Search by property
Jump to navigation
Jump to search
This page provides a simple browsing interface for finding entities described by a property and a named value. Other available search interfaces include the page property search, and the ask query builder.
List of results
- Cracking the encrypted C&C protocol of the ZeroAccess botnet + (2012)
- DNS: a botnet dialect + (2012)
- Dorkbot: conquistando Latinoamérica + (2012)
- Industrial espionage and targeted attacks: understanding the characteristics of an escalating threat + (2012)
- Learning stateful models for network honeypots + (2012)
- Malware 2 - from infection to persistence + (2012)
- Malware hunting with the Sysinternals tools + (2012)
- SKyWIper: A complex malware for targeted attacks + (2012)
- Unveiling the network criminal infrastructure of TDSS/TDL4 - DGAv14: a case study on a new TDSS/TDL4 variant + (2012)
- ZeuS – P2P+DGA variant – mapping out and understanding the threat + (January 4, 2012)
- Ramnit goes social + (January 5, 2012)
- A peek inside the PickPocket botnet + (January 6, 2012)
- Acquisition and analysis of volatile memory from Android devices + (February 2012)
- Reveton.A + (February 1, 2012)
- TDL4 reloaded: Purple Haze all in my brain + (February 3, 2012)
- Android.Bmaster: A million-dollar mobile botnet + (February 9, 2012)
- The where and why of Hlux + (February 15, 2012)
- Cutwail drives spike in malicious HTML attachment spam + (February 16, 2012)
- Shylock financial malware back 'with a vengeance' + (February 16, 2012)
- Long life to Kelihos! + (February 17, 2012)
- Pramro and Sality - two PEs in a pod + (February 21, 2012)
- Rovnix Reloaded: new step of evolution + (February 22, 2012)
- McAfee Labs threat advisory : W32.Pinkslipbot + (February 22, 2012)
- ZeuSbot/Spyeye P2P updated, fortifying the botnet + (February 23, 2012)
- Playing cops & robbers with banks & browsers + (February 27, 2012)
- The Cridex trojan targets 137 financial organizations in one go + (March 1, 2012)
- Scareware locks down computer due to child porn and terrorism + (March 2, 2012)
- Sinowal analysis (Windows 7, 32-bit) + (March 3, 2012)
- Kelihos back in town using Fast Flux + (March 4, 2012)
- Domain generation algorithms (DGA) in stealthy malware + (March 5, 2012)
- It’s 2012 and Armageddon has arrived + (March 6, 2012)
- The mystery of the Duqu framework + (March 7, 2012)
- Reversing the wrath of Khan + (March 7, 2012)
- Emerging attack vectors - RSA slide deck + (March 7, 2012)
- A peek inside the Darkness (Optima) DDoS Bot + (March 8, 2012)
- Kelihos: not alien resurrection, more attack of the clones + (March 12, 2012)
- MSRT March 2012: breaking bad + (March 13, 2012)
- New Thor botnet nearly ready to be sold, price $8,000 + (March 14, 2012)
- Ransomware: playing on your fears + (March 16, 2012)
- TDSS botnet: full disclosure + (March 17, 2012)
- ZeuS: me talk pretty Finnish one day + (March 19, 2012)
- An interesting case of JRE sandbox breach (CVE-2012-0507) + (March 20, 2012)
- Members of the largest criminal group engaged in online banking fraud are detained + (March 20, 2012)
- Dutch users served Sinowal for lunch + (March 20, 2012)
- Covert channels over social networks + (March 20, 2012)
- Bredolab botmaster ‘Birdie’ still at large + (March 21, 2012)
- Actually, my name is Duqu - Stuxnet is my middle name + (March 23, 2012)
