Click here to download all references as Bib-File.•
2024-07-01
⋅
Speakerdeck (takahiro_haruyama)
⋅
The Art of Malware C2 Scanning - How to Reverse and Emulate Protocol Obfuscated by Compiler DOPLUGS Hodur |
2023-01-14
⋅
YouTube (CODE BLUE)
⋅
[CB22]Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulation and Scanning ShadowPad Winnti |
2022-11-21
⋅
vmware
⋅
Threat Analysis: Active C2 Discovery Using Protocol Emulation Part4 (Dacls, aka MATA) Dacls |
2022-10-27
⋅
vmware
⋅
Threat Analysis: Active C2 Discovery Using Protocol Emulation Part3 (ShadowPad) ShadowPad |
2022-10-25
⋅
VMware Threat Analysis Unit
⋅
Tracking the entire iceberg: long-term APT malware C2 protocol emulation and scanning ShadowPad Winnti |
2022-09-26
⋅
Youtube (Virus Bulletin)
⋅
Tracking the entire iceberg long term APT malware C2 protocol emulation and scanning ShadowPad Winnti |
2022-09-19
⋅
Virus Bulletin
⋅
Tracking the entire iceberg - long-term APT malware C2 protocol emulation and scanning ShadowPad Winnti |
2021-11-16
⋅
vmware
⋅
Monitoring Winnti 4.0 C2 Servers for Two Years Winnti |
2021-06-25
⋅
Gdata
⋅
Microsoft signed a malicious Netfilter rootkit NetfilterRootkit |
2021-06-15
⋅
vmware
⋅
Detecting UEFI Bootkits in the Wild (Part 1) LoJax MosaicRegressor TrickBot |
2021-02-24
⋅
⋅
VMWare Carbon Black
⋅
Knock, knock, Neo. - Active C2 Discovery Using Protocol Emulation Cobalt Strike |
2020-09-22
⋅
vmware
⋅
Detecting Threats in Real-time With Active C2 Information Agent.BTZ Cobalt Strike Dacls NetWire RC PoshC2 Winnti |
2020-02-20
⋅
Carbon Black
⋅
Threat Analysis: Active C2 Discovery Using Protocol Emulation Part2 (Winnti 4.0) Winnti |
2019-11-20
⋅
vmware
⋅
Active C2 Discovery Using Protocol Emulation Part1 (HYDSEVEN NetWire) NetWire RC |
2019-10-24
⋅
Carbon Black
⋅
Defeating APT10 Compiler-level Obfuscations Anel |
2019-09-04
⋅
CarbonBlack
⋅
CB TAU Threat Intelligence Notification: Winnti Malware 4.0 Winnti |