SYMBOL | COMMON_NAME | aka. SYNONYMS |
GOLD CABIN is a financially motivated cybercriminal threat group operating a malware distribution service on behalf of numerous customers since 2018. GOLD CABIN uses malicious documents, often contained in password-protected archives, delivered through email to download and execute payloads. The second-stage payloads are most frequently Gozi ISFB (Ursnif) or IcedID (Bokbot), sometimes using intermediary malware like Valak. GOLD CABIN infrastructure relies on artificial appearing and frequently changing URLs created with a domain generation algorithm (DGA). The URLs host a PHP object that returns the malware as a DLL file.
2024-10-28
⋅
Medium shaddy43
⋅
Emotet Malware Analysis Emotet |
2024-10-18
⋅
Netskope
⋅
New Bumblebee Loader Infection Chain Signals Possible Resurgence BumbleBee |
2024-07-29
⋅
Mandiant
⋅
UNC4393 Goes Gently into the SILENTNIGHT Black Basta QakBot sRDI SystemBC Zloader UNC4393 |
2024-07-09
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update January to June 2024 Coper FluBot Hook Bashlite Mirai FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc NjRAT QakBot Quasar RAT RedLine Stealer Remcos Rhadamanthys RisePro Sliver |
2024-07-02
⋅
Sekoia
⋅
Exposing FakeBat loader: distribution methods and adversary infrastructure BlackCat Royal Ransom EugenLoader Carbanak Cobalt Strike DICELOADER Gozi IcedID Lumma Stealer NetSupportManager RAT Pikabot RedLine Stealer SectopRAT Sliver SmokeLoader Vidar |
2024-05-30
⋅
Europol
⋅
Largest ever operation against botnets hits dropper malware ecosystem BumbleBee IcedID SmokeLoader SystemBC TrickBot |
2024-05-26
⋅
ZW01f
⋅
QakBOT v5 Deep Malware Analysis QakBot |
2024-05-16
⋅
Elastic
⋅
Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID IcedID Latrodectus |
2024-05-15
⋅
X (@bryceabdo)
⋅
Tweet on UNC5449 exploiting CVE-2024-30051 to deliver QAKBOT QakBot |
2024-05-15
⋅
Microsoft
⋅
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware Black Basta Cobalt Strike QakBot |
2024-05-14
⋅
Kaspersky
⋅
QakBot attacks with Windows zero-day (CVE-2024-30051) Cobalt Strike QakBot |
2024-04-29
⋅
The DFIR Report
⋅
From IcedID to Dagon Locker Ransomware in 29 Days IcedID Mount Locker |
2024-04-24
⋅
kienmanowar Blog
⋅
[QuickNote] Qakbot 5.0 – Decrypt strings and configuration QakBot |
2024-04-08
⋅
0x0d4y
⋅
IcedID – Technical Analysis of an IcedID Lightweight x64 DLL IcedID |
2024-04-04
⋅
Proofpoint
⋅
Latrodectus: This Spider Bytes Like Ice IcedID Latrodectus |
2024-04-01
⋅
The DFIR Report
⋅
From OneNote to RansomNote: An Ice Cold Intrusion Cobalt Strike IcedID Nokoyawa Ransomware PhotoLoader |
2024-03-26
⋅
Medium zyadlzyatsoc
⋅
Comprehensive Analysis of EMOTET Malware: Part 1 Emotet |
2024-03-17
⋅
Technical Evolution
⋅
Carving the IcedId - Part 3 IcedID |
2024-02-28
⋅
Security Intelligence
⋅
X-Force data reveals top spam trends, campaigns and senior superlatives in 2023 404 Keylogger Agent Tesla Black Basta DarkGate Formbook IcedID Loki Password Stealer (PWS) Pikabot QakBot Remcos |
2024-02-21
⋅
Invoke RE
⋅
Automating Qakbot Malware Analysis with Binary Ninja QakBot |
2024-02-21
⋅
YouTube (Invoke RE)
⋅
Analyzing Qakbot Using Binary Ninja Automation Part 3 QakBot |
2024-02-16
⋅
Malcat
⋅
Writing a Qakbot 5.0 config extractor with Malcat QakBot |
2024-02-15
⋅
Bleeping Computer
⋅
Zeus, IcedID malware gangs leader pleads guilty, faces 40 years in prison Egregor IcedID Maze Zeus |
2024-02-15
⋅
Department of Justice
⋅
Foreign National Pleads Guilty to Role in Cybercrime Schemes Involving Tens of Millions of Dollars in Losses Egregor IcedID Maze Zeus |
2024-02-13
⋅
Proofpoint
⋅
Bumblebee Buzzes Back in Black BumbleBee |
2024-02-11
⋅
Estrellas's Blog
⋅
Unpacking an Emotet trojan Emotet |
2024-02-09
⋅
Censys
⋅
A Beginners Guide to Tracking Malware Infrastructure AsyncRAT BianLian Cobalt Strike QakBot |
2024-02-09
⋅
YouTube (Invoke RE)
⋅
Analyzing and Unpacking Qakbot Using Binary Ninja Automation Part 2 QakBot |
2024-01-31
⋅
Zscaler
⋅
Tracking 15 Years of Qakbot Development QakBot |
2024-01-23
⋅
YouTube (Invoke RE)
⋅
Analyzing and Unpacking Qakbot using Binary Ninja Automation QakBot |
2024-01-16
⋅
Medium walmartglobaltech
⋅
Keyhole Analysis IcedID Keyhole |
2024-01-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q4 2023 FluBot Hook FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc IcedID Lumma Stealer Meterpreter NjRAT Pikabot QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver |
2024-01-12
⋅
YouTube (BSides Cambridge UK)
⋅
Slipping The Net: Qakbot, Emotet And Defense Evasion Emotet QakBot |
2024-01-09
⋅
Recorded Future
⋅
2023 Adversary Infrastructure Report AsyncRAT Cobalt Strike Emotet PlugX ShadowPad |
2024-01-09
⋅
0x0d4y
⋅
IcedID – Technical Malware Analysis [Second Stage] IcedID PhotoLoader |
2024-01-04
⋅
K7 Security
⋅
Qakbot Returns QakBot |
2023-12-10
⋅
cocomelonc
⋅
Malware development: persistence - part 23. LNK files. Simple Powershell example. Emotet |
2023-12-05
⋅
YouTube (SecureWorks)
⋅
Emulating Qakbot with Austin Graham QakBot |
2023-11-30
⋅
Twitter (@embee_research)
⋅
Advanced Threat Intel Queries - Catching 83 Qakbot Servers with Regex, Censys and TLS Certificates QakBot |
2023-11-22
⋅
Twitter (@embee_research)
⋅
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples) BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos |
2023-11-20
⋅
Cofense
⋅
Are DarkGate and PikaBot the new QakBot? DarkGate Pikabot QakBot |
2023-10-13
⋅
Twitter (@JAMESWT_MHT)
⋅
Tweets on Wikiloader delivering ISFB ISFB WikiLoader |
2023-10-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2023 FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar |
2023-10-12
⋅
Netresec
⋅
Forensic Timeline of an IcedID Infection Cobalt Strike IcedID IcedID Downloader |
2023-10-05
⋅
Talos
⋅
Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown QakBot |
2023-10-04
⋅
Twitter (@Intrisec)
⋅
Tweet about new Bumblebee campaign leveraging CVE-2023-38831 BumbleBee |
2023-09-15
⋅
Johannes Bader's Blog
⋅
The DGA of BumbleBee BumbleBee |
2023-09-11
⋅
Github (m4now4r)
⋅
Unveiling Qakbot Exploring one of the Most Active Threat Actors QakBot |
2023-09-11
⋅
Twitter (@Artilllerie)
⋅
Tweet on BumbleBee sample containing a DGA BumbleBee |
2023-09-07
⋅
Twitter (@Intrisec)
⋅
Tweets on Bumblebee campaign spreading via Html smuggling downloading RAR archive with European Central Bank PDF lure and folder containing Bumblebee EXE payload. BumbleBee |
2023-09-01
⋅
VMRay
⋅
Understanding BumbleBee: BumbleBee’s malware configuration and clusters BumbleBee |
2023-08-29
⋅
US Department of Justice
⋅
Qakbot Malware Disrupted in International Cyber Takedown QakBot |
2023-08-29
⋅
Secureworks
⋅
Law Enforcement Takes Down QakBot QakBot |
2023-08-29
⋅
FBI
⋅
FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown QakBot |
2023-08-29
⋅
KrebsOnSecurity
⋅
U.S. Hacks QakBot, Quietly Removes Botnet Infections QakBot |
2023-08-29
⋅
The Shadowserver Foundation
⋅
Qakbot Botnet Disruption QakBot |
2023-08-29
⋅
US Department of Justice
⋅
Documents and Resources related to the Disruption of the QakBot Malware and Botnet QakBot |
2023-08-29
⋅
Spamhaus
⋅
Qakbot - the takedown and the remediation QakBot |
2023-08-28
⋅
The DFIR Report
⋅
HTML Smuggling Leads to Domain Wide Ransomware Cobalt Strike IcedID Nokoyawa Ransomware |
2023-08-23
⋅
Department of Justice
⋅
Application and Affidavit for a Seizure Warrant by Telephone or other Reliable Electronic Means QakBot |
2023-08-21
⋅
Department of Justice
⋅
Application for a Warrant by Telephone or other reliable Electronic Means QakBot |
2023-08-18
⋅
VMRay
⋅
Understanding BumbleBee: The malicious behavior of BumbleBee BumbleBee |
2023-08-09
⋅
VMRay
⋅
Understanding BumbleBee: The delivery of Bumblee BumbleBee |
2023-08-07
⋅
Team Cymru
⋅
Visualizing Qakbot Infrastructure Part II: Uncharted Territory QakBot |
2023-08-03
⋅
Kaspersky
⋅
What’s happening in the world of crimeware: Emotet, DarkGate and LokiBot LokiBot DarkGate Emotet |
2023-07-31
⋅
Proofpoint
⋅
Out of the Sandbox: WikiLoader Digs Sophisticated Evasion ISFB WikiLoader |
2023-07-31
⋅
d01a
⋅
Pikabot deep analysis Pikabot QakBot |
2023-07-28
⋅
Red Canary
⋅
Drop It Like It's Qbot: Separating malicious droppers, loaders, and crypters from their payloads CloudEyE QakBot |
2023-07-28
⋅
YouTube (SANS Cyber Defense)
⋅
Drop It Like It's Qbot: Separating malicious droppers, loaders, and crypters from their payloads CloudEyE QakBot |
2023-07-28
⋅
Team Cymru
⋅
Inside the IcedID BackConnect Protocol (Part 2) IcedID |
2023-07-25
⋅
Zscaler
⋅
Hibernating Qakbot: A Comprehensive Study and In-depth Campaign Analysis QakBot |
2023-07-23
⋅
Medium infoSec Write-ups
⋅
Unpacking an Emotet Trojan Emotet |
2023-07-18
⋅
Kostas TS
⋅
Ursnif VS Italy: Il PDF del Destino Gozi ISFB Snifula |
2023-07-11
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q2 2023 Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee |
2023-07-06
⋅
WeLiveSecurity
⋅
What’s up with Emotet? Emotet |
2023-06-22
⋅
DeepInstinct
⋅
PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID PindOS BumbleBee PhotoLoader |
2023-06-10
⋅
The DFIR Report
⋅
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment BlackCat Cobalt Strike IcedID |
2023-06-08
⋅
Twitter (@embee_research)
⋅
Practical Queries for Identifying Malware Infrastructure: An informal page for storing Censys/Shodan queries Amadey AsyncRAT Cobalt Strike QakBot Quasar RAT Sliver solarmarker |
2023-06-08
⋅
VMRay
⋅
Busy Bees - The Transformation of BumbleBee BumbleBee Cobalt Strike Conti Meterpreter Sliver |
2023-06-01
⋅
Lumen
⋅
Qakbot: Retool, Reinfect, Recycle QakBot |
2023-05-30
⋅
Palo Alto Networks Unit 42
⋅
Cold as Ice: Answers to Unit 42 Wireshark Quiz for IcedID IcedID PhotoLoader |
2023-05-22
⋅
The DFIR Report
⋅
IcedID Macro Ends in Nokoyawa Ransomware IcedID Nokoyawa Ransomware PhotoLoader |
2023-05-21
⋅
Github (0xThiebaut)
⋅
PCAPeek IcedID QakBot |
2023-05-18
⋅
Intezer
⋅
How Hackers Use Binary Padding to Outsmart Sandboxes and Infiltrate Your Systems Emotet |
2023-05-17
⋅
Team Cymru
⋅
Visualizing QakBot Infrastructure QakBot |
2023-05-10
⋅
Bridewell
⋅
Hunting for Ursnif ISFB Royal Ransom |
2023-05-04
⋅
Elastic
⋅
Unpacking ICEDID IcedID PhotoLoader |
2023-05-03
⋅
unpac.me
⋅
UnpacMe Weekly: New Version of IcedId Loader IcedID PhotoLoader |
