Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-04-12InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20230412:recent:66863ee, author = {Brad Duncan}, title = {{Recent IcedID (Bokbot) activity}}, date = {2023-04-12}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/29740}, language = {English}, urldate = {2023-04-18} } Recent IcedID (Bokbot) activity
IcedID PhotoLoader
2022-11-16Ruptura InfoSecurityRad Kawar
@online{kawar:20221116:writing:5bf0a41, author = {Rad Kawar}, title = {{Writing Tiny, Stealthy & Reliable Malware}}, date = {2022-11-16}, organization = {Ruptura InfoSecurity}, url = {https://ruptura-infosec.com/blog/writing-tiny-stealthy-reliable-malware/}, language = {English}, urldate = {2022-11-18} } Writing Tiny, Stealthy & Reliable Malware
2022-09-12Infosec WriteupsAaron Stratton
@online{stratton:20220912:raccoon:3a04b24, author = {Aaron Stratton}, title = {{Raccoon Stealer v2 Malware Analysis}}, date = {2022-09-12}, organization = {Infosec Writeups}, url = {https://infosecwriteups.com/raccoon-stealer-v2-malware-analysis-55cc33774ac8}, language = {English}, urldate = {2022-09-26} } Raccoon Stealer v2 Malware Analysis
Raccoon RecordBreaker
2022-08-30CYBER GEEKS All Things InfosecCyberMasterV
@online{cybermasterv:20220830:chromeloader:b050f70, author = {CyberMasterV}, title = {{ChromeLoader Browser Hijacker}}, date = {2022-08-30}, organization = {CYBER GEEKS All Things Infosec}, url = {https://cybergeeks.tech/chromeloader-browser-hijacker}, language = {English}, urldate = {2022-08-31} } ChromeLoader Browser Hijacker
Choziosi
2022-08-29CYBER GEEKS All Things InfosecCyberMasterV
@online{cybermasterv:20220829:technical:c339986, author = {CyberMasterV}, title = {{A Technical Analysis of Pegasus for Android – Part 1}}, date = {2022-08-29}, organization = {CYBER GEEKS All Things Infosec}, url = {https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-1}, language = {English}, urldate = {2022-08-31} } A Technical Analysis of Pegasus for Android – Part 1
Chrysaor
2022-08-11xanhacks' infosec blogxanhacks
@online{xanhacks:20220811:moqhao:a27e664, author = {xanhacks}, title = {{MoqHao Android malware analysis and phishing campaign}}, date = {2022-08-11}, organization = {xanhacks' infosec blog}, url = {https://www.xanhacks.xyz/p/moqhao-malware-analysis}, language = {English}, urldate = {2022-08-22} } MoqHao Android malware analysis and phishing campaign
MoqHao
2022-07-26CYBER GEEKS All Things InfosecCyberMasterV
@online{cybermasterv:20220726:how:3f5d6fc, author = {CyberMasterV}, title = {{HOW to Analyze Linux Malware - A Case Study of Symbiote}}, date = {2022-07-26}, organization = {CYBER GEEKS All Things Infosec}, url = {https://cybergeeks.tech/how-to-analyze-linux-malware-a-case-study-of-symbiote}, language = {English}, urldate = {2022-08-31} } HOW to Analyze Linux Malware - A Case Study of Symbiote
Symbiote
2022-06-30CYBER GEEKS All Things InfosecCyberMasterV
@online{cybermasterv:20220630:how:035d973, author = {CyberMasterV}, title = {{How to Expose a Potential Cybercriminal due to Misconfigurations}}, date = {2022-06-30}, organization = {CYBER GEEKS All Things Infosec}, url = {https://cybergeeks.tech/how-to-expose-a-potential-cybercriminal-due-to-misconfigurations}, language = {English}, urldate = {2022-08-31} } How to Expose a Potential Cybercriminal due to Misconfigurations
Loki Password Stealer (PWS)
2022-06-09InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220609:ta570:a51c1eb, author = {Brad Duncan}, title = {{TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)}}, date = {2022-06-09}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28728}, language = {English}, urldate = {2022-06-09} } TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
QakBot
2022-05-20CybleincCyble
@online{cyble:20220520:malware:c20f29f, author = {Cyble}, title = {{Malware Campaign Targets InfoSec Community: Threat Actor Uses Fake Proof Of Concept To Deliver Cobalt-Strike Beacon}}, date = {2022-05-20}, organization = {Cybleinc}, url = {https://blog.cyble.com/2022/05/20/malware-campaign-targets-infosec-community-threat-actor-uses-fake-proof-of-concept-to-deliver-cobalt-strike-beacon/}, language = {English}, urldate = {2022-05-23} } Malware Campaign Targets InfoSec Community: Threat Actor Uses Fake Proof Of Concept To Deliver Cobalt-Strike Beacon
