Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-19insomniacs(Medium)Asuna Amawaka
@online{amawaka:20211119:its:bd24ebf, author = {Asuna Amawaka}, title = {{It’s a BEE! It’s a… no, it’s ShadowPad.}}, date = {2021-11-19}, organization = {insomniacs(Medium)}, url = {https://medium.com/insomniacs/its-a-bee-it-s-a-no-it-s-shadowpad-aff6a970a1c2}, language = {English}, urldate = {2021-11-25} } It’s a BEE! It’s a… no, it’s ShadowPad.
ShadowPad
2021-11-18Medium 0xchinaHamad Alnakal
@online{alnakal:20211118:malware:a0b177d, author = {Hamad Alnakal}, title = {{Malware reverse engineering (Ryuk Ransomware)}}, date = {2021-11-18}, organization = {Medium 0xchina}, url = {https://0xchina.medium.com/malware-reverse-engineering-31039450af27}, language = {English}, urldate = {2021-11-19} } Malware reverse engineering (Ryuk Ransomware)
Ryuk
2021-11-17Medium ThreatMinerThreatMiner
@online{threatminer:20211117:android:e542c71, author = {ThreatMiner}, title = {{Android Trojan Targeting Korean Demographic using GitHub for C2}}, date = {2021-11-17}, organization = {Medium ThreatMiner}, url = {https://medium.com/@ThreatMiner/android-trojan-targeting-korean-demographic-using-github-for-c2-8219fc39f749}, language = {English}, urldate = {2021-11-19} } Android Trojan Targeting Korean Demographic using GitHub for C2
Unidentified APK 006
2021-10-29Medium LuatixJulien Richard
@online{richard:20211029:opencti:4edb701, author = {Julien Richard}, title = {{OpenCTI data sharing}}, date = {2021-10-29}, organization = {Medium Luatix}, url = {https://medium.com/luatix/opencti-data-sharing-6da7dc045d14}, language = {English}, urldate = {2021-11-25} } OpenCTI data sharing
2021-10-22Medium JangJang
@online{jang:20211022:50:28a6ec4, author = {Jang}, title = {{50 Shades of SolarWinds Orion Deserialization (Part 1: CVE-2021–35215)}}, date = {2021-10-22}, organization = {Medium Jang}, url = {https://testbnull.medium.com/50-shades-of-solarwinds-orion-deserialization-part-1-cve-2021-35215-2e5764e0e4f2}, language = {English}, urldate = {2021-10-26} } 50 Shades of SolarWinds Orion Deserialization (Part 1: CVE-2021–35215)
2021-10-20Medium ThreatMinerThreatMiner
@online{threatminer:20211020:tm:f691bf6, author = {ThreatMiner}, title = {{TM Follow-Up (TAG_APT35_14/10/21)}}, date = {2021-10-20}, organization = {Medium ThreatMiner}, url = {https://medium.com/@ThreatMiner/tm-follow-up-tag-apt35-14-10-21-72134fab9aea}, language = {English}, urldate = {2021-11-19} } TM Follow-Up (TAG_APT35_14/10/21)
2021-10-18Medium ConfiantTaha Karim
@online{karim:20211018:profiling:5e4f3a5, author = {Taha Karim}, title = {{Profiling hackers using the Malvertising Attack Matrix by Confiant}}, date = {2021-10-18}, organization = {Medium Confiant}, url = {https://blog.confiant.com/profiling-hackers-using-the-malvertising-attack-matrix-by-confiant-9341838887b7}, language = {English}, urldate = {2021-10-26} } Profiling hackers using the Malvertising Attack Matrix by Confiant
2021-10-05Medium s2wlabS2W TALON
@online{talon:20211005:prometheus:b698c61, author = {S2W TALON}, title = {{Prometheus x Spook: Prometheus ransomware rebranded Spook ransomware.}}, date = {2021-10-05}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/prometheus-x-spook-prometheus-ransomware-rebranded-spook-ransomware-6f93bd8ab5dd}, language = {English}, urldate = {2021-10-11} } Prometheus x Spook: Prometheus ransomware rebranded Spook ransomware.
Prometheus
2021-09-30Medium proferosec-osmBrenton Morris
@online{morris:20210930:ransomexx:2ca1e51, author = {Brenton Morris}, title = {{RansomEXX, Fixing Corrupted Ransom}}, date = {2021-09-30}, organization = {Medium proferosec-osm}, url = {https://medium.com/proferosec-osm/ransomexx-fixing-corrupted-ransom-8e379bcaf701}, language = {English}, urldate = {2021-10-20} } RansomEXX, Fixing Corrupted Ransom
RansomEXX
2021-09-29Medium BlueMonkeyBlueMonkey
@online{bluemonkey:20210929:ariabody:49911f8, author = {BlueMonkey}, title = {{Aria-Body Loader? Is that you?}}, date = {2021-09-29}, organization = {Medium BlueMonkey}, url = {https://medium.com/insomniacs/aria-body-loader-is-that-you-53bdd630f8a1}, language = {English}, urldate = {2021-10-20} } Aria-Body Loader? Is that you?