2023-05-03
⋅
Palo Alto Networks Unit 42
⋅
Teasing the Secrets From Threat Actors: Malware Configuration Parsing at Scale IcedID PhotoLoader |
2023-05-02
⋅
loginsoft
⋅
IcedID Malware: Traversing Through its Various Incarnations IcedID |
2023-04-28
⋅
DISCARDED Podcast
⋅
Beyond Banking: IcedID Gets Forked IcedID PhotoLoader |
2023-04-21
⋅
Sophos
⋅
IcedID: Defrosting a Recent Campaign Illustrating evolving tactics and shared infrastructure IcedID PhotoLoader |
2023-04-20
⋅
Secureworks
⋅
Bumblebee Malware Distributed Via Trojanized Installer Downloads BumbleBee Cobalt Strike |
2023-04-18
⋅
Rapid7 Labs
⋅
Automating Qakbot Detection at Scale With Velociraptor QakBot |
2023-04-18
⋅
Twitter (@threatinsight)
⋅
Tweet on TA581 using Keitaro TDS URL to download a .MSI file to deliver BumbleBee malware BumbleBee |
2023-04-18
⋅
Mandiant
⋅
M-Trends 2023 QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate |
2023-04-16
⋅
Botconf
⋅
Tracking Bumblebee’s Development BumbleBee |
2023-04-16
⋅
YouTube (botconf eu)
⋅
Tracking Bumblebee’s Development BumbleBee |
2023-04-13
⋅
Sublime
⋅
Detecting QakBot: WSF attachments, OneNote files, and generic attack surface reduction QakBot |
2023-04-12
⋅
SANS ISC
⋅
Recent IcedID (Bokbot) activity IcedID |
2023-04-12
⋅
loginsoft
⋅
Maximizing Threat Detections of Qakbot with Osquery QakBot |
2023-04-12
⋅
InfoSec Handlers Diary Blog
⋅
Recent IcedID (Bokbot) activity IcedID PhotoLoader |
2023-04-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q1 2023 FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar |
2023-04-11
⋅
Twitter (@Unit42_Intel)
⋅
Tweet on change of IcedID backconnect traffic port from 8080 to 443 IcedID |
2023-04-11
⋅
SEC Consult
⋅
BumbleBee hunting with a Velociraptor BumbleBee |
2023-04-10
⋅
Check Point
⋅
March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files Agent Tesla CloudEyE Emotet Formbook Nanocore RAT NjRAT QakBot Remcos Tofsee |
2023-04-05
⋅
velociraptor
⋅
Automating Qakbot Decode At Scale QakBot |
2023-04-03
⋅
The DFIR Report
⋅
Malicious ISO File Leads to Domain Wide Ransomware Cobalt Strike IcedID Mount Locker |
2023-03-30
⋅
United States District Court (Eastern District of New York)
⋅
Cracked Cobalt Strike (1:23-cv-02447) Black Basta BlackCat LockBit RagnarLocker LockBit Black Basta BlackCat Cobalt Strike Cuba Emotet LockBit Mount Locker PLAY QakBot RagnarLocker Royal Ransom Zloader |
2023-03-30
⋅
loginsoft
⋅
From Innocence to Malice: The OneNote Malware Campaign Uncovered Agent Tesla AsyncRAT DOUBLEBACK Emotet Formbook IcedID NetWire RC QakBot Quasar RAT RedLine Stealer XWorm |
2023-03-30
⋅
eSentire
⋅
eSentire Threat Intelligence Malware Analysis: BatLoader BATLOADER Cobalt Strike ISFB SystemBC Vidar |
2023-03-29
⋅
Krakz
⋅
BumbleBee notes BumbleBee |
2023-03-28
⋅
Cerbero
⋅
Reversing Complex PowerShell Malware BumbleBee |
2023-03-27
⋅
Proofpoint
⋅
Fork in the Ice: The New Era of IcedID IcedID PHOTOFORK PHOTOLITE PhotoLoader |
2023-03-24
⋅
Lab52
⋅
Bypassing Qakbot Anti-Analysis QakBot |
2023-03-22
⋅
Cisco Talos
⋅
Emotet Resumes Spam Operations, Switches to OneNote Emotet |
2023-03-20
⋅
NVISO Labs
⋅
IcedID’s VNC Backdoors: Dark Cat, Anubis & Keyhole IcedID |
2023-03-19
⋅
0xToxin Labs
⋅
Gozi - Italian ShellCode Dance Gozi ISFB |
2023-03-17
⋅
Elastic
⋅
Thawing the permafrost of ICEDID Summary IcedID PhotoLoader |
2023-03-15
⋅
Reliaquest
⋅
QBot: Laying the Foundations for Black Basta Ransomware Activity Black Basta QakBot |
2023-03-13
⋅
Trendmicro
⋅
Emotet Returns, Now Adopts Binary Padding for Evasion Emotet |
2023-03-09
⋅
eSentire
⋅
BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif BATLOADER ISFB Vidar |
2023-03-07
⋅
BleepingComputer
⋅
Emotet malware attacks return after three-month break Emotet |
2023-03-07
⋅
Trellix
⋅
Qakbot Evolves to OneNote Malware Distribution QakBot |
2023-03-07
⋅
Cofense
⋅
Emotet Sending Malicious Emails After Three-Month Hiatus Emotet |
2023-03-04
⋅
0xToxin Labs
⋅
Bumblebee DocuSign Campaign BumbleBee |
2023-03-02
⋅
Netresec
⋅
QakBot C2 Traffic QakBot |
2023-03-02
⋅
Youtube (Microsoft Security Response Center (MSRC))
⋅
BlueHat 2023: Hunting Qakbot with Daniel Taylor & Ben Magee QakBot |
2023-03-01
⋅
Zscaler
⋅
OneNote: A Growing Threat for Malware Distribution AsyncRAT Cobalt Strike IcedID QakBot RedLine Stealer |
2023-02-28
⋅
Intel 471
⋅
Malvertising Surges to Distribute Malware EugenLoader BATLOADER IcedID |
2023-02-27
⋅
PRODAFT Threat Intelligence
⋅
RIG Exploit Kit: In-Depth Analysis Dridex IcedID ISFB PureCrypter Raccoon RecordBreaker RedLine Stealer Royal Ransom Silence SmokeLoader Zloader |
2023-02-26
⋅
Medium Ilandu
⋅
Emotet Campaign Emotet |
2023-02-24
⋅
Medium walmartglobaltech
⋅
Qbot testing malvertising campaigns? QakBot |
2023-02-24
⋅
Team Cymru
⋅
Desde Chile con Malware (From Chile with Malware) IcedID PhotoLoader |
2023-02-17
⋅
cyble
⋅
The Many Faces of Qakbot Malware: A Look at Its Diverse Distribution Methods QakBot |
2023-02-15
⋅
Netresec
⋅
How to Identify IcedID Network Traffic IcedID |
2023-02-14
⋅
⋅
DSIH
⋅
Comment Qbot revient en force avec OneNote ? QakBot |
2023-02-08
⋅
NTT Security
⋅
SteelClover Attacks Distributing Malware Via Google Ads Increased BATLOADER ISFB RedLine Stealer |
2023-02-06
⋅
Sophos
⋅
Qakbot mechanizes distribution of malicious OneNote notebooks QakBot |
2023-02-03
⋅
Mandiant
⋅
Float Like a Butterfly Sting Like a Bee BazarBackdoor BumbleBee Cobalt Strike |
2023-01-30
⋅
Checkpoint
⋅
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware Agent Tesla Azorult Buer Cerber Cobalt Strike Emotet Formbook HawkEye Keylogger Loki Password Stealer (PWS) Maze NetWire RC Remcos REvil TrickBot |
2023-01-26
⋅
Acronis
⋅
Unpacking Emotet Malware Emotet |
2023-01-23
⋅
Kroll
⋅
Black Basta – Technical Analysis Black Basta Cobalt Strike MimiKatz QakBot SystemBC |
2023-01-20
⋅
Blackberry
⋅
Emotet Returns With New Methods of Evasion Emotet IcedID |
2023-01-19
⋅
Cisco
⋅
Following the LNK metadata trail BumbleBee PhotoLoader QakBot |
2023-01-12
⋅
EclecticIQ
⋅
QakBot Malware Used Unpatched Vulnerability to Bypass Windows OS Security Feature QakBot |
2023-01-09
⋅
Intrinsec
⋅
Emotet returns and deploys loaders BumbleBee Emotet IcedID PHOTOLITE |
2023-01-09
⋅
The DFIR Report
⋅
Unwrapping Ursnifs Gifts ISFB |
2022-12-28
⋅
HTML Smuggling Detection QakBot |
2022-12-23
⋅
Trendmicro
⋅
IcedID Botnet Distributors Abuse Google PPC to Distribute Malware IcedID |
2022-12-22
⋅
AhnLab
⋅
Qakbot Being Distributed via Virtual Disk Files (*.vhd) QakBot |
2022-12-21
⋅
Team Cymru
⋅
Inside the IcedID BackConnect Protocol IcedID |
2022-12-19
⋅
kienmanowar Blog
⋅
[Z2A]Bimonthly malware challege – Emotet (Back From the Dead) Emotet |
2022-12-18
⋅
ZAYOTEM
⋅
IcedID Technical Analysis Report IcedID |
2022-12-15
⋅
ISC
⋅
Google ads lead to fake software pages pushing IcedID (Bokbot) IcedID |
2022-12-06
⋅
EuRepoC
⋅
Conti/Wizard Spider BazarBackdoor Cobalt Strike Conti Emotet IcedID Ryuk TrickBot WIZARD SPIDER |
2022-12-05
⋅
Cybereason
⋅
Threat Analysis: MSI - Masquerading as a Software Installer Magniber Matanbuchus QakBot |
2022-12-02
⋅
Github (binref)
⋅
The Refinery Files 0x06: Qakbot Decoder QakBot |
2022-12-01
⋅
splunk
⋅
From Macros to No Macros: Continuous Malware Improvements by QakBot QakBot |
2022-11-30
⋅
Tidal Cyber Inc.
⋅
Identifying and Defending Against QakBot's Evolving TTPs QakBot |
2022-11-28
⋅
The DFIR Report
⋅
Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware Emotet Mount Locker |
2022-11-23
⋅
Cybereason
⋅
THREAT ALERT: Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies Black Basta QakBot |
2022-11-21
⋅
BSides Sydney
⋅
X-Ray of Malware Evasion Techniques - Analysis, Dissection, Cure? Emotet |
2022-11-16
⋅
Proofpoint
⋅
A Comprehensive Look at Emotet Virus’ Fall 2022 Return BumbleBee Emotet PHOTOLITE |
2022-11-14
⋅
Twitter (@embee_research)
⋅
Twitter thread on Yara Signatures for Qakbot Encryption Routines IcedID QakBot |
2022-11-10
⋅
Intezer
⋅
How LNK Files Are Abused by Threat Actors BumbleBee Emotet Mount Locker QakBot |
2022-11-03
⋅
SentinelOne
⋅
Black Basta Ransomware | Attacks deploy Custom EDR Evasion Tools tied to FIN7 Threat Actor Black Basta QakBot SocksBot |
2022-10-31
⋅
Cynet
⋅
Orion Threat Alert: Qakbot TTPs Arsenal and the Black Basta Ransomware Black Basta Cobalt Strike QakBot |
2022-10-31
⋅
Elastic
⋅
ICEDIDs network infrastructure is alive and well IcedID |
2022-10-31
⋅
Security homework
⋅
QakBot CCs prioritization and new record types QakBot |
2022-10-28
⋅
Elastic
⋅
EMOTET dynamic config extraction Emotet |
2022-10-27
⋅
Microsoft
⋅
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity FAKEUPDATES BumbleBee Clop Fauppod Raspberry Robin Roshtyak Silence DEV-0950 Mustard Tempest |
2022-10-27
⋅
Microsoft
⋅
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity FAKEUPDATES BumbleBee Fauppod PhotoLoader Raspberry Robin Roshtyak |
2022-10-24
⋅
Medium CSIS Techblog
⋅
Chapter 1 — From Gozi to ISFB: The history of a mythical malware family. Gozi ISFB Snifula |
2022-10-13
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2022 FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm |
2022-10-13
⋅
Syrion
⋅
QAKBOT BB Configuration and C2 IPs List QakBot |
2022-10-12
⋅
Trend Micro
⋅
Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike Black Basta Brute Ratel C4 Cobalt Strike QakBot |
2022-10-12
⋅
Netresec
⋅
IcedID BackConnect Protocol IcedID |
2022-10-07
⋅
Team Cymru
⋅
A Visualizza into Recent IcedID Campaigns: Reconstructing Threat Actor Metrics with Pure Signal™ Recon IcedID PhotoLoader |
2022-10-06
⋅
Twitter (@ESETresearch)
⋅
Tweet on Bumblebee being modularized like trickbot BumbleBee |
2022-10-03
⋅
Check Point
⋅
Bumblebee: increasing its capacity and evolving its TTPs BumbleBee Cobalt Strike Meterpreter Sliver Vidar |
2022-10-03
⋅
vmware
⋅
Emotet Exposed: A Look Inside the Cybercriminal Supply Chain Emotet |
2022-09-26
⋅
The DFIR Report
⋅
BumbleBee: Round Two BumbleBee Cobalt Strike Meterpreter |
2022-09-13
⋅
AdvIntel
⋅
AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022 Conti Cobalt Strike Emotet Ryuk TrickBot |
2022-09-12
⋅
The DFIR Report
⋅
Dead or Alive? An Emotet Story Cobalt Strike Emotet |
2022-09-07
⋅
Google
⋅
Initial access broker repurposing techniques in targeted attacks against Ukraine AnchorMail Cobalt Strike IcedID |
2022-09-07
⋅
cyble
⋅
