SYMBOLCOMMON_NAMEaka. SYNONYMS

GOLD CABIN  (Back to overview)

aka: ATK236, G0127, Monster Libra, Shakthak, TA551

GOLD CABIN is a financially motivated cybercriminal threat group operating a malware distribution service on behalf of numerous customers since 2018. GOLD CABIN uses malicious documents, often contained in password-protected archives, delivered through email to download and execute payloads. The second-stage payloads are most frequently Gozi ISFB (Ursnif) or IcedID (Bokbot), sometimes using intermediary malware like Valak. GOLD CABIN infrastructure relies on artificial appearing and frequently changing URLs created with a domain generation algorithm (DGA). The URLs host a PHP object that returns the malware as a DLL file.


Associated Families
win.isfb win.emotet win.bumblebee win.qakbot win.icedid

References
2024-03-17Technical EvolutionSimon
Carving the IcedId - Part 3
IcedID
2024-02-28Security IntelligenceGolo Mühr, Ole Villadsen
X-Force data reveals top spam trends, campaigns and senior superlatives in 2023
404 Keylogger Agent Tesla Black Basta DarkGate Formbook IcedID Loki Password Stealer (PWS) Pikabot QakBot Remcos
2024-02-21Invoke REJosh Reynolds
Automating Qakbot Malware Analysis with Binary Ninja
QakBot
2024-02-21YouTube (Invoke RE)Josh Reynolds
Analyzing Qakbot Using Binary Ninja Automation Part 3
QakBot
2024-02-16Malcatmalcat team
Writing a Qakbot 5.0 config extractor with Malcat
QakBot
2024-02-15Bleeping ComputerSergiu Gatlan
Zeus, IcedID malware gangs leader pleads guilty, faces 40 years in prison
Egregor IcedID Maze Zeus
2024-02-15Department of JusticeOffice of Public Affairs
Foreign National Pleads Guilty to Role in Cybercrime Schemes Involving Tens of Millions of Dollars in Losses
Egregor IcedID Maze Zeus
2024-02-13ProofpointAxel F, Selena Larson
Bumblebee Buzzes Back in Black
BumbleBee
2024-02-09CensysCensys, Embee_research
A Beginners Guide to Tracking Malware Infrastructure
AsyncRAT BianLian Cobalt Strike QakBot
2024-02-09YouTube (Invoke RE)Josh Reynolds
Analyzing and Unpacking Qakbot Using Binary Ninja Automation Part 2
QakBot
2024-01-31ZscalerJavier Vicente
Tracking 15 Years of Qakbot Development
QakBot
2024-01-23YouTube (Invoke RE)Josh Reynolds
Analyzing and Unpacking Qakbot using Binary Ninja Automation
QakBot
2024-01-16Medium walmartglobaltechJason Reaves, Jonathan Mccay, Joshua Platt
Keyhole Analysis
IcedID Keyhole
2024-01-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q4 2023
FluBot Hook FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc IcedID Lumma Stealer Meterpreter NjRAT Pikabot QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver
2024-01-12YouTube (BSides Cambridge UK)Cian Heasley
Slipping The Net: Qakbot, Emotet And Defense Evasion
Emotet QakBot
2024-01-09Recorded FutureInsikt Group
2023 Adversary Infrastructure Report
AsyncRAT Cobalt Strike Emotet PlugX ShadowPad
2024-01-090x0d4y0x0d4y
IcedID – Technical Malware Analysis [Second Stage]
IcedID PhotoLoader
2024-01-04K7 SecuritySaikumaravel
Qakbot Returns
QakBot
2023-12-10cocomelonccocomelonc
Malware development: persistence - part 23. LNK files. Simple Powershell example.
Emotet
2023-12-05YouTube (SecureWorks)Austin Graham
Emulating Qakbot with Austin Graham
QakBot
2023-11-30Twitter (@embee_research)Embee_research
Advanced Threat Intel Queries - Catching 83 Qakbot Servers with Regex, Censys and TLS Certificates
QakBot
2023-11-22Twitter (@embee_research)Embee_research
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)
BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos
2023-11-20CofenseDylan Duncan
Are DarkGate and PikaBot the new QakBot?
DarkGate Pikabot QakBot
2023-10-13Twitter (@JAMESWT_MHT)JamesWT
Tweets on Wikiloader delivering ISFB
ISFB WikiLoader
2023-10-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q3 2023
FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar
2023-10-12NetresecErik Hjelmvik
Forensic Timeline of an IcedID Infection
Cobalt Strike IcedID IcedID Downloader
2023-10-05TalosGuilherme Venere
Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown
QakBot
2023-10-04Twitter (@Intrisec)CTI Intrinsec
Tweet about new Bumblebee campaign leveraging CVE-2023-38831
BumbleBee
2023-09-15Johannes Bader's BlogJohannes Bader
The DGA of BumbleBee
BumbleBee
2023-09-11Github (m4now4r)m4n0w4r
Unveiling Qakbot Exploring one of the Most Active Threat Actors
QakBot
2023-09-11Twitter (@Artilllerie)@Artilllerie
Tweet on BumbleBee sample containing a DGA
BumbleBee
2023-09-07Twitter (@Intrisec)CTI Intrinsec
Tweets on Bumblebee campaign spreading via Html smuggling downloading RAR archive with European Central Bank PDF lure and folder containing Bumblebee EXE payload.
BumbleBee
2023-09-01VMRayEmre Güler
Understanding BumbleBee: BumbleBee’s malware configuration and clusters
BumbleBee
2023-08-29US Department of JusticeUS Department of Justice
Qakbot Malware Disrupted in International Cyber Takedown
QakBot
2023-08-29SecureworksCounter Threat Unit ResearchTeam
Law Enforcement Takes Down QakBot
QakBot
2023-08-29FBIFBI
FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown
QakBot
2023-08-29KrebsOnSecurityBrian Krebs
U.S. Hacks QakBot, Quietly Removes Botnet Infections
QakBot
2023-08-29The Shadowserver FoundationShadowserver Foundation
Qakbot Botnet Disruption
QakBot
2023-08-29US Department of JusticeDepartment of Justice
Documents and Resources related to the Disruption of the QakBot Malware and Botnet
QakBot
2023-08-29SpamhausSpamhaus Team
Qakbot - the takedown and the remediation
QakBot
2023-08-28The DFIR ReportThe DFIR Report
HTML Smuggling Leads to Domain Wide Ransomware
Cobalt Strike IcedID Nokoyawa Ransomware
2023-08-23Department of JusticeUnited States District Court for the Central District of California
Application and Affidavit for a Seizure Warrant by Telephone or other Reliable Electronic Means
QakBot
2023-08-21Department of JusticeUnited States District Court for the Central District of California
Application for a Warrant by Telephone or other reliable Electronic Means
QakBot
2023-08-18VMRayEmre Güler
Understanding BumbleBee: The malicious behavior of BumbleBee
BumbleBee
2023-08-09VMRayEmre Güler
Understanding BumbleBee: The delivery of Bumblee
BumbleBee
2023-08-07Team CymruS2 Research Team
Visualizing Qakbot Infrastructure Part II: Uncharted Territory
QakBot
2023-08-03KasperskyKaspersky
What’s happening in the world of crimeware: Emotet, DarkGate and LokiBot
LokiBot DarkGate Emotet
2023-07-31ProofpointKelsey Merriman, Pim Trouerbach
Out of the Sandbox: WikiLoader Digs Sophisticated Evasion
ISFB WikiLoader
2023-07-31d01aMohamed Adel
Pikabot deep analysis
Pikabot QakBot
2023-07-28Red CanaryStef Rand
Drop It Like It's Qbot: Separating malicious droppers, loaders, and crypters from their payloads
CloudEyE QakBot
2023-07-28YouTube (SANS Cyber Defense)Stef Rand
Drop It Like It's Qbot: Separating malicious droppers, loaders, and crypters from their payloads
CloudEyE QakBot
2023-07-28Team CymruS2 Research Team
Inside the IcedID BackConnect Protocol (Part 2)
IcedID
2023-07-25ZscalerMeghraj Nandanwar, Pradeep Mahato, Satyam Singh
Hibernating Qakbot: A Comprehensive Study and In-depth Campaign Analysis
QakBot
2023-07-23Medium infoSec Write-upsmov_eax_27
Unpacking an Emotet Trojan
Emotet
2023-07-18Kostas TSKostas
Ursnif VS Italy: Il PDF del Destino
Gozi ISFB Snifula
2023-07-11SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q2 2023
Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee
2023-07-06WeLiveSecurityJakub Kaloč
What’s up with Emotet?
Emotet
2023-06-22DeepInstinctDeep Instinct Threat Lab, Mark Vaitzman, Shaul Vilkomir-Preisman
PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID
PindOS BumbleBee PhotoLoader
2023-06-08Twitter (@embee_research)Embee_research
Practical Queries for Identifying Malware Infrastructure: An informal page for storing Censys/Shodan queries
Amadey AsyncRAT Cobalt Strike QakBot Quasar RAT Sliver solarmarker
2023-06-08VMRayPatrick Staubmann
Busy Bees - The Transformation of BumbleBee
BumbleBee Cobalt Strike Conti Meterpreter Sliver
2023-06-01LumenBlack Lotus Labs
Qakbot: Retool, Reinfect, Recycle
QakBot
2023-05-30Palo Alto Networks Unit 42Brad Duncan
Cold as Ice: Answers to Unit 42 Wireshark Quiz for IcedID
IcedID PhotoLoader
2023-05-22The DFIR ReportThe DFIR Report
IcedID Macro Ends in Nokoyawa Ransomware
IcedID Nokoyawa Ransomware PhotoLoader
2023-05-21Github (0xThiebaut)Maxime Thiebaut
PCAPeek
IcedID QakBot
2023-05-18IntezerRyan Robinson
How Hackers Use Binary Padding to Outsmart Sandboxes and Infiltrate Your Systems
Emotet
2023-05-17Team CymruTeam Cymru
Visualizing QakBot Infrastructure
QakBot
2023-05-10BridewellBridewell
Hunting for Ursnif
ISFB Royal Ransom
2023-05-04ElasticCyril François
Unpacking ICEDID
IcedID PhotoLoader
2023-05-03unpac.meSean Wilson
UnpacMe Weekly: New Version of IcedId Loader
IcedID PhotoLoader
2023-05-03Palo Alto Networks Unit 42Bob Jung, Daniel Raygoza, Mark Lim
Teasing the Secrets From Threat Actors: Malware Configuration Parsing at Scale
IcedID PhotoLoader
2023-05-02loginsoftSystem-41
IcedID Malware: Traversing Through its Various Incarnations
IcedID
2023-04-28DISCARDED PodcastJoe Wise, Pim Trouerbach
Beyond Banking: IcedID Gets Forked
IcedID PhotoLoader
2023-04-21SophosColin Cowie, Paul Jaramillo
IcedID: Defrosting a Recent Campaign Illustrating evolving tactics and shared infrastructure
IcedID PhotoLoader
2023-04-20SecureworksCounter Threat Unit ResearchTeam
Bumblebee Malware Distributed Via Trojanized Installer Downloads
BumbleBee Cobalt Strike
2023-04-18Rapid7 LabsMatt Green
Automating Qakbot Detection at Scale With Velociraptor
QakBot
2023-04-18Twitter (@threatinsight)Threat Insight
Tweet on TA581 using Keitaro TDS URL to download a .MSI file to deliver BumbleBee malware
BumbleBee
2023-04-18MandiantMandiant
M-Trends 2023
QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate
2023-04-16BotconfSuweera De Souza
Tracking Bumblebee’s Development
BumbleBee
2023-04-16YouTube (botconf eu)Crowdstrike Technical Analysis Cell (TAC), Suweera De Souza
Tracking Bumblebee’s Development
BumbleBee
2023-04-13SublimeSam Scholten
Detecting QakBot: WSF attachments, OneNote files, and generic attack surface reduction
QakBot
2023-04-12SANS ISCBrad Duncan
Recent IcedID (Bokbot) activity
IcedID
2023-04-12loginsoftBhargav koduru
Maximizing Threat Detections of Qakbot with Osquery
QakBot
2023-04-12InfoSec Handlers Diary BlogBrad Duncan
Recent IcedID (Bokbot) activity
IcedID PhotoLoader
2023-04-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q1 2023
FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar
2023-04-11Twitter (@Unit42_Intel)Unit42
Tweet on change of IcedID backconnect traffic port from 8080 to 443
IcedID
2023-04-11SEC ConsultAngelo Violetti
BumbleBee hunting with a Velociraptor
BumbleBee
2023-04-10Check PointCheck Point
March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files
Agent Tesla CloudEyE Emotet Formbook Nanocore RAT NjRAT QakBot Remcos Tofsee
2023-04-05velociraptorMatt Green
Automating Qakbot Decode At Scale
QakBot
2023-04-03The DFIR ReportThe DFIR Report
Malicious ISO File Leads to Domain Wide Ransomware
Cobalt Strike IcedID Mount Locker
2023-03-30United States District Court (Eastern District of New York)Fortra, HEALTH-ISAC, Microsoft
Cracked Cobalt Strike (1:23-cv-02447)
Black Basta BlackCat LockBit RagnarLocker LockBit Black Basta BlackCat Cobalt Strike Cuba Emotet LockBit Mount Locker PLAY QakBot RagnarLocker Royal Ransom Zloader
2023-03-30loginsoftSaharsh Agrawal
From Innocence to Malice: The OneNote Malware Campaign Uncovered
Agent Tesla AsyncRAT DOUBLEBACK Emotet Formbook IcedID NetWire RC QakBot Quasar RAT RedLine Stealer XWorm
2023-03-30eSentireeSentire Threat Response Unit (TRU)
eSentire Threat Intelligence Malware Analysis: BatLoader
BATLOADER Cobalt Strike ISFB SystemBC Vidar
2023-03-29KrakzPierre Le Bourhis
BumbleBee notes
BumbleBee
2023-03-28CerberoErik Pistelli
Reversing Complex PowerShell Malware
BumbleBee
2023-03-27ProofpointJoe Wise, Kelsey Merriman, Pim Trouerbach
Fork in the Ice: The New Era of IcedID
IcedID PHOTOFORK PHOTOLITE PhotoLoader
2023-03-24Lab52peko
Bypassing Qakbot Anti-Analysis
QakBot
2023-03-22Cisco TalosEdmund Brumaghin, Jaeson Schultz
Emotet Resumes Spam Operations, Switches to OneNote
Emotet
2023-03-20NVISO LabsMaxime Thiebaut
IcedID’s VNC Backdoors: Dark Cat, Anubis & Keyhole
IcedID
2023-03-190xToxin Labs@0xToxin
Gozi - Italian ShellCode Dance
Gozi ISFB
2023-03-17ElasticCyril François, Daniel Stepanic
Thawing the permafrost of ICEDID Summary
IcedID PhotoLoader
2023-03-15ReliaquestRELIAQUEST THREAT RESEARCH TEAM
QBot: Laying the Foundations for Black Basta Ransomware Activity
Black Basta QakBot
2023-03-13TrendmicroIan Kenefick
Emotet Returns, Now Adopts Binary Padding for Evasion
Emotet
2023-03-09eSentireeSentire Threat Response Unit (TRU)
BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif
BATLOADER ISFB Vidar
2023-03-07BleepingComputerLawrence Abrams
Emotet malware attacks return after three-month break
Emotet
2023-03-07TrellixAlejandro Houspanossian, John Fokker, Mathanraj Thangaraju, Pham Duy Phuc, Raghav Kapoor
Qakbot Evolves to OneNote Malware Distribution
QakBot
2023-03-07CofenseCofense
Emotet Sending Malicious Emails After Three-Month Hiatus
Emotet
2023-03-040xToxin Labs@0xToxin
Bumblebee DocuSign Campaign
BumbleBee
2023-03-02NetresecErik Hjelmvik
QakBot C2 Traffic
QakBot
2023-03-02Youtube (Microsoft Security Response Center (MSRC))Ben Magee, Daniel Taylor
BlueHat 2023: Hunting Qakbot with Daniel Taylor & Ben Magee
QakBot
2023-03-01ZscalerMeghraj Nandanwar, Shatak Jain
OneNote: A Growing Threat for Malware Distribution
AsyncRAT Cobalt Strike IcedID QakBot RedLine Stealer
2023-02-28Intel 471Intel 471
Malvertising Surges to Distribute Malware
BATLOADER IcedID
2023-02-27PRODAFT Threat IntelligencePRODAFT
RIG Exploit Kit: In-Depth Analysis
Dridex IcedID ISFB PureCrypter Raccoon RecordBreaker RedLine Stealer Royal Ransom Silence SmokeLoader Zloader
2023-02-26Medium IlanduIlan Duhin, Yossi Poberezsky
Emotet Campaign
Emotet
2023-02-24Medium walmartglobaltechJason Reaves, Jonathan Mccay, Joshua Platt, Kirk Sayre
Qbot testing malvertising campaigns?
