Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-02-02uf0 BlogMatteo Malvica
Uncovering Mimikatz ‘msv’ and collecting credentials through PyKD
MimiKatz
2020-01-26Brown Farinholt, Damon McCoy, Kirill Levchenko, Mohammad Rezaeirad
Dark Matter: Uncovering the DarkComet RAT Ecosystem
DarkComet
2020-01-14FireEyeMatt Bromiley, Nick Carr
Rough Patch: I Promise It'll Be 200 OK (Citrix ADC CVE-2019-19781)
NOTROBIN
2019-12-11CybereasonAssaf Dahan, Eli Salem, Lior Rochberger, Mary Zhao, Matt Hart, Niv Yona, Omer Yampel
Dropping Anchor: From a TrickBot Infection to the Discovery of the Anchor Malware
Anchor WIZARD SPIDER
2019-10-17ESET ResearchMathieu Tartare, Matthieu Faou, Thomas Dupuy
OPERATION GHOST The Dukes aren’t back — they never left
FatDuke
2019-10-16ProofpointAxel F, Dennis Schwarz, Kafeine, Matthew Mesa, Proofpoint Threat Insight Team
TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader
Get2 SDBbot TA505
2019-10-02CertegoMarco Bompani, Matteo Lodi
Malware Tales: FTCODE
FTCODE
2019-09-02VolexityAndrew Case, Matthew Meltzer, Steven Adair
Digital Crackdown: Large-Scale Surveillance and Exploitation of Uyghurs
scanbox POISON CARP
2019-08-19FireEyeAlex Pennino, Matt Bromiley
GAME OVER: Detecting and Stopping an APT41 Operation
ACEHASH CHINACHOPPER HIGHNOON
2019-07-18FireEyeJessica Rocchio, Matt Bromiley, Nick Schroeder, Noah Klapprodt
Hard Pass: Declining APT34’s Invite to Join Their Professional Network
LONGWATCH PICKPOCKET TONEDEAF VALUEVAULT
2019-07-02ProofpointDennis Schwarz, Matthew Mesa, Proofpoint Threat Insight Team
TA505 begins summer campaigns with a new pet malware downloader, AndroMut, in the UAE, South Korea, Singapore, and the United States
AndroMut FlawedAmmyy
2019-06-14CertegoMatteo Lodi
Malware Tales: Sodinokibi
REvil
2019-05-29ESET ResearchMatthieu Faou, Romain Dumont
A dive into Turla PowerShell usage
PowerShellRunner TurlaRPC
2019-05-07ESET ResearchMatthieu Faou
Turla LightNeuron: An email too far
LightNeuron
2019-05-01ESET ResearchMatthieu Faou
TURLA LIGHTNEURON: One email away from remote code execution
LightNeuron
2019-04-30Cisco TalosColin Grady, Jaeson Schultz, Matt Valites, Pierre Cadieux
Sodinokibi ransomware exploits WebLogic Server vulnerability
REvil
2019-04-17Cisco TalosDanny Adamitis, David Maynor, Matthew Olney, Paul Rascagnères, Warren Mercer
DNS Hijacking Abuses Trust In Core Internet Service
Sea Turtle
2019-02-20Cisco TalosEdmund Brumaghin, Matthew Molyett, Nick Biasini
Combing Through Brushaloader Amid Massive Detection Uptick
BrushaLoader
2019-02-14CertegoMatteo Lodi
Malware Tales: Gootkit
GootKit
2019-01-25CrowdStrikeMatt Dahl
Widespread DNS Hijacking Activity Targets Multiple Sectors
DNSpionage