Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-04-06SpamhausRaashid Bhat
@online{bhat:20230406:neutralizing:c151309, author = {Raashid Bhat}, title = {{Neutralizing Tofsee Spambot – Part 3 | Network-based kill switch}}, date = {2023-04-06}, organization = {Spamhaus}, url = {https://www.spamhaus.com/resource-center/neutralizing-tofsee-spambot-part-3-network-based-kill-switch/}, language = {English}, urldate = {2023-04-14} } Neutralizing Tofsee Spambot – Part 3 | Network-based kill switch
Tofsee
2023-04-06SpamhausRaashid Bhat
@online{bhat:20230406:neutralizing:fb399f6, author = {Raashid Bhat}, title = {{Neutralizing Tofsee Spambot – Part 2 | InMemoryConfig store vaccine}}, date = {2023-04-06}, organization = {Spamhaus}, url = {https://www.spamhaus.com/resource-center/neutralizing-tofsee-spambot-part-2-inmemoryconfig-store-vaccine/}, language = {English}, urldate = {2023-04-08} } Neutralizing Tofsee Spambot – Part 2 | InMemoryConfig store vaccine
Tofsee
2023-04-06SpamhausRaashid Bhat
@online{bhat:20230406:neutralizing:fe6fd3b, author = {Raashid Bhat}, title = {{Neutralizing Tofsee Spambot – Part 1 | Binary file vaccine}}, date = {2023-04-06}, organization = {Spamhaus}, url = {https://www.spamhaus.com/resource-center/neutralizing-tofsee-spambot-part-1-binary-file-vaccine/}, language = {English}, urldate = {2023-04-08} } Neutralizing Tofsee Spambot – Part 1 | Binary file vaccine
Tofsee
2022-10-12SpamhausRaashid Bhat
@online{bhat:20221012:dissecting:b1921fe, author = {Raashid Bhat}, title = {{Dissecting the new shellcode-based variant of GuLoader (CloudEyE)}}, date = {2022-10-12}, organization = {Spamhaus}, url = {https://www.spamhaus.com/resource-center/dissecting-the-new-shellcode-based-variant-of-guloader-cloudeye/}, language = {English}, urldate = {2022-10-14} } Dissecting the new shellcode-based variant of GuLoader (CloudEyE)
CloudEyE
2020-04-22Youtube (Infosec Alpha)Raashid Bhat
@online{bhat:20200422:flattenthecurve:0bdf5a3, author = {Raashid Bhat}, title = {{FlattenTheCurve - Emotet Control Flow Unflattening | Episode 2}}, date = {2020-04-22}, organization = {Youtube (Infosec Alpha)}, url = {https://www.youtube.com/watch?v=8PHCZdpNKrw}, language = {English}, urldate = {2020-04-23} } FlattenTheCurve - Emotet Control Flow Unflattening | Episode 2
Emotet
2020-03-31Youtube (Infosec Alpha)Raashid Bhat
@online{bhat:20200331:emotet:50264e0, author = {Raashid Bhat}, title = {{Emotet Binary Deobfuscation | Coconut Paradise | Episode 1}}, date = {2020-03-31}, organization = {Youtube (Infosec Alpha)}, url = {https://www.youtube.com/watch?v=_mGMJFNJWSk}, language = {English}, urldate = {2020-04-23} } Emotet Binary Deobfuscation | Coconut Paradise | Episode 1
Emotet
2020-03-11Twitter (@raashidbhatt)Raashid Bhat
@online{bhat:20200311:emotet:c178008, author = {Raashid Bhat}, title = {{Tweet on Emotet Deobfuscation with Video}}, date = {2020-03-11}, organization = {Twitter (@raashidbhatt)}, url = {https://twitter.com/raashidbhatt/status/1237853549200936960}, language = {English}, urldate = {2020-03-13} } Tweet on Emotet Deobfuscation with Video
Emotet
2019-07-30int 0xcc blogRaashid Bhat
@online{bhat:20190730:practical:d049779, author = {Raashid Bhat}, title = {{Practical Threat Hunting and Incidence Response : A Case of A Pony Malware Infection}}, date = {2019-07-30}, organization = {int 0xcc blog}, url = {https://int0xcc.svbtle.com/practical-threat-hunting-and-incidence-response-a-case-of-a-pony-malware-infection}, language = {English}, urldate = {2020-01-08} } Practical Threat Hunting and Incidence Response : A Case of A Pony Malware Infection
Pony
2019-04-22int 0xcc blogRaashid Bhat
@online{bhat:20190422:dissecting:ffba987, author = {Raashid Bhat}, title = {{Dissecting Emotet’s network communication protocol}}, date = {2019-04-22}, organization = {int 0xcc blog}, url = {https://int0xcc.svbtle.com/dissecting-emotet-s-network-communication-protocol}, language = {English}, urldate = {2020-01-06} } Dissecting Emotet’s network communication protocol
Emotet
2018-09-18int 0xcc blogRaashid Bhat
@online{bhat:20180918:taste:e7dd98d, author = {Raashid Bhat}, title = {{A taste of our own medicine: How SmokeLoader is deceiving configuration extraction by using binary code as bait}}, date = {2018-09-18}, organization = {int 0xcc blog}, url = {https://int0xcc.svbtle.com/a-taste-of-our-own-medicine-how-smokeloader-is-deceiving-dynamic-configuration-extraction-by-using-binary-code-as-bait}, language = {English}, urldate = {2020-01-10} } A taste of our own medicine: How SmokeLoader is deceiving configuration extraction by using binary code as bait
SmokeLoader
2018-09-06int 0xcc blogRaashid Bhat
@online{bhat:20180906:dissecting:8c82fb5, author = {Raashid Bhat}, title = {{Dissecting DEloader malware with obfuscation}}, date = {2018-09-06}, organization = {int 0xcc blog}, url = {https://int0xcc.svbtle.com/dissecting-obfuscated-deloader-malware}, language = {English}, urldate = {2020-01-06} } Dissecting DEloader malware with obfuscation
Zloader
2017-02-22PhishLabsRaashid Bhat
@online{bhat:20170222:dissecting:8124914, author = {Raashid Bhat}, title = {{Dissecting the Qadars Banking Trojan}}, date = {2017-02-22}, organization = {PhishLabs}, url = {https://info.phishlabs.com/blog/dissecting-the-qadars-banking-trojan}, language = {English}, urldate = {2019-12-20} } Dissecting the Qadars Banking Trojan
Qadars
2016-02-01BluelivRaashid Bhat
@online{bhat:20160201:tracking:f5fa1f1, author = {Raashid Bhat}, title = {{Tracking the footprints of PushDo Trojan}}, date = {2016-02-01}, organization = {Blueliv}, url = {https://www.blueliv.com/research/tracking-the-footproints-of-pushdo-trojan/}, language = {English}, urldate = {2019-11-20} } Tracking the footprints of PushDo Trojan
Pushdo