Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-09InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220609:ta570:a51c1eb, author = {Brad Duncan}, title = {{TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)}}, date = {2022-06-09}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28728}, language = {English}, urldate = {2022-06-09} } TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
QakBot
2022-05-20CybleincCyble
@online{cyble:20220520:malware:c20f29f, author = {Cyble}, title = {{Malware Campaign Targets InfoSec Community: Threat Actor Uses Fake Proof Of Concept To Deliver Cobalt-Strike Beacon}}, date = {2022-05-20}, organization = {Cybleinc}, url = {https://blog.cyble.com/2022/05/20/malware-campaign-targets-infosec-community-threat-actor-uses-fake-proof-of-concept-to-deliver-cobalt-strike-beacon/}, language = {English}, urldate = {2022-05-23} } Malware Campaign Targets InfoSec Community: Threat Actor Uses Fake Proof Of Concept To Deliver Cobalt-Strike Beacon
Cobalt Strike
2022-05-19InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220519:bumblebee:20c59e6, author = {Brad Duncan}, title = {{Bumblebee Malware from TransferXL URLs}}, date = {2022-05-19}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28664}, language = {English}, urldate = {2022-05-25} } Bumblebee Malware from TransferXL URLs
BumbleBee Cobalt Strike
2022-05-11InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220511:ta578:0a0a686, author = {Brad Duncan}, title = {{TA578 using thread-hijacked emails to push ISO files for Bumblebee malware}}, date = {2022-05-11}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/28636}, language = {English}, urldate = {2022-05-11} } TA578 using thread-hijacked emails to push ISO files for Bumblebee malware
BumbleBee Cobalt Strike IcedID PhotoLoader
2022-05-09InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20220509:octopus:e3787d9, author = {Xavier Mertens}, title = {{Octopus Backdoor is Back with a New Embedded Obfuscated Bat File}}, date = {2022-05-09}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28628}, language = {English}, urldate = {2022-05-17} } Octopus Backdoor is Back with a New Embedded Obfuscated Bat File
Octopus
2022-04-27CYBER GEEKS All Things InfosecCyberMasterV
@online{cybermasterv:20220427:reverse:09cb18a, author = {CyberMasterV}, title = {{Reverse Engineering PsExec for fun and knowledge}}, date = {2022-04-27}, organization = {CYBER GEEKS All Things Infosec}, url = {https://cybergeeks.tech/reverse-engineering-psexec-for-fun-and-knowledge/}, language = {English}, urldate = {2022-05-09} } Reverse Engineering PsExec for fun and knowledge
2022-04-06InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220406:windows:3802dbd, author = {Brad Duncan}, title = {{Windows MetaStealer Malware}}, date = {2022-04-06}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/Windows+MetaStealer+Malware/28522/}, language = {English}, urldate = {2022-05-05} } Windows MetaStealer Malware
MetaStealer
2022-03-23InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220323:arkei:b2a08f5, author = {Brad Duncan}, title = {{Arkei Variants: From Vidar to Mars Stealer}}, date = {2022-03-23}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28468}, language = {English}, urldate = {2022-03-25} } Arkei Variants: From Vidar to Mars Stealer
Arkei Stealer Mars Stealer Vidar
2022-03-16InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220316:qakbot:ff11e1e, author = {Brad Duncan}, title = {{Qakbot infection with Cobalt Strike and VNC activity}}, date = {2022-03-16}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28448}, language = {English}, urldate = {2022-03-17} } Qakbot infection with Cobalt Strike and VNC activity
Cobalt Strike QakBot
2022-01-20SANS ISC InfoSec ForumsXavier Mertens
@online{mertens:20220120:redline:87c27db, author = {Xavier Mertens}, title = {{RedLine Stealer Delivered Through FTP}}, date = {2022-01-20}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/RedLine+Stealer+Delivered+Through+FTP/28258/}, language = {English}, urldate = {2022-01-24} } RedLine Stealer Delivered Through FTP
RedLine Stealer
2022-01-19InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220119:0000:cdac125, author = {Brad Duncan}, title = {{0.0.0.0 in Emotet Spambot Traffic}}, date = {2022-01-19}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28254}, language = {English}, urldate = {2022-01-24} } 0.0.0.0 in Emotet Spambot Traffic
Emotet
2021-12-31InfoSec Handlers Diary BlogJan Kopriva
@online{kopriva:20211231:do:8a36b66, author = {Jan Kopriva}, title = {{Do you want your Agent Tesla in the 300 MB or 8 kB package?}}, date = {2021-12-31}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/28202}, language = {English}, urldate = {2022-01-05} } Do you want your Agent Tesla in the 300 MB or 8 kB package?
