{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:11:48Z","timestamp":1750306308818,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":76,"publisher":"ACM","license":[{"start":{"date-parts":[[2015,9,8]],"date-time":"2015-09-08T00:00:00Z","timestamp":1441670400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2015,9,8]]},"DOI":"10.1145\/2841113.2841116","type":"proceedings-article","created":{"date-parts":[[2015,12,10]],"date-time":"2015-12-10T19:49:49Z","timestamp":1449776989000},"page":"29-43","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Milware"],"prefix":"10.1145","author":[{"given":"Trey","family":"Herr","sequence":"first","affiliation":[{"name":"The George Washington University"}]},{"given":"Eric","family":"Armbrust","sequence":"additional","affiliation":[{"name":"The George Washington University"}]}],"member":"320","published-online":{"date-parts":[[2015,9,8]]},"reference":[{"key":"e_1_3_2_1_1_1","first-page":"527","volume-title":"This paper is included in the Proceedings of the 23rd USENIX Security Symposium.","author":"Hardy Seth","year":"2014","unstructured":"Seth Hardy , Masashi Crete-Nishihata , Katharine Kleemola , and Adam Senft . Targeted threat index: Characterizing and quantifying politically-motivated targeted malware . In This paper is included in the Proceedings of the 23rd USENIX Security Symposium. , pages 527 -- 541 , August 2014 . Seth Hardy, Masashi Crete-Nishihata, Katharine Kleemola, and Adam Senft. Targeted threat index: Characterizing and quantifying politically-motivated targeted malware. In This paper is included in the Proceedings of the 23rd USENIX Security Symposium., pages 527--541, August 2014."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"crossref","unstructured":"Trey Herr. PrEP: A framework for malware & cyber weapons. http:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=2343798 February 2014.  Trey Herr. PrEP: A framework for malware & cyber weapons. http:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=2343798 February 2014.","DOI":"10.2139\/ssrn.2343798"},{"key":"e_1_3_2_1_3_1","unstructured":"P Bright. Massive sql injection attack making the rounds-694k urls so far. http:\/\/arstechnica.com\/security\/2011\/03\/massive-sql-\\\\injection-attack-making-the-rounds694k-urls-so-far\/ March 2010.  P Bright. Massive sql injection attack making the rounds-694k urls so far. http:\/\/arstechnica.com\/security\/2011\/03\/massive-sql-\\\\injection-attack-making-the-rounds694k-urls-so-far\/ March 2010."},{"key":"e_1_3_2_1_4_1","unstructured":"Ekta Gandotra Divya Bansal and Sanjeev Sofat. Malware analysis and classification: A survey. http:\/\/www.scirp.org\/journal\/PaperDownload.aspx?paperID=44440 May 2014.  Ekta Gandotra Divya Bansal and Sanjeev Sofat. Malware analysis and classification: A survey. http:\/\/www.scirp.org\/journal\/PaperDownload.aspx?paperID=44440 May 2014."},{"key":"#cr-split#-e_1_3_2_1_5_1.1","doi-asserted-by":"crossref","unstructured":"U Bayer A Moser C Kruegel and E Kirda. Dynamic analysis of malicious code. http:\/\/dx.doi.org\/10.1007\/s11416-006-0012-2 August 2006. 10.1007\/s11416-006-0012-2","DOI":"10.1007\/s11416-006-0012-2"},{"key":"#cr-split#-e_1_3_2_1_5_1.2","doi-asserted-by":"crossref","unstructured":"U Bayer A Moser C Kruegel and E Kirda. Dynamic analysis of malicious code. http:\/\/dx.doi.org\/10.1007\/s11416-006-0012-2 August 2006.","DOI":"10.1007\/s11416-006-0012-2"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/BWCCA.2010.85"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.21"},{"key":"e_1_3_2_1_8_1","volume-title":"May","author":"Schultz M","year":"2001","unstructured":"M Schultz , E Eskin , F Zadok , and S Stolfo . Data mining methods for detection of new malicious executables , May 2001 . M Schultz, E Eskin, F Zadok, and S Stolfo. Data mining methods for detection of new malicious executables, May 2001."