Tidal References
Tidal References Cluster
Authors
Authors and/or Contributors |
---|
Tidal Cyber |
D3Secutrity CTI Feeds
Banerd, W. (2019, April 30). 10 of the Best Open Source Threat Intelligence Feeds. Retrieved October 20, 2020.
Internal MISP references
UUID 088f2cbd-cce1-477f-9ffb-319477d74b69
which can be used as unique global reference for D3Secutrity CTI Feeds
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2019-04-30T00:00:00Z |
source | MITRE |
title | 10 of the Best Open Source Threat Intelligence Feeds |
Linux Logs
Marcel. (2018, April 19). 12 Critical Linux Log Files You Must be Monitoring. Retrieved March 29, 2020.
Internal MISP references
UUID aa25e385-802c-4f04-81bb-bb7d1a7599ec
which can be used as unique global reference for Linux Logs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-29T00:00:00Z |
date_published | 2018-04-19T00:00:00Z |
source | MITRE |
title | 12 Critical Linux Log Files You Must be Monitoring |
Netspi PowerShell Execution Policy Bypass
Sutherland, S. (2014, September 9). 15 Ways to Bypass the PowerShell Execution Policy. Retrieved July 23, 2015.
Internal MISP references
UUID 0ee90db4-f21c-4c68-bd35-aa6c5edd3b4e
which can be used as unique global reference for Netspi PowerShell Execution Policy Bypass
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-07-23T00:00:00Z |
date_published | 2014-09-09T00:00:00Z |
source | MITRE |
title | 15 Ways to Bypass the PowerShell Execution Policy |
Mandiant-leaks
DANIEL KAPELLMANN ZAFRA, COREY HIDELBRANDT, NATHAN BRUBAKER, KEITH LUNDEN. (2022, January 31). 1 in 7 OT Ransomware Extortion Attacks Leak Critical Operational Technology Information. Retrieved August 18, 2023.
Internal MISP references
UUID aecc3ffb-c524-5ad9-b621-7228f53e27c3
which can be used as unique global reference for Mandiant-leaks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-18T00:00:00Z |
date_published | 2022-01-31T00:00:00Z |
source | MITRE |
title | 1 in 7 OT Ransomware Extortion Attacks Leak Critical Operational Technology Information |
Tilbury Windows Credentials
Chad Tilbury. (2017, August 8). 1Windows Credentials: Attack, Mitigation, Defense. Retrieved February 21, 2020.
Internal MISP references
UUID 2ddae0c9-910c-4c1a-b524-de3a58dbba13
which can be used as unique global reference for Tilbury Windows Credentials
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-21T00:00:00Z |
date_published | 2017-08-08T00:00:00Z |
source | MITRE |
title | 1Windows Credentials: Attack, Mitigation, Defense |
CWE top 25
Christey, S., Brown, M., Kirby, D., Martin, B., Paller, A.. (2011, September 13). 2011 CWE/SANS Top 25 Most Dangerous Software Errors. Retrieved April 10, 2019.
Internal MISP references
UUID d8ee8b1f-c18d-48f3-9758-6860cd31c3e3
which can be used as unique global reference for CWE top 25
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-10T00:00:00Z |
date_published | 2011-09-13T00:00:00Z |
source | MITRE |
title | 2011 CWE/SANS Top 25 Most Dangerous Software Errors |
CrowdStrike 2015 Global Threat Report
CrowdStrike Intelligence. (2016). 2015 Global Threat Report. Retrieved April 11, 2018.
Internal MISP references
UUID 50d467da-286b-45f3-8d5a-e9d8632f7bf1
which can be used as unique global reference for CrowdStrike 2015 Global Threat Report
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-11T00:00:00Z |
date_published | 2016-01-01T00:00:00Z |
source | MITRE |
title | 2015 Global Threat Report |
Prolific OSX Malware History
Bit9 + Carbon Black Threat Research Team. (2015). 2015: The Most Prolific Year in History for OS X Malware. Retrieved July 8, 2017.
Internal MISP references
UUID 74b0f1a9-5822-4dcf-9a92-9a6df0b4db1e
which can be used as unique global reference for Prolific OSX Malware History
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-08T00:00:00Z |
date_published | 2015-01-01T00:00:00Z |
source | MITRE |
title | 2015: The Most Prolific Year in History for OS X Malware |
CERN Windigo June 2019
CERN. (2019, June 4). 2019/06/04 Advisory: Windigo attacks. Retrieved February 10, 2021.
Internal MISP references
UUID e9f1289f-a32e-441c-8787-cb32a26216d1
which can be used as unique global reference for CERN Windigo June 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-10T00:00:00Z |
date_published | 2019-06-04T00:00:00Z |
source | MITRE |
title | 2019/06/04 Advisory: Windigo attacks |
CrowdStrike GTR 2019
CrowdStrike. (2019, January). 2019 Global Threat Report. Retrieved June 10, 2020.
Internal MISP references
UUID d6aa917e-baee-4379-8e69-a04b9aa5192a
which can be used as unique global reference for CrowdStrike GTR 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-10T00:00:00Z |
date_published | 2019-01-01T00:00:00Z |
source | MITRE |
title | 2019 Global Threat Report |
Crowdstrike GTR2020 Mar 2020
Crowdstrike. (2020, March 2). 2020 Global Threat Report. Retrieved December 11, 2020.
Internal MISP references
UUID a2325ace-e5a1-458d-80c1-5037bd7fa727
which can be used as unique global reference for Crowdstrike GTR2020 Mar 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-11T00:00:00Z |
date_published | 2020-03-02T00:00:00Z |
source | MITRE |
title | 2020 Global Threat Report |
RecordedFuture 2021 Ad Infra
Insikt Group. (2022, January 18). 2021 Adversary Infrastructure Report. Retrieved March 25, 2022.
Internal MISP references
UUID d509e6f2-c317-4483-a51e-ad15a78a12c0
which can be used as unique global reference for RecordedFuture 2021 Ad Infra
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-25T00:00:00Z |
date_published | 2022-01-18T00:00:00Z |
source | MITRE |
title | 2021 Adversary Infrastructure Report |
Red Canary 2021 Threat Detection Report March 2021
Red Canary. (2021, March 31). 2021 Threat Detection Report. Retrieved August 31, 2021.
Internal MISP references
UUID 83b906fc-ac2a-4f49-b87e-31f046e95fb7
which can be used as unique global reference for Red Canary 2021 Threat Detection Report March 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-31T00:00:00Z |
date_published | 2021-03-31T00:00:00Z |
source | MITRE |
title | 2021 Threat Detection Report |
ACSC BlackCat Apr 2022
Australian Cyber Security Centre. (2022, April 14). 2022-004: ACSC Ransomware Profile - ALPHV (aka BlackCat). Retrieved December 20, 2022.
Internal MISP references
UUID 3b85eaeb-6bf5-529b-80a4-439ceb6c5d6d
which can be used as unique global reference for ACSC BlackCat Apr 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-12-20T00:00:00Z |
date_published | 2022-04-14T00:00:00Z |
source | MITRE |
title | 2022-004: ACSC Ransomware Profile - ALPHV (aka BlackCat) |
Internet crime report 2022
IC3. (2022). 2022 Internet Crime Report. Retrieved August 18, 2023.
Internal MISP references
UUID ef30c4eb-3da3-5c7b-a304-188acd2f7ebc
which can be used as unique global reference for Internet crime report 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-18T00:00:00Z |
date_published | 2022-01-01T00:00:00Z |
source | MITRE |
title | 2022 Internet Crime Report |
RC PowerShell
Red Canary. (n.d.). 2022 Threat Detection Report: PowerShell. Retrieved March 17, 2023.
Internal MISP references
UUID 0f154aa6-8c9d-5bfc-a3c4-5f3e1420f55f
which can be used as unique global reference for RC PowerShell
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-17T00:00:00Z |
source | MITRE |
title | 2022 Threat Detection Report: PowerShell |
20 macOS Common Tools and Techniques
Phil Stokes. (2021, February 16). 20 Common Tools & Techniques Used by macOS Threat Actors & Malware. Retrieved August 23, 2021.
Internal MISP references
UUID 3ee99ff4-daf4-4776-9d94-f7cf193c2b0c
which can be used as unique global reference for 20 macOS Common Tools and Techniques
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-23T00:00:00Z |
date_published | 2021-02-16T00:00:00Z |
source | MITRE |
title | 20 Common Tools & Techniques Used by macOS Threat Actors & Malware |
Microsoft GPP Key
Microsoft. (n.d.). 2.2.1.1.4 Password Encryption. Retrieved April 11, 2018.
Internal MISP references
UUID 24d8847b-d5de-4513-a55f-62c805dfa1dc
which can be used as unique global reference for Microsoft GPP Key
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-11T00:00:00Z |
source | MITRE |
title | 2.2.1.1.4 Password Encryption |
Microsoft _VBA_PROJECT Stream
Microsoft. (2020, February 19). 2.3.4.1 _VBA_PROJECT Stream: Version Dependent Project Information. Retrieved September 18, 2020.
Internal MISP references
UUID 70c75ee4-4ba4-4124-8001-0fadb49a5ac6
which can be used as unique global reference for Microsoft _VBA_PROJECT Stream
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-18T00:00:00Z |
date_published | 2020-02-19T00:00:00Z |
source | MITRE |
title | 2.3.4.1 _VBA_PROJECT Stream: Version Dependent Project Information |
Microsoft Learn
Microsoft. (2021, April 6). 2.5 ExtraData. Retrieved September 30, 2022.
Internal MISP references
UUID 73ba4e07-cfbd-4b23-b52a-1ebbd7cc0fe4
which can be used as unique global reference for Microsoft Learn
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-30T00:00:00Z |
date_published | 2021-04-06T00:00:00Z |
source | MITRE |
title | 2.5 ExtraData |
Hybrid Analysis Icacls2 May 2018
Hybrid Analysis. (2018, May 30). 2a8efbfadd798f6111340f7c1c956bee.dll. Retrieved August 19, 2018.
Internal MISP references
UUID 5d33fcb4-0f01-4b88-b1ee-dad6dcc867f4
which can be used as unique global reference for Hybrid Analysis Icacls2 May 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-19T00:00:00Z |
date_published | 2018-05-30T00:00:00Z |
source | MITRE |
title | 2a8efbfadd798f6111340f7c1c956bee.dll |
Microsoft Wow6432Node 2018
Microsoft. (2018, May 31). 32-bit and 64-bit Application Data in the Registry. Retrieved August 3, 2020.
Internal MISP references
UUID cbc14af8-f0d9-46c9-ae2c-d93d706ac84e
which can be used as unique global reference for Microsoft Wow6432Node 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-03T00:00:00Z |
date_published | 2018-05-31T00:00:00Z |
source | MITRE |
title | 32-bit and 64-bit Application Data in the Registry |
DOJ-DPRK Heist
Department of Justice. (2021). 3 North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyber-attacks and Financial Crimes Across the Globe. Retrieved August 18, 2023.
Internal MISP references
UUID c50d2a5b-1d44-5f18-aaff-4be9f6d3f3ac
which can be used as unique global reference for DOJ-DPRK Heist
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-18T00:00:00Z |
date_published | 2021-01-01T00:00:00Z |
source | MITRE |
title | 3 North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyber-attacks and Financial Crimes Across the Globe |
ITWorld Hard Disk Health Dec 2014
Pinola, M. (2014, December 14). 3 tools to check your hard drive's health and make sure it's not already dying on you. Retrieved October 2, 2018.
Internal MISP references
UUID e48fab76-7e38-420e-b69b-709f37bde847
which can be used as unique global reference for ITWorld Hard Disk Health Dec 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-02T00:00:00Z |
date_published | 2014-12-14T00:00:00Z |
source | MITRE |
title | 3 tools to check your hard drive's health and make sure it's not already dying on you |
Microsoft 4657 APR 2017
Miroshnikov, A. & Hall, J. (2017, April 18). 4657(S): A registry value was modified. Retrieved August 9, 2018.
Internal MISP references
UUID ee681893-edd6-46c7-bb11-38fc24eef899
which can be used as unique global reference for Microsoft 4657 APR 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-09T00:00:00Z |
date_published | 2017-04-18T00:00:00Z |
source | MITRE |
title | 4657(S): A registry value was modified |
Microsoft 4697 APR 2017
Miroshnikov, A. & Hall, J. (2017, April 18). 4697(S): A service was installed in the system. Retrieved August 7, 2018.
Internal MISP references
UUID 17473dc7-39cd-4c90-85cb-05d4c1364fff
which can be used as unique global reference for Microsoft 4697 APR 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-07T00:00:00Z |
date_published | 2017-04-18T00:00:00Z |
source | MITRE |
title | 4697(S): A service was installed in the system |
Microsoft User Creation Event
Lich, B., Miroshnikov, A. (2017, April 5). 4720(S): A user account was created. Retrieved June 30, 2017.
Internal MISP references
UUID 01e2068b-83bc-4479-8fc9-dfaafdbf272b
which can be used as unique global reference for Microsoft User Creation Event
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-06-30T00:00:00Z |
date_published | 2017-04-05T00:00:00Z |
source | MITRE |
title | 4720(S): A user account was created |
Microsoft User Modified Event
Lich, B., Miroshnikov, A. (2017, April 5). 4738(S): A user account was changed. Retrieved June 30, 2017.
Internal MISP references
UUID fb4164f9-1e03-43f1-8143-179c9f08dff2
which can be used as unique global reference for Microsoft User Modified Event
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-06-30T00:00:00Z |
date_published | 2017-04-05T00:00:00Z |
source | MITRE |
title | 4738(S): A user account was changed |
Microsoft 4768 TGT 2017
Microsoft. (2017, April 19). 4768(S, F): A Kerberos authentication ticket (TGT) was requested. Retrieved August 24, 2020.
Internal MISP references
UUID 19237af4-e535-4059-a8a9-63280cdf4722
which can be used as unique global reference for Microsoft 4768 TGT 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-24T00:00:00Z |
date_published | 2017-04-19T00:00:00Z |
source | MITRE |
title | 4768(S, F): A Kerberos authentication ticket (TGT) was requested |
HIPAA Journal S3 Breach, 2017
HIPAA Journal. (2017, October 11). 47GB of Medical Records and Test Results Found in Unsecured Amazon S3 Bucket. Retrieved October 4, 2019.
Internal MISP references
UUID b0fbf593-4aeb-4167-814b-ed3d4479ded0
which can be used as unique global reference for HIPAA Journal S3 Breach, 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-04T00:00:00Z |
date_published | 2017-10-11T00:00:00Z |
source | MITRE |
title | 47GB of Medical Records and Test Results Found in Unsecured Amazon S3 Bucket |
Slack Security Risks
Michael Osakwe. (2020, November 18). 4 SaaS and Slack Security Risks to Consider. Retrieved March 17, 2023.
Internal MISP references
UUID 4332430a-0dec-5942-88ce-21f6d02cc9a9
which can be used as unique global reference for Slack Security Risks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-17T00:00:00Z |
date_published | 2020-11-18T00:00:00Z |
source | MITRE |
title | 4 SaaS and Slack Security Risks to Consider |
PurpleSec Data Loss Prevention
Michael Swanagan. (2020, October 24). 7 Data Loss Prevention Best Practices & Strategies. Retrieved August 30, 2021.
Internal MISP references
UUID b7d786db-c50e-4d1f-947e-205e8eefa2da
which can be used as unique global reference for PurpleSec Data Loss Prevention
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-30T00:00:00Z |
date_published | 2020-10-24T00:00:00Z |
source | MITRE |
title | 7 Data Loss Prevention Best Practices & Strategies |
7zip Homepage
I. Pavlov. (2019). 7-Zip. Retrieved February 20, 2020.
Internal MISP references
UUID fc1396d2-1ffd-4fd9-ba60-3f6e0a9dfffb
which can be used as unique global reference for 7zip Homepage
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-20T00:00:00Z |
date_published | 2019-01-01T00:00:00Z |
source | MITRE |
title | 7-Zip |
VMWare 8Base June 28 2023
Deborah Snyder, Fae Carlisle, Dana Behling, Bria Beathley. (2023, June 28). 8Base Ransomware: A Heavy Hitting Player. Retrieved August 4, 2023.
Internal MISP references
UUID 573e9520-6181-4535-9ed3-2338688a8e9f
which can be used as unique global reference for VMWare 8Base June 28 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-04T00:00:00Z |
date_published | 2023-06-28T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | 8Base Ransomware: A Heavy Hitting Player |
Acronis 8Base July 17 2023
Acronis Security Team. (2023, July 17). 8Base ransomware stays unseen for a year. Retrieved August 4, 2023.
Internal MISP references
UUID c9822477-1578-4068-9882-41e4d6eaee3f
which can be used as unique global reference for Acronis 8Base July 17 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-04T00:00:00Z |
date_published | 2023-07-17T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | 8Base ransomware stays unseen for a year |
MicroFocus 9002 Aug 2016
Petrovsky, O. (2016, August 30). “9002 RAT” -- a second building on the left. Retrieved February 20, 2018.
Internal MISP references
UUID a4d6bdd1-e70c-491b-a569-72708095c809
which can be used as unique global reference for MicroFocus 9002 Aug 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-20T00:00:00Z |
date_published | 2016-08-30T00:00:00Z |
source | MITRE |
title | “9002 RAT” -- a second building on the left |
CISA AA21-200A APT40 July 2021
CISA. (2021, July 19). (AA21-200A) Joint Cybersecurity Advisory – Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department. Retrieved August 12, 2021.
Internal MISP references
UUID 3a2dbd8b-54e3-406a-b77c-b6fae5541b6d
which can be used as unique global reference for CISA AA21-200A APT40 July 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-12T00:00:00Z |
date_published | 2021-07-19T00:00:00Z |
source | MITRE, Tidal Cyber |
title | (AA21-200A) Joint Cybersecurity Advisory – Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department |
AADInternals
Dr. Nestori Syynimaa. (2018, October 25). AADInternals. Retrieved February 1, 2022.
Internal MISP references
UUID d6faadde-690d-44d1-b1aa-0991a5374604
which can be used as unique global reference for AADInternals
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-01T00:00:00Z |
date_published | 2018-10-25T00:00:00Z |
source | MITRE |
title | AADInternals |
AADInternals Documentation
Dr. Nestori Syynimaa. (2018, October 25). AADInternals. Retrieved February 18, 2022.
Internal MISP references
UUID 320231a1-4dbe-4eaa-b14d-48de738ba697
which can be used as unique global reference for AADInternals Documentation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-18T00:00:00Z |
date_published | 2018-10-25T00:00:00Z |
source | MITRE |
title | AADInternals Documentation |
AADInternals Github
Dr. Nestori Syynimaa. (2021, December 13). AADInternals. Retrieved February 1, 2022.
Internal MISP references
UUID 643d3947-c0ec-47c4-bb58-5e546084433c
which can be used as unique global reference for AADInternals Github
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-01T00:00:00Z |
date_published | 2021-12-13T00:00:00Z |
source | MITRE |
title | AADInternals Github |
Gigamon BADHATCH Jul 2019
Savelesky, K., et al. (2019, July 23). ABADBABE 8BADFOOD: Discovering BADHATCH and a Detailed Look at FIN8's Tooling. Retrieved September 8, 2021.
Internal MISP references
UUID 69a45479-e982-58ee-9e2d-caaf825f0ad4
which can be used as unique global reference for Gigamon BADHATCH Jul 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-08T00:00:00Z |
date_published | 2019-07-23T00:00:00Z |
source | MITRE |
title | ABADBABE 8BADFOOD: Discovering BADHATCH and a Detailed Look at FIN8's Tooling |
bad_luck_blackcat
Kaspersky Global Research & Analysis Team (GReAT). (2022). A Bad Luck BlackCat. Retrieved May 5, 2022.
Internal MISP references
UUID 0d1e9635-b7b6-454b-9482-b1fc7d33bfff
which can be used as unique global reference for bad_luck_blackcat
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-05T00:00:00Z |
date_published | 2022-01-01T00:00:00Z |
source | MITRE |
title | A Bad Luck BlackCat |
Cybereason Bazar July 2020
Cybereason Nocturnus. (2020, July 16). A BAZAR OF TRICKS: FOLLOWING TEAM9’S DEVELOPMENT CYCLES. Retrieved November 18, 2020.
Internal MISP references
UUID 8819875a-5139-4dae-94c8-e7cc9f847580
which can be used as unique global reference for Cybereason Bazar July 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-18T00:00:00Z |
date_published | 2020-07-16T00:00:00Z |
source | MITRE |
title | A BAZAR OF TRICKS: FOLLOWING TEAM9’S DEVELOPMENT CYCLES |
Red Canary Hospital Thwarted Ryuk October 2020
Brian Donohue, Katie Nickels, Paul Michaud, Adina Bodkins, Taylor Chapman, Tony Lambert, Jeff Felling, Kyle Rainey, Mike Haag, Matt Graeber, Aaron Didier.. (2020, October 29). A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak. Retrieved October 30, 2020.
Internal MISP references
UUID ae5d4c47-54c9-4f7b-9357-88036c524217
which can be used as unique global reference for Red Canary Hospital Thwarted Ryuk October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-30T00:00:00Z |
date_published | 2020-10-29T00:00:00Z |
source | MITRE |
title | A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak |
CyberCX Anonymous Sudan June 19 2023
CyberCX Intelligence. (2023, June 19). A bear in wolf’s clothing: Insights into the infrastructure used by Anonymous Sudan to attack Australian organisations. Retrieved October 10, 2023.
Internal MISP references
UUID 68ded9b7-3042-44e0-8bf7-cdba2174a3d8
which can be used as unique global reference for CyberCX Anonymous Sudan June 19 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-10T00:00:00Z |
date_published | 2023-06-19T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | A bear in wolf’s clothing: Insights into the infrastructure used by Anonymous Sudan to attack Australian organisations |
Netskope Cloud Phishing
Ashwin Vamshi. (2020, August 12). A Big Catch: Cloud Phishing from Google App Engine and Azure App Service. Retrieved August 18, 2022.
Internal MISP references
UUID 25d46bc1-4c05-48d3-95f0-aa3ee1100bf9
which can be used as unique global reference for Netskope Cloud Phishing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-18T00:00:00Z |
date_published | 2020-08-12T00:00:00Z |
source | MITRE |
title | A Big Catch: Cloud Phishing from Google App Engine and Azure App Service |
Microsoft O365 Admin Roles
Ako-Adjei, K., Dickhaus, M., Baumgartner, P., Faigel, D., et. al.. (2019, October 8). About admin roles. Retrieved October 18, 2019.
Internal MISP references
UUID 8014a0cc-f793-4d9a-a2cc-ef9e9c5a826a
which can be used as unique global reference for Microsoft O365 Admin Roles
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-18T00:00:00Z |
date_published | 2019-10-08T00:00:00Z |
source | MITRE |
title | About admin roles |
Microsoft Atom Table
Microsoft. (n.d.). About Atom Tables. Retrieved December 8, 2017.
Internal MISP references
UUID a22636c8-8e39-4583-93ef-f0b7f0a218d8
which can be used as unique global reference for Microsoft Atom Table
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-08T00:00:00Z |
source | MITRE |
title | About Atom Tables |
Microsoft About BITS
Microsoft. (2019, July 12). About BITS. Retrieved March 16, 2020.
Internal MISP references
UUID 8d6d47d1-a6ea-4673-8ade-ba61bfeef084
which can be used as unique global reference for Microsoft About BITS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-16T00:00:00Z |
date_published | 2019-07-12T00:00:00Z |
source | MITRE |
title | About BITS |
Microsoft About Event Tracing 2018
Microsoft. (2018, May 30). About Event Tracing. Retrieved June 7, 2019.
Internal MISP references
UUID 689d944f-ad66-4908-91fb-bb1ecdafe8d9
which can be used as unique global reference for Microsoft About Event Tracing 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-07T00:00:00Z |
date_published | 2018-05-30T00:00:00Z |
source | MITRE |
title | About Event Tracing |
Microsoft PowerShell Command History
Microsoft. (2020, May 13). About History. Retrieved September 4, 2020.
Internal MISP references
UUID 6c873fb4-db43-4bad-b5e4-a7d45cbe796f
which can be used as unique global reference for Microsoft PowerShell Command History
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-04T00:00:00Z |
date_published | 2020-05-13T00:00:00Z |
source | MITRE |
title | About History |
Microsoft List View Controls
Microsoft. (2021, May 25). About List-View Controls. Retrieved January 4, 2022.
Internal MISP references
UUID 7d6c6ba6-cda6-4f27-bfc8-af5b759305ed
which can be used as unique global reference for Microsoft List View Controls
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-04T00:00:00Z |
date_published | 2021-05-25T00:00:00Z |
source | MITRE |
title | About List-View Controls |
Microsoft PowerShell Logging
Microsoft. (2020, March 30). about_Logging_Windows. Retrieved September 28, 2021.
Internal MISP references
UUID 81c94686-741d-45d7-90f3-0c7979374e87
which can be used as unique global reference for Microsoft PowerShell Logging
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-28T00:00:00Z |
date_published | 2020-03-30T00:00:00Z |
source | MITRE |
title | about_Logging_Windows |
Apple About Mac Scripting 2016
Apple. (2016, June 13). About Mac Scripting. Retrieved April 14, 2021.
Internal MISP references
UUID d2f32ac1-9b5b-408d-a7ab-d92dd9efe0ed
which can be used as unique global reference for Apple About Mac Scripting 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-14T00:00:00Z |
date_published | 2016-06-13T00:00:00Z |
source | MITRE |
title | About Mac Scripting |
PowerShell About 2019
Wheeler, S. et al.. (2019, May 1). About PowerShell.exe. Retrieved October 11, 2019.
Internal MISP references
UUID 2c504602-4f5d-47fc-9780-e1e5041a0b3a
which can be used as unique global reference for PowerShell About 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-11T00:00:00Z |
date_published | 2019-05-01T00:00:00Z |
source | MITRE |
title | About PowerShell.exe |
Microsoft PowerShellB64
Microsoft. (2023, February 8). about_PowerShell_exe: EncodedCommand. Retrieved March 17, 2023.
Internal MISP references
UUID 7e50721c-c6d5-5449-8326-529da4cf5465
which can be used as unique global reference for Microsoft PowerShellB64
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-17T00:00:00Z |
date_published | 2023-02-08T00:00:00Z |
source | MITRE |
title | about_PowerShell_exe: EncodedCommand |
Microsoft Profiles
Microsoft. (2021, September 27). about_Profiles. Retrieved February 4, 2022.
Internal MISP references
UUID b25ab0bf-c28b-4747-b075-30bcdfbc0e35
which can be used as unique global reference for Microsoft Profiles
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-04T00:00:00Z |
date_published | 2021-09-27T00:00:00Z |
source | MITRE |
title | about_Profiles |
Microsoft About Profiles
Microsoft. (2017, November 29). About Profiles. Retrieved June 14, 2019.
Internal MISP references
UUID 1da63665-7a96-4bc3-9606-a3575b913819
which can be used as unique global reference for Microsoft About Profiles
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-14T00:00:00Z |
date_published | 2017-11-29T00:00:00Z |
source | MITRE |
title | About Profiles |
Microsoft Remote Desktop Services
Microsoft. (2019, August 23). About Remote Desktop Services. Retrieved March 28, 2022.
Internal MISP references
UUID a981e013-f839-46e9-9c8a-128c4897f77a
which can be used as unique global reference for Microsoft Remote Desktop Services
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-28T00:00:00Z |
date_published | 2019-08-23T00:00:00Z |
source | MITRE |
title | About Remote Desktop Services |
systemsetup mac time
Apple Support. (n.d.). About systemsetup in Remote Desktop. Retrieved March 27, 2024.
Internal MISP references
UUID a85bd111-a2ca-5e66-b90e-f52ff780fc5c
which can be used as unique global reference for systemsetup mac time
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-27T00:00:00Z |
source | MITRE |
title | About systemsetup in Remote Desktop |
MSDN Clipboard
Microsoft. (n.d.). About the Clipboard. Retrieved March 29, 2016.
Internal MISP references
UUID 2c1b2d58-a5dc-4aee-8bdb-129a81c10408
which can be used as unique global reference for MSDN Clipboard
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-29T00:00:00Z |
source | MITRE |
title | About the Clipboard |
Microsoft HTML Help Executable Program
Microsoft. (n.d.). About the HTML Help Executable Program. Retrieved October 3, 2018.
Internal MISP references
UUID 1af226cc-bb93-43c8-972e-367482c5d487
which can be used as unique global reference for Microsoft HTML Help Executable Program
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-03T00:00:00Z |
source | MITRE |
title | About the HTML Help Executable Program |
About UEFI
UEFI Forum. (n.d.). About UEFI Forum. Retrieved January 5, 2016.
Internal MISP references
UUID 2e6fe82c-d90f-42b6-8247-397ab8823c7c
which can be used as unique global reference for About UEFI
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-05T00:00:00Z |
source | MITRE |
title | About UEFI Forum |
Microsoft Window Classes
Microsoft. (n.d.). About Window Classes. Retrieved December 16, 2017.
Internal MISP references
UUID cc620fcd-1f4a-4670-84b5-3f12c9b85053
which can be used as unique global reference for Microsoft Window Classes
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-16T00:00:00Z |
source | MITRE |
title | About Window Classes |
Picus Sodinokibi January 2020
Ozarslan, S. (2020, January 15). A Brief History of Sodinokibi. Retrieved August 5, 2020.
Internal MISP references
UUID 2e9c2206-a04e-4278-9492-830cc9347ff9
which can be used as unique global reference for Picus Sodinokibi January 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-05T00:00:00Z |
date_published | 2020-01-15T00:00:00Z |
source | MITRE |
title | A Brief History of Sodinokibi |
Application Bundle Manipulation Brandon Dalton
Brandon Dalton. (2022, August 9). A bundle of nerves: Tweaking macOS security controls to thwart application bundle manipulation. Retrieved September 27, 2022.
Internal MISP references
UUID 2a8fd573-6ab0-403b-b813-88d9d3edab36
which can be used as unique global reference for Application Bundle Manipulation Brandon Dalton
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-27T00:00:00Z |
date_published | 2022-08-09T00:00:00Z |
source | MITRE |
title | A bundle of nerves: Tweaking macOS security controls to thwart application bundle manipulation |
NCC Group Chimera January 2021
Jansen, W . (2021, January 12). Abusing cloud services to fly under the radar. Retrieved January 19, 2021.
Internal MISP references
UUID 70c217c3-83a2-40f2-8f47-b68d8bd4cdf0
which can be used as unique global reference for NCC Group Chimera January 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-19T00:00:00Z |
date_published | 2021-01-12T00:00:00Z |
source | MITRE |
title | Abusing cloud services to fly under the radar |
Electron 2
Trend Micro. (2023, June 6). Abusing Electronbased applications in targeted attacks. Retrieved March 7, 2024.
Internal MISP references
UUID 0be977fd-7b7e-5ddb-aa0c-def81b97b2a5
which can be used as unique global reference for Electron 2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-07T00:00:00Z |
date_published | 2023-06-06T00:00:00Z |
source | MITRE |
title | Abusing Electronbased applications in targeted attacks |
Harmj0y Abusing GPO Permissions
Schroeder, W. (2016, March 17). Abusing GPO Permissions. Retrieved March 5, 2019.
Internal MISP references
UUID 18cc9426-9b51-46fa-9106-99688385ebe4
which can be used as unique global reference for Harmj0y Abusing GPO Permissions
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-05T00:00:00Z |
date_published | 2016-03-17T00:00:00Z |
source | MITRE |
title | Abusing GPO Permissions |
Retwin Directory Share Pivot
Routin, D. (2017, November 13). Abusing network shares for efficient lateral movements and privesc (DirSharePivot). Retrieved April 12, 2018.
Internal MISP references
UUID 027c5274-6b61-447a-9058-edb844f112dd
which can be used as unique global reference for Retwin Directory Share Pivot
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-12T00:00:00Z |
date_published | 2017-11-13T00:00:00Z |
source | MITRE |
title | Abusing network shares for efficient lateral movements and privesc (DirSharePivot) |
BOHOPS Abusing the COM Registry
BOHOPS. (2018, August 18). Abusing the COM Registry Structure (Part 2): Hijacking & Loading Techniques. Retrieved August 10, 2020.
Internal MISP references
UUID 3b5c0e62-7ac9-42e1-b2dd-8f2e0739b9d7
which can be used as unique global reference for BOHOPS Abusing the COM Registry
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-10T00:00:00Z |
date_published | 2018-08-18T00:00:00Z |
source | MITRE |
title | Abusing the COM Registry Structure (Part 2): Hijacking & Loading Techniques |
abusing_com_reg
bohops. (2018, August 18). ABUSING THE COM REGISTRY STRUCTURE (PART 2): HIJACKING & LOADING TECHNIQUES. Retrieved September 20, 2021.
Internal MISP references
UUID 7f0f223f-09b1-4f8f-b6f1-1044e2ac7066
which can be used as unique global reference for abusing_com_reg
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-20T00:00:00Z |
date_published | 2018-08-18T00:00:00Z |
source | MITRE |
title | ABUSING THE COM REGISTRY STRUCTURE (PART 2): HIJACKING & LOADING TECHNIQUES |
Rhino Security Labs AWS VPC Traffic Mirroring
Spencer Gietzen. (2019, September 17). Abusing VPC Traffic Mirroring in AWS. Retrieved March 17, 2022.
Internal MISP references
UUID 09cac813-862c-47c8-a47f-154c5436afbb
which can be used as unique global reference for Rhino Security Labs AWS VPC Traffic Mirroring
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-17T00:00:00Z |
date_published | 2019-09-17T00:00:00Z |
source | MITRE |
title | Abusing VPC Traffic Mirroring in AWS |
Narrator Accessibility Abuse
Comi, G. (2019, October 19). Abusing Windows 10 Narrator's 'Feedback-Hub' URI for Fileless Persistence. Retrieved April 28, 2020.
Internal MISP references
UUID fc889ba3-79a5-445a-81ea-dfe81c1cc542
which can be used as unique global reference for Narrator Accessibility Abuse
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-04-28T00:00:00Z |
date_published | 2019-10-19T00:00:00Z |
source | MITRE |
title | Abusing Windows 10 Narrator's 'Feedback-Hub' URI for Fileless Persistence |
Intezer ACBackdoor
Sanmillan, I. (2019, November 18). ACBackdoor: Analysis of a New Multiplatform Backdoor. Retrieved October 4, 2021.
Internal MISP references
UUID e6cb833f-cf18-498b-a233-848853423412
which can be used as unique global reference for Intezer ACBackdoor
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-04T00:00:00Z |
date_published | 2019-11-18T00:00:00Z |
source | MITRE |
title | ACBackdoor: Analysis of a New Multiplatform Backdoor |
AccCheckConsole.exe - LOLBAS Project
LOLBAS. (2022, January 2). AccCheckConsole.exe. Retrieved December 4, 2023.
Internal MISP references
UUID de5523bd-e735-4751-84e9-a1be1d2980ec
which can be used as unique global reference for AccCheckConsole.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-01-02T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | AccCheckConsole.exe |
CyberScoop APT28 Nov 2018
Shoorbajee, Z. (2018, November 29). Accenture: Russian hackers using Brexit talks to disguise phishing lures. Retrieved July 16, 2019.
Internal MISP references
UUID ef8f0990-b2da-4538-8b02-7401dc5a4120
which can be used as unique global reference for CyberScoop APT28 Nov 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-16T00:00:00Z |
date_published | 2018-11-29T00:00:00Z |
source | MITRE |
title | Accenture: Russian hackers using Brexit talks to disguise phishing lures |
Microsoft Azure Kubernetes Service Service Accounts
Microsoft Azure. (2023, April 28). Access and identity options for Azure Kubernetes Service (AKS). Retrieved July 14, 2023.
Internal MISP references
UUID bf374b41-b2a3-5c07-bf84-9ea0e1a9e6c5
which can be used as unique global reference for Microsoft Azure Kubernetes Service Service Accounts
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-14T00:00:00Z |
date_published | 2023-04-28T00:00:00Z |
source | MITRE |
title | Access and identity options for Azure Kubernetes Service (AKS) |
CrowdStrike Access Brokers
CrowdStrike Intelligence Team. (2022, February 23). Access Brokers: Who Are the Targets, and What Are They Worth?. Retrieved March 10, 2023.
Internal MISP references
UUID 0f772693-e09d-5c82-85c2-77f5fee39ef0
which can be used as unique global reference for CrowdStrike Access Brokers
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-10T00:00:00Z |
date_published | 2022-02-23T00:00:00Z |
source | MITRE |
title | Access Brokers: Who Are the Targets, and What Are They Worth? |
Microsoft Access Control Lists May 2018
M. Satran, M. Jacobs. (2018, May 30). Access Control Lists. Retrieved February 4, 2020.
Internal MISP references
UUID 2aeda95a-7741-4a74-a5a4-29a9e7a89451
which can be used as unique global reference for Microsoft Access Control Lists May 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-04T00:00:00Z |
date_published | 2018-05-30T00:00:00Z |
source | MITRE |
title | Access Control Lists |
Auth0 Access Tokens
Auth0. (n.d.). Access Tokens. Retrieved September 29, 2021.
Internal MISP references
UUID 43e8e178-a0da-44d8-be1b-853307e0d4ae
which can be used as unique global reference for Auth0 Access Tokens
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
source | MITRE |
title | Access Tokens |
BSidesSLC 2020 - LNK Elastic
French, D., Filar, B.. (2020, March 21). A Chain Is No Stronger Than Its Weakest LNK. Retrieved November 30, 2020.
Internal MISP references
UUID 4c2ede51-33f6-4d09-9186-43b023b079c0
which can be used as unique global reference for BSidesSLC 2020 - LNK Elastic
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-30T00:00:00Z |
date_published | 2020-03-21T00:00:00Z |
source | MITRE |
title | A Chain Is No Stronger Than Its Weakest LNK |
Mythic SpecterOps
Thomas, C. (2020, August 13). A Change of Mythic Proportions. Retrieved March 25, 2022.
Internal MISP references
UUID 98d4453e-2e80-422a-ac8c-47f650f46e3c
which can be used as unique global reference for Mythic SpecterOps
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-25T00:00:00Z |
date_published | 2020-08-13T00:00:00Z |
source | MITRE |
title | A Change of Mythic Proportions |
FireEye Chinese Espionage October 2019
Nalani Fraser, Kelli Vanderlee. (2019, October 10). Achievement Unlocked - Chinese Cyber Espionage Evolves to Support Higher Level Missions. Retrieved October 17, 2021.
Internal MISP references
UUID d37c069c-7fb8-44e1-8377-da97e8bbcf67
which can be used as unique global reference for FireEye Chinese Espionage October 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-17T00:00:00Z |
date_published | 2019-10-10T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Achievement Unlocked - Chinese Cyber Espionage Evolves to Support Higher Level Missions |
Unit42 AcidBox June 2020
Reichel, D. and Idrizovic, E. (2020, June 17). AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations. Retrieved March 16, 2021.
Internal MISP references
UUID f3f2eca0-fda3-451e-bf13-aacb14668e48
which can be used as unique global reference for Unit42 AcidBox June 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-16T00:00:00Z |
date_published | 2020-06-17T00:00:00Z |
source | MITRE |
title | AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations |
AcidRain JAGS 2022
Juan Andres Guerrero-Saade and Max van Amerongen, SentinelOne. (2022, March 31). AcidRain | A Modem Wiper Rains Down on Europe. Retrieved March 25, 2024.
Internal MISP references
UUID bd4a7b2e-a387-5e1b-9d9e-52464a8e25c9
which can be used as unique global reference for AcidRain JAGS 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-25T00:00:00Z |
date_published | 2022-03-31T00:00:00Z |
source | MITRE |
title | AcidRain |
acroread package compromised Arch Linux Mail 8JUL2018
Eli Schwartz. (2018, June 8). acroread package compromised. Retrieved April 23, 2019.
Internal MISP references
UUID 99245022-2130-404d-bf7a-095d84a515cd
which can be used as unique global reference for acroread package compromised Arch Linux Mail 8JUL2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-23T00:00:00Z |
date_published | 2018-06-08T00:00:00Z |
source | MITRE |
title | acroread package compromised |
Microsoft Actinium February 2022
Microsoft Threat Intelligence Center. (2022, February 4). ACTINIUM targets Ukrainian organizations. Retrieved February 18, 2022.
Internal MISP references
UUID 5ab658db-7f71-4213-8146-e22da54160b3
which can be used as unique global reference for Microsoft Actinium February 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-18T00:00:00Z |
date_published | 2022-02-04T00:00:00Z |
source | MITRE |
title | ACTINIUM targets Ukrainian organizations |
Wikipedia Active Directory
Wikipedia. (2018, March 10). Active Directory. Retrieved April 11, 2018.
Internal MISP references
UUID 924e1186-57e5-43db-94ab-29afa3fdaa7b
which can be used as unique global reference for Wikipedia Active Directory
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-11T00:00:00Z |
date_published | 2018-03-10T00:00:00Z |
source | MITRE |
title | Active Directory |
Microsoft AD Accounts
Microsoft. (2019, August 23). Active Directory Accounts. Retrieved March 13, 2020.
Internal MISP references
UUID df734659-2441-487a-991d-59064c61b771
which can be used as unique global reference for Microsoft AD Accounts
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-13T00:00:00Z |
date_published | 2019-08-23T00:00:00Z |
source | MITRE |
title | Active Directory Accounts |
Microsoft AD Admin Tier Model
Microsoft. (2019, February 14). Active Directory administrative tier model. Retrieved February 21, 2020.
Internal MISP references
UUID 3afba81a-3b1d-41ec-938e-24f055698d52
which can be used as unique global reference for Microsoft AD Admin Tier Model
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-21T00:00:00Z |
date_published | 2019-02-14T00:00:00Z |
source | MITRE |
title | Active Directory administrative tier model |
Microsoft AD CS Overview
Microsoft. (2016, August 31). Active Directory Certificate Services Overview. Retrieved August 2, 2022.
Internal MISP references
UUID f1b2526a-1bf6-4954-a9b3-a5e008761ceb
which can be used as unique global reference for Microsoft AD CS Overview
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-02T00:00:00Z |
date_published | 2016-08-31T00:00:00Z |
source | MITRE |
title | Active Directory Certificate Services Overview |
Microsoft Get-ADUser
Microsoft. (n.d.). Active Directory Cmdlets - Get-ADUser. Retrieved November 30, 2017.
Internal MISP references
UUID b68ac85e-a007-4a72-9185-2877e9184fad
which can be used as unique global reference for Microsoft Get-ADUser
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-30T00:00:00Z |
source | MITRE |
title | Active Directory Cmdlets - Get-ADUser |
Active Directory Enumeration with LDIFDE
Microsoft. (2023, June 26). Active Directory Enumeration with LDIFDE. Retrieved July 11, 2023.
Internal MISP references
UUID 51e6623a-4448-4244-8c81-4eab102e5926
which can be used as unique global reference for Active Directory Enumeration with LDIFDE
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-11T00:00:00Z |
date_published | 2023-06-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Active Directory Enumeration with LDIFDE |
Microsoft SID-History Attribute
Microsoft. (n.d.). Active Directory Schema - SID-History attribute. Retrieved November 30, 2017.
Internal MISP references
UUID 32150673-5593-4a2c-9872-aaa96a21aa5c
which can be used as unique global reference for Microsoft SID-History Attribute
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-30T00:00:00Z |
source | MITRE |
title | Active Directory Schema - SID-History attribute |
Volexity Ivanti Zero-Day Exploitation January 2024
Meltzer, M. et al. (2024, January 10). Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN. Retrieved February 27, 2024.
Internal MISP references
UUID 93eda380-ea21-59e0-97e8-5bec1f9a0e71
which can be used as unique global reference for Volexity Ivanti Zero-Day Exploitation January 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-27T00:00:00Z |
date_published | 2024-01-10T00:00:00Z |
source | MITRE |
title | Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN |
ActiveMalwareEnergy
Dan Goodin. (2014, June 30). Active malware operation let attackers sabotage US energy industry. Retrieved March 9, 2017.
Internal MISP references
UUID f2ef73c6-5d4c-423e-a3f5-194cba121eb1
which can be used as unique global reference for ActiveMalwareEnergy
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-09T00:00:00Z |
date_published | 2014-06-30T00:00:00Z |
source | MITRE |
title | Active malware operation let attackers sabotage US energy industry |
Klein Active Setup 2010
Klein, H. (2010, April 22). Active Setup Explained. Retrieved December 18, 2020.
Internal MISP references
UUID cbdd6290-1dda-48af-a101-fb3db6581276
which can be used as unique global reference for Klein Active Setup 2010
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-18T00:00:00Z |
date_published | 2010-04-22T00:00:00Z |
source | MITRE |
title | Active Setup Explained |
Dark Vortex Brute Ratel C4
Dark Vortex. (n.d.). A Customized Command and Control Center for Red Team and Adversary Simulation. Retrieved February 7, 2023.
Internal MISP references
UUID 47992cb5-df11-56c2-b266-6f58d75f8315
which can be used as unique global reference for Dark Vortex Brute Ratel C4
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-07T00:00:00Z |
source | MITRE |
title | A Customized Command and Control Center for Red Team and Adversary Simulation |
ad_blocker_with_miner
Kuzmenko, A.. (2021, March 10). Ad blocker with miner included. Retrieved October 28, 2021.
Internal MISP references
UUID 8e30f71e-80b8-4662-bc95-bf3cf7cfcf40
which can be used as unique global reference for ad_blocker_with_miner
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-28T00:00:00Z |
date_published | 2021-03-10T00:00:00Z |
source | MITRE |
title | Ad blocker with miner included |
Microsoft Support O365 Add Another Admin, October 2019
Microsoft. (n.d.). Add Another Admin. Retrieved October 18, 2019.
Internal MISP references
UUID c31cfc48-289e-42aa-8046-b41261fdeb96
which can be used as unique global reference for Microsoft Support O365 Add Another Admin, October 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-18T00:00:00Z |
source | MITRE |
title | Add Another Admin |
Amazon AWS IMDS V2
MacCarthaigh, C. (2019, November 19). Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service. Retrieved October 14, 2020.
Internal MISP references
UUID f252eb18-86e9-4ed0-b9da-2c81f12a6e13
which can be used as unique global reference for Amazon AWS IMDS V2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-14T00:00:00Z |
date_published | 2019-11-19T00:00:00Z |
source | MITRE |
title | Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service |
Adding Login Items
Apple. (2016, September 13). Adding Login Items. Retrieved July 11, 2017.
Internal MISP references
UUID 5ab3e243-37a6-46f1-b28f-6846ecdef0ae
which can be used as unique global reference for Adding Login Items
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-11T00:00:00Z |
date_published | 2016-09-13T00:00:00Z |
source | MITRE |
title | Adding Login Items |
MRWLabs Office Persistence Add-ins
Knowles, W. (2017, April 21). Add-In Opportunities for Office Persistence. Retrieved July 3, 2017.
Internal MISP references
UUID a5b6ab63-0e6f-4789-a017-ceab1719ed85
which can be used as unique global reference for MRWLabs Office Persistence Add-ins
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-03T00:00:00Z |
date_published | 2017-04-21T00:00:00Z |
source | MITRE |
title | Add-In Opportunities for Office Persistence |
AddinUtil.exe - LOLBAS Project
LOLBAS. (2023, October 5). AddinUtil.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 91af546d-0a56-4c17-b292-6257943a8aba
which can be used as unique global reference for AddinUtil.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2023-10-05T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | AddinUtil.exe |
Microsoft - Add-MailboxPermission
Microsoft. (n.d.). Add-Mailbox Permission. Retrieved September 13, 2019.
Internal MISP references
UUID b8d40efb-c78d-47dd-9d83-e5a31af73691
which can be used as unique global reference for Microsoft - Add-MailboxPermission
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-13T00:00:00Z |
source | MITRE |
title | Add-Mailbox Permission |
AddMonitor
Microsoft. (n.d.). AddMonitor function. Retrieved November 12, 2014.
Internal MISP references
UUID 8c1a719e-6ca1-4b41-966d-ddb87c849fe0
which can be used as unique global reference for AddMonitor
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
source | MITRE |
title | AddMonitor function |
Microsoft Azure AD Users
Microsoft. (2019, November 11). Add or delete users using Azure Active Directory. Retrieved January 30, 2020.
Internal MISP references
UUID b69468a2-693e-4bd0-8dc1-ccfd7d5630c0
which can be used as unique global reference for Microsoft Azure AD Users
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-01-30T00:00:00Z |
date_published | 2019-11-11T00:00:00Z |
source | MITRE |
title | Add or delete users using Azure Active Directory |
Microsoft Office Add-ins
Microsoft. (n.d.). Add or remove add-ins. Retrieved July 3, 2017.
Internal MISP references
UUID 99b20e30-76a8-4108-84ae-daf92058b44b
which can be used as unique global reference for Microsoft Office Add-ins
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-03T00:00:00Z |
source | MITRE |
title | Add or remove add-ins |
Microsoft AddPrintProcessor May 2018
Microsoft. (2018, May 31). AddPrintProcessor function. Retrieved October 5, 2020.
Internal MISP references
UUID 12c7160b-c93c-44cd-b108-68d4823aec8c
which can be used as unique global reference for Microsoft AddPrintProcessor May 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-05T00:00:00Z |
date_published | 2018-05-31T00:00:00Z |
source | MITRE |
title | AddPrintProcessor function |
RFC1918
IETF Network Working Group. (1996, February). Address Allocation for Private Internets. Retrieved October 20, 2020.
Internal MISP references
UUID f2cdf62e-cb9b-4a48-99a2-d46e7d9e7a9e
which can be used as unique global reference for RFC1918
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 1996-02-01T00:00:00Z |
source | MITRE |
title | Address Allocation for Private Internets |
Microsoft Exchange Address Lists
Microsoft. (2020, February 7). Address lists in Exchange Server. Retrieved March 26, 2020.
Internal MISP references
UUID 138ec24a-4361-4ce0-b78e-508c11db397c
which can be used as unique global reference for Microsoft Exchange Address Lists
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-26T00:00:00Z |
date_published | 2020-02-07T00:00:00Z |
source | MITRE |
title | Address lists in Exchange Server |
Microsoft AD DS Getting Started
Foulds, I. et al. (2018, August 7). AD DS Getting Started. Retrieved September 23, 2021.
Internal MISP references
UUID 82d01c77-571b-4f33-a286-878f325462ae
which can be used as unique global reference for Microsoft AD DS Getting Started
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-23T00:00:00Z |
date_published | 2018-08-07T00:00:00Z |
source | MITRE |
title | AD DS Getting Started |
Akamai DGA Mitigation
Liu, H. and Yuzifovich, Y. (2018, January 9). A Death Match of Domain Generation Algorithms. Retrieved February 18, 2019.
Internal MISP references
UUID 5b14cdf6-261a-4d7e-acb4-74e7fafa9467
which can be used as unique global reference for Akamai DGA Mitigation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-18T00:00:00Z |
date_published | 2018-01-09T00:00:00Z |
source | MITRE |
title | A Death Match of Domain Generation Algorithms |
Keychain Decryption Passware
Yana Gourenko. (n.d.). A Deep Dive into Apple Keychain Decryption. Retrieved April 13, 2022.
Internal MISP references
UUID 6a426ab4-5b0b-46d4-9dfe-e2587f69e111
which can be used as unique global reference for Keychain Decryption Passware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-13T00:00:00Z |
source | MITRE |
title | A Deep Dive into Apple Keychain Decryption |
Trend Micro Deep Dive Into Defacement
Marco Balduzzi, Ryan Flores, Lion Gu, Federico Maggi, Vincenzo Ciancaglini, Roel Reyes, Akira Urano. (n.d.). A Deep Dive into Defacement: How Geopolitical Events Trigger Web Attacks. Retrieved April 19, 2019.
Internal MISP references
UUID 4886418b-3a2e-4f12-b91e-3bb2a8134112
which can be used as unique global reference for Trend Micro Deep Dive Into Defacement
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-19T00:00:00Z |
source | MITRE |
title | A Deep Dive into Defacement: How Geopolitical Events Trigger Web Attacks |
Talos Lokibot Jan 2021
Muhammad, I., Unterbrink, H.. (2021, January 6). A Deep Dive into Lokibot Infection Chain. Retrieved August 31, 2021.
Internal MISP references
UUID 3baba4e6-0cf5-45eb-8abb-6c389743af89
which can be used as unique global reference for Talos Lokibot Jan 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-31T00:00:00Z |
date_published | 2021-01-06T00:00:00Z |
source | MITRE |
title | A Deep Dive into Lokibot Infection Chain |
Malwarebytes Saint Bot April 2021
Hasherezade. (2021, April 6). A deep dive into Saint Bot, a new downloader. Retrieved June 9, 2022.
Internal MISP references
UUID 3a1faa47-7bd3-453f-9b7a-bb17efb8bb3c
which can be used as unique global reference for Malwarebytes Saint Bot April 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-09T00:00:00Z |
date_published | 2021-04-06T00:00:00Z |
source | MITRE |
title | A deep dive into Saint Bot, a new downloader |
SecurityScorecard CredoMap September 2022
Vlad Pasca. (2022, September 27). A Deep Dive Into the APT28’s stealer called CredoMap. Retrieved December 5, 2023.
Internal MISP references
UUID 3e683efc-4712-4397-8d55-4354ff7ad9f0
which can be used as unique global reference for SecurityScorecard CredoMap September 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-05T00:00:00Z |
date_published | 2022-09-27T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | A Deep Dive Into the APT28’s stealer called CredoMap |
Krebs DNS Hijack 2019
Brian Krebs. (2019, February 18). A Deep Dive on the Recent Widespread DNS Hijacking Attacks. Retrieved February 14, 2022.
Internal MISP references
UUID 9bdc618d-ff55-4ac8-8967-6039c6c24cb1
which can be used as unique global reference for Krebs DNS Hijack 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-14T00:00:00Z |
date_published | 2019-02-18T00:00:00Z |
source | MITRE |
title | A Deep Dive on the Recent Widespread DNS Hijacking Attacks |
Reaqta MuddyWater November 2017
Reaqta. (2017, November 22). A dive into MuddyWater APT targeting Middle-East. Retrieved May 18, 2020.
Internal MISP references
UUID ecd28ccf-edb6-478d-a8f1-da630df42127
which can be used as unique global reference for Reaqta MuddyWater November 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-18T00:00:00Z |
date_published | 2017-11-22T00:00:00Z |
source | MITRE |
title | A dive into MuddyWater APT targeting Middle-East |
ESET Turla PowerShell May 2019
Faou, M. and Dumont R.. (2019, May 29). A dive into Turla PowerShell usage. Retrieved June 14, 2019.
Internal MISP references
UUID 68c0f34b-691a-4847-8d49-f18b7f4e5188
which can be used as unique global reference for ESET Turla PowerShell May 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-14T00:00:00Z |
date_published | 2019-05-29T00:00:00Z |
source | MITRE |
title | A dive into Turla PowerShell usage |
Kubernetes Admission Controllers
Kubernetes. (n.d.). Admission Controllers Reference. Retrieved March 8, 2023.
Internal MISP references
UUID ea035e41-159b-5f12-96fc-0638eace9fd2
which can be used as unique global reference for Kubernetes Admission Controllers
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-08T00:00:00Z |
source | MITRE |
title | Admission Controllers Reference |
Krebs Adobe
Brian Krebs. (2013, October 3). Adobe To Announce Source Code, Customer Data Breach. Retrieved May 17, 2021.
Internal MISP references
UUID bc2b0b89-e00d-4beb-bf27-fe81d8c826a4
which can be used as unique global reference for Krebs Adobe
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-17T00:00:00Z |
date_published | 2013-10-03T00:00:00Z |
source | MITRE |
title | Adobe To Announce Source Code, Customer Data Breach |
Github AD-Pentest-Script
Twi1ight. (2015, July 11). AD-Pentest-Script - wmiexec.vbs. Retrieved June 29, 2017.
Internal MISP references
UUID 45a5f6c2-b52e-4518-a10e-19797e6fdcc3
which can be used as unique global reference for Github AD-Pentest-Script
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-06-29T00:00:00Z |
date_published | 2015-07-11T00:00:00Z |
source | MITRE |
title | AD-Pentest-Script - wmiexec.vbs |
adplus.exe - LOLBAS Project
LOLBAS. (2021, September 1). adplus.exe. Retrieved December 4, 2023.
Internal MISP references
UUID d407ca0a-7ace-4dc5-947d-69a1e5a1d459
which can be used as unique global reference for adplus.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-09-01T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | adplus.exe |
Microsoft ADV170021 Dec 2017
Microsoft. (2017, December 12). ADV170021 - Microsoft Office Defense in Depth Update. Retrieved February 3, 2018.
Internal MISP references
UUID ce960e76-848f-440d-9843-54773f7b11cf
which can be used as unique global reference for Microsoft ADV170021 Dec 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-03T00:00:00Z |
date_published | 2017-12-12T00:00:00Z |
source | MITRE |
title | ADV170021 - Microsoft Office Defense in Depth Update |
FireEye APT Groups
FireEye. (n.d.). Advanced Persistent Threat Groups. Retrieved August 3, 2018.
Internal MISP references
UUID 5b6b909d-870a-4d14-85ec-6aa14e598740
which can be used as unique global reference for FireEye APT Groups
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-03T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Advanced Persistent Threat Groups |
Mandiant Advanced Persistent Threats
Mandiant. (n.d.). Advanced Persistent Threats (APTs). Retrieved February 14, 2024.
Internal MISP references
UUID 2d16615b-09fc-5925-8f59-6d20f334d236
which can be used as unique global reference for Mandiant Advanced Persistent Threats
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-14T00:00:00Z |
source | MITRE |
title | Advanced Persistent Threats (APTs) |
Mandiant APT Groups List
Mandiant. (n.d.). Advanced Persistent Threats (APTs). Retrieved September 14, 2023.
Internal MISP references
UUID c984fcfc-1bfd-4b1e-9034-a6ff3e6ebf97
which can be used as unique global reference for Mandiant APT Groups List
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-14T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Advanced Persistent Threats (APTs) |
Advanced_sec_audit_policy_settings
Simpson, D. et al. (2017, April 19). Advanced security audit policy settings. Retrieved September 14, 2021.
Internal MISP references
UUID 9aef57b1-1a2e-4833-815e-887616cc0570
which can be used as unique global reference for Advanced_sec_audit_policy_settings
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-14T00:00:00Z |
date_published | 2017-04-19T00:00:00Z |
source | MITRE |
title | Advanced security audit policy settings |
Adversaries Hijack DLLs
CrowdStrike, Falcon OverWatch Team. (2022, December 30). Retrieved October 19, 2023.
Internal MISP references
UUID 01836e53-4316-51a7-852c-01e585212276
which can be used as unique global reference for Adversaries Hijack DLLs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-19T00:00:00Z |
source | MITRE |
title | Adversaries Hijack DLLs |
CrowdStrike Richochet Chollima September 2021
CrowdStrike. (2021, September 30). Adversary Profile - Ricochet Chollima. Retrieved September 30, 2021.
Internal MISP references
UUID 69a23467-c55c-43a3-951d-c208e6ead6f7
which can be used as unique global reference for CrowdStrike Richochet Chollima September 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-30T00:00:00Z |
date_published | 2021-09-30T00:00:00Z |
source | MITRE |
title | Adversary Profile - Ricochet Chollima |
Elastic - Hunting for Persistence Part 1
French, D., Murphy, B. (2020, March 24). Adversary tradecraft 101: Hunting for persistence using Elastic Security (Part 1). Retrieved December 21, 2020.
Internal MISP references
UUID bd9406d3-c3e3-4737-97a1-a4bc997c88cd
which can be used as unique global reference for Elastic - Hunting for Persistence Part 1
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-21T00:00:00Z |
date_published | 2020-03-24T00:00:00Z |
source | MITRE |
title | Adversary tradecraft 101: Hunting for persistence using Elastic Security (Part 1) |
NCSC APT29 July 2020
National Cyber Security Centre. (2020, July 16). Advisory: APT29 targets COVID-19 vaccine development. Retrieved September 29, 2020.
Internal MISP references
UUID 28da86a6-4ca1-4bb4-a401-d4aa469c0034
which can be used as unique global reference for NCSC APT29 July 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-29T00:00:00Z |
date_published | 2020-07-16T00:00:00Z |
source | MITRE |
title | Advisory: APT29 targets COVID-19 vaccine development |
Advpack.dll - LOLBAS Project
LOLBAS. (2018, May 25). Advpack.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 837ccb3c-316d-4d96-8a33-b5df40870aba
which can be used as unique global reference for Advpack.dll - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Advpack.dll |
Kaspersky Adwind Feb 2016
Kamluk, V. & Gostev, A. (2016, February). Adwind - A Cross-Platform RAT. Retrieved April 23, 2019.
Internal MISP references
UUID 69fd8de4-81bc-4165-b77d-c5fc72cfa699
which can be used as unique global reference for Kaspersky Adwind Feb 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-23T00:00:00Z |
date_published | 2016-02-01T00:00:00Z |
source | MITRE |
title | Adwind - A Cross-Platform RAT |
Bitdefender Trickbot VNC module Whitepaper 2021
Radu Tudorica. (2021, July 12). A Fresh Look at Trickbot’s Ever-Improving VNC Module. Retrieved September 28, 2021.
Internal MISP references
UUID ee2709d7-2b33-48ac-8e90-a2770d469d80
which can be used as unique global reference for Bitdefender Trickbot VNC module Whitepaper 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-28T00:00:00Z |
date_published | 2021-07-12T00:00:00Z |
source | MITRE |
title | A Fresh Look at Trickbot’s Ever-Improving VNC Module |
Mac Backdoors are back
Dan Goodin. (2016, July 6). After hiatus, in-the-wild Mac backdoors are suddenly back. Retrieved July 8, 2017.
Internal MISP references
UUID c37f00dc-ee53-4be1-9046-0a28bdc5649a
which can be used as unique global reference for Mac Backdoors are back
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-08T00:00:00Z |
date_published | 2016-07-06T00:00:00Z |
source | MITRE |
title | After hiatus, in-the-wild Mac backdoors are suddenly back |
SentinelOne January 30 2023
SentinelOne. (2023, January 30). Agenda (Qilin). Retrieved June 7, 2024.
Internal MISP references
UUID 290e84bc-7dae-46ec-81de-78c94b98e45b
which can be used as unique global reference for SentinelOne January 30 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-06-07T00:00:00Z |
date_published | 2023-01-30T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Agenda (Qilin) |
Trend Micro March 26 2024
Arianne Dela Cruz; Raymart Yambot; Raighen Sanchez; Darrel Tristan Virtusio Read time. (2024, March 26). Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script. Retrieved April 5, 2024.
Internal MISP references
UUID d5634b8e-420a-4721-a3d2-19d9f36697f4
which can be used as unique global reference for Trend Micro March 26 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-05T00:00:00Z |
date_published | 2024-03-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script |
Kaspersky MSSQL Aug 2019
Plakhov, A., Sitchikhin, D. (2019, August 22). Agent 1433: remote attack on Microsoft SQL Server. Retrieved September 4, 2019.
Internal MISP references
UUID 569a6be3-7a10-4aa4-be26-a62ed562a4ce
which can be used as unique global reference for Kaspersky MSSQL Aug 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-04T00:00:00Z |
date_published | 2019-08-22T00:00:00Z |
source | MITRE |
title | Agent 1433: remote attack on Microsoft SQL Server |
Securelist Agent.btz
Gostev, A.. (2014, March 12). Agent.btz: a Source of Inspiration?. Retrieved April 8, 2016.
Internal MISP references
UUID 3b876c56-1d18-49e3-9a96-5cee4af7ab72
which can be used as unique global reference for Securelist Agent.btz
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-08T00:00:00Z |
date_published | 2014-03-12T00:00:00Z |
source | MITRE |
title | Agent.btz: a Source of Inspiration? |
ThreatExpert Agent.btz
Shevchenko, S.. (2008, November 30). Agent.btz - A Threat That Hit Pentagon. Retrieved April 8, 2016.
Internal MISP references
UUID b710c404-b02e-444c-9388-9a5e751971d2
which can be used as unique global reference for ThreatExpert Agent.btz
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-08T00:00:00Z |
date_published | 2008-11-30T00:00:00Z |
source | MITRE |
title | Agent.btz - A Threat That Hit Pentagon |
AgentExecutor.exe - LOLBAS Project
LOLBAS. (2020, July 23). AgentExecutor.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 633d7f25-df9d-4619-9aa9-92d1d9d225d7
which can be used as unique global reference for AgentExecutor.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-07-23T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | AgentExecutor.exe |
SentinelLabs Agent Tesla Aug 2020
Walter, J. (2020, August 10). Agent Tesla | Old RAT Uses New Tricks to Stay on Top. Retrieved December 11, 2020.
Internal MISP references
UUID 5f712e3f-5a9d-4af3-b846-a61dc1d59b3a
which can be used as unique global reference for SentinelLabs Agent Tesla Aug 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-11T00:00:00Z |
date_published | 2020-08-10T00:00:00Z |
source | MITRE |
title | Agent Tesla |
LogPoint Agent Tesla March 23 2023
Anish Bogati. (2023, March 23). AgentTesla's Capabilities: A Review and Detection Strategies. Retrieved May 7, 2023.
Internal MISP references
UUID 28bfb97b-4b58-408a-bef9-9081f6ddedb8
which can be used as unique global reference for LogPoint Agent Tesla March 23 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2023-03-23T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | AgentTesla's Capabilities: A Review and Detection Strategies |
ATT Sidewinder January 2021
Hegel, T. (2021, January 13). A Global Perspective of the SideWinder APT. Retrieved January 27, 2021.
Internal MISP references
UUID d6644f88-d727-4f62-897a-bfa18f86380d
which can be used as unique global reference for ATT Sidewinder January 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-27T00:00:00Z |
date_published | 2021-01-13T00:00:00Z |
source | MITRE, Tidal Cyber |
title | A Global Perspective of the SideWinder APT |
Harmj0y Domain Trusts
Schroeder, W. (2017, October 30). A Guide to Attacking Domain Trusts. Retrieved February 14, 2019.
Internal MISP references
UUID 23a9ef6c-9f71-47bb-929f-9a92f24553eb
which can be used as unique global reference for Harmj0y Domain Trusts
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-14T00:00:00Z |
date_published | 2017-10-30T00:00:00Z |
source | MITRE |
title | A Guide to Attacking Domain Trusts |
airwalk backdoor unix systems
airwalk. (2023, January 1). A guide to backdooring Unix systems. Retrieved May 31, 2023.
Internal MISP references
UUID 3f3bca4a-68fa-5d4a-b86f-36f82345ff36
which can be used as unique global reference for airwalk backdoor unix systems
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-31T00:00:00Z |
date_published | 2023-01-01T00:00:00Z |
source | MITRE |
title | A guide to backdooring Unix systems |
Wired Lockergoga 2019
Greenberg, A. (2019, March 25). A Guide to LockerGoga, the Ransomware Crippling Industrial Firms. Retrieved July 17, 2019.
Internal MISP references
UUID de12f263-f76d-4b63-beb8-b210f7a8310d
which can be used as unique global reference for Wired Lockergoga 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-17T00:00:00Z |
date_published | 2019-03-25T00:00:00Z |
source | MITRE |
title | A Guide to LockerGoga, the Ransomware Crippling Industrial Firms |
ZDNET Selling Data
Cimpanu, C. (2020, May 9). A hacker group is selling more than 73 million user records on the dark web. Retrieved October 20, 2020.
Internal MISP references
UUID 61d00ae2-5494-4c6c-8860-6826e701ade8
which can be used as unique global reference for ZDNET Selling Data
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2020-05-09T00:00:00Z |
source | MITRE |
title | A hacker group is selling more than 73 million user records on the dark web |
ESET Zebrocy May 2019
ESET Research. (2019, May 22). A journey to Zebrocy land. Retrieved June 20, 2019.
Internal MISP references
UUID f8b837fb-e46c-4153-8e86-dc4b909b393a
which can be used as unique global reference for ESET Zebrocy May 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-20T00:00:00Z |
date_published | 2019-05-22T00:00:00Z |
source | MITRE |
title | A journey to Zebrocy land |
Kersten Akira 2023
Max Kersten & Alexandre Mundo. (2023, November 29). Akira Ransomware. Retrieved April 4, 2024.
Internal MISP references
UUID df191993-a2cb-5d26-960c-11d1c6d3d73b
which can be used as unique global reference for Kersten Akira 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-04T00:00:00Z |
date_published | 2023-11-29T00:00:00Z |
source | MITRE |
title | Akira Ransomware |
Akira Ransomware Analysis August 2023
SEQBOSS. (2023, August 10). AKIRA RANSOMWARE ANALYSIS. Retrieved April 3, 2024.
Internal MISP references
UUID b34d6a98-158e-4fe7-8fcd-79554c07631a
which can be used as unique global reference for Akira Ransomware Analysis August 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-03T00:00:00Z |
date_published | 2023-08-10T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | AKIRA RANSOMWARE ANALYSIS |
Sophos Akira May 9 2023
Paul Jaramillo. (2023, May 9). Akira Ransomware is “bringin’ 1988 back”. Retrieved February 27, 2024.
Internal MISP references
UUID 1343b052-b158-4dad-9ed4-9dbb7bb778dd
which can be used as unique global reference for Sophos Akira May 9 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-27T00:00:00Z |
date_published | 2023-05-09T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Akira Ransomware is “bringin’ 1988 back” |
Microsoft AKS Azure AD 2023
Microsoft. (2023, February 27). AKS-managed Azure Active Directory integration. Retrieved March 8, 2023.
Internal MISP references
UUID 809db259-3557-5597-9d1a-7c00cc10b89c
which can be used as unique global reference for Microsoft AKS Azure AD 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-08T00:00:00Z |
date_published | 2023-02-27T00:00:00Z |
source | MITRE |
title | AKS-managed Azure Active Directory integration |
Okta DPoP 2023
Venkat Viswanathan. (2023, June 13). A leap forward in token security: Okta adds support for DPoP. Retrieved January 2, 2024.
Internal MISP references
UUID d792ede9-6ff6-5fae-a045-fd8b57abd3d3
which can be used as unique global reference for Okta DPoP 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-02T00:00:00Z |
date_published | 2023-06-13T00:00:00Z |
source | MITRE |
title | A leap forward in token security: Okta adds support for DPoP |
US-CERT SamSam 2018
US-CERT. (2018, December 3). Alert (AA18-337A): SamSam Ransomware. Retrieved March 15, 2019.
Internal MISP references
UUID b9d14fea-2330-4eed-892c-b4e05a35d273
which can be used as unique global reference for US-CERT SamSam 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-15T00:00:00Z |
date_published | 2018-12-03T00:00:00Z |
source | MITRE |
title | Alert (AA18-337A): SamSam Ransomware |
CISA MSS Sep 2020
CISA. (2020, September 14). Alert (AA20-258A): Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity. Retrieved October 1, 2020.
Internal MISP references
UUID ffe613e3-b528-42bf-81d5-4d8de38b3457
which can be used as unique global reference for CISA MSS Sep 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-01T00:00:00Z |
date_published | 2020-09-14T00:00:00Z |
source | MITRE |
title | Alert (AA20-258A): Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity |
CISA Lokibot September 2020
DHS/CISA. (2020, September 22). Alert (AA20-266A) LokiBot Malware . Retrieved September 15, 2021.
Internal MISP references
UUID df979f7b-6de8-4029-ae47-700f29157db0
which can be used as unique global reference for CISA Lokibot September 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-15T00:00:00Z |
date_published | 2020-09-22T00:00:00Z |
source | MITRE |
title | Alert (AA20-266A) LokiBot Malware |
CISA_AA21_200B
CISA. (2021, August 20). Alert (AA21-200B) Chinese State-Sponsored Cyber Operations: Observed TTPs. Retrieved June 21, 2022.
Internal MISP references
UUID 633c6045-8990-58ae-85f0-00139aa9a091
which can be used as unique global reference for CISA_AA21_200B
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-21T00:00:00Z |
date_published | 2021-08-20T00:00:00Z |
source | MITRE |
title | Alert (AA21-200B) Chinese State-Sponsored Cyber Operations: Observed TTPs |
cisa_malware_orgs_ukraine
CISA. (2022, April 28). Alert (AA22-057A) Update: Destructive Malware Targeting Organizations in Ukraine. Retrieved July 29, 2022.
Internal MISP references
UUID ebe89b36-f87f-4e09-8030-a1328c0b8683
which can be used as unique global reference for cisa_malware_orgs_ukraine
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-29T00:00:00Z |
date_published | 2022-04-28T00:00:00Z |
source | MITRE |
title | Alert (AA22-057A) Update: Destructive Malware Targeting Organizations in Ukraine |
US-CERT Ransomware 2016
US-CERT. (2016, March 31). Alert (TA16-091A): Ransomware and Recent Variants. Retrieved March 15, 2019.
Internal MISP references
UUID 866484fa-836d-4c5b-bbad-3594ef60599c
which can be used as unique global reference for US-CERT Ransomware 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-15T00:00:00Z |
date_published | 2016-03-31T00:00:00Z |
source | MITRE |
title | Alert (TA16-091A): Ransomware and Recent Variants |
US-CERT WannaCry 2017
US-CERT. (2017, May 12). Alert (TA17-132A): Indicators Associated With WannaCry Ransomware. Retrieved March 25, 2019.
Internal MISP references
UUID 349b8e9d-7172-4d01-b150-f0371d038b7e
which can be used as unique global reference for US-CERT WannaCry 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-25T00:00:00Z |
date_published | 2017-05-12T00:00:00Z |
source | MITRE |
title | Alert (TA17-132A): Indicators Associated With WannaCry Ransomware |
US-CERT HIDDEN COBRA June 2017
US-CERT. (2017, June 13). Alert (TA17-164A) HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure. Retrieved July 13, 2017.
Internal MISP references
UUID 8e57cea3-ee37-4507-bb56-7445050ec8ca
which can be used as unique global reference for US-CERT HIDDEN COBRA June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-13T00:00:00Z |
date_published | 2017-06-13T00:00:00Z |
source | MITRE |
title | Alert (TA17-164A) HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure |
US-CERT NotPetya 2017
US-CERT. (2017, July 1). Alert (TA17-181A): Petya Ransomware. Retrieved March 15, 2019.
Internal MISP references
UUID 6a009850-834b-4178-9028-2745921b6743
which can be used as unique global reference for US-CERT NotPetya 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-15T00:00:00Z |
date_published | 2017-07-01T00:00:00Z |
source | MITRE |
title | Alert (TA17-181A): Petya Ransomware |
US-CERT APT Energy Oct 2017
US-CERT. (2017, October 20). Alert (TA17-293A): Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved November 2, 2017.
Internal MISP references
UUID e34ddf0a-a112-4557-ac09-1ff540241a89
which can be used as unique global reference for US-CERT APT Energy Oct 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-02T00:00:00Z |
date_published | 2017-10-20T00:00:00Z |
source | MITRE |
title | Alert (TA17-293A): Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors |
US-CERT FALLCHILL Nov 2017
US-CERT. (2017, November 22). Alert (TA17-318A): HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL. Retrieved December 7, 2017.
Internal MISP references
UUID 045e03f9-af83-4442-b69e-b80f68e570ac
which can be used as unique global reference for US-CERT FALLCHILL Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-07T00:00:00Z |
date_published | 2017-11-22T00:00:00Z |
source | MITRE |
title | Alert (TA17-318A): HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL |
US-CERT Volgmer Nov 2017
US-CERT. (2017, November 22). Alert (TA17-318B): HIDDEN COBRA – North Korean Trojan: Volgmer. Retrieved December 7, 2017.
Internal MISP references
UUID c48c7ac0-8d55-4b62-9606-a9ce420459b6
which can be used as unique global reference for US-CERT Volgmer Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-07T00:00:00Z |
date_published | 2017-11-22T00:00:00Z |
source | MITRE |
title | Alert (TA17-318B): HIDDEN COBRA – North Korean Trojan: Volgmer |
US-CERT TA18-074A
US-CERT. (2018, March 16). Alert (TA18-074A): Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved June 6, 2018.
Internal MISP references
UUID 94e87a92-bf80-43e2-a3ab-cd7d4895f2fc
which can be used as unique global reference for US-CERT TA18-074A
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-06-06T00:00:00Z |
date_published | 2018-03-16T00:00:00Z |
source | MITRE |
title | Alert (TA18-074A): Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors |
US-CERT-TA18-106A
US-CERT. (2018, April 20). Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices. Retrieved October 19, 2020.
Internal MISP references
UUID 1fe55557-94af-4697-a675-884701f70f2a
which can be used as unique global reference for US-CERT-TA18-106A
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
date_published | 2018-04-20T00:00:00Z |
source | MITRE |
title | Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices |
US-CERT Emotet Jul 2018
US-CERT. (2018, July 20). Alert (TA18-201A) Emotet Malware. Retrieved March 25, 2019.
Internal MISP references
UUID 0043043a-4741-41c2-a6f2-f88d5caa8b7a
which can be used as unique global reference for US-CERT Emotet Jul 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-25T00:00:00Z |
date_published | 2018-07-20T00:00:00Z |
source | MITRE |
title | Alert (TA18-201A) Emotet Malware |
AlKhaser Debug
Noteworthy. (2019, January 6). Al-Khaser. Retrieved April 1, 2022.
Internal MISP references
UUID d9773aaf-e3ec-4ce3-b5c8-1ca3c4751622
which can be used as unique global reference for AlKhaser Debug
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-01T00:00:00Z |
date_published | 2019-01-06T00:00:00Z |
source | MITRE |
title | Al-Khaser |
Fysbis Palo Alto Analysis
Bryan Lee and Rob Downs. (2016, February 12). A Look Into Fysbis: Sofacy’s Linux Backdoor. Retrieved September 10, 2017.
Internal MISP references
UUID 3e527ad6-6b56-473d-8178-e1c3c14f2311
which can be used as unique global reference for Fysbis Palo Alto Analysis
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-09-10T00:00:00Z |
date_published | 2016-02-12T00:00:00Z |
source | MITRE |
title | A Look Into Fysbis: Sofacy’s Linux Backdoor |
Medium KONNI Jan 2020
Karmi, D. (2020, January 4). A Look Into Konni 2019 Campaign. Retrieved April 28, 2020.
Internal MISP references
UUID e117a6ac-eaa2-4494-b4ae-2d9ae52c3251
which can be used as unique global reference for Medium KONNI Jan 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-04-28T00:00:00Z |
date_published | 2020-01-04T00:00:00Z |
source | MITRE |
title | A Look Into Konni 2019 Campaign |
Unit 42 Palo Alto Ransomware in Public Clouds 2022
Jay Chen. (2022, May 16). A Look Into Public Clouds From the Ransomware Actor's Perspective. Retrieved March 21, 2023.
Internal MISP references
UUID cc6c2b69-ca51-513e-9666-a03be2ea5fcd
which can be used as unique global reference for Unit 42 Palo Alto Ransomware in Public Clouds 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-21T00:00:00Z |
date_published | 2022-05-16T00:00:00Z |
source | MITRE |
title | A Look Into Public Clouds From the Ransomware Actor's Perspective |
Cyber Centre ALPHV/BlackCat July 25 2023
Canadian Centre for Cyber Security. (2023, July 25). ALPHV/BlackCat Ransomware Targeting of Canadian Industries. Retrieved September 13, 2023.
Internal MISP references
UUID 610c8f22-1a96-42d2-934d-8467d136eed2
which can be used as unique global reference for Cyber Centre ALPHV/BlackCat July 25 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-13T00:00:00Z |
date_published | 2023-07-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | ALPHV/BlackCat Ransomware Targeting of Canadian Industries |
Mandiant ALPHV Affiliate April 3 2023
Jason Deyalsingh, Nick Smith, Eduardo Mattos, Tyler Mclellan. (2023, April 3). ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access. Retrieved March 5, 2024.
Internal MISP references
UUID b8375832-f6a9-4617-a2ac-d23aacbf2bfe
which can be used as unique global reference for Mandiant ALPHV Affiliate April 3 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-05T00:00:00Z |
date_published | 2023-04-03T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access |
Microsoft ADS Mar 2014
Marlin, J. (2013, March 24). Alternate Data Streams in NTFS. Retrieved March 21, 2018.
Internal MISP references
UUID eae434ff-97c0-4a82-9f80-215e515befae
which can be used as unique global reference for Microsoft ADS Mar 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-21T00:00:00Z |
date_published | 2013-03-24T00:00:00Z |
source | MITRE |
title | Alternate Data Streams in NTFS |
XPNSec PPID Nov 2017
Chester, A. (2017, November 20). Alternative methods of becoming SYSTEM. Retrieved June 4, 2019.
Internal MISP references
UUID 0dbf093e-4b54-4972-b048-2a6411037da4
which can be used as unique global reference for XPNSec PPID Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-04T00:00:00Z |
date_published | 2017-11-20T00:00:00Z |
source | MITRE |
title | Alternative methods of becoming SYSTEM |
Microsoft AlwaysInstallElevated 2018
Microsoft. (2018, May 31). AlwaysInstallElevated. Retrieved December 14, 2020.
Internal MISP references
UUID 19026f4c-ad65-435e-8c0e-a8ccc9895348
which can be used as unique global reference for Microsoft AlwaysInstallElevated 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-14T00:00:00Z |
date_published | 2018-05-31T00:00:00Z |
source | MITRE |
title | AlwaysInstallElevated |
ASEC BLOG July 21 2022
Sanseo. (2022, July 21). Amadey Bot Being Distributed Through SmokeLoader - ASEC BLOG. Retrieved May 15, 2023.
Internal MISP references
UUID e320cc74-005a-46db-8a04-6ec487df327f
which can be used as unique global reference for ASEC BLOG July 21 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-15T00:00:00Z |
date_published | 2022-07-21T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Amadey Bot Being Distributed Through SmokeLoader - ASEC BLOG |
Amazon Snapshots
Amazon. (n.d.). Amazon EBS snapshots. Retrieved October 13, 2021.
Internal MISP references
UUID 3961a653-b53c-4ba4-9ea6-709e1d1bdb55
which can be used as unique global reference for Amazon Snapshots
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-13T00:00:00Z |
source | MITRE |
title | Amazon EBS snapshots |
Amazon AMI
Amazon. (n.d.). Amazon Machine Images (AMI). Retrieved October 13, 2021.
Internal MISP references
UUID bc9ecf45-2a20-47df-a634-064237e5f126
which can be used as unique global reference for Amazon AMI
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-13T00:00:00Z |
source | MITRE |
title | Amazon Machine Images (AMI) |
Amazon S3
Amazon. (n.d.). Amazon S3. Retrieved October 13, 2021.
Internal MISP references
UUID 7fecbd5d-626f-496a-a72f-5f166c78c204
which can be used as unique global reference for Amazon S3
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-13T00:00:00Z |
source | MITRE |
title | Amazon S3 |
Trend Micro S3 Exposed PII, 2017
Trend Micro. (2017, November 6). A Misconfigured Amazon S3 Exposed Almost 50 Thousand PII in Australia. Retrieved October 4, 2019.
Internal MISP references
UUID 1ba37b48-1219-4f87-af36-9bdd8d6265ca
which can be used as unique global reference for Trend Micro S3 Exposed PII, 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-04T00:00:00Z |
date_published | 2017-11-06T00:00:00Z |
source | MITRE |
title | A Misconfigured Amazon S3 Exposed Almost 50 Thousand PII in Australia |
Recorded Future Beacon Certificates
Insikt Group. (2019, June 18). A Multi-Method Approach to Identifying Rogue Cobalt Strike Servers. Retrieved October 16, 2020.
Internal MISP references
UUID 792ca8a7-c9b2-4e7f-8562-e1ccb60a402a
which can be used as unique global reference for Recorded Future Beacon Certificates
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-16T00:00:00Z |
date_published | 2019-06-18T00:00:00Z |
source | MITRE |
title | A Multi-Method Approach to Identifying Rogue Cobalt Strike Servers |
Botnet Scan
Dainotti, A. et al. (2012). Analysis of a “/0” Stealth Scan from a Botnet. Retrieved October 20, 2020.
Internal MISP references
UUID ca09941c-fcc8-460b-8b02-d1608a7d3813
which can be used as unique global reference for Botnet Scan
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2012-01-01T00:00:00Z |
source | MITRE |
title | Analysis of a “/0” Stealth Scan from a Botnet |
Trend Micro Ngrok September 2020
Borja, A. Camba, A. et al (2020, September 14). Analysis of a Convoluted Attack Chain Involving Ngrok. Retrieved September 15, 2020.
Internal MISP references
UUID e7b57e64-3532-4b98-9fa5-b832e6fcd53a
which can be used as unique global reference for Trend Micro Ngrok September 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-15T00:00:00Z |
source | MITRE |
title | Analysis of a Convoluted Attack Chain Involving Ngrok |
CIRCL PlugX March 2013
Computer Incident Response Center Luxembourg. (2013, March 29). Analysis of a PlugX variant. Retrieved November 5, 2018.
Internal MISP references
UUID 8ab89236-6994-43a3-906c-383e294f65d1
which can be used as unique global reference for CIRCL PlugX March 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-05T00:00:00Z |
date_published | 2013-03-29T00:00:00Z |
source | MITRE |
title | Analysis of a PlugX variant |
Apple Unified Log Analysis Remote Login and Screen Sharing
Sarah Edwards. (2020, April 30). Analysis of Apple Unified Logs: Quarantine Edition [Entry 6] – Working From Home? Remote Logins. Retrieved August 19, 2021.
Internal MISP references
UUID a2169171-8e4a-4faa-811c-98b6204a5a57
which can be used as unique global reference for Apple Unified Log Analysis Remote Login and Screen Sharing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-19T00:00:00Z |
date_published | 2020-04-30T00:00:00Z |
source | MITRE |
title | Analysis of Apple Unified Logs: Quarantine Edition [Entry 6] – Working From Home? Remote Logins |
Medium S2W WhisperGate January 2022
S2W. (2022, January 18). Analysis of Destructive Malware (WhisperGate) targeting Ukraine. Retrieved March 14, 2022.
Internal MISP references
UUID 06cf7197-244a-431b-a288-4c2bbd431ad5
which can be used as unique global reference for Medium S2W WhisperGate January 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-14T00:00:00Z |
date_published | 2022-01-18T00:00:00Z |
source | MITRE |
title | Analysis of Destructive Malware (WhisperGate) targeting Ukraine |
Analysis of FG-IR-22-369
Guillaume Lovet and Alex Kong. (2023, March 9). Analysis of FG-IR-22-369. Retrieved May 15, 2023.
Internal MISP references
UUID f12b141e-6bb2-5563-9665-5756fec2d5e7
which can be used as unique global reference for Analysis of FG-IR-22-369
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-15T00:00:00Z |
date_published | 2023-03-09T00:00:00Z |
source | MITRE |
title | Analysis of FG-IR-22-369 |
Graeber 2014
Graeber, M. (2014, October). Analysis of Malicious Security Support Provider DLLs. Retrieved March 1, 2017.
Internal MISP references
UUID f2f9a6bf-b4d9-461e-b961-0610ea72faf0
which can be used as unique global reference for Graeber 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-01T00:00:00Z |
date_published | 2014-10-01T00:00:00Z |
source | MITRE |
title | Analysis of Malicious Security Support Provider DLLs |
Fortinet Agent Tesla April 2018
Zhang, X. (2018, April 05). Analysis of New Agent Tesla Spyware Variant. Retrieved November 5, 2018.
Internal MISP references
UUID 86a65be7-0f70-4755-b526-a26b92eabaa2
which can be used as unique global reference for Fortinet Agent Tesla April 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-05T00:00:00Z |
date_published | 2018-04-05T00:00:00Z |
source | MITRE |
title | Analysis of New Agent Tesla Spyware Variant |
Antiy CERT Ramsay April 2020
Antiy CERT. (2020, April 20). Analysis of Ramsay components of Darkhotel's infiltration and isolation network. Retrieved March 24, 2021.
Internal MISP references
UUID 280636da-fa21-472c-947c-651a628ea2cd
which can be used as unique global reference for Antiy CERT Ramsay April 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-24T00:00:00Z |
date_published | 2020-04-20T00:00:00Z |
source | MITRE |
title | Analysis of Ramsay components of Darkhotel's infiltration and isolation network |
Storm-0558 techniques for unauthorized email access
Microsoft Threat Intelligence. (2023, July 14). Analysis of Storm-0558 techniques for unauthorized email access. Retrieved September 18, 2023.
Internal MISP references
UUID 74fd79a9-09f7-5149-a457-687a1e2989de
which can be used as unique global reference for Storm-0558 techniques for unauthorized email access
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-18T00:00:00Z |
date_published | 2023-07-14T00:00:00Z |
source | MITRE |
title | Analysis of Storm-0558 techniques for unauthorized email access |
ESET Telebots July 2017
Cherepanov, A.. (2017, July 4). Analysis of TeleBots’ cunning backdoor . Retrieved June 11, 2020.
Internal MISP references
UUID 5d62c323-6626-4aad-8bf2-0d988e436f3d
which can be used as unique global reference for ESET Telebots July 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-11T00:00:00Z |
date_published | 2017-07-04T00:00:00Z |
source | MITRE |
title | Analysis of TeleBots’ cunning backdoor |
EST Kimsuky SmokeScreen April 2019
ESTSecurity. (2019, April 17). Analysis of the APT Campaign ‘Smoke Screen’ targeting to Korea and US 출처: https://blog.alyac.co.kr/2243 [이스트시큐리티 알약 블로그]. Retrieved September 29, 2021.
Internal MISP references
UUID 15213a3c-1e9f-47fa-9864-8ef2707c7fb6
which can be used as unique global reference for EST Kimsuky SmokeScreen April 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
date_published | 2019-04-17T00:00:00Z |
source | MITRE |
title | Analysis of the APT Campaign ‘Smoke Screen’ targeting to Korea and US 출처: https://blog.alyac.co.kr/2243 [이스트시큐리티 알약 블로그] |
Ukraine15 - EISAC - 201603
Electricity Information Sharing and Analysis Center; SANS Industrial Control Systems. (2016, March 18). Analysis of the Cyber Attack on the Ukranian Power Grid: Defense Use Case. Retrieved March 27, 2018.
Internal MISP references
UUID 8adc6d36-3aa0-5d7b-8bb3-23f4426be8a6
which can be used as unique global reference for Ukraine15 - EISAC - 201603
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-27T00:00:00Z |
date_published | 2016-03-18T00:00:00Z |
source | MITRE |
title | Analysis of the Cyber Attack on the Ukranian Power Grid: Defense Use Case |
Check Point Havij Analysis
Ganani, M. (2015, May 14). Analysis of the Havij SQL Injection tool. Retrieved March 19, 2018.
Internal MISP references
UUID 2e00a539-acbe-4462-a30f-43da4e8b9c4f
which can be used as unique global reference for Check Point Havij Analysis
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-19T00:00:00Z |
date_published | 2015-05-14T00:00:00Z |
source | MITRE |
title | Analysis of the Havij SQL Injection tool |
ESET Emotet Dec 2018
Perez, D.. (2018, December 28). Analysis of the latest Emotet propagation campaign. Retrieved April 16, 2019.
Internal MISP references
UUID 3fab9e25-e83e-4c90-ae32-dcd0c30757f8
which can be used as unique global reference for ESET Emotet Dec 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-16T00:00:00Z |
date_published | 2018-12-28T00:00:00Z |
source | MITRE |
title | Analysis of the latest Emotet propagation campaign |
Rewterz Sidewinder COVID-19 June 2020
Rewterz. (2020, June 22). Analysis on Sidewinder APT Group – COVID-19. Retrieved January 29, 2021.
Internal MISP references
UUID cdd779f1-30c2-40be-a500-332920f0e21c
which can be used as unique global reference for Rewterz Sidewinder COVID-19 June 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-29T00:00:00Z |
date_published | 2020-06-22T00:00:00Z |
source | MITRE |
title | Analysis on Sidewinder APT Group – COVID-19 |
CISA AR18-352A Quasar RAT December 2018
CISA. (2018, December 18). Analysis Report (AR18-352A) Quasar Open-Source Remote Administration Tool. Retrieved August 1, 2022.
Internal MISP references
UUID a109e42d-604f-4885-ada3-5d6895addc96
which can be used as unique global reference for CISA AR18-352A Quasar RAT December 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-01T00:00:00Z |
date_published | 2018-12-18T00:00:00Z |
source | MITRE |
title | Analysis Report (AR18-352A) Quasar Open-Source Remote Administration Tool |
CISA AR21-126A FIVEHANDS May 2021
CISA. (2021, May 6). Analysis Report (AR21-126A) FiveHands Ransomware. Retrieved June 7, 2021.
Internal MISP references
UUID f98604dd-2881-4024-8e43-6f5f48c6c9fa
which can be used as unique global reference for CISA AR21-126A FIVEHANDS May 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-07T00:00:00Z |
date_published | 2021-05-06T00:00:00Z |
source | MITRE |
title | Analysis Report (AR21-126A) FiveHands Ransomware |
JoeSecurity Egregor 2020
Joe Security. (n.d.). Analysis Report fasm.dll. Retrieved January 6, 2021.
Internal MISP references
UUID d403e610-fa83-4c17-842f-223063864009
which can be used as unique global reference for JoeSecurity Egregor 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-06T00:00:00Z |
source | MITRE |
title | Analysis Report fasm.dll |
GDATA Zeus Panda June 2017
Ebach, L. (2017, June 22). Analysis Results of Zeus.Variant.Panda. Retrieved November 5, 2018.
Internal MISP references
UUID 2d9a6957-5645-4863-968b-4a3c8736564b
which can be used as unique global reference for GDATA Zeus Panda June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-05T00:00:00Z |
date_published | 2017-06-22T00:00:00Z |
source | MITRE |
title | Analysis Results of Zeus.Variant.Panda |
jstnk9.github.io June 01 2022
jstnk9.github.io. (2022, June 1). Analyzing AsyncRAT distributed in Colombia | Welcome to Jstnk webpage. Retrieved May 7, 2023.
Internal MISP references
UUID 4e7f573d-f8cc-4538-9f8d-b945f037e46f
which can be used as unique global reference for jstnk9.github.io June 01 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2022-06-01T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Analyzing AsyncRAT distributed in Colombia |
Analyzing CS Dec 2020
Maynier, E. (2020, December 20). Analyzing Cobalt Strike for Fun and Profit. Retrieved October 12, 2021.
Internal MISP references
UUID f2cb06bc-66d5-4c60-a2a4-74e5a0c23bee
which can be used as unique global reference for Analyzing CS Dec 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-12T00:00:00Z |
date_published | 2020-12-20T00:00:00Z |
source | MITRE |
title | Analyzing Cobalt Strike for Fun and Profit |
Objective_See 1 4 2024
Objective_See. (2024, January 4). Analyzing DPRK's SpectralBlur. Retrieved March 8, 2024.
Internal MISP references
UUID c96535be-4859-4ae3-9ba0-d482f1195863
which can be used as unique global reference for Objective_See 1 4 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-08T00:00:00Z |
date_published | 2024-01-04T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Analyzing DPRK's SpectralBlur |
Microsoft Security Blog 4 22 2024
Microsoft Threat Intelligence. (2024, April 22). Analyzing Forest Blizzard's custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials . Retrieved April 22, 2024.
Internal MISP references
UUID 050ff793-d81d-499f-a136-905e76bce321
which can be used as unique global reference for Microsoft Security Blog 4 22 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-22T00:00:00Z |
date_published | 2024-04-22T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Analyzing Forest Blizzard's custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials |
Uperesia Malicious Office Documents
Felix. (2016, September). Analyzing Malicious Office Documents. Retrieved April 11, 2018.
Internal MISP references
UUID f6ffb916-ac14-44d1-8566-26bafa06e77b
which can be used as unique global reference for Uperesia Malicious Office Documents
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-11T00:00:00Z |
date_published | 2016-09-01T00:00:00Z |
source | MITRE |
title | Analyzing Malicious Office Documents |
Unit42 OilRig Nov 2018
Falcone, R., Wilhoit, K.. (2018, November 16). Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery. Retrieved April 23, 2019.
Internal MISP references
UUID 9bc09d8a-d890-473b-a8cf-ea319fcc3462
which can be used as unique global reference for Unit42 OilRig Nov 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-23T00:00:00Z |
date_published | 2018-11-16T00:00:00Z |
source | MITRE |
title | Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery |
McAfee GhostSecret
Sherstobitoff, R., Malhotra, A. (2018, April 24). Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide. Retrieved May 16, 2018.
Internal MISP references
UUID d1cd4f5b-253c-4833-8905-49fb58e7c016
which can be used as unique global reference for McAfee GhostSecret
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-16T00:00:00Z |
date_published | 2018-04-24T00:00:00Z |
source | MITRE |
title | Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide |
Microsoft Analyzing Solorigate Dec 2020
MSTIC. (2020, December 18). Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers . Retrieved January 5, 2021.
Internal MISP references
UUID 8ad72d46-ba2c-426f-bb0d-eb47723c8e11
which can be used as unique global reference for Microsoft Analyzing Solorigate Dec 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-05T00:00:00Z |
date_published | 2020-12-18T00:00:00Z |
source | MITRE |
title | Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers |
Lastline PlugX Analysis
Vasilenko, R. (2013, December 17). An Analysis of PlugX Malware. Retrieved November 24, 2015.
Internal MISP references
UUID 9f7fa262-cede-4f47-94ca-1534c65c86e2
which can be used as unique global reference for Lastline PlugX Analysis
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-11-24T00:00:00Z |
date_published | 2013-12-17T00:00:00Z |
source | MITRE |
title | An Analysis of PlugX Malware |
TrendMicro Sandworm October 2014
Wu, W. (2014, October 14). An Analysis of Windows Zero-day Vulnerability ‘CVE-2014-4114’ aka “Sandworm”. Retrieved June 18, 2020.
Internal MISP references
UUID 84f289ce-c7b9-4f67-b6cc-bd058e5e6bcb
which can be used as unique global reference for TrendMicro Sandworm October 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-18T00:00:00Z |
date_published | 2014-10-14T00:00:00Z |
source | MITRE |
title | An Analysis of Windows Zero-day Vulnerability ‘CVE-2014-4114’ aka “Sandworm” |
Dragos Crashoverride 2018
Joe Slowik. (2018, October 12). Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE. Retrieved December 18, 2020.
Internal MISP references
UUID d14442d5-2557-4a92-9a29-b15a20752f56
which can be used as unique global reference for Dragos Crashoverride 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-18T00:00:00Z |
date_published | 2018-10-12T00:00:00Z |
source | MITRE |
title | Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE |
Anatomy of an hVNC Attack
Keshet, Lior. Kessem, Limor. (2017, January 25). Anatomy of an hVNC Attack. Retrieved November 28, 2023.
Internal MISP references
UUID 293c5d41-cd23-5da5-9d2b-754b626bc22a
which can be used as unique global reference for Anatomy of an hVNC Attack
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-28T00:00:00Z |
date_published | 2017-01-25T00:00:00Z |
source | MITRE |
title | Anatomy of an hVNC Attack |
Syscall 2014
Drysdale, D. (2014, July 16). Anatomy of a system call, part 2. Retrieved June 16, 2020.
Internal MISP references
UUID 4e8fe849-ab1a-4c51-b5eb-16fcd10e8bd0
which can be used as unique global reference for Syscall 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-16T00:00:00Z |
date_published | 2014-07-16T00:00:00Z |
source | MITRE |
title | Anatomy of a system call, part 2 |
SCADAfence_ransomware
Shaked, O. (2020, January 20). Anatomy of a Targeted Ransomware Attack. Retrieved June 18, 2022.
Internal MISP references
UUID 24c80db5-37a7-46ee-b232-f3c3ffb10f0a
which can be used as unique global reference for SCADAfence_ransomware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-18T00:00:00Z |
date_published | 2020-01-20T00:00:00Z |
source | MITRE |
title | Anatomy of a Targeted Ransomware Attack |
ESET IIS Malware 2021
Hromcová, Z., Cherepanov, A. (2021). Anatomy of Native IIS Malware. Retrieved September 9, 2021.
Internal MISP references
UUID d9c6e55b-39b7-4097-8ab2-8b87421ce2f4
which can be used as unique global reference for ESET IIS Malware 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-09T00:00:00Z |
date_published | 2021-01-01T00:00:00Z |
source | MITRE |
title | Anatomy of Native IIS Malware |
Medium Anchor DNS July 2020
Grange, W. (2020, July 13). Anchor_dns malware goes cross platform. Retrieved September 10, 2020.
Internal MISP references
UUID de246d53-385f-44be-bf0f-25a76442b835
which can be used as unique global reference for Medium Anchor DNS July 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-10T00:00:00Z |
date_published | 2020-07-13T00:00:00Z |
source | MITRE |
title | Anchor_dns malware goes cross platform |
NSA Joint Advisory SVR SolarWinds April 2021
NSA, FBI, DHS. (2021, April 15). Russian SVR Targets U.S. and Allied Networks. Retrieved April 16, 2021.
Internal MISP references
UUID 43d9c469-1d54-454b-ba67-74e7f1de9c10
which can be used as unique global reference for NSA Joint Advisory SVR SolarWinds April 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-16T00:00:00Z |
source | MITRE |
title | and Allied Networks |
Kaspersky Andariel Ransomware June 2021
Park, S. (2021, June 15). Andariel evolves to target South Korea with ransomware. Retrieved September 29, 2021.
Internal MISP references
UUID f4efbcb5-494c-40e0-8734-5df1b92ec39c
which can be used as unique global reference for Kaspersky Andariel Ransomware June 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
date_published | 2021-06-15T00:00:00Z |
source | MITRE |
title | Andariel evolves to target South Korea with ransomware |
Sophos X-Ops C-23
Pankaj Kohli. (2021, November 23). Android APT spyware, targeting Middle East victims, enhances evasiveness. Retrieved October 30, 2023.
Internal MISP references
UUID 305c201b-ccc6-4e28-a1cb-97ca697bb214
which can be used as unique global reference for Sophos X-Ops C-23
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-30T00:00:00Z |
date_published | 2021-11-23T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Android APT spyware, targeting Middle East victims, enhances evasiveness |
RFC826 ARP
Plummer, D. (1982, November). An Ethernet Address Resolution Protocol. Retrieved October 15, 2020.
Internal MISP references
UUID 8eef2b68-f932-4cba-8646-bff9a7848532
which can be used as unique global reference for RFC826 ARP
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-15T00:00:00Z |
date_published | 1982-11-01T00:00:00Z |
source | MITRE |
title | An Ethernet Address Resolution Protocol |
HP SVCReady Jun 2022
Schlapfer, Patrick. (2022, June 6). A New Loader Gets Ready. Retrieved December 13, 2022.
Internal MISP references
UUID 48d5ec83-f1b9-595c-bb9a-d6d5cc513a41
which can be used as unique global reference for HP SVCReady Jun 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-12-13T00:00:00Z |
date_published | 2022-06-06T00:00:00Z |
source | MITRE |
title | A New Loader Gets Ready |
SecureList Fileless
Legezo, D. (2022, May 4). A new secret stash for “fileless” malware. Retrieved March 23, 2023.
Internal MISP references
UUID 03eb080d-0b83-5cbb-9317-c50b35996c9b
which can be used as unique global reference for SecureList Fileless
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-23T00:00:00Z |
date_published | 2022-05-04T00:00:00Z |
source | MITRE |
title | A new secret stash for “fileless” malware |
ESET Ebury Feb 2014
M.Léveillé, M.. (2014, February 21). An In-depth Analysis of Linux/Ebury. Retrieved April 19, 2019.
Internal MISP references
UUID eb6d4f77-ac63-4cb8-8487-20f9e709334b
which can be used as unique global reference for ESET Ebury Feb 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-19T00:00:00Z |
date_published | 2014-02-21T00:00:00Z |
source | MITRE |
title | An In-depth Analysis of Linux/Ebury |
Welivesecurity Ebury SSH
M.Léveillé, M. (2014, February 21). An In-depth Analysis of Linux/Ebury. Retrieved January 8, 2018.
Internal MISP references
UUID 39384c7a-3032-4b45-a5eb-8ebe7de22aa2
which can be used as unique global reference for Welivesecurity Ebury SSH
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-08T00:00:00Z |
date_published | 2014-02-21T00:00:00Z |
source | MITRE |
title | An In-depth Analysis of Linux/Ebury |
Avertium Black Basta June 2022
Avertium. (2022, June 1). AN IN-DEPTH LOOK AT BLACK BASTA RANSOMWARE. Retrieved March 7, 2023.
Internal MISP references
UUID 31c2ef62-2852-5418-9d52-2479a3a619d0
which can be used as unique global reference for Avertium Black Basta June 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-07T00:00:00Z |
date_published | 2022-06-01T00:00:00Z |
source | MITRE |
title | AN IN-DEPTH LOOK AT BLACK BASTA RANSOMWARE |
Myers 2007
Myers, M., and Youndt, S. (2007). An Introduction to Hardware-Assisted Virtual Machine (HVM) Rootkits. Retrieved November 13, 2014.
Internal MISP references
UUID 689dfe75-9c06-4438-86fa-5fbbb09f0fe7
which can be used as unique global reference for Myers 2007
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-13T00:00:00Z |
date_published | 2007-01-01T00:00:00Z |
source | MITRE |
title | An Introduction to Hardware-Assisted Virtual Machine (HVM) Rootkits |
Linux Services Run Levels
The Linux Foundation. (2006, January 11). An introduction to services, runlevels, and rc.d scripts. Retrieved September 28, 2021.
Internal MISP references
UUID 091aa85d-7d30-4800-9b2d-97f96d257798
which can be used as unique global reference for Linux Services Run Levels
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-28T00:00:00Z |
date_published | 2006-01-11T00:00:00Z |
source | MITRE |
title | An introduction to services, runlevels, and rc.d scripts |
Anomali Pirate Panda April 2020
Moore, S. et al. (2020, April 30). Anomali Suspects that China-Backed APT Pirate Panda May Be Seeking Access to Vietnam Government Data Center. Retrieved May 19, 2020.
Internal MISP references
UUID f1d28b91-a529-439d-9548-c597baa245d4
which can be used as unique global reference for Anomali Pirate Panda April 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-19T00:00:00Z |
date_published | 2020-04-30T00:00:00Z |
source | MITRE |
title | Anomali Suspects that China-Backed APT Pirate Panda May Be Seeking Access to Vietnam Government Data Center |
AnonGhost Team Profile
ADL. (2015, July 6). AnonGhost Team. Retrieved October 10, 2023.
Internal MISP references
UUID f868f5fa-df66-435f-8b32-d58e4785e46c
which can be used as unique global reference for AnonGhost Team Profile
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-10T00:00:00Z |
date_published | 2015-07-06T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | AnonGhost Team |
AnonHBGary
Bright, P. (2011, February 15). Anonymous speaks: the inside story of the HBGary hack. Retrieved March 9, 2017.
Internal MISP references
UUID 19ab02ea-883f-441c-bebf-4be64855374a
which can be used as unique global reference for AnonHBGary
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-09T00:00:00Z |
date_published | 2011-02-15T00:00:00Z |
source | MITRE |
title | Anonymous speaks: the inside story of the HBGary hack |
Fortinet Metamorfo Feb 2020
Zhang, X. (2020, February 4). Another Metamorfo Variant Targeting Customers of Financial Institutions in More Countries. Retrieved July 30, 2020.
Internal MISP references
UUID e89e3825-85df-45cf-b309-e449afed0288
which can be used as unique global reference for Fortinet Metamorfo Feb 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-30T00:00:00Z |
date_published | 2020-02-04T00:00:00Z |
source | MITRE |
title | Another Metamorfo Variant Targeting Customers of Financial Institutions in More Countries |
MuddyWater TrendMicro June 2018
Villanueva, M., Co, M. (2018, June 14). Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor. Retrieved July 3, 2018.
Internal MISP references
UUID b2c415e4-edbe-47fe-9820-b968114f81f0
which can be used as unique global reference for MuddyWater TrendMicro June 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-03T00:00:00Z |
date_published | 2018-06-14T00:00:00Z |
source | MITRE |
title | Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor |
AlienVault Sykipot 2011
Blasco, J. (2011, December 12). Another Sykipot sample likely targeting US federal agencies. Retrieved March 28, 2016.
Internal MISP references
UUID 800363c1-60df-47e7-8ded-c0f4b6e758f4
which can be used as unique global reference for AlienVault Sykipot 2011
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-28T00:00:00Z |
date_published | 2011-12-12T00:00:00Z |
source | MITRE |
title | Another Sykipot sample likely targeting US federal agencies |
RiskIQ Newegg September 2018
Klijnsma, Y. (2018, September 19). Another Victim of the Magecart Assault Emerges: Newegg. Retrieved September 9, 2020.
Internal MISP references
UUID 095a705f-810b-4c4f-90ce-016117a5b4b6
which can be used as unique global reference for RiskIQ Newegg September 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-09T00:00:00Z |
date_published | 2018-09-19T00:00:00Z |
source | MITRE |
title | Another Victim of the Magecart Assault Emerges: Newegg |
Dell WMI Persistence
Dell SecureWorks Counter Threat Unit™ (CTU) Research Team. (2016, March 28). A Novel WMI Persistence Implementation. Retrieved March 30, 2016.
Internal MISP references
UUID a88dd548-ac8f-4297-9e23-de2643294846
which can be used as unique global reference for Dell WMI Persistence
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-30T00:00:00Z |
date_published | 2016-03-28T00:00:00Z |
source | MITRE |
title | A Novel WMI Persistence Implementation |
iDefense Rootkit Overview
Chuvakin, A. (2003, February). An Overview of Rootkits. Retrieved April 6, 2018.
Internal MISP references
UUID c1aef861-9e31-42e6-a2eb-5151b056762b
which can be used as unique global reference for iDefense Rootkit Overview
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-06T00:00:00Z |
date_published | 2003-02-01T00:00:00Z |
source | MITRE |
title | An Overview of Rootkits |
Trend Micro Rhysida August 09 2023
Trend Micro Research. (2023, August 9). An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector. Retrieved August 11, 2023.
Internal MISP references
UUID 71704a3a-cf48-4764-af4e-8d2096bf5012
which can be used as unique global reference for Trend Micro Rhysida August 09 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-11T00:00:00Z |
date_published | 2023-08-09T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector |
Mandiant Ukraine Cyber Threats January 2022
Hultquist, J. (2022, January 20). Anticipating Cyber Threats as the Ukraine Crisis Escalates. Retrieved January 24, 2022.
Internal MISP references
UUID 6f53117f-2e94-4981-be61-c3da4b783ce2
which can be used as unique global reference for Mandiant Ukraine Cyber Threats January 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-24T00:00:00Z |
date_published | 2022-01-20T00:00:00Z |
source | MITRE |
title | Anticipating Cyber Threats as the Ukraine Crisis Escalates |
Microsoft AMSI
Microsoft. (2019, April 19). Antimalware Scan Interface (AMSI). Retrieved September 28, 2021.
Internal MISP references
UUID 32a4b7b5-8560-4600-aba9-15a6342b4dc3
which can be used as unique global reference for Microsoft AMSI
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-28T00:00:00Z |
date_published | 2019-04-19T00:00:00Z |
source | MITRE |
title | Antimalware Scan Interface (AMSI) |
Microsoft Anti Spoofing
Microsoft. (2020, October 13). Anti-spoofing protection in EOP. Retrieved October 19, 2020.
Internal MISP references
UUID b3ac28ac-3f98-40fd-b1da-2461a9e3ffca
which can be used as unique global reference for Microsoft Anti Spoofing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
date_published | 2020-10-13T00:00:00Z |
source | MITRE |
title | Anti-spoofing protection in EOP |
Fox-It Anunak Feb 2015
Prins, R. (2015, February 16). Anunak (aka Carbanak) Update. Retrieved January 20, 2017.
Internal MISP references
UUID d74a8d0b-887a-40b9-bd43-366764157990
which can be used as unique global reference for Fox-It Anunak Feb 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-01-20T00:00:00Z |
date_published | 2015-02-16T00:00:00Z |
source | MITRE |
title | Anunak (aka Carbanak) Update |
Group-IB Anunak
Group-IB and Fox-IT. (2014, December). Anunak: APT against financial institutions. Retrieved April 20, 2016.
Internal MISP references
UUID fd254ecc-a076-4b9f-97f2-acb73c6a1695
which can be used as unique global reference for Group-IB Anunak
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-20T00:00:00Z |
date_published | 2014-12-01T00:00:00Z |
source | MITRE |
title | Anunak: APT against financial institutions |
Google TAG Ukraine Threat Landscape March 2022
Huntley, S. (2022, March 7). An update on the threat landscape. Retrieved March 16, 2022.
Internal MISP references
UUID a6070f95-fbee-472e-a737-a8adbedbb4f8
which can be used as unique global reference for Google TAG Ukraine Threat Landscape March 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-16T00:00:00Z |
date_published | 2022-03-07T00:00:00Z |
source | MITRE |
title | An update on the threat landscape |
Zairon Hooking Dec 2006
Felici, M. (2006, December 6). Any application-defined hook procedure on my machine?. Retrieved December 12, 2017.
Internal MISP references
UUID e816127a-04e4-4145-a784-50b1215612f2
which can be used as unique global reference for Zairon Hooking Dec 2006
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-12T00:00:00Z |
date_published | 2006-12-06T00:00:00Z |
source | MITRE |
title | Any application-defined hook procedure on my machine? |
SentinelOne Aoqin Dragon June 2022
Chen, Joey. (2022, June 9). Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years. Retrieved July 14, 2022.
Internal MISP references
UUID b4e792e0-b1fa-4639-98b1-233aaec53594
which can be used as unique global reference for SentinelOne Aoqin Dragon June 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-14T00:00:00Z |
date_published | 2022-06-09T00:00:00Z |
source | MITRE |
title | Aoqin Dragon |
Apache Server 2018
Apache. (n.d.). Apache HTTP Server Version 2.4 Documentation - Web Site Content. Retrieved July 27, 2018.
Internal MISP references
UUID 46f62435-bfb3-44b6-8c79-54af584cc35f
which can be used as unique global reference for Apache Server 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-27T00:00:00Z |
source | MITRE |
title | Apache HTTP Server Version 2.4 Documentation - Web Site Content |
Secureworks BRONZEUNION Feb 2019
Counter Threat Unit Research Team. (2019, February 27). A Peek into BRONZE UNION’s Toolbox. Retrieved September 24, 2019.
Internal MISP references
UUID 691df278-fd7d-4b73-a22c-227bc7641dec
which can be used as unique global reference for Secureworks BRONZEUNION Feb 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-24T00:00:00Z |
date_published | 2019-02-27T00:00:00Z |
source | MITRE |
title | A Peek into BRONZE UNION’s Toolbox |
AppArmor official
AppArmor. (2017, October 19). AppArmor Security Project Wiki. Retrieved December 20, 2017.
Internal MISP references
UUID 12df02e3-bbdd-4682-9662-1810402ad918
which can be used as unique global reference for AppArmor official
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 2017-10-19T00:00:00Z |
source | MITRE |
title | AppArmor Security Project Wiki |
PenTestLabs AppDomainManagerInject
Administrator. (2020, May 26). APPDOMAINMANAGER INJECTION AND DETECTION. Retrieved March 28, 2024.
Internal MISP references
UUID f681fd40-5bfc-50c6-a654-f9a128af5ff1
which can be used as unique global reference for PenTestLabs AppDomainManagerInject
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-28T00:00:00Z |
date_published | 2020-05-26T00:00:00Z |
source | MITRE |
title | APPDOMAINMANAGER INJECTION AND DETECTION |
Rapid7 AppDomain Manager Injection
Spagnola, N. (2023, May 5). AppDomain Manager Injection: New Techniques For Red Teams. Retrieved March 29, 2024.
Internal MISP references
UUID 881f8d23-908f-58cf-904d-5ef7b959eb39
which can be used as unique global reference for Rapid7 AppDomain Manager Injection
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-29T00:00:00Z |
date_published | 2023-05-05T00:00:00Z |
source | MITRE |
title | AppDomain Manager Injection: New Techniques For Red Teams |
Mandiant APT1 Appendix
Mandiant. (n.d.). Appendix C (Digital) - The Malware Arsenal. Retrieved July 18, 2016.
Internal MISP references
UUID 1f31c09c-6a93-4142-8333-154138c1d70a
which can be used as unique global reference for Mandiant APT1 Appendix
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-07-18T00:00:00Z |
source | MITRE |
title | Appendix C (Digital) - The Malware Arsenal |
AppInit Secure Boot
Microsoft. (n.d.). AppInit DLLs and Secure Boot. Retrieved July 15, 2015.
Internal MISP references
UUID 2b951be3-5105-4665-972f-7809c057fd3f
which can be used as unique global reference for AppInit Secure Boot
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-07-15T00:00:00Z |
source | MITRE |
title | AppInit DLLs and Secure Boot |
AppInstaller.exe - LOLBAS Project
LOLBAS. (2020, December 2). AppInstaller.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 9a777e7c-e76c-465c-8b45-67503e715f7e
which can be used as unique global reference for AppInstaller.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-12-02T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | AppInstaller.exe |
objectivesee osx.shlayer apple approved 2020
Patrick Wardle. (2020, August 30). Apple Approved Malware malicious code ...now notarized!? #2020. Retrieved September 13, 2021.
Internal MISP references
UUID a2127d3d-c320-4637-a85c-16e20c2654f6
which can be used as unique global reference for objectivesee osx.shlayer apple approved 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-13T00:00:00Z |
date_published | 2020-08-30T00:00:00Z |
source | MITRE |
title | Apple Approved Malware malicious code ...now notarized!? #2020 |
AppleDocs AuthorizationExecuteWithPrivileges
Apple. (n.d.). Apple Developer Documentation - AuthorizationExecuteWithPrivileges. Retrieved August 8, 2019.
Internal MISP references
UUID 7b8875e8-5b93-4d49-a12b-2683bab2ba6e
which can be used as unique global reference for AppleDocs AuthorizationExecuteWithPrivileges
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-08-08T00:00:00Z |
source | MITRE |
title | Apple Developer Documentation - AuthorizationExecuteWithPrivileges |
AppleDocs Scheduling Timed Jobs
Apple. (n.d.). Retrieved July 17, 2017.
Internal MISP references
UUID 66dd8a7d-521f-4610-b478-52d748185ad3
which can be used as unique global reference for AppleDocs Scheduling Timed Jobs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-17T00:00:00Z |
source | MITRE |
title | AppleDocs Scheduling Timed Jobs |
CISA AppleJeus Feb 2021
Cybersecurity and Infrastructure Security Agency. (2021, February 21). AppleJeus: Analysis of North Korea’s Cryptocurrency Malware. Retrieved March 1, 2021.
Internal MISP references
UUID 6873e14d-eba4-4e3c-9ccf-cec1d760f0be
which can be used as unique global reference for CISA AppleJeus Feb 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-01T00:00:00Z |
date_published | 2021-02-21T00:00:00Z |
source | MITRE |
title | AppleJeus: Analysis of North Korea’s Cryptocurrency Malware |
Apple Remote Desktop Admin Guide 3.3
Apple. (n.d.). Apple Remote Desktop Administrator Guide Version 3.3. Retrieved October 5, 2021.
Internal MISP references
UUID c57c2bba-a398-4e68-b2a7-fddcf0740b61
which can be used as unique global reference for Apple Remote Desktop Admin Guide 3.3
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-05T00:00:00Z |
source | MITRE |
title | Apple Remote Desktop Administrator Guide Version 3.3 |
applescript signing
Steven Sande. (2013, December 23). AppleScript and Automator gain new features in OS X Mavericks. Retrieved September 21, 2018.
Internal MISP references
UUID dd76c7ab-c3df-4f34-aaf0-684b56499065
which can be used as unique global reference for applescript signing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-21T00:00:00Z |
date_published | 2013-12-23T00:00:00Z |
source | MITRE |
title | AppleScript and Automator gain new features in OS X Mavericks |
Microsoft Entra ID Service Principals
Microsoft. (2023, December 15). Application and service principal objects in Microsoft Entra ID. Retrieved February 28, 2024.
Internal MISP references
UUID 2a20c574-3e69-5da6-887e-68e34cee7562
which can be used as unique global reference for Microsoft Entra ID Service Principals
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-28T00:00:00Z |
date_published | 2023-12-15T00:00:00Z |
source | MITRE |
title | Application and service principal objects in Microsoft Entra ID |
Microsoft App Domains
Microsoft. (2021, September 15). Application domains. Retrieved March 28, 2024.
Internal MISP references
UUID 268e7ade-c0a8-5859-8b16-6fa8aa3b0cb7
which can be used as unique global reference for Microsoft App Domains
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-28T00:00:00Z |
date_published | 2021-09-15T00:00:00Z |
source | MITRE |
title | Application domains |
Corio 2008
Corio, C., & Sayana, D. P. (2008, June). Application Lockdown with Software Restriction Policies. Retrieved November 18, 2014.
Internal MISP references
UUID cae409ca-1c77-45df-88cd-c0998ac724ec
which can be used as unique global reference for Corio 2008
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-18T00:00:00Z |
date_published | 2008-06-01T00:00:00Z |
source | MITRE |
title | Application Lockdown with Software Restriction Policies |
Microsoft Application Lockdown
Corio, C., & Sayana, D. P.. (2008, June). Application Lockdown with Software Restriction Policies. Retrieved November 18, 2014.
Internal MISP references
UUID 5dab4466-0871-486a-84ad-0e648b2e937d
which can be used as unique global reference for Microsoft Application Lockdown
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-18T00:00:00Z |
date_published | 2008-06-01T00:00:00Z |
source | MITRE |
title | Application Lockdown with Software Restriction Policies |
SANS Application Whitelisting
Beechey, J.. (2014, November 18). Application Whitelisting: Panacea or Propaganda?. Retrieved November 18, 2014.
Internal MISP references
UUID a333f45f-1760-443a-9208-f3682ea32f67
which can be used as unique global reference for SANS Application Whitelisting
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-18T00:00:00Z |
date_published | 2014-11-18T00:00:00Z |
source | MITRE |
title | Application Whitelisting: Panacea or Propaganda? |
Beechey 2010
Beechey, J. (2010, December). Application Whitelisting: Panacea or Propaganda?. Retrieved November 18, 2014.
Internal MISP references
UUID 4994e065-c6e4-4b41-8ae3-d72023135429
which can be used as unique global reference for Beechey 2010
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-18T00:00:00Z |
date_published | 2010-12-01T00:00:00Z |
source | MITRE |
title | Application Whitelisting: Panacea or Propaganda? |
NSA MS AppLocker
NSA Information Assurance Directorate. (2014, August). Application Whitelisting Using Microsoft AppLocker. Retrieved March 31, 2016.
Internal MISP references
UUID 0db5c3ea-5392-4fd3-9f1d-9fa69aba4259
which can be used as unique global reference for NSA MS AppLocker
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-31T00:00:00Z |
date_published | 2014-08-01T00:00:00Z |
source | MITRE |
title | Application Whitelisting Using Microsoft AppLocker |
Penetration Testing Lab MSXSL July 2017
netbiosX. (2017, July 6). AppLocker Bypass – MSXSL. Retrieved July 3, 2018.
Internal MISP references
UUID 2f1adf20-a4b8-48c1-861f-0a44271765d7
which can be used as unique global reference for Penetration Testing Lab MSXSL July 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-03T00:00:00Z |
date_published | 2017-07-06T00:00:00Z |
source | MITRE |
title | AppLocker Bypass – MSXSL |
Microsoft Requests for Azure AD Roles in Privileged Identity Management
Microsoft. (2023, January 30). Approve or deny requests for Azure AD roles in Privileged Identity Management. Retrieved February 21, 2023.
Internal MISP references
UUID 1495effe-16a6-5b4e-9b50-1d1f7db48fa7
which can be used as unique global reference for Microsoft Requests for Azure AD Roles in Privileged Identity Management
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-21T00:00:00Z |
date_published | 2023-01-30T00:00:00Z |
source | MITRE |
title | Approve or deny requests for Azure AD roles in Privileged Identity Management |
Apple App Security Overview
Apple Inc. (2021, February 18). App security overview. Retrieved October 12, 2021.
Internal MISP references
UUID 3b1e9a5d-7940-43b5-bc11-3112c0762740
which can be used as unique global reference for Apple App Security Overview
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-12T00:00:00Z |
date_published | 2021-02-18T00:00:00Z |
source | MITRE |
title | App security overview |
Tripwire AppUNBlocker
Smith, T. (2016, October 27). AppUNBlocker: Bypassing AppLocker. Retrieved December 19, 2017.
Internal MISP references
UUID 2afb9a5f-c023-49df-90d1-e0ffb6d192f3
which can be used as unique global reference for Tripwire AppUNBlocker
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-19T00:00:00Z |
date_published | 2016-10-27T00:00:00Z |
source | MITRE |
title | AppUNBlocker: Bypassing AppLocker |
Appvlp.exe - LOLBAS Project
LOLBAS. (2018, May 25). Appvlp.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b0afe3e8-9f1d-4295-8811-8dfbe993c337
which can be used as unique global reference for Appvlp.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Appvlp.exe |
BlackHat Atkinson Winchester Token Manipulation
Atkinson, J., Winchester, R. (2017, December 7). A Process is No One: Hunting for Token Manipulation. Retrieved December 21, 2017.
Internal MISP references
UUID 2eaee06d-529d-4fe0-9ca3-c62419f47a90
which can be used as unique global reference for BlackHat Atkinson Winchester Token Manipulation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-21T00:00:00Z |
date_published | 2017-12-07T00:00:00Z |
source | MITRE |
title | A Process is No One: Hunting for Token Manipulation |
FireEye APT10 April 2017
FireEye iSIGHT Intelligence. (2017, April 6). APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat. Retrieved June 29, 2017.
Internal MISP references
UUID 2d494df8-83e3-45d2-b798-4c3bcf55f675
which can be used as unique global reference for FireEye APT10 April 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-06-29T00:00:00Z |
date_published | 2017-04-06T00:00:00Z |
source | MITRE |
title | APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat |
Securelist APT10 March 2021
GREAT. (2021, March 30). APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign. Retrieved June 17, 2021.
Internal MISP references
UUID 90450a1e-59c3-491f-b842-2cf81023fc9e
which can be used as unique global reference for Securelist APT10 March 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-17T00:00:00Z |
date_published | 2021-03-30T00:00:00Z |
source | MITRE |
title | APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign |
FireEye APT10 Sept 2018
Matsuda, A., Muhammad I. (2018, September 13). APT10 Targeting Japanese Corporations Using Updated TTPs. Retrieved September 17, 2018.
Internal MISP references
UUID 5f122a27-2137-4016-a482-d04106187594
which can be used as unique global reference for FireEye APT10 Sept 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-17T00:00:00Z |
date_published | 2018-09-13T00:00:00Z |
source | MITRE |
title | APT10 Targeting Japanese Corporations Using Updated TTPs |
NCC Group APT15 Alive and Strong
Smallridge, R. (2018, March 10). APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS. Retrieved April 4, 2018.
Internal MISP references
UUID 02a50445-de06-40ab-9ea4-da5c37e066cd
which can be used as unique global reference for NCC Group APT15 Alive and Strong
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-04T00:00:00Z |
date_published | 2018-03-10T00:00:00Z |
source | MITRE |
title | APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS |
Mandiant APT1
Mandiant. (n.d.). APT1 Exposing One of China’s Cyber Espionage Units. Retrieved July 18, 2016.
Internal MISP references
UUID 865eba93-cf6a-4e41-bc09-de9b0b3c2669
which can be used as unique global reference for Mandiant APT1
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-07-18T00:00:00Z |
source | MITRE, Tidal Cyber |
title | APT1 Exposing One of China’s Cyber Espionage Units |
Profero APT27 December 2020
Global Threat Center, Intelligence Team. (2020, December). APT27 Turns to Ransomware. Retrieved November 12, 2021.
Internal MISP references
UUID 0290ea31-f817-471e-85ae-c3855c63f5c3
which can be used as unique global reference for Profero APT27 December 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-11-12T00:00:00Z |
date_published | 2020-12-01T00:00:00Z |
source | MITRE |
title | APT27 Turns to Ransomware |
FireEye APT28 January 2017
FireEye iSIGHT Intelligence. (2017, January 11). APT28: At the Center of the Storm. Retrieved January 11, 2017.
Internal MISP references
UUID 61d80b8f-5bdb-41e6-b59a-d2d996392873
which can be used as unique global reference for FireEye APT28 January 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-01-11T00:00:00Z |
date_published | 2017-01-11T00:00:00Z |
source | MITRE, Tidal Cyber |
title | APT28: At the Center of the Storm |
FireEye APT28
FireEye. (2015). APT28: A WINDOW INTO RUSSIA’S CYBER ESPIONAGE OPERATIONS?. Retrieved August 19, 2015.
Internal MISP references
UUID c423b2b2-25a3-4a8d-b89a-83ab07c0cd20
which can be used as unique global reference for FireEye APT28
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-08-19T00:00:00Z |
date_published | 2015-01-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | APT28: A WINDOW INTO RUSSIA’S CYBER ESPIONAGE OPERATIONS? |
U.S. CISA APT28 Cisco Routers April 18 2023
Cybersecurity and Infrastructure Security Agency. (2023, April 18). APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers. Retrieved August 23, 2023.
Internal MISP references
UUID c532a6fc-b27f-4240-a071-3eaa866bce89
which can be used as unique global reference for U.S. CISA APT28 Cisco Routers April 18 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-23T00:00:00Z |
date_published | 2023-04-18T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers |
Symantec APT28 Oct 2018
Symantec Security Response. (2018, October 04). APT28: New Espionage Operations Target Military and Government Organizations. Retrieved November 14, 2018.
Internal MISP references
UUID 777bc94a-6c21-4f8c-9efa-a1cf52ececc0
which can be used as unique global reference for Symantec APT28 Oct 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-14T00:00:00Z |
date_published | 2018-10-04T00:00:00Z |
source | MITRE |
title | APT28: New Espionage Operations Target Military and Government Organizations |
FireEye APT28 Hospitality Aug 2017
Smith, L. and Read, B.. (2017, August 11). APT28 Targets Hospitality Sector, Presents Threat to Travelers. Retrieved August 17, 2017.
Internal MISP references
UUID 7887dc90-3f05-411a-81ea-b86aa392104b
which can be used as unique global reference for FireEye APT28 Hospitality Aug 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-08-17T00:00:00Z |
date_published | 2017-08-11T00:00:00Z |
source | MITRE |
title | APT28 Targets Hospitality Sector, Presents Threat to Travelers |
Bitdefender APT28 Dec 2015
Bitdefender. (2015, December). APT28 Under the Scope. Retrieved February 23, 2017.
Internal MISP references
UUID 3dd67aae-7feb-4b07-a985-ccadc1b16f1d
which can be used as unique global reference for Bitdefender APT28 Dec 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-02-23T00:00:00Z |
date_published | 2015-12-01T00:00:00Z |
source | MITRE |
title | APT28 Under the Scope |
FireEye APT29 Domain Fronting
Dunwoody, M. (2017, March 27). APT29 Domain Fronting With TOR. Retrieved March 27, 2017.
Internal MISP references
UUID 3e013b07-deaf-4387-acd7-2d0565d196a9
which can be used as unique global reference for FireEye APT29 Domain Fronting
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-27T00:00:00Z |
date_published | 2017-03-27T00:00:00Z |
source | MITRE |
title | APT29 Domain Fronting With TOR |
FireEye APT29 Domain Fronting With TOR March 2017
Matthew Dunwoody. (2017, March 27). APT29 Domain Fronting With TOR. Retrieved November 20, 2017.
Internal MISP references
UUID 1d919991-bc87-41bf-9e58-edf1b3806bb8
which can be used as unique global reference for FireEye APT29 Domain Fronting With TOR March 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-20T00:00:00Z |
date_published | 2017-03-27T00:00:00Z |
source | MITRE |
title | APT29 Domain Fronting With TOR |
FireEye APT30
FireEye Labs. (2015, April). APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION. Retrieved May 1, 2015.
Internal MISP references
UUID c48d2084-61cf-4e86-8072-01e5d2de8416
which can be used as unique global reference for FireEye APT30
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-05-01T00:00:00Z |
date_published | 2015-04-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION |
Zscaler APT31 Covid-19 October 2020
Singh, S. and Antil, S. (2020, October 27). APT-31 Leverages COVID-19 Vaccine Theme and Abuses Legitimate Online Services. Retrieved March 24, 2021.
Internal MISP references
UUID 1647c9a6-e475-4a9a-a202-0133dbeef9a0
which can be used as unique global reference for Zscaler APT31 Covid-19 October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-24T00:00:00Z |
date_published | 2020-10-27T00:00:00Z |
source | MITRE |
title | APT-31 Leverages COVID-19 Vaccine Theme and Abuses Legitimate Online Services |
sentinelone apt32 macOS backdoor 2020
Phil Stokes. (2020, December 2). APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique. Retrieved September 13, 2021.
Internal MISP references
UUID d31dcbe6-06ec-475e-b121-fd25a93c3ef7
which can be used as unique global reference for sentinelone apt32 macOS backdoor 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-13T00:00:00Z |
date_published | 2020-12-02T00:00:00Z |
source | MITRE |
title | APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique |
FireEye APT33 Webinar Sept 2017
Davis, S. and Carr, N. (2017, September 21). APT33: New Insights into Iranian Cyber Espionage Group. Retrieved February 15, 2018.
Internal MISP references
UUID 9b378592-5737-403d-8a07-27077f5b2d61
which can be used as unique global reference for FireEye APT33 Webinar Sept 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-15T00:00:00Z |
date_published | 2017-09-21T00:00:00Z |
source | MITRE |
title | APT33: New Insights into Iranian Cyber Espionage Group |
FireEye APT34 Webinar Dec 2017
Davis, S. and Caban, D. (2017, December 19). APT34 - New Targeted Attack in the Middle East. Retrieved December 20, 2017.
Internal MISP references
UUID 4eef7032-de14-44a2-a403-82aefdc85c50
which can be used as unique global reference for FireEye APT34 Webinar Dec 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 2017-12-19T00:00:00Z |
source | MITRE |
title | APT34 - New Targeted Attack in the Middle East |
DFIR Report APT35 ProxyShell March 2022
DFIR Report. (2022, March 21). APT35 Automates Initial Access Using ProxyShell. Retrieved May 25, 2022.
Internal MISP references
UUID 1837e917-d80b-4632-a1ca-c70d4b712ac7
which can be used as unique global reference for DFIR Report APT35 ProxyShell March 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-25T00:00:00Z |
date_published | 2022-03-21T00:00:00Z |
source | MITRE |
title | APT35 Automates Initial Access Using ProxyShell |
Check Point APT35 CharmPower January 2022
Check Point. (2022, January 11). APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit. Retrieved January 24, 2022.
Internal MISP references
UUID 81dce660-93ea-42a4-902f-0c6021d30f59
which can be used as unique global reference for Check Point APT35 CharmPower January 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-24T00:00:00Z |
date_published | 2022-01-11T00:00:00Z |
source | MITRE |
title | APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit |
FireEye APT37 Feb 2018
FireEye. (2018, February 20). APT37 (Reaper): The Overlooked North Korean Actor. Retrieved March 1, 2018.
Internal MISP references
UUID 4d575c1a-4ff9-49ce-97cd-f9d0637c2271
which can be used as unique global reference for FireEye APT37 Feb 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-01T00:00:00Z |
date_published | 2018-02-20T00:00:00Z |
source | MITRE, Tidal Cyber |
title | APT37 (Reaper): The Overlooked North Korean Actor |
FireEye APT38 Oct 2018
FireEye. (2018, October 03). APT38: Un-usual Suspects. Retrieved November 6, 2018.
Internal MISP references
UUID 7c916329-af56-4723-820c-ef932a6e3409
which can be used as unique global reference for FireEye APT38 Oct 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-06T00:00:00Z |
date_published | 2018-10-03T00:00:00Z |
source | MITRE, Tidal Cyber |
title | APT38: Un-usual Suspects |
FireEye APT39 Jan 2019
Hawley et al. (2019, January 29). APT39: An Iranian Cyber Espionage Group Focused on Personal Information. Retrieved February 19, 2019.
Internal MISP references
UUID ba366cfc-cc04-41a5-903b-a7bb73136bc3
which can be used as unique global reference for FireEye APT39 Jan 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-19T00:00:00Z |
date_published | 2019-01-29T00:00:00Z |
source | MITRE |
title | APT39: An Iranian Cyber Espionage Group Focused on Personal Information |
APT3 Adversary Emulation Plan
Korban, C, et al. (2017, September). APT3 Adversary Emulation Plan. Retrieved January 16, 2018.
Internal MISP references
UUID 64c01921-c33f-402e-b30d-a2ba26583a24
which can be used as unique global reference for APT3 Adversary Emulation Plan
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-16T00:00:00Z |
date_published | 2017-09-01T00:00:00Z |
source | MITRE |
title | APT3 Adversary Emulation Plan |
evolution of pirpi
Yates, M. (2017, June 18). APT3 Uncovered: The code evolution of Pirpi. Retrieved September 28, 2017.
Internal MISP references
UUID 9c8bd493-bf08-431b-9d53-29eb14a6eef5
which can be used as unique global reference for evolution of pirpi
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-09-28T00:00:00Z |
date_published | 2017-06-18T00:00:00Z |
source | MITRE |
title | APT3 Uncovered: The code evolution of Pirpi |
FireEye APT40 March 2019
Plan, F., et al. (2019, March 4). APT40: Examining a China-Nexus Espionage Actor. Retrieved March 18, 2019.
Internal MISP references
UUID 8a44368f-3348-4817-aca7-81bfaca5ae6d
which can be used as unique global reference for FireEye APT40 March 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-18T00:00:00Z |
date_published | 2019-03-04T00:00:00Z |
source | MITRE |
title | APT40: Examining a China-Nexus Espionage Actor |
Rostovcev APT41 2021
Nikita Rostovcev. (2022, August 18). APT41 World Tour 2021 on a tight schedule. Retrieved February 22, 2024.
Internal MISP references
UUID b6e7fb29-7935-5454-8fb2-37585c46324a
which can be used as unique global reference for Rostovcev APT41 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-22T00:00:00Z |
date_published | 2022-08-18T00:00:00Z |
source | MITRE |
title | APT41 World Tour 2021 on a tight schedule |
Mandiant APT42
Mandiant. (n.d.). APT42: Crooked Charms, Cons and Compromise. Retrieved September 16, 2022.
Internal MISP references
UUID 10b3e476-a0c5-41fd-8cb8-5bfb245b118f
which can be used as unique global reference for Mandiant APT42
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-16T00:00:00Z |
source | MITRE |
title | APT42: Crooked Charms, Cons and Compromise |
NSA APT5 Citrix Threat Hunting December 2022
National Security Agency. (2022, December). APT5: Citrix ADC Threat Hunting Guidance. Retrieved February 5, 2024.
Internal MISP references
UUID 916e2137-46e6-53c2-a917-5b5b5c4bae3a
which can be used as unique global reference for NSA APT5 Citrix Threat Hunting December 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-05T00:00:00Z |
date_published | 2022-12-01T00:00:00Z |
source | MITRE |
title | APT5: Citrix ADC Threat Hunting Guidance |
welivesecurity_apt-c-23
Stefanko, L. (2020, September 30). APT‑C‑23 group evolves its Android spyware. Retrieved March 4, 2024.
Internal MISP references
UUID 7196226e-7d0d-5e14-a4e3-9b6322537039
which can be used as unique global reference for welivesecurity_apt-c-23
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-04T00:00:00Z |
date_published | 2020-09-30T00:00:00Z |
source | MITRE |
title | APT‑C‑23 group evolves its Android spyware |
QiAnXin APT-C-36 Feb2019
QiAnXin Threat Intelligence Center. (2019, February 18). APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations. Retrieved May 5, 2020.
Internal MISP references
UUID cae075ea-42cb-4695-ac66-9187241393d1
which can be used as unique global reference for QiAnXin APT-C-36 Feb2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-05T00:00:00Z |
date_published | 2019-02-18T00:00:00Z |
source | MITRE, Tidal Cyber |
title | APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations |
360 Machete Sep 2020
kate. (2020, September 25). APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries — HpReact campaign. Retrieved November 20, 2020.
Internal MISP references
UUID 682c843d-1bb8-4f30-9d2e-35e8d41b1976
which can be used as unique global reference for 360 Machete Sep 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-20T00:00:00Z |
date_published | 2020-09-25T00:00:00Z |
source | MITRE, Tidal Cyber |
title | APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries — HpReact campaign |
Cycraft Chimera April 2020
Cycraft. (2020, April 15). APT Group Chimera - APT Operation Skeleton key Targets Taiwan Semiconductor Vendors. Retrieved August 24, 2020.
Internal MISP references
UUID a5a14a4e-2214-44ab-9067-75429409d744
which can be used as unique global reference for Cycraft Chimera April 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-24T00:00:00Z |
date_published | 2020-04-15T00:00:00Z |
source | MITRE |
title | APT Group Chimera - APT Operation Skeleton key Targets Taiwan Semiconductor Vendors |
CISA IT Service Providers
CISA. (n.d.). APTs Targeting IT Service Provider Customers. Retrieved November 16, 2020.
Internal MISP references
UUID b8bee7f9-155e-4765-9492-01182e4435b7
which can be used as unique global reference for CISA IT Service Providers
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-16T00:00:00Z |
source | MITRE |
title | APTs Targeting IT Service Provider Customers |
Securelist GCMAN
Kaspersky Lab's Global Research & Analysis Team. (2016, February 8). APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks. Retrieved April 20, 2016.
Internal MISP references
UUID 1f07f234-50f0-4c1e-942a-a01d3f733161
which can be used as unique global reference for Securelist GCMAN
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-20T00:00:00Z |
date_published | 2016-02-08T00:00:00Z |
source | MITRE, Tidal Cyber |
title | APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks |
Proofpoint TA459 April 2017
Axel F. (2017, April 27). APT Targets Financial Analysts with CVE-2017-0199. Retrieved February 15, 2018.
Internal MISP references
UUID dabad6df-1e31-4c16-9217-e079f2493b02
which can be used as unique global reference for Proofpoint TA459 April 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-15T00:00:00Z |
date_published | 2017-04-27T00:00:00Z |
source | MITRE, Tidal Cyber |
title | APT Targets Financial Analysts with CVE-2017-0199 |
Kaspersky ToddyCat June 2022
Dedola, G. (2022, June 21). APT ToddyCat. Retrieved January 3, 2024.
Internal MISP references
UUID 285c038b-e5fc-57ef-9a98-d9e24c52e2cf
which can be used as unique global reference for Kaspersky ToddyCat June 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-03T00:00:00Z |
date_published | 2022-06-21T00:00:00Z |
source | MITRE |
title | APT ToddyCat |
Securelist APT Trends April 2018
Global Research and Analysis Team . (2018, April 12). APT Trends report Q1 2018. Retrieved January 27, 2021.
Internal MISP references
UUID 587f5195-e696-4a3c-8c85-90b9c002cd11
which can be used as unique global reference for Securelist APT Trends April 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-27T00:00:00Z |
date_published | 2018-04-12T00:00:00Z |
source | MITRE |
title | APT Trends report Q1 2018 |
Kaspersky APT Trends Q1 2020
Global Research and Analysis Team. (2020, April 30). APT trends report Q1 2020. Retrieved September 19, 2022.
Internal MISP references
UUID 23c91719-5ebe-4d03-8018-df1809fffd2f
which can be used as unique global reference for Kaspersky APT Trends Q1 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-19T00:00:00Z |
date_published | 2020-04-30T00:00:00Z |
source | MITRE |
title | APT trends report Q1 2020 |
Kaspersky APT Trends Q1 April 2021
GReAT . (2021, April 27). APT trends report Q1 2021. Retrieved June 6, 2022.
Internal MISP references
UUID 3fd0ba3b-7919-46d3-a444-50508603956f
which can be used as unique global reference for Kaspersky APT Trends Q1 April 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-06T00:00:00Z |
date_published | 2021-04-27T00:00:00Z |
source | MITRE |
title | APT trends report Q1 2021 |
Securelist APT Trends Q2 2017
Kaspersky Lab's Global Research & Analysis Team. (2017, August 8). APT Trends report Q2 2017. Retrieved February 15, 2018.
Internal MISP references
UUID fe28042c-d289-463f-9ece-1a75a70b966e
which can be used as unique global reference for Securelist APT Trends Q2 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-15T00:00:00Z |
date_published | 2017-08-08T00:00:00Z |
source | MITRE |
title | APT Trends report Q2 2017 |
Wired ArcaneDoor April 24 2024
Andy Greenberg. (2024, April 24). ‘ArcaneDoor’ Cyberspies Hacked Cisco Firewalls to Access Government Networks. Retrieved May 6, 2024.
Internal MISP references
UUID 05a8afd3-0173-41ca-b23b-196ea0f3b1c1
which can be used as unique global reference for Wired ArcaneDoor April 24 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-05-06T00:00:00Z |
date_published | 2024-04-24T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | ‘ArcaneDoor’ Cyberspies Hacked Cisco Firewalls to Access Government Networks |
Cisco Talos ArcaneDoor April 24 2024
Cisco Talos. (2024, April 24). ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices. Retrieved May 6, 2024.
Internal MISP references
UUID 531c3f6f-2d2b-4774-b069-e2b7a13602c1
which can be used as unique global reference for Cisco Talos ArcaneDoor April 24 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-05-06T00:00:00Z |
date_published | 2024-04-24T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices |
Wald0 Guide to GPOs
Robbins, A. (2018, April 2). A Red Teamer’s Guide to GPOs and OUs. Retrieved March 5, 2019.
Internal MISP references
UUID 48bb84ac-56c8-4840-9a11-2cc76213e24e
which can be used as unique global reference for Wald0 Guide to GPOs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-05T00:00:00Z |
date_published | 2018-04-02T00:00:00Z |
source | MITRE |
title | A Red Teamer’s Guide to GPOs and OUs |
Lau 2011
Lau, H. (2011, August 8). Are MBR Infections Back in Fashion? (Infographic). Retrieved November 13, 2014.
Internal MISP references
UUID fa809aab-5051-4f9c-8e27-b5989608b03c
which can be used as unique global reference for Lau 2011
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-13T00:00:00Z |
date_published | 2011-08-08T00:00:00Z |
source | MITRE |
title | Are MBR Infections Back in Fashion? (Infographic) |
Krebs-Booter
Brian Krebs. (2016, October 27). Are the Days of “Booter” Services Numbered?. Retrieved May 15, 2017.
Internal MISP references
UUID d29a88ae-273b-439e-8808-dc9931f1ff72
which can be used as unique global reference for Krebs-Booter
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-05-15T00:00:00Z |
date_published | 2016-10-27T00:00:00Z |
source | MITRE |
title | Are the Days of “Booter” Services Numbered? |
RSA Forfiles Aug 2017
Partington, E. (2017, August 14). Are you looking out for forfiles.exe (if you are watching for cmd.exe). Retrieved January 22, 2018.
Internal MISP references
UUID 923d6d3e-6117-43a5-92c6-ea0c131355c2
which can be used as unique global reference for RSA Forfiles Aug 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-22T00:00:00Z |
date_published | 2017-08-14T00:00:00Z |
source | MITRE |
title | Are you looking out for forfiles.exe (if you are watching for cmd.exe) |
FireEye Respond Webinar July 2017
Scavella, T. and Rifki, A. (2017, July 20). Are you Ready to Respond? (Webinar). Retrieved October 4, 2017.
Internal MISP references
UUID e7091d66-7faa-49d6-b16f-be1f79db4471
which can be used as unique global reference for FireEye Respond Webinar July 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-10-04T00:00:00Z |
date_published | 2017-07-20T00:00:00Z |
source | MITRE |
title | Are you Ready to Respond? (Webinar) |
Browser-updates
Dusty Miller. (2023, October 17). Are You Sure Your Browser is Up to Date? The Current Landscape of Fake Browser Updates . Retrieved February 13, 2024.
Internal MISP references
UUID 89e913a8-1d52-53fe-b692-fb72e21d794f
which can be used as unique global reference for Browser-updates
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-13T00:00:00Z |
date_published | 2023-10-17T00:00:00Z |
source | MITRE |
title | Are You Sure Your Browser is Up to Date? The Current Landscape of Fake Browser Updates |
Sekoia.io AridViper
Threat & Detection Research Team. (2023, October 26). AridViper, an intrusion set allegedly associated with Hamas. Retrieved October 30, 2023.
Internal MISP references
UUID 963a97b9-71b2-46e7-8315-1d7ef76d832c
which can be used as unique global reference for Sekoia.io AridViper
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-30T00:00:00Z |
date_published | 2023-10-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | AridViper, an intrusion set allegedly associated with Hamas |
TechNet Arp
Microsoft. (n.d.). Arp. Retrieved April 17, 2016.
Internal MISP references
UUID 7714222e-8046-4884-b460-493d9ef46305
which can be used as unique global reference for TechNet Arp
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-17T00:00:00Z |
source | MITRE |
title | Arp |
Cisco ARP Poisoning Mitigation 2016
King, J., Lauerman, K. (2016, January 22). ARP Poisoning (Man-in-the-Middle) Attack and Mitigation Technique. Retrieved October 15, 2020.
Internal MISP references
UUID 715cd044-f5ef-4cad-8741-308d104f05a5
which can be used as unique global reference for Cisco ARP Poisoning Mitigation 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-15T00:00:00Z |
date_published | 2016-01-22T00:00:00Z |
source | MITRE |
title | ARP Poisoning (Man-in-the-Middle) Attack and Mitigation Technique |
ASEC Emotet 2017
ASEC. (2017). ASEC REPORT VOL.88. Retrieved April 16, 2019.
Internal MISP references
UUID a02e3bbf-5864-4ccf-8b6f-5f8452395670
which can be used as unique global reference for ASEC Emotet 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-16T00:00:00Z |
date_published | 2017-01-01T00:00:00Z |
source | MITRE |
title | ASEC REPORT VOL.88 |
ASERT Seven Pointed Dagger Aug 2015
ASERT. (2015, August). ASERT Threat Intelligence Report – Uncovering the Seven Pointed Dagger. Retrieved March 19, 2018.
Internal MISP references
UUID a8f323c7-82bc-46e6-bd6c-0b631abc644a
which can be used as unique global reference for ASERT Seven Pointed Dagger Aug 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-19T00:00:00Z |
date_published | 2015-08-01T00:00:00Z |
source | MITRE |
title | ASERT Threat Intelligence Report – Uncovering the Seven Pointed Dagger |
Securelist Sofacy Feb 2018
Kaspersky Lab's Global Research & Analysis Team. (2018, February 20). A Slice of 2017 Sofacy Activity. Retrieved November 27, 2018.
Internal MISP references
UUID 3a043bba-2451-4765-946b-c1f3bf4aea36
which can be used as unique global reference for Securelist Sofacy Feb 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-27T00:00:00Z |
date_published | 2018-02-20T00:00:00Z |
source | MITRE |
title | A Slice of 2017 Sofacy Activity |
THE FINANCIAL TIMES LTD 2019.
THE FINANCIAL TIMES. (2019, September 2). A sobering day. Retrieved October 8, 2019.
Internal MISP references
UUID 5a01f0b7-86f7-44a1-bf35-46a631402ceb
which can be used as unique global reference for THE FINANCIAL TIMES LTD 2019.
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-08T00:00:00Z |
date_published | 2019-09-02T00:00:00Z |
source | MITRE |
title | A sobering day |
Aspnet_Compiler.exe - LOLBAS Project
LOLBAS. (2021, September 26). Aspnet_Compiler.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 15864c56-115e-4163-b816-03bdb9bfd5c5
which can be used as unique global reference for Aspnet_Compiler.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-09-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Aspnet_Compiler.exe |
Mandiant UNC2452 APT29 April 2022
Mandiant. (2020, April 27). Assembling the Russian Nesting Doll: UNC2452 Merged into APT29. Retrieved March 26, 2023.
Internal MISP references
UUID 5276508c-6792-56be-b757-e4b495ef6c37
which can be used as unique global reference for Mandiant UNC2452 APT29 April 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-26T00:00:00Z |
date_published | 2020-04-27T00:00:00Z |
source | MITRE |
title | Assembling the Russian Nesting Doll: UNC2452 Merged into APT29 |
Microsoft AssemblyLoad
Microsoft. (n.d.). Assembly.Load Method. Retrieved February 9, 2024.
Internal MISP references
UUID 3d980d7a-7074-5812-9bb1-ca8e27e028bd
which can be used as unique global reference for Microsoft AssemblyLoad
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-09T00:00:00Z |
source | MITRE |
title | Assembly.Load Method |
Kubernetes Assigning Pods to Nodes
Kubernetes. (n.d.). Assigning Pods to Nodes. Retrieved February 15, 2024.
Internal MISP references
UUID fe6ba97b-ff61-541b-9a67-a835290dc4ab
which can be used as unique global reference for Kubernetes Assigning Pods to Nodes
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-15T00:00:00Z |
source | MITRE |
title | Assigning Pods to Nodes |
Microsoft Assoc Oct 2017
Plett, C. et al.. (2017, October 15). assoc. Retrieved August 7, 2018.
Internal MISP references
UUID 63fb65d7-6423-42de-b868-37fbc2bc133d
which can be used as unique global reference for Microsoft Assoc Oct 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-07T00:00:00Z |
date_published | 2017-10-15T00:00:00Z |
source | MITRE |
title | assoc |
Rhino Security Labs Enumerating AWS Roles
Spencer Gietzen. (2018, August 8). Assume the Worst: Enumerating AWS Roles through ‘AssumeRole’. Retrieved April 1, 2022.
Internal MISP references
UUID f403fc54-bdac-415a-9cc0-78803dd84214
which can be used as unique global reference for Rhino Security Labs Enumerating AWS Roles
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-01T00:00:00Z |
date_published | 2018-08-08T00:00:00Z |
source | MITRE |
title | Assume the Worst: Enumerating AWS Roles through ‘AssumeRole’ |
Cybereason Astaroth Feb 2019
Salem, E. (2019, February 13). ASTAROTH MALWARE USES LEGITIMATE OS AND ANTIVIRUS PROCESSES TO STEAL PASSWORDS AND PERSONAL DATA. Retrieved April 17, 2019.
Internal MISP references
UUID eb4dc1f8-c6e7-4d6c-9258-b03a0ae64d2e
which can be used as unique global reference for Cybereason Astaroth Feb 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-17T00:00:00Z |
date_published | 2019-02-13T00:00:00Z |
source | MITRE |
title | ASTAROTH MALWARE USES LEGITIMATE OS AND ANTIVIRUS PROCESSES TO STEAL PASSWORDS AND PERSONAL DATA |
spamhaus-malvertising
Miller, Sarah. (2023, February 2). A surge of malvertising across Google Ads is distributing dangerous malware. Retrieved February 21, 2023.
Internal MISP references
UUID 15a4d429-28c3-52be-aeb8-d94ad2743866
which can be used as unique global reference for spamhaus-malvertising
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-21T00:00:00Z |
date_published | 2023-02-02T00:00:00Z |
source | MITRE |
title | A surge of malvertising across Google Ads is distributing dangerous malware |
Microsoft APC
Microsoft. (n.d.). Asynchronous Procedure Calls. Retrieved December 8, 2017.
Internal MISP references
UUID 37f1ef6c-fc0e-4e47-85ab-20d53caba77e
which can be used as unique global reference for Microsoft APC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-08T00:00:00Z |
source | MITRE |
title | Asynchronous Procedure Calls |
Medium February 08 2023
Hack sydney. (2023, February 8). AsyncRAT: Analysing the Three Stages of Execution. Retrieved May 7, 2023.
Internal MISP references
UUID 86a69887-8d23-460f-9a51-96a10bfb3c29
which can be used as unique global reference for Medium February 08 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2023-02-08T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | AsyncRAT: Analysing the Three Stages of Execution |
AsyncRAT Crusade: Detections and Defense | Splunk
Splunk-Blogs. (n.d.). AsyncRAT Crusade: Detections and Defense. Retrieved May 7, 2023.
Internal MISP references
UUID 2869d93c-d3fe-475e-adc9-ab6eb7e26c0f
which can be used as unique global reference for AsyncRAT Crusade: Detections and Defense | Splunk
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | AsyncRAT Crusade: Detections and Defense |
TechNet At
Microsoft. (n.d.). At. Retrieved April 28, 2016.
Internal MISP references
UUID 31b40c09-d68f-4889-b585-c077bd9cef28
which can be used as unique global reference for TechNet At
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-28T00:00:00Z |
source | MITRE |
title | At |
Die.net Linux at Man Page
Thomas Koenig. (n.d.). at(1) - Linux man page. Retrieved December 19, 2017.
Internal MISP references
UUID 4bc1389d-9586-4dfc-a67c-58c6d3f6796a
which can be used as unique global reference for Die.net Linux at Man Page
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-19T00:00:00Z |
source | MITRE |
title | at(1) - Linux man page |
Linux at
IEEE/The Open Group. (2017). at(1p) — Linux manual page. Retrieved February 25, 2022.
Internal MISP references
UUID 3e3a84bc-ab6d-460d-8abc-cafae6eaaedd
which can be used as unique global reference for Linux at
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-25T00:00:00Z |
date_published | 2017-01-01T00:00:00Z |
source | MITRE |
title | at(1p) — Linux manual page |
PWC Pirpi Scanbox
Lancaster, T. (2015, July 25). A tale of Pirpi, Scanbox & CVE-2015-3113. Retrieved March 30, 2016.
Internal MISP references
UUID 4904261a-a3a9-4c3e-b6a7-079890026ee2
which can be used as unique global reference for PWC Pirpi Scanbox
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-30T00:00:00Z |
date_published | 2015-07-25T00:00:00Z |
source | MITRE |
title | A tale of Pirpi, Scanbox & CVE-2015-3113 |
Atbroker.exe - LOLBAS Project
LOLBAS. (2018, May 25). Atbroker.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b0c21b56-6591-49c3-8e67-328ddb7b436d
which can be used as unique global reference for Atbroker.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Atbroker.exe |
ESET Attor Oct 2019
Hromcova, Z. (2019, October). AT COMMANDS, TOR-BASED COMMUNICATIONS: MEET ATTOR, A FANTASY CREATURE AND ALSO A SPY PLATFORM. Retrieved May 6, 2020.
