Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-03-04MicrosoftRamin Nafisi, Andrea Lelli, Microsoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{nafisi:20210304:goldmax:3fa3f68, author = {Ramin Nafisi and Andrea Lelli and Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence}}, date = {2021-03-04}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware}, language = {English}, urldate = {2021-03-06} } GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
SUNBURST TEARDROP UNC2452
2021-03-04WMC GlobalWMC Global Threat Intelligence Team
@online{team:20210304:compact:0e18165, author = {WMC Global Threat Intelligence Team}, title = {{The Compact Campaign}}, date = {2021-03-04}, organization = {WMC Global}, url = {https://www.wmcglobal.com/blog/the-compact-campaign}, language = {English}, urldate = {2021-03-06} } The Compact Campaign
2021-03-02MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team, Microsoft 365 Security
@online{mstic:20210302:hafnium:c7d8588, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team and Microsoft 365 Security}, title = {{HAFNIUM targeting Exchange Servers with 0-day exploits}}, date = {2021-03-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers}, language = {English}, urldate = {2021-03-07} } HAFNIUM targeting Exchange Servers with 0-day exploits
CHINACHOPPER HAFNIUM
2021-02-12MalwarebytesThreat Intelligence Team
@online{team:20210212:malvertising:6f4c197, author = {Threat Intelligence Team}, title = {{Malvertising campaign on PornHub and other top adult brands exposes users to tech support scams}}, date = {2021-02-12}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2021/02/malvertising-campaign-on-top-adult-brands-exposes-users-to-tech-support-scams/}, language = {English}, urldate = {2021-02-18} } Malvertising campaign on PornHub and other top adult brands exposes users to tech support scams
2021-02-01MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210201:what:2e12897, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{What tracking an attacker email infrastructure tells us about persistent cybercriminal operations}}, date = {2021-02-01}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/02/01/what-tracking-an-attacker-email-infrastructure-tells-us-about-persistent-cybercriminal-operations/}, language = {English}, urldate = {2021-02-02} } What tracking an attacker email infrastructure tells us about persistent cybercriminal operations
Dridex Emotet Makop Ransomware SmokeLoader TrickBot
2021-01-29MalwarebytesThreat Intelligence Team
@online{team:20210129:cleaning:489c8b3, author = {Threat Intelligence Team}, title = {{Cleaning up after Emotet: the law enforcement file}}, date = {2021-01-29}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/}, language = {English}, urldate = {2021-02-02} } Cleaning up after Emotet: the law enforcement file
Emotet
2021-01-28MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20210128:zinc:9c8aff4, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{ZINC attacks against security researchers}}, date = {2021-01-28}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/}, language = {English}, urldate = {2021-01-29} } ZINC attacks against security researchers
ComeBacker Klackring
2021-01-11CrowdStrikeCrowdStrike Intelligence Team
@online{team:20210111:sunspot:70e8a4c, author = {CrowdStrike Intelligence Team}, title = {{SUNSPOT: An Implant in the Build Process}}, date = {2021-01-11}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/}, language = {English}, urldate = {2021-01-21} } SUNSPOT: An Implant in the Build Process
SUNBURST
2021-01-08ReaqtaReaQta Threat Intelligence Team
@online{team:20210108:leonardo:bf16884, author = {ReaQta Threat Intelligence Team}, title = {{Leonardo S.p.A. Data Breach Analysis}}, date = {2021-01-08}, organization = {Reaqta}, url = {https://reaqta.com/2021/01/fujinama-analysis-leonardo-spa/}, language = {English}, urldate = {2021-01-11} } Leonardo S.p.A. Data Breach Analysis
2020-12-11BlackberryBlackBerry Research and Intelligence team
@online{team:20201211:mountlocker:9c495cb, author = {BlackBerry Research and Intelligence team}, title = {{MountLocker Ransomware-as-a-Service Offers Double Extortion Capabilities to Affiliates}}, date = {2020-12-11}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2020/12/mountlocker-ransomware-as-a-service-offers-double-extortion-capabilities-to-affiliates}, language = {English}, urldate = {2020-12-14} } MountLocker Ransomware-as-a-Service Offers Double Extortion Capabilities to Affiliates
Cobalt Strike Mount Locker
