Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-04-19InfoSec Handlers Diary BlogJan Kopriva
@online{kopriva:20210419:hunting:021a759, author = {Jan Kopriva}, title = {{Hunting phishing websites with favicon hashes}}, date = {2021-04-19}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/Hunting+phishing+websites+with+favicon+hashes/27326/}, language = {English}, urldate = {2021-04-20} } Hunting phishing websites with favicon hashes
2021-04-14InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20210414:april:4a29cb5, author = {Brad Duncan}, title = {{April 2021 Forensic Quiz: Answers and Analysis}}, date = {2021-04-14}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/27308}, language = {English}, urldate = {2021-04-14} } April 2021 Forensic Quiz: Answers and Analysis
Anchor BazarBackdoor Cobalt Strike
2021-04-06InfoSec Handlers Diary BlogJan Kopriva
@online{kopriva:20210406:malspam:817a035, author = {Jan Kopriva}, title = {{Malspam with Lokibot vs. Outlook and RFCs}}, date = {2021-04-06}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/27282}, language = {English}, urldate = {2021-04-06} } Malspam with Lokibot vs. Outlook and RFCs
Loki Password Stealer (PWS)
2021-03-31InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20210331:quick:56fcc20, author = {Xavier Mertens}, title = {{Quick Analysis of a Modular InfoStealer}}, date = {2021-03-31}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/27264}, language = {English}, urldate = {2021-03-31} } Quick Analysis of a Modular InfoStealer
Amadey
2021-03-29InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20210329:jumping:1da0c41, author = {Xavier Mertens}, title = {{Jumping into Shellcode}}, date = {2021-03-29}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/Jumping+into+Shellcode/27256/}, language = {English}, urldate = {2021-03-31} } Jumping into Shellcode
2021-03-27InfoSec Handlers Diary BlogGuy Bruneau
@online{bruneau:20210327:malware:91319b0, author = {Guy Bruneau}, title = {{Malware Analysis with elastic-agent and Microsoft Sandbox}}, date = {2021-03-27}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/Malware+Analysis+with+elasticagent+and+Microsoft+Sandbox/27248/}, language = {English}, urldate = {2021-03-31} } Malware Analysis with elastic-agent and Microsoft Sandbox
2021-03-07InfoSec Handlers Diary BlogDidier Stevens
@online{stevens:20210307:pcaps:980212d, author = {Didier Stevens}, title = {{PCAPs and Beacons}}, date = {2021-03-07}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/27176}, language = {English}, urldate = {2021-03-11} } PCAPs and Beacons
Cobalt Strike
2021-02-12InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20210212:agenttesla:228400f, author = {Xavier Mertens}, title = {{AgentTesla Dropped Through Automatic Click in Microsoft Help File}}, date = {2021-02-12}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/27092}, language = {English}, urldate = {2021-02-18} } AgentTesla Dropped Through Automatic Click in Microsoft Help File
Agent Tesla
2021-02-11InfoSec Handlers Diary BlogJan Kopriva
@online{kopriva:20210211:agent:e27e397, author = {Jan Kopriva}, title = {{Agent Tesla hidden in a historical anti-malware tool}}, date = {2021-02-11}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/27088}, language = {English}, urldate = {2021-02-20} } Agent Tesla hidden in a historical anti-malware tool
Agent Tesla
2021-02-04InfoSec Handlers Diary BlogBojan Zdrnja
@online{zdrnja:20210204:abusing:8dd70c5, author = {Bojan Zdrnja}, title = {{Abusing Google Chrome extension syncing for data exfiltration and C&C}}, date = {2021-02-04}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/27066}, language = {English}, urldate = {2021-02-06} } Abusing Google Chrome extension syncing for data exfiltration and C&C
2021-02-03InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20210203:excel:8e949c9, author = {Brad Duncan}, title = {{Excel spreadsheets push SystemBC malware}}, date = {2021-02-03}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/Excel+spreadsheets+push+SystemBC+malware/27060/}, language = {English}, urldate = {2021-02-04} } Excel spreadsheets push SystemBC malware
Cobalt Strike SystemBC
2021-01-28InfoSec Handlers Diary BlogDaniel Wesemann
@online{wesemann:20210128:emotet:2939e8d, author = {Daniel Wesemann}, title = {{Emotet vs. Windows Attack Surface Reduction}}, date = {2021-01-28}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/27036}, language = {English}, urldate = {2021-01-29} } Emotet vs. Windows Attack Surface Reduction
Emotet
2021-01-22InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20210122:another:340e841, author = {Xavier Mertens}, title = {{Another File Extension to Block in your MTA: .jnlp}}, date = {2021-01-22}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/Another+File+Extension+to+Block+in+your+MTA+jnlp/27018/}, language = {English}, urldate = {2021-01-25} } Another File Extension to Block in your MTA: .jnlp
2021-01-21InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20210121:powershell:904be1b, author = {Xavier Mertens}, title = {{Powershell Dropping a REvil Ransomware}}, date = {2021-01-21}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/27012}, language = {English}, urldate = {2021-01-21} } Powershell Dropping a REvil Ransomware
REvil
2021-01-13InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20210113:hancitor:55f3ea5, author = {Brad Duncan}, title = {{Hancitor activity resumes after a hoilday break}}, date = {2021-01-13}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/Hancitor+activity+resumes+after+a+hoilday+break/26980/}, language = {English}, urldate = {2021-01-21} } Hancitor activity resumes after a hoilday break
Hancitor
2020-12-24InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20201224:malicious:df6eb1a, author = {Xavier Mertens}, title = {{Malicious Word Document Delivering an Octopus Backdoor}}, date = {2020-12-24}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/26918}, language = {English}, urldate = {2021-01-04} } Malicious Word Document Delivering an Octopus Backdoor
Octopus
2020-12-15InfoSec Handlers Diary BlogDidier Stevens
@online{stevens:20201215:analyzing:1aa1e8b, author = {Didier Stevens}, title = {{Analyzing FireEye Maldocs}}, date = {2020-12-15}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/26882}, language = {English}, urldate = {2020-12-15} } Analyzing FireEye Maldocs
2020-12-09InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20201209:recent:0992506, author = {Brad Duncan}, title = {{Recent Qakbot (Qbot) activity}}, date = {2020-12-09}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/26862}, language = {English}, urldate = {2020-12-10} } Recent Qakbot (Qbot) activity
Cobalt Strike QakBot
2020-11-03InfoSec Handlers Diary BlogRenato Marinho
@online{marinho:20201103:attackers:9b3762b, author = {Renato Marinho}, title = {{Attackers Exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike}}, date = {2020-11-03}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/26752}, language = {English}, urldate = {2020-11-06} } Attackers Exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike
Cobalt Strike
2020-05-23InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20200523:agenttesla:eba0b0c, author = {Xavier Mertens}, title = {{AgentTesla Delivered via a Malicious PowerPoint Add-In}}, date = {2020-05-23}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/}, language = {English}, urldate = {2020-05-27} } AgentTesla Delivered via a Malicious PowerPoint Add-In
Agent Tesla