Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-11-25Github (struppigel)Karsten Hahn
@online{hahn:20221125:python:ec3b5d3, author = {Karsten Hahn}, title = {{Python script to decode NightHawk strings}}, date = {2022-11-25}, organization = {Github (struppigel)}, url = {https://github.com/struppigel/hedgehog-tools/blob/main/nighthawk_str_decoder.py}, language = {English}, urldate = {2022-11-28} } Python script to decode NightHawk strings
Nighthawk
2022-09-05Karsten Hahn
@online{hahn:20220905:icarus:ed666f8, author = {Karsten Hahn}, title = {{Icarus Stealer}}, date = {2022-09-05}, url = {https://twitter.com/struppigel/status/1566685309093511170}, language = {English}, urldate = {2022-10-14} } Icarus Stealer
Icarus
2022-03-24Twitter (@struppigel)Karsten Hahn
@online{hahn:20220324:ginzo:3ae1c21, author = {Karsten Hahn}, title = {{Tweet on Ginzo Stealer}}, date = {2022-03-24}, organization = {Twitter (@struppigel)}, url = {https://twitter.com/struppigel/status/1506933328599044100}, language = {English}, urldate = {2022-03-28} } Tweet on Ginzo Stealer
Ginzo Stealer
2022-03-09Twitter (@struppigel)Karsten Hahn
@online{hahn:20220309:tweets:85df9d1, author = {Karsten Hahn}, title = {{Tweets detailing NominatusToxicBattery}}, date = {2022-03-09}, organization = {Twitter (@struppigel)}, url = {https://twitter.com/struppigel/status/1501473254787198977}, language = {English}, urldate = {2022-11-21} } Tweets detailing NominatusToxicBattery
NominatusToxicBattery
2022-03-08Twitter (@struppigel)Karsten Hahn
@online{hahn:20220308:kazyloader:9ce00d5, author = {Karsten Hahn}, title = {{Tweet on KazyLoader}}, date = {2022-03-08}, organization = {Twitter (@struppigel)}, url = {https://twitter.com/struppigel/status/1501105224819392516}, language = {English}, urldate = {2022-03-08} } Tweet on KazyLoader
KazyLoader
2022-02-28Twitter (@struppigel)Karsten Hahn
@online{hahn:20220228:gofing:a128982, author = {Karsten Hahn}, title = {{Tweet on Gofing discovery}}, date = {2022-02-28}, organization = {Twitter (@struppigel)}, url = {https://twitter.com/struppigel/status/1498229809675214849}, language = {English}, urldate = {2022-03-18} } Tweet on Gofing discovery
Gofing
2022-02-14GdataKarsten Hahn
@online{hahn:20220214:allcome:4f9515e, author = {Karsten Hahn}, title = {{Allcome clipbanker is a newcomer in underground forums}}, date = {2022-02-14}, organization = {Gdata}, url = {https://www.gdatasoftware.com/blog/2022/02/37239-allcome-clipbanker-is-a-newcomer-in-malware-underground-forums}, language = {English}, urldate = {2022-09-28} } Allcome clipbanker is a newcomer in underground forums
AllcomeClipper
2022-02-03GdataKarsten Hahn
@online{hahn:20220203:qr:16d5c91, author = {Karsten Hahn}, title = {{QR codes on Twitter deliver malicious Chrome extension}}, date = {2022-02-03}, organization = {Gdata}, url = {https://www.gdatasoftware.com/blog/2022/01/37236-qr-codes-on-twitter-deliver-malicious-chrome-extension}, language = {English}, urldate = {2022-05-05} } QR codes on Twitter deliver malicious Chrome extension
Choziosi
2021-09-30G DataKarsten Hahn
@online{hahn:20210930:all:8e82a0c, author = {Karsten Hahn}, title = {{All your hashes are belong to us: An overview of malware hashing algorithms}}, date = {2021-09-30}, organization = {G Data}, url = {https://www.gdatasoftware.com/blog/2021/09/an-overview-of-malware-hashing-algorithms}, language = {English}, urldate = {2021-10-20} } All your hashes are belong to us: An overview of malware hashing algorithms
2021-06-25GdataKarsten Hahn, Takahiro Haruyama, Johann Aydinbas, Florian Roth
@online{hahn:20210625:microsoft:7ba11af, author = {Karsten Hahn and Takahiro Haruyama and Johann Aydinbas and Florian Roth}, title = {{Microsoft signed a malicious Netfilter rootkit}}, date = {2021-06-25}, organization = {Gdata}, url = {https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit}, language = {English}, urldate = {2021-06-29} } Microsoft signed a malicious Netfilter rootkit
