{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,20]],"date-time":"2026-01-20T02:23:59Z","timestamp":1768875839629,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":155,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,7,30]],"date-time":"2024-07-30T00:00:00Z","timestamp":1722297600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,7,30]]},"DOI":"10.1145\/3664476.3670886","type":"proceedings-article","created":{"date-parts":[[2024,7,25]],"date-time":"2024-07-25T12:35:50Z","timestamp":1721910950000},"page":"1-10","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":9,"title":["A Comprehensive Pattern-based Overview of Stegomalware"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-1133-6983","authenticated-orcid":false,"given":"Fabian","family":"Strachanski","sequence":"first","affiliation":[{"name":"University of Duisburg-Essen, Germany and FernUniversit\u00e4t in Hagen, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-7131-6844","authenticated-orcid":false,"given":"Denis","family":"Petrov","sequence":"additional","affiliation":[{"name":"Centre for Technology and Transfer (ZTT), Worms University of Applied Sciences, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5912-0857","authenticated-orcid":false,"given":"Tobias","family":"Schmidbauer","sequence":"additional","affiliation":[{"name":"Nuremberg Institute of Technology, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1913-5912","authenticated-orcid":false,"given":"Steffen","family":"Wendzel","sequence":"additional","affiliation":[{"name":"Center for Technology and Transfer, Worms University of Applied Sciences, Germany and FernUniversit\u00e4t in Hagen, Germany"}]}],"member":"320","published-online":{"date-parts":[[2024,7,30]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Barrett Adams. 2023. Invoke-PSImage. https:\/\/github.com\/peewpw\/Invoke-PSImage"},{"key":"e_1_3_2_1_2_1","unstructured":"Manoj Ahuje. 2022. LemonDuck Botnet Targets Dockerfor Cryptomining Operations | CrowdStrike. crowdstrike.com. https:\/\/www.crowdstrike.com\/blog\/lemonduck-botnet-targets-docker-for-cryptomining-operations\/"},{"key":"e_1_3_2_1_3_1","unstructured":"Airbus. 2022. Vinself Now with Steganography - Airbus Defence and Space Cyber. Airbus. https:\/\/www.cyber.airbus.com\/vinself-now-steganography\/"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"crossref","unstructured":"M. Alenezi H. Alabdulrazzaq A. Alshaher and M. Alkharang. 2020. Evolution of Malware Threats and Techniques: A Review. International journal of communication networks and information security 12 3 (2020) 326\u2013337.","DOI":"10.17762\/ijcnis.v12i3.4723"},{"key":"e_1_3_2_1_5_1","unstructured":"AV-TEST. 2023. Malware | AV-TEST. AV-TEST. https:\/\/www.av-test.org\/de\/statistiken\/malware\/"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5220\/0012260900003584"},{"key":"e_1_3_2_1_7_1","unstructured":"Robert\u00a0Falcone Barbehenn Brittany. 2019. xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations. Unit 42. https:\/\/unit42.paloaltonetworks.com\/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations\/"},{"key":"e_1_3_2_1_8_1","unstructured":"Robert\u00a0Falcone Barbehenn Brittany. 2019. xHunt Campaign: New PowerShell Backdoor Blocked Through DNS Tunnel Detection. Unit 42. https:\/\/unit42.paloaltonetworks.com\/more-xhunt-new-powershell-backdoor-blocked-through-dns-tunnel-detection\/"},{"key":"e_1_3_2_1_9_1","unstructured":"BfV. 2020. BfV Cyber-Brief Nr. 01\/2020. Technical Report. Bundesamt f\u00fcr Verfassungsschutz."},{"key":"e_1_3_2_1_10_1","unstructured":"J. Boutin. 2019. Buhtrap Group Uses Zero-Day in Latest Espionage Campaigns. ESET. https:\/\/www.welivesecurity.com\/2019\/07\/11\/buhtrap-zero-day-espionage-campaigns\/"},{"key":"e_1_3_2_1_11_1","unstructured":"R. Bowes. 2023. DNSCat2. Retrieved 2023-12-09 from https:\/\/github.com\/iagox86\/dnscat2"},{"key":"e_1_3_2_1_12_1","unstructured":"Kevin Breen. 2023. Detecting and Decrypting Sliver C2 \u2013 a Threat Hunter\u2019s Guide. Immersive Labs. https:\/\/www.immersivelabs.com\/blog\/detecting-and-decrypting-sliver-c2-a-threat-hunters-guide\/"},{"key":"e_1_3_2_1_13_1","volume-title":"Threat Spotlight: Astaroth \u2014 Maze of Obfuscation and Evasion Reveals Dark Stealer. Cisco Talos Blog. https:\/\/blog.talosintelligence.com\/astaroth-analysis\/","author":"Brumaghin Edmund","year":"2020","unstructured":"Edmund Brumaghin. 2020. Threat Spotlight: Astaroth \u2014 Maze of Obfuscation and Evasion Reveals Dark Stealer. Cisco Talos Blog. https:\/\/blog.talosintelligence.com\/astaroth-analysis\/"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/MITP.2018.032501746"},{"key":"e_1_3_2_1_15_1","unstructured":"Luigino Camastra. 