Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-04-27StairwellSteve Miller, Silas Cutler
@techreport{miller:20220427:origin:2e68a5f, author = {Steve Miller and Silas Cutler}, title = {{The origin story of APT32 macros: The StrikeSuit Gift that keeps giving}}, date = {2022-04-27}, institution = {Stairwell}, url = {https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report-The-origin-of-APT32-macros.pdf}, language = {English}, urldate = {2022-05-04} } The origin story of APT32 macros: The StrikeSuit Gift that keeps giving
2022-04-27StairwellSteve Miller, Silas Cutler
@techreport{miller:20220427:origin:1fbc10e, author = {Steve Miller and Silas Cutler}, title = {{The origin story of APT32 macros: The StrikeSuit Gi}}, date = {2022-04-27}, institution = {Stairwell}, url = {https://assets.stairwell.com/hubfs/Marketing-Assets/Stairwell-threat-report-The-origin-of-APT32-macros.pdf}, language = {English}, urldate = {2023-09-11} } The origin story of APT32 macros: The StrikeSuit Gi
StrikeSuit Gift
2022-02-28StairwellSteve Miller
@online{miller:20220228:quick:fd1e487, author = {Steve Miller}, title = {{Quick n’ dirty detection research: Building a labeled malware corpus for YARA testing}}, date = {2022-02-28}, organization = {Stairwell}, url = {https://stairwell.com/news/threat-research-detection-research-labeled-malware-corpus-yara-testing}, language = {English}, urldate = {2022-03-02} } Quick n’ dirty detection research: Building a labeled malware corpus for YARA testing
2020-12-13FireEyeAndrew Archer, Doug Bienstock, Chris DiGiamo, Glenn Edwards, Nick Hornick, Alex Pennino, Andrew Rector, Scott Runnels, Eric Scales, Nalani Fraiser, Sarah Jones, John Hultquist, Ben Read, Jon Leathery, Fred House, Dileep Jallepalli, Michael Sikorski, Stephen Eckels, William Ballenthin, Jay Smith, Alex Berry, Nick Richard, Isif Ibrahima, Dan Perez, Marcin Siedlarz, Ben Withnell, Barry Vengerik, Nicole Oppenheim, Ian Ahl, Andrew Thompson, Matt Dunwoody, Evan Reese, Steve Miller, Alyssa Rahman, John Gorman, Lennard Galang, Steve Stone, Nick Bennett, Matthew McWhirt, Mike Burns, Omer Baig, Nick Carr, Christopher Glyer, Ramin Nafisi, Microsoft
@online{archer:20201213:highly:9fe1728, author = {Andrew Archer and Doug Bienstock and Chris DiGiamo and Glenn Edwards and Nick Hornick and Alex Pennino and Andrew Rector and Scott Runnels and Eric Scales and Nalani Fraiser and Sarah Jones and John Hultquist and Ben Read and Jon Leathery and Fred House and Dileep Jallepalli and Michael Sikorski and Stephen Eckels and William Ballenthin and Jay Smith and Alex Berry and Nick Richard and Isif Ibrahima and Dan Perez and Marcin Siedlarz and Ben Withnell and Barry Vengerik and Nicole Oppenheim and Ian Ahl and Andrew Thompson and Matt Dunwoody and Evan Reese and Steve Miller and Alyssa Rahman and John Gorman and Lennard Galang and Steve Stone and Nick Bennett and Matthew McWhirt and Mike Burns and Omer Baig and Nick Carr and Christopher Glyer and Ramin Nafisi and Microsoft}, title = {{Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor}}, date = {2020-12-13}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html}, language = {English}, urldate = {2020-12-19} } Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
SUNBURST SUPERNOVA TEARDROP UNC2452
2020-05-28Twitter (@stvemillertime)Steve Miller
@online{miller:20200528:tclient:cc952e5, author = {Steve Miller}, title = {{Tweet on TClient / FIRESHADOW used by Tropic Trooper}}, date = {2020-05-28}, organization = {Twitter (@stvemillertime)}, url = {https://twitter.com/stvemillertime/status/1266050369370677249}, language = {English}, urldate = {2020-06-05} } Tweet on TClient / FIRESHADOW used by Tropic Trooper
TClient
2020-05-15Twitter (@stvemillertime)Steve Miller
@online{miller:20200515:sogu:cc5a1fc, author = {Steve Miller}, title = {{Tweet on SOGU development timeline, including TIGERPLUG IOCs}}, date = {2020-05-15}, organization = {Twitter (@stvemillertime)}, url = {https://twitter.com/stvemillertime/status/1261263000960450562}, language = {English}, urldate = {2020-05-18} } Tweet on SOGU development timeline, including TIGERPLUG IOCs
PlugX
2020-03-25FireEyeChristopher Glyer, Dan Perez, Sarah Jones, Steve Miller
@online{glyer:20200325:this:0bc322f, author = {Christopher Glyer and Dan Perez and Sarah Jones and Steve Miller}, title = {{This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits}}, date = {2020-03-25}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html}, language = {English}, urldate = {2020-04-14} } This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits
Speculoos Cobalt Strike
2019-10-21FireEyeSteve Miller, Evan Reese, Nick Carr
@online{miller:20191021:shikata:4cc9011, author = {Steve Miller and Evan Reese and Nick Carr}, title = {{Shikata Ga Nai Encoder Still Going Strong}}, date = {2019-10-21}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2019/10/shikata-ga-nai-encoder-still-going-strong.html}, language = {English}, urldate = {2020-11-04} } Shikata Ga Nai Encoder Still Going Strong
FIN11
2018-08-01FireEyeNick Carr, Kimberly Goody, Steve Miller, Barry Vengerik
@online{carr:20180801:hunt:0fe0e15, author = {Nick Carr and Kimberly Goody and Steve Miller and Barry Vengerik}, title = {{On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation}}, date = {2018-08-01}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html}, language = {English}, urldate = {2019-12-20} } On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation
BELLHOP POWERPIPE BABYMETAL SocksBot FIN7
2018-07-11FireEyeScott Henderson, Steve Miller, Dan Perez, Marcin Siedlarz, Ben Wilson, Ben Read
@online{henderson:20180711:chinese:f0f3cbc, author = {Scott Henderson and Steve Miller and Dan Perez and Marcin Siedlarz and Ben Wilson and Ben Read}, title = {{Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally}}, date = {2018-07-11}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2018/07/chinese-espionage-group-targets-cambodia-ahead-of-elections.html}, language = {English}, urldate = {2019-12-20} } Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally
AIRBREAK APT40
2017-03-07FireEyeJordan Nuce, Barry Vengerik, Steve Miller
@online{nuce:20170307:fin7:0e12ba2, author = {Jordan Nuce and Barry Vengerik and Steve Miller}, title = {{FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filings}}, date = {2017-03-07}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2017/03/fin7_spear_phishing.html}, language = {English}, urldate = {2019-12-20} } FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filings
POWERSOURCE FIN7