Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-20NVISO LabsMaxime Thiebaut
@online{thiebaut:20230320:icedids:78b47a7, author = {Maxime Thiebaut}, title = {{IcedID’s VNC Backdoors: Dark Cat, Anubis & Keyhole}}, date = {2023-03-20}, organization = {NVISO Labs}, url = {https://blog.nviso.eu/2023/03/20/icedids-vnc-backdoors-dark-cat-anubis-keyhole/}, language = {English}, urldate = {2023-03-21} } IcedID’s VNC Backdoors: Dark Cat, Anubis & Keyhole
IcedID
2022-07-20NVISO LabsSasja Reynaert
@online{reynaert:20220720:analysis:7a5093f, author = {Sasja Reynaert}, title = {{Analysis of a trojanized jQuery script: GootLoader unleashed}}, date = {2022-07-20}, organization = {NVISO Labs}, url = {https://blog.nviso.eu/2022/07/20/analysis-of-a-trojanized-jquery-script-gootloader-unleashed/}, language = {English}, urldate = {2022-07-25} } Analysis of a trojanized jQuery script: GootLoader unleashed
GootLoader Cobalt Strike
2022-04-06nvisoDidier Stevens
@online{stevens:20220406:analyzing:b173385, author = {Didier Stevens}, title = {{Analyzing a “multilayer” Maldoc: A Beginner’s Guide}}, date = {2022-04-06}, organization = {nviso}, url = {https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/}, language = {English}, urldate = {2022-04-15} } Analyzing a “multilayer” Maldoc: A Beginner’s Guide
404 Keylogger
2022-03-23NVISO LabsBart Parys
@online{parys:20220323:hunting:1610697, author = {Bart Parys}, title = {{Hunting Emotet campaigns with Kusto}}, date = {2022-03-23}, organization = {NVISO Labs}, url = {https://blog.nviso.eu/2022/03/23/hunting-emotet-campaigns-with-kusto/}, language = {English}, urldate = {2022-03-24} } Hunting Emotet campaigns with Kusto
Emotet
2022-03-22NVISO LabsDidier Stevens
@online{stevens:20220322:cobalt:fdf35ba, author = {Didier Stevens}, title = {{Cobalt Strike: Overview – Part 7}}, date = {2022-03-22}, organization = {NVISO Labs}, url = {https://blog.nviso.eu/2022/03/22/cobalt-strike-overview-part-7/}, language = {English}, urldate = {2022-03-23} } Cobalt Strike: Overview – Part 7
Cobalt Strike
2022-02-24nvisoMichel Coene
@online{coene:20220224:threat:f0dba09, author = {Michel Coene}, title = {{Threat Update – Ukraine & Russia conflict}}, date = {2022-02-24}, organization = {nviso}, url = {https://blog.nviso.eu/2022/02/24/threat-update-ukraine-russia-tensions/}, language = {English}, urldate = {2022-03-01} } Threat Update – Ukraine & Russia conflict
EternalPetya GreyEnergy HermeticWiper Industroyer KillDisk WhisperGate
2021-11-17nvisoDidier Stevens
@online{stevens:20211117:cobalt:0b6ecf5, author = {Didier Stevens}, title = {{Cobalt Strike: Decrypting Obfuscated Traffic – Part 4}}, date = {2021-11-17}, organization = {nviso}, url = {https://blog.nviso.eu/2021/11/17/cobalt-strike-decrypting-obfuscated-traffic-part-4/}, language = {English}, urldate = {2021-11-18} } Cobalt Strike: Decrypting Obfuscated Traffic – Part 4
Cobalt Strike
2021-11-03nvisoDidier Stevens
@online{stevens:20211103:cobalt:8f8223d, author = {Didier Stevens}, title = {{Cobalt Strike: Using Process Memory To Decrypt Traffic – Part 3}}, date = {2021-11-03}, organization = {nviso}, url = {https://blog.nviso.eu/2021/11/03/cobalt-strike-using-process-memory-to-decrypt-traffic-part-3/}, language = {English}, urldate = {2021-11-08} } Cobalt Strike: Using Process Memory To Decrypt Traffic – Part 3
Cobalt Strike
2021-10-27nvisoDidier Stevens
@online{stevens:20211027:cobalt:b91181a, author = {Didier Stevens}, title = {{Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 2}}, date = {2021-10-27}, organization = {nviso}, url = {https://blog.nviso.eu/2021/10/27/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-2/}, language = {English}, urldate = {2021-11-03} } Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 2
Cobalt Strike
2021-10-21nvisoDidier Stevens
