Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-02-08Huntress LabsJoe Slowik, Matt Anderson
Investigating Intrusions From Intriguing Exploits
Silence
2023-01-05MandiantEduardo Mattos, Gabby Roncone, John Wolfram, Sarah Hawley, Tyler McLellan
Turla: A Galaxy of Opportunity
KopiLuwak Andromeda QUIETCANARY
2022-11-14Twitter (@embee_research)Matthew
Twitter thread on Yara Signatures for Qakbot Encryption Routines
IcedID QakBot
2022-11-03paloalto Netoworks: Unit42Chris Navarrete, Durgesh Sangvikar, Matthew Tennis, Siddhart Shibiraj, Yanhui Jia, Yu Fu
Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild
Cobalt Strike
2022-10-28velociraptorMatt Green
Windows.Carving.SystemBC - SystemBC RAT configuration Purser for Velociraptor
SystemBC
2022-09-22BroadcomSymantec Threat Hunter Team
Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics
BlackCat BlackMatter DarkSide
2022-09-14MandiantJames Maclachlan, Mathew Potaczek, Matt Williams, Nino Isakovic, Yash Gupta
It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp
BLINDINGCAN miniBlindingCan sRDI
2022-08-04Cisco TalosArnaud Zobec, Azim Khodjibaev, Edmund Brumaghin, Matt Thaxton
Attackers leveraging Dark Utilities "C2aaS" platform in malware campaigns
2022-07-25Trend MicroByron Gelera, Ieriz Nicolle Gonzalez, Ivan Nicole Chavez, Katherine Casona, Nathaniel Gregory Ragasa, Nathaniel Morales
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
BlackMatter LockBit
2022-07-21CensysMatt Lembright
Russian Ransomware C2 Network Discovered in Censys Data
DeimosC2 PoshC2
2022-07-19SUCURIMatt Morrow
PrestaShop Skimmer Concealed in One Page Checkout Module
2022-07-06Trend MicroBren Matthew Ebriega, Ivan Nicole Chavez, Joshua Paul Ignacio, Monte de Jesus, Nathaniel Morales
Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server
HavanaCrypt
2022-06-28AccentureAccenture
Steal(Bit) or exfil, what does it (Ex)Matter? Comparative Analysis of Custom Exfiltration Tools
ExMatter StealBit
2022-05-30Matthieu Walter
Automatically Unpacking IcedID Stage 1 with Angr
IcedID
2022-05-18Cado SecurityMatt Muir
Linux Attack Techniques: Dynamic Linker Hijacking with LD Preload
2022-05-16Jamf BlogJaron Bradley, Matt Benyo, Stuart Ashenbrenner
UpdateAgent Adapts Again
UpdateAgent
2022-05-05NCC GroupMichael Matthews, Nikolaos Pantazopoulos
North Korea’s Lazarus: their initial access trade-craft using social media and social engineering
LCPDot
2022-04-28nccgroupDavid Brown, Michael Matthews, Rob Smallridge
LAPSUS$: Recent techniques, tactics and procedures
2022-04-27ESET ResearchAlexandre Côté Cyr, Matthieu Faou
A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity
FlowCloud Lookback Witchetty
2022-04-12SophosAndrew Brandt, Angela Gunn, Ferenc László Nagy, Johnathan Fern, Linda Smith, Matthew Everts, Mauricio Valdivieso, Melissa Kelly, Peter Mackenzie, Sergio Bestulic
Attackers linger on government agency computers before deploying Lockbit ransomware
LockBit