Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-12-09InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20201209:recent:0992506, author = {Brad Duncan}, title = {{Recent Qakbot (Qbot) activity}}, date = {2020-12-09}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/26862}, language = {English}, urldate = {2020-12-10} } Recent Qakbot (Qbot) activity
Cobalt Strike QakBot
2020-11-03InfoSec Handlers Diary BlogRenato Marinho
@online{marinho:20201103:attackers:9b3762b, author = {Renato Marinho}, title = {{Attackers Exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike}}, date = {2020-11-03}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/26752}, language = {English}, urldate = {2020-11-06} } Attackers Exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike
Cobalt Strike
2020-05-31InfoSec Handlers Diary BlogRenato Marinho
@online{marinho:20200531:guildma:0cad27c, author = {Renato Marinho}, title = {{Guildma is now using Finger and Signed Binary Proxy Execution to evade defenses}}, date = {2020-05-31}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/27482}, language = {English}, urldate = {2021-06-09} } Guildma is now using Finger and Signed Binary Proxy Execution to evade defenses
Astaroth
2020-05-23InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20200523:agenttesla:eba0b0c, author = {Xavier Mertens}, title = {{AgentTesla Delivered via a Malicious PowerPoint Add-In}}, date = {2020-05-23}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/}, language = {English}, urldate = {2020-05-27} } AgentTesla Delivered via a Malicious PowerPoint Add-In
Agent Tesla
2020-04-12InfoSec Handlers Diary BlogVinnie
@online{vinnie:20200412:dynamic:191820f, author = {Vinnie}, title = {{Dynamic analysis technique to get decrypted KPOT Malware}}, date = {2020-04-12}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/26010}, language = {English}, urldate = {2020-04-26} } Dynamic analysis technique to get decrypted KPOT Malware
KPOT Stealer
2019-08-26InfoSec Handlers Diary BlogDidier Stevens
@online{stevens:20190826:daa:afd346d, author = {Didier Stevens}, title = {{The DAA File Format}}, date = {2019-08-26}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/The+DAA+File+Format/25246}, language = {English}, urldate = {2021-07-26} } The DAA File Format
2019-07-11InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20190711:recent:bd25d5a, author = {Brad Duncan}, title = {{Recent AZORult activity}}, date = {2019-07-11}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/25120}, language = {English}, urldate = {2020-01-10} } Recent AZORult activity
Azorult
2018-03-07InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20180307:ransomware:504a693, author = {Brad Duncan}, title = {{Ransomware news: GlobeImposter gets a facelift, GandCrab is still out there}}, date = {2018-03-07}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/23417}, language = {English}, urldate = {2020-01-06} } Ransomware news: GlobeImposter gets a facelift, GandCrab is still out there
Gandcrab GlobeImposter
2017-09-05InfoSec Handlers Diary BlogJohannes Ullrich
@online{ullrich:20170905:mirai:ab11796, author = {Johannes Ullrich}, title = {{The Mirai Botnet: A Look Back and Ahead At What's Next}}, date = {2017-09-05}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/22786}, language = {English}, urldate = {2020-01-06} } The Mirai Botnet: A Look Back and Ahead At What's Next
2017-08-29InfoSec Handlers Diary BlogRenato Marinho
@online{marinho:20170829:second:582ba7f, author = {Renato Marinho}, title = {{Second Google Chrome Extension Banker Malware in Two Weeks}}, date = {2017-08-29}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/22766}, language = {English}, urldate = {2020-01-08} } Second Google Chrome Extension Banker Malware in Two Weeks
IDKEY
2017-07-08InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20170708:vbscript:e2baa5d, author = {Xavier Mertens}, title = {{A VBScript with Obfuscated Base64 Data}}, date = {2017-07-08}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/22590}, language = {English}, urldate = {2020-01-13} } A VBScript with Obfuscated Base64 Data
Revenge RAT
2009-11-03InfoSec Handlers Diary BlogBojan Zdrnja
@online{zdrnja:20091103:opachki:96e78eb, author = {Bojan Zdrnja}, title = {{Opachki, from (and to) Russia with love}}, date = {2009-11-03}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/Opachki%2C+from+%28and+to%29+Russia+with+love/7519}, language = {English}, urldate = {2020-01-06} } Opachki, from (and to) Russia with love
Opachki