},{"key":"e_1_3_2_1_9_1","unstructured":"D Ddl F Li A Lai. Evidence of advanced persistent threat: A case study of malware for political espionage. http:\/\/ieeexplore.ieee.org\/xpl\/articleDetails.jsp?tp=&arnumber=6112333&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D6112333 October 2011.  D Ddl F Li A Lai. Evidence of advanced persistent threat: A case study of malware for political espionage. http:\/\/ieeexplore.ieee.org\/xpl\/articleDetails.jsp?tp=&arnumber=6112333&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D6112333 October 2011."},{"key":"e_1_3_2_1_10_1","volume-title":"April","author":"Goranin Nikolaj","year":"2008","unstructured":"Nikolaj Goranin and Cenys Antanas . Analysis of malware propagation modeling methods , April 2008 . Nikolaj Goranin and Cenys Antanas. Analysis of malware propagation modeling methods, April 2008."},{"key":"e_1_3_2_1_11_1","unstructured":"Andrea Shalal. U.s. firm crowdstrike claims success in deterring chinese hackers. http:\/\/www.reuters.com\/article\/2015\/04\/13\/us-cyberattack-usa-china-crowdstrike-idUSKBN0N41PT20150413 April 2014.  Andrea Shalal. U.s. firm crowdstrike claims success in deterring chinese hackers. http:\/\/www.reuters.com\/article\/2015\/04\/13\/us-cyberattack-usa-china-crowdstrike-idUSKBN0N41PT20150413 April 2014."},{"volume-title":"September","year":"2014","key":"e_1_3_2_1_12_1","unstructured":"Virustotal. https:\/\/www.virustotal.com\/cs\/file\/39df364a0bb19018127e0a258eb65f1d\\\\1ab2d6c86f1b9ab6fc5d93b8ca8c92f5\/analysis\/ , September 2014 . Virustotal. https:\/\/www.virustotal.com\/cs\/file\/39df364a0bb19018127e0a258eb65f1d\\\\1ab2d6c86f1b9ab6fc5d93b8ca8c92f5\/analysis\/, September 2014."},{"volume-title":"December","year":"2014","key":"e_1_3_2_1_13_1","unstructured":"NightWatcher. http:\/\/greatis.com\/cleanvirus\/remove-malware\/w32lohmys-atr-arquivo_solicitado-exe.htm , December 2014 . NightWatcher. http:\/\/greatis.com\/cleanvirus\/remove-malware\/w32lohmys-atr-arquivo_solicitado-exe.htm, December 2014."},{"key":"e_1_3_2_1_14_1","volume-title":"It threat evolution q3","author":"Emm David","year":"2014","unstructured":"David Emm , Maria Garnaeva , Victor Chebyshev , Roman Unuchek , Denis Makrushin , and Anton Ivanov . It threat evolution q3 2014 . https:\/\/securelist.com\/analysis\/quarterly-malware-reports\/67637\/it-threat-evolution-q3-2014\/, November 2014. David Emm, Maria Garnaeva, Victor Chebyshev, Roman Unuchek, Denis Makrushin, and Anton Ivanov. It threat evolution q3 2014. https:\/\/securelist.com\/analysis\/quarterly-malware-reports\/67637\/it-threat-evolution-q3-2014\/, November 2014."},{"key":"e_1_3_2_1_15_1","unstructured":"Angelica Mari. Brazil tops banking malware list. http:\/\/www.zdnet.com\/article\/brazil-tops-banking-malware-list\/ December 2014.  Angelica Mari. Brazil tops banking malware list. http:\/\/www.zdnet.com\/article\/brazil-tops-banking-malware-list\/ December 2014."},{"key":"e_1_3_2_1_16_1","unstructured":"Brett Stone-Gross and Russell Dickerson. Upatre: Another day another downloader. http:\/\/www.secureworks.com\/cyber-threat-intelligence\/threats\/analyzing-upatre-downloader\/ October 2013.  