QakBot
2023-02-24Team CymruTeam Cymru
Desde Chile con Malware (From Chile with Malware)
IcedID PhotoLoader
2023-02-17cybleCyble
The Many Faces of Qakbot Malware: A Look at Its Diverse Distribution Methods
QakBot
2023-02-15NetresecErik Hjelmvik
How to Identify IcedID Network Traffic
IcedID
2023-02-14DSIHCharles Blanc-Rolin
Comment Qbot revient en force avec OneNote ?
QakBot
2023-02-08NTT SecurityRyu Hiyoshi
SteelClover Attacks Distributing Malware Via Google Ads Increased
BATLOADER ISFB RedLine Stealer
2023-02-06SophosAndrew Brandt
Qakbot mechanizes distribution of malicious OneNote notebooks
QakBot
2023-02-03MandiantGenevieve Stark, Kimberly Goody
Float Like a Butterfly Sting Like a Bee
BazarBackdoor BumbleBee Cobalt Strike
2023-01-30CheckpointArie Olshtein
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware
Agent Tesla Azorult Buer Cerber Cobalt Strike Emotet Formbook HawkEye Keylogger Loki Password Stealer (PWS) Maze NetWire RC Remcos REvil TrickBot
2023-01-26AcronisIlan Duhin
Unpacking Emotet Malware
Emotet
2023-01-23KrollElio Biasiotto, Stephen Green
Black Basta – Technical Analysis
Black Basta Cobalt Strike MimiKatz QakBot SystemBC
2023-01-20BlackberryBlackBerry Research & Intelligence Team
Emotet Returns With New Methods of Evasion
Emotet IcedID
2023-01-19CiscoGuilherme Venere
Following the LNK metadata trail
BumbleBee PhotoLoader QakBot
2023-01-12EclecticIQEclecticIQ Threat Research Team
QakBot Malware Used Unpatched Vulnerability to Bypass Windows OS Security Feature
QakBot
2023-01-09IntrinsecCTI Intrinsec, Intrinsec
Emotet returns and deploys loaders
BumbleBee Emotet IcedID PHOTOLITE
2023-01-09The DFIR ReportThe DFIR Report
Unwrapping Ursnifs Gifts
ISFB
2022-12-28Micah Babinski
HTML Smuggling Detection
QakBot
2022-12-23TrendmicroIan Kenefick
IcedID Botnet Distributors Abuse Google PPC to Distribute Malware
IcedID
2022-12-22AhnLabASEC
Qakbot Being Distributed via Virtual Disk Files (*.vhd)
QakBot
2022-12-21Team CymruS2 Research Team
Inside the IcedID BackConnect Protocol
IcedID
2022-12-19kienmanowar Blogm4n0w4r, Tran Trung Kien
[Z2A]Bimonthly malware challege – Emotet (Back From the Dead)
Emotet
2022-12-18ZAYOTEMBerkay DOĞAN, Dilara BEHAR, Rabia EKŞİ, Zafer Yiğithan DERECİ
IcedID Technical Analysis Report
IcedID
2022-12-15ISCBrad Duncan
Google ads lead to fake software pages pushing IcedID (Bokbot)
IcedID
2022-12-06EuRepoCCamille Borrett, Kerstin Zettl-Schabath, Lena Rottinger
Conti/Wizard Spider
BazarBackdoor Cobalt Strike Conti Emotet IcedID Ryuk TrickBot WIZARD SPIDER
2022-12-05CybereasonKotaro Ogino, Ralph Villanueva, Robin Plumer
Threat Analysis: MSI - Masquerading as a Software Installer
Magniber Matanbuchus QakBot
2022-12-02Github (binref)Jesko Hüttenhain
The Refinery Files 0x06: Qakbot Decoder
QakBot
2022-12-01splunkSplunk Threat Research Team
From Macros to No Macros: Continuous Malware Improvements by QakBot
QakBot
2022-11-30Tidal Cyber Inc.Scott Small
Identifying and Defending Against QakBot's Evolving TTPs
QakBot
2022-11-28The DFIR ReportThe DFIR Report
Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware
Emotet Mount Locker
2022-11-23CybereasonCybereason Global SOC Team
THREAT ALERT: Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies
Black Basta QakBot
2022-11-21BSides SydneyThomas Roccia
X-Ray of Malware Evasion Techniques - Analysis, Dissection, Cure?
Emotet
2022-11-16ProofpointAxel F, Pim Trouerbach
A Comprehensive Look at Emotet Virus’ Fall 2022 Return
BumbleBee Emotet PHOTOLITE
2022-11-14Twitter (@embee_research)Matthew
Twitter thread on Yara Signatures for Qakbot Encryption Routines
IcedID QakBot
2022-11-10IntezerNicole Fishbein
How LNK Files Are Abused by Threat Actors
BumbleBee Emotet Mount Locker QakBot
2022-11-03SentinelOneSentinelLabs
Black Basta Ransomware | Attacks deploy Custom EDR Evasion Tools tied to FIN7 Threat Actor
Black Basta QakBot SocksBot
2022-10-31CynetMax Malyutin
Orion Threat Alert: Qakbot TTPs Arsenal and the Black Basta Ransomware
Black Basta Cobalt Strike QakBot
2022-10-31ElasticAndrew Pease, Daniel Stepanic, Derek Ditch, Seth Goodwin
ICEDIDs network infrastructure is alive and well
IcedID
2022-10-31Security homeworkChristophe Rieunier
QakBot CCs prioritization and new record types
QakBot
2022-10-28Elastic@rsprooten, Elastic Security Intelligence & Analytics Team
EMOTET dynamic config extraction
Emotet
2022-10-27MicrosoftMicrosoft Threat Intelligence
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
FAKEUPDATES BumbleBee Clop Fauppod Raspberry Robin Roshtyak Silence DEV-0950 Mustard Tempest
2022-10-27MicrosoftMicrosoft Security Threat Intelligence
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
FAKEUPDATES BumbleBee Fauppod PhotoLoader Raspberry Robin Roshtyak
2022-10-24Medium CSIS TechblogBenoît Ancel
Chapter 1 — From Gozi to ISFB: The history of a mythical malware family.
Gozi ISFB Snifula
2022-10-13SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q3 2022
FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm
2022-10-13SyrionRaffaele Sabato
QAKBOT BB Configuration and C2 IPs List
QakBot
2022-10-12Trend MicroIan Kenefick, Lucas Silva, Nicole Hernandez
Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike
Black Basta Brute Ratel C4 Cobalt Strike QakBot
2022-10-12NetresecErik Hjelmvik
IcedID BackConnect Protocol
IcedID
2022-10-07Team CymruS2 Research Team
A Visualizza into Recent IcedID Campaigns: Reconstructing Threat Actor Metrics with Pure Signal™ Recon
IcedID PhotoLoader
2022-10-06Twitter (@ESETresearch)ESET Research
Tweet on Bumblebee being modularized like trickbot
BumbleBee
2022-10-03Check PointMarc Salinas Fernandez
Bumblebee: increasing its capacity and evolving its TTPs
BumbleBee Cobalt Strike Meterpreter Sliver Vidar
2022-10-03vmwareThreat Analysis Unit
Emotet Exposed: A Look Inside the Cybercriminal Supply Chain
Emotet
2022-09-26The DFIR ReportThe DFIR Report
BumbleBee: Round Two
BumbleBee Cobalt Strike Meterpreter
2022-09-13AdvIntelAdvanced Intelligence
AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022
Conti Cobalt Strike Emotet Ryuk TrickBot
2022-09-12The DFIR ReportThe DFIR Report
Dead or Alive? An Emotet Story
Cobalt Strike Emotet
2022-09-07GoogleGoogle Threat Analysis Group, Pierre-Marc Bureau
Initial access broker repurposing techniques in targeted attacks against Ukraine
AnchorMail Cobalt Strike IcedID
2022-09-07cybleCyble
Bumblebee Returns With New Infection Technique
BumbleBee Cobalt Strike
2022-09-06ZscalerBrett Stone-Gross
The Ares Banking Trojan Learns Old Tricks: Adds the Defunct Qakbot DGA
Ares QakBot
2022-09-05Infinitum ITArda Büyükkaya
Bumblebee Loader Malware Analysis
BumbleBee
2022-09-01Medium michaelkoczwaraMichael Koczwara
Hunting C2/Adversaries Infrastructure with Shodan and Censys
Brute Ratel C4 Cobalt Strike Deimos GRUNT IcedID Merlin Meterpreter Nighthawk PoshC2 Sliver
2022-09-01Trend MicroTrend Micro
Ransomware Spotlight Black Basta
Black Basta Cobalt Strike MimiKatz QakBot
2022-08-25Palo Alto Networks Unit 42Amer Elsad
Threat Assessment: Black Basta Ransomware
Black Basta QakBot
2022-08-24ElasticCyril François
QBOT Malware Analysis
QakBot
2022-08-24MicrosoftMicrosoft Security Experts
Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
BumbleBee Sliver
2022-08-24TrellixAdithya Chandra, Sushant Kumar Arya
Demystifying Qbot Malware
QakBot
2022-08-24Deep instinctDeep Instinct Threat Lab
The Dark Side of Bumblebee Malware Loader
BumbleBee
2022-08-23DarktraceEugene Chua, Hanah Darley, Paul Jennings
Emotet Resurgence: Cross-Industry Campaign Analysis
Emotet
2022-08-19vmwareOleg Boyarchuk, Stefano Ortolani
How to Replicate Emotet Lateral Movement
Emotet
2022-08-18IBMCharlotte Hammond, Ole Villadsen
From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers
BumbleBee Karius Ramnit TrickBot Vawtrak
2022-08-17CybereasonCybereason Global SOC Team
Bumblebee Loader – The High Road to Enterprise Domain Control
BumbleBee Cobalt Strike
2022-08-12SANS ISCBrad Duncan
Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike
Cobalt Strike DarkVNC IcedID
2022-08-10BitSightJoão Batista
Emotet SMB Spreader is Back
Emotet
2022-08-10WeixinRed Raindrop Team
Operation(верность) mercenary: a torrent of steel trapped in the plains of Eastern Europe
BumbleBee Cobalt Strike
2022-08-08Medium CSIS TechblogBenoît Ancel
An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure
Riltok magecart Anubis Azorult BetaBot Buer CoalaBot CryptBot DiamondFox DreamBot GCleaner ISFB Loki Password Stealer (PWS) MedusaLocker MeguminTrojan Nemty PsiX RedLine Stealer SmokeLoader STOP TinyNuke Vidar Zloader
2022-08-08The DFIR ReportThe DFIR Report
BumbleBee Roasts Its Way to Domain Admin
BumbleBee Cobalt Strike
2022-08-04Medium walmartglobaltechJason Reaves, Joshua Platt
IcedID leverages PrivateLoader
IcedID PrivateLoader
2022-08-04CloudsekAastha Mittal, Anandeshwar Unnikrishnan
Technical Analysis of Bumblebee Malware Loader
BumbleBee
2022-08-03Palo Alto Networks Unit 42Brad Duncan
Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware
BazarBackdoor BumbleBee Cobalt Strike Conti
2022-07-27ElasticAndrew Pease, Cyril François, Seth Goodwin
Exploring the QBOT Attack Pattern
QakBot
2022-07-27ElasticCyril François, Derek Ditch
QBOT Configuration Extractor
QakBot
2022-07-27SANS ISCBrad Duncan
IcedID (Bokbot) with Dark VNC and Cobalt Strike
DarkVNC IcedID
2022-07-27cybleCyble Research Labs
Targeted Attacks Being Carried Out Via DLL SideLoading
Cobalt Strike QakBot
2022-07-24Bleeping ComputerBill Toulas
QBot phishing uses Windows Calculator sideloading to infect devices
QakBot
2022-07-19FortinetXiaopeng Zhang
New Variant of QakBot Being Spread by HTML File Attached to Phishing Emails
QakBot
2022-07-18Palo Alto Networks Unit 42Unit 42
Monster Libra
Valak IcedID GOLD CABIN
2022-07-17ResecurityResecurity
Shortcut-Based (LNK) Attacks Delivering Malicious Code On The Rise
AsyncRAT BumbleBee Emotet IcedID QakBot
2022-07-12ZscalerAditya Sharma, Tarun Dewan
Rise in Qakbot attacks traced to evolving threat techniques
QakBot
2022-07-12CyrenKervin Alintanahin
Example Analysis of Multi-Component Malware
Emotet Formbook
2022-07-07SANS ISCBrad Duncan
Emotet infection with Cobalt Strike
Cobalt Strike Emotet
2022-07-07FortinetErin Lin
Notable Droppers Emerge in Recent Threat Campaigns
BumbleBee Emotet PhotoLoader QakBot
2022-07-07IBMCharlotte Hammond, Kat Weinberger, Ole Villadsen
Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine
AnchorMail BumbleBee Cobalt Strike IcedID Meterpreter
2022-07-05Soc InvestigationPriyadharshini Balaji
QBot Spreads via LNK Files – Detection & Response
QakBot
2022-06-30Trend MicroEmmanuel Panopio, James Panlilio, John Kenneth Reyes, Kenneth Adrian Apostol, Melvin Singwa, Mirah Manlapig, Paolo Ronniel Labrador
Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit
Black Basta Cobalt Strike QakBot
2022-06-28SymantecThreat Hunter Team, Vishal Kamble
Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem
BumbleBee
2022-06-27NetskopeGustavo Palazolo
Emotet: Still Abusing Microsoft Office Macros
Emotet
2022-06-24Group-IBAlbert Priego
We see you, Gozi Hunting the latest TTPs used for delivering the Trojan
ISFB
2022-06-24Soc InvestigationBalaGanesh
IcedID Banking Trojan returns with new TTPS – Detection & Response
IcedID
2022-06-21McAfeeLakshya Mathur
Rise of LNK (Shortcut files) Malware
BazarBackdoor Emotet IcedID QakBot
2022-06-17Github (NtQuerySystemInformation)Twitter (@kasua02)
A reverse engineer primer on Qakbot Dll Stager: From initial execution to multithreading.
