Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-11-14Twitter (@embee_research)Matthew
Twitter thread on Yara Signatures for Qakbot Encryption Routines
IcedID QakBot
2022-11-03paloalto Netoworks: Unit42Chris Navarrete, Durgesh Sangvikar, Matthew Tennis, Siddhart Shibiraj, Yanhui Jia, Yu Fu
Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild
Cobalt Strike
2022-10-28velociraptorMatt Green
Windows.Carving.SystemBC - SystemBC RAT configuration Purser for Velociraptor
SystemBC
2022-09-22BroadcomSymantec Threat Hunter Team
Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics
BlackCat BlackMatter DarkSide
2022-09-14MandiantJames Maclachlan, Mathew Potaczek, Matt Williams, Nino Isakovic, Yash Gupta
It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp
BLINDINGCAN miniBlindingCan sRDI
2022-08-04Cisco TalosArnaud Zobec, Azim Khodjibaev, Edmund Brumaghin, Matt Thaxton
Attackers leveraging Dark Utilities "C2aaS" platform in malware campaigns
2022-07-25Trend MicroByron Gelera, Ieriz Nicolle Gonzalez, Ivan Nicole Chavez, Katherine Casona, Nathaniel Gregory Ragasa, Nathaniel Morales
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
BlackMatter LockBit
2022-07-21CensysMatt Lembright
Russian Ransomware C2 Network Discovered in Censys Data
DeimosC2 PoshC2
2022-07-19SUCURIMatt Morrow
PrestaShop Skimmer Concealed in One Page Checkout Module
2022-07-06Trend MicroBren Matthew Ebriega, Ivan Nicole Chavez, Joshua Paul Ignacio, Monte de Jesus, Nathaniel Morales
Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server
HavanaCrypt
2022-06-28AccentureAccenture
Steal(Bit) or exfil, what does it (Ex)Matter? Comparative Analysis of Custom Exfiltration Tools
ExMatter StealBit
2022-05-30Matthieu Walter
Automatically Unpacking IcedID Stage 1 with Angr
IcedID
2022-05-18Cado SecurityMatt Muir
Linux Attack Techniques: Dynamic Linker Hijacking with LD Preload
2022-05-16Jamf BlogJaron Bradley, Matt Benyo, Stuart Ashenbrenner
UpdateAgent Adapts Again
UpdateAgent
2022-05-05NCC GroupMichael Matthews, Nikolaos Pantazopoulos
North Korea’s Lazarus: their initial access trade-craft using social media and social engineering
LCPDot
2022-04-28nccgroupDavid Brown, Michael Matthews, Rob Smallridge
LAPSUS$: Recent techniques, tactics and procedures
2022-04-27ESET ResearchAlexandre Côté Cyr, Matthieu Faou
A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity
FlowCloud Lookback Witchetty
2022-04-12SophosAndrew Brandt, Angela Gunn, Ferenc László Nagy, Johnathan Fern, Linda Smith, Matthew Everts, Mauricio Valdivieso, Melissa Kelly, Peter Mackenzie, Sergio Bestulic
Attackers linger on government agency computers before deploying Lockbit ransomware
LockBit
2022-04-11Offensive SecurityMatteo Malvica
IRQLs Close Encounters of the Rootkit Kind
2022-04-08The Hacker NewsRavie Lakshmanan
Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity
BlackCat BlackMatter BlackCat BlackMatter