Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-10-11MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20211011:iranlinked:0d8f98a, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors}}, date = {2021-10-11}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/10/11/iran-linked-dev-0343-targeting-defense-gis-and-maritime-sectors/}, language = {English}, urldate = {2021-10-26} } Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors
2021-09-27MicrosoftRamin Nafisi, Microsoft Threat Intelligence Center (MSTIC)
@online{nafisi:20210927:foggyweb:3a85efc, author = {Ramin Nafisi and Microsoft Threat Intelligence Center (MSTIC)}, title = {{FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor}}, date = {2021-09-27}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/}, language = {English}, urldate = {2021-09-28} } FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor
2021-09-15MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20210915:analyzing:bafe767, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability}}, date = {2021-09-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability}, language = {English}, urldate = {2022-05-17} } Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability
EXOTIC LILY
2021-09-15MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20210915:analyzing:37b6528, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability}}, date = {2021-09-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/}, language = {English}, urldate = {2021-09-19} } Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability
Cobalt Strike
2021-09-01360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20210901:aptc56:0f08cce, author = {Advanced Threat Institute}, title = {{APT-C-56 (Transparent Tribe) Latest Attack Analysis and Associated Suspected Gorgon Group Attack Analysis Alert}}, date = {2021-09-01}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/xUM2x89GuB8uP6otN612Fg}, language = {Chinese}, urldate = {2021-09-09} } APT-C-56 (Transparent Tribe) Latest Attack Analysis and Associated Suspected Gorgon Group Attack Analysis Alert
Crimson RAT NetWire RC
2021-08-02360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20210802:operation:af54e15, author = {Advanced Threat Institute}, title = {{Operation Hunting - The latest attack by the CNC (APT-C-48) has been revealed}}, date = {2021-08-02}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/dMFyLxsErYUZX7BQyBL9YQ}, language = {Chinese}, urldate = {2021-08-02} } Operation Hunting - The latest attack by the CNC (APT-C-48) has been revealed
2021-07-27360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20210727:summary:219ae9b, author = {Advanced Threat Institute}, title = {{Summary of Kimsuky's secret stealing activities in the first half of 2021}}, date = {2021-07-27}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/og8mfnqoKZsHlOJdIDKYgQ}, language = {Chinese}, urldate = {2021-07-27} } Summary of Kimsuky's secret stealing activities in the first half of 2021
2021-07-16360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20210716:aptc61:4736008, author = {Advanced Threat Institute}, title = {{APT-C-61 attacks against South Asia}}, date = {2021-07-16}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/Jpw7TqyPzOy57RAZDQdlWA}, language = {Chinese}, urldate = {2021-07-20} } APT-C-61 attacks against South Asia
2021-07-15MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20210715:protecting:8e27c6c, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware}}, date = {2021-07-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/07/15/protecting-customers-from-a-private-sector-offensive-actor-using-0-day-exploits-and-devilstongue-malware/}, language = {English}, urldate = {2021-07-20} } Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware
2021-07-14MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20210714:microsoft:6701699, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Microsoft delivers comprehensive solution to battle rise in consent phishing emails}}, date = {2021-07-14}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/07/14/microsoft-delivers-comprehensive-solution-to-battle-rise-in-consent-phishing-emails/}, language = {English}, urldate = {2021-07-20} } Microsoft delivers comprehensive solution to battle rise in consent phishing emails
2021-07-13MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20210713:microsoft:5394367, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Microsoft discovers threat actor (DEV-0322) targeting SolarWinds Serv-U software with 0-day exploit}}, date = {2021-07-13}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit/}, language = {English}, urldate = {2021-07-20} } Microsoft discovers threat actor (DEV-0322) targeting SolarWinds Serv-U software with 0-day exploit
2021-07-01Anheng Threat Intelligence CenterAnheng Threat Intelligence Center
@online{center:20210701:suspected:aedb06c, author = {Anheng Threat Intelligence Center}, title = {{Suspected HADES organization launched an attack on Ukraine with military themes}}, date = {2021-07-01}, organization = {Anheng Threat Intelligence Center}, url = {https://www.freebuf.com/news/279181.html}, language = {English}, urldate = {2021-07-11} } Suspected HADES organization launched an attack on Ukraine with military themes
2021-06-15360 Threat Intelligence Center360 Fiberhome Laboratory
@online{laboratory:20210615:pjobrat:df97e9c, author = {360 Fiberhome Laboratory}, title = {{PJobRAT: Spyware targeting Indian military personnel}}, date = {2021-06-15}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/VTHvmRTeu3dw8HFyusKLqQ}, language = {Chinese}, urldate = {2021-06-21} } PJobRAT: Spyware targeting Indian military personnel
PjobRAT
2021-06-14MicrosoftMicrosoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20210614:behind:450af46, author = {Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign}}, date = {2021-06-14}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/}, language = {English}, urldate = {2021-06-16} } Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign
2021-06-11TencentThe Tencent Security Threat Intelligence Center
@online{center:20210611:tencent:ed32dd1, author = {The Tencent Security Threat Intelligence Center}, title = {{Tencent Security Report: Purple Fox virus maliciously attacks SQL server and spreads like a worm}}, date = {2021-06-11}, organization = {Tencent}, url = {https://s.tencent.com/research/report/1322.html}, language = {Chinese}, urldate = {2021-06-22} } Tencent Security Report: Purple Fox virus maliciously attacks SQL server and spreads like a worm
PurpleFox
2021-06-01MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20210601:new:83aee4c, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{New sophisticated email-based attack from NOBELIUM}}, date = {2021-06-01}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/}, language = {English}, urldate = {2021-06-09} } New sophisticated email-based attack from NOBELIUM
Cobalt Strike
2021-06-01Rising Threat Intelligence CenterRising Threat Intelligence Center
@online{center:20210601:rising:06299b0, author = {Rising Threat Intelligence Center}, title = {{Rising warning: APT organizes Lazarus Group to launch an attack on China}}, date = {2021-06-01}, organization = {Rising Threat Intelligence Center}, url = {https://it.rising.com.cn/dongtai/19777.html}, language = {Chinese}, urldate = {2021-06-09} } Rising warning: APT organizes Lazarus Group to launch an attack on China
2021-05-28MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20210528:breaking:f55e372, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Breaking down NOBELIUM’s latest early-stage toolset}}, date = {2021-05-28}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/}, language = {English}, urldate = {2022-05-17} } Breaking down NOBELIUM’s latest early-stage toolset
BOOMBOX Cobalt Strike
2021-05-10Anheng Threat Intelligence CenterHunting Shadow Lab
@online{lab:20210510:analysis:7cf4e42, author = {Hunting Shadow Lab}, title = {{Analysis of U.S. Oil Products Pipeline Operators Suspended by Ransomware Attacks}}, date = {2021-05-10}, organization = {Anheng Threat Intelligence Center}, url = {http://ti.dbappsecurity.com.cn/blog/index.php/2021/05/10/darkside/}, language = {Chinese}, urldate = {2021-06-22} } Analysis of U.S. Oil Products Pipeline Operators Suspended by Ransomware Attacks
DarkSide
2021-04-20360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20210420:transparent:1033b04, author = {Advanced Threat Institute}, title = {{Transparent Tribe uses the new crown vaccine hotspot to analyze the targeted attacks on the Indian medical industry}}, date = {2021-04-20}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/ELYDvdMiiy4FZ3KpmAddZQ}, language = {Chinese}, urldate = {2021-04-28} } Transparent Tribe uses the new crown vaccine hotspot to analyze the targeted attacks on the Indian medical industry
Crimson RAT