Bumblebee Returns With New Infection Technique BumbleBee Cobalt Strike |
2022-09-06
⋅
Zscaler
⋅
The Ares Banking Trojan Learns Old Tricks: Adds the Defunct Qakbot DGA Ares QakBot |
2022-09-05
⋅
Infinitum IT
⋅
Bumblebee Loader Malware Analysis BumbleBee |
2022-09-01
⋅
Medium michaelkoczwara
⋅
Hunting C2/Adversaries Infrastructure with Shodan and Censys Brute Ratel C4 Cobalt Strike Deimos GRUNT IcedID Merlin Meterpreter Nighthawk PoshC2 Sliver |
2022-09-01
⋅
Trend Micro
⋅
Ransomware Spotlight Black Basta Black Basta Cobalt Strike MimiKatz QakBot |
2022-08-25
⋅
Palo Alto Networks Unit 42
⋅
Threat Assessment: Black Basta Ransomware Black Basta QakBot |
2022-08-24
⋅
Elastic
⋅
QBOT Malware Analysis QakBot |
2022-08-24
⋅
Microsoft
⋅
Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks BumbleBee Sliver |
2022-08-24
⋅
Trellix
⋅
Demystifying Qbot Malware QakBot |
2022-08-24
⋅
Deep instinct
⋅
The Dark Side of Bumblebee Malware Loader BumbleBee |
2022-08-23
⋅
Darktrace
⋅
Emotet Resurgence: Cross-Industry Campaign Analysis Emotet |
2022-08-19
⋅
vmware
⋅
How to Replicate Emotet Lateral Movement Emotet |
2022-08-18
⋅
IBM
⋅
From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers BumbleBee Karius Ramnit TrickBot Vawtrak |
2022-08-17
⋅
Cybereason
⋅
Bumblebee Loader – The High Road to Enterprise Domain Control BumbleBee Cobalt Strike |
2022-08-12
⋅
SANS ISC
⋅
Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike Cobalt Strike DarkVNC IcedID |
2022-08-10
⋅
BitSight
⋅
Emotet SMB Spreader is Back Emotet |
2022-08-10
⋅
⋅
Weixin
⋅
Operation(верность) mercenary: a torrent of steel trapped in the plains of Eastern Europe BumbleBee Cobalt Strike |
2022-08-08
⋅
Medium CSIS Techblog
⋅
An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure Riltok magecart Anubis Azorult BetaBot Buer CoalaBot CryptBot DiamondFox DreamBot GCleaner ISFB Loki Password Stealer (PWS) MedusaLocker MeguminTrojan Nemty PsiX RedLine Stealer SmokeLoader STOP TinyNuke Vidar Zloader |
2022-08-08
⋅
The DFIR Report
⋅
BumbleBee Roasts Its Way to Domain Admin BumbleBee Cobalt Strike |
2022-08-04
⋅
Medium walmartglobaltech
⋅
IcedID leverages PrivateLoader IcedID PrivateLoader |
2022-08-04
⋅
Cloudsek
⋅
Technical Analysis of Bumblebee Malware Loader BumbleBee |
2022-08-03
⋅
Palo Alto Networks Unit 42
⋅
Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware BazarBackdoor BumbleBee Cobalt Strike Conti |
2022-07-27
⋅
Elastic
⋅
Exploring the QBOT Attack Pattern QakBot |
2022-07-27
⋅
Elastic
⋅
QBOT Configuration Extractor QakBot |
2022-07-27
⋅
SANS ISC
⋅
IcedID (Bokbot) with Dark VNC and Cobalt Strike DarkVNC IcedID |
2022-07-27
⋅
cyble
⋅
Targeted Attacks Being Carried Out Via DLL SideLoading Cobalt Strike QakBot |
2022-07-24
⋅
Bleeping Computer
⋅
QBot phishing uses Windows Calculator sideloading to infect devices QakBot |
2022-07-19
⋅
Fortinet
⋅
New Variant of QakBot Being Spread by HTML File Attached to Phishing Emails QakBot |
2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Monster Libra Valak IcedID GOLD CABIN |
2022-07-17
⋅
Resecurity
⋅
Shortcut-Based (LNK) Attacks Delivering Malicious Code On The Rise AsyncRAT BumbleBee Emotet IcedID QakBot |
2022-07-12
⋅
Zscaler
⋅
Rise in Qakbot attacks traced to evolving threat techniques QakBot |
2022-07-12
⋅
Cyren
⋅
Example Analysis of Multi-Component Malware Emotet Formbook |
2022-07-07
⋅
SANS ISC
⋅
Emotet infection with Cobalt Strike Cobalt Strike Emotet |
2022-07-07
⋅
Fortinet
⋅
Notable Droppers Emerge in Recent Threat Campaigns BumbleBee Emotet PhotoLoader QakBot |
2022-07-07
⋅
IBM
⋅
Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine AnchorMail BumbleBee Cobalt Strike IcedID Meterpreter |
2022-07-05
⋅
Soc Investigation
⋅
QBot Spreads via LNK Files – Detection & Response QakBot |
2022-06-30
⋅
Trend Micro
⋅
Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit Black Basta Cobalt Strike QakBot |
2022-06-28
⋅
Symantec
⋅
Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem BumbleBee |
2022-06-27
⋅
Netskope
⋅
Emotet: Still Abusing Microsoft Office Macros Emotet |
2022-06-24
⋅
Group-IB
⋅
We see you, Gozi Hunting the latest TTPs used for delivering the Trojan ISFB |
2022-06-24
⋅
Soc Investigation
⋅
IcedID Banking Trojan returns with new TTPS – Detection & Response IcedID |
2022-06-21
⋅
McAfee
⋅
Rise of LNK (Shortcut files) Malware BazarBackdoor Emotet IcedID QakBot |
2022-06-17
⋅
Github (NtQuerySystemInformation)
⋅
A reverse engineer primer on Qakbot Dll Stager: From initial execution to multithreading. QakBot |
2022-06-16
⋅
ESET Research
⋅
How Emotet is changing tactics in response to Microsoft’s tightening of Office macro security Emotet |
2022-06-14
⋅
RiskIQ
⋅
RiskIQ: Identifying BumbleBee Command and Control Servers BumbleBee |
2022-06-13
⋅
Sekoia
⋅
BumbleBee: a new trendy loader for Initial Access Brokers BumbleBee |
2022-06-09
⋅
InfoSec Handlers Diary Blog
⋅
TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt) QakBot |
2022-06-07
⋅
McAfee
⋅
Phishing Campaigns featuring Ursnif Trojan on the Rise ISFB |
2022-06-07
⋅
cyble
⋅
Bumblebee Loader on The Rise BumbleBee Cobalt Strike |
2022-06-02
⋅
Mandiant
⋅
TRENDING EVIL Q2 2022 CloudEyE Cobalt Strike CryptBot Emotet IsaacWiper QakBot |
2022-05-30
⋅
Automatically Unpacking IcedID Stage 1 with Angr IcedID |
2022-05-27
⋅
Kroll
⋅
Emotet Analysis: New LNKs in the Infection Chain – The Monitor, Issue 20 Emotet |
2022-05-25
⋅
Logpoint
⋅
Buzz of the Bumblebee – A new malicious loader BumbleBee |
2022-05-25
⋅
Team Cymru
⋅
Bablosoft; Lowering the Barrier of Entry for Malicious Actors BlackGuard BumbleBee RedLine Stealer |
2022-05-25
⋅
vmware
⋅
Emotet Config Redux Emotet |
2022-05-24
⋅
Deep instinct
⋅
Blame the Messenger: 4 Types of Dropper Malware in Microsoft Office & How to Detect Them Dridex Emotet |
2022-05-24
⋅
BitSight
⋅
Emotet Botnet Rises Again Cobalt Strike Emotet QakBot SystemBC |
2022-05-19
⋅
InfoSec Handlers Diary Blog
⋅
Bumblebee Malware from TransferXL URLs BumbleBee Cobalt Strike |
2022-05-19
⋅
InfoSec Handlers Diary Blog
⋅
Bumblebee Malware from TransferXL URLs BumbleBee Cobalt Strike |
2022-05-19
⋅
IBM
⋅
ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups IcedID ISFB Mount Locker WIZARD SPIDER |
2022-05-19
⋅
Trend Micro
⋅
Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware Emotet QakBot |
2022-05-17
⋅
Palo Alto Networks Unit 42
⋅
Emotet Summary: November 2021 Through January 2022 Emotet |
2022-05-17
⋅
Trend Micro
⋅
Ransomware Spotlight: RansomEXX LaZagne Cobalt Strike IcedID MimiKatz PyXie RansomEXX TrickBot |
2022-05-16
⋅
vmware
⋅
Emotet Moves to 64 bit and Updates its Loader Emotet |
2022-05-12
⋅
Intel 471
⋅
What malware to look for if you want to prevent a ransomware attack Conti BumbleBee Cobalt Strike IcedID Sliver |
2022-05-12
⋅
OALabs
⋅
Taking a look at Bumblebee loader BumbleBee |
2022-05-11
⋅
InfoSec Handlers Diary Blog
⋅
TA578 using thread-hijacked emails to push ISO files for Bumblebee malware BumbleBee Cobalt Strike IcedID PhotoLoader |
2022-05-11
⋅
SANS ISC
⋅
TA578 using thread-hijacked emails to push ISO files for Bumblebee malware BumbleBee |
2022-05-11
⋅
HP
⋅
Threat Insights Report Q1 - 2022 AsyncRAT Emotet Mekotio Vjw0rm |
2022-05-11
⋅
IronNet
⋅
Detecting a MUMMY SPIDER campaign and Emotet infection Emotet |
2022-05-09
⋅
Microsoft
⋅
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT |
2022-05-09
⋅
Cybereason
⋅
Cybereason vs. Quantum Locker Ransomware IcedID Mount Locker |
2022-05-09
⋅
Netresec
⋅
Emotet C2 and Spam Traffic Video Emotet |
2022-05-08
⋅
Qualys
⋅
Ursnif Malware Banks on News Events for Phishing Attacks ISFB |
2022-05-08
⋅
Threat hunting with hints of incident response
⋅
Bzz.. Bzz.. Bumblebee loader BumbleBee |
2022-05-06
⋅
Netskope
⋅
Emotet: New Delivery Mechanism to Bypass VBA Protection Emotet |
2022-05-04
⋅
Twitter (@felixw3000)
⋅
Twitter Thread with info on infection chain with IcedId, Cobalt Strike, and Hidden VNC. Cobalt Strike IcedID PhotoLoader |
2022-05-04
⋅
Sophos
⋅
Attacking Emotet’s Control Flow Flattening Emotet |
2022-04-29
⋅
NCC Group
⋅
Adventures in the land of BumbleBee – a new malicious loader BazarBackdoor BumbleBee Conti |
2022-04-28
⋅
Proofpoint
⋅
This isn't Optimus Prime's Bumblebee but it's Still Transforming BumbleBee TA578 TA579 |
2022-04-28
⋅
Symantec
⋅
Ransomware: How Attackers are Breaching Corporate Networks AvosLocker Conti Emotet Hive IcedID PhotoLoader QakBot TrickBot |
2022-04-28
⋅
Bleeping Computer
⋅
New Bumblebee malware replaces Conti's BazarLoader in cyberattacks BumbleBee |
2022-04-27
⋅
Cybleinc
⋅
Emotet Returns With New TTPs And Delivers .Lnk Files To Its Victims Emotet |
2022-04-27
⋅
Medium elis531989
⋅
The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection BumbleBee TrickBot |
2022-04-26
⋅
Intel 471
⋅
Conti and Emotet: A constantly destructive duo Cobalt Strike Conti Emotet IcedID QakBot TrickBot |
2022-04-26
⋅
Proofpoint
⋅
Emotet Tests New Delivery Techniques Emotet |
2022-04-26
⋅
Bleeping Computer
⋅
Emotet malware now installs via PowerShell in Windows shortcut files Emotet |
2022-04-25
⋅
The DFIR Report
⋅
Quantum Ransomware Cobalt Strike IcedID |
2022-04-24
⋅
forensicitguy
⋅
Shortcut to Emotet, an odd TTP change Emotet |
2022-04-20
⋅
CISA
⋅
AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader |
2022-04-20
⋅
CISA
⋅
Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader Killnet |
2022-04-20
⋅
cocomelonc
⋅
Malware development: persistence - part 1. Registry run keys. C++ example. Agent Tesla Amadey BlackEnergy Cobian RAT COZYDUKE Emotet Empire Downloader Kimsuky |
2022-04-20
⋅
SANS ISC
⋅
'aa' distribution Qakbot (Qbot) infection with DarkVNC traffic QakBot |
2022-04-19
⋅
Bleeping Computer
⋅
Emotet botnet switches to 64-bit modules, increases activity Emotet |
2022-04-19
⋅
Twitter (@Cryptolaemus1)
⋅
#Emotet Update: 64 bit upgrade of Epoch 5 Emotet |
2022-04-18
⋅
Fortinet
⋅
Trends in the Recent Emotet Maldoc Outbreak Emotet |
2022-04-17
⋅
Malwarology
⋅
Qakbot Series: API Hashing QakBot |
2022-04-17
⋅
BushidoToken Blog
⋅
Lessons from the Conti Leaks BazarBackdoor Conti Emotet IcedID Ryuk TrickBot |
2022-04-16
⋅
Malwarology
⋅
Qakbot Series: Process Injection QakBot |
2022-04-14
⋅
Avast Decoded
⋅
Zloader 2: The Silent Night ISFB Raccoon Zloader |
2022-04-14
⋅
Bleeping Computer
⋅
Hackers target Ukrainian govt with IcedID malware, Zimbra exploits IcedID |
