Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-10-03One Night in NorfolkNorfolk
@online{norfolk:20221003:some:115e620, author = {Norfolk}, title = {{Some Notes on VIRTUALGATE}}, date = {2022-10-03}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/some-notes-on-virtualgate/}, language = {English}, urldate = {2022-10-05} } Some Notes on VIRTUALGATE
VIRTUALGATE
2021-02-01One Night in NorfolkKevin Perlow
@online{perlow:20210201:dprk:e53f059, author = {Kevin Perlow}, title = {{DPRK Targeting Researchers II: .Sys Payload and Registry Hunting}}, date = {2021-02-01}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/dprk-targeting-researchers-ii-sys-payload-and-registry-hunting/}, language = {English}, urldate = {2021-02-02} } DPRK Targeting Researchers II: .Sys Payload and Registry Hunting
ComeBacker
2021-01-26One Night in NorfolkKevin Perlow
@online{perlow:20210126:dprk:04391b6, author = {Kevin Perlow}, title = {{DPRK Malware Targeting Security Researchers}}, date = {2021-01-26}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/dprk-malware-targeting-security-researchers/}, language = {English}, urldate = {2021-01-27} } DPRK Malware Targeting Security Researchers
ComeBacker
2020-11-02One Night in NorfolkKevin Perlow
@online{perlow:20201102:tinypos:876ddb3, author = {Kevin Perlow}, title = {{TinyPOS and ProLocker: An Odd Relationship}}, date = {2020-11-02}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/tinypos-and-prolocker-an-odd-relationship/}, language = {English}, urldate = {2020-11-09} } TinyPOS and ProLocker: An Odd Relationship
AbaddonPOS PwndLocker
2020-05-18One Night in NorfolkKevin Perlow
@online{perlow:20200518:looking:eaa7bde, author = {Kevin Perlow}, title = {{Looking Back at LiteDuke}}, date = {2020-05-18}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/looking-back-at-liteduke/}, language = {English}, urldate = {2020-05-18} } Looking Back at LiteDuke
LiteDuke
2020-03-30One Night in NorfolkKevin Perlow
@online{perlow:20200330:new:a5c6c8b, author = {Kevin Perlow}, title = {{A New Look at Old Dragonfly Malware (Goodor)}}, date = {2020-03-30}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/a-new-look-at-old-dragonfly-malware-goodor/}, language = {English}, urldate = {2020-03-30} } A New Look at Old Dragonfly Malware (Goodor)
Goodor
2020-03-27One Night in NorfolkKevin Perlow
@online{perlow:20200327:first:6b7c827, author = {Kevin Perlow}, title = {{The First Stage of ShadowHammer}}, date = {2020-03-27}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/the-first-stage-of-shadowhammer/}, language = {English}, urldate = {2020-05-19} } The First Stage of ShadowHammer
shadowhammer
2019-12-31One Night in NorfolkNorfolk
@online{norfolk:20191231:fuel:37d7e73, author = {Norfolk}, title = {{Fuel Pumps II – PoSlurp.B}}, date = {2019-12-31}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/fuel-pumps-ii-poslurp-b/}, language = {English}, urldate = {2020-01-08} } Fuel Pumps II – PoSlurp.B
PoSlurp
2019-12-23Norfolk
@online{norfolk:20191223:pos:5862d6d, author = {Norfolk}, title = {{POS Malware Used at Fuel Pumps}}, date = {2019-12-23}, url = {https://norfolkinfosec.com/pos-malware-used-at-fuel-pumps/}, language = {English}, urldate = {2020-01-07} } POS Malware Used at Fuel Pumps
Grateful POS
2019-10-02One Night in NorfolkKevin Perlow
@online{perlow:20191002:another:31638d8, author = {Kevin Perlow}, title = {{Another Lazarus Injector}}, date = {2019-10-02}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/another-lazarus-injector/}, language = {English}, urldate = {2020-05-19} } Another Lazarus Injector
2019-07-22One Night in NorfolkKevin Perlow
