Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-03-16MicrosoftMSRC Team
@online{team:20210316:guidance:c9a881b, author = {MSRC Team}, title = {{Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities}}, date = {2021-03-16}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2021/03/16/guidance-for-responders-investigating-and-remediating-on-premises-exchange-server-vulnerabilities/}, language = {English}, urldate = {2021-03-19} } Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities
2021-03-15Team CymruJosh Hopkins
@online{hopkins:20210315:fin8:838cdc2, author = {Josh Hopkins}, title = {{FIN8: BADHATCH Threat Indicator Enrichmen}}, date = {2021-03-15}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/03/15/fin8-badhatch-threat-indicator-enrichment/}, language = {English}, urldate = {2021-03-18} } FIN8: BADHATCH Threat Indicator Enrichmen
BADHATCH
2021-03-10ProofpointDennis Schwarz, Matthew Mesa, Proofpoint Threat Research Team
@online{schwarz:20210310:nimzaloader:f6960d4, author = {Dennis Schwarz and Matthew Mesa and Proofpoint Threat Research Team}, title = {{NimzaLoader: TA800’s New Initial Access Malware}}, date = {2021-03-10}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware}, language = {English}, urldate = {2021-03-12} } NimzaLoader: TA800’s New Initial Access Malware
BazarNimrod Cobalt Strike
2021-03-09splunkSecurity Research Team
@online{team:20210309:cloud:4deeb78, author = {Security Research Team}, title = {{Cloud Federated Credential Abuse & Cobalt Strike: Threat Research February 2021}}, date = {2021-03-09}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/cloud-federated-credential-abuse-cobalt-strike-threat-research-feb-2021.html}, language = {English}, urldate = {2021-03-11} } Cloud Federated Credential Abuse & Cobalt Strike: Threat Research February 2021
Cobalt Strike
2021-03-09MicrosoftMSRC Team
@online{team:20210309:microsoft:3e03bbf, author = {MSRC Team}, title = {{Microsoft Exchange Server Vulnerabilities Mitigations – updated March 9, 2021}}, date = {2021-03-09}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021}, language = {English}, urldate = {2021-03-10} } Microsoft Exchange Server Vulnerabilities Mitigations – updated March 9, 2021
HAFNIUM
2021-03-08SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20210308:supernova:c12f8f7, author = {Counter Threat Unit ResearchTeam}, title = {{SUPERNOVA Web Shell Deployment Linked to SPIRAL Threat Group}}, date = {2021-03-08}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/supernova-web-shell-deployment-linked-to-spiral-threat-group}, language = {English}, urldate = {2021-03-10} } SUPERNOVA Web Shell Deployment Linked to SPIRAL Threat Group
SUPERNOVA
2021-03-08SymantecThreat Hunter Team
@online{team:20210308:how:752e42e, author = {Threat Hunter Team}, title = {{How Symantec Stops Microsoft Exchange Server Attacks}}, date = {2021-03-08}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/microsoft-exchange-server-protection}, language = {English}, urldate = {2021-03-12} } How Symantec Stops Microsoft Exchange Server Attacks
CHINACHOPPER MimiKatz
2021-03-06Blue Team BlogAuth 0r
@online{0r:20210306:microsoft:099b122, author = {Auth 0r}, title = {{Microsoft Exchange Zero Day’s – Mitigations and Detections.}}, date = {2021-03-06}, organization = {Blue Team Blog}, url = {https://blueteamblog.com/microsoft-exchange-zero-days-mitigations-and-detections}, language = {English}, urldate = {2021-03-11} } Microsoft Exchange Zero Day’s – Mitigations and Detections.