2022-04-14
⋅
⋅
Cert-UA
⋅
Cyberattack on Ukrainian state organizations using IcedID malware (CERT-UA#4464) IcedID |
2022-04-14
⋅
Cynet
⋅
Orion Threat Alert: Flight of the BumbleBee BumbleBee Cobalt Strike |
2022-04-13
⋅
Kaspersky
⋅
Emotet modules and recent attacks Emotet |
2022-04-13
⋅
Malwarology
⋅
Qakbot Series: Configuration Extraction QakBot |
2022-04-12
⋅
Check Point
⋅
March 2022’s Most Wanted Malware: Easter Phishing Scams Help Emotet Assert its Dominance Alien FluBot Agent Tesla Emotet |
2022-04-12
⋅
AhnLab
⋅
SystemBC Being Used by Various Attackers Emotet SmokeLoader SystemBC |
2022-04-12
⋅
Tech Times
⋅
Qbot Botnet Deploys Malware Payloads Through Malicious Windows Installers QakBot |
2022-04-11
⋅
Bleeping Computer
⋅
Qbot malware switches to new Windows Installer infection vector QakBot |
2022-04-10
⋅
Malwarology
⋅
Qakbot Series: String Obfuscation QakBot |
2022-04-08
⋅
ReversingLabs
⋅
ConversingLabs Ep. 2: Conti pivots as ransomware as a service struggles Conti Emotet TrickBot |
2022-04-04
⋅
The DFIR Report
⋅
Stolen Images Campaign Ends in Conti Ransomware Conti IcedID |
2022-04-02
⋅
Github (pl-v)
⋅
Emotet Analysis Part 1: Unpacking Emotet |
2022-03-31
⋅
Trellix
⋅
Conti Leaks: Examining the Panama Papers of Ransomware LockBit Amadey Buer Conti IcedID LockBit Mailto Maze PhotoLoader Ryuk TrickBot |
2022-03-31
⋅
nccgroup
⋅
Conti-nuation: methods and techniques observed in operations post the leaks Cobalt Strike Conti QakBot |
2022-03-30
⋅
Prevailion
⋅
Wizard Spider continues to confound BazarBackdoor Cobalt Strike Emotet |
2022-03-29
⋅
vmware
⋅
Emotet C2 Configuration Extraction and Analysis Emotet |
2022-03-29
⋅
Threat Post
⋅
Exchange Servers Speared in IcedID Phishing Campaign IcedID |
2022-03-28
⋅
Fortinet
⋅
Spoofed Invoice Used to Drop IcedID IcedID |
2022-03-28
⋅
Bleeping Computer
⋅
Microsoft Exchange targeted for IcedID reply-chain hijacking attacks IcedID |
2022-03-28
⋅
Intezer
⋅
New Conversation Hijacking Campaign Delivering IcedID IcedID PhotoLoader |
2022-03-28
⋅
Cisco
⋅
Emotet is Back Emotet |
2022-03-25
⋅
SANS ISC
⋅
XLSB Files: Because Binary is Stealthier Than XML QakBot |
2022-03-23
⋅
Fortinet
⋅
Bad Actors Trying to Capitalize on Current Events via Shameless Email Scams Emotet |
2022-03-23
⋅
Secureworks
⋅
GOLD ULRICK Leaks Reveal Organizational Structure and Relationships Conti Emotet IcedID TrickBot |
2022-03-23
⋅
NVISO Labs
⋅
Hunting Emotet campaigns with Kusto Emotet |
2022-03-23
⋅
Secureworks
⋅
Threat Intelligence Executive Report Volume 2022, Number 2 Conti Emotet IcedID TrickBot |
2022-03-23
⋅
Fortinet
⋅
MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part II Emotet |
2022-03-21
⋅
Info Security
⋅
Emotet Is Back and Is Deadlier Than Ever! A Rundown of the Emotet Malware Emotet |
2022-03-21
⋅
eSentire
⋅
Conti Affiliate Exposed: New Domain Names, IP Addresses and Email Addresses Uncovered HelloKitty BazarBackdoor Cobalt Strike Conti FiveHands HelloKitty IcedID |
2022-03-17
⋅
Github (eln0ty)
⋅
IcedID Analysis IcedID |
2022-03-17
⋅
Trend Micro
⋅
Navigating New Frontiers Trend Micro 2021 Annual Cybersecurity Report REvil BazarBackdoor Buer IcedID QakBot REvil |
2022-03-17
⋅
Google
⋅
Exposing initial access broker with ties to Conti BazarBackdoor BumbleBee Conti EXOTIC LILY |
2022-03-17
⋅
Google
⋅
Exposing initial access broker with ties to Conti BazarBackdoor BumbleBee Cobalt Strike Conti |
2022-03-16
⋅
Symantec
⋅
The Ransomware Threat Landscape: What to Expect in 2022 AvosLocker BlackCat BlackMatter Conti DarkSide DoppelPaymer Emotet Hive Karma Mespinoza Nemty Squirrelwaffle VegaLocker WastedLocker Yanluowang Zeppelin |
2022-03-16
⋅
Dragos
⋅
Suspected Conti Ransomware Activity in the Auto Manufacturing Sector Conti Emotet |
2022-03-16
⋅
SANS ISC
⋅
Qakbot infection with Cobalt Strike and VNC activity Cobalt Strike QakBot |
2022-03-16
⋅
InfoSec Handlers Diary Blog
⋅
Qakbot infection with Cobalt Strike and VNC activity Cobalt Strike QakBot |
2022-03-09
⋅
nikpx
⋅
BokBot Technical Analysis IcedID |
2022-03-08
⋅
Lumen
⋅
What Global Network Visibility Reveals about the Resurgence of One of the World’s Most Notorious Botnets Emotet |
2022-03-07
⋅
Fortinet
⋅
MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part I Emotet |
2022-03-03
⋅
Trend Micro
⋅
Cyberattacks are Prominent in the Russia-Ukraine Conflict BazarBackdoor Cobalt Strike Conti Emotet WhisperGate |
2022-03-02
⋅
KrebsOnSecurity
⋅
Conti Ransomware Group Diaries, Part II: The Office Conti Emotet Ryuk TrickBot |
2022-03-01
⋅
Twitter (@ContiLeaks)
⋅
Tweet on Emotet final server scheme Emotet |
2022-02-26
⋅
LinkedIn (Zayed AlJaberi)
⋅
Hunting Recent QakBot Malware QakBot |
2022-02-26
⋅
Mandiant
⋅
TRENDING EVIL Q1 2022 KEYPLUG FAKEUPDATES GootLoader BazarBackdoor QakBot |
2022-02-25
⋅
CyberScoop
⋅
TrickBot malware suddenly got quiet, researchers say, but it's hardly the end for its operators BazarBackdoor Emotet TrickBot |
2022-02-24
⋅
Cynet
⋅
New Wave of Emotet – When Project X Turns Into Y Cobalt Strike Emotet |
2022-02-24
⋅
The Hacker News
⋅
TrickBot Gang Likely Shifting Operations to Switch to New Malware BazarBackdoor Emotet QakBot TrickBot |
2022-02-24
⋅
The Hacker News
⋅
Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure BazarBackdoor Emotet TrickBot |
2022-02-23
⋅
cyber.wtf blog
⋅
What the Pack(er)? Cobalt Strike Emotet |
2022-02-22
⋅
eSentire
⋅
IcedID to Cobalt Strike In Under 20 Minutes Cobalt Strike IcedID PhotoLoader |
2022-02-21
⋅
Qbot and Zerologon Lead To Full Domain Compromise Cobalt Strike QakBot |
2022-02-16
⋅
Threat Post
⋅
Emotet Now Spreading Through Malicious Excel Files Emotet |
2022-02-16
⋅
SOC Prime
⋅
QBot Malware Detection: Old Dog New Tricks QakBot |
2022-02-16
⋅
Security Onion
⋅
Quick Malware Analysis: Emotet Epoch 5 and Cobalt Strike pcap from 2022-02-08 Cobalt Strike Emotet |
2022-02-15
⋅
Palo Alto Networks Unit 42
⋅
New Emotet Infection Method Emotet |
2022-02-15
⋅
eSentire
⋅
Increase in Emotet Activity and Cobalt Strike Deployment Cobalt Strike Emotet |
2022-02-13
⋅
NetbyteSEC
⋅
Technical Malware Analysis: The Return of Emotet Emotet |
2022-02-10
⋅
Cybereason
⋅
Threat Analysis Report: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot Cobalt Strike Emotet IcedID QakBot |
2022-02-08
⋅
BleepingComputer
⋅
Qbot needs only 30 minutes to steal your credentials, emails QakBot |
2022-02-07
⋅
The DFIR Report
⋅
Qbot Likes to Move It, Move It QakBot |
2022-02-07
⋅
vmware
⋅
Emotet Is Not Dead (Yet) – Part 2 Emotet |
2022-02-02
⋅
VMRay
⋅
Malware Analysis Spotlight: Emotet’s Use of Cryptography Emotet |
2022-01-27
⋅
⋅
Threat Lab Indonesia
⋅
Malware Analysis Emotet Infection Emotet |
2022-01-25
⋅
SANS ISC
⋅
Emotet Stops Using 0.0.0.0 in Spambot Traffic Emotet |
2022-01-23
⋅
kienmanowar Blog
⋅
[QuickNote] Emotet epoch4 & epoch5 tactics Emotet |
2022-01-22
⋅
Atomic Matryoshka
⋅
Malware Headliners: Emotet Emotet |
2022-01-21
⋅
vmware
⋅
Emotet Is Not Dead (Yet) Emotet |
2022-01-21
⋅
Trend Micro
⋅
Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware Emotet |
2022-01-19
⋅
Gdata
⋅
Malware vaccines can prevent pandemics, yet are rarely used Emotet STOP |
2022-01-19
⋅
Blackberry
⋅
Kraken the Code on Prometheus Prometheus Backdoor BlackMatter Cerber Cobalt Strike DCRat Ficker Stealer QakBot REvil Ryuk |
2022-01-19
⋅
InfoSec Handlers Diary Blog
⋅
0.0.0.0 in Emotet Spambot Traffic Emotet |
2022-01-18
⋅
Recorded Future
⋅
2021 Adversary Infrastructure Report BazarBackdoor Cobalt Strike Dridex IcedID QakBot TrickBot |
2022-01-17
⋅
forensicitguy
⋅
Emotet's Excel 4.0 Macros Dropping DLLs Emotet |
2022-01-15
⋅
Atomic Matryoshka
⋅
Malware Headliners: Qakbot QakBot |
2022-01-14
⋅
RiskIQ
⋅
RiskIQ: Unique SSL Certificates and JARM Hash Connected to Emotet and Dridex C2 Servers Dridex Emotet |
2022-01-13
⋅
Trustwave
⋅
Decrypting Qakbot’s Encrypted Registry Keys QakBot |
2022-01-11
⋅
Medium walmartglobaltech
⋅
Signed DLL campaigns as a service BATLOADER Cobalt Strike ISFB Zloader |
2022-01-11
⋅
Cybereason
⋅
Threat Analysis Report: DatopLoader Exploits ProxyShell to Deliver QBOT and Cobalt Strike Cobalt Strike QakBot Squirrelwaffle |
2022-01-07
⋅
muha2xmad
⋅
Unpacking Emotet malware part 02 Emotet |
2022-01-06
⋅
muha2xmad
⋅
Unpacking Emotet malware part 01 Emotet |
2022-01-01
⋅
aspirets
⋅
Bumblebee Malware Loader: Threat Analysis BumbleBee |
2022-01-01
⋅
forensicitguy
⋅
Analyzing an IcedID Loader Document IcedID |
2021-12-22
⋅
Cloudsek
⋅
Emotet 2.0: Everything you need to know about the new Variant of the Banking Trojan Emotet |
2021-12-17
⋅
Trend Micro
⋅
Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager QakBot |
2021-12-16
⋅
InfoSec Handlers Diary Blog
⋅
How the "Contact Forms" campaign tricks people IcedID |
2021-12-16
⋅
Red Canary
⋅
Intelligence Insights: December 2021 Cobalt Strike QakBot Squirrelwaffle |
2021-12-13
⋅
Zscaler
⋅
Return of Emotet: Malware Analysis Emotet |
2021-12-11
⋅
YouTube (AGDC Services)
⋅
How To Extract & Decrypt Qbot Configs Across Variants QakBot |
2021-12-09
⋅
HP
⋅
Emotet’s Return: What’s Different? Emotet |
2021-12-09
⋅
Microsoft
⋅
A closer look at Qakbot’s latest building blocks (and how to knock them down) QakBot |
2021-12-08
⋅
Check Point Research
⋅
When old friends meet again: why Emotet chose Trickbot for rebirth Emotet TrickBot |
2021-12-07
⋅
Bleeping Computer
⋅
Emotet now drops Cobalt Strike, fast forwards ransomware attacks Cobalt Strike Emotet |
2021-12-03
⋅
SANS ISC InfoSec Forums
⋅
TA551 (Shathak) pushes IcedID (Bokbot) IcedID |
2021-11-30
⋅
Deep instinct
⋅
The Re-Emergence of Emotet Emotet |
2021-11-25
⋅
⋅
DSIH
⋅
Emotet de retour, POC Exchange, 0-day Windows : à quelle sauce les attaquants prévoient de nous manger cette semaine? Emotet |
2021-11-23
⋅
Anomali
⋅
Mummy Spider’s Emotet Malware is Back After a Year Hiatus; Wizard Spider’s TrickBot Observed in Its Return Emotet |
2021-11-21
⋅
Twitter (@tylabs)
⋅
Twitter Thread about UNC1500 phishing using QAKBOT QakBot |
2021-11-20
⋅
Advanced Intelligence
⋅
Corporate Loader "Emotet": History of "X" Project Return for Ransomware Emotet |
2021-11-20
⋅
Youtube (HEXORCIST)
⋅
Unpacking Emotet and Reversing Obfuscated Word Document Emotet |
2021-11-20
⋅
Twitter (@eduardfir)
⋅
Tweet on Velociraptor artifact analysis for Emotet Emotet |
2021-11-19
⋅
Trend Micro
⋅
Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains Cobalt Strike QakBot Squirrelwaffle |
2021-11-19
⋅
⋅
CRONUP
⋅
La Botnet de EMOTET reinicia ataques en Chile y LATAM Emotet |
2021-11-19
⋅
LAC WATCH
⋅
Malware Emotet resumes its activities for the first time in 10 months, and Japan is also the target of the attack Emotet |
2021-11-18
⋅
Netskope
⋅
Netskope Threat Coverage: The Return of Emotet Emotet |
2021-11-18
⋅
Red Canary
⋅
Intelligence Insights: November 2021 Andromeda Conti LockBit QakBot Squirrelwaffle |
2021-11-18
⋅
eSentire
⋅
Emotet Activity Identified Emotet |
2021-11-17
⋅
Twitter (@Unit42_Intel)
⋅
Tweet on Matanbuchus Loader used to deliver Qakbot (tag obama128b) and follow-up CobaltStrike Cobalt Strike QakBot |
2021-11-16
⋅
InfoSec Handlers Diary Blog
⋅
Emotet Returns Emotet |
2021-11-16
⋅
Hornetsecurity
⋅
Comeback of Emotet Emotet |
2021-11-16
⋅
Zscaler
⋅
Return of Emotet malware Emotet |
2021-11-16
⋅
Twitter (@kienbigmummy)
⋅
Tweet on short analysis of QakBot QakBot |
2021-11-16
⋅
Malwarebytes
⋅
TrickBot helps Emotet come back from the dead Emotet TrickBot |
2021-11-16
⋅
IronNet
⋅
How IronNet's Behavioral Analytics Detect REvil and Conti Ransomware Cobalt Strike Conti IcedID REvil |
2021-11-15
⋅
cyber.wtf blog
⋅
Guess who’s back Emotet |
2021-11-15
⋅
Bleeping Computer
⋅
Emotet malware is back and rebuilding its botnet via TrickBot Emotet |
2021-11-15
⋅
TRUESEC
⋅
ProxyShell, QBot, and Conti Ransomware Combined in a Series of Cyberattacks Cobalt Strike Conti QakBot |
2021-11-13
⋅
Trend Micro
⋅
QAKBOT Loader Returns With New Techniques and Tools QakBot |
2021-11-13
⋅
YouTube (AGDC Services)
⋅
Automate Qbot Malware String Decryption With Ghidra Script QakBot |
2021-11-12
⋅
Recorded Future
⋅
The Business of Fraud: Botnet Malware Dissemination Mozi Dridex IcedID QakBot TrickBot |
2021-11-12
⋅
Trend Micro
⋅
The Prelude to Ransomware: A Look into Current QAKBOT Capabilities and Global Activities QakBot |
2021-11-11
⋅
Cynet
⋅
A Duck Nightmare Quakbot Strikes with QuakNightmare Exploitation Cobalt Strike QakBot |
2021-11-11
⋅
vmware
⋅
Research Recap: How To Automate Malware Campaign Detection With Telemetry Peak Analyzer Phorpiex QakBot |
2021-11-10
⋅
CIRCL
⋅
TR-64 - Exploited Exchange Servers - Mails with links to malware from known/valid senders QakBot |
2021-11-09
⋅
MinervaLabs
⋅
A New DatopLoader Delivers QakBot Trojan QakBot Squirrelwaffle |
2021-11-04
⋅
splunk
⋅
Detecting IcedID... Could It Be A Trickbot Copycat? IcedID |
2021-11-03
⋅
Twitter (@Corvid_Cyber)
⋅
Tweet on a unique Qbot debugger dropped by an actor after compromise QakBot |
2021-11-03
⋅
Team Cymru
⋅
Webinject Panel Administration: A Vantage Point into Multiple Threat Actor Campaigns - A Case Study on the Value of Threat Reconnaisance DoppelDridex IcedID QakBot Zloader |
2021-10-26
⋅
Cisco Talos
⋅
SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike Cobalt Strike QakBot Squirrelwaffle |
2021-10-26
⋅
Identification of a new cyber criminal group: Lockean Cobalt Strike DoppelPaymer Egregor Maze PwndLocker QakBot REvil |
2021-10-25
⋅
Cleafy
⋅
Digital banking fraud: how the Gozi malware works ISFB |
2021-10-18
⋅
The DFIR Report
⋅
IcedID to XingLocker Ransomware in 24 hours Cobalt Strike IcedID Mount Locker |
2021-10-15
⋅
Trend Micro
⋅
Ransomware Operators Found Using New "Franchise" Business Model Glupteba IcedID Mount Locker |
2021-10-07
⋅
Netskope
⋅
SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot Cobalt Strike QakBot Squirrelwaffle |
2021-09-29
⋅
Proofpoint
⋅
TA544 Targets Italian Organizations with Ursnif Malware ISFB |
2021-09-10
⋅
Gigamon
⋅
Rendering Threats: A Network Perspective BumbleBee Cobalt Strike |
2021-09-09
⋅
Trend Micro
⋅
Remote Code Execution 0-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs BumbleBee Cobalt Strike |
2021-09-03
⋅
IBM
⋅
Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight Valak QakBot REvil |
2021-09-03
⋅
Trend Micro
⋅
The State of SSL/TLS Certificate Usage in Malware C&C Communications AdWind ostap AsyncRAT BazarBackdoor BitRAT Buer Chthonic CloudEyE Cobalt Strike DCRat Dridex FindPOS GootKit Gozi IcedID ISFB Nanocore RAT Orcus RAT PandaBanker Qadars QakBot Quasar RAT Rockloader ServHelper Shifu SManager TorrentLocker TrickBot Vawtrak Zeus Zloader |
2021-09-02
⋅
Kaspersky
⋅
QakBot Technical Analysis QakBot |
2021-08-15
⋅
Symantec
⋅
The Ransomware Threat Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker |
2021-08-05
⋅
Group-IB
⋅
Prometheus TDS The key to success for Campo Loader, Hancitor, IcedID, and QBot Prometheus Backdoor Buer campoloader Hancitor IcedID QakBot |
2021-08-05
⋅
The Record
⋅
Meet Prometheus, the secret TDS behind some of today’s malware campaigns Buer campoloader IcedID QakBot |
2021-07-30
⋅
HP
⋅
Detecting TA551 domains Valak Dridex IcedID ISFB QakBot |
2021-07-26
⋅
vmware
⋅
Hunting IcedID and unpacking automation with Qiling IcedID |
2021-07-24
⋅
0ffset Blog
⋅
Quack Quack: Analysing Qakbot’s Browser Hooking Module – Part 1 QakBot |
2021-07-23
⋅
Github (Lastline-Inc)
⋅
YARA rules, IOCs and Scripts for extracting IcedID C2s IcedID |
2021-07-19
⋅
The DFIR Report
⋅
IcedID and Cobalt Strike vs Antivirus Cobalt Strike IcedID |
2021-07-14
⋅
Cerium Networks
⋅
Threat of the Month: IcedID Malware IcedID |
2021-07-12
⋅
The Record
⋅
Over 780,000 email accounts compromised by Emotet have been secured Emotet |
2021-07-08
⋅
vmware
⋅
IcedID: Analysis and Detection IcedID |
2021-06-30
⋅
Cynet
⋅
Shelob Moonlight – Spinning a Larger Web From IcedID to CONTI, a Trojan and Ransomware collaboration Conti IcedID |
2021-06-30
⋅
The Record
⋅
Gozi malware gang member arrested in Colombia Gozi ISFB |
2021-06-24
⋅
SentinelOne
⋅
Evasive Maneuvers | Massive IcedID Campaign Aims For Stealth with Benign Macros IcedID |
2021-06-24
⋅
Kaspersky
⋅
Malicious spam campaigns delivering banking Trojans IcedID QakBot |
2021-06-23
⋅
IBM
⋅
Ursnif Leverages Cerberus to Automate Fraudulent Bank Transfers in Italy ISFB |
2021-06-20
⋅
The DFIR Report
⋅
From Word to Lateral Movement in 1 Hour Cobalt Strike IcedID |
2021-06-16
⋅
Twitter (@ChouchWard)
⋅
Tweet on Qbot operators left their web server's access.log file unsecured QakBot |
2021-06-16
⋅
Proofpoint
⋅
The First Step: Initial Access Leads to Ransomware BazarBackdoor Egregor IcedID Maze QakBot REvil Ryuk TrickBot WastedLocker TA570 TA575 TA577 |
2021-06-16
⋅
⋅
S2 Grupo
⋅
Emotet campaign analysis Emotet QakBot |
2021-06-15
⋅
Perception Point
⋅
Insights Into an Excel 4.0 Macro Attack using Qakbot Malware QakBot |
2021-06-10
⋅
ZEIT Online
⋅
On the Trail of the Internet Extortionists Emotet Mailto |
2021-06-10
⋅
ZAYOTEM
⋅
QakBot Technical Analysis Report QakBot |
2021-06-10
⋅
Tagesschau
⋅
Schadsoftware Emotet: BKA befragt Schlüsselfigur Emotet |
2021-06-08
⋅
Advanced Intelligence
⋅
From QBot...with REvil Ransomware: Initial Attack Exposure of JBS QakBot REvil |
2021-06-02
⋅
Bleeping Computer
⋅
FUJIFILM shuts down network after suspected ransomware attack QakBot |
2021-05-29
⋅
Youtube (AhmedS Kasmani)
⋅
Analysis of ICEID Malware Installer DLL IcedID |
2021-05-26
⋅
Check Point
⋅
Melting Ice – Tracking IcedID Servers with a few simple steps IcedID |
2021-05-26
⋅
DeepInstinct
⋅
A Deep Dive into Packing Software CryptOne Cobalt Strike Dridex Emotet Gozi ISFB Mailto QakBot SmokeLoader WastedLocker Zloader |
2021-05-19
⋅
Team Cymru
⋅
Tracking BokBot Infrastructure Mapping a Vast and Currently Active BokBot Network IcedID |
2021-05-19
⋅
Intel 471
⋅
Look how many cybercriminals love Cobalt Strike BazarBackdoor Cobalt Strike Hancitor QakBot SmokeLoader SystemBC TrickBot |
2021-05-18
⋅
RECON INFOSEC
⋅
An Encounter With TA551/Shathak IcedID |
2021-05-17
⋅
Telekom
⋅
Let’s set ice on fire: Hunting and detecting IcedID infections IcedID |
2021-05-17
⋅
Github (telekom-security)
⋅
icedid_analysis IcedID |
2021-05-12
⋅
Conti Ransomware Cobalt Strike Conti IcedID |
2021-05-10
⋅
MALWATION
⋅
IcedID Malware Technical Analysis Report IcedID |
2021-05-10
⋅
Mal-Eats
⋅
Overview of Campo, a new attack campaign targeting Japan AnchorDNS BazarBackdoor Cobalt Strike ISFB Phobos TrickBot Zloader |
2021-05-10
⋅
⋅
Wirtschaftswoche
⋅
How one of the largest hacker networks in the world was paralyzed Emotet |
2021-05-04
⋅
Fox-IT
⋅
RM3 – Curiosities of the wildest banking malware ISFB |
2021-05-04
⋅
Seguranca Informatica
⋅
A taste of the latest release of QakBot QakBot |
2021-05-04
⋅
NCC Group
⋅
RM3 – Curiosities of the wildest banking malware ISFB RM3 |
2021-04-30
⋅
MADRID Labs
⋅
Qbot: Analyzing PHP Proxy Scripts from Compromised Web Server QakBot |
2021-04-28
⋅
Reversing Labs
⋅
Spotting malicious Excel4 macros QakBot |
2021-04-28
⋅
IBM
⋅
QBot Malware Spotted Using Windows Defender Antivirus Lure QakBot |
2021-04-22
⋅
Github (@cecio)
⋅
EMOTET: a State-Machine reversing exercise Emotet |
2021-04-22
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q1 2021 Emotet Ficker Stealer Raccoon |
2021-04-19
⋅
Twitter (@_alex_il_)
⋅
Tweet on QakBot's additional decryption mechanism QakBot |
2021-04-19
⋅
Netresec
⋅
Analysing a malware PCAP with IcedID and Cobalt Strike traffic Cobalt Strike IcedID |
2021-04-17
⋅
YouTube (Worcester DEFCON Group)
⋅
Inside IcedID: Anatomy Of An Infostealer IcedID |
2021-04-15
⋅
AT&T
⋅
The rise of QakBot QakBot |
2021-04-13
⋅
Silent Push
⋅
Malicious infrastructure as a service IcedID PhotoLoader QakBot |
2021-04-12
⋅
PTSecurity
⋅
PaaS, or how hackers evade antivirus software Amadey Bunitu Cerber Dridex ISFB KPOT Stealer Mailto Nemty Phobos Pony Predator The Thief QakBot Raccoon RTM SmokeLoader Zloader |
2021-04-12
⋅
Twitter (@elisalem9)
⋅
Tweets on QakBot QakBot |
2021-04-12
⋅
Trend Micro
⋅
A Spike in BazarCall and IcedID Activity Detected in March BazarBackdoor IcedID |
2021-04-11
⋅
4rchibld
⋅
IcedID on my neck I’m the coolest IcedID |
2021-04-10
⋅
Youtube (AhmedS Kasmani)
⋅
Malware Analysis: IcedID Banking Trojan JavaScript Dropper IcedID |
2021-04-09
⋅
Microsoft
⋅
Investigating a unique “form” of email delivery for IcedID malware IcedID |
2021-04-09
⋅
aaqeel01
⋅
IcedID Analysis IcedID |
2021-04-09
⋅
Palo Alto Networks Unit 42
⋅
Emotet Command and Control Case Study Emotet |
2021-04-07
⋅
Uptycs
⋅
IcedID campaign spotted being spiced with Excel 4 Macros IcedID |
2021-04-07
⋅
Minerva
⋅
IcedID - A New Threat In Office Attachments IcedID |
2021-04-06
⋅
Intel 471
