Click here to download all references as Bib-File.•
| 2021-07-09
⋅
InfoSec Handlers Diary Blog
⋅
Hancitor tries XLL as initial malware file Cobalt Strike Hancitor |
| 2021-04-19
⋅
InfoSec Handlers Diary Blog
⋅
Hunting phishing websites with favicon hashes |
| 2021-04-14
⋅
InfoSec Handlers Diary Blog
⋅
April 2021 Forensic Quiz: Answers and Analysis Anchor BazarBackdoor Cobalt Strike |
| 2021-04-06
⋅
InfoSec Handlers Diary Blog
⋅
Malspam with Lokibot vs. Outlook and RFCs Loki Password Stealer (PWS) |
| 2021-03-31
⋅
InfoSec Handlers Diary Blog
⋅
Quick Analysis of a Modular InfoStealer Amadey |
| 2021-03-29
⋅
InfoSec Handlers Diary Blog
⋅
Jumping into Shellcode |
| 2021-03-27
⋅
InfoSec Handlers Diary Blog
⋅
Malware Analysis with elastic-agent and Microsoft Sandbox |
| 2021-03-07
⋅
InfoSec Handlers Diary Blog
⋅
PCAPs and Beacons Cobalt Strike |
| 2021-02-12
⋅
InfoSec Handlers Diary Blog
⋅
AgentTesla Dropped Through Automatic Click in Microsoft Help File Agent Tesla |
| 2021-02-11
⋅
InfoSec Handlers Diary Blog
⋅
Agent Tesla hidden in a historical anti-malware tool Agent Tesla |
| 2021-02-04
⋅
InfoSec Handlers Diary Blog
⋅
Abusing Google Chrome extension syncing for data exfiltration and C&C |
| 2021-02-03
⋅
InfoSec Handlers Diary Blog
⋅
Excel spreadsheets push SystemBC malware Cobalt Strike SystemBC |
| 2021-01-28
⋅
InfoSec Handlers Diary Blog
⋅
Emotet vs. Windows Attack Surface Reduction Emotet |
| 2021-01-22
⋅
InfoSec Handlers Diary Blog
⋅
Another File Extension to Block in your MTA: .jnlp |
| 2021-01-21
⋅
InfoSec Handlers Diary Blog
⋅
Powershell Dropping a REvil Ransomware REvil |
| 2021-01-13
⋅
InfoSec Handlers Diary Blog
⋅
Hancitor activity resumes after a hoilday break Hancitor |
| 2020-12-24
⋅
InfoSec Handlers Diary Blog
⋅
Malicious Word Document Delivering an Octopus Backdoor Octopus |
| 2020-12-15
⋅
InfoSec Handlers Diary Blog
⋅
Analyzing FireEye Maldocs |
| 2020-12-09
⋅
InfoSec Handlers Diary Blog
⋅
Recent Qakbot (Qbot) activity Cobalt Strike QakBot |
| 2020-11-03
⋅
InfoSec Handlers Diary Blog
⋅
Attackers Exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike Cobalt Strike |
| 2020-05-31
⋅
InfoSec Handlers Diary Blog
⋅
Guildma is now using Finger and Signed Binary Proxy Execution to evade defenses Astaroth |
| 2020-05-23
⋅
InfoSec Handlers Diary Blog
⋅
AgentTesla Delivered via a Malicious PowerPoint Add-In Agent Tesla |
| 2020-04-12
⋅
InfoSec Handlers Diary Blog
⋅
Dynamic analysis technique to get decrypted KPOT Malware KPOT Stealer |
| 2019-08-26
⋅
InfoSec Handlers Diary Blog
⋅
The DAA File Format |
| 2019-07-11
⋅
InfoSec Handlers Diary Blog
⋅
Recent AZORult activity Azorult |
| 2018-03-07
⋅
InfoSec Handlers Diary Blog
⋅
Ransomware news: GlobeImposter gets a facelift, GandCrab is still out there Gandcrab GlobeImposter |
| 2017-09-05
⋅
InfoSec Handlers Diary Blog
⋅
The Mirai Botnet: A Look Back and Ahead At What's Next |
| 2017-08-29
⋅
InfoSec Handlers Diary Blog
⋅
Second Google Chrome Extension Banker Malware in Two Weeks IDKEY |
| 2017-07-08
⋅
InfoSec Handlers Diary Blog
⋅
A VBScript with Obfuscated Base64 Data Revenge RAT |
| 2009-11-03
⋅
InfoSec Handlers Diary Blog
⋅
Opachki, from (and to) Russia with love Opachki |