ORKL
ORKL Threat Intelligence Library
Threat Reports
Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium | WeLiveSecurity
ESET researchers have discovered Lazarus attacks against targets in the Netherlands and Belgium that use spearphishing emails connected to fake job offers.
Dashboard · The Shadowserver Foundation
Alchimist: A new attack framework in Chinese for Mac, Linux and Windows
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
Securonix Threat Labs Security Advisory: Detecting STEEP#MAVERICK: New Covert Attack Campaign Targeting Military Contractors
Attackers target Ukraine using GoMet backdoor
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
APT40: Examining a China-Nexus Espionage Actor | Mandiant
Lebanese Cedar APT: Global Lebanese Espionage Campaign Leveraging Web Servers
Gamaredon group grows its game | WeLiveSecurity
ESET research discovers several previously undocumented post-compromise tools used by the highly active Gamaredon APT group in various malicious campaigns.
ToddyCat: Unveiling an unknown APT actor attacking high-profile entities in Europe and Asia
ToddyCat is a relatively new APT actor, its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.
Chinese actor takes aim, armed with Nim Language and Bizarro AES - Check Point Research
Executive Summary In this article, Check Point Research shares findings on a group / activity cluster with ties to Tropic Trooper: The infection chain includes a previously undescribed loader (dubbed “Nimbda”) written in Nim language. This loader was observed bundled with a Chinese language greyware “SMS Bomber” tool that is most likely illegally distributed in... Click to Read More
Threat Detection Report: Introduction
Our Threat Detection Report takes a close look at the most prevalent techniques & threats to help security teams focus on what matters most.
LOWKEY: Hunting for the Missing Volume Serial ID | Mandiant
A Summary of APT41 Targeting U.S. State Governments
APT41’s persistent effort allowed them to successfully compromise at least six U.S. state government networks.
MITRE ATT&CK®
Ugg Boots 4 Sale: A Tale of Palestinian-Aligned Espionage | Proofpoint US
Log4j2 In The Wild | Iranian-Aligned Threat Actor "TunnelVision" Actively Exploiting VMware Horizon
Threat actor exploits Log4j2 vulnerabilities to drop PowerShell backdoors, harvest credentials, and communicate via legitimate services.
Operation Bleeding Bear - Elastic Security Research
Elastic Security verifies new destructive malware targeting Ukraine: Operation Bleeding Bear
StellarParticle Campaign: Novel Tactics and Techniques | CrowdStrike
This blog discusses the StellarParticle campaign and the novel tactics and techniques used in supply chain attacks observed by CrowdStrike incident responders.