Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-06-29DeepInstinctSimon Kenin, Deep Instinct Threat Lab
@online{kenin:20230629:phonyc2:fd380e4, author = {Simon Kenin and Deep Instinct Threat Lab}, title = {{PhonyC2: Revealing a New Malicious Command & Control Framework by MuddyWater}}, date = {2023-06-29}, organization = {DeepInstinct}, url = {https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater}, language = {English}, urldate = {2023-07-02} } PhonyC2: Revealing a New Malicious Command & Control Framework by MuddyWater
PhonyC2 POWERSTATS
2023-06-22DeepInstinctShaul Vilkomir-Preisman, Mark Vaitzman, Deep Instinct Threat Lab
@online{vilkomirpreisman:20230622:pindos:8a86833, author = {Shaul Vilkomir-Preisman and Mark Vaitzman and Deep Instinct Threat Lab}, title = {{PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID}}, date = {2023-06-22}, organization = {DeepInstinct}, url = {https://www.deepinstinct.com/blog/pindos-new-javascript-dropper-delivering-bumblebee-and-icedid}, language = {English}, urldate = {2023-08-10} } PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID
PindOS BumbleBee PhotoLoader
2023-03-09DeepInstinctSimon Kenin
@online{kenin:20230309:ducktail:1f4fcc3, author = {Simon Kenin}, title = {{DUCKTAIL: Threat Operation Re-emerges with New LNK, PowerShell, and Other Custom Tactics to Avoid Detection}}, date = {2023-03-09}, organization = {DeepInstinct}, url = {https://www.deepinstinct.com/blog/ducktail-threat-operation-re-emerges-with-new-lnk-powershell-and-other-custom-tactics-to-avoid-detection}, language = {English}, urldate = {2023-03-24} } DUCKTAIL: Threat Operation Re-emerges with New LNK, PowerShell, and Other Custom Tactics to Avoid Detection
DUCKTAIL
2022-12-08DeepInstinctSimon Kenin, Deep Instinct Threat Lab
@online{kenin:20221208:new:d8e2d7f, author = {Simon Kenin and Deep Instinct Threat Lab}, title = {{New MuddyWater Threat: Old Kitten; New Tricks}}, date = {2022-12-08}, organization = {DeepInstinct}, url = {https://www.deepinstinct.com/blog/new-muddywater-threat-old-kitten-new-tricks}, language = {English}, urldate = {2022-12-10} } New MuddyWater Threat: Old Kitten; New Tricks
2022-10-11DeepInstinctDeep Instinct Threat Lab
@online{lab:20221011:russian:8fb06ac, author = {Deep Instinct Threat Lab}, title = {{The Russian SpyAgent – a Decade Later and RAT Tools Remain at Risk}}, date = {2022-10-11}, organization = {DeepInstinct}, url = {https://www.deepinstinct.com/blog/the-russian-spyagent-a-decade-later-and-rat-tools-remain-at-risk}, language = {English}, urldate = {2022-10-14} } The Russian SpyAgent – a Decade Later and RAT Tools Remain at Risk
TeamSpy
2022-03-21DeepInstinctSimon Kenin, Asaf Gilboa
@online{kenin:20220321:what:8802a1d, author = {Simon Kenin and Asaf Gilboa}, title = {{What is Arid Gopher? An Analysis of a New, Never-Before-Seen Malware Variant}}, date = {2022-03-21}, organization = {DeepInstinct}, url = {https://www.deepinstinct.com/blog/arid-gopher-the-newest-micropsia-malware-variant}, language = {English}, urldate = {2022-03-25} } What is Arid Gopher? An Analysis of a New, Never-Before-Seen Malware Variant
Arid Gopher AridHelper
2022-03-01DeepInstinctIdo Kringel
@online{kringel:20220301:what:0acaa94, author = {Ido Kringel}, title = {{What is HermeticWiper – An Analysis of the Malware and Larger Threat Landscape in the Russian Ukrainian War}}, date = {2022-03-01}, organization = {DeepInstinct}, url = {https://www.deepinstinct.com/blog/hermeticwiper-malware-the-russian-ukrainian-cyber-war}, language = {English}, urldate = {2022-03-07} } What is HermeticWiper – An Analysis of the Malware and Larger Threat Landscape in the Russian Ukrainian War