QakBot
2022-06-16ESET ResearchRene Holt
How Emotet is changing tactics in response to Microsoft’s tightening of Office macro security
Emotet
2022-06-14RiskIQJordan Herman
RiskIQ: Identifying BumbleBee Command and Control Servers
BumbleBee
2022-06-13SekoiaThreat & Detection Research Team
BumbleBee: a new trendy loader for Initial Access Brokers
BumbleBee
2022-06-09InfoSec Handlers Diary BlogBrad Duncan
TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
QakBot
2022-06-07McAfeeJyothi Naveen, Kiran Raj
Phishing Campaigns featuring Ursnif Trojan on the Rise
ISFB
2022-06-07cybleCyble
Bumblebee Loader on The Rise
BumbleBee Cobalt Strike
2022-06-02MandiantMandiant
TRENDING EVIL Q2 2022
CloudEyE Cobalt Strike CryptBot Emotet IsaacWiper QakBot
2022-05-30Matthieu Walter
Automatically Unpacking IcedID Stage 1 with Angr
IcedID
2022-05-27KrollCole Manaster, Elio Biasiotto, George Glass
Emotet Analysis: New LNKs in the Infection Chain – The Monitor, Issue 20
Emotet
2022-05-25LogpointLogpoint
Buzz of the Bumblebee – A new malicious loader
BumbleBee
2022-05-25Team CymruS2 Research Team
Bablosoft; Lowering the Barrier of Entry for Malicious Actors
BlackGuard BumbleBee RedLine Stealer
2022-05-25vmwareOleg Boyarchuk, Stefano Ortolani
Emotet Config Redux
Emotet
2022-05-24Deep instinctBar Block
Blame the Messenger: 4 Types of Dropper Malware in Microsoft Office & How to Detect Them
Dridex Emotet
2022-05-24BitSightBitSight, João Batista, Pedro Umbelino
Emotet Botnet Rises Again
Cobalt Strike Emotet QakBot SystemBC
2022-05-19InfoSec Handlers Diary BlogBrad Duncan
Bumblebee Malware from TransferXL URLs
BumbleBee Cobalt Strike
2022-05-19InfoSec Handlers Diary BlogBrad Duncan
Bumblebee Malware from TransferXL URLs
BumbleBee Cobalt Strike
2022-05-19IBMCharlotte Hammond, Golo Mühr, Ole Villadsen
ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups
IcedID ISFB Mount Locker WIZARD SPIDER
2022-05-19Trend MicroAdolph Christian Silverio, Jeric Miguel Abordo, Khristian Joseph Morales, Maria Emreen Viray
Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware
Emotet QakBot
2022-05-17Palo Alto Networks Unit 42Brad Duncan
Emotet Summary: November 2021 Through January 2022
Emotet
2022-05-17Trend MicroTrend Micro Research
Ransomware Spotlight: RansomEXX
LaZagne Cobalt Strike IcedID MimiKatz PyXie RansomEXX TrickBot
2022-05-16vmwareJason Zhang, Oleg Boyarchuk, Stefano Ortolani, Threat Analysis Unit
Emotet Moves to 64 bit and Updates its Loader
Emotet
2022-05-12Intel 471Intel 471
What malware to look for if you want to prevent a ransomware attack
Conti BumbleBee Cobalt Strike IcedID Sliver
2022-05-12OALabsSergei Frankoff
Taking a look at Bumblebee loader
BumbleBee
2022-05-11InfoSec Handlers Diary BlogBrad Duncan
TA578 using thread-hijacked emails to push ISO files for Bumblebee malware
BumbleBee Cobalt Strike IcedID PhotoLoader
2022-05-11SANS ISCBrad Duncan
TA578 using thread-hijacked emails to push ISO files for Bumblebee malware
BumbleBee
2022-05-11HPHP Wolf Security
Threat Insights Report Q1 - 2022
AsyncRAT Emotet Mekotio Vjw0rm
2022-05-11IronNetBlake Cahen, IronNet Threat Research
Detecting a MUMMY SPIDER campaign and Emotet infection
Emotet
2022-05-09MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT
2022-05-09CybereasonLior Rochberger
Cybereason vs. Quantum Locker Ransomware
IcedID Mount Locker
2022-05-09NetresecErik Hjelmvik
Emotet C2 and Spam Traffic Video
Emotet
2022-05-08QualysAmit Gadhave
Ursnif Malware Banks on News Events for Phishing Attacks
ISFB
2022-05-08Threat hunting with hints of incident responseJouni Mikkola
Bzz.. Bzz.. Bumblebee loader
BumbleBee
2022-05-06NetskopeGustavo Palazolo
Emotet: New Delivery Mechanism to Bypass VBA Protection
Emotet
2022-05-04Twitter (@felixw3000)Felix
Twitter Thread with info on infection chain with IcedId, Cobalt Strike, and Hidden VNC.
Cobalt Strike IcedID PhotoLoader
2022-05-04SophosAndreas Klopsch
Attacking Emotet’s Control Flow Flattening
Emotet
2022-04-29NCC GroupMike Stokkel, Nikolaos Pantazopoulos, Nikolaos Totosis
Adventures in the land of BumbleBee – a new malicious loader
BazarBackdoor BumbleBee Conti
2022-04-28ProofpointKelsey Merriman, Pim Trouerbach
This isn't Optimus Prime's Bumblebee but it's Still Transforming
BumbleBee TA578 TA579
2022-04-28SymantecKarthikeyan C Kasiviswanathan, Vishal Kamble
Ransomware: How Attackers are Breaching Corporate Networks
AvosLocker Conti Emotet Hive IcedID PhotoLoader QakBot TrickBot
2022-04-28Bleeping ComputerIonut Ilascu
New Bumblebee malware replaces Conti's BazarLoader in cyberattacks
BumbleBee
2022-04-27CybleincCyble
Emotet Returns With New TTPs And Delivers .Lnk Files To Its Victims
Emotet
2022-04-27Medium elis531989Eli Salem
The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection
BumbleBee TrickBot
2022-04-26Intel 471Intel 471
Conti and Emotet: A constantly destructive duo
Cobalt Strike Conti Emotet IcedID QakBot TrickBot
2022-04-26ProofpointAxel F
Emotet Tests New Delivery Techniques
Emotet
2022-04-26Bleeping ComputerIonut Ilascu
Emotet malware now installs via PowerShell in Windows shortcut files
Emotet
2022-04-25The DFIR ReportThe DFIR Report
Quantum Ransomware
Cobalt Strike IcedID
2022-04-24forensicitguyTony Lambert
Shortcut to Emotet, an odd TTP change
Emotet
2022-04-20CISAAustralian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), CISA, FBI, Government Communications Security Bureau, National Crime Agency (NCA), NCSC UK, NSA
AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader
2022-04-20CISACISA
Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader Killnet
2022-04-20cocomelonccocomelonc
Malware development: persistence - part 1. Registry run keys. C++ example.
Agent Tesla Amadey BlackEnergy Cobian RAT COZYDUKE Emotet Empire Downloader Kimsuky
2022-04-20SANS ISCBrad Duncan
'aa' distribution Qakbot (Qbot) infection with DarkVNC traffic
QakBot
2022-04-19Bleeping ComputerBill Toulas
Emotet botnet switches to 64-bit modules, increases activity
Emotet
2022-04-19Twitter (@Cryptolaemus1)Cryptolaemus
#Emotet Update: 64 bit upgrade of Epoch 5
Emotet
2022-04-18FortinetErin Lin
Trends in the Recent Emotet Maldoc Outbreak
Emotet
2022-04-17MalwarologyGaetano Pellegrino
Qakbot Series: API Hashing
QakBot
2022-04-17BushidoToken BlogBushidoToken
Lessons from the Conti Leaks
BazarBackdoor Conti Emotet IcedID Ryuk TrickBot
2022-04-16MalwarologyGaetano Pellegrino
Qakbot Series: Process Injection
QakBot
2022-04-14Avast DecodedVladimir Martyanov
Zloader 2: The Silent Night
ISFB Raccoon Zloader
2022-04-14Bleeping ComputerBill Toulas
Hackers target Ukrainian govt with IcedID malware, Zimbra exploits
IcedID
2022-04-14Cert-UACert-UA
Cyberattack on Ukrainian state organizations using IcedID malware (CERT-UA#4464)
IcedID
2022-04-14CynetMax Malyutin
Orion Threat Alert: Flight of the BumbleBee
BumbleBee Cobalt Strike
2022-04-13KasperskyAMR
Emotet modules and recent attacks
Emotet
2022-04-13MalwarologyGaetano Pellegrino
Qakbot Series: Configuration Extraction
QakBot
2022-04-12Check PointCheck Point Research
March 2022’s Most Wanted Malware: Easter Phishing Scams Help Emotet Assert its Dominance
Alien FluBot Agent Tesla Emotet
2022-04-12AhnLabASEC Analysis Team
SystemBC Being Used by Various Attackers
Emotet SmokeLoader SystemBC
2022-04-12Tech TimesJoseph Henry
Qbot Botnet Deploys Malware Payloads Through Malicious Windows Installers
QakBot
2022-04-11Bleeping ComputerSergiu Gatlan
Qbot malware switches to new Windows Installer infection vector
QakBot
2022-04-10MalwarologyGaetano Pellegrino
Qakbot Series: String Obfuscation
QakBot
2022-04-08ReversingLabsPaul Roberts
ConversingLabs Ep. 2: Conti pivots as ransomware as a service struggles
Conti Emotet TrickBot
2022-04-04The DFIR Report@0xtornado, @MettalicHack, @yatinwad, @_pete_0
Stolen Images Campaign Ends in Conti Ransomware
Conti IcedID
2022-04-02Github (pl-v)Player-V
Emotet Analysis Part 1: Unpacking
Emotet
2022-03-31TrellixJambul Tologonov, John Fokker
Conti Leaks: Examining the Panama Papers of Ransomware
LockBit Amadey Buer Conti IcedID LockBit Mailto Maze PhotoLoader Ryuk TrickBot
2022-03-31nccgroupAlex Jessop, Nikolaos Pantazopoulos, RIFT: Research and Intelligence Fusion Team, Simon Biggs
Conti-nuation: methods and techniques observed in operations post the leaks
Cobalt Strike Conti QakBot
2022-03-30PrevailionPrevailion
Wizard Spider continues to confound
BazarBackdoor Cobalt Strike Emotet
2022-03-29vmwareJason Zhang, Oleg Boyarchuk, Threat Analysis Unit
Emotet C2 Configuration Extraction and Analysis
Emotet
2022-03-29Threat PostElizabeth Montalbano
Exchange Servers Speared in IcedID Phishing Campaign
IcedID
2022-03-28FortinetFred Gutierrez, James Slaughter, Val Saengphaibul
Spoofed Invoice Used to Drop IcedID
IcedID
2022-03-28Bleeping ComputerBill Toulas
Microsoft Exchange targeted for IcedID reply-chain hijacking attacks
IcedID
2022-03-28IntezerJoakim Kennedy, Ryan Robinson
New Conversation Hijacking Campaign Delivering IcedID
IcedID PhotoLoader
2022-03-28CiscoAdela Jezkova, María José Erquiaga, Onur Erdogan
Emotet is Back
Emotet
2022-03-25SANS ISCXavier Mertens
XLSB Files: Because Binary is Stealthier Than XML
QakBot
2022-03-23FortinetShunichi Imano, Val Saengphaibul
Bad Actors Trying to Capitalize on Current Events via Shameless Email Scams
Emotet
2022-03-23SecureworksCounter Threat Unit ResearchTeam
GOLD ULRICK Leaks Reveal Organizational Structure and Relationships
Conti Emotet IcedID TrickBot
2022-03-23NVISO LabsBart Parys
Hunting Emotet campaigns with Kusto
Emotet
2022-03-23SecureworksCounter Threat Unit ResearchTeam
Threat Intelligence Executive Report Volume 2022, Number 2
Conti Emotet IcedID TrickBot
2022-03-23FortinetXiaopeng Zhang
MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part II
Emotet
2022-03-21Info SecurityVinugayathri Chinnasamy
Emotet Is Back and Is Deadlier Than Ever! A Rundown of the Emotet Malware
Emotet
2022-03-21eSentireeSentire Threat Response Unit (TRU)
Conti Affiliate Exposed: New Domain Names, IP Addresses and Email Addresses Uncovered
HelloKitty BazarBackdoor Cobalt Strike Conti FiveHands HelloKitty IcedID
2022-03-17Github (eln0ty)Abdallah Elnoty
IcedID Analysis
IcedID
2022-03-17Trend MicroTrend Micro Research
Navigating New Frontiers Trend Micro 2021 Annual Cybersecurity Report
REvil BazarBackdoor Buer IcedID QakBot REvil
2022-03-17GoogleBenoit Sevens, Vladislav Stolyarov
Exposing initial access broker with ties to Conti
BazarBackdoor BumbleBee Conti EXOTIC LILY
2022-03-17GoogleBenoit Sevens, Google Threat Analysis Group, Vladislav Stolyarov
Exposing initial access broker with ties to Conti
BazarBackdoor BumbleBee Cobalt Strike Conti
