Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-08-23Youtube (SANS Digital Forensics and Incident Response)Chad Tilbury
@online{tilbury:20210823:keynote:23c0084, author = {Chad Tilbury}, title = {{Keynote: Cobalt Strike Threat Hunting}}, date = {2021-08-23}, organization = {Youtube (SANS Digital Forensics and Incident Response)}, url = {https://www.youtube.com/watch?v=borfuQGrB8g}, language = {English}, urldate = {2021-08-25} } Keynote: Cobalt Strike Threat Hunting
Cobalt Strike
2021-07-27Youtube (SANS Institute)Katie Nickels, John Hammond
@online{nickels:20210727:sans:7432e9e, author = {Katie Nickels and John Hammond}, title = {{SANS Threat Analysis Rundown - Kaseya VSA attack}}, date = {2021-07-27}, organization = {Youtube (SANS Institute)}, url = {https://www.youtube.com/watch?v=tZVFMVm5GAk}, language = {English}, urldate = {2021-08-02} } SANS Threat Analysis Rundown - Kaseya VSA attack
REvil
2021-06-01SANSKevin Haley, Jake Williams
@online{haley:20210601:contrarian:6aff18c, author = {Kevin Haley and Jake Williams}, title = {{A Contrarian View on SolarWinds}}, date = {2021-06-01}, organization = {SANS}, url = {https://www.sans.org/webcasts/contrarian-view-solarwinds-119515}, language = {English}, urldate = {2021-06-21} } A Contrarian View on SolarWinds
Cobalt Strike Raindrop SUNBURST TEARDROP
2021-03-09Youtube (SANS Digital Forensics and Incident Response)Eric Loui, Sergei Frankoff
@online{loui:20210309:jackpotting:1dcc95b, author = {Eric Loui and Sergei Frankoff}, title = {{Jackpotting ESXi Servers For Maximum Encryption | Eric Loui & Sergei Frankoff | SANS CTI Summit 2021}}, date = {2021-03-09}, organization = {Youtube (SANS Digital Forensics and Incident Response)}, url = {https://www.youtube.com/watch?v=qxPXxWMI2i4}, language = {English}, urldate = {2021-05-31} } Jackpotting ESXi Servers For Maximum Encryption | Eric Loui & Sergei Frankoff | SANS CTI Summit 2021
DarkSide RansomEXX DarkSide RansomEXX GOLD DUPONT
2021-03-08Youtube (SANS Digital Forensics and Incident Response)Katie Nickels, Adam Pennington, Jen Burns
@online{nickels:20210308:star:083eb29, author = {Katie Nickels and Adam Pennington and Jen Burns}, title = {{STAR Webcast: Making sense of SolarWinds through the lens of MITRE ATT&CK(R)}}, date = {2021-03-08}, organization = {Youtube (SANS Digital Forensics and Incident Response)}, url = {https://www.youtube.com/watch?v=LA-XE5Jy2kU}, language = {English}, urldate = {2021-03-11} } STAR Webcast: Making sense of SolarWinds through the lens of MITRE ATT&CK(R)
Cobalt Strike SUNBURST TEARDROP
2020-12-02SansecSansec Threat Research Team
@online{team:20201202:persistent:4f26f93, author = {Sansec Threat Research Team}, title = {{Persistent parasite in EOL Magento 2 stores wakes at Black Friday}}, date = {2020-12-02}, organization = {Sansec}, url = {https://sansec.io/research/magento-2-persistent-parasite}, language = {English}, urldate = {2020-12-14} } Persistent parasite in EOL Magento 2 stores wakes at Black Friday
magecart
2020-11-26SansecSansec Threat Research Team
@online{team:20201126:payment:0a8e1d5, author = {Sansec Threat Research Team}, title = {{Payment skimmer hides in social media buttons}}, date = {2020-11-26}, organization = {Sansec}, url = {https://sansec.io/research/svg-malware}, language = {English}, urldate = {2020-12-08} } Payment skimmer hides in social media buttons
2020-11-19SANS ISC InfoSec ForumsXavier Mertens
@online{mertens:20201119:powershell:72b44bf, author = {Xavier Mertens}, title = {{PowerShell Dropper Delivering Formbook}}, date = {2020-11-19}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/diary/26806}, language = {English}, urldate = {2020-11-19} } PowerShell Dropper Delivering Formbook
Formbook
2020-10-28Youtube (SANS Institute)Katie Nickels, Van Ta, Aaron Stephens
@online{nickels:20201028:spooky:3bf0a0a, author = {Katie Nickels and Van Ta and Aaron Stephens}, title = {{Spooky RYUKy: The Return of UNC1878 | SANS STAR Webcast}}, date = {2020-10-28}, organization = {Youtube (SANS Institute)}, url = {https://www.youtube.com/watch?v=CgDtm05qApE}, language = {English}, urldate = {2020-11-04} } Spooky RYUKy: The Return of UNC1878 | SANS STAR Webcast
Ryuk UNC1878
2020-10-28Youtube (SANS Digital Forensics and Incident Response)Van Ta, Aaron Stephens, Katie Nickels
