Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-29Fox-ITAlberto Segura, Rolf Govers
@online{segura:20220629:flubot:274bd51, author = {Alberto Segura and Rolf Govers}, title = {{Flubot: the evolution of a notorious Android Banking Malware}}, date = {2022-06-29}, organization = {Fox-IT}, url = {https://blog.fox-it.com/2022/06/29/flubot-the-evolution-of-a-notorious-android-banking-malware/}, language = {English}, urldate = {2022-07-05} } Flubot: the evolution of a notorious Android Banking Malware
FluBot
2022-03-03Fox-ITAlberto Segura, Rolf Govers
@online{segura:20220303:sharkbot:58ba7e0, author = {Alberto Segura and Rolf Govers}, title = {{SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store}}, date = {2022-03-03}, organization = {Fox-IT}, url = {https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/}, language = {English}, urldate = {2022-03-04} } SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
SharkBot
2021-06-14nccgroupNCCGroup, Fox-IT Data Science Team
@online{nccgroup:20210614:incremental:da01496, author = {NCCGroup and Fox-IT Data Science Team}, title = {{Incremental Machine Learning by Example: Detecting Suspicious Activity with Zeek Data Streams, River, and JA3 Hashes}}, date = {2021-06-14}, organization = {nccgroup}, url = {https://research.nccgroup.com/2021/06/14/incremental-machine-leaning-by-example-detecting-suspicious-activity-with-zeek-data-streams-river-and-ja3-hashes/}, language = {English}, urldate = {2021-06-21} } Incremental Machine Learning by Example: Detecting Suspicious Activity with Zeek Data Streams, River, and JA3 Hashes
2021-05-04Fox-ITfumik0, the RIFT Team, Fox IT
@online{fumik0:20210504:rm3:41d6969, author = {fumik0 and the RIFT Team and Fox IT}, title = {{RM3 – Curiosities of the wildest banking malware}}, date = {2021-05-04}, organization = {Fox-IT}, url = {https://blog.fox-it.com/2021/05/04/rm3-curiosities-of-the-wildest-banking-malware/}, language = {English}, urldate = {2021-05-04} } RM3 – Curiosities of the wildest banking malware
ISFB
2021-01-12Fox-ITWouter Jansen
@online{jansen:20210112:abusing:c38eeb6, author = {Wouter Jansen}, title = {{Abusing cloud services to fly under the radar}}, date = {2021-01-12}, organization = {Fox-IT}, url = {https://blog.fox-it.com/2021/01/12/abusing-cloud-services-to-fly-under-the-radar/}, language = {English}, urldate = {2021-01-18} } Abusing cloud services to fly under the radar
Cobalt Strike
2020-11-16Fox-ITAntonis Terefos, Anne Postma, Tera0017
@online{terefos:20201116:ta505:8449383, author = {Antonis Terefos and Anne Postma and Tera0017}, title = {{TA505: A Brief History Of Their Time}}, date = {2020-11-16}, organization = {Fox-IT}, url = {https://blog.fox-it.com/2020/11/16/ta505-a-brief-history-of-their-time/}, language = {English}, urldate = {2020-11-23} } TA505: A Brief History Of Their Time
Clop Get2 SDBbot TA505
2020-09-02Fox-ITJoost Jansen
@online{jansen:20200902:machine:2a2ed0a, author = {Joost Jansen}, title = {{Machine learning from idea to reality: a PowerShell case study}}, date = {2020-09-02}, organization = {Fox-IT}, url = {https://blog.fox-it.com/2020/09/02/machine-learning-from-idea-to-reality-a-powershell-case-study/}, language = {English}, urldate = {2020-09-03} } Machine learning from idea to reality: a PowerShell case study
2020-06-02Fox-ITNikolaos Pantazopoulos, Stefano Antenucci, NCC RIFT
@online{pantazopoulos:20200602:indepth:f43e58f, author = {Nikolaos Pantazopoulos and Stefano Antenucci and NCC RIFT}, title = {{In-depth analysis of the new Team9 malware family}}, date = {2020-06-02}, organization = {Fox-IT}, url = {https://blog.fox-it.com/2020/06/02/in-depth-analysis-of-the-new-team9-malware-family/}, language = {English}, urldate = {2020-06-03} } In-depth analysis of the new Team9 malware family
BazarBackdoor
2019-12-19Fox-ITMaarten van Dantzig, Erik Schamper
@techreport{dantzig:20191219:operation:96804be, author = {Maarten van Dantzig and Erik Schamper}, title = {{Operation Wocao: Shining a light on one of China’s hidden hacking groups}}, date = {2019-12-19}, institution = {Fox-IT}, url = {https://resources.fox-it.com/rs/170-CAK-271/images/201912_Report_Operation_Wocao.pdf}, language = {English}, urldate = {2020-01-13} } Operation Wocao: Shining a light on one of China’s hidden hacking groups
