Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-09-07Huntress LabsHarlan Carvey
@online{carvey:20230907:evolution:4432f0b, author = {Harlan Carvey}, title = {{Evolution of USB-Borne Malware, Raspberry Robin}}, date = {2023-09-07}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/evolution-of-usb-borne-malware-raspberry-robin}, language = {English}, urldate = {2023-09-11} } Evolution of USB-Borne Malware, Raspberry Robin
Raspberry Robin
2023-08-23Twitter (@embee_research)Embee_research, Huntress Labs
@online{embeeresearch:20230823:extracting:f1277f5, author = {Embee_research and Huntress Labs}, title = {{Extracting Xworm from Bloated Golang Executable}}, date = {2023-08-23}, organization = {Twitter (@embee_research)}, url = {https://x.com/embee_research/status/1694635899903152619}, language = {English}, urldate = {2023-08-25} } Extracting Xworm from Bloated Golang Executable
XWorm
2023-05-09Huntress LabsMatthew Brennan
@online{brennan:20230509:advanced:eaca988, author = {Matthew Brennan}, title = {{Advanced Cyberchef Tips - AsyncRAT Loader}}, date = {2023-05-09}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/advanced-cyberchef-tips-asyncrat-loader}, language = {English}, urldate = {2023-05-11} } Advanced Cyberchef Tips - AsyncRAT Loader
AsyncRAT
2023-03-30Huntress LabsJohn Hammond
@online{hammond:20230330:3cx:bba6690, author = {John Hammond}, title = {{3CX VoIP Software Compromise & Supply Chain Threats}}, date = {2023-03-30}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats}, language = {English}, urldate = {2023-04-02} } 3CX VoIP Software Compromise & Supply Chain Threats
3CX Backdoor
2023-02-08Huntress LabsMichael Elford
@online{elford:20230208:asyncrat:46601a3, author = {Michael Elford}, title = {{AsyncRAT: Analysing the Three Stages of Execution}}, date = {2023-02-08}, organization = {Huntress Labs}, url = {https://medium.com/@hcksyd/asyncrat-analysing-the-three-stages-of-execution-378b343216bf}, language = {English}, urldate = {2023-02-09} } AsyncRAT: Analysing the Three Stages of Execution
AsyncRAT
2023-02-08Huntress LabsJoe Slowik, Matt Anderson
@online{slowik:20230208:investigating:4b8fbaf, author = {Joe Slowik and Matt Anderson}, title = {{Investigating Intrusions From Intriguing Exploits}}, date = {2023-02-08}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/investigating-intrusions-from-intriguing-exploits}, language = {English}, urldate = {2023-04-06} } Investigating Intrusions From Intriguing Exploits
Silence
2023-02-03Huntress LabsChad Hudson
@online{hudson:20230203:ave:688ad0d, author = {Chad Hudson}, title = {{Ave Maria and the Chambers of Warzone RAT}}, date = {2023-02-03}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/ave-maria-and-the-chambers-of-warzone-rat}, language = {English}, urldate = {2023-02-03} } Ave Maria and the Chambers of Warzone RAT
Ave Maria
2022-10-12Twitter (@embee_research)Embee_research, Huntress Labs
@online{embeeresearch:20221012:tweets:3284cd3, author = {Embee_research and Huntress Labs}, title = {{Tweets on detection of Brute Ratel via API Hashes}}, date = {2022-10-12}, organization = {Twitter (@embee_research)}, url = {https://twitter.com/embee_research/status/1580030303950995456?s=20&t=0vfXnrCXaVSX-P-hiSrFwA}, language = {English}, urldate = {2022-11-21} } Tweets on detection of Brute Ratel via API Hashes
Brute Ratel C4
2022-10-11Twitter (@embee_research)Embee_research, Huntress Labs
@online{embeeresearch:20221011:havoc:3bc6fb5, author = {Embee_research and Huntress Labs}, title = {{Tweet on Havoc C2 - Static Detection Via Ntdll API Hashes}}, date = {2022-10-11}, organization = {Twitter (@embee_research)}, url = {https://twitter.com/embee_research/status/1579668721777643520?s=20&t=nDJOv1Yf5mQZKCou7qMrhQ}, language = {English}, urldate = {2022-11-21} } Tweet on Havoc C2 - Static Detection Via Ntdll API Hashes
Havoc
2022-08-16Huntress LabsDray Agha
@online{agha:20220816:cleartext:3262c13, author = {Dray Agha}, title = {{Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY}}, date = {2022-08-16}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy}, language = {English}, urldate = {2022-09-12} } Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY
2022-03-01Huntress LabsJohn Hammond
