Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-03-01RiskIQJennifer Grob
RiskIQ: Fraudulent Website Spoofing UNHCR for Ukrainian Refugees Seeks Bitcoin Donations
2022-02-25RiskIQRiskIQ
RiskIQ: UNC1151/GhostWriter Phishing Attacks Target Ukrainian Soldiers
2022-02-24RiskIQRiskIQ
RiskIQ: WatchGuard Devices Targeted by Cyclops Blink Malware
2022-02-24RiskIQRiskIQ
RiskIQ: HermeticWiper Compromised Server Used in Attack Chain
HermeticWiper
2022-02-07RiskIQRiskIQ
RiskIQ: Malicious Infrastructure Connected to Particular Windows Host Certificates
AsyncRAT BitRAT Nanocore RAT
2022-02-03RiskIQRiskIQ
RiskIQ: Exposed QNAP Devices are Vulnerable to Compromise
DEADBOLT
2022-01-14RiskIQJordan Herman
RiskIQ: Unique SSL Certificates and JARM Hash Connected to Emotet and Dridex C2 Servers
Dridex Emotet
2021-12-13RiskIQJordan Herman
RiskIQ: Connections between Nanocore, Netwire, and AsyncRAT and Vjw0rm dynamic DNS C2 infrastructure
AsyncRAT Nanocore RAT NetWire RC Vjw0rm
2021-12-03RiskIQKelsey Clapp
Woo's There? Magecart Targets WooCommerce
magecart
2021-12-01RiskIQJordan Herman
Bulletproof Hosting Services: Investigating Shinjiru Technology Sdn Bhd
2021-11-17RiskIQJennifer Grob
Aggah Campaign Replaces Crypto Currency Addresses with Their Own
2021-11-03RiskIQKelsey Clapp
Vagabon PhishKit - An Example of Shared Code Modularity
2021-10-20RiskIQJennifer Grob
Overview of Malware Hosted on Discord's Content Delivery Network
2021-09-22RiskIQJordan Herman, Kelsey Clapp
The Bom Skimmer and MageCart Group 7
magecart
2021-09-22RiskIQJordan Herman, Kelsey Clapp
The Bom Skimmer and MageCart Group 7
magecart
2021-09-16RiskIQRiskIQ
Untangling the Spider Web: The Curious Connection Between WIZARD SPIDER’s Ransomware Infrastructure and a Windows Zero-Day Exploit
Cobalt Strike Ryuk
2021-09-08RiskIQJennifer Grob
Bulletproof Hosting Services: Investigating Flowspec
Azorult Glupteba
2021-08-25RiskIQJordan Herman
EITest: Linkages to the Ongoing Malware Delivery Campaign Referred to as "Gootloader"
GootLoader
2021-07-30RiskIQTeam Atlas
Bear Tracks: Infrastructure Patterns Lead to More Than 30 Active APT29 C2 Servers
elf.wellmess WellMess
2021-07-28RiskIQJennifer Grob, Jordan Herman
Use of XAMPP Web Component to Identify Agent Tesla Infrastructure
Agent Tesla