- Inside an APT campaign with multiple targets in India and Japan + (March 26, 2012)
- The mystery of Duqu: part ten + (March 27, 2012)
- China targets macs used by NGOs + (March 30, 2012)
- Kelihos is dead. Long live Kelihos + (March 30, 2012)
- FAQ on Kelihos.B/Hlux.B sinkholing + (April 1, 2012)
- A study on botnet detection techniques + (April 2012)
- Mac Flashback exploiting unpatched Java vulnerability + (April 2, 2012)
- Security alert: new variants of Legacy Native (LeNa) identified + (April 3, 2012)
- Doctor Web exposes 550 000 strong Mac botnet + (April 4, 2012)
- A DDoS family affair: Dirt Jumper bot family continues to evolve + (April 5, 2012)
- Flashfake Mac OS X botnet confirmed + (April 6, 2012)
- MSRT April 2012: Win32/Claretore + (April 10, 2012)
- The ACCDFISA malware family – Ransomware targeting Windows servers + (April 11, 2012)
- Malware Memory Analysis - Volatility + (April 14, 2012)
- Darkmegi: this is not the Rootkit you’re looking for + (April 16, 2012)
- DarkMegi rootkit - sample (distributed via Blackhole) + (April 18, 2012)
- Rmnet.12 created a million Windows computer botnet + (April 18, 2012)
- Panel Virus Gendarmerie : Ratio 0.36% + (April 18, 2012)
- Digging into the Nitol DDoS botnet + (April 19, 2012)
- Latest SpyEye botnet active and cheaper + (April 20, 2012)
- Analysis of DarkMegi aka NpcDark + (April 20, 2012)
- SIRv12: the obstinacy of Conficker + (April 25, 2012)
- Ransomware crimeware kits + (April 27, 2012)
- Inside Smoke Bot - botnet control panel + (April 28, 2012)
- Inside Smoke Bot - Botnet Control Panel + (April 28, 2012)
- Attackers place Command and Control servers inside enterprise walls + (April 30, 2012)
- Measuring botnet populations + (May 2, 2012)
- Police Trojan crosses the Atlantic, now targets USA and Canada + (May 9, 2012)
- Multitenancy Botnets thwart threat analysis + (May 9, 2012)
- King of spam:Festi botnet analysis + (May 11, 2012)
- Gimemo wants to play in the big league + (May 16, 2012)
- ZeuS ransomware feature: win unlock + (May 21, 2012)
- Armenian Bredolab creator jailed for computer sabotage + (May 23, 2012)
- Dirt Jumper DDoS bot increasingly popular + (May 30, 2012)
- Ransomware ‘Holds Up’ victims + (May 30, 2012)
- Analyse statique de Duqu stage 1 + (May 30, 2012)
- Say hello to Tinba: world’s smallest trojan-banker + (11:57:42, 31 May 2012)
- Trojan.Tatanarg.B careful! + (June 1, 2012)
- MP-DDoser:Monitoring a rapidly improving DDoS threat + (June 1, 2012)
- Panel Supern0va et virus gendarmerie + (June 5, 2012)
- Case study of the Miner botnet + (June 5, 2012)
- Smartcard vulnerabilities in modern banking malware + (June 6, 2012)
- Sinowal: MBR rootkit never dies! (and it always brings some new clever features) + (June 6, 2012)
- Flamer: urgent suicide + (June 6, 2012)
- Flame: replication via Windows Update MITM proxy + (June 6, 2012)
- Major shift in strategy for ZeroAccess rootkit malware, as it shifts to user-mode + (June 6, 2012)
- MP-DDoser: A rapidly improving DDoS threat + (June 7, 2012)
- Static analysis of Dalvik bytecode and reflection in Android + (June 7, 2012)
- You dirty RAT! Part 1 – DarkComet + (June 9, 2012)
- Java Zero-Days and the Blackhole Exploit Kit + (June 9, 2012)
- Back to Stuxnet: the missing link + (June 11, 2012)
- Update to Citadel : v.1.3.4.5 + (June 11, 2012)
- MSRT June '12 - cleanup on aisle one + (June 12, 2012)
