Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-08FireEyeRyan Serabian, Lee Foster
@online{serabian:20210908:proprc:f8e9644, author = {Ryan Serabian and Lee Foster}, title = {{Pro-PRC Influence Campaign Expands to Dozens of Social Media Platforms, Websites, and Forums in at Least Seven Languages, Attempted to Physically Mobilize Protesters in the U.S.}}, date = {2021-09-08}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/09/pro-prc-influence-campaign-social-media-websites-forums.html}, language = {English}, urldate = {2021-09-10} } Pro-PRC Influence Campaign Expands to Dozens of Social Media Platforms, Websites, and Forums in at Least Seven Languages, Attempted to Physically Mobilize Protesters in the U.S.
2021-09-03FireEyeAdrian Sanchez Hernandez, Govand Sinjari, Joshua Goddard, Brendan McKeague, John Wolfram, Alex Pennino, Andrew Rector, Harris Ansari, Yash Gupta
@online{hernandez:20210903:pst:a8de902, author = {Adrian Sanchez Hernandez and Govand Sinjari and Joshua Goddard and Brendan McKeague and John Wolfram and Alex Pennino and Andrew Rector and Harris Ansari and Yash Gupta}, title = {{PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers}}, date = {2021-09-03}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/09/proxyshell-exploiting-microsoft-exchange-servers.html}, language = {English}, urldate = {2021-09-06} } PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers
CHINACHOPPER HTran
2021-09-01FireEyeAdrien Bataille, Blaine Stancill
@online{bataille:20210901:too:5f62b52, author = {Adrien Bataille and Blaine Stancill}, title = {{Too Log; Didn't Read — Unknown Actor Using CLFS Log Files for Stealth}}, date = {2021-09-01}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html}, language = {English}, urldate = {2021-09-02} } Too Log; Didn't Read — Unknown Actor Using CLFS Log Files for Stealth
PRIVATELOG STASHLOG
2021-08-18FireEyeAaron Stephens
@online{stephens:20210818:detecting:9f06bf9, author = {Aaron Stephens}, title = {{Detecting Embedded Content in OOXML Documents}}, date = {2021-08-18}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/08/detecting-embedded-content-in-ooxml-documents.html}, language = {English}, urldate = {2021-08-24} } Detecting Embedded Content in OOXML Documents
2021-08-10FireEyeIsrael Research Team, U.S. Threat Intel Team
@online{team:20210810:unc215:dbc483a, author = {Israel Research Team and U.S. Threat Intel Team}, title = {{UNC215: Spotlight on a Chinese Espionage Campaign in Israel}}, date = {2021-08-10}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/08/unc215-chinese-espionage-campaign-in-israel.html}, language = {English}, urldate = {2021-08-11} } UNC215: Spotlight on a Chinese Espionage Campaign in Israel
HyperBro HyperSSL MimiKatz
2021-08-04FireEyeDoug Bienstock, Josh Madeley
@techreport{bienstock:20210804:cloudy:a74cb93, author = {Doug Bienstock and Josh Madeley}, title = {{Cloudy with a Chance of APTNovel Microsoft 365 Attacks in the Wild}}, date = {2021-08-04}, institution = {FireEye}, url = {https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Cloudy-With-A-Chance-Of-APT-Novel-Microsoft-365-Attacks-In-The-Wild.pdf}, language = {English}, urldate = {2021-08-06} } Cloudy with a Chance of APTNovel Microsoft 365 Attacks in the Wild
2021-06-16FireEyeTyler McLellan, Robert Dean, Justin Moore, Nick Harbour, Mike Hunhoff, Jared Wilson
@online{mclellan:20210616:smoking:fa6559d, author = {Tyler McLellan and Robert Dean and Justin Moore and Nick Harbour and Mike Hunhoff and Jared Wilson}, title = {{Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise}}, date = {2021-06-16}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html}, language = {English}, urldate = {2021-06-21} } Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
Cobalt Strike FiveHands
2021-05-27FireEyeDan Perez, Sarah Jones, Greg Wood, Stephen Eckels, Emiel Haeghebaert
@online{perez:20210527:rechecking:cd4a304, author = {Dan Perez and Sarah Jones and Greg Wood and Stephen Eckels and Emiel Haeghebaert}, title = {{Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices}}, date = {2021-05-27}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/05/updates-on-chinese-apt-compromising-pulse-secure-vpn-devices.html}, language = {English}, urldate = {2021-06-09} } Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices
2021-05-25FireEyeKeith Lunden, Daniel Kapellmann Zafra, Nathan Brubaker
@online{lunden:20210525:crimes:6597645, author = {Keith Lunden and Daniel Kapellmann Zafra and Nathan Brubaker}, title = {{Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises}}, date = {2021-05-25}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/05/increasing-low-sophistication-operational-technology-compromises.html}, language = {English}, urldate = {2021-06-16} } Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises
2021-05-11FireEyeJordan Nuce, Jeremy Kennelly, Kimberly Goody, Andrew Moore, Alyssa Rahman, Brendan McKeague, Jared Wilson
@online{nuce:20210511:shining:339d137, author = {Jordan Nuce and Jeremy Kennelly and Kimberly Goody and Andrew Moore and Alyssa Rahman and Brendan McKeague and Jared Wilson}, title = {{Shining a Light on DARKSIDE Ransomware Operations}}, date = {2021-05-11}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html}, language = {English}, urldate = {2021-05-13} } Shining a Light on DARKSIDE Ransomware Operations
