Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-30G DataKarsten Hahn
@online{hahn:20210930:all:8e82a0c, author = {Karsten Hahn}, title = {{All your hashes are belong to us: An overview of malware hashing algorithms}}, date = {2021-09-30}, organization = {G Data}, url = {https://www.gdatasoftware.com/blog/2021/09/an-overview-of-malware-hashing-algorithms}, language = {English}, urldate = {2021-10-20} } All your hashes are belong to us: An overview of malware hashing algorithms
2021-06-25GdataKarsten Hahn, Takahiro Haruyama, Johann Aydinbas, Florian Roth
@online{hahn:20210625:microsoft:7ba11af, author = {Karsten Hahn and Takahiro Haruyama and Johann Aydinbas and Florian Roth}, title = {{Microsoft signed a malicious Netfilter rootkit}}, date = {2021-06-25}, organization = {Gdata}, url = {https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit}, language = {English}, urldate = {2021-06-29} } Microsoft signed a malicious Netfilter rootkit
NetfilterRootkit
2021-06-17struppigelKarsten Hahn
@online{hahn:20210617:network:63e106b, author = {Karsten Hahn}, title = {{Tweet on Network filter rootkit driver signed by Microsoft}}, date = {2021-06-17}, organization = {struppigel}, url = {https://twitter.com/struppigel/status/1405483373280235520}, language = {English}, urldate = {2021-06-22} } Tweet on Network filter rootkit driver signed by Microsoft
2021-06-08GdataKarsten Hahn
@online{hahn:20210608:picture:5667a54, author = {Karsten Hahn}, title = {{Picture this: Malware Hides in Steam Profile Images}}, date = {2021-06-08}, organization = {Gdata}, url = {https://www.gdatasoftware.com/blog/steamhide-malware-in-profile-images}, language = {English}, urldate = {2021-06-09} } Picture this: Malware Hides in Steam Profile Images
SteamHide
2021-06-07GdataKarsten Hahn
@online{hahn:20210607:malware:12e4c70, author = {Karsten Hahn}, title = {{Malware family naming hell is our own fault}}, date = {2021-06-07}, organization = {Gdata}, url = {https://www.gdatasoftware.com/blog/malware-family-naming-hell}, language = {English}, urldate = {2021-06-09} } Malware family naming hell is our own fault
2021-01-28Twitter (@struppigel)Karsten Hahn
@online{hahn:20210128:sn0wslogger:962b2fd, author = {Karsten Hahn}, title = {{Tweet on Sn0wsLogger malware}}, date = {2021-01-28}, organization = {Twitter (@struppigel)}, url = {https://twitter.com/struppigel/status/1354806038805897216}, language = {English}, urldate = {2021-01-29} } Tweet on Sn0wsLogger malware
Sn0wsLogger
2021-01-23Youtube (MalwareAnalysisForHedgehogs)Karsten Hahn
@online{hahn:20210123:malware:36b6878, author = {Karsten Hahn}, title = {{Malware Analysis - Fileless GooLoad static analysis and unpacking}}, date = {2021-01-23}, organization = {Youtube (MalwareAnalysisForHedgehogs)}, url = {https://www.youtube.com/watch?v=BcFbkjUVc7o}, language = {English}, urldate = {2021-04-14} } Malware Analysis - Fileless GooLoad static analysis and unpacking
2020-12-01GdataKarsten Hahn
@online{hahn:20201201:icerat:bc43ba0, author = {Karsten Hahn}, title = {{IceRat evades antivirus by running PHP on Java VM}}, date = {2020-12-01}, organization = {Gdata}, url = {https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp}, language = {English}, urldate = {2020-12-03} } IceRat evades antivirus by running PHP on Java VM
IceRat
2020-11-05GdataKarsten Hahn
@online{hahn:20201105:babax:3e78762, author = {Karsten Hahn}, title = {{Babax stealer rebrands to Osno, installs rootkit}}, date = {2020-11-05}, organization = {Gdata}, url = {https://www.gdatasoftware.com/blog/2020/11/36459-babax-stealer-rebrands-to-osno-installs-rootkit}, language = {English}, urldate = {2020-11-06} } Babax stealer rebrands to Osno, installs rootkit
Osno
2020-10-21G DataKarsten Hahn
@online{hahn:20201021:trat:389d7f3, author = {Karsten Hahn}, title = {{T-RAT 2.0: Malware control via smartphone}}, date = {2020-10-21}, organization = {G Data}, url = {https://www.gdatasoftware.com/blog/trat-control-via-smartphone}, language = {English}, urldate = {2020-10-23} } T-RAT 2.0: Malware control via smartphone
