Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-07-09InfoSec Handlers Diary BlogBrad Duncan
Hancitor tries XLL as initial malware file
Cobalt Strike Hancitor
2021-04-19InfoSec Handlers Diary BlogJan Kopriva
Hunting phishing websites with favicon hashes
2021-04-14InfoSec Handlers Diary BlogBrad Duncan
April 2021 Forensic Quiz: Answers and Analysis
Anchor BazarBackdoor Cobalt Strike
2021-04-06InfoSec Handlers Diary BlogJan Kopriva
Malspam with Lokibot vs. Outlook and RFCs
Loki Password Stealer (PWS)
2021-03-31InfoSec Handlers Diary BlogXavier Mertens
Quick Analysis of a Modular InfoStealer
2021-03-29InfoSec Handlers Diary BlogXavier Mertens
Jumping into Shellcode
2021-03-27InfoSec Handlers Diary BlogGuy Bruneau
Malware Analysis with elastic-agent and Microsoft Sandbox
2021-03-07InfoSec Handlers Diary BlogDidier Stevens
PCAPs and Beacons
Cobalt Strike
2021-02-12InfoSec Handlers Diary BlogXavier Mertens
AgentTesla Dropped Through Automatic Click in Microsoft Help File
Agent Tesla
2021-02-11InfoSec Handlers Diary BlogJan Kopriva
Agent Tesla hidden in a historical anti-malware tool
Agent Tesla
2021-02-04InfoSec Handlers Diary BlogBojan Zdrnja
Abusing Google Chrome extension syncing for data exfiltration and C&C
2021-02-03InfoSec Handlers Diary BlogBrad Duncan
Excel spreadsheets push SystemBC malware
Cobalt Strike SystemBC
2021-01-28InfoSec Handlers Diary BlogDaniel Wesemann
Emotet vs. Windows Attack Surface Reduction
2021-01-22InfoSec Handlers Diary BlogXavier Mertens
Another File Extension to Block in your MTA: .jnlp
2021-01-21InfoSec Handlers Diary BlogXavier Mertens
Powershell Dropping a REvil Ransomware
2021-01-13InfoSec Handlers Diary BlogBrad Duncan
Hancitor activity resumes after a hoilday break
2020-12-24InfoSec Handlers Diary BlogXavier Mertens
Malicious Word Document Delivering an Octopus Backdoor
2020-12-15InfoSec Handlers Diary BlogDidier Stevens
Analyzing FireEye Maldocs
2020-12-09InfoSec Handlers Diary BlogBrad Duncan
Recent Qakbot (Qbot) activity
Cobalt Strike QakBot
2020-11-03InfoSec Handlers Diary BlogRenato Marinho
Attackers Exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike
Cobalt Strike
2020-05-31InfoSec Handlers Diary BlogRenato Marinho
Guildma is now using Finger and Signed Binary Proxy Execution to evade defenses
2020-05-23InfoSec Handlers Diary BlogXavier Mertens
AgentTesla Delivered via a Malicious PowerPoint Add-In
Agent Tesla
2020-04-12InfoSec Handlers Diary BlogVinnie
Dynamic analysis technique to get decrypted KPOT Malware
KPOT Stealer
2019-08-26InfoSec Handlers Diary BlogDidier Stevens
The DAA File Format
2019-07-11InfoSec Handlers Diary BlogBrad Duncan
Recent AZORult activity
2018-03-07InfoSec Handlers Diary BlogBrad Duncan
Ransomware news: GlobeImposter gets a facelift, GandCrab is still out there
Gandcrab GlobeImposter
2017-09-05InfoSec Handlers Diary BlogJohannes Ullrich
The Mirai Botnet: A Look Back and Ahead At What's Next
2017-08-29InfoSec Handlers Diary BlogRenato Marinho
Second Google Chrome Extension Banker Malware in Two Weeks
2017-07-08InfoSec Handlers Diary BlogXavier Mertens
A VBScript with Obfuscated Base64 Data
Revenge RAT
2009-11-03InfoSec Handlers Diary BlogBojan Zdrnja
Opachki, from (and to) Russia with love