Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-14RiskIQJordan Herman
@online{herman:20220114:riskiq:f4f5b68, author = {Jordan Herman}, title = {{RiskIQ: Unique SSL Certificates and JARM Hash Connected to Emotet and Dridex C2 Servers}}, date = {2022-01-14}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/2cd1c003}, language = {English}, urldate = {2022-01-18} } RiskIQ: Unique SSL Certificates and JARM Hash Connected to Emotet and Dridex C2 Servers
Dridex Emotet
2021-12-13RiskIQJordan Herman
@online{herman:20211213:riskiq:82a7631, author = {Jordan Herman}, title = {{RiskIQ: Connections between Nanocore, Netwire, and AsyncRAT and Vjw0rm dynamic DNS C2 infrastructure}}, date = {2021-12-13}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/24759ad2}, language = {English}, urldate = {2022-01-18} } RiskIQ: Connections between Nanocore, Netwire, and AsyncRAT and Vjw0rm dynamic DNS C2 infrastructure
AsyncRAT Nanocore RAT NetWire RC Vjw0rm
2021-12-01RiskIQJordan Herman
@online{herman:20211201:bulletproof:1ada142, author = {Jordan Herman}, title = {{Bulletproof Hosting Services: Investigating Shinjiru Technology Sdn Bhd}}, date = {2021-12-01}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/cb658730}, language = {English}, urldate = {2021-12-23} } Bulletproof Hosting Services: Investigating Shinjiru Technology Sdn Bhd
2021-10-06zimperiumJordan Herman
@online{herman:20211006:malware:7f7f055, author = {Jordan Herman}, title = {{Malware Distribution with Mana Tools}}, date = {2021-10-06}, organization = {zimperium}, url = {https://community.riskiq.com/article/56e28880}, language = {English}, urldate = {2021-10-11} } Malware Distribution with Mana Tools
Agent Tesla Azorult
2021-09-22RiskIQKelsey Clapp, Jordan Herman
@online{clapp:20210922:bom:b738b21, author = {Kelsey Clapp and Jordan Herman}, title = {{The Bom Skimmer and MageCart Group 7}}, date = {2021-09-22}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/743ea75b/description}, language = {English}, urldate = {2021-09-24} } The Bom Skimmer and MageCart Group 7
magecart
2021-08-25RiskIQJordan Herman
@online{herman:20210825:eitest:e4c2c31, author = {Jordan Herman}, title = {{EITest: Linkages to the Ongoing Malware Delivery Campaign Referred to as "Gootloader"}}, date = {2021-08-25}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/f5d5ed38}, language = {English}, urldate = {2021-08-30} } EITest: Linkages to the Ongoing Malware Delivery Campaign Referred to as "Gootloader"
GootLoader
2021-07-28RiskIQJennifer Grob, Jordan Herman
@online{grob:20210728:use:8287989, author = {Jennifer Grob and Jordan Herman}, title = {{Use of XAMPP Web Component to Identify Agent Tesla Infrastructure}}, date = {2021-07-28}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/40000d46}, language = {English}, urldate = {2021-07-29} } Use of XAMPP Web Component to Identify Agent Tesla Infrastructure
Agent Tesla
2021-07-14RiskIQJordan Herman
@online{herman:20210714:bulletproof:6b4372f, author = {Jordan Herman}, title = {{Bulletproof Hosting Services: Investigating Media Land LLC, Part 2}}, date = {2021-07-14}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/7b83636f}, language = {English}, urldate = {2021-07-20} } Bulletproof Hosting Services: Investigating Media Land LLC, Part 2
2021-06-30RiskIQJennifer Grob, Jordan Herman
@online{grob:20210630:bulletproof:5d71486, author = {Jennifer Grob and Jordan Herman}, title = {{Bulletproof Hosting Services: Investigating Media Land LLC}}, date = {2021-06-30}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/49db7be3}, language = {English}, urldate = {2021-07-02} } Bulletproof Hosting Services: Investigating Media Land LLC
2021-06-16RiskIQJordan Herman
@online{herman:20210616:bit2check:760db1e, author = {Jordan Herman}, title = {{Bit2Check: Investigating Actors in the Carding Space}}, date = {2021-06-16}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/f1e8399e}, language = {English}, urldate = {2021-06-21} } Bit2Check: Investigating Actors in the Carding Space
