Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-19Twitter (@embee_research)Embee_research
@online{embeeresearch:20230519:analysis:92de1d2, author = {Embee_research}, title = {{Analysis of Amadey Bot Infrastructure Using Shodan}}, date = {2023-05-19}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/amadey-bot-infrastructure/}, language = {English}, urldate = {2023-05-21} } Analysis of Amadey Bot Infrastructure Using Shodan
Amadey
2023-05-18Twitter (@embee_research)Embee_research
@online{embeeresearch:20230518:identifying:a7f1165, author = {Embee_research}, title = {{Identifying Laplas Infrastructure Using Shodan and Censys}}, date = {2023-05-18}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/laplas-clipper-infrastructure/}, language = {English}, urldate = {2023-05-26} } Identifying Laplas Infrastructure Using Shodan and Censys
LaplasClipper
2023-05-17Medium (@DCSO_CyTec)Johann Aydinbas, Emilia Neuber, Kritika Roy, Axel Wauer, Jiro Minier
@online{aydinbas:20230517:andariels:517dbe2, author = {Johann Aydinbas and Emilia Neuber and Kritika Roy and Axel Wauer and Jiro Minier}, title = {{Andariel’s “Jupiter” malware and the case of the curious C2}}, date = {2023-05-17}, organization = {Medium (@DCSO_CyTec)}, url = {https://medium.com/@DCSO_CyTec/andariels-jupiter-malware-and-the-case-of-the-curious-c2-dbfe29f57499}, language = {English}, urldate = {2023-05-21} } Andariel’s “Jupiter” malware and the case of the curious C2
Jupiter
2023-05-15embeeresearchEmbee_research
@online{embeeresearch:20230515:quasar:6a364a0, author = {Embee_research}, title = {{Quasar Rat Analysis - Identification of 64 Quasar Servers Using Shodan and Censys}}, date = {2023-05-15}, organization = {embeeresearch}, url = {https://embee-research.ghost.io/hunting-quasar-rat-shodan}, language = {English}, urldate = {2023-05-16} } Quasar Rat Analysis - Identification of 64 Quasar Servers Using Shodan and Censys
Quasar RAT
2023-05-07Twitter (@embee_research)Matthew
@online{matthew:20230507:agenttesla:65bf8af, author = {Matthew}, title = {{AgentTesla - Full Loader Analysis - Resolving API Hashes Using Conditional Breakpoints}}, date = {2023-05-07}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/agenttesla-full-analysis-api-hashing/}, language = {English}, urldate = {2023-05-08} } AgentTesla - Full Loader Analysis - Resolving API Hashes Using Conditional Breakpoints
Agent Tesla
2023-04-21SymantecThreat Hunter Team
@online{team:20230421:xtrader:f5f0e26, author = {Threat Hunter Team}, title = {{X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe}}, date = {2023-04-21}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain}, language = {English}, urldate = {2023-05-26} } X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe
VEILEDSIGNAL
2023-04-20SecuronixDen Iyzvyk, Oleg Kolesnikov, Tim Peck
@online{iyzvyk:20230420:new:a864a61, author = {Den Iyzvyk and Oleg Kolesnikov and Tim Peck}, title = {{New OCX#HARVESTER Attack Campaign Leverages a Modernized More_eggs Suite to Target Victims}}, date = {2023-04-20}, organization = {Securonix}, url = {https://www.securonix.com/blog/threat-labs-security-advisory-new-ocxharvester-attack-campaign-leverages-modernized-more_eggs-suite/}, language = {English}, urldate = {2023-04-25} } New OCX#HARVESTER Attack Campaign Leverages a Modernized More_eggs Suite to Target Victims
More_eggs
2023-04-11Twitter (@Unit42_Intel)Unit42
@online{unit42:20230411:change:c20334e, author = {Unit42}, title = {{Tweet on change of IcedID backconnect traffic port from 8080 to 443}}, date = {2023-04-11}, organization = {Twitter (@Unit42_Intel)}, url = {https://twitter.com/Unit42_Intel/status/1645851799427874818}, language = {English}, urldate = {2023-04-18} } Tweet on change of IcedID backconnect traffic port from 8080 to 443
IcedID
2023-04-10Twitter (@embee_research)Matthew
@online{matthew:20230410:redline:397ebbf, author = {Matthew}, title = {{Redline Stealer - Static Analysis and C2 Extraction}}, date = {2023-04-10}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/redline-stealer-basic-static-analysis-and-c2-extraction/}, language = {English}, urldate = {2023-04-14} } Redline Stealer - Static Analysis and C2 Extraction
Amadey RedLine Stealer
2023-04-08Twitter (@embee_research)Embee_research
@online{embeeresearch:20230408:dcrat:8151f7a, author = {Embee_research}, title = {{Dcrat - Manual De-obfuscation of .NET Malware}}, date = {2023-04-08}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/dcrat-manual-de-obfuscation/}, language = {English}, urldate = {2023-04-10} } Dcrat - Manual De-obfuscation of .NET Malware
