Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2025-03-20Cisco TalosAsheer Malhotra, Brandon White, Jungsoo An, Vitor Ventura
UAT-5918 targets critical infrastructure entities in Taiwan
LaZagne JuicyPotato Meterpreter MimiKatz
2025-02-20Cisco TalosCisco Talos
Weathering the storm: In the midst of a Typhoon
2025-02-13Recorded FutureInsikt Group
RedMike (Salt Typhoon) Exploits Vulnerable Cisco Devices of Global Telecommunications Providers
GhostEmperor
2024-11-07Cisco TalosAliza Johnson, Chetan Raghuprasad, Elio Biasiotto, Michael Szeliga
Unwrapping the emerging Interlock ransomware attack
Rhysida
2024-10-24Cisco TalosAaron Boyd
Writing a BugSleep C2 server and detecting its traffic with Snort
bugsleep
2024-10-23Cisco TalosEdmund Brumaghin, Holger Unterbrink, Jordyn Dunk, Nicole Hoffman
Highlighting TA866/Asylum Ambuscade Activity Since 2021
WasabiSeed Cobalt Strike csharp-streamer RAT Resident Rhadamanthys WarmCookie
2024-10-23Cisco TalosEdmund Brumaghin, Holger Unterbrink, Jordyn Dunk, Nicole Hoffman
Threat Spotlight: WarmCookie/BadSpace
Cobalt Strike csharp-streamer RAT WarmCookie
2024-10-22Cisco TalosChetan Raghuprasad
Threat actor abuses Gophish to deliver new PowerRAT and DCRAT
PowerRAT
2024-10-17Cisco TalosAsheer Malhotra, Dmytro Korzhevin, Vanja Svajcer, Vitor Ventura
UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants
MeltingClaw ROMCOM RAT ShadyHammock RomCom
2024-08-21Cisco TalosAsheer Malhotra, Guilherme Venere, Vitor Ventura
MoonPeak malware from North Korean actors unveils new details on attacker infrastructure
MoonPeak XenoRAT UAT-5394
2024-08-01CiscoAshley Shen, Joey Chen, Vitor Ventura
APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike
Cobalt Strike ShadowPad
2024-06-21Cisco TalosAshley Shen, Chetan Raghuprasad
SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques
SneakyChef
2024-06-17TrellixAlejandro Houspanossian
Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion
HijackLoader Lumma Stealer
2024-06-13Cisco TalosAsheer Malhotra, Gi7w0rm, Vitor Ventura
Operation Celestial Force employs mobile and desktop malware to target Indian entities
Gravity RAT Gravity RAT
2024-06-05Cisco TalosCisco Talos
DarkGate switches up its tactics with new payload, email templates
DarkGate
2024-05-30Cisco TalosAsheer Malhotra
LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader
purpleink LilacSquid
2024-04-24CiscoCisco Talos
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
ArcaneDoor Storm-1849
2024-04-24NCSC UKNCSC UK
Line Dancer - In-memory shellcode loader targeting Cisco Adaptive Security Appliance (ASA) devices.
2024-04-24NCSC UKNCSC UK
Line Runner: Persistent webshell targeting Cisco Adaptive Security Appliance (ASA) devices.
2024-02-15Cisco TalosArnaud Zobec, Asheer Malhotra, Holger Unterbrink, Vitor Ventura
TinyTurla Next Generation - Turla APT spies on Polish NGOs
TinyTurlaNG