Brett Stone-Gross and Russell Dickerson. Upatre: Another day another downloader. http:\/\/www.secureworks.com\/cyber-threat-intelligence\/threats\/analyzing-upatre-downloader\/ October 2013."},{"key":"e_1_3_2_1_17_1","volume-title":"June","author":"Micro Trend","year":"2015","unstructured":"Trend Micro . Upatre. http:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/upatre , June 2015 . Trend Micro. Upatre. http:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/upatre, June 2015."},{"key":"e_1_3_2_1_18_1","volume-title":"January","author":"AT.","year":"2013","unstructured":"GRe AT. ` red october'. detailed malware. https:\/\/securelist.com\/analysis\/publications\/36830\/red-october-detailed-malware-description-1-first-stage-of-attack\/ , January 2013 . GReAT. `red october'. detailed malware. https:\/\/securelist.com\/analysis\/publications\/36830\/red-october-detailed-malware-description-1-first-stage-of-attack\/, January 2013."},{"key":"e_1_3_2_1_19_1","unstructured":"Symantec Security Response. Symantec protections for red october. http:\/\/www.symantec.com\/connect\/blogs\/symantec-protections-red-october January 2013.  Symantec Security Response. Symantec protections for red october. http:\/\/www.symantec.com\/connect\/blogs\/symantec-protections-red-october January 2013."},{"volume-title":"January","year":"2014","key":"e_1_3_2_1_20_1","unstructured":"Kaspersky. ` red october' diplomatic cyber attacks investigation. https:\/\/securelist.com\/analysis\/publications\/36740\/red-october-diplomatic-cyber-attacks-investigation\/ , January 2014 . Kaspersky. `red october' diplomatic cyber attacks investigation. https:\/\/securelist.com\/analysis\/publications\/36740\/red-october-diplomatic-cyber-attacks-investigation\/, January 2014."},{"key":"e_1_3_2_1_21_1","volume-title":"November","author":"Zetter Kim","year":"2014","unstructured":"Kim Zetter . Countdown to zero day: Stuxnet and the launch of the world's first digital weapon , November 2014 . Kim Zetter. Countdown to zero day: Stuxnet and the launch of the world's first digital weapon, November 2014."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.67"},{"key":"e_1_3_2_1_23_1","volume-title":"February","author":"Falliere Nicolas","year":"2011","unstructured":"Nicolas Falliere , Liam Murchu , and Eric Chien . W32.stuxnet dossier. http:\/\/www.symantec.com\/content\/en\/us\/enterprise\/media\/security_response\/whitepapers\/w32_stuxnet_dossier.pdf , February 2011 . Nicolas Falliere, Liam Murchu, and Eric Chien. W32.stuxnet dossier. http:\/\/www.symantec.com\/content\/en\/us\/enterprise\/media\/security_response\/whitepapers\/w32_stuxnet_dossier.pdf, February 2011."},{"key":"e_1_3_2_1_24_1","unstructured":"Ralph Langer. To kill a centrifuge. http:\/\/www.langner.com\/en\/wp-content\/uploads\/2013\/11\/To-kill-a-centrifuge.pdf November 2013.  Ralph Langer. To kill a centrifuge. http:\/\/www.langner.com\/en\/wp-content\/uploads\/2013\/11\/To-kill-a-centrifuge.pdf November 2013."},{"key":"e_1_3_2_1_25_1","volume-title":"October","author":"S.","year":"2011","unstructured":"CrySy S. Duqu: A stuxnet-like malware found in the wild. https:\/\/www.crysys.hu\/publications\/files\/bencsathPBF11duqu.pdf , October 2011 . CrySyS. Duqu: A stuxnet-like malware found in the wild. https:\/\/www.crysys.hu\/publications\/files\/bencsathPBF11duqu.pdf, October 2011."},{"key":"e_1_3_2_1_26_1","unstructured":"Symantec. W32.duqu: The precursor to the next stuxnet.  Symantec. W32.duqu: The precursor to the next stuxnet."