Agent Tesla
2021-12-30InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20211230:agent:2b24ea4, author = {Brad Duncan}, title = {{Agent Tesla Updates SMTP Data Exfiltration Technique}}, date = {2021-12-30}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28190}, language = {English}, urldate = {2022-01-03} } Agent Tesla Updates SMTP Data Exfiltration Technique
Agent Tesla
2021-12-20InfoSec Handlers Diary BlogJan Kopriva, Alef Nula
@online{kopriva:20211220:powerpoint:917c614, author = {Jan Kopriva and Alef Nula}, title = {{PowerPoint attachments, Agent Tesla and code reuse in malware}}, date = {2021-12-20}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/PowerPoint+attachments+Agent+Tesla+and+code+reuse+in+malware/28154/}, language = {English}, urldate = {2021-12-31} } PowerPoint attachments, Agent Tesla and code reuse in malware
Agent Tesla
2021-12-16InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20211216:how:6fd0b06, author = {Brad Duncan}, title = {{How the "Contact Forms" campaign tricks people}}, date = {2021-12-16}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/How+the+Contact+Forms+campaign+tricks+people/28142/}, language = {English}, urldate = {2021-12-31} } How the "Contact Forms" campaign tricks people
IcedID
2021-12-03SANS ISC InfoSec ForumsBrad Duncan
@online{duncan:20211203:ta551:f71be57, author = {Brad Duncan}, title = {{TA551 (Shathak) pushes IcedID (Bokbot)}}, date = {2021-12-03}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/TA551+Shathak+pushes+IcedID+Bokbot/28092/}, language = {English}, urldate = {2021-12-06} } TA551 (Shathak) pushes IcedID (Bokbot)
IcedID
2021-11-30CYBER GEEKS All Things InfosecCyberMasterV
@online{cybermasterv:20211130:just:d5f53c9, author = {CyberMasterV}, title = {{Just another analysis of the njRAT malware – A step-by-step approach}}, date = {2021-11-30}, organization = {CYBER GEEKS All Things Infosec}, url = {https://cybergeeks.tech/just-another-analysis-of-the-njrat-malware-a-step-by-step-approach/}, language = {English}, urldate = {2021-12-06} } Just another analysis of the njRAT malware – A step-by-step approach
NjRAT
2021-11-16InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20211116:emotet:3545954, author = {Brad Duncan}, title = {{Emotet Returns}}, date = {2021-11-16}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/28044}, language = {English}, urldate = {2021-11-17} } Emotet Returns
Emotet
2021-10-31CYBER GEEKS All Things InfosecCyberMasterV
@online{cybermasterv:20211031:detailed:290dacf, author = {CyberMasterV}, title = {{A detailed analysis of the STOP/Djvu Ransomware}}, date = {2021-10-31}, organization = {CYBER GEEKS All Things Infosec}, url = {https://cybergeeks.tech/a-detailed-analysis-of-the-stop-djvu-ransomware/}, language = {English}, urldate = {2021-11-08} } A detailed analysis of the STOP/Djvu Ransomware
STOP
2021-09-29CYBER GEEKS All Things InfosecCyberMasterV
@online{cybermasterv:20210929:how:b7fbf82, author = {CyberMasterV}, title = {{How to defeat the Russian Dukes: A step-by-step analysis of MiniDuke used by APT29/Cozy Bear}}, date = {2021-09-29}, organization = {CYBER GEEKS All Things Infosec}, url = {https://cybergeeks.tech/how-to-defeat-the-russian-dukes-a-step-by-step-analysis-of-miniduke-used-by-apt29-cozy-bear/}, language = {English}, urldate = {2021-10-14} } How to defeat the Russian Dukes: A step-by-step analysis of MiniDuke used by APT29/Cozy Bear
MiniDuke