Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-18MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20211118:iranian:911ab04, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{Iranian targeting of IT sector on the rise}}, date = {2021-11-18}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/18/iranian-targeting-of-it-sector-on-the-rise/}, language = {English}, urldate = {2021-11-19} } Iranian targeting of IT sector on the rise
MimiKatz ShellClient RAT
2021-11-18360 netlabHui Wang, Alex.Turing, litao3rd, YANG XU
@online{wang:20211118:pitfall:23ff4ea, author = {Hui Wang and Alex.Turing and litao3rd and YANG XU}, title = {{The Pitfall of Threat Intelligence Whitelisting: Specter Botnet is 'taking over' Top Legit DNS Domains By Using ClouDNS Service}}, date = {2021-11-18}, organization = {360 netlab}, url = {https://blog.netlab.360.com/the-pitfall-of-threat-intelligence-whitelisting-specter-botnet-is-taking-over-top-legit-dns-domains-by-using-cloudns-service/}, language = {English}, urldate = {2021-11-19} } The Pitfall of Threat Intelligence Whitelisting: Specter Botnet is 'taking over' Top Legit DNS Domains By Using ClouDNS Service
Specter
2021-11-18PRODAFT Threat IntelligencePRODAFT
@techreport{prodaft:20211118:conti:d10b80f, author = {PRODAFT}, title = {{Conti Ransomware Group In-Depth Analysis}}, date = {2021-11-18}, institution = {PRODAFT Threat Intelligence}, url = {https://www.prodaft.com/m/reports/Conti_TLPWHITE_v1.6_WVcSEtc.pdf}, language = {English}, urldate = {2021-11-19} } Conti Ransomware Group In-Depth Analysis
Conti
2021-11-16MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20211116:evolving:9bd9d2e, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021}}, date = {2021-11-16}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/16/evolving-trends-in-iranian-threat-actor-activity-mstic-presentation-at-cyberwarcon-2021/}, language = {English}, urldate = {2021-11-17} } Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021
2021-11-16MalwarebytesMalwarebytes Threat Intelligence Team
@online{team:20211116:trickbot:b624694, author = {Malwarebytes Threat Intelligence Team}, title = {{TrickBot helps Emotet come back from the dead}}, date = {2021-11-16}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/11/trickbot-helps-emotet-come-back-from-the-dead/}, language = {English}, urldate = {2021-11-17} } TrickBot helps Emotet come back from the dead
Emotet TrickBot
2021-11-11MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20211111:html:410a27f, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks}}, date = {2021-11-11}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/}, language = {English}, urldate = {2021-11-12} } HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks
AsyncRAT Mekotio NjRAT
2021-11-10SekoiaCyber Threat Intelligence team
@online{team:20211110:walking:cc41f24, author = {Cyber Threat Intelligence team}, title = {{Walking on APT31 infrastructure footprints}}, date = {2021-11-10}, organization = {Sekoia}, url = {https://www.sekoia.io/en/walking-on-apt31-infrastructure-footprints/}, language = {English}, urldate = {2021-11-11} } Walking on APT31 infrastructure footprints
Rekoobe Unidentified ELF 004 Cobalt Strike
2021-11-09PrevailionPrevailion, Accenture Cyber Threat Intelligence
@online{prevailion:20211109:who:f88228a, author = {Prevailion and Accenture Cyber Threat Intelligence}, title = {{Who are latest targets of cyber group Lyceum?}}, date = {2021-11-09}, organization = {Prevailion}, url = {https://www.prevailion.com/latest-targets-of-cyber-group-lyceum/}, language = {English}, urldate = {2021-11-09} } Who are latest targets of cyber group Lyceum?
