Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-02-24McAfeeAlexandre Mundo, John Fokker, Thibault Seret, Thomas Roccia
Technical Analysis of Babuk Ransomware
Babuk
2021-01-28Huntress LabsJohn Hammond
Analyzing Ryuk Another Link in the Cyber Attack Chain
BazarBackdoor Ryuk
2021-01-12BrightTALK (FireEye)Ben Read, John Hultquist
UNC2452: What We Know So Far
Cobalt Strike SUNBURST TEARDROP
2021-01-08splunkJames Brodsky, John Stoner, Lily Lee, Marcus LaFerrera, Ryan Kovar
A Golden SAML Journey: SolarWinds Continued
SUNBURST
2021-01-04splunkJohn Stoner
Detecting Supernova Malware: SolarWinds Continued
SUPERNOVA
2020-12-30Recorded FutureJohn Wetzel
SOLARWINDS ATTRIBUTION: Are We Getting Ahead of Ourselves? An Analysis of UNC2452 Attribution
SUNBURST
2020-12-20CitizenLabBill Marczak, John Scott-Railton, Noura Al-Jizawi, Ron Deibert, Siena Anstis
The Great iPwn Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit
Chrysaor
2020-12-17splunkJohn Stoner
Onboarding Threat Indicators into Splunk Enterprise Security: SolarWinds Continued
SUNBURST
2020-12-15CorelightJohn Gamble
Finding SUNBURST Backdoor with Zeek Logs & Corelight
SUNBURST
2020-12-13FireEyeAlex Berry, Alex Pennino, Alyssa Rahman, Andrew Archer, Andrew Rector, Andrew Thompson, Barry Vengerik, Ben Read, Ben Withnell, Chris DiGiamo, Christopher Glyer, Dan Perez, Dileep Jallepalli, Doug Bienstock, Eric Scales, Evan Reese, Fred House, Glenn Edwards, Ian Ahl, Isif Ibrahima, Jay Smith, John Gorman, John Hultquist, Jon Leathery, Lennard Galang, Marcin Siedlarz, Matt Dunwoody, Matthew McWhirt, Michael Sikorski, Microsoft, Mike Burns, Nalani Fraiser, Nick Bennett, Nick Carr, Nick Hornick, Nick Richard, Nicole Oppenheim, Omer Baig, Ramin Nafisi, Sarah Jones, Scott Runnels, Stephen Eckels, Steve Miller, Steve Stone, William Ballenthin
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
SUNBURST SUPERNOVA TEARDROP UNC2452
2020-12-13MicrosoftJohn Lambert
Important steps for customers to protect themselves from recent nation-state cyberattacks
2020-12-05CitizenLabCooper Quintin, John Scott-Railton, Rebekah Brown
Something to Remember Us By: Device Confiscated by Russian Authorities Returned with Monokle-Type Spyware Installed
Monokle
2020-12-01CitizenLabBill Marczak, John Scott-Railton, Ron Deibert, Siddharth Prakash Rao, Siena Anstis
Running in Circles Uncovering the Clients of Cyberespionage Firm Circles
2020-11-17Salesforce EngineeringJohn Althouse
Easily Identify Malicious Servers on the Internet with JARM
Cobalt Strike TrickBot
2020-10-28Twitter (@BitsOfBinary)John
Tweet on macOS version of Manuscrypt
Manuscrypt
2020-10-28Trend MicroAliakbar Zahravi, Cedric Pernet, Daniel Lunghi, Elliot Cao, Jaromír Hořejší, John Zhang, Joseph C Chen, William Gamazo Sanchez
Operation Earth Kitsune: A Dance of Two New Backdoors
AgfSpy DneSpy SLUB Earth Kitsune
2020-10-19Trend MicroAliakbar Zahravi, Cedric Pernet, Daniel Lunghi, Eliot Cao, Jaromír Hořejší, John Zhang, Joseph C. Chen, Nelson William Gamazo Sanchez
Operation Earth Kitsune: Tracking SLUB’s Current Operations
SLUB
2020-07-23The Daily SwigJohn Leyden
Who is behind APT29? What we know about this nation-state cybercrime group
2020-07-10ReversingLabsChristiaan Beek, Cooper Quintin, Hilko Bengen, Jo Johnson, Tom Ueltschi, Tomislav Pericin, Vitali Kremez, Wyatt Roersma
YARA Rules talks and presentation of REVERSING 2020
2020-07-08COLUMBIA | SIPAJennifer Keltz, John Patrick Dees, John Sakellariadis, Katherine von Ofenheim, Lan Pelekis, Matthew Armelli, Max Egar, Neal Pollard, Stuart Caudill, Vipratap Vikram Singh
Named But Hardly Shamed: What is the Impact of Information Disclosures on an APT Operations?