Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-04-03Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20200403:guloader:4b27e7a, author = {Brad Duncan}, title = {{GuLoader: Malspam Campaign Installing NetWire RAT}}, date = {2020-04-03}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/guloader-installing-netwire-rat/}, language = {English}, urldate = {2021-01-10} } GuLoader: Malspam Campaign Installing NetWire RAT
CloudEyE NetWire RC
2020-01-23SANS ISC InfoSec ForumsBrad Duncan
@online{duncan:20200123:german:2c867b2, author = {Brad Duncan}, title = {{German language malspam pushes Ursnif}}, date = {2020-01-23}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/German+language+malspam+pushes+Ursnif/25732/}, language = {English}, urldate = {2020-01-26} } German language malspam pushes Ursnif
ISFB
2019-12-23Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20191223:wireshark:11f95ab, author = {Brad Duncan}, title = {{Wireshark Tutorial: Examining Ursnif Infections}}, date = {2019-12-23}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/wireshark-tutorial-examining-ursnif-infections/}, language = {English}, urldate = {2020-01-13} } Wireshark Tutorial: Examining Ursnif Infections
ISFB
2019-12-19Twitter (@malware_traffic)Brad Duncan
@online{duncan:20191219:valak:a793639, author = {Brad Duncan}, title = {{Tweet on Valak Malware}}, date = {2019-12-19}, organization = {Twitter (@malware_traffic)}, url = {https://twitter.com/malware_traffic/status/1207824548021886977}, language = {English}, urldate = {2020-01-05} } Tweet on Valak Malware
Valak
2019-11-22Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20191122:trickbot:e14933b, author = {Brad Duncan}, title = {{Trickbot Updates Password Grabber Module}}, date = {2019-11-22}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/trickbot-updates-password-grabber-module/}, language = {English}, urldate = {2020-01-22} } Trickbot Updates Password Grabber Module
TrickBot
2019-11-08Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20191108:wireshark:f37b983, author = {Brad Duncan}, title = {{Wireshark Tutorial: Examining Trickbot Infections}}, date = {2019-11-08}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/wireshark-tutorial-examining-trickbot-infections/}, language = {English}, urldate = {2020-01-06} } Wireshark Tutorial: Examining Trickbot Infections
TrickBot
2019-07-11InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20190711:recent:bd25d5a, author = {Brad Duncan}, title = {{Recent AZORult activity}}, date = {2019-07-11}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/25120}, language = {English}, urldate = {2020-01-10} } Recent AZORult activity
Azorult
2019-06-25SANSBrad Duncan
@online{duncan:20190625:rig:31ecb33, author = {Brad Duncan}, title = {{Rig Exploit Kit sends Pitou.B Trojan}}, date = {2019-06-25}, organization = {SANS}, url = {https://isc.sans.edu/diary/rss/25068}, language = {English}, urldate = {2019-12-17} } Rig Exploit Kit sends Pitou.B Trojan
Pitou
2019-05-22Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20190522:shade:7647744, author = {Brad Duncan}, title = {{Shade Ransomware Hits High-Tech, Wholesale, Education Sectors in U.S, Japan, India, Thailand, Canada}}, date = {2019-05-22}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/shade-ransomware-hits-high-tech-wholesale-education-sectors-in-u-s-japan-india-thailand-canada/}, language = {English}, urldate = {2020-01-13} } Shade Ransomware Hits High-Tech, Wholesale, Education Sectors in U.S, Japan, India, Thailand, Canada
Troldesh
2019-02-20SANS ISC InfoSec ForumsBrad Duncan
@online{duncan:20190220:more:a3216b8, author = {Brad Duncan}, title = {{More Russian language malspam pushing Shade (Troldesh) ransomware}}, date = {2019-02-20}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/More+Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24668/}, language = {English}, urldate = {2020-01-13} } More Russian language malspam pushing Shade (Troldesh) ransomware
Troldesh
2019-01-23Brad Duncan, Mike Harbison
