Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2025-03-13SecuronixDen Iyzvyk, Tim Peck
Analyzing OBSCURE#BAT Threat Actors Lure Victims into Executing Malicious Batch Scripts to Deploy Stealthy Rootkits
Quasar RAT r77
2025-03-12Red CanaryRed Canary
2025 Threat Detection Report
HijackLoader Lumma Stealer NetSupportManager RAT
2025-03-11Cato NetworksMatan Mittleman, Ofek Vardi
Cato CTRL Threat Research: Ballista – New IoT Botnet Targeting Thousands of TP-Link Archer Routers
Ballista
2025-03-07ProofpointOle Villadsen, Proofpoint Threat Research Team, Selena Larson
Remote Monitoring and Management (RMM) Tooling Increasingly an Attacker’s First Choice
2025-03-06Twitter (@MsftSecIntel)Microsoft Threat Intelligence
Tweet about Moonstone Sleet dropping Qilin ransomware
Qilin
2025-03-05MicrosoftMicrosoft Threat Intelligence
Silk Typhoon targeting IT supply chain
2025-02-28CrowdStrikeCrowdStrike
2025 Global Threat Report
GOLD REBELLION UNC4393
2025-02-27Palo Alto Networks Unit 42Lior Rochberger, Tom Fakterman
Squidoor: Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations
FINALDRAFT FINALDRAFT
2025-02-18ProofpointProofpoint Threat Research Team
An Update on Fake Updates: Two New Actors, and New Mac Malware
Marcher FAKEUPDATES FrigidStealer Lumma Stealer
2025-02-13SecuronixDen Iyzvyk, Tim Peck
Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks
RandomQuery
2025-02-13Intel 471Intel 471
Threat hunting case study: SocGholish
FAKEUPDATES
2025-02-13SymantecThreat Hunter Team
China-linked Espionage Tools Used in Ransomware Attacks
PlugX
2025-02-13MicrosoftMicrosoft Threat Intelligence
Storm-2372 conducts device code phishing campaign
Storm-2372
2025-02-13VolexityCharlie Gardner, Steven Adair, Tom Lancaster
Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
2025-02-12MicrosoftMicrosoft Threat Intelligence
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation
LocalOlive
2025-02-11Twitter (@MsftSecIntel)Microsoft Threat Intelligence
Twitter Thread on a new Kimsuky tactic inciting admins to paste powershell
2025-02-06MicrosoftMicrosoft Threat Intelligence
Code injection attacks using publicly disclosed ASP.NET machine keys
2025-01-21Twitter (@MsftSecIntel)Microsoft Threat Intelligence
Twitter Thread describing spotting of ReedBed in a Storm-1811 campaign
ReedBed UNC4393
2025-01-17Google Cloud SecurityOffice of the CISO
Threat Horizons - H1 2025 Threat Horizons Report
FAKEUPDATES Conti Hades LockBit Phoenix Locker RansomHub TRIPLESTRENGTH
2025-01-16MicrosoftMicrosoft Threat Intelligence
New Star Blizzard spear-phishing campaign targets WhatsApp accounts