⋅
EtterSilent: the underground’s new favorite maldoc builder BazarBackdoor ISFB QakBot TrickBot |
2021-04-01
⋅
Reversing Labs
⋅
Code Reuse Across Packers and DLL Loaders IcedID SystemBC |
2021-03-31
⋅
Kaspersky
⋅
Financial Cyberthreats in 2020 BetaBot DanaBot Emotet Gozi Ramnit RTM SpyEye TrickBot Zeus |
2021-03-31
⋅
Silent Push
⋅
IcedID Command and Control Infrastructure IcedID PhotoLoader |
2021-03-31
⋅
Red Canary
⋅
2021 Threat Detection Report Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot |
2021-03-29
⋅
The DFIR Report
⋅
Sodinokibi (aka REvil) Ransomware Cobalt Strike IcedID REvil |
2021-03-26
⋅
Trend Micro
⋅
Alleged Members of Egregor Ransomware Cartel Arrested Egregor QakBot |
2021-03-21
⋅
Blackberry
⋅
2021 Threat Report Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot |
2021-03-19
⋅
MITRE
⋅
TA551 GOLD CABIN |
2021-03-18
⋅
VinCSS
⋅
[RE021] Qakbot analysis – Dangerous malware has been around for more than a decade QakBot |
2021-03-17
⋅
HP
⋅
Threat Insights Report Q4-2020 Agent Tesla BitRAT ComodoSec Dridex Emotet Ficker Stealer Formbook Zloader |
2021-03-12
⋅
Binary Defense
⋅
IcedID GZIPLOADER Analysis IcedID |
2021-03-08
⋅
Palo Alto Networks Unit 42
⋅
Attack Chain Overview: Emotet in December 2020 and January 2021 Emotet |
2021-03-04
⋅
F5
⋅
IcedID Banking Trojan Uses COVID-19 Pandemic to Lure New Victims IcedID |
2021-03-01
⋅
Group-IB
⋅
Ransomware Uncovered 2020/2021 RansomEXX BazarBackdoor Buer Clop Conti DoppelPaymer Dridex Egregor IcedID Maze PwndLocker QakBot RansomEXX REvil Ryuk SDBbot TrickBot Zloader |
2021-02-28
⋅
Deobfuscating Emotet Macro Document and Powershell Command Emotet |
2021-02-28
⋅
PWC UK
⋅
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
2021-02-26
⋅
CrowdStrike
⋅
Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact DarkSide RansomEXX Griffon Carbanak Cobalt Strike DarkSide IcedID MimiKatz PyXie RansomEXX REvil |
2021-02-25
⋅
ANSSI
⋅
Ryuk Ransomware BazarBackdoor Buer Conti Emotet Ryuk TrickBot |
2021-02-25
⋅
FireEye
⋅
So Unchill: Melting UNC2198 ICEDID to Ransomware Operations MOUSEISLAND Cobalt Strike Egregor IcedID Maze SystemBC |
2021-02-25
⋅
JPCERT/CC
⋅
Emotet Disruption and Outreach to Affected Users Emotet |
2021-02-24
⋅
Allsafe
⋅
Malware Analysis at Scale - Defeating Emotet by Ghidra Emotet |
2021-02-24
⋅
IBM
⋅
X-Force Threat Intelligence Index 2021 Emotet QakBot Ramnit REvil TrickBot |
2021-02-23
⋅
CrowdStrike
⋅
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
2021-02-17
⋅
⋅
Politie NL
⋅
Politie bestrijdt cybercrime via Nederlandse infrastructuur Emotet |
2021-02-17
⋅
YouTube (AGDC Services)
⋅
How Malware Can Resolve APIs By Hash Emotet Mailto |
2021-02-16
⋅
Proofpoint
⋅
Q4 2020 Threat Report: A Quarterly Analysis of Cybersecurity Trends, Tactics and Themes Emotet Ryuk NARWHAL SPIDER TA800 |
2021-02-15
⋅
Twitter (@TheDFIRReport)
⋅
Tweet on Qakbot post infection discovery activity QakBot |
2021-02-12
⋅
CERT-FR
⋅
The Malware-Aa-A-Service Emotet Emotet |
2021-02-08
⋅
GRNET CERT
⋅
Reverse engineering Emotet – Our approach to protect GRNET against the trojan Emotet |
2021-02-03
⋅
TA551/Shathak Threat Research IcedID |
2021-02-03
⋅
Digital Shadows
⋅
Emotet Disruption: what it means for the cyber threat landscape Emotet |
2021-02-03
⋅
ZDNet
⋅
Ursnif Trojan has targeted over 100 Italian banks ISFB Snifula |
2021-02-02
⋅
⋅
CRONUP
⋅
De ataque con Malware a incidente de Ransomware Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader |
2021-02-01
⋅
Microsoft
⋅
What tracking an attacker email infrastructure tells us about persistent cybercriminal operations Dridex Emotet Makop Ransomware SmokeLoader TrickBot |
2021-01-29
⋅
Malwarebytes
⋅
Cleaning up after Emotet: the law enforcement file Emotet |
2021-01-28
⋅
NTT
⋅
Emotet disruption - Europol counterattack Emotet |
2021-01-28
⋅
InfoSec Handlers Diary Blog
⋅
Emotet vs. Windows Attack Surface Reduction Emotet |
2021-01-28
⋅
Youtube (Virus Bulletin)
⋅
The Bagsu banker case Azorult DreamBot Emotet Pony TrickBot ZeusAction |
2021-01-28
⋅
Hornetsecurity
⋅
Emotet Botnet Takedown Emotet |
2021-01-28
⋅
Department of Homeland Security
⋅
Emotet Botnet Disrupted in International Cyber Operation Emotet |
2021-01-27
⋅
Intel 471
⋅
Emotet takedown is not like the Trickbot takedown Emotet |
2021-01-27
⋅
⋅
Youtube (Національна поліція України)
⋅
Кіберполіція викрила транснаціональне угруповання хакерів у розповсюдженні вірусу EMOTET Emotet |
2021-01-27
⋅
Eurojust
⋅
World’s most dangerous malware EMOTET disrupted through global action Emotet |
2021-01-27
⋅
KrebsOnSecurity
⋅
International Action Targets Emotet Crimeware Emotet |
2021-01-27
⋅
Twitter (@milkr3am)
⋅
Tweet on all Emotet epoch pushing payload to self remove emotet malware on 2021-04-25 Emotet |
2021-01-27
⋅
⋅
Bundeskriminalamt
⋅
Infrastruktur der Emotet-Schadsoftware zerschlagen Emotet |
2021-01-27
⋅
Team Cymru
⋅
Taking Down Emotet How Team Cymru Leveraged Visibility and Relationships to Coordinate Community Efforts Emotet |
2021-01-19
⋅
Medium elis531989
⋅
Funtastic Packers And Where To Find Them Get2 IcedID QakBot |
2021-01-19
⋅
Palo Alto Networks Unit 42
⋅
Wireshark Tutorial: Examining Emotet Infection Traffic Emotet GootKit IcedID QakBot TrickBot |
2021-01-18
⋅
tccontre Blog
⋅
Extracting Shellcode in ICEID .PNG Steganography IcedID |
2021-01-14
⋅
Netskope
⋅
You Can Run, But You Can’t Hide: Advanced Emotet Updates Emotet |
2021-01-13
⋅
VinCSS
⋅
[RE019] From A to X analyzing some real cases which used recent Emotet samples Emotet |
2021-01-12
⋅
Fortinet
⋅
New Variant of Ursnif Continuously Targeting Italy ISFB |
2021-01-09
⋅
Marco Ramilli's Blog
⋅
Command and Control Traffic Patterns ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot |
2021-01-08
⋅
0xC0DECAFE
⋅
The malware analyst’s guide to aPLib decompression ISFB Rovnix |
2021-01-07
⋅
Palo Alto Networks Unit 42
⋅
TA551: Email Attack Campaign Switches from Valak to IcedID IcedID |
2021-01-06
⋅
FBI
⋅
PIN Number 20210106-001: Egregor Ransomware Targets Businesses Worldwide, Attempting to Extort Businesses by Publicly Releasing Exfiltrated Data Egregor QakBot |
2021-01-05
⋅
r3mrum blog
⋅
Manual analysis of new PowerSplit maldocs delivering Emotet Emotet |
2021-01-01
⋅
AWAKE
⋅
Breaking the Ice: Detecting IcedID and Cobalt Strike Beacon with Network Detection and Response (NDR) Cobalt Strike IcedID PhotoLoader |
2021-01-01
⋅
Secureworks
⋅
Threat Profile: GOLD LAGOON QakBot MALLARD SPIDER |
2021-01-01
⋅
Secureworks
⋅
Threat Profile: GOLD CABIN GOLD CABIN |
2020-12-31
⋅
⋅
Cert-AgID
⋅
Simplify Emotet parsing with Python and iced x86 Emotet |
2020-12-30
⋅
Bleeping Computer
⋅
Emotet malware hits Lithuania's National Public Health Center Emotet |
2020-12-21
⋅
Cisco Talos
⋅
2020: The year in malware WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader |
2020-12-15
⋅
Hornetsecurity
⋅
QakBot reducing its on disk artifacts Egregor PwndLocker QakBot |
2020-12-12
⋅
Medium 0xthreatintel
⋅
Reversing QakBot [ TLP: White] QakBot |
2020-12-10
⋅
Youtube (OALabs)
⋅
Malware Triage Analyzing PrnLoader Used To Drop Emotet Emotet |
2020-12-10
⋅
⋅
NRI SECURE
⋅
マルウェア「IcedID」の検知傾向と感染に至るプロセスを徹底解説 IcedID |
2020-12-09
⋅
InfoSec Handlers Diary Blog
⋅
Recent Qakbot (Qbot) activity Cobalt Strike QakBot |
2020-12-09
⋅
Cisco
⋅
Quarterly Report: Incident Response trends from Fall 2020 Cobalt Strike IcedID Maze RansomEXX Ryuk |
2020-12-09
⋅
FireEye
⋅
It's not FINished The Evolving Maturity in Ransomware Operations (SLIDES) Cobalt Strike DoppelPaymer QakBot REvil |
2020-12-09
⋅
Microsoft
⋅
EDR in block mode stops IcedID cold IcedID |
2020-12-04
⋅
Kaspersky Labs
⋅
The chronicles of Emotet Emotet |
2020-12-03
⋅
Recorded Future
⋅
Egregor Ransomware, Used in a String of High-Profile Attacks, Shows Connections to QakBot Egregor QakBot |
2020-12-02
⋅
Red Canary
⋅
Tweet on increased #Qbot activity delivering Cobalt Strike & #Egregor ransomware Cobalt Strike Egregor QakBot |
2020-12-02
⋅
CyberInt
⋅
IcedID Stealer Man-in-the-browser Banking Trojan IcedID |
2020-12-01
⋅
Group-IB
⋅
Egregor ransomware: The legacy of Maze lives on Egregor QakBot |
2020-11-30
⋅
FireEye
⋅
It's not FINished The Evolving Maturity in Ransomware Operations Cobalt Strike DoppelPaymer MimiKatz QakBot REvil |
2020-11-27
⋅
malware.love
⋅
Having fun with a Ursnif VBS dropper ISFB Snifula |
2020-11-27
⋅
Fiducia & GAD IT AG
⋅
When ransomware hits an ATM giant - The Diebold Nixdorf case dissected PwndLocker QakBot |
2020-11-26
⋅
VirusTotal
⋅
Using similarity to expand context and map out threat campaigns Emotet |
2020-11-26
⋅
Cybereason
⋅
Cybereason vs. Egregor Ransomware Cobalt Strike Egregor IcedID ISFB QakBot |
2020-11-22
⋅
Irshad's Blog
⋅
Analyzing an Emotet Dropper and Writing a Python Script to Statically Unpack Payload. Emotet |
2020-11-20
⋅
ZDNet
⋅
The malware that usually installs ransomware and you need to remove right away Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader |
2020-11-20
⋅
Group-IB
⋅
The Locking Egregor Egregor QakBot |
2020-11-18
⋅
Cisco
⋅
Back from vacation: Analyzing Emotet’s activity in 2020 Emotet |
2020-11-12
⋅
Intrinsec
⋅
Egregor – Prolock: Fraternal Twins ? Egregor PwndLocker QakBot |
2020-11-06
⋅
Security Soup Blog
⋅
Quick Post: Spooky New PowerShell Obfuscation in Emotet Maldocs Emotet |
2020-11-06
⋅
⋅
LAC WATCH
⋅
分析レポート:Emotetの裏で動くバンキングマルウェア「Zloader」に注意 Emotet Zloader |
2020-11-05
⋅
Brim Security
⋅
Hunting Emotet with Brim and Zeek Emotet |
2020-10-29
⋅
Palo Alto Networks Unit 42
⋅
Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee Emotet |
2020-10-29
⋅
CERT-FR
⋅
LE MALWARE-AS-A-SERVICE EMOTET Dridex Emotet ISFB QakBot |
2020-10-28
⋅
Bitdefender
⋅
A Decade of WMI Abuse – an Overview of Techniques in Modern Malware sLoad Emotet Maze |
2020-10-20
⋅
⋅
Bundesamt für Sicherheit in der Informationstechnik
⋅
Die Lage der IT-Sicherheit in Deutschland 2020 Clop Emotet REvil Ryuk TrickBot |
2020-10-19
⋅
SPAM Auditor
⋅
The Many Faces of Emotet Emotet |
2020-10-16
⋅
Proofpoint
⋅
Geofenced Amazon Japan Credential Phishing Volumes Rival Emotet Emotet |
2020-10-15
⋅
Department of Justice
⋅
Officials Announce International Operation Targeting Transnational Criminal Organization QQAAZZ that Provided Money Laundering Services to High-Level Cybercriminals Dridex ISFB TrickBot |
2020-10-14
⋅
CrowdStrike
⋅
