Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-06-15360 Threat Intelligence Center360 Fiberhome Laboratory
@online{laboratory:20210615:pjobrat:df97e9c, author = {360 Fiberhome Laboratory}, title = {{PJobRAT: Spyware targeting Indian military personnel}}, date = {2021-06-15}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/VTHvmRTeu3dw8HFyusKLqQ}, language = {Chinese}, urldate = {2021-06-21} } PJobRAT: Spyware targeting Indian military personnel
PjobRAT
2021-06-14MicrosoftMicrosoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20210614:behind:450af46, author = {Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign}}, date = {2021-06-14}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/}, language = {English}, urldate = {2021-06-16} } Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign
2021-06-11TencentThe Tencent Security Threat Intelligence Center
@online{center:20210611:tencent:ed32dd1, author = {The Tencent Security Threat Intelligence Center}, title = {{Tencent Security Report: Purple Fox virus maliciously attacks SQL server and spreads like a worm}}, date = {2021-06-11}, organization = {Tencent}, url = {https://s.tencent.com/research/report/1322.html}, language = {Chinese}, urldate = {2021-06-22} } Tencent Security Report: Purple Fox virus maliciously attacks SQL server and spreads like a worm
PurpleFox
2021-06-01MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20210601:new:83aee4c, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{New sophisticated email-based attack from NOBELIUM}}, date = {2021-06-01}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/}, language = {English}, urldate = {2021-06-09} } New sophisticated email-based attack from NOBELIUM
Cobalt Strike
2021-06-01Rising Threat Intelligence CenterRising Threat Intelligence Center
@online{center:20210601:rising:06299b0, author = {Rising Threat Intelligence Center}, title = {{Rising warning: APT organizes Lazarus Group to launch an attack on China}}, date = {2021-06-01}, organization = {Rising Threat Intelligence Center}, url = {https://it.rising.com.cn/dongtai/19777.html}, language = {Chinese}, urldate = {2021-06-09} } Rising warning: APT organizes Lazarus Group to launch an attack on China
2021-05-28MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20210528:breaking:f55e372, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Breaking down NOBELIUM’s latest early-stage toolset}}, date = {2021-05-28}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/}, language = {English}, urldate = {2022-05-17} } Breaking down NOBELIUM’s latest early-stage toolset
Cobalt Strike
2021-05-10Anheng Threat Intelligence CenterHunting Shadow Lab
@online{lab:20210510:analysis:7cf4e42, author = {Hunting Shadow Lab}, title = {{Analysis of U.S. Oil Products Pipeline Operators Suspended by Ransomware Attacks}}, date = {2021-05-10}, organization = {Anheng Threat Intelligence Center}, url = {http://ti.dbappsecurity.com.cn/blog/index.php/2021/05/10/darkside/}, language = {Chinese}, urldate = {2021-06-22} } Analysis of U.S. Oil Products Pipeline Operators Suspended by Ransomware Attacks
DarkSide
2021-04-20360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20210420:transparent:1033b04, author = {Advanced Threat Institute}, title = {{Transparent Tribe uses the new crown vaccine hotspot to analyze the targeted attacks on the Indian medical industry}}, date = {2021-04-20}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/ELYDvdMiiy4FZ3KpmAddZQ}, language = {Chinese}, urldate = {2021-04-28} } Transparent Tribe uses the new crown vaccine hotspot to analyze the targeted attacks on the Indian medical industry
Crimson RAT
2021-03-04MicrosoftRamin Nafisi, Andrea Lelli, Microsoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{nafisi:20210304:goldmax:3fa3f68, author = {Ramin Nafisi and Andrea Lelli and Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence}}, date = {2021-03-04}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware}, language = {English}, urldate = {2021-03-06} } GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
SUNBURST TEARDROP UNC2452
2021-03-02MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20210302:hafnium:58ec0a0, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{HAFNIUM targeting Exchange Servers with 0-day exploits}}, date = {2021-03-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/}, language = {English}, urldate = {2021-03-04} } HAFNIUM targeting Exchange Servers with 0-day exploits
PowerCat
2021-03-02MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team, Microsoft 365 Security
