Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-03-16SANS ISCBrad Duncan
@online{duncan:20220316:qakbot:7fe703f, author = {Brad Duncan}, title = {{Qakbot infection with Cobalt Strike and VNC activity}}, date = {2022-03-16}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike+and+VNC+activity/28448/}, language = {English}, urldate = {2022-03-17} } Qakbot infection with Cobalt Strike and VNC activity
Cobalt Strike QakBot
2022-02-18SANS ISCXavier Mertens
@online{mertens:20220218:remcos:c302a64, author = {Xavier Mertens}, title = {{Remcos RAT Delivered Through Double Compressed Archive}}, date = {2022-02-18}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Remcos+RAT+Delivered+Through+Double+Compressed+Archive/28354/}, language = {English}, urldate = {2022-02-18} } Remcos RAT Delivered Through Double Compressed Archive
Remcos
2022-02-11blog.rootshell.beXavier Mertens
@online{mertens:20220211:sans:7273063, author = {Xavier Mertens}, title = {{[SANS ISC] CinaRAT Delivered Through HTML ID Attributes}}, date = {2022-02-11}, organization = {blog.rootshell.be}, url = {https://blog.rootshell.be/2022/02/11/sans-isc-cinarat-delivered-through-html-id-attributes/}, language = {English}, urldate = {2022-02-14} } [SANS ISC] CinaRAT Delivered Through HTML ID Attributes
Quasar RAT
2022-02-08SansecSansec Threat Research Team
@online{team:20220208:naturalfreshmall:0a354ba, author = {Sansec Threat Research Team}, title = {{NaturalFreshMall: a mass store hack}}, date = {2022-02-08}, organization = {Sansec}, url = {https://sansec.io/research/naturalfreshmall-mass-hack}, language = {English}, urldate = {2022-02-10} } NaturalFreshMall: a mass store hack
2022-01-25SANS ISCBrad Duncan
@online{duncan:20220125:emotet:9c62525, author = {Brad Duncan}, title = {{Emotet Stops Using 0.0.0.0 in Spambot Traffic}}, date = {2022-01-25}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Emotet+Stops+Using+0000+in+Spambot+Traffic/28270/}, language = {English}, urldate = {2022-02-01} } Emotet Stops Using 0.0.0.0 in Spambot Traffic
Emotet
2022-01-20blog.rootshell.beXavier Mertens
@online{mertens:20220120:sans:bc9b319, author = {Xavier Mertens}, title = {{[SANS ISC] RedLine Stealer Delivered Through FTP}}, date = {2022-01-20}, organization = {blog.rootshell.be}, url = {https://blog.rootshell.be/2022/01/20/sans-isc-redline-stealer-delivered-through-ftp/}, language = {English}, urldate = {2022-02-01} } [SANS ISC] RedLine Stealer Delivered Through FTP
RedLine Stealer
2022-01-20SANS ISC InfoSec ForumsXavier Mertens
@online{mertens:20220120:redline:87c27db, author = {Xavier Mertens}, title = {{RedLine Stealer Delivered Through FTP}}, date = {2022-01-20}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/RedLine+Stealer+Delivered+Through+FTP/28258/}, language = {English}, urldate = {2022-01-24} } RedLine Stealer Delivered Through FTP
RedLine Stealer
2021-12-03SANS ISC InfoSec ForumsBrad Duncan
@online{duncan:20211203:ta551:f71be57, author = {Brad Duncan}, title = {{TA551 (Shathak) pushes IcedID (Bokbot)}}, date = {2021-12-03}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/TA551+Shathak+pushes+IcedID+Bokbot/28092/}, language = {English}, urldate = {2021-12-06} } TA551 (Shathak) pushes IcedID (Bokbot)
IcedID
2021-11-24SansecSansec Threat Research Team
@online{team:20211124:cronrat:c716236, author = {Sansec Threat Research Team}, title = {{CronRAT malware hides behind February 31st}}, date = {2021-11-24}, organization = {Sansec}, url = {https://sansec.io/research/cronrat}, language = {English}, urldate = {2021-11-29} } CronRAT malware hides behind February 31st
CronRAT
2021-11-18SansecSansec Threat Research Team
@online{team:20211118:linux:c11c884, author = {Sansec Threat Research Team}, title = {{Linux malware agent hits eCommerce sites}}, date = {2021-11-18}, organization = {Sansec}, url = {https://sansec.io/research/ecommerce-malware-linux-avp}, language = {English}, urldate = {2021-11-19} } Linux malware agent hits eCommerce sites
2021-08-23Youtube (SANS Digital Forensics and Incident Response)Chad Tilbury
@online{tilbury:20210823:keynote:23c0084, author = {Chad Tilbury}, title = {{Keynote: Cobalt Strike Threat Hunting}}, date = {2021-08-23}, organization = {Youtube (SANS Digital Forensics and Incident Response)}, url = {https://www.youtube.com/watch?v=borfuQGrB8g}, language = {English}, urldate = {2021-08-25} } Keynote: Cobalt Strike Threat Hunting