Duck Hunting with Falcon Complete: Remediating a Fowl Banking Trojan, Part 3 QakBot |
2020-10-12
⋅
DeepInstinct
⋅
Why Emotet’s Latest Wave is Harder to Catch Than Ever Before – Part 2 Emotet |
2020-10-07
⋅
CrowdStrike
⋅
Duck Hunting with Falcon Complete: Analyzing a Fowl Banking Trojan, Part 2 QakBot Zloader |
2020-10-01
⋅
Proofpoint
⋅
Emotet Makes Timely Adoption of Political and Elections Lures Emotet |
2020-10-01
⋅
CrowdStrike
⋅
Duck Hunting with Falcon Complete: Analyzing a Fowl Banking Trojan, Part 1 QakBot MALLARD SPIDER |
2020-09-29
⋅
PWC UK
⋅
What's behind the increase in ransomware attacks this year? DarkSide Avaddon Clop Conti DoppelPaymer Dridex Emotet FriedEx Mailto PwndLocker QakBot REvil Ryuk SMAUG SunCrypt TrickBot WastedLocker |
2020-09-29
⋅
Microsoft
⋅
Microsoft Digital Defense Report Emotet IcedID Mailto Maze QakBot REvil RobinHood TrickBot |
2020-09-29
⋅
Seqrite
⋅
The return of the Emotet as the world unlocks! Emotet |
2020-09-23
⋅
paloalto Netoworks: Unit42
⋅
Case Study: Emotet Thread Hijacking, an Email Attack Technique Emotet |
2020-09-11
⋅
ThreatConnect
⋅
Research Roundup: Activity on Previously Identified APT33 Domains Emotet PlugX APT33 |
2020-09-10
⋅
Group-IB
⋅
Lock Like a Pro: Dive in Recent ProLock's Big Game Hunting PwndLocker QakBot |
2020-09-10
⋅
QuoSec GmbH
⋅
grap: Automating QakBot strings decryption QakBot |
2020-09-07
⋅
CERT NZ
⋅
Emotet Malware being spread via email Emotet |
2020-09-07
⋅
CERT-FR
⋅
Bulletin d'alerte du CERT-FR: Recrudescence d’activité Emotet en France Emotet |
2020-09-04
⋅
QuoSec GmbH
⋅
Navigating QakBot samples with grap QakBot |
2020-09-02
⋅
Cisco Talos
⋅
Salfram: Robbing the place without removing your name tag Ave Maria ISFB SmokeLoader Zloader |
2020-08-31
⋅
Inde
⋅
Analysis of the latest wave of Emotet malicious documents Emotet |
2020-08-28
⋅
Checkpoint
⋅
Gozi: The Malware with a Thousand Faces DreamBot ISFB LOLSnif SaiGon |
2020-08-28
⋅
Proofpoint
⋅
A Comprehensive Look at Emotet’s Summer 2020 Return Emotet MUMMY SPIDER |
2020-08-27
⋅
Checkpoint
⋅
An Old Bot’s Nasty New Tricks: Exploring Qbot’s Latest Attack Methods QakBot |
2020-08-24
⋅
Hornetsecurity
⋅
Emotet Update increases Downloads Emotet |
2020-08-20
⋅
Morphisec
⋅
QakBot (QBot) Maldoc Campaign Introduces Two New Techniques into Its Arsenal QakBot |
2020-08-16
⋅
kienmanowar Blog
⋅
Manual Unpacking IcedID Write-up IcedID |
2020-08-14
⋅
Binary Defense
⋅
EmoCrash: Exploiting a Vulnerability in Emotet Malware for Defense Emotet |
2020-08-12
⋅
Juniper
⋅
IcedID Campaign Strikes Back IcedID |
2020-08-12
⋅
DeepInstinct
⋅
Why Emotet’s Latest Wave is Harder to Catch than Ever Before Emotet |
2020-08-10
⋅
tccontre Blog
⋅
Learning From ICEID loader - Including its Steganography Payload Parsing IcedID |
2020-08-09
⋅
F5 Labs
⋅
Banking Trojans: A Reference Guide to the Malware Family Tree BackSwap Carberp Citadel DanaBot Dridex Dyre Emotet Gozi Kronos PandaBanker Ramnit Shylock SpyEye Tinba TrickBot Vawtrak Zeus |
2020-08-05
⋅
Github (mauronz)
⋅
Emotet API+string deobfuscator (v0.1) Emotet |
2020-08-01
⋅
⋅
TG Soft
⋅
TG Soft Cyber - Threat Report DarkComet Darktrack RAT Emotet ISFB |
2020-07-31
⋅
Hornetsecurity
⋅
The webshells powering Emotet Emotet |
2020-07-30
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q2 2020 AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader |
2020-07-29
⋅
ESET Research
⋅
THREAT REPORT Q2 2020 DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor |
2020-07-29
⋅
Sophos Labs
⋅
Emotet’s return is the canary in the coal mine Emotet |
2020-07-28
⋅
Bleeping Computer
⋅
Emotet malware now steals your email attachments to attack contacts Emotet |
2020-07-23
⋅
Darktrace
⋅
The resurgence of the Ursnif banking trojan ISFB Snifula |
2020-07-22
⋅
SentinelOne
⋅
Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW) ISFB Maze TrickBot Zloader |
2020-07-20
⋅
Bleeping Computer
⋅
Emotet-TrickBot malware duo is back infecting Windows machines Emotet TrickBot |
2020-07-20
⋅
NTT
⋅
Shellbot victim overlap with Emotet network infrastructure Emotet |
2020-07-20
⋅
Hornetsecurity
⋅
Emotet is back Emotet |
2020-07-18
⋅
Hornetsecurity
⋅
Firefox Send sends Ursnif malware ISFB |
2020-07-17
⋅
CERT-FR
⋅
The Malware Dridex: Origins and Uses Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus |
2020-07-15
⋅
N1ght-W0lf Blog
⋅
Deep Analysis of QBot Banking Trojan QakBot |
2020-07-01
⋅
⋅
TG Soft
⋅
Cyber-Threat Report on the cyber attacks of June 2020 in Italy Avaddon ISFB |
2020-07-01
⋅
Cisco Talos
⋅
Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks Valak IcedID ISFB MyKings Spreader |
2020-06-24
⋅
Morphisec
⋅
Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex Dridex ISFB QakBot Zloader |
2020-06-23
⋅
NCC Group
⋅
WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group Cobalt Strike ISFB WastedLocker |
2020-06-22
⋅
zero2auto
⋅
Unpacking Visual Basic Packers – IcedID IcedID |
2020-06-21
⋅
Malware and Stuff
⋅
UpnP – Messing up Security since years QakBot |
2020-06-18
⋅
Juniper
⋅
COVID-19 and FMLA Campaigns used to install new IcedID banking malware IcedID |
2020-06-18
⋅
NTT Security
⋅
Behind the scenes of the Emotet Infrastructure Emotet |
2020-06-17
⋅
Youtube (Red Canary)
⋅
ATT&CK® Deep Dive: Process Injection ISFB Ramnit TrickBot |
2020-06-17
⋅
Github (f0wl)
⋅
deICEr: A Go tool for extracting config from IcedID second stage Loaders IcedID |
2020-06-16
⋅
Hornetsecurity
⋅
QakBot malspam leading to ProLock: Nothing personal just business PwndLocker QakBot |
2020-06-12
⋅
ThreatConnect
⋅
Probable Sandworm Infrastructure Avaddon Emotet Kimsuky |
2020-06-11
⋅
F5 Labs
⋅
Qbot Banking Trojan Still Up to Its Old Tricks QakBot |
2020-06-02
⋅
Morphisec
⋅
Ursnif/Gozi Delivery - Excel Macro 4.0 Utilization Uptick & OCR Bypass ISFB |
2020-06-02
⋅
Lastline Labs
⋅
Evolution of Excel 4.0 Macro Weaponization Agent Tesla DanaBot ISFB TrickBot Zloader |
2020-05-29
⋅
Group-IB
⋅
IcedID: When ice burns through bank accounts IcedID |
2020-05-28
⋅
VMWare Carbon Black
⋅
Modern Bank Heists 3.0 Emotet |
2020-05-24
⋅
Palo Alto Networks Unit 42
⋅
Using AI to Detect Malicious C2 Traffic Emotet Sality |
2020-05-21
⋅
PICUS Security
⋅
T1055 Process Injection BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE |
2020-05-07
⋅
Github (mlodic)
⋅
Ursnif beacon decryptor Gozi ISFB |
2020-05-05
⋅
Hornetsecurity
⋅
Awaiting the Inevitable Return of Emotet Emotet |
2020-05-05
⋅
Malware and Stuff
⋅
An old enemy – Diving into QBot part 3 QakBot |
2020-04-22
⋅
Youtube (Infosec Alpha)
⋅
FlattenTheCurve - Emotet Control Flow Unflattening | Episode 2 Emotet |
2020-04-14
⋅
Intel 471
⋅
Understanding the relationship between Emotet, Ryuk and TrickBot Emotet Ryuk TrickBot |
2020-04-03
⋅
Bleeping Computer
⋅
Microsoft: Emotet Took Down a Network by Overheating All Computers Emotet |
2020-03-31
⋅
Youtube (Infosec Alpha)
⋅
Emotet Binary Deobfuscation | Coconut Paradise | Episode 1 Emotet |
2020-03-30
⋅
Symantec
⋅
Emotet: Dangerous Malware Keeps on Evolving Emotet |
2020-03-30
⋅
Intezer
⋅
Fantastic payloads and where we find them Dridex Emotet ISFB TrickBot |
2020-03-30
⋅
Malware and Stuff
⋅
An old enemy – Diving into QBot part 1 QakBot |
2020-03-18
⋅
Proofpoint
⋅
Coronavirus Threat Landscape Update Agent Tesla Get2 ISFB Remcos |
2020-03-12
⋅
Digital Shadows
⋅
How cybercriminals are taking advantage of COVID-19: Scams, fraud, and misinformation Emotet |
2020-03-11
⋅
Twitter (@raashidbhatt)
⋅
Tweet on Emotet Deobfuscation with Video Emotet |
2020-03-06
⋅
Telekom
⋅
Dissecting Emotet - Part 2 Emotet |
2020-03-06
⋅
Binary Defense
⋅
Emotet Wi-Fi Spreader Upgraded Emotet |
2020-03-04
⋅
CrowdStrike
⋅
2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
2020-03-03
⋅
PWC UK
⋅
Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle |
2020-03-02
⋅
⋅
c't
⋅
Was Emotet anrichtet – und welche Lehren die Opfer daraus ziehen Emotet Ryuk |
2020-02-29
⋅
ZDNet
⋅
Meet the white-hat group fighting Emotet, the world's most dangerous malware Emotet |
2020-02-19
⋅
FireEye
⋅
M-Trends 2020 Cobalt Strike Grateful POS LockerGoga QakBot TrickBot |
2020-02-18
⋅
CERT.PL
⋅
What’s up Emotet? Emotet |
2020-02-18
⋅
Sophos Labs
⋅
Nearly a quarter of malware now communicates using TLS Dridex IcedID TrickBot |
2020-02-13
⋅
Palo Alto Networks Unit 42
⋅
Wireshark Tutorial: Examining Qakbot Infections QakBot |
2020-02-13
⋅
Talos
⋅
Threat actors attempt to capitalize on coronavirus outbreak Emotet Nanocore RAT Parallax RAT |
2020-02-10
⋅
Malwarebytes
⋅
2020 State of Malware Report magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor |
2020-02-08
⋅
PICUS Security
⋅
Emotet Technical Analysis - Part 2 PowerShell Unveiled Emotet |
2020-02-07
⋅
Binary Defense
⋅
Emotet Evolves With New Wi-Fi Spreader Emotet |
2020-02-03
⋅
Telekom
⋅
Dissecting Emotet – Part 1 Emotet |
2020-01-30
⋅
PICUS Security
⋅
Emotet Technical Analysis - Part 1 Reveal the Evil Code Emotet |
2020-01-30
⋅
IBM X-Force Exchange
⋅
Coronavirus Goes Cyber With Emotet Emotet |
2020-01-27
⋅
⋅
T-Systems
⋅
Vorläufiger forensischer Abschlussbericht zur Untersuchung des Incidents beim Berliner Kammergericht Emotet TrickBot |
2020-01-23
⋅
SANS ISC InfoSec Forums
⋅
German language malspam pushes Ursnif ISFB |
2020-01-22
⋅
The malware analyst’s guide to PE timestamps Azorult Gozi IcedID ISFB LOLSnif SUNBURST TEARDROP |
2020-01-17
⋅
100 more behind cockroaches? MoqHao Emotet Predator The Thief |
2020-01-17
⋅
Battle Against Ursnif Malspam Campaign targeting Japan Cutwail ISFB TrickBot UrlZone |
2020-01-17
⋅
JPCERT/CC
⋅
Looking back on the incidents in 2019 TSCookie NodeRAT Emotet PoshC2 Quasar RAT |
2020-01-14
⋅
Bleeping Computer
⋅
United Nations Targeted With Emotet Malware Phishing Attack Emotet |
2020-01-13
⋅
Gigamon
⋅
Emotet: Not your Run-of-the-mill Malware Emotet |
2020-01-10
⋅
CSIS
⋅
Threat Matrix H1 2019 Gustuff magecart Emotet Gandcrab Ramnit TrickBot |
2020-01-07
⋅
Hatching.io
⋅
Powershell Static Analysis & Emotet results Emotet |
2020-01-03
⋅
Youtube (BSides Belfast)
⋅
Demystifying QBot Banking Trojan QakBot |
2020-01-01
⋅
Secureworks
⋅
GOLD LAGOON QakBot |
2020-01-01
⋅
Secureworks
⋅
GOLD SWATHMORE GlobeImposter Gozi IcedID TrickBot LUNAR SPIDER |
2020-01-01
⋅
University of Malta
⋅
Memory Forensics of Qakbot QakBot |
2020-01-01
⋅
Secureworks
⋅
GOLD CRESTWOOD Emotet MUMMY SPIDER |
2019-12-24
⋅
Sophos
⋅
