Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-08-10TrustwaveRodel Mendrez
@online{mendrez:20230810:gootloader:ec828a1, author = {Rodel Mendrez}, title = {{Gootloader: Why your Legal Document Search May End in Misery}}, date = {2023-08-10}, organization = {Trustwave}, url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/gootloader-why-your-legal-document-search-may-end-in-misery/}, language = {English}, urldate = {2023-08-11} } Gootloader: Why your Legal Document Search May End in Misery
GootLoader
2022-12-08TrustwaveRodel Mendrez, Phil Hay, Diana Lopera
@online{mendrez:20221208:trojanized:bd135b7, author = {Rodel Mendrez and Phil Hay and Diana Lopera}, title = {{Trojanized OneNote Document Leads to Formbook Malware}}, date = {2022-12-08}, organization = {Trustwave}, url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trojanized-onenote-document-leads-to-formbook-malware/}, language = {English}, urldate = {2022-12-19} } Trojanized OneNote Document Leads to Formbook Malware
Formbook
2022-01-13TrustwaveLloyd Macrohon, Rodel Mendrez
@online{macrohon:20220113:decrypting:274747e, author = {Lloyd Macrohon and Rodel Mendrez}, title = {{Decrypting Qakbot’s Encrypted Registry Keys}}, date = {2022-01-13}, organization = {Trustwave}, url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/decrypting-qakbots-encrypted-registry-keys/}, language = {English}, urldate = {2022-01-25} } Decrypting Qakbot’s Encrypted Registry Keys
QakBot
2021-10-15TrustwaveRodel Mendrez, Lloyd Macrohon
@online{mendrez:20211015:blackbyte:4dfd5aa, author = {Rodel Mendrez and Lloyd Macrohon}, title = {{BlackByte Ransomware – Pt. 1 In-depth Analysis}}, date = {2021-10-15}, organization = {Trustwave}, url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/}, language = {English}, urldate = {2021-11-03} } BlackByte Ransomware – Pt. 1 In-depth Analysis
2021-10-15TrustwaveRodel Mendrez, Lloyd Macrohon
@online{mendrez:20211015:blackbyte:22439d3, author = {Rodel Mendrez and Lloyd Macrohon}, title = {{BlackByte Ransomware – Pt 2. Code Obfuscation Analysis}}, date = {2021-10-15}, organization = {Trustwave}, url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-2-code-obfuscation-analysis/}, language = {English}, urldate = {2021-11-03} } BlackByte Ransomware – Pt 2. Code Obfuscation Analysis
2021-07-07TrustwaveRodel Mendrez, Nikita Kazymirskyi
@online{mendrez:20210707:diving:1c04c81, author = {Rodel Mendrez and Nikita Kazymirskyi}, title = {{Diving Deeper Into the Kaseya VSA Attack: REvil Returns and Other Hackers Are Riding Their Coattails}}, date = {2021-07-07}, organization = {Trustwave}, url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/diving-deeper-into-the-kaseya-vsa-attack-revil-returns-and-other-hackers-are-riding-their-coattails/}, language = {English}, urldate = {2021-07-09} } Diving Deeper Into the Kaseya VSA Attack: REvil Returns and Other Hackers Are Riding Their Coattails
Cobalt Strike REvil
2021-05-04TrustwaveLloyd Macrohon, Rodel Mendrez
@online{macrohon:20210504:pingback:4988e88, author = {Lloyd Macrohon and Rodel Mendrez}, title = {{Pingback: Backdoor At The End Of The ICMP Tunnel}}, date = {2021-05-04}, organization = {Trustwave}, url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/backdoor-at-the-end-of-the-icmp-tunnel/}, language = {English}, urldate = {2021-05-04} } Pingback: Backdoor At The End Of The ICMP Tunnel
PingBack
2021-02-12TrustwaveRodel Mendrez, Diana Lopera