2021. Backdoored Client from Mongolian CA MonPass. Avast Threat Labs. https:\/\/decoded.avast.io\/luigicamastra\/backdoored-client-from-mongolian-ca-monpass\/"},{"key":"e_1_3_2_1_16_1","unstructured":"Luca Caviglione. 2023. Steg-in-the-Wild. https:\/\/github.com\/lucacav\/steg-in-the-wild"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3048319"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2022.3178205"},{"key":"e_1_3_2_1_19_1","volume-title":"Guildma Malware Is Now Accessing Facebook and YouTube to Keep Up-to-Date","author":"SANS Internet\u00a0Storm Center","unstructured":"SANS Internet\u00a0Storm Center. 2019. Guildma Malware Is Now Accessing Facebook and YouTube to Keep Up-to-Date. SANS Internet Storm Center. https:\/\/isc.sans.edu\/diary\/Guildma+malware+is+now+accessing+Facebook+andYouTube+to+keep+uptodate\/25222"},{"key":"e_1_3_2_1_20_1","unstructured":"National Cyber\u00a0Security Centre. 2022. Small Sieve Malware Analysis Report. Technical Report. NCSC."},{"key":"e_1_3_2_1_21_1","volume-title":"APT Attacks on Industrial Organizations in H1","author":"ICS CERT.","year":"2021","unstructured":"Kaspersky\u00a0ICS CERT. 2021. APT Attacks on Industrial Organizations in H1 2021. Technical Report. Kaspersky."},{"key":"e_1_3_2_1_22_1","unstructured":"Nicolas Chatelain. 2023. Ligolo-Ng : Tunneling like a VPN. https:\/\/github.com\/nicocha30\/ligolo-ng"},{"key":"e_1_3_2_1_23_1","unstructured":"J. Chen. 2020. Tropic Trooper\u2019s Back: USBferry Attack Targets Air-gapped Environments. Technical Report. Trend Micro."},{"key":"e_1_3_2_1_24_1","unstructured":"Joey Chen. 2020. Tropic Trooper\u2019s USBferry Targets Air-Gapped Networks. Trend Micro. https:\/\/www.trendmicro.com\/en_us\/research\/20\/e\/tropic-troopers-back-usbferry-attack-targets-air-gapped-environments.html"},{"key":"e_1_3_2_1_25_1","unstructured":"Joey Chen. 2022. Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years. SentinelOne. https:\/\/www.sentinelone.com\/labs\/aoqin-dragon-newly-discovered-chinese-linked-apt-has-been-quietly-spying-on-organizations-for-10-years\/"},{"key":"e_1_3_2_1_26_1","unstructured":"J. Chen H. Kakara and M. Shoji. 2019. Operation ENDTRADE: TICK\u2019s Multi-Stage Backdoors for Attacking Industries and Stealing Classified Data. Technical Report. Trend Micro."},{"key":"e_1_3_2_1_27_1","volume-title":"Iran-Based Threat Actor Exploits VPN Vulnerabilities | CISA","author":"CISA.","unstructured":"CISA. 2020. Iran-Based Threat Actor Exploits VPN Vulnerabilities | CISA. Cybersecurity and Infrastructure Security Agency. https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa20-259a"},{"key":"e_1_3_2_1_28_1","unstructured":"DXC\u00a0Technology Company. 2021. Security threat intelligence report. Technical Report. DXC Technology Company. https:\/\/dxc.com\/content\/dam\/dxc\/projects\/dxc-com\/us\/pdfs\/services\/security\/DXC-Security-Threat-Intelligence-Report-June-2021.pdf"},{"key":"e_1_3_2_1_29_1","unstructured":"Quinn Cooke Alex Hincliffe and Robert Falcone. 2021. Mespinoza Ransomware Gang Calls Victims \u201cPartners \u201d Attacks with Gasket \"MagicSocks\" Tools. Unit 42. https:\/\/unit42.paloaltonetworks.com\/gasket-and-magicsocks-tools-install-mespinoza-ransomware\/"},{"key":"e_1_3_2_1_30_1","unstructured":"A. Cristian. 2023. Advanced Onion Router. GitHub. https:\/\/github.com\/AdvOR"},{"key":"e_1_3_2_1_31_1","unstructured":"A. Dahan. 0. New Ursnif Variant Targets Japan Packed with New Features. Cybereason. https:\/\/www.cybereason.com\/blog\/research\/new-ursnif-variant-targets-japan-packed-with-new-features"},{"key":"e_1_3_2_1_32_1","unstructured":"Nick Dai Ted Lee and Vickie Su. 2021. Tropic Trooper Targets Transportation and Government Organizations. Trend Micro. https:\/\/www.trendmicro.com\/en_us\/research\/21\/l\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government-organizations.html"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1177\/2043886921993126"},{"key":"e_1_3_2_1_34_1","unstructured":"Jason Deyalsingh Nick Smith Eduardo Mattos and Tyler McLellan. 2023. ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access. Mandiant. https:\/\/www.mandiant.com\/resources\/blog\/alphv-ransomware-backup"},{"key":"e_1_3_2_1_35_1","volume-title":"Communicating over DNS","author":"T\u00a0Ltd Security","unstructured":"Security division\u00a0of NTT\u00a0Ltd.2020. TrickBot Variant \u201cAnchor_DNS\u201d Communicating over DNS. NTT Ltd. https:\/\/services.global.ntt\/en-us\/insights\/blog\/trickbot-variant-communicating-over-dns"},{"key":"e_1_3_2_1_36_1","unstructured":"A. Dolgushev V. Berdnikov and I. Pomerantsev. 2019. Platinum Is Back. Kaspersky. https:\/\/securelist.com\/platinum-is-back\/91135\/"},{"key":"e_1_3_2_1_37_1","volume-title":"WINNTI GROUP: Insights From the Past - QuoIntelligence. QuoIntelligence GmbH. https:\/\/quointelligence.eu\/2020\/04\/winnti-group-insights-from-the-past\/","author":"Ebel A.","year":"2020","unstructured":"A. Ebel. 2020. WINNTI GROUP: Insights From the Past - QuoIntelligence. QuoIntelligence GmbH. https:\/\/quointelligence.eu\/2020\/04\/winnti-group-insights-from-the-past\/"},{"key":"e_1_3_2_1_38_1","unstructured":"Stephen Eckels Jay Smith and William Ballenthin. 