| https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections | https://blog.prevailion.com/2020/05/phantom-in-command-shell5.html | May 06 - [Prevailion] Phantom in the Command Shell | 📕 | 97 | GitHub - CyberMonitor/APT_CyberCriminal_Campagin_Collections: APT & CyberCriminal Campaign Collection · GitHub |
| https://andreacristaldi.github.io/APTmap/ | https://blog.prevailion.com/2020/03/the-curious-case-of-criminal-curriculum.html | — | 94 | APTMAP - Advanced Persistent Threat Map |
| https://riskybiznews.substack.com/p/risky-biz-news-hackers-hit-iranian | https://www.prevailion.com/phantom-in-the-command-shell-2/ | first spotted two years ago | 93 | Risky Biz News: Hackers hit Iranian steel industry |
| https://blogs.blackberry.com/en/2021/10/drawing-a-dragon-connecting-the-dots-to-find-apt41 | https://www.prevailion.com/the-gh0st-remains-the-same-2/ | those of two additional campaigns documented by Positive Technologies and Prevailion . These posts were titled "Higaisa or Winnti? APT41 backdoors, | 90 | Drawing a Dragon: Connecting the Dots to Find APT41 |
| https://www.rd.com/article/paypal-scams/ | https://www.prevailion.com/about/our-team/ | Karim Hijazi | 86 | 17 PayPal Scams to Avoid in 2025: How to Spot PayPal Scams |
| https://thehackernews.com/2021/12/new-fileless-malware-uses-windows.html | https://www.prevailion.com/darkwatchman-new-fileness-techniques/ | like self-updating and recompilation," researchers Matt Stafford and Sherman Smith said , adding it "represents an evolution in fileless malware techniques, | 86 | New Fileless Malware Uses Windows Registry as Storage to Evade Detection |
| https://www.darkreading.com/cyberattacks-data-breaches/-lyceum-threat-group-broadens-focus-to-isps | https://www.prevailion.com/latest-targets-of-cyber-group-lyceum/ | study | 85 | 'Lyceum' Threat Group Broadens Focus to ISPs |
| https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/ | https://blog.prevailion.com/2020/05/phantom-in-command-shell5.html | component, as a good analysis of the latest version was published recently by Prevailion . | 81 | More evil: A deep look at Evilnum and its toolset |
| https://cyberscoop.com/evilnum-financial-malware-prevailion/ | https://blog.prevailion.com/2020/05/phantom-in-command-shell5.html | accounted for BitDefender , but not Avast , according to Prevailion . | 80 | Hackers keep updating the EVILNUM malware to target the global financial sector |
| https://www.acn.gov.it/portale/w/analisi-delle-principali-vulnerabilita-sfruttate-in-campagne-cyber-pubblicamente-attribuite-ad-attori-di-matrice-russa-e-relative-mitigazioni-al01/220512/csirt-ita- | https://www.prevailion.com/what-wicked-webs-we-unweave/ | 15. https://www.prevailion.com/what-wicked-webs-we-unweave/ | 77 | Analisi delle principali vulnerabilità sfruttate in campagne cyber pubblicamente attribuite* ad attori di matrice russa e relative mitigazioni (AL01/220512/CSIRT-ITA) - ACN |
| https://www.cybereason.com/blog/research/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite | https://blog.prevailion.com/2019/09/autumn-aperture-report.html | Baby Shark / Autumn Aperture Campaign | 76 | Back to the Future: Inside the Kimsuky KGH Spyware Suite |
| https://socradar.io/labs/threat-actor/detail/600/TA428 | https://www.prevailion.com/the-gh0st-remains-the-same-2/ | https://www.prevailion.com/the-gh0st-remains-the-same-2/ | 75 | SOCRadar LABS - Tests On Your Security Posture |
| https://www.misp-project.org/galaxy.html | https://www.prevailion.com/darkwatchman-new-fileness-techniques/ | https://www.prevailion.com/darkwatchman-new-fileness-techniques/ | 72 | MISP Galaxy Clusters |
| https://iranwire.com/ar/from-inside-iran/105750-%D8%A7%D9%84%D9%83%D8%B4%D9%81-%D8%B9%D9%86-%D8%AD%D9%82%D9%8A%D9%82%D8%A9-%D8%A7%D8%B3%D8%AA%D8%AE%D8%AF%D8%A7%D9%85-%D8%AA%D8%B7%D8%A8%D9%8A%D9%82-%D8%A7%D9%84%D9%87%D8%A7%D8%AA%D9%81-%D8%A7%D9%84%D8%B0%D9%83%D9%8A-%D9%84%D9%84%D8%AA%D8%AC%D8%B3%D8%B3-%D8%B9%D9%84%D9%89-%D8%A7%D9%84%D8%A8%D9%87%D8%A7%D8%A6%D9%8A%D9%8A%D9%86/ | https://www.prevailion.com/summer-mirage-2/ | وبحسب ما ورد فقد نشطت شبكة Muddy Water منذ شهر تشرين الثاني من | 71 | الكشف عن حقيقة استخدام تطبيق الهاتف الذكي للتجسس على البهائيين |
| https://allegiscyber.com/team/robert-r-ackerman-jr/ | https://www.prevailion.com/ | Prevalion | 42 | Robert R. Ackerman Jr. - AllegisCyber Capital |
| https://montgomerysummit.com/companies/prevailion-inc/ | https://www.prevailion.com/ | Link | 41 | Prevailion, Inc. - The Montgomery Summit |
| https://www.myhatchpad.com/insight/you-need-to-protect-your-company-from-coronavirus-scams-local-dc-cybersecurity-firms-can-help/ | https://www.prevailion.com/marriott-attacked-via-third-party-vector-exposing-info-on-5-2-million-customers/ | Prevailion’s platform showed evidence an attack was coming in 2019 when their Apex platform picked up on an “elevated level of compromise.” | 30 | You need to protect your company from Coronavirus scams. Local DC Cybersecurity firms can help. - Hatchpad |
| https://reveald.com/threat-actors | https://www.prevailion.com/what-wicked-webs-we-unweave/ | 9 | 23 | Epiphany Monitored Threat Actors | Reveald, Inc. |
| https://hippo.azimech.net/AtTheSpring/KnowledgeKasperskyDiary.html | https://www.prevailion.com/darkwatchman-new-fileness-techniques/ | 「このキーロガーは、難読化されたC#ソースコードとして拡散し、Base64でエンコードされたPowerShellコマンドとして処理されレジストリに格納される。このRATが起動すると、このPowerShellスクリプトを実行し、次に、キーロガーをコンパイルし実行する」続いて「このキーロガー自体はC2(コマンドアンドコントロール サーバ)と相互通信はしないし、ディスク上への書き込みもしない。代わりに、このキーロガーがバッファとして使用しているレジストリキーにキーログを書き込む。この操作の間、このRATはログしたキーストロークをC2サーバに送信する前に、このバッファをスクレイピング(【訳注】必要なデータをWeb等から取得する行為)しクリアする」と、Prevailionの研究者Matt StaffordとSherman Smithは彼らの レポート の中で説明している。 | 11 | セキュリティ情報‥ |
| https://www.questechie.com/2021/12/ | https://www.prevailion.com/darkwatchman-new-fileness-techniques/ | According to Prevailion’s Adversarial Counterintelligence Team (PACT), DarkWatchman uses a robust Domain Generation Algorithm (DGA) to identify its | 2 | December 2021 - Questechie |