Cobalt Strike
2022-05-19InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220519:bumblebee:20c59e6, author = {Brad Duncan}, title = {{Bumblebee Malware from TransferXL URLs}}, date = {2022-05-19}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28664}, language = {English}, urldate = {2022-05-25} } Bumblebee Malware from TransferXL URLs
BumbleBee Cobalt Strike
2022-05-19InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220519:bumblebee:0703c7d, author = {Brad Duncan}, title = {{Bumblebee Malware from TransferXL URLs}}, date = {2022-05-19}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/Bumblebee+Malware+from+TransferXL+URLs/28664}, language = {English}, urldate = {2023-04-06} } Bumblebee Malware from TransferXL URLs
BumbleBee Cobalt Strike
2022-05-11InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220511:ta578:0a0a686, author = {Brad Duncan}, title = {{TA578 using thread-hijacked emails to push ISO files for Bumblebee malware}}, date = {2022-05-11}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/28636}, language = {English}, urldate = {2022-05-11} } TA578 using thread-hijacked emails to push ISO files for Bumblebee malware
BumbleBee Cobalt Strike IcedID PhotoLoader
2022-05-09InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20220509:octopus:e3787d9, author = {Xavier Mertens}, title = {{Octopus Backdoor is Back with a New Embedded Obfuscated Bat File}}, date = {2022-05-09}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28628}, language = {English}, urldate = {2022-05-17} } Octopus Backdoor is Back with a New Embedded Obfuscated Bat File
Octopus
2022-04-27CYBER GEEKS All Things InfosecCyberMasterV
@online{cybermasterv:20220427:reverse:09cb18a, author = {CyberMasterV}, title = {{Reverse Engineering PsExec for fun and knowledge}}, date = {2022-04-27}, organization = {CYBER GEEKS All Things Infosec}, url = {https://cybergeeks.tech/reverse-engineering-psexec-for-fun-and-knowledge/}, language = {English}, urldate = {2022-05-09} } Reverse Engineering PsExec for fun and knowledge
2022-04-20InfoSec InstitutePedro Tavares
@online{tavares:20220420:mars:6bb8872, author = {Pedro Tavares}, title = {{Mars Stealer malware analysis}}, date = {2022-04-20}, organization = {InfoSec Institute}, url = {https://resources.infosecinstitute.com/topic/mars-stealer-malware-analysis/}, language = {English}, urldate = {2022-07-25} } Mars Stealer malware analysis
Mars Stealer
2022-04-06InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220406:windows:3802dbd, author = {Brad Duncan}, title = {{Windows MetaStealer Malware}}, date = {2022-04-06}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/Windows+MetaStealer+Malware/28522/}, language = {English}, urldate = {2022-05-05} } Windows MetaStealer Malware
MetaStealer
2022-03-23InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220323:arkei:f9a44a4, author = {Brad Duncan}, title = {{Arkei Variants: From Vidar to Mars Stealer}}, date = {2022-03-23}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/Arkei+Variants%3A+From+Vidar+to+Mars+Stealer/28468}, language = {English}, urldate = {2023-04-25} } Arkei Variants: From Vidar to Mars Stealer
Arkei Stealer Mars Stealer Oski Stealer Vidar
2022-03-23InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220323:arkei:b2a08f5, author = {Brad Duncan}, title = {{Arkei Variants: From Vidar to Mars Stealer}}, date = {2022-03-23}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28468}, language = {English}, urldate = {2022-03-25} } Arkei Variants: From Vidar to Mars Stealer
Arkei Stealer Mars Stealer Vidar
2022-03-16InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220316:qakbot:ff11e1e, author = {Brad Duncan}, title = {{Qakbot infection with Cobalt Strike and VNC activity}}, date = {2022-03-16}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28448}, language = {English}, urldate = {2022-03-17} } Qakbot infection with Cobalt Strike and VNC activity
Cobalt Strike QakBot