Internal MISP references
UUID fdd57c56-d989-4a6f-8cc5-5b3713605dec
which can be used as unique global reference for ESET Attor Oct 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-06T00:00:00Z |
date_published | 2019-10-01T00:00:00Z |
source | MITRE |
title | AT COMMANDS, TOR-BASED COMMUNICATIONS: MEET ATTOR, A FANTASY CREATURE AND ALSO A SPY PLATFORM |
LogRhythm WannaCry
Noerenberg, E., Costis, A., and Quist, N. (2017, May 16). A Technical Analysis of WannaCry Ransomware. Retrieved March 25, 2019.
Internal MISP references
UUID 305d0742-154a-44af-8686-c6d8bd7f8636
which can be used as unique global reference for LogRhythm WannaCry
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-25T00:00:00Z |
date_published | 2017-05-16T00:00:00Z |
source | MITRE |
title | A Technical Analysis of WannaCry Ransomware |
Malwarebytes Dyreza November 2015
hasherezade. (2015, November 4). A Technical Look At Dyreza. Retrieved June 15, 2020.
Internal MISP references
UUID 0a5719f2-8a88-44e2-81c5-2d16a39f1f8d
which can be used as unique global reference for Malwarebytes Dyreza November 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-15T00:00:00Z |
date_published | 2015-11-04T00:00:00Z |
source | MITRE |
title | A Technical Look At Dyreza |
At.exe - LOLBAS Project
LOLBAS. (2019, September 20). At.exe. Retrieved December 4, 2023.
Internal MISP references
UUID a31e1f5c-9b8d-4af4-875b-5c03d2400c12
which can be used as unique global reference for At.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2019-09-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | At.exe |
ENSIL AtomBombing Oct 2016
Liberman, T. (2016, October 27). ATOMBOMBING: BRAND NEW CODE INJECTION FOR WINDOWS. Retrieved December 8, 2017.
Internal MISP references
UUID 9282dbab-391c-4ffd-ada9-1687413b686b
which can be used as unique global reference for ENSIL AtomBombing Oct 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-08T00:00:00Z |
date_published | 2016-10-27T00:00:00Z |
source | MITRE |
title | ATOMBOMBING: BRAND NEW CODE INJECTION FOR WINDOWS |
SentinelOne 5 3 2023
Phil Stokes. (2023, May 3). Atomic Stealer . Retrieved January 1, 2024.
Internal MISP references
UUID c4721cab-2895-48ed-bfde-748aa3c80209
which can be used as unique global reference for SentinelOne 5 3 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-01T00:00:00Z |
date_published | 2023-05-03T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Atomic Stealer |
Malwarebytes 1 10 2024
Jerome Segura. (2024, January 10). Atomic Stealer rings in the new year with updated version . Retrieved January 11, 2024.
Internal MISP references
UUID 660de1b0-574d-48df-865a-257b8ed4b928
which can be used as unique global reference for Malwarebytes 1 10 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-11T00:00:00Z |
date_published | 2024-01-10T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Atomic Stealer rings in the new year with updated version |
FireEye TRITON 2018
Miller, S. Reese, E. (2018, June 7). A Totally Tubular Treatise on TRITON and TriStation. Retrieved January 6, 2021.
Internal MISP references
UUID bfa5886a-a7f4-40d1-98d0-c3358abcf265
which can be used as unique global reference for FireEye TRITON 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-06T00:00:00Z |
date_published | 2018-06-07T00:00:00Z |
source | MITRE |
title | A Totally Tubular Treatise on TRITON and TriStation |
The DFIR Report Truebot June 12 2023
The DFIR Report. (2023, June 12). A Truly Graceful Wipe Out. Retrieved June 15, 2023.
Internal MISP references
UUID a6311a66-bb36-4cad-a98f-2b0b89aafa3d
which can be used as unique global reference for The DFIR Report Truebot June 12 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-15T00:00:00Z |
date_published | 2023-06-12T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | A Truly Graceful Wipe Out |
att_def_ps_logging
Hao, M. (2019, February 27). Attack and Defense Around PowerShell Event Logging. Retrieved November 24, 2021.
Internal MISP references
UUID 52212570-b1a6-4249-99d4-3bcf66c27140
which can be used as unique global reference for att_def_ps_logging
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-11-24T00:00:00Z |
date_published | 2019-02-27T00:00:00Z |
source | MITRE |
title | Attack and Defense Around PowerShell Event Logging |
Attack chain leads to XWORM and AGENTTESLA | Elastic
Elastic Blog. (2023, April 7). Attack chain leads to XWORM and AGENTTESLA. Retrieved May 10, 2023.
Internal MISP references
UUID 9b32397b-58be-4275-a701-fe0351ff2982
which can be used as unique global reference for Attack chain leads to XWORM and AGENTTESLA | Elastic
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-10T00:00:00Z |
date_published | 2023-04-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Attack chain leads to XWORM and AGENTTESLA |
Intezer TeamTNT September 2020
Fishbein, N. (2020, September 8). Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks. Retrieved September 22, 2021.
Internal MISP references
UUID 1155a45e-86f4-497a-9a03-43b6dcb25202
which can be used as unique global reference for Intezer TeamTNT September 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-22T00:00:00Z |
date_published | 2020-09-08T00:00:00Z |
source | MITRE |
title | Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks |
Metcalf 2015
Metcalf, S. (2015, January 19). Attackers Can Now Use Mimikatz to Implant Skeleton Key on Domain Controllers & BackDoor Your Active Directory Forest. Retrieved February 3, 2015.
Internal MISP references
UUID 1c899028-466c-49b0-8d64-1a954c812508
which can be used as unique global reference for Metcalf 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-02-03T00:00:00Z |
date_published | 2015-01-19T00:00:00Z |
source | MITRE |
title | Attackers Can Now Use Mimikatz to Implant Skeleton Key on Domain Controllers & BackDoor Your Active Directory Forest |
Cisco Blog Legacy Device Attacks
Omar Santos. (2020, October 19). Attackers Continue to Target Legacy Devices. Retrieved October 20, 2020.
Internal MISP references
UUID f7ce5099-7e04-4c0b-8767-e0eec664b18e
which can be used as unique global reference for Cisco Blog Legacy Device Attacks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2020-10-19T00:00:00Z |
source | MITRE |
title | Attackers Continue to Target Legacy Devices |
FireEye TRITON 2017
Johnson, B, et. al. (2017, December 14). Attackers Deploy New ICS Attack Framework "TRITON" and Cause Operational Disruption to Critical Infrastructure. Retrieved January 6, 2021.
Internal MISP references
UUID 597a4d8b-ffb2-4551-86db-b319f5a5b707
which can be used as unique global reference for FireEye TRITON 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-06T00:00:00Z |
date_published | 2017-12-14T00:00:00Z |
source | MITRE |
title | Attackers Deploy New ICS Attack Framework "TRITON" and Cause Operational Disruption to Critical Infrastructure |
FireEye TRITON Dec 2017
Blake Johnson, Dan Caban, Marina Krotofil, Dan Scali, Nathan Brubaker, Christopher Glyer. (2017, December 14). Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure. Retrieved January 12, 2018.
Internal MISP references
UUID d4ca3351-eeb8-5342-8c85-806614e22c48
which can be used as unique global reference for FireEye TRITON Dec 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-12T00:00:00Z |
date_published | 2017-12-14T00:00:00Z |
source | MITRE |
title | Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure |
Forbes GitHub Creds
Sandvik, R. (2014, January 14). Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency. Retrieved October 19, 2020.
Internal MISP references
UUID 303f8801-bdd6-4a0c-a90a-37867898c99c
which can be used as unique global reference for Forbes GitHub Creds
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
date_published | 2014-01-14T00:00:00Z |
source | MITRE |
title | Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency |
GitHub Cloud Service Credentials
Runa A. Sandvik. (2014, January 14). Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency. Retrieved August 9, 2022.
Internal MISP references
UUID d2186b8c-10c9-493b-8e25-7d69fce006e4
which can be used as unique global reference for GitHub Cloud Service Credentials
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-09T00:00:00Z |
date_published | 2014-01-14T00:00:00Z |
source | MITRE |
title | Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency |
Unit 42 Unsecured Docker Daemons
Chen, J.. (2020, January 29). Attacker's Tactics and Techniques in Unsecured Docker Daemons Revealed. Retrieved March 31, 2021.
Internal MISP references
UUID efcbbbdd-9af1-46c2-8538-3fd22f2b67d2
which can be used as unique global reference for Unit 42 Unsecured Docker Daemons
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-31T00:00:00Z |
date_published | 2020-01-29T00:00:00Z |
source | MITRE |
title | Attacker's Tactics and Techniques in Unsecured Docker Daemons Revealed |
Talos Roblox Scam 2023
Tiago Pereira. (2023, November 2). Attackers use JavaScript URLs, API forms and more to scam users in popular online game “Roblox”. Retrieved January 2, 2024.
Internal MISP references
UUID 9371ee4a-ac23-5acb-af3f-132ef3645392
which can be used as unique global reference for Talos Roblox Scam 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-02T00:00:00Z |
date_published | 2023-11-02T00:00:00Z |
source | MITRE |
title | Attackers use JavaScript URLs, API forms and more to scam users in popular online game “Roblox” |
Black Hills Attacking Exchange MailSniper, 2016
Bullock, B.. (2016, October 3). Attacking Exchange with MailSniper. Retrieved October 6, 2019.
Internal MISP references
UUID adedfddc-29b7-4245-aa67-cc590acb7434
which can be used as unique global reference for Black Hills Attacking Exchange MailSniper, 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-06T00:00:00Z |
date_published | 2016-10-03T00:00:00Z |
source | MITRE |
title | Attacking Exchange with MailSniper |
SANS Attacking Kerberos Nov 2014
Medin, T. (2014, November). Attacking Kerberos - Kicking the Guard Dog of Hades. Retrieved March 22, 2018.
Internal MISP references
UUID f20d6bd0-d699-4ee4-8ef6-3c45ec12cd42
which can be used as unique global reference for SANS Attacking Kerberos Nov 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-22T00:00:00Z |
date_published | 2014-11-01T00:00:00Z |
source | MITRE |
title | Attacking Kerberos - Kicking the Guard Dog of Hades |
NetSPI SQL Server CLR
Sutherland, S. (2017, July 13). Attacking SQL Server CLR Assemblies. Retrieved July 8, 2019.
Internal MISP references
UUID 6f3d8c89-9d5d-4754-98d5-44fe3a5dd0d5
which can be used as unique global reference for NetSPI SQL Server CLR
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-08T00:00:00Z |
date_published | 2017-07-13T00:00:00Z |
source | MITRE |
title | Attacking SQL Server CLR Assemblies |
Mandiant FIN5 GrrCON Oct 2016
Bromiley, M. and Lewis, P. (2016, October 7). Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 Years. Retrieved October 6, 2017.
Internal MISP references
UUID 2bd39baf-4223-4344-ba93-98aa8453dc11
which can be used as unique global reference for Mandiant FIN5 GrrCON Oct 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-10-06T00:00:00Z |
date_published | 2016-10-07T00:00:00Z |
source | MITRE |
title | Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 Years |
Attacking VNC Servers PentestLab
Administrator, Penetration Testing Lab. (2012, October 30). Attacking VNC Servers. Retrieved October 6, 2021.
Internal MISP references
UUID f953ea41-f9ca-4f4e-a46f-ef1d2def1d07
which can be used as unique global reference for Attacking VNC Servers PentestLab
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-06T00:00:00Z |
date_published | 2012-10-30T00:00:00Z |
source | MITRE |
title | Attacking VNC Servers |
Talos Template Injection July 2017
Baird, S. et al.. (2017, July 7). Attack on Critical Infrastructure Leverages Template Injection. Retrieved July 21, 2018.
Internal MISP references
UUID 175ea537-2a94-42c7-a83b-bec8906ee6b9
which can be used as unique global reference for Talos Template Injection July 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-21T00:00:00Z |
date_published | 2017-07-07T00:00:00Z |
source | MITRE |
title | Attack on Critical Infrastructure Leverages Template Injection |
Lotus Blossom Dec 2015
Falcone, R. and Miller-Osborn, J.. (2015, December 18). Attack on French Diplomat Linked to Operation Lotus Blossom. Retrieved February 15, 2016.
Internal MISP references
UUID dcbe51a0-6d63-4401-b19e-46cd3c42204c
which can be used as unique global reference for Lotus Blossom Dec 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-02-15T00:00:00Z |
date_published | 2015-12-18T00:00:00Z |
source | MITRE |
title | Attack on French Diplomat Linked to Operation Lotus Blossom |
Symantec Attacks Against Government Sector
Symantec. (2021, June 10). Attacks Against the Government Sector. Retrieved September 28, 2021.
Internal MISP references
UUID f5940cc2-1bbd-4e42-813a-f50867b01035
which can be used as unique global reference for Symantec Attacks Against Government Sector
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-28T00:00:00Z |
date_published | 2021-06-10T00:00:00Z |
source | MITRE |
title | Attacks Against the Government Sector |
Aqua Security Cloud Native Threat Report June 2021
Team Nautilus. (2021, June). Attacks in the Wild on the Container Supply Chain and Infrastructure. Retrieved August 26, 2021.
Internal MISP references
UUID be9652d5-7531-4143-9c44-aefd019b7a32
which can be used as unique global reference for Aqua Security Cloud Native Threat Report June 2021
in MISP communities and other software using the MISP galaxy
External references
- https://info.aquasec.com/hubfs/Threat%20reports/AquaSecurity_Cloud_Native_Threat_Report_2021.pdf?utm_campaign=WP%20-%20Jun2021%20Nautilus%202021%20Threat%20Research%20Report&utm_medium=email&_hsmi=132931006&_hsenc=p2ANqtz-_8oopT5Uhqab8B7kE0l3iFo1koirxtyfTehxF7N-EdGYrwk30gfiwp5SiNlW3G0TNKZxUcDkYOtwQ9S6nNVNyEO-Dgrw&utm_content=132931006&utm_source=hs_automation - webarchive
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-26T00:00:00Z |
date_published | 2021-06-01T00:00:00Z |
source | MITRE |
title | Attacks in the Wild on the Container Supply Chain and Infrastructure |
CERT-FR PYSA April 2020
CERT-FR. (2020, April 1). ATTACKS INVOLVING THE MESPINOZA/PYSA RANSOMWARE. Retrieved March 1, 2021.
Internal MISP references
UUID 4e502db6-2e09-4422-9dcc-1e10e701e122
which can be used as unique global reference for CERT-FR PYSA April 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-01T00:00:00Z |
date_published | 2020-04-01T00:00:00Z |
source | MITRE |
title | ATTACKS INVOLVING THE MESPINOZA/PYSA RANSOMWARE |
InsiderThreat NTFS EA Oct 2017
Sander, J. (2017, October 12). Attack Step 3: Persistence with NTFS Extended Attributes – File System Attacks. Retrieved March 21, 2018.
Internal MISP references
UUID 6d270128-0461-43ec-8925-204c7b5aacc9
which can be used as unique global reference for InsiderThreat NTFS EA Oct 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-21T00:00:00Z |
date_published | 2017-10-12T00:00:00Z |
source | MITRE |
title | Attack Step 3: Persistence with NTFS Extended Attributes – File System Attacks |
Microsoft ASR Obfuscation
Microsoft. (2023, February 22). Attack surface reduction (ASR) rules reference: Block execution of potentially obfuscated scripts. Retrieved March 17, 2023.
Internal MISP references
UUID dec646d4-8b32-5091-b097-abe887aeca96
which can be used as unique global reference for Microsoft ASR Obfuscation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-17T00:00:00Z |
date_published | 2023-02-22T00:00:00Z |
source | MITRE |
title | Attack surface reduction (ASR) rules reference: Block execution of potentially obfuscated scripts |
Obfuscated scripts
Microsoft. (2024, March 4). Attack surface reduction rules reference. Retrieved March 29, 2024.
Internal MISP references
UUID 2b4dcb27-f32e-50f0-83e0-350659e49f0b
which can be used as unique global reference for Obfuscated scripts
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-29T00:00:00Z |
date_published | 2024-03-04T00:00:00Z |
source | MITRE |
title | Attack surface reduction rules reference |
TrendMicro Msiexec Feb 2018
Co, M. and Sison, G. (2018, February 8). Attack Using Windows Installer msiexec.exe leads to LokiBot. Retrieved April 18, 2019.
Internal MISP references
UUID 768c99f3-ee28-47dc-bc33-06d50ac72dea
which can be used as unique global reference for TrendMicro Msiexec Feb 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-18T00:00:00Z |
date_published | 2018-02-08T00:00:00Z |
source | MITRE |
title | Attack Using Windows Installer msiexec.exe leads to LokiBot |
GitHub ATTACK Empire
Stepanic, D. (2018, September 2). attck_empire: Generate ATT&CK Navigator layer file from PowerShell Empire agent logs. Retrieved March 11, 2019.
Internal MISP references
UUID b3d6bb33-2b23-4c0a-b8fa-e002a5c7edfc
which can be used as unique global reference for GitHub ATTACK Empire
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-11T00:00:00Z |
date_published | 2018-09-02T00:00:00Z |
source | MITRE |
title | attck_empire: Generate ATT&CK Navigator layer file from PowerShell Empire agent logs |
lambert systemd 2022
Tony Lambert. (2022, November 13). ATT&CK T1501: Understanding systemd service persistence. Retrieved March 20, 2023.
Internal MISP references
UUID 196f0c77-4c98-57e7-ad79-eb43bdd2c848
which can be used as unique global reference for lambert systemd 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-20T00:00:00Z |
date_published | 2022-11-13T00:00:00Z |
source | MITRE |
title | ATT&CK T1501: Understanding systemd service persistence |
TechNet Credential Theft
Microsoft. (2016, April 15). Attractive Accounts for Credential Theft. Retrieved June 3, 2016.
Internal MISP references
UUID 5c183c97-0ab2-4b75-8dbc-9db92a929ff4
which can be used as unique global reference for TechNet Credential Theft
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-03T00:00:00Z |
date_published | 2016-04-15T00:00:00Z |
source | MITRE |
title | Attractive Accounts for Credential Theft |
AcidRain State Department 2022
Antony J. Blinken, US Department of State. (2022, May 10). Attribution of Russia’s Malicious Cyber Activity Against Ukraine. Retrieved March 25, 2024.
Internal MISP references
UUID 9d514c52-9def-5b11-aa06-fdf3ee9923ed
which can be used as unique global reference for AcidRain State Department 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-25T00:00:00Z |
date_published | 2022-05-10T00:00:00Z |
source | MITRE |
title | Attribution of Russia’s Malicious Cyber Activity Against Ukraine |
Audit OSX
Gagliardi, R. (n.d.). Audit in a OS X System. Retrieved September 23, 2021.
Internal MISP references
UUID c5181c95-0a94-4ea0-9940-04a9663d0069
which can be used as unique global reference for Audit OSX
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-23T00:00:00Z |
source | MITRE |
title | Audit in a OS X System |
Microsoft Audit Logon Events
Microsoft. (2021, September 6). Audit logon events. Retrieved September 28, 2021.
Internal MISP references
UUID 050d6da7-a78c-489d-8bef-b06d802b55d7
which can be used as unique global reference for Microsoft Audit Logon Events
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-28T00:00:00Z |
date_published | 2021-09-06T00:00:00Z |
source | MITRE |
title | Audit logon events |
Cloud Audit Logs
Google. (n.d.). Audit Logs. Retrieved June 1, 2020.
Internal MISP references
UUID 500bdcea-5f49-4949-80fb-5eec1ce5e09e
which can be used as unique global reference for Cloud Audit Logs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-01T00:00:00Z |
source | MITRE |
title | Audit Logs |
Microsoft Scheduled Task Events Win10
Microsoft. (2017, May 28). Audit Other Object Access Events. Retrieved June 27, 2019.
Internal MISP references
UUID 79e54b41-69ba-4738-86ef-88c4f540bce3
which can be used as unique global reference for Microsoft Scheduled Task Events Win10
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-27T00:00:00Z |
date_published | 2017-05-28T00:00:00Z |
source | MITRE |
title | Audit Other Object Access Events |
auditpol
Jason Gerend, et al. (2017, October 16). auditpol. Retrieved September 1, 2021.
Internal MISP references
UUID 20d18ecf-d7d3-4433-9a3c-c28be71de4b1
which can be used as unique global reference for auditpol
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-01T00:00:00Z |
date_published | 2017-10-16T00:00:00Z |
source | MITRE |
title | auditpol |
auditpol.exe_STRONTIC
STRONTIC. (n.d.). auditpol.exe. Retrieved September 9, 2021.
Internal MISP references
UUID c8a305b3-cd17-4415-a740-32787da703cd
which can be used as unique global reference for auditpol.exe_STRONTIC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-09T00:00:00Z |
source | MITRE |
title | auditpol.exe |
Audit_Policy_Microsoft
Daniel Simpson. (2017, April 19). Audit Policy. Retrieved September 13, 2021.
Internal MISP references
UUID 9ff43f64-7fcb-4aa3-9599-9d00774d8da5
which can be used as unique global reference for Audit_Policy_Microsoft
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-13T00:00:00Z |
date_published | 2017-04-19T00:00:00Z |
source | MITRE |
title | Audit Policy |
TechNet Audit Policy
Microsoft. (2016, April 15). Audit Policy Recommendations. Retrieved June 3, 2016.
Internal MISP references
UUID 406cd8ff-e539-4853-85ed-775726155cf1
which can be used as unique global reference for TechNet Audit Policy
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-03T00:00:00Z |
date_published | 2016-04-15T00:00:00Z |
source | MITRE |
title | Audit Policy Recommendations |
Microsoft Audit Registry July 2012
Microsoft. (2012, July 2). Audit Registry. Retrieved January 31, 2018.
Internal MISP references
UUID 4e95ad81-cbc4-4f66-ba95-fb781d7d9c3c
which can be used as unique global reference for Microsoft Audit Registry July 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-31T00:00:00Z |
date_published | 2012-07-02T00:00:00Z |
source | MITRE |
title | Audit Registry |
Security Affairs Elderwood Sept 2012
Paganini, P. (2012, September 9). Elderwood project, who is behind Op. Aurora and ongoing attacks?. Retrieved February 13, 2018.
Internal MISP references
UUID ebfc56c5-0490-4b91-b49f-548c00a59162
which can be used as unique global reference for Security Affairs Elderwood Sept 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-13T00:00:00Z |
source | MITRE |
title | Aurora and ongoing attacks? |
NIST Authentication
NIST. (n.d.). Authentication. Retrieved January 30, 2020.
Internal MISP references
UUID f3cfb9b9-62f4-4066-a2b9-7e6f25bd7a46
which can be used as unique global reference for NIST Authentication
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-01-30T00:00:00Z |
source | MITRE |
title | Authentication |
MSDN Authentication Packages
Microsoft. (n.d.). Authentication Packages. Retrieved March 1, 2017.
Internal MISP references
UUID e9bb8434-9b6d-4301-bfe2-5c83ceabb020
which can be used as unique global reference for MSDN Authentication Packages
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-01T00:00:00Z |
source | MITRE |
title | Authentication Packages |
Microsoft Authenticode
Microsoft. (n.d.). Authenticode. Retrieved January 31, 2018.
Internal MISP references
UUID 33efd1a3-ffe9-42b3-ae12-970ed11454bf
which can be used as unique global reference for Microsoft Authenticode
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-31T00:00:00Z |
source | MITRE |
title | Authenticode |
K8s Authorization Overview
Kubernetes. (n.d.). Authorization Overview. Retrieved June 24, 2021.
Internal MISP references
UUID 120f968a-c81f-4902-9b76-7544577b768d
which can be used as unique global reference for K8s Authorization Overview
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-24T00:00:00Z |
source | MITRE |
title | Authorization Overview |
SSH Authorized Keys
ssh.com. (n.d.). Authorized_keys File in SSH. Retrieved June 24, 2020.
Internal MISP references
UUID ff100b76-894e-4d7c-9b8d-5f0eedcf59cc
which can be used as unique global reference for SSH Authorized Keys
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-24T00:00:00Z |
source | MITRE |
title | Authorized_keys File in SSH |
Trend Micro njRAT 2018
Pascual, C. (2018, November 27). AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor. Retrieved June 4, 2019.
Internal MISP references
UUID d8e7b428-84dd-4d96-b3f3-70e7ed7f8271
which can be used as unique global reference for Trend Micro njRAT 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-04T00:00:00Z |
date_published | 2018-11-27T00:00:00Z |
source | MITRE |
title | AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor |
Re-Open windows on Mac
Apple. (2016, December 6). Automatically re-open windows, apps, and documents on your Mac. Retrieved July 11, 2017.
Internal MISP references
UUID ed907f1e-71d6-45db-8ef3-75bec59c238b
which can be used as unique global reference for Re-Open windows on Mac
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-11T00:00:00Z |
date_published | 2016-12-06T00:00:00Z |
source | MITRE |
title | Automatically re-open windows, apps, and documents on your Mac |
TechNet Autoruns
Russinovich, M. (2016, January 4). Autoruns for Windows v13.51. Retrieved June 6, 2016.
Internal MISP references
UUID 709f4509-9d69-4033-8aa6-a947496a1703
which can be used as unique global reference for TechNet Autoruns
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-06T00:00:00Z |
date_published | 2016-01-04T00:00:00Z |
source | MITRE |
title | Autoruns for Windows v13.51 |
Autoruns for Windows
Mark Russinovich. (2019, June 28). Autoruns for Windows v13.96. Retrieved March 13, 2020.
Internal MISP references
UUID aaf66ad0-c444-48b5-875f-a0f66b82031c
which can be used as unique global reference for Autoruns for Windows
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-13T00:00:00Z |
date_published | 2019-06-28T00:00:00Z |
source | MITRE |
title | Autoruns for Windows v13.96 |
Hornet Security Avaddon June 2020
Security Lab. (2020, June 5). Avaddon: From seeking affiliates to in-the-wild in 2 days. Retrieved August 19, 2021.
Internal MISP references
UUID 41377d56-2e7b-48a8-8561-681e04a65907
which can be used as unique global reference for Hornet Security Avaddon June 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-19T00:00:00Z |
date_published | 2020-06-05T00:00:00Z |
source | MITRE |
title | Avaddon: From seeking affiliates to in-the-wild in 2 days |
Arxiv Avaddon Feb 2021
Yuste, J. Pastrana, S. (2021, February 9). Avaddon ransomware: an in-depth analysis and decryption of infected systems. Retrieved August 19, 2021.
Internal MISP references
UUID dbee8e7e-f477-4bd5-8225-84e0e222617e
which can be used as unique global reference for Arxiv Avaddon Feb 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-19T00:00:00Z |
date_published | 2021-02-09T00:00:00Z |
source | MITRE |
title | Avaddon ransomware: an in-depth analysis and decryption of infected systems |
CISA Phishing
CISA. (2021, February 1). Avoiding Social Engineering and Phishing Attacks. Retrieved September 8, 2023.
Internal MISP references
UUID 0c98bf66-f43c-5b09-ae43-d10c682f51e7
which can be used as unique global reference for CISA Phishing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-08T00:00:00Z |
date_published | 2021-02-01T00:00:00Z |
source | MITRE |
title | Avoiding Social Engineering and Phishing Attacks |
Malwarebytes AvosLocker Jul 2021
Hasherezade. (2021, July 23). AvosLocker enters the ransomware scene, asks for partners. Retrieved January 11, 2023.
Internal MISP references
UUID 88dffb14-a7a7-5b36-b269-8283dec0f1a3
which can be used as unique global reference for Malwarebytes AvosLocker Jul 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-01-11T00:00:00Z |
date_published | 2021-07-23T00:00:00Z |
source | MITRE |
title | AvosLocker enters the ransomware scene, asks for partners |
avoslocker_ransomware
Lakshmanan, R. (2022, May 2). AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection. Retrieved May 17, 2022.
Internal MISP references
UUID ea2756ce-a183-4c80-af11-92374ad045b2
which can be used as unique global reference for avoslocker_ransomware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-17T00:00:00Z |
date_published | 2022-05-02T00:00:00Z |
source | MITRE |
title | AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection |
Cisco Talos Avos Jun 2022
Venere, G. Neal, C. (2022, June 21). Avos ransomware group expands with new attack arsenal. Retrieved January 11, 2023.
Internal MISP references
UUID 1170fdc2-6d8e-5b60-bf9e-ca915790e534
which can be used as unique global reference for Cisco Talos Avos Jun 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-01-11T00:00:00Z |
date_published | 2022-06-21T00:00:00Z |
source | MITRE |
title | Avos ransomware group expands with new attack arsenal |
Awesome Executable Packing
Alexandre D'Hondt. (n.d.). Awesome Executable Packing. Retrieved March 11, 2022.
Internal MISP references
UUID 565bf600-5657-479b-9678-803e991c88a5
which can be used as unique global reference for Awesome Executable Packing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-11T00:00:00Z |
source | MITRE |
title | Awesome Executable Packing |
ESET Kobalos Jan 2021
M.Leveille, M., Sanmillan, I. (2021, January). A WILD KOBALOS APPEARS Tricksy Linux malware goes after HPCs. Retrieved August 24, 2021.
Internal MISP references
UUID 745e963e-33fd-40d4-a8c6-1a9f321017f4
which can be used as unique global reference for ESET Kobalos Jan 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-24T00:00:00Z |
date_published | 2021-01-01T00:00:00Z |
source | MITRE |
title | A WILD KOBALOS APPEARS Tricksy Linux malware goes after HPCs |
AWS Root User
Amazon. (n.d.). AWS Account Root User. Retrieved April 5, 2021.
Internal MISP references
UUID 5f315c21-f02f-4c9e-aac6-d648deff3ff9
which can be used as unique global reference for AWS Root User
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-05T00:00:00Z |
source | MITRE |
title | AWS Account Root User |
GitHub AWS-ADFS-Credential-Generator
Damian Hickey. (2017, January 28). AWS-ADFS-Credential-Generator. Retrieved December 16, 2020.
Internal MISP references
UUID 340a3a20-0ee1-4fd8-87ab-10ac0d2a50c8
which can be used as unique global reference for GitHub AWS-ADFS-Credential-Generator
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-16T00:00:00Z |
date_published | 2017-01-28T00:00:00Z |
source | MITRE |
title | AWS-ADFS-Credential-Generator |
AWS GetPasswordPolicy
Amazon Web Services. (n.d.). AWS API GetAccountPasswordPolicy. Retrieved June 8, 2021.
Internal MISP references
UUID dd44d565-b9d9-437e-a31a-a52c6a21e3b3
which can be used as unique global reference for AWS GetPasswordPolicy
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-08T00:00:00Z |
source | MITRE |
title | AWS API GetAccountPasswordPolicy |
AWS Console Sign-in Events
Amazon. (n.d.). AWS Console Sign-in Events. Retrieved October 23, 2019.
Internal MISP references
UUID 72578d0b-f68a-40fa-9a5d-379a66792be8
which can be used as unique global reference for AWS Console Sign-in Events
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-23T00:00:00Z |
source | MITRE |
title | AWS Console Sign-in Events |
AWS Describe DB Instances
Amazon Web Services. (n.d.). Retrieved May 28, 2021.
Internal MISP references
UUID 85bda17d-7b7c-4d0e-a0d2-2adb5f0a6b82
which can be used as unique global reference for AWS Describe DB Instances
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-28T00:00:00Z |
source | MITRE |
title | AWS Describe DB Instances |
AWS Get Bucket ACL
Amazon Web Services. (n.d.). Retrieved May 28, 2021.
Internal MISP references
UUID 1eddbd32-8314-4f95-812a-550904eac2fa
which can be used as unique global reference for AWS Get Bucket ACL
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-28T00:00:00Z |
source | MITRE |
title | AWS Get Bucket ACL |
AWS Get Public Access Block
Amazon Web Services. (n.d.). Retrieved May 28, 2021.
Internal MISP references
UUID f2887980-569a-4bc2-949e-bd8ff266c43c
which can be used as unique global reference for AWS Get Public Access Block
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-28T00:00:00Z |
source | MITRE |
title | AWS Get Public Access Block |
AWS Head Bucket
Amazon Web Services. (n.d.). AWS HeadBucket. Retrieved February 14, 2022.
Internal MISP references
UUID 1388a78e-9f86-4927-a619-e0fcbac5b7a1
which can be used as unique global reference for AWS Head Bucket
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-14T00:00:00Z |
source | MITRE |
title | AWS HeadBucket |
Rhino Security Labs AWS Privilege Escalation
Spencer Gietzen. (n.d.). AWS IAM Privilege Escalation – Methods and Mitigation. Retrieved May 27, 2022.
Internal MISP references
UUID 693e5783-4aa1-40ce-8080-cec01c3e7b59
which can be used as unique global reference for Rhino Security Labs AWS Privilege Escalation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-27T00:00:00Z |
source | MITRE |
title | AWS IAM Privilege Escalation – Methods and Mitigation |
AWS Lambda Redirector
Adam Chester. (2020, February 25). AWS Lambda Redirector. Retrieved July 8, 2022.
Internal MISP references
UUID 9ba87a5d-a140-4959-9905-c4a80e684d56
which can be used as unique global reference for AWS Lambda Redirector
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-08T00:00:00Z |
date_published | 2020-02-25T00:00:00Z |
source | MITRE |
title | AWS Lambda Redirector |
Sysdig AMBERSQUID September 18 2023
Alessandro Brucato. (2023, September 18). AWS’s Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation. Retrieved April 11, 2024.
Internal MISP references
UUID 7ffa880f-5854-4b8a-83f5-da42c1c39345
which can be used as unique global reference for Sysdig AMBERSQUID September 18 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-11T00:00:00Z |
date_published | 2023-09-18T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | AWS’s Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation |
Rhino Security Labs AWS S3 Ransomware
Spencer Gietzen. (n.d.). AWS Simple Storage Service S3 Ransomware Part 2: Prevention and Defense. Retrieved March 21, 2023.
Internal MISP references
UUID 785c6b11-c5f0-5cb4-931b-cf75fcc368a1
which can be used as unique global reference for Rhino Security Labs AWS S3 Ransomware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-21T00:00:00Z |
source | MITRE |
title | AWS Simple Storage Service S3 Ransomware Part 2: Prevention and Defense |
AWS Systems Manager Run Command
AWS. (n.d.). AWS Systems Manager Run Command. Retrieved March 13, 2023.
Internal MISP references
UUID ef66f17b-6a5b-5eb8-83de-943e2bddd114
which can be used as unique global reference for AWS Systems Manager Run Command
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-13T00:00:00Z |
source | MITRE |
title | AWS Systems Manager Run Command |
Pylos Xenotime 2019
Slowik, J.. (2019, April 12). A XENOTIME to Remember: Veles in the Wild. Retrieved April 16, 2019.
Internal MISP references
UUID e2f246d8-c75e-4e0f-bba8-869d82be26da
which can be used as unique global reference for Pylos Xenotime 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-16T00:00:00Z |
date_published | 2019-04-12T00:00:00Z |
source | MITRE |
title | A XENOTIME to Remember: Veles in the Wild |
objective-see ay mami 2018
Patrick Wardle. (2018, January 11). Ay MaMi. Retrieved March 19, 2018.
Internal MISP references
UUID 1b1d656c-4fe6-47d1-9ce5-a70c33003507
which can be used as unique global reference for objective-see ay mami 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-19T00:00:00Z |
date_published | 2018-01-11T00:00:00Z |
source | MITRE |
title | Ay MaMi |
Microsoft AZ CLI
Microsoft. (n.d.). az ad user. Retrieved October 6, 2019.
Internal MISP references
UUID cfd94553-272b-466b-becb-3859942bcaa5
which can be used as unique global reference for Microsoft AZ CLI
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-06T00:00:00Z |
source | MITRE |
title | az ad user |
Intezer Russian APT Dec 2020
Kennedy, J. (2020, December 9). A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy. Retrieved February 22, 2021.
Internal MISP references
UUID 88d8a3b7-d994-4fd2-9aa1-83b79bccda7e
which can be used as unique global reference for Intezer Russian APT Dec 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-22T00:00:00Z |
date_published | 2020-12-09T00:00:00Z |
source | MITRE |
title | A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy |
az monitor diagnostic-settings
Microsoft. (n.d.). az monitor diagnostic-settings. Retrieved October 16, 2020.
Internal MISP references
UUID 6ddd92ee-1014-4b7a-953b-18ac396b100e
which can be used as unique global reference for az monitor diagnostic-settings
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-16T00:00:00Z |
source | MITRE |
title | az monitor diagnostic-settings |
Microsoft Azure AD Security Operations for Devices
Microsoft. (2020, September 16). Azure Active Directory security operations for devices. Retrieved February 21, 2023.
Internal MISP references
UUID eeba5eab-a9d8-55c0-b555-0414f65d2c2d
which can be used as unique global reference for Microsoft Azure AD Security Operations for Devices
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-21T00:00:00Z |
date_published | 2020-09-16T00:00:00Z |
source | MITRE |
title | Azure Active Directory security operations for devices |
Microsoft Azure Active Directory security operations guide
Microsoft . (2022, September 16). Azure Active Directory security operations guide. Retrieved February 21, 2023.
Internal MISP references
UUID b75a3f28-a028-50e6-b971-cc85e7d52e0c
which can be used as unique global reference for Microsoft Azure Active Directory security operations guide
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-21T00:00:00Z |
date_published | 2022-09-16T00:00:00Z |
source | MITRE |
title | Azure Active Directory security operations guide |
Azure AD Connect for Read Teamers
Adam Chester. (2019, February 18). Azure AD Connect for Red Teamers. Retrieved September 28, 2022.
Internal MISP references
UUID 0b9946ff-8c1c-4d93-8401-e1e4dd186305
which can be used as unique global reference for Azure AD Connect for Read Teamers
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-28T00:00:00Z |
date_published | 2019-02-18T00:00:00Z |
source | MITRE |
title | Azure AD Connect for Red Teamers |
Microsoft - Azure PowerShell
Microsoft. (2014, December 12). Azure/azure-powershell. Retrieved March 24, 2023.
Internal MISP references
UUID 3b17b649-9efa-525f-aa49-cf6c9ad559d7
which can be used as unique global reference for Microsoft - Azure PowerShell
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-24T00:00:00Z |
date_published | 2014-12-12T00:00:00Z |
source | MITRE |
title | Azure/azure-powershell |
Azure Blob Storage
Microsoft. (n.d.). Azure Blob Storage. Retrieved October 13, 2021.
Internal MISP references
UUID 7a392b85-872a-4a5a-984c-185a8e8f8a3f
which can be used as unique global reference for Azure Blob Storage
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-13T00:00:00Z |
source | MITRE |
title | Azure Blob Storage |
Microsoft Azure Instance Metadata 2021
Microsoft. (2021, February 21). Azure Instance Metadata Service (Windows). Retrieved April 2, 2021.
Internal MISP references
UUID 66e93b75-0067-4cdb-b695-8f8109ef26e0
which can be used as unique global reference for Microsoft Azure Instance Metadata 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-02T00:00:00Z |
date_published | 2021-02-21T00:00:00Z |
source | MITRE |
title | Azure Instance Metadata Service (Windows) |
Microsoft Azure Policy
Microsoft. (2023, August 30). Azure Policy built-in policy definitions. Retrieved September 5, 2023.
Internal MISP references
UUID 761d102e-768a-5536-a098-0b1819029d33
which can be used as unique global reference for Microsoft Azure Policy
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-05T00:00:00Z |
date_published | 2023-08-30T00:00:00Z |
source | MITRE |
title | Azure Policy built-in policy definitions |
SpecterOps Azure Privilege Escalation
Andy Robbins. (2021, October 12). Azure Privilege Escalation via Service Principal Abuse. Retrieved April 1, 2022.
Internal MISP references
UUID 5dba5a6d-465e-4489-bc4d-299a891b62f6
which can be used as unique global reference for SpecterOps Azure Privilege Escalation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-01T00:00:00Z |
date_published | 2021-10-12T00:00:00Z |
source | MITRE |
title | Azure Privilege Escalation via Service Principal Abuse |
Azure Products
Microsoft. (n.d.). Azure products. Retrieved October 13, 2021.
Internal MISP references
UUID 12a72e05-ada4-4f77-8d6e-03024f88cab6
which can be used as unique global reference for Azure Products
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-13T00:00:00Z |
source | MITRE |
title | Azure products |
Azure - Resource Manager API
Microsoft. (2019, May 20). Azure Resource Manager. Retrieved June 17, 2020.
Internal MISP references
UUID 223cc020-e88a-4236-9c34-64fe606a1729
which can be used as unique global reference for Azure - Resource Manager API
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-17T00:00:00Z |
date_published | 2019-05-20T00:00:00Z |
source | MITRE |
title | Azure Resource Manager |
Mandiant Azure Run Command 2021
Adrien Bataille, Anders Vejlby, Jared Scott Wilson, and Nader Zaveri. (2021, December 14). Azure Run Command for Dummies. Retrieved March 13, 2023.
Internal MISP references
UUID e15d38de-bc15-525b-bd03-27c0edca768d
which can be used as unique global reference for Mandiant Azure Run Command 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-13T00:00:00Z |
date_published | 2021-12-14T00:00:00Z |
source | MITRE |
title | Azure Run Command for Dummies |
Microsoft Azure security baseline for Azure Active Directory
Microsoft. (2022, November 14). Azure security baseline for Azure Active Directory. Retrieved February 21, 2023.
Internal MISP references
UUID 2bc66dc9-2ed2-52ad-8ae2-5497be3b0c53
which can be used as unique global reference for Microsoft Azure security baseline for Azure Active Directory
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-21T00:00:00Z |
date_published | 2022-11-14T00:00:00Z |
source | MITRE |
title | Azure security baseline for Azure Active Directory |
Microsoft - Azure Sentinel ADFSDomainTrustMods
Microsoft. (2020, December). Azure Sentinel Detections. Retrieved December 30, 2020.
Internal MISP references
UUID 34314090-33c2-4276-affa-3d0b527bbcef
which can be used as unique global reference for Microsoft - Azure Sentinel ADFSDomainTrustMods
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-30T00:00:00Z |
date_published | 2020-12-01T00:00:00Z |
source | MITRE |
title | Azure Sentinel Detections |
Azure Serial Console
Microsoft. (2022, October 17). Azure Serial Console. Retrieved June 2, 2023.
Internal MISP references
UUID fd75d136-e818-5233-b2c2-5d8ed033b9e6
which can be used as unique global reference for Azure Serial Console
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-02T00:00:00Z |
date_published | 2022-10-17T00:00:00Z |
source | MITRE |
title | Azure Serial Console |
Microsoft Azure Storage Security, 2019
Amlekar, M., Brooks, C., Claman, L., et. al.. (2019, March 20). Azure Storage security guide. Retrieved October 4, 2019.
Internal MISP references
UUID 95bda448-bb13-4fa6-b663-e48a9d1b866f
which can be used as unique global reference for Microsoft Azure Storage Security, 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-04T00:00:00Z |
date_published | 2019-03-20T00:00:00Z |
source | MITRE |
title | Azure Storage security guide |
Azure - Stormspotter
Microsoft. (2020). Azure Stormspotter GitHub. Retrieved June 17, 2020.
Internal MISP references
UUID 42383ed1-9705-4313-8068-28a22a23f50e
which can be used as unique global reference for Azure - Stormspotter
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-17T00:00:00Z |
date_published | 2020-01-01T00:00:00Z |
source | MITRE |
title | Azure Stormspotter GitHub |
Medium Babuk February 2021
Sebdraven. (2021, February 8). Babuk is distributed packed. Retrieved August 11, 2021.
Internal MISP references
UUID 58759b1c-8e2c-44fa-8e37-8bf7325c330d
which can be used as unique global reference for Medium Babuk February 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-11T00:00:00Z |
date_published | 2021-02-08T00:00:00Z |
source | MITRE |
title | Babuk is distributed packed |
Sogeti CERT ESEC Babuk March 2021
Sogeti. (2021, March). Babuk Ransomware. Retrieved August 11, 2021.
Internal MISP references
UUID e85e3bd9-6ddc-4d0f-a16c-b525a75baa7e
which can be used as unique global reference for Sogeti CERT ESEC Babuk March 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-11T00:00:00Z |
date_published | 2021-03-01T00:00:00Z |
source | MITRE |
title | Babuk Ransomware |
Unit42 BabyShark Apr 2019
Lim, M.. (2019, April 26). BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PCRat . Retrieved October 7, 2019.
Internal MISP references
UUID c020569d-9c85-45fa-9f0b-97be5bdbab08
which can be used as unique global reference for Unit42 BabyShark Apr 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-07T00:00:00Z |
date_published | 2019-04-26T00:00:00Z |
source | MITRE |
title | BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PCRat |
Symantec Briba May 2012
Ladley, F. (2012, May 15). Backdoor.Briba. Retrieved February 21, 2018.
Internal MISP references
UUID bcf0f82b-1b26-4c0c-905e-0dd8b88d0903
which can be used as unique global reference for Symantec Briba May 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-21T00:00:00Z |
date_published | 2012-05-15T00:00:00Z |
source | MITRE |
title | Backdoor.Briba |
TrendMicro Squiblydoo Aug 2017
Bermejo, L., Giagone, R., Wu, R., and Yarochkin, F. (2017, August 7). Backdoor-carrying Emails Set Sights on Russian-speaking Businesses. Retrieved March 7, 2019.
Internal MISP references
UUID efeb475c-2a7c-4ab6-814d-3ee7866fa322
which can be used as unique global reference for TrendMicro Squiblydoo Aug 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-07T00:00:00Z |
date_published | 2017-08-07T00:00:00Z |
source | MITRE |
title | Backdoor-carrying Emails Set Sights on Russian-speaking Businesses |
Symantec Darkmoon Aug 2005
Hayashi, K. (2005, August 18). Backdoor.Darkmoon. Retrieved February 23, 2018.
Internal MISP references
UUID 7088234d-a6fc-49ad-b4fd-2fe8ca333c1d
which can be used as unique global reference for Symantec Darkmoon Aug 2005
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-23T00:00:00Z |
date_published | 2005-08-18T00:00:00Z |
source | MITRE |
title | Backdoor.Darkmoon |
ESET BackdoorDiplomacy Jun 2021
Adam Burgher. (2021, June 10). BackdoorDiplomacy: Upgrading from Quarian to Turian. Retrieved September 1, 2021
Internal MISP references
UUID 127d4b10-8d61-4bdf-b5b9-7d86bbc065b6
which can be used as unique global reference for ESET BackdoorDiplomacy Jun 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-01T00:00:00Z |
date_published | 2021-06-10T00:00:00Z |
source | MITRE, Tidal Cyber |
title | BackdoorDiplomacy: Upgrading from Quarian to Turian |
Backdooring an AWS account
Daniel Grzelak. (2016, July 9). Backdooring an AWS account. Retrieved May 27, 2022.
Internal MISP references
UUID 2c867527-1584-44f7-b5e5-8ca54ea79619
which can be used as unique global reference for Backdooring an AWS account
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-27T00:00:00Z |
date_published | 2016-07-09T00:00:00Z |
source | MITRE |
title | Backdooring an AWS account |
Symantec Linfo May 2012
Zhou, R. (2012, May 15). Backdoor.Linfo. Retrieved February 23, 2018.
Internal MISP references
UUID e6b88cd4-a58e-4139-b266-48d0f5957407
which can be used as unique global reference for Symantec Linfo May 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-23T00:00:00Z |
date_published | 2012-05-15T00:00:00Z |
source | MITRE |
title | Backdoor.Linfo |
Symantec Backdoor.Mivast
Stama, D.. (2015, February 6). Backdoor.Mivast. Retrieved February 15, 2016.
Internal MISP references
UUID 800780e3-7d00-4cfc-8458-74fe17da2f71
which can be used as unique global reference for Symantec Backdoor.Mivast
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-02-15T00:00:00Z |
date_published | 2015-02-06T00:00:00Z |
source | MITRE |
title | Backdoor.Mivast |
Symantec Nerex May 2012
Ladley, F. (2012, May 15). Backdoor.Nerex. Retrieved February 23, 2018.
Internal MISP references
UUID 1613fd6b-4d62-464b-9cda-6f7d3f0192e1
which can be used as unique global reference for Symantec Nerex May 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-23T00:00:00Z |
date_published | 2012-05-15T00:00:00Z |
source | MITRE |
title | Backdoor.Nerex |
Symantec Backdoor.Nidiran
Sponchioni, R.. (2016, March 11). Backdoor.Nidiran. Retrieved August 3, 2016.
Internal MISP references
UUID 01852772-c333-47a3-9e3f-e234a87f0b9b
which can be used as unique global reference for Symantec Backdoor.Nidiran
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-03T00:00:00Z |
date_published | 2016-03-11T00:00:00Z |
source | MITRE |
title | Backdoor.Nidiran |
Symantec Remsec IOCs
Symantec Security Response. (2016, August 8). Backdoor.Remsec indicators of compromise. Retrieved August 17, 2016.
Internal MISP references
UUID b00bf616-96e6-42c9-a56c-380047ad5acb
which can be used as unique global reference for Symantec Remsec IOCs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-17T00:00:00Z |
date_published | 2016-08-08T00:00:00Z |
source | MITRE |
title | Backdoor.Remsec indicators of compromise |
Symantec Ristol May 2012
Ladley, F. (2012, May 15). Backdoor.Ritsol. Retrieved February 23, 2018.
Internal MISP references
UUID 1c8b1762-8abd-479b-b78c-43d8c7be7c27
which can be used as unique global reference for Symantec Ristol May 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-23T00:00:00Z |
date_published | 2012-05-15T00:00:00Z |
source | MITRE |
title | Backdoor.Ritsol |
Symantec Vasport May 2012
Zhou, R. (2012, May 15). Backdoor.Vasport. Retrieved February 22, 2018.
Internal MISP references
UUID 2dc7d7fb-3d13-4647-b15b-5e501946d606
which can be used as unique global reference for Symantec Vasport May 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-22T00:00:00Z |
date_published | 2012-05-15T00:00:00Z |
source | MITRE |
title | Backdoor.Vasport |
FSecure Hupigon
FSecure. (n.d.). Backdoor - W32/Hupigon.EMV - Threat Description. Retrieved December 18, 2017.
Internal MISP references
UUID 08ceb57f-065e-45e9-98e9-d58a92caa755
which can be used as unique global reference for FSecure Hupigon
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-18T00:00:00Z |
source | MITRE |
title | Backdoor - W32/Hupigon.EMV - Threat Description |
Symantec Wiarp May 2012
Zhou, R. (2012, May 15). Backdoor.Wiarp. Retrieved February 22, 2018.
Internal MISP references
UUID 78285833-4b0d-4077-86d2-f34b010a5862
which can be used as unique global reference for Symantec Wiarp May 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-22T00:00:00Z |
date_published | 2012-05-15T00:00:00Z |
source | MITRE |
title | Backdoor.Wiarp |
Microsoft Lamin Sept 2017
Microsoft. (2009, May 17). Backdoor:Win32/Lamin.A. Retrieved September 6, 2018.
Internal MISP references
UUID 84b8b159-6e85-4329-8903-aca156f4ed84
which can be used as unique global reference for Microsoft Lamin Sept 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-06T00:00:00Z |
date_published | 2009-05-17T00:00:00Z |
source | MITRE |
title | Backdoor:Win32/Lamin.A |
Microsoft PoisonIvy 2017
McCormack, M. (2017, September 15). Backdoor:Win32/Poisonivy.E. Retrieved December 21, 2020.
Internal MISP references
UUID fc97a89c-c912-4b0c-b151-916695dbbca4
which can be used as unique global reference for Microsoft PoisonIvy 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-21T00:00:00Z |
date_published | 2017-09-15T00:00:00Z |
source | MITRE |
title | Backdoor:Win32/Poisonivy.E |
Microsoft Win Defender Truvasys Sep 2017
Microsoft. (2017, September 15). Backdoor:Win32/Truvasys.A!dha. Retrieved November 30, 2017.
Internal MISP references
UUID 3c8ba6ef-8edc-44bf-9abe-655ba0f45912
which can be used as unique global reference for Microsoft Win Defender Truvasys Sep 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-30T00:00:00Z |
date_published | 2017-09-15T00:00:00Z |
source | MITRE |
title | Backdoor:Win32/Truvasys.A!dha |
Microsoft Wingbird Nov 2017
Microsoft. (2017, November 9). Backdoor:Win32/Wingbird.A!dha. Retrieved November 27, 2017.
Internal MISP references
UUID 6c7e2b89-8f3a-443c-9b72-12934b9dc364
which can be used as unique global reference for Microsoft Wingbird Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-27T00:00:00Z |
date_published | 2017-11-09T00:00:00Z |
source | MITRE |
title | Backdoor:Win32/Wingbird.A!dha |
Microsoft BITS
Microsoft. (n.d.). Background Intelligent Transfer Service. Retrieved January 12, 2018.
Internal MISP references
UUID 3d925a69-35f3-4337-8e1e-275de4c1783e
which can be used as unique global reference for Microsoft BITS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-12T00:00:00Z |
source | MITRE |
title | Background Intelligent Transfer Service |
NCC Group Research Blog August 19 2022
NCC Group Research Blog. (2022, August 19). Back in Black: Unlocking a LockBit 3.0 Ransomware Attack. Retrieved May 7, 2023.
Internal MISP references
UUID 8c1fbe98-5fc1-4e67-9b96-b740ffc9b1ae
which can be used as unique global reference for NCC Group Research Blog August 19 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2022-08-19T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Back in Black: Unlocking a LockBit 3.0 Ransomware Attack |
Tech Republic - Restore AWS Snapshots
Hardiman, N.. (2012, March 20). Backing up and restoring snapshots on Amazon EC2 machines. Retrieved October 8, 2019.
Internal MISP references
UUID bfe848a3-c855-4bca-a6ea-44804d48c7eb
which can be used as unique global reference for Tech Republic - Restore AWS Snapshots
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-08T00:00:00Z |
date_published | 2012-03-20T00:00:00Z |
source | MITRE |
title | Backing up and restoring snapshots on Amazon EC2 machines |
Secureworks COBALT DICKENS August 2018
Counter Threat Unit Research Team. (2018, August 24). Back to School: COBALT DICKENS Targets Universities. Retrieved February 3, 2021.
Internal MISP references
UUID addbb46b-b2b5-4844-b4be-f6294cf51caa
which can be used as unique global reference for Secureworks COBALT DICKENS August 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-03T00:00:00Z |
date_published | 2018-08-24T00:00:00Z |
source | MITRE |
title | Back to School: COBALT DICKENS Targets Universities |
Cybereason Kimsuky November 2020
Dahan, A. et al. (2020, November 2). Back to the Future: Inside the Kimsuky KGH Spyware Suite. Retrieved November 6, 2020.
Internal MISP references
UUID ecc2f5ad-b2a8-470b-b919-cb184d12d00f
which can be used as unique global reference for Cybereason Kimsuky November 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-06T00:00:00Z |
date_published | 2020-11-02T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Back to the Future: Inside the Kimsuky KGH Spyware Suite |
Proofpoint TA453 March 2021
Miller, J. et al. (2021, March 30). BadBlood: TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns. Retrieved May 4, 2021.
Internal MISP references
UUID 5ba4217c-813b-4cc5-b694-3a4dcad776e4
which can be used as unique global reference for Proofpoint TA453 March 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-04T00:00:00Z |
date_published | 2021-03-30T00:00:00Z |
source | MITRE |
title | BadBlood: TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns |
Unit 42 BadPatch Oct 2017
Bar, T., Conant, S. (2017, October 20). BadPatch. Retrieved November 13, 2018.
Internal MISP references
UUID 9c294bf7-24ba-408a-90b8-5b9885838e1b
which can be used as unique global reference for Unit 42 BadPatch Oct 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-13T00:00:00Z |
date_published | 2017-10-20T00:00:00Z |
source | MITRE |
title | BadPatch |
ESET Bad Rabbit
M.Léveille, M-E.. (2017, October 24). Bad Rabbit: Not‑Petya is back with improved ransomware. Retrieved January 28, 2021.
Internal MISP references
UUID a9664f01-78f0-4461-a757-12f54ec99a56
which can be used as unique global reference for ESET Bad Rabbit
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-28T00:00:00Z |
date_published | 2017-10-24T00:00:00Z |
source | MITRE |
title | Bad Rabbit: Not‑Petya is back with improved ransomware |
Secure List Bad Rabbit
Mamedov, O. Sinitsyn, F. Ivanov, A.. (2017, October 24). Bad Rabbit ransomware. Retrieved January 28, 2021.
Internal MISP references
UUID f4cec03a-ea94-4874-9bea-16189e967ff9
which can be used as unique global reference for Secure List Bad Rabbit
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-28T00:00:00Z |
date_published | 2017-10-24T00:00:00Z |
source | MITRE |
title | Bad Rabbit ransomware |
BlackBerry Bahamut
The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.
Internal MISP references
UUID 872c377b-724b-454c-8432-e38062a7c331
which can be used as unique global reference for BlackBerry Bahamut
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-08T00:00:00Z |
date_published | 2020-10-01T00:00:00Z |
source | MITRE |
title | BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps |
BaltimoreSun RobbinHood May 2019
Duncan, I., Campbell, C. (2019, May 7). Baltimore city government computer network hit by ransomware attack. Retrieved July 29, 2019.
Internal MISP references
UUID f578de81-ea6b-49d0-9a0a-111e07249cd8
which can be used as unique global reference for BaltimoreSun RobbinHood May 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-29T00:00:00Z |
date_published | 2019-05-07T00:00:00Z |
source | MITRE |
title | Baltimore city government computer network hit by ransomware attack |
ESET Research Bandook July 7 2021
Fernando Tavella, Matías Porolli. (2021, July 7). Bandidos at large: A spying campaign in Latin America. Retrieved October 25, 2023.
Internal MISP references
UUID da6cac04-a318-4972-bd78-8272116b4ad7
which can be used as unique global reference for ESET Research Bandook July 7 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-25T00:00:00Z |
date_published | 2021-07-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Bandidos at large: A spying campaign in Latin America |
CheckPoint Bandook Nov 2020
Check Point. (2020, November 26). Bandook: Signed & Delivered. Retrieved May 31, 2021.
Internal MISP references
UUID 352652a9-86c9-42e1-8ee0-968180c6a51e
which can be used as unique global reference for CheckPoint Bandook Nov 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-31T00:00:00Z |
date_published | 2020-11-26T00:00:00Z |
source | MITRE |
title | Bandook: Signed & Delivered |
Banker Google Chrome Extension Steals Creds
Marinho, R. (n.d.). (Banker(GoogleChromeExtension)).targeting. Retrieved November 18, 2017.
Internal MISP references
UUID 93f37adc-d060-4b35-9a4d-62d2ad61cdf3
which can be used as unique global reference for Banker Google Chrome Extension Steals Creds
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-18T00:00:00Z |
source | MITRE |
title | (Banker(GoogleChromeExtension)).targeting |
Unit42 Banking Trojans Hooking 2022
Or Chechik. (2022, October 31). Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure. Retrieved September 27, 2023.
Internal MISP references
UUID 411c3df4-08e6-518a-953d-19988b663dc4
which can be used as unique global reference for Unit42 Banking Trojans Hooking 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-27T00:00:00Z |
date_published | 2022-10-31T00:00:00Z |
source | MITRE |
title | Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure |
Linux manual bash invocation
ArchWiki. (2021, January 19). Bash. Retrieved February 25, 2021.
Internal MISP references
UUID 06185cbd-6635-46c7-9783-67bd8742b66f
which can be used as unique global reference for Linux manual bash invocation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-25T00:00:00Z |
date_published | 2021-01-19T00:00:00Z |
source | MITRE |
title | Bash |
DieNet Bash
die.net. (n.d.). bash(1) - Linux man page. Retrieved June 12, 2020.
Internal MISP references
UUID c5b362ce-6bae-46f7-b047-e3a0b2bf2580
which can be used as unique global reference for DieNet Bash
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-12T00:00:00Z |
source | MITRE |
title | bash(1) - Linux man page |
Bash.exe - LOLBAS Project
LOLBAS. (2018, May 25). Bash.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 7d3efbc7-6abf-4f3f-aec8-686100bb90ad
which can be used as unique global reference for Bash.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Bash.exe |
Bashfuscator Command Obfuscators
LeFevre, A. (n.d.). Bashfuscator Command Obfuscators. Retrieved March 17, 2023.
Internal MISP references
UUID c0256889-3ff0-59de-b0d1-39a947a4c89d
which can be used as unique global reference for Bashfuscator Command Obfuscators
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-17T00:00:00Z |
source | MITRE |
title | Bashfuscator Command Obfuscators |
Microsoft Basic TxF Concepts
Microsoft. (n.d.). Basic TxF Concepts. Retrieved December 20, 2017.
Internal MISP references
UUID 72798536-a7e3-43e2-84e3-b5b8b54f0bca
which can be used as unique global reference for Microsoft Basic TxF Concepts
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
source | MITRE |
title | Basic TxF Concepts |
eSentire | BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif
eSentire. (2023, March 9). BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif. Retrieved May 10, 2023.
Internal MISP references
UUID 1bf10604-708f-4c4f-abe5-816768873496
which can be used as unique global reference for eSentire | BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-10T00:00:00Z |
date_published | 2023-03-09T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif |
BATLOADER: The Evasive Downloader Malware
Bethany Hardin, Lavine Oluoch, Tatiana Vollbrecht. (2022, November 14). BATLOADER: The Evasive Downloader Malware. Retrieved June 5, 2023.
Internal MISP references
UUID 53e12ade-99ed-51ee-b5c8-32180f144658
which can be used as unique global reference for BATLOADER: The Evasive Downloader Malware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-05T00:00:00Z |
date_published | 2022-11-14T00:00:00Z |
source | MITRE |
title | BATLOADER: The Evasive Downloader Malware |
Palo Alto Networks BBSRAT
Lee, B. Grunzweig, J. (2015, December 22). BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger. Retrieved August 19, 2016.
Internal MISP references
UUID 8c5d61ba-24c5-4f6c-a208-e0a5d23ebb49
which can be used as unique global reference for Palo Alto Networks BBSRAT
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-19T00:00:00Z |
date_published | 2015-12-22T00:00:00Z |
source | MITRE |
title | BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger |
Microsoft bcdedit 2021
Microsoft. (2021, May 27). bcdedit. Retrieved June 23, 2021.
Internal MISP references
UUID 40dedfcb-f666-4f2d-a518-5cd4ae2e273c
which can be used as unique global reference for Microsoft bcdedit 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-23T00:00:00Z |
date_published | 2021-05-27T00:00:00Z |
source | MITRE |
title | bcdedit |
Securelist BlackEnergy Nov 2014
Baumgartner, K. and Garnaeva, M.. (2014, November 3). BE2 custom plugins, router abuse, and target profiles. Retrieved March 24, 2016.
Internal MISP references
UUID c64696d0-ee42-41e5-92cb-13cf43fac0c9
which can be used as unique global reference for Securelist BlackEnergy Nov 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-24T00:00:00Z |
date_published | 2014-11-03T00:00:00Z |
source | MITRE |
title | BE2 custom plugins, router abuse, and target profiles |
Securelist BlackEnergy Feb 2015
Baumgartner, K. and Garnaeva, M.. (2015, February 17). BE2 extraordinary plugins, Siemens targeting, dev fails. Retrieved March 24, 2016.
Internal MISP references
UUID ef043c07-6ae6-4cd2-82cf-7cbdb259f676
which can be used as unique global reference for Securelist BlackEnergy Feb 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-24T00:00:00Z |
date_published | 2015-02-17T00:00:00Z |
source | MITRE |
title | BE2 extraordinary plugins, Siemens targeting, dev fails |
Crowdstrike DNC June 2016
Alperovitch, D.. (2016, June 15). Bears in the Midst: Intrusion into the Democratic National Committee. Retrieved August 3, 2016.
Internal MISP references
UUID 7f4edc06-ac67-4d71-b39c-5df9ce521bbb
which can be used as unique global reference for Crowdstrike DNC June 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-03T00:00:00Z |
date_published | 2016-06-15T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Bears in the Midst: Intrusion into the Democratic National Committee |
Deep Instinct Black Basta August 2022
Vilkomir-Preisman, S. (2022, August 18). Beating Black Basta Ransomware. Retrieved March 8, 2023.
Internal MISP references
UUID 72b64d7d-f8eb-54d3-83c8-a883906ceea1
which can be used as unique global reference for Deep Instinct Black Basta August 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-08T00:00:00Z |
date_published | 2022-08-18T00:00:00Z |
source | MITRE |
title | Beating Black Basta Ransomware |
Bienstock, D. - Defending O365 - 2019
Bienstock, D.. (2019). BECS and Beyond: Investigating and Defending O365. Retrieved September 13, 2019.
Internal MISP references
UUID 4866e6c3-c1b2-4131-bd8f-0ac228168a10
which can be used as unique global reference for Bienstock, D. - Defending O365 - 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-13T00:00:00Z |
date_published | 2019-01-01T00:00:00Z |
source | MITRE |
title | BECS and Beyond: Investigating and Defending O365 |
Kevin Mandia Statement to US Senate Committee on Intelligence
Kevin Mandia. (2017, March 30). Prepared Statement of Kevin Mandia, CEO of FireEye, Inc. before the United States Senate Select Committee on Intelligence. Retrieved April 19, 2019.
Internal MISP references
UUID c40a3f96-75f4-4b1c-98a5-cb38129c6dc4
which can be used as unique global reference for Kevin Mandia Statement to US Senate Committee on Intelligence
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-19T00:00:00Z |
source | MITRE |
title | before the United States Senate Select Committee on Intelligence |
Microsoft Dofoil 2018
Windows Defender Research. (2018, March 7). Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign. Retrieved March 20, 2018.
Internal MISP references
UUID 85069317-2c25-448b-9ff4-504e429dc1bf
which can be used as unique global reference for Microsoft Dofoil 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-20T00:00:00Z |
date_published | 2018-03-07T00:00:00Z |
source | MITRE |
title | Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign |
Obsidian SSPR Abuse 2023
Noah Corradin and Shuyang Wang. (2023, August 1). Behind The Breach: Self-Service Password Reset (SSPR) Abuse in Azure AD. Retrieved March 28, 2024.
Internal MISP references
UUID 7f28f770-ef06-5923-b759-b731ceabe08a
which can be used as unique global reference for Obsidian SSPR Abuse 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-28T00:00:00Z |
date_published | 2023-08-01T00:00:00Z |
source | MITRE |
title | Behind The Breach: Self-Service Password Reset (SSPR) Abuse in Azure AD |
FireEye CARBANAK June 2017
Bennett, J., Vengerik, B. (2017, June 12). Behind the CARBANAK Backdoor. Retrieved June 11, 2018.
Internal MISP references
UUID 39105492-6044-460c-9dc9-3d4473ee862e
which can be used as unique global reference for FireEye CARBANAK June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-06-11T00:00:00Z |
date_published | 2017-06-12T00:00:00Z |
source | MITRE |
title | Behind the CARBANAK Backdoor |
Expel Behind the Scenes
S. Lipton, L. Easterly, A. Randazzo and J. Hencinski. (2020, July 28). Behind the scenes in the Expel SOC: Alert-to-fix in AWS. Retrieved October 1, 2020.
Internal MISP references
UUID d538026c-da30-48d2-bc30-fde3776db1a8
which can be used as unique global reference for Expel Behind the Scenes
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-01T00:00:00Z |
date_published | 2020-07-28T00:00:00Z |
source | MITRE |
title | Behind the scenes in the Expel SOC: Alert-to-fix in AWS |
Microsoft BEC Campaign
Carr, N., Sellmer, S. (2021, June 14). Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign. Retrieved June 15, 2021.
Internal MISP references
UUID 1de8c853-2b0c-439b-a31b-a2c4fa9f4206
which can be used as unique global reference for Microsoft BEC Campaign
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-15T00:00:00Z |
date_published | 2021-06-14T00:00:00Z |
source | MITRE |
title | Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign |
Unit42 BendyBear Feb 2021
Harbison, M. (2021, February 9). BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech. Retrieved February 16, 2021.
Internal MISP references
UUID f5cbc08f-6f2c-4c81-9d68-07f61e16f138
which can be used as unique global reference for Unit42 BendyBear Feb 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-16T00:00:00Z |
date_published | 2021-02-09T00:00:00Z |
source | MITRE |
title | BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech |
Google Cloud Storage Best Practices, 2019
Google. (2019, September 16). Best practices for Cloud Storage. Retrieved October 4, 2019.
Internal MISP references
UUID 752ad355-0f10-4c8d-bad8-42bf2fc75fa0
which can be used as unique global reference for Google Cloud Storage Best Practices, 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-04T00:00:00Z |
date_published | 2019-09-16T00:00:00Z |
source | MITRE |
title | Best practices for Cloud Storage |
Shadowbunny VM Defense Evasion
Johann Rehberger. (2020, September 23). Beware of the Shadowbunny - Using virtual machines to persist and evade detections. Retrieved September 22, 2021.
Internal MISP references
UUID eef7cd8a-8cb6-4b24-ba49-9b17353d20b5
which can be used as unique global reference for Shadowbunny VM Defense Evasion
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-22T00:00:00Z |
date_published | 2020-09-23T00:00:00Z |
source | MITRE |
title | Beware of the Shadowbunny - Using virtual machines to persist and evade detections |
T1105: Trellix_search-ms
Mathanraj Thangaraju, Sijo Jacob. (2023, July 26). Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler. Retrieved March 15, 2024.
Internal MISP references
UUID 7079d170-9ead-5be4-bbc8-13c3f082b3dd
which can be used as unique global reference for T1105: Trellix_search-ms
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-15T00:00:00Z |
date_published | 2023-07-26T00:00:00Z |
source | MITRE |
title | Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler |
Hexacorn Office Test
Hexacorn. (2014, April 16). Beyond good ol’ Run key, Part 10. Retrieved July 3, 2017.
Internal MISP references
UUID 60d90852-ea00-404d-b613-9ad1589aff31
which can be used as unique global reference for Hexacorn Office Test
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-03T00:00:00Z |
date_published | 2014-04-16T00:00:00Z |
source | MITRE |
title | Beyond good ol’ Run key, Part 10 |
Hexacorn Logon Scripts
Hexacorn. (2014, November 14). Beyond good ol’ Run key, Part 18. Retrieved November 15, 2019.
Internal MISP references
UUID bdcdfe9e-1f22-4472-9a86-faefcb5c5618
which can be used as unique global reference for Hexacorn Logon Scripts
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-11-15T00:00:00Z |
date_published | 2014-11-14T00:00:00Z |
source | MITRE |
title | Beyond good ol’ Run key, Part 18 |
Hexacorn Office Template Macros
Hexacorn. (2017, April 17). Beyond good ol’ Run key, Part 62. Retrieved July 3, 2017.
Internal MISP references
UUID 7d558a35-a5c0-4e4c-92bf-cb2435c41a95
which can be used as unique global reference for Hexacorn Office Template Macros
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-03T00:00:00Z |
date_published | 2017-04-17T00:00:00Z |
source | MITRE |
title | Beyond good ol’ Run key, Part 62 |
Bginfo.exe - LOLBAS Project
LOLBAS. (2018, May 25). Bginfo.exe. Retrieved December 4, 2023.
Internal MISP references
UUID ca1eaac2-7449-4a76-bec2-9dc5971fd808
which can be used as unique global reference for Bginfo.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Bginfo.exe |
Cyble August 18 2022
Cybleinc. (2022, August 18). BianLian: New Ransomware variant on the rise. Retrieved May 18, 2023.
Internal MISP references
UUID 2de00d16-9b9e-4e03-925f-4fcdae4d6e1a
which can be used as unique global reference for Cyble August 18 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-18T00:00:00Z |
date_published | 2022-08-18T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | BianLian: New Ransomware variant on the rise |
BianLian Ransomware Gang Gives It a Go! | [redacted]
Ben Armstrong, Lauren Pearce, Brad Pittack, Danny Quist. (2022, September 1). BianLian Ransomware Gang Gives It a Go!. Retrieved May 18, 2023.
Internal MISP references
UUID fc1aa979-7dbc-4fff-a8d1-b35a3b2bec3d
which can be used as unique global reference for BianLian Ransomware Gang Gives It a Go! | [redacted]
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-18T00:00:00Z |
date_published | 2022-09-01T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | BianLian Ransomware Gang Gives It a Go! |
Group IB APT 41 June 2021
Rostovcev, N. (2021, June 10). Big airline heist APT41 likely behind a third-party attack on Air India. Retrieved August 26, 2021.
Internal MISP references
UUID a2bf43a0-c7da-4cb9-8f9a-b34fac92b625
which can be used as unique global reference for Group IB APT 41 June 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-26T00:00:00Z |
date_published | 2021-06-10T00:00:00Z |
source | MITRE |
title | Big airline heist APT41 likely behind a third-party attack on Air India |
Crowdstrike Indrik November 2018
Frankoff, S., Hartley, B. (2018, November 14). Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware. Retrieved January 6, 2021.
Internal MISP references
UUID 0f85f611-90db-43ba-8b71-5d0d4ec8cdd5
which can be used as unique global reference for Crowdstrike Indrik November 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-06T00:00:00Z |
date_published | 2018-11-14T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware |
CrowdStrike Ryuk January 2019
Hanel, A. (2019, January 10). Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware. Retrieved May 12, 2020.
Internal MISP references
UUID df471757-2ce0-48a7-922f-a84c57704914
which can be used as unique global reference for CrowdStrike Ryuk January 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-12T00:00:00Z |
date_published | 2019-01-10T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware |
OWASP Binary Planting
OWASP. (2013, January 30). Binary planting. Retrieved June 7, 2016.
Internal MISP references
UUID 86fc5a62-385e-4c56-9812-138db0808fba
which can be used as unique global reference for OWASP Binary Planting
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-07T00:00:00Z |
date_published | 2013-01-30T00:00:00Z |
source | MITRE |
title | Binary planting |
Wikipedia Binary-to-text Encoding
Wikipedia. (2016, December 26). Binary-to-text encoding. Retrieved March 1, 2017.
Internal MISP references
UUID 9b3820e8-f094-4e87-9ed6-ab0207d509fb
which can be used as unique global reference for Wikipedia Binary-to-text Encoding
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-01T00:00:00Z |
date_published | 2016-12-26T00:00:00Z |
source | MITRE |
title | Binary-to-text encoding |
Sucuri BIND9 August 2015
Cid, D.. (2015, August 2). BIND9 – Denial of Service Exploit in the Wild. Retrieved April 26, 2019.
Internal MISP references
UUID 5e108782-2f32-4704-be01-055d9e767216
which can be used as unique global reference for Sucuri BIND9 August 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-26T00:00:00Z |
date_published | 2015-08-02T00:00:00Z |
source | MITRE |
title | BIND9 – Denial of Service Exploit in the Wild |
Wikipedia BIOS
Wikipedia. (n.d.). BIOS. Retrieved January 5, 2016.
Internal MISP references
UUID 0c4a2cb3-d663-47ee-87af-c5e9e68fe15f
which can be used as unique global reference for Wikipedia BIOS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-05T00:00:00Z |
source | MITRE |
title | BIOS |
Ge 2011
Ge, L. (2011, September 9). BIOS Threat is Showing up Again!. Retrieved November 14, 2014.
Internal MISP references
UUID dd6032fb-8913-4593-81b9-86d1239e01f4
which can be used as unique global reference for Ge 2011
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-14T00:00:00Z |
date_published | 2011-09-09T00:00:00Z |
source | MITRE |
title | BIOS Threat is Showing up Again! |
Talos Bisonal Mar 2020
Mercer, W., et al. (2020, March 5). Bisonal: 10 years of play. Retrieved January 26, 2022.
Internal MISP references
UUID eaecccff-e0a0-4fa0-81e5-799b23c26b5a
which can be used as unique global reference for Talos Bisonal Mar 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-26T00:00:00Z |
date_published | 2020-03-05T00:00:00Z |
source | MITRE |
title | Bisonal: 10 years of play |
Talos Bisonal 10 Years March 2020
Warren Mercer, Paul Rascagneres, Vitor Ventura. (2020, March 6). Bisonal 10 Years of Play. Retrieved October 17, 2021.
Internal MISP references
UUID 6844e59b-d393-43df-9978-e3e3cc7b8db6
which can be used as unique global reference for Talos Bisonal 10 Years March 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-17T00:00:00Z |
date_published | 2020-03-06T00:00:00Z |
source | MITRE |
title | Bisonal 10 Years of Play |
Unit 42 Bisonal July 2018
Hayashi, K., Ray, V. (2018, July 31). Bisonal Malware Used in Attacks Against Russia and South Korea. Retrieved August 7, 2018.
Internal MISP references
UUID 30b2ec12-b785-43fb-ab72-b37387046d15
which can be used as unique global reference for Unit 42 Bisonal July 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-07T00:00:00Z |
date_published | 2018-07-31T00:00:00Z |
source | MITRE |
title | Bisonal Malware Used in Attacks Against Russia and South Korea |
Bitsadmin.exe - LOLBAS Project
LOLBAS. (2018, May 25). Bitsadmin.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 89bdc17b-553c-4245-acde-f6c56602e357
which can be used as unique global reference for Bitsadmin.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Bitsadmin.exe |
Microsoft BITSAdmin
Microsoft. (n.d.). BITSAdmin Tool. Retrieved January 12, 2018.
Internal MISP references
UUID 5b8c2a8c-f01e-491a-aaf9-504ee7a1caed
which can be used as unique global reference for Microsoft BITSAdmin
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-12T00:00:00Z |
source | MITRE |
title | BITSAdmin Tool |
Cisco Talos Bitter Bangladesh May 2022
Raghuprasad, C . (2022, May 11). Bitter APT adds Bangladesh to their targets. Retrieved June 1, 2022.
Internal MISP references
UUID 097583ed-03b0-41cd-bf85-66d473f46439
which can be used as unique global reference for Cisco Talos Bitter Bangladesh May 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-01T00:00:00Z |
date_published | 2022-05-11T00:00:00Z |
source | MITRE |
title | Bitter APT adds Bangladesh to their targets |
Forcepoint BITTER Pakistan Oct 2016
Dela Paz, R. (2016, October 21). BITTER: a targeted attack against Pakistan. Retrieved June 1, 2022.
Internal MISP references
UUID 9fc54fb0-b7d9-49dc-b6dd-ab4cb2cd34fa
which can be used as unique global reference for Forcepoint BITTER Pakistan Oct 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-01T00:00:00Z |
date_published | 2016-10-21T00:00:00Z |
source | MITRE |
title | BITTER: a targeted attack against Pakistan |
Camba RARSTONE
Camba, A. (2013, February 27). BKDR_RARSTONE: New RAT to Watch Out For. Retrieved January 8, 2016.
Internal MISP references
UUID bca93846-457d-4644-ba43-f9293982916f
which can be used as unique global reference for Camba RARSTONE
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-08T00:00:00Z |
date_published | 2013-02-27T00:00:00Z |
source | MITRE |
title | BKDR_RARSTONE: New RAT to Watch Out For |
TrendMicro BKDR_URSNIF.SM
Sioting, S. (2013, June 15). BKDR_URSNIF.SM. Retrieved June 5, 2019.
Internal MISP references
UUID aa791512-039e-4230-ab49-f184ca0e38c5
which can be used as unique global reference for TrendMicro BKDR_URSNIF.SM
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-05T00:00:00Z |
date_published | 2013-06-15T00:00:00Z |
source | MITRE |
title | BKDR_URSNIF.SM |
Cyble September 28 2022
Cybleinc. (2023, September 28). Bl00dy – New Ransomware Strain Active in the Wild. Retrieved August 3, 2023.
Internal MISP references
UUID ae2daa9c-6741-4ab7-854d-bee1170b3d7a
which can be used as unique global reference for Cyble September 28 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-03T00:00:00Z |
date_published | 2023-09-28T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Bl00dy – New Ransomware Strain Active in the Wild |
Trend Micro Pikabot January 9 2024
Shinji Robert Arasawa, Joshua Aquino, Charles Steven Derion, Juhn Emmanuel Atanque, Francisrey Joshua Castillo, John Carlo Marquez, Henry Salcedo, John Rainier Navato, Arianne Dela Cruz, Raymart Yambot, Ian Kenefick. (2024, January 9). Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign. Retrieved January 11, 2024.
Internal MISP references
UUID dc7d882b-4e83-42da-8e2f-f557b675930a
which can be used as unique global reference for Trend Micro Pikabot January 9 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-11T00:00:00Z |
date_published | 2024-01-09T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign |
Check Point Black Basta October 2022
Check Point. (2022, October 20). BLACK BASTA AND THE UNNOTICED DELIVERY. Retrieved March 8, 2023.
Internal MISP references
UUID 7a00457b-ae72-5aea-904f-9ca7f4cb9fe9
which can be used as unique global reference for Check Point Black Basta October 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-08T00:00:00Z |
date_published | 2022-10-20T00:00:00Z |
source | MITRE |
title | BLACK BASTA AND THE UNNOTICED DELIVERY |
BlackBasta
Antonio Cocomazzi and Antonio Pirozzi. (2022, November 3). Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor. Retrieved March 14, 2023.
Internal MISP references
UUID c7e55e37-d051-5111-8d0a-738656f88650
which can be used as unique global reference for BlackBasta
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-14T00:00:00Z |
date_published | 2022-11-03T00:00:00Z |
source | MITRE |
title | Black Basta Ransomware |
Trend Micro Black Basta October 2022
Kenefick, I. et al. (2022, October 12). Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike. Retrieved February 6, 2023.
Internal MISP references
UUID 6e4a1565-4a30-5a6b-961c-226a6f1967ae
which can be used as unique global reference for Trend Micro Black Basta October 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-06T00:00:00Z |
date_published | 2022-10-12T00:00:00Z |
source | MITRE |
title | Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike |
Uptycs Black Basta ESXi June 2022
Sharma, S. and Hegde, N. (2022, June 7). Black basta Ransomware Goes Cross-Platform, Now Targets ESXi Systems. Retrieved March 8, 2023.
Internal MISP references
UUID a8145e38-c2a4-5021-824d-5a831299b9d9
which can be used as unique global reference for Uptycs Black Basta ESXi June 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-08T00:00:00Z |
date_published | 2022-06-07T00:00:00Z |
source | MITRE |
title | Black basta Ransomware Goes Cross-Platform, Now Targets ESXi Systems |
Elliptic Black Basta November 29 2023
Elliptic Research. (2023, November 29). Black Basta ransomware victims have paid over $100 million. Retrieved May 14, 2024.
Internal MISP references
UUID dc7579c0-911d-417d-bba5-bc36e078b640
which can be used as unique global reference for Elliptic Black Basta November 29 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-05-14T00:00:00Z |
date_published | 2023-11-29T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Black Basta ransomware victims have paid over $100 million |
BlackBerry Black Basta May 2022
Ballmer, D. (2022, May 6). Black Basta: Rebrand of Conti or Something New?. Retrieved March 7, 2023.
Internal MISP references
UUID 32a272fe-ac10-5478-88a0-b3dd366ec540
which can be used as unique global reference for BlackBerry Black Basta May 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-07T00:00:00Z |
date_published | 2022-05-06T00:00:00Z |
source | MITRE |
title | Black Basta: Rebrand of Conti or Something New? |
WMI 6
Microsoft. (2022, June 13). BlackCat. Retrieved February 13, 2024.
Internal MISP references
UUID df07a086-0d38-570b-b0c5-9f5061212db7
which can be used as unique global reference for WMI 6
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-13T00:00:00Z |
date_published | 2022-06-13T00:00:00Z |
source | MITRE |
title | BlackCat |
FBI BlackCat April 19 2022
FBI. (2022, April 19). BlackCat/ALPHV Ransomware Indicators of Compromise. Retrieved September 14, 2023.
Internal MISP references
UUID 2640b58c-8413-4691-80e1-33aec9b6c7f6
which can be used as unique global reference for FBI BlackCat April 19 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-14T00:00:00Z |
date_published | 2022-04-19T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | BlackCat/ALPHV Ransomware Indicators of Compromise |
X-Force BlackCat May 30 2023
IBM Security X-Force Team. (2023, May 30). BlackCat (ALPHV) ransomware levels up for stealth, speed and exfiltration. Retrieved September 14, 2023.
Internal MISP references
UUID b80c1f70-9d05-4f4b-bdc2-6157c6837202
which can be used as unique global reference for X-Force BlackCat May 30 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-14T00:00:00Z |
date_published | 2023-05-30T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | BlackCat (ALPHV) ransomware levels up for stealth, speed and exfiltration |
BlackBerry BlackCat Threat Overview
BlackBerry. (n.d.). BlackCat Malware (AKA ALPHV). Retrieved September 14, 2023.
Internal MISP references
UUID 59f98ae1-c62d-460f-8d2a-9ae287b59953
which can be used as unique global reference for BlackBerry BlackCat Threat Overview
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-14T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | BlackCat Malware (AKA ALPHV) |
Huntress BlackCat
Carvey, H. (2024, February 28). BlackCat Ransomware Affiliate TTPs. Retrieved March 27, 2024.
Internal MISP references
UUID faa60cf9-0fc5-5728-90be-d0e11b48a921
which can be used as unique global reference for Huntress BlackCat
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-27T00:00:00Z |
date_published | 2024-02-28T00:00:00Z |
source | MITRE |
title | BlackCat Ransomware Affiliate TTPs |
Sophos BlackCat Jul 2022
Brandt, Andrew. (2022, July 14). BlackCat ransomware attacks not merely a byproduct of bad luck. Retrieved December 20, 2022.
Internal MISP references
UUID 481a0106-d5b6-532c-8f5b-6c0c477185f4
which can be used as unique global reference for Sophos BlackCat Jul 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-12-20T00:00:00Z |
date_published | 2022-07-14T00:00:00Z |
source | MITRE |
title | BlackCat ransomware attacks not merely a byproduct of bad luck |
ESEST Black Energy Jan 2016
Cherepanov, A.. (2016, January 3). BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry. Retrieved May 18, 2016.
Internal MISP references
UUID 4d626eb9-3722-4aa4-b95e-1650cc2865c2
which can be used as unique global reference for ESEST Black Energy Jan 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-05-18T00:00:00Z |
date_published | 2016-01-03T00:00:00Z |
source | MITRE |
title | BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry |
ESET BlackEnergy Jan 2016
Cherepanov, A.. (2016, January 3). BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry . Retrieved June 10, 2020.
Internal MISP references
UUID a0103079-c966-46b6-8871-c01f7f0eea4c
which can be used as unique global reference for ESET BlackEnergy Jan 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-10T00:00:00Z |
date_published | 2016-01-03T00:00:00Z |
source | MITRE |
title | BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry |
F-Secure BlackEnergy 2014
F-Secure Labs. (2014). BlackEnergy & Quedagh: The convergence of crimeware and APT attacks. Retrieved March 24, 2016.
Internal MISP references
UUID 5f228fb5-d959-4c4a-bb8c-f9dc01d5af07
which can be used as unique global reference for F-Secure BlackEnergy 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-24T00:00:00Z |
date_published | 2014-01-01T00:00:00Z |
source | MITRE |
title | BlackEnergy & Quedagh: The convergence of crimeware and APT attacks |
ESET BlackLotus March 01 2023
Martin Smolár. (2023, March 1). BlackLotus UEFI bootkit: Myth confirmed. Retrieved September 29, 2023.
Internal MISP references
UUID 1a4c134b-c701-400f-beee-e6b3cc835042
which can be used as unique global reference for ESET BlackLotus March 01 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-29T00:00:00Z |
date_published | 2023-03-01T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | BlackLotus UEFI bootkit: Myth confirmed |
Securelist BlackOasis Oct 2017
Kaspersky Lab's Global Research & Analysis Team. (2017, October 16). BlackOasis APT and new targeted attacks leveraging zero-day exploit. Retrieved February 15, 2018.
Internal MISP references
UUID 66121c37-6b66-4ab2-9f63-1adb80dcec62
which can be used as unique global reference for Securelist BlackOasis Oct 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-15T00:00:00Z |
date_published | 2017-10-16T00:00:00Z |
source | MITRE, Tidal Cyber |
title | BlackOasis APT and new targeted attacks leveraging zero-day exploit |
ReliaQuest May 28 2024
ReliaQuest Threat Research Team. (2024, May 28). BlackSuit Attack Analysis - ReliaQuest. Retrieved June 5, 2024.
Internal MISP references
UUID 2a67b1df-9a15-487e-a777-8a3fe46b0179
which can be used as unique global reference for ReliaQuest May 28 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-06-05T00:00:00Z |
date_published | 2024-05-28T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | BlackSuit Attack Analysis - ReliaQuest |
HC3 Analyst Note BlackSuit Ransomware November 2023
Health Sector Cybersecurity Coordination Center (HC3). (2023, November 6). BlackSuit Ransomware. Retrieved June 7, 2024.
Internal MISP references
UUID d956f0c6-d90e-49e8-a64c-a46bfc177cc6
which can be used as unique global reference for HC3 Analyst Note BlackSuit Ransomware November 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-06-07T00:00:00Z |
date_published | 2023-11-06T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | BlackSuit Ransomware |
Cyble May 12 2023
Cybleinc. (2023, May 12). BlackSuit Ransomware Strikes Windows and Linux Users. Retrieved January 1, 2024.
Internal MISP references
UUID 7e335494-86a7-49cd-a9f3-783d73c36d9d
which can be used as unique global reference for Cyble May 12 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-01T00:00:00Z |
date_published | 2023-05-12T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | BlackSuit Ransomware Strikes Windows and Linux Users |
Palo Alto Black-T October 2020
Quist, N. (2020, October 5). Black-T: New Cryptojacking Variant from TeamTNT. Retrieved September 22, 2021.
Internal MISP references
UUID d4351c8e-026d-4660-9344-166481ecf64a
which can be used as unique global reference for Palo Alto Black-T October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-22T00:00:00Z |
date_published | 2020-10-05T00:00:00Z |
source | MITRE |
title | Black-T: New Cryptojacking Variant from TeamTNT |
BlackWater Malware Cloudflare Workers
Lawrence Abrams. (2020, March 14). BlackWater Malware Abuses Cloudflare Workers for C2 Communication. Retrieved July 8, 2022.
Internal MISP references
UUID 053895e8-da3f-4291-a728-2198fde774e7
which can be used as unique global reference for BlackWater Malware Cloudflare Workers
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-08T00:00:00Z |
date_published | 2020-03-14T00:00:00Z |
source | MITRE |
title | BlackWater Malware Abuses Cloudflare Workers for C2 Communication |
NHS UK BLINDINGCAN Aug 2020
NHS Digital . (2020, August 20). BLINDINGCAN Remote Access Trojan. Retrieved August 20, 2020.
Internal MISP references
UUID acca4c89-acce-4916-88b6-f4dac7d8ab19
which can be used as unique global reference for NHS UK BLINDINGCAN Aug 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-20T00:00:00Z |
date_published | 2020-08-20T00:00:00Z |
source | MITRE |
title | BLINDINGCAN Remote Access Trojan |
Azure Blob Snapshots
Microsoft Azure. (2021, December 29). Blob snapshots. Retrieved March 2, 2022.
Internal MISP references
UUID 152628ab-3244-4cc7-a68e-a220b652039b
which can be used as unique global reference for Azure Blob Snapshots
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-02T00:00:00Z |
date_published | 2021-12-29T00:00:00Z |
source | MITRE |
title | Blob snapshots |
objsee block blocking login items
Patrick Wardle. (2018, July 23). Block Blocking Login Items. Retrieved October 1, 2021.
Internal MISP references
UUID 76511800-8331-476b-ab4f-0daa587f5e22
which can be used as unique global reference for objsee block blocking login items
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-01T00:00:00Z |
date_published | 2018-07-23T00:00:00Z |
source | MITRE |
title | Block Blocking Login Items |
Technospot Chrome Extensions GP
Mohta, A. (n.d.). Block Chrome Extensions using Google Chrome Group Policy Settings. Retrieved January 10, 2018.
Internal MISP references
UUID 76faf20c-27d3-4e67-8ab7-8480f8f88ae5
which can be used as unique global reference for Technospot Chrome Extensions GP
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-10T00:00:00Z |
source | MITRE |
title | Block Chrome Extensions using Google Chrome Group Policy Settings |
Evi1cg Forfiles Nov 2017
Evi1cg. (2017, November 26). block cmd.exe ? try this :. Retrieved January 22, 2018.
Internal MISP references
UUID b292b85e-68eb-43c3-9b5b-222810e2f26a
which can be used as unique global reference for Evi1cg Forfiles Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-22T00:00:00Z |
date_published | 2017-11-26T00:00:00Z |
source | MITRE |
title | block cmd.exe ? try this : |
Fifield Blocking Resistent Communication through domain fronting 2015
David Fifield, Chang Lan, Rod Hynes, Percy Wegmann, and Vern Paxson. (2015). Blocking-resistant communication through domain fronting. Retrieved November 20, 2017.
Internal MISP references
UUID 52671075-c425-40c7-a49a-b75e44a0c58a
which can be used as unique global reference for Fifield Blocking Resistent Communication through domain fronting 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-20T00:00:00Z |
date_published | 2015-01-01T00:00:00Z |
source | MITRE |
title | Blocking-resistant communication through domain fronting |
GitHub Bloodhound
Robbins, A., Vazarkar, R., and Schroeder, W. (2016, April 17). Bloodhound: Six Degrees of Domain Admin. Retrieved March 5, 2019.
Internal MISP references
UUID e90b4941-5dff-4f38-b4dd-af3426fd621e
which can be used as unique global reference for GitHub Bloodhound
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-05T00:00:00Z |
date_published | 2016-04-17T00:00:00Z |
source | MITRE |
title | Bloodhound: Six Degrees of Domain Admin |
Blue Cloud of Death Video
Kunz, Bruce. (2018, October 14). Blue Cloud of Death: Red Teaming Azure. Retrieved November 21, 2019.
Internal MISP references
UUID 39b0adf6-c71e-4501-b8bb-fab82718486b
which can be used as unique global reference for Blue Cloud of Death Video
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-11-21T00:00:00Z |
date_published | 2018-10-14T00:00:00Z |
source | MITRE |
title | Blue Cloud of Death: Red Teaming Azure |
Blue Cloud of Death
Kunz, Bryce. (2018, May 11). Blue Cloud of Death: Red Teaming Azure. Retrieved October 23, 2019.
Internal MISP references
UUID 0c764280-9d8c-4fa4-9088-170f02550d4c
which can be used as unique global reference for Blue Cloud of Death
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-23T00:00:00Z |
date_published | 2018-05-11T00:00:00Z |
source | MITRE |
title | Blue Cloud of Death: Red Teaming Azure |
1 - appv
SEONGSU PARK. (2022, December 27). BlueNoroff introduces new methods bypassing MoTW. Retrieved February 6, 2024.
Internal MISP references
UUID acdf0a7f-f341-5bec-bfe0-f879827f0185
which can be used as unique global reference for 1 - appv
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-06T00:00:00Z |
date_published | 2022-12-27T00:00:00Z |
source | MITRE |
title | BlueNoroff introduces new methods bypassing MoTW |
apple doco bonjour description
Apple Inc. (2013, April 23). Bonjour Overview. Retrieved October 11, 2021.
Internal MISP references
UUID b8538d67-ab91-41c2-9cc3-a7b00c6b372a
which can be used as unique global reference for apple doco bonjour description
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-11T00:00:00Z |
date_published | 2013-04-23T00:00:00Z |
source | MITRE |
title | Bonjour Overview |
Booby Trap Shortcut 2017
Weyne, F. (2017, April). Booby trap a shortcut with a backdoor. Retrieved October 3, 2023.
Internal MISP references
UUID 1a820fb8-3cff-584b-804f-9bad0592873b
which can be used as unique global reference for Booby Trap Shortcut 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-03T00:00:00Z |
date_published | 2017-04-01T00:00:00Z |
source | MITRE |
title | Booby trap a shortcut with a backdoor |
Microsoft Bootcfg
Gerend, J. et al. (2017, October 16). bootcfg. Retrieved August 30, 2021.
Internal MISP references
UUID 44ffaa60-4461-4463-a1b5-abc868368c0a
which can be used as unique global reference for Microsoft Bootcfg
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-30T00:00:00Z |
date_published | 2017-10-16T00:00:00Z |
source | MITRE |
title | bootcfg |
Imperva DDoS for Hire
Imperva. (n.d.). Booters, Stressers and DDoSers. Retrieved October 4, 2020.
Internal MISP references
UUID 86f87ec6-058e-45a7-9314-0579a2b4e8f2
which can be used as unique global reference for Imperva DDoS for Hire
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-04T00:00:00Z |
source | MITRE |
title | Booters, Stressers and DDoSers |
Wikipedia Booting
Wikipedia. (n.d.). Booting. Retrieved November 13, 2019.
Internal MISP references
UUID 6d9c72cb-6cda-445e-89ea-7e695063d49a
which can be used as unique global reference for Wikipedia Booting
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-11-13T00:00:00Z |
source | MITRE |
title | Booting |
FireEye BOOTRASH SANS
Glyer, C.. (2017, June 22). Boot What?. Retrieved May 4, 2020.
Internal MISP references
UUID 835c9e5d-b291-43d9-9b8a-2978aa8c8cd3
which can be used as unique global reference for FireEye BOOTRASH SANS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-04T00:00:00Z |
date_published | 2017-06-22T00:00:00Z |
source | MITRE |
title | Boot What? |
Booz Allen Hamilton
Booz Allen Hamilton. (n.d.). When The Lights Went Out. Retrieved October 22, 2019
Internal MISP references
UUID 7f0acd33-602e-5f07-a1ae-a87e3c8f2eb5
which can be used as unique global reference for Booz Allen Hamilton
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-22T00:00:00Z |
source | MITRE |
title | Booz Allen Hamilton |
Unit42 LockerGoga 2019
Harbison, M. (2019, March 26). Born This Way? Origins of LockerGoga. Retrieved April 16, 2019.
Internal MISP references
UUID 8f058923-f2f7-4c0e-b90a-c7a0d5e62186
which can be used as unique global reference for Unit42 LockerGoga 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-16T00:00:00Z |
date_published | 2019-03-26T00:00:00Z |
source | MITRE |
title | Born This Way? Origins of LockerGoga |
Threatexpress MetaTwin 2017
Vest, J. (2017, October 9). Borrowing Microsoft MetaData and Signatures to Hide Binary Payloads. Retrieved September 10, 2019.
Internal MISP references
UUID 156efefd-793f-4219-8904-ef160a45c9ec
which can be used as unique global reference for Threatexpress MetaTwin 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-10T00:00:00Z |
date_published | 2017-10-09T00:00:00Z |
source | MITRE |
title | Borrowing Microsoft MetaData and Signatures to Hide Binary Payloads |
Sandfly BPFDoor 2022
The Sandfly Security Team. (2022, May 11). BPFDoor - An Evasive Linux Backdoor Technical Analysis. Retrieved September 29, 2023.
Internal MISP references
UUID 01c8337f-614b-5f63-870f-5c880b390922
which can be used as unique global reference for Sandfly BPFDoor 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-29T00:00:00Z |
date_published | 2022-05-11T00:00:00Z |
source | MITRE |
title | BPFDoor - An Evasive Linux Backdoor Technical Analysis |
AADInternals - BPRT
Dr. Nestori Syynimaa. (2021, January 31). BPRT unleashed: Joining multiple devices to Azure AD and Intune. Retrieved March 4, 2022.
Internal MISP references
UUID 19af3fce-eb57-4e67-9678-1968e9ea9677
which can be used as unique global reference for AADInternals - BPRT
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-04T00:00:00Z |
date_published | 2021-01-31T00:00:00Z |
source | MITRE |
title | BPRT unleashed: Joining multiple devices to Azure AD and Intune |
Brazking-Websockets
Shahar Tavor. (n.d.). BrazKing Android Malware Upgraded and Targeting Brazilian Banks. Retrieved March 24, 2023.
Internal MISP references
UUID fa813afd-b8f0-535b-9108-6d3d3989b6b9
which can be used as unique global reference for Brazking-Websockets
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-24T00:00:00Z |
source | MITRE |
title | BrazKing Android Malware Upgraded and Targeting Brazilian Banks |
Morphisec 3 26 2024
Arnold Osipov. (2024, March 26). Breaking Boundaries Mispadu's Infiltration Beyond LATAM. Retrieved April 4, 2024.
Internal MISP references
UUID 38d88851-1b71-4ed7-88e3-2ee5c3876c06
which can be used as unique global reference for Morphisec 3 26 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-04T00:00:00Z |
date_published | 2024-03-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Breaking Boundaries Mispadu's Infiltration Beyond LATAM |
MSTIC Nobelium Toolset May 2021
MSTIC. (2021, May 28). Breaking down NOBELIUM’s latest early-stage toolset. Retrieved August 4, 2021.
Internal MISP references
UUID 52464e69-ff9e-4101-9596-dd0c6404bf76
which can be used as unique global reference for MSTIC Nobelium Toolset May 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-04T00:00:00Z |
date_published | 2021-05-28T00:00:00Z |
source | MITRE |
title | Breaking down NOBELIUM’s latest early-stage toolset |
Lee 2013
Lee, T., Hanzlik, D., Ahl, I. (2013, August 7). Breaking Down the China Chopper Web Shell - Part I. Retrieved March 27, 2015.
Internal MISP references
UUID 6d1e2b0a-fed2-490b-be25-6580dfb7d6aa
which can be used as unique global reference for Lee 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-03-27T00:00:00Z |
date_published | 2013-08-07T00:00:00Z |
source | MITRE |
title | Breaking Down the China Chopper Web Shell - Part I |
sentinelone-malvertising
Hegel, Tom. (2023, January 19). Breaking Down the SEO Poisoning Attack | How Attackers Are Hijacking Search Results. Retrieved February 21, 2023.
Internal MISP references
UUID 7989f0de-90b8-5e6d-bc20-1764610d1568
which can be used as unique global reference for sentinelone-malvertising
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-21T00:00:00Z |
date_published | 2023-01-19T00:00:00Z |
source | MITRE |
title | Breaking Down the SEO Poisoning Attack |
OS X Keychain
Juuso Salonen. (2012, September 5). Breaking into the OS X keychain. Retrieved July 15, 2017.
Internal MISP references
UUID bde3ff9c-fbf9-49c4-b414-70dc8356d57d
which can be used as unique global reference for OS X Keychain
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-15T00:00:00Z |
date_published | 2012-09-05T00:00:00Z |
source | MITRE |
title | Breaking into the OS X keychain |
Brown Exploiting Linkers
Tim Brown. (2011, June 29). Breaking the links: Exploiting the linker. Retrieved March 29, 2021.
Internal MISP references
UUID 24674e91-5cbf-4023-98ae-a9f0968ad99a
which can be used as unique global reference for Brown Exploiting Linkers
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-29T00:00:00Z |
date_published | 2011-06-29T00:00:00Z |
source | MITRE |
title | Breaking the links: Exploiting the linker |
FireEye Outlook Dec 2019
McWhirt, M., Carr, N., Bienstock, D. (2019, December 4). Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774). Retrieved June 23, 2020.
Internal MISP references
UUID f23a773f-9c50-4193-877d-97f7c13f48f1
which can be used as unique global reference for FireEye Outlook Dec 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-23T00:00:00Z |
date_published | 2019-12-04T00:00:00Z |
source | MITRE |
title | Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774) |
Cisco Talos Blog December 08 2022
Cisco Talos Blog. (2022, December 8). Breaking the silence - Recent Truebot activity. Retrieved May 8, 2023.
Internal MISP references
UUID bcf92374-48a3-480f-a679-9fd34b67bcdd
which can be used as unique global reference for Cisco Talos Blog December 08 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-08T00:00:00Z |
date_published | 2022-12-08T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Breaking the silence - Recent Truebot activity |
PaloAlto Preventing Opportunistic Attacks Apr 2016
Kiwi. (2016, April 6). Breakout Recap: Cybersecurity Best Practices Part 1 - Preventing Opportunistic Attacks. Retrieved October 3, 2018.
Internal MISP references
UUID 60fac434-2815-4568-b951-4bde55c2e3af
which can be used as unique global reference for PaloAlto Preventing Opportunistic Attacks Apr 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-03T00:00:00Z |
date_published | 2016-04-06T00:00:00Z |
source | MITRE |
title | Breakout Recap: Cybersecurity Best Practices Part 1 - Preventing Opportunistic Attacks |
Mandiant BYOL
Kirk, N. (2018, June 18). Bring Your Own Land (BYOL) – A Novel Red Teaming Technique. Retrieved October 4, 2021.
Internal MISP references
UUID 445efe8b-659a-4023-afc7-aa7cd21ee5a1
which can be used as unique global reference for Mandiant BYOL
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-04T00:00:00Z |
date_published | 2018-06-18T00:00:00Z |
source | MITRE |
title | Bring Your Own Land (BYOL) – A Novel Red Teaming Technique |
Mandiant BYOL 2018
Kirk, N. (2018, June 18). Bring Your Own Land (BYOL) – A Novel Red Teaming Technique. Retrieved October 8, 2021.
Internal MISP references
UUID 104a1c1c-0899-4ff9-a5c4-73de702c467d
which can be used as unique global reference for Mandiant BYOL 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-08T00:00:00Z |
date_published | 2018-06-18T00:00:00Z |
source | MITRE |
title | Bring Your Own Land (BYOL) – A Novel Red Teaming Technique |
Comparitech Leak
Bischoff, P. (2020, October 15). Broadvoice database of more than 350 million customer records exposed online. Retrieved October 20, 2020.
Internal MISP references
UUID fa0eac56-45ea-4628-88cf-b843874b4a4d
which can be used as unique global reference for Comparitech Leak
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2020-10-15T00:00:00Z |
source | MITRE |
title | Broadvoice database of more than 350 million customer records exposed online |
ThreatPost Broadvoice Leak
Seals, T. (2020, October 15). Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts. Retrieved October 20, 2020.
Internal MISP references
UUID 91d20979-d4e7-4372-8a83-1e1512c8d3a9
which can be used as unique global reference for ThreatPost Broadvoice Leak
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2020-10-15T00:00:00Z |
source | MITRE |
title | Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts |
Secureworks BRONZE BUTLER Oct 2017
Counter Threat Unit Research Team. (2017, October 12). BRONZE BUTLER Targets Japanese Enterprises. Retrieved January 4, 2018.
Internal MISP references
UUID c62d8d1a-cd1b-4b39-95b6-68f3f063dacf
which can be used as unique global reference for Secureworks BRONZE BUTLER Oct 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-04T00:00:00Z |
date_published | 2017-10-12T00:00:00Z |
source | MITRE, Tidal Cyber |
title | BRONZE BUTLER Targets Japanese Enterprises |
Secureworks BRONZE FLEETWOOD Profile
Secureworks CTU. (n.d.). BRONZE FLEETWOOD. Retrieved February 5, 2024.
Internal MISP references
UUID 4fbb113c-94b4-56fd-b292-1ccf84e1c8f3
which can be used as unique global reference for Secureworks BRONZE FLEETWOOD Profile
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-05T00:00:00Z |
source | MITRE |
title | BRONZE FLEETWOOD |
Secureworks BRONZE HUNTLEY
Secureworks. (2021, January 1). BRONZE HUNTLEY Threat Profile. Retrieved May 5, 2021.
Internal MISP references
UUID 9558ebc5-4de3-4b1d-b32c-a170adbc3451
which can be used as unique global reference for Secureworks BRONZE HUNTLEY
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-05T00:00:00Z |
date_published | 2021-01-01T00:00:00Z |
source | MITRE |
title | BRONZE HUNTLEY Threat Profile |
Secureworks BRONZE PRESIDENT December 2019
Counter Threat Unit Research Team. (2019, December 29). BRONZE PRESIDENT Targets NGOs. Retrieved April 13, 2021.
Internal MISP references
UUID 019889e0-a2ce-476f-9a31-2fc394de2821
which can be used as unique global reference for Secureworks BRONZE PRESIDENT December 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-13T00:00:00Z |
date_published | 2019-12-29T00:00:00Z |
source | MITRE, Tidal Cyber |
title | BRONZE PRESIDENT Targets NGOs |
Dell SecureWorks BRONZE STARLIGHT Profile
SecureWorks. (n.d.). BRONZE STARLIGHT. Retrieved December 6, 2023.
Internal MISP references
UUID d2e8cd95-fcd5-58e4-859a-c4724ec94ab4
which can be used as unique global reference for Dell SecureWorks BRONZE STARLIGHT Profile
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-06T00:00:00Z |
source | MITRE |
title | BRONZE STARLIGHT |
SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022
Counter Threat Unit Research Team . (2022, June 23). BRONZE STARLIGHT RANSOMWARE OPERATIONS USE HUI LOADER. Retrieved December 7, 2023.
Internal MISP references
UUID 0b275cf9-a885-58cc-b859-112090a711e3
which can be used as unique global reference for SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-07T00:00:00Z |
date_published | 2022-06-23T00:00:00Z |
source | MITRE |
title | BRONZE STARLIGHT RANSOMWARE OPERATIONS USE HUI LOADER |
SecureWorks BRONZE UNION June 2017
Counter Threat Unit Research Team. (2017, June 27). BRONZE UNION Cyberespionage Persists Despite Disclosures. Retrieved July 13, 2017.
Internal MISP references
UUID 42adda47-f5d6-4d34-9b3d-3748a782f886
which can be used as unique global reference for SecureWorks BRONZE UNION June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-13T00:00:00Z |
date_published | 2017-06-27T00:00:00Z |
source | MITRE, Tidal Cyber |
title | BRONZE UNION Cyberespionage Persists Despite Disclosures |
Wikipedia Browser Extension
Wikipedia. (2017, October 8). Browser Extension. Retrieved January 11, 2018.
Internal MISP references
UUID 52aef082-3f8e-41b4-af95-6631ce4c9e91
which can be used as unique global reference for Wikipedia Browser Extension
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-11T00:00:00Z |
date_published | 2017-10-08T00:00:00Z |
source | MITRE |
title | Browser Extension |
Mr. D0x BitB 2022
mr.d0x. (2022, March 15). Browser In The Browser (BITB) Attack. Retrieved March 8, 2023.
Internal MISP references
UUID 447f6b34-ac3a-58d9-af96-aa1d947a3e0e
which can be used as unique global reference for Mr. D0x BitB 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-08T00:00:00Z |
date_published | 2022-03-15T00:00:00Z |
source | MITRE |
title | Browser In The Browser (BITB) Attack |
Cobalt Strike Browser Pivot
Mudge, R. (n.d.). Browser Pivoting. Retrieved January 10, 2018.
Internal MISP references
UUID 0c1dd453-7281-4ee4-9c8f-bdc401cf48d7
which can be used as unique global reference for Cobalt Strike Browser Pivot
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-10T00:00:00Z |
source | MITRE |
title | Browser Pivoting |
Symantec Buckeye
Symantec Security Response. (2016, September 6). Buckeye cyberespionage group shifts gaze from US to Hong Kong. Retrieved September 26, 2016.
Internal MISP references
UUID dbf3ce3e-bcf2-4e47-ad42-839e51967395
which can be used as unique global reference for Symantec Buckeye
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-09-26T00:00:00Z |
date_published | 2016-09-06T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Buckeye cyberespionage group shifts gaze from US to Hong Kong |
ESET Buhtrap and Buran April 2019
ESET Research. (2019, April 30). Buhtrap backdoor and Buran ransomware distributed via major advertising platform. Retrieved May 11, 2020.
Internal MISP references
UUID e308a957-fb5c-44e8-a846-be6daef4b940
which can be used as unique global reference for ESET Buhtrap and Buran April 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-11T00:00:00Z |
date_published | 2019-04-30T00:00:00Z |
source | MITRE |
title | Buhtrap backdoor and Buran ransomware distributed via major advertising platform |
S1 Custom Shellcode Tool
Bunce, D. (2019, October 31). Building A Custom Tool For Shellcode Analysis. Retrieved October 4, 2021.
Internal MISP references
UUID f49bfd00-48d5-4d84-a7b7-cb23fcdf861b
which can be used as unique global reference for S1 Custom Shellcode Tool
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-04T00:00:00Z |
date_published | 2019-10-31T00:00:00Z |
source | MITRE |
title | Building A Custom Tool For Shellcode Analysis |
Data Driven Security DGA
Jacobs, J. (2014, October 2). Building a DGA Classifier: Part 2, Feature Engineering. Retrieved February 18, 2019.
Internal MISP references
UUID c92fb2ec-c144-42d4-bd42-179d3d737db0
which can be used as unique global reference for Data Driven Security DGA
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-18T00:00:00Z |
date_published | 2014-10-02T00:00:00Z |
source | MITRE |
title | Building a DGA Classifier: Part 2, Feature Engineering |
CTD PPID Spoofing Macro Mar 2019
Tafani-Dereeper, C. (2019, March 12). Building an Office macro to spoof parent processes and command line arguments. Retrieved June 3, 2019.
Internal MISP references
UUID b06b72ba-dbd6-4190-941a-0cdd3d659ab6
which can be used as unique global reference for CTD PPID Spoofing Macro Mar 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-03T00:00:00Z |
date_published | 2019-03-12T00:00:00Z |
source | MITRE |
title | Building an Office macro to spoof parent processes and command line arguments |
Trend Micro September 02 2022
Trend Micro. (2022, September 2). BumbleBee a New Modular Backdoor Evolved From BookWorm. Retrieved May 7, 2023.
Internal MISP references
UUID acb25abb-23c7-4b5d-849b-346388dde15c
which can be used as unique global reference for Trend Micro September 02 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2022-09-02T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | BumbleBee a New Modular Backdoor Evolved From BookWorm |
Proofpoint 2 12 2024
Axel F; Selena Larson; The Proofpoint Threat Research Team. (2024, February 12). Bumblebee Buzzes Back in Black . Retrieved February 14, 2024.
Internal MISP references
UUID 643968ec-bc01-4317-ba91-b2bafeb421c9
which can be used as unique global reference for Proofpoint 2 12 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-14T00:00:00Z |
date_published | 2024-02-12T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Bumblebee Buzzes Back in Black |
Toxin Labs 3 4 2023
Toxin Labs. (2023, March 4). BumbleBee DocuSign Campaign. Retrieved February 19, 2024.
Internal MISP references
UUID 8404527a-9197-47ea-8bdf-c824b66ffede
which can be used as unique global reference for Toxin Labs 3 4 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-19T00:00:00Z |
date_published | 2023-03-04T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | BumbleBee DocuSign Campaign |
SEC Consult Bumblebee April 11 2023
Angelo Violetti. (2023, April 11). BumbleBee hunting with a Velociraptor. Retrieved May 6, 2023.
Internal MISP references
UUID c4cdaaeb-5776-4899-bdcf-8daf9d6ea615
which can be used as unique global reference for SEC Consult Bumblebee April 11 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-06T00:00:00Z |
date_published | 2023-04-11T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | BumbleBee hunting with a Velociraptor |
Cybereason Bumblebee August 2022
Cybereason. (2022, August 17). Bumblebee Loader – The High Road to Enterprise Domain Control. Retrieved August 29, 2022.
Internal MISP references
UUID 64bfb605-af69-4df0-ae56-32fa997516bc
which can be used as unique global reference for Cybereason Bumblebee August 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-29T00:00:00Z |
date_published | 2022-08-17T00:00:00Z |
source | MITRE |
title | Bumblebee Loader – The High Road to Enterprise Domain Control |
Secureworks Bumblebee April 20 2023
Counter Threat Unit Research Team. (2023, April 20). Bumblebee Malware Distributed Via Trojanized Installer Downloads. Retrieved May 6, 2023.
Internal MISP references
UUID ac31c45d-ba78-4158-b163-723ab22c4dc4
which can be used as unique global reference for Secureworks Bumblebee April 20 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-06T00:00:00Z |
date_published | 2023-04-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Bumblebee Malware Distributed Via Trojanized Installer Downloads |
Symantec Bumblebee June 2022
Kamble, V. (2022, June 28). Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem. Retrieved August 24, 2022.
Internal MISP references
UUID 81bfabad-b5b3-4e45-ac1d-1e2e829fca33
which can be used as unique global reference for Symantec Bumblebee June 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-24T00:00:00Z |
date_published | 2022-06-28T00:00:00Z |
source | MITRE |
title | Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem |
Cyble September 07 2022
Cybleinc. (2022, September 7). Bumblebee Returns with New Infection Technique. Retrieved May 7, 2023.
Internal MISP references
UUID 9d194526-2d01-4f92-9055-39e66d26081a
which can be used as unique global reference for Cyble September 07 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2022-09-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Bumblebee Returns with New Infection Technique |
The DFIR Report Bumblebee September 26 2022
The DFIR Report. (2022, September 26). BumbleBee: Round Two. Retrieved May 7, 2023.
Internal MISP references
UUID 8b51d35c-7a2a-4f03-95b1-c0b319f73c05
which can be used as unique global reference for The DFIR Report Bumblebee September 26 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2022-09-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | BumbleBee: Round Two |
The DFIR Report Bumblebee November 14 2022
The DFIR Report. (2022, November 14). BumbleBee Zeros in on Meterpreter. Retrieved May 7, 2023.
Internal MISP references
UUID 831e1b4e-6edd-498f-863c-606d2392b622
which can be used as unique global reference for The DFIR Report Bumblebee November 14 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2022-11-14T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | BumbleBee Zeros in on Meterpreter |
objsee netwire backdoor 2019
Patrick Wardle. (2019, June 20). Burned by Fire(fox). Retrieved October 1, 2021.
Internal MISP references
UUID 866c5305-8629-4f09-8dfe-192c8573ffb0
which can be used as unique global reference for objsee netwire backdoor 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-01T00:00:00Z |
date_published | 2019-06-20T00:00:00Z |
source | MITRE |
title | Burned by Fire(fox) |
401 TRG Winnti Umbrella May 2018
Hegel, T. (2018, May 3). Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers. Retrieved July 8, 2018.
Internal MISP references
UUID e3f1f2e4-dc1c-4d9c-925d-47013f44a69f
which can be used as unique global reference for 401 TRG Winnti Umbrella May 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-08T00:00:00Z |
date_published | 2018-05-03T00:00:00Z |
source | MITRE |
title | Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers |
Bypassing Gatekeeper
Thomas Reed. (2016, March 31). Bypassing Apple's Gatekeeper. Retrieved July 5, 2017.
Internal MISP references
UUID 957a0916-614e-4c7b-a6dd-1baa4fc6f93e
which can be used as unique global reference for Bypassing Gatekeeper
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-05T00:00:00Z |
date_published | 2016-03-31T00:00:00Z |
source | MITRE |
title | Bypassing Apple's Gatekeeper |
engima0x3 DNX Bypass
Nelson, M. (2017, November 17). Bypassing Application Whitelisting By Using dnx.exe. Retrieved May 25, 2017.
Internal MISP references
UUID e0186f1d-100d-4e52-b6f7-0a7e1c1a35f0
which can be used as unique global reference for engima0x3 DNX Bypass
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-05-25T00:00:00Z |
date_published | 2017-11-17T00:00:00Z |
source | MITRE |
title | Bypassing Application Whitelisting By Using dnx.exe |
engima0x3 RCSI Bypass
Nelson, M. (2016, November 21). Bypassing Application Whitelisting By Using rcsi.exe. Retrieved May 26, 2017.
Internal MISP references
UUID 0b815bd9-6c7f-4bd8-9031-667fa6252f89
which can be used as unique global reference for engima0x3 RCSI Bypass
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-05-26T00:00:00Z |
date_published | 2016-11-21T00:00:00Z |
source | MITRE |
title | Bypassing Application Whitelisting By Using rcsi.exe |
Exploit Monday WinDbg
Graeber, M. (2016, August 15). Bypassing Application Whitelisting by using WinDbg/CDB as a Shellcode Runner. Retrieved May 26, 2017.
Internal MISP references
UUID abd5f871-e12e-4355-af72-d4be79cb0291
which can be used as unique global reference for Exploit Monday WinDbg
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-05-26T00:00:00Z |
date_published | 2016-08-15T00:00:00Z |
source | MITRE |
title | Bypassing Application Whitelisting by using WinDbg/CDB as a Shellcode Runner |
SubTee MSBuild
Smith, C. (2016, September 13). Bypassing Application Whitelisting using MSBuild.exe - Device Guard Example and Mitigations. Retrieved September 13, 2016.
Internal MISP references
UUID 82a762d0-c59f-456d-a7d3-1cab3fa02526
which can be used as unique global reference for SubTee MSBuild
in MISP communities and other software using the MISP galaxy
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-09-13T00:00:00Z |
date_published | 2016-09-13T00:00:00Z |
source | MITRE |
title | Bypassing Application Whitelisting using MSBuild.exe - Device Guard Example and Mitigations |
Bypassing CloudTrail in AWS Service Catalog
Nick Frichette. (2023, March 20). Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research. Retrieved September 18, 2023.
Internal MISP references
UUID de50bd67-96bb-537c-b91d-e541a717b7a1
which can be used as unique global reference for Bypassing CloudTrail in AWS Service Catalog
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-18T00:00:00Z |
date_published | 2023-03-20T00:00:00Z |
source | MITRE |
title | Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research |
AADInternals - Conditional Access Bypass
Dr. Nestori Syynimaa. (2020, September 6). Bypassing conditional access by faking device compliance. Retrieved March 4, 2022.
Internal MISP references
UUID 832841a1-92d1-4fcc-90f7-afbabad84aec
which can be used as unique global reference for AADInternals - Conditional Access Bypass
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-04T00:00:00Z |
date_published | 2020-09-06T00:00:00Z |
source | MITRE |
title | Bypassing conditional access by faking device compliance |
MsitPros CHM Aug 2017
Moe, O. (2017, August 13). Bypassing Device guard UMCI using CHM – CVE-2017-8625. Retrieved October 3, 2018.
Internal MISP references
UUID d4e4cc8a-3246-463f-ba06-d68459d907d4
which can be used as unique global reference for MsitPros CHM Aug 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-03T00:00:00Z |
date_published | 2017-08-13T00:00:00Z |
source | MITRE |
title | Bypassing Device guard UMCI using CHM – CVE-2017-8625 |
TCC macOS bypass
Phil Stokes. (2021, July 1). Bypassing macOS TCC User Privacy Protections By Accident and Design. Retrieved March 21, 2024.
Internal MISP references
UUID 4fc68e85-cd7a-5a15-84e3-8fbea0b28fd5
which can be used as unique global reference for TCC macOS bypass
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-21T00:00:00Z |
date_published | 2021-07-01T00:00:00Z |
source | MITRE |
title | Bypassing macOS TCC User Privacy Protections By Accident and Design |
enigma0x3 sdclt app paths
Nelson, M. (2017, March 14). Bypassing UAC using App Paths. Retrieved May 25, 2017.
Internal MISP references
UUID 2e69a4a7-dc7f-4b7d-99b2-190c60d7efd1
which can be used as unique global reference for enigma0x3 sdclt app paths
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-05-25T00:00:00Z |
date_published | 2017-03-14T00:00:00Z |
source | MITRE |
title | Bypassing UAC using App Paths |
MDSec System Calls
MDSec Research. (2020, December). Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams. Retrieved September 29, 2021.
Internal MISP references
UUID b461e226-1317-4ce4-a195-ba4c4957db99
which can be used as unique global reference for MDSec System Calls
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
date_published | 2020-12-01T00:00:00Z |
source | MITRE |
title | Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams |
Hybrid Analysis Icacls1 June 2018
Hybrid Analysis. (2018, June 12). c9b65b764985dfd7a11d3faf599c56b8.exe. Retrieved August 19, 2018.
Internal MISP references
UUID 74df644a-06b8-4331-85a3-932358d65b62
which can be used as unique global reference for Hybrid Analysis Icacls1 June 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-19T00:00:00Z |
date_published | 2018-06-12T00:00:00Z |
source | MITRE |
title | c9b65b764985dfd7a11d3faf599c56b8.exe |
Microsoft Credential Manager store
Microsoft. (2016, August 31). Cached and Stored Credentials Technical Overview. Retrieved November 24, 2020.
Internal MISP references
UUID c949a29b-bb31-4bd7-a967-ddd48c7efb8e
which can be used as unique global reference for Microsoft Credential Manager store
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-24T00:00:00Z |
date_published | 2016-08-31T00:00:00Z |
source | MITRE |
title | Cached and Stored Credentials Technical Overview |
Microsoft - Cached Creds
Microsoft. (2016, August 21). Cached and Stored Credentials Technical Overview. Retrieved February 21, 2020.
Internal MISP references
UUID 590ea63f-f800-47e4-8d39-df11a184ba84
which can be used as unique global reference for Microsoft - Cached Creds
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-21T00:00:00Z |
date_published | 2016-08-21T00:00:00Z |
source | MITRE |
title | Cached and Stored Credentials Technical Overview |
Kaspersky CactusPete Aug 2020
Zykov, K. (2020, August 13). CactusPete APT group’s updated Bisonal backdoor. Retrieved May 5, 2021.
Internal MISP references
UUID 1c393964-e717-45ad-8eb6-5df5555d3c70
which can be used as unique global reference for Kaspersky CactusPete Aug 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-05T00:00:00Z |
date_published | 2020-08-13T00:00:00Z |
source | MITRE, Tidal Cyber |
title | CactusPete APT group’s updated Bisonal backdoor |
Kroll CACTUS Ransomware May 10 2023
Laurie Iacono, Stephen Green, Dave Truman. (2023, May 10). CACTUS Ransomware: Prickly New Variant Evades Detection. Retrieved August 10, 2023.
Internal MISP references
UUID f50de2f6-465f-4cae-a79c-cc135ebfee4f
which can be used as unique global reference for Kroll CACTUS Ransomware May 10 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-10T00:00:00Z |
date_published | 2023-05-10T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | CACTUS Ransomware: Prickly New Variant Evades Detection |
ESET CaddyWiper March 2022
ESET. (2022, March 15). CaddyWiper: New wiper malware discovered in Ukraine. Retrieved March 23, 2022.
Internal MISP references
UUID 9fa97444-311f-40c1-8728-c5f91634c750
which can be used as unique global reference for ESET CaddyWiper March 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-23T00:00:00Z |
date_published | 2022-03-15T00:00:00Z |
source | MITRE |
title | CaddyWiper: New wiper malware discovered in Ukraine |
Cadet Blizzard emerges as novel threat actor
Microsoft Threat Intelligence. (2023, June 14). Cadet Blizzard emerges as a novel and distinct Russian threat actor. Retrieved July 10, 2023.
Internal MISP references
UUID 7180c6a7-e6ea-54bf-bcd7-c5238bbc5f5b
which can be used as unique global reference for Cadet Blizzard emerges as novel threat actor
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-10T00:00:00Z |
date_published | 2023-06-14T00:00:00Z |
source | MITRE |
title | Cadet Blizzard emerges as a novel and distinct Russian threat actor |
Cado Security Denonia
Matt Muir. (2022, April 6). Cado Discovers Denonia: The First Malware Specifically Targeting Lambda. Retrieved May 27, 2022.
Internal MISP references
UUID 584e7ace-ef33-423b-9801-4728a447cb34
which can be used as unique global reference for Cado Security Denonia
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-27T00:00:00Z |
date_published | 2022-04-06T00:00:00Z |
source | MITRE |
title | Cado Discovers Denonia: The First Malware Specifically Targeting Lambda |
Cado Denonia April 3 2022
jbowen. (2022, April 3). Cado Discovers Denonia: The First Malware Specifically Targeting Lambda. Retrieved April 11, 2024.
Internal MISP references
UUID b276c28d-1488-4a21-86d1-7acdfd77794b
which can be used as unique global reference for Cado Denonia April 3 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-11T00:00:00Z |
date_published | 2022-04-03T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Cado Discovers Denonia: The First Malware Specifically Targeting Lambda |
Caesars Scattered Spider September 13 2023
William Turton. (2023, September 13). Caesars Entertainment Paid Millions to Hackers in Attack. Retrieved September 14, 2023.
Internal MISP references
UUID 6915c003-7c8b-451c-8fb1-3541f00c14fb
which can be used as unique global reference for Caesars Scattered Spider September 13 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-14T00:00:00Z |
date_published | 2023-09-13T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Caesars Entertainment Paid Millions to Hackers in Attack |
Securelist Calisto July 2018
Kuzin, M., Zelensky S. (2018, July 20). Calisto Trojan for macOS. Retrieved September 7, 2018.
Internal MISP references
UUID a292d77b-9150-46ea-b217-f51e091fdb57
which can be used as unique global reference for Securelist Calisto July 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-07T00:00:00Z |
date_published | 2018-07-20T00:00:00Z |
source | MITRE |
title | Calisto Trojan for macOS |
CERTFR-2023-CTI-009
CERT-FR. (2023, October 26). Campagnes d'attaques du mode opératoire APT28 depuis 2021. Retrieved October 26, 2023.
Internal MISP references
UUID 5365ac4c-fbb8-4389-989e-a64cb7693371
which can be used as unique global reference for CERTFR-2023-CTI-009
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-26T00:00:00Z |
date_published | 2023-10-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Campagnes d'attaques du mode opératoire APT28 depuis 2021 |
FSI Andariel Campaign Rifle July 2017
FSI. (2017, July 27). Campaign Rifle - Andariel, the Maiden of Anguish. Retrieved September 29, 2021.
Internal MISP references
UUID bde61ee9-16f9-4bd9-a847-5cc9df21335c
which can be used as unique global reference for FSI Andariel Campaign Rifle July 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
date_published | 2017-07-27T00:00:00Z |
source | MITRE |
title | Campaign Rifle - Andariel, the Maiden of Anguish |
Check Point Research January 5 2022
Check Point Research. (2022, January 5). Can You Trust a File's Digital Signature? New Zloader Campaign Exploits Microsoft's Signature Verification Putting Users at Risk. Retrieved May 11, 2023.
Internal MISP references
UUID d26dfc4d-e563-4262-b527-0fffb7228234
which can be used as unique global reference for Check Point Research January 5 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-11T00:00:00Z |
date_published | 2022-01-05T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Can You Trust a File's Digital Signature? New Zloader Campaign Exploits Microsoft's Signature Verification Putting Users at Risk |
Kaspersky Carbanak
Kaspersky Lab's Global Research and Analysis Team. (2015, February). CARBANAK APT THE GREAT BANK ROBBERY. Retrieved August 23, 2018.
Internal MISP references
UUID 2f7e77db-fe39-4004-9945-3c8943708494
which can be used as unique global reference for Kaspersky Carbanak
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-23T00:00:00Z |
date_published | 2015-02-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | CARBANAK APT THE GREAT BANK ROBBERY |
KasperskyCarbanak
Kaspersky Lab's Global Research & Analysis Team. (2015, February). CARBANAK APT THE GREAT BANK ROBBERY. Retrieved March 27, 2017.
Internal MISP references
UUID 053a2bbb-5509-4aba-bbd7-ccc3d8074291
which can be used as unique global reference for KasperskyCarbanak
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-27T00:00:00Z |
date_published | 2015-02-01T00:00:00Z |
source | MITRE |
title | CARBANAK APT THE GREAT BANK ROBBERY |
Forcepoint Carbanak Google C2
Griffin, N. (2017, January 17). CARBANAK GROUP USES GOOGLE FOR MALWARE COMMAND-AND-CONTROL. Retrieved February 15, 2017.
Internal MISP references
UUID 3da6084f-5e12-4472-afb9-82efd3e22cf6
which can be used as unique global reference for Forcepoint Carbanak Google C2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-02-15T00:00:00Z |
date_published | 2017-01-17T00:00:00Z |
source | MITRE |
title | CARBANAK GROUP USES GOOGLE FOR MALWARE COMMAND-AND-CONTROL |
Trend Micro Carberp February 2014
Trend Micro. (2014, February 27). CARBERP. Retrieved July 29, 2020.
Internal MISP references
UUID 069e458f-d780-47f9-8ebe-21b195fe9b33
which can be used as unique global reference for Trend Micro Carberp February 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-29T00:00:00Z |
date_published | 2014-02-27T00:00:00Z |
source | MITRE |
title | CARBERP |
Prevx Carberp March 2011
Giuliani, M., Allievi, A. (2011, February 28). Carberp - a modular information stealing trojan. Retrieved July 15, 2020.
Internal MISP references
UUID 8f95d81a-ea8c-44bf-950d-9eb868182d39
which can be used as unique global reference for Prevx Carberp March 2011
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-15T00:00:00Z |
date_published | 2011-02-28T00:00:00Z |
source | MITRE |
title | Carberp - a modular information stealing trojan |
Trusteer Carberp October 2010
Trusteer Fraud Prevention Center. (2010, October 7). Carberp Under the Hood of Carberp: Malware & Configuration Analysis. Retrieved July 15, 2020.
Internal MISP references
UUID f7af5be2-0cb4-4b41-9d08-2f652b6bac3c
which can be used as unique global reference for Trusteer Carberp October 2010
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-15T00:00:00Z |
date_published | 2010-10-07T00:00:00Z |
source | MITRE |
title | Carberp Under the Hood of Carberp: Malware & Configuration Analysis |
ESET Carbon Mar 2017
ESET. (2017, March 30). Carbon Paper: Peering into Turla’s second stage backdoor. Retrieved November 7, 2018.
Internal MISP references
UUID 5d2a3a81-e7b7-430d-b748-b773f89d3c77
which can be used as unique global reference for ESET Carbon Mar 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-07T00:00:00Z |
date_published | 2017-03-30T00:00:00Z |
source | MITRE |
title | Carbon Paper: Peering into Turla’s second stage backdoor |
CrowdStrike Carbon Spider August 2021
Loui, E. and Reynolds, J. (2021, August 30). CARBON SPIDER Embraces Big Game Hunting, Part 1. Retrieved September 20, 2021.
Internal MISP references
UUID 36f0ddb0-94af-494c-ad10-9d3f75d1d810
which can be used as unique global reference for CrowdStrike Carbon Spider August 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-20T00:00:00Z |
date_published | 2021-08-30T00:00:00Z |
source | MITRE |
title | CARBON SPIDER Embraces Big Game Hunting, Part 1 |
PaloAlto CardinalRat Apr 2017
Grunzweig, J.. (2017, April 20). Cardinal RAT Active for Over Two Years. Retrieved December 8, 2018.
Internal MISP references
UUID 8d978b94-75c9-46a1-812a-bafe3396eda9
which can be used as unique global reference for PaloAlto CardinalRat Apr 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-12-08T00:00:00Z |
date_published | 2017-04-20T00:00:00Z |
source | MITRE |
title | Cardinal RAT Active for Over Two Years |
ESET Casbaneiro Oct 2019
ESET Research. (2019, October 3). Casbaneiro: peculiarities of this banking Trojan that affects Brazil and Mexico. Retrieved September 23, 2021.
Internal MISP references
UUID a5cb3ee6-9a0b-4e90-bf32-be7177a858b1
which can be used as unique global reference for ESET Casbaneiro Oct 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-23T00:00:00Z |
date_published | 2019-10-03T00:00:00Z |
source | MITRE |
title | Casbaneiro: peculiarities of this banking Trojan that affects Brazil and Mexico |
Microsoft Catalog Files and Signatures April 2017
Hudek, T. (2017, April 20). Catalog Files and Digital Signatures. Retrieved January 31, 2018.
Internal MISP references
UUID 5b6ae460-a1cf-4afe-a0c8-d6ea24741ebe
which can be used as unique global reference for Microsoft Catalog Files and Signatures April 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-31T00:00:00Z |
date_published | 2017-04-20T00:00:00Z |
source | MITRE |
title | Catalog Files and Digital Signatures |
Catch All Chrome Extension
Marinho, R. (n.d.). "Catch-All" Google Chrome Malicious Extension Steals All Posted Data. Retrieved November 16, 2017.
Internal MISP references
UUID eddd2ea8-89c1-40f9-b6e3-37cbdebd210e
which can be used as unique global reference for Catch All Chrome Extension
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-16T00:00:00Z |
source | MITRE |
title | "Catch-All" Google Chrome Malicious Extension Steals All Posted Data |
Akamai JS
Katz, O. (2020, October 26). Catch Me if You Can—JavaScript Obfuscation. Retrieved March 17, 2023.
Internal MISP references
UUID 379a177b-0c31-5840-ad54-3fdfc9904a88
which can be used as unique global reference for Akamai JS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-17T00:00:00Z |
date_published | 2020-10-26T00:00:00Z |
source | MITRE |
title | Catch Me if You Can—JavaScript Obfuscation |
Categorisation_not_boundary
MDSec Research. (2017, July). Categorisation is not a Security Boundary. Retrieved September 20, 2019.
Internal MISP references
UUID 3c320f38-e691-46f7-a20d-58b024ea2fa2
which can be used as unique global reference for Categorisation_not_boundary
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-20T00:00:00Z |
date_published | 2017-07-01T00:00:00Z |
source | MITRE |
title | Categorisation is not a Security Boundary |
CrowdStrike Flying Kitten
Dahl, M.. (2014, May 13). Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN. Retrieved May 27, 2020.
Internal MISP references
UUID ab669ded-e659-4313-b5ab-8c5362562f39
which can be used as unique global reference for CrowdStrike Flying Kitten
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-27T00:00:00Z |
date_published | 2014-05-13T00:00:00Z |
source | MITRE |
title | Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN |
Telephone Attack Delivery
Selena Larson, Sam Scholten, Timothy Kromphardt. (2021, November 4). Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery. Retrieved January 5, 2022.
Internal MISP references
UUID 9670da7b-0600-4072-9ecc-65a918b89ac5
which can be used as unique global reference for Telephone Attack Delivery
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-05T00:00:00Z |
date_published | 2021-11-04T00:00:00Z |
source | MITRE |
title | Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery |
Tetra Defense Sodinokibi March 2020
Tetra Defense. (2020, March). CAUSE AND EFFECT: SODINOKIBI RANSOMWARE ANALYSIS. Retrieved December 14, 2020.
Internal MISP references
UUID a6ef0302-7bf4-4c5c-a6fc-4bd1c3d67d50
which can be used as unique global reference for Tetra Defense Sodinokibi March 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-14T00:00:00Z |
date_published | 2020-03-01T00:00:00Z |
source | MITRE |
title | CAUSE AND EFFECT: SODINOKIBI RANSOMWARE ANALYSIS |
CarbonBlack RobbinHood May 2019
Lee, S. (2019, May 17). CB TAU Threat Intelligence Notification: RobbinHood Ransomware Stops 181 Windows Services Before Encryption. Retrieved July 29, 2019.
Internal MISP references
UUID cb9e49fa-253a-447a-9c88-c6e507bae0bb
which can be used as unique global reference for CarbonBlack RobbinHood May 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-29T00:00:00Z |
date_published | 2019-05-17T00:00:00Z |
source | MITRE |
title | CB TAU Threat Intelligence Notification: RobbinHood Ransomware Stops 181 Windows Services Before Encryption |
Talos CCleanup 2017
Brumaghin, E. et al. (2017, September 18). CCleanup: A Vast Number of Machines at Risk. Retrieved March 9, 2018.
Internal MISP references
UUID f2522cf4-dc65-4dc5-87e3-9e88212fcfe9
which can be used as unique global reference for Talos CCleanup 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-09T00:00:00Z |
date_published | 2017-09-18T00:00:00Z |
source | MITRE |
title | CCleanup: A Vast Number of Machines at Risk |
Cdb.exe - LOLBAS Project
LOLBAS. (2018, May 25). Cdb.exe. Retrieved December 4, 2023.
Internal MISP references
UUID e61b035f-6247-47e3-918c-2892815dfddf
which can be used as unique global reference for Cdb.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Cdb.exe |
Slowik Sandworm 2021
Joseph Slowik, DomainTools. (2021, March 3). Centreon to Exim and Back: On the Trail of Sandworm. Retrieved April 6, 2024.
Internal MISP references
UUID e1753588-bc53-5265-935e-cbbaf3e13a82
which can be used as unique global reference for Slowik Sandworm 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-06T00:00:00Z |
date_published | 2021-03-03T00:00:00Z |
source | MITRE |
title | Centreon to Exim and Back: On the Trail of Sandworm |
ESET PLEAD Malware July 2018
Cherepanov, A.. (2018, July 9). Certificates stolen from Taiwanese tech‑companies misused in Plead malware campaign. Retrieved May 6, 2020.
Internal MISP references
UUID 2c28640d-e4ee-47db-a8f1-b34def7d2e9a
which can be used as unique global reference for ESET PLEAD Malware July 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-06T00:00:00Z |
date_published | 2018-07-09T00:00:00Z |
source | MITRE |
title | Certificates stolen from Taiwanese tech‑companies misused in Plead malware campaign |
Medium Certified Pre Owned
Schroeder, W. (2021, June 17). Certified Pre-Owned. Retrieved August 2, 2022.
Internal MISP references
UUID 04e53c69-3f29-4bb4-83c9-ff3a2db1526b
which can be used as unique global reference for Medium Certified Pre Owned
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-02T00:00:00Z |
date_published | 2021-06-17T00:00:00Z |
source | MITRE |
title | Certified Pre-Owned |
SpecterOps Certified Pre Owned
Schroeder, W. & Christensen, L. (2021, June 22). Certified Pre-Owned - Abusing Active Directory Certificate Services. Retrieved August 2, 2022.
Internal MISP references
UUID 73b6a6a6-c2b8-4aed-9cbc-d3bdcbb97698
which can be used as unique global reference for SpecterOps Certified Pre Owned
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-02T00:00:00Z |
date_published | 2021-06-22T00:00:00Z |
source | MITRE |
title | Certified Pre-Owned - Abusing Active Directory Certificate Services |
GitHub Certify
HarmJ0y et al. (2021, June 9). Certify. Retrieved August 4, 2022.
Internal MISP references
UUID 27fce38b-07d6-43ed-a3da-174458c4acbe
which can be used as unique global reference for GitHub Certify
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-04T00:00:00Z |
date_published | 2021-06-09T00:00:00Z |
source | MITRE |
title | Certify |
CertOC.exe - LOLBAS Project
LOLBAS. (2021, October 7). CertOC.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b906498e-2773-419b-8c6d-3e974925ac18
which can be used as unique global reference for CertOC.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-10-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | CertOC.exe |
CertReq.exe - LOLBAS Project
LOLBAS. (2020, July 7). CertReq.exe. Retrieved December 4, 2023.
Internal MISP references
UUID be446484-8ecc-486e-8940-658c147f6978
which can be used as unique global reference for CertReq.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-07-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | CertReq.exe |
GitHub CertStealer
TheWover. (2021, April 21). CertStealer. Retrieved August 2, 2022.
Internal MISP references
UUID da06ce8f-f950-4ae8-a62a-b59b236e91a3
which can be used as unique global reference for GitHub CertStealer
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-02T00:00:00Z |
date_published | 2021-04-21T00:00:00Z |
source | MITRE |
title | CertStealer |
TechNet Certutil
Microsoft. (2012, November 14). Certutil. Retrieved July 3, 2017.
Internal MISP references
UUID 8d095aeb-c72c-49c1-8482-dbf4ce9203ce
which can be used as unique global reference for TechNet Certutil
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-03T00:00:00Z |
date_published | 2012-11-14T00:00:00Z |
source | MITRE |
title | Certutil |
LOLBAS Certutil
LOLBAS. (n.d.). Certutil.exe. Retrieved July 31, 2019.
Internal MISP references
UUID 4c875710-9b5d-47b5-bc9e-69ef95797c8f
which can be used as unique global reference for LOLBAS Certutil
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-31T00:00:00Z |
source | MITRE |
title | Certutil.exe |
FireEye CFR Watering Hole 2012
Kindlund, D. (2012, December 30). CFR Watering Hole Attack Details. Retrieved December 18, 2020.
Internal MISP references
UUID 6108ab77-e4fd-43f2-9d49-8ce9c219ca9c
which can be used as unique global reference for FireEye CFR Watering Hole 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-18T00:00:00Z |
date_published | 2012-12-30T00:00:00Z |
source | MITRE |
title | CFR Watering Hole Attack Details |
Twitter Cglyer Status Update APT3 eml
Glyer, C. (2018, April 14). @cglyer Status Update. Retrieved October 11, 2018.
Internal MISP references
UUID cfcb0839-0736-489f-9779-72e5c96cce3d
which can be used as unique global reference for Twitter Cglyer Status Update APT3 eml
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-11T00:00:00Z |
date_published | 2018-04-14T00:00:00Z |
source | MITRE |
title | @cglyer Status Update |
Cybereason Chaes Nov 2020
Salem, E. (2020, November 17). CHAES: Novel Malware Targeting Latin American E-Commerce. Retrieved June 30, 2021.
Internal MISP references
UUID aaefa162-82a8-4b6d-b7be-fd31fafd9246
which can be used as unique global reference for Cybereason Chaes Nov 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-30T00:00:00Z |
date_published | 2020-11-17T00:00:00Z |
source | MITRE |
title | CHAES: Novel Malware Targeting Latin American E-Commerce |
Symantec Chafer February 2018
Symantec. (2018, February 28). Chafer: Latest Attacks Reveal Heightened Ambitions. Retrieved May 22, 2020.
Internal MISP references
UUID 3daaa402-5477-4868-b8f1-a2f6e38f04ef
which can be used as unique global reference for Symantec Chafer February 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-22T00:00:00Z |
date_published | 2018-02-28T00:00:00Z |
source | MITRE |
title | Chafer: Latest Attacks Reveal Heightened Ambitions |
Securelist Remexi Jan 2019
Legezo, D. (2019, January 30). Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities. Retrieved April 17, 2019.
Internal MISP references
UUID 07dfd8e7-4e51-4c6e-a4f6-aaeb74ff8845
which can be used as unique global reference for Securelist Remexi Jan 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-17T00:00:00Z |
date_published | 2019-01-30T00:00:00Z |
source | MITRE |
title | Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities |
change_rdp_port_conti
The DFIR Report. (2022, March 1). "Change RDP port" #ContiLeaks. Retrieved March 1, 2022.
Internal MISP references
UUID c0deb077-6c26-52f1-9e7c-d1fb535a02a0
which can be used as unique global reference for change_rdp_port_conti
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-01T00:00:00Z |
date_published | 2022-03-01T00:00:00Z |
source | MITRE |
title | "Change RDP port" #ContiLeaks |
Microsoft Change Normal Template
Microsoft. (n.d.). Change the Normal template (Normal.dotm). Retrieved July 3, 2017.
Internal MISP references
UUID 76bf3ce1-b94c-4b3d-9707-aca8a1ae5555
which can be used as unique global reference for Microsoft Change Normal Template
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-03T00:00:00Z |
source | MITRE |
title | Change the Normal template (Normal.dotm) |
Microsoft Change Default Programs
Microsoft. (n.d.). Change which programs Windows 7 uses by default. Retrieved July 26, 2016.
Internal MISP references
UUID de515277-a280-40e5-ba34-3e8f16a5c703
which can be used as unique global reference for Microsoft Change Default Programs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-07-26T00:00:00Z |
source | MITRE |
title | Change which programs Windows 7 uses by default |
Chaos Stolen Backdoor
Sebastian Feldmann. (2018, February 14). Chaos: a Stolen Backdoor Rising Again. Retrieved March 5, 2018.
Internal MISP references
UUID 8e6916c1-f102-4b54-b6a5-a58fed825c2e
which can be used as unique global reference for Chaos Stolen Backdoor
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-05T00:00:00Z |
date_published | 2018-02-14T00:00:00Z |
source | MITRE |
title | Chaos: a Stolen Backdoor Rising Again |
Wardle Persistence Chapter
Patrick Wardle. (n.d.). Chapter 0x2: Persistence. Retrieved April 13, 2022.
Internal MISP references
UUID 6272b9a2-d704-43f3-9e25-6c434bb5d1ef
which can be used as unique global reference for Wardle Persistence Chapter
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-13T00:00:00Z |
source | MITRE |
title | Chapter 0x2: Persistence |
cisco_deploy_rsa_keys
Cisco. (2023, February 17). Chapter: Deploying RSA Keys Within a PKI . Retrieved March 27, 2023.
Internal MISP references
UUID 132f387e-4ee3-51d3-a3b6-d61102ada152
which can be used as unique global reference for cisco_deploy_rsa_keys
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-27T00:00:00Z |
date_published | 2023-02-17T00:00:00Z |
source | MITRE |
title | Chapter: Deploying RSA Keys Within a PKI |
Wikipedia Character Encoding
Wikipedia. (2017, February 19). Character Encoding. Retrieved March 1, 2017.
Internal MISP references
UUID 3e7df20f-5d11-4102-851f-04e89c25d12f
which can be used as unique global reference for Wikipedia Character Encoding
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-01T00:00:00Z |
date_published | 2017-02-19T00:00:00Z |
source | MITRE |
title | Character Encoding |
ClearSky Charming Kitten Dec 2017
ClearSky Cyber Security. (2017, December). Charming Kitten. Retrieved December 27, 2017.
Internal MISP references
UUID 23ab1ad2-e9d4-416a-926f-6220a59044ab
which can be used as unique global reference for ClearSky Charming Kitten Dec 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-27T00:00:00Z |
date_published | 2017-12-01T00:00:00Z |
source | MITRE |
title | Charming Kitten |
Certfa Charming Kitten January 2021
Certfa Labs. (2021, January 8). Charming Kitten’s Christmas Gift. Retrieved May 3, 2021.
Internal MISP references
UUID c38a8af6-3f9b-40c3-8122-a2a51eb50664
which can be used as unique global reference for Certfa Charming Kitten January 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-03T00:00:00Z |
date_published | 2021-01-08T00:00:00Z |
source | MITRE |
title | Charming Kitten’s Christmas Gift |
Proofpoint TA2541 February 2022
Larson, S. and Wise, J. (2022, February 15). Charting TA2541's Flight. Retrieved September 12, 2023.
Internal MISP references
UUID db0b1425-8bd7-51b5-bae3-53c5ccccb8da
which can be used as unique global reference for Proofpoint TA2541 February 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-12T00:00:00Z |
date_published | 2022-02-15T00:00:00Z |
source | MITRE |
title | Charting TA2541's Flight |
JPCERT ChChes Feb 2017
Nakamura, Y.. (2017, February 17). ChChes - Malware that Communicates with C&C Servers Using Cookie Headers. Retrieved March 1, 2017.
Internal MISP references
UUID 657b43aa-ead2-41d3-911a-d714d9b28e19
which can be used as unique global reference for JPCERT ChChes Feb 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-01T00:00:00Z |
date_published | 2017-02-17T00:00:00Z |
source | MITRE |
title | ChChes - Malware that Communicates with C&C Servers Using Cookie Headers |
EclecticLightChecksonEXECodeSigning
Howard Oakley. (2020, November 16). Checks on executable code in Catalina and Big Sur: a first draft. Retrieved September 21, 2022.
Internal MISP references
UUID 2885db46-4f8c-4c35-901c-7641c7701293
which can be used as unique global reference for EclecticLightChecksonEXECodeSigning
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-21T00:00:00Z |
date_published | 2020-11-16T00:00:00Z |
source | MITRE |
title | Checks on executable code in Catalina and Big Sur: a first draft |
Mandiant Pulse Secure Zero-Day April 2021
Perez, D. et al. (2021, April 20). Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day. Retrieved February 5, 2024.
Internal MISP references
UUID 0760480c-97be-5fc9-a6aa-f1df91a314a3
which can be used as unique global reference for Mandiant Pulse Secure Zero-Day April 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-05T00:00:00Z |
date_published | 2021-04-20T00:00:00Z |
source | MITRE |
title | Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day |
Anomali MUSTANG PANDA October 2019
Anomali Threat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021.
Internal MISP references
UUID 70277fa4-60a8-475e-993a-c74241b76127
which can be used as unique global reference for Anomali MUSTANG PANDA October 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-12T00:00:00Z |
date_published | 2019-10-07T00:00:00Z |
source | MITRE, Tidal Cyber |
title | China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations |
FireEye admin@338
FireEye Threat Intelligence. (2015, December 1). China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets. Retrieved December 4, 2015.
Internal MISP references
UUID f3470275-9652-440e-914d-ad4fc5165413
which can be used as unique global reference for FireEye admin@338
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-12-04T00:00:00Z |
date_published | 2015-12-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets |
IronNet BlackTech Oct 2021
Demboski, M., et al. (2021, October 26). China cyber attacks: the current threat landscape. Retrieved March 25, 2022.
Internal MISP references
UUID 98b2d114-4246-409d-934a-238682fd5ae6
which can be used as unique global reference for IronNet BlackTech Oct 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-25T00:00:00Z |
date_published | 2021-10-26T00:00:00Z |
source | MITRE |
title | China cyber attacks: the current threat landscape |
Recorded Future RedEcho Feb 2021
Insikt Group. (2021, February 28). China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions. Retrieved March 22, 2021.
Internal MISP references
UUID 6da7eb8a-aab4-41ea-a0b7-5313d88cbe91
which can be used as unique global reference for Recorded Future RedEcho Feb 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-22T00:00:00Z |
date_published | 2021-02-28T00:00:00Z |
source | MITRE |
title | China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions |
EFF China GitHub Attack
Budington, B. (2015, April 2). China Uses Unencrypted Websites to Hijack Browsers in GitHub Attack. Retrieved September 1, 2023.
Internal MISP references
UUID b8405628-6366-5cc9-a9af-b97d5c9176dd
which can be used as unique global reference for EFF China GitHub Attack
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-01T00:00:00Z |
date_published | 2015-04-02T00:00:00Z |
source | MITRE |
title | China Uses Unencrypted Websites to Hijack Browsers in GitHub Attack |
PaloAlto 3102 Sept 2015
Falcone, R. & Miller-Osborn, J. (2015, September 23). Chinese Actors Use ‘3102’ Malware in Attacks on US Government and EU Media. Retrieved March 19, 2018.
Internal MISP references
UUID db340043-43a7-4b16-a570-92a0d879b2bf
which can be used as unique global reference for PaloAlto 3102 Sept 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-19T00:00:00Z |
date_published | 2015-09-23T00:00:00Z |
source | MITRE |
title | Chinese Actors Use ‘3102’ Malware in Attacks on US Government and EU Media |
ZScaler Hacking Team
Desai, D.. (2015, August 14). Chinese cyber espionage APT group leveraging recently leaked Hacking Team exploits to target a Financial Services Firm. Retrieved January 26, 2016.
Internal MISP references
UUID 83e6ab22-1f01-4c9b-90e5-0279af487805
which can be used as unique global reference for ZScaler Hacking Team
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-26T00:00:00Z |
date_published | 2015-08-14T00:00:00Z |
source | MITRE |
title | Chinese cyber espionage APT group leveraging recently leaked Hacking Team exploits to target a Financial Services Firm |
Hacker News LuckyMouse June 2018
Khandelwal, S. (2018, June 14). Chinese Hackers Carried Out Country-Level Watering Hole Attack. Retrieved August 18, 2018.
Internal MISP references
UUID de78446a-cb46-4422-820b-9ddf07557b1a
which can be used as unique global reference for Hacker News LuckyMouse June 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-18T00:00:00Z |
date_published | 2018-06-14T00:00:00Z |
source | MITRE |
title | Chinese Hackers Carried Out Country-Level Watering Hole Attack |
The Record APT31 Router Hacks
Catalin Cimpanu. (2021, July 20). Chinese hacking group APT31 uses mesh of home routers to disguise attacks. Retrieved April 25, 2024.
Internal MISP references
UUID 41fc3724-85a0-4ad0-9494-47f89f3b079b
which can be used as unique global reference for The Record APT31 Router Hacks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-25T00:00:00Z |
date_published | 2021-07-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Chinese hacking group APT31 uses mesh of home routers to disguise attacks |
Dark Reading Codoso Feb 2015
Chickowski, E. (2015, February 10). Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole. Retrieved September 13, 2018.
Internal MISP references
UUID c24035b1-2021-44ae-b01e-651e44526737
which can be used as unique global reference for Dark Reading Codoso Feb 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-13T00:00:00Z |
date_published | 2015-02-10T00:00:00Z |
source | MITRE |
title | Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole |
Recorded Future TAG-22 July 2021
INSIKT GROUP. (2021, July 8). Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling. Retrieved September 2, 2022.
Internal MISP references
UUID 258433e7-f829-4365-adbb-c5690159070f
which can be used as unique global reference for Recorded Future TAG-22 July 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-02T00:00:00Z |
date_published | 2021-07-08T00:00:00Z |
source | MITRE |
title | Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling |
Recorded Future Chinese Activity in Southeast Asia December 2021
Insikt Group. (2021, December 8). Chinese State-Sponsored Cyber Espionage Activity Supports Expansion of Regional Power and Influence in Southeast Asia. Retrieved September 19, 2022.
Internal MISP references
UUID 0809db3b-81a8-475d-920a-cb913b30f42e
which can be used as unique global reference for Recorded Future Chinese Activity in Southeast Asia December 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-19T00:00:00Z |
date_published | 2021-12-08T00:00:00Z |
source | MITRE |
title | Chinese State-Sponsored Cyber Espionage Activity Supports Expansion of Regional Power and Influence in Southeast Asia |
Recorded Future REDDELTA July 2020
Insikt Group. (2020, July 28). CHINESE STATE-SPONSORED GROUP ‘REDDELTA’ TARGETS THE VATICAN AND CATHOLIC ORGANIZATIONS. Retrieved April 13, 2021.
Internal MISP references
UUID e2bc037e-d483-4670-8281-70e51b16effe
which can be used as unique global reference for Recorded Future REDDELTA July 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-13T00:00:00Z |
date_published | 2020-07-28T00:00:00Z |
source | MITRE |
title | CHINESE STATE-SPONSORED GROUP ‘REDDELTA’ TARGETS THE VATICAN AND CATHOLIC ORGANIZATIONS |
Github CHIPSEC
Intel. (2017, March 18). CHIPSEC Platform Security Assessment Framework. Retrieved March 20, 2017.
Internal MISP references
UUID 47501334-56cb-453b-a9e3-33990d88018b
which can be used as unique global reference for Github CHIPSEC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-20T00:00:00Z |
date_published | 2017-03-18T00:00:00Z |
source | MITRE |
title | CHIPSEC Platform Security Assessment Framework |
McAfee CHIPSEC Blog
Beek, C., Samani, R. (2017, March 8). CHIPSEC Support Against Vault 7 Disclosure Scanning. Retrieved March 13, 2017.