@online{ta:20201028:star:16965fb, author = {Van Ta and Aaron Stephens and Katie Nickels}, title = {{STAR Webcast: Spooky RYUKy: The Return of UNC1878}}, date = {2020-10-28}, organization = {Youtube (SANS Digital Forensics and Incident Response)}, url = {https://www.youtube.com/watch?v=BhjQ6zsCVSc}, language = {English}, urldate = {2020-11-02} } STAR Webcast: Spooky RYUKy: The Return of UNC1878
Ryuk
2020-10-26SANS ISC InfoSec ForumsDidier Stevens
@online{stevens:20201026:excel:0cad0df, author = {Didier Stevens}, title = {{Excel 4 Macros: "Abnormal Sheet Visibility"}}, date = {2020-10-26}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/diary/rss/26726}, language = {English}, urldate = {2020-11-02} } Excel 4 Macros: "Abnormal Sheet Visibility"
2020-09-10SANS ISC InfoSec ForumsBrad Duncan
@online{duncan:20200910:recent:f9e103f, author = {Brad Duncan}, title = {{Recent Dridex activity}}, date = {2020-09-10}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/Recent+Dridex+activity/26550/}, language = {English}, urldate = {2020-09-15} } Recent Dridex activity
Dridex
2020-07-06SansecSansec Threat Research Team
@online{team:20200706:north:1fb54b4, author = {Sansec Threat Research Team}, title = {{North Korean hackers implicated in stealing from US and European shoppers}}, date = {2020-07-06}, organization = {Sansec}, url = {https://sansec.io/research/north-korea-magecart}, language = {English}, urldate = {2020-07-06} } North Korean hackers implicated in stealing from US and European shoppers
magecart
2020-06-15SansecSansec Threat Research Team
@online{team:20200615:magecart:09274cd, author = {Sansec Threat Research Team}, title = {{Magecart strikes amid Corona lockdown}}, date = {2020-06-15}, organization = {Sansec}, url = {https://sansec.io/research/magecart-corona-lockdown}, language = {English}, urldate = {2020-06-16} } Magecart strikes amid Corona lockdown
magecart
2020-03-23SANS ISCDidier Stevens
@online{stevens:20200323:kpot:9f080e7, author = {Didier Stevens}, title = {{KPOT Deployed via AutoIt Script}}, date = {2020-03-23}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/25934}, language = {English}, urldate = {2020-03-26} } KPOT Deployed via AutoIt Script
KPOT Stealer
2020-02-03SANS ISCJan Kopriva
@online{kopriva:20200203:analysis:c531bd3, author = {Jan Kopriva}, title = {{Analysis of a triple-encrypted AZORult downloader}}, date = {2020-02-03}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Analysis+of+a+tripleencrypted+AZORult+downloader/25768/}, language = {English}, urldate = {2020-02-10} } Analysis of a triple-encrypted AZORult downloader
Azorult
2020-01-23SANS ISC InfoSec ForumsBrad Duncan
@online{duncan:20200123:german:2c867b2, author = {Brad Duncan}, title = {{German language malspam pushes Ursnif}}, date = {2020-01-23}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/German+language+malspam+pushes+Ursnif/25732/}, language = {English}, urldate = {2020-01-26} } German language malspam pushes Ursnif
ISFB
2019-11-22SANS Cyber Security SummitSveva Vittoria Scenarelli, Rachel Mullan
@techreport{scenarelli:20191122:need:00f7cef, author = {Sveva Vittoria Scenarelli and Rachel Mullan}, title = {{Need for PLEAD: BlackTech Pursuit}}, date = {2019-11-22}, institution = {SANS Cyber Security Summit}, url = {https://web.archive.org/web/20200229012206/https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1574947724.pdf}, language = {English}, urldate = {2021-01-25} } Need for PLEAD: BlackTech Pursuit
BLUETHER PLEAD
2019-07-08SANSJosh M. Bryant, Robert Falcone
@techreport{bryant:20190708:hunting:7ce53d5, author = {Josh M. Bryant and Robert Falcone}, title = {{Hunting Webshells: Tracking TwoFace}}, date = {2019-07-08}, institution = {SANS}, url = {https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1536345486.pdf}, language = {English}, urldate = {2020-01-09} } Hunting Webshells: Tracking TwoFace
TwoFace
2019-06-25SANSBrad Duncan
@online{duncan:20190625:rig:31ecb33, author = {Brad Duncan}, title = {{Rig Exploit Kit sends Pitou.B Trojan}}, date = {2019-06-25}, organization = {SANS}, url = {https://isc.sans.edu/diary/rss/25068}, language = {English}, urldate = {2019-12-17} } Rig Exploit Kit sends Pitou.B Trojan
Pitou