Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-04-03MandiantEduardo Mattos, JASON DEYALSINGH, Nick Richard, NICK SMITH, Tyler McLellan
ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access
LaZagne BlackCat MimiKatz
2023-03-30ElasticDaniel Stepanic, Devon Kerr, Joe Desimone, Remco Sprooten, Samir Bousseaden
Elastic users protected from SUDDENICON’s supply chain attack
3CX Backdoor
2023-03-27ElasticRemco Sprooten
REF2924: how to maintain persistence as an (advanced?) threat
Godzilla Webshell Behinder NAPLISTENER SiestaGraph REF2924
2023-03-23MandiantJosh Fleischer, Rufus Brown, Ryan Tomcik
UNC961 in the Multiverse of Mandiant: Three Encounters with a Financially Motivated Threat Actor
HOLERUN LIGHTBUNNY Prophet Spider
2023-03-20ElasticRemco Sprooten
NAPLISTENER: more bad dreams from developers of SIESTAGRAPH
NAPLISTENER SiestaGraph
2023-02-24Medium walmartglobaltechJason Reaves, Jonathan Mccay, Joshua Platt, Kirk Sayre
Qbot testing malvertising campaigns?
QakBot
2023-02-22SOC PrimeDaryna Olyniychuk
New Phishing Attack Detection Attributed to the UAC-0050 and UAC-0096 Groups Spreading Remcos Spyware
Remcos UAC-0050
2023-02-21Cert-UACert-UA
Cyber ​​attack of the group UAC-0050 (UAC-0096) using the Remcos program (CERT-UA#6011)
Remcos UAC-0050
2023-02-06Cert-UACert-UA
UAC-0050 cyber attack against the state bodies of Ukraine using the program for remote control and surveillance Remcos (CERT-UA#5926)
Remcos UAC-0050
2023-02-02ElasticAndrew Pease, Cyril François, Devon Kerr, Remco Sprooten, Salim Bitam, Seth Goodwin
Update to the REF2924 intrusion set and related campaigns
DoorMe ShadowPad SiestaGraph
2023-01-05MandiantEduardo Mattos, Gabby Roncone, John Wolfram, Sarah Hawley, Tyler McLellan
Turla: A Galaxy of Opportunity
KopiLuwak Andromeda QUIETCANARY
2022-12-22Cert-UACert-UA
Cyber ​​attack on DELTA system users using RomCom/FateGrab/StealDeal malware (CERT-UA#5709)
ROMCOM RAT
2022-12-15MicrosoftMicrosoft Threat Intelligence
MCCrash: Cross-platform DDoS botnet targets private Minecraft servers
DEV-1028
2022-11-28MandiantGeoff Ackerman, John Wolfram, Ryan Tomcik, Tommy Dacanay
Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia
BLUEHAZE DARKDEW MISTCLOAK UNC4191
2022-11-02BlackberryBlackberry Research
RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom
ROMCOM RAT RomCom
2022-10-23BlackberryThe BlackBerry Research & Intelligence Team
Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries
ROMCOM RAT RomCom
2022-09-30Medium walmartglobaltechJason Reaves, Jonathan Mccay
Diavol resurfaces
Diavol
2022-09-08MandiantAlden Wahlstrom, Alice Revelli, Cameron Sabel, Jon Ford, Kelli Vanderlee, Luke McNamara, Sam Riddell
What to Expect When You’re Electing: Preparing for Cyber Threats to the 2022 U.S. Midterm Elections
2022-08-29Soc InvestigationBalaGanesh
Remcos RAT New TTPS - Detection & Response
Remcos
2022-08-29McAfeeOliver Devane, Vallabh Chole
Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users