Click here to download all references as Bib-File.
2023-10-03 ⋅ Malware Traffic Analysis ⋅ 2023-10-03 (Tuesday) - PikaBot infection with Cobalt Strike Cobalt Strike Pikabot |
2023-06-05 ⋅ Malware Traffic Analysis ⋅ 30 DAYS OF FORMBOOK: DAY 1, MONDAY 2023-06-05 Formbook |
2023-05-30 ⋅ Palo Alto Networks Unit 42 ⋅ Cold as Ice: Answers to Unit 42 Wireshark Quiz for IcedID IcedID PhotoLoader |
2023-04-12 ⋅ InfoSec Handlers Diary Blog ⋅ Recent IcedID (Bokbot) activity IcedID PhotoLoader |
2023-04-12 ⋅ SANS ISC ⋅ Recent IcedID (Bokbot) activity IcedID |
2023-01-18 ⋅ SANS ISC ⋅ Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware Aurora Stealer |
2023-01-03 ⋅ Malware Traffic Analysis ⋅ 2023-01-03 (TUESDAY) - GOOGLE AD --> FAKE NOTPAD++ PAGE --> RHADAMANTHYS STEALER Rhadamanthys |
2022-12-15 ⋅ ISC ⋅ Google ads lead to fake software pages pushing IcedID (Bokbot) IcedID |
2022-08-19 ⋅ SANS ISC ⋅ Brazil malspam pushes Astaroth (Guildma) malware Astaroth |
2022-08-12 ⋅ SANS ISC ⋅ Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike Cobalt Strike DarkVNC IcedID |
2022-08-03 ⋅ Palo Alto Networks Unit 42 ⋅ Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware BazarBackdoor BumbleBee Cobalt Strike Conti |
2022-07-27 ⋅ SANS ISC ⋅ IcedID (Bokbot) with Dark VNC and Cobalt Strike DarkVNC IcedID |
2022-07-07 ⋅ SANS ISC ⋅ Emotet infection with Cobalt Strike Cobalt Strike Emotet |
2022-06-17 ⋅ SANS ISC ⋅ Malspam pushes Matanbuchus malware, leads to Cobalt Strike Cobalt Strike Matanbuchus |
2022-06-09 ⋅ InfoSec Handlers Diary Blog ⋅ TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt) QakBot |
2022-05-19 ⋅ InfoSec Handlers Diary Blog ⋅ Bumblebee Malware from TransferXL URLs BumbleBee Cobalt Strike |
2022-05-19 ⋅ InfoSec Handlers Diary Blog ⋅ Bumblebee Malware from TransferXL URLs BumbleBee Cobalt Strike |
2022-05-17 ⋅ Palo Alto Networks Unit 42 ⋅ Emotet Summary: November 2021 Through January 2022 Emotet |
2022-05-11 ⋅ InfoSec Handlers Diary Blog ⋅ TA578 using thread-hijacked emails to push ISO files for Bumblebee malware BumbleBee Cobalt Strike IcedID PhotoLoader |
2022-05-11 ⋅ SANS ISC ⋅ TA578 using thread-hijacked emails to push ISO files for Bumblebee malware BumbleBee |