Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-01METAMETA
@techreport{meta:20211101:october:a25f241, author = {META}, title = {{October 2021 Coordinated Inauthentic Behavior Report}}, date = {2021-11-01}, institution = {META}, url = {https://about.fb.com/wp-content/uploads/2021/11/October-2021-CIB-Report.pdf}, language = {English}, urldate = {2021-11-03} } October 2021 Coordinated Inauthentic Behavior Report
2021-09-02nvisoMaxime Thiebaut
@online{thiebaut:20210902:anatomy:7db38c7, author = {Maxime Thiebaut}, title = {{Anatomy and Disruption of Metasploit Shellcode}}, date = {2021-09-02}, organization = {nviso}, url = {https://blog.nviso.eu/2021/09/02/anatomy-and-disruption-of-metasploit-shellcode/}, language = {English}, urldate = {2021-09-06} } Anatomy and Disruption of Metasploit Shellcode
2021-09-02AhnLabASEC Analysis Team
@online{team:20210902:attacks:39695ea, author = {ASEC Analysis Team}, title = {{Attacks using metasploit meterpreter}}, date = {2021-09-02}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/26705/}, language = {Korean}, urldate = {2022-04-15} } Attacks using metasploit meterpreter
Appleseed Meterpreter
2021-08-06metabaseqMiguel Gonzalez, Jesus Dominguez
@online{gonzalez:20210806:inside:073bbcb, author = {Miguel Gonzalez and Jesus Dominguez}, title = {{Inside DarkSide, the ransomware that attacked Colonial Pipeline}}, date = {2021-08-06}, organization = {metabaseq}, url = {https://www.metabaseq.com/recursos/inside-darkside-the-ransomware-that-attacked-colonial-pipeline#}, language = {Spanish}, urldate = {2022-04-05} } Inside DarkSide, the ransomware that attacked Colonial Pipeline
DarkSide
2021-06-02Trend MicroDaniel Lunghi
@techreport{lunghi:20210602:taking:f1bdefc, author = {Daniel Lunghi}, title = {{Taking Advantage of PE Metadata, or How To Complete Your Favorite Threat Actor’s Sample Collection}}, date = {2021-06-02}, institution = {Trend Micro}, url = {https://www.sstic.org/media/SSTIC2021/SSTIC-actes/Taking_Advantage_of_PE_Metadata_or_How_To_Complete/SSTIC2021-Slides-Taking_Advantage_of_PE_Metadata_or_How_To_Complete_your_Favorite_Threat_Actor_Sample_Collection-lunghi.pdf}, language = {English}, urldate = {2021-06-09} } Taking Advantage of PE Metadata, or How To Complete Your Favorite Threat Actor’s Sample Collection
HyperSSL
2021-06-02Trend MicroDaniel Lunghi
@techreport{lunghi:20210602:taking:49c7b1f, author = {Daniel Lunghi}, title = {{Taking Advantage of PE Metadata,or How To Complete your Favorite ThreatActor’s Sample Collection (Paper)}}, date = {2021-06-02}, institution = {Trend Micro}, url = {https://www.sstic.org/media/SSTIC2021/SSTIC-actes/Taking_Advantage_of_PE_Metadata_or_How_To_Complete/SSTIC2021-Article-Taking_Advantage_of_PE_Metadata_or_How_To_Complete_your_Favorite_Threat_Actor_Sample_Collection-lunghi.pdf}, language = {English}, urldate = {2021-06-11} } Taking Advantage of PE Metadata,or How To Complete your Favorite ThreatActor’s Sample Collection (Paper)
HyperSSL
2021-03-21YouTube (dist67)Didier Stevens
@online{stevens:20210321:finding:92a9a4d, author = {Didier Stevens}, title = {{Finding Metasploit & Cobalt Strike URLs}}, date = {2021-03-21}, organization = {YouTube (dist67)}, url = {https://www.youtube.com/watch?v=WW0_TgWT2gs}, language = {English}, urldate = {2021-03-25} } Finding Metasploit & Cobalt Strike URLs
Cobalt Strike
2021-03-11CofenseElmer Hernandez
@online{hernandez:20210311:autohotkey:27bb61f, author = {Elmer Hernandez}, title = {{AutoHotKey Leveraged by Metamorfo/Mekotio Banking Trojan}}, date = {2021-03-11}, organization = {Cofense}, url = {https://cofense.com/blog/autohotkey-banking-trojan/}, language = {English}, urldate = {2021-03-12} } AutoHotKey Leveraged by Metamorfo/Mekotio Banking Trojan
Metamorfo
2021-03-02Metabase QJesus Dominguez, Ocelot Offensive Security Team
@online{dominguez:20210302:ploutus:5d96786, author = {Jesus Dominguez and Ocelot Offensive Security Team}, title = {{Ploutus is back, targeting Itautec ATMs in Latin America}}, date = {2021-03-02}, organization = {Metabase Q}, url = {https://www.metabaseq.com/recursos/ploutus-is-back-targeting-itautec-atms-in-latin-america}, language = {English}, urldate = {2021-03-11} } Ploutus is back, targeting Itautec ATMs in Latin America
Ploutus ATM
2020-10-25Andrew Ivanov
@online{ivanov:20201025:metadatabin:54442a7, author = {Andrew Ivanov}, title = {{MetadataBin Ransomware}}, date = {2020-10-25}, url = {https://id-ransomware.blogspot.com/2020/10/metadata-bin-ransomware.html}, language = {Russian}, urldate = {2020-10-29} } MetadataBin Ransomware
