Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-13IntezerAvigayil Mechtinger, Joakim Kennedy, Ryan Robinson
Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike
Vermilion Strike Vermilion Strike
2021-09-03SophosAnand Ajjan, Andrew Ludgate, Gabor Szappanos, Peter Mackenzie, Sean Gallagher, Sergio Bestulic, Syed Zaidi
Conti affiliates use ProxyShell Exchange exploit in ransomware attacks
Cobalt Strike Conti
2021-08-30zero day initiativeSimon Zuckerbraun
ProxyToken: An Authentication Bypass in Microsoft Exchange Server
2021-08-05Twitter (@AltShiftPrtScn)Peter Mackenzie
Tweet on Conti ransomware affiliates using AnyDesk, Atera, Splashtop, Remote Utilities and ScreenConnect to maintain network access
Conti
2021-08-05Twitter (@AltShiftPrtScn)Peter Mackenzie
Tweet on Lorenz ransomware tricking user into allowing OAuth permissions to "Thunderbird with ExQuilla" for O365
Lorenz
2021-07-21Twitter (@AltShiftPrtScn)Peter Mackenzie
Tweet on Conti ransomware actor installing AnyDesk for remote access in victim environment
Conti
2021-07-19Council of the European UnionCouncil of the European Union
China: Declaration by the High Representative on behalf of the European Union urging Chinese authorities to take action against malicious cyber activities undertaken from its territory
APT40
2021-07-19Council of the European UnionCouncil of the European Union
China: Declaration by the High Representative on behalf of the European Union urging Chinese authorities to take action against malicious cyber activities undertaken from its territory
APT31
2021-07-13Threat PostBecky Bracken
Guess Fashion Brand Deals With Data Loss After Ransomware Attack
DarkSide
2021-07-07Trend MicroGloria Chen, Jaromír Hořejší, Joseph C Chen, Kenney Lu
BIOPASS RAT: New Malware Sniffs Victims via Live Streaming
BIOPASS Cobalt Strike Derusbi
2021-06-12Twitter (@AltShiftPrtScn)Peter Mackenzie
A thread on RagnarLocker ransomware group's TTP seen in an Incident Response
Cobalt Strike RagnarLocker
2021-06-11SophosLabs UncutAnand Ajjan, Andrew Brandt, Hajnalka Kope, Mark Loman, Peter Mackenzie
Relentless REvil, revealed: RaaS as variable as the criminals who use it
REvil
2021-06-08Trend MicroDavid Sancho, Feike Hacquebord, Fernando Mercês, Ian Kenefick, Mayra Fuentes, Robert McArdle, Stephen Hilt, Vladimir Kropotov
Modern Ransomware’s Double Extortion Tactics and How to Protect Enterprises Against Them
Nefilim
2021-06-03TalosCaitlin Huey, Kendall McKay, Vanja Svajcer
Necro Python bot adds new exploits and Tezos mining to its bag of tricks
N3Cr0m0rPh
2021-05-18SophosGreg Iddon, John Shier, Mat Gangwer, Peter Mackenzie
The Active Adversary Playbook 2021
Cobalt Strike MimiKatz
2021-05-17DragosKent Backman
Investigating the Watering Hole Linked to the Oldsmar Water Treatment Facility Breach
Tofsee
2021-05-13TalosAsheer Malhotra, Justin Thattil, Kendall McKay
Transparent Tribe APT expands its Windows malware arsenal
Crimson RAT Oblique RAT
2021-05-12McAfeeMcAfee ATR
Technical Analysis of Access Token Theft and Manipulation
2021-05-11MandiantAlyssa Rahman, Andrew Moore, Brendan McKeague, Jared Wilson, Jeremy Kennelly, Jordan Nuce, Kimberly Goody, Matt Williams
Shining a Light on DARKSIDE Ransomware Operations
DarkSide DarkSide UNC2465
2021-05-11FireEyeAlyssa Rahman, Andrew Moore, Brendan McKeague, Jared Wilson, Jeremy Kennelly, Jordan Nuce, Kimberly Goody
Shining a Light on DARKSIDE Ransomware Operations
Cobalt Strike DarkSide