Internal MISP references
UUID b65ed687-c279-4f64-9dd2-839164cd269c
which can be used as unique global reference for McAfee CHIPSEC Blog
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-13T00:00:00Z |
date_published | 2017-03-08T00:00:00Z |
source | MITRE |
title | CHIPSEC Support Against Vault 7 Disclosure Scanning |
Chkrootkit Main
Murilo, N., Steding-Jessen, K. (2017, August 23). Chkrootkit. Retrieved April 9, 2018.
Internal MISP references
UUID 828fb4b9-17a6-4a87-ac2a-631643adb18d
which can be used as unique global reference for Chkrootkit Main
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-09T00:00:00Z |
date_published | 2017-08-23T00:00:00Z |
source | MITRE |
title | Chkrootkit |
Azure AD Hybrid Identity
Microsoft. (2022, August 26). Choose the right authentication method for your Azure Active Directory hybrid identity solution. Retrieved September 28, 2022.
Internal MISP references
UUID b019406c-6e39-41a2-a8b4-97f8d6482147
which can be used as unique global reference for Azure AD Hybrid Identity
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-28T00:00:00Z |
date_published | 2022-08-26T00:00:00Z |
source | MITRE |
title | Choose the right authentication method for your Azure Active Directory hybrid identity solution |
Chrome Remote Desktop
Huntress. (n.d.). Retrieved March 14, 2024.
Internal MISP references
UUID c1b2d0e9-2396-5080-aea3-58a99c027d20
which can be used as unique global reference for Chrome Remote Desktop
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-14T00:00:00Z |
source | MITRE |
title | Chrome Remote Desktop |
show_ssh_users_cmd_cisco
Cisco. (2023, March 7). Cisco IOS Security Command Reference: Commands S to Z . Retrieved July 13, 2022.
Internal MISP references
UUID 11d34884-4559-57ad-8910-54e517c6493e
which can be used as unique global reference for show_ssh_users_cmd_cisco
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-13T00:00:00Z |
date_published | 2023-03-07T00:00:00Z |
source | MITRE |
title | Cisco IOS Security Command Reference: Commands S to Z |
Cisco IOS Shellcode
George Nosenko. (2015). CISCO IOS SHELLCODE: ALL-IN-ONE. Retrieved October 21, 2020.
Internal MISP references
UUID 55a45f9b-7be4-4f1b-8b19-a0addf9da8d8
which can be used as unique global reference for Cisco IOS Shellcode
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-21T00:00:00Z |
date_published | 2015-01-01T00:00:00Z |
source | MITRE |
title | CISCO IOS SHELLCODE: ALL-IN-ONE |
Cisco IOS Software Integrity Assurance - AAA
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - AAA. Retrieved October 19, 2020.
Internal MISP references
UUID 2d1b5021-91ad-43c9-8527-4978fa779168
which can be used as unique global reference for Cisco IOS Software Integrity Assurance - AAA
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
source | MITRE |
title | Cisco IOS Software Integrity Assurance - AAA |
Cisco IOS Software Integrity Assurance - Boot Information
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Boot Information. Retrieved October 21, 2020.
Internal MISP references
UUID 5349863a-00c1-42bf-beac-4e7d053d6311
which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Boot Information
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-21T00:00:00Z |
source | MITRE |
title | Cisco IOS Software Integrity Assurance - Boot Information |
Cisco IOS Software Integrity Assurance - Change Control
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Change Control. Retrieved October 21, 2020.
Internal MISP references
UUID 8fb532f2-c730-4b86-b8d2-2314ce559289
which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Change Control
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-21T00:00:00Z |
source | MITRE |
title | Cisco IOS Software Integrity Assurance - Change Control |
Cisco IOS Software Integrity Assurance - Image File Verification
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Cisco IOS Image File Verification. Retrieved October 19, 2020.
Internal MISP references
UUID f1d736cb-63c1-43e8-a83b-ed86b7c27606
which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Image File Verification
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
source | MITRE |
title | Cisco IOS Software Integrity Assurance - Cisco IOS Image File Verification |
Cisco IOS Software Integrity Assurance - Run-Time Memory Verification
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Cisco IOS Run-Time Memory Integrity Verification. Retrieved October 19, 2020.
Internal MISP references
UUID 284608ea-3769-470e-950b-cbd67796b20f
which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Run-Time Memory Verification
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
source | MITRE |
title | Cisco IOS Software Integrity Assurance - Cisco IOS Run-Time Memory Integrity Verification |
Cisco IOS Software Integrity Assurance - Command History
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Command History. Retrieved October 21, 2020.
Internal MISP references
UUID dbca06dd-1184-4d52-9ee8-b059e368033c
which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Command History
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-21T00:00:00Z |
source | MITRE |
title | Cisco IOS Software Integrity Assurance - Command History |
Cisco IOS Software Integrity Assurance - Credentials Management
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Credentials Management. Retrieved October 19, 2020.
Internal MISP references
UUID 9a7428e3-bd77-4c3e-ac90-c4e30d504ba6
which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Credentials Management
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
source | MITRE |
title | Cisco IOS Software Integrity Assurance - Credentials Management |
Cisco IOS Software Integrity Assurance - Deploy Signed IOS
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Deploy Signed IOS. Retrieved October 21, 2020.
Internal MISP references
UUID 71ea5591-6e46-4c58-a4e8-c629eba1b6c5
which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Deploy Signed IOS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-21T00:00:00Z |
source | MITRE |
title | Cisco IOS Software Integrity Assurance - Deploy Signed IOS |
Cisco IOS Software Integrity Assurance - Image File Integrity
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Image File Integrity. Retrieved October 21, 2020.
Internal MISP references
UUID 90909bd4-15e8-48ee-8067-69f04736c583
which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Image File Integrity
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-21T00:00:00Z |
source | MITRE |
title | Cisco IOS Software Integrity Assurance - Image File Integrity |
Cisco IOS Software Integrity Assurance - Secure Boot
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Secure Boot. Retrieved October 19, 2020.
Internal MISP references
UUID 4f6f686e-bcda-480a-88a1-ad7b00084c13
which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Secure Boot
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
source | MITRE |
title | Cisco IOS Software Integrity Assurance - Secure Boot |
Cisco IOS Software Integrity Assurance - TACACS
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - TACACS. Retrieved October 19, 2020.
Internal MISP references
UUID 54506dc2-6496-4edb-a5bf-fe64bf235ac0
which can be used as unique global reference for Cisco IOS Software Integrity Assurance - TACACS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
source | MITRE |
title | Cisco IOS Software Integrity Assurance - TACACS |
Cisco Traffic Mirroring
Cisco. (n.d.). Cisco IOS XR Interface and Hardware Component Configuration Guide for the Cisco CRS Router, Release 5.1.x. Retrieved October 19, 2020.
Internal MISP references
UUID 1a5c86ad-d3b1-408b-a6b4-14ca0e572020
which can be used as unique global reference for Cisco Traffic Mirroring
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
source | MITRE |
title | Cisco IOS XR Interface and Hardware Component Configuration Guide for the Cisco CRS Router, Release 5.1.x |
Talos - Cisco Attack 2022
Nick Biasini. (2022, August 10). Cisco Talos shares insights related to recent cyber attack on Cisco. Retrieved March 9, 2023.
Internal MISP references
UUID 143182ad-6a16-5a0d-a5c4-7dae721a9e26
which can be used as unique global reference for Talos - Cisco Attack 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-09T00:00:00Z |
date_published | 2022-08-10T00:00:00Z |
source | MITRE |
title | Cisco Talos shares insights related to recent cyber attack on Cisco |
Citrix Bulletin CVE-2023-3519
Citrix. (2023, July 18). Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467. Retrieved July 24, 2023.
Internal MISP references
UUID 245ef1b7-778d-4df2-99a9-b51c95c57580
which can be used as unique global reference for Citrix Bulletin CVE-2023-3519
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-24T00:00:00Z |
date_published | 2023-07-18T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467 |
Malwarebytes Citrix Bleed November 24 2023
Pieter Arntz. (2023, November 24). Citrix Bleed widely exploited, warn government agencies. Retrieved November 30, 2023.
Internal MISP references
UUID fdc86cea-0015-48d1-934f-b22244de6306
which can be used as unique global reference for Malwarebytes Citrix Bleed November 24 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-30T00:00:00Z |
date_published | 2023-11-24T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Citrix Bleed widely exploited, warn government agencies |
Cyble April 28 2023
Cybleinc. (2023, April 28). Citrix Users at Risk: AresLoader Spreading Through Disguised GitLab Repo. Retrieved May 7, 2023.
Internal MISP references
UUID 2d6bea2c-cc19-4ff7-873f-151f1ff354cb
which can be used as unique global reference for Cyble April 28 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2023-04-28T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Citrix Users at Risk: AresLoader Spreading Through Disguised GitLab Repo |
Cyble April 03 2023
Cybleinc. (2023, April 3). Cl0p Ransomware: Active Threat Plaguing Businesses Worldwide. Retrieved May 25, 2023.
Internal MISP references
UUID 8c7815c4-ed8d-47c3-84af-b7cdabd49652
which can be used as unique global reference for Cyble April 03 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-25T00:00:00Z |
date_published | 2023-04-03T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Cl0p Ransomware: Active Threat Plaguing Businesses Worldwide |
Talent-Jump Clambling February 2020
Chen, T. and Chen, Z. (2020, February 17). CLAMBLING - A New Backdoor Base On Dropbox. Retrieved November 12, 2021.
Internal MISP references
UUID 51144a8a-0cd4-4d5d-826b-21c2dc8422be
which can be used as unique global reference for Talent-Jump Clambling February 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-11-12T00:00:00Z |
date_published | 2020-02-17T00:00:00Z |
source | MITRE |
title | CLAMBLING - A New Backdoor Base On Dropbox |
FireEye Clandestine Fox Part 2
Scott, M.. (2014, June 10). Clandestine Fox, Part Deux. Retrieved January 14, 2016.
Internal MISP references
UUID 82500741-984d-4039-8f53-b303845c2849
which can be used as unique global reference for FireEye Clandestine Fox Part 2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-14T00:00:00Z |
date_published | 2014-06-10T00:00:00Z |
source | MITRE |
title | Clandestine Fox, Part Deux |
Microsoft Clear-EventLog
Microsoft. (n.d.). Clear-EventLog. Retrieved July 2, 2018.
Internal MISP references
UUID 35944ff0-2bbd-4055-8e8a-cfff27241a8a
which can be used as unique global reference for Microsoft Clear-EventLog
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-02T00:00:00Z |
source | MITRE |
title | Clear-EventLog |
Clearing quarantine attribute
Rich Trouton. (2012, November 20). Clearing the quarantine extended attribute from downloaded applications. Retrieved July 5, 2017.
Internal MISP references
UUID 4115ab53-751c-4016-9151-a55eab7d6ddf
which can be used as unique global reference for Clearing quarantine attribute
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-05T00:00:00Z |
date_published | 2012-11-20T00:00:00Z |
source | MITRE |
title | Clearing the quarantine extended attribute from downloaded applications |
NPPSPY - Huntress
Dray Agha. (2022, August 16). Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY. Retrieved March 30, 2023.
Internal MISP references
UUID df1f7379-38c3-5ca9-8333-d684022c000c
which can be used as unique global reference for NPPSPY - Huntress
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-30T00:00:00Z |
date_published | 2022-08-16T00:00:00Z |
source | MITRE |
title | Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY |
CL_Invocation.ps1 - LOLBAS Project
LOLBAS. (2018, May 25). CL_Invocation.ps1. Retrieved December 4, 2023.
Internal MISP references
UUID a53e093a-973c-491d-91e3-bc7804d87b8b
which can be used as unique global reference for CL_Invocation.ps1 - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | CL_Invocation.ps1 |
clip_win_server
Microsoft, JasonGerend, et al. (2023, February 3). clip. Retrieved June 21, 2022.
Internal MISP references
UUID 8a961fa1-def0-5efe-8599-62e884d4ea22
which can be used as unique global reference for clip_win_server
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-21T00:00:00Z |
date_published | 2023-02-03T00:00:00Z |
source | MITRE |
title | clip |
Red Canary Silver Sparrow Feb2021
Tony Lambert. (2021, February 18). Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight. Retrieved April 20, 2021.
Internal MISP references
UUID f08a856d-6c3e-49e2-b7ba-399831c637e5
which can be used as unique global reference for Red Canary Silver Sparrow Feb2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-20T00:00:00Z |
date_published | 2021-02-18T00:00:00Z |
source | MITRE |
title | Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight |
CL_LoadAssembly.ps1 - LOLBAS Project
LOLBAS. (2021, September 26). CL_LoadAssembly.ps1. Retrieved December 4, 2023.
Internal MISP references
UUID 31a14027-1181-49b9-87bf-78a65a551312
which can be used as unique global reference for CL_LoadAssembly.ps1 - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-09-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | CL_LoadAssembly.ps1 |
CL_Mutexverifiers.ps1 - LOLBAS Project
LOLBAS. (2018, May 25). CL_Mutexverifiers.ps1. Retrieved December 4, 2023.
Internal MISP references
UUID 75b89502-21ed-4920-95cc-212eaf17f281
which can be used as unique global reference for CL_Mutexverifiers.ps1 - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | CL_Mutexverifiers.ps1 |
Cybereason Clop Dec 2020
Cybereason Nocturnus. (2020, December 23). Cybereason vs. Clop Ransomware. Retrieved May 11, 2021.
Internal MISP references
UUID f54d682d-100e-41bb-96be-6a79ea422066
which can be used as unique global reference for Cybereason Clop Dec 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-11T00:00:00Z |
source | MITRE |
title | Clop Ransomware |
Mcafee Clop Aug 2019
Mundo, A. (2019, August 1). Clop Ransomware. Retrieved May 10, 2021.
Internal MISP references
UUID 458141bd-7dd2-41fd-82e8-7ea2e4a477ab
which can be used as unique global reference for Mcafee Clop Aug 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-10T00:00:00Z |
date_published | 2019-08-01T00:00:00Z |
source | MITRE |
title | Clop Ransomware |
Bleeping Computer Clop February 2023
Sergiu Gatlan. (2023, February 10). Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day. Retrieved May 8, 2023.
Internal MISP references
UUID ccfa7e78-1ee9-4d46-9f03-137eb12cf474
which can be used as unique global reference for Bleeping Computer Clop February 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-08T00:00:00Z |
date_published | 2023-02-10T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day |
Kaspersky Cloud Atlas December 2014
GReAT. (2014, December 10). Cloud Atlas: RedOctober APT is back in style. Retrieved May 8, 2020.
Internal MISP references
UUID 41a9b3e3-0953-4bde-9e1d-c2f51de1120e
which can be used as unique global reference for Kaspersky Cloud Atlas December 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-08T00:00:00Z |
date_published | 2014-12-10T00:00:00Z |
source | MITRE |
title | Cloud Atlas: RedOctober APT is back in style |
Kandji 4 8 2024
Adam Kohler; Christopher Lopez. (2024, April 8). CloudChat Infostealer How It Works, What It Does. Retrieved April 19, 2024.
Internal MISP references
UUID f2e74613-f578-4408-bc76-144ec671808b
which can be used as unique global reference for Kandji 4 8 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-19T00:00:00Z |
date_published | 2024-04-08T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | CloudChat Infostealer How It Works, What It Does |
Rhino Labs Cloud Backdoor September 2019
Rhino Labs. (2019, September). Cloud Container Attack Tool (CCAT). Retrieved September 12, 2019.
Internal MISP references
UUID ac31b781-dbe4-49c2-b7af-dfb23d435ce8
which can be used as unique global reference for Rhino Labs Cloud Backdoor September 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-12T00:00:00Z |
date_published | 2019-09-01T00:00:00Z |
source | MITRE |
title | Cloud Container Attack Tool (CCAT) |
Google Cloud Storage
Google. (n.d.). Cloud Storage. Retrieved October 13, 2021.
Internal MISP references
UUID 5fe51b4e-9b82-4e97-bb65-73708349538a
which can be used as unique global reference for Google Cloud Storage
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-13T00:00:00Z |
source | MITRE |
title | Cloud Storage |
Office 265 Azure Domain Availability
Microsoft. (2017, January 23). (Cloud) Tip of the Day: Advanced way to check domain availability for Office 365 and Azure. Retrieved May 27, 2022.
Internal MISP references
UUID dddf33ea-d074-4bc4-98d2-39b7e843e37d
which can be used as unique global reference for Office 265 Azure Domain Availability
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-27T00:00:00Z |
date_published | 2017-01-23T00:00:00Z |
source | MITRE |
title | (Cloud) Tip of the Day: Advanced way to check domain availability for Office 365 and Azure |
Mandiant Cloudy Logs 2023
Pany, D. & Hanley, C. (2023, May 3). Cloudy with a Chance of Bad Logs: Cloud Platform Log Configurations to Consider in Investigations. Retrieved October 16, 2023.
Internal MISP references
UUID a9835fe9-8227-5310-a728-1d09f19342b3
which can be used as unique global reference for Mandiant Cloudy Logs 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-16T00:00:00Z |
date_published | 2023-05-03T00:00:00Z |
source | MITRE |
title | Cloudy with a Chance of Bad Logs: Cloud Platform Log Configurations to Consider in Investigations |
win_clsid_key
Microsoft. (2018, May 31). CLSID Key. Retrieved September 24, 2021.
Internal MISP references
UUID 239bb629-2733-4da3-87c2-47a7ab55433f
which can be used as unique global reference for win_clsid_key
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-24T00:00:00Z |
date_published | 2018-05-31T00:00:00Z |
source | MITRE |
title | CLSID Key |
Kube Cluster Admin
kubernetes. (2021, January 16). Cluster Administration. Retrieved October 13, 2021.
Internal MISP references
UUID 6c5f2465-1db3-46cc-8d2a-9763c21aa8cc
which can be used as unique global reference for Kube Cluster Admin
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-13T00:00:00Z |
date_published | 2021-01-16T00:00:00Z |
source | MITRE |
title | Cluster Administration |
Kube Cluster Info
kubernetes. (n.d.). cluster-info. Retrieved October 13, 2021.
Internal MISP references
UUID 0f8b5d79-2393-45a2-b6d4-df394e513e39
which can be used as unique global reference for Kube Cluster Info
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-13T00:00:00Z |
source | MITRE |
title | cluster-info |
TechNet Cmd
Microsoft. (n.d.). Cmd. Retrieved April 18, 2016.
Internal MISP references
UUID dbfc01fe-c300-4c27-ab9a-a20508c1e04b
which can be used as unique global reference for TechNet Cmd
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-18T00:00:00Z |
source | MITRE |
title | Cmd |
Cmd.exe - LOLBAS Project
LOLBAS. (2019, June 26). Cmd.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 887aa9af-3f0e-42bb-8c40-39149f34b922
which can be used as unique global reference for Cmd.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2019-06-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Cmd.exe |
Cmdkey.exe - LOLBAS Project
LOLBAS. (2018, May 25). Cmdkey.exe. Retrieved December 4, 2023.
Internal MISP references
UUID c9ca075a-8327-463d-96ec-adddf6f1a7bb
which can be used as unique global reference for Cmdkey.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Cmdkey.exe |
cmdl32.exe - LOLBAS Project
LOLBAS. (2021, August 26). cmdl32.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 2628e452-caa1-4058-a405-7c4657fa3245
which can be used as unique global reference for cmdl32.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-08-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | cmdl32.exe |
Cmstp.exe - LOLBAS Project
LOLBAS. (2018, May 25). Cmstp.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 86c21dcd-464a-4870-8aae-25fcaccc889d
which can be used as unique global reference for Cmstp.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Cmstp.exe |
Twitter CMSTP Jan 2018
Tyrer, N. (2018, January 30). CMSTP.exe - remote .sct execution applocker bypass. Retrieved April 11, 2018.
Internal MISP references
UUID 3847149c-1463-4d94-be19-0a8cf1db0b58
which can be used as unique global reference for Twitter CMSTP Jan 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-11T00:00:00Z |
date_published | 2018-01-30T00:00:00Z |
source | MITRE |
title | CMSTP.exe - remote .sct execution applocker bypass |
Secureworks COBALT DICKENS September 2019
Counter Threat Unit Research Team. (2019, September 11). COBALT DICKENS Goes Back to School…Again. Retrieved February 3, 2021.
Internal MISP references
UUID 45815e4d-d678-4823-8315-583893e263e6
which can be used as unique global reference for Secureworks COBALT DICKENS September 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-03T00:00:00Z |
date_published | 2019-09-11T00:00:00Z |
source | MITRE |
title | COBALT DICKENS Goes Back to School…Again |
Morphisec Cobalt Gang Oct 2018
Gorelik, M. (2018, October 08). Cobalt Group 2.0. Retrieved November 5, 2018.
Internal MISP references
UUID 0a0bdd4b-a680-4a38-967d-3ad92f04d619
which can be used as unique global reference for Morphisec Cobalt Gang Oct 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-05T00:00:00Z |
date_published | 2018-10-08T00:00:00Z |
source | MITRE |
title | Cobalt Group 2.0 |
Secureworks COBALT GYPSY Threat Profile
Secureworks. (n.d.). COBALT GYPSY Threat Profile. Retrieved April 14, 2021.
Internal MISP references
UUID f1c21834-7536-430b-8539-e68373718b4d
which can be used as unique global reference for Secureworks COBALT GYPSY Threat Profile
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-14T00:00:00Z |
source | MITRE |
title | COBALT GYPSY Threat Profile |
Secureworks COBALT ILLUSION Threat Profile
Secureworks. (n.d.). COBALT ILLUSION Threat Profile. Retrieved April 14, 2021.
Internal MISP references
UUID 8d9a5b77-2516-4ad5-9710-4c8165df2882
which can be used as unique global reference for Secureworks COBALT ILLUSION Threat Profile
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-14T00:00:00Z |
source | MITRE |
title | COBALT ILLUSION Threat Profile |
PTSecurity Cobalt Dec 2016
Positive Technologies. (2016, December 16). Cobalt Snatch. Retrieved October 9, 2018.
Internal MISP references
UUID 2de4d38f-c99d-4149-89e6-0349a4902aa2
which can be used as unique global reference for PTSecurity Cobalt Dec 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-09T00:00:00Z |
date_published | 2016-12-16T00:00:00Z |
source | MITRE |
title | Cobalt Snatch |
CobaltStrike Daddy May 2017
Mudge, R. (2017, May 23). Cobalt Strike 3.8 – Who’s Your Daddy?. Retrieved June 4, 2019.
Internal MISP references
UUID 056ef3cd-885d-41d6-9547-a2a575b03662
which can be used as unique global reference for CobaltStrike Daddy May 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-04T00:00:00Z |
date_published | 2017-05-23T00:00:00Z |
source | MITRE |
title | Cobalt Strike 3.8 – Who’s Your Daddy? |
Cobalt Strike Manual 4.3 November 2020
Strategic Cyber LLC. (2020, November 5). Cobalt Strike: Advanced Threat Tactics for Penetration Testers. Retrieved April 13, 2021.
Internal MISP references
UUID eb7abdb2-b270-46ae-a950-5a93d09b3565
which can be used as unique global reference for Cobalt Strike Manual 4.3 November 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-13T00:00:00Z |
date_published | 2020-11-05T00:00:00Z |
source | MITRE |
title | Cobalt Strike: Advanced Threat Tactics for Penetration Testers |
cobaltstrike manual
Strategic Cyber LLC. (2017, March 14). Cobalt Strike Manual. Retrieved May 24, 2017.
Internal MISP references
UUID 43277d05-0aa4-4cee-ac41-6f03a49851a9
which can be used as unique global reference for cobaltstrike manual
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-05-24T00:00:00Z |
date_published | 2017-03-14T00:00:00Z |
source | MITRE |
title | Cobalt Strike Manual |
TrendMicro Cobalt Group Nov 2017
Giagone, R., Bermejo, L., and Yarochkin, F. (2017, November 20). Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks. Retrieved March 7, 2019.
Internal MISP references
UUID 81847e06-fea0-4d90-8a9e-5bc99a2bf3f0
which can be used as unique global reference for TrendMicro Cobalt Group Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-07T00:00:00Z |
date_published | 2017-11-20T00:00:00Z |
source | MITRE |
title | Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks |
PTSecurity Cobalt Group Aug 2017
Positive Technologies. (2017, August 16). Cobalt Strikes Back: An Evolving Multinational Threat to Finance. Retrieved September 5, 2018.
Internal MISP references
UUID f4ce1b4d-4f01-4083-8bc6-931cbac9ac38
which can be used as unique global reference for PTSecurity Cobalt Group Aug 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-05T00:00:00Z |
date_published | 2017-08-16T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Cobalt Strikes Back: An Evolving Multinational Threat to Finance |
Zscaler Cobian Aug 2017
Yadav, A., et al. (2017, August 31). Cobian RAT – A backdoored RAT. Retrieved November 13, 2018.
Internal MISP references
UUID 46541bb9-15cb-4a7c-a624-48a1c7e838e3
which can be used as unique global reference for Zscaler Cobian Aug 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-13T00:00:00Z |
date_published | 2017-08-31T00:00:00Z |
source | MITRE |
title | Cobian RAT – A backdoored RAT |
MACOS Cocoa
Apple. (2015, September 16). Cocoa Application Layer. Retrieved June 25, 2020.
Internal MISP references
UUID 6ada4c6a-23dc-4469-a3a1-1d3b4935db97
which can be used as unique global reference for MACOS Cocoa
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-25T00:00:00Z |
date_published | 2015-09-16T00:00:00Z |
source | MITRE |
title | Cocoa Application Layer |
code.exe - LOLBAS Project
LOLBAS. (2023, February 1). code.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 4a93063b-f3a3-4726-870d-b8f744651363
which can be used as unique global reference for code.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2023-02-01T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | code.exe |
Dark Reading Code Spaces Cyber Attack
Brian Prince. (2014, June 20). Code Hosting Service Shuts Down After Cyber Attack. Retrieved March 21, 2023.
Internal MISP references
UUID e5a3028a-f4cc-537c-9ddd-769792ab33be
which can be used as unique global reference for Dark Reading Code Spaces Cyber Attack
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-21T00:00:00Z |
date_published | 2014-06-20T00:00:00Z |
source | MITRE |
title | Code Hosting Service Shuts Down After Cyber Attack |
Medium Ptrace JUL 2018
Jain, S. (2018, July 25). Code injection in running process using ptrace. Retrieved February 21, 2020.
Internal MISP references
UUID 6dbfe4b5-9430-431b-927e-e8e775874cd9
which can be used as unique global reference for Medium Ptrace JUL 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-21T00:00:00Z |
date_published | 2018-07-25T00:00:00Z |
source | MITRE |
title | Code injection in running process using ptrace |
Wikipedia Code Signing
Wikipedia. (2015, November 10). Code Signing. Retrieved March 31, 2016.
Internal MISP references
UUID 363e860d-e14c-4fcd-985f-f76353018908
which can be used as unique global reference for Wikipedia Code Signing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-31T00:00:00Z |
date_published | 2015-11-10T00:00:00Z |
source | MITRE |
title | Code Signing |
SpectorOps Code Signing Dec 2017
Graeber, M. (2017, December 22). Code Signing Certificate Cloning Attacks and Defenses. Retrieved April 3, 2018.
Internal MISP references
UUID 3efc5ae9-c63a-4a07-bbbd-d7324acdbaf5
which can be used as unique global reference for SpectorOps Code Signing Dec 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-03T00:00:00Z |
date_published | 2017-12-22T00:00:00Z |
source | MITRE |
title | Code Signing Certificate Cloning Attacks and Defenses |
CoinLoader: A Sophisticated Malware Loader Campaign
Avira. (2019, November 28). CoinLoader: A Sophisticated Malware Loader Campaign. Retrieved June 5, 2023.
Internal MISP references
UUID 83469ab3-0199-5679-aa25-7b6885019552
which can be used as unique global reference for CoinLoader: A Sophisticated Malware Loader Campaign
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-05T00:00:00Z |
date_published | 2019-11-28T00:00:00Z |
source | MITRE |
title | CoinLoader: A Sophisticated Malware Loader Campaign |
NYT-Colonial
Nicole Perlroth. (2021, May 13). Colonial Pipeline paid 75 Bitcoin, or roughly $5 million, to hackers.. Retrieved August 18, 2023.
Internal MISP references
UUID 58900911-ab4b-5157-968c-67fa69cc122d
which can be used as unique global reference for NYT-Colonial
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-18T00:00:00Z |
date_published | 2021-05-13T00:00:00Z |
source | MITRE |
title | Colonial Pipeline paid 75 Bitcoin, or roughly $5 million, to hackers. |
Colorcpl.exe - LOLBAS Project
LOLBAS. (2023, June 26). Colorcpl.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 53ff662d-a0b3-41bd-ab9e-a9bb8bbdea25
which can be used as unique global reference for Colorcpl.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2023-06-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Colorcpl.exe |
mod_rewrite
Bluescreenofjeff.com. (2015, April 12). Combatting Incident Responders with Apache mod_rewrite. Retrieved February 13, 2024.
Internal MISP references
UUID 3568b09c-7368-5fc2-85b3-d16ee9b9c686
which can be used as unique global reference for mod_rewrite
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-13T00:00:00Z |
date_published | 2015-04-12T00:00:00Z |
source | MITRE |
title | Combatting Incident Responders with Apache mod_rewrite |
sentinelone shlayer to zshlayer
Phil Stokes. (2020, September 8). Coming Out of Your Shell: From Shlayer to ZShlayer. Retrieved September 13, 2021.
Internal MISP references
UUID 17277b12-af29-475a-bc9a-0731bbe0bae2
which can be used as unique global reference for sentinelone shlayer to zshlayer
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-13T00:00:00Z |
date_published | 2020-09-08T00:00:00Z |
source | MITRE |
title | Coming Out of Your Shell: From Shlayer to ZShlayer |
University of Birmingham C2
Gardiner, J., Cova, M., Nagaraja, S. (2014, February). Command & Control Understanding, Denying and Detecting. Retrieved April 20, 2016.
Internal MISP references
UUID 113ce14e-147f-4a86-8b83-7b49b43a4e88
which can be used as unique global reference for University of Birmingham C2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-20T00:00:00Z |
date_published | 2014-02-01T00:00:00Z |
source | MITRE |
title | Command & Control Understanding, Denying and Detecting |
Microsoft Command-line Logging
Mathers, B. (2017, March 7). Command line process auditing. Retrieved April 21, 2017.
Internal MISP references
UUID 4a58170b-906c-4df4-ad1e-0e5bc15366fa
which can be used as unique global reference for Microsoft Command-line Logging
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-04-21T00:00:00Z |
date_published | 2017-03-07T00:00:00Z |
source | MITRE |
title | Command line process auditing |
Microsoft Netdom Trust Sept 2012
Microsoft. (2012, September 11). Command-Line Reference - Netdom Trust. Retrieved November 30, 2017.
Internal MISP references
UUID 380dc9fe-d490-4914-9595-05d765b27a85
which can be used as unique global reference for Microsoft Netdom Trust Sept 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-30T00:00:00Z |
date_published | 2012-09-11T00:00:00Z |
source | MITRE |
title | Command-Line Reference - Netdom Trust |
Microsoft msxsl.exe
Microsoft. (n.d.). Command Line Transformation Utility (msxsl.exe). Retrieved July 3, 2018.
Internal MISP references
UUID a25d664c-d109-466f-9b6a-7e9ea8c57895
which can be used as unique global reference for Microsoft msxsl.exe
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-03T00:00:00Z |
source | MITRE |
title | Command Line Transformation Utility (msxsl.exe) |
Kettle CSV DDE Aug 2014
Kettle, J. (2014, August 29). Comma Separated Vulnerabilities. Retrieved November 22, 2017.
Internal MISP references
UUID 2badfb63-19a3-4829-bbb5-7c3dfab877d5
which can be used as unique global reference for Kettle CSV DDE Aug 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-22T00:00:00Z |
date_published | 2014-08-29T00:00:00Z |
source | MITRE |
title | Comma Separated Vulnerabilities |
Microsoft CLR Integration 2017
Microsoft. (2017, June 19). Common Language Runtime Integration. Retrieved July 8, 2019.
Internal MISP references
UUID 83fc7522-5eb1-4710-8391-090389948686
which can be used as unique global reference for Microsoft CLR Integration 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-08T00:00:00Z |
date_published | 2017-06-19T00:00:00Z |
source | MITRE |
title | Common Language Runtime Integration |
Palo Alto Comnie
Grunzweig, J. (2018, January 31). Comnie Continues to Target Organizations in East Asia. Retrieved June 7, 2018.
Internal MISP references
UUID ff3cc105-2798-45de-8561-983bf57eb9d9
which can be used as unique global reference for Palo Alto Comnie
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-06-07T00:00:00Z |
date_published | 2018-01-31T00:00:00Z |
source | MITRE |
title | Comnie Continues to Target Organizations in East Asia |
GDATA COM Hijacking
G DATA. (2014, October). COM Object hijacking: the discreet way of persistence. Retrieved August 13, 2016.
Internal MISP references
UUID 98e88505-b916-430d-aef6-616ba7ddd88e
which can be used as unique global reference for GDATA COM Hijacking
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-13T00:00:00Z |
date_published | 2014-10-01T00:00:00Z |
source | MITRE |
title | COM Object hijacking: the discreet way of persistence |
AP-NotPetya
FRANK BAJAK AND RAPHAEL SATTER. (2017, June 30). Companies still hobbled from fearsome cyberattack. Retrieved August 18, 2023.
Internal MISP references
UUID 7f1af58a-33fd-538f-b092-789a8776780c
which can be used as unique global reference for AP-NotPetya
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-18T00:00:00Z |
date_published | 2017-06-30T00:00:00Z |
source | MITRE |
title | Companies still hobbled from fearsome cyberattack |
Microsoft COM
Microsoft. (n.d.). Component Object Model (COM). Retrieved November 22, 2017.
Internal MISP references
UUID edcd917d-ca5b-4e5c-b3be-118e828abe97
which can be used as unique global reference for Microsoft COM
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-22T00:00:00Z |
source | MITRE |
title | Component Object Model (COM) |
Unit 42 12 8 2022
Dror Alon. (2022, December 8). Compromised Cloud Compute Credentials Case Studies From the Wild. Retrieved April 17, 2024.
Internal MISP references
UUID e7a4a0cf-ffa2-48cc-9b21-a2333592c773
which can be used as unique global reference for Unit 42 12 8 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-17T00:00:00Z |
date_published | 2022-12-08T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Compromised Cloud Compute Credentials Case Studies From the Wild |
Palo Alto Unit 42 Compromised Cloud Compute Credentials 2022
Dror Alon. (2022, December 8). Compromised Cloud Compute Credentials: Case Studies From the Wild. Retrieved March 9, 2023.
Internal MISP references
UUID af755ba2-97c2-5152-ab00-2e24740f69f3
which can be used as unique global reference for Palo Alto Unit 42 Compromised Cloud Compute Credentials 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-09T00:00:00Z |
date_published | 2022-12-08T00:00:00Z |
source | MITRE |
title | Compromised Cloud Compute Credentials: Case Studies From the Wild |
US-CERT Alert TA15-314A Web Shells
US-CERT. (2015, November 13). Compromised Web Servers and Web Shells - Threat Awareness and Guidance. Retrieved June 8, 2016.
Internal MISP references
UUID 61ceb0c4-62f6-46cd-b42b-5736c869421f
which can be used as unique global reference for US-CERT Alert TA15-314A Web Shells
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-08T00:00:00Z |
date_published | 2015-11-13T00:00:00Z |
source | MITRE |
title | Compromised Web Servers and Web Shells - Threat Awareness and Guidance |
Comsvcs.dll - LOLBAS Project
LOLBAS. (2019, August 30). Comsvcs.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 2eb2756d-5a49-4df3-9e2f-104c41c645cd
which can be used as unique global reference for Comsvcs.dll - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2019-08-30T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Comsvcs.dll |
Condi-Botnet-binaries
Joie Salvio and Roy Tay. (2023, June 20). Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389. Retrieved September 5, 2023.
Internal MISP references
UUID a92b0d6c-b3e8-56a4-b1b4-1d117e59db84
which can be used as unique global reference for Condi-Botnet-binaries
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-05T00:00:00Z |
date_published | 2023-06-20T00:00:00Z |
source | MITRE |
title | Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389 |
Okta Conditional Access Policies
Okta. (2023, November 30). Conditional Access Based on Device Security Posture. Retrieved January 2, 2024.
Internal MISP references
UUID c914578c-dcc2-539e-bb3d-50bf7a0e7101
which can be used as unique global reference for Okta Conditional Access Policies
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-02T00:00:00Z |
date_published | 2023-11-30T00:00:00Z |
source | MITRE |
title | Conditional Access Based on Device Security Posture |
Microsoft Common Conditional Access Policies
Microsoft. (2022, December 14). Conditional Access templates. Retrieved February 21, 2023.
Internal MISP references
UUID 9ed9870b-d09a-511d-96f9-4956f26d46bf
which can be used as unique global reference for Microsoft Common Conditional Access Policies
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-21T00:00:00Z |
date_published | 2022-12-14T00:00:00Z |
source | MITRE |
title | Conditional Access templates |
Microsoft Token Protection 2023
Microsoft. (2023, October 23). Conditional Access: Token protection (preview). Retrieved January 2, 2024.
Internal MISP references
UUID aa4629cf-f11f-5921-9f72-5a8d3f752603
which can be used as unique global reference for Microsoft Token Protection 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-02T00:00:00Z |
date_published | 2023-10-23T00:00:00Z |
source | MITRE |
title | Conditional Access: Token protection (preview) |
Trend Micro Conficker
Trend Micro. (2014, March 18). Conficker. Retrieved February 18, 2021.
Internal MISP references
UUID 62cf7f3a-9011-45eb-a7d9-91c76a2177e9
which can be used as unique global reference for Trend Micro Conficker
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-18T00:00:00Z |
date_published | 2014-03-18T00:00:00Z |
source | MITRE |
title | Conficker |
ConfigSecurityPolicy.exe - LOLBAS Project
LOLBAS. (2020, September 4). ConfigSecurityPolicy.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 30b8a5d8-596c-4ab3-b3db-b799cc8923e1
which can be used as unique global reference for ConfigSecurityPolicy.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-09-04T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | ConfigSecurityPolicy.exe |
Microsoft SAML Token Lifetimes
Microsoft. (2020, December 14). Configurable token lifetimes in Microsoft Identity Platform. Retrieved December 22, 2020.
Internal MISP references
UUID 8b810f7c-1f26-420b-9014-732f1469f145
which can be used as unique global reference for Microsoft SAML Token Lifetimes
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-22T00:00:00Z |
date_published | 2020-12-14T00:00:00Z |
source | MITRE |
title | Configurable token lifetimes in Microsoft Identity Platform |
Apple Developer Configuration Profile
Apple. (2019, May 3). Configuration Profile Reference. Retrieved September 23, 2021.
Internal MISP references
UUID 8453f06d-5007-4e53-a9a2-1c0edb99be3d
which can be used as unique global reference for Apple Developer Configuration Profile
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-23T00:00:00Z |
date_published | 2019-05-03T00:00:00Z |
source | MITRE |
title | Configuration Profile Reference |
MDMProfileConfigMacOS
Apple. (2019, May 3). Configuration Profile Reference, Developer. Retrieved April 15, 2022.
Internal MISP references
UUID a7078eee-5478-4a93-9a7e-8db1d020e1da
which can be used as unique global reference for MDMProfileConfigMacOS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-15T00:00:00Z |
date_published | 2019-05-03T00:00:00Z |
source | MITRE |
title | Configuration Profile Reference, Developer |
Azure Just in Time Access 2023
Microsoft. (2023, August 29). Configure and approve just-in-time access for Azure Managed Applications. Retrieved September 21, 2023.
Internal MISP references
UUID ee35e13f-ca39-5faf-81ae-230d33329a28
which can be used as unique global reference for Azure Just in Time Access 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-21T00:00:00Z |
date_published | 2023-08-29T00:00:00Z |
source | MITRE |
title | Configure and approve just-in-time access for Azure Managed Applications |
capture_embedded_packet_on_software
Cisco. (2022, August 17). Configure and Capture Embedded Packet on Software. Retrieved July 13, 2022.
Internal MISP references
UUID 5d973180-a28a-5c8f-b13a-45d21331700f
which can be used as unique global reference for capture_embedded_packet_on_software
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-13T00:00:00Z |
date_published | 2022-08-17T00:00:00Z |
source | MITRE |
title | Configure and Capture Embedded Packet on Software |
Kubernetes Security Context
Kubernetes. (n.d.). Configure a Security Context for a Pod or Container. Retrieved March 8, 2023.
Internal MISP references
UUID bd91ec00-95bb-572f-9452-8040ec633e00
which can be used as unique global reference for Kubernetes Security Context
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-08T00:00:00Z |
source | MITRE |
title | Configure a Security Context for a Pod or Container |
Microsoft SharePoint Logging
Microsoft. (2017, July 19). Configure audit settings for a site collection. Retrieved April 4, 2018.
Internal MISP references
UUID 9a6a08c0-94f2-4dbc-a0b3-01d5234e7753
which can be used as unique global reference for Microsoft SharePoint Logging
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-04T00:00:00Z |
date_published | 2017-07-19T00:00:00Z |
source | MITRE |
title | Configure audit settings for a site collection |
TechNet RDP NLA
Microsoft. (n.d.). Configure Network Level Authentication for Remote Desktop Services Connections. Retrieved June 6, 2016.
Internal MISP references
UUID 39e28cae-a35a-4cf2-a281-c35f4ebd16ba
which can be used as unique global reference for TechNet RDP NLA
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-06T00:00:00Z |
source | MITRE |
title | Configure Network Level Authentication for Remote Desktop Services Connections |
Microsoft Security Alerts for Azure AD Roles
Microsoft. (2022, November 14). Configure security alerts for Azure AD roles in Privileged Identity Management. Retrieved February 21, 2023.
Internal MISP references
UUID 7bde8cd2-6c10-5342-9a4b-a45e84a861b6
which can be used as unique global reference for Microsoft Security Alerts for Azure AD Roles
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-21T00:00:00Z |
date_published | 2022-11-14T00:00:00Z |
source | MITRE |
title | Configure security alerts for Azure AD roles in Privileged Identity Management |
Kubernetes Service Accounts
Kubernetes. (2022, February 26). Configure Service Accounts for Pods. Retrieved April 1, 2022.
Internal MISP references
UUID a74ffa28-8a2e-4bfd-bc66-969b463bebd9
which can be used as unique global reference for Kubernetes Service Accounts
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-01T00:00:00Z |
date_published | 2022-02-26T00:00:00Z |
source | MITRE |
title | Configure Service Accounts for Pods |
Windows RDP Sessions
Microsoft. (n.d.). Configure Timeout and Reconnection Settings for Remote Desktop Services Sessions. Retrieved December 11, 2017.
Internal MISP references
UUID ccd0d241-4ff7-4a15-b2b4-06945980c6bf
which can be used as unique global reference for Windows RDP Sessions
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-11T00:00:00Z |
source | MITRE |
title | Configure Timeout and Reconnection Settings for Remote Desktop Services Sessions |
Microsoft Configure LSA
Microsoft. (2013, July 31). Configuring Additional LSA Protection. Retrieved June 24, 2015.
Internal MISP references
UUID 4adfc72b-cd32-46a6-bdf4-a4c2c6cffa73
which can be used as unique global reference for Microsoft Configure LSA
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-06-24T00:00:00Z |
date_published | 2013-07-31T00:00:00Z |
source | MITRE |
title | Configuring Additional LSA Protection |
Microsoft LSA Protection Mar 2014
Microsoft. (2014, March 12). Configuring Additional LSA Protection. Retrieved November 27, 2017.
Internal MISP references
UUID da3f1d7d-188f-4500-9bc6-3299ba043b5c
which can be used as unique global reference for Microsoft LSA Protection Mar 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-27T00:00:00Z |
date_published | 2014-03-12T00:00:00Z |
source | MITRE |
title | Configuring Additional LSA Protection |
Microsoft LSA
Microsoft. (2013, July 31). Configuring Additional LSA Protection. Retrieved February 13, 2015.
Internal MISP references
UUID 3ad49746-4e42-4663-a49e-ae64152b9463
which can be used as unique global reference for Microsoft LSA
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-02-13T00:00:00Z |
date_published | 2013-07-31T00:00:00Z |
source | MITRE |
title | Configuring Additional LSA Protection |
Configuring Data Access audit logs
Google. (n.d.). Configuring Data Access audit logs. Retrieved October 16, 2020.
Internal MISP references
UUID bd310606-f472-4eda-a696-50a3a25f07b3
which can be used as unique global reference for Configuring Data Access audit logs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-16T00:00:00Z |
source | MITRE |
title | Configuring Data Access audit logs |
Microsoft SID Filtering Quarantining Jan 2009
Microsoft. (n.d.). Configuring SID Filter Quarantining on External Trusts. Retrieved November 30, 2017.
Internal MISP references
UUID 134169f1-7bd3-4d04-81a8-f01e1407a4b6
which can be used as unique global reference for Microsoft SID Filtering Quarantining Jan 2009
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-30T00:00:00Z |
source | MITRE |
title | Configuring SID Filter Quarantining on External Trusts |
TechRepublic Wireless GPO FEB 2009
Schauland, D. (2009, February 24). Configuring Wireless settings via Group Policy. Retrieved July 26, 2018.
Internal MISP references
UUID b62415f8-76bd-4585-ae81-a4d04ccfc703
which can be used as unique global reference for TechRepublic Wireless GPO FEB 2009
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-26T00:00:00Z |
date_published | 2009-02-24T00:00:00Z |
source | MITRE |
title | Configuring Wireless settings via Group Policy |
ZDNet Dtrack
Catalin Cimpanu. (2019, October 30). Confirmed: North Korean malware found on Indian nuclear plant's network. Retrieved January 20, 2021.
Internal MISP references
UUID 6e6e02da-b805-47d7-b410-343a1b5da042
which can be used as unique global reference for ZDNet Dtrack
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-20T00:00:00Z |
date_published | 2019-10-30T00:00:00Z |
source | MITRE |
title | Confirmed: North Korean malware found on Indian nuclear plant's network |
Uptycs Confucius APT Jan 2021
Uptycs Threat Research Team. (2021, January 12). Confucius APT deploys Warzone RAT. Retrieved December 17, 2021.
Internal MISP references
UUID d74f2c25-cd53-4587-b087-7ba0b8427dc4
which can be used as unique global reference for Uptycs Confucius APT Jan 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-17T00:00:00Z |
date_published | 2021-01-12T00:00:00Z |
source | MITRE |
title | Confucius APT deploys Warzone RAT |
TrendMicro Confucius APT Aug 2021
Lunghi, D. (2021, August 17). Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military. Retrieved December 26, 2021.
Internal MISP references
UUID 5c16aae9-d253-463b-8bbc-f14402ce77e4
which can be used as unique global reference for TrendMicro Confucius APT Aug 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-26T00:00:00Z |
date_published | 2021-08-17T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military |
Conhost.exe - LOLBAS Project
LOLBAS. (2022, April 5). Conhost.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 5ed807c1-15d1-48aa-b497-8cd74fe5b299
which can be used as unique global reference for Conhost.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-04-05T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Conhost.exe |
EC2 Instance Connect
AWS. (2023, June 2). Connect using EC2 Instance Connect. Retrieved June 2, 2023.
Internal MISP references
UUID deefa5b7-5a28-524c-b500-bc5574aa9920
which can be used as unique global reference for EC2 Instance Connect
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-02T00:00:00Z |
date_published | 2023-06-02T00:00:00Z |
source | MITRE |
title | Connect using EC2 Instance Connect |
Sophos News 2 23 2024
Andrew Brandt. (2024, February 23). ConnectWise ScreenConnect attacks deliver malware. Retrieved February 23, 2024.
Internal MISP references
UUID 3d342acf-a451-4473-82ac-8afee61bc984
which can be used as unique global reference for Sophos News 2 23 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-23T00:00:00Z |
date_published | 2024-02-23T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | ConnectWise ScreenConnect attacks deliver malware |
Docker Docs Container
docker docs. (n.d.). Containers. Retrieved October 13, 2021.
Internal MISP references
UUID 3475b705-3ab8-401d-bee6-e187c43ad3c2
which can be used as unique global reference for Docker Docs Container
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-13T00:00:00Z |
source | MITRE |
title | Containers |
DigitalShadows CDN
Swisscom & Digital Shadows. (2017, September 6). Content Delivery Networks (CDNs) Can Leave You Exposed – How You Might Be Affected And What You Can Do About It. Retrieved October 20, 2020.
Internal MISP references
UUID 183a070f-6c8c-46e3-915b-6edc58bb5e91
which can be used as unique global reference for DigitalShadows CDN
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2017-09-06T00:00:00Z |
source | MITRE |
title | Content Delivery Networks (CDNs) Can Leave You Exposed – How You Might Be Affected And What You Can Do About It |
Content trust in Azure Container Registry
Microsoft. (2019, September 5). Content trust in Azure Container Registry. Retrieved October 16, 2019.
Internal MISP references
UUID fcd211a1-ac81-4ebc-b395-c8fa2a4d614a
which can be used as unique global reference for Content trust in Azure Container Registry
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-16T00:00:00Z |
date_published | 2019-09-05T00:00:00Z |
source | MITRE |
title | Content trust in Azure Container Registry |
Content trust in Docker
Docker. (2019, October 10). Content trust in Docker. Retrieved October 16, 2019.
Internal MISP references
UUID 57691166-5a22-44a0-8724-6b3b19658c3b
which can be used as unique global reference for Content trust in Docker
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-16T00:00:00Z |
date_published | 2019-10-10T00:00:00Z |
source | MITRE |
title | Content trust in Docker |
Microsoft File Folder Exclusions
Microsoft. (2024, February 27). Contextual file and folder exclusions. Retrieved March 29, 2024.
Internal MISP references
UUID 7a511f0d-8feb-5370-87db-b33b96ea2367
which can be used as unique global reference for Microsoft File Folder Exclusions
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-29T00:00:00Z |
date_published | 2024-02-27T00:00:00Z |
source | MITRE |
title | Contextual file and folder exclusions |
Arctic Wolf Akira 2023
Steven Campbell, Akshay Suthar, & Connor Belfiorre. (2023, July 26). Conti and Akira: Chained Together. Retrieved February 20, 2024.
Internal MISP references
UUID aa34f2a1-a398-5dc4-b898-cdc02afeca5d
which can be used as unique global reference for Arctic Wolf Akira 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-20T00:00:00Z |
date_published | 2023-07-26T00:00:00Z |
source | MITRE |
title | Conti and Akira: Chained Together |
Arctic Wolf Conti Akira July 26 2023
Steven Campbell, Akshay Suthar, Connor Belfiore, Arctic Wolf Labs Team. (2023, July 26). Conti and Akira: Chained Together. Retrieved March 13, 2024.
Internal MISP references
UUID 72e1b75b-edf7-45b0-9c14-14776a146d0e
which can be used as unique global reference for Arctic Wolf Conti Akira July 26 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-13T00:00:00Z |
date_published | 2023-07-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Conti and Akira: Chained Together |
DFIR Conti Bazar Nov 2021
DFIR Report. (2021, November 29). CONTInuing the Bazar Ransomware Story. Retrieved September 29, 2022.
Internal MISP references
UUID a6f1a15d-448b-41d4-81f0-ee445cba83bd
which can be used as unique global reference for DFIR Conti Bazar Nov 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-29T00:00:00Z |
date_published | 2021-11-29T00:00:00Z |
source | MITRE |
title | CONTInuing the Bazar Ransomware Story |
Cybereason Conti Jan 2021
Rochberger, L. (2021, January 12). Cybereason vs. Conti Ransomware. Retrieved February 17, 2021.
Internal MISP references
UUID 3c0e82a2-41ab-4e63-ac10-bd691c786234
which can be used as unique global reference for Cybereason Conti Jan 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-17T00:00:00Z |
source | MITRE |
title | Conti Ransomware |
Cybleinc Conti January 2020
Cybleinc. (2021, January 21). Conti Ransomware Resurfaces, Targeting Government & Large Organizations. Retrieved April 13, 2021.
Internal MISP references
UUID 5ef0ad9d-f34d-4771-a595-7ee4994f6c91
which can be used as unique global reference for Cybleinc Conti January 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-13T00:00:00Z |
date_published | 2021-01-21T00:00:00Z |
source | MITRE |
title | Conti Ransomware Resurfaces, Targeting Government & Large Organizations |
Control.exe - LOLBAS Project
LOLBAS. (2018, May 25). Control.exe. Retrieved December 4, 2023.
Internal MISP references
UUID d0c821b9-7d37-4158-89fa-0dabe6e06800
which can be used as unique global reference for Control.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Control.exe |
Wikipedia Control Flow Integrity
Wikipedia. (2018, January 11). Control-flow integrity. Retrieved March 12, 2018.
Internal MISP references
UUID a9b2f525-d812-4dea-b4a6-c0d057d5f071
which can be used as unique global reference for Wikipedia Control Flow Integrity
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-12T00:00:00Z |
date_published | 2018-01-11T00:00:00Z |
source | MITRE |
title | Control-flow integrity |
Kubernetes API Control Access
The Kubernetes Authors. (n.d.). Controlling Access to The Kubernetes API. Retrieved March 29, 2021.
Internal MISP references
UUID fd4577b6-0085-44c0-b4c3-4d66dcb39fe7
which can be used as unique global reference for Kubernetes API Control Access
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-29T00:00:00Z |
source | MITRE |
title | Controlling Access to The Kubernetes API |
TrendMicro CPL Malware Dec 2013
Bernardino, J. (2013, December 17). Control Panel Files Used As Malicious Attachments. Retrieved January 18, 2018.
Internal MISP references
UUID fd38f1fd-37e9-4173-b319-3f92c2743055
which can be used as unique global reference for TrendMicro CPL Malware Dec 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-18T00:00:00Z |
date_published | 2013-12-17T00:00:00Z |
source | MITRE |
title | Control Panel Files Used As Malicious Attachments |
GitHub Conveigh
Robertson, K. (2016, August 28). Conveigh. Retrieved November 17, 2017.
Internal MISP references
UUID 4deb8c8e-2da1-4634-bf04-5ccf620a2143
which can be used as unique global reference for GitHub Conveigh
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-17T00:00:00Z |
date_published | 2016-08-28T00:00:00Z |
source | MITRE |
title | Conveigh |
MITRE Copernicus
Butterworth, J. (2013, July 30). Copernicus: Question Your Assumptions about BIOS Security. Retrieved December 11, 2015.
Internal MISP references
UUID 55d139fe-f5e5-4b5e-9123-8133b459ea72
which can be used as unique global reference for MITRE Copernicus
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-12-11T00:00:00Z |
date_published | 2013-07-30T00:00:00Z |
source | MITRE |
title | Copernicus: Question Your Assumptions about BIOS Security |
Secureworks COPPER FIELDSTONE Profile
Secureworks. (n.d.). COPPER FIELDSTONE. Retrieved October 6, 2021.
Internal MISP references
UUID d7f5f154-3638-47c1-8e1e-a30a6504a735
which can be used as unique global reference for Secureworks COPPER FIELDSTONE Profile
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-06T00:00:00Z |
source | MITRE |
title | COPPER FIELDSTONE |
TechNet Copy
Microsoft. (n.d.). Copy. Retrieved April 26, 2016.
Internal MISP references
UUID 4e0d4b94-6b4c-4104-86e6-499b6aa7ba78
which can be used as unique global reference for TechNet Copy
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-26T00:00:00Z |
source | MITRE |
title | Copy |
copy_cmd_cisco
Cisco. (2022, August 16). copy - Cisco IOS Configuration Fundamentals Command Reference . Retrieved July 13, 2022.
Internal MISP references
UUID 88138372-550f-5da5-be5e-b5ba0fe32f64
which can be used as unique global reference for copy_cmd_cisco
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-13T00:00:00Z |
date_published | 2022-08-16T00:00:00Z |
source | MITRE |
title | copy - Cisco IOS Configuration Fundamentals Command Reference |
CopyKittens Nov 2015
Minerva Labs LTD and ClearSky Cyber Security. (2015, November 23). CopyKittens Attack Group. Retrieved September 11, 2017.
Internal MISP references
UUID 04e3ce40-5487-4931-98db-f55da83f412e
which can be used as unique global reference for CopyKittens Nov 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-09-11T00:00:00Z |
date_published | 2015-11-23T00:00:00Z |
source | MITRE |
title | CopyKittens Attack Group |
coregen.exe - LOLBAS Project
LOLBAS. (2020, October 9). coregen.exe. Retrieved December 4, 2023.
Internal MISP references
UUID f24d4cf5-9ca9-46bd-bd43-86b37e2a638a
which can be used as unique global reference for coregen.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-10-09T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | coregen.exe |
Apple Core Services
Apple. (n.d.). Core Services. Retrieved June 25, 2020.
Internal MISP references
UUID 0ef05e47-1305-4715-a677-67f1b55b24a3
which can be used as unique global reference for Apple Core Services
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-25T00:00:00Z |
source | MITRE |
title | Core Services |
Microsoft IoT Compromises August 05 2019
MSRC Team. (2019, August 5). Corporate IoT - a path to intrusion. Retrieved August 24, 2023.
Internal MISP references
UUID 037ace78-e997-40f3-a891-916bc596a9c0
which can be used as unique global reference for Microsoft IoT Compromises August 05 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-24T00:00:00Z |
date_published | 2019-08-05T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Corporate IoT - a path to intrusion |
Microsoft STRONTIUM Aug 2019
MSRC Team. (2019, August 5). Corporate IoT – a path to intrusion. Retrieved August 16, 2019.
Internal MISP references
UUID 7efd3c8d-5e69-4b6f-8edb-9186abdf0e1a
which can be used as unique global reference for Microsoft STRONTIUM Aug 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-08-16T00:00:00Z |
date_published | 2019-08-05T00:00:00Z |
source | MITRE |
title | Corporate IoT – a path to intrusion |
Palo Alto ARP
Palo Alto Networks. (2021, November 24). Cortex XDR Analytics Alert Reference: Uncommon ARP cache listing via arp.exe. Retrieved December 7, 2021.
Internal MISP references
UUID 96ce4324-57d2-422b-8403-f5d4f3ce410c
which can be used as unique global reference for Palo Alto ARP
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-07T00:00:00Z |
date_published | 2021-11-24T00:00:00Z |
source | MITRE |
title | Cortex XDR Analytics Alert Reference: Uncommon ARP cache listing via arp.exe |
F-Secure Cosmicduke
F-Secure Labs. (2014, July). COSMICDUKE Cosmu with a twist of MiniDuke. Retrieved July 3, 2014.
Internal MISP references
UUID d0d5ecbe-1051-4ceb-b558-b8b451178358
which can be used as unique global reference for F-Secure Cosmicduke
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-07-03T00:00:00Z |
date_published | 2014-07-01T00:00:00Z |
source | MITRE |
title | COSMICDUKE Cosmu with a twist of MiniDuke |
Costin Raiu IAmTheKing October 2020
Costin Raiu. (2020, October 2). Costin Raiu Twitter IAmTheKing SlothfulMedia. Retrieved November 16, 2020.
Internal MISP references
UUID 2be88843-ed3a-460e-87c1-85aa50e827c8
which can be used as unique global reference for Costin Raiu IAmTheKing October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-16T00:00:00Z |
date_published | 2020-10-02T00:00:00Z |
source | MITRE |
title | Costin Raiu Twitter IAmTheKing SlothfulMedia |
Google Iran Threats October 2021
Bash, A. (2021, October 14). Countering threats from Iran. Retrieved January 4, 2023.
Internal MISP references
UUID 6d568141-eb54-5001-b880-ae8ac1156746
which can be used as unique global reference for Google Iran Threats October 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-01-04T00:00:00Z |
date_published | 2021-10-14T00:00:00Z |
source | MITRE |
title | Countering threats from Iran |
Cisco DNSMessenger March 2017
Brumaghin, E. and Grady, C.. (2017, March 2). Covert Channels and Poor Decisions: The Tale of DNSMessenger. Retrieved March 8, 2017.
Internal MISP references
UUID 49f22ba2-5aca-4204-858e-c2499a7050ae
which can be used as unique global reference for Cisco DNSMessenger March 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-08T00:00:00Z |
date_published | 2017-03-02T00:00:00Z |
source | MITRE |
title | Covert Channels and Poor Decisions: The Tale of DNSMessenger |
Juniper IcedID June 2020
Kimayong, P. (2020, June 18). COVID-19 and FMLA Campaigns used to install new IcedID banking malware. Retrieved July 14, 2020.
Internal MISP references
UUID 426886d0-cdf2-4af7-a0e4-366c1b0a1942
which can be used as unique global reference for Juniper IcedID June 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-14T00:00:00Z |
date_published | 2020-06-18T00:00:00Z |
source | MITRE |
title | COVID-19 and FMLA Campaigns used to install new IcedID banking malware |
PTSecurity Higaisa 2020
PT ESC Threat Intelligence. (2020, June 4). COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group. Retrieved March 2, 2021.
Internal MISP references
UUID cf8f3d9c-0d21-4587-a707-46848a15bd46
which can be used as unique global reference for PTSecurity Higaisa 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-02T00:00:00Z |
date_published | 2020-06-04T00:00:00Z |
source | MITRE, Tidal Cyber |
title | COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group |
F-Secure CozyDuke
F-Secure Labs. (2015, April 22). CozyDuke: Malware Analysis. Retrieved December 10, 2015.
Internal MISP references
UUID 08e1d233-0580-484e-b737-af091e2aa9ea
which can be used as unique global reference for F-Secure CozyDuke
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-12-10T00:00:00Z |
date_published | 2015-04-22T00:00:00Z |
source | MITRE |
title | CozyDuke: Malware Analysis |
TrendMicro CPL Malware Jan 2014
Mercês, F. (2014, January 27). CPL Malware - Malicious Control Panel Items. Retrieved January 18, 2018.
Internal MISP references
UUID 9549f9b6-b771-4500-bd82-426c7abdfd8f
which can be used as unique global reference for TrendMicro CPL Malware Jan 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-18T00:00:00Z |
date_published | 2014-01-27T00:00:00Z |
source | MITRE |
title | CPL Malware - Malicious Control Panel Items |
Trend Micro CPL
Merces, F. (2014). CPL Malware Malicious Control Panel Items. Retrieved November 1, 2017.
Internal MISP references
UUID d90a33aa-8f20-49cb-aa27-771249cb65eb
which can be used as unique global reference for Trend Micro CPL
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-01T00:00:00Z |
date_published | 2014-01-01T00:00:00Z |
source | MITRE |
title | CPL Malware Malicious Control Panel Items |
SANS Brute Ratel October 2022
Thomas, W. (2022, October 5). Cracked Brute Ratel C4 framework proliferates across the cybercriminal underground. Retrieved February 6, 2023.
Internal MISP references
UUID 9544e762-6f72-59e7-8384-5bbef13bfe96
which can be used as unique global reference for SANS Brute Ratel October 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-06T00:00:00Z |
date_published | 2022-10-05T00:00:00Z |
source | MITRE |
title | Cracked Brute Ratel C4 framework proliferates across the cybercriminal underground |
Stealthbits Cracking AS-REP Roasting Jun 2019
Jeff Warren. (2019, June 27). Cracking Active Directory Passwords with AS-REP Roasting. Retrieved August 24, 2020.
Internal MISP references
UUID 3af06034-8384-4de8-9356-e9aaa35b95a2
which can be used as unique global reference for Stealthbits Cracking AS-REP Roasting Jun 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-24T00:00:00Z |
date_published | 2019-06-27T00:00:00Z |
source | MITRE |
title | Cracking Active Directory Passwords with AS-REP Roasting |
AdSecurity Cracking Kerberos Dec 2015
Metcalf, S. (2015, December 31). Cracking Kerberos TGS Tickets Using Kerberoast – Exploiting Kerberos to Compromise the Active Directory Domain. Retrieved March 22, 2018.
Internal MISP references
UUID 1b018fc3-515a-4ec4-978f-6d5649ceb0c5
which can be used as unique global reference for AdSecurity Cracking Kerberos Dec 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-22T00:00:00Z |
date_published | 2015-12-31T00:00:00Z |
source | MITRE |
title | Cracking Kerberos TGS Tickets Using Kerberoast – Exploiting Kerberos to Compromise the Active Directory Domain |
Dragos Crashoverride 2017
Dragos Inc.. (2017, June 13). CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Retrieved December 18, 2020.
Internal MISP references
UUID c8f624e3-2ba2-4564-bd1c-f06b9a6a8bce
which can be used as unique global reference for Dragos Crashoverride 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-18T00:00:00Z |
date_published | 2017-06-13T00:00:00Z |
source | MITRE |
title | CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations |
Unit 42 ATOM Crawling Taurus
Unit 42. (n.d.). Crawling Taurus. Retrieved September 14, 2023.
Internal MISP references
UUID 75098b2c-4928-4e3f-9bcc-b4f6b8de96f8
which can be used as unique global reference for Unit 42 ATOM Crawling Taurus
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-14T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Crawling Taurus |
Microsoft Image
Microsoft. (2021, August 23). Create a managed image of a generalized VM in Azure. Retrieved October 13, 2021.
Internal MISP references
UUID 5317c625-d0be-45eb-9321-0cc9aa295cc9
which can be used as unique global reference for Microsoft Image
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-13T00:00:00Z |
date_published | 2021-08-23T00:00:00Z |
source | MITRE |
title | Create a managed image of a generalized VM in Azure |
Microsoft Snapshot
Microsoft. (2021, September 16). Create a snapshot of a virtual hard disk. Retrieved October 13, 2021.
Internal MISP references
UUID 693549da-d9b9-4b67-a1bb-c8ea4a099842
which can be used as unique global reference for Microsoft Snapshot
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-13T00:00:00Z |
date_published | 2021-09-16T00:00:00Z |
source | MITRE |
title | Create a snapshot of a virtual hard disk |
Microsoft Create Token
Brower, N., Lich, B. (2017, April 19). Create a token object. Retrieved December 19, 2017.
Internal MISP references
UUID d36d4f06-007e-4ff0-8660-4c65721d0b92
which can be used as unique global reference for Microsoft Create Token
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-19T00:00:00Z |
date_published | 2017-04-19T00:00:00Z |
source | MITRE |
title | Create a token object |
GCP Create Cloud Identity Users
Google. (n.d.). Create Cloud Identity user accounts. Retrieved January 29, 2020.
Internal MISP references
UUID e91748b2-1432-4203-a1fe-100aa70458d2
which can be used as unique global reference for GCP Create Cloud Identity Users
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-01-29T00:00:00Z |
source | MITRE |
title | Create Cloud Identity user accounts |
Createdump.exe - LOLBAS Project
LOLBAS. (2022, January 20). Createdump.exe. Retrieved December 4, 2023.
Internal MISP references
UUID f3ccacc1-3b42-4042-9a5c-f5b483a5e801
which can be used as unique global reference for Createdump.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-01-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Createdump.exe |
Google Cloud Kubernetes IAM
Google Cloud. (n.d.). Create IAM policies. Retrieved July 14, 2023.
Internal MISP references
UUID e8ee3ac6-ae7c-5fd3-a339-b579a419dd96
which can be used as unique global reference for Google Cloud Kubernetes IAM
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-14T00:00:00Z |
source | MITRE |
title | Create IAM policies |
Microsoft CreateProcess
Microsoft. (n.d.). CreateProcess function. Retrieved December 5, 2014.
Internal MISP references
UUID aa336e3a-464d-48ce-bebb-760b73764610
which can be used as unique global reference for Microsoft CreateProcess
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-05T00:00:00Z |
source | MITRE |
title | CreateProcess function |
Microsoft CLI Create Subscription
Microsoft . (n.d.). Create subscription. Retrieved August 4, 2023.
Internal MISP references
UUID 1331b524-7d6f-59d9-a2bd-78ff7b3e371f
which can be used as unique global reference for Microsoft CLI Create Subscription
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-04T00:00:00Z |
source | MITRE |
title | Create subscription |
create_sym_links
Microsoft. (2021, October 28). Create symbolic links. Retrieved April 27, 2022.
Internal MISP references
UUID 06bfdf8f-8671-47f7-9d0c-baf234c7ae96
which can be used as unique global reference for create_sym_links
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-27T00:00:00Z |
date_published | 2021-10-28T00:00:00Z |
source | MITRE |
title | Create symbolic links |
GCP - Creating and Starting a VM
Google. (2020, April 23). Creating and Starting a VM instance. Retrieved May 1, 2020.
Internal MISP references
UUID c1b87a56-115a-46d7-9117-80442091ac3c
which can be used as unique global reference for GCP - Creating and Starting a VM
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-01T00:00:00Z |
date_published | 2020-04-23T00:00:00Z |
source | MITRE |
title | Creating and Starting a VM instance |
AWS Create IAM User
AWS. (n.d.). Creating an IAM User in Your AWS Account. Retrieved January 29, 2020.
Internal MISP references
UUID bb474e88-b7bb-4b92-837c-95fe7bdd03f7
which can be used as unique global reference for AWS Create IAM User
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-01-29T00:00:00Z |
source | MITRE |
title | Creating an IAM User in Your AWS Account |
GNU Fork
Free Software Foundation, Inc.. (2020, June 18). Creating a Process. Retrieved June 25, 2020.
Internal MISP references
UUID c46331cb-328a-46e3-89c4-e43fa345d6e8
which can be used as unique global reference for GNU Fork
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-25T00:00:00Z |
date_published | 2020-06-18T00:00:00Z |
source | MITRE |
title | Creating a Process |
AppleDocs Launch Agent Daemons
Apple. (n.d.). Creating Launch Daemons and Agents. Retrieved July 10, 2017.
Internal MISP references
UUID 310d18f8-6f9a-48b7-af12-6b921209d1ab
which can be used as unique global reference for AppleDocs Launch Agent Daemons
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-10T00:00:00Z |
source | MITRE |
title | Creating Launch Daemons and Agents |
TechNet Logon Scripts
Microsoft. (2005, January 21). Creating logon scripts. Retrieved April 27, 2016.
Internal MISP references
UUID 896cf5dd-3fe7-44ab-bbaf-d8b2b9980dca
which can be used as unique global reference for TechNet Logon Scripts
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-27T00:00:00Z |
date_published | 2005-01-21T00:00:00Z |
source | MITRE |
title | Creating logon scripts |
Google Cloud Service Account Credentials
Google Cloud. (2022, March 31). Creating short-lived service account credentials. Retrieved April 1, 2022.
Internal MISP references
UUID c4befa09-3c7f-49f3-bfcc-4fcbb7bace22
which can be used as unique global reference for Google Cloud Service Account Credentials
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-01T00:00:00Z |
date_published | 2022-03-31T00:00:00Z |
source | MITRE |
title | Creating short-lived service account credentials |
creatingXPCservices
Apple. (2016, September 9). Creating XPC Services. Retrieved April 19, 2022.
Internal MISP references
UUID 029acdee-95d6-47a7-86de-0f6b925cef9c
which can be used as unique global reference for creatingXPCservices
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-19T00:00:00Z |
date_published | 2016-09-09T00:00:00Z |
source | MITRE |
title | Creating XPC Services |
GitHub Creddump7
Flathers, R. (2018, February 19). creddump7. Retrieved April 11, 2018.
Internal MISP references
UUID 276975da-7b5f-49aa-975e-4ac9bc527cf2
which can be used as unique global reference for GitHub Creddump7
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-11T00:00:00Z |
date_published | 2018-02-19T00:00:00Z |
source | MITRE |
title | creddump7 |
Microsoft Midnight Blizzard Replay Attack
Microsoft Threat Intelligence. (2023, June 21). Credential Attacks. Retrieved September 27, 2023.
Internal MISP references
UUID 5af0008b-0ced-5d1d-bbc9-6c9d60835071
which can be used as unique global reference for Microsoft Midnight Blizzard Replay Attack
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-27T00:00:00Z |
date_published | 2023-06-21T00:00:00Z |
source | MITRE |
title | Credential Attacks |
Anomali Template Injection MAR 2018
Intel_Acquisition_Team. (2018, March 1). Credential Harvesting and Malicious File Delivery using Microsoft Office Template Injection. Retrieved July 20, 2018.
Internal MISP references
UUID 3cdeb2a2-9582-4725-a132-6503dbe04e1d
which can be used as unique global reference for Anomali Template Injection MAR 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-20T00:00:00Z |
date_published | 2018-03-01T00:00:00Z |
source | MITRE |
title | Credential Harvesting and Malicious File Delivery using Microsoft Office Template Injection |
Microsoft Credential Locker
Microsoft. (2013, October 23). Credential Locker Overview. Retrieved November 24, 2020.
Internal MISP references
UUID 77505354-bb08-464c-9176-d0015a62c7c9
which can be used as unique global reference for Microsoft Credential Locker
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-24T00:00:00Z |
date_published | 2013-10-23T00:00:00Z |
source | MITRE |
title | Credential Locker Overview |
Microsoft CredEnumerate
Microsoft. (2018, December 5). CredEnumarateA function (wincred.h). Retrieved November 24, 2020.
Internal MISP references
UUID ec3e7b3f-99dd-4f2f-885b-09d66b01fe3e
which can be used as unique global reference for Microsoft CredEnumerate
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-24T00:00:00Z |
date_published | 2018-12-05T00:00:00Z |
source | MITRE |
title | CredEnumarateA function (wincred.h) |
SentinelLabs Intermittent Encryption September 08 2022
Aleksandar Milenkoski, Jim Walter. (2022, September 8). Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection. Retrieved August 10, 2023.
Internal MISP references
UUID 09cae6de-e026-43a5-a8bc-7ff8e8205232
which can be used as unique global reference for SentinelLabs Intermittent Encryption September 08 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-10T00:00:00Z |
date_published | 2022-09-08T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Crimeware Trends |
TrendmicroHideoutsLease
Max Goncharov. (2015, July 15). Criminal Hideouts for Lease: Bulletproof Hosting Services. Retrieved March 6, 2017.
Internal MISP references
UUID 527de869-3c76-447c-98c4-c37a2acf75e2
which can be used as unique global reference for TrendmicroHideoutsLease
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-06T00:00:00Z |
date_published | 2015-07-15T00:00:00Z |
source | MITRE |
title | Criminal Hideouts for Lease: Bulletproof Hosting Services |
doppelpaymer_crowdstrike
Hurley, S. (2021, December 7). Critical Hit: How DoppelPaymer Hunts and Kills Windows Processes. Retrieved January 26, 2022.
Internal MISP references
UUID 54b5d8af-21f0-4d1c-ada8-b87db85dd742
which can be used as unique global reference for doppelpaymer_crowdstrike
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-26T00:00:00Z |
date_published | 2021-12-07T00:00:00Z |
source | MITRE |
title | Critical Hit: How DoppelPaymer Hunts and Kills Windows Processes |
Critical Vulnerabilities in PaperCut Print Management Software
Team Huntress. (2023, April 21). Critical Vulnerabilities in PaperCut Print Management Software. Retrieved May 8, 2023.
Internal MISP references
UUID 874f40f9-146d-4a52-93fd-9b2e7981b6da
which can be used as unique global reference for Critical Vulnerabilities in PaperCut Print Management Software
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-08T00:00:00Z |
date_published | 2023-04-21T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Critical Vulnerabilities in PaperCut Print Management Software |
Security Affairs SILENTTRINITY July 2019
Paganini, P. (2019, July 7). Croatia government agencies targeted with news SilentTrinity malware. Retrieved March 23, 2022.
Internal MISP references
UUID b4945fc0-b89b-445c-abfb-14959deba3d0
which can be used as unique global reference for Security Affairs SILENTTRINITY July 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-23T00:00:00Z |
date_published | 2019-07-07T00:00:00Z |
source | MITRE |
title | Croatia government agencies targeted with news SilentTrinity malware |
Die.net Linux crontab Man Page
Paul Vixie. (n.d.). crontab(5) - Linux man page. Retrieved December 19, 2017.
Internal MISP references
UUID 0339c2ab-7a08-4976-90eb-1637c23c5644
which can be used as unique global reference for Die.net Linux crontab Man Page
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-19T00:00:00Z |
source | MITRE |
title | crontab(5) - Linux man page |
Symantec Frutas Feb 2013
Bingham, J. (2013, February 11). Cross-Platform Frutas RAT Builder and Back Door. Retrieved April 23, 2019.
Internal MISP references
UUID 8d9f88be-9ddf-485b-9333-7e41704ec64f
which can be used as unique global reference for Symantec Frutas Feb 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-23T00:00:00Z |
date_published | 2013-02-11T00:00:00Z |
source | MITRE |
title | Cross-Platform Frutas RAT Builder and Back Door |
Bishop Fox Sliver Framework August 2019
Kervella, R. (2019, August 4). Cross-platform General Purpose Implant Framework Written in Golang. Retrieved July 30, 2021.
Internal MISP references
UUID 51e67e37-2d61-4228-999b-bec6f80cf106
which can be used as unique global reference for Bishop Fox Sliver Framework August 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-07-30T00:00:00Z |
date_published | 2019-08-04T00:00:00Z |
source | MITRE |
title | Cross-platform General Purpose Implant Framework Written in Golang |
Okta Cross-Tenant Impersonation 2023
Okta Defensive Cyber Operations. (2023, August 31). Cross-Tenant Impersonation: Prevention and Detection. Retrieved February 15, 2024.
Internal MISP references
UUID d54188b5-86eb-52a0-8384-823c45431762
which can be used as unique global reference for Okta Cross-Tenant Impersonation 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-15T00:00:00Z |
date_published | 2023-08-31T00:00:00Z |
source | MITRE |
title | Cross-Tenant Impersonation: Prevention and Detection |
Okta Cross-Tenant Impersonation
Okta Defensive Cyber Operations. (2023, August 31). Cross-Tenant Impersonation: Prevention and Detection. Retrieved March 4, 2024.
Internal MISP references
UUID 77dbd22f-ce57-50f7-9c6b-8dc874a4d80d
which can be used as unique global reference for Okta Cross-Tenant Impersonation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-04T00:00:00Z |
date_published | 2023-08-31T00:00:00Z |
source | MITRE |
title | Cross-Tenant Impersonation: Prevention and Detection |
Crowdstrike CrowdCast Oct 2013
Crowdstrike. (2013, October 16). CrowdCasts Monthly: You Have an Adversary Problem. Retrieved March 1, 2017.
Internal MISP references
UUID 2062a229-58b3-4610-99cb-8907e7fbb350
which can be used as unique global reference for Crowdstrike CrowdCast Oct 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-01T00:00:00Z |
date_published | 2013-10-16T00:00:00Z |
source | MITRE |
title | CrowdCasts Monthly: You Have an Adversary Problem |
Crowdstrike Global Threat Report Feb 2018
CrowdStrike. (2018, February 26). CrowdStrike 2018 Global Threat Report. Retrieved October 10, 2018.
Internal MISP references
UUID 6c1ace5b-66b2-4c56-9301-822aad2c3c16
which can be used as unique global reference for Crowdstrike Global Threat Report Feb 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-10T00:00:00Z |
date_published | 2018-02-26T00:00:00Z |
source | MITRE |
title | CrowdStrike 2018 Global Threat Report |
CrowdStrike GTR 2021 June 2021
CrowdStrike. (2021, June 7). CrowdStrike 2021 Global Threat Report. Retrieved September 29, 2021.
Internal MISP references
UUID ec58e524-6de5-4cbb-a5d3-984b9b652f26
which can be used as unique global reference for CrowdStrike GTR 2021 June 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
date_published | 2021-06-07T00:00:00Z |
source | MITRE |
title | CrowdStrike 2021 Global Threat Report |
CrowdStrike Adversary Carbon Spider
CrowdStrike. (2022, June 01). CrowdStrike Adversary Carbon Spider. Retrieved June 01, 2022.
Internal MISP references
UUID 9e28d375-c4a7-405f-9fff-7374c19f3af7
which can be used as unique global reference for CrowdStrike Adversary Carbon Spider
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-01T00:00:00Z |
source | Tidal Cyber |
title | CrowdStrike Adversary Carbon Spider |
CrowdStrike Adversary Cozy Bear
CrowdStrike. (2022, May 4). CrowdStrike Adversary Cozy Bear. Retrieved May 4, 2022.
Internal MISP references
UUID 0998ad7a-b4aa-44af-a665-dc58a3a6f800
which can be used as unique global reference for CrowdStrike Adversary Cozy Bear
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-04T00:00:00Z |
source | Tidal Cyber |
title | CrowdStrike Adversary Cozy Bear |
CrowdStrike Labyrinth Chollima Feb 2022
CrowdStrike. (2022, February 1). CrowdStrike Adversary Labyrinth Chollima. Retrieved February 1, 2022.
Internal MISP references
UUID ffe31bbf-a40d-4285-96a0-53c54298a680
which can be used as unique global reference for CrowdStrike Labyrinth Chollima Feb 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-01T00:00:00Z |
date_published | 2022-02-01T00:00:00Z |
source | MITRE |
title | CrowdStrike Adversary Labyrinth Chollima |
CrowdStrike Adversary Ocean Buffalo
CrowdStrike. (2022, June 25). CrowdStrike Adversary Ocean Bufallo. Retrieved June 25, 2022.
Internal MISP references
UUID 466795cb-0269-4d0c-a48c-d71e9dfd9a3c
which can be used as unique global reference for CrowdStrike Adversary Ocean Buffalo
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-25T00:00:00Z |
source | Tidal Cyber |
title | CrowdStrike Adversary Ocean Buffalo |
CrowdStrike Adversary Venomous Bear
CrowdStrike. (2022, May 4). CrowdStrike Adversary Venomous Bear. Retrieved May 4, 2022.
Internal MISP references
UUID 8c04f2b8-74ba-44a5-9580-96eabdbbcda9
which can be used as unique global reference for CrowdStrike Adversary Venomous Bear
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-04T00:00:00Z |
source | Tidal Cyber |
title | CrowdStrike Adversary Venomous Bear |
CrowdStrike Adversary Wizard Spider
CrowdStrike. (2022, June 23). CrowdStrike Adversary Wizard Spider. Retrieved June 23, 2022.
Internal MISP references
UUID 05f382c4-5163-49e0-a8a0-cf3a5992ef18
which can be used as unique global reference for CrowdStrike Adversary Wizard Spider
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-23T00:00:00Z |
source | Tidal Cyber |
title | CrowdStrike Adversary Wizard Spider |
Crowdstrike DriveSlayer February 2022
Thomas, W. et al. (2022, February 25). CrowdStrike Falcon Protects from New Wiper Malware Used in Ukraine Cyberattacks. Retrieved March 25, 2022.
Internal MISP references
UUID 4f01e901-58f8-4fdb-ac8c-ef4b6bfd068e
which can be used as unique global reference for Crowdstrike DriveSlayer February 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-25T00:00:00Z |
date_published | 2022-02-25T00:00:00Z |
source | MITRE |
title | CrowdStrike Falcon Protects from New Wiper Malware Used in Ukraine Cyberattacks |
CrowdStrike Putter Panda
Crowdstrike Global Intelligence Team. (2014, June 9). CrowdStrike Intelligence Report: Putter Panda. Retrieved January 22, 2016.
Internal MISP references
UUID 413962d0-bd66-4000-a077-38c2677995d1
which can be used as unique global reference for CrowdStrike Putter Panda
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-22T00:00:00Z |
date_published | 2014-06-09T00:00:00Z |
source | MITRE, Tidal Cyber |
title | CrowdStrike Intelligence Report: Putter Panda |
Softpedia MinerC
Cimpanu, C.. (2016, September 9). Cryptocurrency Mining Malware Discovered Targeting Seagate NAS Hard Drives. Retrieved October 12, 2016.
Internal MISP references
UUID 087b9bf1-bd9e-4cd6-a386-d9d2c812c927
which can be used as unique global reference for Softpedia MinerC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-10-12T00:00:00Z |
date_published | 2016-09-09T00:00:00Z |
source | MITRE |
title | Cryptocurrency Mining Malware Discovered Targeting Seagate NAS Hard Drives |
Microsoft Cryptojacking 2023
Microsoft Threat Intelligence. (2023, July 25). Cryptojacking: Understanding and defending against cloud compute resource abuse. Retrieved September 5, 2023.
Internal MISP references
UUID e2dbc963-b913-5a44-bb61-88a3f0d8d8a3
which can be used as unique global reference for Microsoft Cryptojacking 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-05T00:00:00Z |
date_published | 2023-07-25T00:00:00Z |
source | MITRE |
title | Cryptojacking: Understanding and defending against cloud compute resource abuse |
Microsoft CryptUnprotectData April 2018
Microsoft. (2018, April 12). CryptUnprotectData function. Retrieved June 18, 2019.
Internal MISP references
UUID 258088ae-96c2-4520-8eb5-1a7e540a9a24
which can be used as unique global reference for Microsoft CryptUnprotectData April 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-18T00:00:00Z |
date_published | 2018-04-12T00:00:00Z |
source | MITRE |
title | CryptUnprotectData function |
Csc.exe - LOLBAS Project
LOLBAS. (2018, May 25). Csc.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 276c9e55-4673-426d-8f49-06edee2e3b30
which can be used as unique global reference for Csc.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Csc.exe |
Cscript.exe - LOLBAS Project
LOLBAS. (2018, May 25). Cscript.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 428b6223-63b7-497f-b13a-e472b4583a9f
which can be used as unique global reference for Cscript.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Cscript.exe |
csi.exe - LOLBAS Project
LOLBAS. (2018, May 25). csi.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b810ee91-de4e-4c7b-8fa8-24dca95133e5
which can be used as unique global reference for csi.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | csi.exe |
OWASP CSV Injection
Albinowax Timo Goosen. (n.d.). CSV Injection. Retrieved February 7, 2022.
Internal MISP references
UUID 0cdde66c-a7ae-48a2-8ade-067643de304d
which can be used as unique global reference for OWASP CSV Injection
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-07T00:00:00Z |
source | MITRE |
title | CSV Injection |
Microsoft Subkey
Microsoft. (n.d.). CurrentControlSet\Services Subkey Entries. Retrieved November 30, 2014.
Internal MISP references
UUID be233077-7bb4-48be-aecf-03258931527d
which can be used as unique global reference for Microsoft Subkey
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-30T00:00:00Z |
source | MITRE |
title | CurrentControlSet\Services Subkey Entries |
Microsoft SolarWinds Customer Guidance
MSRC. (2020, December 13). Customer Guidance on Recent Nation-State Cyber Attacks. Retrieved December 17, 2020.
Internal MISP references
UUID b486ae40-a854-4998-bf1b-aaf6ea2047ed
which can be used as unique global reference for Microsoft SolarWinds Customer Guidance
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-17T00:00:00Z |
date_published | 2020-12-13T00:00:00Z |
source | MITRE |
title | Customer Guidance on Recent Nation-State Cyber Attacks |
Microsoft - Customer Guidance on Recent Nation-State Cyber Attacks
MSRC. (2020, December 13). Customer Guidance on Recent Nation-State Cyber Attacks. Retrieved December 30, 2020.
Internal MISP references
UUID 47031992-841f-4ef4-87c6-bb4c077fb8dc
which can be used as unique global reference for Microsoft - Customer Guidance on Recent Nation-State Cyber Attacks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-30T00:00:00Z |
date_published | 2020-12-13T00:00:00Z |
source | MITRE |
title | Customer Guidance on Recent Nation-State Cyber Attacks |
Login Scripts Apple Dev
Apple. (2016, September 13). Customizing Login and Logout. Retrieved April 1, 2022.
Internal MISP references
UUID 9c0094b6-a8e3-4f4d-8d2e-33b408d44a06
which can be used as unique global reference for Login Scripts Apple Dev
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-01T00:00:00Z |
date_published | 2016-09-13T00:00:00Z |
source | MITRE |
title | Customizing Login and Logout |
TechNet Screensaver GP
Microsoft. (n.d.). Customizing the Desktop. Retrieved December 5, 2017.
Internal MISP references
UUID 7cf8056e-6d3b-4930-9d2c-160d7d9636ac
which can be used as unique global reference for TechNet Screensaver GP
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-05T00:00:00Z |
source | MITRE |
title | Customizing the Desktop |
CustomShellHost.exe - LOLBAS Project
LOLBAS. (2021, November 14). CustomShellHost.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 96324ab1-7eb8-42dc-b19a-fa1d9f85e239
which can be used as unique global reference for CustomShellHost.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-11-14T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | CustomShellHost.exe |
Mandiant Cutting Edge Part 2 January 2024
Lin, M. et al. (2024, January 31). Cutting Edge, Part 2: Investigating Ivanti Connect Secure VPN Zero-Day Exploitation. Retrieved February 27, 2024.
Internal MISP references
UUID 5209d259-4293-58c0-bbdc-f30ff77d57f7
which can be used as unique global reference for Mandiant Cutting Edge Part 2 January 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-27T00:00:00Z |
date_published | 2024-01-31T00:00:00Z |
source | MITRE |
title | Cutting Edge, Part 2: Investigating Ivanti Connect Secure VPN Zero-Day Exploitation |
Mandiant Cutting Edge Part 3 February 2024
Lin, M. et al. (2024, February 27). Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts. Retrieved March 1, 2024.
Internal MISP references
UUID 49e5b125-5503-5cb0-9a56-a93f82b55753
which can be used as unique global reference for Mandiant Cutting Edge Part 3 February 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-01T00:00:00Z |
date_published | 2024-02-27T00:00:00Z |
source | MITRE |
title | Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts |
Mandiant Cutting Edge January 2024
McLellan, T. et al. (2024, January 12). Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation. Retrieved February 27, 2024.
Internal MISP references
UUID 9d9ec923-89c1-5155-ae6e-98d4776d4250
which can be used as unique global reference for Mandiant Cutting Edge January 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-27T00:00:00Z |
date_published | 2024-01-12T00:00:00Z |
source | MITRE |
title | Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation |
Symantec Naid in the Wild June 2012
Symantec Security Response. (2012, June 18). CVE-2012-1875 Exploited in the Wild - Part 1 (Trojan.Naid). Retrieved February 22, 2018.
Internal MISP references
UUID e1531171-709c-4043-9e3a-af9e37f3ac57
which can be used as unique global reference for Symantec Naid in the Wild June 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-22T00:00:00Z |
date_published | 2012-06-18T00:00:00Z |
source | MITRE |
title | CVE-2012-1875 Exploited in the Wild - Part 1 (Trojan.Naid) |
NVD CVE-2014-7169
National Vulnerability Database. (2017, September 24). CVE-2014-7169 Detail. Retrieved April 3, 2018.
Internal MISP references
UUID c3aab918-51c6-4773-8677-a89b27a00eb1
which can be used as unique global reference for NVD CVE-2014-7169
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-03T00:00:00Z |
date_published | 2017-09-24T00:00:00Z |
source | MITRE |
title | CVE-2014-7169 Detail |
NVD CVE-2016-6662
National Vulnerability Database. (2017, February 2). CVE-2016-6662 Detail. Retrieved April 3, 2018.
Internal MISP references
UUID 1813c26d-da68-4a82-a959-27351dd5e51b
which can be used as unique global reference for NVD CVE-2016-6662
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-03T00:00:00Z |
date_published | 2017-02-02T00:00:00Z |
source | MITRE |
title | CVE-2016-6662 Detail |
NVD CVE-2017-0176
National Vulnerability Database. (2017, June 22). CVE-2017-0176 Detail. Retrieved April 3, 2018.
Internal MISP references
UUID 82602351-0ab0-48d7-90dd-f4536b4d009b
which can be used as unique global reference for NVD CVE-2017-0176
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-03T00:00:00Z |
date_published | 2017-06-22T00:00:00Z |
source | MITRE |
title | CVE-2017-0176 Detail |
FireEye Attacks Leveraging HTA
Berry, A., Galang, L., Jiang, G., Leathery, J., Mohandas, R. (2017, April 11). CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler. Retrieved October 27, 2017.
Internal MISP references
UUID 1876a476-b2ff-4605-a78b-89443d21b063
which can be used as unique global reference for FireEye Attacks Leveraging HTA
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-10-27T00:00:00Z |
date_published | 2017-04-11T00:00:00Z |
source | MITRE |
title | CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler |
Microsoft CVE-2017-8625 Aug 2017
Microsoft. (2017, August 8). CVE-2017-8625 - Internet Explorer Security Feature Bypass Vulnerability. Retrieved October 3, 2018.
Internal MISP references
UUID 402cb526-ef57-4d27-b96b-f98008abe716
which can be used as unique global reference for Microsoft CVE-2017-8625 Aug 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-03T00:00:00Z |
date_published | 2017-08-08T00:00:00Z |
source | MITRE |
title | CVE-2017-8625 - Internet Explorer Security Feature Bypass Vulnerability |
NVD CVE-2019-3610
National Vulnerability Database. (2019, October 9). CVE-2019-3610 Detail. Retrieved April 14, 2021.
Internal MISP references
UUID 889b742e-7572-4aad-8944-7f071483b613
which can be used as unique global reference for NVD CVE-2019-3610
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-14T00:00:00Z |
date_published | 2019-10-09T00:00:00Z |
source | MITRE |
title | CVE-2019-3610 Detail |
CVMServer Vuln
Mickey Jin. (2021, June 3). CVE-2021-30724: CVMServer Vulnerability in macOS and iOS. Retrieved October 12, 2021.
Internal MISP references
UUID 6f83da0c-d2ce-4923-ba32-c6886eb22587
which can be used as unique global reference for CVMServer Vuln
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-12T00:00:00Z |
date_published | 2021-06-03T00:00:00Z |
source | MITRE |
title | CVE-2021-30724: CVMServer Vulnerability in macOS and iOS |
Crowdstrike Kubernetes Container Escape
Manoj Ahuje. (2022, January 31). CVE-2022-0185: Kubernetes Container Escape Using Linux Kernel Exploit. Retrieved July 6, 2022.
Internal MISP references
UUID 84d5f015-9014-417c-b2a9-f650fe19d448
which can be used as unique global reference for Crowdstrike Kubernetes Container Escape
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-06T00:00:00Z |
date_published | 2022-01-31T00:00:00Z |
source | MITRE |
title | CVE-2022-0185: Kubernetes Container Escape Using Linux Kernel Exploit |
CyberArk Labs Safe Mode 2016
Naim, D.. (2016, September 15). CyberArk Labs: From Safe Mode to Domain Compromise. Retrieved June 23, 2021.
Internal MISP references
UUID bd9c14dd-0e2a-447b-a245-f548734d2400
which can be used as unique global reference for CyberArk Labs Safe Mode 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-23T00:00:00Z |
date_published | 2016-09-15T00:00:00Z |
source | MITRE |
title | CyberArk Labs: From Safe Mode to Domain Compromise |
PJ Cyber Army of Russia 2023
PJ04857920. (2023, November 30). Cyber Army of Russia — DDoS Tool. Retrieved April 30, 2024.
Internal MISP references
UUID 3e42ff96-fc7e-418e-8d8b-076a1a47981e
which can be used as unique global reference for PJ Cyber Army of Russia 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-30T00:00:00Z |
date_published | 2023-11-30T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Cyber Army of Russia — DDoS Tool |
Cyware Ngrok May 2019
Cyware. (2019, May 29). Cyber attackers leverage tunneling service to drop Lokibot onto victims’ systems. Retrieved September 15, 2020.
Internal MISP references
UUID 583a01b6-cb4e-41e7-aade-ac2fd19bda4e
which can be used as unique global reference for Cyware Ngrok May 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-15T00:00:00Z |
date_published | 2019-05-29T00:00:00Z |
source | MITRE |
title | Cyber attackers leverage tunneling service to drop Lokibot onto victims’ systems |
The Record RansomHub June 3 2024
Jonathan Greig. (2024, June 3). Cyberattack on telecom giant Frontier claimed by RansomHub. Retrieved June 7, 2024.
Internal MISP references
UUID 1e474240-bd12-4472-8e69-1631b0e4c102
which can be used as unique global reference for The Record RansomHub June 3 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-06-07T00:00:00Z |
date_published | 2024-06-03T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Cyberattack on telecom giant Frontier claimed by RansomHub |
Microsoft Phosphorus Oct 2020
Burt, T. (2020, October 28). Cyberattacks target international conference attendees. Retrieved March 8, 2021.
Internal MISP references
UUID 8986c21c-16a0-4a53-8e37-9935bbbfaa4b
which can be used as unique global reference for Microsoft Phosphorus Oct 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-08T00:00:00Z |
date_published | 2020-10-28T00:00:00Z |
source | MITRE |
title | Cyberattacks target international conference attendees |
Check Point Mid-Year Report 2022
Check Point Software. (2022, August 3). Cyber Attack Trends: Check Point's 2022 Mid-Year Report. Retrieved May 18, 2022.
Internal MISP references
UUID e929cd86-9903-481c-a841-ba387831cb77
which can be used as unique global reference for Check Point Mid-Year Report 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-18T00:00:00Z |
date_published | 2022-08-03T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Cyber Attack Trends: Check Point's 2022 Mid-Year Report |
Talos Seduploader Oct 2017
Mercer, W., et al. (2017, October 22). "Cyber Conflict" Decoy Document Used in Real Cyber Conflict. Retrieved November 2, 2018.
Internal MISP references
UUID 2db77619-72df-461f-84bf-2d1c3499a5c0
which can be used as unique global reference for Talos Seduploader Oct 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-02T00:00:00Z |
date_published | 2017-10-22T00:00:00Z |
source | MITRE |
title | "Cyber Conflict" Decoy Document Used in Real Cyber Conflict |
FBI-search
FBI. (2022, December 21). Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users. Retrieved February 21, 2023.
Internal MISP references
UUID deea5b42-bfab-50af-8d85-cc04fd317a82
which can be used as unique global reference for FBI-search
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-21T00:00:00Z |
date_published | 2022-12-21T00:00:00Z |
source | MITRE |
title | Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users |
Secureworks GOLD KINGSWOOD September 2018
CTU. (2018, September 27). Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish. Retrieved September 20, 2021.
Internal MISP references
UUID cda529b2-e152-4ff0-a6b3-d0305b09fef9
which can be used as unique global reference for Secureworks GOLD KINGSWOOD September 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-20T00:00:00Z |
date_published | 2018-09-27T00:00:00Z |
source | MITRE |
title | Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish |
Cybereason OSX Pirrit
Amit Serper. (2016). Cybereason Lab Analysis OSX.Pirrit. Retrieved December 10, 2021.
Internal MISP references
UUID ebdf09ed-6eec-450f-aaea-067504ec25ca
which can be used as unique global reference for Cybereason OSX Pirrit
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-10T00:00:00Z |
date_published | 2016-01-01T00:00:00Z |
source | MITRE |
title | Cybereason Lab Analysis OSX.Pirrit |
Zdnet Kimsuky Dec 2018
Cimpanu, C.. (2018, December 5). Cyber-espionage group uses Chrome extension to infect victims. Retrieved August 26, 2019.
Internal MISP references
UUID b17acdc3-0163-4c98-b5fb-a457a7e6b58d
which can be used as unique global reference for Zdnet Kimsuky Dec 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-08-26T00:00:00Z |
date_published | 2018-12-05T00:00:00Z |
source | MITRE |
title | Cyber-espionage group uses Chrome extension to infect victims |
FireEye APT32 May 2017
Carr, N.. (2017, May 14). Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations. Retrieved June 18, 2017.
Internal MISP references
UUID b72d017b-a70f-4003-b3d9-90d79aca812d
which can be used as unique global reference for FireEye APT32 May 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-06-18T00:00:00Z |
date_published | 2017-05-14T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations |
Shadowserver Strategic Web Compromise
Adair, S., Moran, N. (2012, May 15). Cyber Espionage & Strategic Web Compromises – Trusted Websites Serving Dangerous Results. Retrieved March 13, 2018.
Internal MISP references
UUID cf531866-ac3c-4078-b847-5b4af7eb161f
which can be used as unique global reference for Shadowserver Strategic Web Compromise
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-13T00:00:00Z |
date_published | 2012-05-15T00:00:00Z |
source | MITRE |
title | Cyber Espionage & Strategic Web Compromises – Trusted Websites Serving Dangerous Results |
CyberKnow Tweet July 7 2022
Cyberknow20. (2022, July 7). CyberKnow Tweet July 7 2022. Retrieved October 10, 2023.
Internal MISP references
UUID a37564a4-ff83-4ce0-818e-80750172f302
which can be used as unique global reference for CyberKnow Tweet July 7 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-10T00:00:00Z |
date_published | 2022-07-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | CyberKnow Tweet July 7 2022 |
Cyber Safety Review Board: Lapsus
CISA. (2023, August). Cyber Safety Review Board: Lapsus. Retrieved January 5, 2024.
Internal MISP references
UUID 4b713738-d767-5243-b9af-4d7ac7b0b349
which can be used as unique global reference for Cyber Safety Review Board: Lapsus
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-05T00:00:00Z |
date_published | 2023-08-01T00:00:00Z |
source | MITRE |
title | Cyber Safety Review Board: Lapsus |
CISA Scattered Spider Advisory November 2023
CISA. (2023, November 16). Cybersecurity Advisory: Scattered Spider (AA23-320A). Retrieved March 18, 2024.
Internal MISP references
UUID deae8b2c-39dd-5252-b846-88e1cab099c2
which can be used as unique global reference for CISA Scattered Spider Advisory November 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-18T00:00:00Z |
date_published | 2023-11-16T00:00:00Z |
source | MITRE |
title | Cybersecurity Advisory: Scattered Spider (AA23-320A) |
NSA NCSC Turla OilRig
NSA/NCSC. (2019, October 21). Cybersecurity Advisory: Turla Group Exploits Iranian APT To Expand Coverage Of Victims. Retrieved October 16, 2020.
Internal MISP references
UUID 3e86a807-5188-4278-9a58-babd23b86410
which can be used as unique global reference for NSA NCSC Turla OilRig
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-16T00:00:00Z |
date_published | 2019-10-21T00:00:00Z |
source | MITRE |
title | Cybersecurity Advisory: Turla Group Exploits Iranian APT To Expand Coverage Of Victims |
OPM Leak
Cybersecurity Resource Center. (n.d.). CYBERSECURITY INCIDENTS. Retrieved October 20, 2020.
Internal MISP references
UUID b67ed4e9-ed44-460a-bd59-c978bdfda32f
which can be used as unique global reference for OPM Leak
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
source | MITRE |
title | CYBERSECURITY INCIDENTS |
ExpressVPN PATH env Windows 2021
ExpressVPN Security Team. (2021, November 16). Cybersecurity lessons: A PATH vulnerability in Windows. Retrieved September 28, 2023.
Internal MISP references
UUID 26096485-1dd6-512a-a2a1-27dbbfb6fde0
which can be used as unique global reference for ExpressVPN PATH env Windows 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-28T00:00:00Z |
date_published | 2021-11-16T00:00:00Z |
source | MITRE |
title | Cybersecurity lessons: A PATH vulnerability in Windows |
SCILabs Malteiro 2021
SCILabs. (2021, December 23). Cyber Threat Profile Malteiro. Retrieved March 13, 2024.
Internal MISP references
UUID c6948dfc-b133-556b-a8ac-b3a4dba09c0e
which can be used as unique global reference for SCILabs Malteiro 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-13T00:00:00Z |
date_published | 2021-12-23T00:00:00Z |
source | MITRE |
title | Cyber Threat Profile Malteiro |
Cyber Threat Profile MALTEIRO – Sciblog
blog.scilabs.mx. (2021, December 23). Cyber Threat Profile MALTEIRO – Sciblog. Retrieved May 17, 2023.
Internal MISP references
UUID 1f46872c-6255-4ce0-a6c3-2bfa9e767765
which can be used as unique global reference for Cyber Threat Profile MALTEIRO – Sciblog
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-17T00:00:00Z |
date_published | 2021-12-23T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Cyber Threat Profile MALTEIRO – Sciblog |
NCSC Cyclops Blink February 2022
NCSC. (2022, February 23). Cyclops Blink Malware Analysis Report. Retrieved March 3, 2022.
Internal MISP references
UUID 91ed6adf-f066-49e4-8ec7-1989bc6615a6
which can be used as unique global reference for NCSC Cyclops Blink February 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-03T00:00:00Z |
date_published | 2022-02-23T00:00:00Z |
source | MITRE |
title | Cyclops Blink Malware Analysis Report |
Trend Micro Cyclops Blink March 2022
Haquebord, F. et al. (2022, March 17). Cyclops Blink Sets Sights on Asus Routers. Retrieved March 17, 2022.
Internal MISP references
UUID 64e9a24f-f386-4774-9874-063e0ebfb8e1
which can be used as unique global reference for Trend Micro Cyclops Blink March 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-17T00:00:00Z |
date_published | 2022-03-17T00:00:00Z |
source | MITRE |
title | Cyclops Blink Sets Sights on Asus Routers |
Cynet Ragnar Apr 2020
Gold, B. (2020, April 27). Cynet Detection Report: Ragnar Locker Ransomware. Retrieved June 29, 2020.
Internal MISP references
UUID aeb637ea-0b83-42a0-8f68-9fdc59aa462a
which can be used as unique global reference for Cynet Ragnar Apr 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-29T00:00:00Z |
date_published | 2020-04-27T00:00:00Z |
source | MITRE |
title | Cynet Detection Report: Ragnar Locker Ransomware |
Microsoft DACL May 2018
Microsoft. (2018, May 30). DACLs and ACEs. Retrieved August 19, 2018.
Internal MISP references
UUID 32a250ca-a7eb-4d7f-af38-f3e6a09540e2
which can be used as unique global reference for Microsoft DACL May 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-19T00:00:00Z |
date_published | 2018-05-30T00:00:00Z |
source | MITRE |
title | DACLs and ACEs |
Apple Developer Doco Archive Launchd
Apple. (2016, September 13). Daemons and Services Programming Guide - Creating Launch Daemons and Agents. Retrieved February 24, 2021.
Internal MISP references
UUID 41311827-3d81-422a-9b07-ee8ddc2fc7f1
which can be used as unique global reference for Apple Developer Doco Archive Launchd
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-24T00:00:00Z |
date_published | 2016-09-13T00:00:00Z |
source | MITRE |
title | Daemons and Services Programming Guide - Creating Launch Daemons and Agents |
Kubernetes DaemonSet
Kubernetes. (n.d.). DaemonSet. Retrieved February 15, 2024.
Internal MISP references
UUID 4e4668bd-9bef-597e-ad41-8afe1974b7f6
which can be used as unique global reference for Kubernetes DaemonSet
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-15T00:00:00Z |
source | MITRE |
title | DaemonSet |
Picus Daixin Team October 24 2022
Huseyin Can Yuceel. (2022, October 24). Daixin Team Targets Healthcare Organizations with Ransomware Attacks. Retrieved December 1, 2023.
Internal MISP references
UUID eba3b1b9-d0a0-4c03-8c14-21f7bbcc8a02
which can be used as unique global reference for Picus Daixin Team October 24 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-01T00:00:00Z |
date_published | 2022-10-24T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Daixin Team Targets Healthcare Organizations with Ransomware Attacks |
Medium Eli Salem GuLoader April 2021
Salem, E. (2021, April 19). Dancing With Shellcodes: Cracking the latest version of Guloader. Retrieved July 7, 2021.
Internal MISP references
UUID 87c5e84a-b96d-489d-aa10-db95b78c5a93
which can be used as unique global reference for Medium Eli Salem GuLoader April 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-07-07T00:00:00Z |
date_published | 2021-04-19T00:00:00Z |
source | MITRE |
title | Dancing With Shellcodes: Cracking the latest version of Guloader |
Lookout Dark Caracal Jan 2018
Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.
Internal MISP references
UUID c558f5db-a426-4041-b883-995ec56e7155
which can be used as unique global reference for Lookout Dark Caracal Jan 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-11T00:00:00Z |
date_published | 2018-01-18T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Dark Caracal: Cyber-espionage at a Global Scale |
Dark Clouds_Usenix_Mulazzani_08_2011
Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Markus Huber, and Edgar Weippl. (2011, August). Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space. Retrieved July 14, 2022.
Internal MISP references
UUID ee5d2c9c-c704-4f35-baeb-055a35dd04b5
which can be used as unique global reference for Dark Clouds_Usenix_Mulazzani_08_2011
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-14T00:00:00Z |
date_published | 2011-08-01T00:00:00Z |
source | MITRE |
title | Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space |
TrendMicro DarkComet Sept 2014
TrendMicro. (2014, September 03). DARKCOMET. Retrieved November 6, 2018.
Internal MISP references
UUID fb365600-4961-43ed-8292-1c07cbc530ef
which can be used as unique global reference for TrendMicro DarkComet Sept 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-06T00:00:00Z |
date_published | 2014-09-03T00:00:00Z |
source | MITRE |
title | DARKCOMET |
DarkGate Loader delivered via Teams - Truesec
Jakob Nordenlund. (2023, September 6). DarkGate Loader delivered via Teams - Truesec. Retrieved October 20, 2023.
Internal MISP references
UUID 4222a06f-9528-4076-8037-a27012c2930c
which can be used as unique global reference for DarkGate Loader delivered via Teams - Truesec
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-20T00:00:00Z |
date_published | 2023-09-06T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | DarkGate Loader delivered via Teams - Truesec |
Bleeping Computer DarkGate October 14 2023
Sergiu Gatlan. (2023, October 14). DarkGate malware spreads through compromised Skype accounts. Retrieved October 20, 2023.
Internal MISP references
UUID 313e5558-d8f9-4457-9004-810d9fa5340c
which can be used as unique global reference for Bleeping Computer DarkGate October 14 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-20T00:00:00Z |
date_published | 2023-10-14T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | DarkGate malware spreads through compromised Skype accounts |
Trend Micro DarkGate October 12 2023
Trent Bessell, Ryan Maglaque, Aira Marcelo, Jack Walsh, David Walsh. (2023, October 12). DarkGate Opens Organizations for Attack via Skype, Teams. Retrieved October 20, 2023.
Internal MISP references
UUID 81650f5b-628b-4e76-80d6-2c15cf70d37a
which can be used as unique global reference for Trend Micro DarkGate October 12 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-20T00:00:00Z |
date_published | 2023-10-12T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | DarkGate Opens Organizations for Attack via Skype, Teams |
DarkGate - Threat Breakdown Journey
0xToxin. (n.d.). DarkGate - Threat Breakdown Journey. Retrieved October 20, 2023.
Internal MISP references
UUID 8a1ac4b8-05f6-4be9-a866-e3026bc92c7f
which can be used as unique global reference for DarkGate - Threat Breakdown Journey
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | DarkGate - Threat Breakdown Journey |
Kaspersky Tomiris Sep 2021
Kwiatkoswki, I. and Delcher, P. (2021, September 29). DarkHalo After SolarWinds: the Tomiris connection. Retrieved December 27, 2021.
Internal MISP references
UUID a881a7e4-a1df-4ad2-b67f-ef03caddb721
which can be used as unique global reference for Kaspersky Tomiris Sep 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-27T00:00:00Z |
date_published | 2021-09-29T00:00:00Z |
source | MITRE |
title | DarkHalo After SolarWinds: the Tomiris connection |
Volexity SolarWinds
Cash, D. et al. (2020, December 14). Dark Halo Leverages SolarWinds Compromise to Breach Organizations. Retrieved December 29, 2020.
Internal MISP references
UUID 355cecf8-ef3e-4a6e-a652-3bf26fe46d88
which can be used as unique global reference for Volexity SolarWinds
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-29T00:00:00Z |
date_published | 2020-12-14T00:00:00Z |
source | MITRE |
title | Dark Halo Leverages SolarWinds Compromise to Breach Organizations |
Securelist Darkhotel Aug 2015
Kaspersky Lab's Global Research & Analysis Team. (2015, August 10). Darkhotel's attacks in 2015. Retrieved November 2, 2018.
Internal MISP references
UUID 5a45be49-f5f1-4d5b-b7da-0a2f38194ec1
which can be used as unique global reference for Securelist Darkhotel Aug 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-02T00:00:00Z |
date_published | 2015-08-10T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Darkhotel's attacks in 2015 |
Unit42 DarkHydrus Jan 2019
Lee, B., Falcone, R. (2019, January 18). DarkHydrus delivers new Trojan that can use Google Drive for C2 communications. Retrieved April 17, 2019.
Internal MISP references
UUID eb235504-d142-4c6d-9ffd-3c0b0dd23e80
which can be used as unique global reference for Unit42 DarkHydrus Jan 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-17T00:00:00Z |
date_published | 2019-01-18T00:00:00Z |
source | MITRE |
title | DarkHydrus delivers new Trojan that can use Google Drive for C2 communications |
Unit 42 Phishery Aug 2018
Falcone, R. (2018, August 07). DarkHydrus Uses Phishery to Harvest Credentials in the Middle East. Retrieved August 10, 2018.
Internal MISP references
UUID ab9d59c1-8ea5-4f9c-b733-b16223ffe84a
which can be used as unique global reference for Unit 42 Phishery Aug 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-10T00:00:00Z |
date_published | 2018-08-07T00:00:00Z |
source | MITRE |
title | DarkHydrus Uses Phishery to Harvest Credentials in the Middle East |
Darkside Ransomware Cybereason
Cybereason Nocturnus. (2021, April 1). Cybereason vs. Darkside Ransomware. Retrieved August 18, 2021.
Internal MISP references
UUID eded380e-33e9-4fdc-8e1f-b51d650b9731
which can be used as unique global reference for Darkside Ransomware Cybereason
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-18T00:00:00Z |
source | MITRE |
title | Darkside Ransomware |
DarkSide Ransomware Gang
Ramarcus Baylor. (2021, May 12). DarkSide Ransomware Gang: An Overview. Retrieved August 30, 2022.
Internal MISP references
UUID 5f8d49e8-22da-425f-b63b-a799b97ec2b5
which can be used as unique global reference for DarkSide Ransomware Gang
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-30T00:00:00Z |
date_published | 2021-05-12T00:00:00Z |
source | MITRE |
title | DarkSide Ransomware Gang: An Overview |
Secureworks DarkTortilla Aug 2022
Secureworks Counter Threat Unit Research Team. (2022, August 17). DarkTortilla Malware Analysis. Retrieved November 3, 2022.
Internal MISP references
UUID 4b48cc22-55ac-5b61-b183-9008f7db37fd
which can be used as unique global reference for Secureworks DarkTortilla Aug 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-11-03T00:00:00Z |
date_published | 2022-08-17T00:00:00Z |
source | MITRE |
title | DarkTortilla Malware Analysis |
Securelist DarkVishnya Dec 2018
Golovanov, S. (2018, December 6). DarkVishnya: Banks attacked through direct connection to local network. Retrieved May 15, 2020.
Internal MISP references
UUID da9ac5a7-c644-45fa-ab96-30ac6bfc9f81
which can be used as unique global reference for Securelist DarkVishnya Dec 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-15T00:00:00Z |
date_published | 2018-12-06T00:00:00Z |
source | MITRE, Tidal Cyber |
title | DarkVishnya: Banks attacked through direct connection to local network |
Prevailion DarkWatchman 2021
Smith, S., Stafford, M. (2021, December 14). DarkWatchman: A new evolution in fileless techniques. Retrieved January 10, 2022.
Internal MISP references
UUID 449e7b5c-7c62-4a63-a676-80026a597fc9
which can be used as unique global reference for Prevailion DarkWatchman 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-10T00:00:00Z |
date_published | 2021-12-14T00:00:00Z |
source | MITRE |
title | DarkWatchman: A new evolution in fileless techniques |
Moran 2014
Moran, N., Oppenheim, M., Engle, S., & Wartell, R.. (2014, September 3). Darwin’s Favorite APT Group [Blog]. Retrieved November 12, 2014.
Internal MISP references
UUID 15ef155b-7628-4b18-bc53-1d30be4eac5d
which can be used as unique global reference for Moran 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
date_published | 2014-09-03T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Darwin’s Favorite APT Group [Blog] |
DataSvcUtil.exe - LOLBAS Project
LOLBAS. (2020, December 1). DataSvcUtil.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 0c373780-3202-4036-8c83-f3d468155b35
which can be used as unique global reference for DataSvcUtil.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-12-01T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | DataSvcUtil.exe |
Operation Emmental
botconf eu. (2014, December 31). David Sancho - Finding Holes in Banking 2FA: Operation Emmental. Retrieved January 4, 2024.
Internal MISP references
UUID 36443369-4fa9-4802-8b21-68cc382b949f
which can be used as unique global reference for Operation Emmental
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-04T00:00:00Z |
date_published | 2014-12-31T00:00:00Z |
source | MITRE |
title | David Sancho - Finding Holes in Banking 2FA: Operation Emmental |
Hijacking VNC
Z3RO. (2019, March 10). Day 70: Hijacking VNC (Enum, Brute, Access and Crack). Retrieved September 20, 2021.
Internal MISP references
UUID 7a58938f-058b-4c84-aa95-9c37dcdda1fb
which can be used as unique global reference for Hijacking VNC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-20T00:00:00Z |
date_published | 2019-03-10T00:00:00Z |
source | MITRE |
title | Day 70: Hijacking VNC (Enum, Brute, Access and Crack) |
DBatLoader Actively Distributing Malwares Targeting European Businesses
Zscaler. (2023, March 27). DBatLoader Actively Distributing Malwares Targeting European Businesses. Retrieved May 7, 2023.
Internal MISP references
UUID 42ee2e91-4dac-41ce-b2ec-fde21c258a28
which can be used as unique global reference for DBatLoader Actively Distributing Malwares Targeting European Businesses
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2023-03-27T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | DBatLoader Actively Distributing Malwares Targeting European Businesses |
Microsoft COM ACL
Microsoft. (n.d.). DCOM Security Enhancements in Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1. Retrieved November 22, 2017.
Internal MISP references
UUID 88769217-57f1-46d4-977c-2cb2969db437
which can be used as unique global reference for Microsoft COM ACL
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-22T00:00:00Z |
source | MITRE |
title | DCOM Security Enhancements in Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1 |
DCShadow Blog
Delpy, B. & LE TOUX, V. (n.d.). DCShadow. Retrieved March 20, 2018.
Internal MISP references
UUID 37514816-b8b3-499f-842b-2d8cce9e140b
which can be used as unique global reference for DCShadow Blog
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-20T00:00:00Z |
source | MITRE |
title | DCShadow |
GitHub DCSYNCMonitor
Spencer S. (2018, February 22). DCSYNCMonitor. Retrieved March 30, 2018.
Internal MISP references
UUID be03c794-d9f3-4678-8198-257abf6dcdbd
which can be used as unique global reference for GitHub DCSYNCMonitor
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-30T00:00:00Z |
date_published | 2018-02-22T00:00:00Z |
source | MITRE |
title | DCSYNCMonitor |
DD Man
Kerrisk, M. (2020, February 2). DD(1) User Commands. Retrieved February 21, 2020.
Internal MISP references
UUID f64bee0d-e37d-45d5-9968-58e622e89bfe
which can be used as unique global reference for DD Man
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-21T00:00:00Z |
date_published | 2020-02-02T00:00:00Z |
source | MITRE |
title | DD(1) User Commands |
Arbor SSLDoS April 2012
ASERT Team, Netscout Arbor. (2012, April 24). DDoS Attacks on SSL: Something Old, Something New. Retrieved April 22, 2019.
Internal MISP references
UUID b5de4376-0deb-45de-83a0-09df98480464
which can be used as unique global reference for Arbor SSLDoS April 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-22T00:00:00Z |
date_published | 2012-04-24T00:00:00Z |
source | MITRE |
title | DDoS Attacks on SSL: Something Old, Something New |
CERT-EU DDoS March 2017
Meintanis, S., Revuelto, V., Socha, K.. (2017, March 10). DDoS Overview and Response Guide. Retrieved April 24, 2019.
Internal MISP references
UUID 64341348-f448-4e56-bf78-442b92e6d435
which can be used as unique global reference for CERT-EU DDoS March 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-24T00:00:00Z |
date_published | 2017-03-10T00:00:00Z |
source | MITRE |
title | DDoS Overview and Response Guide |
Unit42 Sofacy Dec 2018
Lee, B., Falcone, R. (2018, December 12). Dear Joohn: The Sofacy Group’s Global Campaign. Retrieved April 19, 2019.
Internal MISP references
UUID 540c4c33-d4c2-4324-94cd-f57646666e32
which can be used as unique global reference for Unit42 Sofacy Dec 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-19T00:00:00Z |
date_published | 2018-12-12T00:00:00Z |
source | MITRE |
title | Dear Joohn: The Sofacy Group’s Global Campaign |
Death by 1000 installers; it's all broken!
Patrick Wardle. (2017). Death by 1000 installers; it's all broken!. Retrieved August 8, 2019.
Internal MISP references
UUID 2ae99e9b-cd00-4e60-ba9e-bcc50e709e88
which can be used as unique global reference for Death by 1000 installers; it's all broken!
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-08-08T00:00:00Z |
date_published | 2017-01-01T00:00:00Z |
source | MITRE |
title | Death by 1000 installers; it's all broken! |
SpecterOps Lateral Movement from Azure to On-Prem AD 2020
Andy Robbins. (2020, August 17). Death from Above: Lateral Movement from Azure to On-Prem AD. Retrieved March 13, 2023.
Internal MISP references
UUID eb97d3d6-21cb-5f27-9a78-1e8576acecdc
which can be used as unique global reference for SpecterOps Lateral Movement from Azure to On-Prem AD 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-13T00:00:00Z |
date_published | 2020-08-17T00:00:00Z |
source | MITRE |
title | Death from Above: Lateral Movement from Azure to On-Prem AD |
Microsoft PowerShell SilentlyContinue
Microsoft. (2023, March 2). $DebugPreference. Retrieved August 30, 2023.
Internal MISP references
UUID ece52a64-1c8d-547d-aedc-ff43d7418cd2
which can be used as unique global reference for Microsoft PowerShell SilentlyContinue
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-30T00:00:00Z |
date_published | 2023-03-02T00:00:00Z |
source | MITRE |
title | $DebugPreference |
virtualization.info 2006
virtualization.info. (Interviewer) & Liguori, A. (Interviewee). (2006, August 11). Debunking Blue Pill myth [Interview transcript]. Retrieved November 13, 2014.
Internal MISP references
UUID 8ff8fb53-e468-4df7-b7e3-b344be1507ae
which can be used as unique global reference for virtualization.info 2006
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-13T00:00:00Z |
date_published | 2006-08-11T00:00:00Z |
source | MITRE |
title | Debunking Blue Pill myth [Interview transcript] |
TrendMicro Confucius APT Feb 2018
Lunghi, D and Horejsi, J. (2018, February 13). Deciphering Confucius: A Look at the Group's Cyberespionage Operations. Retrieved December 26, 2021.
Internal MISP references
UUID d1d5a708-75cb-4d41-b2a3-d035a14ac956
which can be used as unique global reference for TrendMicro Confucius APT Feb 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-26T00:00:00Z |
date_published | 2018-02-13T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Deciphering Confucius: A Look at the Group's Cyberespionage Operations |
Ciberseguridad Decoding malicious RTF files
Pedrero, R.. (2021, July). Decoding malicious RTF files. Retrieved November 16, 2021.
Internal MISP references
UUID 82d2451b-300f-4891-b1e7-ade53dff1126
which can be used as unique global reference for Ciberseguridad Decoding malicious RTF files
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-11-16T00:00:00Z |
date_published | 2021-07-01T00:00:00Z |
source | MITRE |
title | Decoding malicious RTF files |
Nccgroup Gh0st April 2018
Pantazopoulos, N. (2018, April 17). Decoding network data from a Gh0st RAT variant. Retrieved November 2, 2018.
Internal MISP references
UUID 4476aa0a-b1ef-4ac6-9e44-5721a0b3e92b
which can be used as unique global reference for Nccgroup Gh0st April 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-02T00:00:00Z |
date_published | 2018-04-17T00:00:00Z |
source | MITRE |
title | Decoding network data from a Gh0st RAT variant |
MalwareBytes Template Injection OCT 2017
Segura, J. (2017, October 13). Decoy Microsoft Word document delivers malware through a RAT. Retrieved July 21, 2018.
Internal MISP references
UUID 7ef0ab1f-c7d6-46fe-b489-fab4db623e0a
which can be used as unique global reference for MalwareBytes Template Injection OCT 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-21T00:00:00Z |
date_published | 2017-10-13T00:00:00Z |
source | MITRE |
title | Decoy Microsoft Word document delivers malware through a RAT |
Crowdstrike PartyTicket March 2022
Crowdstrike. (2022, March 1). Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities. Retrieved March 1, 2022.
Internal MISP references
UUID 8659fea7-7d65-4ee9-8ceb-cf41204b57e0
which can be used as unique global reference for Crowdstrike PartyTicket March 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-01T00:00:00Z |
date_published | 2022-03-01T00:00:00Z |
source | MITRE |
title | Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities |
Fortinet Emotet May 2017
Xiaopeng Zhang. (2017, May 3). Deep Analysis of New Emotet Variant – Part 1. Retrieved April 1, 2019.
Internal MISP references
UUID 2b8b6ab4-906f-4732-94f8-eaac5ec0151d
which can be used as unique global reference for Fortinet Emotet May 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-01T00:00:00Z |
date_published | 2017-05-03T00:00:00Z |
source | MITRE |
title | Deep Analysis of New Emotet Variant – Part 1 |
Aqua TeamTNT August 2020
Kol, Roi. Morag, A. (2020, August 25). Deep Analysis of TeamTNT Techniques Using Container Images to Attack. Retrieved September 22, 2021.
Internal MISP references
UUID ca10ad0d-1a47-4006-8f76-c2246aee7752
which can be used as unique global reference for Aqua TeamTNT August 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-22T00:00:00Z |
date_published | 2020-08-25T00:00:00Z |
source | MITRE |
title | Deep Analysis of TeamTNT Techniques Using Container Images to Attack |
Bitdefender FIN8 July 2021
Martin Zugec. (2021, July 27). Deep Dive Into a FIN8 Attack - A Forensic Investigation. Retrieved September 1, 2021.
Internal MISP references
UUID aee3179e-1536-40ab-9965-1c10bdaa6dff
which can be used as unique global reference for Bitdefender FIN8 July 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-01T00:00:00Z |
date_published | 2021-07-27T00:00:00Z |
source | MITRE |
title | Deep Dive Into a FIN8 Attack - A Forensic Investigation |
Cyble Ragnar Locker January 20 2022
Cybleinc. (2022, January 20). Deep dive into Ragnar_locker Ransomware Gang. Retrieved September 29, 2023.
Internal MISP references
UUID 390b3063-8d7b-4dee-b5f7-bfd0804f2e30
which can be used as unique global reference for Cyble Ragnar Locker January 20 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-29T00:00:00Z |
date_published | 2022-01-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Deep dive into Ragnar_locker Ransomware Gang |
Sophos Pikabot June 12 2023
Karl Ackerman. (2023, June 12). Deep dive into the Pikabot cyber threat. Retrieved January 11, 2024.
Internal MISP references
UUID f10c37d8-2efe-4d9e-8987-8978beef7e9d
which can be used as unique global reference for Sophos Pikabot June 12 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-11T00:00:00Z |
date_published | 2023-06-12T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Deep dive into the Pikabot cyber threat |
Microsoft Deep Dive Solorigate January 2021
MSTIC, CDOC, 365 Defender Research Team. (2021, January 20). Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop . Retrieved January 22, 2021.
Internal MISP references
UUID ddd70eef-ab94-45a9-af43-c396c9e3fbc6
which can be used as unique global reference for Microsoft Deep Dive Solorigate January 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-22T00:00:00Z |
date_published | 2021-01-20T00:00:00Z |
source | MITRE |
title | Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop |
AADInternals - Device Registration
Dr. Nestori Syynimaa. (2021, March 3). Deep-dive to Azure AD device join. Retrieved March 9, 2022.
Internal MISP references
UUID 978b408d-f9e9-422c-b2d7-741f6cc298d4
which can be used as unique global reference for AADInternals - Device Registration
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-09T00:00:00Z |
date_published | 2021-03-03T00:00:00Z |
source | MITRE |
title | Deep-dive to Azure AD device join |
Alperovitch 2014
Alperovitch, D. (2014, July 7). Deep in Thought: Chinese Targeting of National Security Think Tanks. Retrieved November 12, 2014.
Internal MISP references
UUID 72e19be9-35dd-4199-bc07-bd9d0c664df6
which can be used as unique global reference for Alperovitch 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
date_published | 2014-07-07T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Deep in Thought: Chinese Targeting of National Security Think Tanks |
DefaultPack.EXE - LOLBAS Project
LOLBAS. (2020, October 1). DefaultPack.EXE. Retrieved December 4, 2023.
Internal MISP references
UUID 106efc3e-5816-44ae-a384-5e026e68ab89
which can be used as unique global reference for DefaultPack.EXE - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-10-01T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | DefaultPack.EXE |
Lastline DarkHotel Just In Time Decryption Nov 2015
Arunpreet Singh, Clemens Kolbitsch. (2015, November 5). Defeating Darkhotel Just-In-Time Decryption. Retrieved April 15, 2021.
Internal MISP references
UUID e43341ae-178f-43ba-9d66-f4d0380d2c59
which can be used as unique global reference for Lastline DarkHotel Just In Time Decryption Nov 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-15T00:00:00Z |
date_published | 2015-11-05T00:00:00Z |
source | MITRE |
title | Defeating Darkhotel Just-In-Time Decryption |
piazza launch agent mitigation
Antonio Piazza (4n7m4n). (2021, November 23). Defeating Malicious Launch Persistence. Retrieved April 19, 2022.
Internal MISP references
UUID 8a3591f2-34b0-4914-bb42-d4621966faed
which can be used as unique global reference for piazza launch agent mitigation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-19T00:00:00Z |
date_published | 2021-11-23T00:00:00Z |
source | MITRE |
title | Defeating Malicious Launch Persistence |
VectorSec ForFiles Aug 2017
vector_sec. (2017, August 11). Defenders watching launches of cmd? What about forfiles?. Retrieved January 22, 2018.
Internal MISP references
UUID 8088d15d-9512-4d12-a99a-c76ad9dc3390
which can be used as unique global reference for VectorSec ForFiles Aug 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-22T00:00:00Z |
date_published | 2017-08-11T00:00:00Z |
source | MITRE |
title | Defenders watching launches of cmd? What about forfiles? |
Black Hat 2015 App Shim
Pierce, Sean. (2015, November). Defending Against Malicious Application Compatibility Shims. Retrieved June 22, 2017.
Internal MISP references
UUID 19e3cddb-b077-40cf-92e0-131b12efa4f7
which can be used as unique global reference for Black Hat 2015 App Shim
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-06-22T00:00:00Z |
date_published | 2015-11-01T00:00:00Z |
source | MITRE |
title | Defending Against Malicious Application Compatibility Shims |
TechNet O365 Outlook Rules
Koeller, B.. (2018, February 21). Defending Against Rules and Forms Injection. Retrieved November 5, 2019.
Internal MISP references
UUID c7f9bd2f-254a-4254-8a92-a3ab02455fcb
which can be used as unique global reference for TechNet O365 Outlook Rules
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-11-05T00:00:00Z |
date_published | 2018-02-21T00:00:00Z |
source | MITRE |
title | Defending Against Rules and Forms Injection |
Defending Against Scheduled Task Attacks in Windows Environments
Harshal Tupsamudre. (2022, June 20). Defending Against Scheduled Tasks. Retrieved July 5, 2022.
Internal MISP references
UUID 111d21df-5531-4927-a173-fac9cd7672b3
which can be used as unique global reference for Defending Against Scheduled Task Attacks in Windows Environments
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-05T00:00:00Z |
date_published | 2022-06-20T00:00:00Z |
source | MITRE |
title | Defending Against Scheduled Tasks |
Rapid7 HAFNIUM Mar 2021
Eoin Miller. (2021, March 23). Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange. Retrieved October 27, 2022.
Internal MISP references
UUID cf05d229-c2ba-54f2-a79d-4b7c9185c663
which can be used as unique global reference for Rapid7 HAFNIUM Mar 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-10-27T00:00:00Z |
date_published | 2021-03-23T00:00:00Z |
source | MITRE |
title | Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange |
Microsoft SQL Server
Microsoft Threat Intelligence. (2023, October 3). Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement. Retrieved October 3, 2023.
Internal MISP references
UUID a904fde8-b8f9-5411-ab46-0dacf39cc81f
which can be used as unique global reference for Microsoft SQL Server
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-03T00:00:00Z |
date_published | 2023-10-03T00:00:00Z |
source | MITRE |
title | Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement |
rundll32.exe defense evasion
Ariel silver. (2022, February 1). Defense Evasion Techniques. Retrieved April 8, 2022.
Internal MISP references
UUID 0f31f0ff-9ddb-4ea9-88d0-7b3b688764af
which can be used as unique global reference for rundll32.exe defense evasion
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-08T00:00:00Z |
date_published | 2022-02-01T00:00:00Z |
source | MITRE |
title | Defense Evasion Techniques |
def_ev_win_event_logging
Chandel, R. (2021, April 22). Defense Evasion: Windows Event Logging (T1562.002). Retrieved September 14, 2021.
Internal MISP references
UUID 166e3a8a-047a-4798-b6cb-5aa36903a764
which can be used as unique global reference for def_ev_win_event_logging
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-14T00:00:00Z |
date_published | 2021-04-22T00:00:00Z |
source | MITRE |
title | Defense Evasion: Windows Event Logging (T1562.002) |
Kaspersky DeftTorero October 3 2022
Global Research & Analysis Team. (2022, October 3). DeftTorero: tactics, techniques and procedures of intrusions revealed. Retrieved October 25, 2023.
Internal MISP references
UUID f6b43988-4d8b-455f-865e-3150e43d4f11
which can be used as unique global reference for Kaspersky DeftTorero October 3 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-25T00:00:00Z |
date_published | 2022-10-03T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | DeftTorero: tactics, techniques and procedures of intrusions revealed |
TechNet Del
Microsoft. (n.d.). Del. Retrieved April 22, 2016.
Internal MISP references
UUID 01fc44b9-0eb3-4fd2-b755-d611825374ae
which can be used as unique global reference for TechNet Del
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-22T00:00:00Z |
source | MITRE |
title | Del |
Hunters Domain Wide Delegation Google Workspace 2023
Yonatan Khanashvilli. (2023, November 28). DeleFriend: Severe design flaw in Domain Wide Delegation could leave Google Workspace vulnerable for takeover. Retrieved January 16, 2024.
Internal MISP references
UUID 290cebe1-a2fd-5ccd-8ef6-afa9d4c3c9df
which can be used as unique global reference for Hunters Domain Wide Delegation Google Workspace 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-16T00:00:00Z |
date_published | 2023-11-28T00:00:00Z |
source | MITRE |
title | DeleFriend: Severe design flaw in Domain Wide Delegation could leave Google Workspace vulnerable for takeover |
Azure Shared Access Signature
Delegate access with a shared access signature. (2019, December 18). Delegate access with a shared access signature. Retrieved March 2, 2022.
Internal MISP references
UUID f6ffe1ef-13f3-4225-b714-cfb89aaaf3fa
which can be used as unique global reference for Azure Shared Access Signature
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-02T00:00:00Z |
date_published | 2019-12-18T00:00:00Z |
source | MITRE |
title | Delegate access with a shared access signature |
Register Deloitte
Thomson, I. (2017, September 26). Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked'. Retrieved October 19, 2020.
Internal MISP references
UUID e6b10687-8666-4c9c-ac77-1988378e096d
which can be used as unique global reference for Register Deloitte
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
date_published | 2017-09-26T00:00:00Z |
source | MITRE |
title | Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked' |
Talos Micropsia June 2017
Rascagneres, P., Mercer, W. (2017, June 19). Delphi Used To Score Against Palestine. Retrieved November 13, 2018.
Internal MISP references
UUID c727152c-079a-4ff9-a0e5-face919cf59b
which can be used as unique global reference for Talos Micropsia June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-13T00:00:00Z |
date_published | 2017-06-19T00:00:00Z |
source | MITRE |
title | Delphi Used To Score Against Palestine |
TrendMicro EarthLusca 2022
Chen, J., et al. (2022). Delving Deep: An Analysis of Earth Lusca’s Operations. Retrieved July 1, 2022.
Internal MISP references
UUID f6e1bffd-e35b-4eae-b9bf-c16a82bf7004
which can be used as unique global reference for TrendMicro EarthLusca 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-01T00:00:00Z |
date_published | 2022-01-01T00:00:00Z |
source | MITRE |
title | Delving Deep: An Analysis of Earth Lusca’s Operations |
Demiguise Guardrail Router Logo
Warren, R. (2017, August 2). Demiguise: virginkey.js. Retrieved January 17, 2019.
Internal MISP references
UUID 2e55d33a-fe75-4397-b6f0-a28d397b4c24
which can be used as unique global reference for Demiguise Guardrail Router Logo
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-01-17T00:00:00Z |
date_published | 2017-08-02T00:00:00Z |
source | MITRE |
title | Demiguise: virginkey.js |
FireEye Hacking Team
FireEye Threat Intelligence. (2015, July 13). Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak. Retrieved January 25, 2016.
Internal MISP references
UUID c1e798b8-6771-4ba7-af25-69c640321e40
which can be used as unique global reference for FireEye Hacking Team
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-25T00:00:00Z |
date_published | 2015-07-13T00:00:00Z |
source | MITRE |
title | Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak |
Demystifying Azure AD Service Principals
Bellavance, Ned. (2019, July 16). Demystifying Azure AD Service Principals. Retrieved January 19, 2020.
Internal MISP references
UUID 3e285884-2191-4773-9243-74100ce177c8
which can be used as unique global reference for Demystifying Azure AD Service Principals
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-01-19T00:00:00Z |
date_published | 2019-07-16T00:00:00Z |
source | MITRE |
title | Demystifying Azure AD Service Principals |
demystifying_ryuk
Tran, T. (2020, November 24). Demystifying Ransomware Attacks Against Microsoft Defender Solution. Retrieved January 26, 2022.
Internal MISP references
UUID 3dc684c7-14de-4dc0-9f11-79160c4f5038
which can be used as unique global reference for demystifying_ryuk
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-26T00:00:00Z |
date_published | 2020-11-24T00:00:00Z |
source | MITRE |
title | Demystifying Ransomware Attacks Against Microsoft Defender Solution |
DOJ Iran Indictments September 2020
DOJ. (2020, September 17). Department of Justice and Partner Departments and Agencies Conduct Coordinated Actions to Disrupt and Deter Iranian Malicious Cyber Activities Targeting the United States and the Broader International Community. Retrieved December 10, 2020.
Internal MISP references
UUID f30a77dd-d1d0-41b8-b82a-461dd6cd126f
which can be used as unique global reference for DOJ Iran Indictments September 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-10T00:00:00Z |
date_published | 2020-09-17T00:00:00Z |
source | MITRE |
title | Department of Justice and Partner Departments and Agencies Conduct Coordinated Actions to Disrupt and Deter Iranian Malicious Cyber Activities Targeting the United States and the Broader International Community |
Microsoft GitHub Device Guard CI Policies
Microsoft. (2017, June 16). Deploy code integrity policies: steps. Retrieved June 28, 2017.
Internal MISP references
UUID 9646af1a-19fe-44c9-96ca-3c8ec097c3db
which can be used as unique global reference for Microsoft GitHub Device Guard CI Policies
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-06-28T00:00:00Z |
date_published | 2017-06-16T00:00:00Z |
source | MITRE |
title | Deploy code integrity policies: steps |
Microsoft Deploying AD Federation
Microsoft. (n.d.). Deploying Active Directory Federation Services in Azure. Retrieved March 13, 2020.
Internal MISP references
UUID beeb460e-4dba-42fb-8109-0861cd0df562
which can be used as unique global reference for Microsoft Deploying AD Federation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-13T00:00:00Z |
source | MITRE |
title | Deploying Active Directory Federation Services in Azure |
Apple Kernel Extension Deprecation
Apple. (n.d.). Deprecated Kernel Extensions and System Extension Alternatives. Retrieved November 4, 2020.
Internal MISP references
UUID 86053c5a-f2dd-4eb3-9dc2-6a6a4e1c2ae5
which can be used as unique global reference for Apple Kernel Extension Deprecation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-04T00:00:00Z |
source | MITRE |
title | Deprecated Kernel Extensions and System Extension Alternatives |
Amazon Describe Instance
Amazon. (n.d.). describe-instance-information. Retrieved March 3, 2020.
Internal MISP references
UUID c0b6a8a4-0d94-414d-b5ab-cf5485240dee
which can be used as unique global reference for Amazon Describe Instance
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-03T00:00:00Z |
source | MITRE |
title | describe-instance-information |
Amazon Describe Instances API
Amazon. (n.d.). DescribeInstances. Retrieved May 26, 2020.
Internal MISP references
UUID 95629746-43d2-4f41-87da-4bd44a43ef4a
which can be used as unique global reference for Amazon Describe Instances API
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-26T00:00:00Z |
source | MITRE |
title | DescribeInstances |
DescribeSecurityGroups - Amazon Elastic Compute Cloud
Amazon Web Services, Inc. . (2022). DescribeSecurityGroups. Retrieved January 28, 2022.
Internal MISP references
UUID aa953df5-40b5-42d2-9e33-a227a093497f
which can be used as unique global reference for DescribeSecurityGroups - Amazon Elastic Compute Cloud
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-28T00:00:00Z |
date_published | 2022-01-01T00:00:00Z |
source | MITRE |
title | DescribeSecurityGroups |
Microsoft RunOnceEx APR 2018
Microsoft. (2018, August 20). Description of the RunOnceEx Registry Key. Retrieved June 29, 2018.
Internal MISP references
UUID f80bb86f-ce75-4778-bdee-777cf37a6de7
which can be used as unique global reference for Microsoft RunOnceEx APR 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-06-29T00:00:00Z |
date_published | 2018-08-20T00:00:00Z |
source | MITRE |
title | Description of the RunOnceEx Registry Key |
Designing Daemons Apple Dev
Apple. (n.d.). Retrieved October 12, 2021.
Internal MISP references
UUID 4baac228-1f6a-4c65-ae98-5a542600dfc6
which can be used as unique global reference for Designing Daemons Apple Dev
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-12T00:00:00Z |
source | MITRE |
title | Designing Daemons Apple Dev |
Desk.cpl - LOLBAS Project
LOLBAS. (2022, April 21). Desk.cpl. Retrieved December 4, 2023.
Internal MISP references
UUID 487a54d9-9f90-478e-b305-bd041af55e12
which can be used as unique global reference for Desk.cpl - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-04-21T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Desk.cpl |
Free Desktop Application Autostart Feb 2006
Free Desktop. (2006, February 13). Desktop Application Autostart Specification. Retrieved September 12, 2019.
Internal MISP references
UUID 0885434e-3908-4425-9597-ce6abe531ca5
which can be used as unique global reference for Free Desktop Application Autostart Feb 2006
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-12T00:00:00Z |
date_published | 2006-02-13T00:00:00Z |
source | MITRE |
title | Desktop Application Autostart Specification |
Desktopimgdownldr.exe - LOLBAS Project
LOLBAS. (2020, June 28). Desktopimgdownldr.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 1df3aacf-76c4-472a-92c8-2a85ae9e2860
which can be used as unique global reference for Desktopimgdownldr.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-06-28T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Desktopimgdownldr.exe |
CISA AA22-057A Destructive Malware February 2022
CISA. (2022, February 26). Destructive Malware Targeting Organizations in Ukraine. Retrieved March 25, 2022.
Internal MISP references
UUID 18684085-c156-4610-8b1f-cc9646f2c06e
which can be used as unique global reference for CISA AA22-057A Destructive Malware February 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-25T00:00:00Z |
date_published | 2022-02-26T00:00:00Z |
source | MITRE |
title | Destructive Malware Targeting Organizations in Ukraine |
Microsoft WhisperGate January 2022
MSTIC. (2022, January 15). Destructive malware targeting Ukrainian organizations. Retrieved March 10, 2022.
Internal MISP references
UUID e0c1fcd3-b7a8-42af-8984-873a6f969975
which can be used as unique global reference for Microsoft WhisperGate January 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-10T00:00:00Z |
date_published | 2022-01-15T00:00:00Z |
source | MITRE |
title | Destructive malware targeting Ukrainian organizations |
URI Unique
Australian Cyber Security Centre. National Security Agency. (2020, April 21). Detect and Prevent Web Shell Malware. Retrieved February 9, 2024.
Internal MISP references
UUID b91963c4-07ea-5e36-9cc8-8a2149ee7473
which can be used as unique global reference for URI Unique
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-09T00:00:00Z |
date_published | 2020-04-21T00:00:00Z |
source | MITRE |
title | Detect and Prevent Web Shell Malware |
NSA and ASD Detect and Prevent Web Shells 2020
NSA and ASD. (2020, April 3). Detect and Prevent Web Shell Malware. Retrieved July 23, 2021.
Internal MISP references
UUID e9a882a5-1a88-4fdf-9349-205f4fa167c9
which can be used as unique global reference for NSA and ASD Detect and Prevent Web Shells 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-07-23T00:00:00Z |
date_published | 2020-04-03T00:00:00Z |
source | MITRE |
title | Detect and Prevent Web Shell Malware |
Microsoft Detect Outlook Forms
Fox, C., Vangel, D. (2018, April 22). Detect and Remediate Outlook Rules and Custom Forms Injections Attacks in Office 365. Retrieved February 4, 2019.
Internal MISP references
UUID fd63775c-8482-477d-ab41-8c64ca17b602
which can be used as unique global reference for Microsoft Detect Outlook Forms
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-04T00:00:00Z |
date_published | 2018-04-22T00:00:00Z |
source | MITRE |
title | Detect and Remediate Outlook Rules and Custom Forms Injections Attacks in Office 365 |
ADDSecurity DCShadow Feb 2018
Lucand,G. (2018, February 18). Detect DCShadow, impossible?. Retrieved March 30, 2018.
Internal MISP references
UUID c1cd4767-b5a1-4821-8574-b5782a83920f
which can be used as unique global reference for ADDSecurity DCShadow Feb 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-30T00:00:00Z |
date_published | 2018-02-18T00:00:00Z |
source | MITRE |
title | Detect DCShadow, impossible? |
Pace University Detecting DGA May 2017
Chen, L., Wang, T.. (2017, May 5). Detecting Algorithmically Generated Domains Using Data Visualization and N-Grams Methods . Retrieved April 26, 2019.
Internal MISP references
UUID 7a4e7e05-986b-4549-a021-8c3c729bd3cc
which can be used as unique global reference for Pace University Detecting DGA May 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-26T00:00:00Z |
date_published | 2017-05-05T00:00:00Z |
source | MITRE |
title | Detecting Algorithmically Generated Domains Using Data Visualization and N-Grams Methods |
MDSec Detecting DOTNET
MDSec Research. (n.d.). Detecting and Advancing In-Memory .NET Tradecraft. Retrieved October 4, 2021.
Internal MISP references
UUID a7952f0e-6690-48de-ad93-9922d6d6989c
which can be used as unique global reference for MDSec Detecting DOTNET
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-04T00:00:00Z |
source | MITRE |
title | Detecting and Advancing In-Memory .NET Tradecraft |
Cisco DoSdetectNetflow
Cisco. (n.d.). Detecting and Analyzing Network Threats With NetFlow. Retrieved April 25, 2019.
Internal MISP references
UUID ce447063-ec9a-4729-aaec-64ec123077ce
which can be used as unique global reference for Cisco DoSdetectNetflow
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-25T00:00:00Z |
source | MITRE |
title | Detecting and Analyzing Network Threats With NetFlow |
RSA2017 Detect and Respond Adair
Adair, S. (2017, February 17). Detecting and Responding to Advanced Threats within Exchange Environments. Retrieved March 20, 2017.
Internal MISP references
UUID 005a276c-3369-4d29-bf0e-c7fa4e7d90bb
which can be used as unique global reference for RSA2017 Detect and Respond Adair
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-20T00:00:00Z |
date_published | 2017-02-17T00:00:00Z |
source | MITRE |
title | Detecting and Responding to Advanced Threats within Exchange Environments |
Nmap Firewalls NIDS
Nmap. (n.d.). Chapter 10. Detecting and Subverting Firewalls and Intrusion Detection Systems. Retrieved October 20, 2020.
Internal MISP references
UUID c696ac8c-2c7a-4708-a369-0832a493e0a6
which can be used as unique global reference for Nmap Firewalls NIDS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
source | MITRE |
title | Detecting and Subverting Firewalls and Intrusion Detection Systems |
Medium Detecting Attempts to Steal Passwords from Memory
French, D. (2018, October 2). Detecting Attempts to Steal Passwords from Memory. Retrieved October 11, 2019.
Internal MISP references
UUID 63955204-3cf9-4628-88d2-361de4dae94f
which can be used as unique global reference for Medium Detecting Attempts to Steal Passwords from Memory
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-11T00:00:00Z |
date_published | 2018-10-02T00:00:00Z |
source | MITRE |
title | Detecting Attempts to Steal Passwords from Memory |
Endurant CMSTP July 2018
Seetharaman, N. (2018, July 7). Detecting CMSTP-Enabled Code Execution and UAC Bypass With Sysmon.. Retrieved August 6, 2018.
Internal MISP references
UUID d67901a4-8774-42d3-98de-c20158f88eb6
which can be used as unique global reference for Endurant CMSTP July 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-06T00:00:00Z |
date_published | 2018-07-07T00:00:00Z |
source | MITRE |
title | Detecting CMSTP-Enabled Code Execution and UAC Bypass With Sysmon. |
Red Canary COR_PROFILER May 2020
Brown, J. (2020, May 7). Detecting COR_PROFILER manipulation for persistence. Retrieved June 24, 2020.
Internal MISP references
UUID 3d8cb4d3-1cbe-416a-95b5-15003cbc2beb
which can be used as unique global reference for Red Canary COR_PROFILER May 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-24T00:00:00Z |
date_published | 2020-05-07T00:00:00Z |
source | MITRE |
title | Detecting COR_PROFILER manipulation for persistence |
NVisio Labs DDE Detection Oct 2017
NVISO Labs. (2017, October 11). Detecting DDE in MS Office documents. Retrieved November 21, 2017.
Internal MISP references
UUID 75ccde9a-2d51-4492-9a8a-02fce30f9167
which can be used as unique global reference for NVisio Labs DDE Detection Oct 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-21T00:00:00Z |
date_published | 2017-10-11T00:00:00Z |
source | MITRE |
title | Detecting DDE in MS Office documents |
Zhang 2013
Zhang, H., Papadopoulos, C., & Massey, D. (2013, April). Detecting encrypted botnet traffic. Retrieved August 19, 2015.
Internal MISP references
UUID 29edb7ad-3b3a-4fdb-9c4e-bb99fc2a1c67
which can be used as unique global reference for Zhang 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-08-19T00:00:00Z |
date_published | 2013-04-01T00:00:00Z |
source | MITRE |
title | Detecting encrypted botnet traffic |
ADSecurity Detecting Forged Tickets
Metcalf, S. (2015, May 03). Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory. Retrieved December 23, 2015.
Internal MISP references
UUID 4c328a1a-6a83-4399-86c5-d6e1586da8a3
which can be used as unique global reference for ADSecurity Detecting Forged Tickets
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-12-23T00:00:00Z |
date_published | 2015-05-03T00:00:00Z |
source | MITRE |
title | Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory |
Microsoft Detecting Kerberoasting Feb 2018
Bani, M. (2018, February 23). Detecting Kerberoasting activity using Azure Security Center. Retrieved March 23, 2018.
Internal MISP references
UUID b36d82a8-82ca-4f22-85c0-ee82be3b6940
which can be used as unique global reference for Microsoft Detecting Kerberoasting Feb 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-23T00:00:00Z |
date_published | 2018-02-23T00:00:00Z |
source | MITRE |
title | Detecting Kerberoasting activity using Azure Security Center |
Medium Detecting Lateral Movement
French, D. (2018, September 30). Detecting Lateral Movement Using Sysmon and Splunk. Retrieved October 11, 2019.
Internal MISP references
UUID 91bea3c2-df54-424e-8667-035e6e15fe38
which can be used as unique global reference for Medium Detecting Lateral Movement
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-11T00:00:00Z |
date_published | 2018-09-30T00:00:00Z |
source | MITRE |
title | Detecting Lateral Movement Using Sysmon and Splunk |
macOS root VNC login without authentication
Nick Miles. (2017, November 30). Detecting macOS High Sierra root account without authentication. Retrieved September 20, 2021.
Internal MISP references
UUID 4dc6ea85-a41b-4218-a9ae-e1eea841f2f2
which can be used as unique global reference for macOS root VNC login without authentication
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-20T00:00:00Z |
date_published | 2017-11-30T00:00:00Z |
source | MITRE |
title | Detecting macOS High Sierra root account without authentication |
Sans Virtual Jan 2016
Keragala, D. (2016, January 16). Detecting Malware and Sandbox Evasion Techniques. Retrieved April 17, 2019.
Internal MISP references
UUID 5d3d567c-dc25-44c1-8d2a-71ae00b60dbe
which can be used as unique global reference for Sans Virtual Jan 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-17T00:00:00Z |
date_published | 2016-01-16T00:00:00Z |
source | MITRE |
title | Detecting Malware and Sandbox Evasion Techniques |
Mandiant Azure AD Backdoors
Mike Burns. (2020, September 30). Detecting Microsoft 365 and Azure Active Directory Backdoors. Retrieved September 28, 2022.
Internal MISP references
UUID 7b4502ff-a45c-4ba7-b00e-ca9f6e9c2ac8
which can be used as unique global reference for Mandiant Azure AD Backdoors
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-28T00:00:00Z |
date_published | 2020-09-30T00:00:00Z |
source | MITRE |
title | Detecting Microsoft 365 and Azure Active Directory Backdoors |
CounterCept PPID Spoofing Dec 2018
Loh, I. (2018, December 21). Detecting Parent PID Spoofing. Retrieved June 3, 2019.
Internal MISP references
UUID a1fdb8db-4c5f-4fb9-a013-b232cd8471f8
which can be used as unique global reference for CounterCept PPID Spoofing Dec 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-03T00:00:00Z |
date_published | 2018-12-21T00:00:00Z |
source | MITRE |
title | Detecting Parent PID Spoofing |
CISA SolarWinds Cloud Detection
CISA. (2021, January 8). Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments. Retrieved January 8, 2021.
Internal MISP references
UUID b8fd5fe3-dbfa-4f28-a9b5-39f1d7db9e62
which can be used as unique global reference for CISA SolarWinds Cloud Detection
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-08T00:00:00Z |
date_published | 2021-01-08T00:00:00Z |
source | MITRE |
title | Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments |
Detecting Rclone
Aaron Greetham. (2021, May 27). Detecting Rclone – An Effective Tool for Exfiltration. Retrieved August 30, 2022.
Internal MISP references
UUID 2e44290c-32f5-4e7f-96de-9874df79fe89
which can be used as unique global reference for Detecting Rclone
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-30T00:00:00Z |
date_published | 2021-05-27T00:00:00Z |
source | MITRE |
title | Detecting Rclone – An Effective Tool for Exfiltration |
Medium Detecting WMI Persistence
French, D. (2018, October 9). Detecting & Removing an Attacker’s WMI Persistence. Retrieved October 11, 2019.
Internal MISP references
UUID 539e7cd0-d1e9-46ba-96fe-d8a1061c857e
which can be used as unique global reference for Medium Detecting WMI Persistence
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-11T00:00:00Z |
date_published | 2018-10-09T00:00:00Z |
source | MITRE |
title | Detecting & Removing an Attacker’s WMI Persistence |
Okta Scatter Swine 2022
Okta. (2022, August 25). Detecting Scatter Swine: Insights into a Relentless Phishing Campaign. Retrieved February 24, 2023.
Internal MISP references
UUID 66d1b6e2-c069-5832-b549-fc5f0edeed40
which can be used as unique global reference for Okta Scatter Swine 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-24T00:00:00Z |
date_published | 2022-08-25T00:00:00Z |
source | MITRE |
title | Detecting Scatter Swine: Insights into a Relentless Phishing Campaign |
Splunk Supernova Jan 2021
Stoner, J. (2021, January 21). Detecting Supernova Malware: SolarWinds Continued. Retrieved February 22, 2021.
Internal MISP references
UUID 7e43bda5-0978-46aa-b3b3-66ffb62b9fdb
which can be used as unique global reference for Splunk Supernova Jan 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-22T00:00:00Z |
date_published | 2021-01-21T00:00:00Z |
source | MITRE |
title | Detecting Supernova Malware: SolarWinds Continued |
Microsoft Winnti Jan 2017
Cap, P., et al. (2017, January 25). Detecting threat actors in recent German industrial attacks with Windows Defender ATP. Retrieved February 8, 2017.
Internal MISP references
UUID 6b63fac9-4bde-4fc8-a016-e77c8485fab7
which can be used as unique global reference for Microsoft Winnti Jan 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-02-08T00:00:00Z |
date_published | 2017-01-25T00:00:00Z |
source | MITRE |
title | Detecting threat actors in recent German industrial attacks with Windows Defender ATP |
Chokepoint preload rootkits
stderr. (2014, February 14). Detecting Userland Preload Rootkits. Retrieved December 20, 2017.
Internal MISP references
UUID 16c00830-eade-40e2-9ee6-6e1af4b58e5d
which can be used as unique global reference for Chokepoint preload rootkits
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 2014-02-14T00:00:00Z |
source | MITRE |
title | Detecting Userland Preload Rootkits |
Sygnia Golden SAML
Sygnia. (2020, December). Detection and Hunting of Golden SAML Attack. Retrieved January 6, 2021.
Internal MISP references
UUID 1a6673b0-2a30-481e-a2a4-9e17e2676c5d
which can be used as unique global reference for Sygnia Golden SAML
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-06T00:00:00Z |
date_published | 2020-12-01T00:00:00Z |
source | MITRE |
title | Detection and Hunting of Golden SAML Attack |
FireEye Exchange Zero Days March 2021
Bromiley, M. et al. (2021, March 4). Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities. Retrieved March 9, 2021.
