Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-04-02institute for advanced threats360 Threat Intelligence Center
@online{center:20220402:waves:5aa4f65, author = {360 Threat Intelligence Center}, title = {{WAVES LURKING IN THE CALM OF THE WIND AND WAVES: A DYNAMIC ANALYSIS OF THE ATTACK ACTIVITIES OF THE APT-C-00 (SEALOTUS) ORGANIZATION}}, date = {2022-04-02}, organization = {institute for advanced threats}, url = {https://mp.weixin.qq.com/s/tBQSbv55lJUipaPWFr1fKw}, language = {Chinese}, urldate = {2022-04-05} } WAVES LURKING IN THE CALM OF THE WIND AND WAVES: A DYNAMIC ANALYSIS OF THE ATTACK ACTIVITIES OF THE APT-C-00 (SEALOTUS) ORGANIZATION
2022-03-22MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Detection and Response Team (DART), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20220322:dev0537:eea56dc, author = {Microsoft Threat Intelligence Center (MSTIC) and Detection and Response Team (DART) and Microsoft 365 Defender Threat Intelligence Team}, title = {{DEV-0537 (UNC3661) criminal actor targeting organizations for data exfiltration and destruction}}, date = {2022-03-22}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/}, language = {English}, urldate = {2022-08-05} } DEV-0537 (UNC3661) criminal actor targeting organizations for data exfiltration and destruction
RedLine Stealer LAPSUS
2022-03-22360 Threat Intelligence Center360 Threat Intelligence Center
@online{center:20220322:quantum:8629794, author = {360 Threat Intelligence Center}, title = {{Quantum Attack System – NSA "APT-C-40" Hacking Organization High-end Cyber Attack Weapon Technical Analysis Report (I)}}, date = {2022-03-22}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/lzf16Fchfv1fMG3IExq7XA}, language = {Chinese}, urldate = {2022-06-27} } Quantum Attack System – NSA "APT-C-40" Hacking Organization High-end Cyber Attack Weapon Technical Analysis Report (I)
2022-03-17SophosTilly Travers
@online{travers:20220317:ransomware:df38f2f, author = {Tilly Travers}, title = {{The Ransomware Threat Intelligence Center}}, date = {2022-03-17}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/}, language = {English}, urldate = {2022-03-18} } The Ransomware Threat Intelligence Center
ATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry Dharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker Ragnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker
2022-03-16MicrosoftMicrosoft Defender for IoT Research Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20220316:uncovering:aae61b5, author = {Microsoft Defender for IoT Research Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure}}, date = {2022-03-16}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/03/16/uncovering-trickbots-use-of-iot-devices-in-command-and-control-infrastructure/}, language = {English}, urldate = {2022-03-17} } Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
TrickBot
2022-02-23Weixin360 Threat Intelligence Center
@online{center:20220223:aptc58:fb10a0a, author = {360 Threat Intelligence Center}, title = {{APT-C-58 (Gorgon Group) attack warning}}, date = {2022-02-23}, organization = {Weixin}, url = {https://mp.weixin.qq.com/s/X0kAIHOSldiFDthb4IsmbQ}, language = {Chinese}, urldate = {2022-03-01} } APT-C-58 (Gorgon Group) attack warning
Agent Tesla
2022-02-04MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20220204:actinium:739151c, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{ACTINIUM targets Ukrainian organizations}}, date = {2022-02-04}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/}, language = {English}, urldate = {2022-02-07} } ACTINIUM targets Ukrainian organizations
DilongTrash DinoTrain Pteranodon QuietSieve Gamaredon Group
2022-02-04MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20220204:actinium:46543a2, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{ACTINIUM targets Ukrainian organizations}}, date = {2022-02-04}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations}, language = {English}, urldate = {2022-08-25} } ACTINIUM targets Ukrainian organizations
Pteranodon Gamaredon Group
2021-12-11MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20211211:guidance:fb6acc1, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability}}, date = {2021-12-11}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation}, language = {English}, urldate = {2022-07-25} } Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
Khonsari NightSky BRONZE STARLIGHT
2021-12-06MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20211206:nickel:115c365, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{NICKEL targeting government organizations across Latin America and Europe}}, date = {2021-12-06}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/12/06/nickel-targeting-government-organizations-across-latin-america-and-europe/}, language = {English}, urldate = {2021-12-08} } NICKEL targeting government organizations across Latin America and Europe
