Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-11-19SANS ISC InfoSec ForumsXavier Mertens
@online{mertens:20201119:powershell:72b44bf, author = {Xavier Mertens}, title = {{PowerShell Dropper Delivering Formbook}}, date = {2020-11-19}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/diary/26806}, language = {English}, urldate = {2020-11-19} } PowerShell Dropper Delivering Formbook
Formbook
2020-10-26SANS ISC InfoSec ForumsDidier Stevens
@online{stevens:20201026:excel:0cad0df, author = {Didier Stevens}, title = {{Excel 4 Macros: "Abnormal Sheet Visibility"}}, date = {2020-10-26}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/diary/rss/26726}, language = {English}, urldate = {2020-11-02} } Excel 4 Macros: "Abnormal Sheet Visibility"
2020-09-10SANS ISC InfoSec ForumsBrad Duncan
@online{duncan:20200910:recent:f9e103f, author = {Brad Duncan}, title = {{Recent Dridex activity}}, date = {2020-09-10}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/Recent+Dridex+activity/26550/}, language = {English}, urldate = {2020-09-15} } Recent Dridex activity
Dridex
2020-03-23SANS ISCDidier Stevens
@online{stevens:20200323:kpot:9f080e7, author = {Didier Stevens}, title = {{KPOT Deployed via AutoIt Script}}, date = {2020-03-23}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/25934}, language = {English}, urldate = {2020-03-26} } KPOT Deployed via AutoIt Script
KPOT Stealer
2020-02-03SANS ISCJan Kopriva
@online{kopriva:20200203:analysis:c531bd3, author = {Jan Kopriva}, title = {{Analysis of a triple-encrypted AZORult downloader}}, date = {2020-02-03}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Analysis+of+a+tripleencrypted+AZORult+downloader/25768/}, language = {English}, urldate = {2020-02-10} } Analysis of a triple-encrypted AZORult downloader
Azorult
2020-01-23SANS ISC InfoSec ForumsBrad Duncan
@online{duncan:20200123:german:2c867b2, author = {Brad Duncan}, title = {{German language malspam pushes Ursnif}}, date = {2020-01-23}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/German+language+malspam+pushes+Ursnif/25732/}, language = {English}, urldate = {2020-01-26} } German language malspam pushes Ursnif
ISFB
2019-05-07SANS ISC InfoSec ForumsRenato
@online{renato:20190507:vulnerable:2c38a5f, author = {Renato}, title = {{Vulnerable Apache Jenkins exploited in the wild}}, date = {2019-05-07}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/Vulnerable+Apache+Jenkins+exploited+in+the+wild/24916}, language = {English}, urldate = {2020-01-10} } Vulnerable Apache Jenkins exploited in the wild
kerberods
2019-02-20SANS ISC InfoSec ForumsBrad Duncan
@online{duncan:20190220:more:a3216b8, author = {Brad Duncan}, title = {{More Russian language malspam pushing Shade (Troldesh) ransomware}}, date = {2019-02-20}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/More+Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24668/}, language = {English}, urldate = {2020-01-13} } More Russian language malspam pushing Shade (Troldesh) ransomware
Troldesh
2019-01-17SANS ISC InfoSec ForumsBrad Duncan
@online{duncan:20190117:emotet:0754347, author = {Brad Duncan}, title = {{Emotet infections and follow-up malware}}, date = {2019-01-17}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/}, language = {English}, urldate = {2020-01-13} } Emotet infections and follow-up malware
Emotet
2018-01-17SANS ISCbrad
@online{brad:20180117:reviewing:49ad844, author = {brad}, title = {{Reviewing the spam filters: Malspam pushing Gozi-ISFB}}, date = {2018-01-17}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Reviewing+the+spam+filters+Malspam+pushing+GoziISFB/23245}, language = {English}, urldate = {2019-12-20} } Reviewing the spam filters: Malspam pushing Gozi-ISFB
ISFB
2017-01-31SANS ISC InfoSec ForumsJohannes
@online{johannes:20170131:malicious:ed4f2fb, author = {Johannes}, title = {{Malicious Office files using fileless UAC bypass to drop KEYBASE malware}}, date = {2017-01-31}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/Malicious+Office+files+using+fileless+UAC+bypass+to+drop+KEYBASE+malware/22011/}, language = {English}, urldate = {2020-01-08} } Malicious Office files using fileless UAC bypass to drop KEYBASE malware
KeyBase
2017-01-21SANS ISC InfoSec ForumsBrad Duncan
@online{duncan:20170121:sage:cf422da, author = {Brad Duncan}, title = {{Sage 2.0 Ransomware}}, date = {2017-01-21}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/Sage+20+Ransomware/21959/}, language = {English}, urldate = {2019-07-11} } Sage 2.0 Ransomware
SAGE
2010-05-27SANS ISC InfoSec ForumsKevin Liston
@online{liston:20100527:sasfis:c963466, author = {Kevin Liston}, title = {{Sasfis Propagation}}, date = {2010-05-27}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/Sasfis+Propagation/8860/}, language = {English}, urldate = {2020-01-08} } Sasfis Propagation
Sasfis