Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-10-21Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20211021:new:11cf9aa, author = {Microsoft Security Intelligence}, title = {{Tweet on new variant of mac malware UpdateAgent/WizardUpdate}}, date = {2021-10-21}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1451279679059488773}, language = {English}, urldate = {2021-10-26} } Tweet on new variant of mac malware UpdateAgent/WizardUpdate
Vigram
2021-10-12ElasticElastic Security Intelligence & Analytics Team
@online{team:20211012:going:5ac7c9d, author = {Elastic Security Intelligence & Analytics Team}, title = {{Going Coast to Coast - Climbing the Pyramid with the Deimos Implant}}, date = {2021-10-12}, organization = {Elastic}, url = {https://www.elastic.co/blog/going-coast-to-coast-climbing-the-pyramid-with-the-deimos-implant}, language = {English}, urldate = {2021-10-26} } Going Coast to Coast - Climbing the Pyramid with the Deimos Implant
Deimos
2021-09-25Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210925:thread:afea874, author = {Microsoft Security Intelligence}, title = {{Thread on Malicious Android apps posing as bank loan services are being widely distributed to targets in Asia}}, date = {2021-09-25}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1441524497924833282?s=20}, language = {English}, urldate = {2021-09-28} } Thread on Malicious Android apps posing as bank loan services are being widely distributed to targets in Asia
Unidentified APK 006
2021-08-04Security IntelligenceAllison Wikoff, Richard Emerson
@online{wikoff:20210804:itg18:f2f125f, author = {Allison Wikoff and Richard Emerson}, title = {{ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group}}, date = {2021-08-04}, organization = {Security Intelligence}, url = {https://securityintelligence.com/posts/itg18-operational-security-errors-plague-iranian-threat-group/}, language = {English}, urldate = {2021-08-23} } ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group
LittleLooter
2021-07-27ElasticElastic Security Intelligence & Analytics Team
@online{team:20210727:collecting:fb21718, author = {Elastic Security Intelligence & Analytics Team}, title = {{Collecting and operationalizing threat data from the Mozi botnet}}, date = {2021-07-27}, organization = {Elastic}, url = {https://www.elastic.co/blog/collecting-and-operationalizing-threat-data-from-the-mozi-botnet}, language = {English}, urldate = {2021-07-29} } Collecting and operationalizing threat data from the Mozi botnet
Mozi
2021-07-24Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210724:attackers:4a3d443, author = {Microsoft Security Intelligence}, title = {{Tweet on attackers increasingly using HTML smuggling in phishing and other email campaigns to deliver Casbaneiro}}, date = {2021-07-24}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1418706916922986504}, language = {English}, urldate = {2021-08-02} } Tweet on attackers increasingly using HTML smuggling in phishing and other email campaigns to deliver Casbaneiro
Metamorfo
2021-06-11Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210611:solarmarkerjupyter:86c4f14, author = {Microsoft Security Intelligence}, title = {{Tweet on solarmarker/Jupyter malware}}, date = {2021-06-11}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1403461397283950597}, language = {English}, urldate = {2021-06-21} } Tweet on solarmarker/Jupyter malware
solarmarker
2021-05-20Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210520:javabased:ce966f5, author = {Microsoft Security Intelligence}, title = {{Tweet on Java-based STRRAT malware campaign distributed via email}}, date = {2021-05-20}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1395138347601854465}, language = {English}, urldate = {2021-05-25} } Tweet on Java-based STRRAT malware campaign distributed via email
STRRAT
2021-05-11Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210511:snip3:69a4650, author = {Microsoft Security Intelligence}, title = {{Tweet on Snip3 crypter delivering AsyncRAT or AgentTesla}}, date = {2021-05-11}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1392219299696152578}, language = {English}, urldate = {2021-05-13} } Tweet on Snip3 crypter delivering AsyncRAT or AgentTesla
Agent Tesla AsyncRAT
2021-03-18SUPO Finnish Security Intelligence ServiceSUPO Finnish Security Intelligence Service