- ZeroAccess's way of self-deletion + (June 13, 2012)
- A chat with NGR Bot + (June 13, 2012)
- Ransomware : Smile you're on camera - Reveton.C new landing pages + (June 14, 2012)
- Insights into Win32/Bradop + (June 15, 2012)
- XPAJ: reversing a Windows x64 bootkit + (June 19, 2012)
- Analysis of functions used to encode strings in Flame (GDB script) + (June 21, 2012)
- ZeroAccess - new steps in evolution + (June 22, 2012)
- Redkit - one account = one color + (June 22, 2012)
- ZeroAccess: code injection chronicles + (June 26, 2012)
- DDoS attacks: the Zemra bot + (June 27, 2012)
- Inside Pony 1.7 / Fareit C&C - Botnet Control Panel + (June 27, 2012)
- Win32/Gataka: a banking Trojan ready to take off + (June 28, 2012)
- QuickPost: Flame & Volatility + (June 29, 2012)
- W32.Shadesrat (Blackshades) author arrested + (June 30, 2012)
- AutoIT ransomware + (July 2012)
- Inside Andromeda Bot v2.06 Webpanel / AKA Gamarue - Botnet Control Panel + (July 2, 2012)
- Relentless Zbot and anti-emulations + (July 3, 2012)
- Monkif botnet hides commands in JPEGs + (July 5, 2012)
- Rovnix bootkit framework updated + (July 14, 2012)
- Flame, Duqu and Stuxnet: in-depth code analysis of mssecmgr.ocx + (July 20, 2012)
- Reversing malware loaders - The Matsnu-A Case + (July 21, 2012)
- Gimemo finally targeting USA with Camera Feature too + (July 21, 2012)
- Inside Blackhole Exploits Kit v1.2.4 - Exploit Kit Control Panel + (July 22, 2012)
- Symantec/Android.Ackposts + (July 22, 2012)
- The lifecycle of peer-to-peer (Gameover) ZeuS + (July 23, 2012)
- Madi is back - New Tricks and a new Command&Control server + (July 25, 2012)
- Symantec/Android.Maistealer + (July 25, 2012)
- The Madi campaign - Part II + (July 26, 2012)
- Rovnix.D: the code injection story + (July 27, 2012)
- Inside Citadel 1.3.4.5 C&C & Builder - Botnet Control Panel + (July 29, 2012)
- The ‘Madi’ infostealers - a detailed analysis + (July 31, 2012)
- Winlock affiliate + (August 1, 2012)
- EURO Winlocker + (August 1, 2012)
- Gangstaservice Winlock Affiliate + (August 1, 2012)
- New Chinese exploit pack + (August 2, 2012)
- Flamer analysis: framework reconstruction + (August 2, 2012)
- Tales from Crisis, Chapter 1: The dropper’s box of tricks + (August 6, 2012)
- Harvesting data on the Xarvester botmaster + (August 6, 2012)
- Nepalese government websites compromised to serve Zegost RAT + (August 8, 2012)
- Analysis of the Finfisher lawful interception malware + (August 8, 2012)
- Gauss: Nation-state cyber-surveillance meets banking Trojan + (August 9, 2012)
- Dorifel crypto malware paralyzes Dutch companies and public sector + (August 9, 2012)
- Gauss: abnormal distribution + (August 9, 2012)
- Tilon-son of Silon + (August 9, 2012)
- Dorifel is much bigger than expected and it’s still active and growing! + (August 10, 2012)
- De code van Dorifel nader bekeken + (August 11, 2012)
- Joint strike force against Dorifel + (August 11, 2012)
- Dorifel virus gereed voor Nederlandse banking phishing + (August 11, 2012)
- Dorifel/Quervar: the support scammer’s secret weapon + (August 13, 2012)
- Win32/Gataka banking Trojan - Detailed analysis + (August 14, 2012)
- Crypto experts called on to crack cyberspy tool's encryption + (August 14, 2012)
- What’s the buzz with Bafruz + (August 14, 2012)
- ZACCESS/SIREFEF arrives with new infection technique + (August 14, 2012)