},{"key":"e_1_3_2_1_27_1","unstructured":"Kim Zetter. Attackers stole certificate from foxconn to hack kaspersky with duqu 2.0. http:\/\/www.wired.com\/2015\/06\/foxconn-hack-kaspersky-duqu-2\/ June 2015.  Kim Zetter. Attackers stole certificate from foxconn to hack kaspersky with duqu 2.0. http:\/\/www.wired.com\/2015\/06\/foxconn-hack-kaspersky-duqu-2\/ June 2015."},{"key":"e_1_3_2_1_28_1","volume-title":"June","author":"Lab CrySys","year":"2015","unstructured":"CrySys Lab . Duqu 2.0 : A comparison to duqu , June 2015 . CrySys Lab. Duqu 2.0: A comparison to duqu, June 2015."},{"key":"e_1_3_2_1_29_1","volume-title":"June","author":"Lab Kaspersky","year":"2015","unstructured":"Kaspersky Lab . The duqu 2.0 , June 2015 . Kaspersky Lab. The duqu 2.0, June 2015."},{"key":"e_1_3_2_1_30_1","unstructured":"Eduard Kovacs. Newly discovered `turla' malware targets linux systems. http:\/\/www.securityweek.com\/newly-discovered-turla-malware-targets-linux-systems December 2014.  Eduard Kovacs. Newly discovered `turla' malware targets linux systems. http:\/\/www.securityweek.com\/newly-discovered-turla-malware-targets-linux-systems December 2014."},{"key":"e_1_3_2_1_31_1","volume-title":"March","author":"Weedon Jen","year":"2014","unstructured":"Jen Weedon and Laura Galante . Intelligence analysts dissect the headlines: Russia, hackers, cyberwar! not so fast. https:\/\/www.fireeye.com\/blog\/executive-perspective\/2014\/03\/intel-analysts-dissect-the-headlines-russia-hackers-cyberwar-not-so-fast.html , March 2014 . Jen Weedon and Laura Galante. Intelligence analysts dissect the headlines: Russia, hackers, cyberwar! not so fast. https:\/\/www.fireeye.com\/blog\/executive-perspective\/2014\/03\/intel-analysts-dissect-the-headlines-russia-hackers-cyberwar-not-so-fast.html, March 2014."},{"key":"e_1_3_2_1_32_1","volume-title":"December","author":"Baumgartner Kurt","year":"2014","unstructured":"Kurt Baumgartner and Costin Raiu . The penquin turla. https:\/\/securelist.com\/blog\/research\/67962\/the-penquin-turla-2\/ , December 2014 . Kurt Baumgartner and Costin Raiu. The penquin turla. https:\/\/securelist.com\/blog\/research\/67962\/the-penquin-turla-2\/, December 2014."},{"key":"e_1_3_2_1_33_1","volume-title":"March","author":"Lee Dave","year":"2014","unstructured":"Dave Lee . Russia and ukraine in cyber `stand-off'. urlhttp:\/\/www.bbc.com\/news\/technology-26447200 , March 2014 . Dave Lee. Russia and ukraine in cyber `stand-off'. urlhttp:\/\/www.bbc.com\/news\/technology-26447200, March 2014."},{"key":"e_1_3_2_1_34_1","volume-title":"August","author":"AT.","year":"2014","unstructured":"GRe AT. The epic turla operation , August 2014 . GReAT. The epic turla operation, August 2014."},{"key":"e_1_3_2_1_35_1","unstructured":"Kaspersky. The epic turla (snake\/uroburos) attacks. http:\/\/www.kaspersky.com\/internet-security-center\/threats\/epic-turla-snake-malware-attacks.  Kaspersky. The epic turla (snake\/uroburos) attacks. http:\/\/www.kaspersky.com\/internet-security-center\/threats\/epic-turla-snake-malware-attacks."},{"key":"e_1_3_2_1_36_1","unstructured":"https:\/\/www.hex-rays.com\/products\/ida\/.  https:\/\/www.hex-rays.com\/products\/ida\/."},{"key":"e_1_3_2_1_37_1","unstructured":"http:\/\/bochs.sourceforge.net\/.  http:\/\/bochs.sourceforge.net\/."},{"key":"e_1_3_2_1_38_1","unstructured":"http:\/\/www.windbg.org\/.  http:\/\/www.windbg.org\/."},{"key":"e_1_3_2_1_39_1","unstructured":"http:\/\/debugger.immunityinc.com\/.  http:\/\/debugger.immunityinc.com\/."