MetadataBin
2020-06-25MalwarebytesJérôme Segura
@online{segura:20200625:web:2b712b2, author = {Jérôme Segura}, title = {{Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files}}, date = {2020-06-25}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/}, language = {English}, urldate = {2020-06-29} } Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files
magecart
2020-06-04BitdefenderJanos Gergo Szeles, Ruben Andrei Condor
@techreport{szeles:20200604:loading:072fc29, author = {Janos Gergo Szeles and Ruben Andrei Condor}, title = {{Loading DLLs for illicit profit. A story about a Metamorfo distribution campaign}}, date = {2020-06-04}, institution = {Bitdefender}, url = {https://www.bitdefender.com/files/News/CaseStudies/study/333/Bitdefender-PR-Whitepaper-Metamorfo-creat4500-en-EN-GenericUse.pdf}, language = {English}, urldate = {2020-06-10} } Loading DLLs for illicit profit. A story about a Metamorfo distribution campaign
Metamorfo
2020-03-04MetaSwan's LabMetaSwan
@online{metaswan:20200304:kimsuky:86badd0, author = {MetaSwan}, title = {{Kimsuky group's resume impersonation malware}}, date = {2020-03-04}, organization = {MetaSwan's Lab}, url = {https://metaswan.github.io/posts/Malware-Kimsuky-group's-resume-impersonation-malware}, language = {English}, urldate = {2020-03-06} } Kimsuky group's resume impersonation malware
Kimsuky
2020-02-26MetaSwan's LabMetaSwan
@online{metaswan:20200226:lazarus:1cacde4, author = {MetaSwan}, title = {{Lazarus group's Brambul worm of the former Wannacry - 1}}, date = {2020-02-26}, organization = {MetaSwan's Lab}, url = {https://swanleesec.github.io/posts/Malware-Lazarus-group's-Brambul-worm-of-the-former-Wannacry-1}, language = {English}, urldate = {2022-03-02} } Lazarus group's Brambul worm of the former Wannacry - 1
Brambul WannaCryptor
2020-02-26MetaSwan's LabMetaSwan
@online{metaswan:20200226:lazarus:0bf422f, author = {MetaSwan}, title = {{Lazarus group's Brambul worm of the former Wannacry - 2}}, date = {2020-02-26}, organization = {MetaSwan's Lab}, url = {https://swanleesec.github.io/posts/Malware-Lazarus-group's-Brambul-worm-of-the-former-Wannacry-2}, language = {English}, urldate = {2022-03-02} } Lazarus group's Brambul worm of the former Wannacry - 2
Brambul
2020-02-11Github (jeFF0Falltrades)Jeff Archer
@online{archer:20200211:metamorfo:663ae17, author = {Jeff Archer}, title = {{Metamorfo (aka Casbaneiro)}}, date = {2020-02-11}, organization = {Github (jeFF0Falltrades)}, url = {https://github.com/jeFF0Falltrades/IoCs/blob/master/Broadbased/metamorfo.md}, language = {English}, urldate = {2020-02-11} } Metamorfo (aka Casbaneiro)
Metamorfo Unidentified 072 (Metamorfo Loader)
2019-07-16enSiloChen Erlich
@online{erlich:20190716:avast:b3dec63, author = {Chen Erlich}, title = {{The Avast Abuser: Metamorfo Banking Malware Hides By Abusing Avast Executable}}, date = {2019-07-16}, organization = {enSilo}, url = {https://medium.com/@chenerlich/the-avast-abuser-metamorfo-banking-malware-hides-by-abusing-avast-executable-ac9b8b392767}, language = {English}, urldate = {2020-04-13} } The Avast Abuser: Metamorfo Banking Malware Hides By Abusing Avast Executable
Metamorfo
2018-11-08Cisco TalosEdmund Brumaghin, Warren Mercer, Paul Rascagnères, Vitor Ventura
@online{brumaghin:20181108:metamorfo:d12fe7e, author = {Edmund Brumaghin and Warren Mercer and Paul Rascagnères and Vitor Ventura}, title = {{Metamorfo Banking Trojan Keeps Its Sights on Brazil}}, date = {2018-11-08}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2018/11/metamorfo-brazilian-campaigns.html}, language = {English}, urldate = {2020-01-06} } Metamorfo Banking Trojan Keeps Its Sights on Brazil
Metamorfo
2018-04-24FireEyeEdson Sierra, Gerardo Iglesias
@online{sierra:20180424:metamorfo:aa4b1fe, author = {Edson Sierra and Gerardo Iglesias}, title = {{Metamorfo Campaigns Targeting Brazilian Users}}, date = {2018-04-24}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2018/04/metamorfo-campaign-targeting-brazilian-users.html}, language = {English}, urldate = {2019-12-20} } Metamorfo Campaigns Targeting Brazilian Users
Metamorfo
2011-07-10Michael Schierl
@online{schierl:20110710:facts:fb33368, author = {Michael Schierl}, title = {{Facts and myths about antivirus evasion with Metasploit}}, date = {2011-07-10}, url = {http://schierlm.users.sourceforge.net/avevasion.html}, language = {English}, urldate = {2020-08-24} } Facts and myths about antivirus evasion with Metasploit
Meterpreter