MimiKatz
2021-12-06MandiantLuke Jenkins, Sarah Hawley, Parnian Najafi, Doug Bienstock, Luis Rocha, Marius Fodoreanu, Mitchell Clarke, Manfred Erjak, Josh Madeley, Ashraf Abdalhalim, Juraj Sucik, Wojciech Ledzion, Gabriella Roncone, Jonathan Leathery, Ben Read, Microsoft Threat Intelligence Center (MSTIC), Microsoft Detection and Response Team (DART)
@online{jenkins:20211206:suspected:d9da4ec, author = {Luke Jenkins and Sarah Hawley and Parnian Najafi and Doug Bienstock and Luis Rocha and Marius Fodoreanu and Mitchell Clarke and Manfred Erjak and Josh Madeley and Ashraf Abdalhalim and Juraj Sucik and Wojciech Ledzion and Gabriella Roncone and Jonathan Leathery and Ben Read and Microsoft Threat Intelligence Center (MSTIC) and Microsoft Detection and Response Team (DART)}, title = {{Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)}}, date = {2021-12-06}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/russian-targeting-gov-business}, language = {English}, urldate = {2021-12-07} } Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)
Cobalt Strike CryptBot
2021-11-29Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20211129:unknown:34c3ea9, author = {Red Raindrop Team}, title = {{Unknown}}, date = {2021-11-29}, organization = {Qianxin Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/Hzq4_tWmunDpKfHTlZNM-A}, language = {Chinese}, urldate = {2022-10-06} } Unknown
APT-Q-12
2021-11-19360 Threat Intelligence Centeradvanced threat research institute
@online{institute:20211119:it:0807b7c, author = {advanced threat research institute}, title = {{It is suspected that the APT-C-55 organization used the commercial software Web Browser Password Viewer to carry out the attack}}, date = {2021-11-19}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/QDI912ogVKyyKFYdKvBGdQ}, language = {Chinese}, urldate = {2021-12-07} } It is suspected that the APT-C-55 organization used the commercial software Web Browser Password Viewer to carry out the attack
2021-11-18MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20211118:iranian:911ab04, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{Iranian targeting of IT sector on the rise}}, date = {2021-11-18}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/18/iranian-targeting-of-it-sector-on-the-rise/}, language = {English}, urldate = {2021-11-19} } Iranian targeting of IT sector on the rise
MimiKatz ShellClient RAT
2021-11-16MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20211116:evolving:9bd9d2e, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021}}, date = {2021-11-16}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/16/evolving-trends-in-iranian-threat-actor-activity-mstic-presentation-at-cyberwarcon-2021/}, language = {English}, urldate = {2021-11-17} } Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021
2021-11-08MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20211108:threat:0d18523, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus}}, date = {2021-11-08}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/08/threat-actor-dev-0322-exploiting-zoho-manageengine-adselfservice-plus/}, language = {English}, urldate = {2021-11-09} } Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus
2021-10-25MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20211025:nobelium:ce29e06, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{NOBELIUM targeting delegated administrative privileges to facilitate broader attacks}}, date = {2021-10-25}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks/}, language = {English}, urldate = {2021-11-02} } NOBELIUM targeting delegated administrative privileges to facilitate broader attacks
2021-10-11MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20211011:iranlinked:0d8f98a, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors}}, date = {2021-10-11}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/10/11/iran-linked-dev-0343-targeting-defense-gis-and-maritime-sectors/}, language = {English}, urldate = {2021-10-26} } Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors
2021-09-27MicrosoftRamin Nafisi, Microsoft Threat Intelligence Center (MSTIC)
@online{nafisi:20210927:foggyweb:3a85efc, author = {Ramin Nafisi and Microsoft Threat Intelligence Center (MSTIC)}, title = {{FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor}}, date = {2021-09-27}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/}, language = {English}, urldate = {2021-09-28} } FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor
2021-09-15MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20210915:analyzing:bafe767, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability}}, date = {2021-09-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability}, language = {English}, urldate = {2022-05-17} } Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability
EXOTIC LILY