https://www.mandiant.com/resources/blog/lightshow-north-korea-unc2970

https://research.checkpoint.com/2023/rhadamanthys-v0-5-0-a-deep-dive-into-the-stealers-components/

https://www.trellix.com/about/newsroom/stories/research/the-continued-evolution-of-the-darkgate-malware-as-a-service/

https://www.elastic.co/security-labs

https://blog.sekoia.io/darkgate-internals/

https://www.sentinelone.com/labs/operation-tainted-love-chinese-apts-target-telcos-in-new-attacks/

http://paperpile.com/b/RiRbam/HWuo

https://unit42.paloaltonetworks.com/lokibot-spike-analysis/

https://learn.microsoft.com/en-us/windows/win32/fileio/about-transactional-ntfs

http://paperpile.com/b/RiRbam/KemNS

https://blogs.vmware.com/security/2023/10/an-ilummanation-on-lummastealer.html

https://www.esentire.com/blog/winsock-file-transfer-protocol-vulnerability-exploited

https://www.bleepingcomputer.com/news/security/winrar-zero-day-exploited-since-april-to-hack-trading-accounts/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075a

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-136a

https://www.bitdefender.com/blog/businessinsights/unpacking-bellaciao-a-closer-look-at-irans-latest-malware/

https://news.sophos.com/en-us/2023/05/09/akira-ransomware-is-bringin-88-back/

https://www.bleepingcomputer.com/news/security/lazarus-hackers-breach-aerospace-firm-with-new-lightlesscan-malware/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a

https://www.cisa.gov/sites/default/files/2023-07/aa23-201a_csa_threat_actors_exploiting_citrix-cve-2023-3519_to_implant_webshells.pdf

https://thedfirreport.com/2023/12/18/lets-opendir-some-presents-an-analysis-of-a-persistent-actors-activity/

https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

https://unit42.paloaltonetworks.com/vice-society-ransomware-powershell/

https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/

https://www.joesandbox.com/analysis/776315/0/html

https://www.joesandbox.com/analysis/780470/0/pdf

https://github.com/EmpireProject/Empire

https://github.com/PowerShellMafia/PowerSploit

https://github.com/samratashok/nishang

https://labs.nettitude.com/tools/poshc2/

https://github.com/darkoperator/Posh-SecMod

https://www.joesandbox.com/analysis/430666/0/html

https://www.joesandbox.com/analysis/1339915/0/html

https://www.joesandbox.com/analysis/1323173/0/html

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a

https://www.joesandbox.com/analysis/1329366/0/html

https://www.joesandbox.com/analysis/488262/0/html

https://www.cisa.gov/sites/default/files/2023-09/MAR-10454006.r5.v1.CLEAR__0.pdf

https://www.bleepingcomputer.com/news/security/fake-linux-vulnerability-exploit-drops-data-stealing-malware/

https://www.bleepingcomputer.com/news/security/exploit-released-for-critical-fortinet-rce-flaw-patch-now/

https://www.bleepingcomputer.com/news/security/new-malware-infects-business-routers-for-data-theft-surveillance/

https://www.bleepingcomputer.com/news/security/darkgate-malware-spreads-through-compromised-skype-accounts/

https://www.securityjoes.com/post/operation-ice-breaker-targets-the-gam-bl-ing-industry-right-before-it-s-biggest-gathering

https://www.securonix.com/blog/new-tacticaloctopus-attack-campaign-targets-us-entities-with-malware-bundled-in-tax-themed-documents/

https://www.wiz.io/blog/pyloose-first-python-based-fileless-attack-on-cloud-workloads

https://www.bleepingcomputer.com/news/security/spain-warns-of-lockbit-locker-ransomware-phishing-attacks/

https://www.bleepingcomputer.com/news/security/hackers-use-binance-smart-chain-contracts-to-store-malicious-scripts/

https://www.bleepingcomputer.com/news/security/new-web-injections-campaign-steals-banking-data-from-50-000-people/

