Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-11-09Security IntelligenceJonathan Reed
@online{reed:20221109:ransomwareasaservice:751e1a8, author = {Jonathan Reed}, title = {{Ransomware-as-a-Service Transforms Gangs Into Businesses}}, date = {2022-11-09}, organization = {Security Intelligence}, url = {https://securityintelligence.com/news/eternity-gang-ransomware-as-a-service-telegram/}, language = {English}, urldate = {2022-11-11} } Ransomware-as-a-Service Transforms Gangs Into Businesses
Eternity Stealer
2022-10-28Elastic@rsprooten, Elastic Security Intelligence & Analytics Team
@online{rsprooten:20221028:emotet:ffabd03, author = {@rsprooten and Elastic Security Intelligence & Analytics Team}, title = {{EMOTET dynamic config extraction}}, date = {2022-10-28}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction}, language = {English}, urldate = {2022-10-30} } EMOTET dynamic config extraction
Emotet
2022-05-06Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20220506:twitter:7a00df8, author = {Microsoft Security Intelligence}, title = {{Twitter Thread on initial infeciton of SocGholish/ FAKEUPDATES campaigns lead to BLISTER Loader, CobaltStrike, Lockbit and followed by Hands On Keyboard activity}}, date = {2022-05-06}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1522690116979855360}, language = {English}, urldate = {2022-05-09} } Twitter Thread on initial infeciton of SocGholish/ FAKEUPDATES campaigns lead to BLISTER Loader, CobaltStrike, Lockbit and followed by Hands On Keyboard activity
FAKEUPDATES Blister Cobalt Strike LockBit
2022-03-01AkamaiSecurity Intelligence Response Team
@online{team:20220301:tcp:ea95946, author = {Security Intelligence Response Team}, title = {{TCP Middlebox Reflection: Coming to a DDoS Near You}}, date = {2022-03-01}, organization = {Akamai}, url = {https://www.akamai.com/blog/security/tcp-middlebox-reflection}, language = {English}, urldate = {2022-03-02} } TCP Middlebox Reflection: Coming to a DDoS Near You
2022-01-15MicrosoftMicrosoft, Microsoft Security Intelligence, Microsoft Digital Security Unit (DSU), Microsoft Detection and Response Team (DART), Microsoft 365 Defender Threat Intelligence Team
@online{microsoft:20220115:destructive:77ac2f5, author = {Microsoft and Microsoft Security Intelligence and Microsoft Digital Security Unit (DSU) and Microsoft Detection and Response Team (DART) and Microsoft 365 Defender Threat Intelligence Team}, title = {{Destructive malware targeting Ukrainian organizations (DEV-0586)}}, date = {2022-01-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/}, language = {English}, urldate = {2022-01-18} } Destructive malware targeting Ukrainian organizations (DEV-0586)
WhisperGate DEV-0586
2021-10-21Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20211021:new:11cf9aa, author = {Microsoft Security Intelligence}, title = {{Tweet on new variant of mac malware UpdateAgent/WizardUpdate}}, date = {2021-10-21}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1451279679059488773}, language = {English}, urldate = {2021-10-26} } Tweet on new variant of mac malware UpdateAgent/WizardUpdate
Vigram
2021-10-12ElasticElastic Security Intelligence & Analytics Team
@online{team:20211012:going:5ac7c9d, author = {Elastic Security Intelligence & Analytics Team}, title = {{Going Coast to Coast - Climbing the Pyramid with the Deimos Implant}}, date = {2021-10-12}, organization = {Elastic}, url = {https://www.elastic.co/blog/going-coast-to-coast-climbing-the-pyramid-with-the-deimos-implant}, language = {English}, urldate = {2021-10-26} } Going Coast to Coast - Climbing the Pyramid with the Deimos Implant
Deimos
2021-09-29Silent PushSilent Push
@online{push:20210929:evaluating:e4d134d, author = {Silent Push}, title = {{Evaluating the Value of Security Intelligence Feeds with Silent Push}}, date = {2021-09-29}, organization = {Silent Push}, url = {https://www.silentpush.com/blog/evaluating-the-value-of-security-feeds-with-silent-push}, language = {English}, urldate = {2022-07-13} } Evaluating the Value of Security Intelligence Feeds with Silent Push
2021-09-25Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210925:thread:afea874, author = {Microsoft Security Intelligence}, title = {{Thread on Malicious Android apps posing as bank loan services are being widely distributed to targets in Asia}}, date = {2021-09-25}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1441524497924833282?s=20}, language = {English}, urldate = {2021-09-28} } Thread on Malicious Android apps posing as bank loan services are being widely distributed to targets in Asia
Unidentified APK 006
2021-08-04Security IntelligenceAllison Wikoff, Richard Emerson
