Malpedia Library

Click here to download all references as Bib-File.•

2021-04-07 ⋅ Talos ⋅ Chris Neal, Edmund Brumaghin, Nick Biasini, Paul Eubanks.
Sowing Discord: Reaping the benefits of collaboration app abuse

2021-03-09 ⋅ Red Canary ⋅ Brian Donohue, Katie Nickels, Tony Lambert
Microsoft Exchange server exploitation: how to detect, mitigate, and stay calm
CHINACHOPPER

2021-03-08 ⋅ Youtube (SANS Digital Forensics and Incident Response) ⋅ Adam Pennington, Jen Burns, Katie Nickels
STAR Webcast: Making sense of SolarWinds through the lens of MITRE ATT&CK(R)
Cobalt Strike SUNBURST TEARDROP

2021-02-23 ⋅ Medium (Katie’s Five Cents) ⋅ Katie Nickels
A Cyber Threat Intelligence Self-Study Plan: Part 1

2021-01-19 ⋅ Mandiant ⋅ Douglas Bienstock, Matthew McWhirt, Mike Burns, Nick Bennett
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 (WHITE PAPER)

2021-01-19 ⋅ FireEye ⋅ Douglas Bienstock, Matthew McWhirt, Mike Burns, Nick Bennett
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452

2021-01-13 ⋅ Brian Stadnicki
Gitlab RCE Stealth Shellbot
PerlBot

2020-12-18 ⋅ Cloudflare ⋅ Jesse Kipp, Nick Blazier
A quirk in the SUNBURST DGA algorithm
SUNBURST

2020-12-16 ⋅ Lookout ⋅ Apurva Kumar, Diane Wee, Justin Albrecht, Robert Nickle
Lookout Discovers New Spyware Used by Sextortionists to Blackmail iOS and Android Users
goontact

2020-12-15 ⋅ Github (itsreallynick) ⋅ Nick Carr
A quick note from Nick Carr on COSMICGALE and SUPERNOVA that those are unrelated to UC2452 intrusion campaign
SUPERNOVA

2020-12-14 ⋅ Cisco Talos ⋅ Nick Biasini
Threat Advisory: SolarWinds supply chain attack
SUNBURST TEARDROP

2020-12-14 ⋅ TrustedSec ⋅ Nick Gilberti, Tyler Hudak
SolarWinds Orion and UNC2452 – Summary and Recommendations
SUNBURST

2020-12-14 ⋅ Twitter (@ItsReallyNick) ⋅ Nick Carr
Tweet on summarizing post-compromise actvity of UNC2452
SUNBURST

2020-12-13 ⋅ FireEye ⋅ Alex Berry, Alex Pennino, Alyssa Rahman, Andrew Archer, Andrew Rector, Andrew Thompson, Barry Vengerik, Ben Read, Ben Withnell, Chris DiGiamo, Christopher Glyer, Dan Perez, Dileep Jallepalli, Doug Bienstock, Eric Scales, Evan Reese, Fred House, Glenn Edwards, Ian Ahl, Isif Ibrahima, Jay Smith, John Gorman, John Hultquist, Jon Leathery, Lennard Galang, Marcin Siedlarz, Matt Dunwoody, Matthew McWhirt, Michael Sikorski, Microsoft, Mike Burns, Nalani Fraiser, Nick Bennett, Nick Carr, Nick Hornick, Nick Richard, Nicole Oppenheim, Omer Baig, Ramin Nafisi, Sarah Jones, Scott Runnels, Stephen Eckels, Steve Miller, Steve Stone, William Ballenthin
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
SUNBURST SUPERNOVA TEARDROP UNC2452

2020-11-18 ⋅ Cisco ⋅ Edmund Brumaghin, Jaeson Schultz, Nick Biasini
Back from vacation: Analyzing Emotet’s activity in 2020
Emotet

2020-10-28 ⋅ Youtube (SANS Institute) ⋅ Aaron Stephens, Katie Nickels, Van Ta
Spooky RYUKy: The Return of UNC1878 | SANS STAR Webcast
Ryuk UNC1878

2020-10-28 ⋅ Youtube (SANS Digital Forensics and Incident Response) ⋅ Aaron Stephens, Katie Nickels, Van Ta
STAR Webcast: Spooky RYUKy: The Return of UNC1878
Ryuk

2020-09-21 ⋅ Cisco Talos ⋅ Joe Marshall, JON MUNSHAW, Nick Mavis
The art and science of detecting Cobalt Strike
Cobalt Strike

2020-09-08 ⋅ Team Cymru ⋅ CERT-BR, Manabu Niseki, Nick Byers
GhostDNSbusters: Illuminating GhostDNS Infrastructure

2020-08-11 ⋅ FireEye ⋅ Alex Pennino, Brendan McKeague, Harris Ansari, Nick Schroeder, Tim Martin
COOKIEJAR: Tracking Adversaries With FireEye Endpoint Security’s Logon Tracker Module