Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2025-11-25Arctic WolfArctic Wolf Labs Team, Jacob Faires
Russian RomCom Utilizing SocGholish to Deliver Mythic Agent to U.S. Companies Supporting Ukraine
FAKEUPDATES
2025-10-22SentinelOneTom Hegel
PhantomCaptcha | Multi-Stage WebSocket RAT Targets Ukraine in Single-Day Spearphishing Operation
Princess
2025-09-30GoogleAswad Robinson, Bhavesh Dhake, Laith Al, Matthew McWhirt, Michael Rudden, Omar ElAhdan
Cybercrime Observations from the Frontlines: UNC6040 Proactive Hardening Recommendations
2025-09-30ElasticElastic
WARMCOOKIE One Year Later: New Features and Fresh Insights
WarmCookie
2025-09-25Koi SecurityIdan Dardikman
First Malicious MCP in the Wild: The Postmark Backdoor That's Stealing Your Emails
2025-09-16Wiz.ioBarak Sharoni, Merav Bar, Rami McCarthy
Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware
Shai-Hulud
2025-09-02At-BayAaron Smith, Laurie Iacono, MC, Ricardo Vazquez, Rohit Pappali, Will Botto, Yiwei Guo
Rhysida: Evading Detection, One Service at a Time
Rhysida
2025-08-26GoogleAustin Larsen, Matt Lin, Omar ElAhdan, Tyler McLellan
Widespread Data Theft Targets Salesforce Instances via Salesloft Drift
UNC6395
2025-08-19The Wall Street JournalRobert McMillan
Oregon Man Accused of Operating One of Most Powerful Attack ‘Botnets’ Ever Seen
RapperBot
2025-08-11ESET ResearchAnton Cherepanov, Damien Schaeffer, Peter Strýček
Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability
dynamichttp
2025-07-20rmceoin.github.ioRandy McEoin
Perl based macOS/linux Stealer
Pearl Stealer
2025-06-30ProofpointDavid Galazin, Greg Lesnewich, Kelsey Merriman, Proofpoint Threat Research Team, Selena Larson
10 Things I Hate About Attribution: RomCom vs. TransferLoader
MeltingClaw RustyClaw ShadyHammock SlipScreen TransferLoader
2025-06-02Aryaka Networksbikash dash, varadharajan krishnasamy
Remcos on the Wire: Analyzing Network Artifacts and C2 Command Structures
Remcos
2025-04-25Twitter (@teamcymru_S2)TEAM CYMRU S2 THREAT RESEARCH
Tweet on North Korean Cyber Ops Leveraging Russian Infrastructure
2025-03-28Cisco TalosGuilherme Venere
Gamaredon campaign abuses LNK files to distribute Remcos backdoor
Remcos
2025-02-21SonicWallSonicWall
Remcos RAT Targets Europe: New AMSI and ETW Evasion Tactics Uncovered
Remcos
2025-01-30BitdefenderAlexandru Maximciuc, Gheorghe Adrian Schipor, Martin Zugec, Victor Vrabie
UAC-0063: Cyber Espionage Operation Expanding from Central Asia
HATVIBE
2025-01-20Medium walmartglobaltechJason Reaves, Jonathan Mccay, Joshua Platt
Qbot is Back.Connect
ReedBed UNC4393
2024-12-10cybleCyble
Head Mare Group Intensifies Attacks on Russia with PhantomCore Backdoor
PhantomCore Head Mare
2024-12-04Rapid7Tyler McGraw
Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware
Black Basta Cobalt Strike DarkGate SystemBC Zloader