https://www.bleepingcomputer.com/news/security/us-uk-warn-of-govt-hackers-using-custom-malware-on-cisco-routers/

https://www.bleepingcomputer.com/news/security/google-home-speakers-allowed-hackers-to-snoop-on-conversations/

https://www.bleepingcomputer.com/news/security/chinese-apt15-hackers-resurface-with-new-graphican-malware/

https://www.bleepingcomputer.com/news/security/new-s1deload-stealer-malware-hijacks-youtube-facebook-accounts/

https://www.intrinsec.com/egregor-prolock/

https://news.sophos.com/en-us/2020/09/17/maze-attackers-adopt-ragnar-locker-virtual-machine-technique/

https://unit42.paloaltonetworks.com/ukraine-cyber-conflict-cve-2021-32648-whispergate/

https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/

https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/

https://unfinished.bike/qubitstrike-and-diamorphine-linux-kernel-rootkits-go-mainstream

https://www.cadosecurity.com/redis-p2pinfect/

https://www.group-ib.com/blog/malware-bundles/

https://www.itspy.cz/wp-content/uploads/2023/10/it_spy_2023_diplomova_prace_38.pdf

https://unit42.paloaltonetworks.com/compromised-cloud-compute-credentials/

https://www.picussecurity.com/resource/blog/snatch-ransomware-explained-cisa-alert-aa23-263a

https://www.theregister.com/2023/12/20/terrapin_attack_ssh/

https://wpa3.mathyvanhoef.com

https://www.darkreading.com/threat-intelligence/china-apt-cracks-cisco-firmware-attacks-against-us-japan

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/honeypot-recon-new-variant-of-skidmap-targeting-redis/

https://www.picussecurity.com/resource/blog/volt-typhoon-the-chinese-apt-group-abuse-lolbins-for-cyber-espionage

https://www.mandiant.com/resources/blog/infected-usb-steal-secrets

https://support.apple.com/en-by/102767

https://www.bleepingcomputer.com/news/security/hackers-exploit-looney-tunables-linux-bug-steal-cloud-creds/

https://www.zscaler.com/blogs/security-research/retrospective-avoslocker

https://www.varonis.com/blog/blackmatter-ransomware

https://redpiranha.net/news/look-lockbit-3-ransomware

https://securityscorecard.com/resources/a-detailed-analysis-of-the-money-message-ransomware/

https://cyble.com/blog/dissecting-rancoz-ransomware/

https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

https://www.fortinet.com/blog/threat-research/the-year-of-the-wiper

https://www.splunk.com/en_us/blog/security/threat-update-awfulshred-script-wiper.html

https://blogs.blackberry.com/en/2023/11/bibi-wiper-used-in-the-israel-hamas-war-now-runs-on-windows

https://www.acronis.com/en-us/cyber-protection-center/posts/caddywiper-makes-windows-machines-unusable/

https://www.clearskysec.com/wp-content/uploads/2024/01/No-Justice-Wiper.pdf

https://www.verizon.com/business/resources/reports/2023-data-breach-investigations-report-dbir.pdf

https://www.picussecurity.com/resource/blog/how-to-beat-nefilim-ransomware-attacks

https://cloudsek.com/technical-analysis-of-bluesky-ransomware/

https://www.picussecurity.com/resource/zeppelin-ransomware-analysis-simulation-and-mitigation

https://github.com/ParrotSec/mimikatz

https://jpcertcc.github.io/ToolAnalysisResultSheet/details/gsecdump.htm

https://jpceahttps//learn.microsoft.com/en-us/sysinternals/downloads/procdump

https://github.com/outflanknl/Dumpert

https://www.bleepingcomputer.com/news/security/trickbot-now-steals-windows-active-directory-credentials/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a

https://www.picussecurity.com/resource/blog/dcshadow-attack-explained-mitre-attack-t120

https://www.thegeekdiary.com/unshadow-command-examples-in-linux/

https://www.picussecurity.com/resource/the-mitre-attck-t1003-os-credential-dumping-technique-and-its-adversary-use

