Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-11-22MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20231122:diamond:59a70c1, author = {Microsoft Threat Intelligence}, title = {{Diamond Sleet supply chain compromise distributes a modified CyberLink installer}}, date = {2023-11-22}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer/}, language = {English}, urldate = {2023-11-23} } Diamond Sleet supply chain compromise distributes a modified CyberLink installer
LambLoad
2023-10-31InfobloxInfoblox Threat Intelligence Group
@online{group:20231031:prolific:e4f06e8, author = {Infoblox Threat Intelligence Group}, title = {{Prolific Puma: Shadowy Link Shortening Service Enables Cybercrime}}, date = {2023-10-31}, organization = {Infoblox}, url = {https://blogs.infoblox.com/cyber-threat-intelligence/prolific-puma-shadowy-link-shortening-service-enables-cybercrime/}, language = {English}, urldate = {2023-11-13} } Prolific Puma: Shadowy Link Shortening Service Enables Cybercrime
Prolific Puma
2023-10-30CheckpointCheckpoint Research
@online{research:20231030:30th:8400dfb, author = {Checkpoint Research}, title = {{30TH OCTOBER – THREAT INTELLIGENCE REPORT}}, date = {2023-10-30}, organization = {Checkpoint}, url = {https://research.checkpoint.com/2023/30th-october-threat-intelligence-report/}, language = {English}, urldate = {2023-11-17} } 30TH OCTOBER – THREAT INTELLIGENCE REPORT
2023-10-18MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20231018:multiple:1533f8e, author = {Microsoft Threat Intelligence}, title = {{Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability}}, date = {2023-10-18}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/}, language = {English}, urldate = {2023-10-20} } Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability
FeedLoad ForestTiger HazyLoad RollSling
2023-10-11Twitter (@MsftSecIntel)Microsoft Threat Intelligence
@online{intelligence:20231011:storm0062:280ecc3, author = {Microsoft Threat Intelligence}, title = {{Tweet on Storm-0062 exploiting CVE-2023-22515}}, date = {2023-10-11}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1711871732644970856}, language = {English}, urldate = {2023-12-04} } Tweet on Storm-0062 exploiting CVE-2023-22515
2023-09-12MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230912:malware:3a31afc, author = {Microsoft Threat Intelligence}, title = {{Malware distributor Storm-0324 facilitates ransomware access}}, date = {2023-09-12}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/09/12/malware-distributor-storm-0324-facilitates-ransomware-access/}, language = {English}, urldate = {2023-09-13} } Malware distributor Storm-0324 facilitates ransomware access
JSSLoader
2023-09-11SymantecSymantec Threat Intelligence
@online{intelligence:20230911:about:e53f947, author = {Symantec Threat Intelligence}, title = {{Tweet about Symantec discovering a new variant of SiestaGraph}}, date = {2023-09-11}, organization = {Symantec}, url = {https://x.com/threatintel/status/1701259256199090217}, language = {English}, urldate = {2023-09-18} } Tweet about Symantec discovering a new variant of SiestaGraph
SiestaGraph
2023-08-28360360 Threat Intelligence Center
@online{center:20230828:aptc55:9eadb97, author = {360 Threat Intelligence Center}, title = {{APT-C-55 (Kimsuky) organization uses Korean domain names for malicious activities}}, date = {2023-08-28}, organization = {360}, url = {https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA%3D%3D&mid=2247493300&idx=1&sn=614dda72d95b5dfd732916aec0662598&chksm=f9c1d5bdceb65cab316de9e368fef6a997b82e96ed1a70b9b53ea8ae3c5698a8d4c95488e956&scene=178&cur_album_id=1955835290309230595}, language = {Chinese}, urldate = {2023-09-07} } APT-C-55 (Kimsuky) organization uses Korean domain names for malicious activities
2023-08-24MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230824:flax:7a9270d, author = {Microsoft Threat Intelligence}, title = {{Flax Typhoon using legitimate software to quietly access Taiwanese organizations}}, date = {2023-08-24}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/08/24/flax-typhoon-using-legitimate-software-to-quietly-access-taiwanese-organizations/}, language = {English}, urldate = {2023-08-25} } Flax Typhoon using legitimate software to quietly access Taiwanese organizations
2023-08-02MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230802:midnight:5a9de36, author = {Microsoft Threat Intelligence}, title = {{Midnight Blizzard conducts targeted social engineering over Microsoft Teams}}, date = {2023-08-02}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/}, language = {English}, urldate = {2023-08-03} } Midnight Blizzard conducts targeted social engineering over Microsoft Teams