@online{hammond:20220301:targeted:c462269, author = {John Hammond}, title = {{Targeted APT Activity: BABYSHARK Is Out for Blood}}, date = {2022-03-01}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/targeted-apt-activity-babyshark-is-out-for-blood}, language = {English}, urldate = {2022-03-07} } Targeted APT Activity: BABYSHARK Is Out for Blood
BabyShark
2022-02-18Huntress LabsMatthew Brennan
@online{brennan:20220218:hackers:243d8b8, author = {Matthew Brennan}, title = {{Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection}}, date = {2022-02-18}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection}, language = {English}, urldate = {2022-02-26} } Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection
Cobalt Strike
2022-01-15Huntress LabsTeam Huntress
@online{huntress:20220115:threat:cb103f0, author = {Team Huntress}, title = {{Threat Advisory: VMware Horizon Servers Actively Being Hit With Cobalt Strike (by DEV-0401)}}, date = {2022-01-15}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/cybersecurity-advisory-vmware-horizon-servers-actively-being-hit-with-cobalt-strike}, language = {English}, urldate = {2022-03-07} } Threat Advisory: VMware Horizon Servers Actively Being Hit With Cobalt Strike (by DEV-0401)
Cobalt Strike
2021-10-22Huntress LabsCaleb Stewart
@online{stewart:20211022:threat:0cab124, author = {Caleb Stewart}, title = {{Threat Advisory: Hackers Are Exploiting a Vulnerability in Popular Billing Software to Deploy Ransomware}}, date = {2021-10-22}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware}, language = {English}, urldate = {2021-11-02} } Threat Advisory: Hackers Are Exploiting a Vulnerability in Popular Billing Software to Deploy Ransomware
2021-08-19Huntress LabsJohn Hammond
@online{hammond:20210819:microsoft:a25f571, author = {John Hammond}, title = {{Microsoft Exchange Servers Still Vulnerable to ProxyShell Exploit}}, date = {2021-08-19}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/rapid-response-microsoft-exchange-servers-still-vulnerable-to-proxyshell-exploit}, language = {English}, urldate = {2021-08-25} } Microsoft Exchange Servers Still Vulnerable to ProxyShell Exploit
2021-08-17Huntress LabsMatthew Brennan
@online{brennan:20210817:snakes:1b4d004, author = {Matthew Brennan}, title = {{Snakes on a Domain: An Analysis of a Python Malware Loader}}, date = {2021-08-17}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader}, language = {English}, urldate = {2021-08-20} } Snakes on a Domain: An Analysis of a Python Malware Loader
2021-07-20Huntress LabsJohn Hammond
@online{hammond:20210720:security:50ec27a, author = {John Hammond}, title = {{Security Researchers’ Hunt to Discover Origins of the Kaseya VSA Mass Ransomware Incident}}, date = {2021-07-20}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/security-researchers-hunt-to-discover-origins-of-the-kaseya-vsa-mass-ransomware-incident}, language = {English}, urldate = {2021-07-26} } Security Researchers’ Hunt to Discover Origins of the Kaseya VSA Mass Ransomware Incident
REvil
2021-07-02Huntress LabsHuntress Labs
@online{labs:20210702:crticial:5dd39d2, author = {Huntress Labs}, title = {{Crticial Ransomware Incident in Progress}}, date = {2021-07-02}, organization = {Huntress Labs}, url = {https://www.reddit.com/r/msp/comments/ocggbv/crticial_ransomware_incident_in_progress/}, language = {English}, urldate = {2021-07-24} } Crticial Ransomware Incident in Progress
REvil
2021-05-25Huntress LabsMatthew Brennan
@online{brennan:20210525:cobalt:c428be0, author = {Matthew Brennan}, title = {{Cobalt Strikes Again: An Analysis of Obfuscated Malware}}, date = {2021-05-25}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware}, language = {English}, urldate = {2021-06-09} } Cobalt Strikes Again: An Analysis of Obfuscated Malware
Cobalt Strike
2021-04-05Huntress LabsJohn Hammond
@online{hammond:20210405:from:6062bef, author = {John Hammond}, title = {{From PowerShell to Payload: An Analysis of Weaponized Malware}}, date = {2021-04-05}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/from-powershell-to-payload-an-analysis-of-weaponized-malware}, language = {English}, urldate = {2021-05-26} } From PowerShell to Payload: An Analysis of Weaponized Malware