Fox-IT blog

ID: c35efdcf-b291-5ae3-b5f4-8034517b9d61

STIX ID: identity--c35efdcf-b291-5ae3-b5f4-8034517b9d61

Feed Type: skeleton

Earliest post: -

Latest post: -

The Fox-IT blog shares technical cybersecurity research, news, and expert analysis on threats such as malware, ransomware, and defensive techniques, based on real-world investigations by Fox-IT specialists.

Exclude posts that do not describe a security incident

Classification

Min Pub Date

01/01/2020

Max Pub Date

05/31/2026

Title	Date Published ↓	Describes Incident	Author	Visible
Three Lazarus RATs coming for your cheese	2025-09-01	True		True
Red Teaming in the age of EDR: Evasion of Endpoint Detection Through Malware Virtualisation	2024-09-25	True		True
Sifting through the spines: identifying (potential) Cactus ransomware victims	2024-04-25	True		True
From ERMAC to Hook: Investigating the technical differences between two Android malware variants	2023-09-11	True	Global Threat Intelligence	True
Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign	2023-08-15	True		True
From Backup to Backdoor: Exploitation of CVE-2022-36537 in R1Soft Server Backup Manager	2023-02-22	True	Global Threat Intelligence	True
Threat spotlight: Hydra	2023-02-15	True	Global Threat Intelligence	True
CVE-2022-27510, CVE-2022-27518 – Measuring Citrix ADC & Gateway version adoption on the Internet	2022-12-28	True		True
One Year Since Log4Shell: Lessons Learned for the next ‘code red’	2022-12-12	True		True
Sharkbot is back in Google Play	2022-09-02	True	Global Threat Intelligence	True
Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study	2022-08-11	True	Joost Jansen	True
Flubot: the evolution of a notorious Android Banking Malware	2022-06-29	True	Global Threat Intelligence	True
Adventures in the land of BumbleBee	2022-04-29	True	Global Threat Intelligence	True
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store	2022-03-03	True	Joost Jansen	True
log4j-jndi-be-gone: A simple mitigation for CVE-2021-44228	2021-12-14	True	Joost Jansen	True
Log4Shell: Reconnaissance and post exploitation network detection	2021-12-12	True	Joost Jansen	True
Encryption Does Not Equal Invisibility – Detecting Anomalous TLS Certificates with the Half-Space-Trees Algorithm	2021-12-07	True	Joost Jansen	True
Tracking a P2P network related to TA505	2021-12-02	True	Joost Jansen	True
TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access	2021-11-08	True	Fox It	True
Reverse engineering and decrypting CyberArk vault credential files	2021-10-12	True	Fox It	True
SnapMC skips ransomware, steals data	2021-10-11	True	Global Threat Intelligence	True
RM3 – Curiosities of the wildest banking malware	2021-05-04	True		True
TA505: A Brief History Of Their Time	2020-11-16	True	Antonis Terefos	True
Decrypting OpenSSH sessions for fun and profit	2020-11-11	True	Fox It	True
StreamDivert: Relaying (specific) network connections	2020-09-10	True	Fox It	True
A Second Look at CVE-2019-19781 (Citrix NetScaler / ADC)	2020-07-01	True	Fox It	True
WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group	2020-06-23	True		True
In-depth analysis of the new Team9 malware family	2020-06-02	True		True
LDAPFragger: Command and Control over LDAP attributes	2020-03-19	True		True