Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-12-03Twitter (@vxunderground)VX-Underground
@online{vxunderground:20231203:about:e15f416, author = {VX-Underground}, title = {{Tweet about ALPHV group compromising Tipalti to pressure its clients.}}, date = {2023-12-03}, organization = {Twitter (@vxunderground)}, url = {https://x.com/vxunderground/status/1731138180672344095?t=reBMQQFFMGQ_zkV8KmL_LA&s=01}, language = {English}, urldate = {2023-12-04} } Tweet about ALPHV group compromising Tipalti to pressure its clients.
BlackCat BlackCat
2023-11-30Twitter (@embee_research)Embee_research
@online{embeeresearch:20231130:advanced:4afa89a, author = {Embee_research}, title = {{Advanced Threat Intel Queries - Catching 83 Qakbot Servers with Regex, Censys and TLS Certificates}}, date = {2023-11-30}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/advanced-threat-intel-queries-catching-83-qakbot-servers-with-regex-censys-and-tls-certificates/}, language = {English}, urldate = {2023-11-30} } Advanced Threat Intel Queries - Catching 83 Qakbot Servers with Regex, Censys and TLS Certificates
QakBot
2023-11-27Twitter (@embee_research)Embee_research
@online{embeeresearch:20231127:building:3dd782a, author = {Embee_research}, title = {{Building Threat Intel Queries Utilising Regex and TLS Certificates - (BianLian)}}, date = {2023-11-27}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/building-advanced-censys-queries-utilising-regex-bianlian/}, language = {English}, urldate = {2023-11-27} } Building Threat Intel Queries Utilising Regex and TLS Certificates - (BianLian)
BianLian
2023-11-26Twitter (@embee_research)Embee_research
@online{embeeresearch:20231126:identifying:8b70097, author = {Embee_research}, title = {{Identifying Suspected PrivateLoader Servers with Censys}}, date = {2023-11-26}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/identifying-privateloader-servers-with-censys/}, language = {English}, urldate = {2023-11-27} } Identifying Suspected PrivateLoader Servers with Censys
PrivateLoader
2023-11-22Twitter (@embee_research)Embee_research
@online{embeeresearch:20231122:practical:1847814, author = {Embee_research}, title = {{Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)}}, date = {2023-11-22}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/practical-queries-for-malware-infrastructure-part-3/}, language = {English}, urldate = {2023-11-22} } Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)
BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos
2023-11-19Twitter (@embee_research)Embee_research
@online{embeeresearch:20231119:combining:fa48682, author = {Embee_research}, title = {{Combining Pivot Points to Identify Malware Infrastructure - Redline, Smokeloader and Cobalt Strike}}, date = {2023-11-19}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/combining-pivot-points-to-identify-malware-infrastructure-redline-smokeloader-and-cobalt-strike/}, language = {English}, urldate = {2023-11-22} } Combining Pivot Points to Identify Malware Infrastructure - Redline, Smokeloader and Cobalt Strike
Amadey Cobalt Strike RedLine Stealer SmokeLoader
2023-11-15Twitter (@embee_research)Embee_research
@online{embeeresearch:20231115:identifying:c375df2, author = {Embee_research}, title = {{Identifying Simple Pivot Points in Malware Infrastructure - RisePro Stealer}}, date = {2023-11-15}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/identifying-risepro-panels-using-censys/}, language = {English}, urldate = {2023-11-17} } Identifying Simple Pivot Points in Malware Infrastructure - RisePro Stealer
RedLine Stealer RisePro
2023-11-13Twitter (@malwrhunterteam)MalwareHunterTeam
@online{malwarehunterteam:20231113:qilin:ebf1cb5, author = {MalwareHunterTeam}, title = {{Tweet on Qilin Linux Locker}}, date = {2023-11-13}, organization = {Twitter (@malwrhunterteam)}, url = {https://twitter.com/malwrhunterteam/status/1724521714845937822}, language = {English}, urldate = {2023-12-04} } Tweet on Qilin Linux Locker
Qilin
2023-11-13Twitter (@malwrhunterteam)MalwareHunterTeam
@online{malwarehunterteam:20231113:linux:f0f5f71, author = {MalwareHunterTeam}, title = {{Tweet on Linux version of Rhysida}}, date = {2023-11-13}, organization = {Twitter (@malwrhunterteam)}, url = {https://twitter.com/malwrhunterteam/status/1724165711356993736}, language = {English}, urldate = {2023-11-14} } Tweet on Linux version of Rhysida
Rhysida
2023-11-06Twitter (@embee_research)Embee_research
@online{embeeresearch:20231106:unpacking:a3f7c0b, author = {Embee_research}, title = {{Unpacking Malware With Hardware Breakpoints - Cobalt Strike}}, date = {2023-11-06}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/unpacking-malware-with-hardware-breakpoints-cobalt-strike/}, language = {English}, urldate = {2023-11-13} } Unpacking Malware With Hardware Breakpoints - Cobalt Strike