2021. SUNBURST Additional Technical Details. Mandiant. https:\/\/www.mandiant.com\/resources\/blog\/sunburst-additional-technical-details"},{"key":"e_1_3_2_1_39_1","volume-title":"IT Threat Evolution Q2","author":"Emm D.","year":"2020","unstructured":"D. Emm. 2020. IT Threat Evolution Q2 2020. Kaspersky. https:\/\/securelist.com\/it-threat-evolution-q2-2020\/98230\/"},{"key":"e_1_3_2_1_40_1","unstructured":"PT ESC. 2023. Space Pirates: A Look into the Group\u2019s Unconventional Techniques New Attack Vectors and Tools. ptsecurity.com. https:\/\/www.ptsecurity.com\/ww-en\/analytics\/pt-esc-threat-intelligence\/space-pirates-a-look-into-the-group-s-unconventional-techniques-new-attack-vectors-and-tools\/"},{"key":"e_1_3_2_1_41_1","unstructured":"F-Secure. 2019. Killsuit Research. https:\/\/blog.f-secure.com\/wp-content\/uploads\/2019\/10\/Killsuit_Research_01.pdf"},{"key":"e_1_3_2_1_42_1","unstructured":"Kyle\u00a0Wilhoit Falcone Robert. 2018. OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government. Unit 42. https:\/\/unit42.paloaltonetworks.com\/unit42-oilrig-uses-updated-bondupdater-target-middle-eastern-government\/"},{"key":"e_1_3_2_1_43_1","unstructured":"Robert Falcone. 2020. OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory. Unit 42. https:\/\/unit42.paloaltonetworks.com\/oilrig-novel-c2-channel-steganography\/"},{"key":"e_1_3_2_1_44_1","unstructured":"Robert Falcone. 2020. xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control. Unit 42. https:\/\/unit42.paloaltonetworks.com\/xhunt-campaign-backdoors\/"},{"key":"e_1_3_2_1_45_1","unstructured":"Matthieu Faou. 2019. TURLA LIGHTNEURON One Email Away from Remote Code Execution. Technical Report. ESET."},{"key":"e_1_3_2_1_46_1","unstructured":"M. Faou. 2020. From Agent.BTZ to ComRAT v4: A Ten-Year Journey. ESET. https:\/\/www.welivesecurity.com\/2020\/05\/26\/agentbtz-comratv4-ten-year-journey\/"},{"key":"e_1_3_2_1_47_1","unstructured":"M. Faou. 2023. MoustachedBouncer: Espionage against Foreign Diplomats in Belarus. ESET. https:\/\/www.welivesecurity.com\/en\/eset-research\/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus\/"},{"key":"e_1_3_2_1_48_1","unstructured":"Matthieu Faou Mathieu Tartare and Thomas Dupuy. 2019. OPERATION GHOST The Dukes Aren\u2019t Back - They Never Left. ESET. https:\/\/web-assets.esetstatic.com\/wls\/2019\/10\/ESET_Operation_Ghost_Dukes.pdf"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","unstructured":"Stephen Farrell Farzaneh Badiei Bruce Schneier and Steven\u00a0M. Bellovin. 2023. Reflections on Ten Years Past the Snowden Revelations. RFC 9446. https:\/\/doi.org\/10.17487\/RFC9446","DOI":"10.17487\/RFC9446"},{"key":"e_1_3_2_1_50_1","unstructured":"FBI CISA USCC NCSC GCHQ and NSA. 2022. Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks (Product-ID: AA22-055A). Technical Report. CISA."},{"key":"e_1_3_2_1_51_1","unstructured":"Fraunhofer FKIE. 2023. Malpedia (Fraunhofer FKIE). Fraunhofer FKIE. https:\/\/malpedia.caad.fkie.fraunhofer.de\/"},{"key":"e_1_3_2_1_52_1","volume-title":"Cyber Intel Brief: September 28 \u2013","author":"Ford Eric","year":"2023","unstructured":"Eric Ford. 2023. Cyber Intel Brief: September 28 \u2013 October 03, 2023. Deepwatch. https:\/\/www.deepwatch.com\/labs\/cyber-intel-brief-september-28-october-03-2023\/"},{"key":"e_1_3_2_1_53_1","unstructured":"T. Forry. 2023. Application for search warrant: In the matter of the search of information associated with computer constituting associated with computers constituting the Snake malware network: Docket No. 23-MJ-0428 (CLP). Technical Report. FBI."},{"key":"e_1_3_2_1_54_1","unstructured":"Recorded Future. 2023. BlueBravo Uses Ambassador Lure to Deploy GraphicalNeutrino Malware."},{"key":"e_1_3_2_1_55_1","unstructured":"S. Gatlan. 2023. Discord Will Switch to Temporary File Links to Block Malware Delivery. BleepingComputer. https:\/\/www.bleepingcomputer.com\/news\/security\/discord-will-switch-to-temporary-file-links-to-block-malware-delivery\/"},{"key":"e_1_3_2_1_56_1","unstructured":"ginuerzh. 2023. GO Simple Tunnel. https:\/\/github.com\/ginuerzh\/gost"},{"key":"e_1_3_2_1_57_1","unstructured":"GReAT. 2019. ScarCruft Continues to Evolve Introduces Bluetooth Harvester. ESET. https:\/\/securelist.com\/scarcruft-continues-to-evolve-introduces-bluetooth-harvester\/90729\/"},{"key":"e_1_3_2_1_58_1","unstructured":"GReAT and S. Lozhkin. 2023. DoubleFinger Delivers GreetingGhoul Cryptocurrency Stealer. Kaspersky. https:\/\/securelist.com\/doublefinger-loader-delivering-greetingghoul-cryptocurrency-stealer\/109982\/"},{"key":"e_1_3_2_1_59_1","unstructured":"L. Grespan. 