Internal MISP references
UUID 5e5452a4-c3f5-4802-bcb4-198612cc8282
which can be used as unique global reference for FireEye Exchange Zero Days March 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-09T00:00:00Z |
date_published | 2021-03-04T00:00:00Z |
source | MITRE |
title | Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities |
Microsoft DEV-0537
Microsoft. (2022, March 22). DEV-0537 criminal actor targeting organizations for data exfiltration and destruction. Retrieved March 23, 2022.
Internal MISP references
UUID 2f7a59f3-620d-4e2e-8595-af96cd4e16c3
which can be used as unique global reference for Microsoft DEV-0537
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-23T00:00:00Z |
date_published | 2022-03-22T00:00:00Z |
source | MITRE |
title | DEV-0537 criminal actor targeting organizations for data exfiltration and destruction |
MSTIC DEV-0537 Mar 2022
MSTIC, DART, M365 Defender. (2022, March 24). DEV-0537 Criminal Actor Targeting Organizations for Data Exfiltration and Destruction. Retrieved May 17, 2022.
Internal MISP references
UUID a9ce7e34-6e7d-4681-9869-8e8f2b5b0390
which can be used as unique global reference for MSTIC DEV-0537 Mar 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-17T00:00:00Z |
date_published | 2022-03-24T00:00:00Z |
source | MITRE |
title | DEV-0537 Criminal Actor Targeting Organizations for Data Exfiltration and Destruction |
Microsoft Royal ransomware November 2022
MSTIC. (2022, November 17). DEV-0569 finds new ways to deliver Royal ransomware, various payloads. Retrieved March 30, 2023.
Internal MISP references
UUID 91efc6bf-e15c-514a-96c1-e838268d222f
which can be used as unique global reference for Microsoft Royal ransomware November 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-30T00:00:00Z |
date_published | 2022-11-17T00:00:00Z |
source | MITRE |
title | DEV-0569 finds new ways to deliver Royal ransomware, various payloads |
Cisco IOS Forensics Developments
Felix 'FX' Lindner. (2008, February). Developments in Cisco IOS Forensics. Retrieved October 21, 2020.
Internal MISP references
UUID 95fdf251-f40d-4f7a-bb12-8762e9c961b9
which can be used as unique global reference for Cisco IOS Forensics Developments
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-21T00:00:00Z |
date_published | 2008-02-01T00:00:00Z |
source | MITRE |
title | Developments in Cisco IOS Forensics |
DeviceCredentialDeployment.exe - LOLBAS Project
LOLBAS. (2021, August 16). DeviceCredentialDeployment.exe. Retrieved December 4, 2023.
Internal MISP references
UUID fef281e8-8138-4420-b11b-66d1e6a19805
which can be used as unique global reference for DeviceCredentialDeployment.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-08-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | DeviceCredentialDeployment.exe |
GitHub mattifestation DeviceGuardBypass
Graeber, M. (2016, November 13). DeviceGuardBypassMitigationRules. Retrieved November 30, 2016.
Internal MISP references
UUID 4ecd64b4-8014-447a-91d2-a431f4adbfcd
which can be used as unique global reference for GitHub mattifestation DeviceGuardBypass
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-11-30T00:00:00Z |
date_published | 2016-11-13T00:00:00Z |
source | MITRE |
title | DeviceGuardBypassMitigationRules |
Devinit.exe - LOLBAS Project
LOLBAS. (2022, January 20). Devinit.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 27343583-c17d-4c11-a7e3-14d725756556
which can be used as unique global reference for Devinit.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-01-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Devinit.exe |
Devtoolslauncher.exe - LOLBAS Project
LOLBAS. (2019, October 4). Devtoolslauncher.exe. Retrieved December 4, 2023.
Internal MISP references
UUID cb263978-019c-40c6-b6de-61db0e7a8941
which can be used as unique global reference for Devtoolslauncher.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2019-10-04T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Devtoolslauncher.exe |
devtunnel.exe - LOLBAS Project
LOLBAS. (2023, September 16). devtunnel.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 657c8b4c-1eee-4997-8461-c7592eaed9e8
which can be used as unique global reference for devtunnel.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2023-09-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | devtunnel.exe |
Dfshim.dll - LOLBAS Project
LOLBAS. (2018, May 25). Dfshim.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 30503e42-6047-46a9-8189-e6caa5f4deb0
which can be used as unique global reference for Dfshim.dll - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Dfshim.dll |
Dfsvc.exe - LOLBAS Project
LOLBAS. (2018, May 25). Dfsvc.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 7f3a78c0-68b2-4a9d-ae6a-6e63e8ddac3f
which can be used as unique global reference for Dfsvc.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Dfsvc.exe |
dhcp_serv_op_events
Microsoft. (2006, August 31). DHCP Server Operational Events. Retrieved March 7, 2022.
Internal MISP references
UUID e2b1e810-2a78-4553-8927-38ed5fba0f38
which can be used as unique global reference for dhcp_serv_op_events
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-07T00:00:00Z |
date_published | 2006-08-31T00:00:00Z |
source | MITRE |
title | DHCP Server Operational Events |
GitHub Diamorphine
Mello, V. (2018, March 8). Diamorphine - LMK rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64). Retrieved April 9, 2018.
Internal MISP references
UUID 92993055-d2e6-46b2-92a3-ad70b62e4cc0
which can be used as unique global reference for GitHub Diamorphine
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-09T00:00:00Z |
date_published | 2018-03-08T00:00:00Z |
source | MITRE |
title | Diamorphine - LMK rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64) |
diantz.exe_lolbas
Living Off The Land Binaries, Scripts and Libraries (LOLBAS). (n.d.). Diantz.exe. Retrieved October 25, 2021.
Internal MISP references
UUID 66652db8-5594-414f-8a6b-83d708a0c1fa
which can be used as unique global reference for diantz.exe_lolbas
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-25T00:00:00Z |
source | MITRE |
title | Diantz.exe |
Fortinet Diavol July 2021
Neeamni, D., Rubinfeld, A.. (2021, July 1). Diavol - A New Ransomware Used By Wizard Spider?. Retrieved November 12, 2021.
Internal MISP references
UUID 28c650f2-8ce8-4c78-ab4a-cae56c1548ed
which can be used as unique global reference for Fortinet Diavol July 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-11-12T00:00:00Z |
date_published | 2021-07-01T00:00:00Z |
source | MITRE |
title | Diavol - A New Ransomware Used By Wizard Spider? |
DFIR Diavol Ransomware December 2021
DFIR Report. (2021, December 13). Diavol Ransomware. Retrieved March 9, 2022.
Internal MISP references
UUID eb89f18d-684c-4220-b2a8-967f1f8f9162
which can be used as unique global reference for DFIR Diavol Ransomware December 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-09T00:00:00Z |
date_published | 2021-12-13T00:00:00Z |
source | MITRE |
title | Diavol Ransomware |
Überwachung APT28 Forfiles June 2015
Guarnieri, C. (2015, June 19). Digital Attack on German Parliament: Investigative Report on the Hack of the Left Party Infrastructure in Bundestag. Retrieved January 22, 2018.
Internal MISP references
UUID 3b85fff0-88d8-4df6-af0b-66e57492732e
which can be used as unique global reference for Überwachung APT28 Forfiles June 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-22T00:00:00Z |
date_published | 2015-06-19T00:00:00Z |
source | MITRE |
title | Digital Attack on German Parliament: Investigative Report on the Hack of the Left Party Infrastructure in Bundestag |
Microsoft DSE June 2017
Microsoft. (2017, June 1). Digital Signatures for Kernel Modules on Windows. Retrieved April 22, 2021.
Internal MISP references
UUID 451bdfe3-0b30-425c-97a0-44727b70c1da
which can be used as unique global reference for Microsoft DSE June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-22T00:00:00Z |
date_published | 2017-06-01T00:00:00Z |
source | MITRE |
title | Digital Signatures for Kernel Modules on Windows |
Microsoft East Asia Threats September 2023
Microsoft Threat Intelligence. (2023, September). Digital threats from East Asia increase in breadth and effectiveness. Retrieved February 5, 2024.
Internal MISP references
UUID 31f2c61e-cefe-5df7-9c2b-780bf03c88ec
which can be used as unique global reference for Microsoft East Asia Threats September 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-05T00:00:00Z |
date_published | 2023-09-01T00:00:00Z |
source | MITRE |
title | Digital threats from East Asia increase in breadth and effectiveness |
ESET Turla Mosquito Jan 2018
ESET, et al. (2018, January). Diplomats in Eastern Europe bitten by a Turla mosquito. Retrieved July 3, 2018.
Internal MISP references
UUID cd177c2e-ef22-47be-9926-61e25fd5f33b
which can be used as unique global reference for ESET Turla Mosquito Jan 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-03T00:00:00Z |
date_published | 2018-01-01T00:00:00Z |
source | MITRE |
title | Diplomats in Eastern Europe bitten by a Turla mosquito |
TechNet Dir
Microsoft. (n.d.). Dir. Retrieved April 18, 2016.
Internal MISP references
UUID f1eb8631-6bea-4688-a5ff-a388b1fdceb0
which can be used as unique global reference for TechNet Dir
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-18T00:00:00Z |
source | MITRE |
title | Dir |
Frisk DMA August 2016
Ulf Frisk. (2016, August 5). Direct Memory Attack the Kernel. Retrieved March 30, 2018.
Internal MISP references
UUID c504485b-2daa-4159-96da-481a0b97a979
which can be used as unique global reference for Frisk DMA August 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-30T00:00:00Z |
date_published | 2016-08-05T00:00:00Z |
source | MITRE |
title | Direct Memory Attack the Kernel |
Redops Syscalls
Feichter, D. (2023, June 30). Direct Syscalls vs Indirect Syscalls. Retrieved September 27, 2023.
Internal MISP references
UUID dd8c2edd-b5ba-5a41-b65d-c3a2951d07b8
which can be used as unique global reference for Redops Syscalls
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-27T00:00:00Z |
date_published | 2023-06-30T00:00:00Z |
source | MITRE |
title | Direct Syscalls vs Indirect Syscalls |
GitHub Disable DDEAUTO Oct 2017
Dormann, W. (2017, October 20). Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016. Retrieved February 3, 2018.
Internal MISP references
UUID eea0dd34-4efa-4093-bd11-a59d1601868f
which can be used as unique global reference for GitHub Disable DDEAUTO Oct 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-03T00:00:00Z |
date_published | 2017-10-20T00:00:00Z |
source | MITRE |
title | Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016 |
Disable automount for ISO
wordmann. (2022, February 8). Disable Disc Imgage. Retrieved February 8, 2022.
Internal MISP references
UUID 2155591e-eacf-4575-b7a6-f031675ef1b3
which can be used as unique global reference for Disable automount for ISO
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-08T00:00:00Z |
date_published | 2022-02-08T00:00:00Z |
source | MITRE |
title | Disable Disc Imgage |
Disable_Win_Event_Logging
dmcxblue. (n.d.). Disable Windows Event Logging. Retrieved September 10, 2021.
Internal MISP references
UUID 0fa5e507-33dc-40ea-b960-bcd9aa024ab1
which can be used as unique global reference for Disable_Win_Event_Logging
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-10T00:00:00Z |
source | MITRE |
title | Disable Windows Event Logging |
GitHub MOTW
wdormann. (2019, August 29). Disable Windows Explorer file associations for Disc Image Mount. Retrieved April 16, 2022.
Internal MISP references
UUID 044aa74a-9320-496a-9d15-37d8b934c244
which can be used as unique global reference for GitHub MOTW
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-16T00:00:00Z |
date_published | 2019-08-29T00:00:00Z |
source | MITRE |
title | Disable Windows Explorer file associations for Disc Image Mount |
Apple Disable SIP
Apple. (n.d.). Disabling and Enabling System Integrity Protection. Retrieved April 22, 2021.
Internal MISP references
UUID d7545e0c-f0b7-4be4-800b-06a02240385e
which can be used as unique global reference for Apple Disable SIP
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-22T00:00:00Z |
source | MITRE |
title | Disabling and Enabling System Integrity Protection |
Microsoft GPO Bluetooth FEB 2009
Microsoft. (2009, February 9). Disabling Bluetooth and Infrared Beaming. Retrieved July 26, 2018.
Internal MISP references
UUID 27573597-5269-4894-87fb-24afcdb8f30a
which can be used as unique global reference for Microsoft GPO Bluetooth FEB 2009
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-26T00:00:00Z |
date_published | 2009-02-09T00:00:00Z |
source | MITRE |
title | Disabling Bluetooth and Infrared Beaming |
ITSyndicate Disabling PHP functions
Kondratiev, A. (n.d.). Disabling dangerous PHP functions. Retrieved July 26, 2021.
Internal MISP references
UUID 6e91f485-5777-4a06-94a3-cdc4718a8e39
which can be used as unique global reference for ITSyndicate Disabling PHP functions
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-07-26T00:00:00Z |
source | MITRE |
title | Disabling dangerous PHP functions |
disable_notif_synology_ransom
TheDFIRReport. (2022, March 1). Disabling notifications on Synology servers before ransom. Retrieved October 19, 2022.
Internal MISP references
UUID d53e8f89-df78-565b-a316-cf2644c5ed36
which can be used as unique global reference for disable_notif_synology_ransom
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-10-19T00:00:00Z |
date_published | 2022-03-01T00:00:00Z |
source | MITRE |
title | Disabling notifications on Synology servers before ransom |
Krebs Discord Bookmarks 2023
Brian Krebs. (2023, May 30). Discord Admins Hacked by Malicious Bookmarks. Retrieved January 2, 2024.
Internal MISP references
UUID 1d0a21f4-9a8e-5514-894a-3d55263ff973
which can be used as unique global reference for Krebs Discord Bookmarks 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-02T00:00:00Z |
date_published | 2023-05-30T00:00:00Z |
source | MITRE |
title | Discord Admins Hacked by Malicious Bookmarks |
Diskshadow
Microsoft Windows Server. (2023, February 3). Diskshadow. Retrieved November 21, 2023.
Internal MISP references
UUID 9e8b57a5-7e31-5add-ac3e-8b9c0f7f27aa
which can be used as unique global reference for Diskshadow
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-21T00:00:00Z |
date_published | 2023-02-03T00:00:00Z |
source | MITRE |
title | Diskshadow |
Diskshadow.exe - LOLBAS Project
LOLBAS. (2018, May 25). Diskshadow.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 27a3f0b4-e699-4319-8b52-8eae4581faa2
which can be used as unique global reference for Diskshadow.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Diskshadow.exe |
OpenAI-CTI
OpenAI. (2024, February 14). Disrupting malicious uses of AI by state-affiliated threat actors. Retrieved March 11, 2024.
Internal MISP references
UUID d8f576cb-0afc-54a7-a449-570c4311ef7a
which can be used as unique global reference for OpenAI-CTI
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-11T00:00:00Z |
date_published | 2024-02-14T00:00:00Z |
source | MITRE |
title | Disrupting malicious uses of AI by state-affiliated threat actors |
Bitdefender FunnyDream Campaign November 2020
Vrabie, V. (2020, November). Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions. Retrieved September 19, 2022.
Internal MISP references
UUID b62a9f2c-02ca-4dfa-95fc-5dc6ad9568de
which can be used as unique global reference for Bitdefender FunnyDream Campaign November 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-19T00:00:00Z |
date_published | 2020-11-01T00:00:00Z |
source | MITRE |
title | Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions |
FireEye NETWIRE March 2019
Maniath, S. and Kadam P. (2019, March 19). Dissecting a NETWIRE Phishing Campaign's Usage of Process Hollowing. Retrieved January 7, 2021.
Internal MISP references
UUID 404d4f7e-62de-4483-9320-a90fb255e783
which can be used as unique global reference for FireEye NETWIRE March 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-07T00:00:00Z |
date_published | 2019-03-19T00:00:00Z |
source | MITRE |
title | Dissecting a NETWIRE Phishing Campaign's Usage of Process Hollowing |
Cybereason Dissecting DGAs
Sternfeld, U. (2016). Dissecting Domain Generation Algorithms: Eight Real World DGA Variants. Retrieved February 18, 2019.
Internal MISP references
UUID 9888cdb6-fe85-49b4-937c-75005ac9660d
which can be used as unique global reference for Cybereason Dissecting DGAs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-18T00:00:00Z |
date_published | 2016-01-01T00:00:00Z |
source | MITRE |
title | Dissecting Domain Generation Algorithms: Eight Real World DGA Variants |
FireEye POSHSPY April 2017
Dunwoody, M.. (2017, April 3). Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY). Retrieved April 5, 2017.
Internal MISP references
UUID b1271e05-80d7-4761-a13f-b6f0db7d7e5a
which can be used as unique global reference for FireEye POSHSPY April 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-04-05T00:00:00Z |
date_published | 2017-04-03T00:00:00Z |
source | MITRE |
title | Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY) |
Microsoft DTC
Microsoft. (2011, January 12). Distributed Transaction Coordinator. Retrieved February 25, 2016.
Internal MISP references
UUID d2a1aab3-a4c9-4583-9cf8-170eeb77d828
which can be used as unique global reference for Microsoft DTC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-02-25T00:00:00Z |
date_published | 2011-01-12T00:00:00Z |
source | MITRE |
title | Distributed Transaction Coordinator |
Mandiant Search Order
Mandiant. (2010, August 31). DLL Search Order Hijacking Revisited. Retrieved December 5, 2014.
Internal MISP references
UUID 2f602a6c-0305-457c-b329-a17b55d8e094
which can be used as unique global reference for Mandiant Search Order
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-05T00:00:00Z |
date_published | 2010-08-31T00:00:00Z |
source | MITRE |
title | DLL Search Order Hijacking Revisited |
FireEye DLL Search Order Hijacking
Nick Harbour. (2010, September 1). DLL Search Order Hijacking Revisited. Retrieved March 13, 2020.
Internal MISP references
UUID 0ba2675d-4d7f-406a-81fa-b87e62d7a539
which can be used as unique global reference for FireEye DLL Search Order Hijacking
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-13T00:00:00Z |
date_published | 2010-09-01T00:00:00Z |
source | MITRE |
title | DLL Search Order Hijacking Revisited |
Stewart 2014
Stewart, A. (2014). DLL SIDE-LOADING: A Thorn in the Side of the Anti-Virus Industry. Retrieved November 12, 2014.
Internal MISP references
UUID 813905b5-7aa5-4bab-b2ac-eaafdea55805
which can be used as unique global reference for Stewart 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
date_published | 2014-01-01T00:00:00Z |
source | MITRE |
title | DLL SIDE-LOADING: A Thorn in the Side of the Anti-Virus Industry |
Dnscmd.exe - LOLBAS Project
LOLBAS. (2018, May 25). Dnscmd.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 3571ca9d-3388-4e74-8b30-dd92ef2b5f10
which can be used as unique global reference for Dnscmd.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Dnscmd.exe |
Dnscmd Microsoft
Microsoft. (2023, February 3). Dnscmd Microsoft. Retrieved July 11, 2023.
Internal MISP references
UUID 24b1cb7b-357f-470f-9715-fa0ec3958cbb
which can be used as unique global reference for Dnscmd Microsoft
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-11T00:00:00Z |
date_published | 2023-02-03T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Dnscmd Microsoft |
DNS Dumpster
Hacker Target. (n.d.). DNS Dumpster. Retrieved October 20, 2020.
Internal MISP references
UUID 0bbe1e50-28af-4265-a493-4bb4fd693bad
which can be used as unique global reference for DNS Dumpster
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
source | MITRE |
title | DNS Dumpster |
Talos DNSpionage Nov 2018
Mercer, W., Rascagneres, P. (2018, November 27). DNSpionage Campaign Targets Middle East. Retrieved October 9, 2020.
Internal MISP references
UUID d597ad7d-f808-4289-b42a-79807248c2d6
which can be used as unique global reference for Talos DNSpionage Nov 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-09T00:00:00Z |
date_published | 2018-11-27T00:00:00Z |
source | MITRE |
title | DNSpionage Campaign Targets Middle East |
Unit42 DNS Mar 2019
Hinchliffe, A. (2019, March 15). DNS Tunneling: how DNS can be (ab)used by malicious actors. Retrieved October 3, 2020.
Internal MISP references
UUID e41fde80-5ced-4f66-9852-392d1ef79520
which can be used as unique global reference for Unit42 DNS Mar 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-03T00:00:00Z |
date_published | 2019-03-15T00:00:00Z |
source | MITRE |
title | DNS Tunneling: how DNS can be (ab)used by malicious actors |
dnx.exe - LOLBAS Project
LOLBAS. (2018, May 25). dnx.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 50652a27-c47b-41d4-a2eb-2ebf74e5bd09
which can be used as unique global reference for dnx.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | dnx.exe |
GTFOBins Docker
GTFOBins. (n.d.). docker. Retrieved February 15, 2024.
Internal MISP references
UUID c4fa5825-85f9-5ab1-a59d-a86b20ef0570
which can be used as unique global reference for GTFOBins Docker
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-15T00:00:00Z |
source | MITRE |
title | docker |
Docker Daemon CLI
Docker. (n.d.). DockerD CLI. Retrieved March 29, 2021.
Internal MISP references
UUID ea86eae4-6ad4-4d79-9dd3-dd965a7feb5c
which can be used as unique global reference for Docker Daemon CLI
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-29T00:00:00Z |
source | MITRE |
title | DockerD CLI |
Docker API
Docker. (n.d.). Docker Engine API v1.41 Reference. Retrieved March 31, 2021.
Internal MISP references
UUID b8ec1e37-7286-40e8-9577-ff9c54801086
which can be used as unique global reference for Docker API
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-31T00:00:00Z |
source | MITRE |
title | Docker Engine API v1.41 Reference |
Docker Build Image
Docker. ( null). Docker Engine API v1.41 Reference - Build an Image. Retrieved March 30, 2021.
Internal MISP references
UUID ee708b64-57f3-4b47-af05-1e26b698c21f
which can be used as unique global reference for Docker Build Image
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-30T00:00:00Z |
source | MITRE |
title | Docker Engine API v1.41 Reference - Build an Image |
Docker Containers API
Docker. (n.d.). Docker Engine API v1.41 Reference - Container. Retrieved March 29, 2021.
Internal MISP references
UUID 2351cb32-23d6-4557-9c52-e6e228402bab
which can be used as unique global reference for Docker Containers API
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-29T00:00:00Z |
source | MITRE |
title | Docker Engine API v1.41 Reference - Container |
Docker Exec
Docker. (n.d.). Docker Exec. Retrieved March 29, 2021.
Internal MISP references
UUID 5f1ace27-6584-4585-98de-52cb71d419c1
which can be used as unique global reference for Docker Exec
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-29T00:00:00Z |
source | MITRE |
title | Docker Exec |
Docker Images
Docker. (n.d.). Docker Images. Retrieved April 6, 2021.
Internal MISP references
UUID 9b4d1e80-61e9-4557-a562-5eda66d0bbf7
which can be used as unique global reference for Docker Images
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-06T00:00:00Z |
source | MITRE |
title | Docker Images |
Docker Overview
Docker. (n.d.). Docker Overview. Retrieved March 30, 2021.
Internal MISP references
UUID 52954bb1-16b0-4717-a72c-8a6dec97610b
which can be used as unique global reference for Docker Overview
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-30T00:00:00Z |
source | MITRE |
title | Docker Overview |
Docker Entrypoint
Docker. (n.d.). Docker run reference. Retrieved March 29, 2021.
Internal MISP references
UUID c80ad3fd-d7fc-4a7a-8565-da3feaa4a915
which can be used as unique global reference for Docker Entrypoint
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-29T00:00:00Z |
source | MITRE |
title | Docker run reference |
TechNet Server Operator Scheduled Task
Microsoft. (2012, November 15). Domain controller: Allow server operators to schedule tasks. Retrieved December 18, 2017.
Internal MISP references
UUID a9497afa-42c8-499e-a6b6-4231b1c22f6e
which can be used as unique global reference for TechNet Server Operator Scheduled Task
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-18T00:00:00Z |
date_published | 2012-11-15T00:00:00Z |
source | MITRE |
title | Domain controller: Allow server operators to schedule tasks |
Cisco Umbrella DGA
Scarfo, A. (2016, October 10). Domain Generation Algorithms – Why so effective?. Retrieved February 18, 2019.
Internal MISP references
UUID 5dbe2bcb-40b9-4ff8-a37a-0893a7a6cb58
which can be used as unique global reference for Cisco Umbrella DGA
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-18T00:00:00Z |
date_published | 2016-10-10T00:00:00Z |
source | MITRE |
title | Domain Generation Algorithms – Why so effective? |
Microsoft GetAllTrustRelationships
Microsoft. (n.d.). Domain.GetAllTrustRelationships Method. Retrieved February 14, 2019.
Internal MISP references
UUID 571086ce-42d3-4416-9521-315f694647a6
which can be used as unique global reference for Microsoft GetAllTrustRelationships
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-14T00:00:00Z |
source | MITRE |
title | Domain.GetAllTrustRelationships Method |
ICANNDomainNameHijacking
ICANN Security and Stability Advisory Committee. (2005, July 12). Domain Name Hijacking: Incidents, Threats, Risks and Remediation. Retrieved March 6, 2017.
Internal MISP references
UUID 96c5ec6c-d53d-49c3-bca1-0b6abe0080e6
which can be used as unique global reference for ICANNDomainNameHijacking
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-06T00:00:00Z |
date_published | 2005-07-12T00:00:00Z |
source | MITRE |
title | Domain Name Hijacking: Incidents, Threats, Risks and Remediation |
Palo Alto Unit 42 Domain Shadowing 2022
Janos Szurdi, Rebekah Houser and Daiping Liu. (2022, September 21). Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime. Retrieved March 7, 2023.
Internal MISP references
UUID ec460017-fd25-5975-b697-c8c11fee960d
which can be used as unique global reference for Palo Alto Unit 42 Domain Shadowing 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-07T00:00:00Z |
date_published | 2022-09-21T00:00:00Z |
source | MITRE |
title | Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime |
ASERT Donot March 2018
Schwarz, D., Sopko J. (2018, March 08). Donot Team Leverages New Modular Malware Framework in South Asia. Retrieved June 11, 2018.
Internal MISP references
UUID a1b987cc-7789-411c-9673-3cf6357b207c
which can be used as unique global reference for ASERT Donot March 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-06-11T00:00:00Z |
date_published | 2018-03-08T00:00:00Z |
source | MITRE |
title | Donot Team Leverages New Modular Malware Framework in South Asia |
Mandiant URL Obfuscation 2023
Nick Simonian. (2023, May 22). Don't @ Me: URL Obfuscation Through Schema Abuse. Retrieved August 4, 2023.
Internal MISP references
UUID b63f5934-2ace-5326-89be-7a850469a563
which can be used as unique global reference for Mandiant URL Obfuscation 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-04T00:00:00Z |
date_published | 2023-05-22T00:00:00Z |
source | MITRE |
title | Don't @ Me: URL Obfuscation Through Schema Abuse |
mandiant-masking
Simonian, Nick. (2023, May 22). Don't @ Me: URL Obfuscation Through Schema Abuse. Retrieved January 17, 2024.
Internal MISP references
UUID d5ed4c98-6d37-5000-bba0-9aada295a50c
which can be used as unique global reference for mandiant-masking
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-17T00:00:00Z |
date_published | 2023-05-22T00:00:00Z |
source | MITRE |
title | Don't @ Me: URL Obfuscation Through Schema Abuse |
Schema-abuse
Nick Simonian. (2023, May 22). Don't @ Me: URL Obfuscation Through Schema Abuse. Retrieved February 13, 2024.
Internal MISP references
UUID 75b860d9-a48d-57de-ba1e-b0db970abb1b
which can be used as unique global reference for Schema-abuse
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-13T00:00:00Z |
date_published | 2023-05-22T00:00:00Z |
source | MITRE |
title | Don't @ Me: URL Obfuscation Through Schema Abuse |
Donut Github
TheWover. (2019, May 9). donut. Retrieved March 25, 2022.
Internal MISP references
UUID 5f28c41f-6903-4779-93d4-3de99e031b70
which can be used as unique global reference for Donut Github
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-25T00:00:00Z |
date_published | 2019-05-09T00:00:00Z |
source | MITRE |
title | donut |
Introducing Donut
The Wover. (2019, May 9). Donut - Injecting .NET Assemblies as Shellcode. Retrieved October 4, 2021.
Internal MISP references
UUID 8fd099c6-e002-44d0-8b7f-65f290a42c07
which can be used as unique global reference for Introducing Donut
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-04T00:00:00Z |
date_published | 2019-05-09T00:00:00Z |
source | MITRE |
title | Donut - Injecting .NET Assemblies as Shellcode |
Dotnet.exe - LOLBAS Project
LOLBAS. (2019, November 12). Dotnet.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 8abe21ad-88d1-4a5c-b79e-8216b4b06862
which can be used as unique global reference for Dotnet.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2019-11-12T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Dotnet.exe |
cyberproof-double-bounce
Itkin, Liora. (2022, September 1). Double-bounced attacks with email spoofing . Retrieved February 24, 2023.
Internal MISP references
UUID 4406d688-c392-5244-b438-6995f38dfc61
which can be used as unique global reference for cyberproof-double-bounce
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-24T00:00:00Z |
date_published | 2022-09-01T00:00:00Z |
source | MITRE |
title | Double-bounced attacks with email spoofing |
FireEye APT41 Aug 2019
Fraser, N., et al. (2019, August 7). Double DragonAPT41, a dual espionage and cyber crime operation APT41. Retrieved September 23, 2019.
Internal MISP references
UUID 20f8e252-0a95-4ebd-857c-d05b0cde0904
which can be used as unique global reference for FireEye APT41 Aug 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-23T00:00:00Z |
date_published | 2019-08-07T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Double DragonAPT41, a dual espionage and cyber crime operation APT41 |
FireEye APT41 2019
FireEye. (2019). Double DragonAPT41, a dual espionage andcyber crime operationAPT41. Retrieved September 23, 2019.
Internal MISP references
UUID daa31f35-15a6-413b-9319-80d6921d1598
which can be used as unique global reference for FireEye APT41 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-23T00:00:00Z |
date_published | 2019-01-01T00:00:00Z |
source | MITRE |
title | Double DragonAPT41, a dual espionage andcyber crime operationAPT41 |
Malwarebytes IssacWiper CaddyWiper March 2022
Threat Intelligence Team. (2022, March 18). Double header: IsaacWiper and CaddyWiper . Retrieved April 11, 2022.
Internal MISP references
UUID 931aed95-a629-4f94-8762-aad580f5d3e2
which can be used as unique global reference for Malwarebytes IssacWiper CaddyWiper March 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-11T00:00:00Z |
date_published | 2022-03-18T00:00:00Z |
source | MITRE |
title | Double header: IsaacWiper and CaddyWiper |
Crowdstrike-leaks
Crowdstrike. (2020, September 24). Double Trouble: Ransomware with Data Leak Extortion, Part 1. Retrieved December 6, 2023.
Internal MISP references
UUID a91c3252-94b8-52a8-bb0d-cadac6afa161
which can be used as unique global reference for Crowdstrike-leaks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-06T00:00:00Z |
date_published | 2020-09-24T00:00:00Z |
source | MITRE |
title | Double Trouble: Ransomware with Data Leak Extortion, Part 1 |
tlseminar_downgrade_att
Team Cinnamon. (2017, February 3). Downgrade Attacks. Retrieved December 9, 2021.
Internal MISP references
UUID 8b5d46bf-fb4e-4ecd-b8a9-9c084c1864a3
which can be used as unique global reference for tlseminar_downgrade_att
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-09T00:00:00Z |
date_published | 2017-02-03T00:00:00Z |
source | MITRE |
title | Downgrade Attacks |
LogRhythm Do You Trust Oct 2014
Foss, G. (2014, October 3). Do You Trust Your Computer?. Retrieved December 17, 2018.
Internal MISP references
UUID 88a84f9a-e077-4fdd-9936-30fc7b290476
which can be used as unique global reference for LogRhythm Do You Trust Oct 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-12-17T00:00:00Z |
date_published | 2014-10-03T00:00:00Z |
source | MITRE |
title | Do You Trust Your Computer? |
VNC Vulnerabilities
Sergiu Gatlan. (2019, November 22). Dozens of VNC Vulnerabilities Found in Linux, Windows Solutions. Retrieved September 20, 2021.
Internal MISP references
UUID 3ec5440a-cb3b-4aa9-8e0e-0f92525ef51c
which can be used as unique global reference for VNC Vulnerabilities
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-20T00:00:00Z |
date_published | 2019-11-22T00:00:00Z |
source | MITRE |
title | Dozens of VNC Vulnerabilities Found in Linux, Windows Solutions |
Accenture Dragonfish Jan 2018
Accenture Security. (2018, January 27). DRAGONFISH DELIVERS NEW FORM OF ELISE MALWARE TARGETING ASEAN DEFENCE MINISTERS’ MEETING AND ASSOCIATES. Retrieved November 14, 2018.
Internal MISP references
UUID f692c6fa-7b3a-4d1d-9002-b1a59f7116f4
which can be used as unique global reference for Accenture Dragonfish Jan 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-14T00:00:00Z |
date_published | 2018-01-27T00:00:00Z |
source | MITRE |
title | DRAGONFISH DELIVERS NEW FORM OF ELISE MALWARE TARGETING ASEAN DEFENCE MINISTERS’ MEETING AND ASSOCIATES |
Symantec Dragonfly
Symantec Security Response. (2014, June 30). Dragonfly: Cyberespionage Attacks Against Energy Suppliers. Retrieved April 8, 2016.
Internal MISP references
UUID 9514c5cd-2ed6-4dbf-aa9e-1c425e969226
which can be used as unique global reference for Symantec Dragonfly
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-08T00:00:00Z |
date_published | 2014-06-30T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Dragonfly: Cyberespionage Attacks Against Energy Suppliers |
Symantec Dragonfly 2.0 October 2017
Symantec. (2017, October 7). Dragonfly: Western energy sector targeted by sophisticated attack group. Retrieved April 19, 2022.
Internal MISP references
UUID a0439d4a-a3ea-4be5-9a01-f223ca259681
which can be used as unique global reference for Symantec Dragonfly 2.0 October 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-19T00:00:00Z |
date_published | 2017-10-07T00:00:00Z |
source | MITRE |
title | Dragonfly: Western energy sector targeted by sophisticated attack group |
Symantec Dragonfly Sept 2017
Symantec Security Response. (2014, July 7). Dragonfly: Western energy sector targeted by sophisticated attack group. Retrieved September 9, 2017.
Internal MISP references
UUID 11bbeafc-ed5d-4d2b-9795-a0a9544fb64e
which can be used as unique global reference for Symantec Dragonfly Sept 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-09-09T00:00:00Z |
date_published | 2014-07-07T00:00:00Z |
source | MITRE |
title | Dragonfly: Western energy sector targeted by sophisticated attack group |
Kaspersky Dridex May 2017
Slepogin, N. (2017, May 25). Dridex: A History of Evolution. Retrieved May 31, 2019.
Internal MISP references
UUID 52c48bc3-2b53-4214-85c3-7e5dd036c969
which can be used as unique global reference for Kaspersky Dridex May 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-31T00:00:00Z |
date_published | 2017-05-25T00:00:00Z |
source | MITRE |
title | Dridex: A History of Evolution |
Dell Dridex Oct 2015
Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, October 13). Dridex (Bugat v5) Botnet Takeover Operation. Retrieved May 31, 2019.
Internal MISP references
UUID f81ce947-d875-4631-9709-b54c8b5d25bc
which can be used as unique global reference for Dell Dridex Oct 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-31T00:00:00Z |
date_published | 2015-10-13T00:00:00Z |
source | MITRE |
title | Dridex (Bugat v5) Botnet Takeover Operation |
Red Canary Dridex Threat Report 2021
Red Canary. (2021, February 9). Dridex - Red Canary Threat Detection Report. Retrieved August 3, 2023.
Internal MISP references
UUID 3be25132-6655-5fa9-92cb-772d02f49d2b
which can be used as unique global reference for Red Canary Dridex Threat Report 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-03T00:00:00Z |
date_published | 2021-02-09T00:00:00Z |
source | MITRE |
title | Dridex - Red Canary Threat Detection Report |
volexity_0day_sophos_FW
Adair, S., Lancaster, T., Volexity Threat Research. (2022, June 15). DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach. Retrieved July 1, 2022.
Internal MISP references
UUID 85bee18e-216d-4ea6-b34e-b071e3f63382
which can be used as unique global reference for volexity_0day_sophos_FW
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-01T00:00:00Z |
date_published | 2022-06-15T00:00:00Z |
source | MITRE |
title | DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach |
Google Drive Log Events
Google. (n.d.). Drive log events. Retrieved March 4, 2024.
Internal MISP references
UUID f546898e-3639-58f4-85a2-6268dfaab207
which can be used as unique global reference for Google Drive Log Events
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-04T00:00:00Z |
source | MITRE |
title | Drive log events |
Microsoft Driverquery
Microsoft. (n.d.). driverquery. Retrieved March 28, 2023.
Internal MISP references
UUID 7302dc00-a75a-5787-a04c-88ef4922ac09
which can be used as unique global reference for Microsoft Driverquery
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-28T00:00:00Z |
source | MITRE |
title | driverquery |
Dropbox Malware Sync
David Talbot. (2013, August 21). Dropbox and Similar Services Can Sync Malware. Retrieved May 31, 2023.
Internal MISP references
UUID 06ca63fa-8c6c-501c-96d3-5e7e45ca1e04
which can be used as unique global reference for Dropbox Malware Sync
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-31T00:00:00Z |
date_published | 2013-08-21T00:00:00Z |
source | MITRE |
title | Dropbox and Similar Services Can Sync Malware |
Cyberreason Anchor December 2019
Dahan, A. et al. (2019, December 11). DROPPING ANCHOR: FROM A TRICKBOT INFECTION TO THE DISCOVERY OF THE ANCHOR MALWARE. Retrieved September 10, 2020.
Internal MISP references
UUID a8dc5598-9963-4a1d-a473-bee8d2c72c57
which can be used as unique global reference for Cyberreason Anchor December 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-10T00:00:00Z |
date_published | 2019-12-11T00:00:00Z |
source | MITRE |
title | DROPPING ANCHOR: FROM A TRICKBOT INFECTION TO THE DISCOVERY OF THE ANCHOR MALWARE |
Samba DRSUAPI
SambaWiki. (n.d.). DRSUAPI. Retrieved December 4, 2017.
Internal MISP references
UUID 79e8f598-9962-4124-b884-eb10f86885af
which can be used as unique global reference for Samba DRSUAPI
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-04T00:00:00Z |
source | MITRE |
title | DRSUAPI |
dsdbutil.exe - LOLBAS Project
LOLBAS. (2023, May 31). dsdbutil.exe. Retrieved December 4, 2023.
Internal MISP references
UUID fc982faf-a37d-4d0b-949c-f7a27adc3030
which can be used as unique global reference for dsdbutil.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2023-05-31T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | dsdbutil.exe |
TechNet Dsquery
Microsoft. (n.d.). Dsquery. Retrieved April 18, 2016.
Internal MISP references
UUID bbbb4a45-2963-4f04-901a-fb2752800e12
which can be used as unique global reference for TechNet Dsquery
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-18T00:00:00Z |
source | MITRE |
title | Dsquery |
CyberBit Dtrack
Hod Gavriel. (2019, November 21). Dtrack: In-depth analysis of APT on a nuclear power plant. Retrieved January 20, 2021.
Internal MISP references
UUID 1ac944f4-868c-4312-8b5d-1580fd6542a0
which can be used as unique global reference for CyberBit Dtrack
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-20T00:00:00Z |
date_published | 2019-11-21T00:00:00Z |
source | MITRE |
title | Dtrack: In-depth analysis of APT on a nuclear power plant |
Kaspersky Dtrack
Kaspersky Global Research and Analysis Team. (2019, September 23). DTrack: previously unknown spy-tool by Lazarus hits financial institutions and research centers. Retrieved January 20, 2021.
Internal MISP references
UUID 0122ee35-938d-493f-a3bb-bc75fc808f62
which can be used as unique global reference for Kaspersky Dtrack
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-20T00:00:00Z |
date_published | 2019-09-23T00:00:00Z |
source | MITRE |
title | DTrack: previously unknown spy-tool by Lazarus hits financial institutions and research centers |
Crowdstrike Qakbot October 2020
CS. (2020, October 7). Duck Hunting with Falcon Complete: A Fowl Banking Trojan Evolves, Part 2. Retrieved September 27, 2021.
Internal MISP references
UUID 636a9b94-8260-45cc-bd74-a764cd8f50b0
which can be used as unique global reference for Crowdstrike Qakbot October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-27T00:00:00Z |
date_published | 2020-10-07T00:00:00Z |
source | MITRE |
title | Duck Hunting with Falcon Complete: A Fowl Banking Trojan Evolves, Part 2 |
Dump64.exe - LOLBAS Project
LOLBAS. (2021, November 16). Dump64.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b0186447-a6d5-40d7-a11d-ab2e9fb93087
which can be used as unique global reference for Dump64.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-11-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Dump64.exe |
dump_pwd_dcsync
Metcalf, S. (2015, November 22). Dump Clear-Text Passwords for All Admins in the Domain Using Mimikatz DCSync. Retrieved November 15, 2021.
Internal MISP references
UUID bd1d7e75-feee-47fd-abfb-7e3dfc648a72
which can be used as unique global reference for dump_pwd_dcsync
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-11-15T00:00:00Z |
date_published | 2015-11-22T00:00:00Z |
source | MITRE |
title | Dump Clear-Text Passwords for All Admins in the Domain Using Mimikatz DCSync |
ired mscache
Mantvydas Baranauskas. (2019, November 16). Dumping and Cracking mscash - Cached Domain Credentials. Retrieved February 21, 2020.
Internal MISP references
UUID 5b643e7d-1ace-4517-88c2-96115cac1209
which can be used as unique global reference for ired mscache
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-21T00:00:00Z |
date_published | 2019-11-16T00:00:00Z |
source | MITRE |
title | Dumping and Cracking mscash - Cached Domain Credentials |
ired Dumping LSA Secrets
Mantvydas Baranauskas. (2019, November 16). Dumping LSA Secrets. Retrieved February 21, 2020.
Internal MISP references
UUID cf883397-11e9-4f94-977a-bbe46e3107f5
which can be used as unique global reference for ired Dumping LSA Secrets
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-21T00:00:00Z |
date_published | 2019-11-16T00:00:00Z |
source | MITRE |
title | Dumping LSA Secrets |
DumpMinitool.exe - LOLBAS Project
LOLBAS. (2022, January 20). DumpMinitool.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 4634e025-c005-46fe-b97c-5d7dda455ba0
which can be used as unique global reference for DumpMinitool.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-01-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | DumpMinitool.exe |
DuplicateToken function
Microsoft. (2021, October 12). DuplicateToken function (securitybaseapi.h). Retrieved January 8, 2024.
Internal MISP references
UUID fbf31bc2-7883-56fa-975f-d083288464dc
which can be used as unique global reference for DuplicateToken function
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-08T00:00:00Z |
date_published | 2021-10-12T00:00:00Z |
source | MITRE |
title | DuplicateToken function (securitybaseapi.h) |
Wikipedia Duqu
Wikipedia. (2017, December 29). Duqu. Retrieved April 10, 2018.
Internal MISP references
UUID 5cf0101e-c036-4c1c-b322-48f04e2aef0b
which can be used as unique global reference for Wikipedia Duqu
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-10T00:00:00Z |
date_published | 2017-12-29T00:00:00Z |
source | MITRE |
title | Duqu |
Dxcap.exe - LOLBAS Project
LOLBAS. (2018, May 25). Dxcap.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 7611eb7a-46b7-4c76-9728-67c1fbf20e17
which can be used as unique global reference for Dxcap.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Dxcap.exe |
TheEvilBit DYLD_INSERT_LIBRARIES
Fitzl, C. (2019, July 9). DYLD_INSERT_LIBRARIES DYLIB injection in macOS / OSX. Retrieved March 26, 2020.
Internal MISP references
UUID bd27026c-81eb-480e-b092-f861472ac775
which can be used as unique global reference for TheEvilBit DYLD_INSERT_LIBRARIES
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-26T00:00:00Z |
date_published | 2019-07-09T00:00:00Z |
source | MITRE |
title | DYLD_INSERT_LIBRARIES DYLIB injection in macOS / OSX |
Wardle Dylib Hijacking OSX 2015
Patrick Wardle. (2015, March 1). Dylib Hijacking on OS X. Retrieved March 29, 2021.
Internal MISP references
UUID c78d8c94-4fe3-4aa9-b879-f0b0e9d2714b
which can be used as unique global reference for Wardle Dylib Hijacking OSX 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-29T00:00:00Z |
date_published | 2015-03-01T00:00:00Z |
source | MITRE |
title | Dylib Hijacking on OS X |
Dragos DYMALLOY
Dragos. (n.d.). DYMALLOY. Retrieved August 20, 2020.
Internal MISP references
UUID d2785c6e-e0d1-4e90-a2d5-2c302176d5d3
which can be used as unique global reference for Dragos DYMALLOY
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-20T00:00:00Z |
source | MITRE |
title | DYMALLOY |
MWRInfoSecurity Dynamic Hooking 2015
Hillman, M. (2015, August 8). Dynamic Hooking Techniques: User Mode. Retrieved December 20, 2017.
Internal MISP references
UUID 3cb6d0b1-4d6b-4f2d-bd7d-e4b2dcde081d
which can be used as unique global reference for MWRInfoSecurity Dynamic Hooking 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 2015-08-08T00:00:00Z |
source | MITRE |
title | Dynamic Hooking Techniques: User Mode |
rfc2131
Droms, R. (1997, March). Dynamic Host Configuration Protocol. Retrieved March 9, 2022.
Internal MISP references
UUID b16bd2d5-162b-44cb-a812-7becd6684021
which can be used as unique global reference for rfc2131
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-09T00:00:00Z |
date_published | 1997-03-01T00:00:00Z |
source | MITRE |
title | Dynamic Host Configuration Protocol |
rfc3315
J. Bound, et al. (2003, July). Dynamic Host Configuration Protocol for IPv6 (DHCPv6). Retrieved June 27, 2022.
Internal MISP references
UUID 9349f864-79e9-4481-ad77-44099621795a
which can be used as unique global reference for rfc3315
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-27T00:00:00Z |
date_published | 2003-07-01T00:00:00Z |
source | MITRE |
title | Dynamic Host Configuration Protocol for IPv6 (DHCPv6) |
Microsoft DLL Redirection
Microsoft. (n.d.). Dynamic-Link Library Redirection. Retrieved December 5, 2014.
Internal MISP references
UUID ac60bb28-cb14-4ff9-bc05-df48273a28a9
which can be used as unique global reference for Microsoft DLL Redirection
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-05T00:00:00Z |
source | MITRE |
title | Dynamic-Link Library Redirection |
Microsoft Dynamic-Link Library Redirection
Microsoft. (2018, May 31). Dynamic-Link Library Redirection. Retrieved March 13, 2020.
Internal MISP references
UUID 72458590-ee1b-4447-adb8-ca4f486d1db5
which can be used as unique global reference for Microsoft Dynamic-Link Library Redirection
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-13T00:00:00Z |
date_published | 2018-05-31T00:00:00Z |
source | MITRE |
title | Dynamic-Link Library Redirection |
Microsoft Dynamic Link Library Search Order
Microsoft. (2018, May 31). Dynamic-Link Library Search Order. Retrieved November 30, 2014.
Internal MISP references
UUID 7b1f945b-2547-4bc6-98bf-30248bdf3587
which can be used as unique global reference for Microsoft Dynamic Link Library Search Order
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-30T00:00:00Z |
date_published | 2018-05-31T00:00:00Z |
source | MITRE |
title | Dynamic-Link Library Search Order |
Microsoft DLL Search
Microsoft. (n.d.). Dynamic-Link Library Search Order. Retrieved November 30, 2014.
Internal MISP references
UUID c157444d-bf2b-4806-b069-519122b7a459
which can be used as unique global reference for Microsoft DLL Search
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-30T00:00:00Z |
source | MITRE |
title | Dynamic-Link Library Search Order |
MSDN DLL Security
Microsoft. (n.d.). Dynamic-Link Library Security. Retrieved July 25, 2016.
Internal MISP references
UUID 5d1d1916-cef4-49d1-b8e2-a6d18fb297f6
which can be used as unique global reference for MSDN DLL Security
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-07-25T00:00:00Z |
source | MITRE |
title | Dynamic-Link Library Security |
Microsoft DLL Security
Microsoft. (n.d.). Dynamic-Link Library Security. Retrieved November 27, 2017.
Internal MISP references
UUID 584490c7-b155-4f62-b68d-a5a2a1799e60
which can be used as unique global reference for Microsoft DLL Security
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-27T00:00:00Z |
source | MITRE |
title | Dynamic-Link Library Security |
Microsoft Dynamic-Link Library Security
Microsoft. (n.d.). Dynamic-Link Library Security. Retrieved July 25, 2016.
Internal MISP references
UUID e087442a-0a53-4cc8-9fd6-772cbd0295d5
which can be used as unique global reference for Microsoft Dynamic-Link Library Security
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-07-25T00:00:00Z |
source | MITRE |
title | Dynamic-Link Library Security |
Symantec Dyre June 2015
Symantec Security Response. (2015, June 23). Dyre: Emerging threat on financial fraud landscape. Retrieved August 23, 2018.
Internal MISP references
UUID a9780bb0-302f-44c2-8252-b53d94da24e6
which can be used as unique global reference for Symantec Dyre June 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-23T00:00:00Z |
date_published | 2015-06-23T00:00:00Z |
source | MITRE |
title | Dyre: Emerging threat on financial fraud landscape |
EA Hacked via Slack - June 2021
Anthony Spadafora. (2021, June 11). EA hack reportedly used stolen cookies and Slack to target gaming giant. Retrieved May 31, 2022.
Internal MISP references
UUID 3362e1df-cfb9-4281-a0a1-9a3710d76945
which can be used as unique global reference for EA Hacked via Slack - June 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-31T00:00:00Z |
date_published | 2021-06-11T00:00:00Z |
source | MITRE |
title | EA hack reportedly used stolen cookies and Slack to target gaming giant |
CrowdStrike StellarParticle January 2022
CrowdStrike. (2022, January 27). Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign. Retrieved February 7, 2022.
Internal MISP references
UUID 149c1446-d6a1-4a63-9420-def9272d6cb9
which can be used as unique global reference for CrowdStrike StellarParticle January 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-07T00:00:00Z |
date_published | 2022-01-27T00:00:00Z |
source | MITRE |
title | Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign |
Trend Micro Muddy Water March 2021
Peretz, A. and Theck, E. (2021, March 5). Earth Vetala – MuddyWater Continues to Target Organizations in the Middle East. Retrieved March 18, 2021.
Internal MISP references
UUID 16b4b834-2f44-4bac-b810-f92080c41f09
which can be used as unique global reference for Trend Micro Muddy Water March 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-18T00:00:00Z |
date_published | 2021-03-05T00:00:00Z |
source | MITRE |
title | Earth Vetala – MuddyWater Continues to Target Organizations in the Middle East |
Earthworm English Project Page
rootkiter. (2019, March 9). Earthworm. Retrieved July 7, 2023.
Internal MISP references
UUID 88170ef5-03ac-42f2-9b03-2ce204b5d45c
which can be used as unique global reference for Earthworm English Project Page
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-07T00:00:00Z |
date_published | 2019-03-09T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Earthworm |
SEC EDGAR Search
U.S. SEC. (n.d.). EDGAR - Search and Access. Retrieved August 27, 2021.
Internal MISP references
UUID 97958143-80c5-41f6-9fa6-4748e90e9f12
which can be used as unique global reference for SEC EDGAR Search
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-27T00:00:00Z |
source | MITRE |
title | EDGAR - Search and Access |
Intrinsec Egregor Nov 2020
Bichet, J. (2020, November 12). Egregor – Prolock: Fraternal Twins ?. Retrieved January 6, 2021.
Internal MISP references
UUID e55604da-b419-411a-85cf-073f2d78e0c1
which can be used as unique global reference for Intrinsec Egregor Nov 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-06T00:00:00Z |
date_published | 2020-11-12T00:00:00Z |
source | MITRE |
title | Egregor – Prolock: Fraternal Twins ? |
Cybereason Egregor Nov 2020
Rochberger, L. (2020, November 26). Cybereason vs. Egregor Ransomware. Retrieved December 30, 2020.
Internal MISP references
UUID c36b38d4-cfa2-4f1e-a410-6d629a24be62
which can be used as unique global reference for Cybereason Egregor Nov 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-30T00:00:00Z |
source | MITRE |
title | Egregor Ransomware |
Cyble Egregor Oct 2020
Cybleinc. (2020, October 31). Egregor Ransomware – A Deep Dive Into Its Activities and Techniques. Retrieved December 29, 2020.
Internal MISP references
UUID 545a131d-88fc-4b34-923c-0b759b45fc7f
which can be used as unique global reference for Cyble Egregor Oct 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-29T00:00:00Z |
date_published | 2020-10-31T00:00:00Z |
source | MITRE |
title | Egregor Ransomware – A Deep Dive Into Its Activities and Techniques |
NHS Digital Egregor Nov 2020
NHS Digital. (2020, November 26). Egregor Ransomware The RaaS successor to Maze. Retrieved December 29, 2020.
Internal MISP references
UUID 92f74037-2a20-4667-820d-2ccc0e4dbd3d
which can be used as unique global reference for NHS Digital Egregor Nov 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-29T00:00:00Z |
date_published | 2020-11-26T00:00:00Z |
source | MITRE |
title | Egregor Ransomware The RaaS successor to Maze |
Security Boulevard Egregor Oct 2020
Meskauskas, T.. (2020, October 29). Egregor: Sekhmet’s Cousin. Retrieved January 6, 2021.
Internal MISP references
UUID cd37a000-9e15-45a3-a7c9-bb508c10e55d
which can be used as unique global reference for Security Boulevard Egregor Oct 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-06T00:00:00Z |
date_published | 2020-10-29T00:00:00Z |
source | MITRE |
title | Egregor: Sekhmet’s Cousin |
U.S. CISA Trends June 30 2020
Cybersecurity and Infrastructure Security Agency. (2020, June 30). EINSTEIN Data Trends – 30-day Lookback. Retrieved October 25, 2023.
Internal MISP references
UUID b97e9a02-4cc5-4845-8058-0be4c566cd7c
which can be used as unique global reference for U.S. CISA Trends June 30 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-25T00:00:00Z |
date_published | 2020-06-30T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | EINSTEIN Data Trends – 30-day Lookback |
Dragos EKANS
Dragos. (2020, February 3). EKANS Ransomware and ICS Operations. Retrieved February 9, 2021.
Internal MISP references
UUID c8a018c5-caa3-4af1-b210-b65bbf94c8b2
which can be used as unique global reference for Dragos EKANS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-09T00:00:00Z |
date_published | 2020-02-03T00:00:00Z |
source | MITRE |
title | EKANS Ransomware and ICS Operations |
EldoS RawDisk ITpro
Edwards, M. (2007, March 14). EldoS Provides Raw Disk Access for Vista and XP. Retrieved March 26, 2019.
Internal MISP references
UUID a6cf3d1d-2310-42bb-9324-495b4e94d329
which can be used as unique global reference for EldoS RawDisk ITpro
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-26T00:00:00Z |
date_published | 2007-03-14T00:00:00Z |
source | MITRE |
title | EldoS Provides Raw Disk Access for Vista and XP |
Microsoft Targeting Elections September 2020
Burt, T. (2020, September 10). New cyberattacks targeting U.S. elections. Retrieved March 24, 2021.
Internal MISP references
UUID 1d7070fd-01be-4776-bb21-13368a6173b1
which can be used as unique global reference for Microsoft Targeting Elections September 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-24T00:00:00Z |
source | MITRE, Tidal Cyber |
title | elections |
Secureworks IRON RITUAL USAID Phish May 2021
Secureworks CTU. (2021, May 28). USAID-Themed Phishing Campaign Leverages U.S. Elections Lure. Retrieved February 24, 2022.
Internal MISP references
UUID 0d42c329-5847-4970-9580-2318a566df4e
which can be used as unique global reference for Secureworks IRON RITUAL USAID Phish May 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-24T00:00:00Z |
source | MITRE |
title | Elections Lure |
Electron Security
ElectronJS.org. (n.d.). Retrieved March 7, 2024.
Internal MISP references
UUID e44c8abf-77c1-5e19-93e6-99397d7eaa41
which can be used as unique global reference for Electron Security
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-07T00:00:00Z |
source | MITRE |
title | Electron Security |
Dragos-Sandworm-Ukraine-2022
Dragos, Inc.. (2023, December 11). ELECTRUM Targeted Ukrainian Electric Entity Using Custom Tools and CaddyWiper Malware, October 2022. Retrieved March 28, 2024.
Internal MISP references
UUID a17aa1b1-cda4-5aeb-b401-f4fd47d29f93
which can be used as unique global reference for Dragos-Sandworm-Ukraine-2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-28T00:00:00Z |
date_published | 2023-12-11T00:00:00Z |
source | MITRE |
title | ELECTRUM Targeted Ukrainian Electric Entity Using Custom Tools and CaddyWiper Malware, October 2022 |
Dragos ELECTRUM
Dragos. (2017, January 1). ELECTRUM Threat Profile. Retrieved June 10, 2020.
Internal MISP references
UUID 494f7056-7a39-4fa0-958d-fb1172d01852
which can be used as unique global reference for Dragos ELECTRUM
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-10T00:00:00Z |
date_published | 2017-01-01T00:00:00Z |
source | MITRE |
title | ELECTRUM Threat Profile |
Symantec Elfin Mar 2019
Security Response attack Investigation Team. (2019, March 27). Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.. Retrieved April 10, 2019.
Internal MISP references
UUID 55671ede-f309-4924-a1b4-3d597517b27e
which can be used as unique global reference for Symantec Elfin Mar 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-10T00:00:00Z |
date_published | 2019-03-27T00:00:00Z |
source | MITRE |
title | Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. |
Backtrace VDSO
backtrace. (2016, April 22). ELF SHARED LIBRARY INJECTION FORENSICS. Retrieved June 15, 2020.
Internal MISP references
UUID 1c8fa804-6579-4e68-a0b3-d16e0bee5654
which can be used as unique global reference for Backtrace VDSO
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-15T00:00:00Z |
date_published | 2016-04-22T00:00:00Z |
source | MITRE |
title | ELF SHARED LIBRARY INJECTION FORENSICS |
Securelist Machete Aug 2014
Kaspersky Global Research and Analysis Team. (2014, August 20). El Machete. Retrieved September 13, 2019.
Internal MISP references
UUID fc7be240-bd15-4ec4-bc01-f8891d7210d9
which can be used as unique global reference for Securelist Machete Aug 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-13T00:00:00Z |
date_published | 2014-08-20T00:00:00Z |
source | MITRE, Tidal Cyber |
title | El Machete |
Cylance Machete Mar 2017
The Cylance Threat Research Team. (2017, March 22). El Machete's Malware Attacks Cut Through LATAM. Retrieved September 13, 2019.
Internal MISP references
UUID 92a9a311-1e0b-4819-9856-2dfc8dbfc08d
which can be used as unique global reference for Cylance Machete Mar 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-13T00:00:00Z |
date_published | 2017-03-22T00:00:00Z |
source | MITRE, Tidal Cyber |
title | El Machete's Malware Attacks Cut Through LATAM |
Sophos News September 24 2020
Sophos News. (2020, September 24). Email-delivered MoDi RAT attack pastes PowerShell commands. Retrieved May 7, 2023.
Internal MISP references
UUID 8cfa3dc4-a6b4-4204-b1e5-5b325955936d
which can be used as unique global reference for Sophos News September 24 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2020-09-24T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Email-delivered MoDi RAT attack pastes PowerShell commands |
Power Automate Email Exfiltration Controls
Microsoft. (2022, February 15). Email exfiltration controls for connectors. Retrieved May 27, 2022.
Internal MISP references
UUID 79eeaadf-5c1e-4608-84a5-6c903966a7f3
which can be used as unique global reference for Power Automate Email Exfiltration Controls
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-27T00:00:00Z |
date_published | 2022-02-15T00:00:00Z |
source | MITRE |
title | Email exfiltration controls for connectors |
HackersArise Email
Hackers Arise. (n.d.). Email Scraping and Maltego. Retrieved October 20, 2020.
Internal MISP references
UUID b6aefd99-fd97-4ca0-b717-f9dc147c9413
which can be used as unique global reference for HackersArise Email
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
source | MITRE |
title | Email Scraping and Maltego |
Elastic - Koadiac Detection with EQL
Stepanic, D.. (2020, January 13). Embracing offensive tooling: Building detections against Koadic using EQL. Retrieved November 30, 2020.
Internal MISP references
UUID 689b71f4-f8e5-455f-91c2-c599c8650f11
which can be used as unique global reference for Elastic - Koadiac Detection with EQL
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-30T00:00:00Z |
date_published | 2020-01-13T00:00:00Z |
source | MITRE |
title | Embracing offensive tooling: Building detections against Koadic using EQL |
Nccgroup Emissary Panda May 2018
Pantazopoulos, N., Henry T. (2018, May 18). Emissary Panda – A potential new malicious tool. Retrieved June 25, 2018.
Internal MISP references
UUID e279c308-fabc-47d3-bdeb-296266c80988
which can be used as unique global reference for Nccgroup Emissary Panda May 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-06-25T00:00:00Z |
date_published | 2018-05-18T00:00:00Z |
source | MITRE |
title | Emissary Panda – A potential new malicious tool |
Unit42 Emissary Panda May 2019
Falcone, R. and Lancaster, T. (2019, May 28). Emissary Panda Attacks Middle East Government Sharepoint Servers. Retrieved July 9, 2019.
Internal MISP references
UUID 3a3ec86c-88da-40ab-8e5f-a7d5102c026b
which can be used as unique global reference for Unit42 Emissary Panda May 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-09T00:00:00Z |
date_published | 2019-05-28T00:00:00Z |
source | MITRE |
title | Emissary Panda Attacks Middle East Government Sharepoint Servers |
Emissary Trojan Feb 2016
Falcone, R. and Miller-Osborn, J. (2016, February 3). Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?. Retrieved February 15, 2016.
Internal MISP references
UUID 580ce22f-b76b-4a92-9fab-26ce8f449ab6
which can be used as unique global reference for Emissary Trojan Feb 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-02-15T00:00:00Z |
date_published | 2016-02-03T00:00:00Z |
source | MITRE |
title | Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve? |
Sophos Emotet Apr 2019
Brandt, A.. (2019, May 5). Emotet 101, stage 4: command and control. Retrieved April 16, 2019.
Internal MISP references
UUID 0bd01e6c-6fb5-4bae-9fe9-395de061c1da
which can be used as unique global reference for Sophos Emotet Apr 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-16T00:00:00Z |
date_published | 2019-05-05T00:00:00Z |
source | MITRE |
title | Emotet 101, stage 4: command and control |
Deep Instinct March 10 2023
Deep Instinct. (2023, March 10). Emotet Again! The First Malspam Wave of 2023 | Deep Instinct. Retrieved May 7, 2023.
Internal MISP references
UUID 8016eca2-f702-4081-83ba-06262c29e6c2
which can be used as unique global reference for Deep Instinct March 10 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2023-03-10T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Emotet Again! The First Malspam Wave of 2023 |
CIS Emotet Apr 2017
CIS. (2017, April 28). Emotet Changes TTPs and Arrives in United States. Retrieved January 17, 2019.
Internal MISP references
UUID 8dc7653f-84ef-4f0a-91f6-9b10ff50b756
which can be used as unique global reference for CIS Emotet Apr 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-01-17T00:00:00Z |
date_published | 2017-04-28T00:00:00Z |
source | MITRE |
title | Emotet Changes TTPs and Arrives in United States |
Binary Defense Emotes Wi-Fi Spreader
Binary Defense. (n.d.). Emotet Evolves With new Wi-Fi Spreader. Retrieved September 8, 2023.
Internal MISP references
UUID 05e624ee-c53d-5cd1-8fd2-6b2d38344bfd
which can be used as unique global reference for Binary Defense Emotes Wi-Fi Spreader
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-08T00:00:00Z |
source | MITRE |
title | Emotet Evolves With new Wi-Fi Spreader |
ESET Emotet Nov 2018
ESET . (2018, November 9). Emotet launches major new spam campaign. Retrieved March 25, 2019.
Internal MISP references
UUID e954c9aa-4995-452c-927e-11d0a6e2f442
which can be used as unique global reference for ESET Emotet Nov 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-25T00:00:00Z |
date_published | 2018-11-09T00:00:00Z |
source | MITRE |
title | Emotet launches major new spam campaign |
Trend Micro Emotet 2020
Cybercrime & Digital Threat Team. (2020, February 13). Emotet Now Spreads via Wi-Fi. Retrieved February 16, 2022.
Internal MISP references
UUID 150327e6-db4b-4588-8cf2-ee131569150b
which can be used as unique global reference for Trend Micro Emotet 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-16T00:00:00Z |
date_published | 2020-02-13T00:00:00Z |
source | MITRE |
title | Emotet Now Spreads via Wi-Fi |
Talos Emotet Jan 2019
Brumaghin, E.. (2019, January 15). Emotet re-emerges after the holidays. Retrieved March 25, 2019.
Internal MISP references
UUID 83180391-89b6-4431-87f4-2703b47cb81b
which can be used as unique global reference for Talos Emotet Jan 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-25T00:00:00Z |
date_published | 2019-01-15T00:00:00Z |
source | MITRE |
title | Emotet re-emerges after the holidays |
Cybersécurité - INTRINSEC January 09 2023
Equipe cti. (2023, January 9). Emotet returns and deploys loaders. Retrieved May 7, 2023.
Internal MISP references
UUID 6d39aba3-ae77-4a95-8242-7dacae8c89d8
which can be used as unique global reference for Cybersécurité - INTRINSEC January 09 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2023-01-09T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Emotet returns and deploys loaders |
Emotet shutdown
The DFIR Report. (2022, November 8). Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware. Retrieved March 6, 2023.
Internal MISP references
UUID 02e6c7bf-f81c-53a3-b771-fd77d4cdb5a0
which can be used as unique global reference for Emotet shutdown
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-06T00:00:00Z |
date_published | 2022-11-08T00:00:00Z |
source | MITRE |
title | Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware |
Carbon Black Emotet Apr 2019
Lee, S.. (2019, April 24). Emotet Using WMI to Launch PowerShell Encoded Code. Retrieved May 24, 2019.
Internal MISP references
UUID db8fe753-d674-4668-9ee5-c1269085a7a1
which can be used as unique global reference for Carbon Black Emotet Apr 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-24T00:00:00Z |
date_published | 2019-04-24T00:00:00Z |
source | MITRE |
title | Emotet Using WMI to Launch PowerShell Encoded Code |
DanielManea Emotet May 2017
Manea, D.. (2019, May 25). Emotet v4 Analysis. Retrieved April 16, 2019.
Internal MISP references
UUID 578e44f2-9ff5-4bed-8dee-a992711df8ce
which can be used as unique global reference for DanielManea Emotet May 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-16T00:00:00Z |
date_published | 2019-05-25T00:00:00Z |
source | MITRE |
title | Emotet v4 Analysis |
Empire Keychain Decrypt
Empire. (2018, March 8). Empire keychaindump_decrypt Module. Retrieved April 14, 2022.
Internal MISP references
UUID 41075230-73a2-4195-b716-379f9e5ae93b
which can be used as unique global reference for Empire Keychain Decrypt
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-14T00:00:00Z |
date_published | 2018-03-08T00:00:00Z |
source | MITRE |
title | Empire keychaindump_decrypt Module |
Github EmpireProject CreateHijacker Dylib
Wardle, P., Ross, C. (2018, April 8). EmpireProject Create Dylib Hijacker. Retrieved April 1, 2021.
Internal MISP references
UUID 2908418d-54cf-4245-92c6-63f616b04e91
which can be used as unique global reference for Github EmpireProject CreateHijacker Dylib
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-01T00:00:00Z |
date_published | 2018-04-08T00:00:00Z |
source | MITRE |
title | EmpireProject Create Dylib Hijacker |
Github EmpireProject HijackScanner
Wardle, P., Ross, C. (2017, September 21). Empire Project Dylib Hijack Vulnerability Scanner. Retrieved April 1, 2021.
Internal MISP references
UUID c83e8833-9648-4178-b5be-6fa0af8f737f
which can be used as unique global reference for Github EmpireProject HijackScanner
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-01T00:00:00Z |
date_published | 2017-09-21T00:00:00Z |
source | MITRE |
title | Empire Project Dylib Hijack Vulnerability Scanner |
Microsoft ASR Nov 2017
Brower, N. & D'Souza-Wiltshire, I. (2017, November 9). Enable Attack surface reduction. Retrieved February 3, 2018.
Internal MISP references
UUID 1cb445f6-a366-4ae6-a698-53da6c61b4c9
which can be used as unique global reference for Microsoft ASR Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-03T00:00:00Z |
date_published | 2017-11-09T00:00:00Z |
source | MITRE |
title | Enable Attack surface reduction |
Microsoft TESTSIGNING Feb 2021
Microsoft. (2021, February 15). Enable Loading of Test Signed Drivers. Retrieved April 22, 2021.
Internal MISP references
UUID c04153f9-d4c7-4349-9bef-3f883eec0028
which can be used as unique global reference for Microsoft TESTSIGNING Feb 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-22T00:00:00Z |
date_published | 2021-02-15T00:00:00Z |
source | MITRE |
title | Enable Loading of Test Signed Drivers |
Microsoft Disable DCOM
Microsoft. (n.d.). Enable or Disable DCOM. Retrieved November 22, 2017.
Internal MISP references
UUID 1aeac4da-f5fd-4fa3-9cc0-b1a50427c121
which can be used as unique global reference for Microsoft Disable DCOM
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-22T00:00:00Z |
source | MITRE |
title | Enable or Disable DCOM |
Microsoft Disable Macros
Microsoft. (n.d.). Enable or disable macros in Office files. Retrieved September 13, 2018.
Internal MISP references
UUID cfe592a1-c06d-4555-a30f-c5d533dfd73e
which can be used as unique global reference for Microsoft Disable Macros
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-13T00:00:00Z |
source | MITRE |
title | Enable or disable macros in Office files |
Microsoft Remote
Microsoft. (n.d.). Enable the Remote Registry Service. Retrieved May 1, 2015.
Internal MISP references
UUID 331d59e3-ce7f-483c-b77d-001c8a9ae1df
which can be used as unique global reference for Microsoft Remote
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-05-01T00:00:00Z |
source | MITRE |
title | Enable the Remote Registry Service |
PCMag DoubleExtension
PCMag. (n.d.). Encyclopedia: double extension. Retrieved August 4, 2021.
Internal MISP references
UUID a729519d-8c9f-477c-b992-434076a9d294
which can be used as unique global reference for PCMag DoubleExtension
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-04T00:00:00Z |
source | MITRE |
title | Encyclopedia: double extension |
FireEye Periscope March 2018
FireEye. (2018, March 16). Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries. Retrieved April 11, 2018.
Internal MISP references
UUID 8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f
which can be used as unique global reference for FireEye Periscope March 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-11T00:00:00Z |
source | MITRE |
title | Engineering and Maritime Industries |
NCCIC AR-17-20045 February 2017
NCCIC. (2017, February 10). Enhanced Analysis of GRIZZLY STEPPE Activity. Retrieved April 12, 2021.
Internal MISP references
UUID b930e838-649b-42ab-86dc-0443667276de
which can be used as unique global reference for NCCIC AR-17-20045 February 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-12T00:00:00Z |
date_published | 2017-02-10T00:00:00Z |
source | MITRE |
title | Enhanced Analysis of GRIZZLY STEPPE Activity |
ESET Sednit Part 1
ESET. (2016, October). En Route with Sednit - Part 1: Approaching the Target. Retrieved November 8, 2016.
Internal MISP references
UUID a2016103-ead7-46b3-bae5-aa97c45a12b7
which can be used as unique global reference for ESET Sednit Part 1
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-11-08T00:00:00Z |
date_published | 2016-10-01T00:00:00Z |
source | MITRE |
title | En Route with Sednit - Part 1: Approaching the Target |
ESET Sednit Part 2
ESET. (2016, October). En Route with Sednit - Part 2: Observing the Comings and Goings. Retrieved November 21, 2016.
Internal MISP references
UUID aefb9eda-df5a-437f-af2a-ec1b6c04628b
which can be used as unique global reference for ESET Sednit Part 2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-11-21T00:00:00Z |
date_published | 2016-10-01T00:00:00Z |
source | MITRE |
title | En Route with Sednit - Part 2: Observing the Comings and Goings |
ESET Sednit Part 3
ESET. (2016, October). En Route with Sednit - Part 3: A Mysterious Downloader. Retrieved November 21, 2016.
Internal MISP references
UUID 7c2be444-a947-49bc-b5f6-8f6bec870c6a
which can be used as unique global reference for ESET Sednit Part 3
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-11-21T00:00:00Z |
date_published | 2016-10-01T00:00:00Z |
source | MITRE |
title | En Route with Sednit - Part 3: A Mysterious Downloader |
Google Ensuring Your Information is Safe
Google. (2011, June 1). Ensuring your information is safe online. Retrieved April 1, 2022.
Internal MISP references
UUID ad3eda19-08eb-4d59-a2c9-3b5ed8302205
which can be used as unique global reference for Google Ensuring Your Information is Safe
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-01T00:00:00Z |
date_published | 2011-06-01T00:00:00Z |
source | MITRE |
title | Ensuring your information is safe online |
Fortinet Blog November 13 2018
Fortinet Blog. (2018, November 13). Enter The DarkGate - New Cryptocurrency Mining and Ransomware Campaign. Retrieved October 20, 2023.
Internal MISP references
UUID 1b9b5c48-d504-4c73-aedc-37e935c47f17
which can be used as unique global reference for Fortinet Blog November 13 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-20T00:00:00Z |
date_published | 2018-11-13T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Enter The DarkGate - New Cryptocurrency Mining and Ransomware Campaign |
Ensilo Darkgate 2018
Adi Zeligson & Rotem Kerner. (2018, November 13). Enter The DarkGate - New Cryptocurrency Mining and Ransomware Campaign. Retrieved February 9, 2024.
Internal MISP references
UUID 31796564-4154-54c0-958a-7d6802dfefad
which can be used as unique global reference for Ensilo Darkgate 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-09T00:00:00Z |
date_published | 2018-11-13T00:00:00Z |
source | MITRE |
title | Enter The DarkGate - New Cryptocurrency Mining and Ransomware Campaign |
Splunk DarkGate
Splunk Threat Research Team. (2024, January 17). Enter The Gates: An Analysis of the DarkGate AutoIt Loader. Retrieved March 29, 2024.
Internal MISP references
UUID adc6384c-e0d7-547f-a1e3-2c57ff0525ae
which can be used as unique global reference for Splunk DarkGate
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-29T00:00:00Z |
date_published | 2024-01-17T00:00:00Z |
source | MITRE |
title | Enter The Gates: An Analysis of the DarkGate AutoIt Loader |
Splunk DarkGate January 17 2024
Splunk Threat Research Team. (2024, January 17). Enter The Gates: An Analysis of the DarkGate AutoIt Loader. Retrieved January 24, 2024.
Internal MISP references
UUID a45a920c-3bda-4442-8650-4ad78f950283
which can be used as unique global reference for Splunk DarkGate January 17 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-24T00:00:00Z |
date_published | 2024-01-17T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Enter The Gates: An Analysis of the DarkGate AutoIt Loader |
Microsoft EnumDeviceDrivers
Microsoft. (2021, October 12). EnumDeviceDrivers function (psapi.h). Retrieved March 28, 2023.
Internal MISP references
UUID 647ffc70-8eab-5f2f-abf4-9bbf42554043
which can be used as unique global reference for Microsoft EnumDeviceDrivers
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-28T00:00:00Z |
date_published | 2021-10-12T00:00:00Z |
source | MITRE |
title | EnumDeviceDrivers function (psapi.h) |
EK Clueless Agents
Riordan, J., Schneier, B. (1998, June 18). Environmental Key Generation towards Clueless Agents. Retrieved January 18, 2019.
Internal MISP references
UUID ef7409d2-af39-4ad8-8469-76f0165687bd
which can be used as unique global reference for EK Clueless Agents
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-01-18T00:00:00Z |
date_published | 1998-06-18T00:00:00Z |
source | MITRE |
title | Environmental Key Generation towards Clueless Agents |
Deloitte Environment Awareness
Torello, A. & Guibernau, F. (n.d.). Environment Awareness. Retrieved May 18, 2021.
Internal MISP references
UUID af842a1f-8f39-4b4f-b4d2-0bbb810e6c31
which can be used as unique global reference for Deloitte Environment Awareness
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-18T00:00:00Z |
source | MITRE |
title | Environment Awareness |
MSDN Environment Property
Microsoft. (n.d.). Environment Property. Retrieved July 27, 2016.
Internal MISP references
UUID 79ea888c-2dd7-40cb-9149-e2469a35ea3a
which can be used as unique global reference for MSDN Environment Property
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-07-27T00:00:00Z |
source | MITRE |
title | Environment Property |
Microsoft Environment Property
Microsoft. (2011, October 24). Environment Property. Retrieved July 27, 2016.
Internal MISP references
UUID 64598969-864d-4bc7-805e-c289cccb7bc6
which can be used as unique global reference for Microsoft Environment Property
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-07-27T00:00:00Z |
date_published | 2011-10-24T00:00:00Z |
source | MITRE |
title | Environment Property |
Kaspersky Equation QA
Kaspersky Lab's Global Research and Analysis Team. (2015, February). Equation Group: Questions and Answers. Retrieved December 21, 2015.
Internal MISP references
UUID 34674802-fbd9-4cdb-8611-c58665c430e5
which can be used as unique global reference for Kaspersky Equation QA
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-12-21T00:00:00Z |
date_published | 2015-02-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Equation Group: Questions and Answers |
erase_cmd_cisco
Cisco. (2022, August 16). erase - Cisco IOS Configuration Fundamentals Command Reference . Retrieved July 13, 2022.
Internal MISP references
UUID 4c90eba9-118e-5d50-ad58-27bcb0e1e228
which can be used as unique global reference for erase_cmd_cisco
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-13T00:00:00Z |
date_published | 2022-08-16T00:00:00Z |
source | MITRE |
title | erase - Cisco IOS Configuration Fundamentals Command Reference |
Container Escape
0xn3va. (n.d.). Escaping. Retrieved May 27, 2022.
Internal MISP references
UUID 8248917a-9afd-4ec6-a086-1a97a68deff1
which can be used as unique global reference for Container Escape
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-27T00:00:00Z |
source | MITRE |
title | Escaping |
Microsoft Esentutl
Microsoft. (2016, August 30). Esentutl. Retrieved September 3, 2019.
Internal MISP references
UUID 08fb9e84-495f-4710-bd1e-417eb8191a10
which can be used as unique global reference for Microsoft Esentutl
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-03T00:00:00Z |
date_published | 2016-08-30T00:00:00Z |
source | MITRE |
title | Esentutl |
LOLBAS Esentutl
LOLBAS. (n.d.). Esentutl.exe. Retrieved September 3, 2019.
Internal MISP references
UUID 691b4907-3544-4ad0-989c-b5c845e0330f
which can be used as unique global reference for LOLBAS Esentutl
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-03T00:00:00Z |
source | MITRE |
title | Esentutl.exe |
ESET Twitter Ida Pro Nov 2021
Cherepanov, Anton. (2019, November 10). ESETresearch discovered a trojanized IDA Pro installer. Retrieved March 2, 2022.
Internal MISP references
UUID 6d079207-a7c0-4023-b504-1010dd538221
which can be used as unique global reference for ESET Twitter Ida Pro Nov 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-02T00:00:00Z |
date_published | 2019-11-10T00:00:00Z |
source | MITRE |
title | ESETresearch discovered a trojanized IDA Pro installer |
ESET PowerPool Code October 2020
ESET Research. (2020, October 1). ESET Research Tweet Linking Slothfulmedia and PowerPool. Retrieved November 17, 2020.
Internal MISP references
UUID d583b409-35bd-45ea-8f2a-c0d566a6865b
which can be used as unique global reference for ESET PowerPool Code October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-17T00:00:00Z |
date_published | 2020-10-01T00:00:00Z |
source | MITRE |
title | ESET Research Tweet Linking Slothfulmedia and PowerPool |
ESET FinFisher Jan 2018
Kafka, F. (2018, January). ESET's Guide to Deobfuscating and Devirtualizing FinFisher. Retrieved August 12, 2019.
Internal MISP references
UUID be169308-19e8-4ee9-8ff6-e08eb9291ef8
which can be used as unique global reference for ESET FinFisher Jan 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-08-12T00:00:00Z |
date_published | 2018-01-01T00:00:00Z |
source | MITRE |
title | ESET's Guide to Deobfuscating and Devirtualizing FinFisher |
ESET Trickbot Oct 2020
Boutin, J. (2020, October 12). ESET takes part in global operation to disrupt Trickbot. Retrieved March 15, 2021.
Internal MISP references
UUID c3320c11-4631-4e02-8025-5c1e5b54e521
which can be used as unique global reference for ESET Trickbot Oct 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-15T00:00:00Z |
date_published | 2020-10-12T00:00:00Z |
source | MITRE |
title | ESET takes part in global operation to disrupt Trickbot |
WeLiveSecurity April 19 2022
Jean-Ian Boutin, Tomáš Procházka. (2022, April 19). ESET takes part in global operation to disrupt Zloader botnets | WeLiveSecurity. Retrieved May 10, 2023.
Internal MISP references
UUID f86845b9-03c4-446b-845f-b31b79b247ee
which can be used as unique global reference for WeLiveSecurity April 19 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-10T00:00:00Z |
date_published | 2022-04-19T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | ESET takes part in global operation to disrupt Zloader botnets |
Riskiq Remcos Jan 2018
Klijnsma, Y. (2018, January 23). Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors. Retrieved November 6, 2018.
Internal MISP references
UUID a641a41c-dcd8-47e5-9b29-109dd2eb7f1e
which can be used as unique global reference for Riskiq Remcos Jan 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-06T00:00:00Z |
date_published | 2018-01-23T00:00:00Z |
source | MITRE |
title | Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors |
EventLog_Core_Technologies
Core Technologies. (2021, May 24). Essential Windows Services: EventLog / Windows Event Log. Retrieved September 14, 2021.
Internal MISP references
UUID 2a1f452f-57b6-4764-b474-befa7787642d
which can be used as unique global reference for EventLog_Core_Technologies
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-14T00:00:00Z |
date_published | 2021-05-24T00:00:00Z |
source | MITRE |
title | Essential Windows Services: EventLog / Windows Event Log |
ISACA Malware Tricks
Kolbitsch, C. (2017, November 1). Evasive Malware Tricks: How Malware Evades Detection by Sandboxes. Retrieved March 30, 2021.
Internal MISP references
UUID a071bf02-066b-46e6-a554-f43d0c170807
which can be used as unique global reference for ISACA Malware Tricks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-30T00:00:00Z |
date_published | 2017-11-01T00:00:00Z |
source | MITRE |
title | Evasive Malware Tricks: How Malware Evades Detection by Sandboxes |
ThreatStream Evasion Analysis
Shelmire, A.. (2015, July 6). Evasive Maneuvers. Retrieved January 22, 2016.
Internal MISP references
UUID de6bc044-6275-4cab-80a1-feefebd3c1f0
which can be used as unique global reference for ThreatStream Evasion Analysis
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-22T00:00:00Z |
date_published | 2015-07-06T00:00:00Z |
source | MITRE |
title | Evasive Maneuvers |
Anomali Evasive Maneuvers July 2015
Shelmire, A. (2015, July 06). Evasive Maneuvers by the Wekby group with custom ROP-packing and DNS covert channels. Retrieved November 15, 2018.
Internal MISP references
UUID 471ae30c-2753-468e-8e4d-6e7a3be599c9
which can be used as unique global reference for Anomali Evasive Maneuvers July 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-15T00:00:00Z |
date_published | 2015-07-06T00:00:00Z |
source | MITRE |
title | Evasive Maneuvers by the Wekby group with custom ROP-packing and DNS covert channels |
Unit42 OilRig Playbook 2023
Unit42. (2016, May 1). Evasive Serpens Unit 42 Playbook Viewer. Retrieved February 6, 2023.
Internal MISP references
UUID e38902bb-9bab-5beb-817b-668a67a76541
which can be used as unique global reference for Unit42 OilRig Playbook 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-06T00:00:00Z |
date_published | 2016-05-01T00:00:00Z |
source | MITRE |
title | Evasive Serpens Unit 42 Playbook Viewer |
Microsoft EventLog.Clear
Microsoft. (n.d.). EventLog.Clear Method (). Retrieved July 2, 2018.
Internal MISP references
UUID b2711ad3-981c-4c77-bb64-643b547bfda6
which can be used as unique global reference for Microsoft EventLog.Clear
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-02T00:00:00Z |
source | MITRE |
title | EventLog.Clear Method () |
evt_log_tampering
svch0st. (2020, September 30). Event Log Tampering Part 1: Disrupting the EventLog Service. Retrieved September 14, 2021.
Internal MISP references
UUID 7757bbc6-8058-4584-a5aa-14b647d932a6
which can be used as unique global reference for evt_log_tampering
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-14T00:00:00Z |
date_published | 2020-09-30T00:00:00Z |
source | MITRE |
title | Event Log Tampering Part 1: Disrupting the EventLog Service |
Microsoft ETW May 2018
Microsoft. (2018, May 30). Event Tracing. Retrieved September 6, 2018.
Internal MISP references
UUID 876f8690-1874-41c0-bd38-d3bd41c96acc
which can be used as unique global reference for Microsoft ETW May 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-06T00:00:00Z |
date_published | 2018-05-30T00:00:00Z |
source | MITRE |
title | Event Tracing |
Eventvwr.exe - LOLBAS Project
LOLBAS. (2018, November 1). Eventvwr.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 0c09812a-a936-4282-b574-35a00f631857
which can be used as unique global reference for Eventvwr.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-11-01T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Eventvwr.exe |
Secure Ideas SMB Relay
Kuehn, E. (2018, April 11). Ever Run a Relay? Why SMB Relays Should Be On Your Mind. Retrieved February 7, 2019.
Internal MISP references
UUID ac4b2e91-f338-44c3-8950-435102136991
which can be used as unique global reference for Secure Ideas SMB Relay
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-07T00:00:00Z |
date_published | 2018-04-11T00:00:00Z |
source | MITRE |
title | Ever Run a Relay? Why SMB Relays Should Be On Your Mind |
CSV Excel Macro Injection
Ishaq Mohammed . (2021, January 10). Everything about CSV Injection and CSV Excel Macro Injection. Retrieved February 7, 2022.
Internal MISP references
UUID 22c871ff-2701-4809-9f5b-fb29da7481e8
which can be used as unique global reference for CSV Excel Macro Injection
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-07T00:00:00Z |
date_published | 2021-01-10T00:00:00Z |
source | MITRE |
title | Everything about CSV Injection and CSV Excel Macro Injection |
Avertium callback phishing
Avertium. (n.d.). EVERYTHING YOU NEED TO KNOW ABOUT CALLBACK PHISHING. Retrieved February 2, 2023.
Internal MISP references
UUID abeb1146-e5e5-5ecc-9b70-b348fba097f6
which can be used as unique global reference for Avertium callback phishing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-02T00:00:00Z |
source | MITRE |
title | EVERYTHING YOU NEED TO KNOW ABOUT CALLBACK PHISHING |
Intezer Aurora Sept 2017
Rosenberg, J. (2017, September 20). Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner. Retrieved February 13, 2018.
Internal MISP references
UUID b2999bd7-50d5-4d49-8893-8c0903d49104
which can be used as unique global reference for Intezer Aurora Sept 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-13T00:00:00Z |
date_published | 2017-09-20T00:00:00Z |
source | MITRE |
title | Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner |
Cyphort EvilBunny Dec 2014
Marschalek, M.. (2014, December 16). EvilBunny: Malware Instrumented By Lua. Retrieved June 28, 2019.
Internal MISP references
UUID a0218d0f-3378-4508-9d3c-a7cd3e00a156
which can be used as unique global reference for Cyphort EvilBunny Dec 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-28T00:00:00Z |
date_published | 2014-12-16T00:00:00Z |
source | MITRE |
title | EvilBunny: Malware Instrumented By Lua |
Evil Clippy May 2019
Hegt, S. (2019, May 5). Evil Clippy: MS Office maldoc assistant. Retrieved September 17, 2020.
Internal MISP references
UUID aafa27e8-5df7-4fc6-9fe5-9a438f2b507a
which can be used as unique global reference for Evil Clippy May 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-17T00:00:00Z |
date_published | 2019-05-05T00:00:00Z |
source | MITRE |
title | Evil Clippy: MS Office maldoc assistant |
Cyble August 19 2022
Cybleinc. (2022, August 19). EvilCoder Project Selling Multiple Dangerous Tools Online. Retrieved May 10, 2023.
Internal MISP references
UUID 7b5617f8-5d0d-4185-97c7-82acf023f3c3
which can be used as unique global reference for Cyble August 19 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-10T00:00:00Z |
date_published | 2022-08-19T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | EvilCoder Project Selling Multiple Dangerous Tools Online |
Evilginx 2 July 2018
Gretzky, K.. (2018, July 26). Evilginx 2 - Next Generation of Phishing 2FA Tokens. Retrieved October 14, 2019.
Internal MISP references
UUID 9099b5aa-25eb-4cb7-9e3a-da4c3244f15a
which can be used as unique global reference for Evilginx 2 July 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-14T00:00:00Z |
date_published | 2018-07-26T00:00:00Z |
source | MITRE |
title | Evilginx 2 - Next Generation of Phishing 2FA Tokens |
Evilginx Sources & Methods December 2023
Matthew Conway. (2023, December 14). Evilginx Phishing Proxy. Retrieved January 3, 2023.
Internal MISP references
UUID 13bdabb2-5956-492a-baf9-b0c3a0629806
which can be used as unique global reference for Evilginx Sources & Methods December 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-01-03T00:00:00Z |
date_published | 2023-12-14T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Evilginx Phishing Proxy |
SentinelOne EvilQuest Ransomware Spyware 2020
Phil Stokes. (2020, July 8). “EvilQuest” Rolls Ransomware, Spyware & Data Theft Into One. Retrieved April 1, 2021.
Internal MISP references
UUID 4dc26c77-d0ce-4836-a4cc-0490b6d7f115
which can be used as unique global reference for SentinelOne EvilQuest Ransomware Spyware 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-01T00:00:00Z |
date_published | 2020-07-08T00:00:00Z |
source | MITRE |
title | “EvilQuest” Rolls Ransomware, Spyware & Data Theft Into One |
Cisco Synful Knock Evolution
Graham Holmes. (2015, October 8). Evolution of attacks on Cisco IOS devices. Retrieved October 19, 2020.
Internal MISP references
UUID 29301297-8343-4f75-8096-7fe229812f75
which can be used as unique global reference for Cisco Synful Knock Evolution
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
date_published | 2015-10-08T00:00:00Z |
source | MITRE |
title | Evolution of attacks on Cisco IOS devices |
SCILabs URSA/Mispadu Evolution 2023
SCILabs. (2023, May 23). Evolution of banking trojan URSA/Mispadu. Retrieved March 13, 2024.
Internal MISP references
UUID a7a0db8d-bc1c-5e89-8c42-a3a6cc2cf28d
which can be used as unique global reference for SCILabs URSA/Mispadu Evolution 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-13T00:00:00Z |
date_published | 2023-05-23T00:00:00Z |
source | MITRE |
title | Evolution of banking trojan URSA/Mispadu |
Securelist JSWorm
Fedor Sinitsyn. (2021, May 25). Evolution of JSWorm Ransomware. Retrieved August 18, 2021.
Internal MISP references
UUID c29ca9f2-1e48-4913-b10b-15e558868ed8
which can be used as unique global reference for Securelist JSWorm
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-18T00:00:00Z |
date_published | 2021-05-25T00:00:00Z |
source | MITRE |
title | Evolution of JSWorm Ransomware |
S2 Grupo TrickBot June 2017
Salinas, M., Holguin, J. (2017, June). Evolution of Trickbot. Retrieved July 31, 2018.
Internal MISP references
UUID 28faff77-3e68-4f5c-974d-dc7c9d06ce5e
which can be used as unique global reference for S2 Grupo TrickBot June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-31T00:00:00Z |
date_published | 2017-06-01T00:00:00Z |
source | MITRE |
title | Evolution of Trickbot |
Unit 42 Valak July 2020
Duncan, B. (2020, July 24). Evolution of Valak, from Its Beginnings to Mass Distribution. Retrieved August 31, 2020.
Internal MISP references
UUID 9a96da13-5795-49bc-ab82-dfd4f964d9d0
which can be used as unique global reference for Unit 42 Valak July 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-31T00:00:00Z |
date_published | 2020-07-24T00:00:00Z |
source | MITRE |
title | Evolution of Valak, from Its Beginnings to Mass Distribution |
Microsoft - Device Registration
Microsoft 365 Defender Threat Intelligence Team. (2022, January 26). Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA. Retrieved March 4, 2022.
Internal MISP references
UUID 3f42fc18-2adc-46ef-ae0a-c2d530518435
which can be used as unique global reference for Microsoft - Device Registration
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-04T00:00:00Z |
date_published | 2022-01-26T00:00:00Z |
source | MITRE |
title | Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA |
Amnesty OAuth Phishing Attacks, August 2019
Amnesty International. (2019, August 16). Evolving Phishing Attacks Targeting Journalists and Human Rights Defenders from the Middle-East and North Africa. Retrieved October 8, 2019.
Internal MISP references
UUID 0b0f9cf6-f0af-4f86-9699-a63ff36c49e2
which can be used as unique global reference for Amnesty OAuth Phishing Attacks, August 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-08T00:00:00Z |
date_published | 2019-08-16T00:00:00Z |
source | MITRE |
title | Evolving Phishing Attacks Targeting Journalists and Human Rights Defenders from the Middle-East and North Africa |
RSAC 2015 Abu Dhabi Stefano Maccaglia
Maccaglia, S. (2015, November 4). Evolving Threats: dissection of a CyberEspionage attack. Retrieved April 4, 2018.
Internal MISP references
UUID a6cb597e-e25b-4f49-bbb0-d270b1ac53f2
which can be used as unique global reference for RSAC 2015 Abu Dhabi Stefano Maccaglia
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-04T00:00:00Z |
date_published | 2015-11-04T00:00:00Z |
source | MITRE |
title | Evolving Threats: dissection of a CyberEspionage attack |
Microsoft Iranian Threat Actor Trends November 2021
MSTIC. (2021, November 16). Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021. Retrieved January 12, 2023.
Internal MISP references
UUID 78d39ee7-1cd5-5cb8-844a-1c3649e367a1
which can be used as unique global reference for Microsoft Iranian Threat Actor Trends November 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-01-12T00:00:00Z |
date_published | 2021-11-16T00:00:00Z |
source | MITRE |
title | Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021 |
Palo Alto Unit 42 VBA Infostealer 2014
Vicky Ray and Rob Downs. (2014, October 29). Examining a VBA-Initiated Infostealer Campaign. Retrieved March 13, 2023.
Internal MISP references
UUID c3eccab6-b12b-513a-9a04-396f7b3dcf63
which can be used as unique global reference for Palo Alto Unit 42 VBA Infostealer 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-13T00:00:00Z |
date_published | 2014-10-29T00:00:00Z |
source | MITRE |
title | Examining a VBA-Initiated Infostealer Campaign |
Trend Micro Black Basta May 2022
Gonzalez, I., Chavez I., et al. (2022, May 9). Examining the Black Basta Ransomware’s Infection Routine. Retrieved March 7, 2023.
Internal MISP references
UUID b0351b0a-112f-543f-8909-f4b4a9f23e2e
which can be used as unique global reference for Trend Micro Black Basta May 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-07T00:00:00Z |
date_published | 2022-05-09T00:00:00Z |
source | MITRE |
title | Examining the Black Basta Ransomware’s Infection Routine |
Mandiant Glyer APT 2010
Glyer, C. (2010). Examples of Recent APT Persistence Mechanism. Retrieved December 18, 2020.
Internal MISP references
UUID bb336a6f-d76e-4535-ba81-0c7932ae91e3
which can be used as unique global reference for Mandiant Glyer APT 2010
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-18T00:00:00Z |
date_published | 2010-01-01T00:00:00Z |
source | MITRE |
title | Examples of Recent APT Persistence Mechanism |
Excel.exe - LOLBAS Project
LOLBAS. (2019, July 19). Excel.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 9a2458f7-63ca-4eca-8c61-b6098ec0798f
which can be used as unique global reference for Excel.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2019-07-19T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Excel.exe |
Microsoft Tim McMichael Exchange Mail Forwarding 2
McMichael, T.. (2015, June 8). Exchange and Office 365 Mail Forwarding. Retrieved October 8, 2019.
Internal MISP references
UUID b5bf8e12-0133-46ea-85e3-b48c9901b518
which can be used as unique global reference for Microsoft Tim McMichael Exchange Mail Forwarding 2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-08T00:00:00Z |
date_published | 2015-06-08T00:00:00Z |
source | MITRE |
title | Exchange and Office 365 Mail Forwarding |
DFIR Phosphorus November 2021
DFIR Report. (2021, November 15). Exchange Exploit Leads to Domain Wide Ransomware. Retrieved January 5, 2023.
Internal MISP references
UUID 0156d408-a36d-5876-96fd-f0b0cf296ea2
which can be used as unique global reference for DFIR Phosphorus November 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-01-05T00:00:00Z |
date_published | 2021-11-15T00:00:00Z |
source | MITRE |
title | Exchange Exploit Leads to Domain Wide Ransomware |
Mandiant UNC2596 Cuba Ransomware February 2022
Tyler McLellan, Joshua Shilko, Shambavi Sadayappan. (2022, February 23). (Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware. Retrieved May 19, 2023.
Internal MISP references
UUID c03c0f35-3b86-4733-8a2c-71524f0e3d17
which can be used as unique global reference for Mandiant UNC2596 Cuba Ransomware February 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-19T00:00:00Z |
date_published | 2022-02-23T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | (Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware |
ExchangePowerShell Module
Microsoft. (2017, September 25). ExchangePowerShell. Retrieved June 10, 2022.
Internal MISP references
UUID 8af67c2a-15e2-48c9-9ec2-b62ffca0f677
which can be used as unique global reference for ExchangePowerShell Module
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-10T00:00:00Z |
date_published | 2017-09-25T00:00:00Z |
source | MITRE |
title | ExchangePowerShell |
ESET Exchange Mar 2021
Faou, M., Tartare, M., Dupuy, T. (2021, March 10). Exchange servers under siege from at least 10 APT groups. Retrieved May 21, 2021.
Internal MISP references
UUID c83f1810-22bb-4def-ab2f-3f3d67703f47
which can be used as unique global reference for ESET Exchange Mar 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-21T00:00:00Z |
date_published | 2021-03-10T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Exchange servers under siege from at least 10 APT groups |
Executable Installers are Vulnerable
Stefan Kanthak. (2015, December 8). Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege. Retrieved December 4, 2014.
Internal MISP references
UUID 5c2791d4-556d-426a-b305-44e23b50f013
which can be used as unique global reference for Executable Installers are Vulnerable
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-04T00:00:00Z |
date_published | 2015-12-08T00:00:00Z |
source | MITRE |
title | Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege |
Seclists Kanthak 7zip Installer
Kanthak, S. (2015, December 8). Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege. Retrieved March 10, 2017.
Internal MISP references
UUID f2ebfc35-1bd9-4bc5-8a54-e2dea4e1caf5
which can be used as unique global reference for Seclists Kanthak 7zip Installer
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-10T00:00:00Z |
date_published | 2015-12-08T00:00:00Z |
source | MITRE |
title | Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege |
Redxorblue Remote Template Injection
Hawkins, J. (2018, July 18). Executing Macros From a DOCX With Remote Template Injection. Retrieved October 12, 2018.
Internal MISP references
UUID bce1cd78-b55e-40cf-8a90-64240db867ac
which can be used as unique global reference for Redxorblue Remote Template Injection
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-12T00:00:00Z |
date_published | 2018-07-18T00:00:00Z |
source | MITRE |
title | Executing Macros From a DOCX With Remote Template Injection |
Microsoft PSfromCsharp APR 2014
Babinec, K. (2014, April 28). Executing PowerShell scripts from C#. Retrieved April 22, 2019.
Internal MISP references
UUID 83e346d5-1894-4c46-98eb-88a61ce7f003
which can be used as unique global reference for Microsoft PSfromCsharp APR 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-22T00:00:00Z |
date_published | 2014-04-28T00:00:00Z |
source | MITRE |
title | Executing PowerShell scripts from C# |
PAM Creds
Fernández, J. M. (2018, June 27). Exfiltrating credentials via PAM backdoors & DNS requests. Retrieved June 26, 2020.
Internal MISP references
UUID aa9d5bdd-2102-4322-8736-56db8e083fc0
which can be used as unique global reference for PAM Creds
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-26T00:00:00Z |
date_published | 2018-06-27T00:00:00Z |
source | MITRE |
title | Exfiltrating credentials via PAM backdoors & DNS requests |
Microsoft Expand Utility
Microsoft. (2017, October 15). Expand. Retrieved February 19, 2019.
Internal MISP references
UUID bf73a375-87b7-4603-8734-9f3d8d11967e
which can be used as unique global reference for Microsoft Expand Utility
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-19T00:00:00Z |
date_published | 2017-10-15T00:00:00Z |
source | MITRE |
title | Expand |
LOLBAS Expand
LOLBAS. (n.d.). Expand.exe. Retrieved February 19, 2019.
Internal MISP references
UUID 689b058e-a4ec-45bf-b0f8-8885eb8d8b63
which can be used as unique global reference for LOLBAS Expand
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-19T00:00:00Z |
source | MITRE |
title | Expand.exe |
Mandiant CVE-2023-3519 Exploitation
James Nugent, Foti Castelan, Doug Bienstock, Justin Moore, Josh Murchie. (2023, July 21). Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519). Retrieved July 24, 2023.
Internal MISP references
UUID 4404ed65-3020-453d-8c51-2885018ba03b
which can be used as unique global reference for Mandiant CVE-2023-3519 Exploitation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-24T00:00:00Z |
date_published | 2023-07-21T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519) |
Exploit Database
Offensive Security. (n.d.). Exploit Database. Retrieved October 15, 2020.
Internal MISP references
UUID 38f7b3ea-9959-4dfb-8216-a745d071e7e2
which can be used as unique global reference for Exploit Database
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-15T00:00:00Z |
source | MITRE |
title | Exploit Database |
Rhino Labs Cloud Image Backdoor Technique Sept 2019
Rhino Labs. (2019, August). Exploiting AWS ECR and ECS with the Cloud Container Attack Tool (CCAT). Retrieved September 12, 2019.
Internal MISP references
UUID 8fb46ed8-0c21-4b57-b2a6-89cb28f0abaf
which can be used as unique global reference for Rhino Labs Cloud Image Backdoor Technique Sept 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-12T00:00:00Z |
date_published | 2019-08-01T00:00:00Z |
source | MITRE |
title | Exploiting AWS ECR and ECS with the Cloud Container Attack Tool (CCAT) |
Azure AD PTA Vulnerabilities
Dr. Nestori Syynimaa. (2022, September 20). Exploiting Azure AD PTA vulnerabilities: Creating backdoor and harvesting credentials. Retrieved September 28, 2022.
Internal MISP references
UUID a0ddb60b-5445-46b3-94c5-b47e76de553d
which can be used as unique global reference for Azure AD PTA Vulnerabilities
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-28T00:00:00Z |
date_published | 2022-09-20T00:00:00Z |
source | MITRE |
title | Exploiting Azure AD PTA vulnerabilities: Creating backdoor and harvesting credentials |
Exploiting Smartphone USB
Zhaohui Wang & Angelos Stavrou. (n.d.). Exploiting Smart-Phone USB Connectivity For Fun And Profit. Retrieved May 25, 2022.
Internal MISP references
UUID 573796bd-4553-4ae1-884a-9af71b5de873
which can be used as unique global reference for Exploiting Smartphone USB
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-25T00:00:00Z |
source | MITRE |
title | Exploiting Smart-Phone USB Connectivity For Fun And Profit |
versprite xpc vpn
VerSprite. (2018, January 24). Exploiting VyprVPN for MacOS. Retrieved April 20, 2022.
Internal MISP references
UUID 5e65d8cc-142b-4724-8a07-8e21558e0f64
which can be used as unique global reference for versprite xpc vpn
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-20T00:00:00Z |
date_published | 2018-01-24T00:00:00Z |
source | MITRE |
title | Exploiting VyprVPN for MacOS |
Explorer.exe - LOLBAS Project
LOLBAS. (2020, June 24). Explorer.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 9ba3d54c-02d1-45bd-bfe8-939e84d9d44b
which can be used as unique global reference for Explorer.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-06-24T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Explorer.exe |
Palo Alto Unit 42 Google Workspace Domain Wide Delegation 2023
Zohar Zigdon. (2023, November 30). Exploring a Critical Risk in Google Workspace's Domain-Wide Delegation Feature. Retrieved January 16, 2024.
Internal MISP references
UUID cd76910f-1c15-50fb-a942-f19b6cc1ca69
which can be used as unique global reference for Palo Alto Unit 42 Google Workspace Domain Wide Delegation 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-16T00:00:00Z |
date_published | 2023-11-30T00:00:00Z |
source | MITRE |
title | Exploring a Critical Risk in Google Workspace's Domain-Wide Delegation Feature |
Trend Micro Emotet Jan 2019
Trend Micro. (2019, January 16). Exploring Emotet's Activities . Retrieved March 25, 2019.
Internal MISP references
UUID a81f1dad-5841-4142-80c1-483b240fd67d
which can be used as unique global reference for Trend Micro Emotet Jan 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-25T00:00:00Z |
date_published | 2019-01-16T00:00:00Z |
source | MITRE |
title | Exploring Emotet's Activities |
SecurityTrails Google Hacking
Borges, E. (2019, March 5). Exploring Google Hacking Techniques. Retrieved October 20, 2020.
Internal MISP references
UUID 3e7fdeaf-24a7-4cb5-8ed3-6057c9035303
which can be used as unique global reference for SecurityTrails Google Hacking
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2019-03-05T00:00:00Z |
source | MITRE |
title | Exploring Google Hacking Techniques |
Medium SSL Cert
Jain, M. (2019, September 16). Export & Download — SSL Certificate from Server (Site URL). Retrieved October 20, 2020.
Internal MISP references
UUID 6502425f-3435-4162-8c96-9e10a789d362
which can be used as unique global reference for Medium SSL Cert
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2019-09-16T00:00:00Z |
source | MITRE |
title | Export & Download — SSL Certificate from Server (Site URL) |
Google EXOTIC LILY March 2022
Stolyarov, V. (2022, March 17). Exposing initial access broker with ties to Conti. Retrieved August 18, 2022.
Internal MISP references
UUID 19d2cb48-bdb2-41fe-ba24-0769d7bd4d94
which can be used as unique global reference for Google EXOTIC LILY March 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-18T00:00:00Z |
date_published | 2022-03-17T00:00:00Z |
source | MITRE |
title | Exposing initial access broker with ties to Conti |
Microsoft POLONIUM June 2022
Microsoft. (2022, June 2). Exposing POLONIUM activity and infrastructure targeting Israeli organizations. Retrieved July 1, 2022.
Internal MISP references
UUID 689ff1ab-9fed-4aa2-8e5e-78dac31e6fbd
which can be used as unique global reference for Microsoft POLONIUM June 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-01T00:00:00Z |
date_published | 2022-06-02T00:00:00Z |
source | MITRE |
title | Exposing POLONIUM activity and infrastructure targeting Israeli organizations |
External to DA, the OS X Way
Alex Rymdeko-Harvey, Steve Borosh. (2016, May 14). External to DA, the OS X Way. Retrieved July 3, 2017.
Internal MISP references
UUID b714e6a9-5c12-4a3b-89f9-d379c0284f06
which can be used as unique global reference for External to DA, the OS X Way
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-03T00:00:00Z |
date_published | 2016-05-14T00:00:00Z |
source | MITRE |
title | External to DA, the OS X Way |
Extexport.exe - LOLBAS Project
LOLBAS. (2018, May 25). Extexport.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 2aa09a10-a492-4753-bbd8-aacd31e4fee3
which can be used as unique global reference for Extexport.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Extexport.exe |
Extrac32.exe - LOLBAS Project
LOLBAS. (2018, May 25). Extrac32.exe. Retrieved December 4, 2023.
Internal MISP references
UUID ae632afc-336c-488e-81f6-91ffe1829595
which can be used as unique global reference for Extrac32.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Extrac32.exe |
Journey into IR ZeroAccess NTFS EA
Harrell, C. (2012, December 11). Extracting ZeroAccess from NTFS Extended Attributes. Retrieved June 3, 2016.
Internal MISP references
UUID e9dff187-fe7d-469d-81cb-30ad520dbd3d
which can be used as unique global reference for Journey into IR ZeroAccess NTFS EA
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-03T00:00:00Z |
date_published | 2012-12-11T00:00:00Z |
source | MITRE |
title | Extracting ZeroAccess from NTFS Extended Attributes |
Bizeul 2014
Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Pernet, C. (2014, July 11). Eye of the Tiger. Retrieved September 29, 2015.
Internal MISP references
UUID a4617ef4-e6d2-47e7-8f81-68e7380279bf
which can be used as unique global reference for Bizeul 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-09-29T00:00:00Z |
date_published | 2014-07-11T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Eye of the Tiger |
Facad1ng
Spyboy. (2023). Facad1ng. Retrieved February 13, 2024.
Internal MISP references
UUID bd80f3d7-e653-5f8f-ba8a-00b8780ae935
which can be used as unique global reference for Facad1ng
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-13T00:00:00Z |
date_published | 2023-01-01T00:00:00Z |
source | MITRE |
title | Facad1ng |
ThreatPost Social Media Phishing
O'Donnell, L. (2020, October 20). Facebook: A Top Launching Pad For Phishing Attacks. Retrieved October 20, 2020.
Internal MISP references
UUID 186c1213-d0c5-4eb6-aa0f-0fd61b07a1f7
which can be used as unique global reference for ThreatPost Social Media Phishing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2020-10-20T00:00:00Z |
source | MITRE |
title | Facebook: A Top Launching Pad For Phishing Attacks |
SentinelLabs reversing run-only applescripts 2021
Phil Stokes. (2021, January 11). FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts. Retrieved September 29, 2022.
Internal MISP references
UUID 34dc9010-e800-420c-ace4-4f426c915d2f
which can be used as unique global reference for SentinelLabs reversing run-only applescripts 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-29T00:00:00Z |
date_published | 2021-01-11T00:00:00Z |
source | MITRE |
title | FADE DEAD |
Sentinel Labs
Phil Stokes. (2021, January 11). FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts. Retrieved September 30, 2022.
Internal MISP references
UUID 785f7692-2be8-4f5d-921e-51efdfe0c0b9
which can be used as unique global reference for Sentinel Labs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-30T00:00:00Z |
date_published | 2021-01-11T00:00:00Z |
source | MITRE |
title | FADE DEAD |
ESET OceanLotus Mar 2019
Dumont, R. (2019, March 20). Fake or Fake: Keeping up with OceanLotus decoys. Retrieved April 1, 2019.
Internal MISP references
UUID b2745f5c-a181-48e1-b1cf-37a1ffe1fdf0
which can be used as unique global reference for ESET OceanLotus Mar 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-01T00:00:00Z |
date_published | 2019-03-20T00:00:00Z |
source | MITRE |
title | Fake or Fake: Keeping up with OceanLotus decoys |
ZScaler BitB 2020
ZScaler. (2020, February 11). Fake Sites Stealing Steam Credentials. Retrieved March 8, 2023.
Internal MISP references
UUID c2f01a3b-a164-59b7-be5d-5eec4eb69ee5
which can be used as unique global reference for ZScaler BitB 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-08T00:00:00Z |
date_published | 2020-02-11T00:00:00Z |
source | MITRE |
title | Fake Sites Stealing Steam Credentials |
FalconFeedsio Tweet October 9 2023
FalconFeedsio. (2023, October 9). FalconFeedsio Tweet October 9 2023. Retrieved October 10, 2023.
Internal MISP references
UUID e9810a28-f060-468b-b4ea-ffed9403ae8b
which can be used as unique global reference for FalconFeedsio Tweet October 9 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-10T00:00:00Z |
date_published | 2023-10-09T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | FalconFeedsio Tweet October 9 2023 |
FalconFeedsio Tweet September 28 2023
FalconFeedsio. (2023, September 28). FalconFeedsio Tweet September 28 2023. Retrieved October 10, 2023.
Internal MISP references
UUID 78128031-bcbb-42c2-8bed-4613a10a02ca
which can be used as unique global reference for FalconFeedsio Tweet September 28 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-10T00:00:00Z |
date_published | 2023-09-28T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | FalconFeedsio Tweet September 28 2023 |
falconoverwatch_blackcat_attack
Falcon OverWatch Team. (2022, March 23). Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack. Retrieved May 5, 2022.
Internal MISP references
UUID 9d0ff77c-09e9-4d58-86f4-e2398f298ca9
which can be used as unique global reference for falconoverwatch_blackcat_attack
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-05T00:00:00Z |
date_published | 2022-03-23T00:00:00Z |
source | MITRE |
title | Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack |
CitizenLab Tropic Trooper Aug 2018
Alexander, G., et al. (2018, August 8). Familiar Feeling: A Malware Campaign Targeting the Tibetan Diaspora Resurfaces. Retrieved June 17, 2019.
Internal MISP references
UUID 5c662775-9703-4d01-844b-40a0e5c24fb9
which can be used as unique global reference for CitizenLab Tropic Trooper Aug 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-17T00:00:00Z |
date_published | 2018-08-08T00:00:00Z |
source | MITRE |
title | Familiar Feeling: A Malware Campaign Targeting the Tibetan Diaspora Resurfaces |
CISA AA20-239A BeagleBoyz August 2020
DHS/CISA. (2020, August 26). FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks. Retrieved September 29, 2021.
Internal MISP references
UUID a8a2e3f2-3967-4e82-a36a-2436c654fb3f
which can be used as unique global reference for CISA AA20-239A BeagleBoyz August 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
date_published | 2020-08-26T00:00:00Z |
source | MITRE, Tidal Cyber |
title | FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks |
Fast Flux - Welivesecurity
Albors, Josep. (2017, January 12). Fast Flux networks: What are they and how do they work?. Retrieved March 11, 2020.
Internal MISP references
UUID e232d739-663e-4878-b13b-9248cd81e657
which can be used as unique global reference for Fast Flux - Welivesecurity
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-11T00:00:00Z |
date_published | 2017-01-12T00:00:00Z |
source | MITRE |
title | Fast Flux networks: What are they and how do they work? |
MehtaFastFluxPt1
Mehta, L. (2014, December 17). Fast Flux Networks Working and Detection, Part 1. Retrieved March 6, 2017.
Internal MISP references
UUID 5f169cae-6b59-4879-9a8f-93fdcea5cc58
which can be used as unique global reference for MehtaFastFluxPt1
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-06T00:00:00Z |
date_published | 2014-12-17T00:00:00Z |
source | MITRE |
title | Fast Flux Networks Working and Detection, Part 1 |
MehtaFastFluxPt2
Mehta, L. (2014, December 23). Fast Flux Networks Working and Detection, Part 2. Retrieved March 6, 2017.
Internal MISP references
UUID f8a98e55-c91e-4b5e-b6f3-0065ef07375d
which can be used as unique global reference for MehtaFastFluxPt2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-06T00:00:00Z |
date_published | 2014-12-23T00:00:00Z |
source | MITRE |
title | Fast Flux Networks Working and Detection, Part 2 |
FBI-BEC
FBI. (2022). FBI 2022 Congressional Report on BEC and Real Estate Wire Fraud. Retrieved August 18, 2023.
Internal MISP references
UUID 3388bfec-7822-56dc-a384-95aa79f42fe8
which can be used as unique global reference for FBI-BEC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-18T00:00:00Z |
date_published | 2022-01-01T00:00:00Z |
source | MITRE |
title | FBI 2022 Congressional Report on BEC and Real Estate Wire Fraud |
FBI Flash FIN7 USB
The Record. (2022, January 7). FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware. Retrieved January 14, 2022.
Internal MISP references
UUID 42dc957c-007b-4f90-88c6-1afd6d1032e8
which can be used as unique global reference for FBI Flash FIN7 USB
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-14T00:00:00Z |
date_published | 2022-01-07T00:00:00Z |
source | MITRE |
title | FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware |
FBI Lazarus Stake.com Theft Attribution September 2023
FBI National Press Office. (2023, September 6). FBI Identifies Lazarus Group Cyber Actors as Responsible for Theft of $41 Million from Stake.com. Retrieved September 13, 2023.
Internal MISP references
UUID d753c01c-c0f6-4382-ae79-5605a28c94d5
which can be used as unique global reference for FBI Lazarus Stake.com Theft Attribution September 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-13T00:00:00Z |
date_published | 2023-09-06T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | FBI Identifies Lazarus Group Cyber Actors as Responsible for Theft of $41 Million from Stake.com |
Hakobyan 2009
Hakobyan, A. (2009, January 8). FDump - Dumping File Sectors Directly from Disk using Logical Offsets. Retrieved November 12, 2014.
Internal MISP references
UUID d92f6dc0-e902-4a4a-9083-8d1667a7003e
which can be used as unique global reference for Hakobyan 2009
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
date_published | 2009-01-08T00:00:00Z |
source | MITRE |
title | FDump - Dumping File Sectors Directly from Disk using Logical Offsets |
Google Federating GC
Google. (n.d.). Federating Google Cloud with Active Directory. Retrieved March 13, 2020.
Internal MISP references
UUID 4e17ca9b-5c98-409b-9496-7c37fe9ee837
which can be used as unique global reference for Google Federating GC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-13T00:00:00Z |
source | MITRE |
title | Federating Google Cloud with Active Directory |
Kaspersky Ferocious Kitten Jun 2021
GReAT. (2021, June 16). Ferocious Kitten: 6 Years of Covert Surveillance in Iran. Retrieved September 22, 2021.
Internal MISP references
UUID b8f8020d-3f5c-4b5e-8761-6ecdd63fcd50
which can be used as unique global reference for Kaspersky Ferocious Kitten Jun 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-22T00:00:00Z |
date_published | 2021-06-16T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Ferocious Kitten: 6 Years of Covert Surveillance in Iran |
Fidelis njRAT June 2013
Fidelis Cybersecurity. (2013, June 28). Fidelis Threat Advisory #1009: "njRAT" Uncovered. Retrieved June 4, 2019.
Internal MISP references
UUID 6c985470-a923-48fd-82c9-9128b6d59bcb
which can be used as unique global reference for Fidelis njRAT June 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-04T00:00:00Z |
date_published | 2013-06-28T00:00:00Z |
source | MITRE |
title | Fidelis Threat Advisory #1009: "njRAT" Uncovered |
Fidelis INOCNATION
Fidelis Cybersecurity. (2015, December 16). Fidelis Threat Advisory #1020: Dissecting the Malware Involved in the INOCNATION Campaign. Retrieved March 24, 2016.
Internal MISP references
UUID 9d9c0c71-d5a2-41e4-aa90-d1046e0742c7
which can be used as unique global reference for Fidelis INOCNATION
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-24T00:00:00Z |
date_published | 2015-12-16T00:00:00Z |
source | MITRE |
title | Fidelis Threat Advisory #1020: Dissecting the Malware Involved in the INOCNATION Campaign |
Securelist fileless attacks Feb 2017
Kaspersky Lab's Global Research and Analysis Team. (2017, February 8). Fileless attacks against enterprise networks. Retrieved February 8, 2017.
Internal MISP references
UUID b58d9c32-89c5-449a-88e7-1c7dd3f8380e
which can be used as unique global reference for Securelist fileless attacks Feb 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-02-08T00:00:00Z |
date_published | 2017-02-08T00:00:00Z |
source | MITRE |
title | Fileless attacks against enterprise networks |
Airbus Security Kovter Analysis
Dove, A. (2016, March 23). Fileless Malware – A Behavioural Analysis Of Kovter Persistence. Retrieved December 5, 2017.
Internal MISP references
UUID a8420828-9e00-45a1-90d7-a37f898204f9
which can be used as unique global reference for Airbus Security Kovter Analysis
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-05T00:00:00Z |
date_published | 2016-03-23T00:00:00Z |
source | MITRE |
title | Fileless Malware – A Behavioural Analysis Of Kovter Persistence |
Microsoft Fileless
Microsoft. (2023, February 6). Fileless threats. Retrieved March 23, 2023.
Internal MISP references
UUID 263fc1ab-f928-583f-986d-1e1bae9b3c85
which can be used as unique global reference for Microsoft Fileless
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-23T00:00:00Z |
date_published | 2023-02-06T00:00:00Z |
source | MITRE |
title | Fileless threats |
enigma0x3 Fileless UAC Bypass
Nelson, M. (2016, August 15). "Fileless" UAC Bypass using eventvwr.exe and Registry Hijacking. Retrieved December 27, 2016.
Internal MISP references
UUID 74b16ca4-9494-4f10-97c5-103a8521818f
which can be used as unique global reference for enigma0x3 Fileless UAC Bypass
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-12-27T00:00:00Z |
date_published | 2016-08-15T00:00:00Z |
source | MITRE |
title | "Fileless" UAC Bypass using eventvwr.exe and Registry Hijacking |
enigma0x3 sdclt bypass
Nelson, M. (2017, March 17). "Fileless" UAC Bypass Using sdclt.exe. Retrieved May 25, 2017.
Internal MISP references
UUID 5e5597e2-ea05-41e0-8752-ca95a89a5aa3
which can be used as unique global reference for enigma0x3 sdclt bypass
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-05-25T00:00:00Z |
date_published | 2017-03-17T00:00:00Z |
source | MITRE |
title | "Fileless" UAC Bypass Using sdclt.exe |
Microsoft File Mgmt
Microsoft. (2018, May 31). File Management (Local File Systems). Retrieved September 28, 2021.
Internal MISP references
UUID e6d84416-5808-4e7d-891b-ba67dada8726
which can be used as unique global reference for Microsoft File Mgmt
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-28T00:00:00Z |
date_published | 2018-05-31T00:00:00Z |
source | MITRE |
title | File Management (Local File Systems) |
Microsoft File Streams
Microsoft. (n.d.). File Streams. Retrieved December 2, 2014.
Internal MISP references
UUID ef3f58da-e735-4b1d-914c-fafabb7439bf
which can be used as unique global reference for Microsoft File Streams
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-02T00:00:00Z |
source | MITRE |
title | File Streams |
file_upload_attacks_pt2
YesWeRHackers. (2021, June 16). File Upload Attacks (Part 2). Retrieved August 23, 2022.
Internal MISP references
UUID 4f7c7d6c-ad56-594f-bcb8-79523f436f2c
which can be used as unique global reference for file_upload_attacks_pt2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-23T00:00:00Z |
date_published | 2021-06-16T00:00:00Z |
source | MITRE |
title | File Upload Attacks (Part 2) |
Microsoft GPO Security Filtering
Microsoft. (2018, May 30). Filtering the Scope of a GPO. Retrieved March 13, 2019.
Internal MISP references
UUID 327caed7-a53f-4245-8774-a9f170932012
which can be used as unique global reference for Microsoft GPO Security Filtering
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-13T00:00:00Z |
date_published | 2018-05-30T00:00:00Z |
source | MITRE |
title | Filtering the Scope of a GPO |
FireEye FIN10 June 2017
FireEye iSIGHT Intelligence. (2017, June 16). FIN10: Anatomy of a Cyber Extortion Operation. Retrieved June 25, 2017.
Internal MISP references
UUID 9d5c3956-7169-48d5-b4d0-f7a56a742adf
which can be used as unique global reference for FireEye FIN10 June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-06-25T00:00:00Z |
date_published | 2017-06-16T00:00:00Z |
source | MITRE, Tidal Cyber |
title | FIN10: Anatomy of a Cyber Extortion Operation |
Mandiant FIN12 Group Profile October 07 2021
Joshua Shilko, Zach Riddle, Jennifer Brooks, Genevieve Stark, Adam Brunner, Kimberly Goody, Jeremy Kennelly. (2021, October 7). FIN12 Group Profile. Retrieved September 22, 2023.
Internal MISP references
UUID 7af84b3d-bbd6-449f-b29b-2f14591c9f05
which can be used as unique global reference for Mandiant FIN12 Group Profile October 07 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-22T00:00:00Z |
date_published | 2021-10-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | FIN12 Group Profile |
Mandiant FIN12 Oct 2021
Shilko, J., et al. (2021, October 7). FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets. Retrieved June 15, 2023.
Internal MISP references
UUID 4514d7cc-b999-5711-a398-d90e5d3570f2
which can be used as unique global reference for Mandiant FIN12 Oct 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-15T00:00:00Z |
date_published | 2021-10-07T00:00:00Z |
source | MITRE |
title | FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets |
CERTFR-2023-CTI-007
CERT-FR. (2023, September 18). FIN12: Un Groupe Cybercriminel aux Multiples Rançongiciel. Retrieved September 21, 2023.
Internal MISP references
UUID 0f4a03c5-79b3-418e-a77d-305d5a32caca
which can be used as unique global reference for CERTFR-2023-CTI-007
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-21T00:00:00Z |
date_published | 2023-09-18T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | FIN12: Un Groupe Cybercriminel aux Multiples Rançongiciel |
Mandiant FIN13 Aug 2022
Ta, V., et al. (2022, August 8). FIN13: A Cybercriminal Threat Actor Focused on Mexico. Retrieved February 9, 2023.
Internal MISP references
UUID ebd9d479-1954-5a4a-b7f0-d5372489733c
which can be used as unique global reference for Mandiant FIN13 Aug 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-09T00:00:00Z |
date_published | 2022-08-08T00:00:00Z |
source | MITRE |
title | FIN13: A Cybercriminal Threat Actor Focused on Mexico |
FireEye FIN4 Stealing Insider NOV 2014
Dennesen, K. et al.. (2014, November 30). FIN4: Stealing Insider Information for an Advantage in Stock Trading?. Retrieved December 17, 2018.
Internal MISP references
UUID b27f1040-46e5-411a-b238-0b40f6160680
which can be used as unique global reference for FireEye FIN4 Stealing Insider NOV 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-12-17T00:00:00Z |
date_published | 2014-11-30T00:00:00Z |
source | MITRE |
title | FIN4: Stealing Insider Information for an Advantage in Stock Trading? |
Visa FIN6 Feb 2019
Visa Public. (2019, February). FIN6 Cybercrime Group Expands Threat to eCommerce Merchants. Retrieved September 16, 2019.
Internal MISP references
UUID 9e9e8811-1d8e-4400-8688-e634f859c4e0
which can be used as unique global reference for Visa FIN6 Feb 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-16T00:00:00Z |
date_published | 2019-02-01T00:00:00Z |
source | MITRE |
title | FIN6 Cybercrime Group Expands Threat to eCommerce Merchants |
SentinelOne FrameworkPOS September 2019
Kremez, V. (2019, September 19). FIN6 “FrameworkPOS”: Point-of-Sale Malware Analysis & Internals. Retrieved September 8, 2020.
Internal MISP references
UUID 054d7827-3d0c-40a7-b2a0-1428ad7729ea
which can be used as unique global reference for SentinelOne FrameworkPOS September 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-08T00:00:00Z |
date_published | 2019-09-19T00:00:00Z |
source | MITRE |
title | FIN6 “FrameworkPOS”: Point-of-Sale Malware Analysis & Internals |
SecureList Griffon May 2019
Namestnikov, Y. and Aime, F. (2019, May 8). FIN7.5: the infamous cybercrime rig “FIN7” continues its activities. Retrieved October 11, 2019.
Internal MISP references
UUID 42e196e4-42a7-427d-a69b-d78fa6375f8c
which can be used as unique global reference for SecureList Griffon May 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-11T00:00:00Z |
date_published | 2019-05-08T00:00:00Z |
source | MITRE |
title | FIN7.5: the infamous cybercrime rig “FIN7” continues its activities |
Threatpost Lizar May 2021
Seals, T. (2021, May 14). FIN7 Backdoor Masquerades as Ethical Hacking Tool. Retrieved February 2, 2022.
Internal MISP references
UUID 1b89f62f-586d-4dee-b6dd-e5a5cd090a0e
which can be used as unique global reference for Threatpost Lizar May 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-02T00:00:00Z |
date_published | 2021-05-14T00:00:00Z |
source | MITRE |
title | FIN7 Backdoor Masquerades as Ethical Hacking Tool |
FireEye FIN7 April 2017
Carr, N., et al. (2017, April 24). FIN7 Evolution and the Phishing LNK. Retrieved April 24, 2017.
Internal MISP references
UUID 6ee27fdb-1753-4fdf-af72-3295b072ff10
which can be used as unique global reference for FireEye FIN7 April 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-04-24T00:00:00Z |
date_published | 2017-04-24T00:00:00Z |
source | MITRE |
title | FIN7 Evolution and the Phishing LNK |
Mandiant FIN7 April 4 2022
Bryce Abdo, Zander Work, Ioana Teaca, Brendan McKeague. (2022, April 4). FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7. Retrieved May 25, 2023.
Internal MISP references
UUID fbc3ea90-d3d4-440e-964d-6cd2e991df0c
which can be used as unique global reference for Mandiant FIN7 April 4 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-25T00:00:00Z |
date_published | 2022-04-04T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7 |
Mandiant FIN7 Apr 2022
Abdo, B., et al. (2022, April 4). FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7. Retrieved April 5, 2022.
Internal MISP references
UUID be9919c0-ca52-593b-aea0-c5e9a262b570
which can be used as unique global reference for Mandiant FIN7 Apr 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-05T00:00:00Z |
date_published | 2022-04-04T00:00:00Z |
source | MITRE |
title | FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7 |
Gemini FIN7 Oct 2021
Gemini Advisory. (2021, October 21). FIN7 Recruits Talent For Push Into Ransomware. Retrieved February 2, 2022.
Internal MISP references
UUID bbaef178-8577-4398-8e28-604faf0950b4
which can be used as unique global reference for Gemini FIN7 Oct 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-02T00:00:00Z |
date_published | 2021-10-21T00:00:00Z |
source | MITRE |
title | FIN7 Recruits Talent For Push Into Ransomware |
Flashpoint FIN 7 March 2019
Platt, J. and Reeves, J.. (2019, March). FIN7 Revisited: Inside Astra Panel and SQLRat Malware. Retrieved June 18, 2019.
Internal MISP references
UUID b09453a3-c0df-4e96-b399-e7b34e068e9d
which can be used as unique global reference for Flashpoint FIN 7 March 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-18T00:00:00Z |
date_published | 2019-03-01T00:00:00Z |
source | MITRE |
title | FIN7 Revisited: Inside Astra Panel and SQLRat Malware |
FireEye FIN7 March 2017
Miller, S., et al. (2017, March 7). FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filings. Retrieved March 8, 2017.
Internal MISP references
UUID 7987bb91-ec41-42f8-bd2d-dabc26509a08
which can be used as unique global reference for FireEye FIN7 March 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-08T00:00:00Z |
date_published | 2017-03-07T00:00:00Z |
source | MITRE, Tidal Cyber |
title | FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filings |
Morphisec FIN7 June 2017
Gorelik, M.. (2017, June 9). FIN7 Takes Another Bite at the Restaurant Industry. Retrieved July 13, 2017.
Internal MISP references
UUID 3831173c-7c67-4f16-b652-ad992a7ce411
which can be used as unique global reference for Morphisec FIN7 June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-13T00:00:00Z |
date_published | 2017-06-09T00:00:00Z |
source | MITRE |
title | FIN7 Takes Another Bite at the Restaurant Industry |
Esentire 5 8 2024
Esentire Threat Response Unit. (2024, May 8). FIN7 Uses Trusted Brands and Sponsored Google Ads to Distribute MSIX…. Retrieved May 14, 2024.
Internal MISP references
UUID 67c3a7ed-e2e2-4566-aca7-61e766f177bf
which can be used as unique global reference for Esentire 5 8 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-05-14T00:00:00Z |
date_published | 2024-05-08T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | FIN7 Uses Trusted Brands and Sponsored Google Ads to Distribute MSIX… |
CyberScoop FIN7 Oct 2017
Waterman, S. (2017, October 16). Fin7 weaponization of DDE is just their latest slick move, say researchers. Retrieved November 21, 2017.
Internal MISP references
UUID e38adff1-7f53-4b0c-9d58-a4640b09b10d
which can be used as unique global reference for CyberScoop FIN7 Oct 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-21T00:00:00Z |
date_published | 2017-10-16T00:00:00Z |
source | MITRE |
title | Fin7 weaponization of DDE is just their latest slick move, say researchers |
Bitdefender FIN8 BADHATCH Report
Bitdefender. (2021, March 10). FIN8 Returns with Improved BADHATCH Toolkit. Retrieved October 30, 2023.
Internal MISP references
UUID 501b6391-e09e-47dc-9cfc-c8ed4c034aca
which can be used as unique global reference for Bitdefender FIN8 BADHATCH Report
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-30T00:00:00Z |
date_published | 2021-03-10T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | FIN8 Returns with Improved BADHATCH Toolkit |
BitDefender BADHATCH Mar 2021
Vrabie, V., et al. (2021, March 10). FIN8 Returns with Improved BADHATCH Toolkit. Retrieved September 8, 2021.
Internal MISP references
UUID 958cfc9a-901c-549d-96c2-956272b240e3
which can be used as unique global reference for BitDefender BADHATCH Mar 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-08T00:00:00Z |
date_published | 2021-03-10T00:00:00Z |
source | MITRE |
title | FIN8 Returns with Improved BADHATCH Toolkit |
Bitdefender Sardonic Aug 2021
Budaca, E., et al. (2021, August 25). FIN8 Threat Actor Goes Agile with New Sardonic Backdoor. Retrieved August 9, 2023.
Internal MISP references
UUID 8e9d05c9-6783-5738-ac85-a444810a8074
which can be used as unique global reference for Bitdefender Sardonic Aug 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-09T00:00:00Z |
date_published | 2021-08-25T00:00:00Z |
source | MITRE |
title | FIN8 Threat Actor Goes Agile with New Sardonic Backdoor |
Symantec FIN8 Jul 2023
Symantec Threat Hunter Team. (2023, July 18). FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware. Retrieved August 9, 2023.
Internal MISP references
UUID 9b08b7f0-1a33-5d76-817f-448fac0d165a
which can be used as unique global reference for Symantec FIN8 Jul 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-09T00:00:00Z |
date_published | 2023-07-18T00:00:00Z |
source | MITRE |
title | FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware |
DiginotarCompromise
Fisher, D. (2012, October 31). Final Report on DigiNotar Hack Shows Total Compromise of CA Servers. Retrieved March 6, 2017.
Internal MISP references
UUID 3c9b7b9a-d30a-4865-a96c-6e68d9e20452
which can be used as unique global reference for DiginotarCompromise
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-06T00:00:00Z |
date_published | 2012-10-31T00:00:00Z |
source | MITRE |
title | Final Report on DigiNotar Hack Shows Total Compromise of CA Servers |
FireEye Financial Actors Moving into OT
Brubaker, N. Zafra, D. K. Lunden, K. Proska, K. Hildebrandt, C.. (2020, July 15). Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families. Retrieved February 15, 2021.
Internal MISP references
UUID 4bd514b8-1f79-4946-b001-110ce5cf29a9
which can be used as unique global reference for FireEye Financial Actors Moving into OT
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-15T00:00:00Z |
date_published | 2020-07-15T00:00:00Z |
source | MITRE |
title | Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families |
MITRECND FindAPIHash
Jason (jxb5151). (2021, January 28). findapihash.py. Retrieved August 22, 2022.
Internal MISP references
UUID 2260f0a1-2a6c-4373-9e3a-624fd89446e3
which can be used as unique global reference for MITRECND FindAPIHash
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-22T00:00:00Z |
date_published | 2021-01-28T00:00:00Z |
source | MITRE |
title | findapihash.py |
Expel IO Evil in AWS
A. Randazzo, B. Manahan and S. Lipton. (2020, April 28). Finding Evil in AWS. Retrieved June 25, 2020.
Internal MISP references
UUID 4c2424d6-670b-4db0-a752-868b4c954e29
which can be used as unique global reference for Expel IO Evil in AWS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-25T00:00:00Z |
date_published | 2020-04-28T00:00:00Z |
source | MITRE |
title | Finding Evil in AWS |
Evil WMI
Chad Tilbury. (2023, May 22). Finding Evil WMI Event Consumers with Disk Forensics. Retrieved February 9, 2024.
Internal MISP references
UUID ee46fd07-3df3-50f6-b922-263f031ee23f
which can be used as unique global reference for Evil WMI
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-09T00:00:00Z |
date_published | 2023-05-22T00:00:00Z |
source | MITRE |
title | Finding Evil WMI Event Consumers with Disk Forensics |
SANS Decrypting SSL
Butler, M. (2013, November). Finding Hidden Threats by Decrypting SSL. Retrieved April 5, 2016.
Internal MISP references
UUID d251a79b-8516-41a7-b394-47a761d0ab3b
which can be used as unique global reference for SANS Decrypting SSL
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-05T00:00:00Z |
date_published | 2013-11-01T00:00:00Z |
source | MITRE |
title | Finding Hidden Threats by Decrypting SSL |
ADSecurity Finding Passwords in SYSVOL
Sean Metcalf. (2015, December 28). Finding Passwords in SYSVOL & Exploiting Group Policy Preferences. Retrieved February 17, 2020.
Internal MISP references
UUID 538def90-5de4-4b8c-b535-0e2570ba1841
which can be used as unique global reference for ADSecurity Finding Passwords in SYSVOL
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-17T00:00:00Z |
date_published | 2015-12-28T00:00:00Z |
source | MITRE |
title | Finding Passwords in SYSVOL & Exploiting Group Policy Preferences |
Findstr.exe - LOLBAS Project
LOLBAS. (2018, May 25). Findstr.exe. Retrieved December 4, 2023.
Internal MISP references
UUID fc4b7b28-ac74-4a8f-a39d-ce55df5fca08
which can be used as unique global reference for Findstr.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Findstr.exe |
FinFisher Citation
FinFisher. (n.d.). Retrieved December 20, 2017.
Internal MISP references
UUID 6ef0b8d8-ba98-49ce-807d-5a85d111b027
which can be used as unique global reference for FinFisher Citation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
source | MITRE |
title | FinFisher Citation |
Microsoft FinFisher March 2018
Allievi, A.,Flori, E. (2018, March 01). FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines. Retrieved July 9, 2018.
Internal MISP references
UUID 88c97a9a-ef14-4695-bde0-9de2b5f5343b
which can be used as unique global reference for Microsoft FinFisher March 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-09T00:00:00Z |
date_published | 2018-03-01T00:00:00Z |
source | MITRE |
title | FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines |
FinFisher exposed
Microsoft Defender Security Research Team. (2018, March 1). FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines. Retrieved January 27, 2022.
Internal MISP references
UUID b2f4541e-f981-4b25-abf4-1bec92b16faa
which can be used as unique global reference for FinFisher exposed
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-27T00:00:00Z |
date_published | 2018-03-01T00:00:00Z |
source | MITRE |
title | FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines |
Finger.exe - LOLBAS Project
LOLBAS. (2021, August 30). Finger.exe. Retrieved December 4, 2023.
Internal MISP references
UUID e32d01eb-d904-43dc-a7e2-bdcf42f3ebb2
which can be used as unique global reference for Finger.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-08-30T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Finger.exe |
FireEye Cyber Threats to Media Industries
FireEye. (n.d.). Retrieved April 19, 2019.
Internal MISP references
UUID 7b9bd753-01b7-4923-9964-19c59123ace2
which can be used as unique global reference for FireEye Cyber Threats to Media Industries
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-19T00:00:00Z |
source | MITRE |
title | FireEye Cyber Threats to Media Industries |
FireEye DLL Side-Loading
Amanda Steward. (2014). FireEye DLL Side-Loading: A Thorn in the Side of the Anti-Virus Industry. Retrieved March 13, 2020.
Internal MISP references
UUID 9d58bcbb-5b96-4e12-8ff2-e0b084c3eb8c
which can be used as unique global reference for FireEye DLL Side-Loading
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-13T00:00:00Z |
date_published | 2014-01-01T00:00:00Z |
source | MITRE |
title | FireEye DLL Side-Loading: A Thorn in the Side of the Anti-Virus Industry |
FireEye Shamoon Nov 2016
FireEye. (2016, November 30). FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region. Retrieved January 11, 2017.
Internal MISP references
UUID 44b2eb6b-4902-4ca0-80e5-7333d620e075
which can be used as unique global reference for FireEye Shamoon Nov 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-01-11T00:00:00Z |
date_published | 2016-11-30T00:00:00Z |
source | MITRE |
title | FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region |
FireEye Ryuk and Trickbot January 2019
Goody, K., et al (2019, January 11). A Nasty Trick: From Credential Theft Malware to Business Disruption. Retrieved May 12, 2020.
Internal MISP references
UUID b29dc755-f1f0-4206-9ecf-29257a1909ee
which can be used as unique global reference for FireEye Ryuk and Trickbot January 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-12T00:00:00Z |
source | MITRE |
title | FireEye Ryuk and Trickbot January 2019 |
DarkReading FireEye SolarWinds
Kelly Jackson Higgins. (2021, January 7). FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack. Retrieved April 18, 2022.
Internal MISP references
UUID a662c764-8954-493f-88e5-e022e093a785
which can be used as unique global reference for DarkReading FireEye SolarWinds
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-18T00:00:00Z |
date_published | 2021-01-07T00:00:00Z |
source | MITRE |
title | FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack |
FireEye FinSpy Sept 2017
Jiang, G., et al. (2017, September 12). FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY. Retrieved February 15, 2018.
Internal MISP references
UUID 142cf7a3-2ca2-4cf3-b95a-9f4b3bc1cdce
which can be used as unique global reference for FireEye FinSpy Sept 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-15T00:00:00Z |
date_published | 2017-09-12T00:00:00Z |
source | MITRE |
title | FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY |
RiskIQ Cobalt Jan 2018
Klijnsma, Y.. (2018, January 16). First Activities of Cobalt Group in 2018: Spear Phishing Russian Banks. Retrieved October 10, 2018.
Internal MISP references
UUID 7d48b679-d44d-466e-b12b-16f0f9858d15
which can be used as unique global reference for RiskIQ Cobalt Jan 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-10T00:00:00Z |
date_published | 2018-01-16T00:00:00Z |
source | MITRE |
title | First Activities of Cobalt Group in 2018: Spear Phishing Russian Banks |
Chrome Extension Crypto Miner
Brinkmann, M. (2017, September 19). First Chrome extension with JavaScript Crypto Miner detected. Retrieved November 16, 2017.
Internal MISP references
UUID ae28f530-40da-451e-89b8-b472340c3e0a
which can be used as unique global reference for Chrome Extension Crypto Miner
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-16T00:00:00Z |
date_published | 2017-09-19T00:00:00Z |
source | MITRE |
title | First Chrome extension with JavaScript Crypto Miner detected |
Aquasec Kubernetes Attack 2023
Michael Katchinskiy, Assaf Morag. (2023, April 21). First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters. Retrieved July 14, 2023.
Internal MISP references
UUID 6d6e2fc8-9806-5480-bfaa-a43a962a4980
which can be used as unique global reference for Aquasec Kubernetes Attack 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-14T00:00:00Z |
date_published | 2023-04-21T00:00:00Z |
source | MITRE |
title | First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters |
ESET-Twitoor
ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016.
Internal MISP references
UUID 845896a6-b21d-489d-b75c-1e35b3ec78e0
which can be used as unique global reference for ESET-Twitoor
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-12-22T00:00:00Z |
date_published | 2016-08-24T00:00:00Z |
source | MITRE |
title | First Twitter-controlled Android botnet discovered |
Microsoft Azure AD Admin Consent
Baldwin, M., Flores, J., Kess, B.. (2018, June 17). Five steps to securing your identity infrastructure. Retrieved October 4, 2019.
Internal MISP references
UUID 3a0c4458-c8ec-44f9-95cc-0eb136a927cb
which can be used as unique global reference for Microsoft Azure AD Admin Consent
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-04T00:00:00Z |
date_published | 2018-06-17T00:00:00Z |
source | MITRE |
title | Five steps to securing your identity infrastructure |
NTT Security Flagpro new December 2021
Hada, H. (2021, December 28). Flagpro The new malware used by BlackTech. Retrieved March 25, 2022.
Internal MISP references
UUID c0f523fa-7f3b-4c85-b48f-19ae770e9f3b
which can be used as unique global reference for NTT Security Flagpro new December 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-25T00:00:00Z |
date_published | 2021-12-28T00:00:00Z |
source | MITRE |
title | Flagpro The new malware used by BlackTech |
Kaspersky Flame Functionality
Gostev, A. (2012, May 30). Flame: Bunny, Frog, Munch and BeetleJuice…. Retrieved March 1, 2017.
Internal MISP references
UUID c7d030ad-0ecf-458f-85d4-93778d759dc1
which can be used as unique global reference for Kaspersky Flame Functionality
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-01T00:00:00Z |
date_published | 2012-05-30T00:00:00Z |
source | MITRE |
title | Flame: Bunny, Frog, Munch and BeetleJuice… |
Crysys Skywiper
sKyWIper Analysis Team. (2012, May 31). sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks. Retrieved September 6, 2018.
Internal MISP references
UUID ea35f530-b0fd-4e27-a7a9-6ba41566154c
which can be used as unique global reference for Crysys Skywiper
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-06T00:00:00Z |
source | MITRE |
title | Flamer): A complex malware for targeted attacks |
Symantec Beetlejuice
Symantec Security Response. (2012, May 31). Flamer: A Recipe for Bluetoothache. Retrieved February 25, 2017.
Internal MISP references
UUID 691ada65-fe64-4917-b379-1db2573eea32
which can be used as unique global reference for Symantec Beetlejuice
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-02-25T00:00:00Z |
date_published | 2012-05-31T00:00:00Z |
source | MITRE |
title | Flamer: A Recipe for Bluetoothache |
Microsoft Flax Typhoon August 24 2023
Microsoft Threat Intelligence. (2023, August 24). Flax Typhoon using legitimate software to quietly access Taiwanese organizations. Retrieved August 28, 2023.
Internal MISP references
UUID ec962b72-7b7f-4f7e-b6d6-7c5380b07201
which can be used as unique global reference for Microsoft Flax Typhoon August 24 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-28T00:00:00Z |
date_published | 2023-08-24T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Flax Typhoon using legitimate software to quietly access Taiwanese organizations |
fltMC.exe - LOLBAS Project
LOLBAS. (2021, September 18). fltMC.exe. Retrieved December 4, 2023.
Internal MISP references
UUID cf9b4bd3-92f0-405b-85e7-95e65d548b79
which can be used as unique global reference for fltMC.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-09-18T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | fltMC.exe |
IranThreats Kittens Dec 2017
Iran Threats . (2017, December 5). Flying Kitten to Rocket Kitten, A Case of Ambiguity and Shared Code. Retrieved May 28, 2020.
Internal MISP references
UUID 8338ad75-89f2-47d8-b85b-7cbf331bd7cd
which can be used as unique global reference for IranThreats Kittens Dec 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-28T00:00:00Z |
date_published | 2017-12-05T00:00:00Z |
source | MITRE |
title | Flying Kitten to Rocket Kitten, A Case of Ambiguity and Shared Code |
MSTIC FoggyWeb September 2021
Ramin Nafisi. (2021, September 27). FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor. Retrieved October 4, 2021.
Internal MISP references
UUID 1ef61100-c5e7-4725-8456-e508c5f6d68a
which can be used as unique global reference for MSTIC FoggyWeb September 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-04T00:00:00Z |
date_published | 2021-09-27T00:00:00Z |
source | MITRE |
title | FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor |
Following the CloudTrail: Generating strong AWS security signals with Sumo Logic
Dan Whalen. (2019, September 10). Following the CloudTrail: Generating strong AWS security signals with Sumo Logic. Retrieved October 16, 2020.
Internal MISP references
UUID 96560211-59b3-4eae-b8a3-2f988f6fdca3
which can be used as unique global reference for Following the CloudTrail: Generating strong AWS security signals with Sumo Logic
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-16T00:00:00Z |
date_published | 2019-09-10T00:00:00Z |
source | MITRE |
title | Following the CloudTrail: Generating strong AWS security signals with Sumo Logic |
Group IB RTM August 2019
Skulkin, O. (2019, August 5). Following the RTM Forensic examination of a computer infected with a banking trojan. Retrieved May 11, 2020.
Internal MISP references
UUID 739da2f2-2aea-4f65-bc4d-ec6723f90520
which can be used as unique global reference for Group IB RTM August 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-11T00:00:00Z |
date_published | 2019-08-05T00:00:00Z |
source | MITRE |
title | Following the RTM Forensic examination of a computer infected with a banking trojan |
TrendMicro BlackTech June 2017
Bermejo, L., et al. (2017, June 22). Following the Trail of BlackTech’s Cyber Espionage Campaigns. Retrieved May 5, 2020.
Internal MISP references
UUID abb9cb19-d30e-4048-b106-eb29a6dad7fc
which can be used as unique global reference for TrendMicro BlackTech June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-05T00:00:00Z |
date_published | 2017-06-22T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Following the Trail of BlackTech’s Cyber Espionage Campaigns |
FireEye FIN6 April 2016
FireEye Threat Intelligence. (2016, April). Follow the Money: Dissecting the Operations of the Cyber Crime Group FIN6. Retrieved June 1, 2016.
Internal MISP references
UUID 8c0997e1-b285-42dd-9492-75065eac8f8b
which can be used as unique global reference for FireEye FIN6 April 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-01T00:00:00Z |
date_published | 2016-04-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Follow the Money: Dissecting the Operations of the Cyber Crime Group FIN6 |
ESET FontOnLake Analysis 2021
Vladislav Hrčka. (2021, January 1). FontOnLake. Retrieved September 27, 2023.
Internal MISP references
UUID dbcced87-91ee-514f-98c8-29a85d967384
which can be used as unique global reference for ESET FontOnLake Analysis 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-27T00:00:00Z |
date_published | 2021-01-01T00:00:00Z |
source | MITRE |
title | FontOnLake |
amnesty_nso_pegasus
Amnesty International Security Lab. (2021, July 18). Forensic Methodology Report: How to catch NSO Group’s Pegasus. Retrieved February 22, 2022.
Internal MISP references
UUID 9e40d93a-fe91-504a-a6f2-e6546067ba53
which can be used as unique global reference for amnesty_nso_pegasus
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-22T00:00:00Z |
date_published | 2021-07-18T00:00:00Z |
source | MITRE |
title | Forensic Methodology Report: How to catch NSO Group’s Pegasus |
Microsoft Forfiles Aug 2016
Microsoft. (2016, August 31). Forfiles. Retrieved January 22, 2018.
Internal MISP references
UUID fd7eaa47-3512-4dbd-b881-bc679d06cd1b
which can be used as unique global reference for Microsoft Forfiles Aug 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-22T00:00:00Z |
date_published | 2016-08-31T00:00:00Z |
source | MITRE |
title | Forfiles |
Forfiles.exe - LOLBAS Project
LOLBAS. (2018, May 25). Forfiles.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 9e2c3833-b667-431c-a9e5-1b412583cc5a
which can be used as unique global reference for Forfiles.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Forfiles.exe |
Mandiant Log4Shell March 28 2022
Geoff Ackerman, Tufail Ahmed, James Maclachlan, Dallin Warne, John Wolfram, Brandon Wilbur. (2022, March 28). Forged in Fire: A Survey of MobileIron Log4Shell Exploitation. Retrieved November 1, 2023.
Internal MISP references
UUID 62d4d685-09c4-47b6-865c-4a6096e551cd
which can be used as unique global reference for Mandiant Log4Shell March 28 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-01T00:00:00Z |
date_published | 2022-03-28T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Forged in Fire: A Survey of MobileIron Log4Shell Exploitation |
Proofpoint March 24 2023
Proofpoint. (2023, March 24). Fork in the Ice: The New Era of IcedID | Proofpoint US. Retrieved May 10, 2023.
Internal MISP references
UUID 71d5e4ce-3785-48f9-9566-fe5151ad6dc2
which can be used as unique global reference for Proofpoint March 24 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-10T00:00:00Z |
date_published | 2023-03-24T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Fork in the Ice: The New Era of IcedID |
Symantec Seaduke 2015
Symantec Security Response. (2015, July 13). “Forkmeiamfamous”: Seaduke, latest weapon in the Duke armory. Retrieved July 22, 2015.
Internal MISP references
UUID 5ec05c01-8767-44c1-9855-e1b0e5ee0002
which can be used as unique global reference for Symantec Seaduke 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-07-22T00:00:00Z |
date_published | 2015-07-13T00:00:00Z |
source | MITRE |
title | “Forkmeiamfamous”: Seaduke, latest weapon in the Duke armory |
Register Uber
McCarthy, K. (2015, February 28). FORK ME! Uber hauls GitHub into court to find who hacked database of 50,000 drivers. Retrieved October 19, 2020.
Internal MISP references
UUID 89b85928-a962-4230-875c-63742b3c9d37
which can be used as unique global reference for Register Uber
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
date_published | 2015-02-28T00:00:00Z |
source | MITRE |
title | FORK ME! Uber hauls GitHub into court to find who hacked database of 50,000 drivers |
format_cmd_cisco
Cisco. (2022, August 16). format - Cisco IOS Configuration Fundamentals Command Reference. Retrieved July 13, 2022.
Internal MISP references
UUID 9442e08d-0858-5aa5-b642-a6b1e46018bc
which can be used as unique global reference for format_cmd_cisco
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-13T00:00:00Z |
date_published | 2022-08-16T00:00:00Z |
source | MITRE |
title | format - Cisco IOS Configuration Fundamentals Command Reference |
Quick Heal Blog February 17 2023
Quick Heal Blog. (2023, February 17). FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data. Retrieved May 7, 2023.
Internal MISP references
UUID 02233ce3-abb2-4aed-95b8-56b65c68a665
which can be used as unique global reference for Quick Heal Blog February 17 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2023-02-17T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data |
Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation
ALEXANDER MARVI, BRAD SLAYBAUGH, DAN EBREO, TUFAIL AHMED, MUHAMMAD UMAIR, TINA JOHNSON. (2023, March 16). Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation. Retrieved May 15, 2023.
Internal MISP references
UUID a43dd8ce-23d6-5768-8522-6973dc45e1ac
which can be used as unique global reference for Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-15T00:00:00Z |
date_published | 2023-03-16T00:00:00Z |
source | MITRE |
title | Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation |
Mandiant Fortinet Zero Day
Marvi, A. et al.. (2023, March 16). Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation. Retrieved March 22, 2023.
Internal MISP references
UUID 7bdc5bbb-ebbd-5eb8-bd10-9087c883aea7
which can be used as unique global reference for Mandiant Fortinet Zero Day
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-22T00:00:00Z |
date_published | 2023-03-16T00:00:00Z |
source | MITRE |
title | Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation |
macOS Foundation
Apple. (n.d.). Foundation. Retrieved July 1, 2020.
Internal MISP references
UUID ea194268-0a8f-4494-be09-ef5f679f68fe
which can be used as unique global reference for macOS Foundation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-01T00:00:00Z |
source | MITRE |
title | Foundation |
SentinelOne Lazarus macOS July 2020
Stokes, P. (2020, July 27). Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform. Retrieved August 7, 2020.
Internal MISP references
UUID 489c52a2-34cc-47ff-b42b-9d48f83b9e90
which can be used as unique global reference for SentinelOne Lazarus macOS July 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-07T00:00:00Z |
date_published | 2020-07-27T00:00:00Z |
source | MITRE |
title | Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform |
DOJ Russia Targeting Critical Infrastructure March 2022
Department of Justice. (2022, March 24). Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide. Retrieved April 5, 2022.
Internal MISP references
UUID 768a0ec6-b767-4044-acad-82834508640f
which can be used as unique global reference for DOJ Russia Targeting Critical Infrastructure March 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-05T00:00:00Z |
date_published | 2022-03-24T00:00:00Z |
source | MITRE |
title | Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide |
ClearkSky Fox Kitten February 2020
ClearSky. (2020, February 16). Fox Kitten – Widespread Iranian Espionage-Offensive Campaign. Retrieved December 21, 2020.
Internal MISP references
UUID a5ad6321-897a-4adc-9cdd-034a2538e3d6
which can be used as unique global reference for ClearkSky Fox Kitten February 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-21T00:00:00Z |
date_published | 2020-02-16T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Fox Kitten – Widespread Iranian Espionage-Offensive Campaign |
FSISAC FraudNetDoS September 2012
FS-ISAC. (2012, September 17). Fraud Alert – Cyber Criminals Targeting Financial Institution Employee Credentials to Conduct Wire Transfer Fraud. Retrieved April 18, 2019.
Internal MISP references
UUID 9c8772eb-6d1d-4742-a2db-a5e1006effaa
which can be used as unique global reference for FSISAC FraudNetDoS September 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-18T00:00:00Z |
date_published | 2012-09-17T00:00:00Z |
source | MITRE |
title | Fraud Alert – Cyber Criminals Targeting Financial Institution Employee Credentials to Conduct Wire Transfer Fraud |
MalwareBytes Ngrok February 2020
Segura, J. (2020, February 26). Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server. Retrieved September 15, 2020.
Internal MISP references
UUID 531206c7-11ec-46bf-a35c-0464244a58c9
which can be used as unique global reference for MalwareBytes Ngrok February 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-15T00:00:00Z |
date_published | 2020-02-26T00:00:00Z |
source | MITRE |
title | Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server |
ESET ComRAT May 2020
Faou, M. (2020, May). From Agent.btz to ComRAT v4: A ten-year journey. Retrieved June 15, 2020.
Internal MISP references
UUID cd9043b8-4d14-449b-a6b2-2e9b99103bb0
which can be used as unique global reference for ESET ComRAT May 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-15T00:00:00Z |
date_published | 2020-05-01T00:00:00Z |
source | MITRE |
title | From Agent.btz to ComRAT v4: A ten-year journey |
Azure AD to AD
Sean Metcalf. (2020, May 27). From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path. Retrieved September 28, 2022.