2022-03-16SymantecSymantec Threat Hunter Team
The Ransomware Threat Landscape: What to Expect in 2022
AvosLocker BlackCat BlackMatter Conti DarkSide DoppelPaymer Emotet Hive Karma Mespinoza Nemty Squirrelwaffle VegaLocker WastedLocker Yanluowang Zeppelin
2022-03-16DragosJosh Hanrahan
Suspected Conti Ransomware Activity in the Auto Manufacturing Sector
Conti Emotet
2022-03-16SANS ISCBrad Duncan
Qakbot infection with Cobalt Strike and VNC activity
Cobalt Strike QakBot
2022-03-16InfoSec Handlers Diary BlogBrad Duncan
Qakbot infection with Cobalt Strike and VNC activity
Cobalt Strike QakBot
2022-03-09nikpxxors
BokBot Technical Analysis
IcedID
2022-03-08LumenBlack Lotus Labs
What Global Network Visibility Reveals about the Resurgence of One of the World’s Most Notorious Botnets
Emotet
2022-03-07FortinetXiaopeng Zhang
MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part I
Emotet
2022-03-03Trend MicroTrend Micro Research
Cyberattacks are Prominent in the Russia-Ukraine Conflict
BazarBackdoor Cobalt Strike Conti Emotet WhisperGate
2022-03-02KrebsOnSecurityBrian Krebs
Conti Ransomware Group Diaries, Part II: The Office
Conti Emotet Ryuk TrickBot
2022-03-01Twitter (@ContiLeaks)ContiLeaks
Tweet on Emotet final server scheme
Emotet
2022-02-26LinkedIn (Zayed AlJaberi)Zayed AlJaberi
Hunting Recent QakBot Malware
QakBot
2022-02-26MandiantMandiant
TRENDING EVIL Q1 2022
KEYPLUG FAKEUPDATES GootLoader BazarBackdoor QakBot
2022-02-25CyberScoopJoe Warminsky
TrickBot malware suddenly got quiet, researchers say, but it's hardly the end for its operators
BazarBackdoor Emotet TrickBot
2022-02-24CynetMax Malyutin
New Wave of Emotet – When Project X Turns Into Y
Cobalt Strike Emotet
2022-02-24The Hacker NewsRavie Lakshmanan
TrickBot Gang Likely Shifting Operations to Switch to New Malware
BazarBackdoor Emotet QakBot TrickBot
2022-02-24The Hacker NewsRavie Lakshmanan
Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure
BazarBackdoor Emotet TrickBot
2022-02-23cyber.wtf blogLuca Ebach
What the Pack(er)?
Cobalt Strike Emotet
2022-02-22eSentireeSentire Threat Response Unit (TRU)
IcedID to Cobalt Strike In Under 20 Minutes
Cobalt Strike IcedID PhotoLoader
2022-02-21The DFIR Report
Qbot and Zerologon Lead To Full Domain Compromise
Cobalt Strike QakBot
2022-02-16Threat PostElizabeth Montalbano
Emotet Now Spreading Through Malicious Excel Files
Emotet
2022-02-16SOC PrimeAlla Yurchenko
QBot Malware Detection: Old Dog New Tricks
QakBot
2022-02-16Security OnionDoug Burks
Quick Malware Analysis: Emotet Epoch 5 and Cobalt Strike pcap from 2022-02-08
Cobalt Strike Emotet
2022-02-15Palo Alto Networks Unit 42Brad Duncan, Micah Yates, Saqib Khanzada, Tyler Halfpop
New Emotet Infection Method
Emotet
2022-02-15eSentireeSentire Threat Response Unit (TRU)
Increase in Emotet Activity and Cobalt Strike Deployment
Cobalt Strike Emotet
2022-02-13NetbyteSECFareed, Rosamira, Taqi
Technical Malware Analysis: The Return of Emotet
Emotet
2022-02-10CybereasonCybereason Global SOC Team
Threat Analysis Report: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot
Cobalt Strike Emotet IcedID QakBot
2022-02-08BleepingComputerBill Toulas
Qbot needs only 30 minutes to steal your credentials, emails
QakBot
2022-02-07The DFIR ReportThe DFIR Report
Qbot Likes to Move It, Move It
QakBot
2022-02-07vmwareJason Zhang, Threat Analysis Unit
Emotet Is Not Dead (Yet) – Part 2
Emotet
2022-02-02VMRayMateusz Lukaszewski, VMRay Labs Team
Malware Analysis Spotlight: Emotet’s Use of Cryptography
Emotet
2022-01-27Threat Lab IndonesiaThreat Lab Indonesia
Malware Analysis Emotet Infection
Emotet
2022-01-25SANS ISCBrad Duncan
Emotet Stops Using 0.0.0.0 in Spambot Traffic
Emotet
2022-01-23kienmanowar Blogm4n0w4r, Tran Trung Kien
[QuickNote] Emotet epoch4 & epoch5 tactics
Emotet
2022-01-22Atomic Matryoshkaz3r0day_504
Malware Headliners: Emotet
Emotet
2022-01-21vmwareJason Zhang, Threat Analysis Unit
Emotet Is Not Dead (Yet)
Emotet
2022-01-21Trend MicroIan Kenefick
Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware
Emotet
2022-01-19GdataKarsten Hahn
Malware vaccines can prevent pandemics, yet are rarely used
Emotet STOP
2022-01-19BlackberryThe BlackBerry Research & Intelligence Team
Kraken the Code on Prometheus
Prometheus Backdoor BlackMatter Cerber Cobalt Strike DCRat Ficker Stealer QakBot REvil Ryuk
2022-01-19InfoSec Handlers Diary BlogBrad Duncan
0.0.0.0 in Emotet Spambot Traffic
Emotet
2022-01-18Recorded FutureInsikt Group®
2021 Adversary Infrastructure Report
BazarBackdoor Cobalt Strike Dridex IcedID QakBot TrickBot
2022-01-17forensicitguyTony Lambert
Emotet's Excel 4.0 Macros Dropping DLLs
Emotet
2022-01-15Atomic Matryoshkaz3r0day_504
Malware Headliners: Qakbot
QakBot
2022-01-14RiskIQJordan Herman
RiskIQ: Unique SSL Certificates and JARM Hash Connected to Emotet and Dridex C2 Servers
Dridex Emotet
2022-01-13TrustwaveLloyd Macrohon, Rodel Mendrez
Decrypting Qakbot’s Encrypted Registry Keys
QakBot
2022-01-11Medium walmartglobaltechJason Reaves, Joshua Platt
Signed DLL campaigns as a service
BATLOADER Cobalt Strike ISFB Zloader
2022-01-11CybereasonChen Erlich, Daichi Shimabukuro, Niv Yona, Ofir Ozer, Omri Refaeli
Threat Analysis Report: DatopLoader Exploits ProxyShell to Deliver QBOT and Cobalt Strike
Cobalt Strike QakBot Squirrelwaffle
2022-01-07muha2xmadMuhammad Hasan Ali
Unpacking Emotet malware part 02
Emotet
2022-01-06muha2xmadMuhammad Hasan Ali
Unpacking Emotet malware part 01
Emotet
2022-01-01aspiretsMichael Lamb
Bumblebee Malware Loader: Threat Analysis
BumbleBee
2022-01-01forensicitguyTony Lambert
Analyzing an IcedID Loader Document
IcedID
2021-12-22CloudsekAnandeshwar Unnikrishnan
Emotet 2.0: Everything you need to know about the new Variant of the Banking Trojan
Emotet
2021-12-17Trend MicroAbraham Camba, Gilbert Sison, Jay Yaneza, Jonna Santos
Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager
QakBot
2021-12-16InfoSec Handlers Diary BlogBrad Duncan
How the "Contact Forms" campaign tricks people
IcedID
2021-12-16Red CanaryThe Red Canary Team
Intelligence Insights: December 2021
Cobalt Strike QakBot Squirrelwaffle
2021-12-13ZscalerAvinash Kumar, Dennis Schwarz
Return of Emotet: Malware Analysis
Emotet
2021-12-11YouTube (AGDC Services)AGDC Services
How To Extract & Decrypt Qbot Configs Across Variants
QakBot
2021-12-09HPPatrick Schläpfer
Emotet’s Return: What’s Different?
Emotet
2021-12-09MicrosoftMicrosoft 365 Defender Threat Intelligence Team
A closer look at Qakbot’s latest building blocks (and how to knock them down)
QakBot
2021-12-08Check Point ResearchAliaksandr Trafimchuk, David Driker, Raman Ladutska, Yali Magiel
When old friends meet again: why Emotet chose Trickbot for rebirth
Emotet TrickBot
2021-12-07Bleeping ComputerLawrence Abrams
Emotet now drops Cobalt Strike, fast forwards ransomware attacks
Cobalt Strike Emotet
2021-12-03SANS ISC InfoSec ForumsBrad Duncan
TA551 (Shathak) pushes IcedID (Bokbot)
IcedID
2021-11-30Deep instinctRon Ben Yizhak
The Re-Emergence of Emotet
Emotet
2021-11-25DSIHCharles Blanc-Rolin
Emotet de retour, POC Exchange, 0-day Windows : à quelle sauce les attaquants prévoient de nous manger cette semaine?
Emotet
2021-11-23AnomaliAnomali Threat Research
Mummy Spider’s Emotet Malware is Back After a Year Hiatus; Wizard Spider’s TrickBot Observed in Its Return
Emotet
2021-11-21Twitter (@tylabs)Twitter (@ffforward), Tyler McLellan
Twitter Thread about UNC1500 phishing using QAKBOT
QakBot
2021-11-20Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
Corporate Loader "Emotet": History of "X" Project Return for Ransomware
Emotet
2021-11-20Youtube (HEXORCIST)Nicolas Brulez
Unpacking Emotet and Reversing Obfuscated Word Document
Emotet
2021-11-20Twitter (@eduardfir)Eduardo Mattos
Tweet on Velociraptor artifact analysis for Emotet
Emotet
2021-11-19Trend MicroAbdelrhman Sharshar, Mohamed Fahmy, Sherif Magdy
Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains
Cobalt Strike QakBot Squirrelwaffle
2021-11-19CRONUPGermán Fernández
La Botnet de EMOTET reinicia ataques en Chile y LATAM
Emotet
2021-11-19LAC WATCHLAC WATCH
Malware Emotet resumes its activities for the first time in 10 months, and Japan is also the target of the attack
Emotet
2021-11-18NetskopeGhanashyam Satpathy, Gustavo Palazolo
Netskope Threat Coverage: The Return of Emotet
Emotet
2021-11-18Red CanaryThe Red Canary Team
Intelligence Insights: November 2021
Andromeda Conti LockBit QakBot Squirrelwaffle
2021-11-18eSentireeSentire
Emotet Activity Identified
Emotet
2021-11-17Twitter (@Unit42_Intel)Unit 42
Tweet on Matanbuchus Loader used to deliver Qakbot (tag obama128b) and follow-up CobaltStrike
Cobalt Strike QakBot
2021-11-16InfoSec Handlers Diary BlogBrad Duncan
Emotet Returns
Emotet
2021-11-16HornetsecuritySecurity Lab
Comeback of Emotet
Emotet
2021-11-16ZscalerDeepen Desai
Return of Emotet malware
Emotet
2021-11-16Twitter (@kienbigmummy)m4n0w4r
Tweet on short analysis of QakBot
QakBot
2021-11-16MalwarebytesMalwarebytes Threat Intelligence Team
TrickBot helps Emotet come back from the dead
Emotet TrickBot
2021-11-16IronNetIronNet Threat Research, Joey Fitzpatrick, Morgan Demboski, Peter Rydzynski
How IronNet's Behavioral Analytics Detect REvil and Conti Ransomware
Cobalt Strike Conti IcedID REvil
2021-11-15cyber.wtf blogLuca Ebach
Guess who’s back
Emotet
2021-11-15Bleeping ComputerLawrence Abrams
Emotet malware is back and rebuilding its botnet via TrickBot
Emotet
2021-11-15TRUESECFabio Viggiani
ProxyShell, QBot, and Conti Ransomware Combined in a Series of Cyberattacks
Cobalt Strike Conti QakBot
2021-11-13Trend MicroIan Kenefick, Vladimir Kropotov
QAKBOT Loader Returns With New Techniques and Tools
QakBot
2021-11-13YouTube (AGDC Services)AGDC Services
Automate Qbot Malware String Decryption With Ghidra Script
QakBot
2021-11-12Recorded FutureInsikt Group®
The Business of Fraud: Botnet Malware Dissemination
Mozi Dridex IcedID QakBot TrickBot
2021-11-12Trend MicroIan Kenefick, Vladimir Kropotov
The Prelude to Ransomware: A Look into Current QAKBOT Capabilities and Global Activities
QakBot
2021-11-11CynetMax Malyutin
A Duck Nightmare Quakbot Strikes with QuakNightmare Exploitation
Cobalt Strike QakBot
2021-11-11vmwareGiovanni Vigna, Jason Zhang, Stefano Ortolani, Threat Analysis Unit
Research Recap: How To Automate Malware Campaign Detection With Telemetry Peak Analyzer
Phorpiex QakBot
2021-11-10CIRCLCIRCL
TR-64 - Exploited Exchange Servers - Mails with links to malware from known/valid senders
QakBot
2021-11-09MinervaLabsMinerva Labs
A New DatopLoader Delivers QakBot Trojan
QakBot Squirrelwaffle
2021-11-04splunkSplunk Threat Research Team
Detecting IcedID... Could It Be A Trickbot Copycat?