@online{mstic:20210302:hafnium:c7d8588, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team and Microsoft 365 Security}, title = {{HAFNIUM targeting Exchange Servers with 0-day exploits}}, date = {2021-03-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers}, language = {English}, urldate = {2021-03-07} } HAFNIUM targeting Exchange Servers with 0-day exploits
CHINACHOPPER HAFNIUM
2021-02-10Anheng Threat Intelligence CenterHunting Shadow Lab
@online{lab:20210210:windows:be9d863, author = {Hunting Shadow Lab}, title = {{Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack}}, date = {2021-02-10}, organization = {Anheng Threat Intelligence Center}, url = {https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/}, language = {English}, urldate = {2021-02-17} } Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack
2021-01-28MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20210128:zinc:9c8aff4, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{ZINC attacks against security researchers}}, date = {2021-01-28}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/}, language = {English}, urldate = {2021-01-29} } ZINC attacks against security researchers
ComeBacker Klackring
2021-01-26360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20210126:shell:b75c032, author = {Advanced Threat Institute}, title = {{Shell Break-Lazarus (APT-C-26) organized targeted attacks against security researchers to reveal the secret}}, date = {2021-01-26}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/W-C_tKVnXco8C3ctgAjoNQ}, language = {Chinese}, urldate = {2021-01-27} } Shell Break-Lazarus (APT-C-26) organized targeted attacks against security researchers to reveal the secret
2021-01-26Anheng Threat Intelligence CenterHunting Shadow Lab
@online{lab:20210126:undefeated:d5066ad, author = {Hunting Shadow Lab}, title = {{Undefeated, hackers use Visual Studio compiler features to target binary vulnerabilities security researcher}}, date = {2021-01-26}, organization = {Anheng Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/UBD0hyXUooYuDrpsz8-MtQ}, language = {Chinese}, urldate = {2021-01-27} } Undefeated, hackers use Visual Studio compiler features to target binary vulnerabilities security researcher
2021-01-21360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20210121:disclosure:7709c9e, author = {Advanced Threat Institute}, title = {{Disclosure of Manling Flower Organization (APT-C-08) using Warzone RAT attack}}, date = {2021-01-21}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/C09P0al1nhsyyujHRp0FAw}, language = {Chinese}, urldate = {2021-01-26} } Disclosure of Manling Flower Organization (APT-C-08) using Warzone RAT attack
Ave Maria
2021-01-20MicrosoftMicrosoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC), Microsoft Cyber Defense Operations Center (CDOC)
@online{team:20210120:deep:1cc0551, author = {Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center (MSTIC) and Microsoft Cyber Defense Operations Center (CDOC)}, title = {{Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop}}, date = {2021-01-20}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/}, language = {English}, urldate = {2021-01-21} } Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
Cobalt Strike SUNBURST TEARDROP
2020-12-18MicrosoftMicrosoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20201218:analyzing:9486213, author = {Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers}}, date = {2020-12-18}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/}, language = {English}, urldate = {2020-12-19} } Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers
SUNBURST SUPERNOVA TEARDROP UNC2452
2020-12-16360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20201216:aptc47clickonce:8643850, author = {Advanced Threat Institute}, title = {{旺刺组织(APT-C-47)使用ClickOnce技术的攻击活动披露}}, date = {2020-12-16}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/h_MUJfa3QGM9SqT_kzcdHQ}, language = {Chinese}, urldate = {2021-01-01} } 旺刺组织(APT-C-47)使用ClickOnce技术的攻击活动披露
2020-12-15360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20201215:operation:899bf4d, author = {Advanced Threat Institute}, title = {{Operation Falling Eagle-the secret of the most influential supply chain attack in history}}, date = {2020-12-15}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/lh7y_KHUxag_-pcFBC7d0Q}, language = {Chinese}, urldate = {2020-12-18} } Operation Falling Eagle-the secret of the most influential supply chain attack in history
SUNBURST