Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2025-06-16ProofpointJeremy Hedges, Proofpoint Threat Research Team, Tommy Madjar
Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication
ACR Stealer Amatera
2025-06-04ProofpointAbdallah Elshinbary, Jonas Wagner, Konstantin Klinger, Nick Attfield
The Bitter End: Unraveling Eight Years of Espionage Antics—Part One
Artra Downloader Havoc
2025-05-13ProofpointGreg Lesnewich, Mark Kelly, Saher Naumaan
TA406 Pivots to the Front
2025-04-17ProofpointGreg Lesnewich, Josh Miller, Mark Kelly, Saher Naumaan
Around the World in 90 Days: State-Sponsored Actors Try ClickFix
Quasar RAT UNK_RemoteRogue
2025-03-07ProofpointOle Villadsen, Proofpoint Threat Research Team, Selena Larson
Remote Monitoring and Management (RMM) Tooling Increasingly an Attacker’s First Choice
2025-02-18ProofpointProofpoint Threat Research Team
An Update on Fake Updates: Two New Actors, and New Mac Malware
Marcher FAKEUPDATES FrigidStealer Lumma Stealer
2024-12-17ProofpointDavid Galazin, Konstantin Klinger, Nick Attfield, Pim Trouerbach
Hidden in Plain Sight: TA397’s New Attack Chain Delivers Espionage RATs
MiyaRAT WmRAT HAZY TIGER
2024-11-18ProofpointProofpoint Threat Research Team, Selena Larson, Tommy Madjar
Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape
AsyncRAT Brute Ratel C4 DanaBot DarkGate Latrodectus Lumma Stealer NetSupportManager RAT XWorm
2024-08-29ProofpointPim Trouerbach, Selena Larson, Tommy Madjar
The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort”
Voldemort
2024-06-17ProofpointProofpoint
From Clipboard to Compromise: A PowerShell Self-Pwn
DarkGate HijackLoader Lumma Stealer Matanbuchus NetSupportManager RAT TA571
2024-04-10ProofpointSelena Larson, Tommy Madjar
Security Brief: TA547 Targets German Organizations with Rhadamanthys Stealer
Rhadamanthys
2024-04-04ProofpointProofpoint Threat Research Team, Team Cymru, TEAM CYMRU S2 THREAT RESEARCH
Latrodectus: This Spider Bytes Like Ice
IcedID Latrodectus
2024-03-21ProofpointProofpoint Threat Research Team
Security Brief: TA450 Uses Embedded Links in PDF Attachments in Latest Campaign
2024-03-06ProofpointDusty Miller, Jake G, Selena Larson
TA4903: Actor Spoofs U.S. Government, Small Businesses in Phishing, BEC Bids
TA4903
2024-03-04ProofpointKelsey Merriman, Selena Larson, Tommy Madjar
TA577’s Unusual Attack Chain Leads to NTLM Data Theft
2024-02-13ProofpointAxel F, Selena Larson
Bumblebee Buzzes Back in Black
BumbleBee
2023-12-21ProofpointAxel F, Dusty Miller, Selena Larson, Tommy Madjar
BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates
DarkGate
2023-12-12ProofpointKelsey Merriman, Selena Larson, Xavier Chambrier
Security Brief: TA4557 Targets Recruiters Directly via Email
More_eggs FIN6
2023-12-05ProofpointCrista Giering, Greg Lesnewich, Proofpoint Threat Research Team
TA422’s Dedicated Exploitation Loop—the Same Week After Week
2023-11-14ProofpointJoshua Miller
TA402 Uses Complex IronWind Infection Chains to Target Middle East-Based Government Entities
IronWind TA402