Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-12-31InfoSec Handlers Diary BlogJan Kopriva
@online{kopriva:20211231:do:8a36b66, author = {Jan Kopriva}, title = {{Do you want your Agent Tesla in the 300 MB or 8 kB package?}}, date = {2021-12-31}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/28202}, language = {English}, urldate = {2022-01-05} } Do you want your Agent Tesla in the 300 MB or 8 kB package?
Agent Tesla
2021-12-30InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20211230:agent:2b24ea4, author = {Brad Duncan}, title = {{Agent Tesla Updates SMTP Data Exfiltration Technique}}, date = {2021-12-30}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28190}, language = {English}, urldate = {2022-01-03} } Agent Tesla Updates SMTP Data Exfiltration Technique
Agent Tesla
2021-12-20InfoSec Handlers Diary BlogJan Kopriva, Alef Nula
@online{kopriva:20211220:powerpoint:917c614, author = {Jan Kopriva and Alef Nula}, title = {{PowerPoint attachments, Agent Tesla and code reuse in malware}}, date = {2021-12-20}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/PowerPoint+attachments+Agent+Tesla+and+code+reuse+in+malware/28154/}, language = {English}, urldate = {2021-12-31} } PowerPoint attachments, Agent Tesla and code reuse in malware
Agent Tesla
2021-12-16InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20211216:how:6fd0b06, author = {Brad Duncan}, title = {{How the "Contact Forms" campaign tricks people}}, date = {2021-12-16}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/How+the+Contact+Forms+campaign+tricks+people/28142/}, language = {English}, urldate = {2021-12-31} } How the "Contact Forms" campaign tricks people
IcedID
2021-12-03SANS ISC InfoSec ForumsBrad Duncan
@online{duncan:20211203:ta551:f71be57, author = {Brad Duncan}, title = {{TA551 (Shathak) pushes IcedID (Bokbot)}}, date = {2021-12-03}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/TA551+Shathak+pushes+IcedID+Bokbot/28092/}, language = {English}, urldate = {2021-12-06} } TA551 (Shathak) pushes IcedID (Bokbot)
IcedID
2021-11-30CYBER GEEKS All Things InfosecCyberMasterV
@online{cybermasterv:20211130:just:d5f53c9, author = {CyberMasterV}, title = {{Just another analysis of the njRAT malware – A step-by-step approach}}, date = {2021-11-30}, organization = {CYBER GEEKS All Things Infosec}, url = {https://cybergeeks.tech/just-another-analysis-of-the-njrat-malware-a-step-by-step-approach/}, language = {English}, urldate = {2021-12-06} } Just another analysis of the njRAT malware – A step-by-step approach
NjRAT
2021-11-16InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20211116:emotet:3545954, author = {Brad Duncan}, title = {{Emotet Returns}}, date = {2021-11-16}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/28044}, language = {English}, urldate = {2021-11-17} } Emotet Returns
Emotet
2021-10-31CYBER GEEKS All Things InfosecCyberMasterV
@online{cybermasterv:20211031:detailed:290dacf, author = {CyberMasterV}, title = {{A detailed analysis of the STOP/Djvu Ransomware}}, date = {2021-10-31}, organization = {CYBER GEEKS All Things Infosec}, url = {https://cybergeeks.tech/a-detailed-analysis-of-the-stop-djvu-ransomware/}, language = {English}, urldate = {2021-11-08} } A detailed analysis of the STOP/Djvu Ransomware
STOP
2021-09-29CYBER GEEKS All Things InfosecCyberMasterV
@online{cybermasterv:20210929:how:b7fbf82, author = {CyberMasterV}, title = {{How to defeat the Russian Dukes: A step-by-step analysis of MiniDuke used by APT29/Cozy Bear}}, date = {2021-09-29}, organization = {CYBER GEEKS All Things Infosec}, url = {https://cybergeeks.tech/how-to-defeat-the-russian-dukes-a-step-by-step-analysis-of-miniduke-used-by-apt29-cozy-bear/}, language = {English}, urldate = {2021-10-14} } How to defeat the Russian Dukes: A step-by-step analysis of MiniDuke used by APT29/Cozy Bear
MiniDuke
2021-09-28HolisticInfosecRuss McRee
