Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-10-12NetresecErik Hjelmvik
@online{hjelmvik:20231012:forensic:ea2e803, author = {Erik Hjelmvik}, title = {{Forensic Timeline of an IcedID Infection}}, date = {2023-10-12}, organization = {Netresec}, url = {https://www.netresec.com/?page=Blog&month=2023-10&post=Forensic-Timeline-of-an-IcedID-Infection}, language = {English}, urldate = {2023-10-13} } Forensic Timeline of an IcedID Infection
Cobalt Strike IcedID IcedID Downloader
2023-04-26NetresecErik Hjelmvik
@online{hjelmvik:20230426:evilextractor:d01c18d, author = {Erik Hjelmvik}, title = {{EvilExtractor Network Forensics}}, date = {2023-04-26}, organization = {Netresec}, url = {https://www.netresec.com/?page=Blog&month=2023-04&post=EvilExtractor-Network-Forensics}, language = {English}, urldate = {2023-04-26} } EvilExtractor Network Forensics
EvilExtractor
2023-03-02NetresecErik Hjelmvik
@online{hjelmvik:20230302:qakbot:978553c, author = {Erik Hjelmvik}, title = {{QakBot C2 Traffic}}, date = {2023-03-02}, organization = {Netresec}, url = {https://www.netresec.com/?page=Blog&month=2023-03&post=QakBot-C2-Traffic}, language = {English}, urldate = {2023-03-04} } QakBot C2 Traffic
QakBot
2023-02-15NetresecErik Hjelmvik
@online{hjelmvik:20230215:how:db64f7c, author = {Erik Hjelmvik}, title = {{How to Identify IcedID Network Traffic}}, date = {2023-02-15}, organization = {Netresec}, url = {https://www.netresec.com/?page=Blog&month=2023-02&post=How-to-Identify-IcedID-Network-Traffic}, language = {English}, urldate = {2023-02-16} } How to Identify IcedID Network Traffic
IcedID
2022-10-12NetresecErik Hjelmvik
@online{hjelmvik:20221012:icedid:ac8a79c, author = {Erik Hjelmvik}, title = {{IcedID BackConnect Protocol}}, date = {2022-10-12}, organization = {Netresec}, url = {https://www.netresec.com/?page=Blog&month=2022-10&post=IcedID-BackConnect-Protocol}, language = {English}, urldate = {2023-02-16} } IcedID BackConnect Protocol
IcedID
2022-05-09NetresecErik Hjelmvik
@online{hjelmvik:20220509:emotet:ce90938, author = {Erik Hjelmvik}, title = {{Emotet C2 and Spam Traffic Video}}, date = {2022-05-09}, organization = {Netresec}, url = {https://www.netresec.com/?page=Blog&month=2022-05&post=Emotet-C2-and-Spam-Traffic-Video}, language = {English}, urldate = {2022-05-09} } Emotet C2 and Spam Traffic Video
Emotet
2022-04-25NetresecErik Hjelmvik
@online{hjelmvik:20220425:industroyer2:ed9e211, author = {Erik Hjelmvik}, title = {{Industroyer2 IEC-104 Analysis}}, date = {2022-04-25}, organization = {Netresec}, url = {https://www.netresec.com/?page=Blog&month=2022-04&post=Industroyer2-IEC-104-Analysis}, language = {English}, urldate = {2022-04-29} } Industroyer2 IEC-104 Analysis
INDUSTROYER2
2021-04-19NetresecErik Hjelmvik
@online{hjelmvik:20210419:analysing:c6bff49, author = {Erik Hjelmvik}, title = {{Analysing a malware PCAP with IcedID and Cobalt Strike traffic}}, date = {2021-04-19}, organization = {Netresec}, url = {https://netresec.com/?b=214d7ff}, language = {English}, urldate = {2021-04-20} } Analysing a malware PCAP with IcedID and Cobalt Strike traffic
Cobalt Strike IcedID
2021-02-17NetresecErik Hjelmvik
@online{hjelmvik:20210217:targeting:6deceed, author = {Erik Hjelmvik}, title = {{Targeting Process for the SolarWinds Backdoor}}, date = {2021-02-17}, organization = {Netresec}, url = {https://netresec.com/?b=212a6ad}, language = {English}, urldate = {2021-02-18} } Targeting Process for the SolarWinds Backdoor
SUNBURST
2021-01-25NetresecErik Hjelmvik
@online{hjelmvik:20210125:twentythree:d3fad49, author = {Erik Hjelmvik}, title = {{Twenty-three SUNBURST Targets Identified}}, date = {2021-01-25}, organization = {Netresec}, url = {https://netresec.com/?b=211cd21}, language = {English}, urldate = {2021-01-25} } Twenty-three SUNBURST Targets Identified
SUNBURST
2021-01-11NetresecErik Hjelmvik
@online{hjelmvik:20210111:robust:5683220, author = {Erik Hjelmvik}, title = {{Robust Indicators of Compromise for SUNBURST}}, date = {2021-01-11}, organization = {Netresec}, url = {https://netresec.com/?b=211f30f}, language = {English}, urldate = {2021-01-21} } Robust Indicators of Compromise for SUNBURST
SUNBURST
2021-01-04NetresecErik Hjelmvik
@online{hjelmvik:20210104:finding:d869bd9, author = {Erik Hjelmvik}, title = {{Finding Targeted SUNBURST Victims with pDNS}}, date = {2021-01-04}, organization = {Netresec}, url = {https://netresec.com/?b=2113a6a}, language = {English}, urldate = {2021-01-05} } Finding Targeted SUNBURST Victims with pDNS
SUNBURST
2020-12-29NetresecErik Hjelmvik
@online{hjelmvik:20201229:extracting:1640842, author = {Erik Hjelmvik}, title = {{Extracting Security Products from SUNBURST DNS Beacons}}, date = {2020-12-29}, organization = {Netresec}, url = {https://www.netresec.com/?page=Blog&month=2020-12&post=Extracting-Security-Products-from-SUNBURST-DNS-Beacons}, language = {English}, urldate = {2021-01-04} } Extracting Security Products from SUNBURST DNS Beacons
SUNBURST
2020-12-17NetresecErik Hjelmvik
@online{hjelmvik:20201217:reassembling:2a2f222, author = {Erik Hjelmvik}, title = {{Reassembling Victim Domain Fragments from SUNBURST DNS}}, date = {2020-12-17}, organization = {Netresec}, url = {https://www.netresec.com/?page=Blog&month=2020-12&post=Reassembling-Victim-Domain-Fragments-from-SUNBURST-DNS}, language = {English}, urldate = {2020-12-18} } Reassembling Victim Domain Fragments from SUNBURST DNS
SUNBURST
2014-10-27NetresecErik Hjelmvik
@online{hjelmvik:20141027:full:83d84ee, author = {Erik Hjelmvik}, title = {{Full Disclosure of Havex Trojans}}, date = {2014-10-27}, organization = {Netresec}, url = {http://www.netresec.com/?page=Blog&month=2014-10&post=Full-Disclosure-of-Havex-Trojans}, language = {English}, urldate = {2019-11-29} } Full Disclosure of Havex Trojans
ENERGETIC BEAR