Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-12-17Trend MicroAbraham Camba, Gilbert Sison, Jay Yaneza, Jonna Santos
Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager
QakBot
2021-12-06MandiantAshraf Abdalhalim, Ben Read, Doug Bienstock, Gabriella Roncone, Jonathan Leathery, Josh Madeley, Juraj Sucik, Luis Rocha, Luke Jenkins, Manfred Erjak, Marius Fodoreanu, Microsoft Detection and Response Team (DART), Microsoft Threat Intelligence Center (MSTIC), Mitchell Clarke, Parnian Najafi, Sarah Hawley, Wojciech Ledzion
Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)
Cobalt Strike CryptBot
2021-12-01ESET ResearchAlexis Dorais-Joncas, Facundo Muñoz
Jumping the air gap: 15 years of nation‑state effort
Agent.BTZ Fanny Flame Gauss PlugX Ramsay Retro Stuxnet USBCulprit USBferry
2021-11-26Twitter (@jhencinski)Jon Hencinski
Twitter Thread on weelky MDR recap from expel.io
GootKit Squirrelwaffle
2021-09-23CloudmarkAdam McNeil, Andrew Conway, Felipe Naves, W. Stuart Jones
TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures
2021-08-11ANALYST1Jon DiMaggio
Nation State Ransomware
Ryuk Stealer
2021-06-29Medium MITRE-EngenuityJon Baker, Nicholas Amon
Security Control Mappings: A Starting Point for Threat-Informed Defense
2021-06-17Norwegian Police Security Service (PST)Dafina Shala
Etterforskningen av datanettverksoperasjonen mot statsforvalterembeter henlegges
APT31
2021-06-01SpecterOpsJonathan Johnson
Evadere Classifications
2021-05-27FireEyeDan Perez, Emiel Haeghebaert, Greg Wood, Sarah Jones, Stephen Eckels
Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices
UNC2630 UNC2717
2021-05-05zimperiumJon Paterson
Flubot vs. Zimperium
FluBot
2021-04-20FireEyeDan Perez, Dimiter Andonov, Greg Wood, Jacob Thompson, Jonathan Lepore, Josh Triplett, Joshua Villanueva, Regina Elwell, Sarah Jones, Stephen Eckels, Stroz Friedberg
Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day
2021-04-07ANALYST1Jon DiMaggio
Ransom Mafia - Analysis of the World's First Ransomware Cartel
Conti Egregor LockBit Maze RagnarLocker SunCrypt VIKING SPIDER
2021-04-07ANALYST1Jon DiMaggio
Ransom Mafia Analysis of the World's First Ransomware Cartel
Conti Egregor LockBit Maze RagnarLocker Ryuk SunCrypt TA2101 VIKING SPIDER
2021-03-04FireEyeBen Read, Jonathan Leathery, Lindsay Smith
New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452
UNC2452
2021-02-16The Wall Street JournalSara Randazzo, Tawnell D. Hobbs
Hacker Claims to Have Stolen Files Belonging to Prominent Law Firm Jones Day
2020-12-21Cisco TalosJON MUNSHAW
2020: The year in malware
WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader
2020-12-13FireEyeAlex Berry, Alex Pennino, Alyssa Rahman, Andrew Archer, Andrew Rector, Andrew Thompson, Barry Vengerik, Ben Read, Ben Withnell, Chris DiGiamo, Christopher Glyer, Dan Perez, Dileep Jallepalli, Doug Bienstock, Eric Scales, Evan Reese, Fred House, Glenn Edwards, Ian Ahl, Isif Ibrahima, Jay Smith, John Gorman, John Hultquist, Jon Leathery, Lennard Galang, Marcin Siedlarz, Matt Dunwoody, Matthew McWhirt, Michael Sikorski, Microsoft, Mike Burns, Nalani Fraiser, Nick Bennett, Nick Carr, Nick Hornick, Nick Richard, Nicole Oppenheim, Omer Baig, Ramin Nafisi, Sarah Jones, Scott Runnels, Stephen Eckels, Steve Miller, Steve Stone, William Ballenthin
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
SUNBURST SUPERNOVA TEARDROP UNC2452
2020-12-03Check Point ResearchAviran Hazum, Jonathan Shimonovich
Vulnerability in Google Play Core Library Remains Unpatched in Google Play Applications
2020-11-12circleidJonathan Zhang
An Investigative Analysis of the Silent Librarian IoCs