Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2025-10-09Red CanaryChris Brook, Tony Lambert
A taxonomy of Mac stealers: Distinguishing Atomic, Odyssey, and Poseidon
AMOS Odyssey Stealer Poseidon Stealer
2025-08-19Red CanaryChris Brook, Christina Johns, Tyler Edmonds
Patching for persistence: How DripDropper Linux malware moves through the cloud
2025-07-10IBM X-ForceChris Caridi, Golo Mühr
Hive0145 back in German inboxes with Strela Stealer and a backdoor
StarFish
2025-06-23cegekaChristos Katopis, Cristina Aldea
StealeriumPy: A Stealerium variant distributed through ClickFix
Stealerium
2025-05-31The InsiderChristo Grozev, Michael Weiss, Roman Dobrokhotov
Hidden Bear: The GRU hackers of Russia’s most notorious kill squad
2025-05-09LumenChris Formosa, Ryan English
Classic Rock: Hunting a Botnet that preys on the Old
2025-02-20Cyber TriageChris Ray
WMI Malware: The Complete Forensics Guide
ShrinkLocker
2024-12-30FortinetChris Hall
Catching "EC2 Grouper"- no indicators required!
EC2 Grouper
2024-11-19Palo Alto Networks Unit 42Asher Davila, Chris Navarrete
FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications
FrostyGoop
2024-10-14Trend MicroAdremel Redondo, Adriel Isidro, Andre Filipe Codod, Charles Adrian Marty, Christian Alpuerto, Kim Benedict Victorio, Lorenzo Laureano, Mark Jason Co
Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware
Astaroth Water Makara
2024-04-19Spiegel OnlineChristoph Giesen, Hakan Tanriverdi, Simon Hage
VW-Konzern wurde jahrelang ausspioniert – von China?
CHINACHOPPER PlugX
2024-04-03Trend MicroChristopher Boyton
Unveiling the Fallout: Operation Cronos' Impact on LockBit Following Landmark Disruption
LockBit
2024-04-02Trend MicroChristopher So
Earth Freybug Uses UNAPIMON for Unhooking Critical APIs
APT41 Earth Freybug
2024-03-26LumenChris Formosa, Danny Adamitis, Ryan English, Steve Rudd
The Darkside Of TheMoon
TheMoon
2024-01-31StairwellAlex Hegyi, Chris St. Myers, Evelyne Diaz Araque, Matt Richard, Silas Cutler, Vincent Zell
Technical analysis: The silent torrent of VileRAT
VileRAT EVILNUM
2024-01-23Arctic WolfChristopher Prest, Hady Azzam, Steven Campbell
CherryLoader: A New Go-based Loader Discovered in Recent Intrusions
CherryLoader
2024-01-23Trend MicroChristian Alpuerto, Christian Jason Geollegue, Don Ovid Ladores, Emmanuel Panopio, Emmanuel Roll, Francesca Villasanta, Gerald Fernandez, Julius Keith Estrellado, Raighen Sanchez, Raymart Yambot, Rhio Manaog, Shawn Austin Santos, Sophia Nilette Robles
Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver
Kasseika
2023-11-09MandiantChris Sistrunk, Daniel Kapellmann Zafra, Jared Wilson, John Wolfram, Keith Lunden, Ken Proska, Nathan Brubaker, Tyler McLellan
Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology
CaddyWiper
2023-07-26SPURRiley Kilmer
Christmas in July: A finely wrapped Malware Proxy Service
AVrecon
2023-02-02YouTube (SLEUTHCON)Christopher Glyer, Microsoft Threat Intelligence Center (MSTIC)
Lions, Tigers, and Infostealers - Oh my!
RecordBreaker RedLine Stealer Vidar