Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-02-26YouTube (Black Hat)Kevin Perlow
@online{perlow:20210226:fastcash:2daf61f, author = {Kevin Perlow}, title = {{FASTCash and INJX_Pure: How Threat Actors Use Public Standards for Financial Fraud}}, date = {2021-02-26}, organization = {YouTube (Black Hat)}, url = {https://www.youtube.com/watch?v=zGvQPtejX9w}, language = {English}, urldate = {2021-03-04} } FASTCash and INJX_Pure: How Threat Actors Use Public Standards for Financial Fraud
FastCash
2021-02-01One Night in NorfolkKevin Perlow
@online{perlow:20210201:dprk:e53f059, author = {Kevin Perlow}, title = {{DPRK Targeting Researchers II: .Sys Payload and Registry Hunting}}, date = {2021-02-01}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/dprk-targeting-researchers-ii-sys-payload-and-registry-hunting/}, language = {English}, urldate = {2021-02-02} } DPRK Targeting Researchers II: .Sys Payload and Registry Hunting
ComeBacker
2021-01-26One Night in NorfolkKevin Perlow
@online{perlow:20210126:dprk:04391b6, author = {Kevin Perlow}, title = {{DPRK Malware Targeting Security Researchers}}, date = {2021-01-26}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/dprk-malware-targeting-security-researchers/}, language = {English}, urldate = {2021-01-27} } DPRK Malware Targeting Security Researchers
ComeBacker
2020-11-02One Night in NorfolkKevin Perlow
@online{perlow:20201102:tinypos:876ddb3, author = {Kevin Perlow}, title = {{TinyPOS and ProLocker: An Odd Relationship}}, date = {2020-11-02}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/tinypos-and-prolocker-an-odd-relationship/}, language = {English}, urldate = {2020-11-09} } TinyPOS and ProLocker: An Odd Relationship
AbaddonPOS PwndLocker
2020-08-05BlackHatKevin Perlow
@techreport{perlow:20200805:fastcashand:301d8ce, author = {Kevin Perlow}, title = {{FASTCashand INJX_PURE: How Threat Actors Use Public Standards for Financial Fraud}}, date = {2020-08-05}, institution = {BlackHat}, url = {https://i.blackhat.com/USA-20/Wednesday/us-20-Perlow-FASTCash-And-INJX_Pure-How-Threat-Actors-Use-Public-Standards-For-Financial-Fraud.pdf}, language = {English}, urldate = {2020-08-14} } FASTCashand INJX_PURE: How Threat Actors Use Public Standards for Financial Fraud
FastCash
2020-08-05BlackHatKevin Perlow
@techreport{perlow:20200805:fastcash:5e6b73a, author = {Kevin Perlow}, title = {{FASTCash and Associated Intrusion Techniques}}, date = {2020-08-05}, institution = {BlackHat}, url = {https://i.blackhat.com/USA-20/Wednesday/us-20-Perlow-FASTCash-And-INJX_Pure-How-Threat-Actors-Use-Public-Standards-For-Financial-Fraud-wp.pdf}, language = {English}, urldate = {2020-08-14} } FASTCash and Associated Intrusion Techniques
FastCash
2020-05-18One Night in NorfolkKevin Perlow
@online{perlow:20200518:looking:eaa7bde, author = {Kevin Perlow}, title = {{Looking Back at LiteDuke}}, date = {2020-05-18}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/looking-back-at-liteduke/}, language = {English}, urldate = {2020-05-18} } Looking Back at LiteDuke
LiteDuke
2020-03-30One Night in NorfolkKevin Perlow
@online{perlow:20200330:new:a5c6c8b, author = {Kevin Perlow}, title = {{A New Look at Old Dragonfly Malware (Goodor)}}, date = {2020-03-30}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/a-new-look-at-old-dragonfly-malware-goodor/}, language = {English}, urldate = {2020-03-30} } A New Look at Old Dragonfly Malware (Goodor)
Goodor
2020-03-27One Night in NorfolkKevin Perlow
@online{perlow:20200327:first:6b7c827, author = {Kevin Perlow}, title = {{The First Stage of ShadowHammer}}, date = {2020-03-27}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/the-first-stage-of-shadowhammer/}, language = {English}, urldate = {2020-05-19} } The First Stage of ShadowHammer
shadowhammer
2019-10-02One Night in NorfolkKevin Perlow
