Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-30Medium walmartglobaltechJason Reaves, Jonathan Mccay
@online{reaves:20220930:diavol:d72ab2a, author = {Jason Reaves and Jonathan Mccay}, title = {{Diavol resurfaces}}, date = {2022-09-30}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/diavol-resurfaces-91dd93c7d922}, language = {English}, urldate = {2022-10-05} } Diavol resurfaces
Diavol
2022-09-22Medium s2wlabYang HuiSeong, Jeong Hyunsik
@online{huiseong:20220922:quick:9184019, author = {Yang HuiSeong and Jeong Hyunsik}, title = {{Quick Overview of Leaked LockBit 3.0 (Black) builder program}}, date = {2022-09-22}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/quick-overview-of-leaked-lockbit-3-0-black-builder-program-880ae511d085}, language = {English}, urldate = {2022-10-24} } Quick Overview of Leaked LockBit 3.0 (Black) builder program
LockBit
2022-09-01Medium michaelkoczwaraMichael Koczwara
@online{koczwara:20220901:hunting:45c54de, author = {Michael Koczwara}, title = {{Hunting C2/Adversaries Infrastructure with Shodan and Censys}}, date = {2022-09-01}, organization = {Medium michaelkoczwara}, url = {https://michaelkoczwara.medium.com/hunting-c2-with-shodan-223ca250d06f}, language = {English}, urldate = {2023-01-19} } Hunting C2/Adversaries Infrastructure with Shodan and Censys
Brute Ratel C4 Cobalt Strike Deimos GRUNT IcedID Merlin Meterpreter Nighthawk PoshC2 Sliver
2022-08-30Medium the_abjuri5tJohn F
@online{f:20220830:nanocore:86aa443, author = {John F}, title = {{NanoCore RAT Hunting Guide}}, date = {2022-08-30}, organization = {Medium the_abjuri5t}, url = {https://medium.com/@the_abjuri5t/nanocore-rat-hunting-guide-cb185473c1e0}, language = {English}, urldate = {2022-08-30} } NanoCore RAT Hunting Guide
Nanocore RAT
2022-08-22Medium (Katie’s Five Cents)Katie Nickels
@online{nickels:20220822:cyber:7fd8ac5, author = {Katie Nickels}, title = {{A Cyber Threat Intelligence Self-Study Plan: Part 2}}, date = {2022-08-22}, organization = {Medium (Katie’s Five Cents)}, url = {https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-2-d04b7a529d36}, language = {English}, urldate = {2022-08-28} } A Cyber Threat Intelligence Self-Study Plan: Part 2
2022-08-11Medium walmartglobaltechJason Reaves
@online{reaves:20220811:state:ef0fd3c, author = {Jason Reaves}, title = {{State of the Remote Access Tools, Part 1}}, date = {2022-08-11}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/state-of-the-rat-part-1-cfec6c967e2f}, language = {English}, urldate = {2022-09-12} } State of the Remote Access Tools, Part 1
2022-08-09Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220809:pivoting:7afbaea, author = {Jason Reaves and Joshua Platt}, title = {{Pivoting on a SharpExt to profile Kimusky panels for great good}}, date = {2022-08-09}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/pivoting-on-a-sharpext-to-profile-kimusky-panels-for-great-good-1920dc1bcef9}, language = {English}, urldate = {2023-02-06} } Pivoting on a SharpExt to profile Kimusky panels for great good
Kimsuky
2022-08-08Medium CSIS TechblogBenoît Ancel
@online{ancel:20220808:inside:67ef9a0, author = {Benoît Ancel}, title = {{An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure}}, date = {2022-08-08}, organization = {Medium CSIS Techblog}, url = {https://medium.com/csis-techblog/inside-view-of-brazzzersff-infrastructure-89b9188fd145}, language = {English}, urldate = {2022-08-28} } An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure
Riltok magecart Anubis Azorult BetaBot Buer CoalaBot CryptBot DiamondFox DreamBot GCleaner ISFB Loki Password Stealer (PWS) MedusaLocker MeguminTrojan Nemty PsiX RedLine Stealer SmokeLoader STOP TinyNuke Vidar Zloader
2022-08-04Medium walmartglobaltechJoshua Platt, Jason Reaves
@online{platt:20220804:icedid:546c931, author = {Joshua Platt and Jason Reaves}, title = {{IcedID leverages PrivateLoader}}, date = {2022-08-04}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/icedid-leverages-privateloader-7744771bf87f}, language = {English}, urldate = {2022-08-11} } IcedID leverages PrivateLoader
IcedID PrivateLoader
2022-07-06Medium s2wlabHOTSAUCE | S2W TALON
@online{talon:20220706:teng:799c55c, author = {HOTSAUCE | S2W TALON}, title = {{变脸, Teng Snake (a.k.a. Code Core)}}, date = {2022-07-06}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/%E5%8F%98%E8%84%B8-teng-snake-a-k-a-code-core-8c35268b4d1a}, language = {English}, urldate = {2022-07-12} } 变脸, Teng Snake (a.k.a. Code Core)
