Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-11-01SANS ISCXavier Mertens
@online{mertens:20231101:malware:c5ceeb2, author = {Xavier Mertens}, title = {{Malware Dropped Through a ZPAQ Archive}}, date = {2023-11-01}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/Malware+Dropped+Through+a+ZPAQ+Archive/30366/}, language = {English}, urldate = {2023-11-13} } Malware Dropped Through a ZPAQ Archive
2023-04-12SANS ISCBrad Duncan
@online{duncan:20230412:recent:093f8b8, author = {Brad Duncan}, title = {{Recent IcedID (Bokbot) activity}}, date = {2023-04-12}, organization = {SANS ISC}, url = {https://dshield.org/diary/Recent+IcedID+Bokbot+activity/29740/}, language = {English}, urldate = {2023-04-18} } Recent IcedID (Bokbot) activity
IcedID
2023-01-18SANS ISCBrad Duncan
@online{duncan:20230118:malicious:df039e8, author = {Brad Duncan}, title = {{Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware}}, date = {2023-01-18}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/29448}, language = {English}, urldate = {2023-01-19} } Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware
Aurora Stealer
2022-12-18SANS ISCGuy Bruneau
@online{bruneau:20221218:infostealer:12fb43f, author = {Guy Bruneau}, title = {{Infostealer Malware with Double Extension}}, date = {2022-12-18}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/Infostealer+Malware+with+Double+Extension/29354}, language = {English}, urldate = {2022-12-20} } Infostealer Malware with Double Extension
Agent Tesla
2022-08-19SANS ISCBrad Duncan
@online{duncan:20220819:brazil:ba12b0c, author = {Brad Duncan}, title = {{Brazil malspam pushes Astaroth (Guildma) malware}}, date = {2022-08-19}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/Brazil+malspam+pushes+Astaroth+%28Guildma%29+malware/28962}, language = {English}, urldate = {2022-08-28} } Brazil malspam pushes Astaroth (Guildma) malware
Astaroth
2022-08-12SANS ISCBrad Duncan
@online{duncan:20220812:monster:cbf3101, author = {Brad Duncan}, title = {{Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike}}, date = {2022-08-12}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/28934}, language = {English}, urldate = {2022-08-15} } Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike
Cobalt Strike DarkVNC IcedID
2022-07-27SANS ISCBrad Duncan
@online{duncan:20220727:icedid:839e33a, author = {Brad Duncan}, title = {{IcedID (Bokbot) with Dark VNC and Cobalt Strike}}, date = {2022-07-27}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/IcedID+%28Bokbot%29+with+Dark+VNC+and+Cobalt+Strike/28884}, language = {English}, urldate = {2022-07-28} } IcedID (Bokbot) with Dark VNC and Cobalt Strike
DarkVNC IcedID
2022-07-07SANS ISCBrad Duncan
@online{duncan:20220707:emotet:3732ca7, author = {Brad Duncan}, title = {{Emotet infection with Cobalt Strike}}, date = {2022-07-07}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Emotet%20infection%20with%20Cobalt%20Strike/28824/}, language = {English}, urldate = {2022-07-12} } Emotet infection with Cobalt Strike
Cobalt Strike Emotet
2022-06-17SANS ISCBrad Duncan
@online{duncan:20220617:malspam:25c76a4, author = {Brad Duncan}, title = {{Malspam pushes Matanbuchus malware, leads to Cobalt Strike}}, date = {2022-06-17}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/28752}, language = {English}, urldate = {2022-06-22} } Malspam pushes Matanbuchus malware, leads to Cobalt Strike
Cobalt Strike Matanbuchus
2022-06-16SANS ISCXavier Mertens
@online{mertens:20220616:houdini:1d61640, author = {Xavier Mertens}, title = {{Houdini is Back Delivered Through a JavaScript Dropper}}, date = {2022-06-16}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/}, language = {English}, urldate = {2022-06-17} } Houdini is Back Delivered Through a JavaScript Dropper