Internal MISP references
UUID 087d07a9-0d33-4253-b7c1-d55be13c0467
which can be used as unique global reference for Azure AD to AD
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-28T00:00:00Z |
date_published | 2020-05-27T00:00:00Z |
source | MITRE |
title | From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path |
blackmatter_blackcat
Pereira, T. Huey, C. (2022, March 17). From BlackMatter to BlackCat: Analyzing two attacks from one affiliate. Retrieved May 5, 2022.
Internal MISP references
UUID 605b58ea-9544-49b8-b3c8-0a97b2b155dc
which can be used as unique global reference for blackmatter_blackcat
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-05T00:00:00Z |
date_published | 2022-03-17T00:00:00Z |
source | MITRE |
title | From BlackMatter to BlackCat: Analyzing two attacks from one affiliate |
Unit42 Malware Roundup December 29 2023
Samantha Stallings, Brad Duncan. (2023, December 29). From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence. Retrieved January 11, 2024.
Internal MISP references
UUID a18e19b5-9046-4c2c-bd94-2cd5061064bf
which can be used as unique global reference for Unit42 Malware Roundup December 29 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-11T00:00:00Z |
date_published | 2023-12-29T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence |
Reaqta Mavinject
Reaqta. (2017, December 16). From False Positive to True Positive: the story of Mavinject.exe, the Microsoft Injector. Retrieved September 22, 2021.
Internal MISP references
UUID 5c0e0c84-2992-4098-8913-66a20ca61bf4
which can be used as unique global reference for Reaqta Mavinject
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-22T00:00:00Z |
date_published | 2017-12-16T00:00:00Z |
source | MITRE |
title | From False Positive to True Positive: the story of Mavinject.exe, the Microsoft Injector |
IBM MegaCortex
Del Fierro, C. Kessem, L.. (2020, January 8). From Mega to Giga: Cross-Version Comparison of Top MegaCortex Modifications. Retrieved February 15, 2021.
Internal MISP references
UUID 3d70d9b7-88e4-411e-a59a-bc862da965a7
which can be used as unique global reference for IBM MegaCortex
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-15T00:00:00Z |
date_published | 2020-01-08T00:00:00Z |
source | MITRE |
title | From Mega to Giga: Cross-Version Comparison of Top MegaCortex Modifications |
BiZone Lizar May 2021
BI.ZONE Cyber Threats Research Team. (2021, May 13). From pentest to APT attack: cybercriminal group FIN7 disguises its malware as an ethical hacker’s toolkit. Retrieved February 2, 2022.
Internal MISP references
UUID 315f47e1-69e5-4dcb-94b2-59583e91dd26
which can be used as unique global reference for BiZone Lizar May 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-02T00:00:00Z |
date_published | 2021-05-13T00:00:00Z |
source | MITRE |
title | From pentest to APT attack: cybercriminal group FIN7 disguises its malware as an ethical hacker’s toolkit |
Kaspersky StoneDrill 2017
Kaspersky Lab. (2017, March 7). From Shamoon to StoneDrill: Wipers attacking Saudi organizations and beyond. Retrieved March 14, 2019.
Internal MISP references
UUID e2637cb3-c449-4609-af7b-ac78a900cc8b
which can be used as unique global reference for Kaspersky StoneDrill 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-14T00:00:00Z |
date_published | 2017-03-07T00:00:00Z |
source | MITRE |
title | From Shamoon to StoneDrill: Wipers attacking Saudi organizations and beyond |
FsiAnyCpu.exe - LOLBAS Project
LOLBAS. (2021, September 26). FsiAnyCpu.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 87031d31-b6d7-4860-b11b-5a0dc8774d92
which can be used as unique global reference for FsiAnyCpu.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-09-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | FsiAnyCpu.exe |
Fsi.exe - LOLBAS Project
LOLBAS. (2021, September 26). Fsi.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 4e14e87f-2ad9-4959-8cb2-8585b67931c0
which can be used as unique global reference for Fsi.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-09-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Fsi.exe |
fsutil_behavior
Microsoft. (2021, September 27). fsutil behavior. Retrieved January 14, 2022.
Internal MISP references
UUID 07712696-b1fd-4704-b157-9e420840fb2c
which can be used as unique global reference for fsutil_behavior
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-14T00:00:00Z |
date_published | 2021-09-27T00:00:00Z |
source | MITRE |
title | fsutil behavior |
Fsutil.exe - LOLBAS Project
LOLBAS. (2021, August 16). Fsutil.exe. Retrieved December 4, 2023.
Internal MISP references
UUID e2305dac-4245-4fac-8813-69cb210e9cd3
which can be used as unique global reference for Fsutil.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-08-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Fsutil.exe |
Microsoft FTP
Microsoft. (2021, July 21). ftp. Retrieved February 25, 2022.
Internal MISP references
UUID 970f8d16-f5b7-44e2-b81f-738b931c60d9
which can be used as unique global reference for Microsoft FTP
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-25T00:00:00Z |
date_published | 2021-07-21T00:00:00Z |
source | MITRE |
title | ftp |
Linux FTP
N/A. (n.d.). ftp(1) - Linux man page. Retrieved February 25, 2022.
Internal MISP references
UUID 021ea6bc-abff-48de-a6bb-315dbbfa6147
which can be used as unique global reference for Linux FTP
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-25T00:00:00Z |
source | MITRE |
title | ftp(1) - Linux man page |
Ftp.exe - LOLBAS Project
LOLBAS. (2018, December 10). Ftp.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 3b51993d-6062-4138-bfc6-a2c0fc5d039a
which can be used as unique global reference for Ftp.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-12-10T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Ftp.exe |
Microsoft WMI Filters
Microsoft. (2008, September 11). Fun with WMI Filters in Group Policy. Retrieved March 13, 2019.
Internal MISP references
UUID 2894c3bf-6f8d-4338-8206-4dc873e3bb8d
which can be used as unique global reference for Microsoft WMI Filters
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-13T00:00:00Z |
date_published | 2008-09-11T00:00:00Z |
source | MITRE |
title | Fun with WMI Filters in Group Policy |
Cybersecurity Advisory SVR TTP May 2021
NCSC, CISA, FBI, NSA. (2021, May 7). Further TTPs associated with SVR cyber actors. Retrieved July 29, 2021.
Internal MISP references
UUID e18c1b56-f29d-4ea9-a425-a6af8ac6a347
which can be used as unique global reference for Cybersecurity Advisory SVR TTP May 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-07-29T00:00:00Z |
date_published | 2021-05-07T00:00:00Z |
source | MITRE |
title | Further TTPs associated with SVR cyber actors |
RiskIQ Cobalt Nov 2017
Klijnsma, Y.. (2017, November 28). Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions. Retrieved October 10, 2018.
Internal MISP references
UUID ebf961c5-bd68-42f3-8fd3-000946c7ae9c
which can be used as unique global reference for RiskIQ Cobalt Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-10T00:00:00Z |
date_published | 2017-11-28T00:00:00Z |
source | MITRE |
title | Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions |
Unit 42 PingPull Jun 2022
Unit 42. (2022, June 13). GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool. Retrieved August 7, 2022.
Internal MISP references
UUID ac6491ab-6ef1-4091-8a15-50e2cbafe157
which can be used as unique global reference for Unit 42 PingPull Jun 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-07T00:00:00Z |
date_published | 2022-06-13T00:00:00Z |
source | MITRE |
title | GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool |
Microsoft GALLIUM December 2019
MSTIC. (2019, December 12). GALLIUM: Targeting global telecom. Retrieved January 13, 2021.
Internal MISP references
UUID 5bc76b47-ff68-4031-a347-f2dc0daba203
which can be used as unique global reference for Microsoft GALLIUM December 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-13T00:00:00Z |
date_published | 2019-12-12T00:00:00Z |
source | MITRE, Tidal Cyber |
title | GALLIUM: Targeting global telecom |
Symantec Gallmaker Oct 2018
Symantec Security Response. (2018, October 10). Gallmaker: New Attack Group Eschews Malware to Live off the Land. Retrieved November 27, 2018.
Internal MISP references
UUID f47b3e2b-acdd-4487-88b9-de5cbe45cf33
which can be used as unique global reference for Symantec Gallmaker Oct 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-27T00:00:00Z |
date_published | 2018-10-10T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Gallmaker: New Attack Group Eschews Malware to Live off the Land |
TrendMicro Gamaredon April 2020
Kakara, H., Maruyama, E. (2020, April 17). Gamaredon APT Group Use Covid-19 Lure in Campaigns. Retrieved May 19, 2020.
Internal MISP references
UUID 3800cfc2-0260-4b36-b629-7a336b9f9f10
which can be used as unique global reference for TrendMicro Gamaredon April 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-19T00:00:00Z |
date_published | 2020-04-17T00:00:00Z |
source | MITRE |
title | Gamaredon APT Group Use Covid-19 Lure in Campaigns |
ESET Gamaredon June 2020
Boutin, J. (2020, June 11). Gamaredon group grows its game. Retrieved June 16, 2020.
Internal MISP references
UUID 6532664d-2311-4b38-8960-f43762471729
which can be used as unique global reference for ESET Gamaredon June 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-16T00:00:00Z |
date_published | 2020-06-11T00:00:00Z |
source | MITRE |
title | Gamaredon group grows its game |
CERT-EE Gamaredon January 2021
CERT-EE. (2021, January 27). Gamaredon Infection: From Dropper to Entry. Retrieved February 17, 2022.
Internal MISP references
UUID fec320ed-29c1-40db-ad2e-701fda428922
which can be used as unique global reference for CERT-EE Gamaredon January 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-17T00:00:00Z |
date_published | 2021-01-27T00:00:00Z |
source | MITRE |
title | Gamaredon Infection: From Dropper to Entry |
Kaspersky Winnti June 2015
Tarakanov, D. (2015, June 22). Games are over: Winnti is now targeting pharmaceutical companies. Retrieved January 14, 2016.
Internal MISP references
UUID 86504950-0f4f-42bc-b003-24f60ae97c99
which can be used as unique global reference for Kaspersky Winnti June 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-14T00:00:00Z |
date_published | 2015-06-22T00:00:00Z |
source | MITRE |
title | Games are over: Winnti is now targeting pharmaceutical companies |
WeLiveSecurity Gapz and Redyms Mar 2013
Matrosov, A. (2013, March 19). Gapz and Redyms droppers based on Power Loader code. Retrieved December 16, 2017.
Internal MISP references
UUID b8d328b7-2eb3-4851-8d44-2e1bad7710c2
which can be used as unique global reference for WeLiveSecurity Gapz and Redyms Mar 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-16T00:00:00Z |
date_published | 2013-03-19T00:00:00Z |
source | MITRE |
title | Gapz and Redyms droppers based on Power Loader code |
theevilbit gatekeeper bypass 2021
Csaba Fitzl. (2021, June 29). GateKeeper - Not a Bypass (Again). Retrieved September 22, 2021.
Internal MISP references
UUID d00f373d-2133-47c3-9b0a-104ecc9a6869
which can be used as unique global reference for theevilbit gatekeeper bypass 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-22T00:00:00Z |
date_published | 2021-06-29T00:00:00Z |
source | MITRE |
title | GateKeeper - Not a Bypass (Again) |
Kaspersky Gauss Whitepaper
Kaspersky Lab. (2012, August). Gauss: Abnormal Distribution. Retrieved January 17, 2019.
Internal MISP references
UUID 4bf39390-f3ca-4132-841e-b35abefe7dee
which can be used as unique global reference for Kaspersky Gauss Whitepaper
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-01-17T00:00:00Z |
date_published | 2012-08-01T00:00:00Z |
source | MITRE |
title | Gauss: Abnormal Distribution |
Kaspersky MoleRATs April 2019
GReAT. (2019, April 10). Gaza Cybergang Group1, operation SneakyPastes. Retrieved May 13, 2020.
Internal MISP references
UUID 38216a34-5ffd-4e79-80b1-7270743b728e
which can be used as unique global reference for Kaspersky MoleRATs April 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-13T00:00:00Z |
date_published | 2019-04-10T00:00:00Z |
source | MITRE |
title | Gaza Cybergang Group1, operation SneakyPastes |
ESET Gazer Aug 2017
ESET. (2017, August). Gazing at Gazer: Turla’s new second stage backdoor. Retrieved September 14, 2017.
Internal MISP references
UUID 9d1c40af-d4bc-4d4a-b667-a17378942685
which can be used as unique global reference for ESET Gazer Aug 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-09-14T00:00:00Z |
date_published | 2017-08-01T00:00:00Z |
source | MITRE |
title | Gazing at Gazer: Turla’s new second stage backdoor |
file_sig_table
Kessler, G. (2022, December 9). GCK'S FILE SIGNATURES TABLE. Retrieved August 23, 2022.
Internal MISP references
UUID 4bc3a8af-d0c1-514d-9edd-dcebb3344db8
which can be used as unique global reference for file_sig_table
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-23T00:00:00Z |
date_published | 2022-12-09T00:00:00Z |
source | MITRE |
title | GCK'S FILE SIGNATURES TABLE |
Google Cloud Add Metadata
Google Cloud. (2022, March 31). gcloud compute instances add-metadata. Retrieved April 1, 2022.
Internal MISP references
UUID eba4b850-8784-4da2-b87d-54b5bd0f58d6
which can be used as unique global reference for Google Cloud Add Metadata
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-01T00:00:00Z |
date_published | 2022-03-31T00:00:00Z |
source | MITRE |
title | gcloud compute instances add-metadata |
Google Compute Instances
Google. (n.d.). gcloud compute instances list. Retrieved May 26, 2020.
Internal MISP references
UUID ae09e791-a00c-487b-b0e5-7768df0679a3
which can be used as unique global reference for Google Compute Instances
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-26T00:00:00Z |
source | MITRE |
title | gcloud compute instances list |
GCP SSH Key Add
Google. (n.d.). gcloud compute os-login ssh-keys add. Retrieved October 1, 2020.
Internal MISP references
UUID 372b6cfd-abdc-41b7-be78-4b1dc0426044
which can be used as unique global reference for GCP SSH Key Add
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-01T00:00:00Z |
source | MITRE |
title | gcloud compute os-login ssh-keys add |
Google Cloud - IAM Servie Accounts List API
Google. (2020, June 23). gcloud iam service-accounts list. Retrieved August 4, 2020.
Internal MISP references
UUID 3ffad706-1dac-41dd-b197-06f22fec3b30
which can be used as unique global reference for Google Cloud - IAM Servie Accounts List API
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-04T00:00:00Z |
date_published | 2020-06-23T00:00:00Z |
source | MITRE |
title | gcloud iam service-accounts list |
ESET Gelsemium June 2021
Dupuy, T. and Faou, M. (2021, June). Gelsemium. Retrieved November 30, 2021.
Internal MISP references
UUID ea28cf8c-8c92-48cb-b499-ffb7ff0e3cf5
which can be used as unique global reference for ESET Gelsemium June 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-11-30T00:00:00Z |
date_published | 2021-06-01T00:00:00Z |
source | MITRE |
title | Gelsemium |
TechNet Scheduled Task Events
Microsoft. (n.d.). General Task Registration. Retrieved December 12, 2017.
Internal MISP references
UUID 344703ac-f67c-465b-8c56-c9617675a00b
which can be used as unique global reference for TechNet Scheduled Task Events
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-12T00:00:00Z |
source | MITRE |
title | General Task Registration |
Ebowla: Genetic Malware
Morrow, T., Pitts, J. (2016, October 28). Genetic Malware: Designing Payloads for Specific Targets. Retrieved January 18, 2019.
Internal MISP references
UUID 8c65dbc1-33ad-470c-b172-7497c6fd2480
which can be used as unique global reference for Ebowla: Genetic Malware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-01-18T00:00:00Z |
date_published | 2016-10-28T00:00:00Z |
source | MITRE |
title | Genetic Malware: Designing Payloads for Specific Targets |
Proofpoint NETWIRE December 2020
Proofpoint. (2020, December 2). Geofenced NetWire Campaigns. Retrieved January 7, 2021.
Internal MISP references
UUID 5a974fc5-31bb-44b5-9834-ef98175402ec
which can be used as unique global reference for Proofpoint NETWIRE December 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-07T00:00:00Z |
date_published | 2020-12-02T00:00:00Z |
source | MITRE |
title | Geofenced NetWire Campaigns |
Hartrell cd00r 2002
Hartrell, Greg. (2002, August). Get a handle on cd00r: The invisible backdoor. Retrieved October 13, 2018.
Internal MISP references
UUID 739e6517-10f5-484d-8000-8818d63e7341
which can be used as unique global reference for Hartrell cd00r 2002
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-13T00:00:00Z |
date_published | 2002-08-01T00:00:00Z |
source | MITRE |
title | Get a handle on cd00r: The invisible backdoor |
Kubectl Exec Get Shell
The Kubernetes Authors. (n.d.). Get a Shell to a Running Container. Retrieved March 29, 2021.
Internal MISP references
UUID ffb9c0ca-533f-4911-8c0c-a2653410a76d
which can be used as unique global reference for Kubectl Exec Get Shell
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-29T00:00:00Z |
source | MITRE |
title | Get a Shell to a Running Container |
Microsoft getglobaladdresslist
Microsoft. (n.d.). Get-GlobalAddressList. Retrieved October 6, 2019.
Internal MISP references
UUID a4948a80-d11c-44ed-ae63-e3f5660463f9
which can be used as unique global reference for Microsoft getglobaladdresslist
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-06T00:00:00Z |
source | MITRE |
title | Get-GlobalAddressList |
Jay GetHooks Sept 2011
Satiro, J. (2011, September 14). GetHooks. Retrieved December 12, 2017.
Internal MISP references
UUID 228ac239-3a97-446f-8e1c-d5c0f580710c
which can be used as unique global reference for Jay GetHooks Sept 2011
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-12T00:00:00Z |
date_published | 2011-09-14T00:00:00Z |
source | MITRE |
title | GetHooks |
Microsoft Get-InboxRule
Microsoft. (n.d.). Get-InboxRule. Retrieved June 10, 2021.
Internal MISP references
UUID c6a1b00c-22d4-407a-a515-fbce5c197606
which can be used as unique global reference for Microsoft Get-InboxRule
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-10T00:00:00Z |
source | MITRE |
title | Get-InboxRule |
Microsoft Msolrole
Microsoft. (n.d.). Get-MsolRole. Retrieved October 6, 2019.
Internal MISP references
UUID e36f4e3a-61c9-4fdc-98de-d51a2b3b4865
which can be used as unique global reference for Microsoft Msolrole
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-06T00:00:00Z |
source | MITRE |
title | Get-MsolRole |
Microsoft msolrolemember
Microsoft. (n.d.). Get-MsolRoleMember. Retrieved October 6, 2019.
Internal MISP references
UUID ca28494c-d834-4afc-9237-ab78dcfc427b
which can be used as unique global reference for Microsoft msolrolemember
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-06T00:00:00Z |
source | MITRE |
title | Get-MsolRoleMember |
JumpCloud Conditional Access Policies
JumpCloud. (n.d.). Get Started: Conditional Access Policies. Retrieved January 2, 2024.
Internal MISP references
UUID 585b4ed7-1f1b-5e7f-bf2b-3732e07309af
which can be used as unique global reference for JumpCloud Conditional Access Policies
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-02T00:00:00Z |
source | MITRE |
title | Get Started: Conditional Access Policies |
rowland linux at 2019
Craig Rowland. (2019, July 25). Getting an Attacker IP Address from a Malicious Linux At Job. Retrieved October 15, 2021.
Internal MISP references
UUID 85056eba-c587-4619-b5e4-dff9680be7b3
which can be used as unique global reference for rowland linux at 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-15T00:00:00Z |
date_published | 2019-07-25T00:00:00Z |
source | MITRE |
title | Getting an Attacker IP Address from a Malicious Linux At Job |
Elastic GuLoader December 5 2023
Daniel Stepanic. (2023, December 5). Getting gooey with GULOADER: deobfuscating the downloader. Retrieved February 27, 2024.
Internal MISP references
UUID 291fb8ac-a3d6-48a0-9c78-09e358634012
which can be used as unique global reference for Elastic GuLoader December 5 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-27T00:00:00Z |
date_published | 2023-12-05T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Getting gooey with GULOADER: deobfuscating the downloader |
BlackHatRobinSage
Ryan, T. (2010). “Getting In Bed with Robin Sage.”. Retrieved March 6, 2017.
Internal MISP references
UUID 82068e93-a3f8-4d05-9358-6fe76a0055bb
which can be used as unique global reference for BlackHatRobinSage
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-06T00:00:00Z |
date_published | 2010-01-01T00:00:00Z |
source | MITRE |
title | “Getting In Bed with Robin Sage.” |
AADInternals Root Access to Azure VMs
Dr. Nestori Syynimaa. (2020, June 4). Getting root access to Azure VMs as a Azure AD Global Administrator. Retrieved March 13, 2023.
Internal MISP references
UUID 7080ae79-bec4-5886-9a43-6039d0cfd32f
which can be used as unique global reference for AADInternals Root Access to Azure VMs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-13T00:00:00Z |
date_published | 2020-06-04T00:00:00Z |
source | MITRE |
title | Getting root access to Azure VMs as a Azure AD Global Administrator |
Wardle Dylib Hijack Vulnerable Apps
Patrick Wardle. (2019, July 2). Getting Root with Benign AppStore Apps. Retrieved March 31, 2021.
Internal MISP references
UUID 128b4e3f-bb58-45e0-b8d9-bff9fc3ec3df
which can be used as unique global reference for Wardle Dylib Hijack Vulnerable Apps
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-31T00:00:00Z |
date_published | 2019-07-02T00:00:00Z |
source | MITRE |
title | Getting Root with Benign AppStore Apps |
2 - appv
Microsoft. (2022, November 3). Getting started with App-V for Windows client. Retrieved February 6, 2024.
Internal MISP references
UUID 8305a718-e79f-5bf7-8af3-b117cf106c81
which can be used as unique global reference for 2 - appv
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-06T00:00:00Z |
date_published | 2022-11-03T00:00:00Z |
source | MITRE |
title | Getting started with App-V for Windows client |
MSDN VBA in Office
Austin, J. (2017, June 6). Getting Started with VBA in Office. Retrieved July 3, 2017.
Internal MISP references
UUID 9c44416d-1f3d-4d99-b497-4615ed6f5546
which can be used as unique global reference for MSDN VBA in Office
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-03T00:00:00Z |
date_published | 2017-06-06T00:00:00Z |
source | MITRE |
title | Getting Started with VBA in Office |
Windows Getting Started Drivers
Viviano, A. (2021, August 17). Getting started with Windows drivers: User mode and kernel mode. Retrieved September 24, 2021.
Internal MISP references
UUID 1b93e7ba-6afa-45ff-a9e2-3586cdae822c
which can be used as unique global reference for Windows Getting Started Drivers
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-24T00:00:00Z |
date_published | 2021-08-17T00:00:00Z |
source | MITRE |
title | Getting started with Windows drivers: User mode and kernel mode |
Bloxham
Bloxham, B. (n.d.). Getting Windows to Play with Itself [PowerPoint slides]. Retrieved November 12, 2014.
Internal MISP references
UUID b212d16f-5347-49ab-8339-432b4fd1ef50
which can be used as unique global reference for Bloxham
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
source | MITRE |
title | Getting Windows to Play with Itself [PowerPoint slides] |
Microsoft GetWindowLong function
Microsoft. (n.d.). GetWindowLong function. Retrieved December 16, 2017.
Internal MISP references
UUID 4366217a-2325-4056-ab68-f5f4d2a0703c
which can be used as unique global reference for Microsoft GetWindowLong function
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-16T00:00:00Z |
source | MITRE |
title | GetWindowLong function |
Microsoft GFlags Mar 2017
Microsoft. (2017, May 23). GFlags Overview. Retrieved December 18, 2017.
Internal MISP references
UUID 9c11c382-b420-4cf9-9db2-eaa7b60aee2d
which can be used as unique global reference for Microsoft GFlags Mar 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-18T00:00:00Z |
date_published | 2017-05-23T00:00:00Z |
source | MITRE |
title | GFlags Overview |
GfxDownloadWrapper.exe - LOLBAS Project
LOLBAS. (2019, December 27). GfxDownloadWrapper.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 5d97b7d7-428e-4408-a4d3-00f52cf4bf15
which can be used as unique global reference for GfxDownloadWrapper.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2019-12-27T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GfxDownloadWrapper.exe |
GhostToken GCP flaw
Sergiu Gatlan. (2023, April 21). GhostToken GCP flaw let attackers backdoor Google accounts. Retrieved September 18, 2023.
Internal MISP references
UUID 3f87bd65-4194-5be6-93a1-acde6eaef547
which can be used as unique global reference for GhostToken GCP flaw
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-18T00:00:00Z |
date_published | 2023-04-21T00:00:00Z |
source | MITRE |
title | GhostToken GCP flaw let attackers backdoor Google accounts |
GitHub ADRecon
adrecon. (n.d.). GitHub ADRecon. Retrieved March 5, 2024.
Internal MISP references
UUID 8ef4bcee-673d-4bab-8e18-947f45c6fc77
which can be used as unique global reference for GitHub ADRecon
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-05T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GitHub ADRecon |
GitHub BeichenDream BadPotato
BeichenDream. (n.d.). GitHub BeichenDream BadPotato. Retrieved August 28, 2023.
Internal MISP references
UUID e7f1d932-4bcd-4a78-b975-f4ebbce8c05e
which can be used as unique global reference for GitHub BeichenDream BadPotato
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-28T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GitHub BeichenDream BadPotato |
GitHub Chisel
jpillora. (n.d.). GitHub Chisel. Retrieved October 20, 2023.
Internal MISP references
UUID 4a60fb46-06b7-44ea-a9f6-8d6fa81e9363
which can be used as unique global reference for GitHub Chisel
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GitHub Chisel |
Github evilginx2
Gretzky, Kuba. (2019, April 10). Retrieved October 8, 2019.
Internal MISP references
UUID 322e5d90-5095-47ea-b0e2-e7e5fb45fcca
which can be used as unique global reference for Github evilginx2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-08T00:00:00Z |
source | MITRE |
title | Github evilginx2 |
GitHub evilginx2 - Duplicate
kgretzky. (n.d.). GitHub evilginx2. Retrieved December 14, 2023.
Internal MISP references
UUID eea178f4-80bd-49d1-84b1-f80671e9a3e4
which can be used as unique global reference for GitHub evilginx2 - Duplicate
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-14T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GitHub evilginx2 |
GitHub Malleable C2
Mudge, R. (2014, July 14). Github Malleable-C2-Profiles safebrowsing.profile. Retrieved June 18, 2017.
Internal MISP references
UUID 0a609b90-dbaf-47bc-a642-1d180ca56498
which can be used as unique global reference for GitHub Malleable C2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-06-18T00:00:00Z |
date_published | 2014-07-14T00:00:00Z |
source | MITRE |
title | Github Malleable-C2-Profiles safebrowsing.profile |
GitHub masscan
robertdavidgraham. (n.d.). GitHub masscan. Retrieved March 13, 2024.
Internal MISP references
UUID 7ae0b5c6-c9e5-4922-9e98-6483c81a8b42
which can be used as unique global reference for GitHub masscan
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-13T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GitHub masscan |
GitHub meganz MEGAsync
GitHub. (n.d.). GitHub - meganz/MEGAsync: Easy automated syncing between your computers and your MEGA Cloud Drive. Retrieved June 22, 2023.
Internal MISP references
UUID 6e59c47d-597c-4687-942f-9f1cf1db75d5
which can be used as unique global reference for GitHub meganz MEGAsync
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-22T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GitHub - meganz/MEGAsync: Easy automated syncing between your computers and your MEGA Cloud Drive |
GitHub - NYAN-x-CAT/AsyncRAT-C-Sharp: Open-Source Remote Administration Tool For Windows C
GitHub. (n.d.). GitHub - NYAN-x-CAT/AsyncRAT-C-Sharp: Open-Source Remote Administration Tool For Windows C#. Retrieved May 7, 2023.
Internal MISP references
UUID 6747f2cf-61bd-4d26-9bc1-10ce7a8e3e39
which can be used as unique global reference for GitHub - NYAN-x-CAT/AsyncRAT-C-Sharp: Open-Source Remote Administration Tool For Windows C#
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GitHub - NYAN-x-CAT/AsyncRAT-C-Sharp: Open-Source Remote Administration Tool For Windows C# |
GitHub ohpe Juicy Potato
ohpe. (n.d.). GitHub ohpe Juicy Potato. Retrieved August 28, 2023.
Internal MISP references
UUID 16d0dd05-763a-4503-aa88-c8867d8f202d
which can be used as unique global reference for GitHub ohpe Juicy Potato
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-28T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GitHub ohpe Juicy Potato |
code_persistence_zsh
Leo Pitt. (2020, November 11). Github - PersistentJXA/BashProfilePersist.js. Retrieved January 11, 2021.
Internal MISP references
UUID b76d3ed0-e484-4ed1-aa6b-892a6f34e478
which can be used as unique global reference for code_persistence_zsh
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-11T00:00:00Z |
date_published | 2020-11-11T00:00:00Z |
source | MITRE |
title | Github - PersistentJXA/BashProfilePersist.js |
Github PowerShell Empire
Schroeder, W., Warner, J., Nelson, M. (n.d.). Github PowerShellEmpire. Retrieved April 28, 2016.
Internal MISP references
UUID 017ec673-454c-492a-a65b-10d3a20dfdab
which can be used as unique global reference for Github PowerShell Empire
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-28T00:00:00Z |
source | MITRE |
title | Github PowerShellEmpire |
GitHub Pupy
Nicolas Verdier. (n.d.). Retrieved January 29, 2018.
Internal MISP references
UUID 69d5cb59-6545-4405-8ca6-733db99d3ee9
which can be used as unique global reference for GitHub Pupy
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-29T00:00:00Z |
source | MITRE |
title | GitHub Pupy |
GitHub purple-team-attack-automation - Available Modules
praetorian-inc. (n.d.). GitHub purple-team-attack-automation - Available Modules. Retrieved September 8, 2023.
Internal MISP references
UUID 9bca14cc-1302-49b3-b905-cdf48dedc32b
which can be used as unique global reference for GitHub purple-team-attack-automation - Available Modules
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-08T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GitHub purple-team-attack-automation - Available Modules |
GitHub random_c2_profile
threatexpress. (n.d.). GitHub random_c2_profile. Retrieved September 21, 2023.
Internal MISP references
UUID dcb30328-6aa4-461b-8333-451d6af4b384
which can be used as unique global reference for GitHub random_c2_profile
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-21T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GitHub random_c2_profile |
GitHub ransomware_map
cert-orangecyberdefense. (n.d.). GitHub ransomware_map. Retrieved March 13, 2024.
Internal MISP references
UUID d995f4b2-3262-4c37-855a-61aef7d7b8a8
which can be used as unique global reference for GitHub ransomware_map
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-13T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GitHub ransomware_map |
GitHub rsockstun
llkat. (n.d.). GitHub rsockstun. Retrieved December 14, 2023.
Internal MISP references
UUID 1644457f-75d6-4064-a11b-9217249fa5e6
which can be used as unique global reference for GitHub rsockstun
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-14T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GitHub rsockstun |
GitHub secretsdump
fortra. (n.d.). GitHub secretsdump. Retrieved November 16, 2023.
Internal MISP references
UUID c29a90a7-016f-49b7-a970-334290964f19
which can be used as unique global reference for GitHub secretsdump
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GitHub secretsdump |
GitHub SharpChromium
djhohnstein. (n.d.). GitHub SharpChromium. Retrieved December 14, 2023.
Internal MISP references
UUID ca1956a5-72f2-43ad-a17f-a52ca97bd84e
which can be used as unique global reference for GitHub SharpChromium
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-14T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GitHub SharpChromium |
GitHub SharpHound
BloodHoundAD. (n.d.). GitHub SharpHound. Retrieved March 7, 2024.
Internal MISP references
UUID e1c405b4-b591-4469-848c-7a7dd69151c0
which can be used as unique global reference for GitHub SharpHound
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GitHub SharpHound |
GitHub SharpRoast
GhostPack. (n.d.). GitHub SharpRoast. Retrieved September 22, 2023.
Internal MISP references
UUID 43a2e05d-4662-4a5c-9c99-3165f0d71169
which can be used as unique global reference for GitHub SharpRoast
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-22T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GitHub SharpRoast |
GitHub SILENTTRINITY March 2022
Salvati, M (2019, August 6). SILENTTRINITY. Retrieved March 23, 2022.
Internal MISP references
UUID cff66280-c592-4e3c-a56c-32a9620cf95c
which can be used as unique global reference for GitHub SILENTTRINITY March 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-23T00:00:00Z |
source | MITRE |
title | GitHub SILENTTRINITY March 2022 |
GitHub SoftEtherVPN SoftEtherVPN_Stable
SoftEtherVPN. (n.d.). GitHub SoftEtherVPN SoftEtherVPN_Stable. Retrieved August 28, 2023.
Internal MISP references
UUID f9d28db2-499f-407c-94d2-652b9ed5f928
which can be used as unique global reference for GitHub SoftEtherVPN SoftEtherVPN_Stable
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-28T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GitHub SoftEtherVPN SoftEtherVPN_Stable |
GitHub Terminator
ZeroMemoryEx. (n.d.). GitHub Terminator. Retrieved March 13, 2024.
Internal MISP references
UUID c2556bcf-9cc9-4f46-8a0f-8f8d801dfdbf
which can be used as unique global reference for GitHub Terminator
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-13T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GitHub Terminator |
GitHub xmrig-proxy
xmrig. (n.d.). GitHub xmrig-proxy. Retrieved October 25, 2023.
Internal MISP references
UUID bd2a5de0-f55f-4eeb-a11f-8ec1e9f2ae2b
which can be used as unique global reference for GitHub xmrig-proxy
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GitHub xmrig-proxy |
GitHub Gitrob
Michael Henriksen. (2018, June 9). Gitrob: Putting the Open Source in OSINT. Retrieved October 19, 2020.
Internal MISP references
UUID 1dee0842-15cc-4835-b8a8-938e0c94807b
which can be used as unique global reference for GitHub Gitrob
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
date_published | 2018-06-09T00:00:00Z |
source | MITRE |
title | Gitrob: Putting the Open Source in OSINT |
FireEye DNS Hijack 2019
Hirani, M., Jones, S., Read, B. (2019, January 10). Global DNS Hijacking Campaign: DNS Record Manipulation at Scale. Retrieved October 9, 2020.
Internal MISP references
UUID 2c696e90-11eb-4196-9946-b5c4c11ccddc
which can be used as unique global reference for FireEye DNS Hijack 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-09T00:00:00Z |
date_published | 2019-01-10T00:00:00Z |
source | MITRE |
title | Global DNS Hijacking Campaign: DNS Record Manipulation at Scale |
McAfee Night Dragon
McAfee® Foundstone® Professional Services and McAfee Labs™. (2011, February 10). Global Energy Cyberattacks: “Night Dragon”. Retrieved February 19, 2018.
Internal MISP references
UUID 242d2933-ca2b-4511-803a-454727a3acc5
which can be used as unique global reference for McAfee Night Dragon
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-19T00:00:00Z |
date_published | 2011-02-10T00:00:00Z |
source | MITRE |
title | Global Energy Cyberattacks: “Night Dragon” |
GMER Rootkits
GMER. (n.d.). GMER. Retrieved December 12, 2017.
Internal MISP references
UUID f43e9881-4919-4ccc-b2ed-929d7838b2b4
which can be used as unique global reference for GMER Rootkits
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-12T00:00:00Z |
source | MITRE |
title | GMER |
Gnome Remote Desktop grd-settings
Pascal Nowack. (n.d.). Retrieved September 21, 2021.
Internal MISP references
UUID 8f494ff3-b02b-470b-a57d-d2275989f541
which can be used as unique global reference for Gnome Remote Desktop grd-settings
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-21T00:00:00Z |
source | MITRE |
title | Gnome Remote Desktop grd-settings |
Gnome Remote Desktop gschema
Pascal Nowack. (n.d.). Retrieved September 21, 2021.
Internal MISP references
UUID c7c749d5-b1b0-4a0f-8d14-eef47cfa1279
which can be used as unique global reference for Gnome Remote Desktop gschema
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-21T00:00:00Z |
source | MITRE |
title | Gnome Remote Desktop gschema |
MITRE Trustworthy Firmware Measurement
Upham, K. (2014, March). Going Deep into the BIOS with MITRE Firmware Security Research. Retrieved January 5, 2016.
Internal MISP references
UUID 25f52172-293e-4b23-9239-201a0ddbcdf1
which can be used as unique global reference for MITRE Trustworthy Firmware Measurement
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-05T00:00:00Z |
date_published | 2014-03-01T00:00:00Z |
source | MITRE |
title | Going Deep into the BIOS with MITRE Firmware Security Research |
Secureworks Gold Blackburn Mar 2022
Secureworks Counter Threat Unit. (2022, March 1). Gold Blackburn Threat Profile. Retrieved June 15, 2023.
Internal MISP references
UUID b6b27fa9-488c-5b6d-8e12-fe8371846cd3
which can be used as unique global reference for Secureworks Gold Blackburn Mar 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-15T00:00:00Z |
date_published | 2022-03-01T00:00:00Z |
source | MITRE |
title | Gold Blackburn Threat Profile |
Secureworks GOLD CABIN
Secureworks. (n.d.). GOLD CABIN Threat Profile. Retrieved March 17, 2021.
Internal MISP references
UUID 778babec-e7d3-4341-9e33-aab361f2b98a
which can be used as unique global reference for Secureworks GOLD CABIN
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-17T00:00:00Z |
source | MITRE, Tidal Cyber |
title | GOLD CABIN Threat Profile |
McAfee Gold Dragon
Sherstobitoff, R., Saavedra-Morales, J. (2018, February 02). Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims’ Systems. Retrieved June 6, 2018.
Internal MISP references
UUID 4bdfa92b-cbbd-43e6-aa3e-422561ff8d7a
which can be used as unique global reference for McAfee Gold Dragon
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-06-06T00:00:00Z |
date_published | 2018-02-02T00:00:00Z |
source | MITRE |
title | Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims’ Systems |
Cyberark Golden SAML
Reiner, S. (2017, November 21). Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps. Retrieved December 17, 2020.
Internal MISP references
UUID 58083370-8126-47d3-827c-1910ed3f4b2a
which can be used as unique global reference for Cyberark Golden SAML
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-17T00:00:00Z |
date_published | 2017-11-21T00:00:00Z |
source | MITRE |
title | Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps |
Trustwave GoldenSpy2 June 2020
Trustwave SpiderLabs. (2020, June 26). GoldenSpy: Chapter Two – The Uninstaller. Retrieved July 23, 2020.
Internal MISP references
UUID 5031e82e-66e8-4ae0-be47-53daa87ddf94
which can be used as unique global reference for Trustwave GoldenSpy2 June 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-23T00:00:00Z |
date_published | 2020-06-26T00:00:00Z |
source | MITRE |
title | GoldenSpy: Chapter Two – The Uninstaller |
Secureworks GOLD KINGSWOOD Threat Profile
Secureworks. (n.d.). GOLD KINGSWOOD. Retrieved October 18, 2021.
Internal MISP references
UUID 36035bbb-1609-4461-be27-ef4a920b814c
which can be used as unique global reference for Secureworks GOLD KINGSWOOD Threat Profile
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-18T00:00:00Z |
source | MITRE |
title | GOLD KINGSWOOD |
MSTIC NOBELIUM Mar 2021
Nafisi, R., Lelli, A. (2021, March 4). GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence. Retrieved March 8, 2021.
Internal MISP references
UUID 8688a0a9-d644-4b96-81bb-031f1f898652
which can be used as unique global reference for MSTIC NOBELIUM Mar 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-08T00:00:00Z |
date_published | 2021-03-04T00:00:00Z |
source | MITRE |
title | GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence |
Secureworks GOLD NIAGARA Threat Profile
CTU. (n.d.). GOLD NIAGARA. Retrieved September 21, 2021.
Internal MISP references
UUID b11276cb-f6dd-4e91-90cd-9c287fb3e6b1
which can be used as unique global reference for Secureworks GOLD NIAGARA Threat Profile
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-21T00:00:00Z |
source | MITRE |
title | GOLD NIAGARA |
Secureworks Gold Prelude Profile
Secureworks. (n.d.). GOLD PRELUDE . Retrieved March 22, 2024.
Internal MISP references
UUID b16ae37d-5244-5c1e-92a9-e494b5a9ef49
which can be used as unique global reference for Secureworks Gold Prelude Profile
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-22T00:00:00Z |
source | MITRE |
title | GOLD PRELUDE |
Secureworks GOLD SAHARA
Secureworks. (n.d.). GOLD SAHARA. Retrieved February 20, 2024.
Internal MISP references
UUID 3abb7995-4a62-56a6-9492-942965edf0a0
which can be used as unique global reference for Secureworks GOLD SAHARA
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-20T00:00:00Z |
source | MITRE |
title | GOLD SAHARA |
Secureworks GOLD SOUTHFIELD
Secureworks. (n.d.). GOLD SOUTHFIELD. Retrieved October 6, 2020.
Internal MISP references
UUID 01d1ffaa-16b3-41c4-bb5a-afe2b41f1142
which can be used as unique global reference for Secureworks GOLD SOUTHFIELD
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-06T00:00:00Z |
source | MITRE |
title | GOLD SOUTHFIELD |
Google Chrome Remote Desktop
Google. (n.d.). Retrieved March 14, 2024.
Internal MISP references
UUID 70c87a07-38eb-53d2-8b63-013eb3ce62c8
which can be used as unique global reference for Google Chrome Remote Desktop
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-14T00:00:00Z |
source | MITRE |
title | Google Chrome Remote Desktop |
Google Cloud Identity API Documentation
Google. (n.d.). Retrieved March 16, 2021.
Internal MISP references
UUID 67f2719e-74fd-4bc1-9eeb-07d3095a5191
which can be used as unique global reference for Google Cloud Identity API Documentation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-16T00:00:00Z |
source | MITRE |
title | Google Cloud Identity API Documentation |
GCPBucketBrute
Spencer Gietzen. (2019, February 26). Google Cloud Platform (GCP) Bucket Enumeration and Privilege Escalation. Retrieved March 4, 2022.
Internal MISP references
UUID d956e1f6-37ca-4352-b275-84c174888b88
which can be used as unique global reference for GCPBucketBrute
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-04T00:00:00Z |
date_published | 2019-02-26T00:00:00Z |
source | MITRE |
title | Google Cloud Platform (GCP) Bucket Enumeration and Privilege Escalation |
ExploitDB GoogleHacking
Offensive Security. (n.d.). Google Hacking Database. Retrieved October 23, 2020.
Internal MISP references
UUID 29714b88-a1ff-4684-a3b0-35c3a2c78947
which can be used as unique global reference for ExploitDB GoogleHacking
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-23T00:00:00Z |
source | MITRE |
title | Google Hacking Database |
Freejacked
Clark, Michael. (2023, August 14). Google’s Vertex AI Platform Gets Freejacked. Retrieved February 28, 2024.
Internal MISP references
UUID c7007fa4-bc07-59aa-820e-ffeea1486ed6
which can be used as unique global reference for Freejacked
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-28T00:00:00Z |
date_published | 2023-08-14T00:00:00Z |
source | MITRE |
title | Google’s Vertex AI Platform Gets Freejacked |
Google Workspace Global Access List
Google. (n.d.). Retrieved March 16, 2021.
Internal MISP references
UUID 5104f0ea-1fb6-4260-a9b6-95922b3a8e5b
which can be used as unique global reference for Google Workspace Global Access List
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-16T00:00:00Z |
source | MITRE |
title | Google Workspace Global Access List |
Trend Micro January 09 2023
Trend Micro. (2023, January 9). Gootkit Loader Actively Targets Australian Healthcare Industry. Retrieved May 7, 2023.
Internal MISP references
UUID 903861d2-cd45-4bda-bc70-2a44c6d49aa6
which can be used as unique global reference for Trend Micro January 09 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2023-01-09T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Gootkit Loader Actively Targets Australian Healthcare Industry |
Sophos Gootloader
Szappanos, G. & Brandt, A. (2021, March 1). “Gootloader” expands its payload delivery options. Retrieved September 30, 2022.
Internal MISP references
UUID 63357292-0f08-4405-a45a-34b606ab7110
which can be used as unique global reference for Sophos Gootloader
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-30T00:00:00Z |
date_published | 2021-03-01T00:00:00Z |
source | MITRE |
title | “Gootloader” expands its payload delivery options |
SentinelLabs Gootloader June 2021
Antonio Pirozzi. (2021, June 16). Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets. Retrieved May 7, 2023.
Internal MISP references
UUID 1ab5b9c2-4e91-420f-9a27-661588d0bd71
which can be used as unique global reference for SentinelLabs Gootloader June 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2021-06-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets |
Cybereason Gootloader February 2023
Loïc Castel, Jakes Jansen, Nitin Grover. (2023, February 14). GootLoader - SEO Poisoning and Large Payloads Leading to Compromise. Retrieved May 18, 2023.
Internal MISP references
UUID 098bf58f-3868-4892-bb4d-c78ce8817a02
which can be used as unique global reference for Cybereason Gootloader February 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-18T00:00:00Z |
date_published | 2023-02-14T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GootLoader - SEO Poisoning and Large Payloads Leading to Compromise |
SentinelOne 1 16 2023
Jim Walter. (2023, January 16). Gotta Catch 'Em All . Retrieved January 1, 2024.
Internal MISP references
UUID 1482155f-e70d-434c-ade0-23543a4124fe
which can be used as unique global reference for SentinelOne 1 16 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-01T00:00:00Z |
date_published | 2023-01-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Gotta Catch 'Em All |
Unit 42 CARROTBAT January 2020
McCabe, A. (2020, January 23). The Fractured Statue Campaign: U.S. Government Agency Targeted in Spear-Phishing Attacks. Retrieved June 2, 2020.
Internal MISP references
UUID b65442ca-18ca-42e0-8be0-7c2b66c26d02
which can be used as unique global reference for Unit 42 CARROTBAT January 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-02T00:00:00Z |
source | MITRE |
title | Government Agency Targeted in Spear-Phishing Attacks |
Secureworks BRONZE SILHOUETTE May 2023
Counter Threat Unit Research Team. (2023, May 24). Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations. Retrieved July 27, 2023.
Internal MISP references
UUID 77624549-e170-5894-9219-a15b4aa31726
which can be used as unique global reference for Secureworks BRONZE SILHOUETTE May 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-27T00:00:00Z |
source | MITRE |
title | Government and Defense Organizations |
FireEye HAWKBALL Jun 2019
Patil, S. and Williams, M.. (2019, June 5). Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities. Retrieved June 20, 2019.
Internal MISP references
UUID c88150b1-8c0a-4fc5-b5b7-11e242af1c43
which can be used as unique global reference for FireEye HAWKBALL Jun 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-20T00:00:00Z |
date_published | 2019-06-05T00:00:00Z |
source | MITRE |
title | Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities |
CISA AA20-296A Berserk Bear December 2020
CISA. (2020, December 1). Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets. Retrieved December 9, 2021.
Internal MISP references
UUID c7bc4b25-2043-4f43-8320-590f82d0e09a
which can be used as unique global reference for CISA AA20-296A Berserk Bear December 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-09T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Government Targets |
Obscuresecurity Get-GPPPassword
Campbell, C. (2012, May 24). GPP Password Retrieval with PowerShell. Retrieved April 11, 2018.
Internal MISP references
UUID 54351cf9-8d2a-47fb-92d5-fe64b628ab06
which can be used as unique global reference for Obscuresecurity Get-GPPPassword
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-11T00:00:00Z |
date_published | 2012-05-24T00:00:00Z |
source | MITRE |
title | GPP Password Retrieval with PowerShell |
Microsoft gpresult
Microsoft. (2017, October 16). gpresult. Retrieved August 6, 2021.
Internal MISP references
UUID 88af38e8-e437-4153-80af-a1be8c6a8629
which can be used as unique global reference for Microsoft gpresult
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-06T00:00:00Z |
date_published | 2017-10-16T00:00:00Z |
source | MITRE |
title | gpresult |
Gpscript.exe - LOLBAS Project
LOLBAS. (2018, May 25). Gpscript.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 619f57d9-d93b-4e9b-aae0-6ce89d91deb6
which can be used as unique global reference for Gpscript.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Gpscript.exe |
ESET Grandoreiro April 2020
ESET. (2020, April 28). Grandoreiro: How engorged can an EXE get?. Retrieved November 13, 2020.
Internal MISP references
UUID d6270492-986b-4fb6-bdbc-2e364947847c
which can be used as unique global reference for ESET Grandoreiro April 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-13T00:00:00Z |
date_published | 2020-04-28T00:00:00Z |
source | MITRE |
title | Grandoreiro: How engorged can an EXE get? |
IBM Grandoreiro April 2020
Abramov, D. (2020, April 13). Grandoreiro Malware Now Targeting Banks in Spain. Retrieved November 12, 2020.
Internal MISP references
UUID a2d4bca5-d57d-4a77-95c6-409f90115e2f
which can be used as unique global reference for IBM Grandoreiro April 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-12T00:00:00Z |
date_published | 2020-04-13T00:00:00Z |
source | MITRE |
title | Grandoreiro Malware Now Targeting Banks in Spain |
AWS PassRole
AWS. (n.d.). Granting a user permissions to pass a role to an AWS service. Retrieved July 10, 2023.
Internal MISP references
UUID 01e0c198-dd59-5dd1-b632-73cb316eafe0
which can be used as unique global reference for AWS PassRole
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-10T00:00:00Z |
source | MITRE |
title | Granting a user permissions to pass a role to an AWS service |
Microsoft Azure Storage Shared Access Signature
Microsoft. (2023, June 7). Grant limited access to Azure Storage resources using shared access signatures (SAS). Retrieved March 4, 2024.
Internal MISP references
UUID 9031357f-04ac-5c07-a59d-97b9e32edf79
which can be used as unique global reference for Microsoft Azure Storage Shared Access Signature
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-04T00:00:00Z |
date_published | 2023-06-07T00:00:00Z |
source | MITRE |
title | Grant limited access to Azure Storage resources using shared access signatures (SAS) |
CopyFromScreen .NET
Microsoft. (n.d.). Graphics.CopyFromScreen Method. Retrieved March 24, 2020.
Internal MISP references
UUID b9733af4-ffb4-416e-884e-d51649aecbce
which can be used as unique global reference for CopyFromScreen .NET
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-24T00:00:00Z |
source | MITRE |
title | Graphics.CopyFromScreen Method |
Talos GravityRAT
Mercer, W., Rascagneres, P. (2018, April 26). GravityRAT - The Two-Year Evolution Of An APT Targeting India. Retrieved May 16, 2018.
Internal MISP references
UUID 2d7a1d72-cc9a-4b0b-a89a-e24ca836879b
which can be used as unique global reference for Talos GravityRAT
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-16T00:00:00Z |
date_published | 2018-04-26T00:00:00Z |
source | MITRE |
title | GravityRAT - The Two-Year Evolution Of An APT Targeting India |
FireEye PowerShell Logging
Dunwoody, M. (2016, February 11). Greater Visibility Through PowerShell Logging. Retrieved September 28, 2021.
Internal MISP references
UUID 02ee8297-60e8-42bf-8791-2461ebc29207
which can be used as unique global reference for FireEye PowerShell Logging
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-28T00:00:00Z |
date_published | 2016-02-11T00:00:00Z |
source | MITRE |
title | Greater Visibility Through PowerShell Logging |
FireEye PowerShell Logging 2016
Dunwoody, M. (2016, February 11). GREATER VISIBILITY THROUGH POWERSHELL LOGGING. Retrieved February 16, 2016.
Internal MISP references
UUID eb1e9dc7-b935-42ae-bbde-d2fdda5953db
which can be used as unique global reference for FireEye PowerShell Logging 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-02-16T00:00:00Z |
date_published | 2016-02-11T00:00:00Z |
source | MITRE |
title | GREATER VISIBILITY THROUGH POWERSHELL LOGGING |
Glitch-Cat Green Lambert ATTCK Oct 2021
Sandvik, Runa. (2021, October 18). Green Lambert and ATT&CK. Retrieved March 21, 2022.
Internal MISP references
UUID f22d033c-4474-4bd7-b194-c7a4d9819a2b
which can be used as unique global reference for Glitch-Cat Green Lambert ATTCK Oct 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-21T00:00:00Z |
date_published | 2021-10-18T00:00:00Z |
source | MITRE |
title | Green Lambert and ATT&CK |
GreenMwizi - Kenyan scamming campaign using Twitter bots
blog.bushidotoken.net. (n.d.). GreenMwizi - Kenyan scamming campaign using Twitter bots. Retrieved May 7, 2023.
Internal MISP references
UUID 3b09696a-1345-4283-a59b-e9a13124ef59
which can be used as unique global reference for GreenMwizi - Kenyan scamming campaign using Twitter bots
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | GreenMwizi - Kenyan scamming campaign using Twitter bots |
ESET GreyEnergy Oct 2018
Cherepanov, A. (2018, October). GREYENERGY A successor to BlackEnergy. Retrieved November 15, 2018.
Internal MISP references
UUID f3e70f41-6c22-465c-b872-a7ec5e6a3e67
which can be used as unique global reference for ESET GreyEnergy Oct 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-15T00:00:00Z |
date_published | 2018-10-01T00:00:00Z |
source | MITRE |
title | GREYENERGY A successor to BlackEnergy |
GRIZZLY STEPPE JAR
Department of Homeland Security and Federal Bureau of Investigation. (2016, December 29). GRIZZLY STEPPE – Russian Malicious Cyber Activity. Retrieved January 11, 2017.
Internal MISP references
UUID 4b26d274-497f-49bc-a2a5-b93856a49893
which can be used as unique global reference for GRIZZLY STEPPE JAR
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-01-11T00:00:00Z |
date_published | 2016-12-29T00:00:00Z |
source | MITRE |
title | GRIZZLY STEPPE – Russian Malicious Cyber Activity |
Citizen Lab Group5
Scott-Railton, J., et al. (2016, August 2). Group5: Syria and the Iranian Connection. Retrieved September 26, 2016.
Internal MISP references
UUID ffbec5e8-947a-4363-b7e1-812dfd79935a
which can be used as unique global reference for Citizen Lab Group5
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-09-26T00:00:00Z |
date_published | 2016-08-02T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Group5: Syria and the Iranian Connection |
Group-IB Threat Intelligence Tweet October 9 2023
GroupIB_TI. (2023, October 9). Group-IB Threat Intelligence Tweet October 9 2023. Retrieved October 10, 2023.
Internal MISP references
UUID 2df546ed-6577-44b2-9b26-0a17c3622df7
which can be used as unique global reference for Group-IB Threat Intelligence Tweet October 9 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-10T00:00:00Z |
date_published | 2023-10-09T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Group-IB Threat Intelligence Tweet October 9 2023 |
TechNet Group Policy Basics
srachui. (2012, February 13). Group Policy Basics – Part 1: Understanding the Structure of a Group Policy Object. Retrieved March 5, 2019.
Internal MISP references
UUID 9b9c8c6c-c272-424e-a594-a34b7bf62477
which can be used as unique global reference for TechNet Group Policy Basics
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-05T00:00:00Z |
date_published | 2012-02-13T00:00:00Z |
source | MITRE |
title | Group Policy Basics – Part 1: Understanding the Structure of a Group Policy Object |
Microsoft GPP 2016
Microsoft. (2016, August 31). Group Policy Preferences. Retrieved March 9, 2020.
Internal MISP references
UUID fa3beaf1-81e7-411b-849a-24cffaf7c552
which can be used as unique global reference for Microsoft GPP 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-09T00:00:00Z |
date_published | 2016-08-31T00:00:00Z |
source | MITRE |
title | Group Policy Preferences |
groups man page
MacKenzie, D. and Youngman, J. (n.d.). groups(1) - Linux man page. Retrieved January 11, 2024.
Internal MISP references
UUID 3d3c9756-4700-5db3-b8bc-8d2958df6a42
which can be used as unique global reference for groups man page
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-11T00:00:00Z |
source | MITRE |
title | groups(1) - Linux man page |
Venafi SSH Key Abuse
Blachman, Y. (2020, April 22). Growing Abuse of SSH Keys: Commodity Malware Campaigns Now Equipped with SSH Capabilities. Retrieved June 24, 2020.
Internal MISP references
UUID cba14230-13bc-47ad-8f3f-d798217657bd
which can be used as unique global reference for Venafi SSH Key Abuse
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-24T00:00:00Z |
date_published | 2020-04-22T00:00:00Z |
source | MITRE |
title | Growing Abuse of SSH Keys: Commodity Malware Campaigns Now Equipped with SSH Capabilities |
Wikibooks Grsecurity
Wikibooks. (2018, August 19). Grsecurity/The RBAC System. Retrieved June 4, 2020.
Internal MISP references
UUID 8a7abfa0-97e8-4cac-9d76-c886e9666a16
which can be used as unique global reference for Wikibooks Grsecurity
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-04T00:00:00Z |
date_published | 2018-08-19T00:00:00Z |
source | MITRE |
title | Grsecurity/The RBAC System |
TrueSec Gsecdump
TrueSec. (n.d.). gsecdump v2.0b5. Retrieved September 29, 2015.
Internal MISP references
UUID ba1d07ed-2e18-4f5f-9d44-082530946f14
which can be used as unique global reference for TrueSec Gsecdump
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-09-29T00:00:00Z |
source | MITRE |
title | gsecdump v2.0b5 |
GTFOBins Suid
Emilio Pinna, Andrea Cardaci. (n.d.). GTFOBins. Retrieved January 28, 2022.
Internal MISP references
UUID 0b7d8e81-da8e-4f6a-a1b7-4ed81e441b4d
which can be used as unique global reference for GTFOBins Suid
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-28T00:00:00Z |
source | MITRE |
title | GTFOBins |
GTFObins at
Emilio Pinna, Andrea Cardaci. (n.d.). gtfobins at. Retrieved September 28, 2021.
Internal MISP references
UUID 3fad6618-5a85-4f7a-be2b-0600269d7768
which can be used as unique global reference for GTFObins at
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-28T00:00:00Z |
source | MITRE |
title | gtfobins at |
Fortinet Moses Staff February 15 2022
Rotem Sde-Or. (2022, February 15). Guard Your Drive from DriveGuard: Moses Staff Campaigns Against Israeli Organizations Span Several Months. Retrieved October 23, 2023.
Internal MISP references
UUID 4a435edb-18ae-4c31-beff-2b8f2e6cad34
which can be used as unique global reference for Fortinet Moses Staff February 15 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-23T00:00:00Z |
date_published | 2022-02-15T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Guard Your Drive from DriveGuard: Moses Staff Campaigns Against Israeli Organizations Span Several Months |
Microsoft Log4j Vulnerability Exploitation December 2021
Microsoft Threat Intelligence. (2021, December 11). Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability. Retrieved December 7, 2023.
Internal MISP references
UUID 456ed22f-0de1-5ee4-bb8a-29e3baedc7b1
which can be used as unique global reference for Microsoft Log4j Vulnerability Exploitation December 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-07T00:00:00Z |
date_published | 2021-12-11T00:00:00Z |
source | MITRE |
title | Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability |
Unit 42 NETWIRE April 2020
Duncan, B. (2020, April 3). GuLoader: Malspam Campaign Installing NetWire RAT. Retrieved January 7, 2021.
Internal MISP references
UUID b42f119d-144a-470a-b9fe-ccbf80a78fbb
which can be used as unique global reference for Unit 42 NETWIRE April 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-07T00:00:00Z |
date_published | 2020-04-03T00:00:00Z |
source | MITRE |
title | GuLoader: Malspam Campaign Installing NetWire RAT |
H0lyGh0st - North Korean Threat Group Strikes Back With New Ransomware
www.picussecurity.com. (n.d.). H0lyGh0st - North Korean Threat Group Strikes Back With New Ransomware. Retrieved May 19, 2023.
Internal MISP references
UUID 3f66ef62-ac0d-4ece-9a4b-917ae70f1617
which can be used as unique global reference for H0lyGh0st - North Korean Threat Group Strikes Back With New Ransomware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-19T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | H0lyGh0st - North Korean Threat Group Strikes Back With New Ransomware |
Cisco H1N1 Part 1
Reynolds, J.. (2016, September 13). H1N1: Technical analysis reveals new capabilities. Retrieved September 26, 2016.
Internal MISP references
UUID 03a2faca-1a47-4f68-9f26-3fa98145f2ab
which can be used as unique global reference for Cisco H1N1 Part 1
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-09-26T00:00:00Z |
date_published | 2016-09-13T00:00:00Z |
source | MITRE |
title | H1N1: Technical analysis reveals new capabilities |
Cisco H1N1 Part 2
Reynolds, J.. (2016, September 14). H1N1: Technical analysis reveals new capabilities – part 2. Retrieved September 26, 2016.
Internal MISP references
UUID b53e55dc-078d-4535-a99f-c979ad8ca6e6
which can be used as unique global reference for Cisco H1N1 Part 2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-09-26T00:00:00Z |
date_published | 2016-09-14T00:00:00Z |
source | MITRE |
title | H1N1: Technical analysis reveals new capabilities – part 2 |
Wired Magecart S3 Buckets, 2019
Barrett, B.. (2019, July 11). Hack Brief: A Card-Skimming Hacker Group Hit 17K Domains—and Counting. Retrieved October 4, 2019.
Internal MISP references
UUID 47fb06ed-b4ce-454c-9bbe-21b28309f351
which can be used as unique global reference for Wired Magecart S3 Buckets, 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-04T00:00:00Z |
date_published | 2019-07-11T00:00:00Z |
source | MITRE |
title | Hack Brief: A Card-Skimming Hacker Group Hit 17K Domains—and Counting |
Wired Uber Breach
Andy Greenberg. (2017, January 21). Hack Brief: Uber Paid Off Hackers to Hide a 57-Million User Data Breach. Retrieved May 14, 2021.
Internal MISP references
UUID 3bdf88b3-8f41-4945-9292-e299bab4f98e
which can be used as unique global reference for Wired Uber Breach
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-14T00:00:00Z |
date_published | 2017-01-21T00:00:00Z |
source | MITRE |
title | Hack Brief: Uber Paid Off Hackers to Hide a 57-Million User Data Breach |
Trendmicro NPM Compromise
Trendmicro. (2018, November 29). Hacker Infects Node.js Package to Steal from Bitcoin Wallets. Retrieved April 10, 2019.
Internal MISP references
UUID 69eac1b0-1c50-4534-99e0-2d0fd738ab8f
which can be used as unique global reference for Trendmicro NPM Compromise
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-10T00:00:00Z |
date_published | 2018-11-29T00:00:00Z |
source | MITRE |
title | Hacker Infects Node.js Package to Steal from Bitcoin Wallets |
Data Destruction - Threat Post
Mimoso, M.. (2014, June 18). Hacker Puts Hosting Service Code Spaces Out of Business. Retrieved December 15, 2020.
Internal MISP references
UUID 97d16d3a-98a0-4a7d-9f74-8877c8088ddf
which can be used as unique global reference for Data Destruction - Threat Post
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-15T00:00:00Z |
date_published | 2014-06-18T00:00:00Z |
source | MITRE |
title | Hacker Puts Hosting Service Code Spaces Out of Business |
Bloomberg Scattered Spider May 8 2024
Katrina Manson. (2024, May 8). Hackers Behind MGM Attack Targeting Financial Sector in New Campaign. Retrieved May 22, 2024.
Internal MISP references
UUID 2bf7e84a-805d-48aa-b911-8cd8a9dbf1cf
which can be used as unique global reference for Bloomberg Scattered Spider May 8 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-05-22T00:00:00Z |
date_published | 2024-05-08T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Hackers Behind MGM Attack Targeting Financial Sector in New Campaign |
Salesforce zero-day in facebook phishing attack
Bill Toulas. (2023, August 2). Hackers exploited Salesforce zero-day in Facebook phishing attack. Retrieved September 18, 2023.
Internal MISP references
UUID cbd360bb-f4b6-5326-8861-b05f3a2a8737
which can be used as unique global reference for Salesforce zero-day in facebook phishing attack
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-18T00:00:00Z |
date_published | 2023-08-02T00:00:00Z |
source | MITRE |
title | Hackers exploited Salesforce zero-day in Facebook phishing attack |
Fortune Dragonfly 2.0 Sept 2017
Hackett, R. (2017, September 6). Hackers Have Penetrated Energy Grid, Symantec Warns. Retrieved June 6, 2018.
Internal MISP references
UUID b56c5b41-b8e0-4fef-a6d8-183bb283dc7c
which can be used as unique global reference for Fortune Dragonfly 2.0 Sept 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-06-06T00:00:00Z |
date_published | 2017-09-06T00:00:00Z |
source | MITRE |
title | Hackers Have Penetrated Energy Grid, Symantec Warns |
Wired Cyber Army of Russia April 17 2024
Andy Greenberg. (2024, April 17). Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities. Retrieved April 30, 2024.
Internal MISP references
UUID 53583baf-4e09-4d19-9348-6110206b88be
which can be used as unique global reference for Wired Cyber Army of Russia April 17 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-30T00:00:00Z |
date_published | 2024-04-17T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities |
Huntress API Hash
Brennan, M. (2022, February 16). Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection. Retrieved August 22, 2022.
Internal MISP references
UUID e9f91661-29e3-408e-bfdd-c7df22f3f400
which can be used as unique global reference for Huntress API Hash
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-22T00:00:00Z |
date_published | 2022-02-16T00:00:00Z |
source | MITRE |
title | Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection |
BleepingComputer Agent Tesla steal wifi passwords
Sergiu Gatlan. (2020, April 16). Hackers steal WiFi passwords using upgraded Agent Tesla malware. Retrieved September 8, 2023.
Internal MISP references
UUID 93b5ecd2-35a3-5bd8-9d6e-87bace012546
which can be used as unique global reference for BleepingComputer Agent Tesla steal wifi passwords
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-08T00:00:00Z |
date_published | 2020-04-16T00:00:00Z |
source | MITRE |
title | Hackers steal WiFi passwords using upgraded Agent Tesla malware |
SWAT-hospital
Giles, Bruce. (2024, January 4). Hackers threaten to send SWAT teams to Fred Hutch patients' homes. Retrieved January 5, 2024.
Internal MISP references
UUID ce8bc906-875a-53bd-8b9c-b2191e369e4e
which can be used as unique global reference for SWAT-hospital
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-05T00:00:00Z |
date_published | 2024-01-04T00:00:00Z |
source | MITRE |
title | Hackers threaten to send SWAT teams to Fred Hutch patients' homes |
PCMag FakeLogin
Kan, M. (2019, October 24). Hackers Try to Phish United Nations Staffers With Fake Login Pages. Retrieved October 20, 2020.
Internal MISP references
UUID f652524c-7950-4a8a-9860-0e658a9581d8
which can be used as unique global reference for PCMag FakeLogin
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2019-10-24T00:00:00Z |
source | MITRE |
title | Hackers Try to Phish United Nations Staffers With Fake Login Pages |
Krebs-Bazaar
Brian Krebs. (2016, October 31). Hackforums Shutters Booter Service Bazaar. Retrieved May 15, 2017.
Internal MISP references
UUID b46efda2-18e0-451e-b945-28421c2d5274
which can be used as unique global reference for Krebs-Bazaar
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-05-15T00:00:00Z |
date_published | 2016-10-31T00:00:00Z |
source | MITRE |
title | Hackforums Shutters Booter Service Bazaar |
BleepingComputer Molerats Dec 2020
Ilascu, I. (2020, December 14). Hacking group’s new malware abuses Google and Facebook services. Retrieved December 28, 2020.
Internal MISP references
UUID 307108c8-9c72-4f31-925b-0b9bd4b31e7b
which can be used as unique global reference for BleepingComputer Molerats Dec 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-28T00:00:00Z |
date_published | 2020-12-14T00:00:00Z |
source | MITRE |
title | Hacking group’s new malware abuses Google and Facebook services |
Microsoft Hacking Team Breach
Microsoft Secure Team. (2016, June 1). Hacking Team Breach: A Cyber Jurassic Park. Retrieved March 5, 2019.
Internal MISP references
UUID 8daac742-6467-40db-9fe5-87efd2a96f09
which can be used as unique global reference for Microsoft Hacking Team Breach
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-05T00:00:00Z |
date_published | 2016-06-01T00:00:00Z |
source | MITRE |
title | Hacking Team Breach: A Cyber Jurassic Park |
Intel HackingTeam UEFI Rootkit
Intel Security. (2005, July 16). HackingTeam's UEFI Rootkit Details. Retrieved March 20, 2017.
Internal MISP references
UUID 1c476cb2-8ce0-4559-8037-646d0ea09398
which can be used as unique global reference for Intel HackingTeam UEFI Rootkit
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-20T00:00:00Z |
date_published | 2005-07-16T00:00:00Z |
source | MITRE |
title | HackingTeam's UEFI Rootkit Details |
TrendMicro Hacking Team UEFI
Lin, P. (2015, July 13). Hacking Team Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems. Retrieved December 11, 2015.
Internal MISP references
UUID 24796535-d516-45e9-bcc7-8f03a3f3cd73
which can be used as unique global reference for TrendMicro Hacking Team UEFI
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-12-11T00:00:00Z |
date_published | 2015-07-13T00:00:00Z |
source | MITRE |
title | Hacking Team Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems |
TempertonDarkHotel
Temperton, J. (2015, August 10). Hacking Team zero-day used in new Darkhotel attacks. Retrieved March 9, 2017.
Internal MISP references
UUID 4de7960b-bd62-452b-9e64-b52a0d580858
which can be used as unique global reference for TempertonDarkHotel
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-09T00:00:00Z |
date_published | 2015-08-10T00:00:00Z |
source | MITRE |
title | Hacking Team zero-day used in new Darkhotel attacks |
FireEye Hacking FIN4 Video Dec 2014
Vengerik, B. & Dennesen, K.. (2014, December 5). Hacking the Street? FIN4 Likely Playing the Market. Retrieved January 15, 2019.
Internal MISP references
UUID 6dcfe3fb-c310-49cf-a657-f2cec65c5499
which can be used as unique global reference for FireEye Hacking FIN4 Video Dec 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-01-15T00:00:00Z |
date_published | 2014-12-05T00:00:00Z |
source | MITRE |
title | Hacking the Street? FIN4 Likely Playing the Market |
FireEye Hacking FIN4 Dec 2014
Vengerik, B. et al.. (2014, December 5). Hacking the Street? FIN4 Likely Playing the Market. Retrieved December 17, 2018.
Internal MISP references
UUID c3ac1c2a-21cc-42a9-a214-88f302371766
which can be used as unique global reference for FireEye Hacking FIN4 Dec 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-12-17T00:00:00Z |
date_published | 2014-12-05T00:00:00Z |
source | MITRE |
title | Hacking the Street? FIN4 Likely Playing the Market |
Malwarebytes OSINT Leaky Buckets - Hioureas
Vasilios Hioureas. (2019, September 13). Hacking with AWS: incorporating leaky buckets into your OSINT workflow. Retrieved February 14, 2022.
Internal MISP references
UUID 67ebcf71-828e-4202-b842-f071140883f8
which can be used as unique global reference for Malwarebytes OSINT Leaky Buckets - Hioureas
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-14T00:00:00Z |
date_published | 2019-09-13T00:00:00Z |
source | MITRE |
title | Hacking with AWS: incorporating leaky buckets into your OSINT workflow |
Microsoft Gsecdump
Vincent Tiu. (2017, September 15). HackTool:Win32/Gsecdump. Retrieved January 10, 2024.
Internal MISP references
UUID e9c12a7f-ce8a-5f20-8283-509e16532d9b
which can be used as unique global reference for Microsoft Gsecdump
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-10T00:00:00Z |
date_published | 2017-09-15T00:00:00Z |
source | MITRE |
title | HackTool:Win32/Gsecdump |
Microsoft HAFNIUM March 2020
MSTIC. (2021, March 2). HAFNIUM targeting Exchange Servers with 0-day exploits. Retrieved March 3, 2021.
Internal MISP references
UUID 6a986c46-79a3-49c6-94d2-d9b1f5db08f3
which can be used as unique global reference for Microsoft HAFNIUM March 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-03T00:00:00Z |
date_published | 2021-03-02T00:00:00Z |
source | MITRE, Tidal Cyber |
title | HAFNIUM targeting Exchange Servers with 0-day exploits |
haking9 libpcap network sniffing
Luis Martin Garcia. (2008, February 1). Hakin9 Issue 2/2008 Vol 3 No.2 VoIP Abuse: Storming SIP Security. Retrieved October 18, 2022.
Internal MISP references
UUID 2803d0b8-78ee-4b19-aad3-daf84cd292b5
which can be used as unique global reference for haking9 libpcap network sniffing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-10-18T00:00:00Z |
date_published | 2008-02-01T00:00:00Z |
source | MITRE |
title | Hakin9 Issue 2/2008 Vol 3 No.2 VoIP Abuse: Storming SIP Security |
FireEye APT29
FireEye Labs. (2015, July). HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group. Retrieved September 17, 2015.
Internal MISP references
UUID 78ead31e-7450-46e8-89cf-461ae1981994
which can be used as unique global reference for FireEye APT29
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-09-17T00:00:00Z |
date_published | 2015-07-01T00:00:00Z |
source | MITRE |
title | HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group |
FireEye Hancitor
Anubhav, A., Jallepalli, D. (2016, September 23). Hancitor (AKA Chanitor) observed using multiple attack approaches. Retrieved August 13, 2020.
Internal MISP references
UUID 65a07c8c-5b29-445f-8f01-6e577df4ea62
which can be used as unique global reference for FireEye Hancitor
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-13T00:00:00Z |
date_published | 2016-09-23T00:00:00Z |
source | MITRE |
title | Hancitor (AKA Chanitor) observed using multiple attack approaches |
NCC Group Fivehands June 2021
Matthews, M. and Backhouse, W. (2021, June 15). Handy guide to a new Fivehands ransomware variant. Retrieved June 24, 2021.
Internal MISP references
UUID 33955c35-e8cd-4486-b1ab-6f992319c81c
which can be used as unique global reference for NCC Group Fivehands June 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-24T00:00:00Z |
date_published | 2021-06-15T00:00:00Z |
source | MITRE |
title | Handy guide to a new Fivehands ransomware variant |
Apple Developer Doco Hardened Runtime
Apple Inc.. (2021, January 1). Hardened Runtime: Manage security protections and resource access for your macOS apps.. Retrieved March 24, 2021.
Internal MISP references
UUID b41de1e5-63ab-4556-a61f-3baca1873283
which can be used as unique global reference for Apple Developer Doco Hardened Runtime
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-24T00:00:00Z |
date_published | 2021-01-01T00:00:00Z |
source | MITRE |
title | Hardened Runtime: Manage security protections and resource access for your macOS apps. |
FireEye APT34 July 2019
Bromiley, M., et al.. (2019, July 18). Hard Pass: Declining APT34’s Invite to Join Their Professional Network. Retrieved August 26, 2019.
Internal MISP references
UUID 09a00ded-1afc-4555-894e-a151162796eb
which can be used as unique global reference for FireEye APT34 July 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-08-26T00:00:00Z |
date_published | 2019-07-18T00:00:00Z |
source | MITRE |
title | Hard Pass: Declining APT34’s Invite to Join Their Professional Network |
GitHub Hashjacking
Dunning, J. (2016, August 1). Hashjacking. Retrieved December 21, 2017.
Internal MISP references
UUID d31f6612-c552-45e1-bf6b-889fe619ab5f
which can be used as unique global reference for GitHub Hashjacking
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-21T00:00:00Z |
date_published | 2016-08-01T00:00:00Z |
source | MITRE |
title | Hashjacking |
FireEye HawkEye Malware July 2017
Swapnil Patil, Yogesh Londhe. (2017, July 25). HawkEye Credential Theft Malware Distributed in Recent Phishing Campaign. Retrieved June 18, 2019.
Internal MISP references
UUID 7ad228a8-5450-45ec-86fc-ea038f7c6ef7
which can be used as unique global reference for FireEye HawkEye Malware July 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-18T00:00:00Z |
date_published | 2017-07-25T00:00:00Z |
source | MITRE |
title | HawkEye Credential Theft Malware Distributed in Recent Phishing Campaign |
Specter Ops - Cloud Credential Storage
Maddalena, C.. (2018, September 12). Head in the Clouds. Retrieved October 4, 2019.
Internal MISP references
UUID 95d6d1ce-ceba-48ee-88c4-0fb30058bd80
which can be used as unique global reference for Specter Ops - Cloud Credential Storage
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-04T00:00:00Z |
date_published | 2018-09-12T00:00:00Z |
source | MITRE |
title | Head in the Clouds |
Securelist Dtrack2
KONSTANTIN ZYKOV. (2019, September 23). Hello! My name is Dtrack. Retrieved September 30, 2022.
Internal MISP references
UUID a011b68a-30e0-4204-9bf3-fa73f2a238b4
which can be used as unique global reference for Securelist Dtrack2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-30T00:00:00Z |
date_published | 2019-09-23T00:00:00Z |
source | MITRE |
title | Hello! My name is Dtrack |
Securelist Dtrack
Konstantin Zykov. (2019, September 23). Hello! My name is Dtrack. Retrieved January 20, 2021.
Internal MISP references
UUID 49bd8841-a4b5-4ced-adfa-0ad0c8625ccd
which can be used as unique global reference for Securelist Dtrack
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-20T00:00:00Z |
date_published | 2019-09-23T00:00:00Z |
source | MITRE |
title | Hello! My name is Dtrack |
Baggett 2012
Baggett, M. (2012, November 8). Help eliminate unquoted path vulnerabilities. Retrieved December 4, 2014.
Internal MISP references
UUID 9b234329-5e05-4035-af38-dd8ab20fd68e
which can be used as unique global reference for Baggett 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-04T00:00:00Z |
date_published | 2012-11-08T00:00:00Z |
source | MITRE |
title | Help eliminate unquoted path vulnerabilities |
Help eliminate unquoted path
Mark Baggett. (2012, November 8). Help eliminate unquoted path vulnerabilities. Retrieved November 8, 2012.
Internal MISP references
UUID 23ad5a8c-cbe1-4f40-8757-f1784a4003a1
which can be used as unique global reference for Help eliminate unquoted path
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2012-11-08T00:00:00Z |
date_published | 2012-11-08T00:00:00Z |
source | MITRE |
title | Help eliminate unquoted path vulnerabilities |
Default VBS macros Blocking
Kellie Eickmeyer. (2022, February 7). Helping users stay safe: Blocking internet macros by default in Office. Retrieved February 7, 2022.
Internal MISP references
UUID d86883dd-3766-4971-91c7-b205ed13cc37
which can be used as unique global reference for Default VBS macros Blocking
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-07T00:00:00Z |
date_published | 2022-02-07T00:00:00Z |
source | MITRE |
title | Helping users stay safe: Blocking internet macros by default in Office |
Twitter CMSTP Usage Jan 2018
Carr, N. (2018, January 31). Here is some early bad cmstp.exe... Retrieved April 11, 2018.
Internal MISP references
UUID 836621f3-83e1-4c55-8e3b-740fc9ba1e46
which can be used as unique global reference for Twitter CMSTP Usage Jan 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-11T00:00:00Z |
date_published | 2018-01-31T00:00:00Z |
source | MITRE |
title | Here is some early bad cmstp.exe.. |
ESET Hermetic Wiper February 2022
ESET. (2022, February 24). HermeticWiper: New data wiping malware hits Ukraine. Retrieved March 25, 2022.
Internal MISP references
UUID 07ef66e8-195b-4afe-a518-ce9e77220038
which can be used as unique global reference for ESET Hermetic Wiper February 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-25T00:00:00Z |
date_published | 2022-02-24T00:00:00Z |
source | MITRE |
title | HermeticWiper: New data wiping malware hits Ukraine |
SentinelOne Hermetic Wiper February 2022
Guerrero-Saade, J. (2022, February 23). HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine. Retrieved March 25, 2022.
Internal MISP references
UUID 96825555-1936-4ee3-bb25-423dc16a9116
which can be used as unique global reference for SentinelOne Hermetic Wiper February 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-25T00:00:00Z |
date_published | 2022-02-23T00:00:00Z |
source | MITRE |
title | HermeticWiper |
Dragos Hexane
Dragos. (n.d.). Hexane. Retrieved October 27, 2019.
Internal MISP references
UUID 11838e67-5032-4352-ad1f-81ba0398a14f
which can be used as unique global reference for Dragos Hexane
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-27T00:00:00Z |
source | MITRE |
title | Hexane |
Sourceforge Heyoka 2022
Sourceforge. (n.d.). Heyoka POC Exfiltration Tool. Retrieved October 11, 2022.
Internal MISP references
UUID f6677391-cb7a-4abc-abb7-3a8cd47fbc90
which can be used as unique global reference for Sourceforge Heyoka 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-10-11T00:00:00Z |
source | MITRE |
title | Heyoka POC Exfiltration Tool |
Hh.exe - LOLBAS Project
LOLBAS. (2018, May 25). Hh.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 4e09bfcf-f5be-46c5-9ebf-8742ac8d1edc
which can be used as unique global reference for Hh.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Hh.exe |
CrowdStrike BloodHound April 2018
Red Team Labs. (2018, April 24). Hidden Administrative Accounts: BloodHound to the Rescue. Retrieved October 28, 2020.
Internal MISP references
UUID fa99f290-e42c-4311-9f6d-c519c9ab89fe
which can be used as unique global reference for CrowdStrike BloodHound April 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-28T00:00:00Z |
date_published | 2018-04-24T00:00:00Z |
source | MITRE |
title | Hidden Administrative Accounts: BloodHound to the Rescue |
McAfee Bankshot
Sherstobitoff, R. (2018, March 08). Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant. Retrieved May 18, 2018.
Internal MISP references
UUID c748dc6c-8c19-4a5c-840f-3d47955a6c78
which can be used as unique global reference for McAfee Bankshot
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-18T00:00:00Z |
date_published | 2018-03-08T00:00:00Z |
source | MITRE |
title | Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant |
Pfammatter - Hidden Inbox Rules
Damian Pfammatter. (2018, September 17). Hidden Inbox Rules in Microsoft Exchange. Retrieved October 12, 2021.
Internal MISP references
UUID 8a00b664-5a75-4365-9069-a32e0ed20a80
which can be used as unique global reference for Pfammatter - Hidden Inbox Rules
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-12T00:00:00Z |
date_published | 2018-09-17T00:00:00Z |
source | MITRE |
title | Hidden Inbox Rules in Microsoft Exchange |
Hidden VNC
Hutchins, Marcus. (2015, September 13). Hidden VNC for Beginners. Retrieved November 28, 2023.
Internal MISP references
UUID 1d50ce73-ad6a-5286-8ef9-0b2bfed321dc
which can be used as unique global reference for Hidden VNC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-28T00:00:00Z |
date_published | 2015-09-13T00:00:00Z |
source | MITRE |
title | Hidden VNC for Beginners |
Intezer HiddenWasp Map 2019
Sanmillan, I. (2019, May 29). HiddenWasp Malware Stings Targeted Linux Systems. Retrieved June 24, 2019.
Internal MISP references
UUID dfef8451-031b-42a6-8b78-d25950cc9d23
which can be used as unique global reference for Intezer HiddenWasp Map 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-24T00:00:00Z |
date_published | 2019-05-29T00:00:00Z |
source | MITRE |
title | HiddenWasp Malware Stings Targeted Linux Systems |
Apple Support Hide a User Account
Apple. (2020, November 30). Hide a user account in macOS. Retrieved December 10, 2021.
Internal MISP references
UUID e901df3b-76a6-41a5-9083-b28065e75aa2
which can be used as unique global reference for Apple Support Hide a User Account
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-10T00:00:00Z |
date_published | 2020-11-30T00:00:00Z |
source | MITRE |
title | Hide a user account in macOS |
Malwarebytes Wow6432Node 2016
Arntz, P. (2016, March 30). Hiding in Plain Sight. Retrieved August 3, 2020.
Internal MISP references
UUID d4eba34c-d76b-45b4-bcaf-0f13459daaad
which can be used as unique global reference for Malwarebytes Wow6432Node 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-03T00:00:00Z |
date_published | 2016-03-30T00:00:00Z |
source | MITRE |
title | Hiding in Plain Sight |
FireEye APT17
FireEye Labs/FireEye Threat Intelligence. (2015, May 14). Hiding in Plain Sight: FireEye and Microsoft Expose Obfuscation Tactic. Retrieved January 22, 2016.
Internal MISP references
UUID a303f97a-72dd-4833-bac7-a421addc3242
which can be used as unique global reference for FireEye APT17
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-22T00:00:00Z |
date_published | 2015-05-14T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Hiding in Plain Sight: FireEye and Microsoft Expose Obfuscation Tactic |
Crowdstrike Hiding in Plain Sight 2018
Crowdstrike. (2018, July 18). Hiding in Plain Sight: Using the Office 365 Activities API to Investigate Business Email Compromises. Retrieved January 19, 2020.
Internal MISP references
UUID 8612fb31-5806-47ca-ba43-265a590b61fb
which can be used as unique global reference for Crowdstrike Hiding in Plain Sight 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-01-19T00:00:00Z |
date_published | 2018-07-18T00:00:00Z |
source | MITRE |
title | Hiding in Plain Sight: Using the Office 365 Activities API to Investigate Business Email Compromises |
Hiding Malicious Code with Module Stomping
Aliz Hammond. (2019, August 15). Hiding Malicious Code with "Module Stomping": Part 1. Retrieved July 14, 2022.
Internal MISP references
UUID 88983d22-980d-4442-858a-3b70ec485b94
which can be used as unique global reference for Hiding Malicious Code with Module Stomping
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-14T00:00:00Z |
date_published | 2019-08-15T00:00:00Z |
source | MITRE |
title | Hiding Malicious Code with "Module Stomping": Part 1 |
SpectorOps Hiding Reg Jul 2017
Reitz, B. (2017, July 14). Hiding Registry keys with PSReflect. Retrieved August 9, 2018.
Internal MISP references
UUID 877a5ae4-ec5f-4f53-b69d-ba74ff9e1619
which can be used as unique global reference for SpectorOps Hiding Reg Jul 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-09T00:00:00Z |
date_published | 2017-07-14T00:00:00Z |
source | MITRE |
title | Hiding Registry keys with PSReflect |
FireEye SUNBURST Backdoor December 2020
FireEye. (2020, December 13). Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor. Retrieved January 4, 2021.
Internal MISP references
UUID d006ed03-a8af-4887-9356-3481d81d43e4
which can be used as unique global reference for FireEye SUNBURST Backdoor December 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-04T00:00:00Z |
date_published | 2020-12-13T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor |
Redirectors_Domain_Fronting
Mudge, R. (2017, February 6). High-reputation Redirectors and Domain Fronting. Retrieved July 11, 2022.
Internal MISP references
UUID 42c81d97-b6ee-458e-bff3-e8c4de882cd6
which can be used as unique global reference for Redirectors_Domain_Fronting
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-11T00:00:00Z |
date_published | 2017-02-06T00:00:00Z |
source | MITRE |
title | High-reputation Redirectors and Domain Fronting |
Synack Secure Kernel Extension Broken
Wardle, P. (2017, September 8). High Sierra’s ‘Secure Kernel Extension Loading’ is Broken. Retrieved April 6, 2018.
Internal MISP references
UUID 647f6be8-fe95-4045-8778-f7d7ff00c96c
which can be used as unique global reference for Synack Secure Kernel Extension Broken
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-06T00:00:00Z |
date_published | 2017-09-08T00:00:00Z |
source | MITRE |
title | High Sierra’s ‘Secure Kernel Extension Loading’ is Broken |
Unit 42 Hildegard Malware
Chen, J. et al. (2021, February 3). Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes. Retrieved April 5, 2021.
Internal MISP references
UUID 0941cf0e-75d8-4c96-bc42-c99d809e75f9
which can be used as unique global reference for Unit 42 Hildegard Malware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-05T00:00:00Z |
date_published | 2021-02-03T00:00:00Z |
source | MITRE |
title | Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes |
Drakonia HInvoke
drakonia. (2022, August 10). HInvoke and avoiding PInvoke. Retrieved August 22, 2022.
Internal MISP references
UUID 11d936fd-aba0-4eed-8007-aca71c340c59
which can be used as unique global reference for Drakonia HInvoke
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-22T00:00:00Z |
date_published | 2022-08-10T00:00:00Z |
source | MITRE |
title | HInvoke and avoiding PInvoke |
Hive Ransomware Analysis | Kroll
Stephen Green, Elio Biasiotto. (2023, February 2). Hive Ransomware Analysis | Kroll. Retrieved May 7, 2023.
Internal MISP references
UUID f5e43446-04ea-4dcd-be3a-22f8b10b8aa1
which can be used as unique global reference for Hive Ransomware Analysis | Kroll
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2023-02-02T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Hive Ransomware Analysis |
Microsoft CurrentControlSet Services
Microsoft. (2017, April 20). HKLM\SYSTEM\CurrentControlSet\Services Registry Tree. Retrieved March 16, 2020.
Internal MISP references
UUID cb9b5391-773f-4b56-8c41-d4f548c7b835
which can be used as unique global reference for Microsoft CurrentControlSet Services
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-16T00:00:00Z |
date_published | 2017-04-20T00:00:00Z |
source | MITRE |
title | HKLM\SYSTEM\CurrentControlSet\Services Registry Tree |
microsoft_services_registry_tree
Microsoft. (2021, August 5). HKLM\SYSTEM\CurrentControlSet\Services Registry Tree. Retrieved August 25, 2021.
Internal MISP references
UUID 171cfdf1-d91c-4df3-831e-89b6237e3c8b
which can be used as unique global reference for microsoft_services_registry_tree
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-25T00:00:00Z |
date_published | 2021-08-05T00:00:00Z |
source | MITRE |
title | HKLM\SYSTEM\CurrentControlSet\Services Registry Tree |
Accenture Hogfish April 2018
Accenture Security. (2018, April 23). Hogfish Redleaves Campaign. Retrieved July 2, 2018.
Internal MISP references
UUID c8e9fee1-9981-499f-a62f-ffe59f4bb1e7
which can be used as unique global reference for Accenture Hogfish April 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-02T00:00:00Z |
date_published | 2018-04-23T00:00:00Z |
source | MITRE |
title | Hogfish Redleaves Campaign |
Proofpoint Router Malvertising
Kafeine. (2016, December 13). Home Routers Under Attack via Malvertising on Windows, Android Devices. Retrieved January 16, 2019.
Internal MISP references
UUID b964139f-7c02-451d-8d22-a87975e60aa2
which can be used as unique global reference for Proofpoint Router Malvertising
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-01-16T00:00:00Z |
date_published | 2016-12-13T00:00:00Z |
source | MITRE |
title | Home Routers Under Attack via Malvertising on Windows, Android Devices |
Trustwave Honeypot SkidMap 2023
Radoslaw Zdonczyk. (2023, July 30). Honeypot Recon: New Variant of SkidMap Targeting Redis. Retrieved September 29, 2023.
Internal MISP references
UUID 300505ae-bb7a-503d-84c5-9ff021eb6f3a
which can be used as unique global reference for Trustwave Honeypot SkidMap 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-29T00:00:00Z |
date_published | 2023-07-30T00:00:00Z |
source | MITRE |
title | Honeypot Recon: New Variant of SkidMap Targeting Redis |
Microsoft Hook Overview
Microsoft. (n.d.). Hooks Overview. Retrieved December 12, 2017.
Internal MISP references
UUID 54997a52-f78b-4af4-8916-787bcb215ce1
which can be used as unique global reference for Microsoft Hook Overview
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-12T00:00:00Z |
source | MITRE |
title | Hooks Overview |
SpectorOps Host-Based Jul 2017
Atkinson, J. (2017, July 18). Host-based Threat Modeling & Indicator Design. Retrieved March 21, 2018.
Internal MISP references
UUID 5fbf3a1d-eac2-44b8-a0a9-70feca168647
which can be used as unique global reference for SpectorOps Host-Based Jul 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-21T00:00:00Z |
date_published | 2017-07-18T00:00:00Z |
source | MITRE |
title | Host-based Threat Modeling & Indicator Design |
Crowdstrike AWS User Federation Persistence
Vaishnav Murthy and Joel Eng. (2023, January 30). How Adversaries Can Persist with AWS User Federation. Retrieved March 10, 2023.
Internal MISP references
UUID 8c4f806c-b6f2-5bde-8525-05da6692e59c
which can be used as unique global reference for Crowdstrike AWS User Federation Persistence
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-10T00:00:00Z |
date_published | 2023-01-30T00:00:00Z |
source | MITRE |
title | How Adversaries Can Persist with AWS User Federation |
Andy Greenberg June 2017
Andy Greenberg. (2017, June 28). How an Entire Nation Became Russia's Test Lab for Cyberwar. Retrieved September 27, 2023.
Internal MISP references
UUID 6a013c48-3b58-5b87-9af5-0b7d01f27c48
which can be used as unique global reference for Andy Greenberg June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-27T00:00:00Z |
date_published | 2017-06-28T00:00:00Z |
source | MITRE |
title | How an Entire Nation Became Russia's Test Lab for Cyberwar |
Symantec Digital Certificates
Shinotsuka, H. (2013, February 22). How Attackers Steal Private Keys from Digital Certificates. Retrieved March 31, 2016.
Internal MISP references
UUID 4b4f0171-827d-45c3-8c89-66ea801e77e8
which can be used as unique global reference for Symantec Digital Certificates
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-31T00:00:00Z |
date_published | 2013-02-22T00:00:00Z |
source | MITRE |
title | How Attackers Steal Private Keys from Digital Certificates |
ADSecurity Silver Tickets
Sean Metcalf. (2015, November 17). How Attackers Use Kerberos Silver Tickets to Exploit Systems. Retrieved February 27, 2020.
Internal MISP references
UUID 5185560e-b8f0-4c40-8c90-cb12348a0f7f
which can be used as unique global reference for ADSecurity Silver Tickets
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-27T00:00:00Z |
date_published | 2015-11-17T00:00:00Z |
source | MITRE |
title | How Attackers Use Kerberos Silver Tickets to Exploit Systems |
Amazon S3 Security, 2019
Amazon. (2019, May 17). How can I secure the files in my Amazon S3 bucket?. Retrieved October 4, 2019.
Internal MISP references
UUID 4c434ca5-2544-45e0-82d9-71343d8aa960
which can be used as unique global reference for Amazon S3 Security, 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-04T00:00:00Z |
date_published | 2019-05-17T00:00:00Z |
source | MITRE |
title | How can I secure the files in my Amazon S3 bucket? |
Microsoft Connection Manager Oct 2009
Microsoft. (2009, October 8). How Connection Manager Works. Retrieved April 11, 2018.
Internal MISP references
UUID 0b0880a8-82cc-4e23-afd9-95d099c753a4
which can be used as unique global reference for Microsoft Connection Manager Oct 2009
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-11T00:00:00Z |
date_published | 2009-10-08T00:00:00Z |
source | MITRE |
title | How Connection Manager Works |
Kaspersky-masking
Dedenok, Roman. (2023, December 12). How cybercriminals disguise URLs. Retrieved January 17, 2024.
Internal MISP references
UUID 811eb587-effd-50ad-abb4-83221cc5d567
which can be used as unique global reference for Kaspersky-masking
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-17T00:00:00Z |
date_published | 2023-12-12T00:00:00Z |
source | MITRE |
title | How cybercriminals disguise URLs |
dns_changer_trojans
Abendan, O. (2012, June 14). How DNS Changer Trojans Direct Users to Threats. Retrieved October 28, 2021.
Internal MISP references
UUID 082a0fde-d9f9-45f2-915d-f14c77b62254
which can be used as unique global reference for dns_changer_trojans
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-28T00:00:00Z |
date_published | 2012-06-14T00:00:00Z |
source | MITRE |
title | How DNS Changer Trojans Direct Users to Threats |
Entrust Enable CAPI2 Aug 2017
Entrust Datacard. (2017, August 16). How do I enable CAPI 2.0 logging in Windows Vista, Windows 7 and Windows 2008 Server?. Retrieved January 31, 2018.
Internal MISP references
UUID ad6dfcab-792a-4b4d-8ada-aa418e2ea1aa
which can be used as unique global reference for Entrust Enable CAPI2 Aug 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-31T00:00:00Z |
date_published | 2017-08-16T00:00:00Z |
source | MITRE |
title | How do I enable CAPI 2.0 logging in Windows Vista, Windows 7 and Windows 2008 Server? |
Apple Culprit Access
rjben. (2012, May 30). How do you find the culprit when unauthorized access to a computer is a problem?. Retrieved August 3, 2022.
Internal MISP references
UUID 9254d3f5-7fc1-4710-b885-b0ddb3a3dca9
which can be used as unique global reference for Apple Culprit Access
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-03T00:00:00Z |
date_published | 2012-05-30T00:00:00Z |
source | MITRE |
title | How do you find the culprit when unauthorized access to a computer is a problem? |
SFX - Encrypted/Encoded File
Jai Minton. (2023, March 31). How Falcon OverWatch Investigates Malicious Self-Extracting Archives, Decoy Files and Their Hidden Payloads. Retrieved March 29, 2024.
Internal MISP references
UUID 55171e0e-6b6d-568c-941a-85adcafceb43
which can be used as unique global reference for SFX - Encrypted/Encoded File
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-29T00:00:00Z |
date_published | 2023-03-31T00:00:00Z |
source | MITRE |
title | How Falcon OverWatch Investigates Malicious Self-Extracting Archives, Decoy Files and Their Hidden Payloads |
DOJ FIN7 Aug 2018
Department of Justice. (2018, August 01). HOW FIN7 ATTACKED AND STOLE DATA. Retrieved August 24, 2018.
Internal MISP references
UUID 6a588eff-2b79-41c3-9834-613a628a0355
which can be used as unique global reference for DOJ FIN7 Aug 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-24T00:00:00Z |
date_published | 2018-08-01T00:00:00Z |
source | MITRE |
title | HOW FIN7 ATTACKED AND STOLE DATA |
Charles McLellan March 2016
Charles McLellan. (2016, March 4). How hackers attacked Ukraine's power grid: Implications for Industrial IoT security. Retrieved September 27, 2023.
Internal MISP references
UUID a9156c24-42ad-5f15-a18e-2382f84d702e
which can be used as unique global reference for Charles McLellan March 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-27T00:00:00Z |
date_published | 2016-03-04T00:00:00Z |
source | MITRE |
title | How hackers attacked Ukraine's power grid: Implications for Industrial IoT security |
Cyware Social Media
Cyware Hacker News. (2019, October 2). How Hackers Exploit Social Media To Break Into Your Company. Retrieved October 20, 2020.
Internal MISP references
UUID e6136a63-81fe-4363-8d98-f7d1e85a0f2b
which can be used as unique global reference for Cyware Social Media
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2019-10-02T00:00:00Z |
source | MITRE |
title | How Hackers Exploit Social Media To Break Into Your Company |
malware_hides_service
Lawrence Abrams. (2004, September 10). How Malware hides and is installed as a Service. Retrieved August 30, 2021.
Internal MISP references
UUID c5982f65-1782-452a-9667-a8732d31e89a
which can be used as unique global reference for malware_hides_service
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-30T00:00:00Z |
date_published | 2004-09-10T00:00:00Z |
source | MITRE |
title | How Malware hides and is installed as a Service |
S1 macOs Persistence
Stokes, P. (2019, July 17). How Malware Persists on macOS. Retrieved March 27, 2020.
Internal MISP references
UUID ce952a0d-9c0d-4a51-9564-7cc5d9e43e2c
which can be used as unique global reference for S1 macOs Persistence
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-27T00:00:00Z |
date_published | 2019-07-17T00:00:00Z |
source | MITRE |
title | How Malware Persists on macOS |
sentinelone macos persist Jun 2019
Stokes, Phil. (2019, June 17). HOW MALWARE PERSISTS ON MACOS. Retrieved September 10, 2019.
Internal MISP references
UUID 81a49043-cac5-40e0-a626-fd242d21c56d
which can be used as unique global reference for sentinelone macos persist Jun 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-10T00:00:00Z |
date_published | 2019-06-17T00:00:00Z |
source | MITRE |
title | HOW MALWARE PERSISTS ON MACOS |
Kaspersky Autofill
Golubev, S. (n.d.). How malware steals autofill data from browsers. Retrieved March 28, 2023.
Internal MISP references
UUID 561ff84d-17ce-511c-af0c-059310f3c129
which can be used as unique global reference for Kaspersky Autofill
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-28T00:00:00Z |
source | MITRE |
title | How malware steals autofill data from browsers |
Microsoft Threat Actor Naming July 2023
Microsoft . (2023, July 12). How Microsoft names threat actors. Retrieved November 17, 2023.
Internal MISP references
UUID 78a8137d-694e-533d-aed3-6bd48fc0cd4a
which can be used as unique global reference for Microsoft Threat Actor Naming July 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-17T00:00:00Z |
date_published | 2023-07-12T00:00:00Z |
source | MITRE |
title | How Microsoft names threat actors |
Microsoft Threat Actor Naming
diannegali, schmurky, Dansimp, chrisda, Stacyrch140. (2023, April 20). How Microsoft names threat actors. Retrieved June 22, 2023.
Internal MISP references
UUID de9cda86-0b23-4bc8-b524-e74fecf99448
which can be used as unique global reference for Microsoft Threat Actor Naming
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-22T00:00:00Z |
date_published | 2023-04-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | How Microsoft names threat actors |
TheEclecticLightCompany apple notarization
How Notarization Works. (2020, August 28). How notarization works. Retrieved September 13, 2021.
Internal MISP references
UUID 80c840ab-782a-4f15-bc7b-2d2ab4e51702
which can be used as unique global reference for TheEclecticLightCompany apple notarization
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-13T00:00:00Z |
date_published | 2020-08-28T00:00:00Z |
source | MITRE |
title | How notarization works |
SentinelOne AppleScript
Phil Stokes. (2020, March 16). How Offensive Actors Use AppleScript For Attacking macOS. Retrieved July 17, 2020.
Internal MISP references
UUID bb6aafcb-ed30-404a-a9d9-b90503a0ec7c
which can be used as unique global reference for SentinelOne AppleScript
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-17T00:00:00Z |
date_published | 2020-03-16T00:00:00Z |
source | MITRE |
title | How Offensive Actors Use AppleScript For Attacking macOS |
SecureWorld - How Secure Is Your Slack Channel - Dec 2021
Drew Todd. (2021, December 28). How Secure Is Your Slack Channel?. Retrieved May 31, 2022.
Internal MISP references
UUID 78199414-7b5e-45d8-8bda-d6f5a7c3988b
which can be used as unique global reference for SecureWorld - How Secure Is Your Slack Channel - Dec 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-31T00:00:00Z |
date_published | 2021-12-28T00:00:00Z |
source | MITRE |
title | How Secure Is Your Slack Channel? |
Windows OS Hub RDP
Windows OS Hub. (2021, November 10). How to Allow Multiple RDP Sessions in Windows 10 and 11?. Retrieved March 28, 2022.
Internal MISP references
UUID 335480f8-8f40-4da7-b083-6a4b158496c1
which can be used as unique global reference for Windows OS Hub RDP
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-28T00:00:00Z |
date_published | 2021-11-10T00:00:00Z |
source | MITRE |
title | How to Allow Multiple RDP Sessions in Windows 10 and 11? |
Xpn Argue Like Cobalt 2019
Chester, A. (2019, January 28). How to Argue like Cobalt Strike. Retrieved November 19, 2021.
Internal MISP references
UUID 724464f6-1a86-46e3-9a81-192b136c73ba
which can be used as unique global reference for Xpn Argue Like Cobalt 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-11-19T00:00:00Z |
date_published | 2019-01-28T00:00:00Z |
source | MITRE |
title | How to Argue like Cobalt Strike |
Seqrite DoubleExtension
Seqrite. (n.d.). How to avoid dual attack and vulnerable files with double extension?. Retrieved July 27, 2021.
Internal MISP references
UUID 77af0be9-174a-4330-8122-d0bd0c754973
which can be used as unique global reference for Seqrite DoubleExtension
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-07-27T00:00:00Z |
source | MITRE |
title | How to avoid dual attack and vulnerable files with double extension? |
BOA Telephone Scams
Bank of America. (n.d.). How to avoid telephone scams. Retrieved September 8, 2023.
Internal MISP references
UUID ee1abe19-f38b-5127-8377-f13f57f2abcb
which can be used as unique global reference for BOA Telephone Scams
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-08T00:00:00Z |
source | MITRE |
title | How to avoid telephone scams |
bypass_webproxy_filtering
Fehrman, B. (2017, April 13). How to Bypass Web-Proxy Filtering. Retrieved September 20, 2019.
Internal MISP references
UUID fab84597-99a0-4560-8c8c-11fd8c01d5fa
which can be used as unique global reference for bypass_webproxy_filtering
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-20T00:00:00Z |
date_published | 2017-04-13T00:00:00Z |
source | MITRE |
title | How to Bypass Web-Proxy Filtering |
Systemd Remote Control
Aaron Kili. (2018, January 16). How to Control Systemd Services on Remote Linux Server. Retrieved July 26, 2021.
Internal MISP references
UUID 0461b58e-400e-4e3e-b7c4-eed7a9b0fdd6
which can be used as unique global reference for Systemd Remote Control
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-07-26T00:00:00Z |
date_published | 2018-01-16T00:00:00Z |
source | MITRE |
title | How to Control Systemd Services on Remote Linux Server |
Microsoft Admin Shares
Microsoft. (n.d.). How to create and delete hidden or administrative shares on client computers. Retrieved November 20, 2014.
Internal MISP references
UUID 68d23cb0-b812-4d77-a3aa-34e24a923a50
which can be used as unique global reference for Microsoft Admin Shares
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-20T00:00:00Z |
source | MITRE |
title | How to create and delete hidden or administrative shares on client computers |
Delpy Mimikatz Crendential Manager
Delpy, B. (2017, December 12). howto ~ credential manager saved credentials. Retrieved November 23, 2020.
Internal MISP references
UUID 24c6027b-e0d2-4c0c-83af-4536a631ea85
which can be used as unique global reference for Delpy Mimikatz Crendential Manager
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-23T00:00:00Z |
date_published | 2017-12-12T00:00:00Z |
source | MITRE |
title | howto ~ credential manager saved credentials |
Stealthbits Overpass-the-Hash
Warren, J. (2019, February 26). How to Detect Overpass-the-Hash Attacks. Retrieved February 4, 2021.
Internal MISP references
UUID e0bf051c-21ab-4454-a6b0-31ae29b6e162
which can be used as unique global reference for Stealthbits Overpass-the-Hash
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-04T00:00:00Z |
date_published | 2019-02-26T00:00:00Z |
source | MITRE |
title | How to Detect Overpass-the-Hash Attacks |
Stealthbits Detect PtT 2019
Jeff Warren. (2019, February 19). How to Detect Pass-the-Ticket Attacks. Retrieved February 27, 2020.
Internal MISP references
UUID 5bdb759e-949d-4470-a4e4-925b6579da54
which can be used as unique global reference for Stealthbits Detect PtT 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-27T00:00:00Z |
date_published | 2019-02-19T00:00:00Z |
source | MITRE |
title | How to Detect Pass-the-Ticket Attacks |
WindowsIR Anti-Forensic Techniques
Carvey, H. (2013, July 23). HowTo: Determine/Detect the use of Anti-Forensics Techniques. Retrieved June 3, 2016.
Internal MISP references
UUID 646211a7-77be-4e5a-bd02-eeb70d67113d
which can be used as unique global reference for WindowsIR Anti-Forensic Techniques
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-03T00:00:00Z |
date_published | 2013-07-23T00:00:00Z |
source | MITRE |
title | HowTo: Determine/Detect the use of Anti-Forensics Techniques |
Microsoft Disable Autorun
Microsoft. (n.d.). How to disable the Autorun functionality in Windows. Retrieved April 20, 2016.
Internal MISP references
UUID 64bcc943-29be-4dd8-92c8-8a5dd94cbda4
which can be used as unique global reference for Microsoft Disable Autorun
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-20T00:00:00Z |
source | MITRE |
title | How to disable the Autorun functionality in Windows |
Superuser Linux Password Policies
Matutiae, M. (2014, August 6). How to display password policy information for a user (Ubuntu)?. Retrieved April 5, 2018.
Internal MISP references
UUID c0bbc881-594a-408c-86a2-211ce6279231
which can be used as unique global reference for Superuser Linux Password Policies
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-05T00:00:00Z |
date_published | 2014-08-06T00:00:00Z |
source | MITRE |
title | How to display password policy information for a user (Ubuntu)? |
Confluence Linux Command Line
Confluence Support. (2021, September 8). How to enable command line audit logging in linux. Retrieved September 23, 2021.
Internal MISP references
UUID 9ac72e5a-0b00-4936-9a78-bf2694d956c9
which can be used as unique global reference for Confluence Linux Command Line
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-23T00:00:00Z |
date_published | 2021-09-08T00:00:00Z |
source | MITRE |
title | How to enable command line audit logging in linux |
Atlassian Confluence Logging
Atlassian. (2018, January 9). How to Enable User Access Logging. Retrieved April 4, 2018.
Internal MISP references
UUID cd3ca4ce-c512-4612-94cc-3cf4d4dbba56
which can be used as unique global reference for Atlassian Confluence Logging
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-04T00:00:00Z |
date_published | 2018-01-09T00:00:00Z |
source | MITRE |
title | How to Enable User Access Logging |
Remote Shell Execution in Python
Abdou Rockikz. (2020, July). How to Execute Shell Commands in a Remote Machine in Python. Retrieved July 26, 2021.
Internal MISP references
UUID 4ea54256-42f9-4b35-8f9e-e595ab9be9ce
which can be used as unique global reference for Remote Shell Execution in Python
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-07-26T00:00:00Z |
date_published | 2020-07-01T00:00:00Z |
source | MITRE |
title | How to Execute Shell Commands in a Remote Machine in Python |
Find Wi-Fi Password on Mac
Ruslana Lishchuk. (2021, March 26). How to Find a Saved Wi-Fi Password on a Mac. Retrieved September 8, 2023.
Internal MISP references
UUID 695f3d20-7a46-5a4a-aef0-0a05a5e35304
which can be used as unique global reference for Find Wi-Fi Password on Mac
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-08T00:00:00Z |
date_published | 2021-03-26T00:00:00Z |
source | MITRE |
title | How to Find a Saved Wi-Fi Password on a Mac |
Microsoft Web Root OCT 2016
Microsoft. (2016, October 20). How to: Find the Web Application Root. Retrieved July 27, 2018.
Internal MISP references
UUID bce1230a-5303-4e58-97c9-3e65ecd714d3
which can be used as unique global reference for Microsoft Web Root OCT 2016
in MISP communities and other software using the MISP galaxy
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-27T00:00:00Z |
date_published | 2016-10-20T00:00:00Z |
source | MITRE |
title | How to: Find the Web Application Root |
Microsoft Replication ACL
Microsoft. (n.d.). How to grant the "Replicating Directory Changes" permission for the Microsoft Metadirectory Services ADMA service account. Retrieved December 4, 2017.
Internal MISP references
UUID 1b17e5ec-6f09-4668-949a-59be2d1f1b65
which can be used as unique global reference for Microsoft Replication ACL
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-04T00:00:00Z |
source | MITRE |
title | How to grant the "Replicating Directory Changes" permission for the Microsoft Metadirectory Services ADMA service account |
Hide GDM User Accounts
Ji Mingkui. (2021, June 17). How to Hide All The User Accounts in Ubuntu 20.04, 21.04 Login Screen. Retrieved March 15, 2022.
Internal MISP references
UUID 88c3c460-3792-4881-ae7d-031c8901610d
which can be used as unique global reference for Hide GDM User Accounts
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-15T00:00:00Z |
date_published | 2021-06-17T00:00:00Z |
source | MITRE |
title | How to Hide All The User Accounts in Ubuntu 20.04, 21.04 Login Screen |
Elastic COM Hijacking
Ewing, P. Strom, B. (2016, September 15). How to Hunt: Detecting Persistence & Evasion with the COM. Retrieved September 15, 2016.
Internal MISP references
UUID bb325d97-5f69-4645-82d8-fdd6badecd9d
which can be used as unique global reference for Elastic COM Hijacking
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-09-15T00:00:00Z |
date_published | 2016-09-15T00:00:00Z |
source | MITRE |
title | How to Hunt: Detecting Persistence & Evasion with the COM |
Elastic Masquerade Ball
Ewing, P. (2016, October 31). How to Hunt: The Masquerade Ball. Retrieved October 31, 2016.
Internal MISP references
UUID 29c17b60-f947-4482-afa6-c80ca5819d10
which can be used as unique global reference for Elastic Masquerade Ball
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-10-31T00:00:00Z |
date_published | 2016-10-31T00:00:00Z |
source | MITRE |
title | How to Hunt: The Masquerade Ball |
Linux Loadable Kernel Module Insert and Remove LKMs
Henderson, B. (2006, September 24). How To Insert And Remove LKMs. Retrieved April 9, 2018.
Internal MISP references
UUID 044d0df8-61e4-4a29-8a24-0bd1227d4317
which can be used as unique global reference for Linux Loadable Kernel Module Insert and Remove LKMs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-09T00:00:00Z |
date_published | 2006-09-24T00:00:00Z |
source | MITRE |
title | How To Insert And Remove LKMs |
DigiCert Install SSL Cert
DigiCert. (n.d.). How to Install an SSL Certificate. Retrieved April 19, 2021.
Internal MISP references
UUID a1d7d368-6092-4421-99de-44e458deee21
which can be used as unique global reference for DigiCert Install SSL Cert
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-19T00:00:00Z |
source | MITRE |
title | How to Install an SSL Certificate |
HowToGeek ShowExtension
Chris Hoffman. (2017, March 8). How to Make Windows Show File Extensions. Retrieved August 4, 2021.
Internal MISP references
UUID 51584201-40a4-4e39-ad23-14453e1eea46
which can be used as unique global reference for HowToGeek ShowExtension
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-04T00:00:00Z |
date_published | 2017-03-08T00:00:00Z |
source | MITRE |
title | How to Make Windows Show File Extensions |
Microsoft RDP Removal
Microsoft. (2021, September 24). How to remove entries from the Remote Desktop Connection Computer box. Retrieved June 15, 2022.
Internal MISP references
UUID 367d3f80-9b13-44fa-938a-744a95518571
which can be used as unique global reference for Microsoft RDP Removal
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-15T00:00:00Z |
date_published | 2021-09-24T00:00:00Z |
source | MITRE |
title | How to remove entries from the Remote Desktop Connection Computer box |
Startup Items Eclectic
hoakley. (2021, September 16). How to run an app or tool at startup. Retrieved October 5, 2021.
Internal MISP references
UUID 397be6f9-a109-4185-85f7-8d994fb31eaa
which can be used as unique global reference for Startup Items Eclectic
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-05T00:00:00Z |
date_published | 2021-09-16T00:00:00Z |
source | MITRE |
title | How to run an app or tool at startup |
Podman Systemd
Valentin Rothberg. (2022, March 16). How to run pods as systemd services with Podman. Retrieved February 15, 2024.
Internal MISP references
UUID 1657c650-7739-5ba3-8c95-b35cb74ee79f
which can be used as unique global reference for Podman Systemd
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-15T00:00:00Z |
date_published | 2022-03-16T00:00:00Z |
source | MITRE |
title | How to run pods as systemd services with Podman |
CrowdStrike Endpoint Security Testing Oct 2021
Radu Vlad, Liviu Arsene. (2021, October 15). How to Test Endpoint Security Efficacy and What to Expect. Retrieved March 7, 2024.
Internal MISP references
UUID 4cecfe1f-c1d2-4a71-ac17-0effd5f045df
which can be used as unique global reference for CrowdStrike Endpoint Security Testing Oct 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-07T00:00:00Z |
date_published | 2021-10-15T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | How to Test Endpoint Security Efficacy and What to Expect |
Microsoft Disable VBA Jan 2020
Microsoft. (2020, January 23). How to turn off Visual Basic for Applications when you deploy Office. Retrieved September 17, 2020.
Internal MISP references
UUID 104db93c-c5cd-431c-ac79-d76cb1694d7c
which can be used as unique global reference for Microsoft Disable VBA Jan 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-17T00:00:00Z |
date_published | 2020-01-23T00:00:00Z |
source | MITRE |
title | How to turn off Visual Basic for Applications when you deploy Office |
Microsoft Regsvr32
Microsoft. (2015, August 14). How to use the Regsvr32 tool and troubleshoot Regsvr32 error messages. Retrieved June 22, 2016.
Internal MISP references
UUID 723ec577-5ea8-4ced-b6c3-b7aaabe1d7e8
which can be used as unique global reference for Microsoft Regsvr32
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-22T00:00:00Z |
date_published | 2015-08-14T00:00:00Z |
source | MITRE |
title | How to use the Regsvr32 tool and troubleshoot Regsvr32 error messages |
Microsoft SAM
Microsoft. (2006, October 30). How to use the SysKey utility to secure the Windows Security Accounts Manager database. Retrieved August 3, 2016.
Internal MISP references
UUID bde9acb0-c1c3-44e1-b3b1-cfc0898baead
which can be used as unique global reference for Microsoft SAM
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-03T00:00:00Z |
date_published | 2006-10-30T00:00:00Z |
source | MITRE |
title | How to use the SysKey utility to secure the Windows Security Accounts Manager database |
AWS Traffic Mirroring
Amazon Web Services. (n.d.). How Traffic Mirroring works. Retrieved March 17, 2022.
Internal MISP references
UUID 6b77a2f3-39b8-4574-8dee-cde7ba9debff
which can be used as unique global reference for AWS Traffic Mirroring
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-17T00:00:00Z |
source | MITRE |
title | How Traffic Mirroring works |
Symantec Hydraq Persistence Jan 2010
Fitzgerald, P. (2010, January 26). How Trojan.Hydraq Stays On Your Computer. Retrieved February 22, 2018.
Internal MISP references
UUID b3ef4b78-2ed6-4cf4-afcc-4e4cb09d806a
which can be used as unique global reference for Symantec Hydraq Persistence Jan 2010
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-22T00:00:00Z |
date_published | 2010-01-26T00:00:00Z |
source | MITRE |
title | How Trojan.Hydraq Stays On Your Computer |
Microsoft UAC Nov 2018
Montemayor, D. et al.. (2018, November 15). How User Account Control works. Retrieved June 3, 2019.
Internal MISP references
UUID abda4184-18f9-4799-9c1f-3ba484473e35
which can be used as unique global reference for Microsoft UAC Nov 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-03T00:00:00Z |
date_published | 2018-11-15T00:00:00Z |
source | MITRE |
title | How User Account Control works |
TechNet How UAC Works
Lich, B. (2016, May 31). How User Account Control Works. Retrieved June 3, 2016.
Internal MISP references
UUID bbf8d1a3-115e-4bc8-be43-47ce3b295d45
which can be used as unique global reference for TechNet How UAC Works
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-03T00:00:00Z |
date_published | 2016-05-31T00:00:00Z |
source | MITRE |
title | How User Account Control Works |
PWC WellMess July 2020
PWC. (2020, July 16). How WellMess malware has been used to target COVID-19 vaccines. Retrieved September 24, 2020.
Internal MISP references
UUID 22794e37-3c55-444a-b659-e5a1a6bc2da0
which can be used as unique global reference for PWC WellMess July 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-24T00:00:00Z |
date_published | 2020-07-16T00:00:00Z |
source | MITRE |
title | How WellMess malware has been used to target COVID-19 vaccines |
Google Election Threats October 2020
Huntley, S. (2020, October 16). How We're Tackling Evolving Online Threats. Retrieved March 24, 2021.
Internal MISP references
UUID 8538a963-3e67-47fe-9afd-216b93a2be00
which can be used as unique global reference for Google Election Threats October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-24T00:00:00Z |
date_published | 2020-10-16T00:00:00Z |
source | MITRE |
title | How We're Tackling Evolving Online Threats |
Microsoft Credential Guard April 2017
Lich, B., Tobin, J. (2017, April 5). How Windows Defender Credential Guard works. Retrieved November 27, 2017.
Internal MISP references
UUID aa52db88-5d03-42ae-b371-6210d7079a84
which can be used as unique global reference for Microsoft Credential Guard April 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-27T00:00:00Z |
date_published | 2017-04-05T00:00:00Z |
source | MITRE |
title | How Windows Defender Credential Guard works |
NPPSPY Video
Grzegorz Tworek. (2021, December 14). How winlogon.exe shares the cleartext password with custom DLLs. Retrieved March 30, 2023.
Internal MISP references
UUID 6533d5df-7388-5c59-8c63-0923de34b61d
which can be used as unique global reference for NPPSPY Video
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-30T00:00:00Z |
date_published | 2021-12-14T00:00:00Z |
source | MITRE |
title | How winlogon.exe shares the cleartext password with custom DLLs |
BleepingComputer HPE January 24 2024
Lawrence Abrams. (2024, January 24). HPE: Russian hackers breached its security team’s email accounts. Retrieved February 5, 2024.
Internal MISP references
UUID fc77948f-332a-4e59-8c93-f430cbbbf68f
which can be used as unique global reference for BleepingComputer HPE January 24 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-05T00:00:00Z |
date_published | 2024-01-24T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | HPE: Russian hackers breached its security team’s email accounts |
Cylance Sodinokibi July 2019
Cylance. (2019, July 3). hreat Spotlight: Sodinokibi Ransomware. Retrieved August 4, 2020.
Internal MISP references
UUID 3ad8def7-3a8a-49bb-8f47-dea2e570c99e
which can be used as unique global reference for Cylance Sodinokibi July 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-04T00:00:00Z |
date_published | 2019-07-03T00:00:00Z |
source | MITRE |
title | hreat Spotlight: Sodinokibi Ransomware |
Wikipedia HTML Application
Wikipedia. (2017, October 14). HTML Application. Retrieved October 27, 2017.
Internal MISP references
UUID f1f76055-91f8-4977-9392-bed347e4f181
which can be used as unique global reference for Wikipedia HTML Application
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-10-27T00:00:00Z |
date_published | 2017-10-14T00:00:00Z |
source | MITRE |
title | HTML Application |
MSDN HTML Applications
Microsoft. (n.d.). HTML Applications. Retrieved October 27, 2017.
Internal MISP references
UUID 2de103a8-8d72-40f9-b366-b908364dd090
which can be used as unique global reference for MSDN HTML Applications
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-10-27T00:00:00Z |
source | MITRE |
title | HTML Applications |
Microsoft HTML Help ActiveX
Microsoft. (n.d.). HTML Help ActiveX Control Overview. Retrieved October 3, 2018.
Internal MISP references
UUID ae5728bd-571a-451f-9ba3-3198067135b4
which can be used as unique global reference for Microsoft HTML Help ActiveX
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-03T00:00:00Z |
source | MITRE |
title | HTML Help ActiveX Control Overview |
Outlflank HTML Smuggling 2018
Hegt, S. (2018, August 14). HTML smuggling explained. Retrieved May 20, 2021.
Internal MISP references
UUID 9a99f431-4d15-47f8-a31b-4f98671cd95d
which can be used as unique global reference for Outlflank HTML Smuggling 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-20T00:00:00Z |
date_published | 2018-08-14T00:00:00Z |
source | MITRE |
title | HTML smuggling explained |
CrowdStrike Linux Rootkit
Kurtz, G. (2012, November 19). HTTP iframe Injecting Linux Rootkit. Retrieved December 21, 2017.
Internal MISP references
UUID eb3590bf-ff12-4ccd-bf9d-cf8eacd82135
which can be used as unique global reference for CrowdStrike Linux Rootkit
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-21T00:00:00Z |
date_published | 2012-11-19T00:00:00Z |
source | MITRE |
title | HTTP iframe Injecting Linux Rootkit |
Wikipedia HPKP
Wikipedia. (2017, February 28). HTTP Public Key Pinning. Retrieved March 31, 2017.
Internal MISP references
UUID 2da110e7-d3a8-433f-87c3-eb744adf811b
which can be used as unique global reference for Wikipedia HPKP
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-31T00:00:00Z |
date_published | 2017-02-28T00:00:00Z |
source | MITRE |
title | HTTP Public Key Pinning |
Cobalt Strike Arguments 2019
Mudge, R. (2019, January 2). https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue/. Retrieved November 19, 2021.
Internal MISP references
UUID e845f741-eabe-469b-97c1-f51a2aeb18b0
which can be used as unique global reference for Cobalt Strike Arguments 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-11-19T00:00:00Z |
date_published | 2019-01-02T00:00:00Z |
source | MITRE |
title | https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue/ |
Talos Discord Webhook Abuse
Nick Biasini, Edmund Brumaghin, Chris Neal, and Paul Eubanks. (2021, April 7). https://blog.talosintelligence.com/collab-app-abuse/. Retrieved July 20, 2023.
Internal MISP references
UUID affa93d8-5c8b-557d-80b4-1366df13d77a
which can be used as unique global reference for Talos Discord Webhook Abuse
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-20T00:00:00Z |
date_published | 2021-04-07T00:00:00Z |
source | MITRE |
title | https://blog.talosintelligence.com/collab-app-abuse/ |
Red Canary Emotet Feb 2019
Donohue, B.. (2019, February 13). https://redcanary.com/blog/stopping-emotet-before-it-moves-laterally/. Retrieved March 25, 2019.
Internal MISP references
UUID 132915dc-d906-4c23-b1e3-885af817b840
which can be used as unique global reference for Red Canary Emotet Feb 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-25T00:00:00Z |
date_published | 2019-02-13T00:00:00Z |
source | MITRE |
title | https://redcanary.com/blog/stopping-emotet-before-it-moves-laterally/ |
TechNet Removable Media Control
Microsoft. (2007, August 31). https://technet.microsoft.com/en-us/library/cc771759(v=ws.10).aspx. Retrieved April 20, 2016.
Internal MISP references
UUID db86cd0a-1188-4079-afed-1f986166a2e7
which can be used as unique global reference for TechNet Removable Media Control
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-20T00:00:00Z |
date_published | 2007-08-31T00:00:00Z |
source | MITRE |
title | https://technet.microsoft.com/en-us/library/cc771759(v=ws.10).aspx |
Chromium HSTS
Chromium. (n.d.). HTTP Strict Transport Security. Retrieved May 24, 2023.
Internal MISP references
UUID 1ad03be3-d863-5a55-a371-42b6d3b7ed31
which can be used as unique global reference for Chromium HSTS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-24T00:00:00Z |
source | MITRE |
title | HTTP Strict Transport Security |
CISA AA20-301A Kimsuky
CISA, FBI, CNMF. (2020, October 27). https://us-cert.cisa.gov/ncas/alerts/aa20-301a. Retrieved November 4, 2020.
Internal MISP references
UUID 685aa213-7902-46fb-b90a-64be5c851f73
which can be used as unique global reference for CISA AA20-301A Kimsuky
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-04T00:00:00Z |
date_published | 2020-10-27T00:00:00Z |
source | MITRE |
title | https://us-cert.cisa.gov/ncas/alerts/aa20-301a |
FireEye Targeted Attacks Middle East Banks
Singh, S., Yin, H. (2016, May 22). https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html. Retrieved April 5, 2018.
Internal MISP references
UUID fedb3a9d-4f9e-495c-ac92-d5457688608d
which can be used as unique global reference for FireEye Targeted Attacks Middle East Banks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-05T00:00:00Z |
date_published | 2016-05-22T00:00:00Z |
source | MITRE |
title | https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html |
Forbes Dyre May 2017
Brewster, T. (2017, May 4). https://www.forbes.com/sites/thomasbrewster/2017/05/04/dyre-hackers-stealing-millions-from-american-coporates/#601c77842a0a. Retrieved June 15, 2020.
Internal MISP references
UUID 8fb3ef2f-3652-4563-8921-2c601d1b9bc9
which can be used as unique global reference for Forbes Dyre May 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-15T00:00:00Z |
date_published | 2017-05-04T00:00:00Z |
source | MITRE |
title | https://www.forbes.com/sites/thomasbrewster/2017/05/04/dyre-hackers-stealing-millions-from-american-coporates/#601c77842a0a |
Microsoft Subscription Hijacking 2022
Dor Edry. (2022, August 24). Hunt for compromised Azure subscriptions using Microsoft Defender for Cloud Apps. Retrieved September 5, 2023.
Internal MISP references
UUID e5944e4c-76c6-55d1-97ec-8367b7f98c28
which can be used as unique global reference for Microsoft Subscription Hijacking 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-05T00:00:00Z |
date_published | 2022-08-24T00:00:00Z |
source | MITRE |
title | Hunt for compromised Azure subscriptions using Microsoft Defender for Cloud Apps |
crowdstrike bpf socket filters
Jamie Harries. (2022, May 25). Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun. Retrieved October 18, 2022.
Internal MISP references
UUID f68a59a1-cb07-4f58-b755-25c91938b611
which can be used as unique global reference for crowdstrike bpf socket filters
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-10-18T00:00:00Z |
date_published | 2022-05-25T00:00:00Z |
source | MITRE |
title | Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun |
Koczwara Beacon Hunting Sep 2021
Koczwara, M. (2021, September 7). Hunting Cobalt Strike C2 with Shodan. Retrieved October 12, 2021.
Internal MISP references
UUID e3984769-f6d7-43dd-8179-7df9d441512e
which can be used as unique global reference for Koczwara Beacon Hunting Sep 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-12T00:00:00Z |
date_published | 2021-09-07T00:00:00Z |
source | MITRE |
title | Hunting Cobalt Strike C2 with Shodan |
Fireeye Hunting COM June 2019
Hamilton, C. (2019, June 4). Hunting COM Objects. Retrieved June 10, 2019.
Internal MISP references
UUID 84311e46-cea1-486a-a737-c4a4946ab837
which can be used as unique global reference for Fireeye Hunting COM June 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-10T00:00:00Z |
date_published | 2019-06-04T00:00:00Z |
source | MITRE |
title | Hunting COM Objects |
Berba hunting linux systemd
Pepe Berba. (2022, January 30). Hunting for Persistence in Linux (Part 3): Systemd, Timers, and Cron. Retrieved March 20, 2023.
Internal MISP references
UUID 7dfd6a67-3935-506a-8661-1caa7eb508e2
which can be used as unique global reference for Berba hunting linux systemd
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-20T00:00:00Z |
date_published | 2022-01-30T00:00:00Z |
source | MITRE |
title | Hunting for Persistence in Linux (Part 3): Systemd, Timers, and Cron |
Elastic HuntingNMemory June 2017
Desimone, J. (2017, June 13). Hunting in Memory. Retrieved December 7, 2017.
Internal MISP references
UUID 8cd58716-4ff1-4ba2-b980-32c52cf7dee8
which can be used as unique global reference for Elastic HuntingNMemory June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-07T00:00:00Z |
date_published | 2017-06-13T00:00:00Z |
source | MITRE |
title | Hunting in Memory |
LogPoint Hunting LockBit
LogPoint. (n.d.). Hunting LockBit Variations using Logpoint. Retrieved May 19, 2023.
Internal MISP references
UUID 22aa7792-6296-4f16-826f-d0f1c55ddb2a
which can be used as unique global reference for LogPoint Hunting LockBit
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-19T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Hunting LockBit Variations using Logpoint |
Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023
FBI et al. (2023, May 9). Hunting Russian Intelligence “Snake” Malware. Retrieved June 8, 2023.
Internal MISP references
UUID 1931b80a-effb-59ec-acae-c0f17efb8cad
which can be used as unique global reference for Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-08T00:00:00Z |
date_published | 2023-05-09T00:00:00Z |
source | MITRE |
title | Hunting Russian Intelligence “Snake” Malware |
Falcon Sandbox smp: 28553b3a9d
Hybrid Analysis. (2018, July 11). HybridAnalsysis of sample 28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7. Retrieved September 8, 2023.
Internal MISP references
UUID f27ab4cb-1666-501a-aa96-537d2b2d1f08
which can be used as unique global reference for Falcon Sandbox smp: 28553b3a9d
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-08T00:00:00Z |
date_published | 2018-07-11T00:00:00Z |
source | MITRE |
title | HybridAnalsysis of sample 28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7 |
Wikipedia Hypervisor
Wikipedia. (2016, May 23). Hypervisor. Retrieved June 11, 2016.
Internal MISP references
UUID 1a6ae877-ef30-4d40-abd0-fde308f1a1f0
which can be used as unique global reference for Wikipedia Hypervisor
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-11T00:00:00Z |
date_published | 2016-05-23T00:00:00Z |
source | MITRE |
title | Hypervisor |
FireEye ADFS
Bierstock, D., Baker, A. (2019, March 21). I am AD FS and So Can You. Retrieved December 17, 2020.
Internal MISP references
UUID 6891eaf4-6857-4106-860c-1708d2a3bd33
which can be used as unique global reference for FireEye ADFS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-17T00:00:00Z |
date_published | 2019-03-21T00:00:00Z |
source | MITRE |
title | I am AD FS and So Can You |
AWS IAM Conditions
AWS. (n.d.). IAM JSON policy elements: Condition. Retrieved January 2, 2024.
Internal MISP references
UUID 0fabd95b-a8cc-5a03-9a48-ffac8e5c5e28
which can be used as unique global reference for AWS IAM Conditions
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-02T00:00:00Z |
source | MITRE |
title | IAM JSON policy elements: Condition |
AWS EKS IAM Roles for Service Accounts
Amazon Web Services. (n.d.). IAM roles for service accounts. Retrieved July 14, 2023.
Internal MISP references
UUID b2452f0e-93b0-55b7-add8-8338d171f0bf
which can be used as unique global reference for AWS EKS IAM Roles for Service Accounts
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-14T00:00:00Z |
source | MITRE |
title | IAM roles for service accounts |
Kaspersky IAmTheKing October 2020
Ivan Kwiatkowski, Pierre Delcher, Felix Aime. (2020, October 15). IAmTheKing and the SlothfulMedia malware family. Retrieved October 15, 2020.
Internal MISP references
UUID fe4050f3-1a73-4e98-9bf1-e8fb73a23b7a
which can be used as unique global reference for Kaspersky IAmTheKing October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-15T00:00:00Z |
date_published | 2020-10-15T00:00:00Z |
source | MITRE |
title | IAmTheKing and the SlothfulMedia malware family |
Amazon IAM Groups
Amazon. (n.d.). IAM user groups. Retrieved October 13, 2021.
Internal MISP references
UUID 16f6b02a-912b-42c6-8d32-4e4f11fa70ec
which can be used as unique global reference for Amazon IAM Groups
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-13T00:00:00Z |
source | MITRE |
title | IAM user groups |
IAPP
IAPP. (n.d.). Retrieved March 5, 2024.
Internal MISP references
UUID a7dac249-f34a-557c-94ea-b16723f7a4f7
which can be used as unique global reference for IAPP
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-05T00:00:00Z |
source | MITRE |
title | IAPP |
CrowdStrike IceApple May 2022
CrowdStrike. (2022, May). ICEAPPLE: A NOVEL INTERNET INFORMATION SERVICES (IIS) POST-EXPLOITATION FRAMEWORK. Retrieved June 27, 2022.
Internal MISP references
UUID 325988b8-1c7d-4296-83d6-bfcbe533b75e
which can be used as unique global reference for CrowdStrike IceApple May 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-27T00:00:00Z |
date_published | 2022-05-01T00:00:00Z |
source | MITRE |
title | ICEAPPLE: A NOVEL INTERNET INFORMATION SERVICES (IIS) POST-EXPLOITATION FRAMEWORK |
ICIT China's Espionage Jul 2016
Scott, J. and Spaniel, D. (2016, July 28). ICIT Brief - China’s Espionage Dynasty: Economic Death by a Thousand Cuts. Retrieved June 7, 2018.
Internal MISP references
UUID 1a824860-6978-454d-963a-a56414a4312b
which can be used as unique global reference for ICIT China's Espionage Jul 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-06-07T00:00:00Z |
date_published | 2016-07-28T00:00:00Z |
source | MITRE |
title | ICIT Brief - China’s Espionage Dynasty: Economic Death by a Thousand Cuts |
CISA ICS Advisory ICSA-10-272-01
CISA. (2010, September 10). ICS Advisory (ICSA-10-272-01). Retrieved December 7, 2020.
Internal MISP references
UUID 25b3c18c-e017-4773-91dd-b489220d4fcb
which can be used as unique global reference for CISA ICS Advisory ICSA-10-272-01
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-07T00:00:00Z |
date_published | 2010-09-10T00:00:00Z |
source | MITRE |
title | ICS Advisory (ICSA-10-272-01) |
US-CERT Ukraine Feb 2016
US-CERT. (2016, February 25). ICS Alert (IR-ALERT-H-16-056-01) Cyber-Attack Against Ukrainian Critical Infrastructure. Retrieved June 10, 2020.
Internal MISP references
UUID 403ea040-8c08-423f-99cb-d7e7852c16e4
which can be used as unique global reference for US-CERT Ukraine Feb 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-10T00:00:00Z |
date_published | 2016-02-25T00:00:00Z |
source | MITRE |
title | ICS Alert (IR-ALERT-H-16-056-01) Cyber-Attack Against Ukrainian Critical Infrastructure |
Dragos Threat Report 2020
Dragos. (n.d.). ICS Cybersecurity Year in Review 2020. Retrieved February 25, 2021.
Internal MISP references
UUID 8bb3147c-3178-4449-9978-f1248b1bcb0a
which can be used as unique global reference for Dragos Threat Report 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-25T00:00:00Z |
source | MITRE |
title | ICS Cybersecurity Year in Review 2020 |
id man page
MacKenzie, D. and Robbins, A. (n.d.). id(1) - Linux man page. Retrieved January 11, 2024.
Internal MISP references
UUID 158f088c-4d51-567d-bc58-be0b9a087c9a
which can be used as unique global reference for id man page
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-11T00:00:00Z |
source | MITRE |
title | id(1) - Linux man page |
Cisco Advisory SNMP v3 Authentication Vulnerabilities
Cisco. (2008, June 10). Identifying and Mitigating Exploitation of the SNMP Version 3 Authentication Vulnerabilities. Retrieved October 19, 2020.
Internal MISP references
UUID ed7897e5-21f0-49fa-9b26-c397eaebc88a
which can be used as unique global reference for Cisco Advisory SNMP v3 Authentication Vulnerabilities
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
date_published | 2008-06-10T00:00:00Z |
source | MITRE |
title | Identifying and Mitigating Exploitation of the SNMP Version 3 Authentication Vulnerabilities |
Resource and Data Forks
Flylib. (n.d.). Identifying Resource and Data Forks. Retrieved October 12, 2021.
Internal MISP references
UUID b8eaf053-40e0-414e-a89e-409dbf218554
which can be used as unique global reference for Resource and Data Forks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-12T00:00:00Z |
source | MITRE |
title | Identifying Resource and Data Forks |
AWS Identity Federation
Amazon. (n.d.). Identity Federation in AWS. Retrieved March 13, 2020.
Internal MISP references
UUID b55ac071-483b-4802-895f-ea4eaac1de92
which can be used as unique global reference for AWS Identity Federation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-13T00:00:00Z |
source | MITRE |
title | Identity Federation in AWS |
Microsoft GetNCCChanges
Microsoft. (n.d.). IDL_DRSGetNCChanges (Opnum 3). Retrieved December 4, 2017.
Internal MISP references
UUID 410570e4-b578-4838-a25d-f03d92fcf3cb
which can be used as unique global reference for Microsoft GetNCCChanges
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-04T00:00:00Z |
source | MITRE |
title | IDL_DRSGetNCChanges (Opnum 3) |
Ie4uinit.exe - LOLBAS Project
LOLBAS. (2018, May 25). Ie4uinit.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 01f9a368-5933-47a1-85a9-e5883a5ca266
which can be used as unique global reference for Ie4uinit.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Ie4uinit.exe |
Ieadvpack.dll - LOLBAS Project
LOLBAS. (2018, May 25). Ieadvpack.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 79943a49-23d6-499b-a022-7c2f8bd68aee
which can be used as unique global reference for Ieadvpack.dll - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Ieadvpack.dll |
iediagcmd.exe - LOLBAS Project
LOLBAS. (2022, March 29). iediagcmd.exe. Retrieved December 4, 2023.
Internal MISP references
UUID de238a18-2275-497e-adcf-453a016a24c4
which can be used as unique global reference for iediagcmd.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-03-29T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | iediagcmd.exe |
Wikipedia 802.1x
Wikipedia. (2018, March 30). IEEE 802.1X. Retrieved April 11, 2018.
Internal MISP references
UUID 5d382527-ffbd-486e-adbe-d60508567281
which can be used as unique global reference for Wikipedia 802.1x
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-11T00:00:00Z |
date_published | 2018-03-30T00:00:00Z |
source | MITRE |
title | IEEE 802.1X |
Ieexec.exe - LOLBAS Project
LOLBAS. (2018, May 25). Ieexec.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 91f31525-585d-4b71-83d7-9b7c2feacd34
which can be used as unique global reference for Ieexec.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Ieexec.exe |
Ieframe.dll - LOLBAS Project
LOLBAS. (2018, May 25). Ieframe.dll. Retrieved December 4, 2023.
Internal MISP references
UUID aab9c80d-1f1e-47ba-954d-65e7400054df
which can be used as unique global reference for Ieframe.dll - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Ieframe.dll |
Wikipedia Ifconfig
Wikipedia. (2016, January 26). ifconfig. Retrieved April 17, 2016.
Internal MISP references
UUID 7bb238d4-4571-4cd0-aab2-76797570724a
which can be used as unique global reference for Wikipedia Ifconfig
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-17T00:00:00Z |
date_published | 2016-01-26T00:00:00Z |
source | MITRE |
title | ifconfig |
EFF Manul Aug 2016
Galperin, E., Et al.. (2016, August). I Got a Letter From the Government the Other Day.... Retrieved April 25, 2018.
Internal MISP references
UUID 311a3863-3897-4ddf-a251-d0467a56675f
which can be used as unique global reference for EFF Manul Aug 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-25T00:00:00Z |
date_published | 2016-08-01T00:00:00Z |
source | MITRE |
title | I Got a Letter From the Government the Other Day... |
IIS Backdoor 2011
Julien. (2011, February 2). IIS Backdoor. Retrieved June 3, 2021.
Internal MISP references
UUID fd450382-cca0-40c4-8144-cc90a3b0011b
which can be used as unique global reference for IIS Backdoor 2011
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-03T00:00:00Z |
date_published | 2011-02-02T00:00:00Z |
source | MITRE |
title | IIS Backdoor |
Microsoft IIS Modules Overview 2007
Microsoft. (2007, November 24). IIS Modules Overview. Retrieved June 17, 2021.
Internal MISP references
UUID c8db6bfd-3a08-43b3-b33b-91a32e9bd694
which can be used as unique global reference for Microsoft IIS Modules Overview 2007
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-17T00:00:00Z |
date_published | 2007-11-24T00:00:00Z |
source | MITRE |
title | IIS Modules Overview |
Proofpoint TA456 Defense Contractor July 2021
Miller, J. et. al. (2021, July 28). I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona. Retrieved March 11, 2024.
Internal MISP references
UUID 0cc015d9-96d0-534e-a34a-221267250f90
which can be used as unique global reference for Proofpoint TA456 Defense Contractor July 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-11T00:00:00Z |
date_published | 2021-07-28T00:00:00Z |
source | MITRE |
title | I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona |
Ilasm.exe - LOLBAS Project
LOLBAS. (2020, March 17). Ilasm.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 347a1f01-02ce-488e-9100-862971c1833f
which can be used as unique global reference for Ilasm.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-03-17T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Ilasm.exe |
anomali-rocke-tactics
Anomali Threat Research. (2019, October 15). Illicit Cryptomining Threat Actor Rocke Changes Tactics, Now More Difficult to Detect. Retrieved December 17, 2020.
Internal MISP references
UUID 2308c5ca-04a4-43c5-b92b-ffa6a60ae3a9
which can be used as unique global reference for anomali-rocke-tactics
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-17T00:00:00Z |
date_published | 2019-10-15T00:00:00Z |
source | MITRE |
title | Illicit Cryptomining Threat Actor Rocke Changes Tactics, Now More Difficult to Detect |
Microsoft Dev Blog IFEO Mar 2010
Shanbhag, M. (2010, March 24). Image File Execution Options (IFEO). Retrieved December 18, 2017.
Internal MISP references
UUID 4c62c2cb-bee2-4fc0-aa81-65d66e71a5c2
which can be used as unique global reference for Microsoft Dev Blog IFEO Mar 2010
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-18T00:00:00Z |
date_published | 2010-03-24T00:00:00Z |
source | MITRE |
title | Image File Execution Options (IFEO) |
IMEWDBLD.exe - LOLBAS Project
LOLBAS. (2020, March 5). IMEWDBLD.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 9d1d6bc1-61cf-4465-b3cb-b6af36769027
which can be used as unique global reference for IMEWDBLD.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-03-05T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | IMEWDBLD.exe |
Imminent Unit42 Dec2019
Unit 42. (2019, December 2). Imminent Monitor – a RAT Down Under. Retrieved May 5, 2020.
Internal MISP references
UUID 28f858c6-4c00-4c0c-bb27-9e000ba22690
which can be used as unique global reference for Imminent Unit42 Dec2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-05T00:00:00Z |
date_published | 2019-12-02T00:00:00Z |
source | MITRE |
title | Imminent Monitor – a RAT Down Under |
Core Security Impacket
Core Security. (n.d.). Impacket. Retrieved November 2, 2017.
Internal MISP references
UUID 9b88d7d6-5cf3-40d5-b624-ddf01508cb95
which can be used as unique global reference for Core Security Impacket
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-02T00:00:00Z |
source | MITRE |
title | Impacket |
Impacket Tools
SecureAuth. (n.d.). Retrieved January 15, 2019.
Internal MISP references
UUID cdaf72ce-e8f7-42ae-b815-14a7fd47e292
which can be used as unique global reference for Impacket Tools
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-01-15T00:00:00Z |
source | MITRE |
title | Impacket Tools |
EK Impeding Malware Analysis
Song, C., et al. (2012, August 7). Impeding Automated Malware Analysis with Environment-sensitive Malware. Retrieved January 18, 2019.
Internal MISP references
UUID c3e6c8da-1399-419c-96f5-7dade6fccd29
which can be used as unique global reference for EK Impeding Malware Analysis
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-01-18T00:00:00Z |
date_published | 2012-08-07T00:00:00Z |
source | MITRE |
title | Impeding Automated Malware Analysis with Environment-sensitive Malware |
Microsoft Impersonation and EWS in Exchange
Microsoft. (2022, September 13). Impersonation and EWS in Exchange. Retrieved July 10, 2023.
Internal MISP references
UUID d7755dbd-0b38-5776-b63a-d792a4d027a4
which can be used as unique global reference for Microsoft Impersonation and EWS in Exchange
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-10T00:00:00Z |
date_published | 2022-09-13T00:00:00Z |
source | MITRE |
title | Impersonation and EWS in Exchange |
Microsoft Implementing CPL
M. (n.d.). Implementing Control Panel Items. Retrieved January 18, 2018.
Internal MISP references
UUID 63c5c654-e885-4427-a644-068f4057f35f
which can be used as unique global reference for Microsoft Implementing CPL
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-18T00:00:00Z |
source | MITRE |
title | Implementing Control Panel Items |
TechNet Least Privilege
Microsoft. (2016, April 16). Implementing Least-Privilege Administrative Models. Retrieved June 3, 2016.
Internal MISP references
UUID 21e595be-d028-4013-b3d0-811c08581709
which can be used as unique global reference for TechNet Least Privilege
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-03T00:00:00Z |
date_published | 2016-04-16T00:00:00Z |
source | MITRE |
title | Implementing Least-Privilege Administrative Models |
Dragos IT ICS Ransomware
Slowik, J.. (2019, April 10). Implications of IT Ransomware for ICS Environments. Retrieved January 28, 2021.
Internal MISP references
UUID 60187301-8d70-4023-8e6d-59cbb1468f0d
which can be used as unique global reference for Dragos IT ICS Ransomware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-28T00:00:00Z |
date_published | 2019-04-10T00:00:00Z |
source | MITRE |
title | Implications of IT Ransomware for ICS Environments |
Microsoft SolarWinds Steps
Lambert, J. (2020, December 13). Important steps for customers to protect themselves from recent nation-state cyberattacks. Retrieved December 17, 2020.
Internal MISP references
UUID 33e84eb1-4835-404b-8c1a-40695c04cdb4
which can be used as unique global reference for Microsoft SolarWinds Steps
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-17T00:00:00Z |
date_published | 2020-12-13T00:00:00Z |
source | MITRE |
title | Important steps for customers to protect themselves from recent nation-state cyberattacks |
White House Imposing Costs RU Gov April 2021
White House. (2021, April 15). Imposing Costs for Harmful Foreign Activities by the Russian Government. Retrieved April 16, 2021.
Internal MISP references
UUID c2bf9e2f-cd0a-411d-84bc-61454a369c6b
which can be used as unique global reference for White House Imposing Costs RU Gov April 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-16T00:00:00Z |
date_published | 2021-04-15T00:00:00Z |
source | MITRE |
title | Imposing Costs for Harmful Foreign Activities by the Russian Government |
Malicious Driver Reporting Center
Azure Edge and Platform Security Team & Microsoft 365 Defender Research Team. (2021, December 8). Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center. Retrieved April 6, 2022.
Internal MISP references
UUID fde77ea9-2b4d-40d7-99c5-433bfdbcb994
which can be used as unique global reference for Malicious Driver Reporting Center
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-06T00:00:00Z |
date_published | 2021-12-08T00:00:00Z |
source | MITRE |
title | Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center |
Unit 42 Inception November 2018
Lancaster, T. (2018, November 5). Inception Attackers Target Europe with Year-old Office Vulnerability. Retrieved May 8, 2020.
Internal MISP references
UUID 5cb98fce-f386-4878-b69c-5c6440ad689c
which can be used as unique global reference for Unit 42 Inception November 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-08T00:00:00Z |
date_published | 2018-11-05T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Inception Attackers Target Europe with Year-old Office Vulnerability |
Symantec Inception Framework March 2018
Symantec. (2018, March 14). Inception Framework: Alive and Well, and Hiding Behind Proxies. Retrieved May 8, 2020.
Internal MISP references
UUID 166f5c44-7d8c-45d5-8d9f-3b8bd21a2af3
which can be used as unique global reference for Symantec Inception Framework March 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-08T00:00:00Z |
date_published | 2018-03-14T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Inception Framework: Alive and Well, and Hiding Behind Proxies |
Expel AWS Attacker
Brian Bahtiarian, David Blanton, Britton Manahan and Kyle Pellett. (2022, April 5). Incident report: From CLI to console, chasing an attacker in AWS. Retrieved April 7, 2022.
Internal MISP references
UUID 089f6f4e-370c-49cb-a35c-c80be0fd39de
which can be used as unique global reference for Expel AWS Attacker
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-07T00:00:00Z |
date_published | 2022-04-05T00:00:00Z |
source | MITRE |
title | Incident report: From CLI to console, chasing an attacker in AWS |
Dark Reading Microsoft 365 Attacks 2021
Kelly Sheridan. (2021, August 5). Incident Responders Explore Microsoft 365 Attacks in the Wild. Retrieved March 17, 2023.
Internal MISP references
UUID f26d3aa4-6966-53c4-b9d1-848420377eae
which can be used as unique global reference for Dark Reading Microsoft 365 Attacks 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-17T00:00:00Z |
date_published | 2021-08-05T00:00:00Z |
source | MITRE |
title | Incident Responders Explore Microsoft 365 Attacks in the Wild |
Cisco Talos Q2 Trends July 26 2023
Nicole Hoffman. (2023, July 26). Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical. Retrieved August 4, 2023.
Internal MISP references
UUID f5367abc-e776-41a0-b8e5-6dc60079c081
which can be used as unique global reference for Cisco Talos Q2 Trends July 26 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-04T00:00:00Z |
date_published | 2023-07-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical |
U.S. CISA Increased Truebot Activity July 6 2023
Cybersecurity and Infrastructure Security Agency. (2023, July 6). Increased Truebot Activity Infects U.S. and Canada Based Networks. Retrieved July 6, 2023.
Internal MISP references
UUID 6f9b8f72-c55f-4268-903e-1f8a82efa5bb
which can be used as unique global reference for U.S. CISA Increased Truebot Activity July 6 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-06T00:00:00Z |
date_published | 2023-07-06T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Increased Truebot Activity Infects U.S. and Canada Based Networks |
Increasing Linux kernel integrity
Boelen, M. (2015, October 7). Increase kernel integrity with disabled Linux kernel modules loading. Retrieved June 4, 2020.
Internal MISP references
UUID 23b12551-0bec-4f7d-8468-f372a8ba521b
which can be used as unique global reference for Increasing Linux kernel integrity
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-04T00:00:00Z |
date_published | 2015-10-07T00:00:00Z |
source | MITRE |
title | Increase kernel integrity with disabled Linux kernel modules loading |
TechNet Scheduling Priority
Microsoft. (2013, May 8). Increase scheduling priority. Retrieved December 18, 2017.
Internal MISP references
UUID b785ceda-fea9-4e96-87d8-38cfd1f8b5bd
which can be used as unique global reference for TechNet Scheduling Priority
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-18T00:00:00Z |
date_published | 2013-05-08T00:00:00Z |
source | MITRE |
title | Increase scheduling priority |
Revil Independence Day
Loman, M. et al. (2021, July 4). Independence Day: REvil uses supply chain exploit to attack hundreds of businesses. Retrieved September 30, 2021.
Internal MISP references
UUID d7c4f03e-7dc0-4196-866b-c1a8eb943f77
which can be used as unique global reference for Revil Independence Day
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-30T00:00:00Z |
date_published | 2021-07-04T00:00:00Z |
source | MITRE |
title | Independence Day: REvil uses supply chain exploit to attack hundreds of businesses |
Fortinet Agent Tesla June 2017
Zhang, X. (2017, June 28). In-Depth Analysis of A New Variant of .NET Malware AgentTesla. Retrieved November 5, 2018.
Internal MISP references
UUID 24e5c321-c418-4010-b158-0ada2dbb4f7f
which can be used as unique global reference for Fortinet Agent Tesla June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-05T00:00:00Z |
date_published | 2017-06-28T00:00:00Z |
source | MITRE |
title | In-Depth Analysis of A New Variant of .NET Malware AgentTesla |
NCC Group Team9 June 2020
Pantazopoulos, N. (2020, June 2). In-depth analysis of the new Team9 malware family. Retrieved December 1, 2020.
Internal MISP references
UUID 0ea8f87d-e19d-438d-b05b-30f2ccd0ea3b
which can be used as unique global reference for NCC Group Team9 June 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-01T00:00:00Z |
date_published | 2020-06-02T00:00:00Z |
source | MITRE |
title | In-depth analysis of the new Team9 malware family |
Trend Micro APT Attack Tools
Wilhoit, K. (2013, March 4). In-Depth Look: APT Attack Tools of the Trade. Retrieved December 2, 2015.
Internal MISP references
UUID dac5cda3-97bc-4e38-b54f-554a75a18c5b
which can be used as unique global reference for Trend Micro APT Attack Tools
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-12-02T00:00:00Z |
date_published | 2013-03-04T00:00:00Z |
source | MITRE |
title | In-Depth Look: APT Attack Tools of the Trade |
Symantec Suckfly May 2016
DiMaggio, J. (2016, May 17). Indian organizations targeted in Suckfly attacks. Retrieved August 3, 2016.
Internal MISP references
UUID 59fd16cd-426f-472d-a5df-e7c1484a6481
which can be used as unique global reference for Symantec Suckfly May 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-03T00:00:00Z |
date_published | 2016-05-17T00:00:00Z |
source | MITRE |
title | Indian organizations targeted in Suckfly attacks |
Joint CSA AvosLocker Mar 2022
FBI, FinCEN, Treasury. (2022, March 17). Indicators of Compromise Associated with AvosLocker Ransomware. Retrieved January 11, 2023.
Internal MISP references
UUID 8ad57a0d-d74f-5802-ab83-4ddac1beb083
which can be used as unique global reference for Joint CSA AvosLocker Mar 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-01-11T00:00:00Z |
date_published | 2022-03-17T00:00:00Z |
source | MITRE |
title | Indicators of Compromise Associated with AvosLocker Ransomware |
FBI Flash Diavol January 2022
FBI. (2022, January 19). Indicators of Compromise Associated with Diavol. Retrieved March 9, 2022.
Internal MISP references
UUID a1691741-9ecd-4b20-8cc9-b9bdfc1592b5
which can be used as unique global reference for FBI Flash Diavol January 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-09T00:00:00Z |
date_published | 2022-01-19T00:00:00Z |
source | MITRE |
title | Indicators of Compromise Associated with Diavol |
FBI Ragnar Locker 2020
FBI. (2020, November 19). Indicators of Compromise Associated with Ragnar Locker Ransomware. Retrieved April 1, 2021.
Internal MISP references
UUID 38b9b8a3-6fd3-4650-9192-14ee3f302705
which can be used as unique global reference for FBI Ragnar Locker 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-01T00:00:00Z |
date_published | 2020-11-19T00:00:00Z |
source | MITRE |
title | Indicators of Compromise Associated with Ragnar Locker Ransomware |
FBI FLASH APT39 September 2020
FBI. (2020, September 17). Indicators of Compromise Associated with Rana Intelligence Computing, also known as Advanced Persistent Threat 39, Chafer, Cadelspy, Remexi, and ITG07. Retrieved December 10, 2020.
Internal MISP references
UUID 76869199-e9fa-41b4-b045-41015e6daaec
which can be used as unique global reference for FBI FLASH APT39 September 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-10T00:00:00Z |
date_published | 2020-09-17T00:00:00Z |
source | MITRE |
title | Indicators of Compromise Associated with Rana Intelligence Computing, also known as Advanced Persistent Threat 39, Chafer, Cadelspy, Remexi, and ITG07 |
US District Court Indictment GRU Oct 2018
Brady, S . (2018, October 3). Indictment - United States vs Aleksei Sergeyevich Morenets, et al.. Retrieved October 1, 2020.