@online{perlow:20190722:apt33:3258e71, author = {Kevin Perlow}, title = {{APT33 PowerShell Malware}}, date = {2019-07-22}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/apt33-powershell-malware/}, language = {English}, urldate = {2020-05-19} } APT33 PowerShell Malware
POWERTON
2019-07-22One Night in NorfolkKevin Perlow
@online{perlow:20190722:lazarus:b7111b1, author = {Kevin Perlow}, title = {{The Lazarus Injector}}, date = {2019-07-22}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/the-lazarus-injector/}, language = {English}, urldate = {2020-05-19} } The Lazarus Injector
2019-07-21One Night in NorfolkKevin Perlow
@online{perlow:20190721:emissary:dbd4bd3, author = {Kevin Perlow}, title = {{Emissary Panda DLL Backdoor}}, date = {2019-07-21}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/emissary-panda-dll-backdoor/}, language = {English}, urldate = {2021-04-16} } Emissary Panda DLL Backdoor
HyperSSL
2019-06-05One Night in NorfolkKevin Perlow
@online{perlow:20190605:possible:47a6f30, author = {Kevin Perlow}, title = {{Possible Turla HTTP Listener}}, date = {2019-06-05}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/http-listener/}, language = {English}, urldate = {2020-05-19} } Possible Turla HTTP Listener
2019-05-07One Night in NorfolkKevin Perlow
@online{perlow:20190507:filesnfer:36164a2, author = {Kevin Perlow}, title = {{“Filesnfer” Tool (C#, Python)}}, date = {2019-05-07}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/filesnfer-tool-c-python/}, language = {English}, urldate = {2020-05-19} } “Filesnfer” Tool (C#, Python)
XServer
2019-04-10One Night in NorfolkNorfolk
@online{norfolk:20190410:osint:7dfb7d1, author = {Norfolk}, title = {{OSINT Reporting Regarding DPRK and TA505 Overlap}}, date = {2019-04-10}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/osint-reporting-on-dprk-and-ta505-overlap/}, language = {English}, urldate = {2020-01-06} } OSINT Reporting Regarding DPRK and TA505 Overlap
PowerBrace
2019-04-03One Night in NorfolkKevin Perlow
@online{perlow:20190403:possible:0a08c3a, author = {Kevin Perlow}, title = {{Possible ShadowHammer Targeting (Low Confidence)}}, date = {2019-04-03}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/possible-shadowhammer-targeting-low-confidence/}, language = {English}, urldate = {2020-05-19} } Possible ShadowHammer Targeting (Low Confidence)
shadowhammer
2019-03-24One Night in NorfolkKevin Perlow
@online{perlow:20190324:jeshell:439ae8b, author = {Kevin Perlow}, title = {{JEShell: An OceanLotus (APT32) Backdoor}}, date = {2019-03-24}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/jeshell-an-oceanlotus-apt32-backdoor/}, language = {English}, urldate = {2020-05-19} } JEShell: An OceanLotus (APT32) Backdoor
Cobalt Strike KerrDown
2019-02-25One Night in NorfolkKevin Perlow
@online{perlow:20190225:how:d4a68d6, author = {Kevin Perlow}, title = {{How To: Analyzing a Malicious Hangul Word Processor Document from a DPRK Threat Actor Group}}, date = {2019-02-25}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/how-to-analyzing-a-malicious-hangul-word-processor-document-from-a-dprk-threat-actor-group/}, language = {English}, urldate = {2020-05-19} } How To: Analyzing a Malicious Hangul Word Processor Document from a DPRK Threat Actor Group
NavRAT
2019-02-11One Night in NorfolkKevin Perlow
@online{perlow:20190211:how:05b5d9a, author = {Kevin Perlow}, title = {{How the Silence Downloader Has Evolved Over Time}}, date = {2019-02-11}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/how-the-silence-downloader-has-evolved-over-time/}, language = {English}, urldate = {2020-05-19} } How the Silence Downloader Has Evolved Over Time
Silence