Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-28BitSightAndré Tavares
@online{tavares:20230328:tofsee:60925da, author = {André Tavares}, title = {{Tofsee Botnet: Proxying and Mining}}, date = {2023-03-28}, organization = {BitSight}, url = {https://www.bitsight.com/blog/tofsee-botnet-proxying-and-mining}, language = {English}, urldate = {2023-03-29} } Tofsee Botnet: Proxying and Mining
Tofsee
2022-11-30BitSightAndré Tavares
@online{tavares:20221130:unpacking:a15d3e0, author = {André Tavares}, title = {{Unpacking Colibri Loader: A Russian APT linked Campaign}}, date = {2022-11-30}, organization = {BitSight}, url = {https://www.bitsight.com/blog/unpacking-colibri-loader-russian-apt-linked-campaign}, language = {English}, urldate = {2022-12-02} } Unpacking Colibri Loader: A Russian APT linked Campaign
Colibri Loader PrivateLoader
2022-11-03paloalto Netoworks: Unit42Durgesh Sangvikar, Chris Navarrete, Matthew Tennis, Yanhui Jia, Yu Fu, Siddhart Shibiraj
@online{sangvikar:20221103:cobalt:9a81f6f, author = {Durgesh Sangvikar and Chris Navarrete and Matthew Tennis and Yanhui Jia and Yu Fu and Siddhart Shibiraj}, title = {{Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild}}, date = {2022-11-03}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-team-server/}, language = {English}, urldate = {2022-11-03} } Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild
Cobalt Strike
2022-09-14Seguranca InformaticaPedro Tavares
@online{tavares:20220914:ursa:add3756, author = {Pedro Tavares}, title = {{URSA trojan is back with a new dance}}, date = {2022-09-14}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/ursa-trojan-is-back-with-a-new-dance/#.YyXEkaRBzIU}, language = {English}, urldate = {2022-09-19} } URSA trojan is back with a new dance
Mispadu
2022-08-31BitSightAndré Tavares
@online{tavares:20220831:tracking:5b4130e, author = {André Tavares}, title = {{Tracking PrivateLoader: Malware Distribution Service}}, date = {2022-08-31}, organization = {BitSight}, url = {https://www.bitsight.com/blog/tracking-privateloader-malware-distribution-service}, language = {English}, urldate = {2022-08-31} } Tracking PrivateLoader: Malware Distribution Service
PrivateLoader RedLine Stealer SmokeLoader
2022-07-13Palo Alto Networks Unit 42Chris Navarrete, Durgesh Sangvikar, Yu Fu, Yanhui Jia, Siddhart Shibiraj
@online{navarrete:20220713:cobalt:dd907c3, author = {Chris Navarrete and Durgesh Sangvikar and Yu Fu and Yanhui Jia and Siddhart Shibiraj}, title = {{Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption}}, date = {2022-07-13}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-metadata-encryption-decryption/}, language = {English}, urldate = {2022-07-15} } Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption
Cobalt Strike
2022-07-10Seguranca InformaticaPedro Tavares
@online{tavares:20220710:anubis:81fabd3, author = {Pedro Tavares}, title = {{Anubis Network is back with new C2 server}}, date = {2022-07-10}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/anubis-networks-is-back-with-new-c2-server/#.YyXHmaRBzIU}, language = {English}, urldate = {2022-09-19} } Anubis Network is back with new C2 server
2022-06-08SymantecKarthikeyan C Kasiviswanathan, Yuvaraj Megavarnadu
@online{kasiviswanathan:20220608:attackers:6a247ab, author = {Karthikeyan C Kasiviswanathan and Yuvaraj Megavarnadu}, title = {{Attackers Exploit MSDT Follina Bug to Drop RAT, Infostealer}}, date = {2022-06-08}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/follina-msdt-exploit-malware}, language = {English}, urldate = {2022-07-20} } Attackers Exploit MSDT Follina Bug to Drop RAT, Infostealer
AsyncRAT
2022-06-06André Tavares
@online{tavares:20220606:hunting:9e20d11, author = {André Tavares}, title = {{Hunting PrivateLoader: Pay-Per-Install Service}}, date = {2022-06-06}, url = {https://tavares.re/blog/2022/06/06/hunting-privateloader-pay-per-install-service/}, language = {English}, urldate = {2022-06-09} } Hunting PrivateLoader: Pay-Per-Install Service
PrivateLoader
2022-05-06Palo Alto Networks Unit 42Chris Navarrete, Durgesh Sangvikar, Yu Fu, Yanhui Jia, Siddhart Shibiraj
@online{navarrete:20220506:cobalt:8248108, author = {Chris Navarrete and Durgesh Sangvikar and Yu Fu and Yanhui Jia and Siddhart Shibiraj}, title = {{Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding}}, date = {2022-05-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-metadata-encoding-decoding/}, language = {English}, urldate = {2022-05-09} } Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding
