Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-09-05AhnLabSanseo
@online{sanseo:20230905:blueshell:da706ff, author = {Sanseo}, title = {{BlueShell malware used in APT attacks targeting Korea and Thailand}}, date = {2023-09-05}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/56715/}, language = {Korean}, urldate = {2023-09-07} } BlueShell malware used in APT attacks targeting Korea and Thailand
BlueShell SparkRAT
2023-09-04AhnLabSanseo
@online{sanseo:20230904:chm:0194a5a, author = {Sanseo}, title = {{CHM Malware Using Fukushima Contaminated Water Discharge: RedEyes (ScarCruft)}}, date = {2023-09-04}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/56654/}, language = {English}, urldate = {2023-09-07} } CHM Malware Using Fukushima Contaminated Water Discharge: RedEyes (ScarCruft)
2023-08-31AhnLabSanseo
@online{sanseo:20230831:analysis:c771be9, author = {Sanseo}, title = {{Analysis of Andariel’s New Attack Activities}}, date = {2023-08-31}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/56405/}, language = {English}, urldate = {2023-09-01} } Analysis of Andariel’s New Attack Activities
Andardoor BlackRemote Tiger RAT Volgmer
2023-07-28YouTube (SANS Cyber Defense)Stef Rand
@online{rand:20230728:drop:c252f96, author = {Stef Rand}, title = {{Drop It Like It's Qbot: Separating malicious droppers, loaders, and crypters from their payloads}}, date = {2023-07-28}, organization = {YouTube (SANS Cyber Defense)}, url = {https://www.youtube.com/watch?v=gk7fCC5RiAQ}, language = {English}, urldate = {2023-08-30} } Drop It Like It's Qbot: Separating malicious droppers, loaders, and crypters from their payloads
CloudEyE QakBot
2023-06-28AhnLabSanseo
@online{sanseo:20230628:kimsuky:342e1c2, author = {Sanseo}, title = {{Kimsuky Attack Group Abusing Chrome Remote Desktop}}, date = {2023-06-28}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/54804/}, language = {Korean}, urldate = {2023-07-16} } Kimsuky Attack Group Abusing Chrome Remote Desktop
Appleseed
2023-04-12SANS ISCBrad Duncan
@online{duncan:20230412:recent:093f8b8, author = {Brad Duncan}, title = {{Recent IcedID (Bokbot) activity}}, date = {2023-04-12}, organization = {SANS ISC}, url = {https://dshield.org/diary/Recent+IcedID+Bokbot+activity/29740/}, language = {English}, urldate = {2023-04-18} } Recent IcedID (Bokbot) activity
IcedID
2023-03-09ASECSanseo
@online{sanseo:20230309:plugx:4683b0e, author = {Sanseo}, title = {{PlugX Malware Being Distributed via Vulnerability Exploitation}}, date = {2023-03-09}, organization = {ASEC}, url = {https://asec.ahnlab.com/en/49097/}, language = {English}, urldate = {2023-03-17} } PlugX Malware Being Distributed via Vulnerability Exploitation
PlugX
2023-01-18SANS ISCBrad Duncan
@online{duncan:20230118:malicious:df039e8, author = {Brad Duncan}, title = {{Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware}}, date = {2023-01-18}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/29448}, language = {English}, urldate = {2023-01-19} } Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware
Aurora Stealer
2022-12-22AhnLabSanseo
@online{sanseo:20221222:nitol:ad67d69, author = {Sanseo}, title = {{Nitol DDoS Malware Installing Amadey Bot}}, date = {2022-12-22}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/44504/}, language = {English}, urldate = {2023-03-20} } Nitol DDoS Malware Installing Amadey Bot
Amadey Nitol
2022-12-18SANS ISCGuy Bruneau
@online{bruneau:20221218:infostealer:12fb43f, author = {Guy Bruneau}, title = {{Infostealer Malware with Double Extension}}, date = {2022-12-18}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/Infostealer+Malware+with+Double+Extension/29354}, language = {English}, urldate = {2022-12-20} } Infostealer Malware with Double Extension
Agent Tesla
2022-09-13Sansec Threat ResearchSansec Threat Research Team