Gozi V3: tracked by their own stealth ISFB |
2019-12-23
⋅
Palo Alto Networks Unit 42
⋅
Wireshark Tutorial: Examining Ursnif Infections ISFB |
2019-12-18
⋅
Github (psrok1)
⋅
IcedID PNG Extractor IcedID |
2019-12-12
⋅
FireEye
⋅
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech |
2019-12-10
⋅
JPCERT/CC
⋅
[Updated] Alert Regarding Emotet Malware Infection Emotet |
2019-12-07
⋅
Secureworks
⋅
End-to-end Botnet Monitoring... Botconf 2019 Emotet ISFB QakBot |
2019-12-04
⋅
JPCERT/CC
⋅
How to Respond to Emotet Infection (FAQ) Emotet |
2019-12-03
⋅
Malwarebytes
⋅
New version of IcedID Trojan uses steganographic payloads IcedID |
2019-11-12
⋅
Hatching.io
⋅
Reversing Qakbot QakBot |
2019-11-06
⋅
⋅
Heise Security
⋅
Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail Emotet Ryuk TrickBot |
2019-10-30
⋅
Zscaler
⋅
Emotet is back in action after a short break Emotet |
2019-10-14
⋅
Is Emotet gang targeting companies with external SOC? Emotet |
2019-09-24
⋅
Dissecting Malware
⋅
Return of the Mummy - Welcome back, Emotet Emotet |
2019-09-16
⋅
Malwarebytes
⋅
Emotet is back: botnet springs back to life with new spam campaign Emotet |
2019-08-13
⋅
Adalogics
⋅
The state of advanced code injections Dridex Emotet Tinba |
2019-08-12
⋅
⋅
Schweizerische Eidgenossenschaft
⋅
Trojaner Emotet greift Unternehmensnetzwerke an Emotet |
2019-08-07
⋅
Fortinet
⋅
New Ursnif Variant Spreading by Word Document ISFB |
2019-07-11
⋅
Proofpoint
⋅
Threat Actor Profile: TA544 targets geographies from Italy to Japan with a range of malware ISFB PandaBanker UrlZone NARWHAL SPIDER |
2019-07-09
⋅
Fortinet
⋅
A Deep Dive Into IcedID Malware: Part I - Unpacking, Hooking and Process Injection IcedID |
2019-06-25
⋅
IcedID aka #Bokbot Analysis with Ghidra IcedID |
2019-06-25
⋅
VMRay
⋅
Analyzing Ursnif’s Behavior Using a Malware Sandbox ISFB |
2019-06-19
⋅
Proofpoint
⋅
URLZone top malware in Japan, while Emotet and LINE Phishing round out the landscape ISFB UrlZone NARWHAL SPIDER |
2019-06-16
⋅
Fortinet
⋅
A Deep Dive Into IcedID Malware: Part II - Analysis of the Core IcedID Payload (Parent Process) IcedID |
2019-06-06
⋅
Fortinet
⋅
A Deep Dive into the Emotet Malware Emotet |
2019-06-03
⋅
Varonis
⋅
Varonis Exposes Global Cyber Campaign: C2 Server Actively Compromising Thousands of Victims QakBot |
2019-05-25
⋅
0ffset Blog
⋅
Analyzing ISFB – The Second Loader ISFB |
2019-05-15
⋅
Proofpoint
⋅
Threat Actor Profile: TA542, From Banker to Malware Distribution Service Emotet MUMMY SPIDER |
2019-05-09
⋅
GovCERT.ch
⋅
Severe Ransomware Attacks Against Swiss SMEs Emotet LockerGoga Ryuk TrickBot |
2019-05-02
⋅
Cisco Talos
⋅
Qakbot levels up with new obfuscation techniques QakBot |
2019-04-29
⋅
Blueliv
⋅
Where is Emotet? Latest geolocation data Emotet |
2019-04-25
⋅
Trend Micro
⋅
Emotet Adds New Evasion Technique Emotet |
2019-04-22
⋅
int 0xcc blog
⋅
Dissecting Emotet’s network communication protocol Emotet |
2019-04-12
⋅
SpamTitan
⋅
Emotet Malware Revives Old Email Conversations Threads to Increase Infection Rates Emotet |
2019-04-07
⋅
Emotet malware analysis. Part 2 Emotet |
2019-04-06
⋅
Youtube (hasherezade)
⋅
Unpacking ISFB (including the custom 'PX' format) ISFB |
2019-04-05
⋅
Yoroi
⋅
Ursnif: The Latest Evolution of the Most Popular Banking Malware ISFB |
2019-04-04
⋅
SecurityIntelligence
⋅
IcedID Banking Trojan Spruces Up Injection Tactics to Add Stealth IcedID |
2019-04-01
⋅
Analyzing Emotet with Ghidra — Part 1 Emotet |
2019-03-27
⋅
Spamhaus
⋅
Emotet adds a further layer of camouflage Emotet |
2019-03-26
⋅
Yoroi
⋅
The Ursnif Gangs keep Threatening Italy ISFB |
2019-03-21
⋅
CrowdStrike
⋅
Interception: Dissecting BokBot’s “Man in the Browser” IcedID |
2019-03-17
⋅
Persianov on Security
⋅
Emotet malware analysis. Part 1 Emotet |
2019-03-15
⋅
Cofense
⋅
Flash Bulletin: Emotet Epoch 1 Changes its C2 Communication Emotet |
2019-03-13
⋅
0ffset Blog
⋅
Analysing ISFB – The First Loader ISFB |
2019-03-12
⋅
Cybereason
⋅
New Ursnif Variant targets Japan packed with new Features ISFB UrlZone |
2019-03-11
⋅
Minerva
⋅
Attackers Insert Themselves into the Email Conversation to Spread Malware ISFB |
2019-03-08
⋅
The Daily Swig
⋅
Emotet trojan implicated in Wolverine Solutions ransomware attack Emotet |
2019-02-16
⋅
Max Kersten's Blog
⋅
Emotet droppers Emotet |
2019-02-15
⋅
CrowdStrike
⋅
“Sin”-ful SPIDERS: WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web Dyre IcedID TrickBot Vawtrak LUNAR SPIDER WIZARD SPIDER |
2019-02-07
⋅
Yoroi
⋅
Ursnif: Long Live the Steganography! ISFB |
2019-02-06
⋅
SecurityIntelligence
⋅
IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites IcedID |
2019-01-30
⋅
Cyberbit
⋅
New Ursnif Malware Variant – a Stunning Matryoshka (Матрёшка) ISFB |
2019-01-24
⋅
Cisco Talos
⋅
Cisco AMP tracks new campaign that delivers Ursnif ISFB |
2019-01-17
⋅
SANS ISC InfoSec Forums
⋅
Emotet infections and follow-up malware Emotet |
2019-01-15
⋅
0ffset Blog
⋅
Analyzing COMmunication in Malware ISFB |
2019-01-05
⋅
Github (d00rt)
⋅
Emotet Research Emotet |
2019-01-03
⋅
CrowdStrike
⋅
Digging into BokBot’s Core Module IcedID |
2019-01-01
⋅
Emutet Emotet |
2019-01-01
⋅
CSIS
⋅
Dreambot Business overview 2019 ISFB |
2018-12-18
⋅
Trend Micro
⋅
URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader Dridex Emotet FriedEx ISFB |
2018-11-16
⋅
Trend Micro
⋅
Exploring Emotet: Examining Emotet’s Activities, Infrastructure Emotet |
2018-11-09
⋅
Youtube (OALabs)
⋅
Reverse Engineering IcedID / Bokbot Malware Part 2 IcedID |
2018-11-09
⋅
ESET Research
⋅
Emotet launches major new spam campaign Emotet |
2018-10-31
⋅
Kryptos Logic
⋅
Emotet Awakens With New Campaign of Mass Email Exfiltration Emotet |
2018-10-26
⋅
Youtube (OALabs)
⋅
Unpacking Bokbot / IcedID Malware - Part 1 IcedID |
2018-09-12
⋅
Cryptolaemus Pastedump
⋅
Emotet IOC Emotet |
2018-09-07
⋅
Let's Learn: Deeper Dive into "IcedID"/"BokBot" Banking Malware: Part 1 IcedID |
2018-08-09
⋅
Fox-IT
⋅
Bokbot: The (re)birth of a banker IcedID Vawtrak |
2018-08-01
⋅
Kryptos Logic
⋅
Inside Look at Emotet's Global Victims and Malspam Qakbot Payloads Emotet |
2018-07-29
⋅
Vitali Kremez Blog
⋅
Let's Learn: In-Depth Reversing of Qakbot "qbot" Banker Part 1 QakBot |
2018-07-26
⋅
Intezer
⋅
Mitigating Emotet, The Most Common Banking Trojan Emotet |
2018-07-24
⋅
Check Point
⋅
Emotet: The Tricky Trojan that ‘Git Clones’ Emotet |
2018-07-23
⋅
MalFind
⋅
Deobfuscating Emotet’s powershell payload Emotet |
2018-07-20
⋅
NCCIC
⋅
Alert (TA18-201A) Emotet Malware Emotet |
2018-07-18
⋅
Symantec
⋅
The Evolution of Emotet: From Banking Trojan to Threat Distributor Emotet |
2018-05-17
⋅
Fidelis
⋅
Gozi V3 Technical Update ISFB |
2018-04-10
⋅
Cisco Talos
⋅
IcedID Banking Trojan Teams up with Ursnif/Dreambot for Distribution IcedID |
2018-03-19
⋅
Unpacking Ursnif ISFB |
2018-03-06
⋅
Cisco Talos
⋅
Gozi ISFB Remains Active in 2018, Leverages "Dark Cloud" Botnet For Distribution ISFB |
2018-02-08
⋅
CrowdStrike
⋅
Meet CrowdStrike’s Adversary of the Month for February: MUMMY SPIDER Emotet MUMMY SPIDER |
2018-02-07
⋅
Cylance
⋅
Threat Spotlight: URSNIF Infostealer Malware ISFB |
2018-01-17
⋅
SANS ISC
⋅
Reviewing the spam filters: Malspam pushing Gozi-ISFB ISFB |
2018-01-12
⋅
Proofpoint
⋅
Holiday lull? Not so much Dridex Emotet GlobeImposter ISFB Necurs PandaBanker UrlZone NARWHAL SPIDER |
2018-01-01
⋅
Quick Heal
⋅
The Complete story of EMOTET Most prominent Malware of 2018 Emotet |
2017-11-28
⋅
FireEye
⋅
Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection ISFB |
2017-11-15
⋅
Trend Micro
⋅
New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis Emotet |
2017-11-14
⋅
Digital Guardian
⋅
IceID Banking Trojan Targeting Banks, Payment Card Providers, E-Commerce Sites IcedID |
2017-11-13
⋅
Intezer
⋅
IcedID Banking Trojan Shares Code with Pony 2.0 Trojan IcedID IcedID Downloader |
2017-11-13
⋅
SecurityIntelligence
⋅
New Banking Trojan IcedID Discovered by IBM X-Force Research IcedID IcedID Downloader |
2017-11-06
⋅
Microsoft
⋅
Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks Emotet QakBot |
2017-11-06
⋅
Microsoft
⋅
Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks Emotet |
2017-10-12
⋅
G Data
⋅
Emotet beutet Outlook aus Emotet |
2017-10-06
⋅
CERT.PL
⋅
Peering into spam botnets Emotet Kelihos Necurs SendSafe Tofsee |
2017-09-07
⋅
Trend Micro
⋅
EMOTET Returns, Starts Spreading via Spam Botnet Emotet |
2017-07-17
⋅
Malwarebytes
⋅
It’s baaaack: Public cyber enemy Emotet has returned Emotet |
2017-07-02
⋅
CERT.PL
⋅
ISFB: Still Live and Kicking ISFB |
2017-06-02
⋅
SecurityIntelligence
⋅
QakBot Banking Trojan Causes Massive Active Directory Lockouts QakBot |
2017-05-31
⋅
ropgadget.com
⋅
Writing PCRE's for applied passive network defense [Emotet] Emotet |
2017-05-29
⋅
Lokalhost.pl
⋅
Gozi Tree DreamBot Gozi ISFB Powersniff |
2017-05-24
⋅
CERT.PL
⋅
Analysis of Emotet v4 Emotet |
2017-05-23
⋅
ThreatVector
⋅
Quakbot QakBot |
2017-05-03
⋅
Fortinet
⋅
Deep Analysis of New Emotet Variant - Part 1 Emotet |
2017-04-20
⋅
Malwarebytes
⋅
Binary Options malvertising campaign drops ISFB banking Trojan ISFB |
2016-11-01
⋅
Ariel Koren's Blog
⋅
Ursnif Malware: Deep Technical Dive ISFB |
2016-08-01
⋅
Intel Security
⋅
DIVING INTO PINKSLIPBOT’S LATEST CAMPAIGN QakBot |
2016-04-28
⋅
Cisco Talos
⋅
Research Spotlight: The Resurgence of Qbot QakBot |
2016-04-14
⋅
SecurityIntelligence
⋅
Meet GozNym: The Banking Malware Offspring of Gozi ISFB and Nymaim ISFB Nymaim GozNym |
2016-03-23
⋅
Github (gbrindisi)
⋅
Gozi ISFB Sourceccode ISFB |
2016-02-24
⋅
Johannes Bader Blog
⋅
The DGA of Qakbot.T QakBot |
2016-01-01
⋅
BAE Systems
⋅
The Return of Qbot QakBot |
2015-04-09
⋅
Kaspersky Labs
⋅
The Banking Trojan Emotet: Detailed Analysis Emotet |
2013-01-18
⋅
abuse.ch
⋅
Feodo Tracker Emotet |
2012-01-01
⋅
Symantec
⋅
W32.Qakbot in Detail QakBot |
2011-12-11
⋅
Open Security Research
⋅
Intro. To Reversing - W32Pinkslipbot QakBot |
2011-05-25
⋅
Contagio Dump
⋅
W32.Qakbot aka W32/Pinkslipbot or infostealer worm QakBot |
2010-10-25
⋅
RSA
⋅
Businesses Beware: Qakbot Spreads like a Worm, Stings like a Trojan QakBot |
2010-05-11
⋅
Symantec
⋅
Qakbot, Data Thief Unmasked: Part I QakBot |
2010-04-22
⋅
Symantec
⋅
Qakbot Steals 2GB of Confidential Data per Week QakBot |
2009-12-22
⋅
Symantec
⋅
Qakbot, Data Thief Unmasked: Part II QakBot |
2009-05-07
⋅
Symantec
⋅
W32.Qakbot QakBot |