@online{mendrez:20210212:many:560778f, author = {Rodel Mendrez and Diana Lopera}, title = {{The Many Roads Leading To Agent Tesla}}, date = {2021-02-12}, organization = {Trustwave}, url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-many-roads-leading-to-agent-tesla/}, language = {English}, urldate = {2021-02-18} } The Many Roads Leading To Agent Tesla
Agent Tesla
2020-07-11TrustwavePeter Evans, Rodel Mendrez
@online{evans:20200711:injecting:3d78e32, author = {Peter Evans and Rodel Mendrez}, title = {{Injecting Magecart into Magento Global Config}}, date = {2020-07-11}, organization = {Trustwave}, url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/injecting-magecart-into-magento-global-config/}, language = {English}, urldate = {2020-07-15} } Injecting Magecart into Magento Global Config
magecart
2020-06-22TrustwaveRodel Mendrez
@online{mendrez:20200622:pillowmint:c696f56, author = {Rodel Mendrez}, title = {{Pillowmint: FIN7’s Monkey Thief}}, date = {2020-06-22}, organization = {Trustwave}, url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/pillowmint-fin7s-monkey-thief/}, language = {English}, urldate = {2020-06-24} } Pillowmint: FIN7’s Monkey Thief
PILLOWMINT
2020-03-26SpiderLabs BlogAlejandro Baca, Rodel Mendrez
@online{baca:20200326:would:a184711, author = {Alejandro Baca and Rodel Mendrez}, title = {{Would You Exchange Your Security for a Gift Card?}}, date = {2020-03-26}, organization = {SpiderLabs Blog}, url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/would-you-exchange-your-security-for-a-gift-card/}, language = {English}, urldate = {2020-03-30} } Would You Exchange Your Security for a Gift Card?
Griffon
2019-12-20TrustwaveRodel Mendrez
@online{mendrez:20191220:undressing:1412c9a, author = {Rodel Mendrez}, title = {{Undressing the REvil}}, date = {2019-12-20}, organization = {Trustwave}, url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/undressing-the-revil/}, language = {English}, urldate = {2021-07-09} } Undressing the REvil
REvil
2019-04-05TrustwavePhil Hay, Rodel Mendrez
@online{hay:20190405:spammed:82cb5e3, author = {Phil Hay and Rodel Mendrez}, title = {{Spammed PNG file hides LokiBot}}, date = {2019-04-05}, organization = {Trustwave}, url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/spammed-png-file-hides-lokibot/}, language = {English}, urldate = {2022-08-15} } Spammed PNG file hides LokiBot
Loki Password Stealer (PWS)
2016-07-01SpiderLabs BlogRodel Mendrez
@online{mendrez:20160701:how:0434028, author = {Rodel Mendrez}, title = {{How I Cracked a Keylogger and Ended Up in Someone's Inbox}}, date = {2016-07-01}, organization = {SpiderLabs Blog}, url = {https://www.trustwave.com/Resources/SpiderLabs-Blog/How-I-Cracked-a-Keylogger-and-Ended-Up-in-Someone-s-Inbox/}, language = {English}, urldate = {2019-07-11} } How I Cracked a Keylogger and Ended Up in Someone's Inbox
HawkEye Keylogger
2015-09-23SpiderLabs BlogRodel Mendrez
@online{mendrez:20150923:quaverse:9d9d163, author = {Rodel Mendrez}, title = {{Quaverse RAT: Remote-Access-as-a-Service}}, date = {2015-09-23}, organization = {SpiderLabs Blog}, url = {https://www.trustwave.com/Resources/SpiderLabs-Blog/Quaverse-RAT--Remote-Access-as-a-Service/}, language = {English}, urldate = {2020-01-06} } Quaverse RAT: Remote-Access-as-a-Service
QRat
2009-03-17Marshal8e6Rodel Mendrez
@online{mendrez:20090317:gheg:9c244e1, author = {Rodel Mendrez}, title = {{Gheg spambot}}, date = {2009-03-17}, organization = {Marshal8e6}, url = {https://web.archive.org/web/20090428005953/http://www.marshal8e6.com/trace/i/Gheg,spambot.897~.asp}, language = {English}, urldate = {2023-03-16} } Gheg spambot
Tofsee