Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-22CybereasonAleksandar Milenkoski, Eli Salem
@online{milenkoski:20210922:threat:cba08ae, author = {Aleksandar Milenkoski and Eli Salem}, title = {{Threat Analysis Report: PrintNightmare and Magniber Ransomware}}, date = {2021-09-22}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-printnightmare-and-magniber-ransomware}, language = {English}, urldate = {2021-09-28} } Threat Analysis Report: PrintNightmare and Magniber Ransomware
Magniber
2021-09-21Medium elis531989Eli Salem
@online{salem:20210921:squirrel:1254a9d, author = {Eli Salem}, title = {{The Squirrel Strikes Back: Analysis of the newly emerged cobalt-strike loader “SquirrelWaffle”}}, date = {2021-09-21}, organization = {Medium elis531989}, url = {https://elis531989.medium.com/the-squirrel-strikes-back-analysis-of-the-newly-emerged-cobalt-strike-loader-squirrelwaffle-937b73dbd9f9}, language = {English}, urldate = {2021-09-22} } The Squirrel Strikes Back: Analysis of the newly emerged cobalt-strike loader “SquirrelWaffle”
Cobalt Strike Squirrelwaffle
2021-06-21Medium elis531989Eli Salem
@online{salem:20210621:dissecting:295cc4b, author = {Eli Salem}, title = {{Dissecting and automating Hancitor’s config extraction}}, date = {2021-06-21}, organization = {Medium elis531989}, url = {https://elis531989.medium.com/dissecting-and-automating-hancitors-config-extraction-1a6ed85d99b8}, language = {English}, urldate = {2021-06-22} } Dissecting and automating Hancitor’s config extraction
Hancitor
2021-05-29Twitter (@elisalem9)Eli Salem
@online{salem:20210529:obfuscation:f1b68f3, author = {Eli Salem}, title = {{Tweet on obfuscation mechanism and extraction procedure of COBALTSTRIKE beacon module used by NOBELIUM/UNC2452}}, date = {2021-05-29}, organization = {Twitter (@elisalem9)}, url = {https://twitter.com/elisalem9/status/1398566939656601606}, language = {English}, urldate = {2021-08-02} } Tweet on obfuscation mechanism and extraction procedure of COBALTSTRIKE beacon module used by NOBELIUM/UNC2452
Cobalt Strike
2021-05-04Twitter (@elisalem9)Eli Salem
@online{salem:20210504:analysis:e2677f0, author = {Eli Salem}, title = {{Tweet on analysis of N3tw0rm ransomware}}, date = {2021-05-04}, organization = {Twitter (@elisalem9)}, url = {https://twitter.com/elisalem9/status/1389481237228699650?s=20}, language = {English}, urldate = {2021-05-08} } Tweet on analysis of N3tw0rm ransomware
2021-04-19Medium elis531989Eli Salem
@online{salem:20210419:dancing:7fbe743, author = {Eli Salem}, title = {{Dancing With Shellcodes: Cracking the latest version of Guloader}}, date = {2021-04-19}, organization = {Medium elis531989}, url = {https://elis531989.medium.com/dancing-with-shellcodes-cracking-the-latest-version-of-guloader-75083fb15cb4}, language = {English}, urldate = {2021-04-20} } Dancing With Shellcodes: Cracking the latest version of Guloader
CloudEyE
2021-04-12Twitter (@elisalem9)Eli Salem
@online{salem:20210412:tweets:7b7280e, author = {Eli Salem}, title = {{Tweets on QakBot}}, date = {2021-04-12}, organization = {Twitter (@elisalem9)}, url = {https://twitter.com/elisalem9/status/1381859965875462144}, language = {English}, urldate = {2021-04-14} } Tweets on QakBot
QakBot
2021-01-19Medium elis531989Eli Salem
@online{salem:20210119:funtastic:42f9250, author = {Eli Salem}, title = {{Funtastic Packers And Where To Find Them}}, date = {2021-01-19}, organization = {Medium elis531989}, url = {https://elis531989.medium.com/funtastic-packers-and-where-to-find-them-41429a7ef9a7}, language = {English}, urldate = {2021-01-21} } Funtastic Packers And Where To Find Them
Get2 IcedID QakBot
2020-11-17CybereasonEli Salem
@techreport{salem:20201117:chaes:2e3b282, author = {Eli Salem}, title = {{CHAES: Novel Malware Targeting Latin American E-Commerce}}, date = {2020-11-17}, institution = {Cybereason}, url = {https://www.cybereason.com/hubfs/dam/collateral/reports/11-2020-Chaes-e-commerce-malware-research.pdf}, language = {English}, urldate = {2020-11-19} } CHAES: Novel Malware Targeting Latin American E-Commerce
2020-05-28CybereasonEli Salem, Assaf Dahan, Lior Rochberger
@online{salem:20200528:valak:bc76772, author = {Eli Salem and Assaf Dahan and Lior Rochberger}, title = {{Valak: More than Meets the Eye}}, date = {2020-05-28}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/valak-more-than-meets-the-eye}, language = {English}, urldate = {2020-06-02} } Valak: More than Meets the Eye
Valak
2019-12-11CybereasonAssaf Dahan, Lior Rochberger, Eli Salem, Mary Zhao, Niv Yona, Omer Yampel, Matt Hart
@online{dahan:20191211:dropping:0849f70, author = {Assaf Dahan and Lior Rochberger and Eli Salem and Mary Zhao and Niv Yona and Omer Yampel and Matt Hart}, title = {{Dropping Anchor: From a TrickBot Infection to the Discovery of the Anchor Malware}}, date = {2019-12-11}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/dropping-anchor-from-a-trickbot-infection-to-the-discovery-of-the-anchor-malware}, language = {English}, urldate = {2020-01-06} } Dropping Anchor: From a TrickBot Infection to the Discovery of the Anchor Malware
Anchor WIZARD SPIDER
2019-02-13CybereasonEli Salem
@online{salem:20190213:astaroth:ed892f0, author = {Eli Salem}, title = {{Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data}}, date = {2019-02-13}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil-full-research}, language = {English}, urldate = {2020-01-09} } Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data
Astaroth
2019-01-03CybereasonEli Salem, Lior Rochberger, Niv Yona
@online{salem:20190103:lolbins:08f0a5f, author = {Eli Salem and Lior Rochberger and Niv Yona}, title = {{LOLbins and trojans: How the Ramnit Trojan spreads via sLoad in a cyberattack}}, date = {2019-01-03}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/banking-trojan-delivered-by-lolbins-ramnit-trojan}, language = {English}, urldate = {2020-01-06} } LOLbins and trojans: How the Ramnit Trojan spreads via sLoad in a cyberattack
sLoad