@online{mcree:20210928:zircolite:a9dbceb, author = {Russ McRee}, title = {{Zircolite vs Defense Evasion & Nobellium FoggyWeb}}, date = {2021-09-28}, organization = {HolisticInfosec}, url = {https://holisticinfosec.io/post/2021-09-28-zircolite/}, language = {English}, urldate = {2021-10-11} } Zircolite vs Defense Evasion & Nobellium FoggyWeb
2021-09-01InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20210901:strrat:82432b9, author = {Brad Duncan}, title = {{STRRAT: a Java-based RAT that doesn't care if you have Java}}, date = {2021-09-01}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/27798}, language = {English}, urldate = {2021-09-02} } STRRAT: a Java-based RAT that doesn't care if you have Java
STRRAT
2021-07-24InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20210724:agenttesla:2876aef, author = {Xavier Mertens}, title = {{Agent.Tesla Dropped via a .daa Image and Talking to Telegram}}, date = {2021-07-24}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/27666}, language = {English}, urldate = {2021-07-26} } Agent.Tesla Dropped via a .daa Image and Talking to Telegram
Agent Tesla
2021-07-09InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20210709:hancitor:814e815, author = {Brad Duncan}, title = {{Hancitor tries XLL as initial malware file}}, date = {2021-07-09}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/27618}, language = {English}, urldate = {2021-07-19} } Hancitor tries XLL as initial malware file
Cobalt Strike Hancitor
2021-06-21RECON INFOSECAndrew Cook
@online{cook:20210621:encounter:a6f5f76, author = {Andrew Cook}, title = {{An Encounter With Ransomware-as-a-Service: MEGAsync Analysis}}, date = {2021-06-21}, organization = {RECON INFOSEC}, url = {https://blog.reconinfosec.com/megasync-analysis/}, language = {English}, urldate = {2021-06-22} } An Encounter With Ransomware-as-a-Service: MEGAsync Analysis
2021-06-14CYBER GEEKS All Things InfosecCyberMasterV
@online{cybermasterv:20210614:stepbystep:6b4b871, author = {CyberMasterV}, title = {{A Step-by-Step Analysis of a New Version of DarkSide Ransomware}}, date = {2021-06-14}, organization = {CYBER GEEKS All Things Infosec}, url = {https://cybergeeks.tech/a-step-by-step-analysis-of-a-new-version-of-darkside-ransomware/}, language = {English}, urldate = {2021-06-22} } A Step-by-Step Analysis of a New Version of DarkSide Ransomware
DarkSide
2021-05-18RECON INFOSECAndrew Cook
@online{cook:20210518:encounter:c4ef6d9, author = {Andrew Cook}, title = {{An Encounter With TA551/Shathak}}, date = {2021-05-18}, organization = {RECON INFOSEC}, url = {https://blog.reconinfosec.com/an-encounter-with-ta551-shathak}, language = {English}, urldate = {2021-05-25} } An Encounter With TA551/Shathak
IcedID
2021-04-19InfoSec Handlers Diary BlogJan Kopriva
@online{kopriva:20210419:hunting:021a759, author = {Jan Kopriva}, title = {{Hunting phishing websites with favicon hashes}}, date = {2021-04-19}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/Hunting+phishing+websites+with+favicon+hashes/27326/}, language = {English}, urldate = {2021-04-20} } Hunting phishing websites with favicon hashes
2021-04-14InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20210414:april:4a29cb5, author = {Brad Duncan}, title = {{April 2021 Forensic Quiz: Answers and Analysis}}, date = {2021-04-14}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/27308}, language = {English}, urldate = {2021-04-14} } April 2021 Forensic Quiz: Answers and Analysis
Anchor BazarBackdoor Cobalt Strike
2021-04-06InfoSec Handlers Diary BlogJan Kopriva
@online{kopriva:20210406:malspam:817a035, author = {Jan Kopriva}, title = {{Malspam with Lokibot vs. Outlook and RFCs}}, date = {2021-04-06}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/27282}, language = {English}, urldate = {2021-04-06} } Malspam with Lokibot vs. Outlook and RFCs
Loki Password Stealer (PWS)
2021-03-31InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20210331:quick:56fcc20, author = {Xavier Mertens}, title = {{Quick Analysis of a Modular InfoStealer}}, date = {2021-03-31}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/27264}, language = {English}, urldate = {2021-03-31} } Quick Analysis of a Modular InfoStealer
Amadey