Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-25CrowdStrikeJamie Harris
@online{harris:20220525:hunting:48d53ea, author = {Jamie Harris}, title = {{Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun}}, date = {2022-05-25}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-to-hunt-for-decisivearchitect-and-justforfun-implant/}, language = {English}, urldate = {2022-05-29} } Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun
BPFDoor
2021-10-19CrowdStrikeJamie Harris, Dan Meyer
@online{harris:20211019:lightbasin:a69fe0b, author = {Jamie Harris and Dan Meyer}, title = {{LightBasin: A Roaming Threat to Telecommunications Companies}}, date = {2021-10-19}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/}, language = {English}, urldate = {2021-10-24} } LightBasin: A Roaming Threat to Telecommunications Companies
2021-07-07ElasticJamie Butler
@online{butler:20210707:elastic:8a709bf, author = {Jamie Butler}, title = {{Elastic Security prevents 100% of REvil ransomware samples}}, date = {2021-07-07}, organization = {Elastic}, url = {https://www.elastic.co/blog/elastic-security-prevents-100-percent-of-revil-ransomware-samples?utm_content=&utm_medium=social&utm_source=twitter}, language = {English}, urldate = {2021-07-12} } Elastic Security prevents 100% of REvil ransomware samples
REvil
2021-03-06Click All the Things! BlogJamie Arndt
@online{arndt:20210306:oleobject1bin:22436df, author = {Jamie Arndt}, title = {{oleObject1.bin – OLe10nATive – shellcode}}, date = {2021-03-06}, organization = {Click All the Things! Blog}, url = {https://clickallthethings.wordpress.com/2021/03/06/oleobject1-bin-ole10native-shellcode/}, language = {English}, urldate = {2021-03-11} } oleObject1.bin – OLe10nATive – shellcode
CloudEyE
2021-02-02Click All the Things! BlogJamie
@online{jamie:20210202:xlsb:d82b047, author = {Jamie}, title = {{XLSB: Analyzing a Microsoft Excel Binary Spreadsheet}}, date = {2021-02-02}, organization = {Click All the Things! Blog}, url = {https://clickallthethings.wordpress.com/2021/02/02/xlsb-analyzing-a-microsoft-excel-binary-spreadsheet/}, language = {English}, urldate = {2021-02-04} } XLSB: Analyzing a Microsoft Excel Binary Spreadsheet
2021-01-26Digital ShadowsJamie Hart
@online{hart:20210126:ransomware:00b2e07, author = {Jamie Hart}, title = {{Ransomware: Analyzing the data from 2020}}, date = {2021-01-26}, organization = {Digital Shadows}, url = {https://www.digitalshadows.com/blog-and-research/ransomware-analyzing-the-data-from-2020/}, language = {English}, urldate = {2021-02-06} } Ransomware: Analyzing the data from 2020
2020-12-16Click All the Things! BlogJamie
@online{jamie:20201216:snake404:7b8d820, author = {Jamie}, title = {{Snake/404 Keylogger, BIFF, and Covering Tracks?: An unusual maldoc}}, date = {2020-12-16}, organization = {Click All the Things! Blog}, url = {https://clickallthethings.wordpress.com/2020/12/16/snake-404-keylogger-biff-and-covering-tracks-an-unusual-maldoc/}, language = {English}, urldate = {2020-12-18} } Snake/404 Keylogger, BIFF, and Covering Tracks?: An unusual maldoc
2020-12-02Kryptos LogicJamie Hankins
@online{hankins:20201202:automated:7a91425, author = {Jamie Hankins}, title = {{Automated string de-gobfuscation}}, date = {2020-12-02}, organization = {Kryptos Logic}, url = {https://www.kryptoslogic.com/blog/2020/12/automated-string-de-gobfuscation/}, language = {English}, urldate = {2020-12-08} } Automated string de-gobfuscation
Blackrota
2020-09-24Click All the Things! BlogJamie Arndt
@online{arndt:20200924:zloader:ad8bf21, author = {Jamie Arndt}, title = {{zLoader XLM Update: Macro code and behavior change}}, date = {2020-09-24}, organization = {Click All the Things! Blog}, url = {https://clickallthethings.wordpress.com/2020/09/21/zloader-xlm-update-macro-code-and-behavior-change/}, language = {English}, urldate = {2020-09-25} } zLoader XLM Update: Macro code and behavior change
Zloader
2020-06-19Click All the Things! BlogJamie
@online{jamie:20200619:zloader:dd6729d, author = {Jamie}, title = {{zloader: VBA, R1C1 References, and Other Tomfoolery}}, date = {2020-06-19}, organization = {Click All the Things! Blog}, url = {https://clickallthethings.wordpress.com/2020/06/19/zloader-vba-r1c1-references-and-other-tomfoolery/}, language = {English}, urldate = {2020-06-21} } zloader: VBA, R1C1 References, and Other Tomfoolery
Zloader
2020-05-25ElasticBrent Murphy, David French, Jamie Butler
@online{murphy:20200525:elastic:a743893, author = {Brent Murphy and David French and Jamie Butler}, title = {{The Elastic Guide to Threat Hunting}}, date = {2020-05-25}, organization = {Elastic}, url = {https://www.elastic.co/pdf/elastic-guide-to-threat-hunting}, language = {English}, urldate = {2020-06-08} } The Elastic Guide to Threat Hunting
2020-03-31Click All the Things! BlogJamie
@online{jamie:20200331:lokibot:f927742, author = {Jamie}, title = {{LokiBot: Getting Equation Editor Shellcode}}, date = {2020-03-31}, organization = {Click All the Things! Blog}, url = {https://clickallthethings.wordpress.com/2020/03/31/lokibot-getting-equation-editor-shellcode/}, language = {English}, urldate = {2020-04-07} } LokiBot: Getting Equation Editor Shellcode
Loki Password Stealer (PWS)