@online{stevens:20211021:cobalt:bfc8702, author = {Didier Stevens}, title = {{Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1}}, date = {2021-10-21}, organization = {nviso}, url = {https://blog.nviso.eu/2021/10/21/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-1/}, language = {English}, urldate = {2021-10-26} } Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1
Cobalt Strike
2021-10-04nvisoMaxime Thiebaut
@online{thiebaut:20211004:phish:4270c8c, author = {Maxime Thiebaut}, title = {{Phish, Phished, Phisher: A Quick Peek Inside a Telegram Harvester}}, date = {2021-10-04}, organization = {nviso}, url = {https://blog.nviso.eu/2021/10/04/phish-phished-phisher-a-quick-peek-inside-a-telegram-harvester/}, language = {English}, urldate = {2021-10-11} } Phish, Phished, Phisher: A Quick Peek Inside a Telegram Harvester
2021-09-02nvisoMaxime Thiebaut
@online{thiebaut:20210902:anatomy:7db38c7, author = {Maxime Thiebaut}, title = {{Anatomy and Disruption of Metasploit Shellcode}}, date = {2021-09-02}, organization = {nviso}, url = {https://blog.nviso.eu/2021/09/02/anatomy-and-disruption-of-metasploit-shellcode/}, language = {English}, urldate = {2021-09-06} } Anatomy and Disruption of Metasploit Shellcode
2021-05-11nvisoJeroen Beckers
@online{beckers:20210511:android:4e1e946, author = {Jeroen Beckers}, title = {{Android overlay attacks on Belgian financial applications}}, date = {2021-05-11}, organization = {nviso}, url = {https://blog.nviso.eu/2021/05/11/android-overlay-attacks-on-belgian-financial-applications/}, language = {English}, urldate = {2021-05-13} } Android overlay attacks on Belgian financial applications
Anatsa
2021-04-26nvisoMaxime Thiebaut
@online{thiebaut:20210426:anatomy:0ade0a5, author = {Maxime Thiebaut}, title = {{Anatomy of Cobalt Strike’s DLL Stager}}, date = {2021-04-26}, organization = {nviso}, url = {https://blog.nviso.eu/2021/04/26/anatomy-of-cobalt-strike-dll-stagers/}, language = {English}, urldate = {2021-04-29} } Anatomy of Cobalt Strike’s DLL Stager
Cobalt Strike
2021-04-19nvisoJeroen Beckers
@online{beckers:20210419:how:60ec572, author = {Jeroen Beckers}, title = {{How to analyze mobile malware: a Cabassous/FluBot Case study}}, date = {2021-04-19}, organization = {nviso}, url = {https://blog.nviso.eu/2021/04/19/how-to-analyze-mobile-malware-a-cabassous-flubot-case-study/}, language = {English}, urldate = {2021-04-28} } How to analyze mobile malware: a Cabassous/FluBot Case study
FluBot
2020-09-01nvisoDidier Stevens, Maxime Thiebaut, Dries Boone, Bart Parys, Michel Coene
@online{stevens:20200901:epic:038897f, author = {Didier Stevens and Maxime Thiebaut and Dries Boone and Bart Parys and Michel Coene}, title = {{Epic Manchego – atypical maldoc delivery brings flurry of infostealers}}, date = {2020-09-01}, organization = {nviso}, url = {https://blog.nviso.eu/2020/09/01/epic-manchego-atypical-maldoc-delivery-brings-flurry-of-infostealers/}, language = {English}, urldate = {2020-09-01} } Epic Manchego – atypical maldoc delivery brings flurry of infostealers
Azorult NjRAT
2019-06-01Twitter (@r3c0nst)Frank Boldewin
@online{boldewin:20190601:atm:7c1d0c2, author = {Frank Boldewin}, title = {{Tweet on ATM Malware NVISOSPIT}}, date = {2019-06-01}, organization = {Twitter (@r3c0nst)}, url = {https://twitter.com/r3c0nst/status/1135606944427905025}, language = {English}, urldate = {2019-11-26} } Tweet on ATM Malware NVISOSPIT
NVISOSPIT
2019-06-01Twitter (@Bank_Security)Bank_Security
@online{banksecurity:20190601:new:3ddfbf1, author = {Bank_Security}, title = {{New ATM Malware NVISOSPIT}}, date = {2019-06-01}, organization = {Twitter (@Bank_Security)}, url = {https://twitter.com/Bank_Security/status/1134850646413385728}, language = {English}, urldate = {2019-11-17} } New ATM Malware NVISOSPIT
NVISOSPIT
2014nvisoErik Van Buggenhout
@techreport{buggenhout:2014:history:049d4d1, author = {Erik Van Buggenhout}, title = {{A history of ATM violence}}, date = {2014}, institution = {nviso}, url = {http://www.isg.rhul.ac.uk/dl/weekendconference2014/slides/Erik_VanBuggenhout.pdf}, language = {English}, urldate = {2020-01-08} } A history of ATM violence
NVISOSPIT