- Interconnection of Gauss with Stuxnet, Duqu & Flame + (August 15, 2012)
- Malware analysis tutorial 32: exploration of botnet client + (August 15, 2012)
- Analyzing a new exploit pack + (August 15, 2012)
- New virus SMSZombie.A discovered by TrustGo Security Labs + (August 15, 2012)
- Spam botnets: The fall of Grum and the rise of Festi + (August 16, 2012)
- Disttrack sabotage malware wipes data at unnamed Middle East energy organization + (August 16, 2012)
- Shamoon the wiper - copycats at work + (August 16, 2012)
- Saudi Aramco hit by computer virus + (August 16, 2012)
- W32.Changeup: how the worm was created + (August 16, 2012)
- Inside Upas Kit (1.0.1.1) aka Rombrast C&C - Botnet Control Panel + (August 16, 2012)
- Targeted destructive malware explained: Troj/Mdrop-ELD + (August 17, 2012)
- Disttrack malware overwrites files, infects MBR + (August 17, 2012)
- Necurs Quick Analysis + (August 17, 2012)
- Ransom.II - UGC payment for USA - Windows Genuine impersonation for DE + (August 18, 2012)
- Crisis for Windows sneaks onto virtual machines + (August 20, 2012)
- Tales from Crisis, Chapter 2: Backdoor’s first steps + (August 20, 2012)
- The “Hikit” rootkit: advanced and persistent attack techniques (part 1) + (August 20, 2012)
- Shamoon the Wiper in details + (August 21, 2012)
- Quervar – Induc.C reincarnate + (August 21, 2012)
- Tales from Crisis, Chapter 3: The Italian rootkit job + (August 21, 2012)
- Newly detected Crisis virus infects Windows, Macs and virtual machines + (August 22, 2012)
- An analysis of the cross-platform backdoor NetWeirdRC + (August 22, 2012)
- The “Hikit” rootkit: advanced and persistent attack techniques (part 2) + (August 22, 2012)
- The first trojan in history to steal Linux and Mac OS X passwords + (August 22, 2012)
- Guys behind Gauss and Flame are the same + (August 23, 2012)
- Apple zombie malware 'NetWeird' rummages for browser and email passwords + (August 24, 2012)
- Tales from Crisis, Chapter 4: a ghost in the network + (August 26, 2012)
- What was that Wiper thing? + (August 29, 2012)
- Mahdi malware finds 150 new targets including U.S. and Germany, gets more evasive + (August 29, 2012)
- New Mahdi updates, new C2 server + (August 29, 2012)
- CVE-2012-4681 - On its way to Sakura Exploit Kit too + (August 29, 2012)
- Inside Ulocker + (August 30, 2012)
- CVE-2012-4681 - Redkit Exploit Kit - I want Porche Turbo + (August 30, 2012)
- CVE-2012-4681 - Связка Sweet Orange + (August 30, 2012)
- Mac BackDoor.Wirenet.1 config extractor + (August 30, 2012)
- The ZeroAccess botnet: mining and fraud for massive financial gain + (September 2012)
- Neosploit gets Java 0-Day + (September 1, 2012)
- From Sakura to Reveton via Smoke Bot - or a botnet distribution of Reveton + (September 2012)
- Virus Gendarmerie : variante Office Centrale de Luttre contre la criminalité – controle informationnel + (September 3, 2012)
- Panel Gendarmerie + (September 3, 2012)
- Weelsof use SSL C&C + (September 3, 2012)
- Karagny.L unpack + (September 4, 2012)
- Tatanga attack exposes chipTAN weaknesses + (September 4, 2012)
- PlugX: new tool for a not so new campaign + (September 10, 2012)
- Malicious Apache module injects Iframes + (September 10, 2012)
- Botnet command server hidden in Tor + (September 10, 2012)
- MSRT September '12 - Medfos, hijacking your daily search + (18:13:00, 10 September 2012)