Cobalt Strike
2022-04-20InfoSec InstitutePedro Tavares
@online{tavares:20220420:mars:6bb8872, author = {Pedro Tavares}, title = {{Mars Stealer malware analysis}}, date = {2022-04-20}, organization = {InfoSec Institute}, url = {https://resources.infosecinstitute.com/topic/mars-stealer-malware-analysis/}, language = {English}, urldate = {2022-07-25} } Mars Stealer malware analysis
Mars Stealer
2022-04-11Seguranca InformaticaPedro Tavares
@online{tavares:20220411:analysis:cec6eb4, author = {Pedro Tavares}, title = {{Analysis of the SunnyDay ransomware}}, date = {2022-04-11}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/analysis-of-the-sunnyday-ransomware/}, language = {English}, urldate = {2023-01-05} } Analysis of the SunnyDay ransomware
Curator
2022-03-17Seguranca InformaticaPedro Tavares
@online{tavares:20220317:rook:cae4010, author = {Pedro Tavares}, title = {{Rook ransomware analysis}}, date = {2022-03-17}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/rook-ransomware-analysis/}, language = {English}, urldate = {2022-03-22} } Rook ransomware analysis
Rook
2022-03-16paloalto Netoworks: Unit42Chris Navarrete, Durgesh Sangvikar, Andrew Guan, Yu Fu, Yanhui Jia, Siddhart Shibiraj
@online{navarrete:20220316:cobalt:015f5df, author = {Chris Navarrete and Durgesh Sangvikar and Andrew Guan and Yu Fu and Yanhui Jia and Siddhart Shibiraj}, title = {{Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect}}, date = {2022-03-16}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-malleable-c2-profile/}, language = {English}, urldate = {2022-03-18} } Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect
Cobalt Strike
2022-02-26Seguranca InformaticaPedro Tavares
@online{tavares:20220226:hidden:544b0bd, author = {Pedro Tavares}, title = {{The hidden C2: Lampion trojan release 212 is on the rise and using a C2 server for two years}}, date = {2022-02-26}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/the-hidden-c2-lampion-trojan-release-212-is-on-the-rise-and-using-a-c2-server-for-two-years}, language = {English}, urldate = {2022-03-04} } The hidden C2: Lampion trojan release 212 is on the rise and using a C2 server for two years
lampion
2022-02-04BitSightAndré Tavares
@online{tavares:20220204:flubot:532b2fc, author = {André Tavares}, title = {{FluBot Malware Persists: Most Prevalent In Germany and Spain}}, date = {2022-02-04}, organization = {BitSight}, url = {https://www.bitsight.com/blog/flubot-malware-persists-most-prevalent-germany-and-spain}, language = {English}, urldate = {2022-02-09} } FluBot Malware Persists: Most Prevalent In Germany and Spain
FluBot
2022-01-31Seguranca InformaticaPedro Tavares
@online{tavares:20220131:taking:b02adaa, author = {Pedro Tavares}, title = {{Taking the bait: The modus operandi of massive social engineering waves impacting banks in Portugal}}, date = {2022-01-31}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/taking-the-bait-the-modus-operandi-of-massive-social-engineering-waves-impacting-banks-in-portugal}, language = {English}, urldate = {2022-02-02} } Taking the bait: The modus operandi of massive social engineering waves impacting banks in Portugal
2022-01-25Seguranca InformaticaPedro Tavares
@online{tavares:20220125:wastedlocker:f0b5b69, author = {Pedro Tavares}, title = {{WastedLocker malware analysis}}, date = {2022-01-25}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/wastedlocker-malware-analysis/#.YfAaIRUITTY.twitter}, language = {English}, urldate = {2022-02-14} } WastedLocker malware analysis
WastedLocker
2021-10-05Seguranca InformaticaPedro Tavares
@online{tavares:20211005:malware:b92d5a9, author = {Pedro Tavares}, title = {{Malware analysis: Details on LockBit ransomware}}, date = {2021-10-05}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/malware-analysis-details-on-lockbit-ransomware/}, language = {English}, urldate = {2021-10-11} } Malware analysis: Details on LockBit ransomware
LockBit
2021-09-10Seguranca InformaticaPedro Tavares
@online{tavares:20210910:new:2ebd6f3, author = {Pedro Tavares}, title = {{The new maxtrilha trojan is being disseminated and targeting several banks}}, date = {2021-09-10}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/the-new-maxtrilha-trojan-is-being-disseminated-and-targeting-several-banks/#.YT3_VfwzaKN}, language = {English}, urldate = {2021-09-14} } The new maxtrilha trojan is being disseminated and targeting several banks
Maxtrilha