XServer
2019-12-19Fox-ITFox IT
@online{it:20191219:operation:64c0cd9, author = {Fox IT}, title = {{Operation Wocao : Shining a light on one of China’s hidden hacking groups}}, date = {2019-12-19}, organization = {Fox-IT}, url = {https://www.fox-it.com/nl/actueel/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/}, language = {English}, urldate = {2020-01-07} } Operation Wocao : Shining a light on one of China’s hidden hacking groups
APT20 Operation Wocao
2019-03-27Fox-ITStefano Antenucci, Antonio Parata
@online{antenucci:20190327:psixbot:9e1a258, author = {Stefano Antenucci and Antonio Parata}, title = {{PsiXBot: The Evolution Of A Modular .NET Bot}}, date = {2019-03-27}, organization = {Fox-IT}, url = {https://blog.fox-it.com/2019/03/27/psixbot-the-evolution-of-a-modular-net-bot/}, language = {English}, urldate = {2019-10-12} } PsiXBot: The Evolution Of A Modular .NET Bot
PsiX
2019-02-26Fox-ITFox IT
@online{it:20190226:identifying:689104d, author = {Fox IT}, title = {{Identifying Cobalt Strike team servers in the wild}}, date = {2019-02-26}, organization = {Fox-IT}, url = {https://blog.fox-it.com/2019/02/26/identifying-cobalt-strike-team-servers-in-the-wild/}, language = {English}, urldate = {2020-10-25} } Identifying Cobalt Strike team servers in the wild
Cobalt Strike
2018-08-09Fox-ITAlfred Klason
@online{klason:20180809:bokbot:499f316, author = {Alfred Klason}, title = {{Bokbot: The (re)birth of a banker}}, date = {2018-08-09}, organization = {Fox-IT}, url = {https://blog.fox-it.com/2018/08/09/bokbot-the-rebirth-of-a-banker/}, language = {English}, urldate = {2019-12-20} } Bokbot: The (re)birth of a banker
IcedID Vawtrak
2018-05-22Group-IBGroup-IB, Fox-IT
@techreport{groupib:20180522:anunak:97d0646, author = {Group-IB and Fox-IT}, title = {{Anunak: APT against financial institutions}}, date = {2018-05-22}, institution = {Group-IB}, url = {https://www.group-ib.com/resources/threat-research/Anunak_APT_against_financial_institutions.pdf}, language = {English}, urldate = {2020-01-06} } Anunak: APT against financial institutions
FIN7
2017-05-03Fox-ITJelle Vergeer, Krijn de Mik, Mitchel Sahertian, Maarten van Dantzig, Yun Zheng Hu
@online{vergeer:20170503:snake:2987af1, author = {Jelle Vergeer and Krijn de Mik and Mitchel Sahertian and Maarten van Dantzig and Yun Zheng Hu}, title = {{Snake: Coming soon in Mac OS X flavour}}, date = {2017-05-03}, organization = {Fox-IT}, url = {https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/}, language = {English}, urldate = {2019-12-17} } Snake: Coming soon in Mac OS X flavour
Uroburos
2016-06-15Fox-ITFox IT
@online{it:20160615:mofang:59e7ad3, author = {Fox IT}, title = {{Mofang: A politically motivated information stealing adversary}}, date = {2016-06-15}, organization = {Fox-IT}, url = {https://blog.fox-it.com/2016/06/15/mofang-a-politically-motivated-information-stealing-adversary/}, language = {English}, urldate = {2019-11-27} } Mofang: A politically motivated information stealing adversary
Mofang
2016-05-17Fox-ITYonathan Klijnsma, Danny Heppener, Mitchel Sahertian, Krijn de Mik, Maarten van Dantzig, Yun Zheng Hu, Lennart Haagsma, Martin van Hensbergen, Erik de Jong
@techreport{klijnsma:20160517:mofang:7035a61, author = {Yonathan Klijnsma and Danny Heppener and Mitchel Sahertian and Krijn de Mik and Maarten van Dantzig and Yun Zheng Hu and Lennart Haagsma and Martin van Hensbergen and Erik de Jong}, title = {{Mofang: A politically motivated information stealing adversary}}, date = {2016-05-17}, institution = {Fox-IT}, url = {https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf}, language = {English}, urldate = {2020-01-09} } Mofang: A politically motivated information stealing adversary
Shim RAT Mofang
2013-09-05Fox-ITFox IT
@online{it:20130905:large:48926bb, author = {Fox IT}, title = {{Large botnet cause of recent Tor network overload}}, date = {2013-09-05}, organization = {Fox-IT}, url = {https://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/}, language = {English}, urldate = {2021-09-19} } Large botnet cause of recent Tor network overload
Mevade