- MoVP 1.3 Desktops, heaps, and ransomware + (September 12, 2012)
- Microsoft disrupts the emerging Nitol botnet being spread through an unsecure supply chain + (September 13, 2012)
- Fast look at an infection by a Blackhole Exploit Kit 2.0 + (September 13, 2012)
- Citadel trojan malware analysis + (September 14, 2012)
- Urausy improving its localization - A (the\?) Gaelic Ransomware with Interpol impersonation as default landing + (September 15, 2012)
- Full analysis of Flame's Command & Control servers + (September 17, 2012)
- The Mirage campaign + (September 18, 2012)
- Malware Uses Google Go Language + (September 18, 2012)
- Ransomware Casier - Sharing Design with Lyposit - Gaelic & Persian ( + (September 19, 2012)
- OSX/Flashback - The first malware to infect hundreds of thousands of Apple Mac + (September 19, 2012)
- NGRBot spreads via chat + (September 20, 2012)
- Malware discovered developed with Google's "Go" programming language + (September 22, 2012)
- Urausy has big plan for Europe - Targeting 3 new countries among which Norway ! + (September 22, 2012)
- Behind the Captcha or Inside Blackhole Exploit Kit 2.0 - Exploit Kit Administration Panel + (September 23, 2012)
- Analysis of Ysreef (a variant of Tobfy) + (September 25, 2012)
- ZeuS Gameover overview + (September 25, 2012)
- Java Runtime Environment 1.7 Zero-Day Exploit Delivers Backdoor + (September 28, 2012)
- Blackhole & Cridex: season 2 episode 1: Intuit spam & SSL traffic analysis + (October 4, 2012)
- Cyber gang seeks botmasters to wage massive wave of trojan attacks against U.S. banks + (October 4, 2012)
- Update to Citadel : 1.3.5.1 Rain Edition. + (October 4, 2012)
- More details of the Dorifel servers + (October 8, 2012)
- New ransomware plays its victims an audio file, over and over and over… + (October 8, 2012)
- TDI - a new element in old TDSS story + (October 8, 2012)
- ‘Project Blitzkrieg’ promises more aggressive cyberheists against U.S. banks + (October 8, 2012)
- Cool Exploit Kit - A new Browser Exploit Pack on the Battlefield with a "Duqu" like font drop + (October 9, 2012)
- BoteAR: a “social botnet”- What are we talking about + (October 11, 2012)
- Study of malware obfuscation techniques + (October 11, 2012)
- Reveton Autumn Collection += AU,CZ, IE, NO & 17 new design + (October 12, 2012)
- An overview of exploit packs + (October 12, 2012)
- The Dorkbot rises + (October 16, 2012)
- Sopelka Botnet: three banking trojans and one banking panel + (October 17, 2012)
- Citadel V1.3.5.1: enter the fort’s dungeons + (October 18, 2012)
- Olmasco bootkit: next circle of TDL4 evolution (or not) + (October 18, 2012)
- Stamp EK (aka SofosFO) now showing "Blackhole 2.0 Like" landing pages + (October 18, 2012)
- Blackhole exploit kit v2 on the rise + (October 19, 2012)
- Analysis of TDL4 + (October 20, 2012)
- Trojan.Prinimalka: bits and pieces + (October 29, 2012)
- Reveton += HU, LV, SK, SI, TR (!), RO - So spreading accross Europe with 6 new Design + (October 29, 2012)
- Analysis of a “/0” stealth scan from a botnet + (November 2012)
- Citadel: a cyber-criminal’s ultimate weapon? + (November 5, 2012)
- DaRK DDoSseR leads to Gh0st RAT + (November 8, 2012)
- Cool EK : "Hello my friend..." CVE-2012-5076 + (November 9, 2012)
- Meet CritXPack (Previously Vintage Pack) + (November 12, 2012)
