Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-04-19SophosAndreas Klopsch
@online{klopsch:20230419:aukill:cebf5d8, author = {Andreas Klopsch}, title = {{‘AuKill’ EDR killer malware abuses Process Explorer driver}}, date = {2023-04-19}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/}, language = {English}, urldate = {2023-04-22} } ‘AuKill’ EDR killer malware abuses Process Explorer driver
AuKill
2022-12-13SophosAndreas Klopsch, Andrew Brandt
@online{klopsch:20221213:signed:9d26a63, author = {Andreas Klopsch and Andrew Brandt}, title = {{Signed driver malware moves up the software trust chain}}, date = {2022-12-13}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/12/13/signed-driver-malware-moves-up-the-software-trust-chain/}, language = {English}, urldate = {2023-09-13} } Signed driver malware moves up the software trust chain
KillAV
2022-10-04SophosAndreas Klopsch
@online{klopsch:20221004:remove:a8a9121, author = {Andreas Klopsch}, title = {{Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse}}, date = {2022-10-04}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/10/04/blackbyte-ransomware-returns/}, language = {English}, urldate = {2022-10-24} } Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse
BlackByte
2022-05-04SophosAndreas Klopsch
@online{klopsch:20220504:attacking:750e07f, author = {Andreas Klopsch}, title = {{Attacking Emotet’s Control Flow Flattening}}, date = {2022-05-04}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/05/04/attacking-emotets-control-flow-flattening/}, language = {English}, urldate = {2022-05-05} } Attacking Emotet’s Control Flow Flattening
Emotet
2021-08-22Malware and StuffAndreas Klopsch
@online{klopsch:20210822:peb:c8b9cea, author = {Andreas Klopsch}, title = {{PEB: Where Magic Is Stored}}, date = {2021-08-22}, organization = {Malware and Stuff}, url = {https://malwareandstuff.com/peb-where-magic-is-stored/}, language = {English}, urldate = {2021-09-19} } PEB: Where Magic Is Stored
Dacls
2021-01-24malwareandstuff blogAndreas Klopsch
@online{klopsch:20210124:catching:3a3897f, author = {Andreas Klopsch}, title = {{Catching Debuggers with Section Hashing}}, date = {2021-01-24}, organization = {malwareandstuff blog}, url = {https://malwareandstuff.com/catching-debuggers-with-section-hashing/}, language = {English}, urldate = {2021-02-06} } Catching Debuggers with Section Hashing
2020-07-12Malware and StuffAndreas Klopsch
@online{klopsch:20200712:deobfuscating:a374688, author = {Andreas Klopsch}, title = {{Deobfuscating DanaBot’s API Hashing}}, date = {2020-07-12}, organization = {Malware and Stuff}, url = {https://malwareandstuff.com/deobfuscating-danabots-api-hashing/}, language = {English}, urldate = {2020-07-15} } Deobfuscating DanaBot’s API Hashing
DanaBot
2020-06-21Malware and StuffAndreas Klopsch
@online{klopsch:20200621:upnp:f54abe6, author = {Andreas Klopsch}, title = {{UpnP – Messing up Security since years}}, date = {2020-06-21}, organization = {Malware and Stuff}, url = {https://malwareandstuff.com/upnp-messing-up-security-since-years/}, language = {English}, urldate = {2020-06-22} } UpnP – Messing up Security since years
QakBot
2020-06-10GdataAndreas Klopsch
@online{klopsch:20200610:harmful:c46175f, author = {Andreas Klopsch}, title = {{Harmful Logging - Diving into MassLogger}}, date = {2020-06-10}, organization = {Gdata}, url = {https://www.gdatasoftware.com/blog/2020/06/36129-harmful-logging-diving-into-masslogger}, language = {English}, urldate = {2020-06-10} } Harmful Logging - Diving into MassLogger
MASS Logger
2020-05-24Malware and StuffAndreas Klopsch
@online{klopsch:20200524:examining:842b499, author = {Andreas Klopsch}, title = {{Examining Smokeloader’s Anti Hooking technique}}, date = {2020-05-24}, organization = {Malware and Stuff}, url = {https://malwareandstuff.com/examining-smokeloaders-anti-hooking-technique/}, language = {English}, urldate = {2020-05-25} } Examining Smokeloader’s Anti Hooking technique
SmokeLoader
2020-05-05Malware and StuffAndreas Klopsch
@online{klopsch:20200505:old:84beb5b, author = {Andreas Klopsch}, title = {{An old enemy – Diving into QBot part 3}}, date = {2020-05-05}, organization = {Malware and Stuff}, url = {https://malwareandstuff.com/an-old-enemy-diving-into-qbot-part-3/}, language = {English}, urldate = {2020-05-05} } An old enemy – Diving into QBot part 3
QakBot
2020-03-30Malware and StuffAndreas Klopsch
@online{klopsch:20200330:old:ed1f6ef, author = {Andreas Klopsch}, title = {{An old enemy – Diving into QBot part 1}}, date = {2020-03-30}, organization = {Malware and Stuff}, url = {https://malwareandstuff.com/an-old-enemy-diving-into-qbot-part-1/}, language = {English}, urldate = {2020-04-01} } An old enemy – Diving into QBot part 1
QakBot
2020-03-22Malware and StuffAndreas Klopsch
@online{klopsch:20200322:mustang:56f3768, author = {Andreas Klopsch}, title = {{Mustang Panda joins the COVID-19 bandwagon}}, date = {2020-03-22}, organization = {Malware and Stuff}, url = {https://malwareandstuff.com/mustang-panda-joins-the-covid19-bandwagon/}, language = {English}, urldate = {2020-03-27} } Mustang Panda joins the COVID-19 bandwagon
Cobalt Strike