Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-13MicrosoftMicrosoft Threat Intelligence Center
@online{center:20230313:dev1101:be64ddc, author = {Microsoft Threat Intelligence Center}, title = {{DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit}}, date = {2023-03-13}, organization = {Microsoft}, url = {https://security-blog-prod-wp01.azurewebsites.net/en-us/security/blog/2023/03/13/dev-1101-enables-high-volume-aitm-campaigns-with-open-source-phishing-kit/}, language = {English}, urldate = {2023-03-20} } DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit
2022-12-06360 Threat Intelligence Center360 Beacon Lab
@online{lab:20221206:analysis:d045827, author = {360 Beacon Lab}, title = {{Analysis of suspected APT-C-56 (Transparent Tribe) attacks against terrorism}}, date = {2022-12-06}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/J_A12SOX0k5TOYFAegBv_w}, language = {Chinese}, urldate = {2022-12-24} } Analysis of suspected APT-C-56 (Transparent Tribe) attacks against terrorism
AhMyth Meterpreter SpyNote AsyncRAT
2022-11-30Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20221130:analysis:aa1ce2e, author = {Red Raindrop Team}, title = {{Analysis of APT29's attack activities against Italy}}, date = {2022-11-30}, organization = {Qianxin Threat Intelligence Center}, url = {https://ti.qianxin.com/blog/articles/analysis-of-apt29%27s-attack-activities-against-italy/}, language = {Chinese}, urldate = {2022-12-20} } Analysis of APT29's attack activities against Italy
Unidentified 098 (APT29 Slack Downloader)
2022-10-10RiskIQMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20221010:dev0832:07768a3, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{DEV-0832 Leverages Commodity Tools in Opportunistic Ransomware Campaigns}}, date = {2022-10-10}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/47766fbd}, language = {English}, urldate = {2022-10-19} } DEV-0832 Leverages Commodity Tools in Opportunistic Ransomware Campaigns
BlackCat Mount Locker SystemBC Zeppelin
2022-08-25MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Research Team, Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20220825:mercury:a02a670, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team and Microsoft 365 Defender Threat Intelligence Team}, title = {{MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations}}, date = {2022-08-25}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/25/mercury-leveraging-log4j-2-vulnerabilities-in-unpatched-systems-to-target-israeli-organizations}, language = {English}, urldate = {2022-08-30} } MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
MimiKatz
2022-08-24MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Detection and Response Team (DART), Microsoft 365 Defender Team
@online{mstic:20220824:magicweb:1bb7204, author = {Microsoft Threat Intelligence Center (MSTIC) and Detection and Response Team (DART) and Microsoft 365 Defender Team}, title = {{MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone}}, date = {2022-08-24}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/24/magicweb-nobeliums-post-compromise-trick-to-authenticate-as-anyone/}, language = {English}, urldate = {2022-08-28} } MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone
2022-08-17360360 Threat Intelligence Center
@online{center:20220817:kasablanka:2a28570, author = {360 Threat Intelligence Center}, title = {{Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East}}, date = {2022-08-17}, organization = {360}, url = {https://mp.weixin.qq.com/s/mstwBMkS0G3Et4GOji2mwA}, language = {Chinese}, urldate = {2022-08-19} } Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East
SpyNote Loda Nanocore RAT NjRAT
2022-08-15MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Office 365 Threat Research Team, Digital Threat Analysis Center (DTAC)
@online{mstic:20220815:disrupting:6429d3a, author = {Microsoft Threat Intelligence Center (MSTIC) and Office 365 Threat Research Team and Digital Threat Analysis Center (DTAC)}, title = {{Disrupting SEABORGIUM’s ongoing phishing operations}}, date = {2022-08-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations}, language = {English}, urldate = {2022-08-18} } Disrupting SEABORGIUM’s ongoing phishing operations
Callisto
2022-08-15MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Office 365 Threat Research Team, Digital Threat Analysis Center (DTAC)
@online{mstic:20220815:disrupting:528a65e, author = {Microsoft Threat Intelligence Center (MSTIC) and Office 365 Threat Research Team and Digital Threat Analysis Center (DTAC)}, title = {{Disrupting SEABORGIUM’s ongoing phishing operations}}, date = {2022-08-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/}, language = {English}, urldate = {2022-08-17} } Disrupting SEABORGIUM’s ongoing phishing operations
2022-07-27MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), RiskIQ
@online{mstic:20220727:untangling:27dd5d0, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) and RiskIQ}, title = {{Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits}}, date = {2022-07-27}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/}, language = {English}, urldate = {2022-08-15} } Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