@online{team:20220913:magento:5f0f103, author = {Sansec Threat Research Team}, title = {{Magento vendor Fishpig hacked, backdoors added}}, date = {2022-09-13}, organization = {Sansec Threat Research}, url = {https://sansec.io/research/rekoobe-fishpig-magento}, language = {English}, urldate = {2022-09-15} } Magento vendor Fishpig hacked, backdoors added
Rekoobe
2022-08-19SANS ISCBrad Duncan
@online{duncan:20220819:brazil:ba12b0c, author = {Brad Duncan}, title = {{Brazil malspam pushes Astaroth (Guildma) malware}}, date = {2022-08-19}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/Brazil+malspam+pushes+Astaroth+%28Guildma%29+malware/28962}, language = {English}, urldate = {2022-08-28} } Brazil malspam pushes Astaroth (Guildma) malware
Astaroth
2022-08-12SANS ISCBrad Duncan
@online{duncan:20220812:monster:cbf3101, author = {Brad Duncan}, title = {{Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike}}, date = {2022-08-12}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/28934}, language = {English}, urldate = {2022-08-15} } Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike
Cobalt Strike DarkVNC IcedID
2022-07-27SANS ISCBrad Duncan
@online{duncan:20220727:icedid:839e33a, author = {Brad Duncan}, title = {{IcedID (Bokbot) with Dark VNC and Cobalt Strike}}, date = {2022-07-27}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/IcedID+%28Bokbot%29+with+Dark+VNC+and+Cobalt+Strike/28884}, language = {English}, urldate = {2022-07-28} } IcedID (Bokbot) with Dark VNC and Cobalt Strike
DarkVNC IcedID
2022-07-07SANS ISCBrad Duncan
@online{duncan:20220707:emotet:3732ca7, author = {Brad Duncan}, title = {{Emotet infection with Cobalt Strike}}, date = {2022-07-07}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Emotet%20infection%20with%20Cobalt%20Strike/28824/}, language = {English}, urldate = {2022-07-12} } Emotet infection with Cobalt Strike
Cobalt Strike Emotet
2022-06-17SANS ISCBrad Duncan
@online{duncan:20220617:malspam:25c76a4, author = {Brad Duncan}, title = {{Malspam pushes Matanbuchus malware, leads to Cobalt Strike}}, date = {2022-06-17}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/28752}, language = {English}, urldate = {2022-06-22} } Malspam pushes Matanbuchus malware, leads to Cobalt Strike
Cobalt Strike Matanbuchus
2022-06-16SANS ISCXavier Mertens
@online{mertens:20220616:houdini:1d61640, author = {Xavier Mertens}, title = {{Houdini is Back Delivered Through a JavaScript Dropper}}, date = {2022-06-16}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/}, language = {English}, urldate = {2022-06-17} } Houdini is Back Delivered Through a JavaScript Dropper
Houdini
2022-06-13SANS ISCRenato Marinho
@online{marinho:20220613:translating:633e46a, author = {Renato Marinho}, title = {{Translating Saitama's DNS tunneling messages}}, date = {2022-06-13}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/Translating+Saitama%27s+DNS+tunneling+messages/28738}, language = {English}, urldate = {2022-06-16} } Translating Saitama's DNS tunneling messages
Saitama Backdoor
2022-05-20SANS ISCXavier Mertens
@online{mertens:20220520:zip:eb3e2f6, author = {Xavier Mertens}, title = {{A 'Zip Bomb' to Bypass Security Controls & Sandboxes}}, date = {2022-05-20}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/A+Zip+Bomb+to+Bypass+Security+Controls+Sandboxes/28670/}, language = {English}, urldate = {2022-05-25} } A 'Zip Bomb' to Bypass Security Controls & Sandboxes
BitRAT
2022-05-11SANS ISCBrad Duncan
@online{duncan:20220511:ta578:2128ae0, author = {Brad Duncan}, title = {{TA578 using thread-hijacked emails to push ISO files for Bumblebee malware}}, date = {2022-05-11}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/28636}, language = {English}, urldate = {2022-05-17} } TA578 using thread-hijacked emails to push ISO files for Bumblebee malware
BumbleBee