Cobalt Strike
2023-11-01Twitter (@embee_research)Embee_research
@online{embeeresearch:20231101:malware:897262b, author = {Embee_research}, title = {{Malware Unpacking With Memory Dumps - Intermediate Methods (Pe-Sieve, Process Hacker, Hxd and Pe-bear)}}, date = {2023-11-01}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/unpacking-malware-using-process-hacker-and-memory-inspection/}, language = {English}, urldate = {2023-11-13} } Malware Unpacking With Memory Dumps - Intermediate Methods (Pe-Sieve, Process Hacker, Hxd and Pe-bear)
AsyncRAT
2023-10-30Twitter (@embee_research)Embee_research
@online{embeeresearch:20231030:unpacking:f1c6a1f, author = {Embee_research}, title = {{Unpacking .NET Malware With Process Hacker and Dnspy}}, date = {2023-10-30}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/unpacking-net-malware-with-process-hacker/}, language = {English}, urldate = {2023-10-30} } Unpacking .NET Malware With Process Hacker and Dnspy
AsyncRAT
2023-10-27Twitter (@embee_research)Embee_research
@online{embeeresearch:20231027:remcos:af5fa30, author = {Embee_research}, title = {{Remcos Downloader Analysis - Manual Deobfuscation of Visual Basic and Powershell}}, date = {2023-10-27}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/decoding-a-remcos-loader-script-visual-basic-deobfuscation/}, language = {English}, urldate = {2023-10-30} } Remcos Downloader Analysis - Manual Deobfuscation of Visual Basic and Powershell
Remcos
2023-10-23Twitter (@embee_research)Embee_research
@online{embeeresearch:20231023:cobalt:0c88305, author = {Embee_research}, title = {{Cobalt Strike .VBS Loader - Decoding with Advanced CyberChef and Emulation}}, date = {2023-10-23}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/decoding-a-cobalt-strike-vba-loader-with-cyberchef/}, language = {English}, urldate = {2023-10-30} } Cobalt Strike .VBS Loader - Decoding with Advanced CyberChef and Emulation
Cobalt Strike
2023-10-20Twitter (@embee_research)Embee_research
@online{embeeresearch:20231020:decoding:85adeaa, author = {Embee_research}, title = {{Decoding a Cobalt Strike .hta Loader Using CyberChef and Emulation}}, date = {2023-10-20}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/malware-analysis-decoding-a-simple-hta-loader/}, language = {English}, urldate = {2023-10-20} } Decoding a Cobalt Strike .hta Loader Using CyberChef and Emulation
Cobalt Strike
2023-10-18Twitter (@embee_research)Embee_research
@online{embeeresearch:20231018:ghidra:1253f8d, author = {Embee_research}, title = {{Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function}}, date = {2023-10-18}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/ghidra-entropy-analysis-locating-decryption-functions/}, language = {English}, urldate = {2023-10-20} } Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function
Cobalt Strike
2023-10-16Twitter (@embee_research)Embee_research
@online{embeeresearch:20231016:decoding:f01af37, author = {Embee_research}, title = {{Decoding a Simple Visual Basic (.vbs) Script - DarkGate Loader}}, date = {2023-10-16}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/decoding-a-simple-visual-basic-vbs-script-darkgate-loader/}, language = {English}, urldate = {2023-10-17} } Decoding a Simple Visual Basic (.vbs) Script - DarkGate Loader
DarkGate
2023-10-13Twitter (@JAMESWT_MHT)JamesWT
@online{jameswt:20231013:tweets:b2a26b5, author = {JamesWT}, title = {{Tweets on Wikiloader delivering ISFB}}, date = {2023-10-13}, organization = {Twitter (@JAMESWT_MHT)}, url = {https://twitter.com/JAMESWT_MHT/status/1712783250446328114?t=iLKXzsZuS1TTa0i9sZFkQA&s=19}, language = {English}, urldate = {2023-10-16} } Tweets on Wikiloader delivering ISFB
ISFB WikiLoader
2023-10-11Twitter (@MsftSecIntel)Microsoft Threat Intelligence
@online{intelligence:20231011:storm0062:280ecc3, author = {Microsoft Threat Intelligence}, title = {{Tweet on Storm-0062 exploiting CVE-2023-22515}}, date = {2023-10-11}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1711871732644970856}, language = {English}, urldate = {2023-12-04} } Tweet on Storm-0062 exploiting CVE-2023-22515
2023-10-10Twitter (@embee_research)Embee_research
@online{embeeresearch:20231010:how:3f9d14e, author = {Embee_research}, title = {{How To Develop Yara Rules for .NET Malware Using IL ByteCodes}}, date = {2023-10-10}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/yara-rule-development-il-instructions-in-redline-malware/}, language = {English}, urldate = {2023-10-10} } How To Develop Yara Rules for .NET Malware Using IL ByteCodes
RedLine Stealer