@online{wikoff:20210804:itg18:f2f125f, author = {Allison Wikoff and Richard Emerson}, title = {{ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group}}, date = {2021-08-04}, organization = {Security Intelligence}, url = {https://securityintelligence.com/posts/itg18-operational-security-errors-plague-iranian-threat-group/}, language = {English}, urldate = {2021-08-23} } ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group
LittleLooter
2021-07-27ElasticElastic Security Intelligence & Analytics Team
@online{team:20210727:collecting:fb21718, author = {Elastic Security Intelligence & Analytics Team}, title = {{Collecting and operationalizing threat data from the Mozi botnet}}, date = {2021-07-27}, organization = {Elastic}, url = {https://www.elastic.co/blog/collecting-and-operationalizing-threat-data-from-the-mozi-botnet}, language = {English}, urldate = {2021-07-29} } Collecting and operationalizing threat data from the Mozi botnet
Mozi
2021-07-24Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210724:attackers:4a3d443, author = {Microsoft Security Intelligence}, title = {{Tweet on attackers increasingly using HTML smuggling in phishing and other email campaigns to deliver Casbaneiro}}, date = {2021-07-24}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1418706916922986504}, language = {English}, urldate = {2021-08-02} } Tweet on attackers increasingly using HTML smuggling in phishing and other email campaigns to deliver Casbaneiro
Metamorfo
2021-06-11Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210611:solarmarkerjupyter:86c4f14, author = {Microsoft Security Intelligence}, title = {{Tweet on solarmarker/Jupyter malware}}, date = {2021-06-11}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1403461397283950597}, language = {English}, urldate = {2021-06-21} } Tweet on solarmarker/Jupyter malware
solarmarker
2021-05-20Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210520:javabased:ce966f5, author = {Microsoft Security Intelligence}, title = {{Tweet on Java-based STRRAT malware campaign distributed via email}}, date = {2021-05-20}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1395138347601854465}, language = {English}, urldate = {2021-05-25} } Tweet on Java-based STRRAT malware campaign distributed via email
STRRAT
2021-05-11Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210511:snip3:69a4650, author = {Microsoft Security Intelligence}, title = {{Tweet on Snip3 crypter delivering AsyncRAT or AgentTesla}}, date = {2021-05-11}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1392219299696152578}, language = {English}, urldate = {2021-05-13} } Tweet on Snip3 crypter delivering AsyncRAT or AgentTesla
Agent Tesla AsyncRAT
2021-03-18SUPO Finnish Security Intelligence ServiceSUPO Finnish Security Intelligence Service
@online{service:20210318:supo:9dc5c66, author = {SUPO Finnish Security Intelligence Service}, title = {{Supo identified the cyber espionage operation against the parliament as APT31}}, date = {2021-03-18}, organization = {SUPO Finnish Security Intelligence Service}, url = {https://supo.fi/-/suojelupoliisi-tunnisti-eduskuntaan-kohdistuneen-kybervakoiluoperaation-apt31-ksi}, language = {Finnish}, urldate = {2021-03-19} } Supo identified the cyber espionage operation against the parliament as APT31
APT31
2021-03-02Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210302:gootkit:30182a1, author = {Microsoft Security Intelligence}, title = {{Tweet on Gootkit malware campaign}}, date = {2021-03-02}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1366542130731094021}, language = {English}, urldate = {2021-03-04} } Tweet on Gootkit malware campaign
GootKit
2020-12-13MicrosoftMicrosoft Security Intelligence
@online{intelligence:20201213:trojanmsilsolorigatebdha:f470d89, author = {Microsoft Security Intelligence}, title = {{Trojan:MSIL/Solorigate.B!dha}}, date = {2020-12-13}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:MSIL/Solorigate.B!dha}, language = {English}, urldate = {2020-12-14} } Trojan:MSIL/Solorigate.B!dha
SUNBURST
2020-10-06Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20201006:ta505:a34d957, author = {Microsoft Security Intelligence}, title = {{Tweet on TA505 threat actor exploiting Zerologon (CVE-2020-1472) Vulnerability}}, date = {2020-10-06}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1313598440719355904}, language = {English}, urldate = {2020-10-08} } Tweet on TA505 threat actor exploiting Zerologon (CVE-2020-1472) Vulnerability
2020-08-27Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20200827:anubis:e53422c, author = {Microsoft Security Intelligence}, title = {{Tweet on Anubis Stealer}}, date = {2020-08-27}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1298752223321546754}, language = {English}, urldate = {2020-09-01} } Tweet on Anubis Stealer
Anubis