Malpedia Library

Click here to download all references as Bib-File.•

2021-03-04 ⋅ Microsoft ⋅ Andrea Lelli, Microsoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC), Ramin Nafisi
GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
SUNBURST TEARDROP UNC2452

2021-03-04 ⋅ WMC Global ⋅ WMC Global Threat Intelligence Team
The Compact Campaign

2021-03-02 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team, Microsoft 365 Security, Microsoft Threat Intelligence Center (MSTIC)
HAFNIUM targeting Exchange Servers with 0-day exploits
CHINACHOPPER HAFNIUM

2021-03-02 ⋅ Microsoft ⋅ Microsoft Threat Intelligence Center (MSTIC)
HAFNIUM targeting Exchange Servers with 0-day exploits
PowerCat

2021-02-24 ⋅ IBM ⋅ IBM SECURITY X-FORCE
X-Force Threat Intelligence Index 2021
Emotet QakBot Ramnit REvil TrickBot

2021-02-23 ⋅ Medium (Katie’s Five Cents) ⋅ Katie Nickels
A Cyber Threat Intelligence Self-Study Plan: Part 1

2021-02-12 ⋅ Malwarebytes ⋅ Threat Intelligence Team
Malvertising campaign on PornHub and other top adult brands exposes users to tech support scams

2021-02-10 ⋅ Anheng Threat Intelligence Center ⋅ Hunting Shadow Lab
Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack

2021-02-01 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team
What tracking an attacker email infrastructure tells us about persistent cybercriminal operations
Dridex Emotet Makop Ransomware SmokeLoader TrickBot

2021-01-29 ⋅ Malwarebytes ⋅ Threat Intelligence Team
Cleaning up after Emotet: the law enforcement file
Emotet

2021-01-28 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
ZINC attacks against security researchers
ComeBacker Klackring

2021-01-26 ⋅ ⋅ 360 Threat Intelligence Center ⋅ Advanced Threat Institute
Shell Break-Lazarus (APT-C-26) organized targeted attacks against security researchers to reveal the secret

2021-01-26 ⋅ ⋅ Anheng Threat Intelligence Center ⋅ Hunting Shadow Lab
Undefeated, hackers use Visual Studio compiler features to target binary vulnerabilities security researcher

2021-01-21 ⋅ ⋅ 360 Threat Intelligence Center ⋅ Advanced Threat Institute
Disclosure of Manling Flower Organization (APT-C-08) using Warzone RAT attack
Ave Maria

2021-01-20 ⋅ Microsoft ⋅ Microsoft 365 Defender Research Team, Microsoft Cyber Defense Operations Center (CDOC), Microsoft Threat Intelligence Center (MSTIC)
Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
Cobalt Strike SUNBURST TEARDROP

2021-01-14 ⋅ PTSecurity ⋅ PT ESC Threat Intelligence
Higaisa or Winnti? APT41 backdoors, old and new
Cobalt Strike CROSSWALK FunnySwitch PlugX ShadowPad

2021-01-08 ⋅ Reaqta ⋅ ReaQta Threat Intelligence Team
Leonardo S.p.A. Data Breach Analysis

2020-12-18 ⋅ Microsoft ⋅ Microsoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC)
Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers
SUNBURST SUPERNOVA TEARDROP UNC2452

2020-12-16 ⋅ ⋅ 360 Threat Intelligence Center ⋅ Advanced Threat Institute
旺刺组织（APT-C-47）使用ClickOnce技术的攻击活动披露

2020-12-15 ⋅ ⋅ 360 Threat Intelligence Center ⋅ Advanced Threat Institute
Operation Falling Eagle-the secret of the most influential supply chain attack in history
SUNBURST