Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-07-27MicrosoftMicrosoft Threat Intelligence Center (MSTIC), MSRC Team, RiskIQ
@online{mstic:20220727:untangling:27dd5d0, author = {Microsoft Threat Intelligence Center (MSTIC) and MSRC Team and RiskIQ}, title = {{Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits}}, date = {2022-07-27}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/}, language = {English}, urldate = {2022-07-28} } Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
Subzero
2022-07-14MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20220714:north:876e680, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{North Korean threat actor (H0lyGh0st /DEV-0530) targets small and midsize businesses with H0lyGh0st ransomware}}, date = {2022-07-14}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/14/north-korean-threat-actor-targets-small-and-midsize-businesses-with-h0lygh0st-ransomware/}, language = {English}, urldate = {2022-07-15} } North Korean threat actor (H0lyGh0st /DEV-0530) targets small and midsize businesses with H0lyGh0st ransomware
SiennaBlue SiennaPurple
2022-07-12MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Research Team
@online{mstic:20220712:from:3d3a8e3, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team}, title = {{From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud}}, date = {2022-07-12}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/}, language = {English}, urldate = {2022-07-15} } From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
2022-07-05MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20220705:hive:840b6e9, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Hive ransomware gets upgrades in Rust}}, date = {2022-07-05}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/05/hive-ransomware-gets-upgrades-in-rust/}, language = {English}, urldate = {2022-07-13} } Hive ransomware gets upgrades in Rust
Hive
2022-06-08Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20220608:operation:3fe580d, author = {Red Raindrop Team}, title = {{Operation Tejas: A dying elephant curled up in the Kunlun Mountains}}, date = {2022-06-08}, organization = {Qianxin Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/8j_rHA7gdMxY1_X8alj8Zg}, language = {English}, urldate = {2022-06-09} } Operation Tejas: A dying elephant curled up in the Kunlun Mountains
HAZY TIGER RAZOR TIGER
2022-06-02MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20220602:exposing:b85423c, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{Exposing POLONIUM activity and infrastructure targeting Israeli organizations}}, date = {2022-06-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/}, language = {English}, urldate = {2022-06-02} } Exposing POLONIUM activity and infrastructure targeting Israeli organizations
POLONIUM
2022-06-01Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20220601:analysis:03a76ad, author = {Red Raindrop Team}, title = {{Analysis of the attack activities of the Maha grass group using the documents of relevant government agencies in Pakistan as bait}}, date = {2022-06-01}, organization = {Qianxin Threat Intelligence Center}, url = {https://ti.qianxin.com/blog/articles/analysis-of-the-attack-activities-of-patchwork-using-the-documents-of-relevant-government-agencies-in-pakistan-as-bait}, language = {English}, urldate = {2022-07-05} } Analysis of the attack activities of the Maha grass group using the documents of relevant government agencies in Pakistan as bait
BadNews QUILTED TIGER
2022-05-18Weixin360 Threat Intelligence Center
@online{center:20220518:filesyncshelldll:4266601, author = {360 Threat Intelligence Center}, title = {{filesyncshell.dll hijacked? APT-C-24 Sidewinder Briefing on the Latest Attack Activity}}, date = {2022-05-18}, organization = {Weixin}, url = {https://mp.weixin.qq.com/s/qsGxZIiTsuI7o-_XmiHLHg}, language = {Chinese}, urldate = {2022-05-25} } filesyncshell.dll hijacked? APT-C-24 Sidewinder Briefing on the Latest Attack Activity
2022-05-09MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20220509:ransomwareasaservice:13ec472, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself}}, date = {2022-05-09}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself}, language = {English}, urldate = {2022-05-17} } Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT
2022-05-09Qianxin Threat Intelligence CenterRed Raindrops Team
@online{team:20220509:operation:5c9c0d7, author = {Red Raindrops Team}, title = {{Operation EviLoong: An electronic party of "borderless" hackers}}, date = {2022-05-09}, organization = {Qianxin Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/K1uBLGqD8kgsIp1yTyYBfw}, language = {Chinese}, urldate = {2022-05-17} } Operation EviLoong: An electronic party of "borderless" hackers
ZXShell
2022-05-09Microsoft SecurityMicrosoft Threat Intelligence Center, Microsoft 365 Defender Threat Intelligence Team
