Click here to download all references as Bib-File.•
| 2022-01-20
⋅
Fortinet
⋅
New STRRAT RAT Phishing Campaign STRRAT |
| 2022-01-19
⋅
Elastic
⋅
Operation Bleeding Bear WhisperGate |
| 2022-01-19
⋅
Mandiant
⋅
One Source to Rule Them All: Chasing AVADDON Ransomware BlackMatter Avaddon BlackMatter MedusaLocker SystemBC ThunderX |
| 2022-01-19
⋅
Elastic
⋅
Operation Bleeding Bear WhisperGate |
| 2021-12-15
⋅
Mandiant
⋅
No Unaccompanied Miners: Supply Chain Compromises Through Node.js Packages (UNC3379) DanaBot |
| 2021-10-21
⋅
APNIC
⋅
How to: Threat hunting and threat intelligence |
| 2021-10-04
⋅
pid4.io
⋅
How to Write a Hancitor Extractor in Go Hancitor |
| 2021-06-07
⋅
Twitter (@James_inthe_box)
⋅
Tweet on characteristic strings in snake keylogger 404 Keylogger |
| 2021-06-03
⋅
Twitter (@James_inthe_box)
⋅
Tweet on AskarLoader malware |
| 2021-05-11
⋅
splunk
⋅
The DarkSide of the Ransomware Pipeline DarkSide |
| 2021-05-01
⋅
Twitter (@JAMESWT_MHT)
⋅
Tweet on linux version of DarkSide ransomware DarkSide DarkSide |
| 2021-04-22
⋅
splunk
⋅
SUPERNOVA Redux, with a Generous Portion of Masquerading SUPERNOVA |
| 2021-04-21
⋅
splunk
⋅
Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03) |
| 2021-03-12
⋅
splunk
⋅
Detecting Microsoft Exchange Vulnerabilities - 0 + 8 Days Later… |
| 2021-03-12
⋅
Binary Defense
⋅
IcedID GZIPLOADER Analysis IcedID |
| 2021-03-02
⋅
Atlantic Council
⋅
Countering Cyber Proliferation: Zeroing in on Access-as-a-Service |
| 2021-02-03
⋅
Twitter (@James_inthe_box)
⋅
Tiwtter thread on Nim rewrite of Bazarloader BazarNimrod |
| 2021-01-27
⋅
Team Cymru
⋅
Taking Down Emotet How Team Cymru Leveraged Visibility and Relationships to Coordinate Community Efforts Emotet |
| 2021-01-08
⋅
splunk
⋅
A Golden SAML Journey: SolarWinds Continued SUNBURST |
| 2020-12-23
⋅
Sentinel LABS
⋅
SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan SUPERNOVA BRONZE SPIRAL |