2023. ChunkyTuna. Secarma Ltd. https:\/\/github.com\/SecarmaLabs\/chunkyTuna"},{"key":"e_1_3_2_1_60_1","unstructured":"MAWI\u00a0Working Group. 2023. MAWI Working Group Traffic Archive. WIDE Project. Retrieved 2023-12-06 from https:\/\/mawi.wide.ad.jp\/mawi\/"},{"key":"e_1_3_2_1_61_1","unstructured":"hadar_cpr. 2022. Check Point CloudGuard Spectral Exposes New Obfuscation Techniques for Malicious Packages on PyPI. Check Point Research. https:\/\/research.checkpoint.com\/2022\/check-point-cloudguard-spectral-exposes-new-obfuscation-techniques-for-malicious-packages-on-pypi\/"},{"key":"e_1_3_2_1_62_1","unstructured":"Karsten Hahn. 2021. SteamHide: Hiding Malware in Plain Sight | G DATA. G DATA CyberDefense AG. Retrieved 2023-12-04 from https:\/\/web.archive.org\/web\/20210718145830\/https:\/\/www.gdatasoftware.com\/blog\/steamhide-malware-in-profile-images"},{"key":"e_1_3_2_1_63_1","unstructured":"hasherezade. 2023. From Hidden Bee to Rhadamanthys - The Evolution of Custom Executable Formats. Check Point Research. https:\/\/research.checkpoint.com\/2023\/from-hidden-bee-to-rhadamanthys-the-evolution-of-custom-executable-formats\/"},{"key":"e_1_3_2_1_64_1","unstructured":"Hara Hiroaki and Ted Lee. 2021. Earth Baku: An APT Group Targeting Indo-Pacific Countries With New Stealth Loaders and Backdoor. https:\/\/documents.trendmicro.com\/assets\/white_papers\/wp-earth-baku-an-apt-group-targeting-indo-pacific-countries.pdf"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC8484"},{"key":"e_1_3_2_1_66_1","unstructured":"Rene Holt. 2020. Detecting Elusive Techniques of the Dukes Threat Group with ESET Enterprise Inspector. ESET. https:\/\/www.eset.com\/blog\/enterprise\/detecting-elusive-techniques-of-the-dukes-threat-group-with-eset-enterprise-inspector\/"},{"key":"e_1_3_2_1_67_1","unstructured":"Zuzana Hromcov\u00e1. 2019. Okrum and Ketrican: An Overview of recent Ke3chang group activity. Technical Report. ESET."},{"key":"e_1_3_2_1_68_1","unstructured":"Zuzana Hromcov\u00e1 and Anton Cherepanov. 2020. Unearthing invisimole\u2019s espionage toolset and strategic cooperations."},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3175497"},{"key":"e_1_3_2_1_70_1","volume-title":"Heyoka: Your Fast&spoofed DNS Tunnel. https:\/\/heyoka.sourceforge.net\/","year":"2023","unstructured":"icesurfer and nico. 2023. Heyoka: Your Fast&spoofed DNS Tunnel. https:\/\/heyoka.sourceforge.net\/"},{"key":"e_1_3_2_1_71_1","volume-title":"HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group. Technical Report. FireEye. https:\/\/s3.documentcloud.org\/documents\/2186063\/apt29-hammertoss-stealthy-tactics-define-a.pdf","author":"Intelligence Fireeye\u00a0Threat","year":"2015","unstructured":"Fireeye\u00a0Threat Intelligence. 2015. HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group. Technical Report. FireEye. https:\/\/s3.documentcloud.org\/documents\/2186063\/apt29-hammertoss-stealthy-tactics-define-a.pdf"},{"key":"e_1_3_2_1_72_1","unstructured":"Microsoft\u00a0Threat Intelligence. 2023. Diamond Sleet Supply Chain Compromise Distributes a Modified CyberLink Installer. Microsoft Security Blog. https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/11\/22\/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer\/"},{"key":"e_1_3_2_1_73_1","volume-title":"\u201cBringin","author":"Jaramillo Paul","year":"1988","unstructured":"Paul Jaramillo. 2023. Akira Ransomware Is \u201cBringin\u2019 1988 Back\u201d. Sophos News. https:\/\/news.sophos.com\/en-us\/2023\/05\/09\/akira-ransomware-is-bringin-88-back\/"},{"key":"e_1_3_2_1_74_1","unstructured":"Josue. 2022. Silent Push Maps over 150 New Lumma C2 Infostealer IOCs. Silent Push Threat Intelligence. https:\/\/www.silentpush.com\/blog\/lummac2"},{"key":"e_1_3_2_1_75_1","unstructured":"Filip Jur\u010dacko. 2024. To the Moon and back(doors): Lunar landing in diplomatic missions. ESET Research. https:\/\/www.welivesecurity.com\/en\/eset-research\/moon-backdoors-lunar-landing-diplomatic-missions\/"},{"key":"e_1_3_2_1_76_1","volume-title":"Virus Bulletin Conference","author":"Kayal A.","year":"2021","unstructured":"A. Kayal, M. Lechtik, and P. Rascagneres. 2021. LYCEUM REBORN: counterintelligence in the middle east. In Virus Bulletin Conference October 2021. Kaspersky, Israel. https:\/\/vblocalhost.com\/uploads\/VB2021-Kayal-etal.pdf"},{"key":"e_1_3_2_1_77_1","volume-title":"Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat. BlackBerry. https:\/\/blogs.blackberry.com\/en\/2022\/06\/symbiote-a-new-nearly-impossible-to-detect-linux-threat","author":"Kennedy J.","year":"2022","unstructured":"J. Kennedy and The BlackBerry Research &\u00a0Intelligence Team. 2022. Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat. BlackBerry. https:\/\/blogs.blackberry.com\/en\/2022\/06\/symbiote-a-new-nearly-impossible-to-detect-linux-threat"},{"key":"e_1_3_2_1_78_1","unstructured":"kost. 2023. Revsocks. https:\/\/github.com\/kost\/revsocks"},{"key":"e_1_3_2_1_79_1","unstructured":"I. Kwiatkowski P. Delcher and F. Aime. 2020. IAmTheKing and the SlothfulMedia Malware Family. Kaspersky. https:\/\/securelist.com\/iamtheking-and-the-slothfulmedia-malware-family\/99000\/"},{"key":"e_1_3_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-37682-5"},{"key":"e_1_3_2_1_81_1","unstructured":"L. 2023. Neo-reGeorg. https:\/\/github.com\/L-codes\/Neo-reGeorg"},{"key":"e_1_3_2_1_82_1","unstructured":"Pangu Lab. 2022. Bvp47 Top-tier Backdoor of US NSA Equation Group. Technical Report. Beijing Qi An Pangu Laboratory Technology Co. Ltd. https:\/\/www.pangulab.cn\/files\/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf"},{"key":"e_1_3_2_1_83_1","unstructured":"Black\u00a0Lotus Labs. 2022. ZuoRAT Hijacks SOHO Routers to Silently Stalk Networks - Lumen. Black Lotus Labs. https:\/\/blog.lumen.com\/zuorat-hijacks-soho-routers-to-silently-stalk-networks\/"},{"key":"e_1_3_2_1_84_1","unstructured":"Ravie Lakshmanan. 2020. New ComRAT Malware Uses Gmail to Receive Commands and Exfiltrate Data. The Hacker News. https:\/\/thehackernews.com\/2020\/05\/gmail-malware-hacker.html"},{"key":"e_1_3_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1145\/362375.362389"},{"key":"e_1_3_2_1_86_1","unstructured":"D. Legezo. 2020. MontysThree: Industrial Espionage with Steganography and a Russian Accent on Both Sides. Kaspersky. https:\/\/securelist.com\/montysthree-industrial-espionage\/98972\/"},{"key":"e_1_3_2_1_87_1","unstructured":"J. Lepore. 2019. DNS Tunneling Series Part 1: Chirp of the PoisonFrog. IronNet. https:\/\/www.ironnet.com\/blog\/chirp-of-the-poisonfrog"},{"key":"e_1_3_2_1_88_1","unstructured":"Jonathan Lepore. 2020. DNS Tunneling Series Part 3: The Siren Song of RogueRobin. IronNet. https:\/\/www.ironnet.com\/blog\/dns-tunneling-series-part-3-the-siren-song-of-roguerobin"},{"key":"e_1_3_2_1_89_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3156972"},{"key":"e_1_3_2_1_90_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC4253"},{"key":"e_1_3_2_1_91_1","unstructured":"D. Lunghi. 2023. Iron Tiger\u2019s SysUpdate Reappears Adds Linux Targeting. Trend Micro. https:\/\/www.trendmicro.com\/en_us\/research\/23\/c\/iron-tiger-sysupdate-adds-linux-targeting.html"},{"key":"e_1_3_2_1_92_1","volume-title":"Pingback: Backdoor At The End Of The ICMP Tunnel | Trustwave. Trustwave. https:\/\/www.trustwave.com\/en-us\/resources\/blogs\/spiderlabs-blog\/backdoor-at-the-end-of-the-icmp-tunnel\/","author":"Macrohon L.","year":"2021","unstructured":"L. Macrohon and R. Mendrez. 2021. Pingback: Backdoor At The End Of The ICMP Tunnel | Trustwave. Trustwave. https:\/\/www.trustwave.com\/en-us\/resources\/blogs\/spiderlabs-blog\/backdoor-at-the-end-of-the-icmp-tunnel\/"},{"key":"e_1_3_2_1_93_1","unstructured":"Asheer Malhotra. 2021. ObliqueRAT Returns with New Campaign Using Hijacked Websites. Cisco Talos Blog. https:\/\/blog.talosintelligence.com\/obliquerat-new-campaign\/"},{"key":"e_1_3_2_1_94_1","unstructured":"C. Malipot. 2023. Beware Lumma Stealer Distributed via Discord CDN. Trend Micro. https:\/\/www.trendmicro.com\/en_us\/research\/23\/j\/beware-lumma-stealer-distributed-via-discord-cdn-.html"},{"key":"e_1_3_2_1_95_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2014.2350994"},{"key":"e_1_3_2_1_96_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2015.33"},{"key":"e_1_3_2_1_97_1","unstructured":"W. Mercer and P. Rascagneres. 2019. DNSpionage Brings out the Karkoff. Cisco Talos Blog. https:\/\/blog.talosintelligence.com\/dnspionage-brings-out-karkoff\/"},{"key":"e_1_3_2_1_98_1","volume-title":"ShellCode Hidden with Steganography","author":"Mertens Xavier","unstructured":"Xavier Mertens. 2023. ShellCode Hidden with Steganography. SANS Internet Storm Center. https:\/\/isc.sans.edu\/diary\/ShellCode+Hidden+with+Steganography\/30074"},{"key":"e_1_3_2_1_99_1","doi-asserted-by":"publisher","unstructured":"P. Mockapetris. 1987. Domain names - implementation and specification. Request for Comments RFC 1035. Internet Engineering Task Force. https:\/\/doi.org\/10.17487\/RFC1035 Num Pages: 55.","DOI":"10.17487\/RFC1035"},{"key":"e_1_3_2_1_100_1","doi-asserted-by":"publisher","DOI":"10.1109\/DASC-PICOM-CBDCOM-CYBERSCITECH49142.2020.00026"},{"key":"e_1_3_2_1_101_1","unstructured":"P. Nair. 2022. MuddyWater Targets Critical Infrastructure in Asia Europe. Global News Desk ISMG. https:\/\/www.inforisktoday.com\/muddywater-targets-critical-infrastructure-in-asia-europe-a-18611"},{"key":"e_1_3_2_1_102_1","volume-title":"Mobile Malware: TangleBot Untangled | Proofpoint US. Proofpoint. https:\/\/www.proofpoint.com\/us\/blog\/threat-insight\/mobile-malware-tanglebot-untangled","author":"Naves Felipe","year":"2021","unstructured":"Felipe Naves, Adam McNeil, and Andrew Conway. 