanctions |
https://www.secureworks.com/blog/hades-ransomware-operators-use-distinctive-tactics-and-infrastructure |
https://www.sentinelone.com/wp-content/uploads/2022/02/S1_-SentinelLabs_SanctionsBeDamned_final_02.pdf |