Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-04-21SophosColin Cowie, Paul Jaramillo
IcedID: Defrosting a Recent Campaign Illustrating evolving tactics and shared infrastructure
IcedID PhotoLoader
2022-07-20SophosColin Cowie, Gabor Szappanos
OODA: X-Ops Takes On Burgeoning SQL Server Attacks
Maoloa Remcos TargetCompany
2022-05-23DCSOColin Murphy, Johann Aydinbas
A deal with the devil: Analysis of a recent Matanbuchus sample
Matanbuchus
2022-04-25th3protocol blogColin Cowie
Choziosi Loader: Multi-platform campaign delivering browser extension malware
Choziosi
2022-02-23SophosAbhijit Gupta, Anand Ajjan, Andrew Brandt, Colin Cowie, Felix Weyne, Rahil Shah, Steven Lott, Syed Zaidi, Vikas Singh, Xiaochuan Zhang
Dridex bots deliver Entropy ransomware in recent attacks
Entropy
2022-01-19SophosColin Cowie, Mat Gangwer, Sophos MTR Team, Stan Andic
Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike
Cobalt Strike Zloader
2021-09-02Twitter (@th3_protoCOL)Colin, GaborSzappanos
Tweet on Confluence Server exploitation (CVE-2021-26084) in the wild and cobaltsrike activity (mentioned in replies by GaborSzappanos)
Cobalt Strike
2020-12-31Youtube (Colin Hardy)Colin Hardy
SUPERNOVA - Everything you need to know to Reverse Engineer an APT WebShell
SUPERNOVA
2020-12-22Youtube (Colin Hardy)Colin Hardy
SUNBURST SolarWinds RECON - Malware Reverse Engineering, OSINT and Identifying Victims
SUNBURST
2020-12-17Youtube (Colin Hardy)Colin Hardy
SUNBURST SolarWinds Malware - Tools, Tactics and Methods to get you started with Reverse Engineering
SUNBURST
2020-12-16Twitter @cybercdh)Colin Hardy
Tweet on 3 key actions SUNBURST performs as soon as it's invoked
SUNBURST
2020-12-15Twitter @cybercdh)Colin Hardy
Tweet on some more capabilties of SUNBURST backdoor
SUNBURST
2020-12-15Twitter @cybercdh)Colin Hardy
Tweet on CyberChef recipe to extract and decode strings from #SolarWinds malware binaries.
SUNBURST
2020-09-30Team CymruJacomo Piccolini, James Shank
Pandamic: Emissary Pandas in the Middle East
HyperBro HyperSSL
2019-04-30Cisco TalosColin Grady, Jaeson Schultz, Matt Valites, Pierre Cadieux
Sodinokibi ransomware exploits WebLogic Server vulnerability
REvil
2017-10-11Cisco Talos@Simpo13, Colin Grady, Dave Maynor, Edmund Brumaghin
Spoofed SEC Emails Distribute Evolved DNSMessenger
DNSMessenger
2017-04-27ColinGuruColin Hardy
Advanced Banload Analysis
Banload
2017-03-02CiscoColin Grady, Edmund Brumaghin
Covert Channels and Poor Decisions: The Tale of DNSMessenger
DNSMessenger