Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-17Medium (@DCSO_CyTec)Johann Aydinbas, Emilia Neuber, Kritika Roy, Axel Wauer, Jiro Minier
@online{aydinbas:20230517:andariels:517dbe2, author = {Johann Aydinbas and Emilia Neuber and Kritika Roy and Axel Wauer and Jiro Minier}, title = {{Andariel’s “Jupiter” malware and the case of the curious C2}}, date = {2023-05-17}, organization = {Medium (@DCSO_CyTec)}, url = {https://medium.com/@DCSO_CyTec/andariels-jupiter-malware-and-the-case-of-the-curious-c2-dbfe29f57499}, language = {English}, urldate = {2023-05-21} } Andariel’s “Jupiter” malware and the case of the curious C2
Jupiter
2023-05-14MediumDenshi Yūrei
@online{yrei:20230514:silent:9e16bf5, author = {Denshi Yūrei}, title = {{Silent Echoes: The Hidden Dialogue among Malware Entities — Spotlight on AMOS InfoStealer}}, date = {2023-05-14}, organization = {Medium}, url = {https://denshiyurei.medium.com/silent-echoes-the-hidden-dialogue-among-malware-entities-spotlight-on-amos-infostealer-6d7cd70e3219}, language = {English}, urldate = {2023-05-15} } Silent Echoes: The Hidden Dialogue among Malware Entities — Spotlight on AMOS InfoStealer
AMOS Aurora Stealer TitanStealer
2023-05-09Medium walmartglobaltechJason Reaves, Joshua Platt, Jonathan Mccay
@online{reaves:20230509:metastealer:11ef397, author = {Jason Reaves and Joshua Platt and Jonathan Mccay}, title = {{MetaStealer string decryption and DGA overview}}, date = {2023-05-09}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/metastealer-string-decryption-and-dga-overview-5f38f76830cd}, language = {English}, urldate = {2023-05-11} } MetaStealer string decryption and DGA overview
MetaStealer
2023-04-19Medium (@simone.kraus)Simone Kraus
@online{kraus:20230419:rorschach:835da83, author = {Simone Kraus}, title = {{Rorschach Ransomware Analysis with Attack Flow}}, date = {2023-04-19}, organization = {Medium (@simone.kraus)}, url = {https://medium.com/@simone.kraus/rorschach-ransomware-analysis-with-attack-flow-7fa5ff613a75}, language = {English}, urldate = {2023-04-25} } Rorschach Ransomware Analysis with Attack Flow
Rorschach Ransomware
2023-04-13Medium Invictus Incident ResponseInvictus Incident Response
@online{response:20230413:ransomware:d516cc9, author = {Invictus Incident Response}, title = {{Ransomware in the cloud}}, date = {2023-04-13}, organization = {Medium Invictus Incident Response}, url = {https://invictus-ir.medium.com/ransomware-in-the-cloud-7f14805bbe82}, language = {English}, urldate = {2023-04-22} } Ransomware in the cloud
2023-04-05Medium IlanduIlan Duhin
@online{duhin:20230405:portdoor:e39d907, author = {Ilan Duhin}, title = {{PortDoor - APT Backdoor analysis}}, date = {2023-04-05}, organization = {Medium Ilandu}, url = {https://medium.com/@Ilandu/portdoor-malware-afc9d0796cba}, language = {English}, urldate = {2023-04-06} } PortDoor - APT Backdoor analysis
ACBackdoor 8.t Dropper PortDoor
2023-03-23Medium s2wlabBLKSMTH, S2W TALON
@online{blksmth:20230323:scarcruft:82ba4d6, author = {BLKSMTH and S2W TALON}, title = {{Scarcruft Bolsters Arsenal for targeting individual Android devices}}, date = {2023-03-23}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/scarcruft-bolsters-arsenal-for-targeting-individual-android-devices-97d2bcef4ab}, language = {English}, urldate = {2023-03-27} } Scarcruft Bolsters Arsenal for targeting individual Android devices
RambleOn RokRAT
2023-03-20Medium s2wlabHOTSAUCE, S2W TALON
@online{hotsauce:20230320:detailed:d141765, author = {HOTSAUCE and S2W TALON}, title = {{Detailed Analysis of Cryptocurrency Phishing Through Famous YouTube Channel Hacking}}, date = {2023-03-20}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/detailed-analysis-of-cryptocurrency-phishing-through-famous-youtube-channel-hacking-cd40de8dce6f}, language = {Korean}, urldate = {2023-03-21} } Detailed Analysis of Cryptocurrency Phishing Through Famous YouTube Channel Hacking
2023-03-17Medium s2wlabBLKSMTH, S2W TALON
@online{blksmth:20230317:kimsuky:984e133, author = {BLKSMTH and S2W TALON}, title = {{Kimsuky group appears to be exploiting OneNote like the cybercrime group}}, date = {2023-03-17}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/kimsuky-group-appears-to-be-exploiting-onenote-like-the-cybercrime-group-3c96b0b85b9f}, language = {English}, urldate = {2023-03-20} } Kimsuky group appears to be exploiting OneNote like the cybercrime group