@online{perlow:20191002:another:31638d8, author = {Kevin Perlow}, title = {{Another Lazarus Injector}}, date = {2019-10-02}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/another-lazarus-injector/}, language = {English}, urldate = {2020-05-19} } Another Lazarus Injector
2019-08-11Twitter (@KevinPerlow)Kevin Perlow
@online{perlow:20190811:updated:b23bfc9, author = {Kevin Perlow}, title = {{Updated #Lazarus Keylogger (uploaded June)}}, date = {2019-08-11}, organization = {Twitter (@KevinPerlow)}, url = {https://twitter.com/KevinPerlow/status/1160766519615381504}, language = {English}, urldate = {2022-11-21} } Updated #Lazarus Keylogger (uploaded June)
PSLogger
2019-07-31Twitter (@KevinPerlow)Kevin Perlow
@online{perlow:20190731:dprk:5a12842, author = {Kevin Perlow}, title = {{Tweet on DPRK malware}}, date = {2019-07-31}, organization = {Twitter (@KevinPerlow)}, url = {https://twitter.com/kevinperlow/status/1156406115472760835}, language = {English}, urldate = {2020-01-08} } Tweet on DPRK malware
NetKey
2019-07-22One Night in NorfolkKevin Perlow
@online{perlow:20190722:apt33:3258e71, author = {Kevin Perlow}, title = {{APT33 PowerShell Malware}}, date = {2019-07-22}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/apt33-powershell-malware/}, language = {English}, urldate = {2020-05-19} } APT33 PowerShell Malware
POWERTON
2019-07-22One Night in NorfolkKevin Perlow
@online{perlow:20190722:lazarus:b7111b1, author = {Kevin Perlow}, title = {{The Lazarus Injector}}, date = {2019-07-22}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/the-lazarus-injector/}, language = {English}, urldate = {2020-05-19} } The Lazarus Injector
2019-07-21One Night in NorfolkKevin Perlow
@online{perlow:20190721:emissary:dbd4bd3, author = {Kevin Perlow}, title = {{Emissary Panda DLL Backdoor}}, date = {2019-07-21}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/emissary-panda-dll-backdoor/}, language = {English}, urldate = {2021-04-16} } Emissary Panda DLL Backdoor
HyperSSL
2019-06-05One Night in NorfolkKevin Perlow
@online{perlow:20190605:possible:47a6f30, author = {Kevin Perlow}, title = {{Possible Turla HTTP Listener}}, date = {2019-06-05}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/http-listener/}, language = {English}, urldate = {2020-05-19} } Possible Turla HTTP Listener
2019-05-07One Night in NorfolkKevin Perlow
@online{perlow:20190507:filesnfer:36164a2, author = {Kevin Perlow}, title = {{“Filesnfer” Tool (C#, Python)}}, date = {2019-05-07}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/filesnfer-tool-c-python/}, language = {English}, urldate = {2020-05-19} } “Filesnfer” Tool (C#, Python)
XServer
2019-04-03One Night in NorfolkKevin Perlow
@online{perlow:20190403:possible:0a08c3a, author = {Kevin Perlow}, title = {{Possible ShadowHammer Targeting (Low Confidence)}}, date = {2019-04-03}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/possible-shadowhammer-targeting-low-confidence/}, language = {English}, urldate = {2020-05-19} } Possible ShadowHammer Targeting (Low Confidence)
shadowhammer
2019-03-24One Night in NorfolkKevin Perlow
@online{perlow:20190324:jeshell:439ae8b, author = {Kevin Perlow}, title = {{JEShell: An OceanLotus (APT32) Backdoor}}, date = {2019-03-24}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/jeshell-an-oceanlotus-apt32-backdoor/}, language = {English}, urldate = {2020-05-19} } JEShell: An OceanLotus (APT32) Backdoor
Cobalt Strike KerrDown
2019-02-25One Night in NorfolkKevin Perlow
@online{perlow:20190225:how:d4a68d6, author = {Kevin Perlow}, title = {{How To: Analyzing a Malicious Hangul Word Processor Document from a DPRK Threat Actor Group}}, date = {2019-02-25}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/how-to-analyzing-a-malicious-hangul-word-processor-document-from-a-dprk-threat-actor-group/}, language = {English}, urldate = {2020-05-19} } How To: Analyzing a Malicious Hangul Word Processor Document from a DPRK Threat Actor Group
NavRAT