Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-04-07Twitter (@ChicagoCyber)Joshua Miller
Tweet on TA455 (Iranian threat actor) IoCs
2022-03-23Team CymruAndy Kraus, Brian Eckman, Josh Hopkins, Paul Welte
Raccoon Stealer – An Insight into Victim “Gates”
Raccoon
2022-03-16MandiantJoshua Homan, Logeswaran Nadarajan, Martin Co, Mathew Potaczek, Sylvain Hirsch, Takahiro Sugiyama, Yu Nakamura
Have Your Cake and Eat it Too? An Overview of UNC2891
SLAPSTICK STEELCORGI LightBasin
2022-03-16DragosJosh Hanrahan
Suspected Conti Ransomware Activity in the Auto Manufacturing Sector
Conti Emotet
2022-03-10Medium walmartglobaltechJason Reaves, Joshua Platt
Diavol the Enigma of Ransomware
Diavol
2022-03-04Medium walmartglobaltechJason Reaves, Joshua Platt
SystemBC, PowerShell version
SystemBC
2022-02-23MandiantJoshua Shilko, Shambavi Sadayappan, Tyler McLellan
(Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware
Cuba KillAV
2022-02-14Medium walmartglobaltechJason Reaves, Joshua Platt
PrivateLoader to Anubis Loader
Anubis Loader PrivateLoader
2022-02-08ProofpointGeorgi Mladenov, Joshua Miller, Konstantin Klinger
Ugg Boots 4 Sale: A Tale of Palestinian-Aligned Espionage
BrittleBush NimbleMamba TA402
2022-02-01Medium walmartglobaltechJason Reaves, Jonathan Mccay, Joshua Platt
Sugar Ransomware, a new RaaS
Sugar
2022-01-26Team CymruJosh Hopkins
Analysis of a Management IP Address linked to Molerats APT
2022-01-20Palo Alto Networks Unit 42Josh Grunzweig, Mike Harbison, Robert Falcone
Threat Brief: Ongoing Russia and Ukraine Cyber Conflict
WhisperGate
2022-01-11Medium walmartglobaltechJason Reaves, Joshua Platt
Signed DLL campaigns as a service
BATLOADER Cobalt Strike ISFB Zloader
2021-12-06MandiantAshraf Abdalhalim, Ben Read, Doug Bienstock, Gabriella Roncone, Jonathan Leathery, Josh Madeley, Juraj Sucik, Luis Rocha, Luke Jenkins, Manfred Erjak, Marius Fodoreanu, Microsoft Detection and Response Team (DART), Microsoft Threat Intelligence Center (MSTIC), Mitchell Clarke, Parnian Najafi, Sarah Hawley, Wojciech Ledzion
Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)
Cobalt Strike CryptBot
2021-11-18CiscoJosh Pyorre
BlackMatter, LockBit, and THOR
BlackMatter LockBit PlugX
2021-11-17MandiantJoshua Goddard
ProxyNoShell: A Change in Tactics Exploiting ProxyShell Vulnerabilities
2021-11-10AT&TJosh Gomez
Stories from the SOC - Powershell, Proxyshell, Conti TTPs OH MY!
Cobalt Strike Conti
2021-11-04CrowdStrikeEric Loui, Josh Reynolds
CARBON SPIDER Embraces Big Game Hunting, Part 2
BlackMatter Griffon BlackMatter DarkSide HiddenTear JSSLoader
2021-10-07MandiantAdam Brunner, Genevieve Stark, Jennifer Brooks, Jeremy Kennelly, Joshua Shilko, Kimberly Goody, Zach Riddle
FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets
BazarBackdoor GRIMAGENT Ryuk
2021-09-03FireEyeAdrian Sanchez Hernandez, Alex Pennino, Andrew Rector, Brendan McKeague, Govand Sinjari, Harris Ansari, John Wolfram, Joshua Goddard, Yash Gupta
PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers
CHINACHOPPER HTran