Internal MISP references
UUID 56aeab4e-b046-4426-81a8-c3b2323492f0
which can be used as unique global reference for US District Court Indictment GRU Oct 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-01T00:00:00Z |
date_published | 2018-10-03T00:00:00Z |
source | MITRE |
title | Indictment - United States vs Aleksei Sergeyevich Morenets, et al. |
Checkpoint IndigoZebra July 2021
CheckPoint Research. (2021, July 1). IndigoZebra APT continues to attack Central Asia with evolving tools. Retrieved September 24, 2021.
Internal MISP references
UUID cf4a8c8c-eab1-421f-b313-344aed03b42d
which can be used as unique global reference for Checkpoint IndigoZebra July 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-24T00:00:00Z |
date_published | 2021-07-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | IndigoZebra APT continues to attack Central Asia with evolving tools |
HackerNews IndigoZebra July 2021
Lakshmanan, R.. (2021, July 1). IndigoZebra APT Hacking Campaign Targets the Afghan Government. Retrieved September 24, 2021.
Internal MISP references
UUID fcf8265a-3084-4162-87d0-9e77c0a5cff0
which can be used as unique global reference for HackerNews IndigoZebra July 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-24T00:00:00Z |
date_published | 2021-07-01T00:00:00Z |
source | MITRE |
title | IndigoZebra APT Hacking Campaign Targets the Afghan Government |
3 - appv
Raj Chandel. (2022, March 17). Indirect Command Execution: Defense Evasion (T1202). Retrieved February 6, 2024.
Internal MISP references
UUID c07f1b2b-ae56-5a1a-b607-1f3bc7e119cf
which can be used as unique global reference for 3 - appv
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-06T00:00:00Z |
date_published | 2022-03-17T00:00:00Z |
source | MITRE |
title | Indirect Command Execution: Defense Evasion (T1202) |
Check Point Meteor Aug 2021
Check Point Research Team. (2021, August 14). Indra - Hackers Behind Recent Attacks on Iran. Retrieved February 17, 2022.
Internal MISP references
UUID bb79207f-3ab4-4b86-8b1c-d587724efb7c
which can be used as unique global reference for Check Point Meteor Aug 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-17T00:00:00Z |
date_published | 2021-08-14T00:00:00Z |
source | MITRE |
title | Indra - Hackers Behind Recent Attacks on Iran |
Crowdstrike EvilCorp March 2021
Podlosky, A., Feeley, B. (2021, March 17). INDRIK SPIDER Supersedes WastedLocker with Hades Ransomware to Circumvent OFAC Sanctions. Retrieved September 15, 2021.
Internal MISP references
UUID 4b77d313-ef3c-4d2f-bfde-609fa59a8f55
which can be used as unique global reference for Crowdstrike EvilCorp March 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-15T00:00:00Z |
date_published | 2021-03-17T00:00:00Z |
source | MITRE, Tidal Cyber |
title | INDRIK SPIDER Supersedes WastedLocker with Hades Ransomware to Circumvent OFAC Sanctions |
Industroyer2 ESET April 2022
ESET. (2022, April 12). Industroyer2: Industroyer reloaded. Retrieved March 30, 2023.
Internal MISP references
UUID 3ec01405-3240-5679-924f-f1194bca9a72
which can be used as unique global reference for Industroyer2 ESET April 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-30T00:00:00Z |
date_published | 2022-04-12T00:00:00Z |
source | MITRE |
title | Industroyer2: Industroyer reloaded |
Industroyer2 Blackhat ESET
Anton Cherepanov, Robert Lipovsky. (2022, August). Industroyer2: Sandworm's Cyberwarfare Targets Ukraine's Power Grid. Retrieved April 6, 2023.
Internal MISP references
UUID d9e8ca96-8646-5dd9-bede-56305385b2e4
which can be used as unique global reference for Industroyer2 Blackhat ESET
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-04-06T00:00:00Z |
date_published | 2022-08-01T00:00:00Z |
source | MITRE |
title | Industroyer2: Sandworm's Cyberwarfare Targets Ukraine's Power Grid |
Industroyer2 Mandiant April 2022
Daniel Kapellmann Zafra, Raymond Leong, Chris Sistrunk, Ken Proska, Corey Hildebrandt, Keith Lunden, Nathan Brubaker. (2022, April 25). INDUSTROYER.V2: Old Malware Learns New Tricks. Retrieved March 30, 2023.
Internal MISP references
UUID 48edeadc-f1e7-5fda-be96-1c41f78fc65a
which can be used as unique global reference for Industroyer2 Mandiant April 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-30T00:00:00Z |
date_published | 2022-04-25T00:00:00Z |
source | MITRE |
title | INDUSTROYER.V2: Old Malware Learns New Tricks |
Sixdub PowerPick Jan 2016
Warner, J.. (2015, January 6). Inexorable PowerShell – A Red Teamer’s Tale of Overcoming Simple AppLocker Policies. Retrieved December 8, 2018.
Internal MISP references
UUID 52190592-5809-4e7b-a19c-fc87b245025c
which can be used as unique global reference for Sixdub PowerPick Jan 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-12-08T00:00:00Z |
date_published | 2015-01-06T00:00:00Z |
source | MITRE |
title | Inexorable PowerShell – A Red Teamer’s Tale of Overcoming Simple AppLocker Policies |
Infdefaultinstall.exe - LOLBAS Project
LOLBAS. (2018, May 25). Infdefaultinstall.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 5e83d17c-dbdd-4a6c-a395-4f921b68ebec
which can be used as unique global reference for Infdefaultinstall.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Infdefaultinstall.exe |
Trend Micro Exposed Docker APIs
Oliveira, A. (2019, May 30). Infected Containers Target Docker via Exposed APIs. Retrieved April 6, 2021.
Internal MISP references
UUID 24ae5092-42ea-4c83-bdf7-c0e5026d9559
which can be used as unique global reference for Trend Micro Exposed Docker APIs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-06T00:00:00Z |
date_published | 2019-05-30T00:00:00Z |
source | MITRE |
title | Infected Containers Target Docker via Exposed APIs |
SentinelOne MacMa Nov 2021
Stokes, P. (2021, November 15). Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma. Retrieved June 30, 2022.
Internal MISP references
UUID 5033e741-834c-49d6-bc89-f64b9508f8b5
which can be used as unique global reference for SentinelOne MacMa Nov 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-30T00:00:00Z |
date_published | 2021-11-15T00:00:00Z |
source | MITRE |
title | Infect If Needed |
SANS Information Security Reading Room Securing SNMP Securing SNMP
Michael Stump. (2003). Information Security Reading Room Securing SNMP: A Look atNet-SNMP (SNMPv3). Retrieved October 19, 2020.
Internal MISP references
UUID 616c9177-ca57-45f3-a613-d6450a94697d
which can be used as unique global reference for SANS Information Security Reading Room Securing SNMP Securing SNMP
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
date_published | 2003-01-01T00:00:00Z |
source | MITRE |
title | Information Security Reading Room Securing SNMP: A Look atNet-SNMP (SNMPv3) |
InfoSec Handlers Diary Blog - SANS Internet Storm Center
SANS Internet Storm Center. (n.d.). InfoSec Handlers Diary Blog - SANS Internet Storm Center. Retrieved May 7, 2023.
Internal MISP references
UUID 227fd123-65ed-48da-af8b-3f7674f33e12
which can be used as unique global reference for InfoSec Handlers Diary Blog - SANS Internet Storm Center
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | InfoSec Handlers Diary Blog - SANS Internet Storm Center |
Symantec Catchamas April 2018
Balanza, M. (2018, April 02). Infostealer.Catchamas. Retrieved July 10, 2018.
Internal MISP references
UUID 155cc2df-adf4-4b5f-a377-272947e5757e
which can be used as unique global reference for Symantec Catchamas April 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-10T00:00:00Z |
date_published | 2018-04-02T00:00:00Z |
source | MITRE |
title | Infostealer.Catchamas |
TrendMicro Ursnif File Dec 2014
Caragay, R. (2014, December 11). Info-Stealing File Infector Hits US, UK. Retrieved June 5, 2019.
Internal MISP references
UUID 889a21f2-e00b-44c2-aa8c-a33f5615678a
which can be used as unique global reference for TrendMicro Ursnif File Dec 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-05T00:00:00Z |
date_published | 2014-12-11T00:00:00Z |
source | MITRE |
title | Info-Stealing File Infector Hits US, UK |
ThreatConnect Infrastructure Dec 2020
ThreatConnect. (2020, December 15). Infrastructure Research and Hunting: Boiling the Domain Ocean. Retrieved October 12, 2021.
Internal MISP references
UUID 96d479df-d312-4af7-a47d-2597a66291f1
which can be used as unique global reference for ThreatConnect Infrastructure Dec 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-12T00:00:00Z |
date_published | 2020-12-15T00:00:00Z |
source | MITRE |
title | Infrastructure Research and Hunting: Boiling the Domain Ocean |
elastic.co 6 21 2023
Colson Wilhoit. (2023, June 21). Initial research exposing JOKERSPY — Elastic Security Labs. Retrieved April 19, 2024.
Internal MISP references
UUID 42c40ec8-f46a-48fa-bd97-818e3d3d320e
which can be used as unique global reference for elastic.co 6 21 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-19T00:00:00Z |
date_published | 2023-06-21T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Initial research exposing JOKERSPY — Elastic Security Labs |
Init Man Page
Kerrisk, M. (2021, March 22). INIT_MODULE(2). Retrieved September 28, 2021.
Internal MISP references
UUID ab9c01ad-905e-4f73-b64f-1c6a5fb9a375
which can be used as unique global reference for Init Man Page
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-28T00:00:00Z |
date_published | 2021-03-22T00:00:00Z |
source | MITRE |
title | INIT_MODULE(2) |
Proofpoint RTF Injection
Raggi, M. (2021, December 1). Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors . Retrieved December 9, 2021.
Internal MISP references
UUID 8deb6edb-293f-4b9d-882a-541675864eb5
which can be used as unique global reference for Proofpoint RTF Injection
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-09T00:00:00Z |
date_published | 2021-12-01T00:00:00Z |
source | MITRE |
title | Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors |
HighTech Bridge Inline Hooking Sept 2011
Mariani, B. (2011, September 6). Inline Hooking in Windows. Retrieved December 12, 2017.
Internal MISP references
UUID 39ad1769-3dfb-4572-ab82-1e0c4f869ec8
which can be used as unique global reference for HighTech Bridge Inline Hooking Sept 2011
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-12T00:00:00Z |
date_published | 2011-09-06T00:00:00Z |
source | MITRE |
title | Inline Hooking in Windows |
Stuart ELF Memory
Stuart. (2018, March 31). In-Memory-Only ELF Execution (Without tmpfs). Retrieved October 4, 2021.
Internal MISP references
UUID 402745e1-a65a-4fa1-a86d-99b37221095c
which can be used as unique global reference for Stuart ELF Memory
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-04T00:00:00Z |
date_published | 2018-03-31T00:00:00Z |
source | MITRE |
title | In-Memory-Only ELF Execution (Without tmpfs) |
ASERT InnaputRAT April 2018
ASERT Team. (2018, April 04). Innaput Actors Utilize Remote Access Trojan Since 2016, Presumably Targeting Victim Files. Retrieved July 9, 2018.
Internal MISP references
UUID 29c6575f-9e47-48cb-8162-15280002a6d5
which can be used as unique global reference for ASERT InnaputRAT April 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-09T00:00:00Z |
date_published | 2018-04-04T00:00:00Z |
source | MITRE |
title | Innaput Actors Utilize Remote Access Trojan Since 2016, Presumably Targeting Victim Files |
Microsoft Holmium June 2020
Microsoft Threat Protection Intelligence Team. (2020, June 18). Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint. Retrieved June 22, 2020.
Internal MISP references
UUID c249bfcf-25c4-4502-b5a4-17783d581163
which can be used as unique global reference for Microsoft Holmium June 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-22T00:00:00Z |
date_published | 2020-06-18T00:00:00Z |
source | MITRE |
title | Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint |
Metabase Q Mispadu Trojan 2023
Garcia, F., Regalado, D. (2023, March 7). Inside Mispadu massive infection campaign in LATAM. Retrieved March 15, 2024.
Internal MISP references
UUID 960ae534-6de5-5bcc-b600-db0c2de64305
which can be used as unique global reference for Metabase Q Mispadu Trojan 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-15T00:00:00Z |
date_published | 2023-03-07T00:00:00Z |
source | MITRE |
title | Inside Mispadu massive infection campaign in LATAM |
RiskIQ British Airways September 2018
Klijnsma, Y. (2018, September 11). Inside the Magecart Breach of British Airways: How 22 Lines of Code Claimed 380,000 Victims. Retrieved September 9, 2020.
Internal MISP references
UUID f6c0f295-c034-4957-8cd9-e2f4b89b5671
which can be used as unique global reference for RiskIQ British Airways September 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-09T00:00:00Z |
date_published | 2018-09-11T00:00:00Z |
source | MITRE |
title | Inside the Magecart Breach of British Airways: How 22 Lines of Code Claimed 380,000 Victims |
Arbor AnnualDoSreport Jan 2018
Philippe Alcoy, Steinthor Bjarnason, Paul Bowen, C.F. Chui, Kirill Kasavchnko, and Gary Sockrider of Netscout Arbor. (2018, January). Insight into the Global Threat Landscape - Netscout Arbor's 13th Annual Worldwide Infrastructure Security Report. Retrieved April 22, 2019.
Internal MISP references
UUID cede4c72-718b-48c2-8a59-1f91555f6cf6
which can be used as unique global reference for Arbor AnnualDoSreport Jan 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-22T00:00:00Z |
date_published | 2018-01-01T00:00:00Z |
source | MITRE |
title | Insight into the Global Threat Landscape - Netscout Arbor's 13th Annual Worldwide Infrastructure Security Report |
FireEye APT33 Sept 2017
O'Leary, J., et al. (2017, September 20). Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware. Retrieved February 15, 2018.
Internal MISP references
UUID 70610469-db0d-45ab-a790-6e56309a39ec
which can be used as unique global reference for FireEye APT33 Sept 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-15T00:00:00Z |
date_published | 2017-09-20T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware |
Microsoft Installation Procedures
Microsoft. (2021, January 7). Installation Procedure Tables Group. Retrieved December 27, 2023.
Internal MISP references
UUID 8fbe8a88-683c-5640-840c-1389b9c9972d
which can be used as unique global reference for Microsoft Installation Procedures
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-27T00:00:00Z |
date_published | 2021-01-07T00:00:00Z |
source | MITRE |
title | Installation Procedure Tables Group |
Installer Package Scripting Rich Trouton
Rich Trouton. (2019, August 9). Installer Package Scripting: Making your deployments easier, one ! at a time. Retrieved September 27, 2022.
Internal MISP references
UUID 7a877b67-ac4b-4d82-860a-75b5f0b8daae
which can be used as unique global reference for Installer Package Scripting Rich Trouton
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-27T00:00:00Z |
date_published | 2019-08-09T00:00:00Z |
source | MITRE |
title | Installer Package Scripting: Making your deployments easier, one ! at a time |
Microsoft Install Password Filter n.d
Microsoft. (n.d.). Installing and Registering a Password Filter DLL. Retrieved November 21, 2017.
Internal MISP references
UUID 6e440b5d-e09a-4d65-b874-2c5babaa609d
which can be used as unique global reference for Microsoft Install Password Filter n.d
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-21T00:00:00Z |
source | MITRE |
title | Installing and Registering a Password Filter DLL |
Microsoft Unsigned Driver Apr 2017
Microsoft. (2017, April 20). Installing an Unsigned Driver during Development and Test. Retrieved April 22, 2021.
Internal MISP references
UUID 5964ff2e-0860-4e00-8103-89ba6466314c
which can be used as unique global reference for Microsoft Unsigned Driver Apr 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-22T00:00:00Z |
date_published | 2017-04-20T00:00:00Z |
source | MITRE |
title | Installing an Unsigned Driver during Development and Test |
LOLBAS Installutil
LOLBAS. (n.d.). Installutil.exe. Retrieved July 31, 2019.
Internal MISP references
UUID 7dfb2c45-862a-4c25-a65a-55abea4b0e44
which can be used as unique global reference for LOLBAS Installutil
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-31T00:00:00Z |
source | MITRE |
title | Installutil.exe |
MSDN InstallUtil
Microsoft. (n.d.). Installutil.exe (Installer Tool). Retrieved July 1, 2016.
Internal MISP references
UUID 54d962fc-4ca6-4f5f-b383-ec87d711a764
which can be used as unique global reference for MSDN InstallUtil
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-07-01T00:00:00Z |
source | MITRE |
title | Installutil.exe (Installer Tool) |
AWS Instance Identity Documents
Amazon. (n.d.). Instance identity documents. Retrieved April 2, 2021.
Internal MISP references
UUID efff0080-59fc-4ba7-ac91-771358f68405
which can be used as unique global reference for AWS Instance Identity Documents
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-02T00:00:00Z |
source | MITRE |
title | Instance identity documents |
AWS Instance Metadata API
AWS. (n.d.). Instance Metadata and User Data. Retrieved July 18, 2019.
Internal MISP references
UUID 54a17f92-d73d-469f-87b3-34fb633bd9ed
which can be used as unique global reference for AWS Instance Metadata API
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-18T00:00:00Z |
source | MITRE |
title | Instance Metadata and User Data |
RedLock Instance Metadata API 2018
Higashi, Michael. (2018, May 15). Instance Metadata API: A Modern Day Trojan Horse. Retrieved July 16, 2019.
Internal MISP references
UUID f85fa206-d5bf-41fc-a521-01ad6281bee7
which can be used as unique global reference for RedLock Instance Metadata API 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-16T00:00:00Z |
date_published | 2018-05-15T00:00:00Z |
source | MITRE |
title | Instance Metadata API: A Modern Day Trojan Horse |
Nick Tyrer GitHub
Tyrer, N. (n.d.). Instructions. Retrieved August 10, 2020.
Internal MISP references
UUID f4f89926-71eb-4130-a644-8240d2bab721
which can be used as unique global reference for Nick Tyrer GitHub
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-10T00:00:00Z |
source | MITRE |
title | Instructions |
Intel Hardware-based Security Technologies
Intel. (2013). Intel Hardware-based Security Technologies for Intelligent Retail Devices. Retrieved May 19, 2020.
Internal MISP references
UUID bffb9e71-ba97-4010-9ad7-29eb330a350c
which can be used as unique global reference for Intel Hardware-based Security Technologies
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-19T00:00:00Z |
date_published | 2013-01-01T00:00:00Z |
source | MITRE |
title | Intel Hardware-based Security Technologies for Intelligent Retail Devices |
Red Canary Intelligence Insights July 20 2023
The Red Canary Team. (2023, July 20). Intelligence Insights: July 2023. Retrieved July 28, 2023.
Internal MISP references
UUID ad1d3f99-e5bf-41c6-871b-dd2c9d540341
which can be used as unique global reference for Red Canary Intelligence Insights July 20 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-28T00:00:00Z |
date_published | 2023-07-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Intelligence Insights: July 2023 |
checkpoint_interactive_map_apt-c-23
Kayal, A. (2018, August 26). Interactive Mapping of APT-C-23. Retrieved March 4, 2024.
Internal MISP references
UUID 24dd2641-839b-5a0e-b5ca-ea121ea70992
which can be used as unique global reference for checkpoint_interactive_map_apt-c-23
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-04T00:00:00Z |
date_published | 2018-08-26T00:00:00Z |
source | MITRE |
title | Interactive Mapping of APT-C-23 |
Microsoft ISAPI Extension All Incoming 2017
Microsoft. (2017, June 16). Intercepting All Incoming IIS Requests. Retrieved June 3, 2021.
Internal MISP references
UUID 7d182eee-eaa8-4b6f-803d-8eb64e338663
which can be used as unique global reference for Microsoft ISAPI Extension All Incoming 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-03T00:00:00Z |
date_published | 2017-06-16T00:00:00Z |
source | MITRE |
title | Intercepting All Incoming IIS Requests |
Clymb3r Function Hook Passwords Sept 2013
Bialek, J. (2013, September 15). Intercepting Password Changes With Function Hooking. Retrieved November 21, 2017.
Internal MISP references
UUID 4889912b-4512-45c7-83d3-70ae47c5a4a0
which can be used as unique global reference for Clymb3r Function Hook Passwords Sept 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-21T00:00:00Z |
date_published | 2013-09-15T00:00:00Z |
source | MITRE |
title | Intercepting Password Changes With Function Hooking |
Microsoft ICMP
Microsoft. (n.d.). Internet Control Message Protocol (ICMP) Basics. Retrieved December 1, 2014.
Internal MISP references
UUID 47612548-dad1-4bf3-aa6f-a53aefa06f6a
which can be used as unique global reference for Microsoft ICMP
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-01T00:00:00Z |
source | MITRE |
title | Internet Control Message Protocol (ICMP) Basics |
Linux IPC
N/A. (2021, April 1). Inter Process Communication (IPC). Retrieved March 11, 2022.
Internal MISP references
UUID 05293061-ce09-49b5-916a-bb7353acfdfa
which can be used as unique global reference for Linux IPC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-11T00:00:00Z |
date_published | 2021-04-01T00:00:00Z |
source | MITRE |
title | Inter Process Communication (IPC) |
HackerNews - 3 SaaS App Cyber Attacks - April 2022
Hananel Livneh. (2022, April 7). Into the Breach: Breaking Down 3 SaaS App Cyber Attacks in 2022. Retrieved May 31, 2022.
Internal MISP references
UUID e4ff75cd-b8fd-4fba-a2da-379a073003ab
which can be used as unique global reference for HackerNews - 3 SaaS App Cyber Attacks - April 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-31T00:00:00Z |
date_published | 2022-04-07T00:00:00Z |
source | MITRE |
title | Into the Breach: Breaking Down 3 SaaS App Cyber Attacks in 2022 |
RedCanary Mockingbird May 2020
Lambert, T. (2020, May 7). Introducing Blue Mockingbird. Retrieved May 26, 2020.
Internal MISP references
UUID 596bfbb3-72e0-4d4c-a1a9-b8d54455ffd0
which can be used as unique global reference for RedCanary Mockingbird May 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-26T00:00:00Z |
date_published | 2020-05-07T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Introducing Blue Mockingbird |
Fidelis Hi-Zor
Fidelis Threat Research Team. (2016, January 27). Introducing Hi-Zor RAT. Retrieved March 24, 2016.
Internal MISP references
UUID 0c9ff201-283a-4527-8cb8-6f0d05a4f724
which can be used as unique global reference for Fidelis Hi-Zor
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-24T00:00:00Z |
date_published | 2016-01-27T00:00:00Z |
source | MITRE |
title | Introducing Hi-Zor RAT |
Roadtools
Dirk-jan Mollema. (2020, April 16). Introducing ROADtools - The Azure AD exploration framework. Retrieved January 31, 2022.
Internal MISP references
UUID 803f3512-1831-4535-8b16-b89fae20f944
which can be used as unique global reference for Roadtools
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-31T00:00:00Z |
date_published | 2020-04-16T00:00:00Z |
source | MITRE |
title | Introducing ROADtools - The Azure AD exploration framework |
Talos ROKRAT
Mercer, W., Rascagneres, P. (2017, April 03). Introducing ROKRAT. Retrieved May 21, 2018.
Internal MISP references
UUID 1bd78a2f-2bc6-426f-ac9f-16bf3fdf4cdf
which can be used as unique global reference for Talos ROKRAT
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-21T00:00:00Z |
date_published | 2017-04-03T00:00:00Z |
source | MITRE |
title | Introducing ROKRAT |
Microsoft Open XML July 2017
Microsoft. (2014, July 9). Introducing the Office (2007) Open XML File Formats. Retrieved July 20, 2018.
Internal MISP references
UUID 8145f894-6477-4629-81de-1dd26070ee0a
which can be used as unique global reference for Microsoft Open XML July 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-20T00:00:00Z |
date_published | 2014-07-09T00:00:00Z |
source | MITRE |
title | Introducing the Office (2007) Open XML File Formats |
Securelist WhiteBear Aug 2017
Kaspersky Lab's Global Research & Analysis Team. (2017, August 30). Introducing WhiteBear. Retrieved September 21, 2017.
Internal MISP references
UUID 44626060-3d9b-480e-b4ea-7dac27878e5e
which can be used as unique global reference for Securelist WhiteBear Aug 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-09-21T00:00:00Z |
date_published | 2017-08-30T00:00:00Z |
source | MITRE |
title | Introducing WhiteBear |
MalwareBytes ADS July 2015
Arntz, P. (2015, July 22). Introduction to Alternate Data Streams. Retrieved March 21, 2018.
Internal MISP references
UUID b552cf89-1880-48de-9088-c755c38821c1
which can be used as unique global reference for MalwareBytes ADS July 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-21T00:00:00Z |
date_published | 2015-07-22T00:00:00Z |
source | MITRE |
title | Introduction to Alternate Data Streams |
Apple AppleScript
Apple. (2016, January 25). Introduction to AppleScript Language Guide. Retrieved March 28, 2020.
Internal MISP references
UUID b23abcb8-3004-4a42-8ada-58cdbd65e171
which can be used as unique global reference for Apple AppleScript
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-28T00:00:00Z |
date_published | 2016-01-25T00:00:00Z |
source | MITRE |
title | Introduction to AppleScript Language Guide |
Microsoft Outlook Files
Microsoft. (n.d.). Introduction to Outlook Data Files (.pst and .ost). Retrieved February 19, 2020.
Internal MISP references
UUID 29f4cc6b-1fa5-434d-ab4f-6bb169e2287a
which can be used as unique global reference for Microsoft Outlook Files
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-19T00:00:00Z |
source | MITRE |
title | Introduction to Outlook Data Files (.pst and .ost) |
Microsoft Intro Print Processors
Microsoft. (2023, June 26). Introduction to print processors. Retrieved September 27, 2023.
Internal MISP references
UUID ba04b0d0-1c39-5f48-824c-110ee7affbf3
which can be used as unique global reference for Microsoft Intro Print Processors
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-27T00:00:00Z |
date_published | 2023-06-26T00:00:00Z |
source | MITRE |
title | Introduction to print processors |
Microsoft Services
Microsoft. (2017, March 30). Introduction to Windows Service Applications. Retrieved September 28, 2021.
Internal MISP references
UUID 444c8983-47ef-45b4-a3a6-5566f4fa2732
which can be used as unique global reference for Microsoft Services
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-28T00:00:00Z |
date_published | 2017-03-30T00:00:00Z |
source | MITRE |
title | Introduction to Windows Service Applications |
Red Canary NETWIRE January 2020
Lambert, T. (2020, January 29). Intro to Netwire. Retrieved January 7, 2021.
Internal MISP references
UUID 563249e1-edda-48fc-ac90-f198dd71619e
which can be used as unique global reference for Red Canary NETWIRE January 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-07T00:00:00Z |
date_published | 2020-01-29T00:00:00Z |
source | MITRE |
title | Intro to Netwire |
Discord Intro to Webhooks
D. (n.d.). Intro to Webhooks. Retrieved July 20, 2023.
Internal MISP references
UUID bf5b3773-29cc-539a-a0f0-a6d1d63dee2d
which can be used as unique global reference for Discord Intro to Webhooks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-20T00:00:00Z |
source | MITRE |
title | Intro to Webhooks |
GitHub Inveigh
Robertson, K. (2015, April 2). Inveigh: Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool. Retrieved March 11, 2019.
Internal MISP references
UUID cca306e5-f9da-4782-a06f-ba3ad70e34ca
which can be used as unique global reference for GitHub Inveigh
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-11T00:00:00Z |
date_published | 2015-04-02T00:00:00Z |
source | MITRE |
title | Inveigh: Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool |
Summit Route Malicious AMIs
Piper, S.. (2018, September 24). Investigating Malicious AMIs. Retrieved March 30, 2021.
Internal MISP references
UUID e93e16fc-4ae4-4f1f-9d80-dc48c1c30e25
which can be used as unique global reference for Summit Route Malicious AMIs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-30T00:00:00Z |
date_published | 2018-09-24T00:00:00Z |
source | MITRE |
title | Investigating Malicious AMIs |
inv_ps_attacks
Hastings, M. (2014, July 16). Investigating PowerShell Attacks. Retrieved December 1, 2021.
Internal MISP references
UUID 07d9d2c6-dd79-42a5-9024-ba0e66b1913b
which can be used as unique global reference for inv_ps_attacks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-01T00:00:00Z |
date_published | 2014-07-16T00:00:00Z |
source | MITRE |
title | Investigating PowerShell Attacks |
Kazanciyan 2014
Kazanciyan, R. & Hastings, M. (2014). Defcon 22 Presentation. Investigating PowerShell Attacks [slides]. Retrieved November 3, 2014.
Internal MISP references
UUID bd3f04cd-04ef-41f0-9a15-d9f0a3ed1db9
which can be used as unique global reference for Kazanciyan 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-03T00:00:00Z |
source | MITRE |
title | Investigating PowerShell Attacks [slides] |
Beek Use of VHD Dec 2020
Beek, C. (2020, December 3). Investigating the Use of VHD Files By Cybercriminals. Retrieved February 22, 2021.
Internal MISP references
UUID 7a1131ab-e4b1-4569-8e28-3650312cc804
which can be used as unique global reference for Beek Use of VHD Dec 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-22T00:00:00Z |
date_published | 2020-12-03T00:00:00Z |
source | MITRE |
title | Investigating the Use of VHD Files By Cybercriminals |
ESET InvisiMole June 2018
Hromcová, Z. (2018, June 07). InvisiMole: Surprisingly equipped spyware, undercover since 2013. Retrieved July 10, 2018.
Internal MISP references
UUID 629fa1d8-06cb-405c-a2f7-c511b54cd727
which can be used as unique global reference for ESET InvisiMole June 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-10T00:00:00Z |
date_published | 2018-06-07T00:00:00Z |
source | MITRE |
title | InvisiMole: Surprisingly equipped spyware, undercover since 2013 |
ESET InvisiMole June 2020
Hromcova, Z. and Cherpanov, A. (2020, June). INVISIMOLE: THE HIDDEN PART OF THE STORY. Retrieved July 16, 2020.
Internal MISP references
UUID d10cfda8-8fd8-4ada-8c61-dba6065b0bac
which can be used as unique global reference for ESET InvisiMole June 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-16T00:00:00Z |
date_published | 2020-06-01T00:00:00Z |
source | MITRE |
title | INVISIMOLE: THE HIDDEN PART OF THE STORY |
GitHub OmerYa Invisi-Shell
Yair, O. (2019, August 19). Invisi-Shell. Retrieved June 24, 2020.
Internal MISP references
UUID 26c1b8f4-ff59-409e-b616-04eee38a8a9f
which can be used as unique global reference for GitHub OmerYa Invisi-Shell
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-24T00:00:00Z |
date_published | 2019-08-19T00:00:00Z |
source | MITRE |
title | Invisi-Shell |
Invoke-DOSfuscation
Bohannon, D. (2018, March 19). Invoke-DOSfuscation. Retrieved March 17, 2023.
Internal MISP references
UUID d2f7fe4a-1a3a-5b26-8247-4f05c96974bf
which can be used as unique global reference for Invoke-DOSfuscation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-17T00:00:00Z |
date_published | 2018-03-19T00:00:00Z |
source | MITRE |
title | Invoke-DOSfuscation |
PowerSploit Invoke Kerberoast
Schroeder, W. & Hart M. (2016, October 31). Invoke-Kerberoast. Retrieved March 23, 2018.
Internal MISP references
UUID 8db88e6f-3d45-4896-87e9-75b24c8628f3
which can be used as unique global reference for PowerSploit Invoke Kerberoast
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-23T00:00:00Z |
date_published | 2016-10-31T00:00:00Z |
source | MITRE |
title | Invoke-Kerberoast |
Empire InvokeKerberoast Oct 2016
EmpireProject. (2016, October 31). Invoke-Kerberoast.ps1. Retrieved March 22, 2018.
Internal MISP references
UUID a358bf8f-166e-4726-adfd-415e953d4ffe
which can be used as unique global reference for Empire InvokeKerberoast Oct 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-22T00:00:00Z |
date_published | 2016-10-31T00:00:00Z |
source | MITRE |
title | Invoke-Kerberoast.ps1 |
Github PowerSploit Ninjacopy
Bialek, J. (2015, December 16). Invoke-NinjaCopy.ps1. Retrieved June 2, 2016.
Internal MISP references
UUID e92aed6b-348b-4dab-8292-fee0698e4a85
which can be used as unique global reference for Github PowerSploit Ninjacopy
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-02T00:00:00Z |
date_published | 2015-12-16T00:00:00Z |
source | MITRE |
title | Invoke-NinjaCopy.ps1 |
Invoke-Obfuscation
Bohannon, D. (2016, September 24). Invoke-Obfuscation. Retrieved March 17, 2023.
Internal MISP references
UUID 4cc6a80f-d758-524b-9519-5b839d4918bd
which can be used as unique global reference for Invoke-Obfuscation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-17T00:00:00Z |
date_published | 2016-09-24T00:00:00Z |
source | MITRE |
title | Invoke-Obfuscation |
GitHub Invoke-Obfuscation
Bohannon, D.. (2017, March 13). Invoke-Obfuscation - PowerShell Obfuscator. Retrieved June 18, 2017.
Internal MISP references
UUID 956b3d80-4e19-4cab-a65f-ad86f233aa12
which can be used as unique global reference for GitHub Invoke-Obfuscation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-06-18T00:00:00Z |
date_published | 2017-03-13T00:00:00Z |
source | MITRE |
title | Invoke-Obfuscation - PowerShell Obfuscator |
GitHub PSImage
Barrett Adams . (n.d.). Invoke-PSImage . Retrieved September 30, 2022.
Internal MISP references
UUID 449c873c-c5af-45b8-8bd7-505d2181a05c
which can be used as unique global reference for GitHub PSImage
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-30T00:00:00Z |
source | MITRE |
title | Invoke-PSImage |
GitHub Invoke-PSImage
Adams, B. (2017, December 17). Invoke-PSImage. Retrieved April 10, 2018.
Internal MISP references
UUID dd210b79-bd5f-4282-9542-4d1ae2f16438
which can be used as unique global reference for GitHub Invoke-PSImage
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-10T00:00:00Z |
date_published | 2017-12-17T00:00:00Z |
source | MITRE |
title | Invoke-PSImage |
GitHub - PowerSploit Invoke-Shellcode
PowerShellMafia. (2016, December 14). Invoke-Shellcode. Retrieved May 25, 2023.
Internal MISP references
UUID cf75a442-c6c0-4e83-87bf-8bb42839452b
which can be used as unique global reference for GitHub - PowerSploit Invoke-Shellcode
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-25T00:00:00Z |
date_published | 2016-12-14T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Invoke-Shellcode |
Wikipedia Xen
Xen. (n.d.). In Wikipedia. Retrieved November 13, 2014.
Internal MISP references
UUID 4ce05edd-da25-4559-8489-b78cdd2c0f3d
which can be used as unique global reference for Wikipedia Xen
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-13T00:00:00Z |
source | MITRE |
title | In Wikipedia |
iOS URL Scheme
Ostorlab. (n.d.). iOS URL Scheme Hijacking. Retrieved February 9, 2024.
Internal MISP references
UUID 9910b0aa-f276-54da-a4df-fd47b42efb10
which can be used as unique global reference for iOS URL Scheme
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-09T00:00:00Z |
source | MITRE |
title | iOS URL Scheme Hijacking |
TechNet Ipconfig
Microsoft. (n.d.). Ipconfig. Retrieved April 17, 2016.
Internal MISP references
UUID 8a6e6f59-70fb-48bf-96d2-318dd92df995
which can be used as unique global reference for TechNet Ipconfig
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-17T00:00:00Z |
source | MITRE |
title | Ipconfig |
cisco_ip_ssh_pubkey_ch_cmd
Cisco. (2021, August 23). ip ssh pubkey-chain. Retrieved July 13, 2022.
Internal MISP references
UUID c6ffe974-f304-598c-bc4d-5da607c73802
which can be used as unique global reference for cisco_ip_ssh_pubkey_ch_cmd
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-13T00:00:00Z |
date_published | 2021-08-23T00:00:00Z |
source | MITRE |
title | ip ssh pubkey-chain |
Symantec Chafer Dec 2015
Symantec Security Response. (2015, December 7). Iran-based attackers use back door threats to spy on Middle Eastern targets. Retrieved April 17, 2019.
Internal MISP references
UUID 0a6166a3-5649-4117-97f4-7b8b5b559929
which can be used as unique global reference for Symantec Chafer Dec 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-17T00:00:00Z |
date_published | 2015-12-07T00:00:00Z |
source | MITRE |
title | Iran-based attackers use back door threats to spy on Middle Eastern targets |
CISA AA20-259A Iran-Based Actor September 2020
CISA. (2020, September 15). Iran-Based Threat Actor Exploits VPN Vulnerabilities. Retrieved December 21, 2020.
Internal MISP references
UUID 1bbc9446-9214-4fcd-bc7c-bf528370b4f8
which can be used as unique global reference for CISA AA20-259A Iran-Based Actor September 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-21T00:00:00Z |
date_published | 2020-09-15T00:00:00Z |
source | MITRE |
title | Iran-Based Threat Actor Exploits VPN Vulnerabilities |
U.S. CISA Iran Voter Data November 3 2020
Cybersecurity and Infrastructure Security Agency. (2020, November 3). Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data. Retrieved October 25, 2023.
Internal MISP references
UUID be89be75-c33f-4c58-8bf0-979c1debaad7
which can be used as unique global reference for U.S. CISA Iran Voter Data November 3 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-25T00:00:00Z |
date_published | 2020-11-03T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data |
ClearSky MuddyWater June 2019
ClearSky. (2019, June). Iranian APT group ‘MuddyWater’ Adds Exploits to Their Arsenal. Retrieved May 14, 2020.
Internal MISP references
UUID 9789d60b-a417-42dc-b690-24ccb77b8658
which can be used as unique global reference for ClearSky MuddyWater June 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-14T00:00:00Z |
date_published | 2019-06-01T00:00:00Z |
source | MITRE |
title | Iranian APT group ‘MuddyWater’ Adds Exploits to Their Arsenal |
Talos MuddyWater Jan 2022
Malhortra, A and Ventura, V. (2022, January 31). Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables. Retrieved June 22, 2022.
Internal MISP references
UUID a2d79c6a-16d6-4dbd-b8a5-845dcc36212d
which can be used as unique global reference for Talos MuddyWater Jan 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-22T00:00:00Z |
date_published | 2022-01-31T00:00:00Z |
source | MITRE |
title | Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables |
BitDefender Chafer May 2020
Rusu, B. (2020, May 21). Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia. Retrieved May 22, 2020.
Internal MISP references
UUID 24ea6a5d-2593-4639-8616-72988bf2fa07
which can be used as unique global reference for BitDefender Chafer May 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-22T00:00:00Z |
date_published | 2020-05-21T00:00:00Z |
source | MITRE |
title | Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia |
DHS CISA AA22-055A MuddyWater February 2022
FBI, CISA, CNMF, NCSC-UK. (2022, February 24). Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks. Retrieved September 27, 2022.
Internal MISP references
UUID e76570e1-43ab-4819-80bc-895ede67a205
which can be used as unique global reference for DHS CISA AA22-055A MuddyWater February 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-27T00:00:00Z |
date_published | 2022-02-24T00:00:00Z |
source | MITRE |
title | Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks |
U.S. CISA Advisory November 25 2022
Cybersecurity and Infrastructure Security Agency. (2022, November 25). Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. Retrieved October 25, 2023.
Internal MISP references
UUID daae1f54-8471-4620-82d5-023d04144acd
which can be used as unique global reference for U.S. CISA Advisory November 25 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-25T00:00:00Z |
date_published | 2022-11-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester |
U.S. CISA Iranian Government Actors November 19 2021
Cybersecurity and Infrastructure Security Agency. (2021, November 19). Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities. Retrieved October 25, 2023.
Internal MISP references
UUID d7014279-bc6a-43d4-953a-a6bc1d97a13b
which can be used as unique global reference for U.S. CISA Iranian Government Actors November 19 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-25T00:00:00Z |
date_published | 2021-11-19T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities |
NEWSCASTER2014
Lennon, M. (2014, May 29). Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation. Retrieved March 1, 2017.
Internal MISP references
UUID 9abb4bbb-bad3-4d22-b235-c8a35465f2ce
which can be used as unique global reference for NEWSCASTER2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-01T00:00:00Z |
date_published | 2014-05-29T00:00:00Z |
source | MITRE |
title | Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation |
CYBERCOM Iranian Intel Cyber January 2022
Cyber National Mission Force. (2022, January 12). Iranian intel cyber suite of malware uses open source tools. Retrieved September 30, 2022.
Internal MISP references
UUID 671e1559-c7dc-4cb4-a9a1-21776f2ae56a
which can be used as unique global reference for CYBERCOM Iranian Intel Cyber January 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-30T00:00:00Z |
date_published | 2022-01-12T00:00:00Z |
source | MITRE |
title | Iranian intel cyber suite of malware uses open source tools |
U.S. CISA IRGC Actors September 14 2022
Cybersecurity and Infrastructure Security Agency. (2022, September 14). Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations. Retrieved October 25, 2023.
Internal MISP references
UUID 728b20b0-f702-4dbe-afea-50270648a3a2
which can be used as unique global reference for U.S. CISA IRGC Actors September 14 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-25T00:00:00Z |
date_published | 2022-09-14T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations |
Secureworks Cobalt Gypsy Feb 2017
Counter Threat Unit Research Team. (2017, February 15). Iranian PupyRAT Bites Middle Eastern Organizations. Retrieved December 27, 2017.
Internal MISP references
UUID f9de25b4-5539-4a33-84b5-f26a84544859
which can be used as unique global reference for Secureworks Cobalt Gypsy Feb 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-27T00:00:00Z |
date_published | 2017-02-15T00:00:00Z |
source | MITRE |
title | Iranian PupyRAT Bites Middle Eastern Organizations |
ClearSky OilRig Jan 2017
ClearSky Cybersecurity. (2017, January 5). Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford. Retrieved May 3, 2017.
Internal MISP references
UUID f19f9ad4-bb31-443b-9c26-87946469a0c3
which can be used as unique global reference for ClearSky OilRig Jan 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-05-03T00:00:00Z |
date_published | 2017-01-05T00:00:00Z |
source | MITRE |
title | Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford |
FireEye MuddyWater Mar 2018
Singh, S. et al.. (2018, March 13). Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign. Retrieved April 11, 2018.
Internal MISP references
UUID 82cddfa6-9463-49bb-8bdc-0c7d6b0e1472
which can be used as unique global reference for FireEye MuddyWater Mar 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-11T00:00:00Z |
date_published | 2018-03-13T00:00:00Z |
source | MITRE |
title | Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign |
Check Point APT34 April 2021
Check Point. (2021, April 8). Iran’s APT34 Returns with an Updated Arsenal. Retrieved May 5, 2021.
Internal MISP references
UUID 593e8f9f-88ec-4bdc-90c3-1a320fa8a041
which can be used as unique global reference for Check Point APT34 April 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-05T00:00:00Z |
date_published | 2021-04-08T00:00:00Z |
source | MITRE |
title | Iran’s APT34 Returns with an Updated Arsenal |
Dark Reading APT39 JAN 2019
Higgins, K. (2019, January 30). Iran Ups its Traditional Cyber Espionage Tradecraft. Retrieved May 22, 2020.
Internal MISP references
UUID b310dfa4-f4ee-4a0c-82af-b0fdef1a1f58
which can be used as unique global reference for Dark Reading APT39 JAN 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-22T00:00:00Z |
date_published | 2019-01-30T00:00:00Z |
source | MITRE |
title | Iran Ups its Traditional Cyber Espionage Tradecraft |
U.S. CISA IRGC-Affiliated PLC Activity December 2023
Cybersecurity and Infrastructure Security Agency. (2023, December 1). IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities. Retrieved December 5, 2023.
Internal MISP references
UUID 51a18523-5276-4a67-8644-2bc6997d043c
which can be used as unique global reference for U.S. CISA IRGC-Affiliated PLC Activity December 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-05T00:00:00Z |
date_published | 2023-12-01T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities |
Secureworks IRON HEMLOCK Profile
Secureworks CTU. (n.d.). IRON HEMLOCK. Retrieved February 22, 2022.
Internal MISP references
UUID 36191a48-4661-42ea-b194-2915c9b184f3
which can be used as unique global reference for Secureworks IRON HEMLOCK Profile
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-22T00:00:00Z |
source | MITRE |
title | IRON HEMLOCK |
Secureworks IRON HUNTER Profile
Secureworks CTU. (n.d.). IRON HUNTER. Retrieved February 22, 2022.
Internal MISP references
UUID af5cb7da-61e0-49dc-8132-c019ce5ea6d3
which can be used as unique global reference for Secureworks IRON HUNTER Profile
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-22T00:00:00Z |
source | MITRE |
title | IRON HUNTER |
Secureworks IRON LIBERTY
Secureworks. (n.d.). IRON LIBERTY. Retrieved October 15, 2020.
Internal MISP references
UUID b82ba824-4543-41ec-a686-6479d5f67b4d
which can be used as unique global reference for Secureworks IRON LIBERTY
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-15T00:00:00Z |
source | MITRE |
title | IRON LIBERTY |
Unit 42 IronNetInjector February 2021
Reichel, D. (2021, February 19). IronNetInjector: Turla’s New Malware Loading Tool. Retrieved February 24, 2021.
Internal MISP references
UUID f04c89f7-d951-4ebc-a5e4-2cc69476c43f
which can be used as unique global reference for Unit 42 IronNetInjector February 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-24T00:00:00Z |
date_published | 2021-02-19T00:00:00Z |
source | MITRE |
title | IronNetInjector: Turla’s New Malware Loading Tool |
Secureworks IRON RITUAL Profile
Secureworks CTU. (n.d.). IRON RITUAL. Retrieved February 24, 2022.
Internal MISP references
UUID c1ff66d6-3ea3-4347-8a8b-447cd8b48dab
which can be used as unique global reference for Secureworks IRON RITUAL Profile
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-24T00:00:00Z |
source | MITRE |
title | IRON RITUAL |
Trend Micro Iron Tiger April 2021
Lunghi, D. and Lu, K. (2021, April 9). Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware. Retrieved November 12, 2021.
Internal MISP references
UUID d0890d4f-e7ca-4280-a54e-d147f6dd72aa
which can be used as unique global reference for Trend Micro Iron Tiger April 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-11-12T00:00:00Z |
date_published | 2021-04-09T00:00:00Z |
source | MITRE |
title | Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware |
Lunghi Iron Tiger Linux
Daniel Lunghi. (2023, March 1). Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting. Retrieved March 20, 2023.
Internal MISP references
UUID 1acc2a21-4456-5fbc-9732-87550cea8b53
which can be used as unique global reference for Lunghi Iron Tiger Linux
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-20T00:00:00Z |
date_published | 2023-03-01T00:00:00Z |
source | MITRE |
title | Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting |
Secureworks IRON TILDEN Profile
Secureworks CTU. (n.d.). IRON TILDEN. Retrieved February 24, 2022.
Internal MISP references
UUID 45969d87-02c1-4074-b708-59f4c3e39426
which can be used as unique global reference for Secureworks IRON TILDEN Profile
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-24T00:00:00Z |
source | MITRE |
title | IRON TILDEN |
Secureworks IRON TWILIGHT Profile
Secureworks CTU. (n.d.). IRON TWILIGHT. Retrieved February 28, 2022.
Internal MISP references
UUID 2fc5b9dc-3745-4760-b116-5cc5abb9101d
which can be used as unique global reference for Secureworks IRON TWILIGHT Profile
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-28T00:00:00Z |
source | MITRE |
title | IRON TWILIGHT |
Secureworks IRON TWILIGHT Active Measures March 2017
Secureworks CTU. (2017, March 30). IRON TWILIGHT Supports Active Measures. Retrieved February 28, 2022.
Internal MISP references
UUID 0d28c882-5175-4bcf-9c82-e6c4394326b6
which can be used as unique global reference for Secureworks IRON TWILIGHT Active Measures March 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-28T00:00:00Z |
date_published | 2017-03-30T00:00:00Z |
source | MITRE, Tidal Cyber |
title | IRON TWILIGHT Supports Active Measures |
Secureworks IRON VIKING
Secureworks. (2020, May 1). IRON VIKING Threat Profile. Retrieved June 10, 2020.
Internal MISP references
UUID 900753b3-c5a2-4fb5-ab7b-d38df867077b
which can be used as unique global reference for Secureworks IRON VIKING
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-10T00:00:00Z |
date_published | 2020-05-01T00:00:00Z |
source | MITRE |
title | IRON VIKING Threat Profile |
ESET Hermetic Wizard March 2022
ESET. (2022, March 1). IsaacWiper and HermeticWizard: New wiper and worm targetingUkraine. Retrieved April 10, 2022.
Internal MISP references
UUID e0337ce9-2ca9-4877-b116-8c4d9d864df0
which can be used as unique global reference for ESET Hermetic Wizard March 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-10T00:00:00Z |
date_published | 2022-03-01T00:00:00Z |
source | MITRE |
title | IsaacWiper and HermeticWizard: New wiper and worm targetingUkraine |
Microsoft ISAPICGIRestriction 2016
Microsoft. (2016, September 26). ISAPI/CGI Restrictions
Internal MISP references
UUID 7d42501b-5a6e-4916-aa58-64ce6c00501e
which can be used as unique global reference for Microsoft ISAPICGIRestriction 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-03T00:00:00Z |
date_published | 2016-09-26T00:00:00Z |
source | MITRE |
title | ISAPI/CGI Restrictions |
Microsoft ISAPI Extension Overview 2017
Microsoft. (2017, June 16). ISAPI Extension Overview. Retrieved June 3, 2021.
Internal MISP references
UUID d00a692f-b990-4757-8acd-56818462ac0c
which can be used as unique global reference for Microsoft ISAPI Extension Overview 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-03T00:00:00Z |
date_published | 2017-06-16T00:00:00Z |
source | MITRE |
title | ISAPI Extension Overview |
Microsoft ISAPI Filter Overview 2017
Microsoft. (2017, June 16). ISAPI Filter Overview. Retrieved June 3, 2021.
Internal MISP references
UUID 2fdbf1ba-0480-4d70-9981-3b5967656472
which can be used as unique global reference for Microsoft ISAPI Filter Overview 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-03T00:00:00Z |
date_published | 2017-06-16T00:00:00Z |
source | MITRE |
title | ISAPI Filter Overview |
welivesecurity TCC
Marc-Etienne M.Léveillé. (2022, July 19). I see what you did there: A look at the CloudMensis macOS spyware. Retrieved March 21, 2024.
Internal MISP references
UUID cf42e04a-3593-51ff-bb0b-60d681dc4cd6
which can be used as unique global reference for welivesecurity TCC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-21T00:00:00Z |
date_published | 2022-07-19T00:00:00Z |
source | MITRE |
title | I see what you did there: A look at the CloudMensis macOS spyware |
iSight Sandworm Oct 2014
Ward, S.. (2014, October 14). iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign. Retrieved June 10, 2020.
Internal MISP references
UUID 31262b8d-27fb-4976-9d53-4fb39b5b835a
which can be used as unique global reference for iSight Sandworm Oct 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-10T00:00:00Z |
date_published | 2014-10-14T00:00:00Z |
source | MITRE |
title | iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign |
CrySyS Blog TeamSpy
CrySyS Lab. (2013, March 20). TeamSpy – Obshie manevri. Ispolzovat’ tolko s razreshenija S-a. Retrieved April 11, 2018.
Internal MISP references
UUID f21ea3e2-7983-44d2-b78f-80d84bbc4f52
which can be used as unique global reference for CrySyS Blog TeamSpy
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-11T00:00:00Z |
source | MITRE |
title | Ispolzovat’ tolko s razreshenija S-a |
NYTStuxnet
William J. Broad, John Markoff, and David E. Sanger. (2011, January 15). Israeli Test on Worm Called Crucial in Iran Nuclear Delay. Retrieved March 1, 2017.
Internal MISP references
UUID 38b0cf78-88d0-487f-b2b0-81264f457dd0
which can be used as unique global reference for NYTStuxnet
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-01T00:00:00Z |
date_published | 2011-01-15T00:00:00Z |
source | MITRE |
title | Israeli Test on Worm Called Crucial in Iran Nuclear Delay |
Microsoft Issues with BITS July 2011
Microsoft. (2011, July 19). Issues with BITS. Retrieved January 12, 2018.
Internal MISP references
UUID c67ddc5e-9e6c-40c0-9876-ee191cda7658
which can be used as unique global reference for Microsoft Issues with BITS July 2011
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-12T00:00:00Z |
date_published | 2011-07-19T00:00:00Z |
source | MITRE |
title | Issues with BITS |
Ready.gov IT DRP
Ready.gov. (n.d.). IT Disaster Recovery Plan. Retrieved March 15, 2019.
Internal MISP references
UUID 66da7fcb-421b-4e2f-b575-222f465d5901
which can be used as unique global reference for Ready.gov IT DRP
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-15T00:00:00Z |
source | MITRE |
title | IT Disaster Recovery Plan |
Security Intelligence ITG08 April 2020
Villadsen, O. (2020, April 7). ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework. Retrieved October 8, 2020.
Internal MISP references
UUID 32569f59-14fb-4581-8a42-3bf49fb189e9
which can be used as unique global reference for Security Intelligence ITG08 April 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-08T00:00:00Z |
date_published | 2020-04-07T00:00:00Z |
source | MITRE |
title | ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework |
Talos Frankenstein June 2019
Adamitis, D. et al. (2019, June 4). It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign. Retrieved May 11, 2020.
Internal MISP references
UUID a6faa495-db01-43e8-9db3-d446570802bc
which can be used as unique global reference for Talos Frankenstein June 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-11T00:00:00Z |
date_published | 2019-06-04T00:00:00Z |
source | MITRE |
title | It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign |
AdSecurity Forging Trust Tickets
Metcalf, S. (2015, July 15). It’s All About Trust – Forging Kerberos Trust Tickets to Spoof Access across Active Directory Trusts. Retrieved February 14, 2019.
Internal MISP references
UUID 09d3ccc1-cd8a-4675-88c0-84110f5b8e8b
which can be used as unique global reference for AdSecurity Forging Trust Tickets
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-14T00:00:00Z |
date_published | 2015-07-15T00:00:00Z |
source | MITRE |
title | It’s All About Trust – Forging Kerberos Trust Tickets to Spoof Access across Active Directory Trusts |
It’s Always DarkGate Before the Dawn
Micah Babinski. (2020, October 16). It’s Always DarkGate Before the Dawn. Retrieved October 20, 2023.
Internal MISP references
UUID 0c7c6dfa-2ba9-4f74-aeca-d97dd3a3a1cc
which can be used as unique global reference for It’s Always DarkGate Before the Dawn
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-20T00:00:00Z |
date_published | 2020-10-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | It’s Always DarkGate Before the Dawn |
CitizenLab KeyBoy Nov 2016
Hulcoop, A., et al. (2016, November 17). It’s Parliamentary KeyBoy and the targeting of the Tibetan Community. Retrieved June 13, 2019.
Internal MISP references
UUID a9394372-3981-4f41-ad66-9db343e773b1
which can be used as unique global reference for CitizenLab KeyBoy Nov 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-13T00:00:00Z |
date_published | 2016-11-17T00:00:00Z |
source | MITRE |
title | It’s Parliamentary KeyBoy and the targeting of the Tibetan Community |
Twitter ItsReallyNick Status Update APT32 PubPrn
Carr, N. (2017, December 22). ItsReallyNick Status Update. Retrieved April 9, 2018.
Internal MISP references
UUID 2ca502a2-664c-4b85-9d6c-1bc96dfb8332
which can be used as unique global reference for Twitter ItsReallyNick Status Update APT32 PubPrn
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-09T00:00:00Z |
date_published | 2017-12-22T00:00:00Z |
source | MITRE |
title | ItsReallyNick Status Update |
Volexity Ivanti Global Exploitation January 2024
Gurkok, C. et al. (2024, January 15). Ivanti Connect Secure VPN Exploitation Goes Global. Retrieved February 27, 2024.
Internal MISP references
UUID b96fa4f2-864d-5d88-9a29-b117da8f8c5c
which can be used as unique global reference for Volexity Ivanti Global Exploitation January 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-27T00:00:00Z |
date_published | 2024-01-15T00:00:00Z |
source | MITRE |
title | Ivanti Connect Secure VPN Exploitation Goes Global |
Trend Micro IXESHE 2012
Sancho, D., et al. (2012, May 22). IXESHE An APT Campaign. Retrieved June 7, 2019.
Internal MISP references
UUID fcea0121-cd45-4b05-8c3f-f8dad8c790b3
which can be used as unique global reference for Trend Micro IXESHE 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-07T00:00:00Z |
date_published | 2012-05-22T00:00:00Z |
source | MITRE |
title | IXESHE An APT Campaign |
James TermServ DLL
James. (2019, July 14). @James_inthe_box. Retrieved March 28, 2022.
Internal MISP references
UUID 5a9e4f0f-83d6-4f18-a358-a9ad450c2734
which can be used as unique global reference for James TermServ DLL
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-28T00:00:00Z |
date_published | 2019-07-14T00:00:00Z |
source | MITRE |
title | @James_inthe_box |
Jamfsoftware 3 29 2024
March. (2024, March 29). Jamf Threat Labs dissects infostealer malware. Retrieved April 5, 2024.
Internal MISP references
UUID 8b8fedb6-0922-441a-8e17-6bd92055a9b0
which can be used as unique global reference for Jamfsoftware 3 29 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-05T00:00:00Z |
date_published | 2024-03-29T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Jamf Threat Labs dissects infostealer malware |
Symantec Cicada November 2020
Symantec. (2020, November 17). Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign. Retrieved December 17, 2020.
Internal MISP references
UUID 28a7bbd8-d664-4234-9311-2befe0238b5b
which can be used as unique global reference for Symantec Cicada November 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-17T00:00:00Z |
date_published | 2020-11-17T00:00:00Z |
source | MITRE |
title | Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign |
Carbon Black JCry May 2019
Lee, S.. (2019, May 14). JCry Ransomware. Retrieved June 18, 2019.
Internal MISP references
UUID deb97163-323a-493a-9c73-b41c8c5e5cd1
which can be used as unique global reference for Carbon Black JCry May 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-18T00:00:00Z |
date_published | 2019-05-14T00:00:00Z |
source | MITRE |
title | JCry Ransomware |
ClearSky CopyKittens March 2017
ClearSky Cyber Security. (2017, March 30). Jerusalem Post and other Israeli websites compromised by Iranian threat agent CopyKitten. Retrieved August 21, 2017.
Internal MISP references
UUID f5a42615-0e4e-4d43-937d-05d2efe636cf
which can be used as unique global reference for ClearSky CopyKittens March 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-08-21T00:00:00Z |
date_published | 2017-03-30T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Jerusalem Post and other Israeli websites compromised by Iranian threat agent CopyKitten |
Joe Sandbox 23893f035f8564dfea5030b9fdd54120d96072bb
Joe Sandbox. (n.d.). Joe Sandbox 23893f035f8564dfea5030b9fdd54120d96072bb. Retrieved October 20, 2023.
Internal MISP references
UUID c2a10cde-2c20-4090-9e8d-ca60edf07a2e
which can be used as unique global reference for Joe Sandbox 23893f035f8564dfea5030b9fdd54120d96072bb
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Joe Sandbox 23893f035f8564dfea5030b9fdd54120d96072bb |
Joe Slowik August 2019
Joe Slowik. (2019, August 15) CRASHOVERRIDE: Reassessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack. Retrieved October 22, 2019
Internal MISP references
UUID 7297ee41-b26e-5762-8b0f-7dcdf780f86a
which can be used as unique global reference for Joe Slowik August 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-22T00:00:00Z |
source | MITRE |
title | Joe Slowik August 2019 |
US District Court of DC Phosphorus Complaint 2019
US District Court of DC. (2019, March 14). MICROSOFT CORPORATION v. JOHN DOES 1-2, CONTROLLING A COMPUTER NETWORK AND THEREBY INJURING PLAINTIFF AND ITS CUSTOMERS. Retrieved March 8, 2021.
Internal MISP references
UUID 8f73a709-fb7e-4d9e-9743-4ba39ea26ea8
which can be used as unique global reference for US District Court of DC Phosphorus Complaint 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-08T00:00:00Z |
source | MITRE |
title | JOHN DOES 1-2, CONTROLLING A COMPUTER NETWORK AND THEREBY INJURING PLAINTIFF AND ITS CUSTOMERS |
NCSC Joint Report Public Tools
The Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), CERT New Zealand, the UK National Cyber Security Centre (UK NCSC) and the US National Cybersecurity and Communications Integration Center (NCCIC). (2018, October 11). Joint report on publicly available hacking tools. Retrieved March 11, 2019.
Internal MISP references
UUID 601d88c5-4789-4fa8-a9ab-abc8137f061c
which can be used as unique global reference for NCSC Joint Report Public Tools
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-11T00:00:00Z |
date_published | 2018-10-11T00:00:00Z |
source | MITRE |
title | Joint report on publicly available hacking tools |
USG Joint Statement SolarWinds January 2021
FBI, CISA, ODNI, NSA. (2022, January 5). Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA). Retrieved March 26, 2023.
Internal MISP references
UUID 336a6549-a95d-5763-bbaf-5ef0d3141800
which can be used as unique global reference for USG Joint Statement SolarWinds January 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-26T00:00:00Z |
date_published | 2022-01-05T00:00:00Z |
source | MITRE |
title | Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA) |
Jsc.exe - LOLBAS Project
LOLBAS. (2019, May 31). Jsc.exe. Retrieved December 4, 2023.
Internal MISP references
UUID ae25ff74-05eb-46d7-9c60-4c149b7c7f1f
which can be used as unique global reference for Jsc.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2019-05-31T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Jsc.exe |
Juniper Netscreen of the Dead
Graeme Neilson . (2009, August). Juniper Netscreen of the Dead. Retrieved October 20, 2020.
Internal MISP references
UUID 3b87bd85-c6dd-4bd9-9427-33b5bd84db4a
which can be used as unique global reference for Juniper Netscreen of the Dead
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2009-08-01T00:00:00Z |
source | MITRE |
title | Juniper Netscreen of the Dead |
Microsoft PS JEA
Microsoft. (2022, November 17). Just Enough Administration. Retrieved March 27, 2023.
Internal MISP references
UUID 09c99ca2-5f10-5f78-9ba3-5e0e79ce8d96
which can be used as unique global reference for Microsoft PS JEA
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-27T00:00:00Z |
date_published | 2022-11-17T00:00:00Z |
source | MITRE |
title | Just Enough Administration |
Justice GRU 2024
Office of Public Affairs. (2024, February 15). Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU). Retrieved March 28, 2024.
Internal MISP references
UUID 957488f8-c2a8-54b0-a3cb-7b510640a2c4
which can be used as unique global reference for Justice GRU 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-28T00:00:00Z |
date_published | 2024-02-15T00:00:00Z |
source | MITRE |
title | Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU) |
U.S. Justice Department GRU Botnet February 2024
Office of Public Affairs. (2024, February 15). Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU). Retrieved February 29, 2024.
Internal MISP references
UUID 26a554dc-39c0-4638-902d-7e84fe01b961
which can be used as unique global reference for U.S. Justice Department GRU Botnet February 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-29T00:00:00Z |
date_published | 2024-02-15T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU) |
Azure Active Directory Reconnaisance
Dr. Nestori Syynimaa. (2020, June 13). Just looking: Azure Active Directory reconnaissance as an outsider. Retrieved May 27, 2022.
Internal MISP references
UUID 42dad2a3-5b33-4be4-a19b-58a27fb3ee5d
which can be used as unique global reference for Azure Active Directory Reconnaisance
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-27T00:00:00Z |
date_published | 2020-06-13T00:00:00Z |
source | MITRE |
title | Just looking: Azure Active Directory reconnaissance as an outsider |
Azure AD Recon
Dr. Nestori Syynimaa. (2020, June 13). Just looking: Azure Active Directory reconnaissance as an outsider. Retrieved February 1, 2022.
Internal MISP references
UUID 16565eaf-44fb-44f4-b490-40dc1160ff2b
which can be used as unique global reference for Azure AD Recon
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-01T00:00:00Z |
date_published | 2020-06-13T00:00:00Z |
source | MITRE |
title | Just looking: Azure Active Directory reconnaissance as an outsider |
intezer-kaiji-malware
Paul Litvak. (2020, May 4). Kaiji: New Chinese Linux malware turning to Golang. Retrieved December 17, 2020.
Internal MISP references
UUID ef1fbb40-da6f-41d0-a44a-9ff444e2ad89
which can be used as unique global reference for intezer-kaiji-malware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-17T00:00:00Z |
date_published | 2020-05-04T00:00:00Z |
source | MITRE |
title | Kaiji: New Chinese Linux malware turning to Golang |
Kali Redsnarf
NCC Group PLC. (2016, November 1). Kali Redsnarf. Retrieved December 11, 2017.
Internal MISP references
UUID 459fcde2-7ac3-4640-a5bc-cd8750e54962
which can be used as unique global reference for Kali Redsnarf
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-11T00:00:00Z |
date_published | 2016-11-01T00:00:00Z |
source | MITRE |
title | Kali Redsnarf |
TrustedSignal Service Failure
Hull, D. (2014, May 3). Kansa: Service related collectors and analysis. Retrieved October 10, 2019.
Internal MISP references
UUID 58d5bc0b-8548-4c3a-8302-e07df3b961ff
which can be used as unique global reference for TrustedSignal Service Failure
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-10T00:00:00Z |
date_published | 2014-05-03T00:00:00Z |
source | MITRE |
title | Kansa: Service related collectors and analysis |
Kansa Service related collectors
Hull, D.. (2014, May 3). Kansa: Service related collectors and analysis. Retrieved October 10, 2019.
Internal MISP references
UUID d854f84a-4d70-4ef4-9197-d8f5396feabb
which can be used as unique global reference for Kansa Service related collectors
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-10T00:00:00Z |
date_published | 2014-05-03T00:00:00Z |
source | MITRE |
title | Kansa: Service related collectors and analysis |
U.S. CISA Karakurt December 12 2023
Cybersecurity and Infrastructure Security Agency. (2023, December 12). Karakurt Data Extortion Group. Retrieved May 1, 2024.
Internal MISP references
UUID ca7ae918-5fbb-472a-b9fa-8e0eaee93af7
which can be used as unique global reference for U.S. CISA Karakurt December 12 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-05-01T00:00:00Z |
date_published | 2023-12-12T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Karakurt Data Extortion Group |
CISA Karakurt 2022
Cybersecurity Infrastructure and Defense Agency. (2022, June 2). Karakurt Data Extortion Group. Retrieved March 10, 2023.
Internal MISP references
UUID 5a9a79fa-532b-582b-9741-cb732803cd22
which can be used as unique global reference for CISA Karakurt 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-10T00:00:00Z |
date_published | 2022-06-02T00:00:00Z |
source | MITRE |
title | Karakurt Data Extortion Group |
Kaspersky Lab SynAck May 2018
Bettencourt, J. (2018, May 7). Kaspersky Lab finds new variant of SynAck ransomware using sophisticated Doppelgänging technique. Retrieved May 24, 2018.
Internal MISP references
UUID bbb9bcb5-cd44-4dcb-a7e5-f6c4cf93f74f
which can be used as unique global reference for Kaspersky Lab SynAck May 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-24T00:00:00Z |
date_published | 2018-05-07T00:00:00Z |
source | MITRE |
title | Kaspersky Lab finds new variant of SynAck ransomware using sophisticated Doppelgänging technique |
Unit 42 Kazuar May 2017
Levene, B, et al. (2017, May 03). Kazuar: Multiplatform Espionage Backdoor with API Access. Retrieved July 17, 2018.
Internal MISP references
UUID 07e64ee6-3d3e-49e4-bb06-ff5897e26ea9
which can be used as unique global reference for Unit 42 Kazuar May 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-17T00:00:00Z |
date_published | 2017-05-03T00:00:00Z |
source | MITRE |
title | Kazuar: Multiplatform Espionage Backdoor with API Access |
Citizen Lab Stealth Falcon May 2016
Marczak, B. and Scott-Railton, J.. (2016, May 29). Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents. Retrieved June 8, 2016.
Internal MISP references
UUID 11f46b1e-a141-4d25-bff0-e955251be7f5
which can be used as unique global reference for Citizen Lab Stealth Falcon May 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-08T00:00:00Z |
date_published | 2016-05-29T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents |
Github KeeThief
Lee, C., Schoreder, W. (n.d.). KeeThief. Retrieved February 8, 2021.
Internal MISP references
UUID 3b6231fb-5b52-4a3a-a21f-0881901d0037
which can be used as unique global reference for Github KeeThief
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-08T00:00:00Z |
source | MITRE |
title | KeeThief |
Kekeo
Benjamin Delpy. (n.d.). Kekeo. Retrieved October 4, 2021.
Internal MISP references
UUID 0b69f0f5-dd4a-4926-9369-8253a0c3ddea
which can be used as unique global reference for Kekeo
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-04T00:00:00Z |
source | MITRE |
title | Kekeo |
Harmj0y Kerberoast Nov 2016
Schroeder, W. (2016, November 1). Kerberoasting Without Mimikatz. Retrieved March 23, 2018.
Internal MISP references
UUID 6f1f8bc3-421e-46ff-88e3-48fcc6f7b76a
which can be used as unique global reference for Harmj0y Kerberoast Nov 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-23T00:00:00Z |
date_published | 2016-11-01T00:00:00Z |
source | MITRE |
title | Kerberoasting Without Mimikatz |
ADSecurity Kerberos Ring Decoder
Sean Metcalf. (2014, September 12). Kerberos, Active Directory’s Secret Decoder Ring. Retrieved February 27, 2020.
Internal MISP references
UUID 5f78a554-2d5c-49af-8c6c-6e10f9aec997
which can be used as unique global reference for ADSecurity Kerberos Ring Decoder
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-27T00:00:00Z |
date_published | 2014-09-12T00:00:00Z |
source | MITRE |
title | Kerberos, Active Directory’s Secret Decoder Ring |
macOS kerberos framework MIT
Massachusetts Institute of Technology. (2007, October 27). Kerberos for Macintosh Preferences Documentation. Retrieved October 6, 2021.
Internal MISP references
UUID 8e09346b-03ce-4627-a365-f2f63089d1e0
which can be used as unique global reference for macOS kerberos framework MIT
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-06T00:00:00Z |
date_published | 2007-10-27T00:00:00Z |
source | MITRE |
title | Kerberos for Macintosh Preferences Documentation |
Microsoft Kerberos Golden Ticket
Microsoft. (2015, March 24). Kerberos Golden Ticket Check (Updated). Retrieved February 27, 2020.
Internal MISP references
UUID 2d8790db-b088-40d0-be99-acd3e695c7a6
which can be used as unique global reference for Microsoft Kerberos Golden Ticket
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-27T00:00:00Z |
date_published | 2015-03-24T00:00:00Z |
source | MITRE |
title | Kerberos Golden Ticket Check (Updated) |
CERT-EU Golden Ticket Protection
Abolins, D., Boldea, C., Socha, K., Soria-Machado, M. (2016, April 26). Kerberos Golden Ticket Protection. Retrieved July 13, 2017.
Internal MISP references
UUID 268f9cfa-71f4-4cb1-96f3-c61e71892d30
which can be used as unique global reference for CERT-EU Golden Ticket Protection
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-13T00:00:00Z |
date_published | 2016-04-26T00:00:00Z |
source | MITRE |
title | Kerberos Golden Ticket Protection |
AdSecurity Kerberos GT Aug 2015
Metcalf, S. (2015, August 7). Kerberos Golden Tickets are Now More Golden. Retrieved December 1, 2017.
Internal MISP references
UUID aac51d49-9a72-4456-8539-8a5f5d0ef7d7
which can be used as unique global reference for AdSecurity Kerberos GT Aug 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-01T00:00:00Z |
date_published | 2015-08-07T00:00:00Z |
source | MITRE |
title | Kerberos Golden Tickets are Now More Golden |
ADSecurity Kerberos and KRBTGT
Sean Metcalf. (2014, November 10). Kerberos & KRBTGT: Active Directory’s Domain Kerberos Service Account. Retrieved January 30, 2020.
Internal MISP references
UUID 6e61f3e1-35e6-44f4-9bc4-60b2bcb71b15
which can be used as unique global reference for ADSecurity Kerberos and KRBTGT
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-01-30T00:00:00Z |
date_published | 2014-11-10T00:00:00Z |
source | MITRE |
title | Kerberos & KRBTGT: Active Directory’s Domain Kerberos Service Account |
Microsoft Kerberos Preauth 2014
Sanyal, M.. (2014, March 18). Kerberos Pre-Authentication: Why It Should Not Be Disabled. Retrieved August 25, 2020.
Internal MISP references
UUID 328953ed-93c7-46c0-9a05-53dc44d294fe
which can be used as unique global reference for Microsoft Kerberos Preauth 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-25T00:00:00Z |
date_published | 2014-03-18T00:00:00Z |
source | MITRE |
title | Kerberos Pre-Authentication: Why It Should Not Be Disabled |
Linux Kerberos Tickets
Trevor Haskell. (2020, April 1). Kerberos Tickets on Linux Red Teams. Retrieved October 4, 2021.
Internal MISP references
UUID 5aea042f-4eb1-4092-89be-3db695053470
which can be used as unique global reference for Linux Kerberos Tickets
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-04T00:00:00Z |
date_published | 2020-04-01T00:00:00Z |
source | MITRE |
title | Kerberos Tickets on Linux Red Teams |
Kernel Self Protection Project
Kernel.org. (2020, February 6). Kernel Self-Protection. Retrieved June 4, 2020.
Internal MISP references
UUID b75466f2-c20e-4c4a-b71b-e91fb39cfcd3
which can be used as unique global reference for Kernel Self Protection Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-04T00:00:00Z |
date_published | 2020-02-06T00:00:00Z |
source | MITRE |
title | Kernel Self-Protection |
Rapid7 KeyBoy Jun 2013
Guarnieri, C., Schloesser M. (2013, June 7). KeyBoy, Targeted Attacks against Vietnam and India. Retrieved June 14, 2019.
Internal MISP references
UUID e549add8-1dfd-40d6-8974-35e1a38a707b
which can be used as unique global reference for Rapid7 KeyBoy Jun 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-14T00:00:00Z |
date_published | 2013-06-07T00:00:00Z |
source | MITRE |
title | KeyBoy, Targeted Attacks against Vietnam and India |
Keychain Items Apple Dev API
Apple. (n.d.). Keychain Items. Retrieved April 12, 2022.
Internal MISP references
UUID 4e499819-b910-4c07-a8b4-a7d40f2c0ac4
which can be used as unique global reference for Keychain Items Apple Dev API
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-12T00:00:00Z |
source | MITRE |
title | Keychain Items |
Keychain Services Apple
Apple. (n.d.). Keychain Services. Retrieved April 11, 2022.
Internal MISP references
UUID 0754f48d-dad8-480c-953c-256be4dfcfc3
which can be used as unique global reference for Keychain Services Apple
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-11T00:00:00Z |
source | MITRE |
title | Keychain Services |
Wikipedia keychain
Wikipedia. (n.d.). Keychain (software). Retrieved July 5, 2017.
Internal MISP references
UUID 8aac5356-31cb-4e0b-a766-9aa07d977acd
which can be used as unique global reference for Wikipedia keychain
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-05T00:00:00Z |
source | MITRE |
title | Keychain (software) |
Keyctl-unmask
Mark Manning. (2020, July 23). Keyctl-unmask: "Going Florida" on The State Of Containerizing Linux Keyrings. Retrieved July 6, 2022.
Internal MISP references
UUID 75db8c88-e547-4d1b-8f22-6ace2b3d7ad4
which can be used as unique global reference for Keyctl-unmask
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-06T00:00:00Z |
date_published | 2020-07-23T00:00:00Z |
source | MITRE |
title | Keyctl-unmask: "Going Florida" on The State Of Containerizing Linux Keyrings |
Google Cloud Encryption Key Rotation
Google. (n.d.). Key rotation. Retrieved October 18, 2019.
Internal MISP references
UUID 4ba76434-f5ca-4a1d-b111-9292f6debfdb
which can be used as unique global reference for Google Cloud Encryption Key Rotation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-18T00:00:00Z |
source | MITRE |
title | Key rotation |
KillDisk Ransomware
Catalin Cimpanu. (2016, December 29). KillDisk Disk-Wiping Malware Adds Ransomware Component. Retrieved January 12, 2021.
Internal MISP references
UUID 9d22f13d-af6d-47b5-93ed-5e4b85b94978
which can be used as unique global reference for KillDisk Ransomware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-12T00:00:00Z |
date_published | 2016-12-29T00:00:00Z |
source | MITRE |
title | KillDisk Disk-Wiping Malware Adds Ransomware Component |
Trend Micro KillDisk 1
Fernando Merces, Byron Gelera, Martin Co. (2018, June 7). KillDisk Variant Hits Latin American Finance Industry. Retrieved January 12, 2021.
Internal MISP references
UUID 8ae31db0-2744-4366-9747-55fc4679dbf5
which can be used as unique global reference for Trend Micro KillDisk 1
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-12T00:00:00Z |
date_published | 2018-06-07T00:00:00Z |
source | MITRE |
title | KillDisk Variant Hits Latin American Finance Industry |
Trend Micro KillDisk 2
Gilbert Sison, Rheniel Ramos, Jay Yaneza, Alfredo Oliveira. (2018, January 15). KillDisk Variant Hits Latin American Financial Groups. Retrieved January 12, 2021.
Internal MISP references
UUID 62d9a4c9-e669-4dd4-a584-4f3e3e54f97f
which can be used as unique global reference for Trend Micro KillDisk 2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-12T00:00:00Z |
date_published | 2018-01-15T00:00:00Z |
source | MITRE |
title | KillDisk Variant Hits Latin American Financial Groups |
Killing IOS diversity myth
Ang Cui, Jatin Kataria, Salvatore J. Stolfo. (2011, August). Killing the myth of Cisco IOS diversity: recent advances in reliable shellcode design. Retrieved October 20, 2020.
Internal MISP references
UUID 19d7ccc6-76ed-4b12-af50-f810fbc22037
which can be used as unique global reference for Killing IOS diversity myth
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2011-08-01T00:00:00Z |
source | MITRE |
title | Killing the myth of Cisco IOS diversity: recent advances in reliable shellcode design |
Killing the myth of Cisco IOS rootkits
Sebastian 'topo' Muñiz. (2008, May). Killing the myth of Cisco IOS rootkits. Retrieved October 20, 2020.
Internal MISP references
UUID 538070d6-fbdb-4cc9-8ddf-c331e4375cfb
which can be used as unique global reference for Killing the myth of Cisco IOS rootkits
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2008-05-01T00:00:00Z |
source | MITRE |
title | Killing the myth of Cisco IOS rootkits |
Vedere Labs Killnet 2022
Vedere Labs. (2022, June 2). Killnet: Analysis of Attacks from a Prominent Pro-Russian Hacktivist Group. Retrieved October 9, 2023.
Internal MISP references
UUID 628a9288-ae87-4deb-92ce-081ba88c15be
which can be used as unique global reference for Vedere Labs Killnet 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-09T00:00:00Z |
date_published | 2022-06-02T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Killnet: Analysis of Attacks from a Prominent Pro-Russian Hacktivist Group |
Flashpoint Glossary Killnet
Flashpoint. (n.d.). Killnet: Inside the World’s Most Prominent Pro-Kremlin Hacktivist Collective. Retrieved October 10, 2023.
Internal MISP references
UUID 502cc03b-350b-4e2d-9436-364c43a0a203
which can be used as unique global reference for Flashpoint Glossary Killnet
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-10T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Killnet: Inside the World’s Most Prominent Pro-Kremlin Hacktivist Collective |
Malwarebytes Kimsuky June 2021
Jazi, H. (2021, June 1). Kimsuky APT continues to target South Korean government using AppleSeed backdoor. Retrieved June 10, 2021.
Internal MISP references
UUID 9a497c56-f1d3-4889-8c1a-14b013f14668
which can be used as unique global reference for Malwarebytes Kimsuky June 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-10T00:00:00Z |
date_published | 2021-06-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Kimsuky APT continues to target South Korean government using AppleSeed backdoor |
Kimsuky Malwarebytes
Hossein Jazi. (2021, June 1). Kimsuky APT continues to target South Korean government using AppleSeed backdoor. Retrieved January 10, 2024.
Internal MISP references
UUID 8b0dd1d7-dc9c-50d3-a47e-20304591ac40
which can be used as unique global reference for Kimsuky Malwarebytes
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-10T00:00:00Z |
date_published | 2021-06-01T00:00:00Z |
source | MITRE |
title | Kimsuky APT continues to target South Korean government using AppleSeed backdoor |
VirusBulletin Kimsuky October 2019
Kim, J. et al. (2019, October). KIMSUKY GROUP: TRACKING THE KING OF THE SPEAR PHISHING. Retrieved November 2, 2020.
Internal MISP references
UUID e9a8db17-8b10-44c2-a0e1-88e6bcfb67f1
which can be used as unique global reference for VirusBulletin Kimsuky October 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-02T00:00:00Z |
date_published | 2019-10-01T00:00:00Z |
source | MITRE |
title | KIMSUKY GROUP: TRACKING THE KING OF THE SPEAR PHISHING |
EST Kimsuky April 2019
Alyac. (2019, April 3). Kimsuky Organization Steals Operation Stealth Power. Retrieved August 13, 2019.
Internal MISP references
UUID 8e52db6b-5ac3-448a-93f6-96a21787a346
which can be used as unique global reference for EST Kimsuky April 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-08-13T00:00:00Z |
date_published | 2019-04-03T00:00:00Z |
source | MITRE |
title | Kimsuky Organization Steals Operation Stealth Power |
ThreatConnect Kimsuky September 2020
ThreatConnect. (2020, September 28). Kimsuky Phishing Operations Putting In Work. Retrieved October 30, 2020.
Internal MISP references
UUID 45d64462-2bed-46e8-ac52-9d4914608a93
which can be used as unique global reference for ThreatConnect Kimsuky September 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-30T00:00:00Z |
date_published | 2020-09-28T00:00:00Z |
source | MITRE |
title | Kimsuky Phishing Operations Putting In Work |
BRI Kimsuky April 2019
BRI. (2019, April). Kimsuky unveils APT campaign 'Smoke Screen' aimed at Korea and America. Retrieved October 7, 2019.
Internal MISP references
UUID b72dd3a1-62ca-4a05-96a8-c4bddb17db50
which can be used as unique global reference for BRI Kimsuky April 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-07T00:00:00Z |
date_published | 2019-04-01T00:00:00Z |
source | MITRE |
title | Kimsuky unveils APT campaign 'Smoke Screen' aimed at Korea and America |
Microsoft Klist
Microsoft. (2021, March 3). klist. Retrieved October 14, 2021.
Internal MISP references
UUID f500340f-23fc-406a-97ef-0de787ef8cec
which can be used as unique global reference for Microsoft Klist
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-14T00:00:00Z |
date_published | 2021-03-03T00:00:00Z |
source | MITRE |
title | klist |
FireEye Know Your Enemy FIN8 Aug 2016
Elovitz, S. & Ahl, I. (2016, August 18). Know Your Enemy: New Financially-Motivated & Spear-Phishing Group. Retrieved February 26, 2018.
Internal MISP references
UUID 0119687c-b46b-4b5f-a6d8-affa14258392
which can be used as unique global reference for FireEye Know Your Enemy FIN8 Aug 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-26T00:00:00Z |
date_published | 2016-08-18T00:00:00Z |
source | MITRE |
title | Know Your Enemy: New Financially-Motivated & Spear-Phishing Group |
Github Koadic
Magius, J., et al. (2017, July 19). Koadic. Retrieved June 18, 2018.
Internal MISP references
UUID 54cbf1bd-9aed-4f82-8c15-6e88dd5d8d64
which can be used as unique global reference for Github Koadic
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-06-18T00:00:00Z |
date_published | 2017-07-19T00:00:00Z |
source | MITRE |
title | Koadic |
ESET Kobalos Feb 2021
M.Leveille, M., Sanmillan, I. (2021, February 2). Kobalos – A complex Linux threat to high performance computing infrastructure. Retrieved August 24, 2021.
Internal MISP references
UUID 883a9417-f7f6-4aa6-8708-8c320d4e0a7a
which can be used as unique global reference for ESET Kobalos Feb 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-24T00:00:00Z |
date_published | 2021-02-02T00:00:00Z |
source | MITRE |
title | Kobalos – A complex Linux threat to high performance computing infrastructure |
Talos Konni May 2017
Rascagneres, P. (2017, May 03). KONNI: A Malware Under The Radar For Years. Retrieved November 5, 2018.
Internal MISP references
UUID 4cb69c58-4e47-4fb9-9eef-8a0b5447a553
which can be used as unique global reference for Talos Konni May 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-05T00:00:00Z |
date_published | 2017-05-03T00:00:00Z |
source | MITRE |
title | KONNI: A Malware Under The Radar For Years |
Malwarebytes KONNI Evolves Jan 2022
Santos, R. (2022, January 26). KONNI evolves into stealthier RAT. Retrieved April 13, 2022.
Internal MISP references
UUID 5dbb84dc-a991-4fa7-8528-639b1430ca02
which can be used as unique global reference for Malwarebytes KONNI Evolves Jan 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-13T00:00:00Z |
date_published | 2022-01-26T00:00:00Z |
source | MITRE |
title | KONNI evolves into stealthier RAT |
Talos Group123
Mercer, W., Rascagneres, P. (2018, January 16). Korea In The Crosshairs. Retrieved May 21, 2018.
Internal MISP references
UUID bf8b2bf0-cca3-437b-a640-715f9cc945f7
which can be used as unique global reference for Talos Group123
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-21T00:00:00Z |
date_published | 2018-01-16T00:00:00Z |
source | MITRE |
title | Korea In The Crosshairs |
Kube Kubectl
kubernetes. (n.d.). kubectl. Retrieved October 13, 2021.
Internal MISP references
UUID 5aae1cd7-4e24-40a5-90d8-1f6431851a8f
which can be used as unique global reference for Kube Kubectl
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-13T00:00:00Z |
source | MITRE |
title | kubectl |
Kubernetes Kubelet
The Kubernetes Authors. (n.d.). Kubelet. Retrieved March 29, 2021.
Internal MISP references
UUID 57527fb9-d076-4ce1-afb5-e7bdb9c9d74c
which can be used as unique global reference for Kubernetes Kubelet
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-29T00:00:00Z |
source | MITRE |
title | Kubelet |
Kubernetes CronJob
The Kubernetes Authors. (n.d.). Kubernetes CronJob. Retrieved March 29, 2021.
Internal MISP references
UUID 354d242c-227e-4827-b559-dc1650d37acd
which can be used as unique global reference for Kubernetes CronJob
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-29T00:00:00Z |
source | MITRE |
title | Kubernetes CronJob |
Kubernetes Hardening Guide
National Security Agency, Cybersecurity and Infrastructure Security Agency. (2022, March). Kubernetes Hardening Guide. Retrieved April 1, 2022.
Internal MISP references
UUID e423b14c-dd39-4b36-9b95-96efbcaf0a12
which can be used as unique global reference for Kubernetes Hardening Guide
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-01T00:00:00Z |
date_published | 2022-03-01T00:00:00Z |
source | MITRE |
title | Kubernetes Hardening Guide |
Kubernetes Jobs
The Kubernetes Authors. (n.d.). Kubernetes Jobs. Retrieved March 30, 2021.
Internal MISP references
UUID 21a4388d-dbf8-487b-a2a2-67927b099e4a
which can be used as unique global reference for Kubernetes Jobs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-30T00:00:00Z |
source | MITRE |
title | Kubernetes Jobs |
AppSecco Kubernetes Namespace Breakout 2020
Abhisek Datta. (2020, March 18). Kubernetes Namespace Breakout using Insecure Host Path Volume — Part 1. Retrieved January 16, 2024.
Internal MISP references
UUID 85852b3e-f6a3-5406-9dd5-a649358a53de
which can be used as unique global reference for AppSecco Kubernetes Namespace Breakout 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-16T00:00:00Z |
date_published | 2020-03-18T00:00:00Z |
source | MITRE |
title | Kubernetes Namespace Breakout using Insecure Host Path Volume — Part 1 |
Kubernetes Dashboard
The Kubernetes Authors. (n.d.). Kubernetes Web UI (Dashboard). Retrieved March 29, 2021.
Internal MISP references
UUID 02f23351-df83-4aae-a0bd-614ed91bc683
which can be used as unique global reference for Kubernetes Dashboard
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-29T00:00:00Z |
source | MITRE |
title | Kubernetes Web UI (Dashboard) |
Intezer App Service Phishing
Paul Litvak. (2020, October 8). Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure. Retrieved August 18, 2022.
Internal MISP references
UUID e86abbd9-f349-4d90-8ec9-899fe1637f94
which can be used as unique global reference for Intezer App Service Phishing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-18T00:00:00Z |
date_published | 2020-10-08T00:00:00Z |
source | MITRE |
title | Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure |
Alintanahin 2014
Alintanahin, K. (2014, March 13). Kunming Attack Leads to Gh0st RAT Variant. Retrieved November 12, 2014.
Internal MISP references
UUID 1c5ee0d2-4d6c-4a5f-9790-79bfb7abc53f
which can be used as unique global reference for Alintanahin 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
date_published | 2014-03-13T00:00:00Z |
source | MITRE |
title | Kunming Attack Leads to Gh0st RAT Variant |
Wits End and Shady PowerShell Profiles
DeRyke, A.. (2019, June 7). Lab Notes: Persistence and Privilege Elevation using the Powershell Profile. Retrieved July 8, 2019.
Internal MISP references
UUID 8fcbd99a-1fb8-4ca3-9efd-a98734d4397d
which can be used as unique global reference for Wits End and Shady PowerShell Profiles
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-08T00:00:00Z |
date_published | 2019-06-07T00:00:00Z |
source | MITRE |
title | Lab Notes: Persistence and Privilege Elevation using the Powershell Profile |
AWS Lambda Execution Role
AWS. (n.d.). Lambda execution role. Retrieved February 28, 2024.
Internal MISP references
UUID 18e41da7-8dd3-569b-a54d-253aa8cd22ff
which can be used as unique global reference for AWS Lambda Execution Role
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-28T00:00:00Z |
source | MITRE |
title | Lambda execution role |
NCC Group LAPSUS Apr 2022
Brown, D., et al. (2022, April 28). LAPSUS$: Recent techniques, tactics and procedures. Retrieved December 22, 2022.
Internal MISP references
UUID d2e7c69d-8a10-51ca-af7b-22d08f4dfe45
which can be used as unique global reference for NCC Group LAPSUS Apr 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-12-22T00:00:00Z |
date_published | 2022-04-28T00:00:00Z |
source | MITRE |
title | LAPSUS$: Recent techniques, tactics and procedures |
BBC LAPSUS Apr 2022
BBC. (2022, April 1). LAPSUS: Two UK Teenagers Charged with Hacking for Gang. Retrieved June 9, 2022.
Internal MISP references
UUID 6c9f4312-6c9d-401c-b20f-12ce50c94a96
which can be used as unique global reference for BBC LAPSUS Apr 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-09T00:00:00Z |
date_published | 2022-04-01T00:00:00Z |
source | MITRE |
title | LAPSUS: Two UK Teenagers Charged with Hacking for Gang |
Enigma Excel DCOM Sept 2017
Nelson, M. (2017, September 11). Lateral Movement using Excel.Application and DCOM. Retrieved November 21, 2017.
Internal MISP references
UUID 953dc856-d906-4d87-a421-4e708f30208c
which can be used as unique global reference for Enigma Excel DCOM Sept 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-21T00:00:00Z |
date_published | 2017-09-11T00:00:00Z |
source | MITRE |
title | Lateral Movement using Excel.Application and DCOM |
Enigma Outlook DCOM Lateral Movement Nov 2017
Nelson, M. (2017, November 16). Lateral Movement using Outlook's CreateObject Method and DotNetToJScript. Retrieved November 21, 2017.
Internal MISP references
UUID 48c8b8c4-1ce2-4fbc-a95d-dc8b39304200
which can be used as unique global reference for Enigma Outlook DCOM Lateral Movement Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-21T00:00:00Z |
date_published | 2017-11-16T00:00:00Z |
source | MITRE |
title | Lateral Movement using Outlook's CreateObject Method and DotNetToJScript |
Enigma MMC20 COM Jan 2017
Nelson, M. (2017, January 5). Lateral Movement using the MMC20 Application COM Object. Retrieved November 21, 2017.
Internal MISP references
UUID ecc1023d-ef37-46e3-8dce-8fd5bb6a10dc
which can be used as unique global reference for Enigma MMC20 COM Jan 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-21T00:00:00Z |
date_published | 2017-01-05T00:00:00Z |
source | MITRE |
title | Lateral Movement using the MMC20 Application COM Object |
Enigma DCOM Lateral Movement Jan 2017
Nelson, M. (2017, January 23). Lateral Movement via DCOM: Round 2. Retrieved November 21, 2017.
Internal MISP references
UUID 62a14d3b-c61b-4c96-ad28-0519745121e3
which can be used as unique global reference for Enigma DCOM Lateral Movement Jan 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-21T00:00:00Z |
date_published | 2017-01-23T00:00:00Z |
source | MITRE |
title | Lateral Movement via DCOM: Round 2 |
Jacobsen 2014
Jacobsen, K. (2014, May 16). Lateral Movement with PowerShell[slides]. Retrieved November 12, 2014.
Internal MISP references
UUID f9ca049c-5cab-4d80-a84b-1695365871e3
which can be used as unique global reference for Jacobsen 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
date_published | 2014-05-16T00:00:00Z |
source | MITRE |
title | Lateral Movement with PowerShell[slides] |
Launchctl Man
SS64. (n.d.). launchctl. Retrieved March 28, 2020.
Internal MISP references
UUID 26bd50ba-c359-4804-b574-7ec731b37fa6
which can be used as unique global reference for Launchctl Man
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-28T00:00:00Z |
source | MITRE |
title | launchctl |
LaunchDaemon Hijacking
Bradley Kemp. (2021, May 10). LaunchDaemon Hijacking: privilege escalation and persistence via insecure folder permissions. Retrieved July 26, 2021.
Internal MISP references
UUID 51d1e4d9-265a-48ca-834b-4daa1f386bb4
which can be used as unique global reference for LaunchDaemon Hijacking
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-07-26T00:00:00Z |
date_published | 2021-05-10T00:00:00Z |
source | MITRE |
title | LaunchDaemon Hijacking: privilege escalation and persistence via insecure folder permissions |
launchd Keywords for plists
Dennis German. (2020, November 20). launchd Keywords for plists. Retrieved October 7, 2021.
Internal MISP references
UUID 1bcd2a93-93e7-48d8-ad25-6f09e94123aa
which can be used as unique global reference for launchd Keywords for plists
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-07T00:00:00Z |
date_published | 2020-11-20T00:00:00Z |
source | MITRE |
title | launchd Keywords for plists |
Launch Services Apple Developer
Apple. (n.d.). Launch Services. Retrieved October 5, 2021.
Internal MISP references
UUID 9973ceb1-2fee-451b-a512-c544671ee9fd
which can be used as unique global reference for Launch Services Apple Developer
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-05T00:00:00Z |
source | MITRE |
title | Launch Services |
Launch Service Keys Developer Apple
Apple. (2018, June 4). Launch Services Keys. Retrieved October 5, 2021.
Internal MISP references
UUID d75fd3e6-c1cd-4555-b131-80e34f51f09d
which can be used as unique global reference for Launch Service Keys Developer Apple
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-05T00:00:00Z |
date_published | 2018-06-04T00:00:00Z |
source | MITRE |
title | Launch Services Keys |
Launch-VsDevShell.ps1 - LOLBAS Project
LOLBAS. (2022, June 13). Launch-VsDevShell.ps1. Retrieved December 4, 2023.
Internal MISP references
UUID 6e81ff6a-a386-495e-bd4b-cf698b02bce8
which can be used as unique global reference for Launch-VsDevShell.ps1 - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-06-13T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Launch-VsDevShell.ps1 |
MalwareBytes Lazarus-Andariel Conceals Code April 2021
Jazi, H. (2021, April 19). Lazarus APT conceals malicious code within BMP image to drop its RAT . Retrieved September 29, 2021.
Internal MISP references
UUID c531a8dc-ea08-46db-a6d4-754bd1b9d545
which can be used as unique global reference for MalwareBytes Lazarus-Andariel Conceals Code April 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
date_published | 2021-04-19T00:00:00Z |
source | MITRE |
title | Lazarus APT conceals malicious code within BMP image to drop its RAT |
Lazarus RATANKBA
Lei, C., et al. (2018, January 24). Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More. Retrieved May 22, 2018.
Internal MISP references
UUID e3f9853f-29b0-4219-a488-a6ecfa16b09f
which can be used as unique global reference for Lazarus RATANKBA
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-22T00:00:00Z |
date_published | 2018-01-24T00:00:00Z |
source | MITRE |
title | Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More |
ATT Lazarus TTP Evolution
Fernando Martinez. (2021, July 6). Lazarus campaign TTPs and evolution. Retrieved September 22, 2021.
Internal MISP references
UUID 594c59ff-c4cb-4164-a62d-120e282b2538
which can be used as unique global reference for ATT Lazarus TTP Evolution
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-22T00:00:00Z |
date_published | 2021-07-06T00:00:00Z |
source | MITRE |
title | Lazarus campaign TTPs and evolution |
TrendMicro Lazarus Nov 2018
Trend Micro. (2018, November 20). Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America. Retrieved December 3, 2018.
Internal MISP references
UUID 4c697316-c13a-4243-be18-c0e059e4168c
which can be used as unique global reference for TrendMicro Lazarus Nov 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-12-03T00:00:00Z |
date_published | 2018-11-20T00:00:00Z |
source | MITRE |
title | Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America |
F-Secure Lazarus Cryptocurrency Aug 2020
F-Secure Labs. (2020, August 18). Lazarus Group Campaign Targeting the Cryptocurrency Vertical. Retrieved September 1, 2020.
Internal MISP references
UUID f7facaae-e768-42eb-8e0e-2bfd0a636076
which can be used as unique global reference for F-Secure Lazarus Cryptocurrency Aug 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-01T00:00:00Z |
date_published | 2020-08-18T00:00:00Z |
source | MITRE |
title | Lazarus Group Campaign Targeting the Cryptocurrency Vertical |
Lazarus KillDisk
Kálnai, P., Cherepanov A. (2018, April 03). Lazarus KillDisks Central American casino. Retrieved May 17, 2018.
Internal MISP references
UUID 6f931476-29e6-4bba-ba1b-37ab742f4b49
which can be used as unique global reference for Lazarus KillDisk
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-17T00:00:00Z |
date_published | 2018-04-03T00:00:00Z |
source | MITRE |
title | Lazarus KillDisks Central American casino |
ESET Lazarus KillDisk April 2018
Kálnai, P., Cherepanov A. (2018, April 03). Lazarus KillDisks Central American casino. Retrieved May 17, 2018.
Internal MISP references
UUID 454704b7-9ede-4d30-acfd-2cf16a89bcb3
which can be used as unique global reference for ESET Lazarus KillDisk April 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-17T00:00:00Z |
date_published | 2018-04-03T00:00:00Z |
source | MITRE |
title | Lazarus KillDisks Central American casino |
McAfee Lazarus Resurfaces Feb 2018
Sherstobitoff, R. (2018, February 12). Lazarus Resurfaces, Targets Global Banks and Bitcoin Users. Retrieved February 19, 2018.
Internal MISP references
UUID 4e4cb57d-764a-4233-8fc6-d049a1caabe9
which can be used as unique global reference for McAfee Lazarus Resurfaces Feb 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-19T00:00:00Z |
date_published | 2018-02-12T00:00:00Z |
source | MITRE |
title | Lazarus Resurfaces, Targets Global Banks and Bitcoin Users |
Kaspersky ThreatNeedle Feb 2021
Vyacheslav Kopeytsev and Seongsu Park. (2021, February 25). Lazarus targets defense industry with ThreatNeedle. Retrieved October 27, 2021.
Internal MISP references
UUID ba6a5fcc-9391-42c0-8b90-57b729525f41
which can be used as unique global reference for Kaspersky ThreatNeedle Feb 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-27T00:00:00Z |
date_published | 2021-02-25T00:00:00Z |
source | MITRE |
title | Lazarus targets defense industry with ThreatNeedle |
Kaspersky Lazarus Under The Hood Blog 2017
GReAT. (2017, April 3). Lazarus Under the Hood. Retrieved April 17, 2019.
Internal MISP references
UUID a1e1ab6a-8db0-4593-95ec-78784607dfa0
which can be used as unique global reference for Kaspersky Lazarus Under The Hood Blog 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-17T00:00:00Z |
date_published | 2017-04-03T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Lazarus Under the Hood |
Kaspersky Lazarus Under The Hood APR 2017
GReAT. (2017, April 3). Lazarus Under the Hood. Retrieved October 3, 2018.
Internal MISP references
UUID 312b30b1-3bd6-46ea-8f77-504f442499bc
which can be used as unique global reference for Kaspersky Lazarus Under The Hood APR 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-03T00:00:00Z |
date_published | 2017-04-03T00:00:00Z |
source | MITRE |
title | Lazarus Under the Hood |
Secureworks Emotet Nov 2018
Mclellan, M.. (2018, November 19). Lazy Passwords Become Rocket Fuel for Emotet SMB Spreader. Retrieved March 25, 2019.
Internal MISP references
UUID 1ef76c14-f796-409a-9542-762f1e72f9b7
which can be used as unique global reference for Secureworks Emotet Nov 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-25T00:00:00Z |
date_published | 2018-11-19T00:00:00Z |
source | MITRE |
title | Lazy Passwords Become Rocket Fuel for Emotet SMB Spreader |
MalwareBytes LazyScripter Feb 2021
Jazi, H. (2021, February). LazyScripter: From Empire to double RAT. Retrieved November 24, 2021.
Internal MISP references
UUID 078837a7-82cd-4e26-9135-43b612e911fe
which can be used as unique global reference for MalwareBytes LazyScripter Feb 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-11-24T00:00:00Z |
date_published | 2021-02-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | LazyScripter: From Empire to double RAT |
Ldifde.exe - LOLBAS Project
LOLBAS. (2022, August 31). Ldifde.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 45d41df9-328c-4ea3-b0fb-fc9f43bdabe5
which can be used as unique global reference for Ldifde.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-08-31T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Ldifde.exe |
Ldifde Microsoft
Microsoft. (2016, August 31). Ldifde Microsoft. Retrieved July 11, 2023.
Internal MISP references
UUID c47ed0e0-f3e3-41de-9ea7-64fe4e343d9d
which can be used as unique global reference for Ldifde Microsoft
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-11T00:00:00Z |
date_published | 2016-08-31T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Ldifde Microsoft |
Symantec Leafminer July 2018
Symantec Security Response. (2018, July 25). Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions. Retrieved August 28, 2018.
Internal MISP references
UUID 01130af7-a2d4-435e-8790-49933e041451
which can be used as unique global reference for Symantec Leafminer July 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-28T00:00:00Z |
date_published | 2018-07-25T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions |
Proofpoint TA505 Mar 2018
Proofpoint Staff. (2018, March 7). Leaked Ammyy Admin Source Code Turned into Malware. Retrieved May 28, 2019.
Internal MISP references
UUID 44e48c77-59dd-4851-8455-893513b7cf45
which can be used as unique global reference for Proofpoint TA505 Mar 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-28T00:00:00Z |
date_published | 2018-03-07T00:00:00Z |
source | MITRE |
title | Leaked Ammyy Admin Source Code Turned into Malware |
Microsoft Purview Data Loss Prevention
Microsoft. (2024, January 9). Learn about data loss prevention. Retrieved March 4, 2024.
Internal MISP references
UUID 0d8044c0-27ac-51bc-b08f-14ab352ed0b6
which can be used as unique global reference for Microsoft Purview Data Loss Prevention
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-04T00:00:00Z |
date_published | 2024-01-09T00:00:00Z |
source | MITRE |
title | Learn about data loss prevention |
Medium DnsTunneling
Galobardes, R. (2018, October 30). Learn how easy is to bypass firewalls using DNS tunneling (and also how to block it). Retrieved March 15, 2020.
Internal MISP references
UUID f31de733-406c-4348-b3fe-bdc30d707277
which can be used as unique global reference for Medium DnsTunneling
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-15T00:00:00Z |
date_published | 2018-10-30T00:00:00Z |
source | MITRE |
title | Learn how easy is to bypass firewalls using DNS tunneling (and also how to block it) |
Learn XPC Exploitation
Wojciech Reguła. (2020, June 29). Learn XPC exploitation. Retrieved October 12, 2021.
Internal MISP references
UUID da995792-b78b-4db5-85d8-99fda96c6826
which can be used as unique global reference for Learn XPC Exploitation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-12T00:00:00Z |
date_published | 2020-06-29T00:00:00Z |
source | MITRE |
title | Learn XPC exploitation |
ClearSky Lebanese Cedar Jan 2021
ClearSky Cyber Security. (2021, January). “Lebanese Cedar” APT Global Lebanese Espionage Campaign Leveraging Web Servers. Retrieved February 10, 2021.
Internal MISP references
UUID 53944d48-caa9-4912-b42d-94a3789ed15b
which can be used as unique global reference for ClearSky Lebanese Cedar Jan 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-10T00:00:00Z |
date_published | 2021-01-01T00:00:00Z |
source | MITRE |
title | “Lebanese Cedar” APT Global Lebanese Espionage Campaign Leveraging Web Servers |
Mandiant UNC3313 Feb 2022
Tomcik, R. et al. (2022, February 24). Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity. Retrieved August 18, 2022.
Internal MISP references
UUID ac1a1262-1254-4ab2-a940-2d08b6558e9e
which can be used as unique global reference for Mandiant UNC3313 Feb 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-18T00:00:00Z |
date_published | 2022-02-24T00:00:00Z |
source | MITRE |
title | Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity |
LemonDuck
Manoj Ahuje. (2022, April 21). LemonDuck Targets Docker for Cryptomining Operations. Retrieved June 30, 2022.
Internal MISP references
UUID 3a7ea56a-3b19-4b69-a206-6eb7c4ae609d
which can be used as unique global reference for LemonDuck
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-30T00:00:00Z |
date_published | 2022-04-21T00:00:00Z |
source | MITRE |
title | LemonDuck Targets Docker for Cryptomining Operations |
Twitter Leoloobeek Scheduled Task
Loobeek, L. (2017, December 8). leoloobeek Status. Retrieved December 12, 2017.
Internal MISP references
UUID efdbaba5-1713-4ae1-bb82-4b4706f03b87
which can be used as unique global reference for Twitter Leoloobeek Scheduled Task
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-12T00:00:00Z |
date_published | 2017-12-08T00:00:00Z |
source | MITRE |
title | leoloobeek Status |
TLDRSec AWS Attacks
Clint Gibler and Scott Piper. (2021, January 4). Lesser Known Techniques for Attacking AWS Environments. Retrieved March 4, 2024.
Internal MISP references
UUID b8de9dd2-3c57-5417-a24f-0260dff6afc6
which can be used as unique global reference for TLDRSec AWS Attacks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-04T00:00:00Z |
date_published | 2021-01-04T00:00:00Z |
source | MITRE |
title | Lesser Known Techniques for Attacking AWS Environments |
Let's Encrypt FAQ
Let's Encrypt. (2020, April 23). Let's Encrypt FAQ. Retrieved October 15, 2020.
Internal MISP references
UUID 96e1ccb9-bd5c-4716-8848-4c30e6eac4ad
which can be used as unique global reference for Let's Encrypt FAQ
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-15T00:00:00Z |
date_published | 2020-04-23T00:00:00Z |
source | MITRE |
title | Let's Encrypt FAQ |
OSX Malware Detection
Patrick Wardle. (2016, February 29). Let's Play Doctor: Practical OS X Malware Detection & Analysis. Retrieved July 10, 2017.
Internal MISP references
UUID 0df0e28a-3c0b-4418-9f5a-77fffe37ac8a
which can be used as unique global reference for OSX Malware Detection
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-10T00:00:00Z |
date_published | 2016-02-29T00:00:00Z |
source | MITRE |
title | Let's Play Doctor: Practical OS X Malware Detection & Analysis |
xorrior emond Jan 2018
Ross, Chris. (2018, January 17). Leveraging Emond on macOS For Persistence. Retrieved September 10, 2019.
Internal MISP references
UUID b49649ec-28f0-4d30-ab6c-13b12fca36e8
which can be used as unique global reference for xorrior emond Jan 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-10T00:00:00Z |
date_published | 2018-01-17T00:00:00Z |
source | MITRE |
title | Leveraging Emond on macOS For Persistence |
Cyberreason DCOM DDE Lateral Movement Nov 2017
Tsukerman, P. (2017, November 8). Leveraging Excel DDE for lateral movement via DCOM. Retrieved November 21, 2017.
Internal MISP references
UUID 6edb3d7d-6b74-4dc4-a866-b81b19810f97
which can be used as unique global reference for Cyberreason DCOM DDE Lateral Movement Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-21T00:00:00Z |
date_published | 2017-11-08T00:00:00Z |
source | MITRE |
title | Leveraging Excel DDE for lateral movement via DCOM |
Proofpoint Leviathan Oct 2017
Axel F, Pierre T. (2017, October 16). Leviathan: Espionage actor spearphishes maritime and defense targets. Retrieved February 15, 2018.
Internal MISP references
UUID f8c2b67b-c097-4b48-8d95-266a45b7dd4d
which can be used as unique global reference for Proofpoint Leviathan Oct 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-15T00:00:00Z |
date_published | 2017-10-16T00:00:00Z |
source | MITRE |
title | Leviathan: Espionage actor spearphishes maritime and defense targets |
LIBC
Kerrisk, M. (2016, December 12). libc(7) — Linux manual page. Retrieved June 25, 2020.
Internal MISP references
UUID a3fe6ea5-c443-473a-bb13-b4fd8f4923fd
which can be used as unique global reference for LIBC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-25T00:00:00Z |
date_published | 2016-12-12T00:00:00Z |
source | MITRE |
title | libc(7) — Linux manual page |
libzip
D. Baron, T. Klausner. (2020). libzip. Retrieved February 20, 2020.
Internal MISP references
UUID e7008738-101c-4903-a9fc-b0bd28d66069
which can be used as unique global reference for libzip
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-20T00:00:00Z |
date_published | 2020-01-01T00:00:00Z |
source | MITRE |
title | libzip |
Symantec Darkmoon Sept 2014
Payet, L. (2014, September 19). Life on Mars: How attackers took advantage of hope for alien existance in new Darkmoon campaign. Retrieved September 13, 2018.
Internal MISP references
UUID 3362a507-03c3-4236-b484-8144248b5cac
which can be used as unique global reference for Symantec Darkmoon Sept 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-13T00:00:00Z |
date_published | 2014-09-19T00:00:00Z |
source | MITRE |
title | Life on Mars: How attackers took advantage of hope for alien existance in new Darkmoon campaign |
Wikipedia LLMNR
Wikipedia. (2016, July 7). Link-Local Multicast Name Resolution. Retrieved November 17, 2017.
Internal MISP references
UUID e06d8b82-f61d-49fc-8120-b6d9e5864cc8
which can be used as unique global reference for Wikipedia LLMNR
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-17T00:00:00Z |
date_published | 2016-07-07T00:00:00Z |
source | MITRE |
title | Link-Local Multicast Name Resolution |
IzyKnows auditd threat detection 2022
IzySec. (2022, January 26). Linux auditd for Threat Detection. Retrieved September 29, 2023.
Internal MISP references
UUID 8a2f5c37-df28-587e-81b8-4bf7bb796854
which can be used as unique global reference for IzyKnows auditd threat detection 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-29T00:00:00Z |
date_published | 2022-01-26T00:00:00Z |
source | MITRE |
title | Linux auditd for Threat Detection |
Fysbis Dr Web Analysis
Doctor Web. (2014, November 21). Linux.BackDoor.Fysbis.1. Retrieved December 7, 2017.
Internal MISP references
UUID f1eb4818-fda6-46f2-9d5a-5469a5ed44fc
which can be used as unique global reference for Fysbis Dr Web Analysis
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-07T00:00:00Z |
date_published | 2014-11-21T00:00:00Z |
source | MITRE |
title | Linux.BackDoor.Fysbis.1 |
GDSecurity Linux injection
McNamara, R. (2017, September 5). Linux Based Inter-Process Code Injection Without Ptrace(2). Retrieved December 20, 2017.
Internal MISP references
UUID 834966eb-d07a-42ea-83db-d6e71b39214c
which can be used as unique global reference for GDSecurity Linux injection
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 2017-09-05T00:00:00Z |
source | MITRE |
title | Linux Based Inter-Process Code Injection Without Ptrace(2) |
GDS Linux Injection
McNamara, R. (2017, September 5). Linux Based Inter-Process Code Injection Without Ptrace(2). Retrieved February 21, 2020.
Internal MISP references
UUID 3e7f5991-25b4-43e9-9f0b-a5c668fb0657
which can be used as unique global reference for GDS Linux Injection
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-21T00:00:00Z |
date_published | 2017-09-05T00:00:00Z |
source | MITRE |
title | Linux Based Inter-Process Code Injection Without Ptrace(2) |
Linux/Cdorked.A We Live Security Analysis
Pierre-Marc Bureau. (2013, April 26). Linux/Cdorked.A: New Apache backdoor being used in the wild to serve Blackhole. Retrieved September 10, 2017.
Internal MISP references
UUID f76fce2e-2884-4b50-a7d7-55f08b84099c
which can be used as unique global reference for Linux/Cdorked.A We Live Security Analysis
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-09-10T00:00:00Z |
date_published | 2013-04-26T00:00:00Z |
source | MITRE |
title | Linux/Cdorked.A: New Apache backdoor being used in the wild to serve Blackhole |
Avast Linux Trojan Cron Persistence
Threat Intelligence Team. (2015, January 6). Linux DDoS Trojan hiding itself with an embedded rootkit. Retrieved January 8, 2018.
Internal MISP references
UUID 148fe0e1-8487-4d49-8966-f14e144372f5
which can be used as unique global reference for Avast Linux Trojan Cron Persistence
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-08T00:00:00Z |
date_published | 2015-01-06T00:00:00Z |
source | MITRE |
title | Linux DDoS Trojan hiding itself with an embedded rootkit |
BH Linux Inject
Colgan, T. (2015, August 15). Linux-Inject. Retrieved February 21, 2020.
Internal MISP references
UUID bdbb2a83-fc3b-439f-896a-75bffada4d51
which can be used as unique global reference for BH Linux Inject
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-21T00:00:00Z |
date_published | 2015-08-15T00:00:00Z |
source | MITRE |
title | Linux-Inject |
PAM Backdoor
zephrax. (2018, August 3). linux-pam-backdoor. Retrieved June 25, 2020.
Internal MISP references
UUID da1ffaf1-39f9-4516-8c04-4a4301e13585
which can be used as unique global reference for PAM Backdoor
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-25T00:00:00Z |
date_published | 2018-08-03T00:00:00Z |
source | MITRE |
title | linux-pam-backdoor |
Linux Password and Shadow File Formats
The Linux Documentation Project. (n.d.). Linux Password and Shadow File Formats. Retrieved February 19, 2020.
Internal MISP references
UUID 7c574609-4b0d-44e7-adc3-8a3d67e10e9f
which can be used as unique global reference for Linux Password and Shadow File Formats
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-19T00:00:00Z |
source | MITRE |
title | Linux Password and Shadow File Formats |
nixCraft - John the Ripper
Vivek Gite. (2014, September 17). Linux Password Cracking: Explain unshadow and john Commands (John the Ripper Tool). Retrieved February 19, 2020.
Internal MISP references
UUID 5e093b21-8bbd-4ad4-9fe2-cbb04207f1d3
which can be used as unique global reference for nixCraft - John the Ripper
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-19T00:00:00Z |
date_published | 2014-09-17T00:00:00Z |
source | MITRE |
title | Linux Password Cracking: Explain unshadow and john Commands (John the Ripper Tool) |
Polop Linux PrivEsc Gitbook
Carlos Polop. (2023, March 5). Linux Privilege Escalation. Retrieved March 31, 2023.
Internal MISP references
UUID a73a2819-61bd-5bd2-862d-5eeed344909f
which can be used as unique global reference for Polop Linux PrivEsc Gitbook
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-31T00:00:00Z |
date_published | 2023-03-05T00:00:00Z |
source | MITRE |
title | Linux Privilege Escalation |
setuid man page
Michael Kerrisk. (2017, September 15). Linux Programmer's Manual. Retrieved September 21, 2018.
Internal MISP references
UUID c07e9d6c-18f2-4246-a265-9bec7d833bba
which can be used as unique global reference for setuid man page
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-21T00:00:00Z |
date_published | 2017-09-15T00:00:00Z |
source | MITRE |
title | Linux Programmer's Manual |
Man LD.SO
Kerrisk, M. (2020, June 13). Linux Programmer's Manual. Retrieved June 15, 2020.
Internal MISP references
UUID a8a16cf6-0482-4e98-a39a-496491f985df
which can be used as unique global reference for Man LD.SO
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-15T00:00:00Z |
date_published | 2020-06-13T00:00:00Z |
source | MITRE |
title | Linux Programmer's Manual |
BleepingComputer 12 3 2023
Lawrence Abrams. (2023, December 3). Linux version of Qilin ransomware focuses on VMware ESXi. Retrieved January 10, 2024.
Internal MISP references
UUID 8cb73f97-0256-472d-88b7-92b6d63578fd
which can be used as unique global reference for BleepingComputer 12 3 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-10T00:00:00Z |
date_published | 2023-12-03T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Linux version of Qilin ransomware focuses on VMware ESXi |
Uninformed Needle
skape. (2003, January 19). Linux x86 run-time process manipulation. Retrieved December 20, 2017.
Internal MISP references
UUID 5ac2d917-756f-48d0-ab32-648b45a29083
which can be used as unique global reference for Uninformed Needle
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 2003-01-19T00:00:00Z |
source | MITRE |
title | Linux x86 run-time process manipulation |
List Blobs
Microsoft - List Blobs. (n.d.). Retrieved October 4, 2021.
Internal MISP references
UUID f9aa697a-83dd-4bae-bc11-006be51ce477
which can be used as unique global reference for List Blobs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-04T00:00:00Z |
source | MITRE |
title | List Blobs |
ListObjectsV2
Amazon - ListObjectsV2. Retrieved October 4, 2021.
Internal MISP references
UUID 727c2077-f922-4314-908a-356c42564181
which can be used as unique global reference for ListObjectsV2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-04T00:00:00Z |
source | MITRE |
title | ListObjectsV2 |
Wikipedia File Header Signatures
Wikipedia. (2016, March 31). List of file signatures. Retrieved April 22, 2016.
Internal MISP references
UUID 00de69c8-78b1-4de3-a4dc-f5be3dbca212
which can be used as unique global reference for Wikipedia File Header Signatures
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-22T00:00:00Z |
date_published | 2016-03-31T00:00:00Z |
source | MITRE |
title | List of file signatures |
Wikipedia OSI
Wikipedia. (n.d.). List of network protocols (OSI model). Retrieved December 4, 2014.
Internal MISP references
UUID d1080030-12c7-4223-92ab-fb764acf111d
which can be used as unique global reference for Wikipedia OSI
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-04T00:00:00Z |
source | MITRE |
title | List of network protocols (OSI model) |
AWS List Roles
Amazon. (n.d.). List Roles. Retrieved August 11, 2020.
Internal MISP references
UUID 42ff02f9-45d0-466b-a5fa-e19c8187b529
which can be used as unique global reference for AWS List Roles
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-11T00:00:00Z |
source | MITRE |
title | List Roles |
Google Cloud Secrets
Google Cloud. (n.d.). List secrets and view secret details. Retrieved September 25, 2023.
Internal MISP references
UUID 4a9e631d-3588-5585-b00a-316a934e6009
which can be used as unique global reference for Google Cloud Secrets
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-25T00:00:00Z |
source | MITRE |
title | List secrets and view secret details |
Peripheral Discovery Linux
Shahriar Shovon. (2018, March). List USB Devices Linux. Retrieved March 11, 2022.
Internal MISP references
UUID 427b3a1b-88ea-4027-bae6-7fb45490b81d
which can be used as unique global reference for Peripheral Discovery Linux
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-11T00:00:00Z |
date_published | 2018-03-01T00:00:00Z |
source | MITRE |
title | List USB Devices Linux |
AWS List Users
Amazon. (n.d.). List Users. Retrieved August 11, 2020.
Internal MISP references
UUID 517e3d27-36da-4810-b256-3f47147b36e3
which can be used as unique global reference for AWS List Users
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-11T00:00:00Z |
source | MITRE |
title | List Users |
Sophos PowerShell command audit
jak. (2020, June 27). Live Discover - PowerShell command audit. Retrieved August 21, 2020.
Internal MISP references
UUID 441f289c-7fdc-4cf1-9379-960be75c7202
which can be used as unique global reference for Sophos PowerShell command audit
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-21T00:00:00Z |
date_published | 2020-06-27T00:00:00Z |
source | MITRE |
title | Live Discover - PowerShell command audit |
Dell TG-1314
Dell SecureWorks Counter Threat Unit Special Operations Team. (2015, May 28). Living off the Land. Retrieved January 26, 2016.
Internal MISP references
UUID 79fc7568-b6ff-460b-9200-56d7909ed157
which can be used as unique global reference for Dell TG-1314
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-26T00:00:00Z |
date_published | 2015-05-28T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Living off the Land |
Symantec Living off the Land
Wueest, C., Anand, H. (2017, July). Living off the land and fileless attack techniques. Retrieved April 10, 2018.
Internal MISP references
UUID 4bad4659-f501-4eb6-b3ca-0359e3ba824e
which can be used as unique global reference for Symantec Living off the Land
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-10T00:00:00Z |
date_published | 2017-07-01T00:00:00Z |
source | MITRE |
title | Living off the land and fileless attack techniques |
LOLBAS Main Site
LOLBAS. (n.d.). Living Off The Land Binaries and Scripts (and also Libraries). Retrieved February 10, 2020.
Internal MISP references
UUID 615f6fa5-3059-49fc-9fa4-5ca0aeff4331
which can be used as unique global reference for LOLBAS Main Site
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-10T00:00:00Z |
source | MITRE |
title | Living Off The Land Binaries and Scripts (and also Libraries) |
LOLBAS Project
Oddvar Moe et al. (2022, February). Living Off The Land Binaries, Scripts and Libraries. Retrieved March 7, 2022.
Internal MISP references
UUID 14b1d3ab-8508-4946-9913-17e667956064
which can be used as unique global reference for LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-07T00:00:00Z |
date_published | 2022-02-01T00:00:00Z |
source | MITRE |
title | Living Off The Land Binaries, Scripts and Libraries |
FireEye 2019 Apple Remote Desktop
Jake Nicastro, Willi Ballenthin. (2019, October 9). Living off the Orchard: Leveraging Apple Remote Desktop for Good and Evil. Retrieved August 16, 2021.
Internal MISP references
UUID bbc72952-988e-4c3c-ab5e-75b64e9e33f5
which can be used as unique global reference for FireEye 2019 Apple Remote Desktop
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-16T00:00:00Z |
date_published | 2019-10-09T00:00:00Z |
source | MITRE |
title | Living off the Orchard: Leveraging Apple Remote Desktop for Good and Evil |
LKM loading kernel restrictions
Pingios, A.. (2018, February 7). LKM loading kernel restrictions. Retrieved June 4, 2020.
Internal MISP references
UUID 10ccae99-c6f5-4b83-89c9-06a9e35280fc
which can be used as unique global reference for LKM loading kernel restrictions
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-04T00:00:00Z |
date_published | 2018-02-07T00:00:00Z |
source | MITRE |
title | LKM loading kernel restrictions |
Rapid7 LLMNR Spoofer
Francois, R. (n.d.). LLMNR Spoofer. Retrieved November 17, 2017.
Internal MISP references
UUID 229b04b6-98ca-4e6f-9917-a26cfe0a7f0d
which can be used as unique global reference for Rapid7 LLMNR Spoofer
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-17T00:00:00Z |
source | MITRE |
title | LLMNR Spoofer |
Wikipedia Loadable Kernel Module
Wikipedia. (2018, March 17). Loadable kernel module. Retrieved April 9, 2018.
Internal MISP references
UUID e6d9f967-4f45-44d2-8a19-69741745f917
which can be used as unique global reference for Wikipedia Loadable Kernel Module
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-09T00:00:00Z |
date_published | 2018-03-17T00:00:00Z |
source | MITRE |
title | Loadable kernel module |
Microsoft LoadLibrary
Microsoft. (2018, December 5). LoadLibraryA function (libloaderapi.h). Retrieved September 28, 2021.
Internal MISP references
UUID dfaf5bfa-61a7-45f8-a50e-0d8bc6cb2189
which can be used as unique global reference for Microsoft LoadLibrary
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-28T00:00:00Z |
date_published | 2018-12-05T00:00:00Z |
source | MITRE |
title | LoadLibraryA function (libloaderapi.h) |
Microsoft Local Accounts Feb 2019
Microsoft. (2018, December 9). Local Accounts. Retrieved February 11, 2019.
Internal MISP references
UUID 6ae7487c-cb61-4f10-825f-4ef9ef050b7c
which can be used as unique global reference for Microsoft Local Accounts Feb 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-11T00:00:00Z |
date_published | 2018-12-09T00:00:00Z |
source | MITRE |
title | Local Accounts |
Sternsecurity LLMNR-NBTNS
Sternstein, J. (2013, November). Local Network Attacks: LLMNR and NBT-NS Poisoning. Retrieved November 17, 2017.
Internal MISP references
UUID 422a6043-78c2-43ef-8e87-7d7a8878f94a
which can be used as unique global reference for Sternsecurity LLMNR-NBTNS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-17T00:00:00Z |
date_published | 2013-11-01T00:00:00Z |
source | MITRE |
title | Local Network Attacks: LLMNR and NBT-NS Poisoning |
Sophos Geolocation 2016
Wisniewski, C. (2016, May 3). Location-based threats: How cybercriminals target you based on where you live. Retrieved April 1, 2021.
Internal MISP references
UUID a3b7540d-20cc-4d94-8321-9fd730486f8c
which can be used as unique global reference for Sophos Geolocation 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-01T00:00:00Z |
date_published | 2016-05-03T00:00:00Z |
source | MITRE |
title | Location-based threats: How cybercriminals target you based on where you live |
ASEC BLOG November 08 2022
Sanseo. (2022, November 8). LockBit 3.0 Being Distributed via Amadey Bot - ASEC BLOG. Retrieved May 15, 2023.
Internal MISP references
UUID 36144a43-ccac-4380-8595-76116dcb6706
which can be used as unique global reference for ASEC BLOG November 08 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-15T00:00:00Z |
date_published | 2022-11-08T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | LockBit 3.0 Being Distributed via Amadey Bot - ASEC BLOG |
VMWare LockBit 3.0 October 2022
Dana Behling. (2022, October 15). LockBit 3.0 Ransomware Unlocked. Retrieved May 19, 2023.
Internal MISP references
UUID b625f291-0152-468c-a130-ec8fb0c6ad21
which can be used as unique global reference for VMWare LockBit 3.0 October 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-19T00:00:00Z |
date_published | 2022-10-15T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | LockBit 3.0 Ransomware Unlocked |
Sentinel Labs LockBit 3.0 July 2022
Jim Walter, Aleksandar Milenkoski. (2022, July 21). LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques. Retrieved May 19, 2023.
Internal MISP references
UUID 9a73b140-b483-4274-a134-ed1bb15ac31c
which can be used as unique global reference for Sentinel Labs LockBit 3.0 July 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-19T00:00:00Z |
date_published | 2022-07-21T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | LockBit 3.0 Update |
Cyble LockBit 3.0 July 2022
Cybleinc. (2022, July 5). Lockbit 3.0 – Ransomware group launches new version. Retrieved May 19, 2023.
Internal MISP references
UUID 9b9bd080-e727-4c41-bb2a-abff48b0fedc
which can be used as unique global reference for Cyble LockBit 3.0 July 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-19T00:00:00Z |
date_published | 2022-07-05T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Lockbit 3.0 – Ransomware group launches new version |
Cary Esentutl
Cary, M. (2018, December 6). Locked File Access Using ESENTUTL.exe. Retrieved September 5, 2019.
Internal MISP references
UUID aa1211c6-e490-444a-8aab-7626e0700dd0
which can be used as unique global reference for Cary Esentutl
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-05T00:00:00Z |
date_published | 2018-12-06T00:00:00Z |
source | MITRE |
title | Locked File Access Using ESENTUTL.exe |
Group IB Ransomware September 2020
Group IB. (2020, September). LOCK LIKE A PRO. Retrieved September 27, 2021.
Internal MISP references
UUID 52d0e16f-9a20-442f-9a17-686e51d7e32b
which can be used as unique global reference for Group IB Ransomware September 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-27T00:00:00Z |
date_published | 2020-09-01T00:00:00Z |
source | MITRE |
title | LOCK LIKE A PRO |
AWS Cloud Trail Backup API
Amazon. (2020). Logging AWS Backup API Calls with AWS CloudTrail. Retrieved April 27, 2020.
Internal MISP references
UUID 17222170-5454-4a7d-804b-23753ec841eb
which can be used as unique global reference for AWS Cloud Trail Backup API
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-04-27T00:00:00Z |
date_published | 2020-01-01T00:00:00Z |
source | MITRE |
title | Logging AWS Backup API Calls with AWS CloudTrail |
AWS Logging IAM Calls
AWS. (n.d.). Logging IAM and AWS STS API calls with AWS CloudTrail. Retrieved April 1, 2022.
Internal MISP references
UUID 2aa0682b-f553-4c2b-ae9e-112310bcb8d0
which can be used as unique global reference for AWS Logging IAM Calls
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-01T00:00:00Z |
source | MITRE |
title | Logging IAM and AWS STS API calls with AWS CloudTrail |
Login Items AE
Apple. (n.d.). Login Items AE. Retrieved October 4, 2021.
Internal MISP references
UUID d15943dd-d11c-4af2-a3ac-9ebe168a7526
which can be used as unique global reference for Login Items AE
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-04T00:00:00Z |
source | MITRE |
title | Login Items AE |
LoginWindowScripts Apple Dev
Apple. (n.d.). LoginWindowScripts. Retrieved April 1, 2022.
Internal MISP references
UUID 340eb8df-cc22-4b59-8dca-32ec52fd6818
which can be used as unique global reference for LoginWindowScripts Apple Dev
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-01T00:00:00Z |
source | MITRE |
title | LoginWindowScripts |
LogMeIn Homepage
LogMeIn. (n.d.). LogMeIn Homepage. Retrieved November 16, 2023.
Internal MISP references
UUID e113b544-82ad-4099-ab4e-7fc8b78f54bd
which can be used as unique global reference for LogMeIn Homepage
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | LogMeIn Homepage |
LogonUserW function
Microsoft. (2023, March 10). LogonUserW function (winbase.h). Retrieved January 8, 2024.
Internal MISP references
UUID bf8cce5c-be5e-59c7-9ff2-e478f30ce712
which can be used as unique global reference for LogonUserW function
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-08T00:00:00Z |
date_published | 2023-03-10T00:00:00Z |
source | MITRE |
title | LogonUserW function (winbase.h) |
ESET LoJax Sept 2018
ESET. (2018, September). LOJAX First UEFI rootkit found in the wild, courtesy of the Sednit group. Retrieved July 2, 2019.
Internal MISP references
UUID bb938fea-2b2e-41d3-a55c-40ea34c00d21
which can be used as unique global reference for ESET LoJax Sept 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-02T00:00:00Z |
date_published | 2018-09-01T00:00:00Z |
source | MITRE |
title | LOJAX First UEFI rootkit found in the wild, courtesy of the Sednit group |
Morphisec Lokibot April 2020
Cheruku, H. (2020, April 15). LOKIBOT WITH AUTOIT OBFUSCATOR + FRENCHY SHELLCODE. Retrieved May 14, 2020.
Internal MISP references
UUID e938bab1-7dc1-4a78-b1e2-ab2aa0a83eb0
which can be used as unique global reference for Morphisec Lokibot April 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-14T00:00:00Z |
date_published | 2020-04-15T00:00:00Z |
source | MITRE |
title | LOKIBOT WITH AUTOIT OBFUSCATOR + FRENCHY SHELLCODE |
t1105_lolbas
LOLBAS. (n.d.). LOLBAS Mapped to T1105. Retrieved March 11, 2022.
Internal MISP references
UUID 80e649f5-6c74-4d66-a452-4f4cd51501da
which can be used as unique global reference for t1105_lolbas
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-11T00:00:00Z |
source | MITRE |
title | LOLBAS Mapped to T1105 |
Lolbin Ssh.exe Use As Proxy
frack113, Nasreddine Bencherchali. (2023, January 26). Lolbin Ssh.exe Use As Proxy. Retrieved May 25, 2023.
Internal MISP references
UUID c7af164d-549d-44de-b491-542ef2eb4334
which can be used as unique global reference for Lolbin Ssh.exe Use As Proxy
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-25T00:00:00Z |
date_published | 2023-01-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Lolbin Ssh.exe Use As Proxy |
Qualys LolZarus
Pradhan, A. (2022, February 8). LolZarus: Lazarus Group Incorporating Lolbins into Campaigns. Retrieved March 22, 2022.
Internal MISP references
UUID 784f1f5a-f7f2-45e8-84bd-b600f2b74b33
which can be used as unique global reference for Qualys LolZarus
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-22T00:00:00Z |
date_published | 2022-02-08T00:00:00Z |
source | MITRE |
title | LolZarus: Lazarus Group Incorporating Lolbins into Campaigns |
Bitdefender Trickbot C2 infra Nov 2020
Liviu Arsene, Radu Tudorica. (2020, November 23). TrickBot is Dead. Long Live TrickBot!. Retrieved September 28, 2021.
Internal MISP references
UUID 1a281862-efc8-4566-8d06-ba463e22225d
which can be used as unique global reference for Bitdefender Trickbot C2 infra Nov 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-28T00:00:00Z |
source | MITRE |
title | Long Live TrickBot! |
Proofpoint LookBack Malware Aug 2019
Raggi, M. Schwarz, D.. (2019, August 1). LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards. Retrieved February 25, 2021.
Internal MISP references
UUID 77887f82-7815-4a91-8c8a-f77dc8a9ba53
which can be used as unique global reference for Proofpoint LookBack Malware Aug 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-25T00:00:00Z |
date_published | 2019-08-01T00:00:00Z |
source | MITRE |
title | LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards |
Fidelis DarkComet
Fidelis Cybersecurity. (2015, August 4). Looking at the Sky for a DarkComet. Retrieved April 5, 2016.
Internal MISP references
UUID 6043b34d-dec3-415b-8329-05f698f320e3
which can be used as unique global reference for Fidelis DarkComet
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-05T00:00:00Z |
date_published | 2015-08-04T00:00:00Z |
source | MITRE |
title | Looking at the Sky for a DarkComet |
BlackHat Process Doppelgänging Dec 2017
Liberman, T. & Kogan, E. (2017, December 7). Lost in Transaction: Process Doppelgänging. Retrieved December 20, 2017.
Internal MISP references
UUID b0752c3a-1777-4209-938d-5382de6a49f5
which can be used as unique global reference for BlackHat Process Doppelgänging Dec 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 2017-12-07T00:00:00Z |
source | MITRE |
title | Lost in Transaction: Process Doppelgänging |
ESET LoudMiner June 2019
Malik, M. (2019, June 20). LoudMiner: Cross-platform mining in cracked VST software. Retrieved May 18, 2020.
Internal MISP references
UUID f1e4ff9e-cb6c-46cc-898e-5f170bb5f634
which can be used as unique global reference for ESET LoudMiner June 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-18T00:00:00Z |
date_published | 2019-06-20T00:00:00Z |
source | MITRE |
title | LoudMiner: Cross-platform mining in cracked VST software |
GitHub Mimikatz Issue 92 June 2017
Warren, J. (2017, June 22). lsadump::changentlm and lsadump::setntlm work, but generate Windows events #92. Retrieved December 4, 2017.
Internal MISP references
UUID 099c3492-1813-4874-9901-e24b081f7e12
which can be used as unique global reference for GitHub Mimikatz Issue 92 June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-04T00:00:00Z |
date_published | 2017-06-22T00:00:00Z |
source | MITRE |
title | lsadump::changentlm and lsadump::setntlm work, but generate Windows events #92 |
Deep Instinct LSASS
Gilboa, A. (2021, February 16). LSASS Memory Dumps are Stealthier than Ever Before - Part 2. Retrieved December 27, 2023.
Internal MISP references
UUID 4a37ea4e-c512-5e41-8e4e-27911b3a4617
which can be used as unique global reference for Deep Instinct LSASS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-27T00:00:00Z |
date_published | 2021-02-16T00:00:00Z |
source | MITRE |
title | LSASS Memory Dumps are Stealthier than Ever Before - Part 2 |
lsmod man
Kerrisk, M. (2022, December 18). lsmod(8) — Linux manual page. Retrieved March 28, 2023.
Internal MISP references
UUID c2f88274-9da4-5d24-b68d-302ee5990dd5
which can be used as unique global reference for lsmod man
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-28T00:00:00Z |
date_published | 2022-12-18T00:00:00Z |
source | MITRE |
title | lsmod(8) — Linux manual page |
Unit 42 Lucifer June 2020
Hsu, K. et al. (2020, June 24). Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices. Retrieved November 16, 2020.
Internal MISP references
UUID 3977a87a-2eab-4a67-82b2-10c9dc7e4554
which can be used as unique global reference for Unit 42 Lucifer June 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-16T00:00:00Z |
date_published | 2020-06-24T00:00:00Z |
source | MITRE |
title | Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices |
Securelist LuckyMouse June 2018
Legezo, D. (2018, June 13). LuckyMouse hits national data center to organize country-level waterholing campaign. Retrieved August 18, 2018.
Internal MISP references
UUID f974708b-598c-46a9-aac9-c5fbdd116c2a
which can be used as unique global reference for Securelist LuckyMouse June 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-18T00:00:00Z |
date_published | 2018-06-13T00:00:00Z |
source | MITRE |
title | LuckyMouse hits national data center to organize country-level waterholing campaign |
lucr-3: Getting SaaS-y in the cloud
Ian Ahl. (2023, September 20). LUCR-3: Scattered Spider Getting SaaS-y In The Cloud. Retrieved September 20, 2023.
Internal MISP references
UUID 033e7c95-cded-5e51-9a9f-1c6038b0509f
which can be used as unique global reference for lucr-3: Getting SaaS-y in the cloud
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-20T00:00:00Z |
date_published | 2023-09-20T00:00:00Z |
source | MITRE |
title | LUCR-3: Scattered Spider Getting SaaS-y In The Cloud |
Permiso Scattered Spider 2023
Ian Ahl. (2023, September 20). LUCR-3: SCATTERED SPIDER GETTING SAAS-Y IN THE CLOUD. Retrieved September 25, 2023.
Internal MISP references
UUID 020b97ab-466d-52e6-b1f1-6f9f8ffdabf0
which can be used as unique global reference for Permiso Scattered Spider 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-25T00:00:00Z |
date_published | 2023-09-20T00:00:00Z |
source | MITRE |
title | LUCR-3: SCATTERED SPIDER GETTING SAAS-Y IN THE CLOUD |
Kaspersky LuminousMoth July 2021
Lechtik, M, and etl. (2021, July 14). LuminousMoth APT: Sweeping attacks for the chosen few. Retrieved October 20, 2022.
Internal MISP references
UUID e21c6931-fba8-52b0-b6f0-1c8222881fbd
which can be used as unique global reference for Kaspersky LuminousMoth July 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-10-20T00:00:00Z |
date_published | 2021-07-14T00:00:00Z |
source | MITRE |
title | LuminousMoth APT: Sweeping attacks for the chosen few |
Bitdefender LuminousMoth July 2021
Botezatu, B and etl. (2021, July 21). LuminousMoth - PlugX, File Exfiltration and Persistence Revisited. Retrieved October 20, 2022.
Internal MISP references
UUID 6b1ce8bb-4e77-59f3-87ff-78f4a1a10ad3
which can be used as unique global reference for Bitdefender LuminousMoth July 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-10-20T00:00:00Z |
date_published | 2021-07-21T00:00:00Z |
source | MITRE |
title | LuminousMoth - PlugX, File Exfiltration and Persistence Revisited |
Unit42 Luna Moth
Kristopher Russo. (n.d.). Luna Moth Callback Phishing Campaign. Retrieved February 2, 2023.
Internal MISP references
UUID ec52bcc9-6a56-5b94-8534-23c8e7ce740f
which can be used as unique global reference for Unit42 Luna Moth
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-02T00:00:00Z |
source | MITRE |
title | Luna Moth Callback Phishing Campaign |
sygnia Luna Month
Oren Biderman, Tomer Lahiyani, Noam Lifshitz, Ori Porag. (n.d.). LUNA MOTH: THE THREAT ACTORS BEHIND RECENT FALSE SUBSCRIPTION SCAMS. Retrieved February 2, 2023.
Internal MISP references
UUID 3e1c2a64-8446-538d-a148-2de87991955a
which can be used as unique global reference for sygnia Luna Month
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-02T00:00:00Z |
source | MITRE |
title | LUNA MOTH: THE THREAT ACTORS BEHIND RECENT FALSE SUBSCRIPTION SCAMS |
Zscaler Lyceum DnsSystem June 2022
Shivtarkar, N. and Kumar, A. (2022, June 9). Lyceum .NET DNS Backdoor. Retrieved June 23, 2022.
Internal MISP references
UUID eb78de14-8044-4466-8954-9ca44a17e895
which can be used as unique global reference for Zscaler Lyceum DnsSystem June 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-23T00:00:00Z |
date_published | 2022-06-09T00:00:00Z |
source | MITRE |
title | Lyceum .NET DNS Backdoor |
Kaspersky Lyceum October 2021
Kayal, A. et al. (2021, October). LYCEUM REBORN: COUNTERINTELLIGENCE IN THE MIDDLE EAST. Retrieved June 14, 2022.
Internal MISP references
UUID b3d13a82-c24e-4b47-b47a-7221ad449859
which can be used as unique global reference for Kaspersky Lyceum October 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-14T00:00:00Z |
date_published | 2021-10-01T00:00:00Z |
source | MITRE |
title | LYCEUM REBORN: COUNTERINTELLIGENCE IN THE MIDDLE EAST |
SecureWorks August 2019
SecureWorks. (2019, August 27). LYCEUM Takes Center Stage in Middle East Campaign. Retrieved November 11, 2019
Internal MISP references
UUID 573edbb6-687b-4bc2-bc4a-764a548633b5
which can be used as unique global reference for SecureWorks August 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-11-11T00:00:00Z |
date_published | 2019-08-27T00:00:00Z |
source | MITRE |
title | LYCEUM Takes Center Stage in Middle East Campaign |
CoinTicker 2019
Thomas Reed. (2018, October 29). Mac cryptocurrency ticker app installs backdoors. Retrieved April 23, 2019.
Internal MISP references
UUID 99c53143-6f93-44c9-a874-c1b9e4506fb4
which can be used as unique global reference for CoinTicker 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-23T00:00:00Z |
date_published | 2018-10-29T00:00:00Z |
source | MITRE |
title | Mac cryptocurrency ticker app installs backdoors |
ESET Machete July 2019
ESET. (2019, July). MACHETE JUST GOT SHARPER Venezuelan government institutions under attack. Retrieved September 13, 2019.
Internal MISP references
UUID 408d5e33-fcb6-4d21-8be9-7aa5a8bd3385
which can be used as unique global reference for ESET Machete July 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-13T00:00:00Z |
date_published | 2019-07-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | MACHETE JUST GOT SHARPER Venezuelan government institutions under attack |
synack 2016 review
Patrick Wardle. (2017, January 1). Mac Malware of 2016. Retrieved September 21, 2018.
Internal MISP references
UUID 9845ef95-bcc5-4430-8008-1e4a28e13c33
which can be used as unique global reference for synack 2016 review
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-21T00:00:00Z |
date_published | 2017-01-01T00:00:00Z |
source | MITRE |
title | Mac Malware of 2016 |
objsee mac malware 2017
Patrick Wardle. (n.d.). Mac Malware of 2017. Retrieved September 21, 2018.
Internal MISP references
UUID 08227ae5-4086-4c31-83d9-459c3a097754
which can be used as unique global reference for objsee mac malware 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-21T00:00:00Z |
source | MITRE |
title | Mac Malware of 2017 |
Unit42 CookieMiner Jan 2019
Chen, y., et al. (2019, January 31). Mac Malware Steals Cryptocurrency Exchanges’ Cookies. Retrieved July 22, 2020.
Internal MISP references
UUID 4605c51d-b36e-4c29-abda-2a97829f6019
which can be used as unique global reference for Unit42 CookieMiner Jan 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-22T00:00:00Z |
date_published | 2019-01-31T00:00:00Z |
source | MITRE |
title | Mac Malware Steals Cryptocurrency Exchanges’ Cookies |
Unit 42 Mac Crypto Cookies January 2019
Chen, Y., Hu, W., Xu, Z., et. al. (2019, January 31). Mac Malware Steals Cryptocurrency Exchanges’ Cookies. Retrieved October 14, 2019.
Internal MISP references
UUID 0a88e730-8ed2-4983-8f11-2cb2e4abfe3e
which can be used as unique global reference for Unit 42 Mac Crypto Cookies January 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-14T00:00:00Z |
date_published | 2019-01-31T00:00:00Z |
source | MITRE |
title | Mac Malware Steals Cryptocurrency Exchanges’ Cookies |
MacKeeper Bundlore Apr 2019
Sushko, O. (2019, April 17). macOS Bundlore: Mac Virus Bypassing macOS Security Features. Retrieved June 30, 2020.
Internal MISP references
UUID 4d631c9a-4fd5-43a4-8b78-4219bd371e87
which can be used as unique global reference for MacKeeper Bundlore Apr 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-30T00:00:00Z |
date_published | 2019-04-17T00:00:00Z |
source | MITRE |
title | macOS Bundlore: Mac Virus Bypassing macOS Security Features |
MalwareUnicorn macOS Dylib Injection MachO
Amanda Rousseau. (2020, April 4). MacOS Dylib Injection Workshop. Retrieved March 29, 2021.
Internal MISP references
UUID 61aae3a4-317e-4117-a02a-27885709fb07
which can be used as unique global reference for MalwareUnicorn macOS Dylib Injection MachO
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-29T00:00:00Z |
date_published | 2020-04-04T00:00:00Z |
source | MITRE |
title | MacOS Dylib Injection Workshop |
macOS Hierarchical File System Overview
Tenon. (n.d.). Retrieved October 12, 2021.
Internal MISP references
UUID 4b8b110a-fc40-4094-a70d-15530bc05fec
which can be used as unique global reference for macOS Hierarchical File System Overview
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-12T00:00:00Z |
source | MITRE |
title | macOS Hierarchical File System Overview |
Add List Remove Login Items Apple Script
kaloprominat. (2013, July 30). macos: manage add list remove login items apple script. Retrieved October 5, 2021.
Internal MISP references
UUID 13773d75-6fc1-4289-bf45-6ee147279052
which can be used as unique global reference for Add List Remove Login Items Apple Script
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-05T00:00:00Z |
date_published | 2013-07-30T00:00:00Z |
source | MITRE |
title | macos: manage add list remove login items apple script |
SentinelOne 9 11 2023
Phil Stokes. (2023, September 11). macOS MetaStealer . Retrieved January 1, 2024.
Internal MISP references
UUID 0d015be9-34ba-4c59-9cea-80b76ee89dd0
which can be used as unique global reference for SentinelOne 9 11 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-01T00:00:00Z |
date_published | 2023-09-11T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | macOS MetaStealer |
macOS MS office sandbox escape
Cedric Owens. (2021, May 22). macOS MS Office Sandbox Brain Dump. Retrieved August 20, 2021.
Internal MISP references
UUID 759e81c1-a250-440e-8b52-178bcf5451b9
which can be used as unique global reference for macOS MS office sandbox escape
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-20T00:00:00Z |
date_published | 2021-05-22T00:00:00Z |
source | MITRE |
title | macOS MS Office Sandbox Brain Dump |
MDSec macOS JXA and VSCode
Dominic Chell. (2021, January 1). macOS Post-Exploitation Shenanigans with VSCode Extensions. Retrieved April 20, 2021.
Internal MISP references
UUID 979cac34-d447-4e42-b17e-8ab2630bcfec
which can be used as unique global reference for MDSec macOS JXA and VSCode
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-20T00:00:00Z |
date_published | 2021-01-01T00:00:00Z |
source | MITRE |
title | macOS Post-Exploitation Shenanigans with VSCode Extensions |
SentinelOne macOS Red Team
Phil Stokes. (2019, December 5). macOS Red Team: Calling Apple APIs Without Building Binaries. Retrieved July 17, 2020.
Internal MISP references
UUID 4b05bd7c-22a3-4168-850c-8168700b17ba
which can be used as unique global reference for SentinelOne macOS Red Team
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-17T00:00:00Z |
date_published | 2019-12-05T00:00:00Z |
source | MITRE |
title | macOS Red Team: Calling Apple APIs Without Building Binaries |
Lockboxx ARD 2019
Dan Borges. (2019, July 21). MacOS Red Teaming 206: ARD (Apple Remote Desktop Protocol). Retrieved September 10, 2021.
Internal MISP references
UUID 159f8495-5354-4b93-84cb-a25e56fcff3e
which can be used as unique global reference for Lockboxx ARD 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-10T00:00:00Z |
date_published | 2019-07-21T00:00:00Z |
source | MITRE |
title | MacOS Red Teaming 206: ARD (Apple Remote Desktop Protocol) |
nixCraft macOS PATH variables
Vivek Gite. (2023, August 22). MacOS – Set / Change $PATH Variable Command. Retrieved September 28, 2023.
Internal MISP references
UUID 83daecf1-8708-56da-aaad-1e7e95c4ea43
which can be used as unique global reference for nixCraft macOS PATH variables
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-28T00:00:00Z |
date_published | 2023-08-22T00:00:00Z |
source | MITRE |
title | MacOS – Set / Change $PATH Variable Command |
SensePost MacroLess DDE Oct 2017
Stalmans, E., El-Sherei, S. (2017, October 9). Macro-less Code Exec in MSWord. Retrieved November 21, 2017.
Internal MISP references
UUID 1036fbbb-f731-458a-b38c-42431612c0ad
which can be used as unique global reference for SensePost MacroLess DDE Oct 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-21T00:00:00Z |
date_published | 2017-10-09T00:00:00Z |
source | MITRE |
title | Macro-less Code Exec in MSWord |
Macro Malware Targets Macs
Yerko Grbic. (2017, February 14). Macro Malware Targets Macs. Retrieved July 8, 2017.
Internal MISP references
UUID d63f3f6a-4486-48a4-b2f8-c2a8d571731a
which can be used as unique global reference for Macro Malware Targets Macs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-08T00:00:00Z |
date_published | 2017-02-14T00:00:00Z |
source | MITRE |
title | Macro Malware Targets Macs |
alientvault macspy
PETER EWANE. (2017, June 9). MacSpy: OS X RAT as a Service. Retrieved September 21, 2018.
Internal MISP references
UUID 80bb8646-1eb0-442a-aa51-ee3efaf75915
which can be used as unique global reference for alientvault macspy
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-21T00:00:00Z |
date_published | 2017-06-09T00:00:00Z |
source | MITRE |
title | MacSpy: OS X RAT as a Service |
Reed thiefquest fake ransom
Thomas Reed. (2020, July 7). Mac ThiefQuest malware may not be ransomware after all. Retrieved March 18, 2021.
Internal MISP references
UUID b265ef93-c1fb-440d-a9e0-89cf25a3de05
which can be used as unique global reference for Reed thiefquest fake ransom
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-18T00:00:00Z |
date_published | 2020-07-07T00:00:00Z |
source | MITRE |
title | Mac ThiefQuest malware may not be ransomware after all |
reed thiefquest ransomware analysis
Thomas Reed. (2020, July 7). Mac ThiefQuest malware may not be ransomware after all. Retrieved March 22, 2021.
Internal MISP references
UUID 47b49df4-34f1-4a89-9983-e8bc19aadf8c
which can be used as unique global reference for reed thiefquest ransomware analysis
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-22T00:00:00Z |
date_published | 2020-07-07T00:00:00Z |
source | MITRE |
title | Mac ThiefQuest malware may not be ransomware after all |
Malwarebytes 9 6 2023
Jerome Segura. (2023, September 6). Mac users targeted in new malvertising campaign delivering Atomic Stealer. Retrieved April 19, 2024.
Internal MISP references
UUID 5f2f6a12-26c5-4c74-98ad-48b67379a716
which can be used as unique global reference for Malwarebytes 9 6 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-19T00:00:00Z |
date_published | 2023-09-06T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Mac users targeted in new malvertising campaign delivering Atomic Stealer |
Objective See Green Lambert for OSX Oct 2021
Sandvik, Runa. (2021, October 1). Made In America: Green Lambert for OS X. Retrieved March 21, 2022.
Internal MISP references
UUID fad94973-eafa-4fdb-b7aa-22c21d894f81
which can be used as unique global reference for Objective See Green Lambert for OSX Oct 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-21T00:00:00Z |
date_published | 2021-10-01T00:00:00Z |
source | MITRE |
title | Made In America: Green Lambert for OS X |
Trend Micro FIN6 October 2019
Chen, J. (2019, October 10). Magecart Card Skimmers Injected Into Online Shops. Retrieved September 9, 2020.
Internal MISP references
UUID edb9395d-c8a2-46a5-8bf4-91b1d8fe6e3b
which can be used as unique global reference for Trend Micro FIN6 October 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-09T00:00:00Z |
date_published | 2019-10-10T00:00:00Z |
source | MITRE |
title | Magecart Card Skimmers Injected Into Online Shops |
Unit 42 Magic Hound Feb 2017
Lee, B. and Falcone, R. (2017, February 15). Magic Hound Campaign Attacks Saudi Targets. Retrieved December 27, 2017.
Internal MISP references
UUID f1ef9868-3ddb-4289-aa92-481c35517920
which can be used as unique global reference for Unit 42 Magic Hound Feb 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-27T00:00:00Z |
date_published | 2017-02-15T00:00:00Z |
source | MITRE |
title | Magic Hound Campaign Attacks Saudi Targets |
AMD Magic Packet
AMD. (1995, November 1). Magic Packet Technical White Paper. Retrieved February 17, 2021.
Internal MISP references
UUID 06d36dea-e13d-48c4-b6d6-0c175c379f5b
which can be used as unique global reference for AMD Magic Packet
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-17T00:00:00Z |
date_published | 1995-11-01T00:00:00Z |
source | MITRE |
title | Magic Packet Technical White Paper |
MagicWeb
Microsoft Threat Intelligence Center, Microsoft Detection and Response Team, Microsoft 365 Defender Research Team . (2022, August 24). MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone. Retrieved September 28, 2022.
Internal MISP references
UUID 5b728693-37e8-4100-ac82-b70945113e07
which can be used as unique global reference for MagicWeb
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-28T00:00:00Z |
date_published | 2022-08-24T00:00:00Z |
source | MITRE |
title | MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone |
MAGNET GOBLIN
Check Point Research. (2024, March 8). MAGNET GOBLIN TARGETS PUBLICLY FACING SERVERS USING 1-DAY VULNERABILITIES. Retrieved March 27, 2024.
Internal MISP references
UUID 955b6449-4cd5-5512-a5f3-2bcb91def3ef
which can be used as unique global reference for MAGNET GOBLIN
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-27T00:00:00Z |
date_published | 2024-03-08T00:00:00Z |
source | MITRE |
title | MAGNET GOBLIN TARGETS PUBLICLY FACING SERVERS USING 1-DAY VULNERABILITIES |
FireEye FIN7 Oct 2019
Carr, N, et all. (2019, October 10). Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques. Retrieved October 11, 2019.
Internal MISP references
UUID df8886d1-fbd7-4c24-8ab1-6261923dee96
which can be used as unique global reference for FireEye FIN7 Oct 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-11T00:00:00Z |
date_published | 2019-10-10T00:00:00Z |
source | MITRE |
title | Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques |
Microsoft Mail Flow Rules 2023
Microsoft. (2023, February 22). Mail flow rules (transport rules) in Exchange Online. Retrieved March 13, 2023.
Internal MISP references
UUID 421093d7-6ac8-5ebc-9a04-1c65bdce0980
which can be used as unique global reference for Microsoft Mail Flow Rules 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-13T00:00:00Z |
date_published | 2023-02-22T00:00:00Z |
source | MITRE |
title | Mail flow rules (transport rules) in Exchange Online |
GitHub MailSniper
Bullock, B., . (2018, November 20). MailSniper. Retrieved October 4, 2019.
Internal MISP references
UUID 50595548-b0c6-49d1-adab-43c8969ae716
which can be used as unique global reference for GitHub MailSniper
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-04T00:00:00Z |
date_published | 2018-11-20T00:00:00Z |
source | MITRE |
title | MailSniper |
mailx man page
Michael Kerrisk. (2021, August 27). mailx(1p) — Linux manual page. Retrieved June 10, 2022.
Internal MISP references
UUID 6813a1a2-fbe0-4809-aad7-734997e59bea
which can be used as unique global reference for mailx man page
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-10T00:00:00Z |
date_published | 2021-08-27T00:00:00Z |
source | MITRE |
title | mailx(1p) — Linux manual page |
enigma0x3 normal.dotm
Nelson, M. (2014, January 23). Maintaining Access with normal.dotm. Retrieved July 3, 2017.