Cobalt Strike
2021-07-27Youtube (SANS Institute)Katie Nickels, John Hammond
@online{nickels:20210727:sans:7432e9e, author = {Katie Nickels and John Hammond}, title = {{SANS Threat Analysis Rundown - Kaseya VSA attack}}, date = {2021-07-27}, organization = {Youtube (SANS Institute)}, url = {https://www.youtube.com/watch?v=tZVFMVm5GAk}, language = {English}, urldate = {2021-08-02} } SANS Threat Analysis Rundown - Kaseya VSA attack
REvil
2021-06-01SANSKevin Haley, Jake Williams
@online{haley:20210601:contrarian:6aff18c, author = {Kevin Haley and Jake Williams}, title = {{A Contrarian View on SolarWinds}}, date = {2021-06-01}, organization = {SANS}, url = {https://www.sans.org/webcasts/contrarian-view-solarwinds-119515}, language = {English}, urldate = {2021-06-21} } A Contrarian View on SolarWinds
Cobalt Strike Raindrop SUNBURST TEARDROP
2021-03-09Youtube (SANS Digital Forensics and Incident Response)Eric Loui, Sergei Frankoff
@online{loui:20210309:jackpotting:1dcc95b, author = {Eric Loui and Sergei Frankoff}, title = {{Jackpotting ESXi Servers For Maximum Encryption | Eric Loui & Sergei Frankoff | SANS CTI Summit 2021}}, date = {2021-03-09}, organization = {Youtube (SANS Digital Forensics and Incident Response)}, url = {https://www.youtube.com/watch?v=qxPXxWMI2i4}, language = {English}, urldate = {2021-05-31} } Jackpotting ESXi Servers For Maximum Encryption | Eric Loui & Sergei Frankoff | SANS CTI Summit 2021
DarkSide RansomEXX DarkSide RansomEXX GOLD DUPONT
2021-03-08Youtube (SANS Digital Forensics and Incident Response)Katie Nickels, Adam Pennington, Jen Burns
@online{nickels:20210308:star:083eb29, author = {Katie Nickels and Adam Pennington and Jen Burns}, title = {{STAR Webcast: Making sense of SolarWinds through the lens of MITRE ATT&CK(R)}}, date = {2021-03-08}, organization = {Youtube (SANS Digital Forensics and Incident Response)}, url = {https://www.youtube.com/watch?v=LA-XE5Jy2kU}, language = {English}, urldate = {2021-03-11} } STAR Webcast: Making sense of SolarWinds through the lens of MITRE ATT&CK(R)
Cobalt Strike SUNBURST TEARDROP
2020-12-02SansecSansec Threat Research Team
@online{team:20201202:persistent:4f26f93, author = {Sansec Threat Research Team}, title = {{Persistent parasite in EOL Magento 2 stores wakes at Black Friday}}, date = {2020-12-02}, organization = {Sansec}, url = {https://sansec.io/research/magento-2-persistent-parasite}, language = {English}, urldate = {2020-12-14} } Persistent parasite in EOL Magento 2 stores wakes at Black Friday
magecart
2020-11-26SansecSansec Threat Research Team
@online{team:20201126:payment:0a8e1d5, author = {Sansec Threat Research Team}, title = {{Payment skimmer hides in social media buttons}}, date = {2020-11-26}, organization = {Sansec}, url = {https://sansec.io/research/svg-malware}, language = {English}, urldate = {2020-12-08} } Payment skimmer hides in social media buttons
2020-11-19SANS ISC InfoSec ForumsXavier Mertens
@online{mertens:20201119:powershell:72b44bf, author = {Xavier Mertens}, title = {{PowerShell Dropper Delivering Formbook}}, date = {2020-11-19}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/diary/26806}, language = {English}, urldate = {2020-11-19} } PowerShell Dropper Delivering Formbook
Formbook
2020-10-28Youtube (SANS Digital Forensics and Incident Response)Van Ta, Aaron Stephens, Katie Nickels
@online{ta:20201028:star:16965fb, author = {Van Ta and Aaron Stephens and Katie Nickels}, title = {{STAR Webcast: Spooky RYUKy: The Return of UNC1878}}, date = {2020-10-28}, organization = {Youtube (SANS Digital Forensics and Incident Response)}, url = {https://www.youtube.com/watch?v=BhjQ6zsCVSc}, language = {English}, urldate = {2020-11-02} } STAR Webcast: Spooky RYUKy: The Return of UNC1878
Ryuk
2020-10-28Youtube (SANS Institute)Katie Nickels, Van Ta, Aaron Stephens
@online{nickels:20201028:spooky:3bf0a0a, author = {Katie Nickels and Van Ta and Aaron Stephens}, title = {{Spooky RYUKy: The Return of UNC1878 | SANS STAR Webcast}}, date = {2020-10-28}, organization = {Youtube (SANS Institute)}, url = {https://www.youtube.com/watch?v=CgDtm05qApE}, language = {English}, urldate = {2020-11-04} } Spooky RYUKy: The Return of UNC1878 | SANS STAR Webcast
Ryuk UNC1878