Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2025-04-01Hunt.ioHunt.io
Same Russian-Speaking Threat Actor, New Tactics: Abuse of Cloudflare Services for Phishing and Telegram to Filter Victim IPs
Pyramid
2025-03-27InfobloxInfoblox Threat Intelligence Group
A Phishing Tale of DoH and DNS MX Abuse
2025-03-26eSentireeSentire Threat Response Unit (TRU)
The Long and Short(cut) of It: KoiLoader Analysis
Koi Loader
2025-03-13SecuronixDen Iyzvyk, Tim Peck
Analyzing OBSCURE#BAT Threat Actors Lure Victims into Executing Malicious Batch Scripts to Deploy Stealthy Rootkits
Quasar RAT r77
2025-03-12Red CanaryRed Canary
2025 Threat Detection Report
HijackLoader Lumma Stealer NetSupportManager RAT
2025-03-11Cato NetworksMatan Mittleman, Ofek Vardi
Cato CTRL Threat Research: Ballista – New IoT Botnet Targeting Thousands of TP-Link Archer Routers
Ballista
2025-03-07ProofpointOle Villadsen, Proofpoint Threat Research Team, Selena Larson
Remote Monitoring and Management (RMM) Tooling Increasingly an Attacker’s First Choice
2025-03-06Twitter (@MsftSecIntel)Microsoft Threat Intelligence
Tweet about Moonstone Sleet dropping Qilin ransomware
Qilin
2025-03-05HUMANAdam Sell, Aviad Kaiserman, Gabi Cirlig, Inna Vasilyeva, Joao Marques, João Santos, Lindsay Kaye, Louisa Abel, Maor Elizen, Mikhail Venkov, Nico Agnese, Vikas Parthasarathy, Will Herbig
Satori Threat Intelligence Disruption: BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes
BADBOX
2025-03-05MicrosoftMicrosoft Threat Intelligence
Silk Typhoon targeting IT supply chain
2025-02-28CrowdStrikeCrowdStrike
2025 Global Threat Report
GOLD REBELLION UNC4393
2025-02-27Palo Alto Networks Unit 42Lior Rochberger, Tom Fakterman
Squidoor: Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations
FINALDRAFT FINALDRAFT REF7707
2025-02-18ProofpointProofpoint Threat Research Team
An Update on Fake Updates: Two New Actors, and New Mac Malware
Marcher FAKEUPDATES FrigidStealer Lumma Stealer
2025-02-13SecuronixDen Iyzvyk, Tim Peck
Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks
RandomQuery
2025-02-13Intel 471Intel 471
Threat hunting case study: SocGholish
FAKEUPDATES
2025-02-13SymantecThreat Hunter Team
China-linked Espionage Tools Used in Ransomware Attacks
PlugX
2025-02-13MicrosoftMicrosoft Threat Intelligence
Storm-2372 conducts device code phishing campaign
Storm-2372
2025-02-13VolexityCharlie Gardner, Steven Adair, Tom Lancaster
Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
2025-02-12MicrosoftMicrosoft Threat Intelligence
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation
LocalOlive
2025-02-11Twitter (@MsftSecIntel)Microsoft Threat Intelligence
Twitter Thread on a new Kimsuky tactic inciting admins to paste powershell