Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-20SANS ISCXavier Mertens
@online{mertens:20220520:zip:eb3e2f6, author = {Xavier Mertens}, title = {{A 'Zip Bomb' to Bypass Security Controls & Sandboxes}}, date = {2022-05-20}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/A+Zip+Bomb+to+Bypass+Security+Controls+Sandboxes/28670/}, language = {English}, urldate = {2022-05-25} } A 'Zip Bomb' to Bypass Security Controls & Sandboxes
BitRAT
2022-05-11SANS ISCBrad Duncan
@online{duncan:20220511:ta578:2128ae0, author = {Brad Duncan}, title = {{TA578 using thread-hijacked emails to push ISO files for Bumblebee malware}}, date = {2022-05-11}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/28636}, language = {English}, urldate = {2022-05-17} } TA578 using thread-hijacked emails to push ISO files for Bumblebee malware
BumbleBee
2022-04-25SANS ISCXavier Mertens
@online{mertens:20220425:simple:cf5a852, author = {Xavier Mertens}, title = {{Simple PDF Linking to Malicious Content}}, date = {2022-04-25}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Simple+PDF+Linking+to+Malicious+Content/28582/}, language = {English}, urldate = {2022-04-25} } Simple PDF Linking to Malicious Content
2022-04-20SANS ISCBrad Duncan
@online{duncan:20220420:aa:eb304fb, author = {Brad Duncan}, title = {{'aa' distribution Qakbot (Qbot) infection with DarkVNC traffic}}, date = {2022-04-20}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/28568}, language = {English}, urldate = {2022-04-25} } 'aa' distribution Qakbot (Qbot) infection with DarkVNC traffic
QakBot
2022-03-31SANS ISCJohannes Ullrich
@online{ullrich:20220331:spring:a2ac765, author = {Johannes Ullrich}, title = {{Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965}}, date = {2022-03-31}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/28504}, language = {English}, urldate = {2022-04-04} } Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965
2022-03-25SANS ISCXavier Mertens
@online{mertens:20220325:xlsb:21fdeaf, author = {Xavier Mertens}, title = {{XLSB Files: Because Binary is Stealthier Than XML}}, date = {2022-03-25}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/XLSB+Files+Because+Binary+is+Stealthier+Than+XML/28476/}, language = {English}, urldate = {2022-03-25} } XLSB Files: Because Binary is Stealthier Than XML
QakBot
2022-03-16SANS ISCBrad Duncan
@online{duncan:20220316:qakbot:7fe703f, author = {Brad Duncan}, title = {{Qakbot infection with Cobalt Strike and VNC activity}}, date = {2022-03-16}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike+and+VNC+activity/28448/}, language = {English}, urldate = {2022-03-17} } Qakbot infection with Cobalt Strike and VNC activity
Cobalt Strike QakBot
2022-02-18SANS ISCXavier Mertens
@online{mertens:20220218:remcos:c302a64, author = {Xavier Mertens}, title = {{Remcos RAT Delivered Through Double Compressed Archive}}, date = {2022-02-18}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Remcos+RAT+Delivered+Through+Double+Compressed+Archive/28354/}, language = {English}, urldate = {2022-02-18} } Remcos RAT Delivered Through Double Compressed Archive
Remcos
2022-02-11blog.rootshell.beXavier Mertens
@online{mertens:20220211:sans:7273063, author = {Xavier Mertens}, title = {{[SANS ISC] CinaRAT Delivered Through HTML ID Attributes}}, date = {2022-02-11}, organization = {blog.rootshell.be}, url = {https://blog.rootshell.be/2022/02/11/sans-isc-cinarat-delivered-through-html-id-attributes/}, language = {English}, urldate = {2022-02-14} } [SANS ISC] CinaRAT Delivered Through HTML ID Attributes
Quasar RAT
2022-01-25SANS ISCBrad Duncan
@online{duncan:20220125:emotet:9c62525, author = {Brad Duncan}, title = {{Emotet Stops Using 0.0.0.0 in Spambot Traffic}}, date = {2022-01-25}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Emotet+Stops+Using+0000+in+Spambot+Traffic/28270/}, language = {English}, urldate = {2022-02-01} } Emotet Stops Using 0.0.0.0 in Spambot Traffic
