Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-04-07Medium sixdubJustin Warner
@online{warner:20210407:using:a7d19fd, author = {Justin Warner}, title = {{Using Kaitai Struct to Parse Cobalt Strike Beacon Configs}}, date = {2021-04-07}, organization = {Medium sixdub}, url = {https://sixdub.medium.com/using-kaitai-to-parse-cobalt-strike-beacon-configs-f5f0552d5a6e}, language = {English}, urldate = {2021-04-09} } Using Kaitai Struct to Parse Cobalt Strike Beacon Configs
Cobalt Strike
2021-04-05Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20210405:trickbot:a6b0592, author = {Jason Reaves and Joshua Platt}, title = {{TrickBot Crews New CobaltStrike Loader}}, date = {2021-04-05}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/trickbot-crews-new-cobaltstrike-loader-32c72b78e81c}, language = {English}, urldate = {2021-04-06} } TrickBot Crews New CobaltStrike Loader
Cobalt Strike TrickBot
2021-04-01Medium mikko-kenttalaMikko Kenttälä
@online{kenttl:20210401:zero:76c0fc0, author = {Mikko Kenttälä}, title = {{Zero click vulnerability in Apple’s macOS Mail}}, date = {2021-04-01}, organization = {Medium mikko-kenttala}, url = {https://mikko-kenttala.medium.com/zero-click-vulnerability-in-apples-macos-mail-59e0c14b106c}, language = {English}, urldate = {2021-04-06} } Zero click vulnerability in Apple’s macOS Mail
2021-03-29Medium (Cryptax)Axelle Apvrille
@online{apvrille:20210329:androidflubot:01484cd, author = {Axelle Apvrille}, title = {{Android/Flubot: preparing for a new campaign?}}, date = {2021-03-29}, organization = {Medium (Cryptax)}, url = {https://cryptax.medium.com/android-flubot-preparing-for-a-new-campaign-2f7563fc6c06}, language = {English}, urldate = {2021-03-31} } Android/Flubot: preparing for a new campaign?
FluBot
2021-03-24Medium Sebdravensebdraven
@online{sebdraven:20210324:net:113093c, author = {sebdraven}, title = {{A .NET rat targets Mongolia}}, date = {2021-03-24}, organization = {Medium Sebdraven}, url = {https://sebdraven.medium.com/a-net-rat-target-mongolia-9c1439c39bc2}, language = {English}, urldate = {2021-03-25} } A .NET rat targets Mongolia
nmass malware
2021-03-16Medium CSIS TechblogAleksejs Kuprins
@online{kuprins:20210316:brief:895027b, author = {Aleksejs Kuprins}, title = {{The Brief Glory of Cabassous/FluBot — a private Android banking botnet}}, date = {2021-03-16}, organization = {Medium CSIS Techblog}, url = {https://medium.com/csis-techblog/the-brief-glory-of-cabassous-flubot-a-private-android-banking-botnet-bc2ed7917027}, language = {English}, urldate = {2021-03-24} } The Brief Glory of Cabassous/FluBot — a private Android banking botnet
FluBot
2021-03-05Medium walmartglobaltechJason Reaves
@online{reaves:20210305:look:71fca27, author = {Jason Reaves}, title = {{A look at an Android bot from unpacking to DGA}}, date = {2021-03-05}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/a-look-at-an-android-bot-from-unpacking-to-dga-e331554f9fb9}, language = {English}, urldate = {2021-03-11} } A look at an Android bot from unpacking to DGA
FluBot
2021-03-02Medium Mehmet ErgeneMehmet Ergene
@online{ergene:20210302:hunting:a538456, author = {Mehmet Ergene}, title = {{Hunting for the Behavior: Scheduled Tasks}}, date = {2021-03-02}, organization = {Medium Mehmet Ergene}, url = {https://mergene.medium.com/hunting-for-the-behavior-scheduled-tasks-9efe0b8ade40}, language = {English}, urldate = {2021-03-04} } Hunting for the Behavior: Scheduled Tasks
2021-03-01Medium walmartglobaltechJoshua Platt, Jason Reaves
@online{platt:20210301:nimar:c26af08, author = {Joshua Platt and Jason Reaves}, title = {{Nimar Loader}}, date = {2021-03-01}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/nimar-loader-4f61c090c49e}, language = {English}, urldate = {2021-03-04} } Nimar Loader
BazarBackdoor BazarNimrod Cobalt Strike
2021-03-01Medium walmartglobaltechJoshua Platt, Jason Reaves
@online{platt:20210301:investigation:a7851d5, author = {Joshua Platt and Jason Reaves}, title = {{Investigation into the state of Nim malware}}, date = {2021-03-01}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/investigation-into-the-state-of-nim-malware-14cc543af811}, language = {English}, urldate = {2021-03-04} } Investigation into the state of Nim malware