@online{duncan:20190123:russian:150eb22, author = {Brad Duncan and Mike Harbison}, title = {{Russian Language Malspam Pushing Redaman Banking Malware}}, date = {2019-01-23}, url = {https://unit42.paloaltonetworks.com/russian-language-malspam-pushing-redaman-banking-malware/}, language = {English}, urldate = {2020-01-06} } Russian Language Malspam Pushing Redaman Banking Malware
RTM
2019-01-17SANS ISC InfoSec ForumsBrad Duncan
@online{duncan:20190117:emotet:0754347, author = {Brad Duncan}, title = {{Emotet infections and follow-up malware}}, date = {2019-01-17}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/}, language = {English}, urldate = {2020-01-13} } Emotet infections and follow-up malware
Emotet
2018-12-19Malware Traffic AnalysisBrad Duncan
@online{duncan:20181219:malspam:b8c4580, author = {Brad Duncan}, title = {{MALSPAM PUSHING THE MYDOOM WORM IS STILL A THING}}, date = {2018-12-19}, organization = {Malware Traffic Analysis}, url = {https://www.malware-traffic-analysis.net/2018/12/19/index.html}, language = {English}, urldate = {2020-01-13} } MALSPAM PUSHING THE MYDOOM WORM IS STILL A THING
MyDoom
2018-12-04Brad Duncan
@online{duncan:20181204:malspam:8e2d810, author = {Brad Duncan}, title = {{Malspam pushing Lokibot malware}}, date = {2018-12-04}, url = {https://isc.sans.edu/diary/24372}, language = {English}, urldate = {2019-10-29} } Malspam pushing Lokibot malware
Loki Password Stealer (PWS)
2018-03-07InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20180307:ransomware:504a693, author = {Brad Duncan}, title = {{Ransomware news: GlobeImposter gets a facelift, GandCrab is still out there}}, date = {2018-03-07}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/23417}, language = {English}, urldate = {2020-01-06} } Ransomware news: GlobeImposter gets a facelift, GandCrab is still out there
Gandcrab GlobeImposter
2018-02-07Palo Alto Networks Unit 42Vicky Ray, Brad Duncan
@online{ray:20180207:compromised:01adde2, author = {Vicky Ray and Brad Duncan}, title = {{Compromised Servers & Fraud Accounts: Recent Hancitor Attacks}}, date = {2018-02-07}, organization = {Palo Alto Networks Unit 42}, url = {https://researchcenter.paloaltonetworks.com/2018/02/unit42-compromised-servers-fraud-accounts-recent-hancitor-attacks/}, language = {English}, urldate = {2019-12-20} } Compromised Servers & Fraud Accounts: Recent Hancitor Attacks
Hancitor
2018-02-01Malware Traffic AnalysisBrad Duncan
@online{duncan:20180201:quick:320f855, author = {Brad Duncan}, title = {{Quick Test Drive of Trickbot (It now has a Monero Module)}}, date = {2018-02-01}, organization = {Malware Traffic Analysis}, url = {http://www.malware-traffic-analysis.net/2018/02/01/}, language = {English}, urldate = {2019-07-09} } Quick Test Drive of Trickbot (It now has a Monero Module)
TrickBot
2018-01-04Malware Traffic AnalysisBrad Duncan
@online{duncan:20180104:malspam:ce2dfac, author = {Brad Duncan}, title = {{MALSPAM PUSHING PCRAT/GH0ST}}, date = {2018-01-04}, organization = {Malware Traffic Analysis}, url = {http://www.malware-traffic-analysis.net/2018/01/04/index.html}, language = {English}, urldate = {2019-12-24} } MALSPAM PUSHING PCRAT/GH0ST
Ghost RAT
2017-12-22Malware Traffic AnalysisBrad Duncan
@online{duncan:20171222:malspam:4a3fd87, author = {Brad Duncan}, title = {{MALSPAM USES CVE-2017-0199 TO DISTRIBUTE REMCOS RAT}}, date = {2017-12-22}, organization = {Malware Traffic Analysis}, url = {http://malware-traffic-analysis.net/2017/12/22/index.html}, language = {English}, urldate = {2019-07-11} } MALSPAM USES CVE-2017-0199 TO DISTRIBUTE REMCOS RAT
Remcos
2017-11-23Malware Traffic AnalysisBrad Duncan
@online{duncan:20171123:necurs:15f819e, author = {Brad Duncan}, title = {{NECURS BOTNET MALSPAM PUSHES "SCARAB" RANSOMWARE}}, date = {2017-11-23}, organization = {Malware Traffic Analysis}, url = {http://malware-traffic-analysis.net/2017/11/23/index.html}, language = {English}, urldate = {2020-01-10} } NECURS BOTNET MALSPAM PUSHES "SCARAB" RANSOMWARE
Scarab Ransomware