Internal MISP references
UUID b8339d48-699d-4043-8197-1f0435a8dca5
which can be used as unique global reference for enigma0x3 normal.dotm
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-03T00:00:00Z |
date_published | 2014-01-23T00:00:00Z |
source | MITRE |
title | Maintaining Access with normal.dotm |
NetSPI Startup Stored Procedures
Sutherland, S. (2016, March 7). Maintaining Persistence via SQL Server – Part 1: Startup Stored Procedures. Retrieved July 8, 2019.
Internal MISP references
UUID afe89472-ac42-4a0d-b398-5ed6a5dee74f
which can be used as unique global reference for NetSPI Startup Stored Procedures
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-08T00:00:00Z |
date_published | 2016-03-07T00:00:00Z |
source | MITRE |
title | Maintaining Persistence via SQL Server – Part 1: Startup Stored Procedures |
QR-cofense
Nathaniel Raymond. (2023, August 16). Major Energy Company Targeted in Large QR Code Phishing Campaign. Retrieved February 13, 2024.
Internal MISP references
UUID eda8270f-c76f-5d01-b45f-74246945ec50
which can be used as unique global reference for QR-cofense
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-13T00:00:00Z |
date_published | 2023-08-16T00:00:00Z |
source | MITRE |
title | Major Energy Company Targeted in Large QR Code Phishing Campaign |
Cofense-redirect
Raymond, Nathaniel. (2023, August 16). Major Energy Company Targeted in Large QR Code Phishing Campaign. Retrieved January 17, 2024.
Internal MISP references
UUID 450da173-3573-5502-ab53-6d6b9955714d
which can be used as unique global reference for Cofense-redirect
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-17T00:00:00Z |
date_published | 2023-08-16T00:00:00Z |
source | MITRE |
title | Major Energy Company Targeted in Large QR Code Phishing Campaign |
Makecab.exe - LOLBAS Project
LOLBAS. (2018, May 25). Makecab.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 6473e36b-b5ad-4254-b46d-38c53ccbe446
which can be used as unique global reference for Makecab.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Makecab.exe |
Infoblox Lokibot January 2019
Hoang, M. (2019, January 31). Malicious Activity Report: Elements of Lokibot Infostealer. Retrieved May 15, 2020.
Internal MISP references
UUID 17ab0f84-a062-4c4f-acf9-e0b8f81c3cda
which can be used as unique global reference for Infoblox Lokibot January 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-15T00:00:00Z |
date_published | 2019-01-31T00:00:00Z |
source | MITRE |
title | Malicious Activity Report: Elements of Lokibot Infostealer |
U.S. CISA PaperCut May 2023
Cybersecurity and Infrastructure Security Agency. (2023, May 11). Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG. Retrieved May 17, 2023.
Internal MISP references
UUID b5ef2b97-7cc7-470b-ae97-a45dc4af32a6
which can be used as unique global reference for U.S. CISA PaperCut May 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-17T00:00:00Z |
date_published | 2023-05-11T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG |
GoBotKR
Zuzana Hromcová. (2019, July 8). Malicious campaign targets South Korean users with backdoor‑laced torrents. Retrieved March 31, 2022.
Internal MISP references
UUID 7d70675c-5520-4c81-8880-912ce918c4b5
which can be used as unique global reference for GoBotKR
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-31T00:00:00Z |
date_published | 2019-07-08T00:00:00Z |
source | MITRE |
title | Malicious campaign targets South Korean users with backdoor‑laced torrents |
ICEBRG Chrome Extensions
De Tore, M., Warner, J. (2018, January 15). MALICIOUS CHROME EXTENSIONS ENABLE CRIMINALS TO IMPACT OVER HALF A MILLION USERS AND GLOBAL BUSINESSES. Retrieved January 17, 2018.
Internal MISP references
UUID 459bfd4a-7a9b-4d65-b574-acb221428dad
which can be used as unique global reference for ICEBRG Chrome Extensions
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-17T00:00:00Z |
date_published | 2018-01-15T00:00:00Z |
source | MITRE |
title | MALICIOUS CHROME EXTENSIONS ENABLE CRIMINALS TO IMPACT OVER HALF A MILLION USERS AND GLOBAL BUSINESSES |
McAfee Malicious Doc Targets Pyeongchang Olympics
Saavedra-Morales, J., Sherstobitoff, R. (2018, January 6). Malicious Document Targets Pyeongchang Olympics. Retrieved April 10, 2018.
Internal MISP references
UUID e6b5c261-86c1-4b6b-8a5e-c6a454554588
which can be used as unique global reference for McAfee Malicious Doc Targets Pyeongchang Olympics
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-10T00:00:00Z |
date_published | 2018-01-06T00:00:00Z |
source | MITRE |
title | Malicious Document Targets Pyeongchang Olympics |
Fortinet Fareit
Salvio, J., Joven, R. (2016, December 16). Malicious Macro Bypasses UAC to Elevate Privilege for Fareit Malware. Retrieved December 27, 2016.
Internal MISP references
UUID d06223d7-2d86-41c6-af23-50865a1810c0
which can be used as unique global reference for Fortinet Fareit
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-12-27T00:00:00Z |
date_published | 2016-12-16T00:00:00Z |
source | MITRE |
title | Malicious Macro Bypasses UAC to Elevate Privilege for Fareit Malware |
Microsoft OAuth Spam 2022
Microsoft. (2023, September 22). Malicious OAuth applications abuse cloud email services to spread spam. Retrieved March 13, 2023.
Internal MISP references
UUID 086c06a0-3960-5fa8-b034-cef37a3aee90
which can be used as unique global reference for Microsoft OAuth Spam 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-13T00:00:00Z |
date_published | 2023-09-22T00:00:00Z |
source | MITRE |
title | Malicious OAuth applications abuse cloud email services to spread spam |
Zscaler Kasidet
Yadav, A., et al. (2016, January 29). Malicious Office files dropping Kasidet and Dridex. Retrieved March 24, 2016.
Internal MISP references
UUID 63077223-4711-4c1e-9fb2-3995c7e03cf2
which can be used as unique global reference for Zscaler Kasidet
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-24T00:00:00Z |
date_published | 2016-01-29T00:00:00Z |
source | MITRE |
title | Malicious Office files dropping Kasidet and Dridex |
SilentBreak Outlook Rules
Landers, N. (2015, December 4). Malicious Outlook Rules. Retrieved February 4, 2019.
Internal MISP references
UUID a2ad0658-7c12-4f58-b7bf-6300eacb4a8f
which can be used as unique global reference for SilentBreak Outlook Rules
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-04T00:00:00Z |
date_published | 2015-12-04T00:00:00Z |
source | MITRE |
title | Malicious Outlook Rules |
Webroot PHP 2011
Brandt, Andrew. (2011, February 22). Malicious PHP Scripts on the Rise. Retrieved October 3, 2018.
Internal MISP references
UUID 6d0da707-2328-4b43-a112-570c1fd5dec1
which can be used as unique global reference for Webroot PHP 2011
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-03T00:00:00Z |
date_published | 2011-02-22T00:00:00Z |
source | MITRE |
title | Malicious PHP Scripts on the Rise |
CISA ComRAT Oct 2020
CISA. (2020, October 29). Malware Analysis Report (AR20-303A). Retrieved December 9, 2020.
Internal MISP references
UUID 6ba168aa-ca07-4856-911f-fa48da54e471
which can be used as unique global reference for CISA ComRAT Oct 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-09T00:00:00Z |
date_published | 2020-10-29T00:00:00Z |
source | MITRE |
title | Malware Analysis Report (AR20-303A) |
Malware Analysis Report ComRAT
CISA. (2020, October 29). Malware Analysis Report (AR20-303A) MAR-10310246-2.v1 – PowerShell Script: ComRAT. Retrieved September 30, 2022.
Internal MISP references
UUID 9d81e2c8-09d5-4542-9c60-13a22a5a0073
which can be used as unique global reference for Malware Analysis Report ComRAT
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-30T00:00:00Z |
date_published | 2020-10-29T00:00:00Z |
source | MITRE |
title | Malware Analysis Report (AR20-303A) MAR-10310246-2.v1 – PowerShell Script: ComRAT |
CISA Zebrocy Oct 2020
CISA. (2020, October 29). Malware Analysis Report (AR20-303B). Retrieved December 9, 2020.
Internal MISP references
UUID b7518c4d-6c10-43d2-8e57-d354fb8d4a99
which can be used as unique global reference for CISA Zebrocy Oct 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-09T00:00:00Z |
date_published | 2020-10-29T00:00:00Z |
source | MITRE |
title | Malware Analysis Report (AR20-303B) |
CISA Supernova Jan 2021
CISA. (2021, January 27). Malware Analysis Report (AR21-027A). Retrieved February 22, 2021.
Internal MISP references
UUID ce300d75-8351-4d7c-b280-7d5fbe17f9bb
which can be used as unique global reference for CISA Supernova Jan 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-22T00:00:00Z |
date_published | 2021-01-27T00:00:00Z |
source | MITRE |
title | Malware Analysis Report (AR21-027A) |
UK NCSC Jaguar Tooth April 18 2023
National Cyber Security Centre. (2023, April 18). Malware Analysis Report: Jaguar Tooth. Retrieved August 23, 2023.
Internal MISP references
UUID 954e0cb9-9a93-4cac-af84-c6989b973fac
which can be used as unique global reference for UK NCSC Jaguar Tooth April 18 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-23T00:00:00Z |
date_published | 2023-04-18T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Malware Analysis Report: Jaguar Tooth |
US-CERT SHARPKNOT June 2018
US-CERT. (2018, March 09). Malware Analysis Report (MAR) - 10135536.11.WHITE. Retrieved June 13, 2018.
Internal MISP references
UUID b6bb568f-de15-4ace-8075-c08e7835fea2
which can be used as unique global reference for US-CERT SHARPKNOT June 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-06-13T00:00:00Z |
date_published | 2018-03-09T00:00:00Z |
source | MITRE |
title | Malware Analysis Report (MAR) - 10135536.11.WHITE |
US-CERT Bankshot Dec 2017
US-CERT. (2017, December 13). Malware Analysis Report (MAR) - 10135536-B. Retrieved July 17, 2018.
Internal MISP references
UUID af2a708d-f96f-49e7-9351-1ea703e614a0
which can be used as unique global reference for US-CERT Bankshot Dec 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-17T00:00:00Z |
date_published | 2017-12-13T00:00:00Z |
source | MITRE |
title | Malware Analysis Report (MAR) - 10135536-B |
US-CERT Volgmer 2 Nov 2017
US-CERT. (2017, November 01). Malware Analysis Report (MAR) - 10135536-D. Retrieved July 16, 2018.
Internal MISP references
UUID a3a5c26c-0d57-4ffc-ae28-3fe828e08fcb
which can be used as unique global reference for US-CERT Volgmer 2 Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-16T00:00:00Z |
date_published | 2017-11-01T00:00:00Z |
source | MITRE |
title | Malware Analysis Report (MAR) - 10135536-D |
US-CERT HARDRAIN March 2018
US-CERT. (2018, February 05). Malware Analysis Report (MAR) - 10135536-F. Retrieved June 11, 2018.
Internal MISP references
UUID ffc17fa5-e7d3-4592-b47b-e12ced0e62a4
which can be used as unique global reference for US-CERT HARDRAIN March 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-06-11T00:00:00Z |
date_published | 2018-02-05T00:00:00Z |
source | MITRE |
title | Malware Analysis Report (MAR) - 10135536-F |
US-CERT BADCALL
US-CERT. (2018, February 06). Malware Analysis Report (MAR) - 10135536-G. Retrieved June 7, 2018.
Internal MISP references
UUID aeb4ff70-fa98-474c-8337-9e50d07ee378
which can be used as unique global reference for US-CERT BADCALL
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-06-07T00:00:00Z |
date_published | 2018-02-06T00:00:00Z |
source | MITRE |
title | Malware Analysis Report (MAR) - 10135536-G |
CISA MAR SLOTHFULMEDIA October 2020
DHS/CISA, Cyber National Mission Force. (2020, October 1). Malware Analysis Report (MAR) MAR-10303705-1.v1 – Remote Access Trojan: SLOTHFULMEDIA. Retrieved October 2, 2020.
Internal MISP references
UUID 57c3256c-0d24-4647-9037-fefe1c88ad61
which can be used as unique global reference for CISA MAR SLOTHFULMEDIA October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-02T00:00:00Z |
date_published | 2020-10-01T00:00:00Z |
source | MITRE |
title | Malware Analysis Report (MAR) MAR-10303705-1.v1 – Remote Access Trojan: SLOTHFULMEDIA |
Kroll RawPOS Jan 2017
Nesbit, B. and Ackerman, D. (2017, January). Malware Analysis Report - RawPOS Malware: Deconstructing an Intruder’s Toolkit. Retrieved October 4, 2017.
Internal MISP references
UUID cbbfffb9-c378-4e57-a2af-e76e6014ed57
which can be used as unique global reference for Kroll RawPOS Jan 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-10-04T00:00:00Z |
date_published | 2017-01-01T00:00:00Z |
source | MITRE |
title | Malware Analysis Report - RawPOS Malware: Deconstructing an Intruder’s Toolkit |
VMRay OSAMiner dynamic analysis 2021
VMRAY. (2021, January 14). Malware Analysis Spotlight: OSAMiner Uses Run-Only AppleScripts to Evade Detection. Retrieved October 4, 2022.
Internal MISP references
UUID 47a5d32d-e6a5-46c2-898a-e45dc42371be
which can be used as unique global reference for VMRay OSAMiner dynamic analysis 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-10-04T00:00:00Z |
date_published | 2021-01-14T00:00:00Z |
source | MITRE |
title | Malware Analysis Spotlight: OSAMiner Uses Run-Only AppleScripts to Evade Detection |
Arch Linux Package Systemd Compromise BleepingComputer 10JUL2018
Catalin Cimpanu. (2018, July 10). Malware Found in Arch Linux AUR Package Repository. Retrieved April 23, 2019.
Internal MISP references
UUID 0654dabf-e885-45bf-8a8e-2b512ff4bf46
which can be used as unique global reference for Arch Linux Package Systemd Compromise BleepingComputer 10JUL2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-23T00:00:00Z |
date_published | 2018-07-10T00:00:00Z |
source | MITRE |
title | Malware Found in Arch Linux AUR Package Repository |
Alperovitch Malware
Alperovitch, D. (2014, October 31). Malware-Free Intrusions. Retrieved November 4, 2014.
Internal MISP references
UUID b6635fd7-40ec-4481-bb0a-c1d3391854a7
which can be used as unique global reference for Alperovitch Malware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-04T00:00:00Z |
date_published | 2014-10-31T00:00:00Z |
source | MITRE |
title | Malware-Free Intrusions |
Chrome Extension C2 Malware
Kjaer, M. (2016, July 18). Malware in the browser: how you might get hacked by a Chrome extension. Retrieved November 22, 2017.
Internal MISP references
UUID b0fdf9c7-614b-4269-ba3e-7d8b02aa8502
which can be used as unique global reference for Chrome Extension C2 Malware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-22T00:00:00Z |
date_published | 2016-07-18T00:00:00Z |
source | MITRE |
title | Malware in the browser: how you might get hacked by a Chrome extension |
FireEye Kevin Mandia Guardrails
Shoorbajee, Z. (2018, June 1). Playing nice? FireEye CEO says U.S. malware is more restrained than adversaries'. Retrieved January 17, 2019.
Internal MISP references
UUID 0c518eec-a94e-42a7-8eb7-527ae3e279b6
which can be used as unique global reference for FireEye Kevin Mandia Guardrails
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-01-17T00:00:00Z |
source | MITRE |
title | malware is more restrained than adversaries' |
TechRepublic M-Trends 2023
Karl Greenberg. (2023, April 20). Malware is proliferating, but detection measures bear fruit: Mandiant. Retrieved September 21, 2023.
Internal MISP references
UUID 1347e21e-e77d-464d-bbbe-dc4d3f2b07a1
which can be used as unique global reference for TechRepublic M-Trends 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-21T00:00:00Z |
date_published | 2023-04-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Malware is proliferating, but detection measures bear fruit: Mandiant |
CTU BITS Malware June 2016
Counter Threat Unit Research Team. (2016, June 6). Malware Lingers with BITS. Retrieved January 12, 2018.
Internal MISP references
UUID db98b15c-399d-4a4c-8fa6-5a4ff38c3853
which can be used as unique global reference for CTU BITS Malware June 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-12T00:00:00Z |
date_published | 2016-06-06T00:00:00Z |
source | MITRE |
title | Malware Lingers with BITS |
CyberBit System Calls
Gavriel, H. (2018, November 27). Malware Mitigation when Direct System Calls are Used. Retrieved September 29, 2021.
Internal MISP references
UUID c13cf528-2a7d-4a32-aee2-db5db2f30298
which can be used as unique global reference for CyberBit System Calls
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
date_published | 2018-11-27T00:00:00Z |
source | MITRE |
title | Malware Mitigation when Direct System Calls are Used |
Malware Monday VBE
Bromiley, M. (2016, December 27). Malware Monday: VBScript and VBE Files. Retrieved March 17, 2023.
Internal MISP references
UUID 9b52a72b-938a-5eb6-a3b7-5a925657f0a3
which can be used as unique global reference for Malware Monday VBE
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-17T00:00:00Z |
date_published | 2016-12-27T00:00:00Z |
source | MITRE |
title | Malware Monday: VBScript and VBE Files |
RSAC 2015 San Francisco Patrick Wardle
Wardle, P. (2015, April). Malware Persistence on OS X Yosemite. Retrieved April 6, 2018.
Internal MISP references
UUID 7e3f3dda-c407-4b06-a6b0-8b72c4dad6e6
which can be used as unique global reference for RSAC 2015 San Francisco Patrick Wardle
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-06T00:00:00Z |
date_published | 2015-04-01T00:00:00Z |
source | MITRE |
title | Malware Persistence on OS X Yosemite |
Malware Persistence on OS X
Patrick Wardle. (2015). Malware Persistence on OS X Yosemite. Retrieved July 10, 2017.
Internal MISP references
UUID d4e3b066-c439-4284-ba28-3b8bd8ec270e
which can be used as unique global reference for Malware Persistence on OS X
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-10T00:00:00Z |
date_published | 2015-01-01T00:00:00Z |
source | MITRE |
title | Malware Persistence on OS X Yosemite |
FireEye Hijacking July 2010
Harbour, N. (2010, July 15). Malware Persistence without the Windows Registry. Retrieved November 17, 2020.
Internal MISP references
UUID 536f9987-f3b6-4d5f-8a6b-32a0c651500d
which can be used as unique global reference for FireEye Hijacking July 2010
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-17T00:00:00Z |
date_published | 2010-07-15T00:00:00Z |
source | MITRE |
title | Malware Persistence without the Windows Registry |
Mondok Windows PiggyBack BITS May 2007
Mondok, M. (2007, May 11). Malware piggybacks on Windows’ Background Intelligent Transfer Service. Retrieved January 12, 2018.
Internal MISP references
UUID 7dd03a92-11b8-4b8a-9d34-082ecf09a6e4
which can be used as unique global reference for Mondok Windows PiggyBack BITS May 2007
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-12T00:00:00Z |
date_published | 2007-05-11T00:00:00Z |
source | MITRE |
title | Malware piggybacks on Windows’ Background Intelligent Transfer Service |
Conficker Nuclear Power Plant
Cimpanu, C. (2016, April 26). Malware Shuts Down German Nuclear Power Plant on Chernobyl's 30th Anniversary. Retrieved February 18, 2021.
Internal MISP references
UUID 83b8c3c4-d67a-48bd-8614-1c703a8d969b
which can be used as unique global reference for Conficker Nuclear Power Plant
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-18T00:00:00Z |
date_published | 2016-04-26T00:00:00Z |
source | MITRE |
title | Malware Shuts Down German Nuclear Power Plant on Chernobyl's 30th Anniversary |
MMPC ISAPI Filter 2012
MMPC. (2012, October 3). Malware signed with the Adobe code signing certificate. Retrieved June 3, 2021.
Internal MISP references
UUID ef412bcd-54be-4972-888c-f5a2cdfb8d02
which can be used as unique global reference for MMPC ISAPI Filter 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-03T00:00:00Z |
date_published | 2012-10-03T00:00:00Z |
source | MITRE |
title | Malware signed with the Adobe code signing certificate |
Leonardo Turla Penquin May 2020
Leonardo. (2020, May 29). MALWARE TECHNICAL INSIGHT TURLA “Penquin_x64”. Retrieved March 11, 2021.
Internal MISP references
UUID 09d8bb54-6fa5-4842-98aa-6e9656a19092
which can be used as unique global reference for Leonardo Turla Penquin May 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-11T00:00:00Z |
date_published | 2020-05-29T00:00:00Z |
source | MITRE |
title | MALWARE TECHNICAL INSIGHT TURLA “Penquin_x64” |
Malware System Language Check
Pierre-Marc Bureau. (2009, January 15). Malware Trying to Avoid Some Countries. Retrieved August 18, 2021.
Internal MISP references
UUID 3d4c5366-038a-453e-b803-a172b95da5f7
which can be used as unique global reference for Malware System Language Check
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-18T00:00:00Z |
date_published | 2009-01-15T00:00:00Z |
source | MITRE |
title | Malware Trying to Avoid Some Countries |
JPCert TSCookie March 2018
Tomonaga, S. (2018, March 6). Malware “TSCookie”. Retrieved May 6, 2020.
Internal MISP references
UUID ff1717f7-0d2e-4947-87d7-44576affe9f8
which can be used as unique global reference for JPCert TSCookie March 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-06T00:00:00Z |
date_published | 2018-03-06T00:00:00Z |
source | MITRE |
title | Malware “TSCookie” |
Symantec BITS May 2007
Florio, E. (2007, May 9). Malware Update with Windows Update. Retrieved January 12, 2018.
Internal MISP references
UUID e5962c87-0d42-46c2-8757-91f264fc570f
which can be used as unique global reference for Symantec BITS May 2007
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-12T00:00:00Z |
date_published | 2007-05-09T00:00:00Z |
source | MITRE |
title | Malware Update with Windows Update |
JPCert BlackTech Malware September 2019
Tomonaga, S.. (2019, September 18). Malware Used by BlackTech after Network Intrusion. Retrieved May 6, 2020.
Internal MISP references
UUID 26f44bde-f723-4854-8acc-3d95e5fa764a
which can be used as unique global reference for JPCert BlackTech Malware September 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-06T00:00:00Z |
date_published | 2019-09-18T00:00:00Z |
source | MITRE |
title | Malware Used by BlackTech after Network Intrusion |
Unit 42 Rocke January 2019
Xingyu, J.. (2019, January 17). Malware Used by Rocke Group Evolves to Evade Detection by Cloud Security Products. Retrieved May 26, 2020.
Internal MISP references
UUID facf686b-a5a9-4c85-bb46-f56a434d3d78
which can be used as unique global reference for Unit 42 Rocke January 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-26T00:00:00Z |
date_published | 2019-01-17T00:00:00Z |
source | MITRE |
title | Malware Used by Rocke Group Evolves to Evade Detection by Cloud Security Products |
Manage-bde.wsf - LOLBAS Project
LOLBAS. (2018, May 25). Manage-bde.wsf. Retrieved December 4, 2023.
Internal MISP references
UUID 74d5483e-2268-464c-a048-bb1f25bbfc4f
which can be used as unique global reference for Manage-bde.wsf - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Manage-bde.wsf |
Microsoft Manage Device Identities
Microsoft. (2022, February 18). Manage device identities by using the Azure portal. Retrieved April 13, 2022.
Internal MISP references
UUID 91aa3a4a-a852-40db-b6ec-68504670cfa6
which can be used as unique global reference for Microsoft Manage Device Identities
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-13T00:00:00Z |
date_published | 2022-02-18T00:00:00Z |
source | MITRE |
title | Manage device identities by using the Azure portal |
Microsoft MOF May 2018
Satran, M. (2018, May 30). Managed Object Format (MOF). Retrieved January 24, 2020.
Internal MISP references
UUID 1d1da9ad-c995-4040-8103-b51af9d8bac3
which can be used as unique global reference for Microsoft MOF May 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-01-24T00:00:00Z |
date_published | 2018-05-30T00:00:00Z |
source | MITRE |
title | Managed Object Format (MOF) |
Microsoft Inbox Rules
Microsoft. (n.d.). Manage email messages by using rules. Retrieved June 11, 2021.
Internal MISP references
UUID 91ce21f7-4cd5-4a75-a533-45d052a11c5d
which can be used as unique global reference for Microsoft Inbox Rules
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-11T00:00:00Z |
source | MITRE |
title | Manage email messages by using rules |
Google Workspace External Sharing
Google. (n.d.). Manage external sharing for your organization. Retrieved March 4, 2024.
Internal MISP references
UUID 0cc85d20-f47c-52da-8391-83d630e744b9
which can be used as unique global reference for Google Workspace External Sharing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-04T00:00:00Z |
source | MITRE |
title | Manage external sharing for your organization |
Google Cloud Just in Time Access 2023
Google Cloud. (n.d.). Manage just-in-time privileged access to projects. Retrieved September 21, 2023.
Internal MISP references
UUID 797c6051-9dff-531b-8438-d306bdf46720
which can be used as unique global reference for Google Cloud Just in Time Access 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-21T00:00:00Z |
source | MITRE |
title | Manage just-in-time privileged access to projects |
Microsoft Manage Mail Flow Rules 2023
Microsoft. (2023, February 22). Manage mail flow rules in Exchange Online. Retrieved March 13, 2023.
Internal MISP references
UUID 1d5d7353-7d9d-522a-a0aa-6f4aa0886ca1
which can be used as unique global reference for Microsoft Manage Mail Flow Rules 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-13T00:00:00Z |
date_published | 2023-02-22T00:00:00Z |
source | MITRE |
title | Manage mail flow rules in Exchange Online |
Office 365 Partner Relationships
Microsoft. (2022, March 4). Manage partner relationships. Retrieved May 27, 2022.
Internal MISP references
UUID 3d794f31-c3b4-4e0b-8558-b944d6616676
which can be used as unique global reference for Office 365 Partner Relationships
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-27T00:00:00Z |
date_published | 2022-03-04T00:00:00Z |
source | MITRE |
title | Manage partner relationships |
Microsoft 365 External Sharing
Microsoft. (2023, October 11). Manage sharing settings for SharePoint and OneDrive in Microsoft 365. Retrieved March 4, 2024.
Internal MISP references
UUID 69154fdc-3540-5c31-8285-f7795db45d7f
which can be used as unique global reference for Microsoft 365 External Sharing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-04T00:00:00Z |
date_published | 2023-10-11T00:00:00Z |
source | MITRE |
title | Manage sharing settings for SharePoint and OneDrive in Microsoft 365 |
TechNet Trusted Publishers
Microsoft. (n.d.). Manage Trusted Publishers. Retrieved March 31, 2016.
Internal MISP references
UUID e355ae20-4ada-49f3-a097-744838d6ff7d
which can be used as unique global reference for TechNet Trusted Publishers
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-31T00:00:00Z |
source | MITRE |
title | Manage Trusted Publishers |
Microsoft Enable Cred Guard April 2017
Lich, B., Tobin, J., Hall, J. (2017, April 5). Manage Windows Defender Credential Guard. Retrieved November 27, 2017.
Internal MISP references
UUID dc95771b-db84-43ae-b9ee-6f0ef3f1c93d
which can be used as unique global reference for Microsoft Enable Cred Guard April 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-27T00:00:00Z |
date_published | 2017-04-05T00:00:00Z |
source | MITRE |
title | Manage Windows Defender Credential Guard |
Outlook File Sizes
N. O'Bryan. (2018, May 30). Managing Outlook Cached Mode and OST File Sizes. Retrieved February 19, 2020.
Internal MISP references
UUID 6fbbb53f-cd4b-4ce1-942d-5cadb907cf86
which can be used as unique global reference for Outlook File Sizes
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-19T00:00:00Z |
date_published | 2018-05-30T00:00:00Z |
source | MITRE |
title | Managing Outlook Cached Mode and OST File Sizes |
Microsoft Managing WebDAV Security
Microsoft. (n.d.). Managing WebDAV Security (IIS 6.0). Retrieved December 21, 2017.
Internal MISP references
UUID eeb7cd82-b116-4989-b3fa-968a23f839f3
which can be used as unique global reference for Microsoft Managing WebDAV Security
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-21T00:00:00Z |
source | MITRE |
title | Managing WebDAV Security (IIS 6.0) |
Mandiant M Trends 2011
Mandiant. (2011, January 27). Mandiant M-Trends 2011. Retrieved January 10, 2016.
Internal MISP references
UUID 563be052-29ac-4625-927d-84e475ef848e
which can be used as unique global reference for Mandiant M Trends 2011
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-10T00:00:00Z |
date_published | 2011-01-27T00:00:00Z |
source | MITRE |
title | Mandiant M-Trends 2011 |
Mandiant M Trends 2016
Mandiant. (2016, February 25). Mandiant M-Trends 2016. Retrieved March 5, 2019.
Internal MISP references
UUID f769a3ac-4330-46b7-bed8-61697e22cd24
which can be used as unique global reference for Mandiant M Trends 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-05T00:00:00Z |
date_published | 2016-02-25T00:00:00Z |
source | MITRE |
title | Mandiant M-Trends 2016 |
FireEye APT35 2018
Mandiant. (2018). Mandiant M-Trends 2018. Retrieved July 9, 2018.
Internal MISP references
UUID 71d3db50-4a20-4d8e-a640-4670d642205c
which can be used as unique global reference for FireEye APT35 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-09T00:00:00Z |
date_published | 2018-01-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Mandiant M-Trends 2018 |
Mandiant WMI
Mandiant. (n.d.). Retrieved February 13, 2024.
Internal MISP references
UUID 8d237948-7b10-5055-b9e6-52e6cab16f32
which can be used as unique global reference for Mandiant WMI
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-13T00:00:00Z |
source | MITRE |
title | Mandiant WMI |
MSDN Manifests
Microsoft. (n.d.). Manifests. Retrieved June 3, 2016.
Internal MISP references
UUID a29301fe-0e3c-4c6e-85c5-a30a6bcb9114
which can be used as unique global reference for MSDN Manifests
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-03T00:00:00Z |
source | MITRE |
title | Manifests |
Microsoft Manifests
Microsoft. (n.d.). Manifests. Retrieved December 5, 2014.
Internal MISP references
UUID e336dc02-c7bb-4046-93d9-17b9512fb731
which can be used as unique global reference for Microsoft Manifests
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-05T00:00:00Z |
source | MITRE |
title | Manifests |
Wikipedia Man in the Browser
Wikipedia. (2017, October 28). Man-in-the-browser. Retrieved January 10, 2018.
Internal MISP references
UUID f8975da7-4c50-4b3b-8ecb-c99c9b3bc20c
which can be used as unique global reference for Wikipedia Man in the Browser
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-10T00:00:00Z |
date_published | 2017-10-28T00:00:00Z |
source | MITRE |
title | Man-in-the-browser |
Kaspersky Encyclopedia MiTM
Kaspersky IT Encyclopedia. (n.d.). Man-in-the-middle attack. Retrieved September 1, 2023.
Internal MISP references
UUID 353a6eb9-54c5-5211-ad87-abf5d941e503
which can be used as unique global reference for Kaspersky Encyclopedia MiTM
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-01T00:00:00Z |
source | MITRE |
title | Man-in-the-middle attack |
Rapid7 MiTM Basics
Rapid7. (n.d.). Man-in-the-Middle (MITM) Attacks. Retrieved March 2, 2020.
Internal MISP references
UUID 33b25966-0ab9-4cc6-9702-62263a23af9c
which can be used as unique global reference for Rapid7 MiTM Basics
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-02T00:00:00Z |
source | MITRE |
title | Man-in-the-Middle (MITM) Attacks |
mitm_tls_downgrade_att
praetorian Editorial Team. (2014, August 19). Man-in-the-Middle TLS Protocol Downgrade Attack. Retrieved December 8, 2021.
Internal MISP references
UUID af907fe1-1e37-4f44-8ad4-fcc3826ee6fb
which can be used as unique global reference for mitm_tls_downgrade_att
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-08T00:00:00Z |
date_published | 2014-08-19T00:00:00Z |
source | MITRE |
title | Man-in-the-Middle TLS Protocol Downgrade Attack |
Praetorian TLS Downgrade Attack 2014
Praetorian. (2014, August 19). Man-in-the-Middle TLS Protocol Downgrade Attack. Retrieved October 8, 2021.
Internal MISP references
UUID 4375602d-4b5f-476d-82f8-3cef84d3378e
which can be used as unique global reference for Praetorian TLS Downgrade Attack 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-08T00:00:00Z |
date_published | 2014-08-19T00:00:00Z |
source | MITRE |
title | Man-in-the-Middle TLS Protocol Downgrade Attack |
InsiderThreat ChangeNTLM July 2017
Warren, J. (2017, July 11). Manipulating User Passwords with Mimikatz. Retrieved December 4, 2017.
Internal MISP references
UUID 3bf24c68-fc98-4143-9dff-f54030c902fe
which can be used as unique global reference for InsiderThreat ChangeNTLM July 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-04T00:00:00Z |
date_published | 2017-07-11T00:00:00Z |
source | MITRE |
title | Manipulating User Passwords with Mimikatz |
Kaspersky ManOnTheSide
Starikova, A. (2023, February 14). Man-on-the-side – peculiar attack. Retrieved September 1, 2023.
Internal MISP references
UUID 8ea545ac-cca6-5da5-8a93-6b07518fc9d4
which can be used as unique global reference for Kaspersky ManOnTheSide
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-01T00:00:00Z |
date_published | 2023-02-14T00:00:00Z |
source | MITRE |
title | Man-on-the-side – peculiar attack |
symantec_mantis
Symantec Threat Hunter Team. (2023, April 4). Mantis: New Tooling Used in Attacks Against Palestinian Targets. Retrieved March 4, 2024.
Internal MISP references
UUID 76a792b5-f3cd-566e-a87b-9fae844ce07d
which can be used as unique global reference for symantec_mantis
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-04T00:00:00Z |
date_published | 2023-04-04T00:00:00Z |
source | MITRE |
title | Mantis: New Tooling Used in Attacks Against Palestinian Targets |
CrowdStrike Manufacturing Threat July 2020
Falcon OverWatch Team. (2020, July 14). Manufacturing Industry in the Adversaries’ Crosshairs. Retrieved October 17, 2021.
Internal MISP references
UUID 5ed6a702-dcc5-4021-95cc-5b720dbd8774
which can be used as unique global reference for CrowdStrike Manufacturing Threat July 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-17T00:00:00Z |
date_published | 2020-07-14T00:00:00Z |
source | MITRE |
title | Manufacturing Industry in the Adversaries’ Crosshairs |
US-CERT TYPEFRAME June 2018
US-CERT. (2018, June 14). MAR-10135536-12 – North Korean Trojan: TYPEFRAME. Retrieved July 13, 2018.
Internal MISP references
UUID b89f20ad-39c4-480f-b02e-20f4e71f6b95
which can be used as unique global reference for US-CERT TYPEFRAME June 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-13T00:00:00Z |
date_published | 2018-06-14T00:00:00Z |
source | MITRE |
title | MAR-10135536-12 – North Korean Trojan: TYPEFRAME |
US-CERT KEYMARBLE Aug 2018
US-CERT. (2018, August 09). MAR-10135536-17 – North Korean Trojan: KEYMARBLE. Retrieved August 16, 2018.
Internal MISP references
UUID b30dd720-a85d-4bf5-84e1-394a27917ee7
which can be used as unique global reference for US-CERT KEYMARBLE Aug 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-16T00:00:00Z |
date_published | 2018-08-09T00:00:00Z |
source | MITRE |
title | MAR-10135536-17 – North Korean Trojan: KEYMARBLE |
US-CERT HOPLIGHT Apr 2019
US-CERT. (2019, April 10). MAR-10135536-8 – North Korean Trojan: HOPLIGHT. Retrieved April 19, 2019.
Internal MISP references
UUID e722b71b-9042-4143-a156-489783d86e0a
which can be used as unique global reference for US-CERT HOPLIGHT Apr 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-19T00:00:00Z |
date_published | 2019-04-10T00:00:00Z |
source | MITRE |
title | MAR-10135536-8 – North Korean Trojan: HOPLIGHT |
US-CERT HOTCROISSANT February 2020
US-CERT. (2020, February 20). MAR-10271944-1.v1 – North Korean Trojan: HOTCROISSANT. Retrieved May 1, 2020.
Internal MISP references
UUID db5c816a-2a23-4966-8f0b-4ec86cae45c9
which can be used as unique global reference for US-CERT HOTCROISSANT February 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-01T00:00:00Z |
date_published | 2020-02-20T00:00:00Z |
source | MITRE |
title | MAR-10271944-1.v1 – North Korean Trojan: HOTCROISSANT |
CISA MAR-10288834-2.v1 TAINTEDSCRIBE MAY 2020
USG. (2020, May 12). MAR-10288834-2.v1 – North Korean Trojan: TAINTEDSCRIBE. Retrieved March 5, 2021.
Internal MISP references
UUID b9946fcc-592a-4c54-b504-4fe5050704df
which can be used as unique global reference for CISA MAR-10288834-2.v1 TAINTEDSCRIBE MAY 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-05T00:00:00Z |
date_published | 2020-05-12T00:00:00Z |
source | MITRE |
title | MAR-10288834-2.v1 – North Korean Trojan: TAINTEDSCRIBE |
CISA MAR-10292089-1.v2 TAIDOOR August 2021
CISA, FBI, DOD. (2021, August). MAR-10292089-1.v2 – Chinese Remote Access Trojan: TAIDOOR. Retrieved August 24, 2021.
Internal MISP references
UUID 0ae18fda-cc88-49f4-8e85-7b63044579ea
which can be used as unique global reference for CISA MAR-10292089-1.v2 TAIDOOR August 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-24T00:00:00Z |
date_published | 2021-08-01T00:00:00Z |
source | MITRE |
title | MAR-10292089-1.v2 – Chinese Remote Access Trojan: TAIDOOR |
US-CERT BLINDINGCAN Aug 2020
US-CERT. (2020, August 19). MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN. Retrieved August 19, 2020.
Internal MISP references
UUID 0421788c-b807-4e19-897c-bfb4323feb16
which can be used as unique global reference for US-CERT BLINDINGCAN Aug 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-19T00:00:00Z |
date_published | 2020-08-19T00:00:00Z |
source | MITRE |
title | MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN |
CISA SoreFang July 2016
CISA. (2020, July 16). MAR-10296782-1.v1 – SOREFANG. Retrieved September 29, 2020.
Internal MISP references
UUID a87db09c-cadc-48fd-9634-8dd44bbd9009
which can be used as unique global reference for CISA SoreFang July 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-29T00:00:00Z |
date_published | 2020-07-16T00:00:00Z |
source | MITRE |
title | MAR-10296782-1.v1 – SOREFANG |
CISA WellMess July 2020
CISA. (2020, July 16). MAR-10296782-2.v1 – WELLMESS. Retrieved September 24, 2020.
Internal MISP references
UUID 40e9eda2-51a2-4fd8-b0b1-7d2c6deca820
which can be used as unique global reference for CISA WellMess July 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-24T00:00:00Z |
date_published | 2020-07-16T00:00:00Z |
source | MITRE |
title | MAR-10296782-2.v1 – WELLMESS |
CISA WellMail July 2020
CISA. (2020, July 16). MAR-10296782-3.v1 – WELLMAIL. Retrieved September 29, 2020.
Internal MISP references
UUID 2f33b88a-a8dd-445b-a34f-e356b94bed35
which can be used as unique global reference for CISA WellMail July 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-29T00:00:00Z |
date_published | 2020-07-16T00:00:00Z |
source | MITRE |
title | MAR-10296782-3.v1 – WELLMAIL |
CISA EB Aug 2020
Cybersecurity and Infrastructure Security Agency. (2020, August 26). MAR-10301706-1.v1 - North Korean Remote Access Tool: ECCENTRICBANDWAGON. Retrieved March 18, 2021.
Internal MISP references
UUID a1b143f9-ca85-4c11-8909-49423c9ffeab
which can be used as unique global reference for CISA EB Aug 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-18T00:00:00Z |
date_published | 2020-08-26T00:00:00Z |
source | MITRE |
title | MAR-10301706-1.v1 - North Korean Remote Access Tool: ECCENTRICBANDWAGON |
CISA HatMan
CISA. (2019, February 27). MAR-17-352-01 HatMan-Safety System Targeted Malware. Retrieved January 6, 2021.
Internal MISP references
UUID 0690fa53-fee4-43fa-afd5-61137fd7529e
which can be used as unique global reference for CISA HatMan
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-06T00:00:00Z |
date_published | 2019-02-27T00:00:00Z |
source | MITRE |
title | MAR-17-352-01 HatMan-Safety System Targeted Malware |
Outflank MotW 2020
Hegt, S. (2020, March 30). Mark-of-the-Web from a red team’s perspective. Retrieved February 22, 2021.
Internal MISP references
UUID 54d9c59f-800a-426f-90c8-0d1cb2bea1ea
which can be used as unique global reference for Outflank MotW 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-22T00:00:00Z |
date_published | 2020-03-30T00:00:00Z |
source | MITRE |
title | Mark-of-the-Web from a red team’s perspective |
Masquerads-Guardio
Tal, Nati. (2022, December 28). “MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets. Retrieved February 21, 2023.
Internal MISP references
UUID e11492f4-f9a3-5489-b2bb-a28b19ef88b5
which can be used as unique global reference for Masquerads-Guardio
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-21T00:00:00Z |
date_published | 2022-12-28T00:00:00Z |
source | MITRE |
title | “MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets |
CNET Leaks
Ng, A. (2019, January 17). Massive breach leaks 773 million email addresses, 21 million passwords. Retrieved October 20, 2020.
Internal MISP references
UUID 46df3a49-e7c4-4169-b35c-0aecc78c31ea
which can be used as unique global reference for CNET Leaks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2019-01-17T00:00:00Z |
source | MITRE |
title | Massive breach leaks 773 million email addresses, 21 million passwords |
ArsTechnica Great Firewall of China
Goodin, D.. (2015, March 31). Massive denial-of-service attack on GitHub tied to Chinese government. Retrieved April 19, 2019.
Internal MISP references
UUID 1a08d58f-bf91-4345-aa4e-2906d3ef365a
which can be used as unique global reference for ArsTechnica Great Firewall of China
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-19T00:00:00Z |
date_published | 2015-03-31T00:00:00Z |
source | MITRE |
title | Massive denial-of-service attack on GitHub tied to Chinese government |
Europol Cobalt Mar 2018
Europol. (2018, March 26). Mastermind Behind EUR 1 Billion Cyber Bank Robbery Arrested in Spain. Retrieved October 10, 2018.
Internal MISP references
UUID f9d1f2ab-9e75-48ce-bcdf-b7119687feef
which can be used as unique global reference for Europol Cobalt Mar 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-10T00:00:00Z |
date_published | 2018-03-26T00:00:00Z |
source | MITRE |
title | Mastermind Behind EUR 1 Billion Cyber Bank Robbery Arrested in Spain |
LOLBAS Mavinject
LOLBAS. (n.d.). Mavinject.exe. Retrieved September 22, 2021.
Internal MISP references
UUID 4ba7fa89-006b-4fbf-aa6c-6775842c97a4
which can be used as unique global reference for LOLBAS Mavinject
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-22T00:00:00Z |
source | MITRE |
title | Mavinject.exe |
Mavinject Functionality Deconstructed
Matt Graeber. (2018, May 29). mavinject.exe Functionality Deconstructed. Retrieved September 22, 2021.
Internal MISP references
UUID 17b055ba-5e59-4508-ba77-2519c03c6d65
which can be used as unique global reference for Mavinject Functionality Deconstructed
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-22T00:00:00Z |
date_published | 2018-05-29T00:00:00Z |
source | MITRE |
title | mavinject.exe Functionality Deconstructed |
Sophos Maze VM September 2020
Brandt, A., Mackenzie, P.. (2020, September 17). Maze Attackers Adopt Ragnar Locker Virtual Machine Technique. Retrieved October 9, 2020.
Internal MISP references
UUID 9c4bbcbb-2c18-453c-8b02-0a0cd512c3f3
which can be used as unique global reference for Sophos Maze VM September 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-09T00:00:00Z |
date_published | 2020-09-17T00:00:00Z |
source | MITRE |
title | Maze Attackers Adopt Ragnar Locker Virtual Machine Technique |
mbed-crypto
ARMmbed. (2018, June 21). Mbed Crypto. Retrieved February 15, 2021.
Internal MISP references
UUID 324ba1b8-cc97-4d20-b25d-053b2462f3b2
which can be used as unique global reference for mbed-crypto
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-15T00:00:00Z |
date_published | 2018-06-21T00:00:00Z |
source | MITRE |
title | Mbed Crypto |
McAfee REvil October 2019
Saavedra-Morales, J, et al. (2019, October 20). McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo. Retrieved August 5, 2020.
Internal MISP references
UUID 288e94b3-a023-4b59-8b2a-25c469fb56a1
which can be used as unique global reference for McAfee REvil October 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-05T00:00:00Z |
date_published | 2019-10-20T00:00:00Z |
source | MITRE |
title | McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo |
McAfee Sodinokibi October 2019
McAfee. (2019, October 2). McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us. Retrieved August 4, 2020.
Internal MISP references
UUID 1bf961f2-dfa9-4ca3-9bf5-90c21755d783
which can be used as unique global reference for McAfee Sodinokibi October 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-04T00:00:00Z |
date_published | 2019-10-02T00:00:00Z |
source | MITRE |
title | McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us |
McAfee Sandworm November 2013
Li, H. (2013, November 5). McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office. Retrieved June 18, 2020.
Internal MISP references
UUID c90ecd26-ce29-4c1d-b739-357b6d42f399
which can be used as unique global reference for McAfee Sandworm November 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-18T00:00:00Z |
date_published | 2013-11-05T00:00:00Z |
source | MITRE |
title | McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office |
McAfee Honeybee
Sherstobitoff, R. (2018, March 02). McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018.
Internal MISP references
UUID e6f0f7b5-01fe-437f-a9c9-2ea054e7d69d
which can be used as unique global reference for McAfee Honeybee
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-16T00:00:00Z |
date_published | 2018-03-02T00:00:00Z |
source | MITRE |
title | McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups |
Secureworks MCMD July 2019
Secureworks. (2019, July 24). MCMD Malware Analysis. Retrieved August 13, 2020.
Internal MISP references
UUID f7364cfc-5a3b-4538-80d0-cae65f3c6592
which can be used as unique global reference for Secureworks MCMD July 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-13T00:00:00Z |
date_published | 2019-07-24T00:00:00Z |
source | MITRE |
title | MCMD Malware Analysis |
Purves Kextpocalypse 2
Richard Purves. (2017, November 9). MDM and the Kextpocalypse . Retrieved September 23, 2021.
Internal MISP references
UUID 57aeedda-2c32-404f-bead-fe6d213d7241
which can be used as unique global reference for Purves Kextpocalypse 2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-23T00:00:00Z |
date_published | 2017-11-09T00:00:00Z |
source | MITRE |
title | MDM and the Kextpocalypse |
MDSec Brute Ratel August 2022
Chell, D. PART 3: How I Met Your Beacon – Brute Ratel. Retrieved February 6, 2023.
Internal MISP references
UUID dfd12595-0056-5b4a-b753-624fac1bb3a6
which can be used as unique global reference for MDSec Brute Ratel August 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-06T00:00:00Z |
source | MITRE |
title | MDSec Brute Ratel August 2022 |
Secureworks NICKEL ACADEMY Dec 2017
Secureworks. (2017, December 15). Media Alert - Secureworks Discovers North Korean Cyber Threat Group, Lazarus, Spearphishing Financial Executives of Cryptocurrency Companies. Retrieved December 27, 2017.
Internal MISP references
UUID aa7393ad-0760-4f27-a068-17beba17bbe3
which can be used as unique global reference for Secureworks NICKEL ACADEMY Dec 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-27T00:00:00Z |
date_published | 2017-12-15T00:00:00Z |
source | MITRE |
title | Media Alert - Secureworks Discovers North Korean Cyber Threat Group, Lazarus, Spearphishing Financial Executives of Cryptocurrency Companies |
Cybereason Nocturnus MedusaLocker 2020
Cybereason Nocturnus. (2020, November 19). Cybereason vs. MedusaLocker Ransomware. Retrieved June 23, 2021.
Internal MISP references
UUID f7b41120-8455-409f-ad9c-815c2c43edfd
which can be used as unique global reference for Cybereason Nocturnus MedusaLocker 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-23T00:00:00Z |
source | MITRE |
title | MedusaLocker Ransomware |
HC3 Analyst Note MedusaLocker Ransomware February 2023
Health Sector Cybersecurity Coordination Center (HC3). (2023, February 24). MedusaLocker Ransomware. Retrieved August 11, 2023.
Internal MISP references
UUID 49e314d6-5324-41e0-8bee-2b3e08d5e12f
which can be used as unique global reference for HC3 Analyst Note MedusaLocker Ransomware February 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-11T00:00:00Z |
date_published | 2023-02-24T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | MedusaLocker Ransomware |
Bleeping Computer Medusa Ransomware March 12 2023
Lawrence Abrams. (2023, March 12). Medusa ransomware gang picks up steam as it targets companies worldwide. Retrieved September 14, 2023.
Internal MISP references
UUID 21fe1d9e-17f1-49e2-b05f-78e9160f5414
which can be used as unique global reference for Bleeping Computer Medusa Ransomware March 12 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-14T00:00:00Z |
date_published | 2023-03-12T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Medusa ransomware gang picks up steam as it targets companies worldwide |
CyberScoop Babuk February 2021
Lyngaas, S. (2021, February 4). Meet Babuk, a ransomware attacker blamed for the Serco breach. Retrieved August 11, 2021.
Internal MISP references
UUID 0a0aeacd-0976-4c84-b40d-5704afca9f0e
which can be used as unique global reference for CyberScoop Babuk February 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-11T00:00:00Z |
date_published | 2021-02-04T00:00:00Z |
source | MITRE |
title | Meet Babuk, a ransomware attacker blamed for the Serco breach |
CrowdStrike Stardust Chollima Profile April 2018
Meyers, Adam. (2018, April 6). Meet CrowdStrike’s Adversary of the Month for April: STARDUST CHOLLIMA. Retrieved September 29, 2021.
Internal MISP references
UUID a0119ad4-ceea-4dba-bc08-a682085a9b27
which can be used as unique global reference for CrowdStrike Stardust Chollima Profile April 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
date_published | 2018-04-06T00:00:00Z |
source | MITRE |
title | Meet CrowdStrike’s Adversary of the Month for April: STARDUST CHOLLIMA |
CrowdStrike VOODOO BEAR
Meyers, A. (2018, January 19). Meet CrowdStrike’s Adversary of the Month for January: VOODOO BEAR. Retrieved May 22, 2018.
Internal MISP references
UUID ce07d409-292d-4e8e-b1af-bd5ba46c1b95
which can be used as unique global reference for CrowdStrike VOODOO BEAR
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-22T00:00:00Z |
date_published | 2018-01-19T00:00:00Z |
source | MITRE |
title | Meet CrowdStrike’s Adversary of the Month for January: VOODOO BEAR |
Crowdstrike MUSTANG PANDA June 2018
Meyers, A. (2018, June 15). Meet CrowdStrike’s Adversary of the Month for June: MUSTANG PANDA. Retrieved April 12, 2021.
Internal MISP references
UUID 35e72170-b1ec-49c9-aefe-a24fc4302fa6
which can be used as unique global reference for Crowdstrike MUSTANG PANDA June 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-12T00:00:00Z |
date_published | 2018-06-15T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Meet CrowdStrike’s Adversary of the Month for June: MUSTANG PANDA |
CrowdStrike VENOMOUS BEAR
Meyers, A. (2018, March 12). Meet CrowdStrike’s Adversary of the Month for March: VENOMOUS BEAR. Retrieved May 16, 2018.
Internal MISP references
UUID ee400057-2b26-4464-96b4-484c9eb9d5c2
which can be used as unique global reference for CrowdStrike VENOMOUS BEAR
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-16T00:00:00Z |
date_published | 2018-03-12T00:00:00Z |
source | MITRE |
title | Meet CrowdStrike’s Adversary of the Month for March: VENOMOUS BEAR |
Crowdstrike Helix Kitten Nov 2018
Meyers, A. (2018, November 27). Meet CrowdStrike’s Adversary of the Month for November: HELIX KITTEN. Retrieved December 18, 2018.
Internal MISP references
UUID 3fc0d7ad-6283-4cfd-b72f-5ce47594531e
which can be used as unique global reference for Crowdstrike Helix Kitten Nov 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-12-18T00:00:00Z |
date_published | 2018-11-27T00:00:00Z |
source | MITRE |
title | Meet CrowdStrike’s Adversary of the Month for November: HELIX KITTEN |
Cloudflare Memcrashed Feb 2018
Marek Majkowski of Cloudflare. (2018, February 27). Memcrashed - Major amplification attacks from UDP port 11211. Retrieved April 18, 2019.
Internal MISP references
UUID a2a0c1eb-20ad-4c40-a8cd-1732fdde7e19
which can be used as unique global reference for Cloudflare Memcrashed Feb 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-18T00:00:00Z |
date_published | 2018-02-27T00:00:00Z |
source | MITRE |
title | Memcrashed - Major amplification attacks from UDP port 11211 |
Github Mempdump
DiabloHorn. (2015, March 22). mempdump. Retrieved October 6, 2017.
Internal MISP references
UUID f830ed8b-33fa-4d1e-a66c-41f8c6aba69c
which can be used as unique global reference for Github Mempdump
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-10-06T00:00:00Z |
date_published | 2015-03-22T00:00:00Z |
source | MITRE |
title | mempdump |
Palo Alto menuPass Feb 2017
Miller-Osborn, J. and Grunzweig, J.. (2017, February 16). menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations. Retrieved March 1, 2017.
Internal MISP references
UUID ba4f7d65-73ec-4726-b1f6-f2443ffda5e7
which can be used as unique global reference for Palo Alto menuPass Feb 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-01T00:00:00Z |
date_published | 2017-02-16T00:00:00Z |
source | MITRE, Tidal Cyber |
title | menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations |
FireEye MESSAGETAP October 2019
Leong, R., Perez, D., Dean, T. (2019, October 31). MESSAGETAP: Who’s Reading Your Text Messages?. Retrieved May 11, 2020.
Internal MISP references
UUID f56380e8-3cfa-407c-a493-7f9e50ba3867
which can be used as unique global reference for FireEye MESSAGETAP October 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-11T00:00:00Z |
date_published | 2019-10-31T00:00:00Z |
source | MITRE |
title | MESSAGETAP: Who’s Reading Your Text Messages? |
SentinelLabs Metador Technical Appendix Sept 2022
SentinelLabs. (2022, September 22). Metador Technical Appendix. Retrieved April 4, 2023.
Internal MISP references
UUID aa021076-e9c5-5428-a938-c10cfb6b7c97
which can be used as unique global reference for SentinelLabs Metador Technical Appendix Sept 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-04-04T00:00:00Z |
date_published | 2022-09-22T00:00:00Z |
source | MITRE |
title | Metador Technical Appendix |
FireEye Metamorfo Apr 2018
Sierra, E., Iglesias, G.. (2018, April 24). Metamorfo Campaigns Targeting Brazilian Users. Retrieved July 30, 2020.
Internal MISP references
UUID fd220165-43c8-4aaf-9295-0a2b7a52929c
which can be used as unique global reference for FireEye Metamorfo Apr 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-30T00:00:00Z |
date_published | 2018-04-24T00:00:00Z |
source | MITRE |
title | Metamorfo Campaigns Targeting Brazilian Users |
Metasploit_Ref
Metasploit. (n.d.). Retrieved December 4, 2014.
Internal MISP references
UUID ab6ea6b3-3c71-4e69-9713-dae3e4446083
which can be used as unique global reference for Metasploit_Ref
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-04T00:00:00Z |
source | MITRE |
title | Metasploit_Ref |
Metasploit SSH Module
undefined. (n.d.). Retrieved April 12, 2019.
Internal MISP references
UUID e4ae69e5-67ba-4a3e-8101-5e7f073bd312
which can be used as unique global reference for Metasploit SSH Module
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-12T00:00:00Z |
source | MITRE |
title | Metasploit SSH Module |
Github Rapid7 Meterpreter Elevate
Rapid7. (2013, November 26). meterpreter/source/extensions/priv/server/elevate/. Retrieved July 8, 2018.
Internal MISP references
UUID 113dafad-8ede-424b-b727-66f71ea7806a
which can be used as unique global reference for Github Rapid7 Meterpreter Elevate
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-08T00:00:00Z |
date_published | 2013-11-26T00:00:00Z |
source | MITRE |
title | meterpreter/source/extensions/priv/server/elevate/ |
Methods of Mac Malware Persistence
Patrick Wardle. (2014, September). Methods of Malware Persistence on Mac OS X. Retrieved July 5, 2017.
Internal MISP references
UUID 44154472-2894-4161-b23f-46d1b1fd6772
which can be used as unique global reference for Methods of Mac Malware Persistence
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-05T00:00:00Z |
date_published | 2014-09-01T00:00:00Z |
source | MITRE |
title | Methods of Malware Persistence on Mac OS X |
MFA Fatigue Attacks - PortSwigger
Jessica Haworth. (2022, February 16). MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications. Retrieved March 31, 2022.
Internal MISP references
UUID 1b7b0f00-71ba-4762-ae81-bce24591cff4
which can be used as unique global reference for MFA Fatigue Attacks - PortSwigger
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-31T00:00:00Z |
date_published | 2022-02-16T00:00:00Z |
source | MITRE |
title | MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications |
Mftrace.exe - LOLBAS Project
LOLBAS. (2018, May 25). Mftrace.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b6d42cc9-1bf0-4389-8654-90b8d4e7ff49
which can be used as unique global reference for Mftrace.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Mftrace.exe |
Radware Micropsia July 2018
Tsarfaty, Y. (2018, July 25). Micropsia Malware. Retrieved November 13, 2018.
Internal MISP references
UUID 8771ed60-eecb-4e0c-b22c-0c26d30d4dec
which can be used as unique global reference for Radware Micropsia July 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-13T00:00:00Z |
date_published | 2018-07-25T00:00:00Z |
source | MITRE |
title | Micropsia Malware |
Optiv Device Code Phishing 2021
Optiv. (2021, August 17). Microsoft 365 OAuth Device Code Flow and Phishing. Retrieved March 19, 2024.
Internal MISP references
UUID 848da3e2-3228-5ee6-8fff-ff3328e6a387
which can be used as unique global reference for Optiv Device Code Phishing 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-19T00:00:00Z |
date_published | 2021-08-17T00:00:00Z |
source | MITRE |
title | Microsoft 365 OAuth Device Code Flow and Phishing |
Microsoft Midnight Blizzard January 19 2024
MSRC. (2024, January 19). Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard. Retrieved January 24, 2024.
Internal MISP references
UUID 91b48ddd-9e3f-4d36-a262-3b52145b3db2
which can be used as unique global reference for Microsoft Midnight Blizzard January 19 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-24T00:00:00Z |
date_published | 2024-01-19T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard |
Microsoft ZINC disruption Dec 2017
Smith, B. (2017, December 19). Microsoft and Facebook disrupt ZINC malware attack to protect customers and the internet from ongoing cyberthreats. Retrieved December 20, 2017.
Internal MISP references
UUID 99831838-fc8f-43fa-9c87-6ccdf5677c34
which can be used as unique global reference for Microsoft ZINC disruption Dec 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 2017-12-19T00:00:00Z |
source | MITRE |
title | Microsoft and Facebook disrupt ZINC malware attack to protect customers and the internet from ongoing cyberthreats |
The Hacker News Microsoft DDoS June 19 2023
Ravie Lakshmanan. (2023, June 19). Microsoft Blames Massive DDoS Attack for Azure, Outlook, and OneDrive Disruptions. Retrieved October 10, 2023.
Internal MISP references
UUID 2ee27b55-b7a7-40a8-8c0b-5e28943cd273
which can be used as unique global reference for The Hacker News Microsoft DDoS June 19 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-10T00:00:00Z |
date_published | 2023-06-19T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Microsoft Blames Massive DDoS Attack for Azure, Outlook, and OneDrive Disruptions |
Posts By SpecterOps Team Members 2 5 2024
Andy Robbins. (2024, February 2). Microsoft Breach - What Happened What Should Azure Admins Do. Retrieved February 5, 2024.
Internal MISP references
UUID b4c9a3a7-c7d0-4a1d-98cd-6018c072d537
which can be used as unique global reference for Posts By SpecterOps Team Members 2 5 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-05T00:00:00Z |
date_published | 2024-02-02T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Microsoft Breach - What Happened What Should Azure Admins Do |
Microsoft OAuth 2.0 Consent Phishing 2021
Microsoft 365 Defender Threat Intelligence Team. (2021, June 14). Microsoft delivers comprehensive solution to battle rise in consent phishing emails. Retrieved December 13, 2021.
Internal MISP references
UUID 393e44fe-cf52-4c39-a79f-f7cdd9d8e16a
which can be used as unique global reference for Microsoft OAuth 2.0 Consent Phishing 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-13T00:00:00Z |
date_published | 2021-06-14T00:00:00Z |
source | MITRE |
title | Microsoft delivers comprehensive solution to battle rise in consent phishing emails |
Microsoft Digital Defense FY20 Sept 2020
Microsoft . (2020, September 29). Microsoft Digital Defense Report FY20. Retrieved April 21, 2021.
Internal MISP references
UUID cdf74af5-ed71-4dfd-bc49-0ccfa40b65ea
which can be used as unique global reference for Microsoft Digital Defense FY20 Sept 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-21T00:00:00Z |
date_published | 2020-09-29T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Microsoft Digital Defense Report FY20 |
BleepingComputer DDE Disabled in Word Dec 2017
Cimpanu, C. (2017, December 15). Microsoft Disables DDE Feature in Word to Prevent Further Malware Attacks. Retrieved December 19, 2017.
Internal MISP references
UUID d6f93310-77b6-491e-ba9d-ec1faf8de7e4
which can be used as unique global reference for BleepingComputer DDE Disabled in Word Dec 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-19T00:00:00Z |
date_published | 2017-12-15T00:00:00Z |
source | MITRE |
title | Microsoft Disables DDE Feature in Word to Prevent Further Malware Attacks |
Microsoft DuplicateTokenEx
Microsoft TechNet. (n.d.). Retrieved April 25, 2017.
Internal MISP references
UUID 8a389e76-d43a-477c-aab4-301c7c55b439
which can be used as unique global reference for Microsoft DuplicateTokenEx
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-04-25T00:00:00Z |
source | MITRE |
title | Microsoft DuplicateTokenEx |
Red Canary HTA Abuse Part Deux
McCammon, K. (2015, August 14). Microsoft HTML Application (HTA) Abuse, Part Deux. Retrieved October 27, 2017.
Internal MISP references
UUID 39b1cb2f-a07b-49f2-bf2c-15f0c9b95772
which can be used as unique global reference for Red Canary HTA Abuse Part Deux
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-10-27T00:00:00Z |
date_published | 2015-08-14T00:00:00Z |
source | MITRE |
title | Microsoft HTML Application (HTA) Abuse, Part Deux |
Microsoft HTML Help May 2018
Microsoft. (2018, May 30). Microsoft HTML Help 1.4. Retrieved October 3, 2018.
Internal MISP references
UUID f9daf15d-61ea-4cfa-a4e8-9d33d1acd28f
which can be used as unique global reference for Microsoft HTML Help May 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-03T00:00:00Z |
date_published | 2018-05-30T00:00:00Z |
source | MITRE |
title | Microsoft HTML Help 1.4 |
Microsoft - Azure AD Identity Tokens - Aug 2019
Microsoft. (2019, August 29). Microsoft identity platform access tokens. Retrieved September 12, 2019.
Internal MISP references
UUID 44767d53-8cd7-44dd-a69d-8a7bebc1d87d
which can be used as unique global reference for Microsoft - Azure AD Identity Tokens - Aug 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-12T00:00:00Z |
date_published | 2019-08-29T00:00:00Z |
source | MITRE |
title | Microsoft identity platform access tokens |
Microsoft Identity Platform Access 2019
Cai, S., Flores, J., de Guzman, C., et. al.. (2019, August 27). Microsoft identity platform access tokens. Retrieved October 4, 2019.
Internal MISP references
UUID a39d976e-9b52-48f3-b5db-0ffd84ecd338
which can be used as unique global reference for Microsoft Identity Platform Access 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-04T00:00:00Z |
date_published | 2019-08-27T00:00:00Z |
source | MITRE |
title | Microsoft identity platform access tokens |
Microsoft - OAuth Code Authorization flow - June 2019
Microsoft. (n.d.). Microsoft identity platform and OAuth 2.0 authorization code flow. Retrieved September 12, 2019.
Internal MISP references
UUID a41c2123-8b8d-4f98-a535-e58e3e746b69
which can be used as unique global reference for Microsoft - OAuth Code Authorization flow - June 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-12T00:00:00Z |
source | MITRE |
title | Microsoft identity platform and OAuth 2.0 authorization code flow |
Microsoft Identity Platform Protocols May 2019
Microsoft. (n.d.). Retrieved September 12, 2019.
Internal MISP references
UUID a99d2292-be39-4e55-a952-30c9d6a3d0a3
which can be used as unique global reference for Microsoft Identity Platform Protocols May 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-12T00:00:00Z |
source | MITRE |
title | Microsoft Identity Platform Protocols May 2019 |
Microsoft ImpersonateLoggedOnUser
Microsoft TechNet. (n.d.). Retrieved April 25, 2017.
Internal MISP references
UUID 01f5176a-cce6-46e2-acce-a77b6bea7172
which can be used as unique global reference for Microsoft ImpersonateLoggedOnUser
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-04-25T00:00:00Z |
source | MITRE |
title | Microsoft ImpersonateLoggedOnUser |
Microsoft Internal Solorigate Investigation Blog
MSRC Team. (2021, February 18). Microsoft Internal Solorigate Investigation – Final Update. Retrieved May 14, 2021.
Internal MISP references
UUID 66cade99-0040-464c-98a6-bba57719f0a4
which can be used as unique global reference for Microsoft Internal Solorigate Investigation Blog
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-14T00:00:00Z |
date_published | 2021-02-18T00:00:00Z |
source | MITRE |
title | Microsoft Internal Solorigate Investigation – Final Update |
Microsoft LogonUser
Microsoft TechNet. (n.d.). Retrieved April 25, 2017.
Internal MISP references
UUID 08088ec0-5b48-4c32-b213-5e029e5f83ee
which can be used as unique global reference for Microsoft LogonUser
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-04-25T00:00:00Z |
source | MITRE |
title | Microsoft LogonUser |
mmc_vulns
Boxiner, A., Vaknin, E. (2019, June 11). Microsoft Management Console (MMC) Vulnerabilities. Retrieved September 24, 2021.
Internal MISP references
UUID 7bcf1c90-6299-448b-92c3-a6702882936a
which can be used as unique global reference for mmc_vulns
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-24T00:00:00Z |
date_published | 2019-06-11T00:00:00Z |
source | MITRE |
title | Microsoft Management Console (MMC) Vulnerabilities |
Microsoft.NodejsTools.PressAnyKey.exe - LOLBAS Project
LOLBAS. (2022, January 20). Microsoft.NodejsTools.PressAnyKey.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 25c46948-a648-4c3c-b442-e700df68fa20
which can be used as unique global reference for Microsoft.NodejsTools.PressAnyKey.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-01-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Microsoft.NodejsTools.PressAnyKey.exe |
FireEye FELIXROOT July 2018
Patil, S. (2018, June 26). Microsoft Office Vulnerabilities Used to Distribute FELIXROOT Backdoor in Recent Campaign. Retrieved July 31, 2018.
Internal MISP references
UUID 501057e2-9a31-46fe-aaa0-427218682153
which can be used as unique global reference for FireEye FELIXROOT July 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-31T00:00:00Z |
date_published | 2018-06-26T00:00:00Z |
source | MITRE |
title | Microsoft Office Vulnerabilities Used to Distribute FELIXROOT Backdoor in Recent Campaign |
Irongeek Sims BSides 2017
Stephen Sims. (2017, April 30). Microsoft Patch Analysis for Exploitation. Retrieved October 16, 2020.
Internal MISP references
UUID ce11568a-36a8-4da2-972f-9cd67cc337d8
which can be used as unique global reference for Irongeek Sims BSides 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-16T00:00:00Z |
date_published | 2017-04-30T00:00:00Z |
source | MITRE |
title | Microsoft Patch Analysis for Exploitation |
Microsoft_rec_block_rules
Microsoft. (2021, August 23). Retrieved August 16, 2021.
Internal MISP references
UUID 8fbc12b4-dec6-4913-9103-b28b5c3395ee
which can be used as unique global reference for Microsoft_rec_block_rules
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-16T00:00:00Z |
source | MITRE |
title | Microsoft_rec_block_rules |
Microsoft WDAC
Coulter, D. et al.. (2019, April 9). Microsoft recommended block rules. Retrieved August 12, 2021.
Internal MISP references
UUID 86955cd2-5980-44ba-aa7b-4b9f8e347730
which can be used as unique global reference for Microsoft WDAC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-12T00:00:00Z |
date_published | 2019-04-09T00:00:00Z |
source | MITRE |
title | Microsoft recommended block rules |
Microsoft Driver Block Rules
Microsoft. (2020, October 15). Microsoft recommended driver block rules. Retrieved March 16, 2021.
Internal MISP references
UUID 2ad8414a-4490-4896-8266-556b8bdbb77f
which can be used as unique global reference for Microsoft Driver Block Rules
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-16T00:00:00Z |
date_published | 2020-10-15T00:00:00Z |
source | MITRE |
title | Microsoft recommended driver block rules |
Microsoft driver block rules - Duplicate
Jordan Geurten et al. . (2022, March 29). Microsoft recommended driver block rules. Retrieved April 7, 2022.
Internal MISP references
UUID 9bb5c330-56bd-47e7-8414-729d8e6cb3b3
which can be used as unique global reference for Microsoft driver block rules - Duplicate
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-07T00:00:00Z |
date_published | 2022-03-29T00:00:00Z |
source | MITRE |
title | Microsoft recommended driver block rules |
Microsoft Register-WmiEvent
Microsoft. (n.d.). Retrieved January 24, 2020.
Internal MISP references
UUID 6d75029f-f63c-4ca6-b5f9-cb41b698b32a
which can be used as unique global reference for Microsoft Register-WmiEvent
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-01-24T00:00:00Z |
source | MITRE |
title | Microsoft Register-WmiEvent |
Microsoft DDoS Attacks Response June 2023
MSRC Team. (2023, June 16). Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks. Retrieved October 10, 2023.
Internal MISP references
UUID d64e941e-785b-4b23-a7d0-04f12024b033
which can be used as unique global reference for Microsoft DDoS Attacks Response June 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-10T00:00:00Z |
date_published | 2023-06-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks |
Microsoft Security Advisory 2269637
Microsoft. (, May 23). Microsoft Security Advisory 2269637. Retrieved March 13, 2020.
Internal MISP references
UUID fa3d303e-bb1a-426d-9387-e92fc1ea75bc
which can be used as unique global reference for Microsoft Security Advisory 2269637
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-13T00:00:00Z |
date_published | 1978-05-23T00:00:00Z |
source | MITRE |
title | Microsoft Security Advisory 2269637 |
Microsoft 2269637
Microsoft. (2010, August 22). Microsoft Security Advisory 2269637 Released. Retrieved December 5, 2014.
Internal MISP references
UUID ebb94db8-b1a3-4d61-97e6-9b787a742669
which can be used as unique global reference for Microsoft 2269637
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-05T00:00:00Z |
date_published | 2010-08-22T00:00:00Z |
source | MITRE |
title | Microsoft Security Advisory 2269637 Released |
Microsoft DDE Advisory Nov 2017
Microsoft. (2017, November 8). Microsoft Security Advisory 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields. Retrieved November 21, 2017.
Internal MISP references
UUID 955b0074-a1d6-40b5-9437-bd2548daf54c
which can be used as unique global reference for Microsoft DDE Advisory Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-21T00:00:00Z |
date_published | 2017-11-08T00:00:00Z |
source | MITRE |
title | Microsoft Security Advisory 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields |
Microsoft WDigest Mit
Microsoft. (2014, May 13). Microsoft Security Advisory: Update to improve credentials protection and management. Retrieved June 8, 2020.
Internal MISP references
UUID 2a9149d7-ba39-47f2-8f23-7f3b175931f0
which can be used as unique global reference for Microsoft WDigest Mit
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-08T00:00:00Z |
date_published | 2014-05-13T00:00:00Z |
source | MITRE |
title | Microsoft Security Advisory: Update to improve credentials protection and management |
MS17-010 March 2017
Microsoft. (2017, March 14). Microsoft Security Bulletin MS17-010 - Critical. Retrieved August 17, 2017.
Internal MISP references
UUID 8088a624-d8c8-4d8e-99c2-a9da4a2f0117
which can be used as unique global reference for MS17-010 March 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-08-17T00:00:00Z |
date_published | 2017-03-14T00:00:00Z |
source | MITRE |
title | Microsoft Security Bulletin MS17-010 - Critical |
MSTIC GADOLINIUM September 2020
Ben Koehl, Joe Hannon. (2020, September 24). Microsoft Security - Detecting Empires in the Cloud. Retrieved August 24, 2021.
Internal MISP references
UUID ee352214-421f-4778-ac28-949142a8ef2a
which can be used as unique global reference for MSTIC GADOLINIUM September 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-24T00:00:00Z |
date_published | 2020-09-24T00:00:00Z |
source | MITRE |
title | Microsoft Security - Detecting Empires in the Cloud |
Microsoft SIR Vol 19
Anthe, C. et al. (2015, October 19). Microsoft Security Intelligence Report Volume 19. Retrieved December 23, 2015.
Internal MISP references
UUID 050e0a70-19e6-4637-a3f7-b7cd788cca43
which can be used as unique global reference for Microsoft SIR Vol 19
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-12-23T00:00:00Z |
date_published | 2015-10-19T00:00:00Z |
source | MITRE |
title | Microsoft Security Intelligence Report Volume 19 |
Microsoft SIR Vol 21
Anthe, C. et al. (2016, December 14). Microsoft Security Intelligence Report Volume 21. Retrieved November 27, 2017.
Internal MISP references
UUID 619b9cf8-7201-45de-9c36-834ccee356a9
which can be used as unique global reference for Microsoft SIR Vol 21
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-27T00:00:00Z |
date_published | 2016-12-14T00:00:00Z |
source | MITRE |
title | Microsoft Security Intelligence Report Volume 21 |
Microsoft Threat Intelligence Tweet April 26 2023
MsftSecIntel. (2023, May 26). Microsoft Threat Intelligence Tweet April 26 2023. Retrieved June 16, 2023.
Internal MISP references
UUID 3b5a2349-e10c-422b-91e3-20e9033fdb60
which can be used as unique global reference for Microsoft Threat Intelligence Tweet April 26 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-16T00:00:00Z |
date_published | 2023-05-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Microsoft Threat Intelligence Tweet April 26 2023 |
Microsoft Threat Intelligence Tweet August 17 2023
MsftSecIntel. (2023, August 17). Microsoft Threat Intelligence Tweet August 17 2023. Retrieved September 14, 2023.
Internal MISP references
UUID 8b0ebcb5-d531-4f49-aa2d-bceb5e491b3f
which can be used as unique global reference for Microsoft Threat Intelligence Tweet August 17 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-14T00:00:00Z |
date_published | 2023-08-17T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Microsoft Threat Intelligence Tweet August 17 2023 |
Microsoft Threat Intelligence Tweet June 17 2020
MsftSecIntel. (2020, June 17). Microsoft Threat Intelligence Tweet June 17 2020. Retrieved June 22, 2023.
Internal MISP references
UUID 98fc7485-9424-412f-8162-a69d6c10c243
which can be used as unique global reference for Microsoft Threat Intelligence Tweet June 17 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-22T00:00:00Z |
date_published | 2020-06-17T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Microsoft Threat Intelligence Tweet June 17 2020 |
Microsoft Threat Intelligence Tweet May 18 2023
MsftSecIntel. (2023, May 18). Microsoft Threat Intelligence Tweet May 18 2023. Retrieved May 25, 2023.
Internal MISP references
UUID b41e9f89-cd88-4483-bb86-9d88c555a648
which can be used as unique global reference for Microsoft Threat Intelligence Tweet May 18 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-25T00:00:00Z |
date_published | 2023-05-18T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Microsoft Threat Intelligence Tweet May 18 2023 |
Wikipedia Windows Library Files
Wikipedia. (2017, January 31). Microsoft Windows library files. Retrieved February 13, 2017.
Internal MISP references
UUID 9b6e2f38-6e5a-4e4f-ad84-97155be2c641
which can be used as unique global reference for Wikipedia Windows Library Files
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-02-13T00:00:00Z |
date_published | 2017-01-31T00:00:00Z |
source | MITRE |
title | Microsoft Windows library files |
Proofpoint Cobalt June 2017
Mesa, M, et al. (2017, June 1). Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions. Retrieved October 10, 2018.
Internal MISP references
UUID c4922659-88b2-4311-9c9b-dc9b383d746a
which can be used as unique global reference for Proofpoint Cobalt June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-10T00:00:00Z |
date_published | 2017-06-01T00:00:00Z |
source | MITRE |
title | Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions |
Microsoft.Workflow.Compiler.exe - LOLBAS Project
LOLBAS. (2018, October 22). Microsoft.Workflow.Compiler.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 1e659b32-a06f-45dc-a1eb-03f1a42c55ef
which can be used as unique global reference for Microsoft.Workflow.Compiler.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-10-22T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Microsoft.Workflow.Compiler.exe |
InfoSecurity Sandworm Oct 2014
Muncaster, P.. (2014, October 14). Microsoft Zero Day Traced to Russian ‘Sandworm’ Hackers. Retrieved October 6, 2017.
Internal MISP references
UUID 05b3840d-162d-455f-a87b-229e83e5a031
which can be used as unique global reference for InfoSecurity Sandworm Oct 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-10-06T00:00:00Z |
date_published | 2014-10-14T00:00:00Z |
source | MITRE |
title | Microsoft Zero Day Traced to Russian ‘Sandworm’ Hackers |
objective-see windtail1 dec 2018
Wardle, Patrick. (2018, December 20). Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 1). Retrieved October 3, 2019.
Internal MISP references
UUID 7a32c962-8050-45de-8b90-8644be5109d9
which can be used as unique global reference for objective-see windtail1 dec 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-03T00:00:00Z |
date_published | 2018-12-20T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 1) |
objective-see windtail2 jan 2019
Wardle, Patrick. (2019, January 15). Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 2). Retrieved October 3, 2019.
Internal MISP references
UUID e6bdc679-ee0c-4f34-b5bc-0d6a26485b36
which can be used as unique global reference for objective-see windtail2 jan 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-03T00:00:00Z |
date_published | 2019-01-15T00:00:00Z |
source | MITRE |
title | Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 2) |
CyberScoop BlackOasis Oct 2017
Bing, C. (2017, October 16). Middle Eastern hacking group is using FinFisher malware to conduct international espionage. Retrieved February 15, 2018.
Internal MISP references
UUID a8224ad5-4688-4382-a3e7-1dd3ed74ebce
which can be used as unique global reference for CyberScoop BlackOasis Oct 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-15T00:00:00Z |
date_published | 2017-10-16T00:00:00Z |
source | MITRE |
title | Middle Eastern hacking group is using FinFisher malware to conduct international espionage |
Int SP - chat apps
Microsoft Threat Intelligence. (2023, August 2). Midnight Blizzard conducts targeted social engineering over Microsoft Teams. Retrieved February 16, 2024.
Internal MISP references
UUID 8d0db0f2-9b29-5216-8c9c-de8bf0c541de
which can be used as unique global reference for Int SP - chat apps
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-16T00:00:00Z |
date_published | 2023-08-02T00:00:00Z |
source | MITRE |
title | Midnight Blizzard conducts targeted social engineering over Microsoft Teams |
Microsoft Security Blog 1 26 2024
Microsoft Threat Intelligence. (2024, January 25). Midnight Blizzard Guidance for responders on nation-state attack . Retrieved January 26, 2024.
Internal MISP references
UUID 10dedea9-35e9-476f-84e8-e49e3f057039
which can be used as unique global reference for Microsoft Security Blog 1 26 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-26T00:00:00Z |
date_published | 2024-01-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Midnight Blizzard Guidance for responders on nation-state attack |
Deply Mimikatz
Deply, B. (n.d.). Mimikatz. Retrieved September 29, 2015.
Internal MISP references
UUID c92d890c-2839-433a-b458-f663e66e1c63
which can be used as unique global reference for Deply Mimikatz
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-09-29T00:00:00Z |
source | MITRE |
title | Mimikatz |
CG 2014
CG. (2014, May 20). Mimikatz Against Virtual Machine Memory Part 1. Retrieved November 12, 2014.
Internal MISP references
UUID 46836549-f7e9-45e1-8d89-4d25ba26dbd7
which can be used as unique global reference for CG 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
date_published | 2014-05-20T00:00:00Z |
source | MITRE |
title | Mimikatz Against Virtual Machine Memory Part 1 |
ADSecurity AD Kerberos Attacks
Metcalf, S. (2014, November 22). Mimikatz and Active Directory Kerberos Attacks. Retrieved June 2, 2016.
Internal MISP references
UUID 07ff57eb-1e23-433b-8da7-80f1caf7543e
which can be used as unique global reference for ADSecurity AD Kerberos Attacks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-02T00:00:00Z |
date_published | 2014-11-22T00:00:00Z |
source | MITRE |
title | Mimikatz and Active Directory Kerberos Attacks |
Harmj0y DCSync Sept 2015
Schroeder, W. (2015, September 22). Mimikatz and DCSync and ExtraSids, Oh My. Retrieved December 4, 2017.
Internal MISP references
UUID 2a01a70c-28a8-444e-95a7-00a568d51ce6
which can be used as unique global reference for Harmj0y DCSync Sept 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-04T00:00:00Z |
date_published | 2015-09-22T00:00:00Z |
source | MITRE |
title | Mimikatz and DCSync and ExtraSids, Oh My |
Harmj0y Mimikatz and DCSync
Schroeder, W. (2015, September 22). Mimikatz and DCSync and ExtraSids, Oh My. Retrieved August 7, 2017.
Internal MISP references
UUID 2afa76c1-caa1-4f16-9289-7abc7eb3a102
which can be used as unique global reference for Harmj0y Mimikatz and DCSync
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-08-07T00:00:00Z |
date_published | 2015-09-22T00:00:00Z |
source | MITRE |
title | Mimikatz and DCSync and ExtraSids, Oh My |
ADSecurity Mimikatz DCSync
Metcalf, S. (2015, September 25). Mimikatz DCSync Usage, Exploitation, and Detection. Retrieved August 7, 2017.
Internal MISP references
UUID 61b0bb42-2ed6-413d-b331-0a84df12a87d
which can be used as unique global reference for ADSecurity Mimikatz DCSync
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-08-07T00:00:00Z |
date_published | 2015-09-25T00:00:00Z |
source | MITRE |
title | Mimikatz DCSync Usage, Exploitation, and Detection |
AdSecurity DCSync Sept 2015
Metcalf, S. (2015, September 25). Mimikatz DCSync Usage, Exploitation, and Detection. Retrieved December 4, 2017.
Internal MISP references
UUID 856ed70b-29b0-4f56-b5ae-a98981a22eaf
which can be used as unique global reference for AdSecurity DCSync Sept 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-04T00:00:00Z |
date_published | 2015-09-25T00:00:00Z |
source | MITRE |
title | Mimikatz DCSync Usage, Exploitation, and Detection |
GitHub Mimikittenz July 2016
Jamieson O'Reilly (putterpanda). (2016, July 4). mimikittenz. Retrieved June 20, 2019.
Internal MISP references
UUID 2e0a95b2-3f9a-4638-9bc5-ff1f3ac2af4b
which can be used as unique global reference for GitHub Mimikittenz July 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-20T00:00:00Z |
date_published | 2016-07-04T00:00:00Z |
source | MITRE |
title | mimikittenz |
MimiPenguin GitHub May 2017
Gregal, H. (2017, May 12). MimiPenguin. Retrieved December 5, 2017.
Internal MISP references
UUID b10cd6cc-35ed-4eac-b213-110de28f33ef
which can be used as unique global reference for MimiPenguin GitHub May 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-05T00:00:00Z |
date_published | 2017-05-12T00:00:00Z |
source | MITRE |
title | MimiPenguin |
mimipenguin proc file
Gregal, Hunter. (2019, September 17). MimiPenguin 2.0. Retrieved March 28, 2024.
Internal MISP references
UUID b66d4c5a-f4de-5888-ad8a-a20bda888bc6
which can be used as unique global reference for mimipenguin proc file
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-28T00:00:00Z |
date_published | 2019-09-17T00:00:00Z |
source | MITRE |
title | MimiPenguin 2.0 |
Securelist Minidionis July 2015
Lozhkin, S.. (2015, July 16). Minidionis – one more APT with a usage of cloud drives. Retrieved April 5, 2017.
Internal MISP references
UUID af40a05e-02fb-4943-b3ff-9a292679e93d
which can be used as unique global reference for Securelist Minidionis July 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-04-05T00:00:00Z |
date_published | 2015-07-16T00:00:00Z |
source | MITRE |
title | Minidionis – one more APT with a usage of cloud drives |
mining_ruby_reversinglabs
Maljic, T. (2020, April 16). Mining for malicious Ruby gems. Retrieved October 15, 2022.
Internal MISP references
UUID ca2074d8-330b-544e-806f-ddee7b702631
which can be used as unique global reference for mining_ruby_reversinglabs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-10-15T00:00:00Z |
date_published | 2020-04-16T00:00:00Z |
source | MITRE |
title | Mining for malicious Ruby gems |
lazgroup_idn_phishing
RISKIQ. (2017, December 20). Mining Insights: Infrastructure Analysis of Lazarus Group Cyber Attacks on the Cryptocurrency Industry. Retrieved July 29, 2022.
Internal MISP references
UUID 83de363d-b575-4851-9c2d-a78f504cf754
which can be used as unique global reference for lazgroup_idn_phishing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-29T00:00:00Z |
date_published | 2017-12-20T00:00:00Z |
source | MITRE |
title | Mining Insights: Infrastructure Analysis of Lazarus Group Cyber Attacks on the Cryptocurrency Industry |
NCSC-NL COATHANGER Feb 2024
Dutch Military Intelligence and Security Service (MIVD) & Dutch General Intelligence and Security Service (AIVD). (2024, February 6). Ministry of Defense of the Netherlands uncovers COATHANGER, a stealthy Chinese FortiGate RAT. Retrieved February 7, 2024.
Internal MISP references
UUID e8e60112-a08d-5316-b80f-f601e7e5c973
which can be used as unique global reference for NCSC-NL COATHANGER Feb 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-07T00:00:00Z |
date_published | 2024-02-06T00:00:00Z |
source | MITRE |
title | Ministry of Defense of the Netherlands uncovers COATHANGER, a stealthy Chinese FortiGate RAT |
APT15 Intezer June 2018
Rosenberg, J. (2018, June 14). MirageFox: APT15 Resurfaces With New Tools Based On Old Ones. Retrieved September 21, 2018.
Internal MISP references
UUID 0110500c-bf67-43a5-97cb-16eb6c01040b
which can be used as unique global reference for APT15 Intezer June 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-21T00:00:00Z |
date_published | 2018-06-14T00:00:00Z |
source | MITRE, Tidal Cyber |
title | MirageFox: APT15 Resurfaces With New Tools Based On Old Ones |
ESET Mispadu November 2019
ESET Research. (2019, November 19). Mispadu: Advertisement for a discounted Unhappy Meal. Retrieved April 4, 2024.
Internal MISP references
UUID a27753c1-2f7a-40c4-9e28-a37265bce28c
which can be used as unique global reference for ESET Mispadu November 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-04T00:00:00Z |
date_published | 2019-11-19T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Mispadu: Advertisement for a discounted Unhappy Meal |
ESET Security Mispadu Facebook Ads 2019
ESET Security. (2019, November 19). Mispadu: Advertisement for a discounted Unhappy Meal. Retrieved March 13, 2024.
Internal MISP references
UUID e1b945f4-20e0-5b69-8fd7-f05afce8c0ba
which can be used as unique global reference for ESET Security Mispadu Facebook Ads 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-13T00:00:00Z |
date_published | 2019-11-19T00:00:00Z |
source | MITRE |
title | Mispadu: Advertisement for a discounted Unhappy Meal |
Slideshare Abusing SSH
Duarte, H., Morrison, B. (2012). (Mis)trusting and (ab)using ssh. Retrieved January 8, 2018.
Internal MISP references
UUID 4f63720a-50b6-4eef-826c-71ce8d6e4bb8
which can be used as unique global reference for Slideshare Abusing SSH
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-08T00:00:00Z |
date_published | 2012-01-01T00:00:00Z |
source | MITRE |
title | (Mis)trusting and (ab)using ssh |
Mitiga Security Advisory: SSM Agent as Remote Access Trojan
Ariel Szarf, Or Aspir. (n.d.). Mitiga Security Advisory: Abusing the SSM Agent as a Remote Access Trojan. Retrieved January 31, 2024.
Internal MISP references
UUID 88fecbcd-a89b-536a-a1f6-6ddfb2b452da
which can be used as unique global reference for Mitiga Security Advisory: SSM Agent as Remote Access Trojan
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-31T00:00:00Z |
source | MITRE |
title | Mitiga Security Advisory: Abusing the SSM Agent as a Remote Access Trojan |
ACSC Email Spoofing
Australian Cyber Security Centre. (2012, December). Mitigating Spoofed Emails Using Sender Policy Framework. Retrieved October 19, 2020.
Internal MISP references
UUID 4e82a053-c881-4569-8efe-3ef40f6e25a0
which can be used as unique global reference for ACSC Email Spoofing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
date_published | 2012-12-01T00:00:00Z |
source | MITRE |
title | Mitigating Spoofed Emails Using Sender Policy Framework |
NSA Cyber Mitigating Web Shells
NSA Cybersecurity Directorate. (n.d.). Mitigating Web Shells. Retrieved July 22, 2021.
Internal MISP references
UUID cc40e8e8-5450-4340-a091-ae7e609778dc
which can be used as unique global reference for NSA Cyber Mitigating Web Shells
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-07-22T00:00:00Z |
source | MITRE |
title | Mitigating Web Shells |
MIT ccache
Massachusetts Institute of Technology. (n.d.). MIT Kerberos Documentation: Credential Cache. Retrieved October 4, 2021.
Internal MISP references
UUID 6a1b4373-2304-420c-8733-e1eae71ff7b2
which can be used as unique global reference for MIT ccache
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-04T00:00:00Z |
source | MITRE |
title | MIT Kerberos Documentation: Credential Cache |
MITRE SE Guide 2014
The MITRE Corporation. (2014). MITRE Systems Engineering Guide. Retrieved April 6, 2018.
Internal MISP references
UUID 576f95bc-5cb9-473e-b026-19b864d1c26c
which can be used as unique global reference for MITRE SE Guide 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-06T00:00:00Z |
date_published | 2014-01-01T00:00:00Z |
source | MITRE |
title | MITRE Systems Engineering Guide |
win_mmc
Microsoft. (2017, October 16). mmc. Retrieved September 20, 2021.
Internal MISP references
UUID 508373ef-2634-404f-99de-7a73cce68699
which can be used as unique global reference for win_mmc
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-20T00:00:00Z |
date_published | 2017-10-16T00:00:00Z |
source | MITRE |
title | mmc |
Mmc.exe - LOLBAS Project
LOLBAS. (2018, December 4). Mmc.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 490b6769-e386-4a3d-972e-5a919cb2f6f5
which can be used as unique global reference for Mmc.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-12-04T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Mmc.exe |
Trend Micro Bouncing Golf 2019
E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.
Internal MISP references
UUID b830fe30-0b53-4fc6-a172-7da930618725
which can be used as unique global reference for Trend Micro Bouncing Golf 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-01-27T00:00:00Z |
date_published | 2019-06-28T00:00:00Z |
source | MITRE |
title | Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East |
ELF Injection May 2009
O'Neill, R. (2009, May). Modern Day ELF Runtime infection via GOT poisoning. Retrieved March 15, 2020.
Internal MISP references
UUID 3ca314d4-3fcf-4545-8ae9-4d8781d51295
which can be used as unique global reference for ELF Injection May 2009
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-15T00:00:00Z |
date_published | 2009-05-01T00:00:00Z |
source | MITRE |
title | Modern Day ELF Runtime infection via GOT poisoning |
Elastic Rules macOS launchctl 2022
Elastic Security 7.17. (2022, February 1). Modification of Environment Variable via Launchctl. Retrieved September 28, 2023.
Internal MISP references
UUID 04b0582e-357f-5f2a-8582-b3bf8f52c2a2
which can be used as unique global reference for Elastic Rules macOS launchctl 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-28T00:00:00Z |
date_published | 2022-02-01T00:00:00Z |
source | MITRE |
title | Modification of Environment Variable via Launchctl |
modinfo man
Russell, R. (n.d.). modinfo(8) - Linux man page. Retrieved March 28, 2023.
Internal MISP references
UUID d4f2db5c-ef6d-556d-a5e2-f6738277fecd
which can be used as unique global reference for modinfo man
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-28T00:00:00Z |
source | MITRE |
title | modinfo(8) - Linux man page |
hasherezade debug
hasherezade. (2021, June 30). Module 3 - Understanding and countering malware's evasion and self-defence. Retrieved April 1, 2022.
Internal MISP references
UUID 53b0c71d-c577-40e8-8a04-9de083e276a2
which can be used as unique global reference for hasherezade debug
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-01T00:00:00Z |
date_published | 2021-06-30T00:00:00Z |
source | MITRE |
title | Module 3 - Understanding and countering malware's evasion and self-defence |
Microsoft Module Class
Microsoft. (n.d.). Module Class. Retrieved September 28, 2021.
Internal MISP references
UUID b051a38a-09c7-4280-a5b6-08067d81a2d8
which can be used as unique global reference for Microsoft Module Class
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-28T00:00:00Z |
source | MITRE |
title | Module Class |
GitHub Mimikatz kerberos Module
Deply, B., Le Toux, V.. (2016, June 5). module ~ kerberos. Retrieved March 17, 2020.
Internal MISP references
UUID b5eca224-bea1-48e8-acdc-e910d52560f1
which can be used as unique global reference for GitHub Mimikatz kerberos Module
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-17T00:00:00Z |
date_published | 2016-06-05T00:00:00Z |
source | MITRE |
title | module ~ kerberos |
GitHub Mimikatz lsadump Module
Deply, B., Le Toux, V. (2016, June 5). module ~ lsadump. Retrieved August 7, 2017.
Internal MISP references
UUID e188ff4d-a983-4f5a-b9e1-3b0f9fd8df25
which can be used as unique global reference for GitHub Mimikatz lsadump Module
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-08-07T00:00:00Z |
date_published | 2016-06-05T00:00:00Z |
source | MITRE |
title | module ~ lsadump |
Module Stomping for Shellcode Injection
Red Teaming Experiments. (n.d.). Module Stomping for Shellcode Injection. Retrieved July 14, 2022.
Internal MISP references
UUID 0f9b58e2-2a81-4b79-aad6-b36a844cf1c6
which can be used as unique global reference for Module Stomping for Shellcode Injection
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-14T00:00:00Z |
source | MITRE |
title | Module Stomping for Shellcode Injection |
Linux Kernel Module Programming Guide
Pomerantz, O., Salzman, P. (2003, April 4). Modules vs Programs. Retrieved April 6, 2018.
Internal MISP references
UUID ceefe610-0b26-4307-806b-17313d570511
which can be used as unique global reference for Linux Kernel Module Programming Guide
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-06T00:00:00Z |
date_published | 2003-04-04T00:00:00Z |
source | MITRE |
title | Modules vs Programs |
FOX-IT May 2016 Mofang
Yonathan Klijnsma. (2016, May 17). Mofang: A politically motivated information stealing adversary. Retrieved May 12, 2020.
Internal MISP references
UUID f1a08b1c-f7d5-4a91-b3b7-0f042b297842
which can be used as unique global reference for FOX-IT May 2016 Mofang
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-12T00:00:00Z |
date_published | 2016-05-17T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Mofang: A politically motivated information stealing adversary |
Unit42 Molerat Mar 2020
Falcone, R., et al. (2020, March 3). Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations. Retrieved December 14, 2020.
Internal MISP references
UUID 328f1c87-c9dc-42d8-bb33-a17ad4d7f57e
which can be used as unique global reference for Unit42 Molerat Mar 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-14T00:00:00Z |
date_published | 2020-03-03T00:00:00Z |
source | MITRE |
title | Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations |
Cybereason Molerats Dec 2020
Cybereason Nocturnus Team. (2020, December 9). MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign. Retrieved December 22, 2020.
Internal MISP references
UUID 81a10a4b-c66f-4526-882c-184436807e1d
which can be used as unique global reference for Cybereason Molerats Dec 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-22T00:00:00Z |
date_published | 2020-12-09T00:00:00Z |
source | MITRE |
title | MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign |
Azure - Monitor Logs
Microsoft. (2019, June 4). Monitor at scale by using Azure Monitor. Retrieved May 1, 2020.
Internal MISP references
UUID e16974cc-623e-4fa6-ac36-5f199d54bf55
which can be used as unique global reference for Azure - Monitor Logs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-01T00:00:00Z |
date_published | 2019-06-04T00:00:00Z |
source | MITRE |
title | Monitor at scale by using Azure Monitor |
EventTracker File Permissions Feb 2014
Netsurion. (2014, February 19). Monitoring File Permission Changes with the Windows Security Log. Retrieved August 19, 2018.
Internal MISP references
UUID 91a4278e-ea52-4cd5-8c79-c73c690372a3
which can be used as unique global reference for EventTracker File Permissions Feb 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-19T00:00:00Z |
date_published | 2014-02-19T00:00:00Z |
source | MITRE |
title | Monitoring File Permission Changes with the Windows Security Log |
Microsoft Silent Process Exit NOV 2017
Marshall, D. & Griffin, S. (2017, November 28). Monitoring Silent Process Exit. Retrieved June 27, 2018.
Internal MISP references
UUID 86896031-f654-4185-ba45-8c931903153b
which can be used as unique global reference for Microsoft Silent Process Exit NOV 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-06-27T00:00:00Z |
date_published | 2017-11-28T00:00:00Z |
source | MITRE |
title | Monitoring Silent Process Exit |
Windows Event Forwarding Payne
Payne, J. (2015, November 23). Monitoring what matters - Windows Event Forwarding for everyone (even if you already have a SIEM.). Retrieved February 1, 2016.
Internal MISP references
UUID 72798df8-0e12-46f5-acb0-2fe99bd8dbff
which can be used as unique global reference for Windows Event Forwarding Payne
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-02-01T00:00:00Z |
date_published | 2015-11-23T00:00:00Z |
source | MITRE |
title | Monitoring what matters - Windows Event Forwarding for everyone (even if you already have a SIEM.) |
GCP Monitoring Service Account Usage
Google Cloud. (2022, March 31). Monitor usage patterns for service accounts and keys . Retrieved April 1, 2022.
Internal MISP references
UUID d33115c5-ae47-4089-a6cb-4ef97effa722
which can be used as unique global reference for GCP Monitoring Service Account Usage
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-01T00:00:00Z |
date_published | 2022-03-31T00:00:00Z |
source | MITRE |
title | Monitor usage patterns for service accounts and keys |
Forcepoint Monsoon
Settle, A., et al. (2016, August 8). MONSOON - Analysis Of An APT Campaign. Retrieved September 22, 2016.
Internal MISP references
UUID ea64a3a5-a248-44bb-98cd-f7e3d4c23d4e
which can be used as unique global reference for Forcepoint Monsoon
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-09-22T00:00:00Z |
date_published | 2016-08-08T00:00:00Z |
source | MITRE |
title | MONSOON - Analysis Of An APT Campaign |
Microsoft Security Blog 5 28 2024
Microsoft Threat Intelligence. (2024, May 28). Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks . Retrieved May 29, 2024.
Internal MISP references
UUID faf315ed-71f7-4e29-8334-701da35a69ad
which can be used as unique global reference for Microsoft Security Blog 5 28 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-05-29T00:00:00Z |
date_published | 2024-05-28T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks |
Security Intelligence More Eggs Aug 2019
Villadsen, O.. (2019, August 29). More_eggs, Anyone? Threat Actor ITG08 Strikes Again. Retrieved September 16, 2019.
Internal MISP references
UUID f0a0286f-adb9-4a6e-85b5-5b0f45e6fbf3
which can be used as unique global reference for Security Intelligence More Eggs Aug 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-16T00:00:00Z |
date_published | 2019-08-29T00:00:00Z |
source | MITRE, Tidal Cyber |
title | More_eggs, Anyone? Threat Actor ITG08 Strikes Again |
ESET EvilNum July 2020
Porolli, M. (2020, July 9). More evil: A deep look at Evilnum and its toolset. Retrieved January 22, 2021.
Internal MISP references
UUID 6851b3f9-0239-40fc-ba44-34a775e9bd4e
which can be used as unique global reference for ESET EvilNum July 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-22T00:00:00Z |
date_published | 2020-07-09T00:00:00Z |
source | MITRE, Tidal Cyber |
title | More evil: A deep look at Evilnum and its toolset |
Microsoft More information about DLL
Microsoft. (2010, August 12). More information about the DLL Preloading remote attack vector. Retrieved December 5, 2014.
Internal MISP references
UUID 80289c7b-53c1-4aec-9436-04a43a82f769
which can be used as unique global reference for Microsoft More information about DLL
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-05T00:00:00Z |
date_published | 2010-08-12T00:00:00Z |
source | MITRE |
title | More information about the DLL Preloading remote attack vector |
Microsoft DLL Preloading
Microsoft. (2010, August 12). More information about the DLL Preloading remote attack vector. Retrieved December 5, 2014.
Internal MISP references
UUID 46aa7075-9f0a-461e-8519-5c4860208678
which can be used as unique global reference for Microsoft DLL Preloading
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-05T00:00:00Z |
date_published | 2010-08-12T00:00:00Z |
source | MITRE |
title | More information about the DLL Preloading remote attack vector |
aptsim
valsmith. (2012, September 21). More on APTSim. Retrieved September 28, 2017.
Internal MISP references
UUID c33ca45d-eeff-4a23-906c-99369047c7f5
which can be used as unique global reference for aptsim
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-09-28T00:00:00Z |
date_published | 2012-09-21T00:00:00Z |
source | MITRE |
title | More on APTSim |
Washington Post WannaCry 2017
Dwoskin, E. and Adam, K. (2017, May 14). More than 150 countries affected by massive cyberattack, Europol says. Retrieved March 25, 2019.
Internal MISP references
UUID bbf9b08a-072c-4fb9-8c3c-cb6f91e8940c
which can be used as unique global reference for Washington Post WannaCry 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-25T00:00:00Z |
date_published | 2017-05-14T00:00:00Z |
source | MITRE |
title | More than 150 countries affected by massive cyberattack, Europol says |
ArsTechnica Intel
Goodin, D. & Salter, J. (2020, August 6). More than 20GB of Intel source code and proprietary data dumped online. Retrieved October 20, 2020.
Internal MISP references
UUID 99151b50-3dd8-47b5-a48f-2e3b450944e9
which can be used as unique global reference for ArsTechnica Intel
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2020-08-06T00:00:00Z |
source | MITRE |
title | More than 20GB of Intel source code and proprietary data dumped online |
Kaspersky Winnti April 2013
Kaspersky Lab's Global Research and Analysis Team. (2013, April 11). Winnti. More than just a game. Retrieved February 8, 2017.
Internal MISP references
UUID 2d4834b9-61c4-478e-919a-317d97cd2c36
which can be used as unique global reference for Kaspersky Winnti April 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-02-08T00:00:00Z |
source | MITRE, Tidal Cyber |
title | More than just a game |
polygot_icedID
Lim, M. (2022, September 27). More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID. Retrieved September 29, 2022.
Internal MISP references
UUID dcd65d74-4e7b-5ddd-8c72-700456981347
which can be used as unique global reference for polygot_icedID
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-29T00:00:00Z |
date_published | 2022-09-27T00:00:00Z |
source | MITRE |
title | More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID |
CrowdStrike Deep Panda Web Shells
RYANJ. (2014, February 20). Mo’ Shells Mo’ Problems – Deep Panda Web Shells. Retrieved September 16, 2015.
Internal MISP references
UUID e9c47d8e-f732-45c9-bceb-26c5d564e781
which can be used as unique global reference for CrowdStrike Deep Panda Web Shells
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-09-16T00:00:00Z |
date_published | 2014-02-20T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Mo’ Shells Mo’ Problems – Deep Panda Web Shells |
MoustachedBouncer ESET August 2023
Faou, M. (2023, August 10). MoustachedBouncer: Espionage against foreign diplomats in Belarus. Retrieved September 25, 2023.
Internal MISP references
UUID 9070f14b-5d5e-5f6d-bcac-628478e01242
which can be used as unique global reference for MoustachedBouncer ESET August 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-25T00:00:00Z |
date_published | 2023-08-10T00:00:00Z |
source | MITRE |
title | MoustachedBouncer: Espionage against foreign diplomats in Belarus |
ESET MoustachedBouncer
Faou, M. (2023, August 10). MoustachedBouncer: Espionage against foreign diplomats in Belarus. Retrieved September 1, 2023.
Internal MISP references
UUID 6c85e925-d42b-590c-a424-14ebb49812bb
which can be used as unique global reference for ESET MoustachedBouncer
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-01T00:00:00Z |
date_published | 2023-08-10T00:00:00Z |
source | MITRE |
title | MoustachedBouncer: Espionage against foreign diplomats in Belarus |
Progress Software MOVEit Transfer Critical Vulnerability
Progress Software. (2023, June 16). MOVEit Transfer Critical Vulnerability (May 2023) (CVE-2023-34362). Retrieved July 28, 2023.
Internal MISP references
UUID 9f364e22-b73c-4f3a-902c-a3f0eb01a2b9
which can be used as unique global reference for Progress Software MOVEit Transfer Critical Vulnerability
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-28T00:00:00Z |
date_published | 2023-06-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | MOVEit Transfer Critical Vulnerability (May 2023) (CVE-2023-34362) |
TechNet Moving Beyond EMET
Nunez, N. (2017, August 9). Moving Beyond EMET II – Windows Defender Exploit Guard. Retrieved March 12, 2018.
Internal MISP references
UUID da4fbddf-9398-43a9-888c-2c58e9fc9aaf
which can be used as unique global reference for TechNet Moving Beyond EMET
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-12T00:00:00Z |
date_published | 2017-08-09T00:00:00Z |
source | MITRE |
title | Moving Beyond EMET II – Windows Defender Exploit Guard |
ScriptingOSX zsh
Armin Briegel. (2019, June 5). Moving to zsh, part 2: Configuration Files. Retrieved February 25, 2021.
Internal MISP references
UUID 08b390aa-863b-420e-9b00-e168e3c756d8
which can be used as unique global reference for ScriptingOSX zsh
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-25T00:00:00Z |
date_published | 2019-06-05T00:00:00Z |
source | MITRE |
title | Moving to zsh, part 2: Configuration Files |
Volatility Detecting Hooks Sept 2012
Volatility Labs. (2012, September 24). MoVP 3.1 Detecting Malware Hooks in the Windows GUI Subsystem. Retrieved December 12, 2017.
Internal MISP references
UUID e208c277-e477-4123-8c3c-313d55cdc1ea
which can be used as unique global reference for Volatility Detecting Hooks Sept 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-12T00:00:00Z |
date_published | 2012-09-24T00:00:00Z |
source | MITRE |
title | MoVP 3.1 Detecting Malware Hooks in the Windows GUI Subsystem |
Mozilla Firefox Installer DLL Hijack
Kugler, R. (2012, November 20). Mozilla Foundation Security Advisory 2012-98. Retrieved March 10, 2017.
Internal MISP references
UUID 920d1607-154e-4c74-b1eb-0d8299be536f
which can be used as unique global reference for Mozilla Firefox Installer DLL Hijack
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-10T00:00:00Z |
date_published | 2012-11-20T00:00:00Z |
source | MITRE |
title | Mozilla Foundation Security Advisory 2012-98 |
mozilla_sec_adv_2012
Robert Kugler. (2012, November 20). Mozilla Foundation Security Advisory 2012-98. Retrieved March 10, 2017.
Internal MISP references
UUID cd720550-a0b5-4d1d-85dd-98da97f45b62
which can be used as unique global reference for mozilla_sec_adv_2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-10T00:00:00Z |
date_published | 2012-11-20T00:00:00Z |
source | MITRE |
title | Mozilla Foundation Security Advisory 2012-98 |
MpCmdRun.exe - LOLBAS Project
LOLBAS. (2020, March 20). MpCmdRun.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 2082d5ca-474f-4130-b275-c1ac5e30064c
which can be used as unique global reference for MpCmdRun.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-03-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | MpCmdRun.exe |
TechNet MS14-019
Nagaraju, S. (2014, April 8). MS14-019 – Fixing a binary hijacking via .cmd or .bat file. Retrieved July 25, 2016.
Internal MISP references
UUID 2474e2ee-bbcd-4b7c-8c52-22112d22135f
which can be used as unique global reference for TechNet MS14-019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-07-25T00:00:00Z |
date_published | 2014-04-08T00:00:00Z |
source | MITRE |
title | MS14-019 – Fixing a binary hijacking via .cmd or .bat file |
SRD GPP
Security Research and Defense. (2014, May 13). MS14-025: An Update for Group Policy Preferences. Retrieved January 28, 2015.
Internal MISP references
UUID a15fff18-5d3f-4898-9e47-ec6ae7dda749
which can be used as unique global reference for SRD GPP
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-01-28T00:00:00Z |
date_published | 2014-05-13T00:00:00Z |
source | MITRE |
title | MS14-025: An Update for Group Policy Preferences |
Microsoft MS14-025
Microsoft. (2014, May 13). MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege. Retrieved January 28, 2015.
Internal MISP references
UUID dbe32cbd-8c6e-483f-887c-ea2a5102cf65
which can be used as unique global reference for Microsoft MS14-025
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-01-28T00:00:00Z |
date_published | 2014-05-13T00:00:00Z |
source | MITRE |
title | MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege |
MS14-025
Microsoft. (2014, May 13). MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege. Retrieved February 17, 2020.
Internal MISP references
UUID 7537c0bb-6f14-4a4a-94cc-98c6ed9e878f
which can be used as unique global reference for MS14-025
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-17T00:00:00Z |
date_published | 2014-05-13T00:00:00Z |
source | MITRE |
title | MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege |
MSDN MSBuild
Microsoft. (n.d.). MSBuild1. Retrieved November 30, 2016.
Internal MISP references
UUID 9ad54187-84b0-47f9-af6e-c3753452e470
which can be used as unique global reference for MSDN MSBuild
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-11-30T00:00:00Z |
source | MITRE |
title | MSBuild1 |
LOLBAS Msbuild
LOLBAS. (n.d.). Msbuild.exe. Retrieved July 31, 2019.
Internal MISP references
UUID de8e0741-255b-4c41-ba50-248ac5acc325
which can be used as unique global reference for LOLBAS Msbuild
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-31T00:00:00Z |
source | MITRE |
title | Msbuild.exe |
Microsoft MSBuild Inline Tasks 2017
Microsoft. (2017, September 21). MSBuild inline tasks. Retrieved March 5, 2021.
Internal MISP references
UUID 2c638ca5-c7e2-4c4e-bb9c-e36d14899ca8
which can be used as unique global reference for Microsoft MSBuild Inline Tasks 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-05T00:00:00Z |
date_published | 2017-09-21T00:00:00Z |
source | MITRE |
title | MSBuild inline tasks |
Msconfig.exe - LOLBAS Project
LOLBAS. (2018, May 25). Msconfig.exe. Retrieved December 4, 2023.
Internal MISP references
UUID a073d2fc-d20d-4a52-944e-85ff89f04978
which can be used as unique global reference for Msconfig.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Msconfig.exe |
Msdeploy.exe - LOLBAS Project
LOLBAS. (2018, May 25). Msdeploy.exe. Retrieved December 4, 2023.
Internal MISP references
UUID e563af9a-5e49-4612-a52b-31f22f76193c
which can be used as unique global reference for Msdeploy.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Msdeploy.exe |
MSDN File Associations
Microsoft. (n.d.). Retrieved July 26, 2016.
Internal MISP references
UUID f62c8cc9-9c75-4b9a-a0b4-8fc55a94e207
which can be used as unique global reference for MSDN File Associations
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-07-26T00:00:00Z |
source | MITRE |
title | MSDN File Associations |
Microsoft DRSR Dec 2017
Microsoft. (2017, December 1). MS-DRSR Directory Replication Service (DRS) Remote Protocol. Retrieved December 4, 2017.
Internal MISP references
UUID 43b75a27-7875-4c24-b04d-54e1b60f3028
which can be used as unique global reference for Microsoft DRSR Dec 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-04T00:00:00Z |
date_published | 2017-12-01T00:00:00Z |
source | MITRE |
title | MS-DRSR Directory Replication Service (DRS) Remote Protocol |
Msdt.exe - LOLBAS Project
LOLBAS. (2018, May 25). Msdt.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 3eb1750c-a2f2-4d68-b060-ceb32f44f5fe
which can be used as unique global reference for Msdt.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Msdt.exe |
Msedge.exe - LOLBAS Project
LOLBAS. (2022, January 20). Msedge.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 6169c12e-9753-4e48-8213-aff95b0f6a95
which can be used as unique global reference for Msedge.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-01-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Msedge.exe |
msedge_proxy.exe - LOLBAS Project
LOLBAS. (2023, August 18). msedge_proxy.exe. Retrieved December 4, 2023.
Internal MISP references
UUID a6fd4727-e22f-4157-9a5f-1217cb876b32
which can be used as unique global reference for msedge_proxy.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2023-08-18T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | msedge_proxy.exe |
msedgewebview2.exe - LOLBAS Project
LOLBAS. (2023, June 15). msedgewebview2.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 8125ece7-10d1-4e79-8ea1-724fe46a3c97
which can be used as unique global reference for msedgewebview2.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2023-06-15T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | msedgewebview2.exe |
LOLBAS Mshta
LOLBAS. (n.d.). Mshta.exe. Retrieved July 31, 2019.
Internal MISP references
UUID 915a4aef-800e-4c68-ad39-df67c3dbaf75
which can be used as unique global reference for LOLBAS Mshta
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-31T00:00:00Z |
source | MITRE |
title | Mshta.exe |
Mshtml.dll - LOLBAS Project
LOLBAS. (2018, May 25). Mshtml.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 1a135e0b-5a79-4a4c-bc70-fd8f3f84e1f0
which can be used as unique global reference for Mshtml.dll - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Mshtml.dll |
Microsoft msiexec
Microsoft. (2017, October 15). msiexec. Retrieved January 24, 2020.
Internal MISP references
UUID 028a8dc6-08f6-4660-8b82-9d5483d15f72
which can be used as unique global reference for Microsoft msiexec
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-01-24T00:00:00Z |
date_published | 2017-10-15T00:00:00Z |
source | MITRE |
title | msiexec |
LOLBAS Msiexec
LOLBAS. (n.d.). Msiexec.exe. Retrieved April 18, 2019.
Internal MISP references
UUID 996cc7ea-0729-4c51-b9c3-b201ec32e984
which can be used as unique global reference for LOLBAS Msiexec
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-18T00:00:00Z |
source | MITRE |
title | Msiexec.exe |
CIS Emotet Dec 2018
CIS. (2018, December 12). MS-ISAC Security Primer- Emotet. Retrieved March 25, 2019.
Internal MISP references
UUID e88ba993-d5c0-440f-af52-1f70f1579215
which can be used as unique global reference for CIS Emotet Dec 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-25T00:00:00Z |
date_published | 2018-12-12T00:00:00Z |
source | MITRE |
title | MS-ISAC Security Primer- Emotet |
Microsoft NRPC Dec 2017
Microsoft. (2017, December 1). MS-NRPC - Netlogon Remote Protocol. Retrieved December 6, 2017.
Internal MISP references
UUID 05cf36a3-ff04-4437-9209-376e9f27c009
which can be used as unique global reference for Microsoft NRPC Dec 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-06T00:00:00Z |
date_published | 2017-12-01T00:00:00Z |
source | MITRE |
title | MS-NRPC - Netlogon Remote Protocol |
MsoHtmEd.exe - LOLBAS Project
LOLBAS. (2022, July 24). MsoHtmEd.exe. Retrieved December 4, 2023.
Internal MISP references
UUID c39fdefa-4c54-48a9-8357-ffe4dca2a2f4
which can be used as unique global reference for MsoHtmEd.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-07-24T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | MsoHtmEd.exe |
Mspub.exe - LOLBAS Project
LOLBAS. (2022, August 2). Mspub.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 41eff63a-fef0-4b4b-86f7-0908150fcfcf
which can be used as unique global reference for Mspub.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-08-02T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Mspub.exe |
Microsoft SAMR
Microsoft. (n.d.). MS-SAMR Security Account Manager (SAM) Remote Protocol (Client-to-Server) - Transport. Retrieved December 4, 2017.
Internal MISP references
UUID add907d8-06c1-481d-a27a-d077ecb32d0e
which can be used as unique global reference for Microsoft SAMR
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-04T00:00:00Z |
source | MITRE |
title | MS-SAMR Security Account Manager (SAM) Remote Protocol (Client-to-Server) - Transport |
GitHub IAD Secure Host Baseline UAC Filtering
NSA IAD. (2017, January 24). MS Security Guide. Retrieved December 18, 2017.
Internal MISP references
UUID 15ad7216-df50-467f-a00b-687336898537
which can be used as unique global reference for GitHub IAD Secure Host Baseline UAC Filtering
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-18T00:00:00Z |
date_published | 2017-01-24T00:00:00Z |
source | MITRE |
title | MS Security Guide |
msxsl.exe - LOLBAS Project
LOLBAS. (2018, May 25). msxsl.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 4e1ed0a8-60d0-45e2-9592-573b904811f8
which can be used as unique global reference for msxsl.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | msxsl.exe |
XSL Bypass Mar 2019
Singh, A. (2019, March 14). MSXSL.EXE and WMIC.EXE — A Way to Proxy Code Execution. Retrieved August 2, 2019.
Internal MISP references
UUID e4e2cf48-47e0-45d8-afc2-a35635f7e880
which can be used as unique global reference for XSL Bypass Mar 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-08-02T00:00:00Z |
date_published | 2019-03-14T00:00:00Z |
source | MITRE |
title | MSXSL.EXE and WMIC.EXE — A Way to Proxy Code Execution |
Mandiant M-Trends 2015
Mandiant. (2015, February 24). M-Trends 2015: A View from the Front Lines. Retrieved May 18, 2016.
Internal MISP references
UUID 067497eb-17d9-465f-a070-495575f420d7
which can be used as unique global reference for Mandiant M-Trends 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-05-18T00:00:00Z |
date_published | 2015-02-24T00:00:00Z |
source | MITRE |
title | M-Trends 2015: A View from the Front Lines |
MTrends 2016
Mandiant. (2016, February). M-Trends 2016. Retrieved January 4, 2017.
Internal MISP references
UUID a4747b74-7266-439b-bb8a-bae7102b0d07
which can be used as unique global reference for MTrends 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-01-04T00:00:00Z |
date_published | 2016-02-01T00:00:00Z |
source | MITRE |
title | M-Trends 2016 |
Mandiant M-Trends 2020
Mandiant. (2020, February). M-Trends 2020. Retrieved April 24, 2020.
Internal MISP references
UUID 83bc9b28-f8b3-4522-b9f1-f43bce3ae917
which can be used as unique global reference for Mandiant M-Trends 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-04-24T00:00:00Z |
date_published | 2020-02-01T00:00:00Z |
source | MITRE |
title | M-Trends 2020 |
Accenture MUDCARP March 2019
Accenture iDefense Unit. (2019, March 5). Mudcarp's Focus on Submarine Technologies. Retrieved August 24, 2021.
Internal MISP references
UUID 811d433d-27a4-4411-8ec9-b3a173ba0033
which can be used as unique global reference for Accenture MUDCARP March 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-24T00:00:00Z |
date_published | 2019-03-05T00:00:00Z |
source | MITRE |
title | Mudcarp's Focus on Submarine Technologies |
Unit 42 4 9 2024
Margaret Zimmermann. (2024, April 9). Muddled Libra's Evolution to the Cloud. Retrieved April 9, 2024.
Internal MISP references
UUID 85379fc0-18e5-4862-9629-d21fa686afa2
which can be used as unique global reference for Unit 42 4 9 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-09T00:00:00Z |
date_published | 2024-04-09T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Muddled Libra's Evolution to the Cloud |
Unit 42 MuddyWater Nov 2017
Lancaster, T.. (2017, November 14). Muddying the Water: Targeted Attacks in the Middle East. Retrieved March 15, 2018.
Internal MISP references
UUID dcdee265-2e46-4f40-95c7-6a2683edb23a
which can be used as unique global reference for Unit 42 MuddyWater Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-15T00:00:00Z |
date_published | 2017-11-14T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Muddying the Water: Targeted Attacks in the Middle East |
Securelist MuddyWater Oct 2018
Kaspersky Lab's Global Research & Analysis Team. (2018, October 10). MuddyWater expands operations. Retrieved November 2, 2018.
Internal MISP references
UUID d968546b-5b00-4a7b-9bff-57dfedd0125f
which can be used as unique global reference for Securelist MuddyWater Oct 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-02T00:00:00Z |
date_published | 2018-10-10T00:00:00Z |
source | MITRE |
title | MuddyWater expands operations |
ClearSky MuddyWater Nov 2018
ClearSky Cyber Security. (2018, November). MuddyWater Operations in Lebanon and Oman: Using an Israeli compromised domain for a two-stage campaign. Retrieved November 29, 2018.
Internal MISP references
UUID a5f60f45-5df5-407d-9f68-bc5f7c42ee85
which can be used as unique global reference for ClearSky MuddyWater Nov 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-29T00:00:00Z |
date_published | 2018-11-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | MuddyWater Operations in Lebanon and Oman: Using an Israeli compromised domain for a two-stage campaign |
TrendMicro POWERSTATS V3 June 2019
Lunghi, D. and Horejsi, J.. (2019, June 10). MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools. Retrieved May 14, 2020.
Internal MISP references
UUID bf9847e2-f2bb-4a96-af8f-56e1ffc45cf7
which can be used as unique global reference for TrendMicro POWERSTATS V3 June 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-14T00:00:00Z |
date_published | 2019-06-10T00:00:00Z |
source | MITRE |
title | MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools |
NIST MFA
NIST. (n.d.). Multi-Factor Authentication (MFA). Retrieved January 30, 2020.
Internal MISP references
UUID 2f069bb2-3f59-409e-a337-7c69411c8b01
which can be used as unique global reference for NIST MFA
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-01-30T00:00:00Z |
source | MITRE |
title | Multi-Factor Authentication (MFA) |
Talos Cobalt Group July 2018
Svajcer, V. (2018, July 31). Multiple Cobalt Personality Disorder. Retrieved September 5, 2018.
Internal MISP references
UUID 7cdfd0d1-f7e6-4625-91ff-f87f46f95864
which can be used as unique global reference for Talos Cobalt Group July 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-05T00:00:00Z |
date_published | 2018-07-31T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Multiple Cobalt Personality Disorder |
U.S. CISA Zoho Exploits September 7 2023
Cybersecurity and Infrastructure Security Agency. (2023, September 7). Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475. Retrieved September 7, 2023.
Internal MISP references
UUID 6bb581e8-ed0e-41fe-bf95-49b5d11b4e6b
which can be used as unique global reference for U.S. CISA Zoho Exploits September 7 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-07T00:00:00Z |
date_published | 2023-09-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 |
CIS Multiple SMB Vulnerabilities
CIS. (2017, May 15). Multiple Vulnerabilities in Microsoft Windows SMB Server Could Allow for Remote Code Execution. Retrieved April 3, 2018.
Internal MISP references
UUID 76d9da2c-1503-4105-b017-cb2b69298296
which can be used as unique global reference for CIS Multiple SMB Vulnerabilities
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-03T00:00:00Z |
date_published | 2017-05-15T00:00:00Z |
source | MITRE |
title | Multiple Vulnerabilities in Microsoft Windows SMB Server Could Allow for Remote Code Execution |
GitHub Mauraena
Orrù, M., Trotta, G.. (2019, September 11). Muraena. Retrieved October 14, 2019.
Internal MISP references
UUID 578ecf62-b546-4f52-9d50-92557edf2dd4
which can be used as unique global reference for GitHub Mauraena
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-14T00:00:00Z |
date_published | 2019-09-11T00:00:00Z |
source | MITRE |
title | Muraena |
Arbor Musical Chairs Feb 2018
Sabo, S. (2018, February 15). Musical Chairs Playing Tetris. Retrieved February 19, 2018.
Internal MISP references
UUID bddf44bb-7a0a-498b-9831-7b73cf9a582e
which can be used as unique global reference for Arbor Musical Chairs Feb 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-19T00:00:00Z |
date_published | 2018-02-15T00:00:00Z |
source | MITRE |
title | Musical Chairs Playing Tetris |
Mythc Documentation
Thomas, C. (n.d.). Mythc Documentation. Retrieved March 25, 2022.
Internal MISP references
UUID de3091b4-663e-4d9e-9dde-51250749863d
which can be used as unique global reference for Mythc Documentation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-25T00:00:00Z |
source | MITRE |
title | Mythc Documentation |
Mythic Github
Thomas, C. (2018, July 4). Mythic. Retrieved March 25, 2022.
Internal MISP references
UUID 20d0adf0-b832-4b03-995e-dfb56474ddcc
which can be used as unique global reference for Mythic Github
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-25T00:00:00Z |
date_published | 2018-07-04T00:00:00Z |
source | MITRE |
title | Mythic |
Crowdstrike Mythic Leopard Profile
Crowdstrike. (n.d.). Mythic Leopard. Retrieved October 6, 2021.
Internal MISP references
UUID efa5dc67-3364-4049-bb13-8b9e1b55f172
which can be used as unique global reference for Crowdstrike Mythic Leopard Profile
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-06T00:00:00Z |
source | MITRE |
title | Mythic Leopard |
CheckPoint Naikon May 2020
CheckPoint. (2020, May 7). Naikon APT: Cyber Espionage Reloaded. Retrieved May 26, 2020.
Internal MISP references
UUID f080acab-a6a0-42e1-98ff-45e415393648
which can be used as unique global reference for CheckPoint Naikon May 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-26T00:00:00Z |
date_published | 2020-05-07T00:00:00Z |
source | MITRE |
title | Naikon APT: Cyber Espionage Reloaded |
Bitdefender Naikon April 2021
Vrabie, V. (2021, April 23). NAIKON – Traces from a Military Cyber-Espionage Operation. Retrieved June 29, 2021.
Internal MISP references
UUID 55660913-4c03-4360-bb8b-1cad94bd8d0e
which can be used as unique global reference for Bitdefender Naikon April 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-29T00:00:00Z |
date_published | 2021-04-23T00:00:00Z |
source | MITRE |
title | NAIKON – Traces from a Military Cyber-Espionage Operation |
Microsoft Named Pipes
Microsoft. (2018, May 31). Named Pipes. Retrieved September 28, 2021.
Internal MISP references
UUID 09a3f7dd-5597-4a55-8408-a2f09f4efcd4
which can be used as unique global reference for Microsoft Named Pipes
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-28T00:00:00Z |
date_published | 2018-05-31T00:00:00Z |
source | MITRE |
title | Named Pipes |
fsecure NanHaiShu July 2016
F-Secure Labs. (2016, July). NANHAISHU RATing the South China Sea. Retrieved July 6, 2018.
Internal MISP references
UUID 41984650-a0ac-4445-80b6-7ceaf93bd135
which can be used as unique global reference for fsecure NanHaiShu July 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-06T00:00:00Z |
date_published | 2016-07-01T00:00:00Z |
source | MITRE |
title | NANHAISHU RATing the South China Sea |
DigiTrust NanoCore Jan 2017
The DigiTrust Group. (2017, January 01). NanoCore Is Not Your Average RAT. Retrieved November 9, 2018.
Internal MISP references
UUID 6abac972-bbd0-4cd2-b3a7-25e7825ac134
which can be used as unique global reference for DigiTrust NanoCore Jan 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-09T00:00:00Z |
date_published | 2017-01-01T00:00:00Z |
source | MITRE |
title | NanoCore Is Not Your Average RAT |
PaloAlto NanoCore Feb 2016
Kasza, A., Halfpop, T. (2016, February 09). NanoCoreRAT Behind an Increase in Tax-Themed Phishing E-mails. Retrieved November 9, 2018.
Internal MISP references
UUID caa0a421-04b0-4ebc-b365-97082d69d33d
which can be used as unique global reference for PaloAlto NanoCore Feb 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-09T00:00:00Z |
date_published | 2016-02-09T00:00:00Z |
source | MITRE |
title | NanoCoreRAT Behind an Increase in Tax-Themed Phishing E-mails |
Unit42 BabyShark Feb 2019
Unit 42. (2019, February 22). New BabyShark Malware Targets U.S. National Security Think Tanks. Retrieved October 7, 2019.
Internal MISP references
UUID 634404e3-e2c9-4872-a280-12d2be168cba
which can be used as unique global reference for Unit42 BabyShark Feb 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-07T00:00:00Z |
source | MITRE |
title | National Security Think Tanks |
National Vulnerability Database
National Vulnerability Database. (n.d.). National Vulnerability Database. Retrieved October 15, 2020.
Internal MISP references
UUID 9b42dcc6-a39c-4d74-adc3-135f9ceac5ba
which can be used as unique global reference for National Vulnerability Database
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-15T00:00:00Z |
source | MITRE |
title | National Vulnerability Database |
NationsBuying
Nicole Perlroth and David E. Sanger. (2013, July 12). Nations Buying as Hackers Sell Flaws in Computer Code. Retrieved March 9, 2017.
Internal MISP references
UUID a3e224e7-fe22-48d6-9ff5-35900f06c060
which can be used as unique global reference for NationsBuying
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-09T00:00:00Z |
date_published | 2013-07-12T00:00:00Z |
source | MITRE |
title | Nations Buying as Hackers Sell Flaws in Computer Code |
FireEye Maze May 2020
Kennelly, J., Goody, K., Shilko, J. (2020, May 7). Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents. Retrieved May 18, 2020.
Internal MISP references
UUID 02338a66-6820-4505-8239-a1f1fcc60d32
which can be used as unique global reference for FireEye Maze May 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-18T00:00:00Z |
date_published | 2020-05-07T00:00:00Z |
source | MITRE |
title | Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents |
Talos NavRAT May 2018
Mercer, W., Rascagneres, P. (2018, May 31). NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea. Retrieved June 11, 2018.
Internal MISP references
UUID f644ac27-a923-489b-944e-1ba89c609307
which can be used as unique global reference for Talos NavRAT May 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-06-11T00:00:00Z |
date_published | 2018-05-31T00:00:00Z |
source | MITRE |
title | NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea |
GitHub NBNSpoof
Nomex. (2014, February 7). NBNSpoof. Retrieved November 17, 2017.
Internal MISP references
UUID 4119091a-96f8-441c-b66f-ee0d9013d7ca
which can be used as unique global reference for GitHub NBNSpoof
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-17T00:00:00Z |
date_published | 2014-02-07T00:00:00Z |
source | MITRE |
title | NBNSpoof |
SecTools nbtscan June 2003
SecTools. (2003, June 11). NBTscan. Retrieved March 17, 2021.
Internal MISP references
UUID 505c9e8b-66e0-435c-835f-b4405ba91966
which can be used as unique global reference for SecTools nbtscan June 2003
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-17T00:00:00Z |
date_published | 2003-06-11T00:00:00Z |
source | MITRE |
title | NBTscan |
Debian nbtscan Nov 2019
Bezroutchko, A. (2019, November 19). NBTscan man page. Retrieved March 17, 2021.
Internal MISP references
UUID 8d718be1-9695-4e61-a922-5162d88477c0
which can be used as unique global reference for Debian nbtscan Nov 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-17T00:00:00Z |
date_published | 2019-11-19T00:00:00Z |
source | MITRE |
title | NBTscan man page |
TechNet Nbtstat
Microsoft. (n.d.). Nbtstat. Retrieved April 17, 2016.
Internal MISP references
UUID 1b1e6b08-fc2a-48f7-82bd-e3c1a7a0d97e
which can be used as unique global reference for TechNet Nbtstat
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-17T00:00:00Z |
source | MITRE |
title | Nbtstat |
NCSC Sandworm Feb 2020
NCSC. (2020, February 20). NCSC supports US advisory regarding GRU intrusion set Sandworm. Retrieved June 10, 2020.
Internal MISP references
UUID d876d037-9d24-44af-b8f0-5c1555632b91
which can be used as unique global reference for NCSC Sandworm Feb 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-10T00:00:00Z |
date_published | 2020-02-20T00:00:00Z |
source | MITRE |
title | NCSC supports US advisory regarding GRU intrusion set Sandworm |
7 - appv
Nick Landers. (2017, August 8). Need a signed alternative to Powershell.exe? SyncAppvPublishingServer in Win10 has got you covered.. Retrieved February 6, 2024.
Internal MISP references
UUID 264a4f99-b1dc-5afd-8178-e1f37c3db8ff
which can be used as unique global reference for 7 - appv
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-06T00:00:00Z |
date_published | 2017-08-08T00:00:00Z |
source | MITRE |
title | Need a signed alternative to Powershell.exe? SyncAppvPublishingServer in Win10 has got you covered. |
TechNet NetBIOS
Microsoft. (n.d.). NetBIOS Name Resolution. Retrieved November 17, 2017.
Internal MISP references
UUID f756ee2e-2e79-41df-bf9f-6492a9708663
which can be used as unique global reference for TechNet NetBIOS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-17T00:00:00Z |
source | MITRE |
title | NetBIOS Name Resolution |
Microsoft Net
Microsoft. (2017, February 14). Net Commands On Windows Operating Systems. Retrieved March 19, 2020.
Internal MISP references
UUID a04320b9-0c6a-49f9-8b84-50587278cdfb
which can be used as unique global reference for Microsoft Net
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-19T00:00:00Z |
date_published | 2017-02-14T00:00:00Z |
source | MITRE |
title | Net Commands On Windows Operating Systems |
Savill 1999
Savill, J. (1999, March 4). Net.exe reference. Retrieved September 22, 2015.
Internal MISP references
UUID e814d4a5-b846-4d68-ac00-7021238d287a
which can be used as unique global reference for Savill 1999
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-09-22T00:00:00Z |
date_published | 1999-03-04T00:00:00Z |
source | MITRE |
title | Net.exe reference |
Microsoft Net Utility
Microsoft. (2006, October 18). Net.exe Utility. Retrieved September 22, 2015.
Internal MISP references
UUID 75998d1c-69c0-40d2-a64b-43ad8efa05da
which can be used as unique global reference for Microsoft Net Utility
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-09-22T00:00:00Z |
date_published | 2006-10-18T00:00:00Z |
source | MITRE |
title | Net.exe Utility |
TechNet Netsh Firewall
Microsoft. (2009, June 3). Netsh Commands for Windows Firewall. Retrieved April 20, 2016.
Internal MISP references
UUID 00fb3fa3-6f72-47ad-a950-f258a70485f2
which can be used as unique global reference for TechNet Netsh Firewall
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-20T00:00:00Z |
date_published | 2009-06-03T00:00:00Z |
source | MITRE |
title | Netsh Commands for Windows Firewall |
Netsh.exe - LOLBAS Project
LOLBAS. (2019, December 24). Netsh.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 6d76b28f-ab57-46bd-871d-1488212d3a8f
which can be used as unique global reference for Netsh.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2019-12-24T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Netsh.exe |
Github Netsh Helper CS Beacon
Smeets, M. (2016, September 26). NetshHelperBeacon. Retrieved February 13, 2017.
Internal MISP references
UUID c3169722-9c32-4a38-a7fe-8d4b6e51ca36
which can be used as unique global reference for Github Netsh Helper CS Beacon
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-02-13T00:00:00Z |
date_published | 2016-09-26T00:00:00Z |
source | MITRE |
title | NetshHelperBeacon |
TechNet Netstat
Microsoft. (n.d.). Netstat. Retrieved April 17, 2016.
Internal MISP references
UUID 84ac26d8-9c7c-4c8c-bf64-a9fb4578388c
which can be used as unique global reference for TechNet Netstat
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-17T00:00:00Z |
source | MITRE |
title | Netstat |
The DFIR Report NetSupport October 30 2023
The DFIR Report. (2023, October 30). NetSupport Intrusion Results in Domain Compromise. Retrieved May 22, 2024.
Internal MISP references
UUID 0436db31-42f0-47c1-b9a9-c6bb7c60a1ec
which can be used as unique global reference for The DFIR Report NetSupport October 30 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-05-22T00:00:00Z |
date_published | 2023-10-30T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | NetSupport Intrusion Results in Domain Compromise |
TechNet Net Time
Microsoft. (n.d.). Net time. Retrieved November 25, 2016.
Internal MISP references
UUID 83094489-791f-4925-879f-e79f67e4bf1f
which can be used as unique global reference for TechNet Net Time
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-11-25T00:00:00Z |
source | MITRE |
title | Net time |
Technet Net Use
Microsoft. (n.d.). Net Use. Retrieved November 25, 2016.
Internal MISP references
UUID f761d4b6-8fc5-4037-aa34-7982c17f8bed
which can be used as unique global reference for Technet Net Use
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-11-25T00:00:00Z |
source | MITRE |
title | Net Use |
TrendMicro Netwalker May 2020
Victor, K.. (2020, May 18). Netwalker Fileless Ransomware Injected via Reflective Loading . Retrieved May 26, 2020.
Internal MISP references
UUID ceda9ef6-e609-4a34-9db1-d2a3ebffb679
which can be used as unique global reference for TrendMicro Netwalker May 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-26T00:00:00Z |
date_published | 2020-05-18T00:00:00Z |
source | MITRE |
title | Netwalker Fileless Ransomware Injected via Reflective Loading |
Sophos Netwalker May 2020
Szappanos, G., Brandt, A.. (2020, May 27). Netwalker ransomware tools give insight into threat actor. Retrieved May 27, 2020.
Internal MISP references
UUID 721db562-6046-4f47-95a1-36a16f26f3d1
which can be used as unique global reference for Sophos Netwalker May 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-27T00:00:00Z |
date_published | 2020-05-27T00:00:00Z |
source | MITRE |
title | Netwalker ransomware tools give insight into threat actor |
McAfee Netwire Mar 2015
McAfee. (2015, March 2). Netwire RAT Behind Recent Targeted Attacks. Retrieved February 15, 2018.
Internal MISP references
UUID b02fbf00-f571-4507-941d-ac1d4a8310b0
which can be used as unique global reference for McAfee Netwire Mar 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-15T00:00:00Z |
date_published | 2015-03-02T00:00:00Z |
source | MITRE |
title | Netwire RAT Behind Recent Targeted Attacks |
Windows Anonymous Enumeration of SAM Accounts
Microsoft. (2017, April 19). Network access: Do not allow anonymous enumeration of SAM accounts and shares. Retrieved May 20, 2020.
Internal MISP references
UUID 25e0244a-b829-4df9-a435-b6f9f1a2f0bc
which can be used as unique global reference for Windows Anonymous Enumeration of SAM Accounts
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-20T00:00:00Z |
date_published | 2017-04-19T00:00:00Z |
source | MITRE |
title | Network access: Do not allow anonymous enumeration of SAM accounts and shares |
Microsoft Network access Credential Manager
Microsoft. (2016, August 31). Network access: Do not allow storage of passwords and credentials for network authentication. Retrieved November 23, 2020.
Internal MISP references
UUID e0d8c585-e898-43ba-8d46-201dbe52db56
which can be used as unique global reference for Microsoft Network access Credential Manager
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-23T00:00:00Z |
date_published | 2016-08-31T00:00:00Z |
source | MITRE |
title | Network access: Do not allow storage of passwords and credentials for network authentication |
Microsoft NFS Overview
Microsoft. (2018, July 9). Network File System overview. Retrieved September 28, 2021.
Internal MISP references
UUID 1e49b346-d822-4f82-92db-2989313d07e9
which can be used as unique global reference for Microsoft NFS Overview
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-28T00:00:00Z |
date_published | 2018-07-09T00:00:00Z |
source | MITRE |
title | Network File System overview |
Network Provider API
Microsoft. (2021, January 7). Network Provider API. Retrieved March 30, 2023.
Internal MISP references
UUID b218434e-4233-5963-824e-50ee32d468ed
which can be used as unique global reference for Network Provider API
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-30T00:00:00Z |
date_published | 2021-01-07T00:00:00Z |
source | MITRE |
title | Network Provider API |
Malware Bytes New AgentTesla variant steals WiFi credentials
Hossein Jazi. (2020, April 16). New AgentTesla variant steals WiFi credentials. Retrieved September 8, 2023.
Internal MISP references
UUID b61b7db6-ed0d-546d-b1e0-c2630530975b
which can be used as unique global reference for Malware Bytes New AgentTesla variant steals WiFi credentials
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-08T00:00:00Z |
date_published | 2020-04-16T00:00:00Z |
source | MITRE |
title | New AgentTesla variant steals WiFi credentials |
Malwarebytes Agent Tesla April 2020
Jazi, H. (2020, April 16). New AgentTesla variant steals WiFi credentials. Retrieved May 19, 2020.
Internal MISP references
UUID 87f4fe4c-54cd-40a7-938b-6e6f6d2efbea
which can be used as unique global reference for Malwarebytes Agent Tesla April 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-19T00:00:00Z |
date_published | 2020-04-16T00:00:00Z |
source | MITRE |
title | New AgentTesla variant steals WiFi credentials |
TrendMicro New Andariel Tactics July 2018
Chen, Joseph. (2018, July 16). New Andariel Reconnaissance Tactics Uncovered. Retrieved September 29, 2021.
Internal MISP references
UUID b667eb44-8c2f-4319-bc93-f03610214b8b
which can be used as unique global reference for TrendMicro New Andariel Tactics July 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
date_published | 2018-07-16T00:00:00Z |
source | MITRE |
title | New Andariel Reconnaissance Tactics Uncovered |
Unit 42 C0d0so0 Jan 2016
Grunzweig, J., Lee, B. (2016, January 22). New Attacks Linked to C0d0so0 Group. Retrieved August 2, 2018.
Internal MISP references
UUID c740fc1c-093e-4389-890e-1fd88a824df4
which can be used as unique global reference for Unit 42 C0d0so0 Jan 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-02T00:00:00Z |
date_published | 2016-01-22T00:00:00Z |
source | MITRE |
title | New Attacks Linked to C0d0so0 Group |
Trend Micro Banking Malware Jan 2019
Salvio, J.. (2014, June 27). New Banking Malware Uses Network Sniffing for Data Theft. Retrieved March 25, 2019.
Internal MISP references
UUID 4fee21e3-1b8f-4e10-b077-b59e2df94633
which can be used as unique global reference for Trend Micro Banking Malware Jan 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-25T00:00:00Z |
date_published | 2014-06-27T00:00:00Z |
source | MITRE |
title | New Banking Malware Uses Network Sniffing for Data Theft |
IBM IcedID November 2017
Kessem, L., et al. (2017, November 13). New Banking Trojan IcedID Discovered by IBM X-Force Research. Retrieved July 14, 2020.
Internal MISP references
UUID fdc56361-24f4-4fa5-949e-02e61c4d3be8
which can be used as unique global reference for IBM IcedID November 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-14T00:00:00Z |
date_published | 2017-11-13T00:00:00Z |
source | MITRE |
title | New Banking Trojan IcedID Discovered by IBM X-Force Research |
Minerva Labs Black Basta May 2022
Zargarov, N. (2022, May 2). New Black Basta Ransomware Hijacks Windows Fax Service. Retrieved March 7, 2023.
Internal MISP references
UUID 6358f7ed-41d6-56be-83bb-179e0a8b7873
which can be used as unique global reference for Minerva Labs Black Basta May 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-07T00:00:00Z |
date_published | 2022-05-02T00:00:00Z |
source | MITRE |
title | New Black Basta Ransomware Hijacks Windows Fax Service |
Google TAG Lazarus Jan 2021
Weidemann, A. (2021, January 25). New campaign targeting security researchers. Retrieved December 20, 2021.
Internal MISP references
UUID fb4b3427-353d-44c7-8dcd-d257324a83b2
which can be used as unique global reference for Google TAG Lazarus Jan 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-20T00:00:00Z |
date_published | 2021-01-25T00:00:00Z |
source | MITRE |
title | New campaign targeting security researchers |
Airbus Derusbi 2015
Perigaud, F. (2015, December 15). Newcomers in the Derusbi family. Retrieved December 20, 2017.
Internal MISP references
UUID 9b419a40-c20b-40dd-8627-9c1c786bf165
which can be used as unique global reference for Airbus Derusbi 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 2015-12-15T00:00:00Z |
source | MITRE |
title | Newcomers in the Derusbi family |
Malwarebytes Crossrider Apr 2018
Reed, Thomas. (2018, April 24). New Crossrider variant installs configuration profiles on Macs. Retrieved September 6, 2019.
Internal MISP references
UUID 80530288-26a3-4c3e-ace1-47510df10fbd
which can be used as unique global reference for Malwarebytes Crossrider Apr 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-06T00:00:00Z |
date_published | 2018-04-24T00:00:00Z |
source | MITRE |
title | New Crossrider variant installs configuration profiles on Macs |
CyberBit Early Bird Apr 2018
Gavriel, H. & Erbesfeld, B. (2018, April 11). New ‘Early Bird’ Code Injection Technique Discovered. Retrieved May 24, 2018.
Internal MISP references
UUID 8ae4ec67-518e-46dd-872c-7e2a9ca4ef13
which can be used as unique global reference for CyberBit Early Bird Apr 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-24T00:00:00Z |
date_published | 2018-04-11T00:00:00Z |
source | MITRE |
title | New ‘Early Bird’ Code Injection Technique Discovered |
Zscaler Molerats Campaign
Sahil Antil, Sudeep Singh. (2022, January 20). New espionage attack by Molerats APT targeting users in the Middle East. Retrieved October 10, 2023.
Internal MISP references
UUID 3b39e73e-229f-4ff4-bec3-d83e6364a66e
which can be used as unique global reference for Zscaler Molerats Campaign
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-10T00:00:00Z |
date_published | 2022-01-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | New espionage attack by Molerats APT targeting users in the Middle East |
CrowdStrike Wizard Spider March 2019
Feeley, B. and Stone-Gross, B. (2019, March 20). New Evidence Proves Ongoing WIZARD SPIDER / LUNAR SPIDER Collaboration. Retrieved June 15, 2020.
Internal MISP references
UUID d7001d6f-97a1-4155-8f74-3d878d4cbb27
which can be used as unique global reference for CrowdStrike Wizard Spider March 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-15T00:00:00Z |
date_published | 2019-03-20T00:00:00Z |
source | MITRE |
title | New Evidence Proves Ongoing WIZARD SPIDER / LUNAR SPIDER Collaboration |
Bleeping Computer Evil Corp mimics PayloadBin gang 2022
Abrams, L. (2021, June 6). New Evil Corp ransomware mimics PayloadBin gang to evade US sanctions. Retrieved July 19, 2022.
Internal MISP references
UUID 5695d3a2-6b6c-433a-9254-d4a2e001a8be
which can be used as unique global reference for Bleeping Computer Evil Corp mimics PayloadBin gang 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-19T00:00:00Z |
source | Tidal Cyber |
title | New Evil Corp ransomware mimics PayloadBin gang to evade US sanctions |
Microsoft Block Office Macros
Windows Defender Research. (2016, March 22). New feature in Office 2016 can block macros and help prevent infection. Retrieved April 11, 2018.
Internal MISP references
UUID 4d0f4d0a-b812-42f8-a52c-a1f5c69e6337
which can be used as unique global reference for Microsoft Block Office Macros
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-11T00:00:00Z |
date_published | 2016-03-22T00:00:00Z |
source | MITRE |
title | New feature in Office 2016 can block macros and help prevent infection |
TechNet Office Macro Security
Microsoft Malware Protection Center. (2016, March 22). New feature in Office 2016 can block macros and help prevent infection. Retrieved July 3, 2017.
Internal MISP references
UUID f14f08c5-de51-4827-ba3a-f0598dfbe505
which can be used as unique global reference for TechNet Office Macro Security
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-03T00:00:00Z |
date_published | 2016-03-22T00:00:00Z |
source | MITRE |
title | New feature in Office 2016 can block macros and help prevent infection |
SolarWinds Sunburst Sunspot Update January 2021
Sudhakar Ramakrishna . (2021, January 11). New Findings From Our Investigation of SUNBURST. Retrieved January 13, 2021.
Internal MISP references
UUID 1be1b6e0-1b42-4d07-856b-b6321c17bb88
which can be used as unique global reference for SolarWinds Sunburst Sunspot Update January 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-13T00:00:00Z |
date_published | 2021-01-11T00:00:00Z |
source | MITRE |
title | New Findings From Our Investigation of SUNBURST |
BleepingComp Godlua JUL19
Gatlan, S. (2019, July 3). New Godlua Malware Evades Traffic Monitoring via DNS over HTTPS. Retrieved March 15, 2020.
Internal MISP references
UUID fd862d10-79bc-489d-a552-118014d01648
which can be used as unique global reference for BleepingComp Godlua JUL19
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-15T00:00:00Z |
date_published | 2019-07-03T00:00:00Z |
source | MITRE |
title | New Godlua Malware Evades Traffic Monitoring via DNS over HTTPS |
HTML Smuggling Menlo Security 2020
Subramanian, K. (2020, August 18). New HTML Smuggling Attack Alert: Duri. Retrieved May 20, 2021.
Internal MISP references
UUID a9fc3502-66c2-4504-9886-458f8a803b5d
which can be used as unique global reference for HTML Smuggling Menlo Security 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-20T00:00:00Z |
date_published | 2020-08-18T00:00:00Z |
source | MITRE |
title | New HTML Smuggling Attack Alert: Duri |
Microsoft New-InboxRule
Microsoft. (n.d.). New-InboxRule. Retrieved June 7, 2021.
Internal MISP references
UUID 54fcfc36-e0d5-422f-8a45-eeb7fa077a93
which can be used as unique global reference for Microsoft New-InboxRule
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-07T00:00:00Z |
source | MITRE |
title | New-InboxRule |
AWS - IAM Console Best Practices
Moncur, Rob. (2020, July 5). New Information in the AWS IAM Console Helps You Follow IAM Best Practices. Retrieved August 4, 2020.
Internal MISP references
UUID dadae802-91a7-46d4-aacd-48f49f22854e
which can be used as unique global reference for AWS - IAM Console Best Practices
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-04T00:00:00Z |
date_published | 2020-07-05T00:00:00Z |
source | MITRE |
title | New Information in the AWS IAM Console Helps You Follow IAM Best Practices |
Trend Micro Ransomware February 2021
Centero, R. et al. (2021, February 5). New in Ransomware: Seth-Locker, Babuk Locker, Maoloa, TeslaCrypt, and CobraLocker. Retrieved August 11, 2021.
Internal MISP references
UUID 64a86a3f-0160-4766-9ac1-7d287eb2c323
which can be used as unique global reference for Trend Micro Ransomware February 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-11T00:00:00Z |
date_published | 2021-02-05T00:00:00Z |
source | MITRE |
title | New in Ransomware: Seth-Locker, Babuk Locker, Maoloa, TeslaCrypt, and CobraLocker |
Avast CCleaner3 2018
Avast Threat Intelligence Team. (2018, March 8). New investigations into the CCleaner incident point to a possible third stage that had keylogger capacities. Retrieved March 15, 2018.
Internal MISP references
UUID 1641553f-96e7-4829-8c77-d96388dac5c7
which can be used as unique global reference for Avast CCleaner3 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-15T00:00:00Z |
date_published | 2018-03-08T00:00:00Z |
source | MITRE |
title | New investigations into the CCleaner incident point to a possible third stage that had keylogger capacities |
amnesia malware
Claud Xiao, Cong Zheng, Yanhui Jia. (2017, April 6). New IoT/Linux Malware Targets DVRs, Forms Botnet. Retrieved February 19, 2018.
Internal MISP references
UUID 489a6c57-f64c-423b-a7bd-169fa36c4cdf
which can be used as unique global reference for amnesia malware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-19T00:00:00Z |
date_published | 2017-04-06T00:00:00Z |
source | MITRE |
title | New IoT/Linux Malware Targets DVRs, Forms Botnet |
Tsunami
Claud Xiao and Cong Zheng. (2017, April 6). New IoT/Linux Malware Targets DVRs, Forms Botnet. Retrieved December 17, 2020.
Internal MISP references
UUID 95b5b03e-f160-47cf-920c-8f4f3d4114a3
which can be used as unique global reference for Tsunami
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-17T00:00:00Z |
date_published | 2017-04-06T00:00:00Z |
source | MITRE |
title | New IoT/Linux Malware Targets DVRs, Forms Botnet |
ClearSky Siamesekitten August 2021
ClearSky Cyber Security . (2021, August). New Iranian Espionage Campaign By “Siamesekitten” - Lyceum. Retrieved June 6, 2022.
Internal MISP references
UUID 9485efce-8d54-4461-b64e-0d15e31fbf8c
which can be used as unique global reference for ClearSky Siamesekitten August 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-06T00:00:00Z |
date_published | 2021-08-01T00:00:00Z |
source | MITRE |
title | New Iranian Espionage Campaign By “Siamesekitten” - Lyceum |
Unit 42 NOKKI Sept 2018
Grunzweig, J., Lee, B. (2018, September 27). New KONNI Malware attacking Eurasia and Southeast Asia. Retrieved November 5, 2018.
Internal MISP references
UUID f3d3b9bc-4c59-4a1f-b602-e3e884661708
which can be used as unique global reference for Unit 42 NOKKI Sept 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-05T00:00:00Z |
date_published | 2018-09-27T00:00:00Z |
source | MITRE |
title | New KONNI Malware attacking Eurasia and Southeast Asia |
Arghire LazyScripter
Ionut Arghire. (2021, February 24). New ‘LazyScripter’ Hacking Group Targets Airlines. Retrieved January 10, 2024.
Internal MISP references
UUID bafb2088-d3c1-5550-a48e-cf1e84662fcc
which can be used as unique global reference for Arghire LazyScripter
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-10T00:00:00Z |
date_published | 2021-02-24T00:00:00Z |
source | MITRE |
title | New ‘LazyScripter’ Hacking Group Targets Airlines |
Trend Micro Cheerscrypt May 2022
Dela Cruz, A. et al. (2022, May 25). New Linux-Based Ransomware Cheerscrypt Targeting ESXi Devices Linked to Leaked Babuk Source Code. Retrieved December 19, 2023.
Internal MISP references
UUID ca7ccf2c-37f3-522a-acfb-09daa16e23d8
which can be used as unique global reference for Trend Micro Cheerscrypt May 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-19T00:00:00Z |
date_published | 2022-05-25T00:00:00Z |
source | MITRE |
title | New Linux-Based Ransomware Cheerscrypt Targeting ESXi Devices Linked to Leaked Babuk Source Code |
Malwarebytes Higaisa 2020
Malwarebytes Threat Intelligence Team. (2020, June 4). New LNK attack tied to Higaisa APT discovered. Retrieved March 2, 2021.
Internal MISP references
UUID 6054e0ab-cf61-49ba-b7f5-58b304477451
which can be used as unique global reference for Malwarebytes Higaisa 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-02T00:00:00Z |
date_published | 2020-06-04T00:00:00Z |
source | MITRE |
title | New LNK attack tied to Higaisa APT discovered |
New loader on the bloc - AresLoader | Intel471
Intel471. (2023, March 22). New loader on the bloc - AresLoader. Retrieved May 7, 2023.
Internal MISP references
UUID 1bdd0957-1f5b-4323-bf49-f5c41b8c397a
which can be used as unique global reference for New loader on the bloc - AresLoader | Intel471
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2023-03-22T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | New loader on the bloc - AresLoader |
Gallagher 2015
Gallagher, S.. (2015, August 5). Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes”. Retrieved January 25, 2016.
Internal MISP references
UUID b1540c5c-0bbc-4b9d-9185-fae224ba31be
which can be used as unique global reference for Gallagher 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-25T00:00:00Z |
date_published | 2015-08-05T00:00:00Z |
source | MITRE |
title | Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes” |
FireEye Ursnif Nov 2017
Vaish, A. & Nemes, S. (2017, November 28). Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection. Retrieved June 5, 2019.
Internal MISP references
UUID 32c0b9d2-9f31-4e49-8b3a-c63ff4fffa47
which can be used as unique global reference for FireEye Ursnif Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-05T00:00:00Z |
date_published | 2017-11-28T00:00:00Z |
source | MITRE |
title | Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection |
FireEye TLS Nov 2017
Vaish, A. & Nemes, S. (2017, November 28). Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection. Retrieved December 18, 2017.
Internal MISP references
UUID 9737055a-f583-448e-84d0-1d336c4da9a8
which can be used as unique global reference for FireEye TLS Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-18T00:00:00Z |
date_published | 2017-11-28T00:00:00Z |
source | MITRE |
title | Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection |
Antiquated Mac Malware
Thomas Reed. (2017, January 18). New Mac backdoor using antiquated code. Retrieved July 5, 2017.
Internal MISP references
UUID 165edb01-2681-45a3-b76b-4eb7dee5dab9
which can be used as unique global reference for Antiquated Mac Malware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-05T00:00:00Z |
date_published | 2017-01-18T00:00:00Z |
source | MITRE |
title | New Mac backdoor using antiquated code |
Trend Micro MacOS Backdoor November 2020
Magisa, L. (2020, November 27). New MacOS Backdoor Connected to OceanLotus Surfaces. Retrieved December 2, 2020.
