Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-21Github (x-junior)Mohamed Ashraf
@online{ashraf:20220521:deep:0e3523b, author = {Mohamed Ashraf}, title = {{Deep Analysis of Mars Stealer}}, date = {2022-05-21}, organization = {Github (x-junior)}, url = {https://x-junior.github.io/malware%20analysis/MarsStealer/}, language = {English}, urldate = {2022-05-23} } Deep Analysis of Mars Stealer
Mars Stealer
2022-05-18Github (0x00-0x7f)Sadia Bashir
@online{bashir:20220518:case:986df17, author = {Sadia Bashir}, title = {{A Case of Vidar Infostealer - Part 2}}, date = {2022-05-18}, organization = {Github (0x00-0x7f)}, url = {https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/}, language = {English}, urldate = {2022-05-25} } A Case of Vidar Infostealer - Part 2
Vidar
2022-05-16Github (Dump-GUY)Jiří Vinopal
@online{vinopal:20220516:malware:f716c6a, author = {Jiří Vinopal}, title = {{Malware Analysis Report – APT29 C2-Client Dropbox Loader}}, date = {2022-05-16}, organization = {Github (Dump-GUY)}, url = {https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering/blob/main/APT29_C2-Client_Dropbox_Loader/APT29-DropboxLoader_analysis.md}, language = {English}, urldate = {2022-05-25} } Malware Analysis Report – APT29 C2-Client Dropbox Loader
2022-05-12NetskopeGustavo Palazolo
@online{palazolo:20220512:redline:2a91da2, author = {Gustavo Palazolo}, title = {{RedLine Stealer Campaign Using Binance Mystery Box Videos to Spread GitHub-Hosted Payload}}, date = {2022-05-12}, organization = {Netskope}, url = {https://www.netskope.com/blog/redline-stealer-campaign-using-binance-mystery-box-videos-to-spread-github-hosted-payload}, language = {English}, urldate = {2022-05-17} } RedLine Stealer Campaign Using Binance Mystery Box Videos to Spread GitHub-Hosted Payload
RedLine Stealer
2022-05-10Github (SrujanKumar-K)Srujan Kumar
@online{kumar:20220510:malicious:453b20e, author = {Srujan Kumar}, title = {{Malicious PDF Document Analysis - Lazyscripter}}, date = {2022-05-10}, organization = {Github (SrujanKumar-K)}, url = {https://github.com/SrujanKumar-K/Blogpost/tree/main/LazyScripter}, language = {English}, urldate = {2022-05-11} } Malicious PDF Document Analysis - Lazyscripter
Lazyscripter
2022-05-05Github (muha2xmad)Muhammad Hasan Ali
@online{ali:20220505:analysis:3ec712d, author = {Muhammad Hasan Ali}, title = {{Analysis of MS Word to drop Remcos RAT | VBA extraction and analysis | IoCs}}, date = {2022-05-05}, organization = {Github (muha2xmad)}, url = {https://muha2xmad.github.io/mal-document/remcosdoc/}, language = {English}, urldate = {2022-05-08} } Analysis of MS Word to drop Remcos RAT | VBA extraction and analysis | IoCs
Remcos
2022-05-01Github (k-vitali)Vitali Kremez
@online{kremez:20220501:revil:6146a35, author = {Vitali Kremez}, title = {{REvil Reborn Ransom Config}}, date = {2022-05-01}, organization = {Github (k-vitali)}, url = {https://raw.githubusercontent.com/k-vitali/Malware-Misc-RE/master/2022-05-01-revil-reborn-ransom.vk.cfg.txt}, language = {English}, urldate = {2022-05-04} } REvil Reborn Ransom Config
REvil
2022-04-06Github (albertzsigovits)Albert Zsigovits
@online{zsigovits:20220406:yanluowang:d74271b, author = {Albert Zsigovits}, title = {{Yanluowang Ransomware Analysis}}, date = {2022-04-06}, organization = {Github (albertzsigovits)}, url = {https://github.com/albertzsigovits/malware-notes/tree/master/Ransomware-Windows-Yanluowang}, language = {English}, urldate = {2022-04-13} } Yanluowang Ransomware Analysis
Yanluowang
2022-04-06Github (infinitumlabs)Arda Büyükkaya
@online{bykkaya:20220406:karakurt:7471190, author = {Arda Büyükkaya}, title = {{Karakurt Hacking Team Indicators of Compromise (IOC)}}, date = {2022-04-06}, organization = {Github (infinitumlabs)}, url = {https://github.com/infinitumitlabs/Karakurt-Hacking-Team-CTI}, language = {English}, urldate = {2022-04-08} } Karakurt Hacking Team Indicators of Compromise (IOC)
Cobalt Strike
2022-04-02Github (pl-v)Player-V
@online{playerv:20220402:emotet:712f2ab, author = {Player-V}, title = {{Emotet Analysis Part 1: Unpacking}}, date = {2022-04-02}, organization = {Github (pl-v)}, url = {https://pl-v.github.io/plv/posts/Emotet-unpacking/}, language = {English}, urldate = {2022-04-08} } Emotet Analysis Part 1: Unpacking
Emotet
2022-04-02Github (cocomelonc)cocomelonc
@online{cocomelonc:20220402:malware:48c405d, author = {cocomelonc}, title = {{Malware development tricks. Find kernel32.dll base: asm style. C++ example.}}, date = {2022-04-02}, organization = {Github (cocomelonc)}, url = {https://cocomelonc.github.io/tutorial/2022/04/02/malware-injection-18.html}, language = {English}, urldate = {2022-04-07} } Malware development tricks. Find kernel32.dll base: asm style. C++ example.