},{"key":"e_1_3_2_1_40_1","unstructured":"http:\/\/www.woodmann.com\/collaborative\/tools\/index.php\/SysAnalyzer.  http:\/\/www.woodmann.com\/collaborative\/tools\/index.php\/SysAnalyzer."},{"key":"e_1_3_2_1_41_1","unstructured":"http:\/\/www.tcpdump.org\/.  http:\/\/www.tcpdump.org\/."},{"key":"e_1_3_2_1_42_1","unstructured":"https:\/\/www.wireshark.org\/.  https:\/\/www.wireshark.org\/."},{"key":"e_1_3_2_1_43_1","volume-title":"Kademlia: A peer-to-peer information system based on the xor metric","author":"Maymounkov Petar","year":"2002","unstructured":"Petar Maymounkov and David Mazieres . Kademlia: A peer-to-peer information system based on the xor metric . 2002 . Petar Maymounkov and David Mazieres. Kademlia: A peer-to-peer information system based on the xor metric. 2002."},{"key":"e_1_3_2_1_44_1","unstructured":"Brett Stone-Gross. The lifecycle of peer-to-peer (gameover) zeus July.  Brett Stone-Gross. The lifecycle of peer-to-peer (gameover) zeus July."},{"key":"e_1_3_2_1_45_1","volume-title":"Threat report: W32.tinba (tinybanker) the turkish incident","author":"Kruse Peter","year":"2012","unstructured":"Peter Kruse . Threat report: W32.tinba (tinybanker) the turkish incident . 2012 . Peter Kruse. Threat report: W32.tinba (tinybanker) the turkish incident. 2012."},{"key":"e_1_3_2_1_46_1","volume-title":"September","author":"Regev Assaf","year":"2014","unstructured":"Assaf Regev . Tinba malware reloaded and attacking banks around the world , September 2014 . Assaf Regev. Tinba malware reloaded and attacking banks around the world, September 2014."},{"key":"e_1_3_2_1_47_1","volume-title":"Exploring the blackhole exploit kit","author":"Howard Fraser","year":"2012","unstructured":"Fraser Howard . Exploring the blackhole exploit kit . March 2012 . Fraser Howard. Exploring the blackhole exploit kit. March 2012."},{"key":"e_1_3_2_1_48_1","unstructured":"Stephen Ward. isight discovers zero-day vulnerability cve-2014-4114 used in russian cyber-espionage campaign. http:\/\/www.isightpartners.com\/2014\/10\/cve-2014-4114\/ October 2014.  Stephen Ward. isight discovers zero-day vulnerability cve-2014-4114 used in russian cyber-espionage campaign. http:\/\/www.isightpartners.com\/2014\/10\/cve-2014-4114\/ October 2014."},{"key":"e_1_3_2_1_49_1","unstructured":"William Sanchez. Timeline of sandworm attacks. http:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/timeline-of-sandworm-attacks\/ November 2014.  William Sanchez. Timeline of sandworm attacks. http:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/timeline-of-sandworm-attacks\/ November 2014."},{"key":"e_1_3_2_1_50_1","volume-title":"October","author":"NIST.","year":"2014","unstructured":"NIST. Vulnerability summary for cve-2014-4114. https:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2014-4114 , October 2014 . NIST. Vulnerability summary for cve-2014-4114. https:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2014-4114, October 2014."},{"key":"e_1_3_2_1_51_1","unstructured":"Cisco. Blackhole exploit kit version 2. http:\/\/tools.cisco.com\/security\/center\/viewIpsSignature.x?signatureId=2123&signatureSubId=0&softwareVersion=6.0&releaseVersion=S715 May 2013.  Cisco. Blackhole exploit kit version 2. http:\/\/tools.cisco.com\/security\/center\/viewIpsSignature.x?signatureId=2123&signatureSubId=0&softwareVersion=6.0&releaseVersion=S715 May 2013."