Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-04-12InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20230412:recent:66863ee, author = {Brad Duncan}, title = {{Recent IcedID (Bokbot) activity}}, date = {2023-04-12}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/29740}, language = {English}, urldate = {2023-04-18} } Recent IcedID (Bokbot) activity
IcedID PhotoLoader
2022-06-09InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220609:ta570:a51c1eb, author = {Brad Duncan}, title = {{TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)}}, date = {2022-06-09}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28728}, language = {English}, urldate = {2022-06-09} } TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
QakBot
2022-05-19InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220519:bumblebee:20c59e6, author = {Brad Duncan}, title = {{Bumblebee Malware from TransferXL URLs}}, date = {2022-05-19}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28664}, language = {English}, urldate = {2022-05-25} } Bumblebee Malware from TransferXL URLs
BumbleBee Cobalt Strike
2022-05-19InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220519:bumblebee:0703c7d, author = {Brad Duncan}, title = {{Bumblebee Malware from TransferXL URLs}}, date = {2022-05-19}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/Bumblebee+Malware+from+TransferXL+URLs/28664}, language = {English}, urldate = {2023-04-06} } Bumblebee Malware from TransferXL URLs
BumbleBee Cobalt Strike
2022-05-11InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220511:ta578:0a0a686, author = {Brad Duncan}, title = {{TA578 using thread-hijacked emails to push ISO files for Bumblebee malware}}, date = {2022-05-11}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/28636}, language = {English}, urldate = {2022-05-11} } TA578 using thread-hijacked emails to push ISO files for Bumblebee malware
BumbleBee Cobalt Strike IcedID PhotoLoader
2022-05-09InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20220509:octopus:e3787d9, author = {Xavier Mertens}, title = {{Octopus Backdoor is Back with a New Embedded Obfuscated Bat File}}, date = {2022-05-09}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28628}, language = {English}, urldate = {2022-05-17} } Octopus Backdoor is Back with a New Embedded Obfuscated Bat File
Octopus
2022-04-06InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220406:windows:3802dbd, author = {Brad Duncan}, title = {{Windows MetaStealer Malware}}, date = {2022-04-06}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/Windows+MetaStealer+Malware/28522/}, language = {English}, urldate = {2022-05-05} } Windows MetaStealer Malware
MetaStealer
2022-03-23InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220323:arkei:f9a44a4, author = {Brad Duncan}, title = {{Arkei Variants: From Vidar to Mars Stealer}}, date = {2022-03-23}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/Arkei+Variants%3A+From+Vidar+to+Mars+Stealer/28468}, language = {English}, urldate = {2023-04-25} } Arkei Variants: From Vidar to Mars Stealer
Arkei Stealer Mars Stealer Oski Stealer Vidar
2022-03-23InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220323:arkei:b2a08f5, author = {Brad Duncan}, title = {{Arkei Variants: From Vidar to Mars Stealer}}, date = {2022-03-23}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28468}, language = {English}, urldate = {2022-03-25} } Arkei Variants: From Vidar to Mars Stealer
Arkei Stealer Mars Stealer Vidar
2022-03-16InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220316:qakbot:ff11e1e, author = {Brad Duncan}, title = {{Qakbot infection with Cobalt Strike and VNC activity}}, date = {2022-03-16}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28448}, language = {English}, urldate = {2022-03-17} } Qakbot infection with Cobalt Strike and VNC activity
Cobalt Strike QakBot
2022-01-19InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220119:0000:cdac125, author = {Brad Duncan}, title = {{0.0.0.0 in Emotet Spambot Traffic}}, date = {2022-01-19}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28254}, language = {English}, urldate = {2022-01-24} } 0.0.0.0 in Emotet Spambot Traffic
Emotet
2021-12-31InfoSec Handlers Diary BlogJan Kopriva
@online{kopriva:20211231:do:8a36b66, author = {Jan Kopriva}, title = {{Do you want your Agent Tesla in the 300 MB or 8 kB package?}}, date = {2021-12-31}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/28202}, language = {English}, urldate = {2022-01-05} } Do you want your Agent Tesla in the 300 MB or 8 kB package?
Agent Tesla
2021-12-30InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20211230:agent:2b24ea4, author = {Brad Duncan}, title = {{Agent Tesla Updates SMTP Data Exfiltration Technique}}, date = {2021-12-30}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28190}, language = {English}, urldate = {2022-01-03} } Agent Tesla Updates SMTP Data Exfiltration Technique
Agent Tesla
2021-12-20InfoSec Handlers Diary BlogJan Kopriva, Alef Nula
@online{kopriva:20211220:powerpoint:917c614, author = {Jan Kopriva and Alef Nula}, title = {{PowerPoint attachments, Agent Tesla and code reuse in malware}}, date = {2021-12-20}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/PowerPoint+attachments+Agent+Tesla+and+code+reuse+in+malware/28154/}, language = {English}, urldate = {2021-12-31} } PowerPoint attachments, Agent Tesla and code reuse in malware
Agent Tesla
2021-12-16InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20211216:how:6fd0b06, author = {Brad Duncan}, title = {{How the "Contact Forms" campaign tricks people}}, date = {2021-12-16}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/How+the+Contact+Forms+campaign+tricks+people/28142/}, language = {English}, urldate = {2021-12-31} } How the "Contact Forms" campaign tricks people
IcedID
2021-11-16InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20211116:emotet:3545954, author = {Brad Duncan}, title = {{Emotet Returns}}, date = {2021-11-16}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/28044}, language = {English}, urldate = {2021-11-17} } Emotet Returns
Emotet
2021-09-01InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20210901:strrat:82432b9, author = {Brad Duncan}, title = {{STRRAT: a Java-based RAT that doesn't care if you have Java}}, date = {2021-09-01}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/27798}, language = {English}, urldate = {2021-09-02} } STRRAT: a Java-based RAT that doesn't care if you have Java
STRRAT
2021-07-24InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20210724:agenttesla:2876aef, author = {Xavier Mertens}, title = {{Agent.Tesla Dropped via a .daa Image and Talking to Telegram}}, date = {2021-07-24}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/27666}, language = {English}, urldate = {2021-07-26} } Agent.Tesla Dropped via a .daa Image and Talking to Telegram
Agent Tesla
2021-07-09InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20210709:hancitor:814e815, author = {Brad Duncan}, title = {{Hancitor tries XLL as initial malware file}}, date = {2021-07-09}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/27618}, language = {English}, urldate = {2021-07-19} } Hancitor tries XLL as initial malware file
Cobalt Strike Hancitor
2021-04-19InfoSec Handlers Diary BlogJan Kopriva
@online{kopriva:20210419:hunting:021a759, author = {Jan Kopriva}, title = {{Hunting phishing websites with favicon hashes}}, date = {2021-04-19}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/Hunting+phishing+websites+with+favicon+hashes/27326/}, language = {English}, urldate = {2021-04-20} } Hunting phishing websites with favicon hashes