Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-12-20CitizenLabBill Marczak, John Scott-Railton, Noura Al-Jizawi, Ron Deibert, Siena Anstis
The Great iPwn Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit
Chrysaor
2020-12-17splunkJohn Stoner
Onboarding Threat Indicators into Splunk Enterprise Security: SolarWinds Continued
SUNBURST
2020-12-15CorelightJohn Gamble
Finding SUNBURST Backdoor with Zeek Logs & Corelight
SUNBURST
2020-12-13FireEyeAlex Berry, Alex Pennino, Alyssa Rahman, Andrew Archer, Andrew Rector, Andrew Thompson, Barry Vengerik, Ben Read, Ben Withnell, Chris DiGiamo, Christopher Glyer, Dan Perez, Dileep Jallepalli, Doug Bienstock, Eric Scales, Evan Reese, Fred House, Glenn Edwards, Ian Ahl, Isif Ibrahima, Jay Smith, John Gorman, John Hultquist, Jon Leathery, Lennard Galang, Marcin Siedlarz, Matt Dunwoody, Matthew McWhirt, Michael Sikorski, Microsoft, Mike Burns, Nalani Fraiser, Nick Bennett, Nick Carr, Nick Hornick, Nick Richard, Nicole Oppenheim, Omer Baig, Ramin Nafisi, Sarah Jones, Scott Runnels, Stephen Eckels, Steve Miller, Steve Stone, William Ballenthin
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
SUNBURST SUPERNOVA TEARDROP UNC2452
2020-12-13MicrosoftJohn Lambert
Important steps for customers to protect themselves from recent nation-state cyberattacks
2020-12-05CitizenLabCooper Quintin, John Scott-Railton, Rebekah Brown
Something to Remember Us By
Monokle
2020-12-01CitizenLabBill Marczak, John Scott-Railton, Ron Deibert, Siddharth Prakash Rao, Siena Anstis
Running in Circles Uncovering the Clients of Cyberespionage Firm Circles
2020-11-17Salesforce EngineeringJohn Althouse
Easily Identify Malicious Servers on the Internet with JARM
Cobalt Strike TrickBot
2020-10-28Twitter (@BitsOfBinary)John
Tweet on macOS version of Manuscrypt
Manuscrypt
2020-10-28Trend MicroAliakbar Zahravi, Cedric Pernet, Daniel Lunghi, Elliot Cao, Jaromír Hořejší, John Zhang, Joseph C Chen, William Gamazo Sanchez
Operation Earth Kitsune: A Dance of Two New Backdoors
AgfSpy DneSpy SLUB Earth Kitsune
2020-10-19Trend MicroAliakbar Zahravi, Cedric Pernet, Daniel Lunghi, Eliot Cao, Jaromír Hořejší, John Zhang, Joseph C. Chen, Nelson William Gamazo Sanchez
Operation Earth Kitsune: Tracking SLUB’s Current Operations
SLUB
2020-07-23The Daily SwigJohn Leyden
Who is behind APT29? What we know about this nation-state cybercrime group
2020-07-10ReversingLabsChristiaan Beek, Cooper Quintin, Hilko Bengen, Jo Johnson, Tom Ueltschi, Tomislav Pericin, Vitali Kremez, Wyatt Roersma
YARA Rules talks and presentation of REVERSING 2020
2020-07-08COLUMBIA | SIPAJennifer Keltz, John Patrick Dees, John Sakellariadis, Katherine von Ofenheim, Lan Pelekis, Matthew Armelli, Max Egar, Neal Pollard, Stuart Caudill, Vipratap Vikram Singh
Named But Hardly Shamed: What is the Impact of Information Disclosures on an APT Operations?
2020-07-01VMRayJohn Faria
Threat Bulletin: Cutting-off the Command-and-Control Infrastructure of CollectorGoomba
CollectorGoomba
2020-07-01VMRayJohn Faria
Threat Bulletin: Cutting-off the Command-and-Control Infrastructure of CollectorGoomba
2020-06-18Medium Huntress LabsJohn Ferrell
Hiding In Plain Sight
2020-06-09CitizenLabAdam Hulcoop, Bahr Abdul Razzak, Bill Marczak, John Scott-Railton, Ron Deibert, Siena Anstis
Dark Basin Uncovering a Massive Hack-For-Hire Operation
Dark Basin
2020-04-22FireEyeBen Read, Gabby Roncone, John Hultquist, Sarah Jones, Scott Henderson
Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage
METALJACK
2020-01-28CitizenLabBill Marczak, John Scott-Railton, Masashi Crete-Nishihata, Ron Deibert, Siena Anstis
Stopping the Press: New York Times Journalist Targeted by Saudi-linked Pegasus Spyware Operator
Chrysaor