NetfilterRootkit
2021-06-17struppigelKarsten Hahn
@online{hahn:20210617:network:63e106b, author = {Karsten Hahn}, title = {{Tweet on Network filter rootkit driver signed by Microsoft}}, date = {2021-06-17}, organization = {struppigel}, url = {https://twitter.com/struppigel/status/1405483373280235520}, language = {English}, urldate = {2021-06-22} } Tweet on Network filter rootkit driver signed by Microsoft
2021-06-08GdataKarsten Hahn
@online{hahn:20210608:picture:5667a54, author = {Karsten Hahn}, title = {{Picture this: Malware Hides in Steam Profile Images}}, date = {2021-06-08}, organization = {Gdata}, url = {https://www.gdatasoftware.com/blog/steamhide-malware-in-profile-images}, language = {English}, urldate = {2021-06-09} } Picture this: Malware Hides in Steam Profile Images
SteamHide
2021-06-07GdataKarsten Hahn
@online{hahn:20210607:malware:12e4c70, author = {Karsten Hahn}, title = {{Malware family naming hell is our own fault}}, date = {2021-06-07}, organization = {Gdata}, url = {https://www.gdatasoftware.com/blog/malware-family-naming-hell}, language = {English}, urldate = {2021-06-09} } Malware family naming hell is our own fault
2021-01-28Twitter (@struppigel)Karsten Hahn
@online{hahn:20210128:sn0wslogger:962b2fd, author = {Karsten Hahn}, title = {{Tweet on Sn0wsLogger malware}}, date = {2021-01-28}, organization = {Twitter (@struppigel)}, url = {https://twitter.com/struppigel/status/1354806038805897216}, language = {English}, urldate = {2021-01-29} } Tweet on Sn0wsLogger malware
Sn0wsLogger
2021-01-23Youtube (MalwareAnalysisForHedgehogs)Karsten Hahn
@online{hahn:20210123:malware:36b6878, author = {Karsten Hahn}, title = {{Malware Analysis - Fileless GooLoad static analysis and unpacking}}, date = {2021-01-23}, organization = {Youtube (MalwareAnalysisForHedgehogs)}, url = {https://www.youtube.com/watch?v=BcFbkjUVc7o}, language = {English}, urldate = {2021-04-14} } Malware Analysis - Fileless GooLoad static analysis and unpacking
2020-12-01GdataKarsten Hahn
@online{hahn:20201201:icerat:bc43ba0, author = {Karsten Hahn}, title = {{IceRat evades antivirus by running PHP on Java VM}}, date = {2020-12-01}, organization = {Gdata}, url = {https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp}, language = {English}, urldate = {2020-12-03} } IceRat evades antivirus by running PHP on Java VM
IceRat
2020-11-05GdataKarsten Hahn
@online{hahn:20201105:babax:3e78762, author = {Karsten Hahn}, title = {{Babax stealer rebrands to Osno, installs rootkit}}, date = {2020-11-05}, organization = {Gdata}, url = {https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit}, language = {English}, urldate = {2020-11-06} } Babax stealer rebrands to Osno, installs rootkit
Osno
2020-10-21G DataKarsten Hahn
@online{hahn:20201021:trat:389d7f3, author = {Karsten Hahn}, title = {{T-RAT 2.0: Malware control via smartphone}}, date = {2020-10-21}, organization = {G Data}, url = {https://www.gdatasoftware.com/blog/trat-control-via-smartphone}, language = {English}, urldate = {2020-10-23} } T-RAT 2.0: Malware control via smartphone
tRat T-RAT 2.0
2020-09-01GdataKarsten Hahn
@online{hahn:20200901:dll:2af82dc, author = {Karsten Hahn}, title = {{DLL Fixer leads to Cyrat Ransomware}}, date = {2020-09-01}, organization = {Gdata}, url = {https://www.gdatasoftware.com/blog/cyrat-ransomware}, language = {English}, urldate = {2020-09-01} } DLL Fixer leads to Cyrat Ransomware
Cyrat
2020-06-24Twitter (@struppigel)Karsten Hahn
@online{hahn:20200624:discordtokenstealer:2b4cc58, author = {Karsten Hahn}, title = {{Tweet on DiscordTokenStealer}}, date = {2020-06-24}, organization = {Twitter (@struppigel)}, url = {https://twitter.com/struppigel/status/1275731035184156675}, language = {English}, urldate = {2020-06-24} } Tweet on DiscordTokenStealer