Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-14HPPatrick Schläpfer
@online{schlpfer:20220114:how:0795917, author = {Patrick Schläpfer}, title = {{How Attackers Use XLL Malware to Infect Systems}}, date = {2022-01-14}, organization = {HP}, url = {https://threatresearch.ext.hp.com/how-attackers-use-xll-malware-to-infect-systems/}, language = {English}, urldate = {2022-01-18} } How Attackers Use XLL Malware to Infect Systems
2021-12-09HPPatrick Schläpfer
@online{schlpfer:20211209:emotets:aa090a7, author = {Patrick Schläpfer}, title = {{Emotet’s Return: What’s Different?}}, date = {2021-12-09}, organization = {HP}, url = {https://threatresearch.ext.hp.com/emotets-return-whats-different/}, language = {English}, urldate = {2022-01-18} } Emotet’s Return: What’s Different?
Emotet
2021-11-23HPPatrick Schläpfer
@online{schlpfer:20211123:ratdispenser:4677686, author = {Patrick Schläpfer}, title = {{RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild}}, date = {2021-11-23}, organization = {HP}, url = {https://threatresearch.ext.hp.com/javascript-malware-dispensing-rats-into-the-wild/}, language = {English}, urldate = {2021-11-29} } RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild
AdWind Ratty STRRAT CloudEyE Formbook Houdini Panda Stealer Remcos
2021-09-19HPPatrick Schläpfer
@online{schlpfer:20210919:mirrorblast:a81e63c, author = {Patrick Schläpfer}, title = {{MirrorBlast and TA505: Examining Similarities in Tactics, Techniques and Procedures}}, date = {2021-09-19}, organization = {HP}, url = {https://threatresearch.ext.hp.com/mirrorblast-and-ta505-examining-similarities-in-tactics-techniques-and-procedures/}, language = {English}, urldate = {2021-10-24} } MirrorBlast and TA505: Examining Similarities in Tactics, Techniques and Procedures
MirrorBlast
2021-07-30HPPatrick Schläpfer
@online{schlpfer:20210730:detecting:2291323, author = {Patrick Schläpfer}, title = {{Detecting TA551 domains}}, date = {2021-07-30}, organization = {HP}, url = {https://threatresearch.ext.hp.com/detecting-ta551-domains/}, language = {English}, urldate = {2021-08-02} } Detecting TA551 domains
Valak Dridex IcedID ISFB QakBot
2021-06-28HPPatrick Schläpfer
@online{schlpfer:20210628:snake:bf10d9d, author = {Patrick Schläpfer}, title = {{Snake Keylogger’s Many Skins: Analysing Code Reuse Among Infostealers}}, date = {2021-06-28}, organization = {HP}, url = {https://threatresearch.ext.hp.com/the-many-skins-of-snake-keylogger/}, language = {English}, urldate = {2021-06-29} } Snake Keylogger’s Many Skins: Analysing Code Reuse Among Infostealers
404 Keylogger Phoenix Keylogger
2021-04-14HPPatrick Schläpfer
@online{schlpfer:20210414:from:6649630, author = {Patrick Schläpfer}, title = {{From PoC to Exploit Kit: Purple Fox now exploits CVE-2021-26411}}, date = {2021-04-14}, organization = {HP}, url = {https://threatresearch.ext.hp.com/purple-fox-exploit-kit-now-exploits-cve-2021-26411/}, language = {English}, urldate = {2021-04-16} } From PoC to Exploit Kit: Purple Fox now exploits CVE-2021-26411
win.purplefox
2021-01-19HPPatrick Schläpfer
@online{schlpfer:20210119:dridex:a8b3da4, author = {Patrick Schläpfer}, title = {{Dridex Malicious Document Analysis: Automating the Extraction of Payload URLs}}, date = {2021-01-19}, organization = {HP}, url = {https://threatresearch.ext.hp.com/dridex-malicious-document-analysis-automating-the-extraction-of-payload-urls/}, language = {English}, urldate = {2021-01-21} } Dridex Malicious Document Analysis: Automating the Extraction of Payload URLs
Dridex