Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2024-09-20Trend MicroCharles Adrian Marty, Christian Alpuerto, John Paul Lim, Kyle Philippe Yu, Mark Chester De Quiroz, Mohammed Malubay
How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections
RansomHub Water Bakunawa
2024-08-19AonDaniel Stein, Joshua Pivirotto, Stroz Friedberg, Zachary Reichert
Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules
sedexp
2024-08-13GoogleGoogle
Finding Malware: Unveiling NUMOZYLOD with Google Security Operations
EugenLoader UNC4536
2024-05-01MandiantAdrian Hernandez, Asli Koksal, Jonathan Leathery, Ofir Rozmann, Sarah Bock
Uncharmed: Untangling Iran's APT42 Operations
TAMECAT
2024-04-24SecuronixDen Iyzvyk, Oleg Kolesnikov, Tim Peck
Analysis of Ongoing FROZEN#SHADOW Attack Campaign Leveraging SSLoad Malware and RMM Software for Domain Takeover
Cobalt Strike Latrodectus
2024-04-15UC Santa CruzAlonso Rojas, Alvaro A. Cardenas, Bing Huang, Emmanuele Zambon, Juan Lozano, Keerthi Koneru, Luis Salazar, Marina Krotofil, Ross Baldick, Sebastian R. Castro
A Tale of Two Industroyers: It was the Season of Darkness
Industroyer INDUSTROYER2
2024-04-102024-04-10Antonio Pirozzi, Sarthak Misraa
XZ Utils Backdoor | Threat Actor Planned to Inject Further Vulnerabilities
xzbot
2024-03-07ESET ResearchAnh ho, Facundo Muñoz
Evasive Panda leverages Monlam Festival to target Tibetans
MgBot Nightdoor
2024-02-27MandiantChen Evgi, Jonathan Leathery, Ofir Rozmann
When Cats Fly: Suspected Iranian Threat Actor UNC1549 Targets Israeli and Middle East Aerospace and Defense Sectors
LIGHTRAIL MINIBIKE MINIBUS UNC1549
2024-02-27Twitter (@greglesnewich)Greg Lesnewich
Tweet with context on TA421 / APT29 / Midnight Blizzard / BlueBravo / Cozy Bear
WINELOADER
2024-02-13Palo Alto Networks Unit 42Ofir Ozer, Or Chechik
A Deep Dive Into Malicious Direct Syscall Detection
Lumma Stealer
2024-01-26Ars TechnicaDan Goodin
The life and times of Cozy Bear, the Russian hackers who just hit Microsoft and HPE
2024-01-25JSAC 2024Facundo Muñoz
NSPX30: A sophisticated AitM-enabled implant evolving since 2005
NSPX30 ProjectWood
2024-01-25ESET ResearchFacundo Muñoz
NSPX30: A sophisticated AitM-enabled implant evolving since 2005
NSPX30 ProjectWood Blackwood TheWizards
2024-01-16NOZOMI Network LabsNozomi Networks Labs
P2PInfect Worm Evolves to Target a New Platform
P2Pinfect
2023-09-28ConfiantBOZOSLIVEHERE
Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
ScamClub
2023-06-15GoogleAlyssa Glickman, Austin Larsen, Fernando Tomlinson, Jakub Jozwiak, John Palmisano, John Wolfram, Josh Villanueva, Mathew Potaczek, Matthew McWhirt
Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China
SALTWATER SEASPY WHIRLPOOL UNC4841
2023-06-14PICUS SecuritySıla Özeren
Picus Cyber Threat Intelligence Report May 2023: Top 10 MITRE ATT&CK Techniques
Earth Longzhi
2023-06-12Kaspersky LabsSergey Lozhkin
Sneaky DoubleFinger loads GreetingGhoul targeting your cryptocurrency
DoubleFinger GreetingGhoul
2023-05-24BushidoToken BlogBushidoToken
Unmasking Ransomware Using Stylometric Analysis: Shadow, 8BASE, Rancoz
8Base