Conti
2022-03-27Github (0x00-0x7f)Sadia Bashir
@online{bashir:20220327:case:80e7471, author = {Sadia Bashir}, title = {{A Case of Vidar Infostealer - Part 1 (Unpacking)}}, date = {2022-03-27}, organization = {Github (0x00-0x7f)}, url = {https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/}, language = {English}, urldate = {2022-03-31} } A Case of Vidar Infostealer - Part 1 (Unpacking)
Vidar
2022-03-25Github (@swagkarna)
@online{swagkarna:20220325:rafel:8abf617, author = {Github (@swagkarna)}, title = {{Rafel Rat GitHub repository}}, date = {2022-03-25}, url = {https://github.com/swagkarna/Rafel-Rat}, language = {English}, urldate = {2022-04-29} } Rafel Rat GitHub repository
Rafel RAT
2022-03-21Github (trendmicro)Trend Micro Research
@online{research:20220321:python:7dbe8dd, author = {Trend Micro Research}, title = {{Python script to check a Cyclops Blink C&C}}, date = {2022-03-21}, organization = {Github (trendmicro)}, url = {https://github.com/trendmicro/research/blob/main/cyclops_blink/c2-scripts/check.py}, language = {English}, urldate = {2022-03-28} } Python script to check a Cyclops Blink C&C
CyclopsBlink
2022-03-17Github (eln0ty)Abdallah Elnoty
@online{elnoty:20220317:icedid:0b8ef27, author = {Abdallah Elnoty}, title = {{IcedID Analysis}}, date = {2022-03-17}, organization = {Github (eln0ty)}, url = {https://eln0ty.github.io/malware%20analysis/IcedID/}, language = {English}, urldate = {2022-03-22} } IcedID Analysis
IcedID
2022-03-16Github (MidSpike)Tyler Resch
@online{resch:20220316:cve202223812:08da7b9, author = {Tyler Resch}, title = {{CVE-2022-23812: RIAEvangelist/node-ipc is malware / protestware}}, date = {2022-03-16}, organization = {Github (MidSpike)}, url = {https://gist.github.com/MidSpike/f7ae3457420af78a54b38a31cc0c809c}, language = {English}, urldate = {2022-03-18} } CVE-2022-23812: RIAEvangelist/node-ipc is malware / protestware
PeaceNotWar
2022-03-08Github (whichbuffer)Arda Büyükkaya
@online{bykkaya:20220308:contiransomwareioc:57c8ab1, author = {Arda Büyükkaya}, title = {{Conti-Ransomware-IOC}}, date = {2022-03-08}, organization = {Github (whichbuffer)}, url = {https://github.com/whichbuffer/Conti-Ransomware-IOC}, language = {English}, urldate = {2022-03-10} } Conti-Ransomware-IOC
Conti
2022-03-07ElasticDaniel Stepanic, Derek Ditch, Joe Desimone, Cyril François, Github (@1337-42), Samir Bousseaden, Andrew Pease
@online{stepanic:20220307:phoreal:f982397, author = {Daniel Stepanic and Derek Ditch and Joe Desimone and Cyril François and Github (@1337-42) and Samir Bousseaden and Andrew Pease}, title = {{PHOREAL Malware Targets the Southeast Asian Financial Sector}}, date = {2022-03-07}, organization = {Elastic}, url = {https://elastic.github.io/security-research/intelligence/2022/03/02.phoreal-targets-southeast-asia-financial-sector/article/}, language = {English}, urldate = {2022-03-08} } PHOREAL Malware Targets the Southeast Asian Financial Sector
PHOREAL
2022-03-04Github (eln0ty)Abdallah Elnoty
@online{elnoty:20220304:hermeticwiperfoxblade:55a9f09, author = {Abdallah Elnoty}, title = {{HermeticWiper/FoxBlade Analysis (in-depth)}}, date = {2022-03-04}, organization = {Github (eln0ty)}, url = {https://eln0ty.github.io/malware%20analysis/HermeticWiper/}, language = {English}, urldate = {2022-03-04} } HermeticWiper/FoxBlade Analysis (in-depth)
HermeticWiper
2022-03-01Github (usualsuspect)Johann Aydinbas
@online{aydinbas:20220301:python:1e7cf7b, author = {Johann Aydinbas}, title = {{Python script to decrypt embedded driver used in Daxin}}, date = {2022-03-01}, organization = {Github (usualsuspect)}, url = {https://gist.github.com/usualsuspect/839fbc54e0d76bb2626329cd94274cd6}, language = {English}, urldate = {2022-03-07} } Python script to decrypt embedded driver used in Daxin
Daxin