Click here to download all references as Bib-File.
2023-04-21 ⋅ Sophos ⋅ IcedID: Defrosting a Recent Campaign Illustrating evolving tactics and shared infrastructure IcedID PhotoLoader |
2022-07-20 ⋅ Sophos ⋅ OODA: X-Ops Takes On Burgeoning SQL Server Attacks Maoloa Remcos TargetCompany |
2022-05-23 ⋅ DCSO ⋅ A deal with the devil: Analysis of a recent Matanbuchus sample Matanbuchus |
2022-04-25 ⋅ th3protocol blog ⋅ Choziosi Loader: Multi-platform campaign delivering browser extension malware Choziosi |
2022-02-23 ⋅ Sophos ⋅ Dridex bots deliver Entropy ransomware in recent attacks Entropy |
2022-01-19 ⋅ Sophos ⋅ Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike Cobalt Strike Zloader |
2021-09-02 ⋅ Twitter (@th3_protoCOL) ⋅ Tweet on Confluence Server exploitation (CVE-2021-26084) in the wild and cobaltsrike activity (mentioned in replies by GaborSzappanos) Cobalt Strike |
2020-12-31 ⋅ Youtube (Colin Hardy) ⋅ SUPERNOVA - Everything you need to know to Reverse Engineer an APT WebShell SUPERNOVA |
2020-12-22 ⋅ Youtube (Colin Hardy) ⋅ SUNBURST SolarWinds RECON - Malware Reverse Engineering, OSINT and Identifying Victims SUNBURST |
2020-12-17 ⋅ Youtube (Colin Hardy) ⋅ SUNBURST SolarWinds Malware - Tools, Tactics and Methods to get you started with Reverse Engineering SUNBURST |
2020-12-16 ⋅ Twitter @cybercdh) ⋅ Tweet on 3 key actions SUNBURST performs as soon as it's invoked SUNBURST |
2020-12-15 ⋅ Twitter @cybercdh) ⋅ Tweet on CyberChef recipe to extract and decode strings from #SolarWinds malware binaries. SUNBURST |
2020-12-15 ⋅ Twitter @cybercdh) ⋅ Tweet on some more capabilties of SUNBURST backdoor SUNBURST |
2020-09-30 ⋅ Team Cymru ⋅ Pandamic: Emissary Pandas in the Middle East HyperBro HyperSSL |
2019-04-30 ⋅ Cisco Talos ⋅ Sodinokibi ransomware exploits WebLogic Server vulnerability REvil |
2017-10-11 ⋅ Cisco Talos ⋅ Spoofed SEC Emails Distribute Evolved DNSMessenger DNSMessenger |
2017-04-27 ⋅ ColinGuru ⋅ Advanced Banload Analysis Banload |
2017-03-02 ⋅ Cisco ⋅ Covert Channels and Poor Decisions: The Tale of DNSMessenger DNSMessenger |