Malpedia Library

Click here to download all references as Bib-File.•

2021-03-09 ⋅ Red Canary ⋅ Brian Donohue, Katie Nickels, Tony Lambert
Microsoft Exchange server exploitation: how to detect, mitigate, and stay calm
CHINACHOPPER

2021-03-09 ⋅ Palo Alto Networks Unit 42 ⋅ Unit 42
Remediation Steps for the Microsoft Exchange Server Vulnerabilities
CHINACHOPPER

2021-03-09 ⋅ Cisco Talos ⋅ Cisco Talos
Hafnium Update: Continued Microsoft Exchange Server Exploitation

2021-03-09 ⋅ Attivo NETWORKS ⋅ Anil Gupta, Gorang Joshi, Saravanan Mohan
Hafnium – Active Exploitation of Microsoft Exchange and Lateral Movement

2021-03-09 ⋅ Morphisec ⋅ Alon Groisman
MineBridge Is on the Rise, With a Sophisticated Delivery Mechanism
MINEBRIDGE

2021-03-09 ⋅ 360 netlab ⋅ JiaYu
Threat Alert: z0Miner Is Spreading quickly by Exploiting ElasticSearch and Jenkins Vulnerabilities

2021-03-09 ⋅ Microsoft ⋅ MSRC Team
Microsoft Exchange Server Vulnerabilities Mitigations – updated March 9, 2021
HAFNIUM

2021-03-08 ⋅ PRODAFT Threat Intelligence ⋅ PRODAFT
FluBot - Malware Analysis Report
FluBot

2021-03-08 ⋅ The Record ⋅ Catalin Cimpanu
FluBot Malware Gang Arrested in Barcelona
FluBot

2021-03-08 ⋅ Symantec ⋅ Threat Hunter Team
How Symantec Stops Microsoft Exchange Server Attacks
CHINACHOPPER MimiKatz

2021-03-08 ⋅ Palo Alto Networks Unit 42 ⋅ Chris Navarrete, Durgesh Sangvikar, Matthew Tennis, Rongbo Shao, Yanhui Jia
Attack Chain Overview: Emotet in December 2020 and January 2021
Emotet

2021-03-08 ⋅ Youtube (SANS Digital Forensics and Incident Response) ⋅ Adam Pennington, Jen Burns, Katie Nickels
STAR Webcast: Making sense of SolarWinds through the lens of MITRE ATT&CK(R)
Cobalt Strike SUNBURST TEARDROP

2021-03-08 ⋅ Palo Alto Networks Unit 42 ⋅ Jeff White
Analyzing Attacks Against Microsoft Exchange Server With China Chopper Webshells
CHINACHOPPER

2021-03-08 ⋅ Microsoft ⋅ Yonit Glozshtein
Investigating the Print Spooler EoP exploitation

2021-03-08 ⋅ Secureworks ⋅ Counter Threat Unit ResearchTeam
SUPERNOVA Web Shell Deployment Linked to SPIRAL Threat Group
SUPERNOVA BRONZE SPIRAL

2021-03-07 ⋅ The Wall Street Journal ⋅ Dustin Volz, Michael R. Gordon
Russian Disinformation Campaign Aims to Undermine Confidence in Pfizer, Other Covid-19 Vaccines, U.S. Officials Say

2021-03-06 ⋅ Blue Team Blog ⋅ Auth 0r
Microsoft Exchange Zero Day’s – Mitigations and Detections.

2021-03-06 ⋅ Click All the Things! Blog ⋅ Jamie Arndt
oleObject1.bin – OLe10nATive – shellcode
CloudEyE

2021-03-06 ⋅ Nextron Systems ⋅ THOR Lite
Scan for HAFNIUM Exploitation Evidence with THOR Lite
HAFNIUM

2021-03-05 ⋅ Trend Micro ⋅ Adi Peretz, Erick Thek, Trend Micro Research
Earth Vetala – MuddyWater Continues to Target Organizations in the Middle East
MuddyWater