2020-11-30MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20201130:threat:99a3844, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them}}, date = {2020-11-30}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/11/30/threat-actor-leverages-coin-miner-techniques-to-stay-under-the-radar-heres-how-to-spot-them}, language = {English}, urldate = {2020-12-15} } Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them
APT32
2020-11-30MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20201130:threat:2633df5, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Threat actor (BISMUTH) leverages coin miner techniques to stay under the radar – here’s how to spot them}}, date = {2020-11-30}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/11/30/threat-actor-leverages-coin-miner-techniques-to-stay-under-the-radar-heres-how-to-spot-them/}, language = {English}, urldate = {2020-12-01} } Threat actor (BISMUTH) leverages coin miner techniques to stay under the radar – here’s how to spot them
Cobalt Strike
2020-11-18CrowdStrikeFalcon OverWatch Team, CrowdStrike Intelligence Team
@online{team:20201118:hacking:3fb3539, author = {Falcon OverWatch Team and CrowdStrike Intelligence Team}, title = {{Hacking Farm to Table: Threat Hunters Uncover Rise in Attacks Against Agriculture}}, date = {2020-11-18}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-threat-hunting-uncovered-attacks-in-the-agriculture-industry}, language = {English}, urldate = {2020-11-23} } Hacking Farm to Table: Threat Hunters Uncover Rise in Attacks Against Agriculture
2020-11-16MalwarebytesThreat Intelligence Team
@online{team:20201116:malsmoke:0cddf67, author = {Threat Intelligence Team}, title = {{Malsmoke operators abandon exploit kits in favor of social engineering scheme}}, date = {2020-11-16}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2020/11/malsmoke-operators-abandon-exploit-kits-in-favor-of-social-engineering-scheme/}, language = {English}, urldate = {2020-11-18} } Malsmoke operators abandon exploit kits in favor of social engineering scheme
Zloader
2020-11-12BlackberryBlackBerry Research and Intelligence team
@online{team:20201112:costaricto:1d1b0c8, author = {BlackBerry Research and Intelligence team}, title = {{The CostaRicto Campaign: Cyber-Espionage Outsourced}}, date = {2020-11-12}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2020/11/the-costaricto-campaign-cyber-espionage-outsourced}, language = {English}, urldate = {2020-11-19} } The CostaRicto Campaign: Cyber-Espionage Outsourced
SombRAT
2020-10-30CofenseThe Cofense Intelligence Team
@online{team:20201030:ryuk:9166a9a, author = {The Cofense Intelligence Team}, title = {{The Ryuk Threat: Why BazarBackdoor Matters Most}}, date = {2020-10-30}, organization = {Cofense}, url = {https://cofense.com/the-ryuk-threat-why-bazarbackdoor-matters-most/}, language = {English}, urldate = {2020-11-02} } The Ryuk Threat: Why BazarBackdoor Matters Most
BazarBackdoor Ryuk
2020-10-14MalwarebytesThreat Intelligence Team
@online{team:20201014:silent:8149a1d, author = {Threat Intelligence Team}, title = {{Silent Librarian APT right on schedule for 20/21 academic year}}, date = {2020-10-14}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/}, language = {English}, urldate = {2020-10-23} } Silent Librarian APT right on schedule for 20/21 academic year
2020-10-12MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20201012:trickbot:e4f086f, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Trickbot disrupted}}, date = {2020-10-12}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/10/12/trickbot-disrupted/}, language = {English}, urldate = {2020-10-12} } Trickbot disrupted
TrickBot
2020-10-08MalwarebytesThreat Intelligence Team
@online{team:20201008:credit:5e7e0b3, author = {Threat Intelligence Team}, title = {{Credit card skimmer targets virtual conference platform}}, date = {2020-10-08}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/malwarebytes-news/2020/10/credit-card-skimmer-targets-virtual-conference-platform/}, language = {English}, urldate = {2020-10-12} } Credit card skimmer targets virtual conference platform
2020-09-24CrowdStrikeCrowdStrike Intelligence Team
@online{team:20200924:double:3b3ade6, author = {CrowdStrike Intelligence Team}, title = {{Double Trouble: Ransomware with Data Leak Extortion, Part 1}}, date = {2020-09-24}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-1}, language = {English}, urldate = {2021-05-31} } Double Trouble: Ransomware with Data Leak Extortion, Part 1
DoppelPaymer Gandcrab LockBit Maze MedusaLocker RagnarLocker SamSam OUTLAW SPIDER OVERLORD SPIDER