},{"key":"e_1_3_2_1_52_1","volume-title":"September","author":"Fiser David","year":"2014","unstructured":"David Fiser . Tiny banker trojan targets customers of major banks worldwide. https:\/\/blog.avast.com\/2014\/09\/15\/tiny-banker-trojan-targets-customers-of-major-banks-worldwide\/ , September 2014 . David Fiser. Tiny banker trojan targets customers of major banks worldwide. https:\/\/blog.avast.com\/2014\/09\/15\/tiny-banker-trojan-targets-customers-of-major-banks-worldwide\/, September 2014."},{"key":"e_1_3_2_1_53_1","volume-title":"Common vulnerability scoring system v3.0: Specification document. https:\/\/www.first.org\/cvss\/specification-document","author":"FIRST.","year":"2015","unstructured":"FIRST. Common vulnerability scoring system v3.0: Specification document. https:\/\/www.first.org\/cvss\/specification-document , 2015 . FIRST. Common vulnerability scoring system v3.0: Specification document. https:\/\/www.first.org\/cvss\/specification-document, 2015."},{"volume-title":"June","year":"2013","key":"e_1_3_2_1_54_1","unstructured":"Kafiene. Blackhole exploit kit goes 2.1.0, shows new url patterns , June 2013 . Kafiene. Blackhole exploit kit goes 2.1.0, shows new url patterns, June 2013."},{"key":"e_1_3_2_1_55_1","volume-title":"August","author":"Neagu Aurelian","year":"2014","unstructured":"Aurelian Neagu . The top 10 most dangerous malware that can empty your bank account. https:\/\/heimdalsecurity.com\/blog\/top-financial-malware\/ , August 2014 . Aurelian Neagu. The top 10 most dangerous malware that can empty your bank account. https:\/\/heimdalsecurity.com\/blog\/top-financial-malware\/, August 2014."},{"key":"e_1_3_2_1_56_1","volume-title":"Kaspersky lab statistics: attacks involving financial malware rise to 28 million","author":"Labs Kaspersky","year":"2013","unstructured":"Kaspersky Labs . Kaspersky lab statistics: attacks involving financial malware rise to 28 million in 2013 . http:\/\/www.kaspersky.com\/about\/news\/virus\/2014\/Kaspersky-Lab-statistics-attacks-involving-financial-malware-rise-to-28-million-in-2013, April 2014. Kaspersky Labs. Kaspersky lab statistics: attacks involving financial malware rise to 28 million in 2013. http:\/\/www.kaspersky.com\/about\/news\/virus\/2014\/Kaspersky-Lab-statistics-attacks-involving-financial-malware-rise-to-28-million-in-2013, April 2014."},{"key":"e_1_3_2_1_57_1","volume-title":"Top banking botnets of","author":"SecureWorks Counter Threat Dell","year":"2013","unstructured":"Dell SecureWorks Counter Threat Unit(TM) Threat Intelligence . Top banking botnets of 2013 . http:\/\/www.secureworks.com\/cyber-threat-intelligence\/threats\/top-banking-botnets-of-2013\/, March 2014. Dell SecureWorks Counter Threat Unit(TM) Threat Intelligence. Top banking botnets of 2013. http:\/\/www.secureworks.com\/cyber-threat-intelligence\/threats\/top-banking-botnets-of-2013\/, March 2014."},{"key":"e_1_3_2_1_58_1","unstructured":"Critical Intelligence. Sans icsthreat briefing. http:\/\/www.critical-intelligence.com\/resources\/papers\/CI-Sandworm-BE2.pdf October 2014.  Critical Intelligence. Sans icsthreat briefing. http:\/\/www.critical-intelligence.com\/resources\/papers\/CI-Sandworm-BE2.pdf October 2014."},{"key":"e_1_3_2_1_59_1","volume-title":"December","author":"Schneier Bruce","year":"2014","unstructured":"Bruce Schneier . More data on attributing the sony attack. https:\/\/www.schneier.com\/blog\/archives\/2014\/12\/more_data_on_at.html , December 2014 . Bruce Schneier. More data on attributing the sony attack. https:\/\/www.schneier.com\/blog\/archives\/2014\/12\/more_data_on_at.html, December 2014."