IcedID
2021-11-03Twitter (@Corvid_Cyber)CORVID
Tweet on a unique Qbot debugger dropped by an actor after compromise
QakBot
2021-11-03Team Cymrutcblogposts
Webinject Panel Administration: A Vantage Point into Multiple Threat Actor Campaigns - A Case Study on the Value of Threat Reconnaisance
DoppelDridex IcedID QakBot Zloader
2021-10-26Cisco TalosEdmund Brumaghin, Mariano Graziano, Nick Mavis
SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike
Cobalt Strike QakBot Squirrelwaffle
2021-10-26ANSSI
Identification of a new cyber criminal group: Lockean
Cobalt Strike DoppelPaymer Egregor Maze PwndLocker QakBot REvil
2021-10-25CleafyCleafy
Digital banking fraud: how the Gozi malware works
ISFB
2021-10-18The DFIR ReportThe DFIR Report
IcedID to XingLocker Ransomware in 24 hours
Cobalt Strike IcedID Mount Locker
2021-10-15Trend MicroFernando Mercês
Ransomware Operators Found Using New "Franchise" Business Model
Glupteba IcedID Mount Locker
2021-10-07NetskopeGhanashyam Satpathy, Gustavo Palazolo
SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot
Cobalt Strike QakBot Squirrelwaffle
2021-09-29ProofpointProofpoint Staff, Selena Larson
TA544 Targets Italian Organizations with Ursnif Malware
ISFB
2021-09-10GigamonJoe Slowik
Rendering Threats: A Network Perspective
BumbleBee Cobalt Strike
2021-09-09Trend MicroTrend Micro
Remote Code Execution 0-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs
BumbleBee Cobalt Strike
2021-09-03IBMAndrew Gorecki, Camille Singleton, John Dwyer
Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight
Valak QakBot REvil
2021-09-03Trend MicroMohamad Mokbel
The State of SSL/TLS Certificate Usage in Malware C&C Communications
AdWind ostap AsyncRAT BazarBackdoor BitRAT Buer Chthonic CloudEyE Cobalt Strike DCRat Dridex FindPOS GootKit Gozi IcedID ISFB Nanocore RAT Orcus RAT PandaBanker Qadars QakBot Quasar RAT Rockloader ServHelper Shifu SManager TorrentLocker TrickBot Vawtrak Zeus Zloader
2021-09-02KasperskyAnton Kuzmenko, Haim Zigel, Oleg Kupreev
QakBot Technical Analysis
QakBot
2021-08-15SymantecThreat Hunter Team
The Ransomware Threat
Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker
2021-08-05Group-IBNikita Rostovcev, Viktor Okorokov
Prometheus TDS The key to success for Campo Loader, Hancitor, IcedID, and QBot
Prometheus Backdoor Buer campoloader Hancitor IcedID QakBot
2021-08-05The RecordCatalin Cimpanu
Meet Prometheus, the secret TDS behind some of today’s malware campaigns
Buer campoloader IcedID QakBot
2021-07-30HPPatrick Schläpfer
Detecting TA551 domains
Valak Dridex IcedID ISFB QakBot
2021-07-26vmwarePavankumar Chaudhari, Quentin Fois
Hunting IcedID and unpacking automation with Qiling
IcedID
2021-07-240ffset BlogDaniel Bunce
Quack Quack: Analysing Qakbot’s Browser Hooking Module – Part 1
QakBot
2021-07-23Github (Lastline-Inc)Pavankumar Chaudhari, Quentin Fois
YARA rules, IOCs and Scripts for extracting IcedID C2s
IcedID
2021-07-19The DFIR ReportThe DFIR Report
IcedID and Cobalt Strike vs Antivirus
Cobalt Strike IcedID
2021-07-14Cerium NetworksBlumira
Threat of the Month: IcedID Malware
IcedID
2021-07-12The RecordCatalin Cimpanu
Over 780,000 email accounts compromised by Emotet have been secured
Emotet
2021-07-08vmwarePavankumar Chaudhari, Quentin Fois
IcedID: Analysis and Detection
IcedID
2021-06-30CynetMax Malyutin
Shelob Moonlight – Spinning a Larger Web From IcedID to CONTI, a Trojan and Ransomware collaboration
Conti IcedID
2021-06-30The RecordCatalin Cimpanu
Gozi malware gang member arrested in Colombia
Gozi ISFB
2021-06-24SentinelOneMarco Figueroa
Evasive Maneuvers | Massive IcedID Campaign Aims For Stealth with Benign Macros
IcedID
2021-06-24KasperskyAnton Kuzmenko
Malicious spam campaigns delivering banking Trojans
IcedID QakBot
2021-06-23IBMItzik Chimino
Ursnif Leverages Cerberus to Automate Fraudulent Bank Transfers in Italy
ISFB
2021-06-20The DFIR ReportThe DFIR Report
From Word to Lateral Movement in 1 Hour
Cobalt Strike IcedID
2021-06-16Twitter (@ChouchWard)ch0uch ward
Tweet on Qbot operators left their web server's access.log file unsecured
QakBot
2021-06-16ProofpointDaniel Blackford, Garrett M. Graff, Selena Larson
The First Step: Initial Access Leads to Ransomware
BazarBackdoor Egregor IcedID Maze QakBot REvil Ryuk TrickBot WastedLocker TA570 TA575 TA577
2021-06-16S2 GrupoCSIRT-CV (the ICT Security Center of the Valencian Community)
Emotet campaign analysis
Emotet QakBot
2021-06-15Perception PointShai Golderman
Insights Into an Excel 4.0 Macro Attack using Qakbot Malware
QakBot
2021-06-10ZEIT OnlineAstrid Geisler, Herwig G. Höller, Karsten Polke-Majewski, Von Kai Biermann, Zachary Kamel
On the Trail of the Internet Extortionists
Emotet Mailto
2021-06-10ZAYOTEMAbdulkadir Binan, Emrah Sarıdağ, Emre Doğan, İlker Verimoğlu, Kaan Binen
QakBot Technical Analysis Report
QakBot
2021-06-10TagesschauHakan Tanriverdi, Maximilian Zierer
Schadsoftware Emotet: BKA befragt Schlüsselfigur
Emotet
2021-06-08Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
From QBot...with REvil Ransomware: Initial Attack Exposure of JBS
QakBot REvil
2021-06-02Bleeping ComputerLawrence Abrams
FUJIFILM shuts down network after suspected ransomware attack
QakBot
2021-05-29Youtube (AhmedS Kasmani)AhmedS Kasmani
Analysis of ICEID Malware Installer DLL
IcedID
2021-05-26Check PointAlex Ilgayev
Melting Ice – Tracking IcedID Servers with a few simple steps
IcedID
2021-05-26DeepInstinctRon Ben Yizhak
A Deep Dive into Packing Software CryptOne
Cobalt Strike Dridex Emotet Gozi ISFB Mailto QakBot SmokeLoader WastedLocker Zloader
2021-05-19Team CymruAndy Kraus, Josh Hopkins, Nick Byers
Tracking BokBot Infrastructure Mapping a Vast and Currently Active BokBot Network
IcedID
2021-05-19Intel 471Intel 471
Look how many cybercriminals love Cobalt Strike
BazarBackdoor Cobalt Strike Hancitor QakBot SmokeLoader SystemBC TrickBot
2021-05-18RECON INFOSECAndrew Cook
An Encounter With TA551/Shathak
IcedID
2021-05-17TelekomThomas Barabosch
Let’s set ice on fire: Hunting and detecting IcedID infections
IcedID
2021-05-17Github (telekom-security)Deutsche Telekom Security GmbH
icedid_analysis
IcedID
2021-05-12The DFIR Report
Conti Ransomware
Cobalt Strike Conti IcedID
2021-05-10MALWATIONmalwation
IcedID Malware Technical Analysis Report
IcedID
2021-05-10Mal-Eatsmal_eats
Overview of Campo, a new attack campaign targeting Japan
AnchorDNS BazarBackdoor Cobalt Strike ISFB Phobos TrickBot Zloader
2021-05-10WirtschaftswocheThomas Kuhn
How one of the largest hacker networks in the world was paralyzed
Emotet
2021-05-04Fox-ITFox IT, fumik0, the RIFT Team
RM3 – Curiosities of the wildest banking malware
ISFB
2021-05-04Seguranca InformaticaPedro Tavares
A taste of the latest release of QakBot
QakBot
2021-05-04NCC Groupfumik0, NCC RIFT
RM3 – Curiosities of the wildest banking malware
ISFB RM3
2021-04-30MADRID LabsOdin Bernstein
Qbot: Analyzing PHP Proxy Scripts from Compromised Web Server
QakBot
2021-04-28Reversing LabsKarlo Zanki
Spotting malicious Excel4 macros
QakBot
2021-04-28IBMDavid Bisson
QBot Malware Spotted Using Windows Defender Antivirus Lure
QakBot
2021-04-22Github (@cecio)@red5heep
EMOTET: a State-Machine reversing exercise
Emotet
2021-04-22SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q1 2021
Emotet Ficker Stealer Raccoon
2021-04-19Twitter (@_alex_il_)Alex Ilgayev
Tweet on QakBot's additional decryption mechanism
QakBot
2021-04-19NetresecErik Hjelmvik
Analysing a malware PCAP with IcedID and Cobalt Strike traffic
Cobalt Strike IcedID
2021-04-17YouTube (Worcester DEFCON Group)Joel Snape, Nettitude
Inside IcedID: Anatomy Of An Infostealer
IcedID
2021-04-15AT&TDax Morrow, Ofer Caspi
The rise of QakBot
QakBot
2021-04-13Silent PushMartijn Grooten
Malicious infrastructure as a service
IcedID PhotoLoader QakBot
2021-04-12PTSecurityPTSecurity
PaaS, or how hackers evade antivirus software
Amadey Bunitu Cerber Dridex ISFB KPOT Stealer Mailto Nemty Phobos Pony Predator The Thief QakBot Raccoon RTM SmokeLoader Zloader
2021-04-12Twitter (@elisalem9)Eli Salem
Tweets on QakBot
QakBot
2021-04-12Trend MicroDon Ovid Ladores, Frankylnn Uy, Junestherry Salvador, Lala Manly, Raphael Centeno
A Spike in BazarCall and IcedID Activity Detected in March
BazarBackdoor IcedID
2021-04-114rchibld4rchibld
IcedID on my neck I’m the coolest
IcedID
2021-04-10Youtube (AhmedS Kasmani)AhmedS Kasmani
Malware Analysis: IcedID Banking Trojan JavaScript Dropper
IcedID
2021-04-09MicrosoftEmily Hacker, Justin Carroll, Microsoft 365 Defender Threat Intelligence Team
Investigating a unique “form” of email delivery for IcedID malware
IcedID
2021-04-09aaqeel01Ali Aqeel
IcedID Analysis
IcedID
2021-04-09Palo Alto Networks Unit 42Chris Navarrete, Yanhui Jia
Emotet Command and Control Case Study
Emotet
2021-04-07UptycsAbhijit Mohanta, Ashwin Vamshi
IcedID campaign spotted being spiced with Excel 4 Macros
IcedID
2021-04-07MinervaMinerva Labs
IcedID - A New Threat In Office Attachments
IcedID
2021-04-06Intel 471Intel 471
EtterSilent: the underground’s new favorite maldoc builder
BazarBackdoor ISFB QakBot TrickBot
2021-04-01Reversing LabsRobert Simmons
Code Reuse Across Packers and DLL Loaders
IcedID SystemBC
2021-03-31KasperskyKaspersky
Financial Cyberthreats in 2020
BetaBot DanaBot Emotet Gozi Ramnit RTM SpyEye TrickBot Zeus
2021-03-31Silent PushMartijn Grooten
IcedID Command and Control Infrastructure
IcedID PhotoLoader
2021-03-31Red CanaryRed Canary
2021 Threat Detection Report
Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot
2021-03-29The DFIR ReportThe DFIR Report
Sodinokibi (aka REvil) Ransomware
Cobalt Strike IcedID REvil
2021-03-26Trend MicroTrend Micro
Alleged Members of Egregor Ransomware Cartel Arrested
Egregor QakBot
2021-03-21BlackberryBlackberry Research
2021 Threat Report
Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot
2021-03-19MITREMITRE ATT&CK
TA551
GOLD CABIN
2021-03-18VinCSSm4n0w4r, Tran Trung Kien
[RE021] Qakbot analysis – Dangerous malware has been around for more than a decade
QakBot
2021-03-17HPHP Bromium
Threat Insights Report Q4-2020
Agent Tesla BitRAT ComodoSec Dridex Emotet Ficker Stealer Formbook Zloader
2021-03-12Binary DefenseJames Quinn
IcedID GZIPLOADER Analysis
IcedID
2021-03-08Palo Alto Networks Unit 42Chris Navarrete, Durgesh Sangvikar, Matthew Tennis, Rongbo Shao, Yanhui Jia
Attack Chain Overview: Emotet in December 2020 and January 2021
Emotet
2021-03-04F5Dor Nizar, Roy Moshailov
IcedID Banking Trojan Uses COVID-19 Pandemic to Lure New Victims
IcedID
2021-03-01Group-IBOleg Skulkin, Roman Rezvukhin, Semyon Rogachev
Ransomware Uncovered 2020/2021
RansomEXX BazarBackdoor Buer Clop Conti DoppelPaymer Dridex Egregor IcedID Maze PwndLocker QakBot RansomEXX REvil Ryuk SDBbot TrickBot Zloader
2021-02-28NetbyteSEC
