Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-01-21360 Threat Intelligence CenterAdvanced Threat Institute
Disclosure of Manling Flower Organization (APT-C-08) using Warzone RAT attack
Ave Maria
2021-01-21NetlabJinye
Necro在频繁升级,新版本开始使用PyInstaller和DGA
N3Cr0m0rPh
2021-01-21Sophos LabsAndrew Brandt, Gabor Szappanos
MrbMiner: Cryptojacking to bypass international sanctions
2021-01-21ESET ResearchESET Research
Vadokrist: A wolf in sheep’s clothing
Vadokrist
2021-01-21InfoSec Handlers Diary BlogXavier Mertens
Powershell Dropping a REvil Ransomware
REvil
2021-01-20Team CymruAndy Kraus
MoqHao Part 1: Identifying Phishing Infrastructure
MoqHao
2021-01-20Twitter (@malwrhunterteam)MalwareHunterTeam
Tweet on Vovalex ransomware
Vovalex
2021-01-20Trend MicroAbraham Camba, Gilbert Sison, Ryan Maglaque
XDR investigation uncovers PlugX, unique technique in APT attack
PlugX
2021-01-20FireEyeAndrew Davis
Emulation of Kernel Mode Rootkits With Speakeasy
Winnti
2021-01-20Medium walmartglobaltechJason Reaves, Joshua Platt
Anchor and Lazarus together again?
Anchor TrickBot
2021-01-20MicrosoftMicrosoft 365 Defender Research Team, Microsoft Cyber Defense Operations Center (CDOC), Microsoft Threat Intelligence Center (MSTIC)
Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
Cobalt Strike SUNBURST TEARDROP
2021-01-20JPCERT/CCShusei Tomonaga
Commonly Known Tools Used by Lazarus
Lazarus Group
2021-01-19Twitter (@ConfiantIntel)ConfiantIntel
Tweet on WizardUpdate macOS backdoor
Vigram
2021-01-19Medium validhorizonDaniel Gordon
Oh, So You Got IOCs? Being a Good CTI Consumer
2021-01-19Palo Alto Networks Unit 42Brad Duncan
Wireshark Tutorial: Examining Emotet Infection Traffic
Emotet GootKit IcedID QakBot TrickBot
2021-01-19HPPatrick Schläpfer
Dridex Malicious Document Analysis: Automating the Extraction of Payload URLs
Dridex
2021-01-19MalwarebytesMarcin Kleczynski
Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments
2021-01-19Github (fireeye)FireEye
Mandiant Azure AD Investigator: Focusing on UNC2452 TTPs
SUNBURST
2021-01-19Twitter (@jpcert_ac)JPCERT/CC
Tweet on LODEINFO ver 0.47 spotted ITW targeting Japan
LODEINFO
2021-01-19MandiantDouglas Bienstock, Matthew McWhirt, Mike Burns, Nick Bennett
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 (WHITE PAPER)