Cobalt Strike DarkSide
2021-05-04FireEyeNick Richard, Dimiter Andonov
@online{richard:20210504:unc2529:4213d1c, author = {Nick Richard and Dimiter Andonov}, title = {{The UNC2529 Triple Double: A Trifecta Phishing Campaign}}, date = {2021-05-04}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/05/unc2529-triple-double-trifecta-phishing-campaign.html}, language = {English}, urldate = {2021-05-19} } The UNC2529 Triple Double: A Trifecta Phishing Campaign
DOUBLEBACK
2021-04-29FireEyeTyler McLellan, Justin Moore, Raymond Leong
@online{mclellan:20210429:unc2447:2ad0d96, author = {Tyler McLellan and Justin Moore and Raymond Leong}, title = {{UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat}}, date = {2021-04-29}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html}, language = {English}, urldate = {2021-09-09} } UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat
FiveHands HelloKitty
2021-04-28FireEyeLee Foster, David Mainor, Ben Read, Sam Riddell, Gabby Roncone, Lindsay Smith, Alden Wahlstrom
@online{foster:20210428:ghostwriter:3455770, author = {Lee Foster and David Mainor and Ben Read and Sam Riddell and Gabby Roncone and Lindsay Smith and Alden Wahlstrom}, title = {{Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity}}, date = {2021-04-28}, organization = {FireEye}, url = {https://content.fireeye.com/web-assets/rpt-unc1151-ghostwriter-update}, language = {English}, urldate = {2021-05-03} } Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity
2021-04-27FireEyeDoug Bienstock
@online{bienstock:20210427:abusing:60f23c5, author = {Doug Bienstock}, title = {{Abusing Replication: Stealing AD FS Secrets Over the Network}}, date = {2021-04-27}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/04/abusing-replication-stealing-adfs-secrets-over-the-network.html}, language = {English}, urldate = {2021-04-29} } Abusing Replication: Stealing AD FS Secrets Over the Network
2021-04-20FireEyeJosh Fleischer, Chris DiGiamo, Alex Pennino
@online{fleischer:20210420:zeroday:0641c6a, author = {Josh Fleischer and Chris DiGiamo and Alex Pennino}, title = {{Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise}}, date = {2021-04-20}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/04/zero-day-exploits-in-sonicwall-email-security-lead-to-compromise.html}, language = {English}, urldate = {2021-04-28} } Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise
2021-04-20FireEyeDan Perez, Sarah Jones, Greg Wood, Stephen Eckels, Stroz Friedberg, Joshua Villanueva, Regina Elwell, Jonathan Lepore, Dimiter Andonov, Josh Triplett, Jacob Thompson
@online{perez:20210420:check:986d162, author = {Dan Perez and Sarah Jones and Greg Wood and Stephen Eckels and Stroz Friedberg and Joshua Villanueva and Regina Elwell and Jonathan Lepore and Dimiter Andonov and Josh Triplett and Jacob Thompson}, title = {{Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day}}, date = {2021-04-20}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html}, language = {English}, urldate = {2021-04-21} } Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day
2021-04-20Github (fireeye)FireEye, Mandiant
@online{fireeye:20210420:fireeye:287db5f, author = {FireEye and Mandiant}, title = {{FireEye Mandiant PulseSecure Exploitation Countermeasures}}, date = {2021-04-20}, organization = {Github (fireeye)}, url = {https://github.com/fireeye/pulsesecure_exploitation_countermeasures/}, language = {English}, urldate = {2021-04-20} } FireEye Mandiant PulseSecure Exploitation Countermeasures
2021-03-31FireEyeDavid Via, Scott Runnels
@online{via:20210331:back:f31add1, author = {David Via and Scott Runnels}, title = {{Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service}}, date = {2021-03-31}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/03/attacker-use-of-windows-background-intelligent-transfer-service.html}, language = {English}, urldate = {2021-04-06} } Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service
2021-03-04FireEyeLindsay Smith, Jonathan Leathery, Ben Read
@online{smith:20210304:new:53f1d8d, author = {Lindsay Smith and Jonathan Leathery and Ben Read}, title = {{New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452}}, date = {2021-03-04}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/03/sunshuttle-second-stage-backdoor-targeting-us-based-entity.html}, language = {English}, urldate = {2021-03-06} } New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452
UNC2452
2021-03-04FireEyeMatt Bromiley, Chris DiGiamo, Andrew Thompson, Robert Wallace
@online{bromiley:20210304:detection:3b8c16f, author = {Matt Bromiley and Chris DiGiamo and Andrew Thompson and Robert Wallace}, title = {{Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities}}, date = {2021-03-04}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/03/detection-response-to-exploitation-of-microsoft-exchange-zero-day-vulnerabilities.html}, language = {English}, urldate = {2021-03-10} } Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities
CHINACHOPPER HAFNIUM