Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-01-18SANS ISCBrad Duncan
@online{duncan:20230118:malicious:df039e8, author = {Brad Duncan}, title = {{Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware}}, date = {2023-01-18}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/29448}, language = {English}, urldate = {2023-01-19} } Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware
Aurora Stealer
2023-01-03Malware Traffic AnalysisBrad Duncan
@online{duncan:20230103:20230103:d0e003c, author = {Brad Duncan}, title = {{2023-01-03 (TUESDAY) - GOOGLE AD --> FAKE NOTPAD++ PAGE --> RHADAMANTHYS STEALER}}, date = {2023-01-03}, organization = {Malware Traffic Analysis}, url = {https://www.malware-traffic-analysis.net/2023/01/03/index.html}, language = {English}, urldate = {2023-02-06} } 2023-01-03 (TUESDAY) - GOOGLE AD --> FAKE NOTPAD++ PAGE --> RHADAMANTHYS STEALER
Rhadamanthys
2022-12-15ISCBrad Duncan
@online{duncan:20221215:google:179f840, author = {Brad Duncan}, title = {{Google ads lead to fake software pages pushing IcedID (Bokbot)}}, date = {2022-12-15}, organization = {ISC}, url = {https://isc.sans.edu/diary/Google+ads+lead+to+fake+software+pages+pushing+IcedID+Bokbot/29344}, language = {English}, urldate = {2022-12-19} } Google ads lead to fake software pages pushing IcedID (Bokbot)
IcedID
2022-08-19SANS ISCBrad Duncan
@online{duncan:20220819:brazil:ba12b0c, author = {Brad Duncan}, title = {{Brazil malspam pushes Astaroth (Guildma) malware}}, date = {2022-08-19}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/Brazil+malspam+pushes+Astaroth+%28Guildma%29+malware/28962}, language = {English}, urldate = {2022-08-28} } Brazil malspam pushes Astaroth (Guildma) malware
Astaroth
2022-08-12SANS ISCBrad Duncan
@online{duncan:20220812:monster:cbf3101, author = {Brad Duncan}, title = {{Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike}}, date = {2022-08-12}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/28934}, language = {English}, urldate = {2022-08-15} } Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike
Cobalt Strike DarkVNC IcedID
2022-08-03Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20220803:flight:a8efd82, author = {Brad Duncan}, title = {{Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware}}, date = {2022-08-03}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/bumblebee-malware-projector-libra/}, language = {English}, urldate = {2022-08-08} } Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware
BazarBackdoor BumbleBee Cobalt Strike Conti
2022-07-27SANS ISCBrad Duncan
@online{duncan:20220727:icedid:839e33a, author = {Brad Duncan}, title = {{IcedID (Bokbot) with Dark VNC and Cobalt Strike}}, date = {2022-07-27}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/IcedID+%28Bokbot%29+with+Dark+VNC+and+Cobalt+Strike/28884}, language = {English}, urldate = {2022-07-28} } IcedID (Bokbot) with Dark VNC and Cobalt Strike
DarkVNC IcedID
2022-07-07SANS ISCBrad Duncan
@online{duncan:20220707:emotet:3732ca7, author = {Brad Duncan}, title = {{Emotet infection with Cobalt Strike}}, date = {2022-07-07}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Emotet%20infection%20with%20Cobalt%20Strike/28824/}, language = {English}, urldate = {2022-07-12} } Emotet infection with Cobalt Strike
Cobalt Strike Emotet
2022-06-17SANS ISCBrad Duncan
@online{duncan:20220617:malspam:25c76a4, author = {Brad Duncan}, title = {{Malspam pushes Matanbuchus malware, leads to Cobalt Strike}}, date = {2022-06-17}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/28752}, language = {English}, urldate = {2022-06-22} } Malspam pushes Matanbuchus malware, leads to Cobalt Strike
Cobalt Strike Matanbuchus
2022-06-09InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220609:ta570:a51c1eb, author = {Brad Duncan}, title = {{TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)}}, date = {2022-06-09}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28728}, language = {English}, urldate = {2022-06-09} } TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
QakBot
2022-05-19InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220519:bumblebee:20c59e6, author = {Brad Duncan}, title = {{Bumblebee Malware from TransferXL URLs}}, date = {2022-05-19}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28664}, language = {English}, urldate = {2022-05-25} } Bumblebee Malware from TransferXL URLs
BumbleBee Cobalt Strike
2022-05-17Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20220517:emotet:5f61714, author = {Brad Duncan}, title = {{Emotet Summary: November 2021 Through January 2022}}, date = {2022-05-17}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/emotet-malware-summary-epoch-4-5/}, language = {English}, urldate = {2022-05-29} } Emotet Summary: November 2021 Through January 2022
Emotet
2022-05-11InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220511:ta578:0a0a686, author = {Brad Duncan}, title = {{TA578 using thread-hijacked emails to push ISO files for Bumblebee malware}}, date = {2022-05-11}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/28636}, language = {English}, urldate = {2022-05-11} } TA578 using thread-hijacked emails to push ISO files for Bumblebee malware
BumbleBee Cobalt Strike IcedID PhotoLoader
2022-05-11SANS ISCBrad Duncan
@online{duncan:20220511:ta578:2128ae0, author = {Brad Duncan}, title = {{TA578 using thread-hijacked emails to push ISO files for Bumblebee malware}}, date = {2022-05-11}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/28636}, language = {English}, urldate = {2022-05-17} } TA578 using thread-hijacked emails to push ISO files for Bumblebee malware
BumbleBee
2022-04-20SANS ISCBrad Duncan
@online{duncan:20220420:aa:eb304fb, author = {Brad Duncan}, title = {{'aa' distribution Qakbot (Qbot) infection with DarkVNC traffic}}, date = {2022-04-20}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/28568}, language = {English}, urldate = {2022-04-25} } 'aa' distribution Qakbot (Qbot) infection with DarkVNC traffic
QakBot
2022-04-06SANS ISCBrad Duncan
@online{duncan:20220406:windows:2685e57, author = {Brad Duncan}, title = {{Windows MetaStealer Malware}}, date = {2022-04-06}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/28522}, language = {English}, urldate = {2022-06-27} } Windows MetaStealer Malware
2022-04-06InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220406:windows:3802dbd, author = {Brad Duncan}, title = {{Windows MetaStealer Malware}}, date = {2022-04-06}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/Windows+MetaStealer+Malware/28522/}, language = {English}, urldate = {2022-05-05} } Windows MetaStealer Malware
MetaStealer
2022-03-23InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220323:arkei:b2a08f5, author = {Brad Duncan}, title = {{Arkei Variants: From Vidar to Mars Stealer}}, date = {2022-03-23}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28468}, language = {English}, urldate = {2022-03-25} } Arkei Variants: From Vidar to Mars Stealer
Arkei Stealer Mars Stealer Vidar
2022-03-16SANS ISCBrad Duncan
@online{duncan:20220316:qakbot:7fe703f, author = {Brad Duncan}, title = {{Qakbot infection with Cobalt Strike and VNC activity}}, date = {2022-03-16}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike+and+VNC+activity/28448/}, language = {English}, urldate = {2022-03-17} } Qakbot infection with Cobalt Strike and VNC activity
Cobalt Strike QakBot
2022-03-16InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220316:qakbot:ff11e1e, author = {Brad Duncan}, title = {{Qakbot infection with Cobalt Strike and VNC activity}}, date = {2022-03-16}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28448}, language = {English}, urldate = {2022-03-17} } Qakbot infection with Cobalt Strike and VNC activity
Cobalt Strike QakBot