DCRat
2023-03-21Twitter (@splinter_code)Antonio Cocomazzi
@online{cocomazzi:20230321:blackbyte:f11b8c4, author = {Antonio Cocomazzi}, title = {{Tweet on BlackByte ransomware rewrite in C++}}, date = {2023-03-21}, organization = {Twitter (@splinter_code)}, url = {https://twitter.com/splinter_code/status/1628057204954652674}, language = {English}, urldate = {2023-03-24} } Tweet on BlackByte ransomware rewrite in C++
BlackByte
2023-03-10Security0wnageSecurity0wnage
@online{security0wnage:20230310:how:c15d634, author = {Security0wnage}, title = {{How Do You Like Dem Eggs? I like Mine Scrambled, Really Scrambled - A Look at Recent more_eggs Samples}}, date = {2023-03-10}, organization = {Security0wnage}, url = {https://sec0wn.blogspot.com/2023/03/how-do-you-like-dem-eggs-i-like-mine.html?m=1}, language = {English}, urldate = {2023-03-13} } How Do You Like Dem Eggs? I like Mine Scrambled, Really Scrambled - A Look at Recent more_eggs Samples
More_eggs
2022-12-01mostwanted002
@online{mostwanted002:20221201:malware:c0d4dc7, author = {mostwanted002}, title = {{Malware Analysis and Triage Report : PirateStealer - Discord_beta.exe}}, date = {2022-12-01}, url = {https://mostwanted002.cf/post/malware-analysis-and-triage-report-piratestealer/}, language = {English}, urldate = {2022-12-01} } Malware Analysis and Triage Report : PirateStealer - Discord_beta.exe
PirateStealer
2022-11-19MalwarologyRobert Simmons
@online{simmons:20221119:malicious:13718e6, author = {Robert Simmons}, title = {{Malicious Packer pkr_ce1a}}, date = {2022-11-19}, organization = {Malwarology}, url = {https://malwarology.substack.com/p/malicious-packer-pkr_ce1a?r=1lslzd}, language = {English}, urldate = {2022-11-25} } Malicious Packer pkr_ce1a
SmokeLoader Vidar
2022-11-16Medium (@DCSO_CyTec)Johann Aydinbas, Axel Wauer
@online{aydinbas:20221116:hz:b5a2d6d, author = {Johann Aydinbas and Axel Wauer}, title = {{HZ RAT goes China}}, date = {2022-11-16}, organization = {Medium (@DCSO_CyTec)}, url = {https://medium.com/@DCSO_CyTec/hz-rat-goes-china-506854c5f2e2}, language = {English}, urldate = {2022-11-18} } HZ RAT goes China
HZ RAT
2022-11-14Twitter (@embee_research)Matthew
@online{matthew:20221114:twitter:9b57525, author = {Matthew}, title = {{Twitter thread on Yara Signatures for Qakbot Encryption Routines}}, date = {2022-11-14}, organization = {Twitter (@embee_research)}, url = {https://twitter.com/embee_research/status/1592067841154756610?s=20}, language = {English}, urldate = {2022-11-18} } Twitter thread on Yara Signatures for Qakbot Encryption Routines
IcedID QakBot
2022-11-02Twitter (@_CPResearch_)Checkpoint Research
@online{research:20221102:azov:9f43496, author = {Checkpoint Research}, title = {{Tweet on Azov Wiper}}, date = {2022-11-02}, organization = {Twitter (@_CPResearch_)}, url = {https://twitter.com/_CPResearch_/status/1587837524604465153}, language = {English}, urldate = {2022-11-09} } Tweet on Azov Wiper
Azov Wiper
2022-10-12Twitter (@embee_research)Embee_research, Huntress Labs
@online{embeeresearch:20221012:tweets:3284cd3, author = {Embee_research and Huntress Labs}, title = {{Tweets on detection of Brute Ratel via API Hashes}}, date = {2022-10-12}, organization = {Twitter (@embee_research)}, url = {https://twitter.com/embee_research/status/1580030303950995456?s=20&t=0vfXnrCXaVSX-P-hiSrFwA}, language = {English}, urldate = {2022-11-21} } Tweets on detection of Brute Ratel via API Hashes
Brute Ratel C4
2022-10-11Twitter (@embee_research)Embee_research, Huntress Labs
@online{embeeresearch:20221011:havoc:3bc6fb5, author = {Embee_research and Huntress Labs}, title = {{Tweet on Havoc C2 - Static Detection Via Ntdll API Hashes}}, date = {2022-10-11}, organization = {Twitter (@embee_research)}, url = {https://twitter.com/embee_research/status/1579668721777643520?s=20&t=nDJOv1Yf5mQZKCou7qMrhQ}, language = {English}, urldate = {2022-11-21} } Tweet on Havoc C2 - Static Detection Via Ntdll API Hashes
Havoc
2022-10-11Medium (@DCSO_CyTec)Axel Wauer, Johann Aydinbas, Denis Szadkowski
@online{wauer:20221011:tracking:7c6c193, author = {Axel Wauer and Johann Aydinbas and Denis Szadkowski}, title = {{Tracking down Maggie}}, date = {2022-10-11}, organization = {Medium (@DCSO_CyTec)}, url = {https://medium.com/@DCSO_CyTec/tracking-down-maggie-4d889872513d}, language = {English}, urldate = {2022-10-30} } Tracking down Maggie
Maggie