Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-24MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230524:volt:e7b8951, author = {Microsoft Threat Intelligence}, title = {{Volt Typhoon targets US critical infrastructure with living-off-the-land techniques}}, date = {2023-05-24}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/}, language = {English}, urldate = {2023-05-26} } Volt Typhoon targets US critical infrastructure with living-off-the-land techniques
2023-05-09eSentireRussianPanda
@online{russianpanda:20230509:esentire:3eaa138, author = {RussianPanda}, title = {{eSentire Threat Intelligence Malware Analysis: Vidar Stealer}}, date = {2023-05-09}, organization = {eSentire}, url = {https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-vidar-stealer}, language = {English}, urldate = {2023-05-25} } eSentire Threat Intelligence Malware Analysis: Vidar Stealer
Vidar
2023-04-27PRODAFT Threat IntelligencePRODAFT
@techreport{prodaft:20230427:nomadic:2c51de5, author = {PRODAFT}, title = {{Nomadic Octopus’ Paperbug Campaign}}, date = {2023-04-27}, institution = {PRODAFT Threat Intelligence}, url = {https://www.prodaft.com/m/reports/PAPERBUG_TLPWHITE-1.pdf}, language = {English}, urldate = {2023-05-08} } Nomadic Octopus’ Paperbug Campaign
Octopus
2023-04-19MicrosoftJustin Warner, Microsoft Threat Intelligence Center (MSTIC)
@online{warner:20230419:exploring:c68c1d0, author = {Justin Warner and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Exploring STRONTIUM's Abuse of Cloud Services}}, date = {2023-04-19}, organization = {Microsoft}, url = {https://www.youtube.com/watch?v=_qdCGgQlHJE}, language = {English}, urldate = {2023-04-22} } Exploring STRONTIUM's Abuse of Cloud Services
FusionDrive
2023-04-18MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230418:nationstate:11efa4c, author = {Microsoft Threat Intelligence}, title = {{Nation-state threat actor PHOSPHORUS refines tradecraft to attack high-value targets}}, date = {2023-04-18}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/04/18/nation-state-threat-actor-mint-sandstorm-refines-tradecraft-to-attack-high-value-targets/}, language = {English}, urldate = {2023-04-22} } Nation-state threat actor PHOSPHORUS refines tradecraft to attack high-value targets
Drokbk
2023-04-13MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230413:threat:a445e97, author = {Microsoft Threat Intelligence}, title = {{Threat actors strive to cause Tax Day headaches}}, date = {2023-04-13}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/04/13/threat-actors-strive-to-cause-tax-day-headaches/}, language = {English}, urldate = {2023-04-18} } Threat actors strive to cause Tax Day headaches
CloudEyE Remcos
2023-04-11MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230411:dev0196:1589080, author = {Microsoft Threat Intelligence}, title = {{DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia}}, date = {2023-04-11}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/04/11/dev-0196-quadreams-kingspawn-malware-used-to-target-civil-society-in-europe-north-america-the-middle-east-and-southeast-asia/}, language = {English}, urldate = {2023-04-18} } DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia
2023-04-07MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230407:mercury:7727e83, author = {Microsoft Threat Intelligence}, title = {{MERCURY and DEV-1084: Destructive attack on hybrid environment}}, date = {2023-04-07}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/04/07/mercury-and-dev-1084-destructive-attack-on-hybrid-environment/}, language = {English}, urldate = {2023-04-18} } MERCURY and DEV-1084: Destructive attack on hybrid environment
DarkBit
2023-03-15MicrosoftMicrosoft Threat Intelligence
@techreport{intelligence:20230315:year:01e29b1, author = {Microsoft Threat Intelligence}, title = {{A year of Russian hybrid warfare in Ukraine}}, date = {2023-03-15}, institution = {Microsoft}, url = {https://www.microsoft.com/en-us/security/business/security-insider/wp-content/uploads/2023/03/A-year-of-Russian-hybrid-warfare-in-Ukraine_MS-Threat-Intelligence-1.pdf}, language = {English}, urldate = {2023-04-25} } A year of Russian hybrid warfare in Ukraine
CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket SwiftSlicer WhisperGate
2023-03-13MicrosoftMicrosoft Threat Intelligence Center
@online{center:20230313:dev1101:be64ddc, author = {Microsoft Threat Intelligence Center}, title = {{DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit}}, date = {2023-03-13}, organization = {Microsoft}, url = {https://security-blog-prod-wp01.azurewebsites.net/en-us/security/blog/2023/03/13/dev-1101-enables-high-volume-aitm-campaigns-with-open-source-phishing-kit/}, language = {English}, urldate = {2023-03-20} } DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit
2023-03-08MalwarebytesMalwarebytes Threat Intelligence Team
@online{team:20230308:ransomware:b867332, author = {Malwarebytes Threat Intelligence Team}, title = {{Ransomware review: March 2023}}, date = {2023-03-08}, organization = {Malwarebytes}, url = {https://www.malwarebytes.com/blog/threat-intelligence/2023/03/ransomware-review-march-2023}, language = {English}, urldate = {2023-04-08} } Ransomware review: March 2023
Vendetta
2023-02-27PRODAFT Threat IntelligencePRODAFT
@techreport{prodaft:20230227:rig:72076aa, author = {PRODAFT}, title = {{RIG Exploit Kit: In-Depth Analysis}}, date = {2023-02-27}, institution = {PRODAFT Threat Intelligence}, url = {https://www.prodaft.com/m/reports/RIG___TLP_CLEAR-1.pdf}, language = {English}, urldate = {2023-05-08} } RIG Exploit Kit: In-Depth Analysis
Dridex IcedID ISFB PureCrypter Raccoon RecordBreaker RedLine Stealer Royal Ransom Silence SmokeLoader Zloader
2023-02-02YouTube (SLEUTHCON)Christopher Glyer, Microsoft Threat Intelligence Center (MSTIC)
@online{glyer:20230202:lions:b21e15a, author = {Christopher Glyer and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Lions, Tigers, and Infostealers - Oh my!}}, date = {2023-02-02}, organization = {YouTube (SLEUTHCON)}, url = {https://www.youtube.com/watch?v=NI_Yw2t9zoo}, language = {English}, urldate = {2023-04-25} } Lions, Tigers, and Infostealers - Oh my!
RecordBreaker RedLine Stealer Vidar
2022-12-21MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221221:microsoft:3e9b011, author = {Microsoft Security Threat Intelligence}, title = {{Microsoft research uncovers new Zerobot capabilities}}, date = {2022-12-21}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2022/12/21/microsoft-research-uncovers-new-zerobot-capabilities/}, language = {English}, urldate = {2022-12-29} } Microsoft research uncovers new Zerobot capabilities
ZeroBot SparkRAT
2022-12-06360 Threat Intelligence Center360 Beacon Lab
@online{lab:20221206:analysis:d045827, author = {360 Beacon Lab}, title = {{Analysis of suspected APT-C-56 (Transparent Tribe) attacks against terrorism}}, date = {2022-12-06}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/J_A12SOX0k5TOYFAegBv_w}, language = {Chinese}, urldate = {2022-12-24} } Analysis of suspected APT-C-56 (Transparent Tribe) attacks against terrorism
AhMyth Meterpreter SpyNote AsyncRAT
2022-12-02Avast DecodedThreat Intelligence Team
@online{team:20221202:hitching:0cb7557, author = {Threat Intelligence Team}, title = {{Hitching a ride with Mustang Panda}}, date = {2022-12-02}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatintel/apt-treasure-trove-avast-suspects-chinese-apt-group-mustang-panda-is-collecting-data-from-burmese-government-agencies-and-opposition-groups/}, language = {English}, urldate = {2022-12-02} } Hitching a ride with Mustang Panda
PlugX
2022-11-30Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20221130:analysis:aa1ce2e, author = {Red Raindrop Team}, title = {{Analysis of APT29's attack activities against Italy}}, date = {2022-11-30}, organization = {Qianxin Threat Intelligence Center}, url = {https://ti.qianxin.com/blog/articles/analysis-of-apt29%27s-attack-activities-against-italy/}, language = {Chinese}, urldate = {2022-12-20} } Analysis of APT29's attack activities against Italy
Unidentified 098 (APT29 Slack Downloader)
2022-11-17MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221117:dev0569:86675d7, author = {Microsoft Security Threat Intelligence}, title = {{DEV-0569 finds new ways to deliver Royal ransomware, various payloads}}, date = {2022-11-17}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2022/11/17/dev-0569-finds-new-ways-to-deliver-royal-ransomware-various-payloads/}, language = {English}, urldate = {2023-01-05} } DEV-0569 finds new ways to deliver Royal ransomware, various payloads
Royal Ransom
2022-10-27MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221027:raspberry:b6d1ce4, author = {Microsoft Security Threat Intelligence}, title = {{Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity}}, date = {2022-10-27}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/}, language = {English}, urldate = {2023-03-13} } Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
FAKEUPDATES BumbleBee Fauppod PhotoLoader Raspberry Robin Roshtyak
2022-10-25MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221025:dev0832:5d16a04, author = {Microsoft Security Threat Intelligence}, title = {{DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector}}, date = {2022-10-25}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2022/10/25/dev-0832-vice-society-opportunistic-ransomware-campaigns-impacting-us-education-sector/}, language = {English}, urldate = {2023-02-03} } DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector
BlackCat Mount Locker Zeppelin