Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-04-09MicrosoftEmily Hacker, Justin Carroll, Microsoft 365 Defender Threat Intelligence Team
@online{hacker:20210409:investigating:2b6f30a, author = {Emily Hacker and Justin Carroll and Microsoft 365 Defender Threat Intelligence Team}, title = {{Investigating a unique “form” of email delivery for IcedID malware}}, date = {2021-04-09}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/04/09/investigating-a-unique-form-of-email-delivery-for-icedid-malware/}, language = {English}, urldate = {2021-04-12} } Investigating a unique “form” of email delivery for IcedID malware
IcedID
2021-04-06MalwarebytesThreat Intelligence Team
@online{team:20210406:deep:6279974, author = {Threat Intelligence Team}, title = {{A deep dive into Saint Bot, a new downloader}}, date = {2021-04-06}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2021/04/a-deep-dive-into-saint-bot-downloader/}, language = {English}, urldate = {2021-04-12} } A deep dive into Saint Bot, a new downloader
Saint Bot
2021-03-25MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210325:analyzing:d9ddef0, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Analyzing attacks taking advantage of the Exchange Server vulnerabilities}}, date = {2021-03-25}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/25/analyzing-attacks-taking-advantage-of-the-exchange-server-vulnerabilities/}, language = {English}, urldate = {2021-03-30} } Analyzing attacks taking advantage of the Exchange Server vulnerabilities
CHINACHOPPER
2021-03-24MalwarebytesThreat Intelligence Team
@online{team:20210324:software:f896085, author = {Threat Intelligence Team}, title = {{Software renewal scammers unmasked}}, date = {2021-03-24}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2021/03/software-renewal-scammers-unmasked/}, language = {English}, urldate = {2021-03-25} } Software renewal scammers unmasked
2021-03-04WMC GlobalWMC Global Threat Intelligence Team
@online{team:20210304:compact:0e18165, author = {WMC Global Threat Intelligence Team}, title = {{The Compact Campaign}}, date = {2021-03-04}, organization = {WMC Global}, url = {https://www.wmcglobal.com/blog/the-compact-campaign}, language = {English}, urldate = {2021-03-06} } The Compact Campaign
2021-03-04MicrosoftRamin Nafisi, Andrea Lelli, Microsoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{nafisi:20210304:goldmax:3fa3f68, author = {Ramin Nafisi and Andrea Lelli and Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence}}, date = {2021-03-04}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware}, language = {English}, urldate = {2021-03-06} } GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
SUNBURST TEARDROP UNC2452
2021-03-02MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team, Microsoft 365 Security
@online{mstic:20210302:hafnium:c7d8588, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team and Microsoft 365 Security}, title = {{HAFNIUM targeting Exchange Servers with 0-day exploits}}, date = {2021-03-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers}, language = {English}, urldate = {2021-03-07} } HAFNIUM targeting Exchange Servers with 0-day exploits
CHINACHOPPER HAFNIUM
2021-02-12MalwarebytesThreat Intelligence Team
@online{team:20210212:malvertising:6f4c197, author = {Threat Intelligence Team}, title = {{Malvertising campaign on PornHub and other top adult brands exposes users to tech support scams}}, date = {2021-02-12}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2021/02/malvertising-campaign-on-top-adult-brands-exposes-users-to-tech-support-scams/}, language = {English}, urldate = {2021-02-18} } Malvertising campaign on PornHub and other top adult brands exposes users to tech support scams
2021-02-01MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210201:what:2e12897, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{What tracking an attacker email infrastructure tells us about persistent cybercriminal operations}}, date = {2021-02-01}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/02/01/what-tracking-an-attacker-email-infrastructure-tells-us-about-persistent-cybercriminal-operations/}, language = {English}, urldate = {2021-02-02} } What tracking an attacker email infrastructure tells us about persistent cybercriminal operations
Dridex Emotet Makop Ransomware SmokeLoader TrickBot
2021-01-29MalwarebytesThreat Intelligence Team
