Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-06-01Rising Threat Intelligence CenterRising Threat Intelligence Center
@online{center:20210601:rising:06299b0, author = {Rising Threat Intelligence Center}, title = {{Rising warning: APT organizes Lazarus Group to launch an attack on China}}, date = {2021-06-01}, organization = {Rising Threat Intelligence Center}, url = {https://it.rising.com.cn/dongtai/19777.html}, language = {Chinese}, urldate = {2021-06-09} } Rising warning: APT organizes Lazarus Group to launch an attack on China
2021-05-28MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20210528:breaking:f55e372, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Breaking down NOBELIUM’s latest early-stage toolset}}, date = {2021-05-28}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/}, language = {English}, urldate = {2022-05-17} } Breaking down NOBELIUM’s latest early-stage toolset
BOOMBOX Cobalt Strike
2021-05-10Anheng Threat Intelligence CenterHunting Shadow Lab
@online{lab:20210510:analysis:7cf4e42, author = {Hunting Shadow Lab}, title = {{Analysis of U.S. Oil Products Pipeline Operators Suspended by Ransomware Attacks}}, date = {2021-05-10}, organization = {Anheng Threat Intelligence Center}, url = {http://ti.dbappsecurity.com.cn/blog/index.php/2021/05/10/darkside/}, language = {Chinese}, urldate = {2021-06-22} } Analysis of U.S. Oil Products Pipeline Operators Suspended by Ransomware Attacks
DarkSide
2021-04-20360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20210420:transparent:1033b04, author = {Advanced Threat Institute}, title = {{Transparent Tribe uses the new crown vaccine hotspot to analyze the targeted attacks on the Indian medical industry}}, date = {2021-04-20}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/ELYDvdMiiy4FZ3KpmAddZQ}, language = {Chinese}, urldate = {2021-04-28} } Transparent Tribe uses the new crown vaccine hotspot to analyze the targeted attacks on the Indian medical industry
Crimson RAT
2021-03-04MicrosoftRamin Nafisi, Andrea Lelli, Microsoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{nafisi:20210304:goldmax:3fa3f68, author = {Ramin Nafisi and Andrea Lelli and Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence}}, date = {2021-03-04}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware}, language = {English}, urldate = {2021-03-06} } GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
SUNBURST TEARDROP UNC2452
2021-03-02MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20210302:hafnium:58ec0a0, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{HAFNIUM targeting Exchange Servers with 0-day exploits}}, date = {2021-03-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/}, language = {English}, urldate = {2021-03-04} } HAFNIUM targeting Exchange Servers with 0-day exploits
PowerCat
2021-03-02MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team, Microsoft 365 Security
@online{mstic:20210302:hafnium:c7d8588, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team and Microsoft 365 Security}, title = {{HAFNIUM targeting Exchange Servers with 0-day exploits}}, date = {2021-03-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers}, language = {English}, urldate = {2021-03-07} } HAFNIUM targeting Exchange Servers with 0-day exploits
CHINACHOPPER HAFNIUM
2021-02-10Anheng Threat Intelligence CenterHunting Shadow Lab
@online{lab:20210210:windows:be9d863, author = {Hunting Shadow Lab}, title = {{Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack}}, date = {2021-02-10}, organization = {Anheng Threat Intelligence Center}, url = {https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/}, language = {English}, urldate = {2021-02-17} } Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack
2021-01-28MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20210128:zinc:9c8aff4, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{ZINC attacks against security researchers}}, date = {2021-01-28}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/}, language = {English}, urldate = {2021-01-29} } ZINC attacks against security researchers
ComeBacker Klackring
2021-01-26360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20210126:shell:b75c032, author = {Advanced Threat Institute}, title = {{Shell Break-Lazarus (APT-C-26) organized targeted attacks against security researchers to reveal the secret}}, date = {2021-01-26}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/W-C_tKVnXco8C3ctgAjoNQ}, language = {Chinese}, urldate = {2021-01-27} } Shell Break-Lazarus (APT-C-26) organized targeted attacks against security researchers to reveal the secret
2021-01-26Anheng Threat Intelligence CenterHunting Shadow Lab
