Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-09-19Medium (@DCSO_CyTec)Johann Aydinbas
@online{aydinbas:20230919:shortandmalicious:a0cff0b, author = {Johann Aydinbas}, title = {{#ShortAndMalicious — DarkGate}}, date = {2023-09-19}, organization = {Medium (@DCSO_CyTec)}, url = {https://medium.com/@DCSO_CyTec/shortandmalicious-darkgate-d9102a457232}, language = {English}, urldate = {2023-09-20} } #ShortAndMalicious — DarkGate
DarkGate
2023-05-31Twitter (@jaydinbas)Johann Aydinbas
@online{aydinbas:20230531:about:19b2edc, author = {Johann Aydinbas}, title = {{Tweet about C++ payload delivered via ISO}}, date = {2023-05-31}, organization = {Twitter (@jaydinbas)}, url = {https://twitter.com/jaydinbas/status/1663916211975987201}, language = {English}, urldate = {2023-06-01} } Tweet about C++ payload delivered via ISO
Unidentified 104
2023-05-17Medium (@DCSO_CyTec)Johann Aydinbas, Emilia Neuber, Kritika Roy, Axel Wauer, Jiro Minier
@online{aydinbas:20230517:andariels:517dbe2, author = {Johann Aydinbas and Emilia Neuber and Kritika Roy and Axel Wauer and Jiro Minier}, title = {{Andariel’s “Jupiter” malware and the case of the curious C2}}, date = {2023-05-17}, organization = {Medium (@DCSO_CyTec)}, url = {https://medium.com/@DCSO_CyTec/andariels-jupiter-malware-and-the-case-of-the-curious-c2-dbfe29f57499}, language = {English}, urldate = {2023-05-21} } Andariel’s “Jupiter” malware and the case of the curious C2
Jupiter
2023-02-10DCSOJohann Aydinbas, Axel Wauer
@online{aydinbas:20230210:shortandmalicious:c26d7a5, author = {Johann Aydinbas and Axel Wauer}, title = {{#ShortAndMalicious — PikaBot and the Matanbuchus connection}}, date = {2023-02-10}, organization = {DCSO}, url = {https://medium.com/@DCSO_CyTec/shortandmalicious-pikabot-and-the-matanbuchus-connection-5e302644398}, language = {English}, urldate = {2023-02-15} } #ShortAndMalicious — PikaBot and the Matanbuchus connection
Pikabot
2022-12-19Twitter (@jaydinbas)Johann Aydinbas
@online{aydinbas:20221219:twitter:6e70f3d, author = {Johann Aydinbas}, title = {{Twitter thread describing ISO drop for Kami}}, date = {2022-12-19}, organization = {Twitter (@jaydinbas)}, url = {https://twitter.com/jaydinbas/status/1604918636422070289}, language = {English}, urldate = {2022-12-20} } Twitter thread describing ISO drop for Kami
Kami
2022-11-16Medium (@DCSO_CyTec)Johann Aydinbas, Axel Wauer
@online{aydinbas:20221116:hz:b5a2d6d, author = {Johann Aydinbas and Axel Wauer}, title = {{HZ RAT goes China}}, date = {2022-11-16}, organization = {Medium (@DCSO_CyTec)}, url = {https://medium.com/@DCSO_CyTec/hz-rat-goes-china-506854c5f2e2}, language = {English}, urldate = {2022-11-18} } HZ RAT goes China
HZ RAT
2022-11-08DCSOAxel Wauer, Johann Aydinbas
@online{wauer:20221108:shortandmalicious:21e0fa8, author = {Axel Wauer and Johann Aydinbas}, title = {{#ShortAndMalicious: StrelaStealer aims for mail credentials}}, date = {2022-11-08}, organization = {DCSO}, url = {https://medium.com/@DCSO_CyTec/shortandmalicious-strelastealer-aims-for-mail-credentials-a4c3e78c8abc}, language = {English}, urldate = {2022-11-11} } #ShortAndMalicious: StrelaStealer aims for mail credentials
StrelaStealer
2022-10-11Medium (@DCSO_CyTec)Axel Wauer, Johann Aydinbas, Denis Szadkowski
@online{wauer:20221011:tracking:7c6c193, author = {Axel Wauer and Johann Aydinbas and Denis Szadkowski}, title = {{Tracking down Maggie}}, date = {2022-10-11}, organization = {Medium (@DCSO_CyTec)}, url = {https://medium.com/@DCSO_CyTec/tracking-down-maggie-4d889872513d}, language = {English}, urldate = {2022-10-30} } Tracking down Maggie
Maggie
2022-10-04Medium (@DCSO_CyTec)Johann Aydinbas, Axel Wauer
@online{aydinbas:20221004:mssql:df4869a, author = {Johann Aydinbas and Axel Wauer}, title = {{MSSQL, meet Maggie}}, date = {2022-10-04}, organization = {Medium (@DCSO_CyTec)}, url = {https://medium.com/@DCSO_CyTec/mssql-meet-maggie-898773df3b01}, language = {English}, urldate = {2022-10-05} } MSSQL, meet Maggie
Maggie
2022-05-23DCSOJohann Aydinbas, Colin Murphy
@online{aydinbas:20220523:deal:00dc16f, author = {Johann Aydinbas and Colin Murphy}, title = {{A deal with the devil: Analysis of a recent Matanbuchus sample}}, date = {2022-05-23}, organization = {DCSO}, url = {https://medium.com/@DCSO_CyTec/a-deal-with-the-devil-analysis-of-a-recent-matanbuchus-sample-3ce991951d6a}, language = {English}, urldate = {2022-05-24} } A deal with the devil: Analysis of a recent Matanbuchus sample
Matanbuchus
2022-03-01Github (usualsuspect)Johann Aydinbas
@online{aydinbas:20220301:python:1e7cf7b, author = {Johann Aydinbas}, title = {{Python script to decrypt embedded driver used in Daxin}}, date = {2022-03-01}, organization = {Github (usualsuspect)}, url = {https://gist.github.com/usualsuspect/839fbc54e0d76bb2626329cd94274cd6}, language = {English}, urldate = {2022-03-07} } Python script to decrypt embedded driver used in Daxin
Daxin
2021-06-25GdataKarsten Hahn, Takahiro Haruyama, Johann Aydinbas, Florian Roth
@online{hahn:20210625:microsoft:7ba11af, author = {Karsten Hahn and Takahiro Haruyama and Johann Aydinbas and Florian Roth}, title = {{Microsoft signed a malicious Netfilter rootkit}}, date = {2021-06-25}, organization = {Gdata}, url = {https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit}, language = {English}, urldate = {2021-06-29} } Microsoft signed a malicious Netfilter rootkit
NetfilterRootkit
2019-05-02Usual Suspect REJohann Aydinbas
@online{aydinbas:20190502:formbook:d1ef715, author = {Johann Aydinbas}, title = {{FormBook - Hiding in plain sight}}, date = {2019-05-02}, organization = {Usual Suspect RE}, url = {https://usualsuspect.re/article/formbook-hiding-in-plain-sight}, language = {English}, urldate = {2020-01-13} } FormBook - Hiding in plain sight
Formbook