Deobfuscating Emotet Macro Document and Powershell Command
Emotet
2021-02-28PWC UKPWC UK
Cyber Threats 2020: A Year in Retrospect
elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team
2021-02-26CrowdStrikeEric Loui, Sergei Frankoff
Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact
DarkSide RansomEXX Griffon Carbanak Cobalt Strike DarkSide IcedID MimiKatz PyXie RansomEXX REvil
2021-02-25ANSSICERT-FR
Ryuk Ransomware
BazarBackdoor Buer Conti Emotet Ryuk TrickBot
2021-02-25FireEyeBrendan McKeague, Bryce Abdo, Van Ta
So Unchill: Melting UNC2198 ICEDID to Ransomware Operations
MOUSEISLAND Cobalt Strike Egregor IcedID Maze SystemBC
2021-02-25JPCERT/CCKen Sajo
Emotet Disruption and Outreach to Affected Users
Emotet
2021-02-24AllsafeHara Hiroaki, Shota Nakajima
Malware Analysis at Scale - Defeating Emotet by Ghidra
Emotet
2021-02-24IBMIBM SECURITY X-FORCE
X-Force Threat Intelligence Index 2021
Emotet QakBot Ramnit REvil TrickBot
2021-02-23CrowdStrikeCrowdStrike
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER
2021-02-17Politie NLPolitie NL
Politie bestrijdt cybercrime via Nederlandse infrastructuur
Emotet
2021-02-17YouTube (AGDC Services)AGDC Services
How Malware Can Resolve APIs By Hash
Emotet Mailto
2021-02-16ProofpointProofpoint Threat Research Team
Q4 2020 Threat Report: A Quarterly Analysis of Cybersecurity Trends, Tactics and Themes
Emotet Ryuk NARWHAL SPIDER TA800
2021-02-15Twitter (@TheDFIRReport)The DFIR Report
Tweet on Qakbot post infection discovery activity
QakBot
2021-02-12CERT-FRCERT-FR
The Malware-Aa-A-Service Emotet
Emotet
2021-02-08GRNET CERTDimitris Kolotouros, Marios Levogiannis
Reverse engineering Emotet – Our approach to protect GRNET against the trojan
Emotet
2021-02-03Mimecast, Nettitude
TA551/Shathak Threat Research
IcedID
2021-02-03Digital ShadowsStefano De Blasi
Emotet Disruption: what it means for the cyber threat landscape
Emotet
2021-02-03ZDNetCharlie Osborne
Ursnif Trojan has targeted over 100 Italian banks
ISFB Snifula
2021-02-02CRONUPGermán Fernández
De ataque con Malware a incidente de Ransomware
Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader
2021-02-01MicrosoftMicrosoft 365 Defender Threat Intelligence Team
What tracking an attacker email infrastructure tells us about persistent cybercriminal operations
Dridex Emotet Makop Ransomware SmokeLoader TrickBot
2021-01-29MalwarebytesThreat Intelligence Team
Cleaning up after Emotet: the law enforcement file
Emotet
2021-01-28NTTDan Saunders
Emotet disruption - Europol counterattack
Emotet
2021-01-28InfoSec Handlers Diary BlogDaniel Wesemann
Emotet vs. Windows Attack Surface Reduction
Emotet
2021-01-28Youtube (Virus Bulletin)Benoît Ancel
The Bagsu banker case
Azorult DreamBot Emotet Pony TrickBot ZeusAction
2021-01-28HornetsecurityHornetsecurity Security Lab
Emotet Botnet Takedown
Emotet
2021-01-28Department of Homeland SecurityDepartment of Justice
Emotet Botnet Disrupted in International Cyber Operation
Emotet
2021-01-27Intel 471Intel 471
Emotet takedown is not like the Trickbot takedown
Emotet
2021-01-27Youtube (Національна поліція України)Національна поліція України
Кіберполіція викрила транснаціональне угруповання хакерів у розповсюдженні вірусу EMOTET
Emotet
2021-01-27EurojustEurojust
World’s most dangerous malware EMOTET disrupted through global action
Emotet
2021-01-27KrebsOnSecurityBrian Krebs
International Action Targets Emotet Crimeware
Emotet
2021-01-27Twitter (@milkr3am)milkream
Tweet on all Emotet epoch pushing payload to self remove emotet malware on 2021-04-25
Emotet
2021-01-27BundeskriminalamtBundeskriminalamt
In­fra­struk­tur der Emo­tet-Schad­soft­wa­re zer­schla­gen
Emotet
2021-01-27Team CymruJames Shank
Taking Down Emotet How Team Cymru Leveraged Visibility and Relationships to Coordinate Community Efforts
Emotet
2021-01-19Medium elis531989Eli Salem
Funtastic Packers And Where To Find Them
Get2 IcedID QakBot
2021-01-19Palo Alto Networks Unit 42Brad Duncan
Wireshark Tutorial: Examining Emotet Infection Traffic
Emotet GootKit IcedID QakBot TrickBot
2021-01-18tccontre Blogtcontre
Extracting Shellcode in ICEID .PNG Steganography
IcedID
2021-01-14NetskopeDagmawi Mulugeta, Ghanashyam Satpathy
You Can Run, But You Can’t Hide: Advanced Emotet Updates
Emotet
2021-01-13VinCSSm4n0w4r, Tran Trung Kien
[RE019] From A to X analyzing some real cases which used recent Emotet samples
Emotet
2021-01-12FortinetXiaopeng Zhang
New Variant of Ursnif Continuously Targeting Italy
ISFB
2021-01-09Marco Ramilli's BlogMarco Ramilli
Command and Control Traffic Patterns
ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot
2021-01-080xC0DECAFEThomas Barabosch
The malware analyst’s guide to aPLib decompression
ISFB Rovnix
2021-01-07Palo Alto Networks Unit 42Brad Duncan
TA551: Email Attack Campaign Switches from Valak to IcedID
IcedID
2021-01-06FBIFBI
PIN Number 20210106-001: Egregor Ransomware Targets Businesses Worldwide, Attempting to Extort Businesses by Publicly Releasing Exfiltrated Data
Egregor QakBot
2021-01-05r3mrum blogR3MRUM
Manual analysis of new PowerSplit maldocs delivering Emotet
Emotet
2021-01-01AWAKEAwake Security
Breaking the Ice: Detecting IcedID and Cobalt Strike Beacon with Network Detection and Response (NDR)
Cobalt Strike IcedID PhotoLoader
2021-01-01SecureworksSecureWorks
Threat Profile: GOLD LAGOON
QakBot MALLARD SPIDER
2021-01-01SecureworksSecureWorks
Threat Profile: GOLD CABIN
GOLD CABIN
2020-12-31Cert-AgIDCert-AgID
Simplify Emotet parsing with Python and iced x86
Emotet
2020-12-30Bleeping ComputerSergiu Gatlan
Emotet malware hits Lithuania's National Public Health Center
Emotet
2020-12-21Cisco TalosJON MUNSHAW
2020: The year in malware
WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader
2020-12-15HornetsecurityHornetsecurity Security Lab
QakBot reducing its on disk artifacts
Egregor PwndLocker QakBot
2020-12-12Medium 0xthreatintel0xthreatintel
Reversing QakBot [ TLP: White]
QakBot
2020-12-10Youtube (OALabs)Sergei Frankoff
Malware Triage Analyzing PrnLoader Used To Drop Emotet
Emotet
2020-12-10NRI SECURENeoSOC
マルウェア「IcedID」の検知傾向と感染に至るプロセスを徹底解説
IcedID
2020-12-09InfoSec Handlers Diary BlogBrad Duncan
Recent Qakbot (Qbot) activity
Cobalt Strike QakBot
2020-12-09CiscoCaitlin Huey, David Liebenberg
Quarterly Report: Incident Response trends from Fall 2020
Cobalt Strike IcedID Maze RansomEXX Ryuk
2020-12-09FireEyeMitchell Clarke, Tom Hall
It's not FINished The Evolving Maturity in Ransomware Operations (SLIDES)
Cobalt Strike DoppelPaymer QakBot REvil
2020-12-09MicrosoftMicrosoft 365 Defender Research Team
EDR in block mode stops IcedID cold
IcedID
2020-12-04Kaspersky LabsOleg Kupreev
The chronicles of Emotet
Emotet
2020-12-03Recorded FutureInsikt Group®
Egregor Ransomware, Used in a String of High-Profile Attacks, Shows Connections to QakBot
Egregor QakBot
2020-12-02Red Canarytwitter (@redcanary)
Tweet on increased #Qbot activity delivering Cobalt Strike & #Egregor ransomware
Cobalt Strike Egregor QakBot
2020-12-02CyberIntCyberint Research
IcedID Stealer Man-in-the-browser Banking Trojan
IcedID
2020-12-01Group-IBGroup-IB, Oleg Skulkin, Roman Rezvukhin, Semyon Rogachev
Egregor ransomware: The legacy of Maze lives on
Egregor QakBot
2020-11-30FireEyeMitchell Clarke, Tom Hall
It's not FINished The Evolving Maturity in Ransomware Operations
Cobalt Strike DoppelPaymer MimiKatz QakBot REvil
2020-11-27malware.loveRobert Giczewski
Having fun with a Ursnif VBS dropper
ISFB Snifula
2020-11-27Fiducia & GAD IT AGFrank Boldewin
When ransomware hits an ATM giant - The Diebold Nixdorf case dissected
PwndLocker QakBot
2020-11-26VirusTotalEmiliano Martinez
Using similarity to expand context and map out threat campaigns
Emotet
2020-11-26CybereasonCybereason Nocturnus, Lior Rochberger
Cybereason vs. Egregor Ransomware
Cobalt Strike Egregor IcedID ISFB QakBot
2020-11-22Irshad's BlogIrshad Muhammad
Analyzing an Emotet Dropper and Writing a Python Script to Statically Unpack Payload.
Emotet
2020-11-20ZDNetCatalin Cimpanu
The malware that usually installs ransomware and you need to remove right away
Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader
2020-11-20Group-IBOleg Skulkin, Roman Rezvukhin, Semyon Rogachev
The Locking Egregor
Egregor QakBot
2020-11-18CiscoEdmund Brumaghin, Jaeson Schultz, Nick Biasini
Back from vacation: Analyzing Emotet’s activity in 2020
Emotet
2020-11-12IntrinsecJean Bichet
Egregor – Prolock: Fraternal Twins ?
Egregor PwndLocker QakBot
2020-11-06Security Soup BlogRyan Campbell
Quick Post: Spooky New PowerShell Obfuscation in Emotet Maldocs
Emotet
2020-11-06LAC WATCHIshikawa, Matsumoto, Takagen
分析レポート:Emotetの裏で動くバンキングマルウェア「Zloader」に注意
Emotet Zloader
2020-11-05Brim SecurityOliver Rochford
Hunting Emotet with Brim and Zeek
Emotet
2020-10-29Palo Alto Networks Unit 42Janos Szurdi, Jingwei Fan, Ruian Duan, Seokkyung Chung, Zhanhao Chen
Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee
Emotet
2020-10-29CERT-FRCERT-FR
LE MALWARE-AS-A-SERVICE EMOTET
Dridex Emotet ISFB QakBot
2020-10-28BitdefenderRuben Andrei Condor
A Decade of WMI Abuse – an Overview of Techniques in Modern Malware
sLoad Emotet Maze
2020-10-20Bundesamt für Sicherheit in der InformationstechnikBSI
Die Lage der IT-Sicherheit in Deutschland 2020
Clop Emotet REvil Ryuk TrickBot
2020-10-19SPAM AuditorThomas
The Many Faces of Emotet
Emotet
2020-10-16ProofpointCassandra A., Proofpoint Threat Research Team
Geofenced Amazon Japan Credential Phishing Volumes Rival Emotet
Emotet
2020-10-15Department of JusticeDepartment of Justice
Officials Announce International Operation Targeting Transnational Criminal Organization QQAAZZ that Provided Money Laundering Services to High-Level Cybercriminals
Dridex ISFB TrickBot
2020-10-14CrowdStrikeThe Falcon Complete Team
Duck Hunting with Falcon Complete: Remediating a Fowl Banking Trojan, Part 3
QakBot
2020-10-12DeepInstinctRon Ben Yizhak
Why Emotet’s Latest Wave is Harder to Catch Than Ever Before – Part 2
Emotet
2020-10-07CrowdStrikeThe Falcon Complete Team
Duck Hunting with Falcon Complete: Analyzing a Fowl Banking Trojan, Part 2
QakBot Zloader
2020-10-01ProofpointAxel F, Proofpoint Threat Research Team
Emotet Makes Timely Adoption of Political and Elections Lures
Emotet
2020-10-01CrowdStrikeDylan Barker, Quinten Bowen, Ryan Campbell
Duck Hunting with Falcon Complete: Analyzing a Fowl Banking Trojan, Part 1
QakBot MALLARD SPIDER
2020-09-29PWC UKAndy Auld
What's behind the increase in ransomware attacks this year?
DarkSide Avaddon Clop Conti DoppelPaymer Dridex Emotet FriedEx Mailto PwndLocker QakBot REvil Ryuk SMAUG SunCrypt TrickBot WastedLocker
2020-09-29MicrosoftMicrosoft
Microsoft Digital Defense Report
Emotet IcedID Mailto Maze QakBot REvil RobinHood TrickBot
2020-09-29SeqritePrashant Tilekar
The return of the Emotet as the world unlocks!
