Click here to download all references as Bib-File.•
| 2022-08-12
⋅
SANS ISC
⋅
Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike Cobalt Strike DarkVNC IcedID |
| 2022-07-27
⋅
SANS ISC
⋅
IcedID (Bokbot) with Dark VNC and Cobalt Strike DarkVNC IcedID |
| 2022-07-07
⋅
SANS ISC
⋅
Emotet infection with Cobalt Strike Cobalt Strike Emotet |
| 2022-06-17
⋅
SANS ISC
⋅
Malspam pushes Matanbuchus malware, leads to Cobalt Strike Cobalt Strike Matanbuchus |
| 2022-06-16
⋅
SANS ISC
⋅
Houdini is Back Delivered Through a JavaScript Dropper Houdini |
| 2022-06-13
⋅
SANS ISC
⋅
Translating Saitama's DNS tunneling messages Saitama Backdoor |
| 2022-05-20
⋅
SANS ISC
⋅
A 'Zip Bomb' to Bypass Security Controls & Sandboxes BitRAT |
| 2022-05-11
⋅
SANS ISC
⋅
TA578 using thread-hijacked emails to push ISO files for Bumblebee malware BumbleBee |
| 2022-04-25
⋅
SANS ISC
⋅
Simple PDF Linking to Malicious Content |
| 2022-04-20
⋅
SANS ISC
⋅
'aa' distribution Qakbot (Qbot) infection with DarkVNC traffic QakBot |
| 2022-04-06
⋅
SANS ISC
⋅
Windows MetaStealer Malware |
| 2022-03-31
⋅
SANS ISC
⋅
Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965 |
| 2022-03-25
⋅
SANS ISC
⋅
XLSB Files: Because Binary is Stealthier Than XML QakBot |
| 2022-03-16
⋅
SANS ISC
⋅
Qakbot infection with Cobalt Strike and VNC activity Cobalt Strike QakBot |
| 2022-02-18
⋅
SANS ISC
⋅
Remcos RAT Delivered Through Double Compressed Archive Remcos |
| 2022-02-11
⋅
blog.rootshell.be
⋅
[SANS ISC] CinaRAT Delivered Through HTML ID Attributes Quasar RAT |
| 2022-02-08
⋅
Sansec
⋅
NaturalFreshMall: a mass store hack |
| 2022-01-25
⋅
SANS ISC
⋅
Emotet Stops Using 0.0.0.0 in Spambot Traffic Emotet |
| 2022-01-20
⋅
blog.rootshell.be
⋅
[SANS ISC] RedLine Stealer Delivered Through FTP RedLine Stealer |
| 2022-01-20
⋅
SANS ISC InfoSec Forums
⋅
RedLine Stealer Delivered Through FTP RedLine Stealer |