2021. Mobile Malware: TangleBot Untangled | Proofpoint US. Proofpoint. https:\/\/www.proofpoint.com\/us\/blog\/threat-insight\/mobile-malware-tanglebot-untangled"},{"key":"e_1_3_2_1_103_1","volume-title":"ngrok","author":"Unified Application Delivery Ngrok","unstructured":"ngrok. 2023. Ngrok | Unified Application Delivery Platform for Developers. ngrok, Inc. https:\/\/ngrok.com\/"},{"key":"e_1_3_2_1_104_1","unstructured":"heise online. 2022. Backdoor in Windows-Logo versteckt. heise online. https:\/\/www.heise.de\/news\/Backdoor-in-Windows-Logo-versteckt-7282730.html"},{"key":"e_1_3_2_1_105_1","unstructured":"Crowdstrike Overwatch\u00a0Team. 2020. Nowhere to Hide 2020 Threat Hunting Report. https:\/\/go.crowdstrike.com\/rs\/281-OBQ-266\/images\/Report2020OverWatchNowheretoHide.pdf"},{"key":"e_1_3_2_1_106_1","volume-title":"Virus Bulletin Conference","author":"Park S.","year":"2021","unstructured":"S. Park. 2021. Multi-universe of adversary: Multiple compaigns of LAZARUS group and its connection. In Virus Bulletin Conference October 2021. Kaspersky, Republic of Korea. https:\/\/vblocalhost.com\/uploads\/VB2021-Park.pdf"},{"key":"e_1_3_2_1_107_1","unstructured":"T. Pereira. 2021. Magnat Campaigns Use Malvertising to Deliver Information Stealer Backdoor and Malicious Chrome Extension. Cisco Talos Blog. https:\/\/blog.talosintelligence.com\/magnat-campaigns-use-malvertising-to\/"},{"key":"e_1_3_2_1_108_1","doi-asserted-by":"publisher","DOI":"10.1109\/5.771065"},{"key":"e_1_3_2_1_109_1","unstructured":"Jaime Pillora. 2023. Chisel. https:\/\/github.com\/jpillora\/chisel"},{"key":"e_1_3_2_1_110_1","unstructured":"M. Porolli. 2022. POLONIUM Targets Israel with Creepy Malware. ESET. https:\/\/www.welivesecurity.com\/2022\/10\/11\/polonium-targets-israel-creepy-malware\/"},{"key":"e_1_3_2_1_111_1","doi-asserted-by":"publisher","unstructured":"J. Postel. 1981. Internet Control Message Protocol. Request for Comments RFC 792. Internet Engineering Task Force. https:\/\/doi.org\/10.17487\/RFC0792 Num Pages: 21.","DOI":"10.17487\/RFC0792"},{"key":"e_1_3_2_1_112_1","unstructured":"PricewaterhouseCoopers. 2020. How WellMess Malware Has Been Used to Target COVID-19 Vaccines. PwC. https:\/\/www.pwc.co.uk\/issues\/cyber-security-services\/insights\/cleaning-up-after-wellmess.html"},{"key":"e_1_3_2_1_113_1","unstructured":"Rapid7. 2023. Metasploit | Penetration Testing Software Pen Testing Security. Metasploit. https:\/\/www.metasploit.com\/"},{"key":"e_1_3_2_1_114_1","unstructured":"Augusto Remillano\u00a0II and Kiyoshi Obuchi. 2019. Examining Powload\u2019s Evolution. Trend Micro. https:\/\/www.trendmicro.com\/en_us\/research\/19\/c\/from-fileless-techniques-to-using-steganography-examining-powloads-evolution.html"},{"key":"e_1_3_2_1_115_1","unstructured":"Lior Rochberger and Daniel Frank. 2024. Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East Africa and Asia. PaloAlto. https:\/\/unit42.paloaltonetworks.com\/operation-diplomatic-specter\/"},{"key":"e_1_3_2_1_116_1","doi-asserted-by":"publisher","DOI":"10.1145\/3488932.3517418"},{"key":"e_1_3_2_1_117_1","unstructured":"L. Schumann T. Doan T. Shreedhar R. Mok and V. Bajpai. 2022. Impact of Evolving Protocols and COVID-19 on Internet Traffic Shares. (15 01 2022). arxiv:2201.00142\u00a0[cs] http:\/\/arxiv.org\/abs\/2201.00142"},{"key":"e_1_3_2_1_118_1","volume-title":"Flubot: The Evolution of a Notorious Android Banking Malware. Fox-IT International blog. https:\/\/blog.fox-it.com\/2022\/06\/29\/flubot-the-evolution-of-a-notorious-android-banking-malware\/","author":"Segura Alberto","year":"2022","unstructured":"Alberto Segura and Rolf Govers. 2022. Flubot: The Evolution of a Notorious Android Banking Malware. Fox-IT International blog. https:\/\/blog.fox-it.com\/2022\/06\/29\/flubot-the-evolution-of-a-notorious-android-banking-malware\/"},{"key":"e_1_3_2_1_119_1","unstructured":"Sergei Shevchenko. 2020. Cloud Snooper Attack Bypasses AWS Security Measures. https:\/\/www.sophos.com\/en-us\/medialibrary\/PDFs\/technical-papers\/sophoslabs-cloud-snooper-report.pdf"},{"key":"e_1_3_2_1_120_1","unstructured":"N. Shivtarkar and A. Kumar. 2022. Lyceum.NET DNS Backdoor. Zscaler. https:\/\/www.zscaler.com\/blogs\/security-research\/lyceum-net-dns-backdoor"},{"key":"e_1_3_2_1_121_1","unstructured":"Denis Sinegubko. 2021. Whitespace Steganography Conceals Web Shell in PHP Malware. Sucuri Blog. https:\/\/blog.sucuri.net\/2021\/02\/whitespace-steganography-conceals-web-shell-in-php-malware.html"},{"key":"e_1_3_2_1_122_1","unstructured":"Anuj Soni Jordan Barth and Brian Marks. 