Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2024-03-07Malware Traffic AnalysisBrad Duncan
2024-03-07 (THURSDAY): LATRODECTUS INFECTION LEADS TO LUMMA STEALER
Latrodectus Lumma Stealer
2024-01-19paloalto Networks Unit 42Ben Zhang, Billy Melicher, Bo Qu, Brad Duncan, Qi Deng, Zhanglin He
Parrot TDS: A Persistent and Evolving Malware Campaign
Parrot TDS Parrot TDS WebShell
2023-10-03Malware Traffic AnalysisBrad Duncan
2023-10-03 (Tuesday) - PikaBot infection with Cobalt Strike
Cobalt Strike Pikabot
2023-06-05Malware Traffic AnalysisBrad Duncan
30 DAYS OF FORMBOOK: DAY 1, MONDAY 2023-06-05
Formbook
2023-05-30SANS ISCBrad Duncan
Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT
DBatLoader
2023-05-30Palo Alto Networks Unit 42Brad Duncan
Cold as Ice: Answers to Unit 42 Wireshark Quiz for IcedID
IcedID PhotoLoader
2023-04-12InfoSec Handlers Diary BlogBrad Duncan
Recent IcedID (Bokbot) activity
IcedID PhotoLoader
2023-04-12SANS ISCBrad Duncan
Recent IcedID (Bokbot) activity
IcedID
2023-01-18SANS ISCBrad Duncan
Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware
Aurora Stealer
2023-01-03Malware Traffic AnalysisBrad Duncan
2023-01-03 (TUESDAY) - GOOGLE AD --> FAKE NOTPAD++ PAGE --> RHADAMANTHYS STEALER
Rhadamanthys
2022-12-15ISCBrad Duncan
Google ads lead to fake software pages pushing IcedID (Bokbot)
IcedID
2022-08-19SANS ISCBrad Duncan
Brazil malspam pushes Astaroth (Guildma) malware
Astaroth
2022-08-12SANS ISCBrad Duncan
Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike
Cobalt Strike DarkVNC IcedID
2022-08-03Palo Alto Networks Unit 42Brad Duncan
Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware
BazarBackdoor BumbleBee Cobalt Strike Conti
2022-07-27SANS ISCBrad Duncan
IcedID (Bokbot) with Dark VNC and Cobalt Strike
DarkVNC IcedID
2022-07-07SANS ISCBrad Duncan
Emotet infection with Cobalt Strike
Cobalt Strike Emotet
2022-06-17SANS ISCBrad Duncan
Malspam pushes Matanbuchus malware, leads to Cobalt Strike
Cobalt Strike Matanbuchus
2022-06-09InfoSec Handlers Diary BlogBrad Duncan
TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
QakBot
2022-05-19InfoSec Handlers Diary BlogBrad Duncan
Bumblebee Malware from TransferXL URLs
BumbleBee Cobalt Strike
2022-05-19InfoSec Handlers Diary BlogBrad Duncan
Bumblebee Malware from TransferXL URLs
BumbleBee Cobalt Strike