Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-03-08Palo Alto Networks Unit 42Chris Navarrete, Durgesh Sangvikar, Matthew Tennis, Rongbo Shao, Yanhui Jia
Attack Chain Overview: Emotet in December 2020 and January 2021
Emotet
2021-03-04FireEyeAndrew Thompson, Chris DiGiamo, Matt Bromiley, Robert Wallace
Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities
CHINACHOPPER HAFNIUM
2021-03-02VolexityJosh Grunzweig, Matthew Meltzer, Sean Koessel, Steven Adair, Thomas Lancaster
Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities
CHINACHOPPER HAFNIUM
2021-02-25BrightTALK (FireEye)Andrew Rector, Mandiant, Matt Bromiley
Light in the Dark: Hunting for SUNBURST
SUNBURST
2021-02-16FireEyeAndrew Rector, Matt Bromiley, Robert Wallace
Light in the Dark: Hunting for SUNBURST
SUNBURST
2021-02-01ESET ResearchIgnacio Sanmillan, Matthieu Faou
Operation NightScout: Supply‑chain attack targets online gaming in Asia
Ghost RAT NoxPlayer Poison Ivy Red Dev 17
2021-01-26ComaeMatt Suiche
PANDORABOX - North Koreans target security researchers
ComeBacker
2021-01-19MandiantDouglas Bienstock, Matthew McWhirt, Mike Burns, Nick Bennett
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 (WHITE PAPER)
2021-01-19FireEyeDouglas Bienstock, Matthew McWhirt, Mike Burns, Nick Bennett
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
2021-01-06MimecastMatthew Gardiner
How to Slam a Door on the Cutwail Botnet: Enforce DMARC
Cutwail
2020-12-25ComaeMatt Suiche
SUNBURST & Memory Analysis
SUNBURST
2020-12-22TRUESECMattias Wåhlén
Collaboration between FIN7 and the RYUK group, a Truesec Investigation
Carbanak Cobalt Strike Ryuk
2020-12-22Medium mitre-attackAdam Pennington, Matt Malone
Identifying UNC2452-Related Techniques for ATT&CK
SUNBURST TEARDROP UNC2452
2020-12-18Trend MicroJunestherry Salvador, Matthew Camacho, Raphael Centeno
Negasteal Uses Hastebin for Fileless Delivery of Crysis Ransomware
Agent Tesla Dharma
2020-12-17Palo Alto Networks Unit 42Matthew Tennis
SUPERNOVA SolarWinds .NET Webshell Analysis
SUPERNOVA BRONZE SPIRAL
2020-12-17Palo Alto Networks Unit 42Matt Tennis
SUPERNOVA: SolarStorm’s Novel .NET Webshell
SUPERNOVA
2020-12-17ESET ResearchIgnacio Sanmillan, Matthieu Faou
Operation SignSight: Supply‑chain attack against a certification authority in Southeast Asia
SManager
2020-12-14VolexityDamien Cash, Matthew Meltzer, Sean Koessel, Steven Adair, Thomas Lancaster, Volexity Threat Research
Dark Halo Leverages SolarWinds Compromise to Breach Organizations
SUNBURST
2020-12-13FireEyeAlex Berry, Alex Pennino, Alyssa Rahman, Andrew Archer, Andrew Rector, Andrew Thompson, Barry Vengerik, Ben Read, Ben Withnell, Chris DiGiamo, Christopher Glyer, Dan Perez, Dileep Jallepalli, Doug Bienstock, Eric Scales, Evan Reese, Fred House, Glenn Edwards, Ian Ahl, Isif Ibrahima, Jay Smith, John Gorman, John Hultquist, Jon Leathery, Lennard Galang, Marcin Siedlarz, Matt Dunwoody, Matthew McWhirt, Michael Sikorski, Microsoft, Mike Burns, Nalani Fraiser, Nick Bennett, Nick Carr, Nick Hornick, Nick Richard, Nicole Oppenheim, Omer Baig, Ramin Nafisi, Sarah Jones, Scott Runnels, Stephen Eckels, Steve Miller, Steve Stone, William Ballenthin
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
SUNBURST SUPERNOVA TEARDROP UNC2452
2020-12-08Red CanaryMatt Graeber
The why, what, and how of threat research