Analyzed CTI Reports

CTI reports about incidents and malware analysis, analyzed by LLM's for TTPs.
With focus on the procedures part, which is generally missing in TTP analysis.
No IOCs are included, as they are not important.

2025-06-17   CVE-2025-33053, Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage
2025-07-16   From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery
2025-06-27   OneClik: A ClickOnce-Based APT Campaign Targeting Energy, Oil and Gas Infrastructure
2025-05-27   Don’t drop password managers (but password managers shouldn’t drop malware)
2025-03-26   PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure
2025-03-20   Confluence Exploit Leads to LockBit Ransomware
2025-03-21   Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
2025-06-17   A Wretch Client: From ClickFix deception to information stealer deployment
2025-03-21   Havoc: SharePoint with Microsoft Graph API turns into FUD C2
2025-05-27   Fox-IT Declassified Technical Report - Investigation into compromised network environment
2025-03-20   Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers
2025-03-20   New campaign targeting security researchers
2025-03-21   Babble Babble Babble Babble Babble Babble BabbleLoader
2025-03-20   An inside look at NSA (Equation Group) TTPs from China’s lense
2025-03-20   Operation SalmonSlalom - A new attack targeting industrial organizations in APAC
2025-03-20   Analysis of attack activities of Moonstone sleet a division of APT-C-26 (Lazarus) group
2025-06-18   ESET Operation RoundPress
2025-03-20   Squidoor: Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations
2025-06-17   Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation
2025-03-20   Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware
2025-03-27   https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell
2025-03-21   The GitVenom campaign: cryptocurrency theft using GitHub
2025-03-21   The Crypto Game of Lazarus APT: Investors vs. Zero-days
2025-03-20   SideWinder targets the maritime and nuclear sectors with an updated toolset
2025-04-30   Operation HollowQuill: Malware delivered into Russian R&D Networks via Research Decoy PDFs.
2025-03-21   Kimsuky A Gift That Keeps on Giving
2025-06-18   From Water to Wine: An Analysis of WINELOADER
2025-03-21   New Steganographic Campaign Distributing Multiple Malware
2025-03-21   Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia
2025-04-02   The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques
2025-03-20   CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks
2025-03-27   CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin
2025-03-20   Lynx Ransomware Analysis; An Advanced Post-Exploitation Ransomware
2025-03-21   DodgeBox: A deep dive into the updated arsenal of APT41 | Part 1