@online{team:20210129:cleaning:489c8b3, author = {Threat Intelligence Team}, title = {{Cleaning up after Emotet: the law enforcement file}}, date = {2021-01-29}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/}, language = {English}, urldate = {2021-02-02} } Cleaning up after Emotet: the law enforcement file
Emotet
2021-01-28MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20210128:zinc:9c8aff4, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{ZINC attacks against security researchers}}, date = {2021-01-28}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/}, language = {English}, urldate = {2021-01-29} } ZINC attacks against security researchers
ComeBacker Klackring
2021-01-08ReaqtaReaQta Threat Intelligence Team
@online{team:20210108:leonardo:bf16884, author = {ReaQta Threat Intelligence Team}, title = {{Leonardo S.p.A. Data Breach Analysis}}, date = {2021-01-08}, organization = {Reaqta}, url = {https://reaqta.com/2021/01/fujinama-analysis-leonardo-spa/}, language = {English}, urldate = {2021-01-11} } Leonardo S.p.A. Data Breach Analysis
2020-11-30MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20201130:threat:99a3844, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them}}, date = {2020-11-30}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/11/30/threat-actor-leverages-coin-miner-techniques-to-stay-under-the-radar-heres-how-to-spot-them}, language = {English}, urldate = {2020-12-15} } Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them
APT32
2020-11-30MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20201130:threat:2633df5, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Threat actor (BISMUTH) leverages coin miner techniques to stay under the radar – here’s how to spot them}}, date = {2020-11-30}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/11/30/threat-actor-leverages-coin-miner-techniques-to-stay-under-the-radar-heres-how-to-spot-them/}, language = {English}, urldate = {2020-12-01} } Threat actor (BISMUTH) leverages coin miner techniques to stay under the radar – here’s how to spot them
Cobalt Strike
2020-11-16MalwarebytesThreat Intelligence Team
@online{team:20201116:malsmoke:0cddf67, author = {Threat Intelligence Team}, title = {{Malsmoke operators abandon exploit kits in favor of social engineering scheme}}, date = {2020-11-16}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2020/11/malsmoke-operators-abandon-exploit-kits-in-favor-of-social-engineering-scheme/}, language = {English}, urldate = {2020-11-18} } Malsmoke operators abandon exploit kits in favor of social engineering scheme
Zloader
2020-10-14MalwarebytesThreat Intelligence Team
@online{team:20201014:silent:8149a1d, author = {Threat Intelligence Team}, title = {{Silent Librarian APT right on schedule for 20/21 academic year}}, date = {2020-10-14}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/}, language = {English}, urldate = {2020-10-23} } Silent Librarian APT right on schedule for 20/21 academic year
2020-10-12MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20201012:trickbot:e4f086f, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Trickbot disrupted}}, date = {2020-10-12}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/10/12/trickbot-disrupted/}, language = {English}, urldate = {2020-10-12} } Trickbot disrupted
TrickBot
2020-10-08MalwarebytesThreat Intelligence Team
@online{team:20201008:credit:5e7e0b3, author = {Threat Intelligence Team}, title = {{Credit card skimmer targets virtual conference platform}}, date = {2020-10-08}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/malwarebytes-news/2020/10/credit-card-skimmer-targets-virtual-conference-platform/}, language = {English}, urldate = {2020-10-12} } Credit card skimmer targets virtual conference platform
2020-09-09MalwarebytesThreat Intelligence Team
@online{team:20200909:malvertising:ed1c3b8, author = {Threat Intelligence Team}, title = {{Malvertising campaigns come back in full swing}}, date = {2020-09-09}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/social-engineering/2020/09/malvertising-campaigns-come-back-in-full-swing/}, language = {English}, urldate = {2020-09-15} } Malvertising campaigns come back in full swing
Raccoon SmokeLoader
2020-08-18F-SecureF-Secure Threat Intelligence Team
@techreport{team:20200818:lazarus:9be8b2a, author = {F-Secure Threat Intelligence Team}, title = {{Lazarus Group Campaign Targeting the Cryptocurrency Vertical}}, date = {2020-08-18}, institution = {F-Secure}, url = {https://labs.f-secure.com/assets/BlogFiles/f-secureLABS-tlp-white-lazarus-threat-intel-report2.pdf}, language = {English}, urldate = {2020-08-31} } Lazarus Group Campaign Targeting the Cryptocurrency Vertical