Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-21Twitter (@tylabs)Twitter (@ffforward), Tyler McLellan
Twitter Thread about UNC1500 phishing using QAKBOT
QakBot
2021-11-20Twitter (@eduardfir)Eduardo Mattos
Tweet on Velociraptor artifact analysis for Emotet
Emotet
2021-11-19Twitter (@knight0x07)neeraj
Tweet on Exmatter, custom data exfiltration tool, used by Blackmatter ransomware group
ExMatter
2021-11-18Twitter (@tccontre18)Br3akp0int
Tweet on how to decrypt 4 layers of encryption & obfuscation of vjw0rm
Vjw0rm
2021-11-17Twitter (@Unit42_Intel)Unit 42
Tweet on Matanbuchus Loader used to deliver Qakbot (tag obama128b) and follow-up CobaltStrike
Cobalt Strike QakBot
2021-11-16Twitter (@_CPResearch_)Check Point Research
Tweet on 32bit version of CVE-2021-1732 exploited by BITTER group
2021-11-16Twitter (@_icebre4ker_)Fr4
Tweet about Aberebot source code put up for sale by the developer
Aberebot
2021-11-16Twitter (@kienbigmummy)m4n0w4r
Tweet on short analysis of QakBot
QakBot
2021-11-14Twitter (@f0wlsec)Marius Genheimer
A static config extractor for the main component of DanaBot
DanaBot
2021-11-12Twitter (@3xp0rtblog)3xp0rt
Tweets on DarkLoader
DarkLoader
2021-11-12Twitter (@Arkbird_SOLG)Arkbird
Tweets on Void Balaur using QuantLoader and ZStealer
QuantLoader ZStealer
2021-11-11Twitter (@aRtAGGI)Michael Raggi
Tweet on APT31 using compromised PakEdge Rk1&RE2 router IPs as exit nodes in reconnaissance phishing campaigns
2021-11-10Twitter (@ESETresearch)ESET Research
Tweet on a discovery of a trojanized IDA Pro installer, distributed by the LABYRINTH CHOLLIMA group.
2021-11-10Twitter (@billyleonard)Billy Leonard, Google Threat Analysis Group
Tweet on Rekoobe (used by APT31), being a fork of open source tool called Tiny SHell, used by different actor since at least 2012
Rekoobe
2021-11-09Twitter (@AvastThreatLabs)
Tweet by Avast on a new Android Banker they call MasterFred
MasterFred
2021-11-05Twitter (@Unit42_Intel)Unit 42
Tweet on TA551 (Shathak) BazarLoader infection with CobaltStrike and DarkVNC drops
BazarBackdoor Cobalt Strike
2021-11-05Twitter (@inversecos)inversecos
TTPs used by Pysa Ransonmware group
Mespinoza MimiKatz
2021-11-03Twitter (@Corvid_Cyber)CORVID
Tweet on a unique Qbot debugger dropped by an actor after compromise
QakBot
2021-11-02Twitter (@malwrhunterteam)malwrhunterteam
Tweet on linux version of Hive Ransomware group's command to shut down ESXI VMs
Hive
2021-10-29Twitter (@ESETresearch)ESET Research
Tweet on FreeBSD and LInux version of Hive ransomware
Hive