2023-08-01Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20230801:analysis:f2cce13, author = {Red Raindrop Team}, title = {{Analysis of Recent Activities of the Mylobot Botnet}}, date = {2023-08-01}, organization = {Qianxin Threat Intelligence Center}, url = {https://ti.qianxin.com/blog/articles/Analysis-of-Recent-Activities-of-the-Mylobot-Botnet-EN/}, language = {English}, urldate = {2023-11-17} } Analysis of Recent Activities of the Mylobot Botnet
MyloBot
2023-07-26WeixinAnheng Threat Intelligence Center
@online{center:20230726:apt29:dec5309, author = {Anheng Threat Intelligence Center}, title = {{APT29 recently faked the German embassy and issued a malicious PDF file}}, date = {2023-07-26}, organization = {Weixin}, url = {https://mp.weixin.qq.com/s?__biz=MzUyMDEyNTkwNA%3D%3D&mid=2247494783&idx=1&sn=612cf3cea1ef62e04bfb6bd0ce3b6b65&chksm=f9ed80c0ce9a09d6f5edc1424df5260cb9a9cf55fe92bd922407eef960650e91ec8cc46933ab&scene=178&cur_album_id=1375769135073951745}, language = {Chinese}, urldate = {2023-07-28} } APT29 recently faked the German embassy and issued a malicious PDF file
BEATDROP Unidentified 107 (APT29)
2023-07-19Twitter (@MsftSecIntel)Microsoft Threat Intelligence
@online{intelligence:20230719:targeted:a0e926e, author = {Microsoft Threat Intelligence}, title = {{Tweet on targeted attacks against the defense sector in Ukraine and Eastern Europe by the threat actor Secret Blizzard}}, date = {2023-07-19}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/msftsecintel/status/1681695399084539908}, language = {English}, urldate = {2023-07-20} } Tweet on targeted attacks against the defense sector in Ukraine and Eastern Europe by the threat actor Secret Blizzard
DeliveryCheck Kazuar
2023-07-14MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230714:analysis:78678b4, author = {Microsoft Threat Intelligence}, title = {{Analysis of Storm-0558 techniques for unauthorized email access}}, date = {2023-07-14}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/}, language = {English}, urldate = {2023-07-31} } Analysis of Storm-0558 techniques for unauthorized email access
2023-06-15eSentireRussianPanda
@online{russianpanda:20230615:esentire:68fb84e, author = {RussianPanda}, title = {{eSentire Threat Intelligence Malware Analysis: Aurora Stealer}}, date = {2023-06-15}, organization = {eSentire}, url = {https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-aurora-stealer}, language = {English}, urldate = {2023-07-11} } eSentire Threat Intelligence Malware Analysis: Aurora Stealer
Aurora Stealer
2023-06-15eSentireRussianPanda
@online{russianpanda:20230615:esentire:7cd1ea3, author = {RussianPanda}, title = {{eSentire Threat Intelligence Malware Analysis: Resident Campaign}}, date = {2023-06-15}, organization = {eSentire}, url = {https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-resident-campaign}, language = {English}, urldate = {2023-07-11} } eSentire Threat Intelligence Malware Analysis: Resident Campaign
Cobalt Strike Rhadamanthys
2023-06-14PICUS SecuritySıla Özeren
@online{zeren:20230614:picus:9a2d822, author = {Sıla Özeren}, title = {{Picus Cyber Threat Intelligence Report May 2023: Top 10 MITRE ATT&CK Techniques}}, date = {2023-06-14}, organization = {PICUS Security}, url = {https://www.picussecurity.com/resource/blog/cyber-threat-intelligence-report-may-2023}, language = {English}, urldate = {2023-12-04} } Picus Cyber Threat Intelligence Report May 2023: Top 10 MITRE ATT&CK Techniques
2023-06-14MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230614:cadet:c02303d, author = {Microsoft Threat Intelligence}, title = {{Cadet Blizzard emerges as a novel and distinct Russian threat actor}}, date = {2023-06-14}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/}, language = {English}, urldate = {2023-07-11} } Cadet Blizzard emerges as a novel and distinct Russian threat actor
p0wnyshell reGeorg WhisperGate
2023-05-24MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230524:volt:e7b8951, author = {Microsoft Threat Intelligence}, title = {{Volt Typhoon targets US critical infrastructure with living-off-the-land techniques}}, date = {2023-05-24}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/}, language = {English}, urldate = {2023-05-26} } Volt Typhoon targets US critical infrastructure with living-off-the-land techniques
Volt Typhoon
2023-05-09eSentireRussianPanda
@online{russianpanda:20230509:esentire:3eaa138, author = {RussianPanda}, title = {{eSentire Threat Intelligence Malware Analysis: Vidar Stealer}}, date = {2023-05-09}, organization = {eSentire}, url = {https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-vidar-stealer}, language = {English}, urldate = {2023-05-25} } eSentire Threat Intelligence Malware Analysis: Vidar Stealer
Vidar