Aria-body
2021-09-27Medium ryancorRyan Cornateanu
@online{cornateanu:20210927:deobfuscating:bfa117a, author = {Ryan Cornateanu}, title = {{Deobfuscating PowerShell Malware Droppers}}, date = {2021-09-27}, organization = {Medium ryancor}, url = {https://ryancor.medium.com/deobfuscating-powershell-malware-droppers-b6c34499e41d}, language = {English}, urldate = {2021-11-25} } Deobfuscating PowerShell Malware Droppers
Agent.BTZ
2021-09-26Medium BlueteamOpsBlueteamOps
@online{blueteamops:20210926:supercharging:aad33da, author = {BlueteamOps}, title = {{Supercharging Bulk DFIR triage with Node-RED, Google’s Log2timeline & Google’s Timesketch}}, date = {2021-09-26}, organization = {Medium BlueteamOps}, url = {https://blueteamops.medium.com/super-charging-bulk-dfir-triage-with-node-red-google-log2timeline-google-timesketch-2d78e1ee335c}, language = {English}, urldate = {2021-09-28} } Supercharging Bulk DFIR triage with Node-RED, Google’s Log2timeline & Google’s Timesketch
2021-09-21Medium elis531989Eli Salem
@online{salem:20210921:squirrel:1254a9d, author = {Eli Salem}, title = {{The Squirrel Strikes Back: Analysis of the newly emerged cobalt-strike loader “SquirrelWaffle”}}, date = {2021-09-21}, organization = {Medium elis531989}, url = {https://elis531989.medium.com/the-squirrel-strikes-back-analysis-of-the-newly-emerged-cobalt-strike-loader-squirrelwaffle-937b73dbd9f9}, language = {English}, urldate = {2021-09-22} } The Squirrel Strikes Back: Analysis of the newly emerged cobalt-strike loader “SquirrelWaffle”
Cobalt Strike Squirrelwaffle
2021-09-17Medium inteloperatorIntel Operator
@online{operator:20210917:default:aaaa15c, author = {Intel Operator}, title = {{The default: 63 6f 62 61 6c 74 strike}}, date = {2021-09-17}, organization = {Medium inteloperator}, url = {https://inteloperator.medium.com/the-default-63-6f-62-61-6c-74-strike-8ac9ee0de1b7}, language = {English}, urldate = {2021-09-19} } The default: 63 6f 62 61 6c 74 strike
Cobalt Strike
2021-09-16Medium ShabarkinPavel Shabarkin
@online{shabarkin:20210916:pointer:828998f, author = {Pavel Shabarkin}, title = {{Pointer: Hunting Cobalt Strike globally}}, date = {2021-09-16}, organization = {Medium Shabarkin}, url = {https://medium.com/@shabarkin/pointer-hunting-cobalt-strike-globally-a334ac50619a}, language = {English}, urldate = {2021-09-19} } Pointer: Hunting Cobalt Strike globally
Cobalt Strike
2021-09-09Medium s2wlabS2W TALON
@online{talon:20210909:case:fdbe983, author = {S2W TALON}, title = {{Case Analysis of Suncrypt Ransomware Negotiation and Bitcoin Transaction}}, date = {2021-09-09}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/case-analysis-of-suncrypt-ransomware-negotiation-and-bitcoin-transaction-43a2194ac0bc}, language = {English}, urldate = {2021-09-12} } Case Analysis of Suncrypt Ransomware Negotiation and Bitcoin Transaction
SunCrypt
2021-09-08Medium s2wlabS2W TALON
@online{talon:20210908:grooves:64ea498, author = {S2W TALON}, title = {{Groove’s thoughts on Blackmatter, Babuk, and cheese shortages in the Netherlands}}, date = {2021-09-08}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/grooves-thoughts-on-blackmatter-babuk-and-interruption-in-the-supply-of-cheese-in-the-b5328bc764f2}, language = {English}, urldate = {2021-09-12} } Groove’s thoughts on Blackmatter, Babuk, and cheese shortages in the Netherlands
Babuk BlackMatter Babuk BlackMatter
2021-09-07Medium michaelkoczwaraMichael Koczwara
@online{koczwara:20210907:cobalt:7af112e, author = {Michael Koczwara}, title = {{Cobalt Strike C2 Hunting with Shodan}}, date = {2021-09-07}, organization = {Medium michaelkoczwara}, url = {https://michaelkoczwara.medium.com/cobalt-strike-c2-hunting-with-shodan-c448d501a6e2}, language = {English}, urldate = {2021-09-09} } Cobalt Strike C2 Hunting with Shodan
Cobalt Strike
2021-09-07Medium walmartglobaltechJason Reaves
@online{reaves:20210907:decoding:bb6bf8e, author = {Jason Reaves}, title = {{Decoding SmartAssembly strings, a Haron ransomware case study}}, date = {2021-09-07}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/decoding-smartassembly-strings-a-haron-ransomware-case-study-9d0c5af7080b}, language = {English}, urldate = {2021-09-09} } Decoding SmartAssembly strings, a Haron ransomware case study
Haron Ransomware
2021-09-02Medium michaelkoczwaraMichael Koczwara
@online{koczwara:20210902:cobalt:40a1888, author = {Michael Koczwara}, title = {{Cobalt Strike PowerShell Payload Analysis}}, date = {2021-09-02}, organization = {Medium michaelkoczwara}, url = {https://michaelkoczwara.medium.com/cobalt-strike-powershell-payload-analysis-eecf74b3c2f7}, language = {English}, urldate = {2021-09-09} } Cobalt Strike PowerShell Payload Analysis
Cobalt Strike