2019. Malicious Payloads - Hiding Beneath the WAV. BlackBerry. https:\/\/blogs.blackberry.com\/en\/2019\/10\/malicious-payloads-hiding-beneath-the-wav"},{"key":"e_1_3_2_1_123_1","unstructured":"Mark Stockley. 2022. How the Saitama Backdoor Uses DNS Tunnelling. Malwarebytes. https:\/\/www.malwarebytes.com\/blog\/news\/2022\/05\/how-the-saitama-backdoor-uses-dns-tunnelling"},{"key":"e_1_3_2_1_124_1","unstructured":"Fabian Strachanski. 2023. 63580 MalpediaScanner. https:\/\/github.com\/fastrde\/63580-malpedia-scanner"},{"key":"e_1_3_2_1_125_1","unstructured":"Gabor Szappanos. 2020. MyKings: The Slow But Steady Growth of a Relentless Botnet. Technical Report. SophosLabs. https:\/\/www.sophos.com\/en-us\/medialibrary\/pdfs\/technical-papers\/sophoslabs-uncut-mykings-report.pdf"},{"key":"e_1_3_2_1_126_1","unstructured":"J\u00e1nos\u00a0Gerg\u00f5 Sz\u00e9les. 2021. Remcos RAT Revisited: A Colombian Coronavirus-Themed Campaign. https:\/\/www.bitdefender.com\/files\/News\/CaseStudies\/study\/390\/Bitdefender-PR-Whitepaper-Remcos-creat5080-en-EN-GenericUse.pdf"},{"key":"e_1_3_2_1_127_1","unstructured":"tccontre. 2021. Iceid_png_shellcode_extractor.Py. https:\/\/github.com\/tccontre\/KnowledgeBase\/tree\/main\/malware_re_tools\/iceid_stego_shell_decryptor"},{"key":"e_1_3_2_1_128_1","unstructured":"Counter Threat Unit\u00a0Research Team. 2020. Business as Usual For Iranian Operations Despite Increased Tensions. Secureworks. https:\/\/www.secureworks.com\/blog\/business-as-usual-for-iranian-operations-despite-increased-tensions"},{"key":"e_1_3_2_1_129_1","unstructured":"Counter Threat Unit\u00a0Research Team. 2022. Drokbk Malware Uses GitHub as Dead Drop Resolver. Secureworks. https:\/\/www.secureworks.com\/blog\/drokbk-malware-uses-github-as-dead-drop-resolver"},{"key":"e_1_3_2_1_130_1","unstructured":"Guardicore\u00a0Labs Team. 2023. Threats Making WAVs - Incident Response to a Cryptomining Attack. Akamai. https:\/\/www.akamai.com\/blog\/security\/threats-making-wavs-incident-reponse-cryptomining-attack"},{"key":"e_1_3_2_1_131_1","unstructured":"Proofpoint Threat\u00a0Insight Team. 2019. URLZone Top Malware in Japan While Emotet and LINE Phishing Round out the Landscape | Proofpoint US. Proofpoint. https:\/\/www.proofpoint.com\/us\/threat-insight\/post\/urlzone-top-malware-japan-while-emotet-and-line-phishing-round-out-landscape-0"},{"key":"e_1_3_2_1_132_1","unstructured":"SonicWall Capture Labs Threat\u00a0Research Team. 2019. Loki-Bot: Started Using Image Steganography And Multi-Layered Protection \u2013 SonicWall. Trend Micro. https:\/\/securitynews.sonicwall.com\/xmlpost\/loki-bot-started-using-image-steganography-and-multi-layered-protection\/"},{"key":"e_1_3_2_1_133_1","unstructured":"Splunk Threat\u00a0Research Team. 2021. Detecting IcedID... Could It Be A Trickbot Copycat? Splunk-Blogs. https:\/\/www.splunk.com\/en_us\/blog\/security\/detecting-icedid-could-it-be-a-trickbot-copycat.html"},{"key":"e_1_3_2_1_134_1","unstructured":"The BlackBerry Research &\u00a0Intelligence Team. 2021. PYSA Loves ChaChi: A New GoLang RAT. BlackBerry. https:\/\/blogs.blackberry.com\/en\/2021\/06\/pysa-loves-chachi-a-new-golang-rat"},{"key":"e_1_3_2_1_135_1","volume-title":"Threat Thursday: SombRAT \u2014 Always Leave Yourself a Backdoor. BlackBerry. https:\/\/blogs.blackberry.com\/en\/2021\/05\/threat-thursday-sombrat-always-leave-yourself-a-backdoor","author":"BlackBerry Research The","year":"2021","unstructured":"The BlackBerry Research &\u00a0Intelligence Team. 2021. Threat Thursday: SombRAT \u2014 Always Leave Yourself a Backdoor. BlackBerry. https:\/\/blogs.blackberry.com\/en\/2021\/05\/threat-thursday-sombrat-always-leave-yourself-a-backdoor"},{"key":"e_1_3_2_1_136_1","unstructured":"Threat\u00a0Hunter Team. 2021. SolarWinds: How Sunburst Sends Data Back to the Attackers. Symantec. https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/solarwinds-sunburst-sending-data"},{"key":"e_1_3_2_1_137_1","volume-title":"Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East. Symantec. https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/witchetty-steganography-espionage","author":"Team Threat\u00a0Hunter","year":"2022","unstructured":"Threat\u00a0Hunter Team. 2022. Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East. Symantec. https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/witchetty-steganography-espionage"},{"key":"e_1_3_2_1_138_1","volume-title":"Bluebottle: Campaign Hits Banks in French-speaking Countries in Africa. Symantec. https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/bluebottle-banks-targeted-africa","author":"Team Threat\u00a0Hunter","year":"2023","unstructured":"Threat\u00a0Hunter Team. 2023. Bluebottle: Campaign Hits Banks in French-speaking Countries in Africa. Symantec. https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/bluebottle-banks-targeted-africa"},{"key":"e_1_3_2_1_139_1","volume-title":"Uncovering RedStinger - Undetected APT Cyber Operations in Eastern Europe since","author":"Team Threat\u00a0Intelligence","year":"2020","unstructured":"Threat\u00a0Intelligence Team. 2023. Uncovering RedStinger - Undetected APT Cyber Operations in Eastern Europe since 2020. Malwarebytes. https:\/\/www.malwarebytes.com\/blog\/threat-intelligence\/2023\/05\/redstinger\/"},{"key":"e_1_3_2_1_140_1","unstructured":"Gianluca Tiepolo. 