CodeCore
2022-06-27Medium (Cryptax)Axelle Apvrille
@online{apvrille:20220627:unpacking:1b11605, author = {Axelle Apvrille}, title = {{Unpacking a JsonPacker-packed sample}}, date = {2022-06-27}, organization = {Medium (Cryptax)}, url = {https://cryptax.medium.com/unpacking-a-jsonpacker-packed-sample-4038e12119f5}, language = {English}, urldate = {2022-08-15} } Unpacking a JsonPacker-packed sample
Xenomorph
2022-06-20Medium (Cryptax)Axelle Apvrille
@online{apvrille:20220620:tracking:828037d, author = {Axelle Apvrille}, title = {{Tracking Android/Joker payloads with Medusa, static analysis (and patience)}}, date = {2022-06-20}, organization = {Medium (Cryptax)}, url = {https://cryptax.medium.com/tracking-android-joker-payloads-with-medusa-static-analysis-and-patience-672348b81ac2}, language = {English}, urldate = {2022-08-15} } Tracking Android/Joker payloads with Medusa, static analysis (and patience)
Joker
2022-06-16Medium s2wlabS2W TALON
@online{talon:20220616:raccoon:de7df76, author = {S2W TALON}, title = {{Raccoon Stealer is Back with a New Version}}, date = {2022-06-16}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/raccoon-stealer-is-back-with-a-new-version-5f436e04b20d}, language = {English}, urldate = {2022-06-17} } Raccoon Stealer is Back with a New Version
Raccoon
2022-06-09Medium (Cryptax)Axelle Apvrille
@online{apvrille:20220609:quick:0b409f4, author = {Axelle Apvrille}, title = {{Quick look into a new sample of Android/BianLian}}, date = {2022-06-09}, organization = {Medium (Cryptax)}, url = {https://cryptax.medium.com/quick-look-into-a-new-sample-of-android-bianlian-bc5619efa726}, language = {English}, urldate = {2022-08-15} } Quick look into a new sample of Android/BianLian
BianLian Hydra
2022-05-25Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220525:socgholish:f876e0e, author = {Jason Reaves and Joshua Platt}, title = {{SocGholish Campaigns and Initial Access Kit}}, date = {2022-05-25}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/socgholish-campaigns-and-initial-access-kit-4c4283fea8ee}, language = {English}, urldate = {2022-06-02} } SocGholish Campaigns and Initial Access Kit
FAKEUPDATES Blister Cobalt Strike NetSupportManager RAT
2022-05-12Medium (Cryptax)Axelle Apvrille
@online{apvrille:20220512:reversing:65ed9cb, author = {Axelle Apvrille}, title = {{Reversing an Android sample which uses Flutter}}, date = {2022-05-12}, organization = {Medium (Cryptax)}, url = {https://cryptax.medium.com/reversing-an-android-sample-which-uses-flutter-23c3ff04b847}, language = {English}, urldate = {2022-08-15} } Reversing an Android sample which uses Flutter
2022-05-12Medium s2wlabJiho Kim
@online{kim:20220512:history:03c1535, author = {Jiho Kim}, title = {{The History of BlackGuard Stealer}}, date = {2022-05-12}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/the-history-of-blackguard-stealer-86207e72ffb4}, language = {English}, urldate = {2022-05-17} } The History of BlackGuard Stealer
BlackGuard
2022-04-27Medium elis531989Eli Salem
@online{salem:20220427:chronicles:c55d826, author = {Eli Salem}, title = {{The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection}}, date = {2022-04-27}, organization = {Medium elis531989}, url = {https://elis531989.medium.com/the-chronicles-of-bumblebee-the-hook-the-bee-and-the-trickbot-connection-686379311056}, language = {English}, urldate = {2022-04-29} } The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection
BumbleBee TrickBot
2022-04-25Medium proferosec-osmBrenton Morris
@online{morris:20220425:static:ae1f9c2, author = {Brenton Morris}, title = {{Static unpacker and decoder for Hello Kitty Packer}}, date = {2022-04-25}, organization = {Medium proferosec-osm}, url = {https://medium.com/proferosec-osm/static-unpacker-and-decoder-for-hello-kitty-packer-91a3e8844cb7}, language = {English}, urldate = {2022-04-29} } Static unpacker and decoder for Hello Kitty Packer
HelloKitty
2022-04-15Medium walmartglobaltechJason Reaves
@online{reaves:20220415:revisiting:94c149c, author = {Jason Reaves}, title = {{Revisiting BatLoader C2 structure}}, date = {2022-04-15}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/revisiting-batloader-c2-structure-52f46ff9893a}, language = {English}, urldate = {2023-01-31} } Revisiting BatLoader C2 structure
BATLOADER