Click here to download all references as Bib-File.•
| 2025-03-18
⋅
Expel
⋅
Code-signing certificate abuse in the Black Basta chat leaks (and how to fight back) Black Basta Black Basta |
| 2025-03-12
⋅
Youtube (AhmedS Kasmani)
⋅
Initial Analysis of Black Basta Chat Leaks Black Basta Black Basta |
| 2025-03-11
⋅
Hunt.io
⋅
JSPSpy and ‘filebroser’: A Custom File Management Tool in Webshell Infrastructure |
| 2025-03-11
⋅
Trend Micro
⋅
AI-Assisted Fake GitHub Repositories Fuel SmartLoader and LummaStealer Distribution Lumma Stealer SmartLoader |
| 2025-03-06
⋅
Medium SarvivaMalwareAnalyst
⋅
XWorm Attack Chain: Leveraging Steganography from Phishing Email to Keylogging via C2 Communication XWorm |
| 2025-03-05
⋅
eSentire
⋅
Initial Takeaways from the Black Basta Chat Leaks Black Basta Black Basta |
| 2025-02-28
⋅
Intel 471
⋅
Black Basta exposed: A look at a cybercrime data leak Black Basta Black Basta |
| 2025-02-15
⋅
⋅
Youtube (greenplan)
⋅
[BINARY REFINERY] (Emmenhtal) - Deobfuscation of a custom obfuscation algorithm Emmenhtal |
| 2025-02-02
⋅
Team82
⋅
Do the CONTEC CMS8000 Patient Monitors Contain a Chinese Backdoor? The Reality is More Complicated… CMS8000 Backdoor |
| 2025-01-13
⋅
⋅
Cert-AgID
⋅
Analisi di una campagna Lumma Stealer con falso CAPTCHA condotta attraverso domino italiano compromesso Lumma Stealer |
| 2025-01-07
⋅
SOCRadar
⋅
Turla Cyber Campaign Targeting Pakistan’s Critical Infrastructure |
| 2025-01-07
⋅
Hunt.io
⋅
Golang Beacons and VS Code Tunnels: Tracking a Cobalt Strike Server Leveraging Trusted Infrastructure Cobalt Strike |
| 2024-12-29
⋅
cocomelonc
⋅
Malware and cryptography 38 - Encrypt/decrypt payload via Camellia cipher. S-box analyses examples. Simple C example. |
| 2024-11-19
⋅
Palo Alto Networks Unit 42
⋅
FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications FrostyGoop |
| 2024-11-19
⋅
CrowdStrike
⋅
Unveiling LIMINAL PANDA: A Closer Look at China's Cyber Threats to the Telecom Sector LIMINAL PANDA |
| 2024-11-06
⋅
Sophos
⋅
Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign GootLoader |
| 2024-10-31
⋅
Microsoft
⋅
Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network Storm-0940 |
| 2024-10-18
⋅
SpyCloud
⋅
A Deep Dive Into the Intricate Chinese Cybercrime Ecosystem |
| 2024-10-08
⋅
Hunt.io
⋅
Inside a Cybercriminal’s Server: DDoS Tools, Spyware APKs, and Phishing Pages SpyNote |
| 2024-09-30
⋅
X (@GenThreatLabs)
⋅
Tweet on FAKEUPDATES pushing WARMCOOKIE backdoor via compromised websites targeting France FAKEUPDATES WarmCookie |