Click here to download all references as Bib-File.•
| 2025-05-09
⋅
Lumen
⋅
Classic Rock: Hunting a Botnet that preys on the Old |
| 2025-05-05
⋅
Hunt.io
⋅
APT36-Style ClickFix Attack Spoofs Indian Ministry to Target Windows & Linux |
| 2025-04-29
⋅
Recorded Future
⋅
Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting FAKEUPDATES MintsLoader GhostWeaver Stealc TAG-124 |
| 2025-04-15
⋅
Beazley Security Labs
⋅
Hunting Mice In Tunnels II - Fake CAPTCHAs and Ransomware Interlock Supper |
| 2025-04-10
⋅
Symantec
⋅
Shuckworm Targets Foreign Military Mission Based in Ukraine |
| 2025-04-08
⋅
Hunt.io
⋅
State-Sponsored Tactics: How Gamaredon and ShadowPad Operate and Rotate Their Infrastructure ShadowPad |
| 2025-04-01
⋅
Hunt.io
⋅
Same Russian-Speaking Threat Actor, New Tactics: Abuse of Cloudflare Services for Phishing and Telegram to Filter Victim IPs Pyramid |
| 2025-03-25
⋅
SpyCloud
⋅
On the Hunt for Ghost(Socks) GhostSocks |
| 2025-03-11
⋅
Hunt.io
⋅
JSPSpy and ‘filebroser’: A Custom File Management Tool in Webshell Infrastructure |
| 2025-03-04
⋅
Hunt.io
⋅
Exposing Russian EFF Impersonators: The Inside Story on Stealc & Pyramid C2 Pyramid Stealc |
| 2025-02-27
⋅
Hunt.io
⋅
Uncovering Joker’s C2 Network: How Hunt’s SSL History Exposed Its Infrastructure Joker |
| 2025-02-20
⋅
Hunt.io
⋅
LightSpy Expands Command List to Include Social Media Platforms lightSpy |
| 2025-02-13
⋅
Intel 471
⋅
Threat hunting case study: SocGholish FAKEUPDATES |
| 2025-02-13
⋅
Symantec
⋅
China-linked Espionage Tools Used in Ransomware Attacks PlugX |
| 2025-02-12
⋅
Hunt.io
⋅
Tracking Pyramid C2: Identifying Post-Exploitation Servers in Hunt Pyramid |
| 2025-02-06
⋅
Hunt.io
⋅
SmokeLoader Malware Found in Open Directories Targeting Ukraine’s Auto & Banking Industries SmokeLoader |
| 2025-02-04
⋅
Hunt.io
⋅
GreenSpot APT Targets 163.com Users with Fake Download Pages & Spoofed Domains GreenSpot |
| 2025-01-28
⋅
Hunt.io
⋅
SparkRAT: Server Detection, macOS Activity, and Malicious Connections SparkRAT |
| 2025-01-25
⋅
Sophos
⋅
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing” ReedBed STAC5143 UNC4393 |
| 2025-01-23
⋅
Hunt.io
⋅
Mapping Suspected KEYPLUG Infrastructure: TLS Certificates, GhostWolf, and RedGolf/APT41 Activity KEYPLUG |