2023. Sophisticated APT29 Campaign Abuses Notion API to Target the European Commission. Medium. https:\/\/mrtiepolo.medium.com\/sophisticated-apt29-campaign-abuses-notion-api-to-target-the-european-commission-200188059f58"},{"key":"e_1_3_2_1_141_1","unstructured":"Shusel Tomonaga. 2021. Operation Dream Job by Lazarus. JPCERT\/CC Eyes. https:\/\/blogs.jpcert.or.jp\/en\/2021\/01\/Lazarus_malware2.html"},{"key":"e_1_3_2_1_142_1","unstructured":"Bill Toulas. 2022. Hackers Hide Malware in James Webb Telescope Images. BleepingComputer. https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-hide-malware-in-james-webb-telescope-images\/"},{"key":"e_1_3_2_1_143_1","unstructured":"Bill Toulas. 2022. Worok Hackers Hide New Malware in PNGs Using Steganography. BleepingComputer. https:\/\/www.bleepingcomputer.com\/news\/security\/worok-hackers-hide-new-malware-in-pngs-using-steganography\/"},{"key":"e_1_3_2_1_144_1","unstructured":"Bill Toulas. 2024. Hackers use DNS tunneling for network scanning tracking victims. BleepingComputer. https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-use-dns-tunneling-for-network-scanning-tracking-victims\/"},{"key":"e_1_3_2_1_145_1","unstructured":"VirusShare. 2022. Serpent Dropper | VirusShare.Com. Corvus Forensics. https:\/\/virusshare.com\/file?f6d2becc3531e98e7c6331d3e5b269a54a83c1af8f9605d6daea6531a6d72b99"},{"key":"e_1_3_2_1_146_1","unstructured":"Victor Vrabie. 2020. Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions. https:\/\/www.bitdefender.com\/files\/News\/CaseStudies\/study\/379\/Bitdefender-Whitepaper-Chinese-APT.pdf"},{"key":"e_1_3_2_1_147_1","unstructured":"Wahl\u00e9n. 2021. Notorious Cybercriminals Evil Corp Actually Russian Spies? - Trulysuper. Truesec. https:\/\/www.truesec.com\/hub\/blog\/are-the-notorious-cyber-criminals-evil-corp-actually-russian-spies"},{"key":"e_1_3_2_1_148_1","doi-asserted-by":"publisher","DOI":"10.1145\/3465481.3470069"},{"key":"e_1_3_2_1_149_1","doi-asserted-by":"crossref","unstructured":"Steffen Wendzel Luca Caviglione Wojciech Mazurczyk Aleksandra Mileva Jana Dittmann Christian Kr\u00e4tzer Kevin Lamsh\u00f6ft Claus Vielhauer Laura Hartmann J\u00f6rg Keller Tom Neubert and Sebastian Zillien. 2022. A Generic Taxonomy for Steganography Methods. (2022). https:\/\/www.techrxiv.org\/doi\/full\/10.36227\/techrxiv.20215373","DOI":"10.36227\/techrxiv.20215373.v2"},{"key":"e_1_3_2_1_150_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-658-06708-3_9"},{"key":"e_1_3_2_1_151_1","doi-asserted-by":"publisher","DOI":"10.1145\/2684195"},{"key":"e_1_3_2_1_152_1","unstructured":"john Wolfram Sarah Hawley Tyler McLellan Nick Simonian and Anders Vejlby. 2022. Tracking APT29 Phishing Campaigns | Atlassian Trello. Mandiant. https:\/\/www.mandiant.com\/resources\/blog\/tracking-apt29-phishing-campaigns"},{"key":"e_1_3_2_1_153_1","unstructured":"Karlo Zanki. 2021. Malware in Images: When You Can\u2019t See \u2019the Whole Picture\u2019. ReversingLabs. https:\/\/www.reversinglabs.com\/blog\/malware-in-images"},{"key":"e_1_3_2_1_154_1","unstructured":"Yanhui Zhang Chris Jia and Navarrete Haozhe. 2020. njRAT Spreading Through Active Pastebin Command and Control Tunnel. Unit 42. https:\/\/unit42.paloaltonetworks.com\/njrat-pastebin-command-and-control\/"},{"key":"e_1_3_2_1_155_1","unstructured":"A. Zhdanov. 2022. Fat Cats. Group-IB. https:\/\/www.group-ib.com\/blog\/blackcat\/"}],"event":{"name":"ARES 2024: The 19th International Conference on Availability, Reliability and Security","location":"Vienna Austria","acronym":"ARES 2024"},"container-title":["Proceedings of the 19th International Conference on Availability, Reliability and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664476.3670886","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3664476.3670886","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T16:55:31Z","timestamp":1755881731000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664476.3670886"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,30]]},"references-count":155,"alternative-id":["10.1145\/3664476.3670886","10.1145\/3664476"],"URL":"https:\/\/doi.org\/10.1145\/3664476.3670886","relation":{},"subject":[],"published":{"date-parts":[[2024,7,30]]},"assertion":[{"value":"2024-07-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}