- Probing the Gozi-Prinimalka campaign + (November 13, 2012)
- Festi botnet analysis & investigation + (November 13, 2012)
- New Xtreme RAT attacks US, Israel, and other foreign governments + (November 14, 2012)
- 1940 IPs for a BHEK/ULocker server - Nexcess-Net + (November 14, 2012)
- Malware targeting Windows 8 uses Google Docs + (November 17, 2012)
- Cool exploit kit - URL structure + (November 17, 2012)
- An analysis of Dorkbot’s infection vectors (part 2) + (November 21, 2012)
- Proactive detection of security incidents II - Honeypots + (November 22, 2012)
- Reveton can speak now ! + (November 23, 2012)
- Upas Kit (aka Rombrast) integrates webinjects + (November 24, 2012)
- Koobface botnet master KrotReal back in business, distributes ransomware and promotes BHSEO service/product + (November 26, 2012)
- Symantec/Backdoor.Arcomrat + (November 26, 2012)
- Meet ProPack Exploit Pack - yes that's a lot of pack + (November 27, 2012)
- Redkit : No more money ! Traffic US, CA, GB, AU + (November 29, 2012)
- Boxer SMS trojan: malware as a global service + (November 29, 2012)
- Inside view of Lyposit aka (for its friends) Lucky LOCKER + (November 29, 2012)
- Win32/Gataka - or should we say Zutick? + (November 30, 2012)
- DISCLOSURE: detecting botnet command and control servers through large-scale NetFlow analysis + (December 2012)
- MSRT November '12 - Weelsof around the world + (December 4, 2012)
- Unexpected reboot: Necurs + (December 6, 2012)
- Skynet, a Tor-powered botnet straight from Reddit + (December 6, 2012)
- A quick update on spambot Kelihos + (December 10, 2012)
- Carberp, the renaissance ? + (December 13, 2012)
- Carberp-in-the-Mobile + (December 14, 2012)
- Inside Impact exploit kit + (December 14, 2012)
- Getting more "personal" & deeper into Cridex with parfeit credential stealer infection + (December 15, 2012)
- Android trojan used to create simple SMS spam botnet + (December 16, 2012)
- Security alert: SpamSoldier + (December 17, 2012)
- The Pobelka botnet - a command and control case study + (December 17, 2012)
- Win32/Spy.Ranbyus modifying Java code in RBS Ukraine systems + (December 19, 2012)
- Malware attacking POS systems + (December 19, 2012)
- Malicious Apache module used for content injection: Linux/Chapro.A + (December 20, 2012)
- Exploring the market for stolen passwords + (December 26, 2012)
- Análisis del comportamiento de VOlk y sus funcionalidades + (December 26, 2012)
- ‘Dexter’ virus targets point-of-sale terminals + (December 28, 2012)
- PeerRush: mining for unwanted P2P traffic + (2013)
- Confidential documents from Japanese politics stolen by malware + (January 5, 2013)
- Under the hood of the cyber attack on U.S. banks + (January 8, 2013)
- Demystifying Pobelka + (January 11, 2013)
- The "Red October" campaign - An advanced cyber espionage network targeting diplomatic and government agencies + (January 14, 2013)
- Waledac gets cozy with Virut + (January 14, 2013)
- SPL exploit kit – now with CVE-2013-0422 + (January 14, 2013)
- Analysis of the malware of Red October - Part 1 + (January 15, 2013)
- Analysis of the malware of Red October - Part 2 + (January 15, 2013)
- Virut malware fuels Waledac botnet resurgence + (January 15, 2013)
- Hiding in plain sight: the FAKEM remote access trojan + (January 17, 2013)
- NASK shuts down dangerous Virut botnet domains + (January 18, 2013)