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a

https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a

https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/

https://www.barracuda.com/company/legal/esg-vulnerability

https://www.cisa.gov/sites/default/files/2023-08/MAR-10454006.r4.v2.CLEAR_.pdf

https://www.bleepingcomputer.com/news/security/russian-military-hackers-target-ukraine-with-new-masepie-malware/

https://www.bleepingcomputer.com/news/security/chinese-hackers-use-dns-over-https-for-linux-malware-communication/

https://www.bleepingcomputer.com/news/security/decoy-dog-malware-toolkit-found-after-analyzing-70-billion-daily-dns-queries/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a

https://oddvar.moe/2018/03/21/persistence-using-runonceex-hidden-from-autoruns-exe/

https://www.bleepingcomputer.com/news/security/chinese-hackers-use-new-custom-backdoor-to-evade-detection/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-242a

https://www.bleepingcomputer.com/news/security/new-fractureiser-malware-used-curseforge-minecraft-mods-to-infect-windows-linux/

https://attack.mitre.org/techniques/T1547/001/

https://github.com/gentilkiwi/mimikatz

https://www.cisa.gov/news-events/analysis-reports/ar19-100a

https://www.bleepingcomputer.com/news/security/qubitstrike-attacks-rootkit-jupyter-linux-servers-to-steal-credentials/

https://taomm.org/PDFs/vol1/CH%200x02%20Persistence.pdf

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Wingbird.A!dha

https://www.bleepingcomputer.com/news/security/hackers-use-new-icebreaker-malware-to-breach-gaming-companies/

https://www.cisa.gov/sites/default/files/publications/AA22-083A_TTPs_of_Indicted_State-Sponsored_Russian_Cyber_Actors_Targeting_the_Energy_Sector.pdf

https://attack.mitre.org/techniques/T1547/010/

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf

https://www.bleepingcomputer.com/news/security/new-pipemon-malware-uses-windows-print-processors-for-persistence/

https://redcanary.com/blog/netwire-remote-access-trojan-on-linux/

https://attack.mitre.org/techniques/T1547/015/

https://redcanary.com/blog/blue-mockingbird-cryptominer/

https://www.bleepingcomputer.com/news/security/meet-noescape-avaddon-ransomware-gangs-likely-successor/

https://www.trendmicro.com/en_za/research/23/c/emotet-returns-now-adopts-binary-padding-for-evasion.html

https://www.fortinet.com/blog/threat-research/originbotnet-spreads-via-malicious-word-document

https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html

https://asec.ahnlab.com/en/48063/

https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/yellow-liderc-ships-its-scripts-delivers-imaploader-malware.html

https://blog.morphisec.com/proxyshellminer-campaign

https://www.quorumcyber.com/wp-content/uploads/2023/01/Malware-Analysis-Vidar.pdf

https://developer.mozilla.org/en-US/docs/Web/API/Blob

https://www.outflank.nl/blog/2018/08/14/html-smuggling-explained/

https://www.trendmicro.com/vinfo/us/threat-encyclopedia/spam/3730/qakbot-sneaks-in-via-html-smuggling-and-html-downloader

https://www.txone.com/blog/malware-analysis-lockbit-3-0/

https://www.sentinelone.com/labs/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/

https://blog.aquasec.com/threat-alert-apache-applications-targeted-by-stealthy-attacker

https://bashfuscator.readthedocs.io/en/latest/Mutators/command_obfuscators/index.html

https://github.com/danielbohannon/Invoke-Obfuscation

https://github.com/danielbohannon/Invoke-DOSfuscation

https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/

https://wazuh.com/blog/darkwatchman-rat-detection/

https://cyble.com/blog/fileless-pure-clipper-malware-italian-users-in-the-crosshairs/

https://www.uperesia.com/booby-trapped-shortcut

http://paperpile.com/b/RiRbam/BR0x

https://pypi.org/project/LnkParse3/

https://www.docguard.io/deep-dive-analysis-of-shell-link-lnk-binary-file-format-and-malicious-lnk-files/