Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-06-15GoogleAlyssa Glickman, Austin Larsen, Fernando Tomlinson, Jakub Jozwiak, John Palmisano, John Wolfram, Josh Villanueva, Mathew Potaczek, Matthew McWhirt
Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China
SALTWATER SEASPY WHIRLPOOL UNC4841
2023-06-06Security IntelligenceAgnes Ramos-Beauchamp, Claire Zaboeva, Joshua Chung, Melissa Frydrych
ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People’s Republic of Korea (DPRK)
RokRAT
2023-06-02MandiantDAN NUTTING, Genevieve Stark, Greg Blaum, Jeremy Kennelly, JOE PISANO, Josh Murchie, Juraj Sucik, Justin Moore, Kimberly Goody, Matthew McWhirt, Nader Zaveri, NICHOLAS BENNETT, OLLIE STYLES, PETER UKHANOV, WILL SILVERSTONE, ZACH SCHRAMM, Zander Work
Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft
2023-05-17Group-IBJoshua Penny, Nikita Rostovtsev, Yashraj Solanki
The distinctive rattle of APT SideWinder
SideWinder
2023-05-09Medium walmartglobaltechJason Reaves, Jonathan Mccay, Joshua Platt
MetaStealer string decryption and DGA overview
MetaStealer
2023-03-23MandiantJosh Fleischer, Rufus Brown, Ryan Tomcik
UNC961 in the Multiverse of Mandiant: Three Encounters with a Financially Motivated Threat Actor
HOLERUN LIGHTBUNNY Prophet Spider
2023-03-16IntegoJoshua Long
FBI shuts down 11-year-old NetWire RAT malware
NetWire
2023-03-10Medium walmartglobaltechJason Reaves, Joshua Platt
From Royal With Love
Cobalt Strike Conti PLAY Royal Ransom Somnia
2023-02-24Medium walmartglobaltechJason Reaves, Jonathan Mccay, Joshua Platt, Kirk Sayre
Qbot testing malvertising campaigns?
QakBot
2023-02-04Youtube (Dr Josh Stroschein)Josh Stroschein
Investigating NullMixer Network Traffic: Utilizing Suricata and Evebox (Part 3)
Nullmixer
2023-02-03Youtube (Dr Josh Stroschein)Josh Stroschein
Unpacking NullMixer - Identifying and Unraveling ASPack (Part 2)
Nullmixer
2023-01-31Josh Stroschein
Investigating NullMixer - Identifying Initial Packing Techniques (Part 1)
Nullmixer
2022-12-12ReutersJosh Smith
North Korean cyber spies deploy new tactic: tricking foreign experts into writing research for them
2022-09-13ProofpointAlexander Rausch, Joshua Miller, Kyle Eaton
Look What You Made Me Do: TA453 Uses Multi-Persona Impersonation to Capitalize on FOMO
2022-08-09Medium walmartglobaltechJason Reaves, Joshua Platt
Pivoting on a SharpExt to profile Kimusky panels for great good
Kimsuky
2022-08-04Medium walmartglobaltechJason Reaves, Joshua Platt
IcedID leverages PrivateLoader
IcedID PrivateLoader
2022-07-14ProofpointCrista Giering, Joshua Miller, Michael Raggi, Proofpoint Threat Research Team
Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media
Chinoxy APT31 Lazarus Group TA482
2022-07-06Trend MicroBren Matthew Ebriega, Ivan Nicole Chavez, Joshua Paul Ignacio, Monte de Jesus, Nathaniel Morales
Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server
HavanaCrypt
2022-05-25Medium walmartglobaltechJason Reaves, Joshua Platt
SocGholish Campaigns and Initial Access Kit
FAKEUPDATES Blister Cobalt Strike NetSupportManager RAT
2022-05-02MandiantChris Gardner, Doug Bienstock, Josh Madeley, Melissa Derr, Tyler McLellan
UNC3524: Eye Spy on Your Email
QUIETEXIT UNC3524