Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-03-11TrustwaveDiana Lopera
Image File Trickery Part II: Fake Icon Delivers NanoCore
Nanocore RAT
2021-03-11FortinetRotem Kerner
Whitelist Me, Maybe? “Netbounce” Threat Actor Tries A Bold Approach To Evade Detection
2021-03-11Check Point ResearchAlex Ilgayev
Playing in the (Windows) Sandbox
2021-03-11Check PointAdi Ikan, Lotem Finkelsteen, Sagi Tzadik, Yaniv Balmas
Exploits on Organizations Worldwide Tripled after Microsoft’s Revelation of Four Zero-days
2021-03-11DEVOFran Gomez
Detection and Investigation Using Devo: HAFNIUM 0-day Exploits on Microsoft Exchange Service
CHINACHOPPER MimiKatz
2021-03-11Bleeping ComputerLawrence Abrams
Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits
2021-03-11Rapid7 LabsCaitlin Condon, Spencer McIntyre, William Vu
2020 Vulnerability Intelligence Report
2021-03-11IBMDave McMillen, Limor Kessem
Dridex Campaign Propelled by Cutwail Botnet and Poisonous PowerShell Scripts
Cutwail Dridex
2021-03-11Palo Alto Networks Unit 42Unit 42
Microsoft Exchange Server Attack Timeline
CHINACHOPPER
2021-03-11FlashpointFlashpoint
CL0P and REvil Escalate Their Ransomware Tactics
Clop REvil
2021-03-11CofenseElmer Hernandez
AutoHotKey Leveraged by Metamorfo/Mekotio Banking Trojan
Metamorfo
2021-03-11YouTube ( Malware_Analyzing_&_RE_Tips_Tricks)Jiří Vinopal
Formbook Reversing - Part1 [Formbook .NET loader/injector analyzing, decrypting, unpacking, patching]
Formbook
2021-03-11ElasticDaniel Stepanic
Update - Detection and Response for HAFNIUM Activity
2021-03-10CUJOAIAlbert Zsigovits
IoT Malware Journals: Prometei (Linux)
Prometei
2021-03-10Eli Shlomo BlogEli Shlomo
Azure Sentinel and Sysmon 4 B!ue T3amer$
2021-03-10Center for Security Studies (CSS)Florian J. Egloff, Max Smeets
Publicly attributing cyber attacks: a framework
2021-03-10PICUS SecuritySüleyman Özarslan
Tactics, Techniques, and Procedures (TTPs) Used by HAFNIUM to Target Microsoft Exchange Servers
CHINACHOPPER
2021-03-10Twitter (@MSSPete)Pete Bryan
Tweet on Sample KQL query for detecting usage of HAFNIUM PoC code floating ITW
2021-03-10FBICISA, FBI
Compromise of Microsoft Exchange Server
2021-03-10ProofpointDennis Schwarz, Matthew Mesa, Proofpoint Threat Research Team
NimzaLoader: TA800’s New Initial Access Malware
BazarNimrod Cobalt Strike