Emotet
2020-09-23paloalto Netoworks: Unit42Brad Duncan
Case Study: Emotet Thread Hijacking, an Email Attack Technique
Emotet
2020-09-11ThreatConnectThreatConnect Research Team
Research Roundup: Activity on Previously Identified APT33 Domains
Emotet PlugX APT33
2020-09-10Group-IBOleg Skulkin, Semyon Rogachev
Lock Like a Pro: Dive in Recent ProLock's Big Game Hunting
PwndLocker QakBot
2020-09-10QuoSec GmbHQuosec Blog
grap: Automating QakBot strings decryption
QakBot
2020-09-07CERT NZCERT NZ
Emotet Malware being spread via email
Emotet
2020-09-07CERT-FRCERT-FR
Bulletin d'alerte du CERT-FR: Recrudescence d’activité Emotet en France
Emotet
2020-09-04QuoSec GmbHQuosec Blog
Navigating QakBot samples with grap
QakBot
2020-09-02Cisco TalosEdmund Brumaghin, Holger Unterbrink
Salfram: Robbing the place without removing your name tag
Ave Maria ISFB SmokeLoader Zloader
2020-08-31IndeChris Campbell
Analysis of the latest wave of Emotet malicious documents
Emotet
2020-08-28CheckpointCheck Point Research
Gozi: The Malware with a Thousand Faces
DreamBot ISFB LOLSnif SaiGon
2020-08-28ProofpointAxel F, Proofpoint Threat Research Team
A Comprehensive Look at Emotet’s Summer 2020 Return
Emotet MUMMY SPIDER
2020-08-27CheckpointAlex Ilgayev
An Old Bot’s Nasty New Tricks: Exploring Qbot’s Latest Attack Methods
QakBot
2020-08-24HornetsecuritySecurity Lab
Emotet Update increases Downloads
Emotet
2020-08-20MorphisecArnold Osipov
QakBot (QBot) Maldoc Campaign Introduces Two New Techniques into Its Arsenal
QakBot
2020-08-16kienmanowar Blogm4n0w4r
Manual Unpacking IcedID Write-up
IcedID
2020-08-14Binary DefenseJames Quinn
EmoCrash: Exploiting a Vulnerability in Emotet Malware for Defense
Emotet
2020-08-12JuniperPaul Kimayong
IcedID Campaign Strikes Back
IcedID
2020-08-12DeepInstinctRon Ben Yizhak
Why Emotet’s Latest Wave is Harder to Catch than Ever Before
Emotet
2020-08-10tccontre Blogtccontre
Learning From ICEID loader - Including its Steganography Payload Parsing
IcedID
2020-08-09F5 LabsDebbie Walkowski, Remi Cohen
Banking Trojans: A Reference Guide to the Malware Family Tree
BackSwap Carberp Citadel DanaBot Dridex Dyre Emotet Gozi Kronos PandaBanker Ramnit Shylock SpyEye Tinba TrickBot Vawtrak Zeus
2020-08-05Github (mauronz)Francesco Muroni
Emotet API+string deobfuscator (v0.1)
Emotet
2020-08-01TG SoftTG Soft
TG Soft Cyber - Threat Report
DarkComet Darktrack RAT Emotet ISFB
2020-07-31HornetsecurityHornetsecurity Security Lab
The webshells powering Emotet
Emotet
2020-07-30SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q2 2020
AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader
2020-07-29ESET Researchwelivesecurity
THREAT REPORT Q2 2020
DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor
2020-07-29Sophos LabsAndrew Brandt
Emotet’s return is the canary in the coal mine
Emotet
2020-07-28Bleeping ComputerSergiu Gatlan
Emotet malware now steals your email attachments to attack contacts
Emotet
2020-07-23DarktraceMax Heinemeyer
The resurgence of the Ursnif banking trojan
ISFB Snifula
2020-07-22SentinelOneJason Reaves, Joshua Platt
Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)
ISFB Maze TrickBot Zloader
2020-07-20Bleeping ComputerLawrence Abrams
Emotet-TrickBot malware duo is back infecting Windows machines
Emotet TrickBot
2020-07-20NTTSecurity division of NTT Ltd.
Shellbot victim overlap with Emotet network infrastructure
Emotet
2020-07-20HornetsecurityHornetsecurity Security Lab
Emotet is back
Emotet
2020-07-18HornetsecurityHornetsecurity Security Lab
Firefox Send sends Ursnif malware
ISFB
2020-07-17CERT-FRCERT-FR
The Malware Dridex: Origins and Uses
Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus
2020-07-15N1ght-W0lf BlogAbdallah Elshinbary
Deep Analysis of QBot Banking Trojan
QakBot
2020-07-01TG SoftTG Soft
Cyber-Threat Report on the cyber attacks of June 2020 in Italy
Avaddon ISFB
2020-07-01Cisco TalosEdmund Brumaghin, Mariano Graziano, Nick Biasini
Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks
Valak IcedID ISFB MyKings Spreader
2020-06-24MorphisecArnold Osipov
Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex
Dridex ISFB QakBot Zloader
2020-06-23NCC GroupMichael Sandee, Nikolaos Pantazopoulos, Stefano Antenucci
WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group
Cobalt Strike ISFB WastedLocker
2020-06-22zero2autoDaniel Bunce
Unpacking Visual Basic Packers – IcedID
IcedID
2020-06-21Malware and StuffAndreas Klopsch
UpnP – Messing up Security since years
QakBot
2020-06-18JuniperPaul Kimayong
COVID-19 and FMLA Campaigns used to install new IcedID banking malware
IcedID
2020-06-18NTT SecuritySecurity division of NTT Ltd.
Behind the scenes of the Emotet Infrastructure
Emotet
2020-06-17Youtube (Red Canary)Adam Pennington, David Kaplan, Erika Noerenberg, Matt Graeber
ATT&CK® Deep Dive: Process Injection
ISFB Ramnit TrickBot
2020-06-17Github (f0wl)Marius Genheimer
deICEr: A Go tool for extracting config from IcedID second stage Loaders
IcedID
2020-06-16HornetsecuritySecurity Lab
QakBot malspam leading to ProLock: Nothing personal just business
PwndLocker QakBot
2020-06-12ThreatConnectThreatConnect Research Team
Probable Sandworm Infrastructure
Avaddon Emotet Kimsuky
2020-06-11F5 LabsDoron Voolf
Qbot Banking Trojan Still Up to Its Old Tricks
QakBot
2020-06-02MorphisecArnold Osipov
Ursnif/Gozi Delivery - Excel Macro 4.0 Utilization Uptick & OCR Bypass
ISFB
2020-06-02Lastline LabsJames Haughom, Stefano Ortolani
Evolution of Excel 4.0 Macro Weaponization
Agent Tesla DanaBot ISFB TrickBot Zloader
2020-05-29Group-IBIvan Pisarev
IcedID: When ice burns through bank accounts
IcedID
2020-05-28VMWare Carbon BlackRyan Murphy, Tom Kellermann
Modern Bank Heists 3.0
Emotet
2020-05-24Palo Alto Networks Unit 42Ajaya Neupane, Stefan Achleitner
Using AI to Detect Malicious C2 Traffic
Emotet Sality
2020-05-21PICUS SecuritySüleyman Özarslan
T1055 Process Injection
BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE
2020-05-07Github (mlodic)Matteo Lodi
Ursnif beacon decryptor
Gozi ISFB
2020-05-05HornetsecuritySecurity Lab
Awaiting the Inevitable Return of Emotet
Emotet
2020-05-05Malware and StuffAndreas Klopsch
An old enemy – Diving into QBot part 3
QakBot
2020-04-22Youtube (Infosec Alpha)Raashid Bhat
FlattenTheCurve - Emotet Control Flow Unflattening | Episode 2
Emotet
2020-04-14Intel 471Intel 471
Understanding the relationship between Emotet, Ryuk and TrickBot
Emotet Ryuk TrickBot
2020-04-03Bleeping ComputerSergiu Gatlan
Microsoft: Emotet Took Down a Network by Overheating All Computers
Emotet
2020-03-31Youtube (Infosec Alpha)Raashid Bhat
Emotet Binary Deobfuscation | Coconut Paradise | Episode 1
Emotet
2020-03-30SymantecMingwei Zhang, Nguyen Hoang Giang
Emotet: Dangerous Malware Keeps on Evolving
Emotet
2020-03-30IntezerMichael Kajiloti
Fantastic payloads and where we find them
Dridex Emotet ISFB TrickBot
2020-03-30Malware and StuffAndreas Klopsch
An old enemy – Diving into QBot part 1
QakBot
2020-03-18ProofpointAxel F, Sam Scholten
Coronavirus Threat Landscape Update
Agent Tesla Get2 ISFB Remcos
2020-03-12Digital ShadowsAlex Guirakhoo
How cybercriminals are taking advantage of COVID-19: Scams, fraud, and misinformation
Emotet
2020-03-11Twitter (@raashidbhatt)Raashid Bhat
Tweet on Emotet Deobfuscation with Video
Emotet
2020-03-06TelekomThomas Barabosch
Dissecting Emotet - Part 2
Emotet
2020-03-06Binary DefenseJames Quinn
Emotet Wi-Fi Spreader Upgraded
Emotet
2020-03-04CrowdStrikeCrowdStrike
2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER
2020-03-03PWC UKPWC UK
Cyber Threats 2019:A Year in Retrospect
KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle
2020-03-02c'tChristian Wölbert
Was Emotet anrichtet – und welche Lehren die Opfer daraus ziehen
Emotet Ryuk
2020-02-29ZDNetCatalin Cimpanu
Meet the white-hat group fighting Emotet, the world's most dangerous malware
Emotet
2020-02-19FireEyeFireEye
M-Trends 2020
Cobalt Strike Grateful POS LockerGoga QakBot TrickBot
2020-02-18CERT.PLMichał Praszmo
What’s up Emotet?
Emotet
2020-02-18Sophos LabsLuca Nagy
Nearly a quarter of malware now communicates using TLS
Dridex IcedID TrickBot
2020-02-13Palo Alto Networks Unit 42Brad Duncan
Wireshark Tutorial: Examining Qakbot Infections
QakBot
2020-02-13TalosEdmund Brumaghin, Nick Biasini
Threat actors attempt to capitalize on coronavirus outbreak
Emotet Nanocore RAT Parallax RAT
2020-02-10MalwarebytesAdam Kujawa, Chris Boyd, David Ruiz, Jérôme Segura, Jovi Umawing, Nathan Collier, Pieter Arntz, Thomas Reed, Wendy Zamora
2020 State of Malware Report
magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor
2020-02-08PICUS SecuritySüleyman Özarslan
Emotet Technical Analysis - Part 2 PowerShell Unveiled
Emotet
2020-02-07Binary DefenseJames Quinn
Emotet Evolves With New Wi-Fi Spreader
Emotet
2020-02-03TelekomThomas Barabosch
Dissecting Emotet – Part 1
Emotet
2020-01-30PICUS SecuritySüleyman Özarslan
Emotet Technical Analysis - Part 1 Reveal the Evil Code
Emotet
2020-01-30IBM X-Force ExchangeAshkan Vila, Golo Mühr
Coronavirus Goes Cyber With Emotet
Emotet
2020-01-27T-SystemsT-Systems
Vorläufiger forensischer Abschlussbericht zur Untersuchung des Incidents beim Berliner Kammergericht
Emotet TrickBot
2020-01-23SANS ISC InfoSec ForumsBrad Duncan
German language malspam pushes Ursnif
ISFB
2020-01-22Thomas Barabosch
The malware analyst’s guide to PE timestamps
Azorult Gozi IcedID ISFB LOLSnif SUNBURST TEARDROP
2020-01-17Hiroaki Ogawa, Manabu Niseki
100 more behind cockroaches?
MoqHao Emotet Predator The Thief
2020-01-17Ken Sajo, Yasuhiro Takeda, Yusuke Niwa
Battle Against Ursnif Malspam Campaign targeting Japan
Cutwail ISFB TrickBot UrlZone
2020-01-17JPCERT/CCTakayoshi Shiigi
Looking back on the incidents in 2019
TSCookie NodeRAT Emotet PoshC2 Quasar RAT
2020-01-14Bleeping ComputerLawrence Abrams
United Nations Targeted With Emotet Malware Phishing Attack
Emotet
2020-01-13GigamonEd Miles, William Peteroy
Emotet: Not your Run-of-the-mill Malware
Emotet
2020-01-10CSISCSIS
Threat Matrix H1 2019
Gustuff magecart Emotet Gandcrab Ramnit TrickBot
2020-01-07Hatching.ioTeam
Powershell Static Analysis & Emotet results
Emotet
2020-01-03Youtube (BSides Belfast)Jorge Rodriguez, Nick Summerlin
Demystifying QBot Banking Trojan
QakBot
2020-01-01SecureworksSecureWorks
GOLD LAGOON
QakBot
2020-01-01SecureworksSecureWorks
GOLD SWATHMORE
GlobeImposter Gozi IcedID TrickBot LUNAR SPIDER
2020-01-01University of MaltaSteve Borg
Memory Forensics of Qakbot
QakBot
2020-01-01SecureworksSecureWorks
GOLD CRESTWOOD
Emotet MUMMY SPIDER
2019-12-24SophosSophosLabs Threat Research
Gozi V3: tracked by their own stealth
ISFB
2019-12-23Palo Alto Networks Unit 42Brad Duncan
Wireshark Tutorial: Examining Ursnif Infections
ISFB
2019-12-18Github (psrok1)Paweł Srokosz
IcedID PNG Extractor
IcedID
2019-12-12FireEyeChi-en Shen, Oleg Bondarenko
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow
Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech
2019-12-10JPCERT/CCJPCERT/CC
[Updated] Alert Regarding Emotet Malware Infection
Emotet
2019-12-07SecureworksKeith Jarvis, Kevin O’Reilly
End-to-end Botnet Monitoring... Botconf 2019
Emotet ISFB QakBot
2019-12-04JPCERT/CCKen Sajo
How to Respond to Emotet Infection (FAQ)
Emotet
2019-12-03MalwarebytesThreat Intelligence Team
New version of IcedID Trojan uses steganographic payloads
IcedID
2019-11-12Hatching.ioMarkel Picado
Reversing Qakbot
QakBot
2019-11-06Heise SecurityThomas Hungenberg
Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail
Emotet Ryuk TrickBot
2019-10-30ZscalerAbhay Yadav, Atinderpal Singh
Emotet is back in action after a short break
Emotet
2019-10-14Marco Ramilli
Is Emotet gang targeting companies with external SOC?