Emotet
2022-01-20SANS ISC InfoSec ForumsXavier Mertens
@online{mertens:20220120:redline:87c27db, author = {Xavier Mertens}, title = {{RedLine Stealer Delivered Through FTP}}, date = {2022-01-20}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/RedLine+Stealer+Delivered+Through+FTP/28258/}, language = {English}, urldate = {2022-01-24} } RedLine Stealer Delivered Through FTP
RedLine Stealer
2022-01-20blog.rootshell.beXavier Mertens
@online{mertens:20220120:sans:bc9b319, author = {Xavier Mertens}, title = {{[SANS ISC] RedLine Stealer Delivered Through FTP}}, date = {2022-01-20}, organization = {blog.rootshell.be}, url = {https://blog.rootshell.be/2022/01/20/sans-isc-redline-stealer-delivered-through-ftp/}, language = {English}, urldate = {2022-02-01} } [SANS ISC] RedLine Stealer Delivered Through FTP
RedLine Stealer
2021-12-03SANS ISC InfoSec ForumsBrad Duncan
@online{duncan:20211203:ta551:f71be57, author = {Brad Duncan}, title = {{TA551 (Shathak) pushes IcedID (Bokbot)}}, date = {2021-12-03}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/TA551+Shathak+pushes+IcedID+Bokbot/28092/}, language = {English}, urldate = {2021-12-06} } TA551 (Shathak) pushes IcedID (Bokbot)
IcedID
2020-11-19SANS ISC InfoSec ForumsXavier Mertens
@online{mertens:20201119:powershell:72b44bf, author = {Xavier Mertens}, title = {{PowerShell Dropper Delivering Formbook}}, date = {2020-11-19}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/diary/26806}, language = {English}, urldate = {2020-11-19} } PowerShell Dropper Delivering Formbook
Formbook
2020-10-26SANS ISC InfoSec ForumsDidier Stevens
@online{stevens:20201026:excel:0cad0df, author = {Didier Stevens}, title = {{Excel 4 Macros: "Abnormal Sheet Visibility"}}, date = {2020-10-26}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/diary/rss/26726}, language = {English}, urldate = {2020-11-02} } Excel 4 Macros: "Abnormal Sheet Visibility"
2020-09-10SANS ISC InfoSec ForumsBrad Duncan
@online{duncan:20200910:recent:f9e103f, author = {Brad Duncan}, title = {{Recent Dridex activity}}, date = {2020-09-10}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/Recent+Dridex+activity/26550/}, language = {English}, urldate = {2020-09-15} } Recent Dridex activity
Dridex
2020-03-23SANS ISCDidier Stevens
@online{stevens:20200323:kpot:9f080e7, author = {Didier Stevens}, title = {{KPOT Deployed via AutoIt Script}}, date = {2020-03-23}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/25934}, language = {English}, urldate = {2020-03-26} } KPOT Deployed via AutoIt Script
KPOT Stealer
2020-02-03SANS ISCJan Kopriva
@online{kopriva:20200203:analysis:c531bd3, author = {Jan Kopriva}, title = {{Analysis of a triple-encrypted AZORult downloader}}, date = {2020-02-03}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Analysis+of+a+tripleencrypted+AZORult+downloader/25768/}, language = {English}, urldate = {2020-02-10} } Analysis of a triple-encrypted AZORult downloader
Azorult
2020-01-23SANS ISC InfoSec ForumsBrad Duncan
@online{duncan:20200123:german:2c867b2, author = {Brad Duncan}, title = {{German language malspam pushes Ursnif}}, date = {2020-01-23}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/German+language+malspam+pushes+Ursnif/25732/}, language = {English}, urldate = {2020-01-26} } German language malspam pushes Ursnif
ISFB
2019-05-07SANS ISC InfoSec ForumsRenato
@online{renato:20190507:vulnerable:2c38a5f, author = {Renato}, title = {{Vulnerable Apache Jenkins exploited in the wild}}, date = {2019-05-07}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/Vulnerable+Apache+Jenkins+exploited+in+the+wild/24916}, language = {English}, urldate = {2020-01-10} } Vulnerable Apache Jenkins exploited in the wild
kerberods