2023-03-10Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20230310:from:6bceb30, author = {Jason Reaves and Joshua Platt}, title = {{From Royal With Love}}, date = {2023-03-10}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/from-royal-with-love-88fa05ff7f65}, language = {English}, urldate = {2023-03-13} } From Royal With Love
Cobalt Strike Conti PLAY Royal Ransom Somnia
2023-02-27Medium s2wlabJiho Kim, Lee Sebin
@online{kim:20230227:lumma:9f3f99f, author = {Jiho Kim and Lee Sebin}, title = {{Lumma Stealer targets YouTubers via Spear-phishing Email}}, date = {2023-02-27}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/lumma-stealer-targets-youtubers-via-spear-phishing-email-ade740d486f7}, language = {English}, urldate = {2023-03-13} } Lumma Stealer targets YouTubers via Spear-phishing Email
Lumma Stealer
2023-02-26Medium IlanduIlan Duhin, Yossi Poberezsky
@online{duhin:20230226:emotet:b21451d, author = {Ilan Duhin and Yossi Poberezsky}, title = {{Emotet Campaign}}, date = {2023-02-26}, organization = {Medium Ilandu}, url = {https://medium.com/@Ilandu/emotet-campaign-6f240f7a5ed5}, language = {English}, urldate = {2023-02-27} } Emotet Campaign
Emotet
2023-02-24Medium walmartglobaltechJason Reaves, Joshua Platt, Jonathan Mccay, Kirk Sayre
@online{reaves:20230224:qbot:771bf3d, author = {Jason Reaves and Joshua Platt and Jonathan Mccay and Kirk Sayre}, title = {{Qbot testing malvertising campaigns?}}, date = {2023-02-24}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/qbot-testing-malvertising-campaigns-3e2552cbc69a}, language = {English}, urldate = {2023-02-27} } Qbot testing malvertising campaigns?
QakBot
2023-01-16Medium elis531989Eli Salem
@online{salem:20230116:dancing:3a33ea6, author = {Eli Salem}, title = {{Dancing With Shellcodes: Analyzing Rhadamanthys Stealer}}, date = {2023-01-16}, organization = {Medium elis531989}, url = {https://elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88}, language = {English}, urldate = {2023-01-16} } Dancing With Shellcodes: Analyzing Rhadamanthys Stealer
Rhadamanthys
2022-11-16Medium (@DCSO_CyTec)Johann Aydinbas, Axel Wauer
@online{aydinbas:20221116:hz:b5a2d6d, author = {Johann Aydinbas and Axel Wauer}, title = {{HZ RAT goes China}}, date = {2022-11-16}, organization = {Medium (@DCSO_CyTec)}, url = {https://medium.com/@DCSO_CyTec/hz-rat-goes-china-506854c5f2e2}, language = {English}, urldate = {2022-11-18} } HZ RAT goes China
HZ RAT
2022-10-25Medium walmartglobaltechJason Reaves
@online{reaves:20221025:brute:3e3f821, author = {Jason Reaves}, title = {{Brute Ratel Config Decoding update}}, date = {2022-10-25}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/brute-ratel-config-decoding-update-7820455022cb}, language = {English}, urldate = {2023-01-31} } Brute Ratel Config Decoding update
Brute Ratel C4
2022-10-24Medium CSIS TechblogBenoît Ancel
@online{ancel:20221024:chapter:c870465, author = {Benoît Ancel}, title = {{Chapter 1 — From Gozi to ISFB: The history of a mythical malware family.}}, date = {2022-10-24}, organization = {Medium CSIS Techblog}, url = {https://medium.com/csis-techblog/chapter-1-from-gozi-to-isfb-the-history-of-a-mythical-malware-family-82e592577fef}, language = {English}, urldate = {2023-05-02} } Chapter 1 — From Gozi to ISFB: The history of a mythical malware family.
Gozi ISFB Snifula
2022-10-24Medium s2wlabLee Sebin, Shin Yeongjae
@online{sebin:20221024:unveil:8034279, author = {Lee Sebin and Shin Yeongjae}, title = {{Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware}}, date = {2022-10-24}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/unveil-the-evolution-of-kimsuky-targeting-android-devices-with-newly-discovered-mobile-malware-280dae5a650f}, language = {English}, urldate = {2022-12-20} } Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware
FastFire FastSpy
2022-10-11Medium (@DCSO_CyTec)Axel Wauer, Johann Aydinbas, Denis Szadkowski
@online{wauer:20221011:tracking:7c6c193, author = {Axel Wauer and Johann Aydinbas and Denis Szadkowski}, title = {{Tracking down Maggie}}, date = {2022-10-11}, organization = {Medium (@DCSO_CyTec)}, url = {https://medium.com/@DCSO_CyTec/tracking-down-maggie-4d889872513d}, language = {English}, urldate = {2022-10-30} } Tracking down Maggie
Maggie
2022-10-04Medium (@DCSO_CyTec)Johann Aydinbas, Axel Wauer
@online{aydinbas:20221004:mssql:df4869a, author = {Johann Aydinbas and Axel Wauer}, title = {{MSSQL, meet Maggie}}, date = {2022-10-04}, organization = {Medium (@DCSO_CyTec)}, url = {https://medium.com/@DCSO_CyTec/mssql-meet-maggie-898773df3b01}, language = {English}, urldate = {2022-10-05} } MSSQL, meet Maggie
Maggie