Milan Shark
2021-11-08MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20211108:threat:0d18523, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus}}, date = {2021-11-08}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/08/threat-actor-dev-0322-exploiting-zoho-manageengine-adselfservice-plus/}, language = {English}, urldate = {2021-11-09} } Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus
2021-10-28PRODAFT Threat IntelligencePRODAFT
@techreport{prodaft:20211028:solarmarker:6c54c24, author = {PRODAFT}, title = {{Solarmarker In-Depth Analysis}}, date = {2021-10-28}, institution = {PRODAFT Threat Intelligence}, url = {https://www.prodaft.com/m/reports/Solarmarker_TLPWHITEv2.pdf}, language = {English}, urldate = {2021-11-03} } Solarmarker In-Depth Analysis
Jupyter Stealer solarmarker
2021-10-25MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20211025:nobelium:ce29e06, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{NOBELIUM targeting delegated administrative privileges to facilitate broader attacks}}, date = {2021-10-25}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks/}, language = {English}, urldate = {2021-11-02} } NOBELIUM targeting delegated administrative privileges to facilitate broader attacks
2021-10-21MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20211021:frankenphish:0b9f2e9, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Franken-phish: TodayZoo built from other phishing kits}}, date = {2021-10-21}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/10/21/franken-phish-todayzoo-built-from-other-phishing-kits/}, language = {English}, urldate = {2021-10-26} } Franken-phish: TodayZoo built from other phishing kits
2021-10-13Anchored Narratives on Threat Intelligence and GeopoliticsRJM
@online{rjm:20211013:trouble:c988e46, author = {RJM}, title = {{Trouble in Asia and the Middle East. Tracking the TransparentTribe threat actor.}}, date = {2021-10-13}, organization = {Anchored Narratives on Threat Intelligence and Geopolitics}, url = {https://anchorednarratives.substack.com/p/trouble-in-asia-and-the-middle-east}, language = {English}, urldate = {2021-10-14} } Trouble in Asia and the Middle East. Tracking the TransparentTribe threat actor.
Crimson RAT
2021-10-11AccentureAccenture Cyber Threat Intelligence
@online{intelligence:20211011:moving:3b0eaec, author = {Accenture Cyber Threat Intelligence}, title = {{Moving Left of the Ransomware Boom}}, date = {2021-10-11}, organization = {Accenture}, url = {https://www.accenture.com/us-en/blogs/cyber-defense/moving-left-ransomware-boom}, language = {English}, urldate = {2021-11-03} } Moving Left of the Ransomware Boom
REvil Cobalt Strike MimiKatz RagnarLocker REvil
2021-10-11MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20211011:iranlinked:0d8f98a, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors}}, date = {2021-10-11}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/10/11/iran-linked-dev-0343-targeting-defense-gis-and-maritime-sectors/}, language = {English}, urldate = {2021-10-26} } Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors
2021-09-27MicrosoftRamin Nafisi, Microsoft Threat Intelligence Center (MSTIC)
@online{nafisi:20210927:foggyweb:3a85efc, author = {Ramin Nafisi and Microsoft Threat Intelligence Center (MSTIC)}, title = {{FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor}}, date = {2021-09-27}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/}, language = {English}, urldate = {2021-09-28} } FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor
2021-09-21MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210921:catching:4621a10, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Catching the big fish: Analyzing a large-scale phishing-as-a-service operation}}, date = {2021-09-21}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/09/21/catching-the-big-fish-analyzing-a-large-scale-phishing-as-a-service-operation/}, language = {English}, urldate = {2021-09-22} } Catching the big fish: Analyzing a large-scale phishing-as-a-service operation
2021-09-15MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20210915:analyzing:37b6528, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability}}, date = {2021-09-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/}, language = {English}, urldate = {2021-09-19} } Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability
Cobalt Strike
2021-09-01360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20210901:aptc56:0f08cce, author = {Advanced Threat Institute}, title = {{APT-C-56 (Transparent Tribe) Latest Attack Analysis and Associated Suspected Gorgon Group Attack Analysis Alert}}, date = {2021-09-01}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/xUM2x89GuB8uP6otN612Fg}, language = {Chinese}, urldate = {2021-09-09} } APT-C-56 (Transparent Tribe) Latest Attack Analysis and Associated Suspected Gorgon Group Attack Analysis Alert
Crimson RAT NetWire RC
2021-08-26MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210826:widespread:16ba3cc, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Widespread credential phishing campaign abuses open redirector links}}, date = {2021-08-26}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/}, language = {English}, urldate = {2021-08-31} } Widespread credential phishing campaign abuses open redirector links