Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-17Github (pan-unit42)Brad Duncan
IOCs for Astaroth/Guildma malware infection
Astaroth
2022-01-17Github (Dump-GUY)Jiří Vinopal
Debugging MBR - IDA + Bochs Emulator (CTF example)
WhisperGate
2022-01-17Cado SecurityCado Security
Resources for DFIR Professionals Responding to WhisperGate Malware
WhisperGate
2022-01-16Github (wgpsec)wgpsec
CreateHiddenAccount
CreateHiddenAccount
2022-01-16forensicitguyTony Lambert
Analyzing a CACTUSTORCH HTA Leading to Cobalt Strike
CACTUSTORCH Cobalt Strike
2022-01-15MicrosoftTom Burt
Malware attacks targeting Ukraine government (DEV-0586)
WhisperGate
2022-01-15Huntress LabsTeam Huntress
Threat Advisory: VMware Horizon Servers Actively Being Hit With Cobalt Strike (by DEV-0401)
Cobalt Strike
2022-01-15Github (eset)ESET Research
Donot Team — Indicators of Compromise
2022-01-15Atomic Matryoshkaz3r0day_504
Malware Headliners: Qakbot
QakBot
2022-01-15MalwareBookReportsmuzi
BazarLoader - Back from Holiday Break
BazarBackdoor
2022-01-15MicrosoftMicrosoft, Microsoft 365 Defender Threat Intelligence Team, Microsoft Detection and Response Team (DART), Microsoft Digital Security Unit (DSU), Microsoft Security Intelligence
Destructive malware targeting Ukrainian organizations (DEV-0586)
WhisperGate DEV-0586
2022-01-14Trend MicroBren Matthew Ebriega
Ransom.Win32.WHITERABBIT.YACAET
WhiteRabbit
2022-01-14Medium (Cryptax)Axelle Apvrille
Multidex trick to unpack Android/BianLian
BianLian
2022-01-14FSBFSB
Unlawful Activities of Members of an Organized Criminal Community were suppressed
REvil REvil
2022-01-14Advanced IntelligenceYelisey Boguslavskiy
Storm in "Safe Haven": Takeaways from Russian Authorities Takedown of REvil
REvil REvil
2022-01-14MandiantBryan Turner, Daniel Smith, Matthew McWhirt, Omar Toor
Proactive Preparation and Hardening to Protect Against Destructive Attacks
2022-01-14Twitter (@billyleonard)Billy Leonard, Google Threat Analysis Group
Tweet on APT28 credential phishing campaigns targeting Ukraine
2022-01-14RiskIQJordan Herman
RiskIQ: Unique SSL Certificates and JARM Hash Connected to Emotet and Dridex C2 Servers
Dridex Emotet
2022-01-14HPPatrick Schläpfer
How Attackers Use XLL Malware to Infect Systems
2022-01-13Kaspersky LabsSeongsu Park, Vitaly Kamluk
The BlueNoroff cryptocurrency hunt is still on
CageyChameleon SnatchCrypto WebbyTea