BazarNimrod Cobalt Strike
2021-02-23Medium (Katie’s Five Cents)Katie Nickels
@online{nickels:20210223:cyber:974230c, author = {Katie Nickels}, title = {{A Cyber Threat Intelligence Self-Study Plan: Part 1}}, date = {2021-02-23}, organization = {Medium (Katie’s Five Cents)}, url = {https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-1-968b5a8daf9a}, language = {English}, urldate = {2021-02-25} } A Cyber Threat Intelligence Self-Study Plan: Part 1
2021-02-20Medium (Nasreddine Bencherchali)Nasreddine Bencherchali
@online{bencherchali:20210220:finding:01aa9bf, author = {Nasreddine Bencherchali}, title = {{Finding Forensic Goodness In Obscure Windows Event Logs}}, date = {2021-02-20}, organization = {Medium (Nasreddine Bencherchali)}, url = {https://nasbench.medium.com/finding-forensic-goodness-in-obscure-windows-event-logs-60e978ea45a3}, language = {English}, urldate = {2021-03-19} } Finding Forensic Goodness In Obscure Windows Event Logs
2021-02-19Medium 0xthreatintel0xthreatintel
@online{0xthreatintel:20210219:how:5fed055, author = {0xthreatintel}, title = {{How to unpack SManager APT tool?}}, date = {2021-02-19}, organization = {Medium 0xthreatintel}, url = {https://0xthreatintel.medium.com/how-to-unpack-smanager-apt-tool-cb5909819214}, language = {English}, urldate = {2021-02-20} } How to unpack SManager APT tool?
SManager
2021-02-15Medium s2wlabSojun Ryu
@online{ryu:20210215:operation:b0712b0, author = {Sojun Ryu}, title = {{Operation SyncTrek}}, date = {2021-02-15}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/operation-synctrek-e5013df8d167}, language = {English}, urldate = {2021-02-20} } Operation SyncTrek
AbaddonPOS Azorult Clop DoppelPaymer PwndLocker
2021-02-09Medium (@alex.birsan)Alex Birsan
@online{birsan:20210209:dependency:44eaf05, author = {Alex Birsan}, title = {{Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies}}, date = {2021-02-09}, organization = {Medium (@alex.birsan)}, url = {https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610}, language = {English}, urldate = {2021-02-10} } Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
2021-02-08Medium kurtikleitonkleiton0x7e
@online{kleiton0x7e:20210208:evade:2136d7f, author = {kleiton0x7e}, title = {{Evade EDR with Shellcode Injection and gain persistence using Registry Run Keys}}, date = {2021-02-08}, organization = {Medium kurtikleiton}, url = {https://kurtikleiton.medium.com/evade-avs-edr-with-shellcode-injection-159dde4dba1a}, language = {English}, urldate = {2021-02-09} } Evade EDR with Shellcode Injection and gain persistence using Registry Run Keys
2021-02-08Medium Sebdravensebdraven
@online{sebdraven:20210208:babuk:138756c, author = {sebdraven}, title = {{Babuk is distributed packed}}, date = {2021-02-08}, organization = {Medium Sebdraven}, url = {https://sebdraven.medium.com/babuk-is-distributed-packed-78e2f5dd2e62}, language = {English}, urldate = {2021-02-09} } Babuk is distributed packed
Babuk
2021-02-06Medium mariohenkelMario Henkel
@online{henkel:20210206:decrypting:1013bd8, author = {Mario Henkel}, title = {{Decrypting AzoRult traffic for fun and profit}}, date = {2021-02-06}, organization = {Medium mariohenkel}, url = {https://mariohenkel.medium.com/decrypting-azorult-traffic-for-fun-and-profit-9f28d8638b05}, language = {English}, urldate = {2021-02-06} } Decrypting AzoRult traffic for fun and profit
Azorult
2021-02-03Medium s2wlabHyunmin Suh, Minjei Cho
@online{suh:20210203:w1:45a76f4, author = {Hyunmin Suh and Minjei Cho}, title = {{W1 Feb| EN | Story of the week: Stealers on the Darkweb}}, date = {2021-02-03}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/w1-feb-en-story-of-the-week-stealers-on-the-darkweb-49945a31601d}, language = {English}, urldate = {2021-02-04} } W1 Feb| EN | Story of the week: Stealers on the Darkweb
Azorult Raccoon vidar
2021-02-03Medium ConfiantJerome Dangu
@online{dangu:20210203:malvertising:eb3d8cb, author = {Jerome Dangu}, title = {{Malvertising: Made in China}}, date = {2021-02-03}, organization = {Medium Confiant}, url = {https://blog.confiant.com/malvertising-made-in-china-f5081521b3f0}, language = {English}, urldate = {2021-02-04} } Malvertising: Made in China
Holcus Installer (Adware)