2021-05-26RiskIQJordan Herman
@online{herman:20210526:mobileinter:bfb90e8, author = {Jordan Herman}, title = {{The MobileInter Skimmer: Hosted by Google, Hiding in Images}}, date = {2021-05-26}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/8109e7ab}, language = {English}, urldate = {2021-06-09} } The MobileInter Skimmer: Hosted by Google, Hiding in Images
2021-04-22RiskIQAdam Castleman, Jordan Herman
@online{castleman:20210422:stealing:d799b15, author = {Adam Castleman and Jordan Herman}, title = {{Stealing All Your Information For Years With Shadow Z118 PayPal Phish Kits}}, date = {2021-04-22}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/50bcba95}, language = {English}, urldate = {2021-04-28} } Stealing All Your Information For Years With Shadow Z118 PayPal Phish Kits
2021-04-07RiskIQAdam Castleman, Jordan Herman
@online{castleman:20210407:yanbian:dcf9de9, author = {Adam Castleman and Jordan Herman}, title = {{Yanbian Gang Malware Continues with Wide-Scale Distribution and C2}}, date = {2021-04-07}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/f88ed16f/description}, language = {English}, urldate = {2021-04-09} } Yanbian Gang Malware Continues with Wide-Scale Distribution and C2
2021-02-24RiskIQJordan Herman
@online{herman:20210224:turkey:2d3f340, author = {Jordan Herman}, title = {{Turkey Dog: Cerberus and Anubis Banking Trojans Target Turkish Speakers}}, date = {2021-02-24}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/85b3db8c}, language = {English}, urldate = {2021-02-25} } Turkey Dog: Cerberus and Anubis Banking Trojans Target Turkish Speakers
Anubis Cerberus
2021-01-14RiskIQJordan Herman
@online{herman:20210114:medialand:3f603bd, author = {Jordan Herman}, title = {{MediaLand: Magecart and Bulletproof Hosting}}, date = {2021-01-14}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/5bea32aa}, language = {English}, urldate = {2021-01-21} } MediaLand: Magecart and Bulletproof Hosting
magecart
2020-12-16RiskIQMia Ihm, Cory Kennedy, Jordan Herman
@online{ihm:20201216:skimming:608e648, author = {Mia Ihm and Cory Kennedy and Jordan Herman}, title = {{Skimming a Little Off the Top: Meyhod’s Skimming Methods Hit Hairloss Specialists}}, date = {2020-12-16}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/14924d61}, language = {English}, urldate = {2020-12-17} } Skimming a Little Off the Top: Meyhod’s Skimming Methods Hit Hairloss Specialists
magecart
2020-11-18RiskIQJordan Herman
@online{herman:20201118:grelos:7b6e4d2, author = {Jordan Herman}, title = {{The Grelos Skimmer: A New Variant}}, date = {2020-11-18}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/8c4b4a7a}, language = {English}, urldate = {2020-11-23} } The Grelos Skimmer: A New Variant
grelos
2020-11-11RiskIQJordan Herman
@online{herman:20201111:magecart:8137a1f, author = {Jordan Herman}, title = {{Magecart Group 12: End of Life Magento Sites Infested with Ants and Cockroaches}}, date = {2020-11-11}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/fda1f967}, language = {English}, urldate = {2020-11-18} } Magecart Group 12: End of Life Magento Sites Infested with Ants and Cockroaches
magecart
2020-09-02RiskIQJordan Herman
@online{herman:20200902:inter:93b8c50, author = {Jordan Herman}, title = {{The Inter Skimmer Kit}}, date = {2020-09-02}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/30f22a00}, language = {English}, urldate = {2020-09-04} } The Inter Skimmer Kit
magecart DreamBot TeslaCrypt
2020-06-09RiskIQJordan Herman
@online{herman:20200609:misconfigured:75c6908, author = {Jordan Herman}, title = {{Misconfigured Amazon S3 Buckets Continue to be a Launchpad for Malicious Code}}, date = {2020-06-09}, organization = {RiskIQ}, url = {https://www.riskiq.com/blog/labs/misconfigured-s3-buckets/}, language = {English}, urldate = {2020-06-10} } Misconfigured Amazon S3 Buckets Continue to be a Launchpad for Malicious Code
magecart