Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2026-01-11Medium APOPHISMichelle Khalil
ValleyRAT_S2 Chinese campaign
ValleyRAT
2025-11-22LinkedIn (Idan Tarab)Idan Tarab
India‑Aligned "Dropping Elephant" Pushes a New Stealth Marshalled‑Python Backdoor via MSBuild Dropper in Observed Activity Targeting Pakistan’s Defense Sector
2025-09-24Natto ThoughtsNatto Team
Who is Salt Typhoon Really? Unraveling the Attribution Challenge
2025-05-16GdataKarsten Hahn
Printer company provided infected software downloads for half a year
SnipVex
2025-04-30SeqriteMahua Chakrabarthy, Sanjay Katkar
Advisory: Pahalgam Attack themed decoys used by APT36 to target the Indian Government
Crimson RAT
2025-04-29TrustwaveTrustwave SpiderLabs
Yet Another NodeJS Backdoor (YaNB): A Modern Challenge
KongTuke
2025-04-14Palo Alto Networks Unit 42Prashil Pattni
Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware
RN Stealer
2025-03-25JPCERT/CCHayato Sasaki
Tempted to Classifying APT Actors: Practical Challenges of Attribution in the Case of Lazarus’s Subgroup
2025-03-04Department of JusticeU.S. Attorney's Office Southern District of New York
10 Chinese Nationals Charged With Large-Scale Hacking Of U.S. And International Victims On Behalf Of The Chinese Government
2025-01-13HalcyonHalcyon Research Team
Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C
Codefinger
2024-12-30FortinetChris Hall
Catching "EC2 Grouper"- no indicators required!
EC2 Grouper
2024-12-19SpyCloudJames
LummaC2 Revisited: What’s Making this Stealer Stealthier and More Lethal
GhostSocks Lumma Stealer
2024-08-09Palo Alto Networks Unit 42Amanda Tanner, Kristopher Bleich
Ransomware Review: First Half of 2024
Ukrainian Cyber Alliance
2024-07-01HalcyonHalcyon RISE Team
Halcyon Identifies New Ransomware Operator Volcano Demon Serving Up LukaLocker
lukalocker
2024-04-17MandiantAlden Wahlstrom, Anton Prokopenkov, Dan Black, Dan Perez, Gabby Roncone, John Wolfram, Lexie Aytes, Luke Jenkins, Nick Simonian, Ryan Hall, Tyler McLellan
Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm
Sandworm
2024-04-16MandiantAlden Wahlstrom, Anton Prokopenkov, Dan Black, Dan Perez, Gabby Roncone, John Wolfram, Lexie Aytes, Nick Simonian, Ryan Hall, Tyler McLellan
APT44: Unearthing Sandworm
VPNFilter BlackEnergy CaddyWiper EternalPetya HermeticWiper Industroyer INDUSTROYER2 Olympic Destroyer PartyTicket RoarBAT Sandworm
2024-04-04MandiantAshley Pearson, Austin Larsen, Billy Wong, John Wolfram, Joseph Pisano, Josh Murchie, Lukasz Lamparski, Matt Lin, Ron Craft, Ryan Hall, Shawn Chew, Tyler McLellan
Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies
UNC3569 UNC5266 UNC5291 UNC5330 UNC5337 UTA0178
2024-04-04MandiantAshley Pearson, Austin Larsen, Billy Wong, John Wolfram, Joseph Pisano, Josh Murchie, Lukasz Lamparski, Matt Lin, Ron Craft, Ryan Hall, Shawn Chew, Tyler McLellan
Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies
TONERJAM
2024-03-01LogpointNischal khadgi
A Comprehensive Overview on Stealer Malware Families
Agent Tesla Formbook RedLine Stealer Remcos Vidar
2024-01-18M4lcode, Mostafa Farghaly
Detect Mortis Locker Ransomware with YARA
Mortis