Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2024-06-20Hunt.ioMichael R
Caught in the Act: Uncovering SpyNote in Unexpected Places
SpyNote
2024-05-22MandiantMichael Raggi
IOC Extinction? China-Nexus Cyber Espionage Actors Use ORB Networks to Raise Cost on Defenders
2024-02-09Hunt.ioMichael R
Tracking ShadowPad Infrastructure Via Non-Standard Certificates
ShadowPad
2023-08-29MandiantAustin Larsen, John Palmisano, John Wolfram, Mathew Potaczek, Michael Raggi
Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)
GhostEmperor
2023-03-30ProofpointMichael Raggi, Proofpoint Threat Insight Team
Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe
Winter Vivern
2022-08-30ProofpointMichael Raggi, PWC UK, Sveva Vittoria Scenarelli
Rising Tide: Chasing the Currents of Espionage in the South China Sea
scanbox Meterpreter APT40
2022-07-14ProofpointCrista Giering, Joshua Miller, Michael Raggi, Proofpoint Threat Research Team
Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media
Chinoxy APT31 Lazarus Group TA482
2022-03-07ProofpointMichael Raggi, Myrtus 0x0
The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates
PlugX MUSTANG PANDA
2022-03-01ProofpointMichael Raggi, Proofpoint Threat Research Team, Zydeca Cass
Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement
SunSeed
2022-02-04Cyber And Ramen blogMichael Rippey
Shortcut to Windows Update
2022-01-23Cyber And Ramen blogMichael Rippey
Analysis of a DLL Downloader
2022-01-18Cyber And Ramen blogMichael Rippey
Info-Stealing Tool Posing As Naver OTP
2021-12-01ProofpointMichael Raggi
Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors
2021-11-11Twitter (@aRtAGGI)Michael Raggi
Tweet on APT31 using compromised PakEdge Rk1&RE2 router IPs as exit nodes in reconnaissance phishing campaigns
2021-07-28ProofpointCrista Giering, Joshua Miller, Michael Raggi
I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona
Liderc SysKit
2021-05-13BloombergJennifer Jacobs, Michael Riley, William Turton
Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom
DarkSide
2021-04-15The Wall Street JournalAnna Hirtenstein, Michael R. Gordon, Vivian Salama
U.S. Puts Fresh Sanctions on Russia Over Hacking, Election Interference
2021-03-07The Wall Street JournalDustin Volz, Michael R. Gordon
Russian Disinformation Campaign Aims to Undermine Confidence in Pfizer, Other Covid-19 Vaccines, U.S. Officials Say
2021-02-25ProofpointMichael Raggi, Proofpoint Threat Research Team
TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organizations
scanbox Sepulcher Lucky Cat
2020-06-08ProofpointDennis Schwarz, Georgi Mladenov, Michael Raggi, Proofpoint Threat Research Team
TA410: The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware
FlowCloud Lookback APT10 TA410
2020-03-11Virus BulletinGhareeb Saad, Michael Raggi
Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers
8.t Dropper
2020-02-10BitdefenderMichael Rosen
Hypervisor Introspection Thwarts Web Memory Corruption Attack in the Wild
coldbrew
2019-09-22ProofpointMichael Raggi, Proofpoint Threat Insight Team
LookBack Forges Ahead: Continued Targeting of the United States’ Utilities Sector Reveals Additional Adversary TTPs
Lookback TA410
2019-08-01ProofpointDennis Schwarz, Michael Raggi, Proofpoint Threat Insight Team
LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards
GUP Proxy Tool Lookback TA410
2019-07-23ProofpointDennis Schwarz, Michael Raggi, Proofpoint Threat Insight Team
Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia
8.t Dropper Cotx RAT Poison Ivy TA428