Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2025-09-05KrollDave Truman, Marc Messer
FANCY BEAR GONEPOSTAL – Espionage Tool Provides Backdoor Access to Microsoft Outlook
GONEPOSTAL
2025-08-20KrollMarc Messer, Otavio Passos, Ryan Hicks
XWORM Returns to Haunt Systems with Ghost Crypt
XWorm
2025-05-02KrollDave Truman, George Glass, Marc Messer
Prelude: Crypto Heist Causes HAVOC
Havoc
2024-11-18KrollDave Truman, George Glass
CARBANAK (aka ANUNAK) Distributed via IDATLOADER (aka HIJACKLOADER)
Carbanak HijackLoader
2024-11-12KrollGeorge Glass, Ryan Hicks
LUMMASTEALER Delivered Via PowerShell Social Engineering
Lumma Stealer
2024-08-20KrollDan Cox, Marc Messer, Sarah Becker
FOG Ransomware Targets Higher Education
Fog
2024-08-14KrollGeorge Glass, Keith Wojcieszek, Laurie Iacono
REDLINESTEALER Malware Driving the Initial Access Broker Market
RedLine Stealer
2024-07-05KrollRyan Hicks
CLEARFAKE Update Tricks Victim into Executing Malicious PowerShell Code
ClearFake
2024-06-24KrollDave Truman
Novel Technique Combination Used In IDATLOADER Distribution
Emmenhtal HijackLoader
2024-06-11KrollGeorge Glass, Keith Wojcieszek, Laurie Iacono
PLAY Ransomware Group Gains Access via Citrix Bleed Vulnerability
PLAY
2024-03-13KrollMarc Messer
LESLIELOADER – Undocumented Loader Observed
Leslieloader
2024-03-05KrollDave Truman, George Glass, Keith Wojcieszek
TODDLERSHARK: ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant
BabyShark
2024-01-19KrollDavid Truman
Inside the SYSTEMBC Command-and-Control Server
SystemBC
2024-01-18KrollSean Straw
Open the DARKGATE – Brute Forcing DARKGATE Encodings
DarkGate
2023-06-23KrollGeorge Glass, Keith Wojcieszek, Ryan Hicks
Deep Dive into GOOTLOADER Malware and Its Infection Chain
GootLoader
2023-02-13KrollLaurie Iacono, Stephen Green
Royal Ransomware Deep Dive
Cobalt Strike Royal Ransom
2023-02-02KrollElio Biasiotto, Stephen Green
Hive Ransomware Technical Analysis and Initial Access Discovery
BATLOADER Cobalt Strike Hive
2023-01-23KrollElio Biasiotto, Stephen Green
Black Basta – Technical Analysis
Black Basta Cobalt Strike MimiKatz QakBot SystemBC
2022-12-13KrollDave Truman, George Glass, Keith Wojcieszek, Stephen Green
Threat Actors use Google Ads to Deploy VIDAR Stealer
Vidar
2022-06-02KrollSean Straw
ModPipe POS Malware: New Hooking Targets Extract Card Data
ModPipe
2022-05-27KrollCole Manaster, Elio Biasiotto, George Glass
Emotet Analysis: New LNKs in the Infection Chain – The Monitor, Issue 20
Emotet
2022-04-18RiskIQJennifer Grob
RiskIQ: Trickbot Rickroll
TrickBot
2022-03-22KrollCole Manaster, Pierson Clair
Analyzing Exmatter: A Ransomware Data Exfiltration Tool
ExMatter