},{"key":"e_1_3_2_1_60_1","volume-title":"December","author":"US-CERT.","year":"2014","unstructured":"US-CERT. Alert (ta14-353a) targeted destructive malware. https:\/\/www.us-cert.gov\/ncas\/alerts\/TA14-353A , December 2014 . US-CERT. Alert (ta14-353a) targeted destructive malware. https:\/\/www.us-cert.gov\/ncas\/alerts\/TA14-353A, December 2014."},{"key":"e_1_3_2_1_61_1","unstructured":"Kyle Wilhoit and Jim gogolinski. Sandworm to blacken: The scada connection. http:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/sandworm-to-blacken-the-scada-connection\/ October 2014.  Kyle Wilhoit and Jim gogolinski. Sandworm to blacken: The scada connection. http:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/sandworm-to-blacken-the-scada-connection\/ October 2014."},{"key":"e_1_3_2_1_62_1","unstructured":"Brian Krebs. Researchers clobber khelios spam botnet. http:\/\/krebsonsecurity.com\/2012\/03\/researchers-clobber-khelios-spam-botnet\/ August 2013.  Brian Krebs. Researchers clobber khelios spam botnet. http:\/\/krebsonsecurity.com\/2012\/03\/researchers-clobber-khelios-spam-botnet\/ August 2013."},{"key":"e_1_3_2_1_63_1","unstructured":"Tom Fox-Brewster. Russian malware used by `privateer' hackers against ukrainian government. http:\/\/www.theguardian.com\/technology\/2014\/sep\/25\/russian-malware-privateer-hackers-ukraine September 2014.  Tom Fox-Brewster. Russian malware used by `privateer' hackers against ukrainian government. http:\/\/www.theguardian.com\/technology\/2014\/sep\/25\/russian-malware-privateer-hackers-ukraine September 2014."},{"key":"e_1_3_2_1_64_1","volume-title":"October","author":"MITRE.","year":"2014","unstructured":"MITRE. Vulnerability summary for cve-2014-4114. https:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2014-4114 , October 2014 . MITRE. Vulnerability summary for cve-2014-4114. https:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2014-4114, October 2014."},{"volume-title":"July","year":"2015","key":"e_1_3_2_1_65_1","unstructured":"4Armed. Galileo rcs running and espionage operation , July 2015 . 4Armed. Galileo rcs running and espionage operation, July 2015."},{"key":"e_1_3_2_1_66_1","unstructured":"Crowdstrike. Putter panda. http:\/\/resources.crowdstrike.com\/putterpanda\/ June 2014.  Crowdstrike. Putter panda. http:\/\/resources.crowdstrike.com\/putterpanda\/ June 2014."},{"volume-title":"Apt1: Exposing one of chinas cyber espionage units","year":"2013","key":"e_1_3_2_1_67_1","unstructured":"Mandiant. Apt1: Exposing one of chinas cyber espionage units , 2013 . Mandiant. Apt1: Exposing one of chinas cyber espionage units, 2013."},{"key":"e_1_3_2_1_68_1","unstructured":"Symantec Security Response. Regin: Top-tier espionage tool enables stealthy surveillance. http:\/\/www.symantec.com\/content\/en\/us\/enterprise\/media\/security_response\/whitepapers\/regin-analysis.pdf November 2014.  Symantec Security Response. Regin: Top-tier espionage tool enables stealthy surveillance. http:\/\/www.symantec.com\/content\/en\/us\/enterprise\/media\/security_response\/whitepapers\/regin-analysis.pdf November 2014."},{"key":"e_1_3_2_1_69_1","volume-title":"February","author":"Research Team Kaspersky Labs","year":"2014","unstructured":"Kaspersky Labs Research Team . Equation: The death star of malware galaxy. https:\/\/securelist.com\/blog\/research\/68750\/equation-the-death-star-of-malware-galaxy\/ , February 2014 . Kaspersky Labs Research Team. Equation: The death star of malware galaxy. https:\/\/securelist.com\/blog\/research\/68750\/equation-the-death-star-of-malware-galaxy\/, February 2014."