HermeticWiper
2021-10-27DeepInstinctAsaf Gilboa
@online{gilboa:20211027:evading:4950377, author = {Asaf Gilboa}, title = {{Evading EDR Detection with Reentrancy Abuse}}, date = {2021-10-27}, organization = {DeepInstinct}, url = {https://www.deepinstinct.com/blog/evading-antivirus-detection-with-inline-hooks}, language = {English}, urldate = {2021-11-19} } Evading EDR Detection with Reentrancy Abuse
2021-06-04DeepInstinctBar Block
@online{block:20210604:ransomware:9b1bb93, author = {Bar Block}, title = {{The Ransomware Conundrum – A Look into DarkSide}}, date = {2021-06-04}, organization = {DeepInstinct}, url = {https://www.deepinstinct.com/2021/06/04/the-ransomware-conundrum-a-look-into-darkside/}, language = {English}, urldate = {2021-06-22} } The Ransomware Conundrum – A Look into DarkSide
DarkSide
2021-05-26DeepInstinctRon Ben Yizhak
@online{yizhak:20210526:deep:c123a19, author = {Ron Ben Yizhak}, title = {{A Deep Dive into Packing Software CryptOne}}, date = {2021-05-26}, organization = {DeepInstinct}, url = {https://www.deepinstinct.com/2021/05/26/deep-dive-packing-software-cryptone/}, language = {English}, urldate = {2021-06-22} } A Deep Dive into Packing Software CryptOne
Cobalt Strike Dridex Emotet Gozi ISFB Mailto QakBot SmokeLoader WastedLocker Zloader
2021-03-18DeepInstinctBen Gross
@online{gross:20210318:cobalt:5392fb0, author = {Ben Gross}, title = {{Cobalt Strike – Post-Exploitation Attackers Toolkit}}, date = {2021-03-18}, organization = {DeepInstinct}, url = {https://www.deepinstinct.com/2021/03/18/cobalt-strike-post-exploitation-attackers-toolkit/}, language = {English}, urldate = {2021-06-22} } Cobalt Strike – Post-Exploitation Attackers Toolkit
Cobalt Strike
2020-10-12DeepInstinctRon Ben Yizhak
@online{yizhak:20201012:why:df976a3, author = {Ron Ben Yizhak}, title = {{Why Emotet’s Latest Wave is Harder to Catch Than Ever Before – Part 2}}, date = {2020-10-12}, organization = {DeepInstinct}, url = {https://www.deepinstinct.com/2020/10/12/why-emotets-latest-wave-is-harder-to-catch-than-ever-before-part-2/}, language = {English}, urldate = {2020-10-15} } Why Emotet’s Latest Wave is Harder to Catch Than Ever Before – Part 2
Emotet
2020-08-12DeepInstinctRon Ben Yizhak
@online{yizhak:20200812:why:b99aef4, author = {Ron Ben Yizhak}, title = {{Why Emotet’s Latest Wave is Harder to Catch than Ever Before}}, date = {2020-08-12}, organization = {DeepInstinct}, url = {https://www.deepinstinct.com/2020/08/12/why-emotets-latest-wave-is-harder-to-catch-than-ever-before/}, language = {English}, urldate = {2020-10-15} } Why Emotet’s Latest Wave is Harder to Catch than Ever Before
Emotet
2019-07-12DeepInstinctShaul Vilkomir-Preisman
@online{vilkomirpreisman:20190712:trickbooster:107fdd5, author = {Shaul Vilkomir-Preisman}, title = {{TrickBooster – TrickBot’s Email-Based Infection Module}}, date = {2019-07-12}, organization = {DeepInstinct}, url = {https://www.deepinstinct.com/2019/07/12/trickbooster-trickbots-email-based-infection-module/}, language = {English}, urldate = {2021-07-08} } TrickBooster – TrickBot’s Email-Based Infection Module
TrickBot
2019-04-02DeepInstinctShaul Vilkomir-Preisman
@online{vilkomirpreisman:20190402:new:4dbdc56, author = {Shaul Vilkomir-Preisman}, title = {{New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload}}, date = {2019-04-02}, organization = {DeepInstinct}, url = {https://www.deepinstinct.com/2019/04/02/new-servhelper-variant-employs-excel-4-0-macro-to-drop-signed-payload/}, language = {English}, urldate = {2019-07-11} } New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload
ServHelper