Houdini
2022-06-13SANS ISCRenato Marinho
@online{marinho:20220613:translating:633e46a, author = {Renato Marinho}, title = {{Translating Saitama's DNS tunneling messages}}, date = {2022-06-13}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/Translating+Saitama%27s+DNS+tunneling+messages/28738}, language = {English}, urldate = {2022-06-16} } Translating Saitama's DNS tunneling messages
Saitama Backdoor
2022-05-20SANS ISCXavier Mertens
@online{mertens:20220520:zip:eb3e2f6, author = {Xavier Mertens}, title = {{A 'Zip Bomb' to Bypass Security Controls & Sandboxes}}, date = {2022-05-20}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/A+Zip+Bomb+to+Bypass+Security+Controls+Sandboxes/28670/}, language = {English}, urldate = {2022-05-25} } A 'Zip Bomb' to Bypass Security Controls & Sandboxes
BitRAT
2022-05-11SANS ISCBrad Duncan
@online{duncan:20220511:ta578:2128ae0, author = {Brad Duncan}, title = {{TA578 using thread-hijacked emails to push ISO files for Bumblebee malware}}, date = {2022-05-11}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/28636}, language = {English}, urldate = {2022-05-17} } TA578 using thread-hijacked emails to push ISO files for Bumblebee malware
BumbleBee
2022-04-25SANS ISCXavier Mertens
@online{mertens:20220425:simple:cf5a852, author = {Xavier Mertens}, title = {{Simple PDF Linking to Malicious Content}}, date = {2022-04-25}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Simple+PDF+Linking+to+Malicious+Content/28582/}, language = {English}, urldate = {2022-04-25} } Simple PDF Linking to Malicious Content
2022-04-20SANS ISCBrad Duncan
@online{duncan:20220420:aa:eb304fb, author = {Brad Duncan}, title = {{'aa' distribution Qakbot (Qbot) infection with DarkVNC traffic}}, date = {2022-04-20}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/28568}, language = {English}, urldate = {2022-04-25} } 'aa' distribution Qakbot (Qbot) infection with DarkVNC traffic
QakBot
2022-04-06SANS ISCBrad Duncan
@online{duncan:20220406:windows:2685e57, author = {Brad Duncan}, title = {{Windows MetaStealer Malware}}, date = {2022-04-06}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/28522}, language = {English}, urldate = {2022-06-27} } Windows MetaStealer Malware
2022-03-31SANS ISCJohannes Ullrich
@online{ullrich:20220331:spring:a2ac765, author = {Johannes Ullrich}, title = {{Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965}}, date = {2022-03-31}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/28504}, language = {English}, urldate = {2022-04-04} } Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965
2022-03-25SANS ISCXavier Mertens
@online{mertens:20220325:xlsb:21fdeaf, author = {Xavier Mertens}, title = {{XLSB Files: Because Binary is Stealthier Than XML}}, date = {2022-03-25}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/XLSB+Files+Because+Binary+is+Stealthier+Than+XML/28476/}, language = {English}, urldate = {2022-03-25} } XLSB Files: Because Binary is Stealthier Than XML
QakBot
2022-03-16SANS ISCBrad Duncan
@online{duncan:20220316:qakbot:7fe703f, author = {Brad Duncan}, title = {{Qakbot infection with Cobalt Strike and VNC activity}}, date = {2022-03-16}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike+and+VNC+activity/28448/}, language = {English}, urldate = {2022-03-17} } Qakbot infection with Cobalt Strike and VNC activity
Cobalt Strike QakBot
2022-02-18SANS ISCXavier Mertens
@online{mertens:20220218:remcos:c302a64, author = {Xavier Mertens}, title = {{Remcos RAT Delivered Through Double Compressed Archive}}, date = {2022-02-18}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Remcos+RAT+Delivered+Through+Double+Compressed+Archive/28354/}, language = {English}, urldate = {2022-02-18} } Remcos RAT Delivered Through Double Compressed Archive
Remcos