2021-03-04WMC GlobalWMC Global Threat Intelligence Team
@online{team:20210304:compact:0e18165, author = {WMC Global Threat Intelligence Team}, title = {{The Compact Campaign}}, date = {2021-03-04}, organization = {WMC Global}, url = {https://www.wmcglobal.com/blog/the-compact-campaign}, language = {English}, urldate = {2021-03-06} } The Compact Campaign
2021-03-04CrowdStrikeThe Falcon Complete Team
@online{team:20210304:falcon:6170749, author = {The Falcon Complete Team}, title = {{Falcon Complete Stops Microsoft Exchange Server Zero-Day Exploits}}, date = {2021-03-04}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/falcon-complete-stops-microsoft-exchange-server-zero-day-exploits}, language = {English}, urldate = {2021-03-10} } Falcon Complete Stops Microsoft Exchange Server Zero-Day Exploits
CHINACHOPPER HAFNIUM
2021-03-04MicrosoftRamin Nafisi, Andrea Lelli, Microsoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{nafisi:20210304:goldmax:3fa3f68, author = {Ramin Nafisi and Andrea Lelli and Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence}}, date = {2021-03-04}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware}, language = {English}, urldate = {2021-03-06} } GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
SUNBURST TEARDROP UNC2452
2021-03-03DubexDubex Incident Response Team
@online{team:20210303:please:f38639d, author = {Dubex Incident Response Team}, title = {{Please leave an exploit after the beep}}, date = {2021-03-03}, organization = {Dubex}, url = {https://www.dubex.dk/aktuelt/nyheder/please-leave-an-exploit-after-the-beep}, language = {English}, urldate = {2021-03-11} } Please leave an exploit after the beep
2021-03-02MicrosoftMSRC Team
@online{team:20210302:multiple:d62f8de, author = {MSRC Team}, title = {{Multiple Security Updates Released for Exchange Server – updated March 8, 2021}}, date = {2021-03-02}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server}, language = {English}, urldate = {2021-03-10} } Multiple Security Updates Released for Exchange Server – updated March 8, 2021
HAFNIUM
2021-03-02Metabase QJesus Dominguez, Ocelot Offensive Security Team
@online{dominguez:20210302:ploutus:5d96786, author = {Jesus Dominguez and Ocelot Offensive Security Team}, title = {{Ploutus is back, targeting Itautec ATMs in Latin America}}, date = {2021-03-02}, organization = {Metabase Q}, url = {https://www.metabaseq.com/recursos/ploutus-is-back-targeting-itautec-atms-in-latin-america}, language = {English}, urldate = {2021-03-11} } Ploutus is back, targeting Itautec ATMs in Latin America
Ploutus ATM
2021-03-02MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team, Microsoft 365 Security
@online{mstic:20210302:hafnium:c7d8588, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team and Microsoft 365 Security}, title = {{HAFNIUM targeting Exchange Servers with 0-day exploits}}, date = {2021-03-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers}, language = {English}, urldate = {2021-03-07} } HAFNIUM targeting Exchange Servers with 0-day exploits
CHINACHOPPER HAFNIUM
2021-02-25MicrosoftMicrosoft Identity Security Team
@online{team:20210225:microsoft:bd11fce, author = {Microsoft Identity Security Team}, title = {{Microsoft open sources CodeQL queries used to hunt for Solorigate activity}}, date = {2021-02-25}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/02/25/microsoft-open-sources-codeql-queries-used-to-hunt-for-solorigate-activity/}, language = {English}, urldate = {2021-02-25} } Microsoft open sources CodeQL queries used to hunt for Solorigate activity
SUNBURST
2021-02-25ProofpointMichael Raggi, Proofpoint Threat Research Team
@online{raggi:20210225:ta413:400254c, author = {Michael Raggi and Proofpoint Threat Research Team}, title = {{TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organizations}}, date = {2021-02-25}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/ta413-leverages-new-friarfox-browser-extension-target-gmail-accounts-global}, language = {English}, urldate = {2021-02-25} } TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organizations
scanbox Sepulcher
2021-02-20MalpediaMalpedia
@online{malpedia:20210220:malpedia:db1282e, author = {Malpedia}, title = {{Malpedia Website for Malware Family Team TNT}}, date = {2021-02-20}, organization = {Malpedia}, url = {https://malpedia.caad.fkie.fraunhofer.de/details/elf.teamtnt}, language = {English}, urldate = {2021-03-12} } Malpedia Website for Malware Family Team TNT
TeamTNT TeamTNT
2021-02-18MicrosoftMSRC Team
@online{team:20210218:microsoft:645b21a, author = {MSRC Team}, title = {{Microsoft Internal Solorigate Investigation – Final Update}}, date = {2021-02-18}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/}, language = {English}, urldate = {2021-02-18} } Microsoft Internal Solorigate Investigation – Final Update
2021-02-17AquasecAssaf Morag
@online{morag:20210217:threat:b99a6f4, author = {Assaf Morag}, title = {{Threat Alert: TeamTNT Pwn Campaign Against Docker and K8s Environments}}, date = {2021-02-17}, organization = {Aquasec}, url = {https://blog.aquasec.com/teamtnt-campaign-against-docker-kubernetes-environment}, language = {English}, urldate = {2021-02-20} } Threat Alert: TeamTNT Pwn Campaign Against Docker and K8s Environments
TeamTNT TeamTNT