Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2024-04-04InfoSec Handlers Diary BlogJohn Moutos
Slicing up DoNex with Binary Ninja
Donex
2024-04-04MandiantAshley Pearson, Austin Larsen, Billy Wong, John Wolfram, Joseph Pisano, Josh Murchie, Lukasz Lamparski, Matt Lin, Ron Craft, Ryan Hall, Shawn Chew, Tyler McLellan
Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies
2024-02-29SANS ISCJohn Moutos
Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service
DarkGate
2024-02-05YouTube (John Hammond)John Hammond, Ryan Chapman
PikaBot Malware Analysis: Debugging in Visual Studio
Pikabot
2024-02-05YouTube (John Hammond)John Hammond, Ryan Chapman
PikaBot Malware Analysis: Debugging in Visual Studio
Pikabot
2024-01-12MandiantDimiter Andonov, Gabby Roncone, John Wolfram, Matt Lin, Robert Wallace, Tyler McLellan
Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation
UTA0178
2024-01-09Trend MicroArianne Dela Cruz, Charles Steven Derion, Francisrey Joshua Castillo, Henry Salcedo, Ian Kenefick, John Carlo Marquez, John Rainier Navato, Joshua Aquino, Juhn Emmanuel Atanque, Raymart Yambot, Shinji Robert Arasawa
Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign
Pikabot Water Curupira
2024-01-09Trend MicroArianne Dela Cruz, Charles Steven Derion, Francisrey Joshua Castillo, Henry Salcedo, Ian Kenefick, John Carlo Marquez, John Rainier Navato, Joshua Aquino, Juhn Emmanuel Atanque, Raymart Yambot, Shinji Robert Arasawa
Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign
Pikabot Water Curupira
2023-12-13FortinetAmey Gat, Angelo Cris Deveraturda, Hongkei Chan, Jared Betts, Jayesh Zala, John Simmons, Ken Evans, Mark Robson
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793
GraphDrop
2023-11-15FortinetAmey Gat, Andrew Nicchi, John Simmons, Mark Robson
Investigating the New Rhysida Ransomware
Rhysida
2023-11-09MandiantChris Sistrunk, Daniel Kapellmann Zafra, Jared Wilson, John Wolfram, Keith Lunden, Ken Proska, Nathan Brubaker, Tyler McLellan
Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology
CaddyWiper
2023-10-23SarlackLabJohn Faria
Advice For Catching a RedLine Stealer
RedLine Stealer
2023-10-10MandiantAdrian Hernandez, Austin Larsen, JEFF JOHNSON, Michael Barnhart, Michelle Cantos, Taylor Long
Assessed Cyber Structure and Alignments of North Korea in 2023
TraderTraitor
2023-09-28Ransomware.orgJohn E. Dunn
The Scattered Spider Ransomware Group’s Secret Weapons? Social Engineering and Fluent English
2023-06-15MandiantAustin Larsen, John Palmisano, John Wolfram, Mathew Potaczek, Matthew McWhirt
Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China
SALTWATER SEASPY UNC4841
2023-06-15MandiantAustin Larsen, John Palmisano, John Wolfram, Mathew Potaczek, Matthew McWhirt
Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China
SALTWATER SEASPY UNC4841
2023-05-26Trend MicroPaul John Bardon, Sarah Pearl Camiling
New Info Stealer Bandit Stealer Targets Browsers, Wallets
Bandit Stealer
2023-04-20MandiantADRIAN SANCHEZ, DANIEL SCOTT, Dimiter Andonov, Fred Plan, Jake Nicastro, JEFF JOHNSON, Marius Fodoreanu, RENATO FONTANA
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible
POOLRAT IconicStealer UNC4736
2023-04-18CitizenLabBahr Abdul Razzak, Bill Marczak, John Scott-Railton, Ron Deibert
Triple Threat: NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains
2023-04-11CitizenLabAstrid Perry, Bahr Abdul Razzak, Bill Marczak, Emma Lyon, John Scott-Railton, Noura Al-Jizawi, Ron Deibert, Siena Anstis, Zoe Panday
Sweet QuaDreams: A First Look at Spyware Vendor QuaDream’s Exploits, Victims, and Customers
Carmine Tsunami