Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-12-17Palo Alto Networks Unit 42Matthew Tennis
SUPERNOVA SolarWinds .NET Webshell Analysis
SUPERNOVA BRONZE SPIRAL
2020-12-14VolexityDamien Cash, Matthew Meltzer, Sean Koessel, Steven Adair, Thomas Lancaster, Volexity Threat Research
Dark Halo Leverages SolarWinds Compromise to Breach Organizations
SUNBURST
2020-12-13FireEyeAlex Berry, Alex Pennino, Alyssa Rahman, Andrew Archer, Andrew Rector, Andrew Thompson, Barry Vengerik, Ben Read, Ben Withnell, Chris DiGiamo, Christopher Glyer, Dan Perez, Dileep Jallepalli, Doug Bienstock, Eric Scales, Evan Reese, Fred House, Glenn Edwards, Ian Ahl, Isif Ibrahima, Jay Smith, John Gorman, John Hultquist, Jon Leathery, Lennard Galang, Marcin Siedlarz, Matt Dunwoody, Matthew McWhirt, Michael Sikorski, Microsoft, Mike Burns, Nalani Fraiser, Nick Bennett, Nick Carr, Nick Hornick, Nick Richard, Nicole Oppenheim, Omer Baig, Ramin Nafisi, Sarah Jones, Scott Runnels, Stephen Eckels, Steve Miller, Steve Stone, William Ballenthin
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
SUNBURST SUPERNOVA TEARDROP UNC2452
2020-11-20Trend MicroAbraham Camba, Bren Matthew Ebriega, Gilbert Sison
Weaponizing Open Source Software for Targeted Attacks
LaZagne Defray PlugX
2020-07-08COLUMBIA | SIPAJennifer Keltz, John Patrick Dees, John Sakellariadis, Katherine von Ofenheim, Lan Pelekis, Matthew Armelli, Max Egar, Neal Pollard, Stuart Caudill, Vipratap Vikram Singh
Named But Hardly Shamed: What is the Impact of Information Disclosures on an APT Operations?
2020-07-07FireEyeMatthew Haigh, Trevor Haskell
Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool
2020-05-28Rapid7 LabsMatthew Berninger
The Masked SYNger: Investigating a Traffic Phenomenon
2020-05-20ProofpointDennis Schwarz, Matthew Mesa, Proofpoint Threat Research Team
ZLoader Loads Again: New ZLoader Variant Returns
Zloader
2020-05-14Trend MicroMatthew Stewart
QNodeService: Node.js Trojan Spread via Covid-19 Lure
QNodeService
2020-04-21VolexityAndrew Case, Dave Lassalle, Matthew Meltzer, Sean Koessel, Steven Adair, Thomas Lancaster
Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant
2019-10-16ProofpointAxel F, Dennis Schwarz, Kafeine, Matthew Mesa, Proofpoint Threat Insight Team
TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader
Get2 SDBbot TA505
2019-09-02VolexityAndrew Case, Matthew Meltzer, Steven Adair
Digital Crackdown: Large-Scale Surveillance and Exploitation of Uyghurs
scanbox POISON CARP
2019-07-02ProofpointDennis Schwarz, Matthew Mesa, Proofpoint Threat Insight Team
TA505 begins summer campaigns with a new pet malware downloader, AndroMut, in the UAE, South Korea, Singapore, and the United States
AndroMut FlawedAmmyy
2019-04-17Cisco TalosDanny Adamitis, David Maynor, Matthew Olney, Paul Rascagnères, Warren Mercer
DNS Hijacking Abuses Trust In Core Internet Service
Sea Turtle
2019-02-20Cisco TalosEdmund Brumaghin, Matthew Molyett, Nick Biasini
Combing Through Brushaloader Amid Massive Detection Uptick
BrushaLoader
2019-01-17AccentureMatthew Brady
Pond Loach delivers BadCake malware
Salgorea APT32
2018-11-19FireEyeAndrew Thompson, Ben Withnell, Jonathan Leathery, Matthew Dunwoody, Michael Matonis, Nick Carr
Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
Cobalt Strike
2018-08-30Twitter (@mesa_matt)Matthew Mesa
Tweet on PsiX
PsiX
2018-06-07VolexityMatthew Meltzer, Sean Koessel, Steven Adair
Patchwork APT Group Targets US Think Tanks
Quasar RAT Unidentified 047 QUILTED TIGER
2018-04-20Booz Allen HamiltonJay Novak, Matthew Pennington
Researchers Discover New variants of APT34 Malware
BONDUPDATER POWRUNER