@online{lab:20210126:undefeated:d5066ad, author = {Hunting Shadow Lab}, title = {{Undefeated, hackers use Visual Studio compiler features to target binary vulnerabilities security researcher}}, date = {2021-01-26}, organization = {Anheng Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/UBD0hyXUooYuDrpsz8-MtQ}, language = {Chinese}, urldate = {2021-01-27} } Undefeated, hackers use Visual Studio compiler features to target binary vulnerabilities security researcher
2021-01-21360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20210121:disclosure:7709c9e, author = {Advanced Threat Institute}, title = {{Disclosure of Manling Flower Organization (APT-C-08) using Warzone RAT attack}}, date = {2021-01-21}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/C09P0al1nhsyyujHRp0FAw}, language = {Chinese}, urldate = {2021-01-26} } Disclosure of Manling Flower Organization (APT-C-08) using Warzone RAT attack
Ave Maria
2021-01-20MicrosoftMicrosoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC), Microsoft Cyber Defense Operations Center (CDOC)
@online{team:20210120:deep:1cc0551, author = {Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center (MSTIC) and Microsoft Cyber Defense Operations Center (CDOC)}, title = {{Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop}}, date = {2021-01-20}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/}, language = {English}, urldate = {2021-01-21} } Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
Cobalt Strike SUNBURST TEARDROP
2020-12-18MicrosoftMicrosoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20201218:analyzing:9486213, author = {Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers}}, date = {2020-12-18}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/}, language = {English}, urldate = {2020-12-19} } Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers
SUNBURST SUPERNOVA TEARDROP UNC2452
2020-12-16360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20201216:aptc47clickonce:8643850, author = {Advanced Threat Institute}, title = {{旺刺组织(APT-C-47)使用ClickOnce技术的攻击活动披露}}, date = {2020-12-16}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/h_MUJfa3QGM9SqT_kzcdHQ}, language = {Chinese}, urldate = {2021-01-01} } 旺刺组织(APT-C-47)使用ClickOnce技术的攻击活动披露
2020-12-15360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20201215:operation:899bf4d, author = {Advanced Threat Institute}, title = {{Operation Falling Eagle-the secret of the most influential supply chain attack in history}}, date = {2020-12-15}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/lh7y_KHUxag_-pcFBC7d0Q}, language = {Chinese}, urldate = {2020-12-18} } Operation Falling Eagle-the secret of the most influential supply chain attack in history
SUNBURST
2020-12-01QianxinQi Anxin Threat Intelligence Center
@online{center:20201201:blade:1b3519c, author = {Qi Anxin Threat Intelligence Center}, title = {{Blade Eagle Group - Targeted attack group activities circling the Middle East and West Asia's cyberspace revealed}}, date = {2020-12-01}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Blade-hawk-The-activities-of-targeted-the-Middle-East-and-West-Asia-are-exposed/}, language = {English}, urldate = {2022-04-15} } Blade Eagle Group - Targeted attack group activities circling the Middle East and West Asia's cyberspace revealed
SpyNote BladeHawk
2020-11-30MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20201130:threat:2633df5, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Threat actor (BISMUTH) leverages coin miner techniques to stay under the radar – here’s how to spot them}}, date = {2020-11-30}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/11/30/threat-actor-leverages-coin-miner-techniques-to-stay-under-the-radar-heres-how-to-spot-them/}, language = {English}, urldate = {2020-12-01} } Threat actor (BISMUTH) leverages coin miner techniques to stay under the radar – here’s how to spot them
Cobalt Strike
2020-11-12Anheng Threat Intelligence CenterHunting Shadow Lab
@online{lab:20201112:operation:62e5d84, author = {Hunting Shadow Lab}, title = {{Operation Gold Hunting: Targeting the Cutting-Edge Technology Industry}}, date = {2020-11-12}, organization = {Anheng Threat Intelligence Center}, url = {https://ti.dbappsecurity.com.cn/blog/index.php/2020/11/12/operation-gold-hunting/}, language = {English}, urldate = {2021-06-22} } Operation Gold Hunting: Targeting the Cutting-Edge Technology Industry
2020-11-09360360 Threat Intelligence Center
@online{center:20201109:analysis:ccf80c0, author = {360 Threat Intelligence Center}, title = {{Analysis of the latest targeted attacks by Lugansk against Ukraine}}, date = {2020-11-09}, organization = {360}, url = {https://mp.weixin.qq.com/s/aMj_EDmTYyAouHWFbY64-A}, language = {Chinese}, urldate = {2020-11-11} } Analysis of the latest targeted attacks by Lugansk against Ukraine