},{"key":"e_1_3_2_1_70_1","unstructured":"Ralph Langner. To kill a centrifuge. http:\/\/www.langner.com\/en\/wp-content\/uploads\/2013\/11\/To-kill-a-centrifuge.pdf 2013.  Ralph Langner. To kill a centrifuge. http:\/\/www.langner.com\/en\/wp-content\/uploads\/2013\/11\/To-kill-a-centrifuge.pdf 2013."},{"key":"e_1_3_2_1_71_1","unstructured":"Udi Shamir. The case of gyges the invisible malware government-grade now in the hands of cybercriminals. http:\/\/www.sentinel-labs.com\/wp-content\/uploads\/2014\/07\/Sentinel-Labs-Intelligence-Report_0714.pdf July 2014.  Udi Shamir. The case of gyges the invisible malware government-grade now in the hands of cybercriminals. http:\/\/www.sentinel-labs.com\/wp-content\/uploads\/2014\/07\/Sentinel-Labs-Intelligence-Report_0714.pdf July 2014."},{"key":"e_1_3_2_1_72_1","unstructured":"Andy Greenberg. hopping for zero-days: A price list for hackers' secret software exploits. http:\/\/www.forbes.com\/sites\/andygreenberg\/2012\/03\/23\/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits\/ March 2013.  Andy Greenberg. hopping for zero-days: A price list for hackers' secret software exploits. http:\/\/www.forbes.com\/sites\/andygreenberg\/2012\/03\/23\/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits\/ March 2013."},{"key":"e_1_3_2_1_73_1","unstructured":"Chris Borgen. Regulating the global market for zero-day exploits. http:\/\/opiniojuris.org\/2013\/07\/15\/regulating-the-global-market-of-zero-day-exploits\/ July 2013.  Chris Borgen. Regulating the global market for zero-day exploits. http:\/\/opiniojuris.org\/2013\/07\/15\/regulating-the-global-market-of-zero-day-exploits\/ July 2013."},{"key":"e_1_3_2_1_74_1","volume-title":"Vulnerability black markets: Empirical evidence and scenario simulation","author":"Radianti Jaziar","year":"2009","unstructured":"Jaziar Radianti , Eliot Rich , and Jose Gonzalez . Vulnerability black markets: Empirical evidence and scenario simulation . IEEE , 2009 . Jaziar Radianti, Eliot Rich, and Jose Gonzalez. Vulnerability black markets: Empirical evidence and scenario simulation. IEEE, 2009."},{"key":"e_1_3_2_1_75_1","unstructured":"Allan Friedman Tyler Moore and Ariel Procaccia. Cyber-sword v. cyber-shield: The dynamics of us cybersecurity policy priorities. http:\/\/www.nspw.org\/papers\/2010\/nspw2010-moore.pdf September 2010.  Allan Friedman Tyler Moore and Ariel Procaccia. Cyber-sword v. cyber-shield: The dynamics of us cybersecurity policy priorities. http:\/\/www.nspw.org\/papers\/2010\/nspw2010-moore.pdf September 2010."}],"event":{"name":"NSPW '15: New Security Paradigms Workshop","sponsor":["ACSA Applied Computing Security Assoc"],"location":"Twente Netherlands","acronym":"NSPW '15"},"container-title":["Proceedings of the 2015 New Security Paradigms Workshop"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2841113.2841116","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2841113.2841116","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:53:47Z","timestamp":1750222427000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2841113.2841116"}},"subtitle":["Identification and Implications of State Authored Malicious Software"],"short-title":[],"issued":{"date-parts":[[2015,9,8]]},"references-count":76,"alternative-id":["10.1145\/2841113.2841116","10.1145\/2841113"],"URL":"https:\/\/doi.org\/10.1145\/2841113.2841116","relation":{},"subject":[],"published":{"date-parts":[[2015,9,8]]},"assertion":[{"value":"2015-09-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}