@online{center:20220509:ransomwareasaservice:3dac44d, author = {Microsoft Threat Intelligence Center and Microsoft 365 Defender Threat Intelligence Team}, title = {{Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself}}, date = {2022-05-09}, organization = {Microsoft Security}, url = {https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/}, language = {English}, urldate = {2022-06-02} } Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
Griffon BazarBackdoor BlackCat BlackMatter Blister Gozi LockBit Pandora Rook SystemBC TrickBot
2022-04-12360 Threat Intelligence Center360 Beacon Lab
@online{lab:20220412:recent:2a11b0c, author = {360 Beacon Lab}, title = {{Recent attacks by Bahamut group revealed}}, date = {2022-04-12}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/YAAybJBAvxqrQWYDg31BBw}, language = {Chinese}, urldate = {2022-04-15} } Recent attacks by Bahamut group revealed
Bahamut
2022-04-11Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20220411:snow:b930f42, author = {Red Raindrop Team}, title = {{Snow Abuse: Analysis of the Suspected Lazarus Attack Activities against South Korean Companies}}, date = {2022-04-11}, organization = {Qianxin Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/kcIaoB8Yta1zI6Py-uxupA}, language = {Chinese}, urldate = {2022-05-04} } Snow Abuse: Analysis of the Suspected Lazarus Attack Activities against South Korean Companies
2022-04-02institute for advanced threats360 Threat Intelligence Center
@online{center:20220402:waves:5aa4f65, author = {360 Threat Intelligence Center}, title = {{WAVES LURKING IN THE CALM OF THE WIND AND WAVES: A DYNAMIC ANALYSIS OF THE ATTACK ACTIVITIES OF THE APT-C-00 (SEALOTUS) ORGANIZATION}}, date = {2022-04-02}, organization = {institute for advanced threats}, url = {https://mp.weixin.qq.com/s/tBQSbv55lJUipaPWFr1fKw}, language = {Chinese}, urldate = {2022-04-05} } WAVES LURKING IN THE CALM OF THE WIND AND WAVES: A DYNAMIC ANALYSIS OF THE ATTACK ACTIVITIES OF THE APT-C-00 (SEALOTUS) ORGANIZATION
2022-03-22MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Detection and Response Team (DART), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20220322:dev0537:eea56dc, author = {Microsoft Threat Intelligence Center (MSTIC) and Detection and Response Team (DART) and Microsoft 365 Defender Threat Intelligence Team}, title = {{DEV-0537 (UNC3661) criminal actor targeting organizations for data exfiltration and destruction}}, date = {2022-03-22}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/}, language = {English}, urldate = {2022-08-05} } DEV-0537 (UNC3661) criminal actor targeting organizations for data exfiltration and destruction
RedLine Stealer LAPSUS
2022-03-22360 Threat Intelligence Center360 Threat Intelligence Center
@online{center:20220322:quantum:8629794, author = {360 Threat Intelligence Center}, title = {{Quantum Attack System – NSA "APT-C-40" Hacking Organization High-end Cyber Attack Weapon Technical Analysis Report (I)}}, date = {2022-03-22}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/lzf16Fchfv1fMG3IExq7XA}, language = {Chinese}, urldate = {2022-06-27} } Quantum Attack System – NSA "APT-C-40" Hacking Organization High-end Cyber Attack Weapon Technical Analysis Report (I)
2022-03-17SophosTilly Travers
@online{travers:20220317:ransomware:df38f2f, author = {Tilly Travers}, title = {{The Ransomware Threat Intelligence Center}}, date = {2022-03-17}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/}, language = {English}, urldate = {2022-03-18} } The Ransomware Threat Intelligence Center
ATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry Dharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker Ragnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker
2022-03-16MicrosoftMicrosoft Defender for IoT Research Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20220316:uncovering:aae61b5, author = {Microsoft Defender for IoT Research Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure}}, date = {2022-03-16}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/03/16/uncovering-trickbots-use-of-iot-devices-in-command-and-control-infrastructure/}, language = {English}, urldate = {2022-03-17} } Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
TrickBot
2022-02-23Weixin360 Threat Intelligence Center
@online{center:20220223:aptc58:fb10a0a, author = {360 Threat Intelligence Center}, title = {{APT-C-58 (Gorgon Group) attack warning}}, date = {2022-02-23}, organization = {Weixin}, url = {https://mp.weixin.qq.com/s/X0kAIHOSldiFDthb4IsmbQ}, language = {Chinese}, urldate = {2022-03-01} } APT-C-58 (Gorgon Group) attack warning
Agent Tesla
2022-02-04MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20220204:actinium:739151c, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{ACTINIUM targets Ukrainian organizations}}, date = {2022-02-04}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/}, language = {English}, urldate = {2022-02-07} } ACTINIUM targets Ukrainian organizations
Pteranodon Gamaredon Group