Subzero
2022-07-20FreebufQi Anxin Threat Intelligence Center
@online{center:20220720:abused:27d014d, author = {Qi Anxin Threat Intelligence Center}, title = {{Abused Slack Service: Analysis of APT29's Attack on Italy}}, date = {2022-07-20}, organization = {Freebuf}, url = {https://www.freebuf.com/articles/paper/339618.html}, language = {English}, urldate = {2022-10-19} } Abused Slack Service: Analysis of APT29's Attack on Italy
Unidentified 098 (APT29 Slack Downloader)
2022-07-14MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20220714:north:876e680, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{North Korean threat actor (H0lyGh0st /DEV-0530) targets small and midsize businesses with H0lyGh0st ransomware}}, date = {2022-07-14}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/14/north-korean-threat-actor-targets-small-and-midsize-businesses-with-h0lygh0st-ransomware/}, language = {English}, urldate = {2022-07-15} } North Korean threat actor (H0lyGh0st /DEV-0530) targets small and midsize businesses with H0lyGh0st ransomware
SiennaBlue SiennaPurple
2022-07-12MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Research Team
@online{mstic:20220712:from:3d3a8e3, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team}, title = {{From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud}}, date = {2022-07-12}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/}, language = {English}, urldate = {2022-07-15} } From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
2022-07-05MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20220705:hive:840b6e9, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Hive ransomware gets upgrades in Rust}}, date = {2022-07-05}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/05/hive-ransomware-gets-upgrades-in-rust/}, language = {English}, urldate = {2022-07-13} } Hive ransomware gets upgrades in Rust
Hive
2022-06-08Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20220608:operation:3fe580d, author = {Red Raindrop Team}, title = {{Operation Tejas: A dying elephant curled up in the Kunlun Mountains}}, date = {2022-06-08}, organization = {Qianxin Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/8j_rHA7gdMxY1_X8alj8Zg}, language = {English}, urldate = {2022-06-09} } Operation Tejas: A dying elephant curled up in the Kunlun Mountains
HAZY TIGER RAZOR TIGER
2022-06-02MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20220602:exposing:b85423c, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{Exposing POLONIUM activity and infrastructure targeting Israeli organizations}}, date = {2022-06-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/}, language = {English}, urldate = {2022-06-02} } Exposing POLONIUM activity and infrastructure targeting Israeli organizations
POLONIUM
2022-06-01Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20220601:analysis:03a76ad, author = {Red Raindrop Team}, title = {{Analysis of the attack activities of the Maha grass group using the documents of relevant government agencies in Pakistan as bait}}, date = {2022-06-01}, organization = {Qianxin Threat Intelligence Center}, url = {https://ti.qianxin.com/blog/articles/analysis-of-the-attack-activities-of-patchwork-using-the-documents-of-relevant-government-agencies-in-pakistan-as-bait}, language = {English}, urldate = {2022-07-05} } Analysis of the attack activities of the Maha grass group using the documents of relevant government agencies in Pakistan as bait
BadNews QUILTED TIGER
2022-05-18Weixin360 Threat Intelligence Center
@online{center:20220518:filesyncshelldll:4266601, author = {360 Threat Intelligence Center}, title = {{filesyncshell.dll hijacked? APT-C-24 Sidewinder Briefing on the Latest Attack Activity}}, date = {2022-05-18}, organization = {Weixin}, url = {https://mp.weixin.qq.com/s/qsGxZIiTsuI7o-_XmiHLHg}, language = {Chinese}, urldate = {2022-05-25} } filesyncshell.dll hijacked? APT-C-24 Sidewinder Briefing on the Latest Attack Activity
2022-05-09Qianxin Threat Intelligence CenterRed Raindrops Team
@online{team:20220509:operation:5c9c0d7, author = {Red Raindrops Team}, title = {{Operation EviLoong: An electronic party of "borderless" hackers}}, date = {2022-05-09}, organization = {Qianxin Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/K1uBLGqD8kgsIp1yTyYBfw}, language = {Chinese}, urldate = {2022-05-17} } Operation EviLoong: An electronic party of "borderless" hackers
ZXShell
2022-05-09Microsoft SecurityMicrosoft Threat Intelligence Center, Microsoft 365 Defender Threat Intelligence Team
@online{center:20220509:ransomwareasaservice:3dac44d, author = {Microsoft Threat Intelligence Center and Microsoft 365 Defender Threat Intelligence Team}, title = {{Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself}}, date = {2022-05-09}, organization = {Microsoft Security}, url = {https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/}, language = {English}, urldate = {2022-06-02} } Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
Griffon BazarBackdoor BlackCat BlackMatter Blister Gozi LockBit Pandora Rook SystemBC TrickBot