Click here to download all references as Bib-File.•
2024-04-04
⋅
Twitter (@embee_research)
⋅
TLS Certificate For Threat Intelligence - Identifying MatanBuchus Domains Through Hardcoded Certificate Values Matanbuchus |
2024-02-06
⋅
Group-IB
⋅
Dead-end job: ResumeLooters gang infects websites with XSS scripts and SQL injections to vacuum up job seekers' personal data and CVs ResumeLooters |
2024-01-25
⋅
JSAC 2024
⋅
Threat Intelligence of Abused Public Post-Exploitation Frameworks AsyncRAT DCRat Empire Downloader GRUNT Havoc Koadic Merlin PoshC2 Quasar RAT Sliver |
2024-01-25
⋅
JSAC 2024
⋅
Threat Intelligence of Abused Public Post-Exploitation Frameworks AsyncRAT DCRat Empire Downloader GRUNT Havoc Koadic Merlin PoshC2 Quasar RAT Sliver |
2024-01-25
⋅
Microsoft
⋅
Midnight Blizzard: Guidance for responders on nation-state attack UNC2452 |
2024-01-17
⋅
Microsoft
⋅
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs MediaPI |
2023-12-12
⋅
Microsoft
⋅
Threat actors misuse OAuth applications to automate financially driven attacks Storm-1283 Storm-1286 |
2023-12-07
⋅
Microsoft
⋅
Star Blizzard increases sophistication and evasion in ongoing attacks Callisto |
2023-12-05
⋅
PWC
⋅
The Tortoise and The Malwahare SnappyTCP |
2023-12-01
⋅
Twitter (@MsftSecIntel)
⋅
Tweet on Danabot leading to cactus ransomware Cactus DanaBot Storm-1044 |
2023-11-22
⋅
Microsoft
⋅
Diamond Sleet supply chain compromise distributes a modified CyberLink installer LambLoad |
2023-11-09
⋅
Microsoft
⋅
Microsoft shares threat intelligence at CYBERWARCON 2023 Blue Tsunami |
2023-10-31
⋅
Infoblox
⋅
Prolific Puma: Shadowy Link Shortening Service Enables Cybercrime Prolific Puma |
2023-10-30
⋅
Checkpoint
⋅
30TH OCTOBER – THREAT INTELLIGENCE REPORT SingularityMD |
2023-10-18
⋅
Microsoft
⋅
Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability FeedLoad ForestTiger HazyLoad RollSling Silent Chollima |
2023-10-13
⋅
Twitter (@MsftSecIntel)
⋅
Tweet on Storm-1575 and Dadsec phishing platform Storm-1575 |
2023-10-11
⋅
Twitter (@MsftSecIntel)
⋅
Tweet on Storm-0062 exploiting CVE-2023-22515 Storm-0062 |
2023-09-12
⋅
Microsoft
⋅
Malware distributor Storm-0324 facilitates ransomware access JSSLoader Storm-0324 |
2023-09-11
⋅
Symantec
⋅
Tweet about Symantec discovering a new variant of SiestaGraph SiestaGraph |
2023-08-28
⋅
Twitter (@MsftSecIntel)
⋅
Tweet on AiTM phishing trends Storm-1295 |