Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-01-21InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20210121:powershell:904be1b, author = {Xavier Mertens}, title = {{Powershell Dropping a REvil Ransomware}}, date = {2021-01-21}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/27012}, language = {English}, urldate = {2021-01-21} } Powershell Dropping a REvil Ransomware
REvil
2021-01-13InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20210113:hancitor:55f3ea5, author = {Brad Duncan}, title = {{Hancitor activity resumes after a hoilday break}}, date = {2021-01-13}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/Hancitor+activity+resumes+after+a+hoilday+break/26980/}, language = {English}, urldate = {2021-01-21} } Hancitor activity resumes after a hoilday break
Hancitor
2020-12-24InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20201224:malicious:df6eb1a, author = {Xavier Mertens}, title = {{Malicious Word Document Delivering an Octopus Backdoor}}, date = {2020-12-24}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/26918}, language = {English}, urldate = {2021-01-04} } Malicious Word Document Delivering an Octopus Backdoor
Octopus
2020-12-15InfoSec Handlers Diary BlogDidier Stevens
@online{stevens:20201215:analyzing:1aa1e8b, author = {Didier Stevens}, title = {{Analyzing FireEye Maldocs}}, date = {2020-12-15}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/26882}, language = {English}, urldate = {2020-12-15} } Analyzing FireEye Maldocs
2020-12-09InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20201209:recent:0992506, author = {Brad Duncan}, title = {{Recent Qakbot (Qbot) activity}}, date = {2020-12-09}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/26862}, language = {English}, urldate = {2020-12-10} } Recent Qakbot (Qbot) activity
Cobalt Strike QakBot
2020-11-03InfoSec Handlers Diary BlogRenato Marinho
@online{marinho:20201103:attackers:9b3762b, author = {Renato Marinho}, title = {{Attackers Exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike}}, date = {2020-11-03}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/26752}, language = {English}, urldate = {2020-11-06} } Attackers Exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike
Cobalt Strike
2020-05-23InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20200523:agenttesla:eba0b0c, author = {Xavier Mertens}, title = {{AgentTesla Delivered via a Malicious PowerPoint Add-In}}, date = {2020-05-23}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/}, language = {English}, urldate = {2020-05-27} } AgentTesla Delivered via a Malicious PowerPoint Add-In
Agent Tesla
2020-04-12InfoSec Handlers Diary BlogVinnie
@online{vinnie:20200412:dynamic:191820f, author = {Vinnie}, title = {{Dynamic analysis technique to get decrypted KPOT Malware}}, date = {2020-04-12}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/26010}, language = {English}, urldate = {2020-04-26} } Dynamic analysis technique to get decrypted KPOT Malware
KPOT Stealer
2019-07-11InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20190711:recent:bd25d5a, author = {Brad Duncan}, title = {{Recent AZORult activity}}, date = {2019-07-11}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/25120}, language = {English}, urldate = {2020-01-10} } Recent AZORult activity
Azorult
2018-03-07InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20180307:ransomware:504a693, author = {Brad Duncan}, title = {{Ransomware news: GlobeImposter gets a facelift, GandCrab is still out there}}, date = {2018-03-07}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/23417}, language = {English}, urldate = {2020-01-06} } Ransomware news: GlobeImposter gets a facelift, GandCrab is still out there
Gandcrab GlobeImposter
2017-09-05InfoSec Handlers Diary BlogJohannes Ullrich
@online{ullrich:20170905:mirai:ab11796, author = {Johannes Ullrich}, title = {{The Mirai Botnet: A Look Back and Ahead At What's Next}}, date = {2017-09-05}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/22786}, language = {English}, urldate = {2020-01-06} } The Mirai Botnet: A Look Back and Ahead At What's Next
2017-08-29InfoSec Handlers Diary BlogRenato Marinho
@online{marinho:20170829:second:582ba7f, author = {Renato Marinho}, title = {{Second Google Chrome Extension Banker Malware in Two Weeks}}, date = {2017-08-29}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/22766}, language = {English}, urldate = {2020-01-08} } Second Google Chrome Extension Banker Malware in Two Weeks
IDKEY
2017-07-08InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20170708:vbscript:e2baa5d, author = {Xavier Mertens}, title = {{A VBScript with Obfuscated Base64 Data}}, date = {2017-07-08}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/22590}, language = {English}, urldate = {2020-01-13} } A VBScript with Obfuscated Base64 Data
Revenge RAT
2009-11-03InfoSec Handlers Diary BlogBojan Zdrnja
@online{zdrnja:20091103:opachki:96e78eb, author = {Bojan Zdrnja}, title = {{Opachki, from (and to) Russia with love}}, date = {2009-11-03}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/Opachki%2C+from+%28and+to%29+Russia+with+love/7519}, language = {English}, urldate = {2020-01-06} } Opachki, from (and to) Russia with love
Opachki