tRat T-RAT 2.0
2020-09-01GdataKarsten Hahn
@online{hahn:20200901:dll:2af82dc, author = {Karsten Hahn}, title = {{DLL Fixer leads to Cyrat Ransomware}}, date = {2020-09-01}, organization = {Gdata}, url = {https://www.gdatasoftware.com/blog/cyrat-ransomware}, language = {English}, urldate = {2020-09-01} } DLL Fixer leads to Cyrat Ransomware
Cyrat
2020-06-24Twitter (@struppigel)Karsten Hahn
@online{hahn:20200624:discordtokenstealer:2b4cc58, author = {Karsten Hahn}, title = {{Tweet on DiscordTokenStealer}}, date = {2020-06-24}, organization = {Twitter (@struppigel)}, url = {https://twitter.com/struppigel/status/1275731035184156675}, language = {English}, urldate = {2020-06-24} } Tweet on DiscordTokenStealer
2020-06-16G DataKarsten Hahn
@online{hahn:20200616:new:124c3d1, author = {Karsten Hahn}, title = {{New Java STRRAT ships with .crimson ransomware module}}, date = {2020-06-16}, organization = {G Data}, url = {https://www.gdatasoftware.com/blog/strrat-crimson}, language = {English}, urldate = {2020-06-16} } New Java STRRAT ships with .crimson ransomware module
STRRAT
2020-04-02GdataKarsten Hahn
@online{hahn:20200402:pekraut:479527e, author = {Karsten Hahn}, title = {{Pekraut - German RAT starts gnawing}}, date = {2020-04-02}, organization = {Gdata}, url = {https://www.gdatasoftware.com/blog/2020/04/35849-pekraut-german-rat-starts-gnawing}, language = {English}, urldate = {2020-04-06} } Pekraut - German RAT starts gnawing
Pekraut
2020-02-06GdataKarsten Hahn
@online{hahn:20200206:40000:3a0d792, author = {Karsten Hahn}, title = {{40,000 CryptBot Downloads per Day: Bitbucket Abused as Malware Slinger}}, date = {2020-02-06}, organization = {Gdata}, url = {https://www.gdatasoftware.com/blog/2020/02/35802-bitbucket-abused-as-malware-slinger}, language = {English}, urldate = {2020-04-02} } 40,000 CryptBot Downloads per Day: Bitbucket Abused as Malware Slinger
CryptBot
2019-11-21G DataKarsten Hahn, Stefan Karpenstein
@online{hahn:20191121:stop:a5c8118, author = {Karsten Hahn and Stefan Karpenstein}, title = {{STOP Ransomware: Finger weg von illegalen Software-Downloads}}, date = {2019-11-21}, organization = {G Data}, url = {https://www.gdata.de/blog/1970/01/-35391-finger-weg-von-illegalen-software-downloads}, language = {English}, urldate = {2020-01-10} } STOP Ransomware: Finger weg von illegalen Software-Downloads
STOP
2019-05-20Twitter (@struppigel)Karsten Hahn
@online{hahn:20190520:yggdrasil:5a23fde, author = {Karsten Hahn}, title = {{Tweet on Yggdrasil / CinaRAT}}, date = {2019-05-20}, organization = {Twitter (@struppigel)}, url = {https://twitter.com/struppigel/status/1130455143504318466}, language = {English}, urldate = {2020-01-13} } Tweet on Yggdrasil / CinaRAT
Quasar RAT
2018-01-09Twitter (@struppigel)Karsten Hahn
@online{hahn:20180109:hiddentear:372b79c, author = {Karsten Hahn}, title = {{Tweet on HiddenTear Sample}}, date = {2018-01-09}, organization = {Twitter (@struppigel)}, url = {https://twitter.com/struppigel/status/950787783353884672}, language = {English}, urldate = {2019-12-04} } Tweet on HiddenTear Sample
HiddenTear
2017-12-03Karsten Hahn
@online{hahn:20171203:malware:b8a77b5, author = {Karsten Hahn}, title = {{Malware Analysis - ROKRAT Unpacking from Injected Shellcode}}, date = {2017-12-03}, url = {https://www.youtube.com/watch?v=uoBQE5s2ba4}, language = {English}, urldate = {2020-01-12} } Malware Analysis - ROKRAT Unpacking from Injected Shellcode
2017-01-18G DataKarsten Hahn
@online{hahn:20170118:spora:43d64d0, author = {Karsten Hahn}, title = {{Spora - the Shortcut Worm that is also a Ransomware}}, date = {2017-01-18}, organization = {G Data}, url = {https://www.gdatasoftware.com/blog/2017/01/29442-spora-worm-and-ransomware}, language = {English}, urldate = {2019-10-15} } Spora - the Shortcut Worm that is also a Ransomware
Spora