Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-12-14Cisco TalosNick Biasini
Threat Advisory: SolarWinds supply chain attack
SUNBURST TEARDROP
2020-12-14TrustedSecNick Gilberti, Tyler Hudak
SolarWinds Orion and UNC2452 – Summary and Recommendations
SUNBURST
2020-12-14Twitter (@ItsReallyNick)Nick Carr
Tweet on summarizing post-compromise actvity of UNC2452
SUNBURST
2020-12-13FireEyeAlex Berry, Alex Pennino, Alyssa Rahman, Andrew Archer, Andrew Rector, Andrew Thompson, Barry Vengerik, Ben Read, Ben Withnell, Chris DiGiamo, Christopher Glyer, Dan Perez, Dileep Jallepalli, Doug Bienstock, Eric Scales, Evan Reese, Fred House, Glenn Edwards, Ian Ahl, Isif Ibrahima, Jay Smith, John Gorman, John Hultquist, Jon Leathery, Lennard Galang, Marcin Siedlarz, Matt Dunwoody, Matthew McWhirt, Michael Sikorski, Microsoft, Mike Burns, Nalani Fraiser, Nick Bennett, Nick Carr, Nick Hornick, Nick Richard, Nicole Oppenheim, Omer Baig, Ramin Nafisi, Sarah Jones, Scott Runnels, Stephen Eckels, Steve Miller, Steve Stone, William Ballenthin
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
SUNBURST SUPERNOVA TEARDROP UNC2452
2020-11-18CiscoEdmund Brumaghin, Jaeson Schultz, Nick Biasini
Back from vacation: Analyzing Emotet’s activity in 2020
Emotet
2020-10-28Youtube (SANS Institute)Aaron Stephens, Katie Nickels, Van Ta
Spooky RYUKy: The Return of UNC1878 | SANS STAR Webcast
Ryuk UNC1878
2020-10-28Youtube (SANS Digital Forensics and Incident Response)Aaron Stephens, Katie Nickels, Van Ta
STAR Webcast: Spooky RYUKy: The Return of UNC1878
Ryuk
2020-09-21Cisco TalosJoe Marshall, JON MUNSHAW, Nick Mavis
The art and science of detecting Cobalt Strike
Cobalt Strike
2020-09-08Team CymruCERT-BR, Manabu Niseki, Nick Byers
GhostDNSbusters: Illuminating GhostDNS Infrastructure
2020-08-11FireEyeAlex Pennino, Brendan McKeague, Harris Ansari, Nick Schroeder, Tim Martin
COOKIEJAR: Tracking Adversaries With FireEye Endpoint Security’s Logon Tracker Module
2020-07-01Cisco TalosEdmund Brumaghin, Mariano Graziano, Nick Biasini
Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks
Valak IcedID ISFB MyKings Spreader
2020-06-01Twitter (@ItsReallyNick)Nick Carr
Tweet on malware called NETFLASH
2020-05-11Cisco TalosEdmund Brumaghin, Nick Biasini, Nick Lister
Astaroth - Maze of obfuscation and evasion reveals dark stealer
Astaroth
2020-02-13TalosEdmund Brumaghin, Nick Biasini
Threat actors attempt to capitalize on coronavirus outbreak
Emotet Nanocore RAT Parallax RAT
2020-01-14FireEyeMatt Bromiley, Nick Carr
Rough Patch: I Promise It'll Be 200 OK (Citrix ADC CVE-2019-19781)
NOTROBIN
2020-01-03Youtube (BSides Belfast)Jorge Rodriguez, Nick Summerlin
Demystifying QBot Banking Trojan
QakBot
2020-01-01SecureworksSecureWorks
NICKEL GLADSTONE
AlphaNC Bankshot Ratankba Lazarus Group
2020-01-01SecureworksSecureWorks
NICKEL ACADEMY
Brambul Duuzer HOPLIGHT Joanap Sierra(Alfa,Bravo, ...) Volgmer
2019-12-20Twitter (@ItsReallyNick)Nick Carr
Tweet on GRUNT payload
GRUNT
2019-10-21FireEyeEvan Reese, Nick Carr, Steve Miller
Shikata Ga Nai Encoder Still Going Strong
FIN11