@online{service:20210318:supo:9dc5c66, author = {SUPO Finnish Security Intelligence Service}, title = {{Supo identified the cyber espionage operation against the parliament as APT31}}, date = {2021-03-18}, organization = {SUPO Finnish Security Intelligence Service}, url = {https://supo.fi/-/suojelupoliisi-tunnisti-eduskuntaan-kohdistuneen-kybervakoiluoperaation-apt31-ksi}, language = {Finnish}, urldate = {2021-03-19} } Supo identified the cyber espionage operation against the parliament as APT31
APT31
2021-03-02Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210302:gootkit:30182a1, author = {Microsoft Security Intelligence}, title = {{Tweet on Gootkit malware campaign}}, date = {2021-03-02}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1366542130731094021}, language = {English}, urldate = {2021-03-04} } Tweet on Gootkit malware campaign
GootKit
2020-12-13MicrosoftMicrosoft Security Intelligence
@online{intelligence:20201213:trojanmsilsolorigatebdha:f470d89, author = {Microsoft Security Intelligence}, title = {{Trojan:MSIL/Solorigate.B!dha}}, date = {2020-12-13}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:MSIL/Solorigate.B!dha}, language = {English}, urldate = {2020-12-14} } Trojan:MSIL/Solorigate.B!dha
SUNBURST
2020-10-06Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20201006:ta505:a34d957, author = {Microsoft Security Intelligence}, title = {{Tweet on TA505 threat actor exploiting Zerologon (CVE-2020-1472) Vulnerability}}, date = {2020-10-06}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1313598440719355904}, language = {English}, urldate = {2020-10-08} } Tweet on TA505 threat actor exploiting Zerologon (CVE-2020-1472) Vulnerability
2020-08-27Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20200827:anubis:e53422c, author = {Microsoft Security Intelligence}, title = {{Tweet on Anubis Stealer}}, date = {2020-08-27}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1298752223321546754}, language = {English}, urldate = {2020-09-01} } Tweet on Anubis Stealer
Anubis
2020-06-17Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20200617:thread:b4b74d5, author = {Microsoft Security Intelligence}, title = {{A tweet thread on TA505 using CAPTCHA to avoid detection and infecting victims with FlawedGrace}}, date = {2020-06-17}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1273359829390655488}, language = {English}, urldate = {2020-06-18} } A tweet thread on TA505 using CAPTCHA to avoid detection and infecting victims with FlawedGrace
FlawedGrace
2019-08-29Security IntelligenceOle Villadsen, Kevin Henson, Melissa Frydrych, Joey Victorino
@online{villadsen:20190829:moreeggs:8ff7351, author = {Ole Villadsen and Kevin Henson and Melissa Frydrych and Joey Victorino}, title = {{More_eggs, Anyone? Threat Actor ITG08 Strikes Again}}, date = {2019-08-29}, organization = {Security Intelligence}, url = {https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/}, language = {English}, urldate = {2020-01-13} } More_eggs, Anyone? Threat Actor ITG08 Strikes Again
More_eggs FIN6
2019-03-13Twitter (@WDSecurity)Microsoft Security Intelligence
@online{intelligence:20190313:tefosteal:24e56c1, author = {Microsoft Security Intelligence}, title = {{Tweet on Tefosteal}}, date = {2019-03-13}, organization = {Twitter (@WDSecurity)}, url = {https://twitter.com/WDSecurity/status/1105990738993504256}, language = {English}, urldate = {2020-01-05} } Tweet on Tefosteal
TefoSteal
2019-01-21Microsoft Security IntelligenceMicrosoft
@online{microsoft:20190121:hacktoolwin32remoteadmin:b0c34fd, author = {Microsoft}, title = {{HackTool:Win32/RemoteAdmin}}, date = {2019-01-21}, organization = {Microsoft Security Intelligence}, url = {https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=hacktool:win32/remoteadmin&ThreatID=2147731874}, language = {English}, urldate = {2020-05-18} } HackTool:Win32/RemoteAdmin
RemoteAdmin
2017-09-15Microsoft Security IntelligenceMicrosoft
@online{microsoft:20170915:trojanwin32enviserva:6ea9ea7, author = {Microsoft}, title = {{Trojan:Win32/Enviserv.A}}, date = {2017-09-15}, organization = {Microsoft Security Intelligence}, url = {https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Enviserv.A}, language = {English}, urldate = {2020-07-03} } Trojan:Win32/Enviserv.A
Enviserv
2017-09-15Microsoft Security IntelligenceJireh Sanico
@online{sanico:20170915:trojandownloaderwin32banload:01d40c5, author = {Jireh Sanico}, title = {{TrojanDownloader:Win32/Banload}}, date = {2017-09-15}, organization = {Microsoft Security Intelligence}, url = {https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=TrojanDownloader%3AWin32%2FBanload}, language = {English}, urldate = {2019-10-26} } TrojanDownloader:Win32/Banload
Banload