Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-07-24InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20210724:agenttesla:2876aef, author = {Xavier Mertens}, title = {{Agent.Tesla Dropped via a .daa Image and Talking to Telegram}}, date = {2021-07-24}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/27666}, language = {English}, urldate = {2021-07-26} } Agent.Tesla Dropped via a .daa Image and Talking to Telegram
Agent Tesla
2021-03-31InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20210331:quick:56fcc20, author = {Xavier Mertens}, title = {{Quick Analysis of a Modular InfoStealer}}, date = {2021-03-31}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/27264}, language = {English}, urldate = {2021-03-31} } Quick Analysis of a Modular InfoStealer
Amadey
2021-03-29InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20210329:jumping:1da0c41, author = {Xavier Mertens}, title = {{Jumping into Shellcode}}, date = {2021-03-29}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/Jumping+into+Shellcode/27256/}, language = {English}, urldate = {2021-03-31} } Jumping into Shellcode
2021-02-12InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20210212:agenttesla:228400f, author = {Xavier Mertens}, title = {{AgentTesla Dropped Through Automatic Click in Microsoft Help File}}, date = {2021-02-12}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/27092}, language = {English}, urldate = {2021-02-18} } AgentTesla Dropped Through Automatic Click in Microsoft Help File
Agent Tesla
2021-01-22InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20210122:another:340e841, author = {Xavier Mertens}, title = {{Another File Extension to Block in your MTA: .jnlp}}, date = {2021-01-22}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/Another+File+Extension+to+Block+in+your+MTA+jnlp/27018/}, language = {English}, urldate = {2021-01-25} } Another File Extension to Block in your MTA: .jnlp
2021-01-21InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20210121:powershell:904be1b, author = {Xavier Mertens}, title = {{Powershell Dropping a REvil Ransomware}}, date = {2021-01-21}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/27012}, language = {English}, urldate = {2021-01-21} } Powershell Dropping a REvil Ransomware
REvil
2020-12-24InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20201224:malicious:df6eb1a, author = {Xavier Mertens}, title = {{Malicious Word Document Delivering an Octopus Backdoor}}, date = {2020-12-24}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/26918}, language = {English}, urldate = {2021-01-04} } Malicious Word Document Delivering an Octopus Backdoor
Octopus
2020-11-19SANS ISC InfoSec ForumsXavier Mertens
@online{mertens:20201119:powershell:72b44bf, author = {Xavier Mertens}, title = {{PowerShell Dropper Delivering Formbook}}, date = {2020-11-19}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/diary/26806}, language = {English}, urldate = {2020-11-19} } PowerShell Dropper Delivering Formbook
Formbook
2020-07-14blog.rootshell.beXavier Mertens
@online{mertens:20200714:simple:13f2a87, author = {Xavier Mertens}, title = {{Simple DGA Spotted in a Malicious PowerShell}}, date = {2020-07-14}, organization = {blog.rootshell.be}, url = {https://blog.rootshell.be/2020/07/14/simple-dga-spotted-in-a-malicious-powershell/}, language = {English}, urldate = {2020-07-17} } Simple DGA Spotted in a Malicious PowerShell
2020-05-23InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20200523:agenttesla:eba0b0c, author = {Xavier Mertens}, title = {{AgentTesla Delivered via a Malicious PowerPoint Add-In}}, date = {2020-05-23}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/}, language = {English}, urldate = {2020-05-27} } AgentTesla Delivered via a Malicious PowerPoint Add-In
Agent Tesla
2018-05-19Xavier Mertens
@online{mertens:20180519:malicious:85c0a91, author = {Xavier Mertens}, title = {{Malicious Powershell Targeting UK Bank Customers}}, date = {2018-05-19}, url = {https://isc.sans.edu/forums/diary/Malicious+Powershell+Targeting+UK+Bank+Customers/23675/}, language = {English}, urldate = {2020-01-13} } Malicious Powershell Targeting UK Bank Customers
sLoad
2017-07-08InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20170708:vbscript:e2baa5d, author = {Xavier Mertens}, title = {{A VBScript with Obfuscated Base64 Data}}, date = {2017-07-08}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/22590}, language = {English}, urldate = {2020-01-13} } A VBScript with Obfuscated Base64 Data
Revenge RAT