Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2025-09-16ProofpointGreg Lesnewich, Mark Kelly, Nick Attfield, Proofpoint Threat Research Team
Going Underground: China-aligned TA415 Conducts U.S.-China Economic Relations Targeting Using VS Code Remote Tunnels
2025-08-28Trend MicroNick Dai, Pierre Lee
TAOTH Campaign Exploits End-of-Support Software to Target Traditional Chinese Users and Dissidents
Cobalt Strike Merlin
2025-08-27TRUESECAndreas Törnqvist, Mattias Wåhlén, Nicklas Keijser, oscar Wolf
Tamperedchef – The Bad PDF Editor
TamperedChef
2025-08-23LevelBlueJeff Kieschnick
Like PuTTY in Admin’s Hands
Broomstick
2025-06-04ThreatrayAbdallah Elshinbary, Jonas Wagner, Konstantin Klinger, Nick Attfield
The Bitter End: Unraveling Eight Years of Espionage Antics – Part Two
AlmondRAT AlmondRAT Artra Downloader BDarkRAT Havoc KiwiStealer KugelBlitz MiyaRAT ORPCBackdoor WmRAT ZxxZ
2025-06-04ProofpointAbdallah Elshinbary, Jonas Wagner, Konstantin Klinger, Nick Attfield
The Bitter End: Unraveling Eight Years of Espionage Antics—Part One
Artra Downloader Havoc
2025-04-25Trend MicroNick Dai, Sunny Lu
Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors
KRNRAT Moriya Earth Kurma
2025-03-12MandiantFrank Tse, Jakub Jozwiak, Logeswaran Nadarajan, Lukasz Lamparski, Mathew Potaczek, Mustafa Nasser, Nick Harbour, Punsaen Boonyakarn, Shawn Chew
Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers
tsh
2025-01-06North Korean InternetNick
Hangro: Investigating North Korean VPN Infrastructure Part 1
2024-12-17ProofpointDavid Galazin, Konstantin Klinger, Nick Attfield, Pim Trouerbach
Hidden in Plain Sight: TA397’s New Attack Chain Delivers Espionage RATs
MiyaRAT WmRAT HAZY TIGER
2024-10-11Trend MicroAhmed Kamal, Bahaa Yamany, Mohamed Fahmy, Nick Dai
Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East
STEALHOOK OilRig
2024-10-11Trend MicroAhmed Kamal, Bahaa Yamany, Mohamed Fahmy, Nick Dai
Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against UAE and Gulf Regions
STEALHOOK
2024-08-30TRUESECMattias Wåhlén, Nicklas Keijser
Dissecting the Cicada
Cicada3301
2024-04-17MandiantAlden Wahlstrom, Anton Prokopenkov, Dan Black, Dan Perez, Gabby Roncone, John Wolfram, Lexie Aytes, Luke Jenkins, Nick Simonian, Ryan Hall, Tyler McLellan
Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm
Sandworm
2024-04-16MandiantAlden Wahlstrom, Anton Prokopenkov, Dan Black, Dan Perez, Gabby Roncone, John Wolfram, Lexie Aytes, Nick Simonian, Ryan Hall, Tyler McLellan
APT44: Unearthing Sandworm
VPNFilter BlackEnergy CaddyWiper EternalPetya HermeticWiper Industroyer INDUSTROYER2 Olympic Destroyer PartyTicket RoarBAT Sandworm
2024-01-26TrendmicroHara Hiroaki, Masaoki Shoji, Nick Dai, Vickie Su, Yuka Higashi
Spot the Difference: An Analysis of the New LODEINFO Campaign by Earth Kasha
Anel Cobalt Strike LODEINFO NOOPDOOR
2023-04-03MandiantEduardo Mattos, JASON DEYALSINGH, Nick Richard, NICK SMITH, Tyler McLellan
ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access
LaZagne BlackCat MimiKatz
2023-01-26TrendmicroDon Ovid Ladores, Earle Maui Earnshaw, Nathaniel Gregory Ragasa, Nathaniel Morales, Nick Dai
New Mimic Ransomware Abuses Everything APIs for its Encryption Process
Mimic Ransomware
2022-11-18Trend MicroNick Dai, Sunny Lu, Vickie Su
Earth Preta Spear-Phishing Governments Worldwide
PUBLOAD TONESHELL MUSTANG PANDA
2022-09-02Trend MicroNick Dai, Ted Lee, Vickie Su
Buzzing in the Background: BumbleBee, a New Modular Backdoor Evolved From BookWorm