Emotet
2019-09-24Dissecting MalwareMarius Genheimer
Return of the Mummy - Welcome back, Emotet
Emotet
2019-09-16MalwarebytesThreat Intelligence Team
Emotet is back: botnet springs back to life with new spam campaign
Emotet
2019-08-13AdalogicsDavid Korczynski
The state of advanced code injections
Dridex Emotet Tinba
2019-08-12Schweizerische EidgenossenschaftSchweizerische Eidgenossenschaft
Trojaner Emotet greift Unternehmensnetzwerke an
Emotet
2019-08-07FortinetXiaopeng Zhang
New Ursnif Variant Spreading by Word Document
ISFB
2019-07-11ProofpointProofpoint Threat Insight Team
Threat Actor Profile: TA544 targets geographies from Italy to Japan with a range of malware
ISFB PandaBanker UrlZone NARWHAL SPIDER
2019-07-09FortinetKai Lu
A Deep Dive Into IcedID Malware: Part I - Unpacking, Hooking and Process Injection
IcedID
2019-06-25Dawid Golak
IcedID aka #Bokbot Analysis with Ghidra
IcedID
2019-06-25VMRayTamas Boczan
Analyzing Ursnif’s Behavior Using a Malware Sandbox
ISFB
2019-06-19ProofpointProofpoint Threat Insight Team
URLZone top malware in Japan, while Emotet and LINE Phishing round out the landscape
ISFB UrlZone NARWHAL SPIDER
2019-06-16FortinetKai Lu
A Deep Dive Into IcedID Malware: Part II - Analysis of the Core IcedID Payload (Parent Process)
IcedID
2019-06-06FortinetKai Lu
A Deep Dive into the Emotet Malware
Emotet
2019-06-03VaronisDolev Taler, Eric Saraga
Varonis Exposes Global Cyber Campaign: C2 Server Actively Compromising Thousands of Victims
QakBot
2019-05-250ffset Blog0verfl0w_
Analyzing ISFB – The Second Loader
ISFB
2019-05-15ProofpointAxel F, Proofpoint Threat Insight Team
Threat Actor Profile: TA542, From Banker to Malware Distribution Service
Emotet MUMMY SPIDER
2019-05-09GovCERT.chGovCERT.ch
Severe Ransomware Attacks Against Swiss SMEs
Emotet LockerGoga Ryuk TrickBot
2019-05-02Cisco TalosAshlee Benge, Nick Randolph
Qakbot levels up with new obfuscation techniques
QakBot
2019-04-29BluelivBlueliv Labs Team
Where is Emotet? Latest geolocation data
Emotet
2019-04-25Trend MicroTrendmicro
Emotet Adds New Evasion Technique
Emotet
2019-04-22int 0xcc blogRaashid Bhat
Dissecting Emotet’s network communication protocol
Emotet
2019-04-12SpamTitantitanadmin
Emotet Malware Revives Old Email Conversations Threads to Increase Infection Rates
Emotet
2019-04-07Sveatoslav Persianov
Emotet malware analysis. Part 2
Emotet
2019-04-06Youtube (hasherezade)hasherezade
Unpacking ISFB (including the custom 'PX' format)
ISFB
2019-04-05YoroiAntonio Pirozzi, Davide Testa
Ursnif: The Latest Evolution of the Most Popular Banking Malware
ISFB
2019-04-04SecurityIntelligenceLimor Kessem, Nir Somech
IcedID Banking Trojan Spruces Up Injection Tactics to Add Stealth
IcedID
2019-04-01Cafe Babe
Analyzing Emotet with Ghidra — Part 1
Emotet
2019-03-27SpamhausSpamhaus Malware Labs
Emotet adds a further layer of camouflage
Emotet
2019-03-26YoroiDavide Testa, Luca Mella, Luigi Martire
The Ursnif Gangs keep Threatening Italy
ISFB
2019-03-21CrowdStrikeJames Scalise, Shaun Hurley
Interception: Dissecting BokBot’s “Man in the Browser”
IcedID
2019-03-17Persianov on SecuritySveatoslav Persianov
Emotet malware analysis. Part 1
Emotet
2019-03-15CofenseThreat Intelligence
Flash Bulletin: Emotet Epoch 1 Changes its C2 Communication
Emotet
2019-03-130ffset Blog0verfl0w_
Analysing ISFB – The First Loader
ISFB
2019-03-12CybereasonAssaf Dahan, Cybereason Nocturnus
New Ursnif Variant targets Japan packed with new Features
ISFB UrlZone
2019-03-11MinervaMinerva Labs
Attackers Insert Themselves into the Email Conversation to Spread Malware
ISFB
2019-03-08The Daily SwigJames Walker
Emotet trojan implicated in Wolverine Solutions ransomware attack
Emotet
2019-02-16Max Kersten's BlogMax Kersten
Emotet droppers
Emotet
2019-02-15CrowdStrikeBex Hartley, Brendon Feeley
“Sin”-ful SPIDERS: WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web
Dyre IcedID TrickBot Vawtrak LUNAR SPIDER WIZARD SPIDER
2019-02-07YoroiAntonio Farina, Antonio Pirozzi, Davide Testa
Ursnif: Long Live the Steganography!
ISFB
2019-02-06SecurityIntelligenceItzik Chimino, Limor Kessem, Ophir Harpaz
IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites
IcedID
2019-01-30CyberbitHod Gavriel
New Ursnif Malware Variant – a Stunning Matryoshka (Матрёшка)
ISFB
2019-01-24Cisco TalosJohn Arneson
Cisco AMP tracks new campaign that delivers Ursnif
ISFB
2019-01-17SANS ISC InfoSec ForumsBrad Duncan
Emotet infections and follow-up malware
Emotet
2019-01-150ffset Blog0verfl0w_
Analyzing COMmunication in Malware
ISFB
2019-01-05Github (d00rt)d00rt
Emotet Research
Emotet
2019-01-03CrowdStrikeJames Scalise, Shaun Hurley
Digging into BokBot’s Core Module
IcedID
2019-01-01D00RT_RM
Emutet
Emotet
2019-01-01CSISBenoît Ancel, Peter Kruse
Dreambot Business overview 2019
ISFB
2018-12-18Trend MicroTrendmicro
URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader
Dridex Emotet FriedEx ISFB
2018-11-16Trend MicroTrend Micro
Exploring Emotet: Examining Emotet’s Activities, Infrastructure
Emotet
2018-11-09Youtube (OALabs)Sean Wilson, Sergei Frankoff
Reverse Engineering IcedID / Bokbot Malware Part 2
IcedID
2018-11-09ESET ResearchESET Research
Emotet launches major new spam campaign
Emotet
2018-10-31Kryptos LogicKryptos Logic
Emotet Awakens With New Campaign of Mass Email Exfiltration
Emotet
2018-10-26Youtube (OALabs)Sergei Frankoff
Unpacking Bokbot / IcedID Malware - Part 1
IcedID
2018-09-12Cryptolaemus PastedumpCryptolaemus
Emotet IOC
Emotet
2018-09-07Vitali Kremez
Let's Learn: Deeper Dive into "IcedID"/"BokBot" Banking Malware: Part 1
IcedID
2018-08-09Fox-ITAlfred Klason
Bokbot: The (re)birth of a banker
IcedID Vawtrak
2018-08-01Kryptos LogicKryptos Logic
Inside Look at Emotet's Global Victims and Malspam Qakbot Payloads
Emotet
2018-07-29Vitali Kremez BlogVitali Kremez
Let's Learn: In-Depth Reversing of Qakbot "qbot" Banker Part 1
QakBot
2018-07-26IntezerItai Tevet
Mitigating Emotet, The Most Common Banking Trojan
Emotet
2018-07-24Check PointBen Herzog, Ofer Caspi
Emotet: The Tricky Trojan that ‘Git Clones’
Emotet
2018-07-23MalFindLasq
Deobfuscating Emotet’s powershell payload
Emotet
2018-07-20NCCICCommunications Integration Center, National Cybersecurity
Alert (TA18-201A) Emotet Malware
Emotet
2018-07-18SymantecSecurity Response Attack Investigation Team
The Evolution of Emotet: From Banking Trojan to Threat Distributor
Emotet
2018-05-17FidelisThreat Research Team
Gozi V3 Technical Update
ISFB
2018-04-10Cisco TalosDaphne Galme, Michael Gorelik, Ross Gibb
IcedID Banking Trojan Teams up with Ursnif/Dreambot for Distribution
IcedID
2018-03-19hasherezade
Unpacking Ursnif
ISFB
2018-03-06Cisco TalosAdam Weller, Edmund Brumaghin, Holger Unterbrink
Gozi ISFB Remains Active in 2018, Leverages "Dark Cloud" Botnet For Distribution
ISFB
2018-02-08CrowdStrikeAdam Meyers
Meet CrowdStrike’s Adversary of the Month for February: MUMMY SPIDER
Emotet MUMMY SPIDER
2018-02-07CylanceThreat Research Team
Threat Spotlight: URSNIF Infostealer Malware
ISFB
2018-01-17SANS ISCbrad
Reviewing the spam filters: Malspam pushing Gozi-ISFB
ISFB
2018-01-12ProofpointProofpoint Staff
Holiday lull? Not so much
Dridex Emotet GlobeImposter ISFB Necurs PandaBanker UrlZone NARWHAL SPIDER
2018-01-01Quick HealQuick Heal
The Complete story of EMOTET Most prominent Malware of 2018
Emotet
2017-11-28FireEyeAbhay Vaish, Sandor Nemes
Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection
ISFB
2017-11-15Trend MicroRubio Wu
New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis
Emotet
2017-11-14Digital GuardianChris Brook
IceID Banking Trojan Targeting Banks, Payment Card Providers, E-Commerce Sites
IcedID
2017-11-13IntezerJay Rosenberg
IcedID Banking Trojan Shares Code with Pony 2.0 Trojan
IcedID IcedID Downloader
2017-11-13SecurityIntelligenceLimor Kessem, Maor Wiesen, Tal Darsan, Tomer Agayev
New Banking Trojan IcedID Discovered by IBM X-Force Research
IcedID IcedID Downloader
2017-11-06MicrosoftMicrosoft Defender ATP Research Team
Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks
Emotet QakBot
2017-11-06MicrosoftMicrosoft Defender ATP Research Team
Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks
Emotet
2017-10-12G DataG Data
Emotet beutet Outlook aus
Emotet
2017-10-06CERT.PLJarosław Jedynak, Maciej Kotowicz
Peering into spam botnets
Emotet Kelihos Necurs SendSafe Tofsee
2017-09-07Trend MicroDon Ladores
EMOTET Returns, Starts Spreading via Spam Botnet
Emotet
2017-07-17MalwarebytesThreat Intelligence Team
It’s baaaack: Public cyber enemy Emotet has returned
Emotet
2017-07-02CERT.PLMaciej Kotowicz
ISFB: Still Live and Kicking
ISFB
2017-06-02SecurityIntelligenceKevin Zuk, Limor Kessem, Matan Meir, Mike Oppenheim
QakBot Banking Trojan Causes Massive Active Directory Lockouts
QakBot
2017-05-31ropgadget.comJeff White
Writing PCRE's for applied passive network defense [Emotet]
Emotet
2017-05-29Lokalhost.plMaciej Kotowicz
Gozi Tree
DreamBot Gozi ISFB Powersniff
2017-05-24CERT.PLPaweł Srokosz
Analysis of Emotet v4
Emotet
2017-05-23ThreatVectorCylance Threat Research Team
Quakbot
QakBot
2017-05-03FortinetXiaopeng Zhang
Deep Analysis of New Emotet Variant - Part 1
Emotet
2017-04-20MalwarebytesJérôme Segura
Binary Options malvertising campaign drops ISFB banking Trojan
ISFB
2016-11-01Ariel Koren's BlogAriel Koren
Ursnif Malware: Deep Technical Dive
ISFB
2016-08-01Intel SecurityGuilherme Venere, Mark Olea, Sanchit Karve
DIVING INTO PINKSLIPBOT’S LATEST CAMPAIGN
QakBot
2016-04-28Cisco TalosBen Baker
Research Spotlight: The Resurgence of Qbot
QakBot
2016-04-14SecurityIntelligenceLimor Kessem, Lior Keshet
Meet GozNym: The Banking Malware Offspring of Gozi ISFB and Nymaim
ISFB Nymaim GozNym
2016-03-23Github (gbrindisi)gbrindisi
Gozi ISFB Sourceccode
ISFB
2016-02-24Johannes Bader BlogJohannes Bader
The DGA of Qakbot.T
QakBot
2016-01-01BAE SystemsBAE Systems
The Return of Qbot
QakBot
2015-04-09Kaspersky LabsAlexey Shulmin
The Banking Trojan Emotet: Detailed Analysis
Emotet
2013-01-18abuse.chabuse.ch
Feodo Tracker
Emotet
2012-01-01SymantecNicolas Falliere
W32.Qakbot in Detail
QakBot
2011-12-11Open Security ResearchMichael G. Spohn.
Intro. To Reversing - W32Pinkslipbot
QakBot
2011-05-25Contagio DumpMila Parkour
W32.Qakbot aka W32/Pinkslipbot or infostealer worm
QakBot
2010-10-25RSARSA FraudAction Research Labs
Businesses Beware: Qakbot Spreads like a Worm, Stings like a Trojan
QakBot
2010-05-11SymantecShunichi Imano
Qakbot, Data Thief Unmasked: Part I
QakBot
2010-04-22SymantecPatrick Fitzgerald
Qakbot Steals 2GB of Confidential Data per Week
QakBot
2009-12-22SymantecJohn McDonald, Masaki Suenaga, Takayoshi Nakayama
Qakbot, Data Thief Unmasked: Part II
QakBot
2009-05-07SymantecAngela Thigpen, Eric Chien
W32.Qakbot
QakBot

Credits: MISP Project