Internal MISP references
UUID 43726cb8-a169-4594-9323-fad65b9bae97
which can be used as unique global reference for Trend Micro MacOS Backdoor November 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-02T00:00:00Z |
date_published | 2020-11-27T00:00:00Z |
source | MITRE |
title | New MacOS Backdoor Connected to OceanLotus Surfaces |
TrendMicro MacOS April 2018
Horejsi, J. (2018, April 04). New MacOS Backdoor Linked to OceanLotus Found. Retrieved November 13, 2018.
Internal MISP references
UUID e18ad1a7-1e7e-4aca-be9b-9ee12b41c147
which can be used as unique global reference for TrendMicro MacOS April 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-13T00:00:00Z |
date_published | 2018-04-04T00:00:00Z |
source | MITRE |
title | New MacOS Backdoor Linked to OceanLotus Found |
TrendMicro macOS Dacls May 2020
Mabutas, G. (2020, May 11). New MacOS Dacls RAT Backdoor Shows Lazarus’ Multi-Platform Attack Capability. Retrieved August 10, 2020.
Internal MISP references
UUID 0ef8691d-48ae-4057-82ef-eb086c05e2b9
which can be used as unique global reference for TrendMicro macOS Dacls May 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-10T00:00:00Z |
date_published | 2020-05-11T00:00:00Z |
source | MITRE |
title | New MacOS Dacls RAT Backdoor Shows Lazarus’ Multi-Platform Attack Capability |
OSX Malware Exploits MacKeeper
Sergei Shevchenko. (2015, June 4). New Mac OS Malware Exploits Mackeeper. Retrieved July 3, 2017.
Internal MISP references
UUID 8c4bcbc7-ff52-4f7b-a22e-98bf9cfb1040
which can be used as unique global reference for OSX Malware Exploits MacKeeper
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-03T00:00:00Z |
date_published | 2015-06-04T00:00:00Z |
source | MITRE |
title | New Mac OS Malware Exploits Mackeeper |
Carbon Black Shlayer Feb 2019
Carbon Black Threat Analysis Unit. (2019, February 12). New macOS Malware Variant of Shlayer (OSX) Discovered. Retrieved August 8, 2019.
Internal MISP references
UUID d8212691-4a6e-49bf-bc33-740850a1189a
which can be used as unique global reference for Carbon Black Shlayer Feb 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-08-08T00:00:00Z |
date_published | 2019-02-12T00:00:00Z |
source | MITRE |
title | New macOS Malware Variant of Shlayer (OSX) Discovered |
Palo Alto Rover
Ray, V., Hayashi, K. (2016, February 29). New Malware ‘Rover’ Targets Indian Ambassador to Afghanistan. Retrieved February 29, 2016.
Internal MISP references
UUID bbdf3f49-9875-4d41-986d-b693e82c77e1
which can be used as unique global reference for Palo Alto Rover
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-02-29T00:00:00Z |
date_published | 2016-02-29T00:00:00Z |
source | MITRE |
title | New Malware ‘Rover’ Targets Indian Ambassador to Afghanistan |
Palo Alto Reaver Nov 2017
Grunzweig, J. and Miller-Osborn, J. (2017, November 10). New Malware with Ties to SunOrcal Discovered. Retrieved November 16, 2017.
Internal MISP references
UUID 69fbe527-2ec4-457b-81b1-2eda65eb8442
which can be used as unique global reference for Palo Alto Reaver Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-16T00:00:00Z |
date_published | 2017-11-10T00:00:00Z |
source | MITRE |
title | New Malware with Ties to SunOrcal Discovered |
Trend Micro Xbash Sept 2018
Trend Micro. (2018, September 19). New Multi-Platform Xbash Packs Obfuscation, Ransomware, Coinminer, Worm and Botnet. Retrieved June 4, 2019.
Internal MISP references
UUID a4b37a24-b2a0-4fcb-9ec3-0d6b67e4e13b
which can be used as unique global reference for Trend Micro Xbash Sept 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-04T00:00:00Z |
date_published | 2018-09-19T00:00:00Z |
source | MITRE |
title | New Multi-Platform Xbash Packs Obfuscation, Ransomware, Coinminer, Worm and Botnet |
NKAbuse BC
Bill Toulas. (2023, December 14). New NKAbuse malware abuses NKN blockchain for stealthy comms. Retrieved February 8, 2024.
Internal MISP references
UUID 7c0fea50-a125-57eb-9a86-dd0d6693abce
which can be used as unique global reference for NKAbuse BC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-08T00:00:00Z |
date_published | 2023-12-14T00:00:00Z |
source | MITRE |
title | New NKAbuse malware abuses NKN blockchain for stealthy comms |
MSRC Nobelium June 2021
MSRC. (2021, June 25). New Nobelium activity. Retrieved August 4, 2021.
Internal MISP references
UUID 1588799f-a5d2-46bc-978d-f10ed7ceb15c
which can be used as unique global reference for MSRC Nobelium June 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-04T00:00:00Z |
date_published | 2021-06-25T00:00:00Z |
source | MITRE |
title | New Nobelium activity |
Symantec Orangeworm April 2018
Symantec Security Response Attack Investigation Team. (2018, April 23). New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia. Retrieved May 8, 2018.
Internal MISP references
UUID eee5efa1-bbc6-44eb-8fae-23002f351605
which can be used as unique global reference for Symantec Orangeworm April 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-08T00:00:00Z |
date_published | 2018-04-23T00:00:00Z |
source | MITRE, Tidal Cyber |
title | New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia |
OSX.Dok Malware
Thomas Reed. (2017, July 7). New OSX.Dok malware intercepts web traffic. Retrieved July 10, 2017.
Internal MISP references
UUID 71d65081-dada-4a69-94c5-f1d8e4e151c1
which can be used as unique global reference for OSX.Dok Malware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-10T00:00:00Z |
date_published | 2017-07-07T00:00:00Z |
source | MITRE |
title | New OSX.Dok malware intercepts web traffic |
OSX Keydnap malware
Marc-Etienne M.Leveille. (2016, July 6). New OSX/Keydnap malware is hungry for credentials. Retrieved July 3, 2017.
Internal MISP references
UUID d43e0dd1-0946-4f49-bcc7-3ef38445eac3
which can be used as unique global reference for OSX Keydnap malware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-03T00:00:00Z |
date_published | 2016-07-06T00:00:00Z |
source | MITRE |
title | New OSX/Keydnap malware is hungry for credentials |
Intego Shlayer Apr 2018
Vrijenhoek, Jay. (2018, April 24). New OSX/Shlayer Malware Variant Found Using a Dirty New Trick. Retrieved September 6, 2019.
Internal MISP references
UUID 3ca1254c-db51-4a5d-8242-ffd9e4481c22
which can be used as unique global reference for Intego Shlayer Apr 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-06T00:00:00Z |
date_published | 2018-04-24T00:00:00Z |
source | MITRE |
title | New OSX/Shlayer Malware Variant Found Using a Dirty New Trick |
Cybereason Linux Exim Worm
Cybereason Nocturnus. (2019, June 13). New Pervasive Worm Exploiting Linux Exim Server Vulnerability. Retrieved June 24, 2020.
Internal MISP references
UUID 9523d8ae-d749-4c25-8c7b-df2d8c25c3c8
which can be used as unique global reference for Cybereason Linux Exim Worm
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-24T00:00:00Z |
date_published | 2019-06-13T00:00:00Z |
source | MITRE |
title | New Pervasive Worm Exploiting Linux Exim Server Vulnerability |
Netskope Device Code Phishing 2021
Jenko Hwong. (2021, August 10). New Phishing Attacks Exploiting OAuth Authorization Flows (Part 1). Retrieved March 19, 2024.
Internal MISP references
UUID 175ea9c6-aa18-581b-9af5-d4d44f0909e9
which can be used as unique global reference for Netskope Device Code Phishing 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-19T00:00:00Z |
date_published | 2021-08-10T00:00:00Z |
source | MITRE |
title | New Phishing Attacks Exploiting OAuth Authorization Flows (Part 1) |
Microsoft Prestige ransomware October 2022
MSTIC. (2022, October 14). New “Prestige” ransomware impacts organizations in Ukraine and Poland. Retrieved January 19, 2023.
Internal MISP references
UUID b57e1181-461b-5ada-a739-873ede1ec079
which can be used as unique global reference for Microsoft Prestige ransomware October 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-01-19T00:00:00Z |
date_published | 2022-10-14T00:00:00Z |
source | MITRE |
title | New “Prestige” ransomware impacts organizations in Ukraine and Poland |
Unit 42 MechaFlounder March 2019
Falcone, R. (2019, March 4). New Python-Based Payload MechaFlounder Used by Chafer. Retrieved May 27, 2020.
Internal MISP references
UUID 2263af27-9c30-4bf6-a204-2f148ebdd17c
which can be used as unique global reference for Unit 42 MechaFlounder March 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-27T00:00:00Z |
date_published | 2019-03-04T00:00:00Z |
source | MITRE |
title | New Python-Based Payload MechaFlounder Used by Chafer |
Talos Nyetya June 2017
Chiu, A. (2016, June 27). New Ransomware Variant "Nyetya" Compromises Systems Worldwide. Retrieved March 26, 2019.
Internal MISP references
UUID c76e806c-b0e3-4ab9-ba6d-68a9f731f127
which can be used as unique global reference for Talos Nyetya June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-26T00:00:00Z |
date_published | 2016-06-27T00:00:00Z |
source | MITRE |
title | New Ransomware Variant "Nyetya" Compromises Systems Worldwide |
Cyble Black Basta May 2022
Cyble. (2022, May 6). New ransomware variant targeting high-value organizations. Retrieved March 7, 2023.
Internal MISP references
UUID 18035aba-0ae3-58b8-b426-86c2e38a37ae
which can be used as unique global reference for Cyble Black Basta May 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-07T00:00:00Z |
date_published | 2022-05-06T00:00:00Z |
source | MITRE |
title | New ransomware variant targeting high-value organizations |
Bleepingcomputer RAT malware 2020
Abrams, L. (2020, October 23). New RAT malware gets commands via Discord, has ransomware feature. Retrieved April 1, 2021.
Internal MISP references
UUID a587ea99-a951-4aa8-a3cf-a4822ae97490
which can be used as unique global reference for Bleepingcomputer RAT malware 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-01T00:00:00Z |
date_published | 2020-10-23T00:00:00Z |
source | MITRE |
title | New RAT malware gets commands via Discord, has ransomware feature |
IBM ITG18 2020
Wikoff, A. Emerson, R. (2020, July 16). New Research Exposes Iranian Threat Group Operations. Retrieved March 8, 2021.
Internal MISP references
UUID 523b7a1e-88ef-4440-a7b3-3fd0b8d5e199
which can be used as unique global reference for IBM ITG18 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-08T00:00:00Z |
date_published | 2020-07-16T00:00:00Z |
source | MITRE |
title | New Research Exposes Iranian Threat Group Operations |
new_rogue_DHCP_serv_malware
Irwin, Ullrich, J. (2009, March 16). new rogue-DHCP server malware. Retrieved January 14, 2022.
Internal MISP references
UUID 8e0a8a9a-9b1f-4141-b595-80b98daf6b68
which can be used as unique global reference for new_rogue_DHCP_serv_malware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-14T00:00:00Z |
date_published | 2009-03-16T00:00:00Z |
source | MITRE |
title | new rogue-DHCP server malware |
NCSC CISA Cyclops Blink Advisory February 2022
NCSC, CISA, FBI, NSA. (2022, February 23). New Sandworm malware Cyclops Blink replaces VPNFilter. Retrieved March 3, 2022.
Internal MISP references
UUID bee6cf85-5cb9-4000-b82e-9e15aebfbece
which can be used as unique global reference for NCSC CISA Cyclops Blink Advisory February 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-03T00:00:00Z |
date_published | 2022-02-23T00:00:00Z |
source | MITRE |
title | New Sandworm malware Cyclops Blink replaces VPNFilter |
Eweek Newscaster and Charming Kitten May 2014
Kerner, S. (2014, May 29). Newscaster Threat Uses Social Media for Intelligence Gathering. Retrieved April 14, 2021.
Internal MISP references
UUID a3407cd2-d579-4d64-8f2e-162c31a99534
which can be used as unique global reference for Eweek Newscaster and Charming Kitten May 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-14T00:00:00Z |
date_published | 2014-05-29T00:00:00Z |
source | MITRE |
title | Newscaster Threat Uses Social Media for Intelligence Gathering |
Deep Instinct TA505 Apr 2019
Vilkomir-Preisman, S. (2019, April 2). New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload. Retrieved May 28, 2019.
Internal MISP references
UUID 529524c0-123b-459c-bc6f-62aa45c228d1
which can be used as unique global reference for Deep Instinct TA505 Apr 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-28T00:00:00Z |
date_published | 2019-04-02T00:00:00Z |
source | MITRE |
title | New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload |
Janicab
Thomas. (2013, July 15). New signed malware called Janicab. Retrieved July 17, 2017.
Internal MISP references
UUID 1acc1a83-faac-41d3-a08b-cc3a539567fb
which can be used as unique global reference for Janicab
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-17T00:00:00Z |
date_published | 2013-07-15T00:00:00Z |
source | MITRE |
title | New signed malware called Janicab |
MSTIC NOBELIUM May 2021
Microsoft Threat Intelligence Center (MSTIC). (2021, May 27). New sophisticated email-based attack from NOBELIUM. Retrieved May 28, 2021.
Internal MISP references
UUID 047ec63f-1f4b-4b57-9ab5-8a5cfcc11f4d
which can be used as unique global reference for MSTIC NOBELIUM May 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-28T00:00:00Z |
date_published | 2021-05-27T00:00:00Z |
source | MITRE |
title | New sophisticated email-based attack from NOBELIUM |
Microsoft Phosphorus Mar 2019
Burt, T. (2019, March 27). New steps to protect customers from hacking. Retrieved May 27, 2020.
Internal MISP references
UUID c55a112d-4b05-4c32-a5b3-480b12929115
which can be used as unique global reference for Microsoft Phosphorus Mar 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-27T00:00:00Z |
date_published | 2019-03-27T00:00:00Z |
source | MITRE |
title | New steps to protect customers from hacking |
FireEye SUNSHUTTLE Mar 2021
Smith, L., Leathery, J., Read, B. (2021, March 4). New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452. Retrieved March 12, 2021.
Internal MISP references
UUID 1cdb8a1e-fbed-4db3-b273-5f8f45356dc1
which can be used as unique global reference for FireEye SUNSHUTTLE Mar 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-12T00:00:00Z |
date_published | 2021-03-04T00:00:00Z |
source | MITRE |
title | New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452 |
Blasco 2013
Blasco, J. (2013, March 21). New Sykipot developments [Blog]. Retrieved November 12, 2014.
Internal MISP references
UUID 46be6b77-ee2b-407e-bdd4-5a1183eda7f3
which can be used as unique global reference for Blasco 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
date_published | 2013-03-21T00:00:00Z |
source | MITRE |
title | New Sykipot developments [Blog] |
Malwarebytes Targeted Attack against Saudi Arabia
Malwarebytes Labs. (2017, March 27). New targeted attack against Saudi Arabia Government. Retrieved July 3, 2017.
Internal MISP references
UUID 735647f9-9cd4-4a20-8812-4671a3358e46
which can be used as unique global reference for Malwarebytes Targeted Attack against Saudi Arabia
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-03T00:00:00Z |
date_published | 2017-03-27T00:00:00Z |
source | MITRE |
title | New targeted attack against Saudi Arabia Government |
FireEye APT34 Dec 2017
Sardiwal, M, et al. (2017, December 7). New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit. Retrieved December 20, 2017.
Internal MISP references
UUID 88f41728-08ad-4cd8-a418-895738d68b04
which can be used as unique global reference for FireEye APT34 Dec 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 2017-12-07T00:00:00Z |
source | MITRE, Tidal Cyber |
title | New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit |
Unit 42 Cobalt Gang Oct 2018
Unit 42. (2018, October 25). New Techniques to Uncover and Attribute Financial actors Commodity Builders and Infrastructure Revealed. Retrieved December 11, 2018.
Internal MISP references
UUID 8956f0e5-d07f-4063-bf60-f8b964d03e6d
which can be used as unique global reference for Unit 42 Cobalt Gang Oct 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-12-11T00:00:00Z |
date_published | 2018-10-25T00:00:00Z |
source | MITRE |
title | New Techniques to Uncover and Attribute Financial actors Commodity Builders and Infrastructure Revealed |
ESET TeleBots Oct 2018
Cherepanov, A., Lipovsky, R. (2018, October 11). New TeleBots backdoor: First evidence linking Industroyer to NotPetya. Retrieved November 27, 2018.
Internal MISP references
UUID 56372448-03f5-49b5-a2a9-384fbd49fefc
which can be used as unique global reference for ESET TeleBots Oct 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-27T00:00:00Z |
date_published | 2018-10-11T00:00:00Z |
source | MITRE |
title | New TeleBots backdoor: First evidence linking Industroyer to NotPetya |
Unit 42 DarkHydrus July 2018
Falcone, R., et al. (2018, July 27). New Threat Actor Group DarkHydrus Targets Middle East Government. Retrieved August 2, 2018.
Internal MISP references
UUID 800279cf-e6f8-4721-818f-46e35ec7892a
which can be used as unique global reference for Unit 42 DarkHydrus July 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-02T00:00:00Z |
date_published | 2018-07-27T00:00:00Z |
source | MITRE, Tidal Cyber |
title | New Threat Actor Group DarkHydrus Targets Middle East Government |
Bitdefender Trickbot March 2020
Tudorica, R., Maximciuc, A., Vatamanu, C. (2020, March 18). New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong. Retrieved March 15, 2021.
Internal MISP references
UUID 2ccdaded-97f6-47e2-b6c0-9a83e8a945d6
which can be used as unique global reference for Bitdefender Trickbot March 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-15T00:00:00Z |
date_published | 2020-03-18T00:00:00Z |
source | MITRE |
title | New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong |
Malwarebytes Konni Aug 2021
Threat Intelligence Team. (2021, August 23). New variant of Konni malware used in campaign targetting Russia. Retrieved January 5, 2022.
Internal MISP references
UUID fb8c6402-ec18-414a-85f7-3d76eacbd890
which can be used as unique global reference for Malwarebytes Konni Aug 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-05T00:00:00Z |
date_published | 2021-08-23T00:00:00Z |
source | MITRE |
title | New variant of Konni malware used in campaign targetting Russia |
Proofpoint Vega Credential Stealer May 2018
Proofpoint. (2018, May 10). New Vega Stealer shines brightly in targeted campaign . Retrieved June 18, 2019.
Internal MISP references
UUID c52fe62f-4df4-43b0-a126-2df07dc61fc0
which can be used as unique global reference for Proofpoint Vega Credential Stealer May 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-18T00:00:00Z |
date_published | 2018-05-10T00:00:00Z |
source | MITRE |
title | New Vega Stealer shines brightly in targeted campaign |
Proofpoint Azorult July 2018
Proofpoint. (2018, July 30). New version of AZORult stealer improves loading features, spreads alongside ransomware in new campaign. Retrieved November 29, 2018.
Internal MISP references
UUID a85c869a-3ba3-42c2-9460-d3d1f0874044
which can be used as unique global reference for Proofpoint Azorult July 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-29T00:00:00Z |
date_published | 2018-07-30T00:00:00Z |
source | MITRE |
title | New version of AZORult stealer improves loading features, spreads alongside ransomware in new campaign |
Avira Mustang Panda January 2020
Hamzeloofard, S. (2020, January 31). New wave of PlugX targets Hong Kong | Avira Blog. Retrieved April 13, 2021.
Internal MISP references
UUID bc7755a0-5ee3-477b-b8d7-67174a59d0e2
which can be used as unique global reference for Avira Mustang Panda January 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-13T00:00:00Z |
date_published | 2020-01-31T00:00:00Z |
source | MITRE |
title | New wave of PlugX targets Hong Kong |
Palo Alto DNS Requests
Grunzweig, J., et al. (2016, May 24). New Wekby Attacks Use DNS Requests As Command and Control Mechanism. Retrieved August 17, 2016.
Internal MISP references
UUID 4a946c3f-ee0a-4649-8104-2bd9d90ebd49
which can be used as unique global reference for Palo Alto DNS Requests
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-17T00:00:00Z |
date_published | 2016-05-24T00:00:00Z |
source | MITRE |
title | New Wekby Attacks Use DNS Requests As Command and Control Mechanism |
PaloAlto DNS Requests May 2016
Grunzweig, J., et al. (2016, May 24). New Wekby Attacks Use DNS Requests As Command and Control Mechanism. Retrieved November 15, 2018.
Internal MISP references
UUID 6f08aa4e-c89f-4d3e-8f46-e856e21d2d50
which can be used as unique global reference for PaloAlto DNS Requests May 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-15T00:00:00Z |
date_published | 2016-05-24T00:00:00Z |
source | MITRE |
title | New Wekby Attacks Use DNS Requests As Command and Control Mechanism |
Unit42 Azorult Nov 2018
Yan, T., et al. (2018, November 21). New Wine in Old Bottle: New Azorult Variant Found in FindMyName Campaign using Fallout Exploit Kit. Retrieved November 29, 2018.
Internal MISP references
UUID 44ceddf6-bcbf-4a60-bb92-f8cdc675d185
which can be used as unique global reference for Unit42 Azorult Nov 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-29T00:00:00Z |
date_published | 2018-11-21T00:00:00Z |
source | MITRE |
title | New Wine in Old Bottle: New Azorult Variant Found in FindMyName Campaign using Fallout Exploit Kit |
FireEye Clandestine Fox
Chen, X., Scott, M., Caselden, D.. (2014, April 26). New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks. Retrieved January 14, 2016.
Internal MISP references
UUID fd536975-ff27-45fc-a07f-4b2128568df8
which can be used as unique global reference for FireEye Clandestine Fox
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-14T00:00:00Z |
date_published | 2014-04-26T00:00:00Z |
source | MITRE |
title | New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks |
Twitter ItsReallyNick Platinum Masquerade
Carr, N.. (2018, October 25). Nick Carr Status Update. Retrieved April 22, 2019.
Internal MISP references
UUID 12eea502-cf70-474f-8127-352cacc37418
which can be used as unique global reference for Twitter ItsReallyNick Platinum Masquerade
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-22T00:00:00Z |
date_published | 2018-10-25T00:00:00Z |
source | MITRE |
title | Nick Carr Status Update |
Twitter ItsReallyNick APT32 pubprn Masquerade
Carr, N.. (2017, December 26). Nick Carr Status Update APT32 pubprn. Retrieved April 22, 2019.
Internal MISP references
UUID 731865ea-2410-40ac-85cf-75f768edd08a
which can be used as unique global reference for Twitter ItsReallyNick APT32 pubprn Masquerade
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-22T00:00:00Z |
date_published | 2017-12-26T00:00:00Z |
source | MITRE |
title | Nick Carr Status Update APT32 pubprn |
Twitter ItsReallyNick APT41 EK
Carr, N. (2019, October 30). Nick Carr Status Update APT41 Environmental Keying. Retrieved June 23, 2020.
Internal MISP references
UUID e226a034-b79b-42bd-8115-2537f98e5d46
which can be used as unique global reference for Twitter ItsReallyNick APT41 EK
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-23T00:00:00Z |
date_published | 2019-10-30T00:00:00Z |
source | MITRE |
title | Nick Carr Status Update APT41 Environmental Keying |
Twitter ItsReallyNick Masquerading Update
Carr, N.. (2018, October 25). Nick Carr Status Update Masquerading. Retrieved April 22, 2019.
Internal MISP references
UUID aca324b7-15f1-47b5-9c13-248d1b1a7fff
which can be used as unique global reference for Twitter ItsReallyNick Masquerading Update
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-22T00:00:00Z |
date_published | 2018-10-25T00:00:00Z |
source | MITRE |
title | Nick Carr Status Update Masquerading |
SecureWorks NICKEL GLADSTONE profile Sept 2021
SecureWorks. (2021, September 29). NICKEL GLADSTONE Threat Profile. Retrieved September 29, 2021.
Internal MISP references
UUID c78a8379-04a4-4558-820d-831ad4f267fd
which can be used as unique global reference for SecureWorks NICKEL GLADSTONE profile Sept 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
date_published | 2021-09-29T00:00:00Z |
source | MITRE |
title | NICKEL GLADSTONE Threat Profile |
Microsoft NICKEL December 2021
MSTIC. (2021, December 6). NICKEL targeting government organizations across Latin America and Europe. Retrieved March 18, 2022.
Internal MISP references
UUID 29a46bb3-f514-4554-ad9c-35f9a5ad9870
which can be used as unique global reference for Microsoft NICKEL December 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-18T00:00:00Z |
date_published | 2021-12-06T00:00:00Z |
source | MITRE, Tidal Cyber |
title | NICKEL targeting government organizations across Latin America and Europe |
Nicolas Falliere, Liam O Murchu, Eric Chien February 2011
Nicolas Falliere, Liam O Murchu, Eric Chien. (2011, February) W32.Stuxnet Dossier (Version 1.4). Retrieved September 22, 2017
Internal MISP references
UUID a1b371c2-b2b1-5780-95c8-11f8c616dcf3
which can be used as unique global reference for Nicolas Falliere, Liam O Murchu, Eric Chien February 2011
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-09-22T00:00:00Z |
source | MITRE |
title | Nicolas Falliere, Liam O Murchu, Eric Chien February 2011 |
ProofPoint Ursnif Aug 2016
Proofpoint Staff. (2016, August 25). Nightmare on Tor Street: Ursnif variant Dreambot adds Tor functionality. Retrieved June 5, 2019.
Internal MISP references
UUID 4cef8c44-d440-4746-b3e8-c8e4d307273d
which can be used as unique global reference for ProofPoint Ursnif Aug 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-05T00:00:00Z |
date_published | 2016-08-25T00:00:00Z |
source | MITRE |
title | Nightmare on Tor Street: Ursnif variant Dreambot adds Tor functionality |
NirSoft Website
NirSoft. (n.d.). NirSoft Website. Retrieved March 6, 2024.
Internal MISP references
UUID 024e4e25-aab7-4231-bb4b-5e399d02d7b2
which can be used as unique global reference for NirSoft Website
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-06T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | NirSoft Website |
NIST Server Security July 2008
Scarfone, K. et al.. (2008, July). NIST Special Publication 800-123 - Guide to General Server Security. Retrieved July 26, 2018.
Internal MISP references
UUID 351a444e-2829-4584-83ea-de909e43ee72
which can be used as unique global reference for NIST Server Security July 2008
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-26T00:00:00Z |
date_published | 2008-07-01T00:00:00Z |
source | MITRE |
title | NIST Special Publication 800-123 - Guide to General Server Security |
Netskope Nitol
Malik, A. (2016, October 14). Nitol Botnet makes a resurgence with evasive sandbox analysis technique. Retrieved September 30, 2021.
Internal MISP references
UUID 94b5ac75-1fd5-4cad-a604-2b09846eb975
which can be used as unique global reference for Netskope Nitol
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-30T00:00:00Z |
date_published | 2016-10-14T00:00:00Z |
source | MITRE |
title | Nitol Botnet makes a resurgence with evasive sandbox analysis technique |
FireEye Njw0rm Aug 2013
Dawda, U. and Villeneuve, N. (2013, August 30). Njw0rm - Brother From the Same Mother. Retrieved June 4, 2019.
Internal MISP references
UUID 062c31b1-7c1e-487f-8340-11f4b3faabc4
which can be used as unique global reference for FireEye Njw0rm Aug 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-04T00:00:00Z |
date_published | 2013-08-30T00:00:00Z |
source | MITRE |
title | Njw0rm - Brother From the Same Mother |
Nltest Manual
ss64. (n.d.). NLTEST.exe - Network Location Test. Retrieved February 14, 2019.
Internal MISP references
UUID 4bb113a8-7e2c-4656-86f4-c30b08705ffa
which can be used as unique global reference for Nltest Manual
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-14T00:00:00Z |
source | MITRE |
title | NLTEST.exe - Network Location Test |
Nmap: the Network Mapper
Nmap. (n.d.). Nmap: the Network Mapper - Free Security Scanner. Retrieved September 7, 2023.
Internal MISP references
UUID 65f1bbaa-8ad1-4ad5-b726-660558d27efc
which can be used as unique global reference for Nmap: the Network Mapper
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Nmap: the Network Mapper - Free Security Scanner |
Microsoft Nobelium Admin Privileges
Microsoft Threat Intelligence Center. (2021, October 25). NOBELIUM targeting delegated administrative privileges to facilitate broader attacks. Retrieved January 31, 2022.
Internal MISP references
UUID aa315293-77a5-4ad9-b024-9af844edff9a
which can be used as unique global reference for Microsoft Nobelium Admin Privileges
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-31T00:00:00Z |
date_published | 2021-10-25T00:00:00Z |
source | MITRE |
title | NOBELIUM targeting delegated administrative privileges to facilitate broader attacks |
MSTIC Nobelium Oct 2021
Microsoft Threat Intelligence Center. (2021, October 25). NOBELIUM targeting delegated administrative privileges to facilitate broader attacks. Retrieved March 25, 2022.
Internal MISP references
UUID 7b6cc308-9871-47e5-9039-a9a7e66ce373
which can be used as unique global reference for MSTIC Nobelium Oct 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-25T00:00:00Z |
date_published | 2021-10-25T00:00:00Z |
source | MITRE |
title | NOBELIUM targeting delegated administrative privileges to facilitate broader attacks |
Symantec Noberus September 22 2022
Symantec Threat Hunter Team. (2022, September 22). Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics. Retrieved September 14, 2023.
Internal MISP references
UUID afd6808d-2c9f-4926-b7c6-ca9d3abdd923
which can be used as unique global reference for Symantec Noberus September 22 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-14T00:00:00Z |
date_published | 2022-09-22T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics |
new_rust_based_ransomware
Symantec Threat Hunter Team. (2021, December 16). Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware. Retrieved January 14, 2022.
Internal MISP references
UUID 8206240f-c84e-442e-b025-f629e9cc8d91
which can be used as unique global reference for new_rust_based_ransomware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-14T00:00:00Z |
date_published | 2021-12-16T00:00:00Z |
source | MITRE |
title | Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware |
SentinelOne NobleBaron June 2021
Guerrero-Saade, J. (2021, June 1). NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks. Retrieved August 4, 2021.
Internal MISP references
UUID 98cf2bb0-f36c-45af-8d47-bf26aca3bb09
which can be used as unique global reference for SentinelOne NobleBaron June 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-04T00:00:00Z |
date_published | 2021-06-01T00:00:00Z |
source | MITRE |
title | NobleBaron |
NodeJS
OpenJS Foundation. (n.d.). Node.js. Retrieved June 23, 2020.
Internal MISP references
UUID af710d49-48f4-47f6-98c6-8d4a4568b020
which can be used as unique global reference for NodeJS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-23T00:00:00Z |
source | MITRE |
title | Node.js |
Mandiant No Easy Breach
Dunwoody, M. and Carr, N.. (2016, September 27). No Easy Breach DerbyCon 2016. Retrieved October 4, 2016.
Internal MISP references
UUID e7c49ce6-9c5d-483a-b476-8a48799df6fa
which can be used as unique global reference for Mandiant No Easy Breach
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-10-04T00:00:00Z |
date_published | 2016-09-27T00:00:00Z |
source | MITRE |
title | No Easy Breach DerbyCon 2016 |
ESET PipeMon May 2020
Tartare, M. et al. (2020, May 21). No “Game over” for the Winnti Group. Retrieved August 24, 2020.
Internal MISP references
UUID cbc09411-be18-4241-be69-b718a741ed8c
which can be used as unique global reference for ESET PipeMon May 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-24T00:00:00Z |
date_published | 2020-05-21T00:00:00Z |
source | MITRE |
title | No “Game over” for the Winnti Group |
nohup Linux Man
Meyering, J. (n.d.). nohup(1). Retrieved August 30, 2023.
Internal MISP references
UUID f61dde91-3518-5a74-8eb8-bb3bae43e8fb
which can be used as unique global reference for nohup Linux Man
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-30T00:00:00Z |
source | MITRE |
title | nohup(1) |
Unit 42 Nokki Oct 2018
Grunzweig, J. (2018, October 01). NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT. Retrieved November 5, 2018.
Internal MISP references
UUID 4eea6638-a71b-4d74-acc4-0fac82ef72f6
which can be used as unique global reference for Unit 42 Nokki Oct 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-05T00:00:00Z |
date_published | 2018-10-01T00:00:00Z |
source | MITRE |
title | NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT |
ESET Nomadic Octopus 2018
Cherepanov, A. (2018, October 4). Nomadic Octopus Cyber espionage in Central Asia. Retrieved October 13, 2021.
Internal MISP references
UUID 50dcb3f0-1461-453a-aab9-38c2e259173f
which can be used as unique global reference for ESET Nomadic Octopus 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-13T00:00:00Z |
date_published | 2018-10-04T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Nomadic Octopus Cyber espionage in Central Asia |
Malwarebytes Pony April 2016
hasherezade. (2016, April 11). No money, but Pony! From a mail to a trojan horse. Retrieved May 21, 2020.
Internal MISP references
UUID f8700002-5da6-4cb8-be62-34e421d2a573
which can be used as unique global reference for Malwarebytes Pony April 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-21T00:00:00Z |
date_published | 2016-04-11T00:00:00Z |
source | MITRE |
title | No money, but Pony! From a mail to a trojan horse |
WithSecure Lazarus-NoPineapple Threat Intel Report 2023
Ruohonen, S. & Robinson, S. (2023, February 2). No Pineapple! -DPRK Targeting of Medical Research and Technology Sector. Retrieved July 10, 2023.
Internal MISP references
UUID 195922fa-a843-5cd3-a153-32f0b960dcb9
which can be used as unique global reference for WithSecure Lazarus-NoPineapple Threat Intel Report 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-10T00:00:00Z |
date_published | 2023-02-02T00:00:00Z |
source | MITRE |
title | No Pineapple! -DPRK Targeting of Medical Research and Technology Sector |
xorrior chrome extensions macOS
Chris Ross. (2019, February 8). No Place Like Chrome. Retrieved April 27, 2021.
Internal MISP references
UUID 84bfd3a1-bda2-4821-ac52-6af8515e5879
which can be used as unique global reference for xorrior chrome extensions macOS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-27T00:00:00Z |
date_published | 2019-02-08T00:00:00Z |
source | MITRE |
title | No Place Like Chrome |
Cybernews Yanfeng Qilin November 2023
Stefanie Schappert. (2023, November 28). North American auto supplier Yanfeng claimed by Qilin ransom group. Retrieved November 30, 2023.
Internal MISP references
UUID 93c89ca5-1863-4ee2-9fff-258f94f655c4
which can be used as unique global reference for Cybernews Yanfeng Qilin November 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-30T00:00:00Z |
date_published | 2023-11-28T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | North American auto supplier Yanfeng claimed by Qilin ransom group |
The Hacker News Lazarus Aug 2022
Lakshmanan, R. (2022, August 17). North Korea Hackers Spotted Targeting Job Seekers with macOS Malware. Retrieved April 10, 2023.
Internal MISP references
UUID 8ae38830-1547-5cc1-83a4-87c3a7c82aa6
which can be used as unique global reference for The Hacker News Lazarus Aug 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-04-10T00:00:00Z |
date_published | 2022-08-17T00:00:00Z |
source | MITRE |
title | North Korea Hackers Spotted Targeting Job Seekers with macOS Malware |
Zdnet Kimsuky Group September 2020
Cimpanu, C. (2020, September 30). North Korea has tried to hack 11 officials of the UN Security Council. Retrieved November 4, 2020.
Internal MISP references
UUID 6253bbc5-4d7d-4b7e-bd6b-59bd6366dc50
which can be used as unique global reference for Zdnet Kimsuky Group September 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-04T00:00:00Z |
date_published | 2020-09-30T00:00:00Z |
source | MITRE |
title | North Korea has tried to hack 11 officials of the UN Security Council |
Volexity InkySquid BLUELIGHT August 2021
Cash, D., Grunzweig, J., Meltzer, M., Adair, S., Lancaster, T. (2021, August 17). North Korean APT InkySquid Infects Victims Using Browser Exploits. Retrieved September 30, 2021.
Internal MISP references
UUID 7e394434-364f-4e50-9a96-3e75dacc9866
which can be used as unique global reference for Volexity InkySquid BLUELIGHT August 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-30T00:00:00Z |
date_published | 2021-08-17T00:00:00Z |
source | MITRE |
title | North Korean APT InkySquid Infects Victims Using Browser Exploits |
Talos Kimsuky Nov 2021
An, J and Malhotra, A. (2021, November 10). North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets. Retrieved December 29, 2021.
Internal MISP references
UUID 17927f0e-297a-45ec-8e1c-8a33892205dc
which can be used as unique global reference for Talos Kimsuky Nov 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-29T00:00:00Z |
date_published | 2021-11-10T00:00:00Z |
source | MITRE |
title | North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets |
Volexity InkySquid RokRAT August 2021
Cash, D., Grunzweig, J., Adair, S., Lancaster, T. (2021, August 25). North Korean BLUELIGHT Special: InkySquid Deploys RokRAT. Retrieved October 1, 2021.
Internal MISP references
UUID bff1667b-3f87-4653-bd17-b675e997baf1
which can be used as unique global reference for Volexity InkySquid RokRAT August 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-01T00:00:00Z |
date_published | 2021-08-25T00:00:00Z |
source | MITRE |
title | North Korean BLUELIGHT Special: InkySquid Deploys RokRAT |
Lazarus APT January 2022
Saini, A. and Hossein, J. (2022, January 27). North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign. Retrieved January 27, 2022.
Internal MISP references
UUID fbd96014-16c3-4ad6-bb3f-f92d15efce13
which can be used as unique global reference for Lazarus APT January 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-27T00:00:00Z |
date_published | 2022-01-27T00:00:00Z |
source | MITRE |
title | North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign |
Github NoRunDll
gtworek. (2019, December 17). NoRunDll. Retrieved August 23, 2021.
Internal MISP references
UUID 72d4b682-ed19-4e0f-aeff-faa52b3a0439
which can be used as unique global reference for Github NoRunDll
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-23T00:00:00Z |
date_published | 2019-12-17T00:00:00Z |
source | MITRE |
title | NoRunDll |
Crowdstrike TELCO BPO Campaign December 2022
Parisi, T. (2022, December 2). Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies. Retrieved June 30, 2023.
Internal MISP references
UUID 382785e1-4ef3-506e-b74f-cd07df9ae46e
which can be used as unique global reference for Crowdstrike TELCO BPO Campaign December 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-30T00:00:00Z |
date_published | 2022-12-02T00:00:00Z |
source | MITRE |
title | Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies |
CrowdStrike Scattered Spider SIM Swapping December 22 2022
Tim Parisi. (2022, December 22). Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies. Retrieved September 14, 2023.
Internal MISP references
UUID e48760ba-2752-4d30-8f99-152c81f63017
which can be used as unique global reference for CrowdStrike Scattered Spider SIM Swapping December 22 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-14T00:00:00Z |
date_published | 2022-12-22T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies |
Sophos Dyreza April 2015
Ducklin, P. (2015, April 20). Notes from SophosLabs: Dyreza, the malware that discriminates against old computers. Retrieved June 16, 2020.
Internal MISP references
UUID 50f9aa49-dde5-42c9-ba5c-f42281a71b7e
which can be used as unique global reference for Sophos Dyreza April 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-16T00:00:00Z |
date_published | 2015-04-20T00:00:00Z |
source | MITRE |
title | Notes from SophosLabs: Dyreza, the malware that discriminates against old computers |
NIST Supply Chain 2012
Boyens, J,. Et al.. (2002, October). Notional Supply Chain Risk Management Practices for Federal Information Systems. Retrieved April 6, 2018.
Internal MISP references
UUID b3171abc-957c-4bd5-a18f-0d66bba396b9
which can be used as unique global reference for NIST Supply Chain 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-06T00:00:00Z |
date_published | 2002-10-01T00:00:00Z |
source | MITRE |
title | Notional Supply Chain Risk Management Practices for Federal Information Systems |
eSentire FIN7 July 2021
eSentire. (2021, July 21). Notorious Cybercrime Gang, FIN7, Lands Malware in Law Firm Using Fake Legal Complaint Against Jack Daniels’ Owner, Brown-Forman Inc.. Retrieved September 20, 2021.
Internal MISP references
UUID 3976dd0e-7dee-4ae7-8c38-484b12ca233e
which can be used as unique global reference for eSentire FIN7 July 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-20T00:00:00Z |
date_published | 2021-07-21T00:00:00Z |
source | MITRE |
title | Notorious Cybercrime Gang, FIN7, Lands Malware in Law Firm Using Fake Legal Complaint Against Jack Daniels’ Owner, Brown-Forman Inc. |
Secureworks NotPetya June 2017
Counter Threat Research Team. (2017, June 28). NotPetya Campaign: What We Know About the Latest Global Ransomware Attack. Retrieved June 11, 2020.
Internal MISP references
UUID 3109e59c-ace2-4e5a-bba2-24b840a7af0d
which can be used as unique global reference for Secureworks NotPetya June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-11T00:00:00Z |
date_published | 2017-06-28T00:00:00Z |
source | MITRE |
title | NotPetya Campaign: What We Know About the Latest Global Ransomware Attack |
SensePost NotRuler
SensePost. (2017, September 21). NotRuler - The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange. Retrieved February 4, 2019.
Internal MISP references
UUID 1bafe35e-f99c-4aa9-8b2f-5a35970ec83b
which can be used as unique global reference for SensePost NotRuler
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-04T00:00:00Z |
date_published | 2017-09-21T00:00:00Z |
source | MITRE |
title | NotRuler - The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange |
FireEye APT29 Nov 2018
Dunwoody, M., et al. (2018, November 19). Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign. Retrieved November 27, 2018.
Internal MISP references
UUID 30e769e0-4552-429b-b16e-27830d42edea
which can be used as unique global reference for FireEye APT29 Nov 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-27T00:00:00Z |
date_published | 2018-11-19T00:00:00Z |
source | MITRE |
title | Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign |
Unit 42 Cuba August 9 2022
Anthony Galiette, Daniel Bunce, Doel Santos, Shawn Westfall. (2022, August 9). Novel News on Cuba Ransomware: Greetings From Tropical Scorpius. Retrieved June 4, 2022.
Internal MISP references
UUID 06f668d9-9a68-4d2f-b9a0-b92beb3b75d6
which can be used as unique global reference for Unit 42 Cuba August 9 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-04T00:00:00Z |
date_published | 2022-08-09T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Novel News on Cuba Ransomware: Greetings From Tropical Scorpius |
NT API Windows
The NTinterlnals.net team. (n.d.). Nowak, T. Retrieved June 25, 2020.
Internal MISP references
UUID 306f7da7-caa2-40bf-a3db-e579c541eeb4
which can be used as unique global reference for NT API Windows
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-25T00:00:00Z |
source | MITRE |
title | Nowak, T |
Now You Serial
Rahman, Alyssa. (2021, December 13). Now You Serial, Now You Don’t — Systematically Hunting for Deserialization Exploits. Retrieved November 28, 2023.
Internal MISP references
UUID c42e1d00-942c-513d-bdfb-b97afc8f38cf
which can be used as unique global reference for Now You Serial
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-28T00:00:00Z |
date_published | 2021-12-13T00:00:00Z |
source | MITRE |
title | Now You Serial, Now You Don’t — Systematically Hunting for Deserialization Exploits |
Npcap: Windows Packet Capture Library & Driver
Npcap. (n.d.). Npcap: Windows Packet Capture Library & Driver. Retrieved September 7, 2023.
Internal MISP references
UUID c8dc5650-eb37-4bb6-b5b7-e6269c79785c
which can be used as unique global reference for Npcap: Windows Packet Capture Library & Driver
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Npcap: Windows Packet Capture Library & Driver |
NPLogonNotify
Microsoft. (2021, October 21). NPLogonNotify function (npapi.h). Retrieved March 30, 2023.
Internal MISP references
UUID 1fda833e-e543-5e68-a0f5-8a4170dd632a
which can be used as unique global reference for NPLogonNotify
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-30T00:00:00Z |
date_published | 2021-10-21T00:00:00Z |
source | MITRE |
title | NPLogonNotify function (npapi.h) |
NPPSPY
Grzegorz Tworek. (2021, December 15). NPPSpy. Retrieved March 30, 2023.
Internal MISP references
UUID c12bfaf6-4d83-552e-912b-cc55bce85961
which can be used as unique global reference for NPPSPY
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-30T00:00:00Z |
date_published | 2021-12-15T00:00:00Z |
source | MITRE |
title | NPPSpy |
ntdsutil.exe - LOLBAS Project
LOLBAS. (2020, January 10). ntdsutil.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 9d15ab80-86b7-4a69-ae3f-de017ca89f37
which can be used as unique global reference for ntdsutil.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-01-10T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | ntdsutil.exe |
Ntdsutil Microsoft
Microsoft. (2016, August 31). Ntdsutil Microsoft. Retrieved July 11, 2023.
Internal MISP references
UUID 34de2f08-0481-4894-80ef-86506d821cf0
which can be used as unique global reference for Ntdsutil Microsoft
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-11T00:00:00Z |
date_published | 2016-08-31T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Ntdsutil Microsoft |
Microsoft NTFS File Attributes Aug 2010
Hughes, J. (2010, August 25). NTFS File Attributes. Retrieved March 21, 2018.
Internal MISP references
UUID dc4689d2-54b4-4310-ac10-6b234eedbc16
which can be used as unique global reference for Microsoft NTFS File Attributes Aug 2010
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-21T00:00:00Z |
date_published | 2010-08-25T00:00:00Z |
source | MITRE |
title | NTFS File Attributes |
NtQueryInformationProcess
Microsoft. (2021, November 23). NtQueryInformationProcess function (winternl.h). Retrieved February 4, 2022.
Internal MISP references
UUID 7b533ca9-9075-408d-b125-89bc7446ec8f
which can be used as unique global reference for NtQueryInformationProcess
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-04T00:00:00Z |
date_published | 2021-11-23T00:00:00Z |
source | MITRE |
title | NtQueryInformationProcess function (winternl.h) |
AsyncRAT GitHub
Nyan-x-Cat. (n.d.). NYAN-x-CAT / AsyncRAT-C-Sharp. Retrieved October 3, 2023.
Internal MISP references
UUID b40fc5d8-02fd-5683-88c3-592c6b06df1a
which can be used as unique global reference for AsyncRAT GitHub
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-03T00:00:00Z |
source | MITRE |
title | NYAN-x-CAT / AsyncRAT-C-Sharp |
Joe Sec Nymaim
Joe Security. (2016, April 21). Nymaim - evading Sandboxes with API hammering. Retrieved September 30, 2021.
Internal MISP references
UUID fe6ac288-1c7c-4ec0-a709-c3ca56e5d088
which can be used as unique global reference for Joe Sec Nymaim
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-30T00:00:00Z |
date_published | 2016-04-21T00:00:00Z |
source | MITRE |
title | Nymaim - evading Sandboxes with API hammering |
OWASP Fingerprinting
OWASP Wiki. (2018, February 16). OAT-004 Fingerprinting. Retrieved October 20, 2020.
Internal MISP references
UUID ec89a48b-3b00-4928-8450-d2fbd307817f
which can be used as unique global reference for OWASP Fingerprinting
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2018-02-16T00:00:00Z |
source | MITRE |
title | OAT-004 Fingerprinting |
OWASP Vuln Scanning
OWASP. (n.d.). OAT-014 Vulnerability Scanning. Retrieved October 20, 2020.
Internal MISP references
UUID 039c0947-1976-4eb8-bb26-4c74dceea7f0
which can be used as unique global reference for OWASP Vuln Scanning
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2018-02-16T00:00:00Z |
source | MITRE |
title | OAT-014 Vulnerability Scanning |
SecureWorks Device Code Phishing 2021
SecureWorks Counter Threat Unit Research Team. (2021, June 3). OAuth’S Device Code Flow Abused in Phishing Attacks. Retrieved March 19, 2024.
Internal MISP references
UUID 0cea6734-d877-5007-95cc-0e24bdf33ff8
which can be used as unique global reference for SecureWorks Device Code Phishing 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-19T00:00:00Z |
date_published | 2021-06-03T00:00:00Z |
source | MITRE |
title | OAuth’S Device Code Flow Abused in Phishing Attacks |
BlackHat API Packers
Choi, S. (2015, August 6). Obfuscated API Functions in Modern Packers. Retrieved August 22, 2022.
Internal MISP references
UUID fc4434c0-373b-42fe-a0f5-683c24fa329e
which can be used as unique global reference for BlackHat API Packers
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-22T00:00:00Z |
date_published | 2015-08-06T00:00:00Z |
source | MITRE |
title | Obfuscated API Functions in Modern Packers |
FireEye Obfuscation June 2017
Bohannon, D. & Carr N. (2017, June 30). Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques. Retrieved February 12, 2018.
Internal MISP references
UUID 6d1089b7-0efe-4961-8abc-22a882895377
which can be used as unique global reference for FireEye Obfuscation June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-12T00:00:00Z |
date_published | 2017-06-30T00:00:00Z |
source | MITRE |
title | Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques |
objective-see 2017 review
Patrick Wardle. (n.d.). Retrieved March 20, 2018.
Internal MISP references
UUID 26b757c8-25cd-42ef-bef2-eb7a28455d57
which can be used as unique global reference for objective-see 2017 review
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-20T00:00:00Z |
source | MITRE |
title | objective-see 2017 review |
Talos Oblique RAT March 2021
Malhotra, A. (2021, March 2). ObliqueRAT returns with new campaign using hijacked websites. Retrieved September 2, 2021.
Internal MISP references
UUID 20e13efb-4ca1-43b2-83a6-c852e03333d7
which can be used as unique global reference for Talos Oblique RAT March 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-02T00:00:00Z |
date_published | 2021-03-02T00:00:00Z |
source | MITRE |
title | ObliqueRAT returns with new campaign using hijacked websites |
IBM ITG07 June 2019
McMillen, D. Sperry, C. (2019, June 14). Observations of ITG07 Cyber Operations. Retrieved May 17, 2021.
Internal MISP references
UUID e2d453c3-efb4-44e5-8b60-6a98dd6c3341
which can be used as unique global reference for IBM ITG07 June 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-17T00:00:00Z |
date_published | 2019-06-14T00:00:00Z |
source | MITRE |
title | Observations of ITG07 Cyber Operations |
Palo Alto CVE-2015-3113 July 2015
Falcone, R. and Wartell, R.. (2015, July 27). Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload. Retrieved January 22, 2016.
Internal MISP references
UUID 0ab158b4-9085-481a-8458-40f7c752179f
which can be used as unique global reference for Palo Alto CVE-2015-3113 July 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-22T00:00:00Z |
date_published | 2015-07-27T00:00:00Z |
source | MITRE |
title | Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload |
Volexity OceanLotus Nov 2017
Lassalle, D., et al. (2017, November 6). OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society. Retrieved November 6, 2017.
Internal MISP references
UUID ed9f5545-377f-4a12-92e4-c0439cc5b037
which can be used as unique global reference for Volexity OceanLotus Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-06T00:00:00Z |
date_published | 2017-11-06T00:00:00Z |
source | MITRE |
title | OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society |
Volexity Ocean Lotus November 2020
Adair, S. and Lancaster, T. (2020, November 6). OceanLotus: Extending Cyber Espionage Operations Through Fake Websites. Retrieved November 20, 2020.
Internal MISP references
UUID dbea2493-7e0a-47f0-88c1-5867f8bb1199
which can be used as unique global reference for Volexity Ocean Lotus November 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-20T00:00:00Z |
date_published | 2020-11-06T00:00:00Z |
source | MITRE |
title | OceanLotus: Extending Cyber Espionage Operations Through Fake Websites |
OceanLotus for OS X
Eddie Lee. (2016, February 17). OceanLotus for OS X - an Application Bundle Pretending to be an Adobe Flash Update. Retrieved July 5, 2017.
Internal MISP references
UUID 6e9acc29-06af-4915-8e01-7dcccb204530
which can be used as unique global reference for OceanLotus for OS X
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-05T00:00:00Z |
date_published | 2016-02-17T00:00:00Z |
source | MITRE |
title | OceanLotus for OS X - an Application Bundle Pretending to be an Adobe Flash Update |
ESET OceanLotus macOS April 2019
Dumont, R.. (2019, April 9). OceanLotus: macOS malware update. Retrieved April 15, 2019.
Internal MISP references
UUID e97e479b-4e6d-40b5-94cb-eac06172c0f8
which can be used as unique global reference for ESET OceanLotus macOS April 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-15T00:00:00Z |
date_published | 2019-04-09T00:00:00Z |
source | MITRE |
title | OceanLotus: macOS malware update |
ESET OceanLotus
Foltýn, T. (2018, March 13). OceanLotus ships new backdoor using old tricks. Retrieved May 22, 2018.
Internal MISP references
UUID a7bcbaca-10c1-403a-9eb5-f111af1cbf6a
which can be used as unique global reference for ESET OceanLotus
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-22T00:00:00Z |
date_published | 2018-03-13T00:00:00Z |
source | MITRE, Tidal Cyber |
title | OceanLotus ships new backdoor using old tricks |
Okta HAR Files Incident Update
David Bradbury. (2023, November 29). October Customer Support Security Incident - Update and Recommended Actions. Retrieved December 19, 2023.
Internal MISP references
UUID 5e09ab9c-8cb2-49f5-b65f-fd5447e71ef4
which can be used as unique global reference for Okta HAR Files Incident Update
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-19T00:00:00Z |
date_published | 2023-11-29T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | October Customer Support Security Incident - Update and Recommended Actions |
Securelist Octopus Oct 2018
Kaspersky Lab's Global Research & Analysis Team. (2018, October 15). Octopus-infested seas of Central Asia. Retrieved November 14, 2018.
Internal MISP references
UUID 77407057-53f1-4fde-bc74-00f73d417f7d
which can be used as unique global reference for Securelist Octopus Oct 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-14T00:00:00Z |
date_published | 2018-10-15T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Octopus-infested seas of Central Asia |
MSTIC Octo Tempest Operations October 2023
Microsoft. (2023, October 25). Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction. Retrieved March 18, 2024.
Internal MISP references
UUID 92716d7d-3ca5-5d7a-b719-946e94828f13
which can be used as unique global reference for MSTIC Octo Tempest Operations October 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-18T00:00:00Z |
date_published | 2023-10-25T00:00:00Z |
source | MITRE |
title | Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction |
LOLBAS Odbcconf
LOLBAS. (n.d.). Odbcconf.exe. Retrieved March 7, 2019.
Internal MISP references
UUID febcaaec-b535-4347-a4c7-b3284b251897
which can be used as unique global reference for LOLBAS Odbcconf
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-07T00:00:00Z |
source | MITRE |
title | Odbcconf.exe |
Microsoft odbcconf.exe
Microsoft. (2017, January 18). ODBCCONF.EXE. Retrieved March 7, 2019.
Internal MISP references
UUID 9df74876-2abf-4ced-b986-36212225d795
which can be used as unique global reference for Microsoft odbcconf.exe
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-07T00:00:00Z |
date_published | 2017-01-18T00:00:00Z |
source | MITRE |
title | ODBCCONF.EXE |
GrimBlog UsernameEnum
GrimHacker. (2017, July 24). Office365 ActiveSync Username Enumeration. Retrieved December 9, 2021.
Internal MISP references
UUID cab25908-63da-484d-8c42-4451f46086e2
which can be used as unique global reference for GrimBlog UsernameEnum
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-09T00:00:00Z |
date_published | 2017-07-24T00:00:00Z |
source | MITRE |
title | Office365 ActiveSync Username Enumeration |
GitHub Office 365 User Enumeration
gremwell. (2020, March 24). Office 365 User Enumeration. Retrieved May 27, 2022.
Internal MISP references
UUID 314fb591-d5f2-4f0c-ab0b-97977308b5dc
which can be used as unique global reference for GitHub Office 365 User Enumeration
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-27T00:00:00Z |
date_published | 2020-03-24T00:00:00Z |
source | MITRE |
title | Office 365 User Enumeration |
GitHub Office-Crackros Aug 2016
Carr, N. (2016, August 14). OfficeCrackros. Retrieved February 12, 2018.
Internal MISP references
UUID 6298d7b0-c6f9-46dd-91f0-41ef0ad515a5
which can be used as unique global reference for GitHub Office-Crackros Aug 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-12T00:00:00Z |
date_published | 2016-08-14T00:00:00Z |
source | MITRE |
title | OfficeCrackros |
GlobalDotName Jun 2019
Shukrun, S. (2019, June 2). Office Templates and GlobalDotName - A Stealthy Office Persistence Technique. Retrieved August 26, 2019.
Internal MISP references
UUID f574182a-5d91-43c8-b560-e84a7e941c96
which can be used as unique global reference for GlobalDotName Jun 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-08-26T00:00:00Z |
date_published | 2019-06-02T00:00:00Z |
source | MITRE |
title | Office Templates and GlobalDotName - A Stealthy Office Persistence Technique |
Microsoft VBA
Microsoft. (2019, June 11). Office VBA Reference. Retrieved June 23, 2020.
Internal MISP references
UUID ba0e3c5d-7934-4ece-b4a1-c03bc355f378
which can be used as unique global reference for Microsoft VBA
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-23T00:00:00Z |
date_published | 2019-06-11T00:00:00Z |
source | MITRE |
title | Office VBA Reference |
OfflineScannerShell.exe - LOLBAS Project
LOLBAS. (2021, August 16). OfflineScannerShell.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 8194442f-4f86-438e-bd0c-f4cbda0264b8
which can be used as unique global reference for OfflineScannerShell.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-08-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | OfflineScannerShell.exe |
Bitdefender Agent Tesla April 2020
Arsene, L. (2020, April 21). Oil & Gas Spearphishing Campaigns Drop Agent Tesla Spyware in Advance of Historic OPEC+ Deal. Retrieved May 19, 2020.
Internal MISP references
UUID e3d932fc-0148-43b9-bcc7-971dd7ba3bf8
which can be used as unique global reference for Bitdefender Agent Tesla April 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-19T00:00:00Z |
date_published | 2020-04-21T00:00:00Z |
source | MITRE |
title | Oil & Gas Spearphishing Campaigns Drop Agent Tesla Spyware in Advance of Historic OPEC+ Deal |
Palo Alto OilRig April 2017
Falcone, R.. (2017, April 27). OilRig Actors Provide a Glimpse into Development and Testing Efforts. Retrieved May 3, 2017.
Internal MISP references
UUID fb561cdd-03f6-4867-b5b5-7e4deb11f0d0
which can be used as unique global reference for Palo Alto OilRig April 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-05-03T00:00:00Z |
date_published | 2017-04-27T00:00:00Z |
source | MITRE |
title | OilRig Actors Provide a Glimpse into Development and Testing Efforts |
OilRig New Delivery Oct 2017
Falcone, R. and Lee, B. (2017, October 9). OilRig Group Steps Up Attacks with New Delivery Documents and New Injector Trojan. Retrieved January 8, 2018.
Internal MISP references
UUID f5f3e1e7-1d83-4ddc-a878-134cd0d268ce
which can be used as unique global reference for OilRig New Delivery Oct 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-08T00:00:00Z |
date_published | 2017-10-09T00:00:00Z |
source | MITRE |
title | OilRig Group Steps Up Attacks with New Delivery Documents and New Injector Trojan |
Palo Alto OilRig Oct 2016
Grunzweig, J. and Falcone, R.. (2016, October 4). OilRig Malware Campaign Updates Toolset and Expands Targets. Retrieved May 3, 2017.
Internal MISP references
UUID 14bbb07b-caeb-4d17-8e54-047322a5930c
which can be used as unique global reference for Palo Alto OilRig Oct 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-05-03T00:00:00Z |
date_published | 2016-10-04T00:00:00Z |
source | MITRE, Tidal Cyber |
title | OilRig Malware Campaign Updates Toolset and Expands Targets |
Unit 42 OilRig Sept 2018
Falcone, R., et al. (2018, September 04). OilRig Targets a Middle Eastern Government and Adds Evasion Techniques to OopsIE. Retrieved September 24, 2018.
Internal MISP references
UUID 84815940-b98a-4f5c-82fe-7d8bf2f51a09
which can be used as unique global reference for Unit 42 OilRig Sept 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-24T00:00:00Z |
date_published | 2018-09-04T00:00:00Z |
source | MITRE |
title | OilRig Targets a Middle Eastern Government and Adds Evasion Techniques to OopsIE |
Unit42 RDAT July 2020
Falcone, R. (2020, July 22). OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory. Retrieved July 28, 2020.
Internal MISP references
UUID 2929baa5-ead7-4936-ab67-c4742afc473c
which can be used as unique global reference for Unit42 RDAT July 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-28T00:00:00Z |
date_published | 2020-07-22T00:00:00Z |
source | MITRE |
title | OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory |
Unit 42 QUADAGENT July 2018
Lee, B., Falcone, R. (2018, July 25). OilRig Targets Technology Service Provider and Government Agency with QUADAGENT. Retrieved August 9, 2018.
Internal MISP references
UUID 320f49df-7b0a-4a6a-8542-17b0f56c94c9
which can be used as unique global reference for Unit 42 QUADAGENT July 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-09T00:00:00Z |
date_published | 2018-07-25T00:00:00Z |
source | MITRE |
title | OilRig Targets Technology Service Provider and Government Agency with QUADAGENT |
OilRig ISMAgent July 2017
Falcone, R. and Lee, B. (2017, July 27). OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group. Retrieved January 8, 2018.
Internal MISP references
UUID e42c60cb-7827-4896-96e9-1323d5973aac
which can be used as unique global reference for OilRig ISMAgent July 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-08T00:00:00Z |
date_published | 2017-07-27T00:00:00Z |
source | MITRE |
title | OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group |
Unit 42 RGDoor Jan 2018
Falcone, R. (2018, January 25). OilRig uses RGDoor IIS Backdoor on Targets in the Middle East. Retrieved July 6, 2018.
Internal MISP references
UUID 94b37da6-f808-451e-8f2d-5df0e93358ca
which can be used as unique global reference for Unit 42 RGDoor Jan 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-06T00:00:00Z |
date_published | 2018-01-25T00:00:00Z |
source | MITRE |
title | OilRig uses RGDoor IIS Backdoor on Targets in the Middle East |
Palo Alto OilRig Sep 2018
Wilhoit, K. and Falcone, R. (2018, September 12). OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government. Retrieved February 18, 2019.
Internal MISP references
UUID 2ec6eabe-92e2-454c-ba7b-b27fec5b428d
which can be used as unique global reference for Palo Alto OilRig Sep 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-18T00:00:00Z |
date_published | 2018-09-12T00:00:00Z |
source | MITRE |
title | OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government |
ESET Okrum July 2019
Hromcova, Z. (2019, July). OKRUM AND KETRICAN: AN OVERVIEW OF RECENT KE3CHANG GROUP ACTIVITY. Retrieved May 6, 2020.
Internal MISP references
UUID 197163a8-1a38-4edd-ba73-f44e7a329f41
which can be used as unique global reference for ESET Okrum July 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-06T00:00:00Z |
date_published | 2019-07-01T00:00:00Z |
source | MITRE |
title | OKRUM AND KETRICAN: AN OVERVIEW OF RECENT KE3CHANG GROUP ACTIVITY |
Talos Agent Tesla Oct 2018
Brumaghin, E., et al. (2018, October 15). Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox. Retrieved November 5, 2018.
Internal MISP references
UUID a7f38717-afbe-41c1-a404-bcb023c337e3
which can be used as unique global reference for Talos Agent Tesla Oct 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-05T00:00:00Z |
date_published | 2018-10-15T00:00:00Z |
source | MITRE |
title | Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox |
Securelist Malware Tricks April 2017
Ishimaru, S.. (2017, April 13). Old Malware Tricks To Bypass Detection in the Age of Big Data. Retrieved May 30, 2019.
Internal MISP references
UUID 3430ac9b-1621-42b4-9cc7-5ee60191051f
which can be used as unique global reference for Securelist Malware Tricks April 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-30T00:00:00Z |
date_published | 2017-04-13T00:00:00Z |
source | MITRE |
title | Old Malware Tricks To Bypass Detection in the Age of Big Data |
Red Canary Verclsid.exe
Haag, M., Levan, K. (2017, April 6). Old Phishing Attacks Deploy a New Methodology: Verclsid.exe. Retrieved August 10, 2020.
Internal MISP references
UUID f64e934f-737d-4461-8158-ae855bc472c4
which can be used as unique global reference for Red Canary Verclsid.exe
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-10T00:00:00Z |
date_published | 2017-04-06T00:00:00Z |
source | MITRE |
title | Old Phishing Attacks Deploy a New Methodology: Verclsid.exe |
Talos Olympic Destroyer 2018
Mercer, W. and Rascagneres, P. (2018, February 12). Olympic Destroyer Takes Aim At Winter Olympics. Retrieved March 14, 2019.
Internal MISP references
UUID 25a2e179-7abd-4091-8af4-e9d2bf24ef11
which can be used as unique global reference for Talos Olympic Destroyer 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-14T00:00:00Z |
date_published | 2018-02-12T00:00:00Z |
source | MITRE |
title | Olympic Destroyer Takes Aim At Winter Olympics |
Crowdstrike Pirate Panda April 2020
Busselen, M. (2020, April 7). On-demand Webcast: CrowdStrike Experts on COVID-19 Cybersecurity Challenges and Recommendations. Retrieved May 20, 2020.
Internal MISP references
UUID f71410b4-5f79-439a-ae9e-8965f9bc577f
which can be used as unique global reference for Crowdstrike Pirate Panda April 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-20T00:00:00Z |
date_published | 2020-04-07T00:00:00Z |
source | MITRE |
title | On-demand Webcast: CrowdStrike Experts on COVID-19 Cybersecurity Challenges and Recommendations |
OneDriveStandaloneUpdater.exe - LOLBAS Project
LOLBAS. (2021, August 22). OneDriveStandaloneUpdater.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 3d7dcd68-a7b2-438c-95bb-b7523a39c6f7
which can be used as unique global reference for OneDriveStandaloneUpdater.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-08-22T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | OneDriveStandaloneUpdater.exe |
Electron 6-8
Kosayev, U. (2023, June 15). One Electron to Rule Them All. Retrieved March 7, 2024.
Internal MISP references
UUID e4aa340e-de84-5b0d-8fba-405005a46f09
which can be used as unique global reference for Electron 6-8
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-07T00:00:00Z |
date_published | 2023-06-15T00:00:00Z |
source | MITRE |
title | One Electron to Rule Them All |
chasing_avaddon_ransomware
Hernandez, A. S. Tarter, P. Ocamp, E. J. (2022, January 19). One Source to Rule Them All: Chasing AVADDON Ransomware. Retrieved January 26, 2022.
Internal MISP references
UUID c5aeed6b-2d5d-4d49-b05e-261d565808d9
which can be used as unique global reference for chasing_avaddon_ransomware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-26T00:00:00Z |
date_published | 2022-01-19T00:00:00Z |
source | MITRE |
title | One Source to Rule Them All: Chasing AVADDON Ransomware |
Onion Routing
Wikipedia. (n.d.). Onion Routing. Retrieved October 20, 2020.
Internal MISP references
UUID 0667caad-39cd-469b-91c0-1210c09e6041
which can be used as unique global reference for Onion Routing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
source | MITRE |
title | Onion Routing |
FireEye FIN7 Aug 2018
Carr, N., et al. (2018, August 01). On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation. Retrieved August 23, 2018.
Internal MISP references
UUID 54e5f23a-5ca6-4feb-8046-db2fb71b400a
which can be used as unique global reference for FireEye FIN7 Aug 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-23T00:00:00Z |
date_published | 2018-08-01T00:00:00Z |
source | MITRE |
title | On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation |
securelist_strongpity
Baumgartner, K. (2016, October 3). On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users. Retrieved March 28, 2024.
Internal MISP references
UUID 67d6cf00-7971-55fb-ae5f-e71a3150ceaa
which can be used as unique global reference for securelist_strongpity
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-28T00:00:00Z |
date_published | 2016-10-03T00:00:00Z |
source | MITRE |
title | On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users |
OSX.FairyTale
Phile Stokes. (2018, September 20). On the Trail of OSX.FairyTale | Adware Playing at Malware. Retrieved August 24, 2021.
Internal MISP references
UUID 27f8ad45-53d2-48ba-b549-f7674cf9c2e7
which can be used as unique global reference for OSX.FairyTale
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-24T00:00:00Z |
date_published | 2018-09-20T00:00:00Z |
source | MITRE |
title | On the Trail of OSX.FairyTale |
Unit 42 OopsIE! Feb 2018
Lee, B., Falcone, R. (2018, February 23). OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan. Retrieved July 16, 2018.
Internal MISP references
UUID d4c2bac0-e95c-46af-ae52-c93de3d92f19
which can be used as unique global reference for Unit 42 OopsIE! Feb 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-16T00:00:00Z |
date_published | 2018-02-23T00:00:00Z |
source | MITRE |
title | OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan |
Proofpoint ZeroT Feb 2017
Huss, D., et al. (2017, February 2). Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX. Retrieved April 5, 2018.
Internal MISP references
UUID 63787035-f136-43e1-b445-22853bbed92b
which can be used as unique global reference for Proofpoint ZeroT Feb 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-05T00:00:00Z |
date_published | 2017-02-02T00:00:00Z |
source | MITRE |
title | Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX |
OpenConsole.exe - LOLBAS Project
LOLBAS. (2022, June 17). OpenConsole.exe. Retrieved December 4, 2023.
Internal MISP references
UUID e597522a-68ac-4d7e-80c4-db1c66d2da04
which can be used as unique global reference for OpenConsole.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-06-17T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | OpenConsole.exe |
Open Login Items Apple
Apple. (n.d.). Open items automatically when you log in on Mac. Retrieved October 1, 2021.
Internal MISP references
UUID 46a480eb-52d1-44c9-8b44-7e516b27cf82
which can be used as unique global reference for Open Login Items Apple
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-01T00:00:00Z |
source | MITRE |
title | Open items automatically when you log in on Mac |
OpenSSH Project Page
OpenSSH. (2023, March 15). OpenSSH. Retrieved May 25, 2023.
Internal MISP references
UUID e5ca6811-cd22-4be5-a751-d23fb99d206e
which can be used as unique global reference for OpenSSH Project Page
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-25T00:00:00Z |
date_published | 2023-03-15T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | OpenSSH |
OpenSSH Server Listening On Socket
mdecrevoisier. (2022, October 25). OpenSSH Server Listening On Socket. Retrieved May 25, 2023.
Internal MISP references
UUID 8ab9903b-db4b-4459-9791-f9ab12b7577b
which can be used as unique global reference for OpenSSH Server Listening On Socket
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-25T00:00:00Z |
date_published | 2022-10-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | OpenSSH Server Listening On Socket |
Operating with EmPyre
rvrsh3ll. (2016, May 18). Operating with EmPyre. Retrieved July 12, 2017.
Internal MISP references
UUID 459a4ad5-0e28-4bfc-a73e-b9dd516d516f
which can be used as unique global reference for Operating with EmPyre
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-12T00:00:00Z |
date_published | 2016-05-18T00:00:00Z |
source | MITRE |
title | Operating with EmPyre |
Windows AppleJeus GReAT
Global Research & Analysis Team, Kaspersky Lab (GReAT). (2018, August 23). Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware. Retrieved September 27, 2022.
Internal MISP references
UUID 336ea5f5-d8cc-4af5-9aa0-203e319b3c28
which can be used as unique global reference for Windows AppleJeus GReAT
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-27T00:00:00Z |
date_published | 2018-08-23T00:00:00Z |
source | MITRE |
title | Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware |
Cybereason Operation Bearded Barbie April 5 2022
Cybereason Nocturnus. (2022, April 5). Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials. Retrieved October 30, 2023.
Internal MISP references
UUID 7d71b7c9-531e-4e4f-ab85-df2380555b7a
which can be used as unique global reference for Cybereason Operation Bearded Barbie April 5 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-30T00:00:00Z |
date_published | 2022-04-05T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials |
Novetta Blockbuster Destructive Malware
Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Destructive Malware Report. Retrieved March 2, 2016.
Internal MISP references
UUID de278b77-52cb-4126-9341-5b32843ae9f1
which can be used as unique global reference for Novetta Blockbuster Destructive Malware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-02T00:00:00Z |
date_published | 2016-02-24T00:00:00Z |
source | MITRE |
title | Operation Blockbuster: Destructive Malware Report |
Novetta Blockbuster Loaders
Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Loaders, Installers and Uninstallers Report. Retrieved March 2, 2016.
Internal MISP references
UUID 5d3e2f36-3833-4203-9884-c3ff806da286
which can be used as unique global reference for Novetta Blockbuster Loaders
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-02T00:00:00Z |
date_published | 2016-02-24T00:00:00Z |
source | MITRE |
title | Operation Blockbuster: Loaders, Installers and Uninstallers Report |
Novetta Blockbuster RATs
Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Remote Administration Tools & Content Staging Malware Report. Retrieved March 16, 2016.
Internal MISP references
UUID 80d88e80-b5a7-48b7-a999-96b06d082997
which can be used as unique global reference for Novetta Blockbuster RATs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-16T00:00:00Z |
date_published | 2016-02-24T00:00:00Z |
source | MITRE |
title | Operation Blockbuster: Remote Administration Tools & Content Staging Malware Report |
Novetta Blockbuster Tools
Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Tools Report. Retrieved March 10, 2016.
Internal MISP references
UUID 6dd1b091-9ace-4e31-9845-3b1091147ecd
which can be used as unique global reference for Novetta Blockbuster Tools
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-10T00:00:00Z |
date_published | 2016-02-24T00:00:00Z |
source | MITRE |
title | Operation Blockbuster: Tools Report |
Novetta Blockbuster
Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Unraveling the Long Thread of the Sony Attack. Retrieved February 25, 2016.
Internal MISP references
UUID bde96b4f-5f98-4ce5-a507-4b05d192b6d7
which can be used as unique global reference for Novetta Blockbuster
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-02-25T00:00:00Z |
date_published | 2016-02-24T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Operation Blockbuster: Unraveling the Long Thread of the Sony Attack |
FireEye Clandestine Wolf
Eng, E., Caselden, D.. (2015, June 23). Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign. Retrieved January 14, 2016.
Internal MISP references
UUID dbb779c4-4d75-4fb4-ad3a-7d1f0f74e26f
which can be used as unique global reference for FireEye Clandestine Wolf
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-14T00:00:00Z |
date_published | 2015-06-23T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign |
Cylance Cleaver
Cylance. (2014, December). Operation Cleaver. Retrieved September 14, 2017.
Internal MISP references
UUID f0b45225-3ec3-406f-bd74-87f24003761b
which can be used as unique global reference for Cylance Cleaver
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-09-14T00:00:00Z |
date_published | 2014-12-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Operation Cleaver |
PWC Cloud Hopper April 2017
PwC and BAE Systems. (2017, April). Operation Cloud Hopper. Retrieved April 5, 2017.
Internal MISP references
UUID fe741064-8cd7-428b-bdb9-9f2ab7e92489
which can be used as unique global reference for PWC Cloud Hopper April 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-04-05T00:00:00Z |
date_published | 2017-04-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Operation Cloud Hopper |
PWC Cloud Hopper Technical Annex April 2017
PwC and BAE Systems. (2017, April). Operation Cloud Hopper: Technical Annex. Retrieved April 13, 2017.
Internal MISP references
UUID da6c8a72-c732-44d5-81ac-427898706eed
which can be used as unique global reference for PWC Cloud Hopper Technical Annex April 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-04-13T00:00:00Z |
date_published | 2017-04-01T00:00:00Z |
source | MITRE |
title | Operation Cloud Hopper: Technical Annex |
Cybereason Cobalt Kitty 2017
Dahan, A. (2017). Operation Cobalt Kitty. Retrieved December 27, 2018.
Internal MISP references
UUID bf838a23-1620-4668-807a-4354083d69b1
which can be used as unique global reference for Cybereason Cobalt Kitty 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-12-27T00:00:00Z |
date_published | 2017-01-01T00:00:00Z |
source | MITRE |
title | Operation Cobalt Kitty |
Cybereason Oceanlotus May 2017
Dahan, A. (2017, May 24). OPERATION COBALT KITTY: A LARGE-SCALE APT IN ASIA CARRIED OUT BY THE OCEANLOTUS GROUP. Retrieved November 5, 2018.
Internal MISP references
UUID 1ef3025b-d4a9-49aa-b744-2dbea10a0abf
which can be used as unique global reference for Cybereason Oceanlotus May 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-05T00:00:00Z |
date_published | 2017-05-24T00:00:00Z |
source | MITRE |
title | OPERATION COBALT KITTY: A LARGE-SCALE APT IN ASIA CARRIED OUT BY THE OCEANLOTUS GROUP |
Cybereason OperationCuckooBees May 2022
Cybereason Nocturnus. (2022, May 4). Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques. Retrieved September 22, 2022.
Internal MISP references
UUID fe3e2c7e-2287-406c-b717-cf7721b5843a
which can be used as unique global reference for Cybereason OperationCuckooBees May 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-22T00:00:00Z |
date_published | 2022-05-04T00:00:00Z |
source | MITRE |
title | Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques |
Securelist ScarCruft Jun 2016
Raiu, C., and Ivanov, A. (2016, June 17). Operation Daybreak. Retrieved February 15, 2018.
Internal MISP references
UUID 04961952-9bac-48f3-adc7-40a3a2bcee84
which can be used as unique global reference for Securelist ScarCruft Jun 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-15T00:00:00Z |
date_published | 2016-06-17T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Operation Daybreak |
FireEye Operation Double Tap
Moran, N., et al. (2014, November 21). Operation Double Tap. Retrieved January 14, 2016.
Internal MISP references
UUID 4b9af128-98da-48b6-95c7-8d27979c2ab1
which can be used as unique global reference for FireEye Operation Double Tap
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-14T00:00:00Z |
date_published | 2014-11-21T00:00:00Z |
source | MITRE |
title | Operation Double Tap |
ClearSky Lazarus Aug 2020
ClearSky Research Team. (2020, August 13). Operation 'Dream Job' Widespread North Korean Espionage Campaign. Retrieved December 20, 2021.
Internal MISP references
UUID 2827e6e4-8163-47fb-9e22-b59e59cd338f
which can be used as unique global reference for ClearSky Lazarus Aug 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-20T00:00:00Z |
date_published | 2020-08-13T00:00:00Z |
source | MITRE |
title | Operation 'Dream Job' Widespread North Korean Espionage Campaign |
Cylance Dust Storm
Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.
Internal MISP references
UUID 001dd53c-74e6-4add-aeb7-da76b0d2afe8
which can be used as unique global reference for Cylance Dust Storm
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-22T00:00:00Z |
date_published | 2016-02-23T00:00:00Z |
source | MITRE |
title | Operation Dust Storm |
DustySky
ClearSky. (2016, January 7). Operation DustySky. Retrieved January 8, 2016.
Internal MISP references
UUID b9e0770d-f54a-4ada-abd1-65c45eee00fa
which can be used as unique global reference for DustySky
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-08T00:00:00Z |
date_published | 2016-01-07T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Operation DustySky |
DustySky2
ClearSky Cybersecurity. (2016, June 9). Operation DustySky - Part 2. Retrieved August 3, 2016.
Internal MISP references
UUID 4a3ecdec-254c-4eb4-9126-f540bb21dffe
which can be used as unique global reference for DustySky2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-03T00:00:00Z |
date_published | 2016-06-09T00:00:00Z |
source | MITRE |
title | Operation DustySky - Part 2 |
Trend Micro Tick November 2019
Chen, J. et al. (2019, November). Operation ENDTRADE: TICK’s Multi-Stage Backdoors for Attacking Industries and Stealing Classified Data. Retrieved June 9, 2020.
Internal MISP references
UUID 93adbf0d-5f5e-498e-aca1-ed3eb11561e7
which can be used as unique global reference for Trend Micro Tick November 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-09T00:00:00Z |
date_published | 2019-11-01T00:00:00Z |
source | MITRE |
title | Operation ENDTRADE: TICK’s Multi-Stage Backdoors for Attacking Industries and Stealing Classified Data |
FireEye DeputyDog 9002 November 2013
Moran, N. et al.. (2013, November 10). Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method. Retrieved March 19, 2018.
Internal MISP references
UUID 68b5a913-b696-4ca5-89ed-63453023d2a2
which can be used as unique global reference for FireEye DeputyDog 9002 November 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-19T00:00:00Z |
date_published | 2013-11-10T00:00:00Z |
source | MITRE |
title | Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method |
Volexity Exchange Marauder March 2021
Gruzweig, J. et al. (2021, March 2). Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities. Retrieved March 3, 2021.
Internal MISP references
UUID ef0626e9-281c-4770-b145-ffe36e18e369
which can be used as unique global reference for Volexity Exchange Marauder March 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-03T00:00:00Z |
date_published | 2021-03-02T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities |
ESET Dukes October 2019
Faou, M., Tartare, M., Dupuy, T. (2019, October). OPERATION GHOST. Retrieved September 23, 2020.
Internal MISP references
UUID fbc77b85-cc5a-4c65-956d-b8556974b4ef
which can be used as unique global reference for ESET Dukes October 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-23T00:00:00Z |
date_published | 2019-10-01T00:00:00Z |
source | MITRE |
title | OPERATION GHOST |
IssueMakersLab Andariel GoldenAxe May 2017
IssueMakersLab. (2017, May 1). Operation GoldenAxe. Retrieved September 29, 2021.
Internal MISP references
UUID 10a21964-d31f-40af-bf32-5ccd7d8c99a2
which can be used as unique global reference for IssueMakersLab Andariel GoldenAxe May 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
date_published | 2017-05-01T00:00:00Z |
source | MITRE |
title | Operation GoldenAxe |
ESET Operation Groundbait
Cherepanov, A.. (2016, May 17). Operation Groundbait: Analysis of a surveillance toolkit. Retrieved May 18, 2016.
Internal MISP references
UUID 218e69fd-558c-459b-9a57-ad2ee3e96296
which can be used as unique global reference for ESET Operation Groundbait
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-05-18T00:00:00Z |
date_published | 2016-05-17T00:00:00Z |
source | MITRE |
title | Operation Groundbait: Analysis of a surveillance toolkit |
Operation Hangover May 2013
Fagerland, S., et al. (2013, May). Operation Hangover: Unveiling an Indian Cyberattack Infrastructure. Retrieved September 26, 2016.
Internal MISP references
UUID fd581c0c-d93e-4396-a372-99cde3cd0c7c
which can be used as unique global reference for Operation Hangover May 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-09-26T00:00:00Z |
date_published | 2013-05-01T00:00:00Z |
source | MITRE |
title | Operation Hangover: Unveiling an Indian Cyberattack Infrastructure |
ESET Lazarus Jun 2020
Breitenbacher, D and Osis, K. (2020, June 17). OPERATION IN(TER)CEPTION: Targeted Attacks Against European Aerospace and Military Companies. Retrieved December 20, 2021.
Internal MISP references
UUID b16a0141-dea3-4b34-8279-7bc1ce3d7052
which can be used as unique global reference for ESET Lazarus Jun 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-20T00:00:00Z |
date_published | 2020-06-17T00:00:00Z |
source | MITRE |
title | OPERATION IN(TER)CEPTION: Targeted Attacks Against European Aerospace and Military Companies |
AhnLab Kimsuky Kabar Cobra Feb 2019
AhnLab. (2019, February 28). Operation Kabar Cobra - Tenacious cyber-espionage campaign by Kimsuky Group. Retrieved September 29, 2021.
Internal MISP references
UUID 4035e871-9291-4d7f-9c5f-d8482d4dc8a7
which can be used as unique global reference for AhnLab Kimsuky Kabar Cobra Feb 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
date_published | 2019-02-28T00:00:00Z |
source | MITRE |
title | Operation Kabar Cobra - Tenacious cyber-espionage campaign by Kimsuky Group |
Villeneuve et al 2014
Villeneuve, N., Bennett, J. T., Moran, N., Haq, T., Scott, M., & Geers, K. (2014). OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs. Retrieved November 12, 2014.
Internal MISP references
UUID 31504d92-6c4d-43f0-8548-ccc3aa05ba48
which can be used as unique global reference for Villeneuve et al 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
date_published | 2014-01-01T00:00:00Z |
source | MITRE |
title | OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs |
Mandiant Operation Ke3chang November 2014
Villeneuve, N., Bennett, J. T., Moran, N., Haq, T., Scott, M., & Geers, K. (2014). OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs. Retrieved November 12, 2014.
Internal MISP references
UUID bb45cf96-ceae-4f46-a0f5-08cd89f699c9
which can be used as unique global reference for Mandiant Operation Ke3chang November 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
date_published | 2014-01-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs |
Cisco Operation Layover September 2021
Ventura, V. (2021, September 16). Operation Layover: How we tracked an attack on the aviation industry to five years of compromise. Retrieved September 15, 2023.
Internal MISP references
UUID f19b4bd5-99f9-54c0-bffe-cc9c052aea12
which can be used as unique global reference for Cisco Operation Layover September 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-15T00:00:00Z |
date_published | 2021-09-16T00:00:00Z |
source | MITRE |
title | Operation Layover: How we tracked an attack on the aviation industry to five years of compromise |
Lotus Blossom Jun 2015
Falcone, R., et al.. (2015, June 16). Operation Lotus Blossom. Retrieved February 15, 2016.
Internal MISP references
UUID 46fdb8ca-b14d-43bd-a20f-cae7b26e56c6
which can be used as unique global reference for Lotus Blossom Jun 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-02-15T00:00:00Z |
date_published | 2015-06-16T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Operation Lotus Blossom |
FireEye Operation Molerats
Villeneuve, N., Haq, H., Moran, N. (2013, August 23). OPERATION MOLERATS: MIDDLE EAST CYBER ATTACKS USING POISON IVY. Retrieved April 1, 2016.
Internal MISP references
UUID 6b24e4aa-e773-4ca3-8267-19e036dc1144
which can be used as unique global reference for FireEye Operation Molerats
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-01T00:00:00Z |
date_published | 2013-08-23T00:00:00Z |
source | MITRE |
title | OPERATION MOLERATS: MIDDLE EAST CYBER ATTACKS USING POISON IVY |
McAfee Lazarus Nov 2020
Beek, C. (2020, November 5). Operation North Star: Behind The Scenes. Retrieved December 20, 2021.
Internal MISP references
UUID a283d229-3a2a-43ef-bcbe-aa6d41098b51
which can be used as unique global reference for McAfee Lazarus Nov 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-20T00:00:00Z |
date_published | 2020-11-05T00:00:00Z |
source | MITRE |
title | Operation North Star: Behind The Scenes |
McAfee Lazarus Jul 2020
Cashman, M. (2020, July 29). Operation North Star Campaign. Retrieved December 20, 2021.
Internal MISP references
UUID 43581a7d-d71a-4121-abb6-127483a49d12
which can be used as unique global reference for McAfee Lazarus Jul 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-20T00:00:00Z |
date_published | 2020-07-29T00:00:00Z |
source | MITRE |
title | Operation North Star Campaign |
McAfee Oceansalt Oct 2018
Sherstobitoff, R., Malhotra, A. (2018, October 18). ‘Operation Oceansalt’ Attacks South Korea, U.S., and Canada With Source Code From Chinese Hacker Group. Retrieved November 30, 2018.
Internal MISP references
UUID 04b475ab-c7f6-4373-a4b0-04b5d8028f95
which can be used as unique global reference for McAfee Oceansalt Oct 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-30T00:00:00Z |
date_published | 2018-10-18T00:00:00Z |
source | MITRE |
title | ‘Operation Oceansalt’ Attacks South Korea, U.S., and Canada With Source Code From Chinese Hacker Group |
FireEye OpPoisonedHandover February 2016
Ned Moran, Mike Scott, Mike Oppenheim of FireEye. (2014, November 3). Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kong’s Pro-Democracy Movement. Retrieved April 18, 2019.
Internal MISP references
UUID 1d57b1c8-930b-4bcb-a51e-39020327cc5d
which can be used as unique global reference for FireEye OpPoisonedHandover February 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-18T00:00:00Z |
date_published | 2014-11-03T00:00:00Z |
source | MITRE |
title | Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kong’s Pro-Democracy Movement |
Operation Quantum Entanglement
Haq, T., Moran, N., Vashisht, S., Scott, M. (2014, September). OPERATION QUANTUM ENTANGLEMENT. Retrieved November 4, 2015.
Internal MISP references
UUID c94f9652-32c3-4975-a9c0-48f93bdfe790
which can be used as unique global reference for Operation Quantum Entanglement
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-11-04T00:00:00Z |
date_published | 2014-09-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | OPERATION QUANTUM ENTANGLEMENT |
ProofPoint GoT 9002 Aug 2017
Huss, D. & Mesa, M. (2017, August 25). Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures. Retrieved March 19, 2018.
Internal MISP references
UUID b796f889-400c-440b-86b2-1588fd15f3ae
which can be used as unique global reference for ProofPoint GoT 9002 Aug 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-19T00:00:00Z |
date_published | 2017-08-25T00:00:00Z |
source | MITRE |
title | Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures |
FireEye Op RussianDoll
FireEye Labs. (2015, April 18). Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack. Retrieved April 24, 2017.
Internal MISP references
UUID 6f5986b7-07ee-4bca-9cb1-248744e94d7f
which can be used as unique global reference for FireEye Op RussianDoll
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-04-24T00:00:00Z |
date_published | 2015-04-18T00:00:00Z |
source | MITRE |
title | Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack |
FireEye Operation Saffron Rose 2013
Villeneuve, N. et al.. (2013). OPERATION SAFFRON ROSE . Retrieved May 28, 2020.
Internal MISP references
UUID 2f4c0941-d14e-4eb8-828c-f1d9a1e14a95
which can be used as unique global reference for FireEye Operation Saffron Rose 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-28T00:00:00Z |
date_published | 2013-01-01T00:00:00Z |
source | MITRE |
title | OPERATION SAFFRON ROSE |
Cylance Shaheen Nov 2018
Livelli, K, et al. (2018, November 12). Operation Shaheen. Retrieved May 1, 2019.
Internal MISP references
UUID 57802e46-e12c-4230-8d1c-08854a0de06a
which can be used as unique global reference for Cylance Shaheen Nov 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-01T00:00:00Z |
date_published | 2018-11-12T00:00:00Z |
source | MITRE |
title | Operation Shaheen |
McAfee Sharpshooter December 2018
Sherstobitoff, R., Malhotra, A., et. al.. (2018, December 18). Operation Sharpshooter Campaign Targets Global Defense, Critical Infrastructure. Retrieved May 14, 2020.
Internal MISP references
UUID 96b6d012-8620-4ef5-bf9a-5f88e465a495
which can be used as unique global reference for McAfee Sharpshooter December 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-14T00:00:00Z |
date_published | 2018-12-18T00:00:00Z |
source | MITRE |
title | Operation Sharpshooter Campaign Targets Global Defense, Critical Infrastructure |
Novetta-Axiom
Novetta. (n.d.). Operation SMN: Axiom Threat Actor Group Report. Retrieved November 12, 2014.
Internal MISP references
UUID 0dd428b9-849b-4108-87b1-20050b86f420
which can be used as unique global reference for Novetta-Axiom
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Operation SMN: Axiom Threat Actor Group Report |
Cybereason Soft Cell June 2019
Cybereason Nocturnus. (2019, June 25). Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers. Retrieved July 18, 2019.
Internal MISP references
UUID 620b7353-0e58-4503-b534-9250a8f5ae3c
which can be used as unique global reference for Cybereason Soft Cell June 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-18T00:00:00Z |
date_published | 2019-06-25T00:00:00Z |
source | MITRE |
title | Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers |
Azure AD Graph API
Microsoft. (2016, March 26). Operations overview | Graph API concepts. Retrieved June 18, 2020.
Internal MISP references
UUID fed0fef5-e366-4e24-9554-0599744cd1c6
which can be used as unique global reference for Azure AD Graph API
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-18T00:00:00Z |
date_published | 2016-03-26T00:00:00Z |
source | MITRE |
title | Operations overview |
ESET Operation Spalax Jan 2021
M. Porolli. (2021, January 21). Operation Spalax: Targeted malware attacks in Colombia. Retrieved September 16, 2022.
Internal MISP references
UUID b699dd10-7d3f-4542-bf8a-b3f0c747bd0e
which can be used as unique global reference for ESET Operation Spalax Jan 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-16T00:00:00Z |
date_published | 2021-01-21T00:00:00Z |
source | MITRE |
title | Operation Spalax: Targeted malware attacks in Colombia |
Proofpoint TA453 July2021
Miller, J. et al. (2021, July 13). Operation SpoofedScholars: A Conversation with TA453. Retrieved August 18, 2021.
Internal MISP references
UUID a987872f-2176-437c-a38f-58676b7b12de
which can be used as unique global reference for Proofpoint TA453 July2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-18T00:00:00Z |
date_published | 2021-07-13T00:00:00Z |
source | MITRE |
title | Operation SpoofedScholars: A Conversation with TA453 |
Proofpoint Operation Transparent Tribe March 2016
Huss, D. (2016, March 1). Operation Transparent Tribe. Retrieved June 8, 2016.
Internal MISP references
UUID 8e39d0da-114f-4ae6-8130-ca1380077d6a
which can be used as unique global reference for Proofpoint Operation Transparent Tribe March 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-08T00:00:00Z |
date_published | 2016-03-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Operation Transparent Tribe |
TrendMicro TropicTrooper 2015
Alintanahin, K. (2015). Operation Tropic Trooper: Relying on Tried-and-Tested Flaws to Infiltrate Secret Keepers. Retrieved June 14, 2019.
Internal MISP references
UUID 65d1f980-1dc2-4d36-8148-2d8747a39883
which can be used as unique global reference for TrendMicro TropicTrooper 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-14T00:00:00Z |
date_published | 2015-01-01T00:00:00Z |
source | MITRE |
title | Operation Tropic Trooper: Relying on Tried-and-Tested Flaws to Infiltrate Secret Keepers |
ClearSky and Trend Micro Operation Wilted Tulip July 2017
ClearSky and Trend Micro. (2017, July). Operation Wilted Tulip - Exposing a cyber espionage apparatus. Retrieved May 17, 2021.
Internal MISP references
UUID 696b12c6-ce1e-4e79-b781-43e0c70f9f2e
which can be used as unique global reference for ClearSky and Trend Micro Operation Wilted Tulip July 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-17T00:00:00Z |
date_published | 2017-07-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Operation Wilted Tulip - Exposing a cyber espionage apparatus |
ClearSky Wilted Tulip July 2017
ClearSky Cyber Security and Trend Micro. (2017, July). Operation Wilted Tulip: Exposing a cyber espionage apparatus. Retrieved August 21, 2017.
Internal MISP references
UUID 50233005-8dc4-4e91-9477-df574271df40
which can be used as unique global reference for ClearSky Wilted Tulip July 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-08-21T00:00:00Z |
date_published | 2017-07-01T00:00:00Z |
source | MITRE |
title | Operation Wilted Tulip: Exposing a cyber espionage apparatus |
ESET Windigo Mar 2014
Bilodeau, O., Bureau, M., Calvet, J., Dorais-Joncas, A., Léveillé, M., Vanheuverzwijn, B. (2014, March 18). Operation Windigo – the vivisection of a large Linux server‑side credential‑stealing malware campaign. Retrieved February 10, 2021.
Internal MISP references
UUID 721cdb36-d3fc-4212-b324-6be2b5f9cb46
which can be used as unique global reference for ESET Windigo Mar 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-10T00:00:00Z |
date_published | 2014-03-18T00:00:00Z |
source | MITRE |
title | Operation Windigo – the vivisection of a large Linux server‑side credential‑stealing malware campaign |
FoxIT Wocao December 2019
Dantzig, M. v., Schamper, E. (2019, December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020.
Internal MISP references
UUID aa3e31c7-71cd-4a3f-b482-9049c9abb631
which can be used as unique global reference for FoxIT Wocao December 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-08T00:00:00Z |
date_published | 2019-12-19T00:00:00Z |
source | MITRE |
title | Operation Wocao: Shining a light on one of China’s hidden hacking groups |
TrendMicro Operation Woolen Goldfish March 2015
Cedric Pernet, Kenney Lu. (2015, March 19). Operation Woolen-Goldfish - When Kittens Go phishing. Retrieved April 21, 2021.
Internal MISP references
UUID 0f077c93-aeda-4c95-9996-c52812a31267
which can be used as unique global reference for TrendMicro Operation Woolen Goldfish March 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-21T00:00:00Z |
date_published | 2015-03-19T00:00:00Z |
source | MITRE |
title | Operation Woolen-Goldfish - When Kittens Go phishing |
Bleeping Computer Op Sharpshooter March 2019
I. Ilascu. (2019, March 3). Op 'Sharpshooter' Connected to North Korea's Lazarus Group. Retrieved September 26, 2022.
Internal MISP references
UUID 84430646-6568-4288-8710-2827692a8862
which can be used as unique global reference for Bleeping Computer Op Sharpshooter March 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-26T00:00:00Z |
date_published | 2019-03-03T00:00:00Z |
source | MITRE |
title | Op 'Sharpshooter' Connected to North Korea's Lazarus Group |
Symantec Orangeworm IOCs April 2018
Symantec Security Response Attack Investigation Team. (2018, April 23). Orangeworm: Indicators of Compromise. Retrieved July 8, 2018.
Internal MISP references
UUID 293596ad-a13f-456b-8916-d1e1b1afe0da
which can be used as unique global reference for Symantec Orangeworm IOCs April 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-08T00:00:00Z |
date_published | 2018-04-23T00:00:00Z |
source | MITRE |
title | Orangeworm: Indicators of Compromise |
Symantec WastedLocker June 2020
Symantec Threat Intelligence. (2020, June 25). WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations. Retrieved May 20, 2021.
Internal MISP references
UUID 061d8f74-a202-4089-acae-687e4f96933b
which can be used as unique global reference for Symantec WastedLocker June 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-20T00:00:00Z |
source | MITRE |
title | Organizations |
Symantec Calisto July 2018
Pantig, J. (2018, July 30). OSX.Calisto. Retrieved September 7, 2018.
Internal MISP references
UUID cefef3d8-94f5-4d94-9689-6ed38702454f
which can be used as unique global reference for Symantec Calisto July 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-07T00:00:00Z |
date_published | 2018-07-30T00:00:00Z |
source | MITRE |
title | OSX.Calisto |
Objective-See MacMa Nov 2021
Wardle, P. (2021, November 11). OSX.CDDS (OSX.MacMa). Retrieved June 30, 2022.
Internal MISP references
UUID 7240261e-d901-4a68-b6fc-deec308e8a50
which can be used as unique global reference for Objective-See MacMa Nov 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-30T00:00:00Z |
date_published | 2021-11-11T00:00:00Z |
source | MITRE |
title | OSX.CDDS (OSX.MacMa) |
hexed osx.dok analysis 2019
fluffybunny. (2019, July 9). OSX.Dok Analysis. Retrieved October 4, 2021.
Internal MISP references
UUID 96f9d36a-01a5-418e-85f4-957e58d49c1b
which can be used as unique global reference for hexed osx.dok analysis 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-04T00:00:00Z |
date_published | 2019-07-09T00:00:00Z |
source | MITRE |
title | OSX.Dok Analysis |
malwarebyteslabs xcsset dubrobber
Thomas Reed. (2020, April 21). OSX.DubRobber. Retrieved October 5, 2021.
Internal MISP references
UUID 11ef576f-1bac-49e3-acba-85d70a42503e
which can be used as unique global reference for malwarebyteslabs xcsset dubrobber
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-05T00:00:00Z |
date_published | 2020-04-21T00:00:00Z |
source | MITRE |
title | OSX.DubRobber |
wardle evilquest partii
Patrick Wardle. (2020, July 3). OSX.EvilQuest Uncovered part ii: insidious capabilities. Retrieved March 21, 2021.
Internal MISP references
UUID 4fee237c-c2ec-47f5-b382-ec6bd4779281
which can be used as unique global reference for wardle evilquest partii
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-21T00:00:00Z |
date_published | 2020-07-03T00:00:00Z |
source | MITRE |
title | OSX.EvilQuest Uncovered part ii: insidious capabilities |
wardle evilquest parti
Patrick Wardle. (2020, June 29). OSX.EvilQuest Uncovered part i: infection, persistence, and more!. Retrieved March 18, 2021.
Internal MISP references
UUID 1ebd91db-9b56-442f-bb61-9e154b5966ac
which can be used as unique global reference for wardle evilquest parti
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-18T00:00:00Z |
date_published | 2020-06-29T00:00:00Z |
source | MITRE |
title | OSX.EvilQuest Uncovered part i: infection, persistence, and more! |
eset_osx_flashback
ESET. (2012, January 1). OSX/Flashback. Retrieved April 19, 2022.
Internal MISP references
UUID ce6e5a21-0063-4356-a77a-5c5f9fd2cf5c
which can be used as unique global reference for eset_osx_flashback
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-19T00:00:00Z |
date_published | 2012-01-01T00:00:00Z |
source | MITRE |
title | OSX/Flashback |
CheckPoint Dok
Ofer Caspi. (2017, May 4). OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic. Retrieved October 5, 2021.
Internal MISP references
UUID 8c178fd8-db34-45c6-901a-a8b2c178d809
which can be used as unique global reference for CheckPoint Dok
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-05T00:00:00Z |
date_published | 2017-05-04T00:00:00Z |
source | MITRE |
title | OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic |
Intego Shlayer Feb 2018
Long, Joshua. (2018, February 21). OSX/Shlayer: New Mac malware comes out of its shell. Retrieved August 28, 2019.
Internal MISP references
UUID 46eb883c-e203-4cd9-8f1c-c6ea12bc2742
which can be used as unique global reference for Intego Shlayer Feb 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-08-28T00:00:00Z |
date_published | 2018-02-21T00:00:00Z |
source | MITRE |
title | OSX/Shlayer: New Mac malware comes out of its shell |
Decoded Avast.io Follina June 3 2022
Threat Intelligence Team. (2022, June 3). Outbreak of Follina in Australia. Retrieved May 7, 2023.
Internal MISP references
UUID 2b43d421-3921-4efa-9bde-4b482811523f
which can be used as unique global reference for Decoded Avast.io Follina June 3 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2022-06-03T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Outbreak of Follina in Australia |
SensePost Outlook Forms
Stalmans, E. (2017, April 28). Outlook Forms and Shells. Retrieved February 4, 2019.
Internal MISP references
UUID 5d91a713-2f05-43bd-9fef-aa3f51f4c45a
which can be used as unique global reference for SensePost Outlook Forms
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-04T00:00:00Z |
date_published | 2017-04-28T00:00:00Z |
source | MITRE |
title | Outlook Forms and Shells |
SensePost Outlook Home Page
Stalmans, E. (2017, October 11). Outlook Home Page – Another Ruler Vector. Retrieved February 4, 2019.
Internal MISP references
UUID d2758a4b-d326-45a7-9ebf-03efcd1832da
which can be used as unique global reference for SensePost Outlook Home Page
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-04T00:00:00Z |
date_published | 2017-10-11T00:00:00Z |
source | MITRE |
title | Outlook Home Page – Another Ruler Vector |
Outlook Today Home Page
Soutcast. (2018, September 14). Outlook Today Homepage Persistence. Retrieved February 5, 2019.
Internal MISP references
UUID cb7beffb-a955-40fd-b114-de6533efc80d
which can be used as unique global reference for Outlook Today Home Page
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-05T00:00:00Z |
date_published | 2018-09-14T00:00:00Z |
source | MITRE |
title | Outlook Today Homepage Persistence |
Recorded Future Beacon 2019
Recorded Future. (2019, June 20). Out of the Blue: How Recorded Future Identified Rogue Cobalt Strike Servers. Retrieved October 16, 2020.
Internal MISP references
UUID 4e554042-53bb-44d4-9acc-44c86329ac47
which can be used as unique global reference for Recorded Future Beacon 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-16T00:00:00Z |
date_published | 2019-06-20T00:00:00Z |
source | MITRE |
title | Out of the Blue: How Recorded Future Identified Rogue Cobalt Strike Servers |
FireEye APT33 Guardrail
Ackerman, G., et al. (2018, December 21). OVERRULED: Containing a Potentially Destructive Adversary. Retrieved January 17, 2019.
Internal MISP references
UUID 4b4c9e72-eee1-4fa4-8dcb-501ec49882b0
which can be used as unique global reference for FireEye APT33 Guardrail
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-01-17T00:00:00Z |
date_published | 2018-12-21T00:00:00Z |
source | MITRE |
title | OVERRULED: Containing a Potentially Destructive Adversary |
Kubernetes Cloud Native Security
Kubernetes. (n.d.). Overview of Cloud Native Security. Retrieved March 8, 2023.
Internal MISP references
UUID 55ee5bcc-ba56-58ac-9afb-2349aa75fe39
which can be used as unique global reference for Kubernetes Cloud Native Security
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-08T00:00:00Z |
source | MITRE |
title | Overview of Cloud Native Security |
Apple Doco Archive Dynamic Libraries
Apple Inc.. (2012, July 23). Overview of Dynamic Libraries. Retrieved March 24, 2021.
Internal MISP references
UUID e3b8cc52-2096-418c-b291-1bc76022961d
which can be used as unique global reference for Apple Doco Archive Dynamic Libraries
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-24T00:00:00Z |
date_published | 2012-07-23T00:00:00Z |
source | MITRE |
title | Overview of Dynamic Libraries |
Apple Dev Dynamic Libraries
Apple. (2012, July 23). Overview of Dynamic Libraries. Retrieved September 7, 2023.
Internal MISP references
UUID 39ffd162-4052-57ec-bd20-2fe6b8e6beab
which can be used as unique global reference for Apple Dev Dynamic Libraries
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-07T00:00:00Z |
date_published | 2012-07-23T00:00:00Z |
source | MITRE |
title | Overview of Dynamic Libraries |
GCP IAM Conditions
Google Cloud. (n.d.). Overview of IAM Conditions. Retrieved January 2, 2024.
Internal MISP references
UUID fc117963-580f-5f4a-a969-b2410e00a58f
which can be used as unique global reference for GCP IAM Conditions
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-02T00:00:00Z |
source | MITRE |
title | Overview of IAM Conditions |
Kubeflow Pipelines
The Kubeflow Authors. (n.d.). Overview of Kubeflow Pipelines. Retrieved March 29, 2021.
Internal MISP references
UUID 0b40474c-173c-4a8c-8cc7-bac2dcfcaedd
which can be used as unique global reference for Kubeflow Pipelines
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-29T00:00:00Z |
source | MITRE |
title | Overview of Kubeflow Pipelines |
TechNet RDP Gateway
Microsoft. (n.d.). Overview of Remote Desktop Gateway. Retrieved June 6, 2016.
Internal MISP references
UUID 3e832a4f-b8e6-4c28-bb33-f2db817403b9
which can be used as unique global reference for TechNet RDP Gateway
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-06T00:00:00Z |
source | MITRE |
title | Overview of Remote Desktop Gateway |
CrowdStrike AQUATIC PANDA December 2021
Wiley, B. et al. (2021, December 29). OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt. Retrieved January 18, 2022.
Internal MISP references
UUID fd095ef2-6fc2-4f6f-9e4f-037b2a9217d2
which can be used as unique global reference for CrowdStrike AQUATIC PANDA December 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-18T00:00:00Z |
date_published | 2021-12-29T00:00:00Z |
source | MITRE, Tidal Cyber |
title | OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt |
OWASP Top 10 2017
OWASP. (2017, April 16). OWASP Top 10 2017 - The Ten Most Critical Web Application Security Risks. Retrieved February 12, 2019.
Internal MISP references
UUID 044ef2b7-44cc-4da6-b8e2-45d630558534
which can be used as unique global reference for OWASP Top 10 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-12T00:00:00Z |
date_published | 2017-04-16T00:00:00Z |
source | MITRE |
title | OWASP Top 10 2017 - The Ten Most Critical Web Application Security Risks |
OWASP Top 10
OWASP. (2018, February 23). OWASP Top Ten Project. Retrieved April 3, 2018.
Internal MISP references
UUID c6db3a77-4d01-4b4d-886d-746d676ed6d0
which can be used as unique global reference for OWASP Top 10
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-03T00:00:00Z |
date_published | 2018-02-23T00:00:00Z |
source | MITRE |
title | OWASP Top Ten Project |
Debian Manual Maintainer Scripts
Debian Policy Manual v4.6.1.1. (2022, August 14). Package maintainer scripts and installation procedure. Retrieved September 27, 2022.
Internal MISP references
UUID e32e293a-f583-494e-9eb5-c82167f2e000
which can be used as unique global reference for Debian Manual Maintainer Scripts
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-27T00:00:00Z |
date_published | 2022-08-14T00:00:00Z |
source | MITRE |
title | Package maintainer scripts and installation procedure |
GCP Packet Mirroring
Google Cloud. (n.d.). Packet Mirroring overview. Retrieved March 17, 2022.
Internal MISP references
UUID c91c6399-3520-4410-936d-48c3b13235ca
which can be used as unique global reference for GCP Packet Mirroring
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-17T00:00:00Z |
source | MITRE |
title | Packet Mirroring overview |
Citizenlab Packrat 2015
Scott-Railton, J., et al. (2015, December 8). Packrat. Retrieved December 18, 2020.
Internal MISP references
UUID 316f347f-3e92-4861-a075-db64adf6b6a8
which can be used as unique global reference for Citizenlab Packrat 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-18T00:00:00Z |
date_published | 2015-12-08T00:00:00Z |
source | MITRE |
title | Packrat |
GitHub Pacu
Rhino Security Labs. (2019, August 22). Pacu. Retrieved October 17, 2019.
Internal MISP references
UUID bda43b1b-ea8d-4371-9984-6d8a7cc24965
which can be used as unique global reference for GitHub Pacu
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-17T00:00:00Z |
date_published | 2019-08-22T00:00:00Z |
source | MITRE |
title | Pacu |
Pacu Detection Disruption Module
Rhino Security Labs. (2021, April 29). Pacu Detection Disruption Module. Retrieved August 4, 2023.
Internal MISP references
UUID deba605b-7abc-5794-a820-448a395aab69
which can be used as unique global reference for Pacu Detection Disruption Module
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-04T00:00:00Z |
date_published | 2021-04-29T00:00:00Z |
source | MITRE |
title | Pacu Detection Disruption Module |
Symantec Palmerworm Sep 2020
Threat Intelligence. (2020, September 29). Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors. Retrieved March 25, 2022.
Internal MISP references
UUID 84ecd475-8d3f-4e7c-afa8-2dff6078bed5
which can be used as unique global reference for Symantec Palmerworm Sep 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-25T00:00:00Z |
date_published | 2020-09-29T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors |
Apple PAM
Apple. (2011, May 11). PAM - Pluggable Authentication Modules. Retrieved June 25, 2020.
Internal MISP references
UUID 4838a58e-c00d-4b4c-937d-8da5d9f1a4b5
which can be used as unique global reference for Apple PAM
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-25T00:00:00Z |
date_published | 2011-05-11T00:00:00Z |
source | MITRE |
title | PAM - Pluggable Authentication Modules |
Man Pam_Unix
die.net. (n.d.). pam_unix(8) - Linux man page. Retrieved June 25, 2020.
Internal MISP references
UUID 6bc5ad93-3cc2-4429-ac4c-aae72193df27
which can be used as unique global reference for Man Pam_Unix
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-25T00:00:00Z |
source | MITRE |
title | pam_unix(8) - Linux man page |
Unit42 PlugX June 2017
Lancaster, T., Idrizovic, E. (2017, June 27). Paranoid PlugX. Retrieved April 19, 2019.
Internal MISP references
UUID 9dc629a0-543c-4221-86cc-0dfb93903988
which can be used as unique global reference for Unit42 PlugX June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-19T00:00:00Z |
date_published | 2017-06-27T00:00:00Z |
source | MITRE |
title | Paranoid PlugX |
Palo Alto PlugX June 2017
Lancaster, T. and Idrizovic, E.. (2017, June 27). Paranoid PlugX. Retrieved July 13, 2017.
Internal MISP references
UUID 27f17e79-ef38-4c20-9250-40c81fa8717a
which can be used as unique global reference for Palo Alto PlugX June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-13T00:00:00Z |
date_published | 2017-06-27T00:00:00Z |
source | MITRE |
title | Paranoid PlugX |
Secuirtyinbits Ataware3 May 2019
Secuirtyinbits . (2019, May 14). Parent PID Spoofing (Stage 2) Ataware Ransomware Part 3. Retrieved June 6, 2019.
Internal MISP references
UUID 0828b2fd-c85f-44c7-bb05-61e6eba34336
which can be used as unique global reference for Secuirtyinbits Ataware3 May 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-06T00:00:00Z |
date_published | 2019-05-14T00:00:00Z |
source | MITRE |
title | Parent PID Spoofing (Stage 2) Ataware Ransomware Part 3 |
Dragos PARISITE
Dragos. (n.d.). PARISITE. Retrieved December 21, 2020.
Internal MISP references
UUID 15e974db-51a9-4ec1-9725-cff8bb9bc2fa
which can be used as unique global reference for Dragos PARISITE
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-21T00:00:00Z |
source | MITRE |
title | PARISITE |
DOJ Lazarus Sony 2018
Department of Justice. (2018, September 6). Criminal Complaint - United States of America v. PARK JIN HYOK. Retrieved March 29, 2019.
Internal MISP references
UUID 950f8c1e-8793-43b7-abc7-0c9f6790b3b7
which can be used as unique global reference for DOJ Lazarus Sony 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-29T00:00:00Z |
source | MITRE |
title | PARK JIN HYOK |
intezer stripped binaries elf files 2018
Ignacio Sanmillan. (2018, February 7). Executable and Linkable Format 101. Part 2: Symbols. Retrieved September 29, 2022.
Internal MISP references
UUID 2d1faa93-fed5-4b0d-b6c9-72bbc4782201
which can be used as unique global reference for intezer stripped binaries elf files 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-29T00:00:00Z |
source | MITRE |
title | Part 2: Symbols |
Gabilondo DYLD_INSERT_LIBRARIES Catalina Bypass
Jon Gabilondo. (2019, September 22). How to Inject Code into Mach-O Apps. Part II.. Retrieved March 24, 2021.
Internal MISP references
UUID 67f3ce33-0197-41ef-a9d0-474c97ecf570
which can be used as unique global reference for Gabilondo DYLD_INSERT_LIBRARIES Catalina Bypass
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-24T00:00:00Z |
source | MITRE |
title | Part II. |
Office 365 Delegated Administration
Microsoft. (n.d.). Partners: Offer delegated administration. Retrieved May 27, 2022.
Internal MISP references
UUID fa0ed0fd-bf57-4a0f-9370-e22f27b20e42
which can be used as unique global reference for Office 365 Delegated Administration
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-27T00:00:00Z |
source | MITRE |
title | Partners: Offer delegated administration |
Microsoft IFEOorMalware July 2015
Microsoft. (2015, July 30). Part of Windows 10 or really Malware?. Retrieved December 18, 2017.
Internal MISP references
UUID 183843b5-66dc-4229-ba66-3171d9b8e33d
which can be used as unique global reference for Microsoft IFEOorMalware July 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-18T00:00:00Z |
date_published | 2015-07-30T00:00:00Z |
source | MITRE |
title | Part of Windows 10 or really Malware? |
Circl Passive DNS
CIRCL Computer Incident Response Center. (n.d.). Passive DNS. Retrieved October 20, 2020.
Internal MISP references
UUID c19f8683-97fb-4e0c-a9f5-12033b1d38ca
which can be used as unique global reference for Circl Passive DNS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
source | MITRE |
title | Passive DNS |
ObjectiveSee AppleJeus 2019
Patrick Wardle. (2019, October 12). Pass the AppleJeus. Retrieved September 28, 2022.
Internal MISP references
UUID 4cfec669-1db5-4a67-81e2-18383e4c4d3d
which can be used as unique global reference for ObjectiveSee AppleJeus 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-28T00:00:00Z |
date_published | 2019-10-12T00:00:00Z |
source | MITRE |
title | Pass the AppleJeus |
GentilKiwi Pass the Ticket
Deply, B. (2014, January 13). Pass the ticket. Retrieved June 2, 2016.
Internal MISP references
UUID 3ff12b9c-1c4e-4383-a771-792f5e95dcf1
which can be used as unique global reference for GentilKiwi Pass the Ticket
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-02T00:00:00Z |
date_published | 2014-01-13T00:00:00Z |
source | MITRE |
title | Pass the ticket |
Wikipedia Password cracking
Wikipedia. (n.d.). Password cracking. Retrieved December 23, 2015.
Internal MISP references
UUID d5ebb79f-b39a-46cb-b546-2db383783a58
which can be used as unique global reference for Wikipedia Password cracking
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-12-23T00:00:00Z |
source | MITRE |
title | Password cracking |
RDP Hijacking Korznikov
Korznikov, A. (2017, March 17). Passwordless RDP Session Hijacking Feature All Windows versions. Retrieved December 11, 2017.
Internal MISP references
UUID 8877e1f3-11e6-4ae0-adbd-c9b98b07ee25
which can be used as unique global reference for RDP Hijacking Korznikov
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-11T00:00:00Z |
date_published | 2017-03-17T00:00:00Z |
source | MITRE |
title | Passwordless RDP Session Hijacking Feature All Windows versions |
ise Password Manager February 2019
ise. (2019, February 19). Password Managers: Under the Hood of Secrets Management. Retrieved January 22, 2021.
Internal MISP references
UUID 253104ab-20b0-43d2-8338-afdd3237cc53
which can be used as unique global reference for ise Password Manager February 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-22T00:00:00Z |
date_published | 2019-02-19T00:00:00Z |
source | MITRE |
title | Password Managers: Under the Hood of Secrets Management |
Microsoft Password Complexity
Hall, J., Lich, B. (2017, September 9). Password must meet complexity requirements. Retrieved April 5, 2018.
Internal MISP references
UUID 918d4b6c-5783-4332-96d9-430e4c5ae030
which can be used as unique global reference for Microsoft Password Complexity
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-05T00:00:00Z |
date_published | 2017-09-09T00:00:00Z |
source | MITRE |
title | Password must meet complexity requirements |
BlackHillsInfosec Password Spraying
Thyer, J. (2015, October 30). Password Spraying & Other Fun with RPCCLIENT. Retrieved April 25, 2017.
Internal MISP references
UUID f45c7a4b-dafc-4e5c-ad3f-db4b0388a1d7
which can be used as unique global reference for BlackHillsInfosec Password Spraying
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-04-25T00:00:00Z |
date_published | 2015-10-30T00:00:00Z |
source | MITRE |
title | Password Spraying & Other Fun with RPCCLIENT |
how_pwd_rev_enc_1
Teusink, N. (2009, August 25). Passwords stored using reversible encryption: how it works (part 1). Retrieved November 17, 2021.
Internal MISP references
UUID 180246ca-94d8-4c78-894d-ae3b6fad3257
which can be used as unique global reference for how_pwd_rev_enc_1
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-11-17T00:00:00Z |
date_published | 2009-08-25T00:00:00Z |
source | MITRE |
title | Passwords stored using reversible encryption: how it works (part 1) |
how_pwd_rev_enc_2
Teusink, N. (2009, August 26). Passwords stored using reversible encryption: how it works (part 2). Retrieved November 17, 2021.
Internal MISP references
UUID cc08f190-5c17-441c-a6fa-99f8fdb8d1ae
which can be used as unique global reference for how_pwd_rev_enc_2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-11-17T00:00:00Z |
date_published | 2009-08-26T00:00:00Z |
source | MITRE |
title | Passwords stored using reversible encryption: how it works (part 2) |
Volexity Patchwork June 2018
Meltzer, M, et al. (2018, June 07). Patchwork APT Group Targets US Think Tanks. Retrieved July 16, 2018.
Internal MISP references
UUID d3ed7dd9-0941-4160-aa6a-c0244c63560f
which can be used as unique global reference for Volexity Patchwork June 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-16T00:00:00Z |
date_published | 2018-06-07T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Patchwork APT Group Targets US Think Tanks |
PaloAlto Patchwork Mar 2018
Levene, B. et al.. (2018, March 7). Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent. Retrieved March 31, 2018.
Internal MISP references
UUID 2609e461-1e23-4dc2-aa44-d09f4acb8c6e
which can be used as unique global reference for PaloAlto Patchwork Mar 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-31T00:00:00Z |
date_published | 2018-03-07T00:00:00Z |
source | MITRE |
title | Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent |
Symantec Patchwork
Hamada, J.. (2016, July 25). Patchwork cyberespionage group expands targets from governments to wide range of industries. Retrieved August 17, 2016.
Internal MISP references
UUID a6172463-56e2-49f2-856d-f4f8320d7c6e
which can be used as unique global reference for Symantec Patchwork
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-17T00:00:00Z |
date_published | 2016-07-25T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Patchwork cyberespionage group expands targets from governments to wide range of industries |
Trend Micro Pawn Storm OAuth 2017
Hacquebord, F.. (2017, April 25). Pawn Storm Abuses Open Authentication in Advanced Social Engineering Attacks. Retrieved October 4, 2019.
Internal MISP references
UUID 7d12c764-facd-4086-acd0-5c0287344520
which can be used as unique global reference for Trend Micro Pawn Storm OAuth 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-04T00:00:00Z |
date_published | 2017-04-25T00:00:00Z |
source | MITRE |
title | Pawn Storm Abuses Open Authentication in Advanced Social Engineering Attacks |
TrendMicro Pawn Storm 2019
Hacquebord, F. (n.d.). Pawn Storm in 2019 A Year of Scanning and Credential Phishing on High-Profile Targets. Retrieved December 29, 2020.
Internal MISP references
UUID 104f3264-3e8a-46ca-b9b2-e16a59938570
which can be used as unique global reference for TrendMicro Pawn Storm 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-29T00:00:00Z |
source | MITRE |
title | Pawn Storm in 2019 A Year of Scanning and Credential Phishing on High-Profile Targets |
TrendMicro Pawn Storm Dec 2020
Hacquebord, F., Remorin, L. (2020, December 17). Pawn Storm’s Lack of Sophistication as a Strategy. Retrieved January 13, 2021.
Internal MISP references
UUID 3bc249cd-f29a-4a74-a179-a6860e43683f
which can be used as unique global reference for TrendMicro Pawn Storm Dec 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-13T00:00:00Z |
date_published | 2020-12-17T00:00:00Z |
source | MITRE |
title | Pawn Storm’s Lack of Sophistication as a Strategy |
ClearSky Pay2Kitten December 2020
ClearSky. (2020, December 17). Pay2Key Ransomware – A New Campaign by Fox Kitten. Retrieved December 21, 2020.
Internal MISP references
UUID 6e09bc1a-8a5d-4512-9176-40eed91af358
which can be used as unique global reference for ClearSky Pay2Kitten December 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-21T00:00:00Z |
date_published | 2020-12-17T00:00:00Z |
source | MITRE |
title | Pay2Key Ransomware – A New Campaign by Fox Kitten |
PaypalScam
Bob Sullivan. (2000, July 24). PayPal alert! Beware the 'PaypaI' scam. Retrieved March 2, 2017.
Internal MISP references
UUID bcea7897-6cb2-467d-ad3b-ffd20badf19f
which can be used as unique global reference for PaypalScam
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-02T00:00:00Z |
date_published | 2000-07-24T00:00:00Z |
source | MITRE |
title | PayPal alert! Beware the 'PaypaI' scam |
Pcalua.exe - LOLBAS Project
LOLBAS. (2018, May 25). Pcalua.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 958064d4-7f9f-46a9-b475-93d6587ed770
which can be used as unique global reference for Pcalua.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Pcalua.exe |
pcodedmp Bontchev
Bontchev, V. (2019, July 30). pcodedmp.py - A VBA p-code disassembler. Retrieved September 17, 2020.
Internal MISP references
UUID 3057d857-6984-4247-918b-952b75ee152e
which can be used as unique global reference for pcodedmp Bontchev
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-17T00:00:00Z |
date_published | 2019-07-30T00:00:00Z |
source | MITRE |
title | pcodedmp.py - A VBA p-code disassembler |
GitHub PcShare 2014
LiveMirror. (2014, September 17). PcShare. Retrieved October 11, 2022.
Internal MISP references
UUID f113559f-a6da-43bc-bc64-9ff7155b82bc
which can be used as unique global reference for GitHub PcShare 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-10-11T00:00:00Z |
date_published | 2014-09-17T00:00:00Z |
source | MITRE |
title | PcShare |
Pcwrun.exe - LOLBAS Project
LOLBAS. (2018, May 25). Pcwrun.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b5946ca4-1f1b-4cba-af2f-0b99d6fff8b0
which can be used as unique global reference for Pcwrun.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Pcwrun.exe |
Pcwutl.dll - LOLBAS Project
LOLBAS. (2018, May 25). Pcwutl.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 1050758d-20da-4c4a-83d3-40aeff3db9ca
which can be used as unique global reference for Pcwutl.dll - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Pcwutl.dll |
Microsoft Peach Sandstorm 2023
Microsoft Threat Intelligence. (2023, September 14). Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets. Retrieved September 18, 2023.
Internal MISP references
UUID 84d026ed-b8f2-5bbb-865a-2d93aa4b2ef8
which can be used as unique global reference for Microsoft Peach Sandstorm 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-18T00:00:00Z |
date_published | 2023-09-14T00:00:00Z |
source | MITRE |
title | Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets |
Microsoft Peach Sandstorm September 14 2023
Microsoft Threat Intelligence. (2023, September 14). Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets. Retrieved January 31, 2024.
Internal MISP references
UUID 98a631f4-4b95-4159-b311-dee1216ec208
which can be used as unique global reference for Microsoft Peach Sandstorm September 14 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-31T00:00:00Z |
date_published | 2023-09-14T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets |
Microsoft PEB 2021
Microsoft. (2021, October 6). PEB structure (winternl.h). Retrieved November 19, 2021.
Internal MISP references
UUID e0ec4cf6-1e6a-41ab-8704-a66c5cc4d226
which can be used as unique global reference for Microsoft PEB 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-11-19T00:00:00Z |
date_published | 2021-10-06T00:00:00Z |
source | MITRE |
title | PEB structure (winternl.h) |
Peirates GitHub
InGuardians. (2022, January 5). Peirates GitHub. Retrieved February 8, 2022.
Internal MISP references
UUID a75cde8b-76e4-4dc3-b1d5-cf08479905e7
which can be used as unique global reference for Peirates GitHub
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-08T00:00:00Z |
date_published | 2022-01-05T00:00:00Z |
source | MITRE |
title | Peirates GitHub |
Pentesting AD Forests
García, C. (2019, April 3). Pentesting Active Directory Forests. Retrieved October 20, 2020.
Internal MISP references
UUID 3ca2e78e-751e-460b-9f3c-f851d054bce4
which can be used as unique global reference for Pentesting AD Forests
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2019-04-03T00:00:00Z |
source | MITRE |
title | Pentesting Active Directory Forests |
U.S. CISA BlackTech September 27 2023
Cybersecurity and Infrastructure Security Agency. (2023, September 27). People's Republic of China-Linked Cyber Actors Hide in Router Firmware. Retrieved September 29, 2023.
Internal MISP references
UUID 309bfb48-76d1-4ae9-9c6a-30b54658133c
which can be used as unique global reference for U.S. CISA BlackTech September 27 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-29T00:00:00Z |
date_published | 2023-09-27T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | People's Republic of China-Linked Cyber Actors Hide in Router Firmware |
U.S. CISA Volt Typhoon May 24 2023
Cybersecurity and Infrastructure Security Agency. (2023, May 24). People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection. Retrieved May 25, 2023.
Internal MISP references
UUID 12320f38-ebbf-486a-a450-8a548c3722d6
which can be used as unique global reference for U.S. CISA Volt Typhoon May 24 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-25T00:00:00Z |
date_published | 2023-05-24T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection |
Joint Cybersecurity Advisory Volt Typhoon June 2023
NSA et al. (2023, May 24). People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection. Retrieved July 27, 2023.
Internal MISP references
UUID 14872f08-e219-5c0d-a2d7-43a3ba348b4b
which can be used as unique global reference for Joint Cybersecurity Advisory Volt Typhoon June 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-27T00:00:00Z |
date_published | 2023-05-24T00:00:00Z |
source | MITRE |
title | People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection |
TechNet Firewall Design
Microsoft. (2004, February 6). Perimeter Firewall Design. Retrieved April 25, 2016.
Internal MISP references
UUID bb149242-1916-400d-93b8-d0def161ed85
which can be used as unique global reference for TechNet Firewall Design
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-25T00:00:00Z |
date_published | 2004-02-06T00:00:00Z |
source | MITRE |
title | Perimeter Firewall Design |
Oddvar Moe IFEO APR 2018
Moe, O. (2018, April 10). Persistence using GlobalFlags in Image File Execution Options - Hidden from Autoruns.exe. Retrieved June 27, 2018.
Internal MISP references
UUID 8661b51c-ddb7-484f-919d-22079c39d1e4
which can be used as unique global reference for Oddvar Moe IFEO APR 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-06-27T00:00:00Z |
date_published | 2018-04-10T00:00:00Z |
source | MITRE |
title | Persistence using GlobalFlags in Image File Execution Options - Hidden from Autoruns.exe |
Oddvar Moe RunOnceEx Mar 2018
Moe, O. (2018, March 21). Persistence using RunOnceEx - Hidden from Autoruns.exe. Retrieved June 29, 2018.
Internal MISP references
UUID 36d52213-8d9f-4642-892b-40460d5631d7
which can be used as unique global reference for Oddvar Moe RunOnceEx Mar 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-06-29T00:00:00Z |
date_published | 2018-03-21T00:00:00Z |
source | MITRE |
title | Persistence using RunOnceEx - Hidden from Autoruns.exe |
Xorrior Authorization Plugins
Chris Ross. (2018, October 17). Persistent Credential Theft with Authorization Plugins. Retrieved April 22, 2021.
Internal MISP references
UUID e397815d-34ea-4275-90d8-1b85e5b47369
which can be used as unique global reference for Xorrior Authorization Plugins
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-22T00:00:00Z |
date_published | 2018-10-17T00:00:00Z |
source | MITRE |
title | Persistent Credential Theft with Authorization Plugins |
SpecterOps JXA 2020
Pitt, L. (2020, August 6). Persistent JXA. Retrieved April 14, 2021.
Internal MISP references
UUID d9b6bb05-6ab4-4f5e-9ef0-f3e0cc97ce29
which can be used as unique global reference for SpecterOps JXA 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-14T00:00:00Z |
date_published | 2020-08-06T00:00:00Z |
source | MITRE |
title | Persistent JXA |
PersistentJXA_leopitt
Leo Pitt. (2020, August 6). Persistent JXA - A poor man's Powershell for macOS. Retrieved January 11, 2021.
Internal MISP references
UUID 2d66932e-1b73-4255-a9a8-ea8effb3a776
which can be used as unique global reference for PersistentJXA_leopitt
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-11T00:00:00Z |
date_published | 2020-08-06T00:00:00Z |
source | MITRE |
title | Persistent JXA - A poor man's Powershell for macOS |
Pester.bat - LOLBAS Project
LOLBAS. (2018, May 25). Pester.bat. Retrieved December 4, 2023.
Internal MISP references
UUID 93f281f6-6fcc-474a-b222-b303ea417a18
which can be used as unique global reference for Pester.bat - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Pester.bat |
TrendMicro PE_URSNIF.A2
Trend Micro. (2014, December 11). PE_URSNIF.A2. Retrieved June 5, 2019.
Internal MISP references
UUID 71f5b9da-b882-4376-ac93-b4ce952d0271
which can be used as unique global reference for TrendMicro PE_URSNIF.A2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-05T00:00:00Z |
date_published | 2014-12-11T00:00:00Z |
source | MITRE |
title | PE_URSNIF.A2 |
Volatility Phalanx2
Case, A. (2012, October 10). Phalanx 2 Revealed: Using Volatility to Analyze an Advanced Linux Rootkit. Retrieved April 9, 2018.
Internal MISP references
UUID 6149f9ed-9218-489b-b87c-8208de89be68
which can be used as unique global reference for Volatility Phalanx2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-09T00:00:00Z |
date_published | 2012-10-10T00:00:00Z |
source | MITRE |
title | Phalanx 2 Revealed: Using Volatility to Analyze an Advanced Linux Rootkit |
Prevailion EvilNum May 2020
Adamitis, D. (2020, May 6). Phantom in the Command Shell. Retrieved December 22, 2021.
Internal MISP references
UUID 533b8ae2-2fc3-4cf4-bcaa-5d8bfcba91c0
which can be used as unique global reference for Prevailion EvilNum May 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-22T00:00:00Z |
date_published | 2020-05-06T00:00:00Z |
source | MITRE |
title | Phantom in the Command Shell |
GitHub Phishery
Ryan Hanson. (2016, September 24). phishery. Retrieved October 23, 2020.
Internal MISP references
UUID 6da51561-a813-4802-aa84-1b3de1bc2e14
which can be used as unique global reference for GitHub Phishery
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-23T00:00:00Z |
date_published | 2016-09-24T00:00:00Z |
source | MITRE |
title | phishery |
ryhanson phishery SEPT 2016
Hanson, R. (2016, September 24). phishery. Retrieved July 21, 2018.
Internal MISP references
UUID 7e643cf0-5df7-455d-add7-2342f36bdbcb
which can be used as unique global reference for ryhanson phishery SEPT 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-21T00:00:00Z |
date_published | 2016-09-24T00:00:00Z |
source | MITRE |
title | phishery |
ANSSI Nobelium Phishing December 2021
ANSSI. (2021, December 6). PHISHING CAMPAIGNS BY THE NOBELIUM INTRUSION SET. Retrieved April 13, 2022.
Internal MISP references
UUID 96ee2b87-9727-4914-affe-d9dc5d58c955
which can be used as unique global reference for ANSSI Nobelium Phishing December 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-13T00:00:00Z |
date_published | 2021-12-06T00:00:00Z |
source | MITRE |
title | PHISHING CAMPAIGNS BY THE NOBELIUM INTRUSION SET |
QR-campaign-energy-firm
Jonathan Greig. (2023, August 16). Phishing campaign used QR codes to target large energy company. Retrieved November 27, 2023.
Internal MISP references
UUID f73f45c8-4285-572e-b861-a0ded463a91e
which can be used as unique global reference for QR-campaign-energy-firm
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-27T00:00:00Z |
date_published | 2023-08-16T00:00:00Z |
source | MITRE |
title | Phishing campaign used QR codes to target large energy company |
Enigma Phishing for Credentials Jan 2015
Nelson, M. (2015, January 21). Phishing for Credentials: If you want it, just ask!. Retrieved December 17, 2018.
Internal MISP references
UUID 7fff81f0-2b99-4f4f-8eca-c6a54c4d8205
which can be used as unique global reference for Enigma Phishing for Credentials Jan 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-12-17T00:00:00Z |
date_published | 2015-01-21T00:00:00Z |
source | MITRE |
title | Phishing for Credentials: If you want it, just ask! |
KISA Operation Muzabi
KISA. (n.d.). Phishing Target Reconnaissance and Attack Resource Analysis Operation Muzabi. Retrieved March 7, 2022.
Internal MISP references
UUID 8742ac96-a316-4264-9d3d-265784483f1a
which can be used as unique global reference for KISA Operation Muzabi
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-07T00:00:00Z |
source | MITRE |
title | Phishing Target Reconnaissance and Attack Resource Analysis Operation Muzabi |
Staaldraad Phishing with OAuth 2017
Stalmans, E.. (2017, August 2). Phishing with OAuth and o365/Azure. Retrieved October 4, 2019.
Internal MISP references
UUID ae139c14-05ec-4c75-861b-15d86b4913fc
which can be used as unique global reference for Staaldraad Phishing with OAuth 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-04T00:00:00Z |
date_published | 2017-08-02T00:00:00Z |
source | MITRE |
title | Phishing with OAuth and o365/Azure |
phobos_virustotal
Phobos Ransomware. (2020, December 30). Phobos Ransomware, Fast.exe. Retrieved September 20, 2021.
Internal MISP references
UUID 929dbb22-34a5-4377-95dd-9e240ecb343a
which can be used as unique global reference for phobos_virustotal
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-20T00:00:00Z |
date_published | 2020-12-30T00:00:00Z |
source | MITRE |
title | Phobos Ransomware, Fast.exe |
Deep Instinct PhonyC2 June 2023
Simon Kenin. (2023, June 29). PhonyC2: Revealing a New Malicious Command & Control Framework by MuddyWater. Retrieved October 10, 2023.
Internal MISP references
UUID fd42ac0b-eae5-41bb-b56c-cb1c6d19857b
which can be used as unique global reference for Deep Instinct PhonyC2 June 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-10T00:00:00Z |
date_published | 2023-06-29T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | PhonyC2: Revealing a New Malicious Command & Control Framework by MuddyWater |
Talos Remcos Aug 2018
Brumaghin, E., Unterbrink, H. (2018, August 22). Picking Apart Remcos Botnet-In-A-Box. Retrieved November 6, 2018.
Internal MISP references
UUID c5cb2eff-ed48-47ff-bfd6-79152bf51430
which can be used as unique global reference for Talos Remcos Aug 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-06T00:00:00Z |
date_published | 2018-08-22T00:00:00Z |
source | MITRE |
title | Picking Apart Remcos Botnet-In-A-Box |
FireEye FIN6 Apr 2019
McKeague, B. et al. (2019, April 5). Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware. Retrieved April 17, 2019.
Internal MISP references
UUID e8a2bc6a-04e3-484e-af67-5f57656c7206
which can be used as unique global reference for FireEye FIN6 Apr 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-17T00:00:00Z |
date_published | 2019-04-05T00:00:00Z |
source | MITRE |
title | Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware |
Picus Labs Proc cump 2022
Huseyin Can YUCEEL & Picus Labs. (2022, March 22). Retrieved March 31, 2023.
Internal MISP references
UUID e8a50a79-6ca4-5c91-87ad-0b1ba9eca505
which can be used as unique global reference for Picus Labs Proc cump 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-31T00:00:00Z |
source | MITRE |
title | Picus Labs Proc cump 2022 |
wired-pig butchering
Lily Hay Newman. (n.d.). ‘Pig Butchering’ Scams Are Now a $3 Billion Threat. Retrieved August 18, 2023.
Internal MISP references
UUID dc833e17-7105-5790-b30b-b4fed7fd2d2f
which can be used as unique global reference for wired-pig butchering
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-18T00:00:00Z |
source | MITRE |
title | ‘Pig Butchering’ Scams Are Now a $3 Billion Threat |
Malwarebytes Pikabot December 15 2023
Jérôme Segura. (2023, December 15). PikaBot distributed via malicious search ads. Retrieved January 11, 2023.
Internal MISP references
UUID 50b29ef4-7ade-4672-99b6-fdf367170a5b
which can be used as unique global reference for Malwarebytes Pikabot December 15 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-01-11T00:00:00Z |
date_published | 2023-12-15T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | PikaBot distributed via malicious search ads |
Trustwave Pillowmint June 2020
Trustwave SpiderLabs. (2020, June 22). Pillowmint: FIN7’s Monkey Thief . Retrieved July 27, 2020.
Internal MISP references
UUID 31bf381d-a0fc-4a4f-8d39-832480891685
which can be used as unique global reference for Trustwave Pillowmint June 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-27T00:00:00Z |
date_published | 2020-06-22T00:00:00Z |
source | MITRE |
title | Pillowmint: FIN7’s Monkey Thief |
TechNet Ping
Microsoft. (n.d.). Ping. Retrieved April 8, 2016.
Internal MISP references
UUID 5afc8ad5-f50d-464f-ba84-e347b3f3e994
which can be used as unique global reference for TechNet Ping
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-08T00:00:00Z |
source | MITRE |
title | Ping |
Pass The Cookie
Rehberger, J. (2018, December). Pivot to the Cloud using Pass the Cookie. Retrieved April 5, 2019.
Internal MISP references
UUID dc67930f-5c7b-41be-97e9-d8f4a55e6019
which can be used as unique global reference for Pass The Cookie
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-05T00:00:00Z |
date_published | 2018-12-01T00:00:00Z |
source | MITRE |
title | Pivot to the Cloud using Pass the Cookie |
Pktmon.exe - LOLBAS Project
LOLBAS. (2020, August 12). Pktmon.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 8f0ad4ed-869b-4332-b091-7551262cff29
which can be used as unique global reference for Pktmon.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-08-12T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Pktmon.exe |
Osanda Stealing NetNTLM Hashes
Osanda Malith Jayathissa. (2017, March 24). Places of Interest in Stealing NetNTLM Hashes. Retrieved January 26, 2018.
Internal MISP references
UUID 991f885e-b3f4-4f3f-b0f9-c9862f918f36
which can be used as unique global reference for Osanda Stealing NetNTLM Hashes
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-26T00:00:00Z |
date_published | 2017-03-24T00:00:00Z |
source | MITRE |
title | Places of Interest in Stealing NetNTLM Hashes |
Microsoft PLATINUM June 2017
Kaplan, D, et al. (2017, June 7). PLATINUM continues to evolve, find ways to maintain invisibility. Retrieved February 19, 2018.
Internal MISP references
UUID e71c669e-50bc-4e91-8cee-7cbedab420d1
which can be used as unique global reference for Microsoft PLATINUM June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-19T00:00:00Z |
date_published | 2017-06-07T00:00:00Z |
source | MITRE |
title | PLATINUM continues to evolve, find ways to maintain invisibility |
Microsoft PLATINUM April 2016
Windows Defender Advanced Threat Hunting Team. (2016, April 29). PLATINUM: Targeted attacks in South and Southeast Asia. Retrieved February 15, 2018.
Internal MISP references
UUID d0ec5037-aa7f-48ee-8d37-ff8fb2c8c297
which can be used as unique global reference for Microsoft PLATINUM April 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-15T00:00:00Z |
date_published | 2016-04-29T00:00:00Z |
source | MITRE, Tidal Cyber |
title | PLATINUM: Targeted attacks in South and Southeast Asia |
Forcepoint Felismus Mar 2017
Somerville, L. and Toro, A. (2017, March 30). Playing Cat & Mouse: Introducing the Felismus Malware. Retrieved November 16, 2017.
Internal MISP references
UUID 23b94586-3856-4937-9b02-4fe184b7ba01
which can be used as unique global reference for Forcepoint Felismus Mar 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-16T00:00:00Z |
date_published | 2017-03-30T00:00:00Z |
source | MITRE |
title | Playing Cat & Mouse: Introducing the Felismus Malware |
Symantec Play Ransomware April 19 2023
Symantec Threat Hunter Team. (2023, April 19). Play Ransomware Group Using New Custom Data-Gathering Tools. Retrieved August 10, 2023.
Internal MISP references
UUID a78613a5-ce17-4d11-8f2f-3e642cd7673c
which can be used as unique global reference for Symantec Play Ransomware April 19 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-10T00:00:00Z |
date_published | 2023-04-19T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Play Ransomware Group Using New Custom Data-Gathering Tools |
Trend Micro Play Ransomware September 06 2022
Don Ovid Ladores, Lucas Silva, Scott Burden, Janus Agcaoili, Ivan Nicole Chavez, Ian Kenefick, Ieriz Nicolle Gonzalez, Paul Pajares. (2022, September 6). Play Ransomware's Attack Playbook Similar to that of Hive, Nokoyawa. Retrieved September 21, 2023.
Internal MISP references
UUID ed02529c-920d-4a92-8e86-be1ed7083991
which can be used as unique global reference for Trend Micro Play Ransomware September 06 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-21T00:00:00Z |
date_published | 2022-09-06T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Play Ransomware's Attack Playbook Similar to that of Hive, Nokoyawa |
Trend Micro Play Playbook September 06 2022
Don Ovid Ladores, Lucas Silva, Scott Burden, Janus Agcaoili, Ivan Nicole Chavez, Ian Kenefick, Ieriz Nicolle Gonzalez, Paul Pajares. (2022, September 6). Play Ransomware's Attack Playbook Similar to that of Hive, Nokoyawa. Retrieved August 10, 2023.
Internal MISP references
UUID 2d2b527d-25b0-4b58-9ae6-c87060b64069
which can be used as unique global reference for Trend Micro Play Playbook September 06 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-10T00:00:00Z |
date_published | 2022-09-06T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Play Ransomware's Attack Playbook Similar to that of Hive, Nokoyawa |
JPCert PLEAD Downloader June 2018
Tomonaga, S. (2018, June 8). PLEAD Downloader Used by BlackTech. Retrieved May 6, 2020.
Internal MISP references
UUID 871f4af2-ed99-4256-a74d-b8c0816a82ab
which can be used as unique global reference for JPCert PLEAD Downloader June 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-06T00:00:00Z |
date_published | 2018-06-08T00:00:00Z |
source | MITRE |
title | PLEAD Downloader Used by BlackTech |
Trend Micro PLEAD RTLO
Alintanahin, K.. (2014, May 23). PLEAD Targeted Attacks Against Taiwanese Government Agencies. Retrieved April 22, 2019.
Internal MISP references
UUID 9a052eba-1708-44c9-a20f-8b4ef208fa14
which can be used as unique global reference for Trend Micro PLEAD RTLO
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-22T00:00:00Z |
date_published | 2014-05-23T00:00:00Z |
source | MITRE |
title | PLEAD Targeted Attacks Against Taiwanese Government Agencies |
fileinfo plist file description
FileInfo.com team. (2019, November 26). .PLIST File Extension. Retrieved October 12, 2021.
Internal MISP references
UUID 24331b9d-68af-4db2-887f-3a984b6c5783
which can be used as unique global reference for fileinfo plist file description
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-12T00:00:00Z |
date_published | 2019-11-26T00:00:00Z |
source | MITRE |
title | .PLIST File Extension |
Pnputil.exe - LOLBAS Project
LOLBAS. (2020, December 25). Pnputil.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 21d0419a-5454-4808-b7e6-2b1b9de08ed6
which can be used as unique global reference for Pnputil.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-12-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Pnputil.exe |
uptycs Fake POC linux malware 2023
Nischay Hegde and Siddartha Malladi. (2023, July 12). PoC Exploit: Fake Proof of Concept with Backdoor Malware. Retrieved September 28, 2023.
Internal MISP references
UUID edc18649-2fcf-5fb3-a717-db4bb28ca25f
which can be used as unique global reference for uptycs Fake POC linux malware 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-28T00:00:00Z |
date_published | 2023-07-12T00:00:00Z |
source | MITRE |
title | PoC Exploit: Fake Proof of Concept with Backdoor Malware |
GitHub SIP POC Sept 2017
Graeber, M. (2017, September 14). PoCSubjectInterfacePackage. Retrieved January 31, 2018.
Internal MISP references
UUID 1a9bc729-532b-47ab-89ba-90b0ff41f8aa
which can be used as unique global reference for GitHub SIP POC Sept 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-31T00:00:00Z |
date_published | 2017-09-14T00:00:00Z |
source | MITRE |
title | PoCSubjectInterfacePackage |
Kube Pod
kubenetes. (n.d.). Pod v1 core. Retrieved October 13, 2021.
Internal MISP references
UUID 8a7a4a51-e16d-447e-8f1e-c02d6dae3e26
which can be used as unique global reference for Kube Pod
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-13T00:00:00Z |
source | MITRE |
title | Pod v1 core |
Talos PoetRAT October 2020
Mercer, W. Rascagneres, P. Ventura, V. (2020, October 6). PoetRAT: Malware targeting public and private sector in Azerbaijan evolves . Retrieved April 9, 2021.
Internal MISP references
UUID 5862c90a-3bae-48d0-8749-9a6510fe3630
which can be used as unique global reference for Talos PoetRAT October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-09T00:00:00Z |
date_published | 2020-10-06T00:00:00Z |
source | MITRE |
title | PoetRAT: Malware targeting public and private sector in Azerbaijan evolves |
Talos PoetRAT April 2020
Mercer, W, et al. (2020, April 16). PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors. Retrieved April 27, 2020.
Internal MISP references
UUID fe2a79a5-bc50-4147-b919-f3d0eb7430b6
which can be used as unique global reference for Talos PoetRAT April 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-04-27T00:00:00Z |
date_published | 2020-04-16T00:00:00Z |
source | MITRE |
title | PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors |
Talos Zeus Panda Nov 2017
Brumaghin, E., et al. (2017, November 02). Poisoning the Well: Banking Trojan Targets Google Search Results. Retrieved November 5, 2018.
Internal MISP references
UUID f96711d4-010d-4d7e-8074-31dd1b41c54d
which can be used as unique global reference for Talos Zeus Panda Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-05T00:00:00Z |
date_published | 2017-11-02T00:00:00Z |
source | MITRE |
title | Poisoning the Well: Banking Trojan Targets Google Search Results |
FireEye Poison Ivy
FireEye. (2014). POISON IVY: Assessing Damage and Extracting Intelligence. Retrieved November 12, 2014.
Internal MISP references
UUID c189447e-a903-4dc2-a38b-1f4accc64e20
which can be used as unique global reference for FireEye Poison Ivy
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
date_published | 2014-01-01T00:00:00Z |
source | MITRE |
title | POISON IVY: Assessing Damage and Extracting Intelligence |
Umbreon Trend Micro
Fernando Mercês. (2016, September 5). Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems. Retrieved March 5, 2018.
Internal MISP references
UUID 38d9c5a2-8fa5-4cb7-a1a9-86b3f54c1eb7
which can be used as unique global reference for Umbreon Trend Micro
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-05T00:00:00Z |
date_published | 2016-09-05T00:00:00Z |
source | MITRE |
title | Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems |
AWS IAM Policies and Permissions
AWS. (n.d.). Policies and permissions in IAM. Retrieved April 1, 2022.
Internal MISP references
UUID 9bb520fa-0c4f-48aa-8b0a-8f1d42ee1d0c
which can be used as unique global reference for AWS IAM Policies and Permissions
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-01T00:00:00Z |
source | MITRE |
title | Policies and permissions in IAM |
EnableMPRNotifications
Microsoft. (2023, January 26). Policy CSP - WindowsLogon. Retrieved March 30, 2023.
Internal MISP references
UUID 36a7ed58-95ef-594f-a15b-5c3b5911a630
which can be used as unique global reference for EnableMPRNotifications
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-30T00:00:00Z |
date_published | 2023-01-26T00:00:00Z |
source | MITRE |
title | Policy CSP - WindowsLogon |
Microsoft DirSync
Microsoft. (n.d.). Polling for Changes Using the DirSync Control. Retrieved March 30, 2018.
Internal MISP references
UUID 6b7ad651-8c48-462d-90db-07ed3d570118
which can be used as unique global reference for Microsoft DirSync
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-30T00:00:00Z |
source | MITRE |
title | Polling for Changes Using the DirSync Control |
Polyglot Files: a Hacker’s best friend
Li, V. (2019, October 2). Polyglot Files: a Hacker’s best friend. Retrieved September 27, 2022.
Internal MISP references
UUID ea9c1fc9-41d7-5629-b714-62f9ecf70e3b
which can be used as unique global reference for Polyglot Files: a Hacker’s best friend
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-27T00:00:00Z |
date_published | 2019-10-02T00:00:00Z |
source | MITRE |
title | Polyglot Files: a Hacker’s best friend |
CheckPoint Redaman October 2019
Eisenkraft, K., Olshtein, A. (2019, October 17). Pony’s C&C servers hidden inside the Bitcoin blockchain. Retrieved June 15, 2020.
Internal MISP references
UUID ce64739e-1311-4e1b-8352-ff941786ff39
which can be used as unique global reference for CheckPoint Redaman October 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-15T00:00:00Z |
date_published | 2019-10-17T00:00:00Z |
source | MITRE |
title | Pony’s C&C servers hidden inside the Bitcoin blockchain |
Kaspersky Poseidon Group
Kaspersky Lab's Global Research and Analysis Team. (2016, February 9). Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage. Retrieved March 16, 2016.
Internal MISP references
UUID e53bc63e-986f-4d48-a6b7-ed8e93494ed5
which can be used as unique global reference for Kaspersky Poseidon Group
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-16T00:00:00Z |
date_published | 2016-02-09T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage |
Breach Post-mortem SSH Hijack
Hodgson, M. (2019, May 8). Post-mortem and remediations for Apr 11 security incident. Retrieved February 17, 2020.
Internal MISP references
UUID f1d15b92-8840-45ae-b23d-0cba20fc22cc
which can be used as unique global reference for Breach Post-mortem SSH Hijack
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-17T00:00:00Z |
date_published | 2019-05-08T00:00:00Z |
source | MITRE |
title | Post-mortem and remediations for Apr 11 security incident |
Elastic Docs Potential Protocol Tunneling via EarthWorm
Elastic. (n.d.). Potential Protocol Tunneling via EarthWorm. Retrieved July 7, 2023.
Internal MISP references
UUID a02790a1-f7c5-43b6-bc7e-075b2c0aa791
which can be used as unique global reference for Elastic Docs Potential Protocol Tunneling via EarthWorm
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Potential Protocol Tunneling via EarthWorm |
sus mofcomp
detection.fyi. (2023, October 28). Potential Suspicious Mofcomp Execution. Retrieved February 9, 2024.
Internal MISP references
UUID c0cdb878-ef43-570a-8d5b-d643ec01f435
which can be used as unique global reference for sus mofcomp
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-09T00:00:00Z |
date_published | 2023-10-28T00:00:00Z |
source | MITRE |
title | Potential Suspicious Mofcomp Execution |
This is Security Command Line Confusion
B. Ancel. (2014, August 20). Poweliks – Command Line Confusion. Retrieved March 5, 2018.
Internal MISP references
UUID 49a21bba-b77d-4b0e-b666-20ef2826e92c
which can be used as unique global reference for This is Security Command Line Confusion
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-05T00:00:00Z |
date_published | 2014-08-20T00:00:00Z |
source | MITRE |
title | Poweliks – Command Line Confusion |
TrendMicro POWELIKS AUG 2014
Santos, R. (2014, August 1). POWELIKS: Malware Hides In Windows Registry. Retrieved August 9, 2018.
Internal MISP references
UUID 4a42df15-4d09-4f4f-8333-2b41356fdb80
which can be used as unique global reference for TrendMicro POWELIKS AUG 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-09T00:00:00Z |
date_published | 2014-08-01T00:00:00Z |
source | MITRE |
title | POWELIKS: Malware Hides In Windows Registry |
Microsoft: Powercfg command-line options
Microsoft. (2021, December 15). Powercfg command-line options. Retrieved June 5, 2023.
Internal MISP references
UUID d9b5be77-5e44-5786-a683-82642b8dd8c9
which can be used as unique global reference for Microsoft: Powercfg command-line options
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-05T00:00:00Z |
date_published | 2021-12-15T00:00:00Z |
source | MITRE |
title | Powercfg command-line options |
Volexity PowerDuke November 2016
Adair, S.. (2016, November 9). PowerDuke: Widespread Post-Election Spear Phishing Campaigns Targeting Think Tanks and NGOs. Retrieved January 11, 2017.
Internal MISP references
UUID 4026c055-6020-41bb-a4c8-54b308867023
which can be used as unique global reference for Volexity PowerDuke November 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-01-11T00:00:00Z |
date_published | 2016-11-09T00:00:00Z |
source | MITRE |
title | PowerDuke: Widespread Post-Election Spear Phishing Campaigns Targeting Think Tanks and NGOs |
Cybereason PowerLess February 2022
Cybereason Nocturnus. (2022, February 1). PowerLess Trojan: Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage. Retrieved June 1, 2022.
Internal MISP references
UUID 095aaa25-b674-4313-bc4f-3227b00c0459
which can be used as unique global reference for Cybereason PowerLess February 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-01T00:00:00Z |
date_published | 2022-02-01T00:00:00Z |
source | MITRE |
title | PowerLess Trojan: Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage |
MalwareTech Power Loader Aug 2013
MalwareTech. (2013, August 13). PowerLoader Injection – Something truly amazing. Retrieved December 16, 2017.
Internal MISP references
UUID 9a9a6ca1-d7c5-4385-924b-cdeffd66602e
which can be used as unique global reference for MalwareTech Power Loader Aug 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-16T00:00:00Z |
date_published | 2013-08-13T00:00:00Z |
source | MITRE |
title | PowerLoader Injection – Something truly amazing |
Powerpnt.exe - LOLBAS Project
LOLBAS. (2019, July 19). Powerpnt.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 23c48ab3-9426-4949-9a35-d1b9ecb4bb47
which can be used as unique global reference for Powerpnt.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2019-07-19T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Powerpnt.exe |
Sophos PowerShell Command History Forensics
Vikas, S. (2020, August 26). PowerShell Command History Forensics. Retrieved September 4, 2020.
Internal MISP references
UUID 9cff28da-c379-49e7-b971-7dccc72054fc
which can be used as unique global reference for Sophos PowerShell Command History Forensics
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-04T00:00:00Z |
date_published | 2020-08-26T00:00:00Z |
source | MITRE |
title | PowerShell Command History Forensics |
Microsoft PowerShell CLM
PowerShell Team. (2017, November 2). PowerShell Constrained Language Mode. Retrieved March 27, 2023.
Internal MISP references
UUID d6eaa28f-f900-528a-bba0-560a37c90a98
which can be used as unique global reference for Microsoft PowerShell CLM
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-27T00:00:00Z |
date_published | 2017-11-02T00:00:00Z |
source | MITRE |
title | PowerShell Constrained Language Mode |
SensePost PS DDE May 2016
El-Sherei, S. (2016, May 20). PowerShell, C-Sharp and DDE The Power Within. Retrieved November 22, 2017.
Internal MISP references
UUID 28b3c105-8d64-4767-a735-d353d1fee756
which can be used as unique global reference for SensePost PS DDE May 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-22T00:00:00Z |
date_published | 2016-05-20T00:00:00Z |
source | MITRE |
title | PowerShell, C-Sharp and DDE The Power Within |
Powersploit
PowerSploit. (n.d.). Retrieved December 4, 2014.
Internal MISP references
UUID 8e870f75-ed76-4898-bfbb-ad3c0c1ae0ca
which can be used as unique global reference for Powersploit
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-04T00:00:00Z |
source | MITRE |
title | Powersploit |
PowerShellMagazine PowerSploit July 2014
Graeber, M. (2014, July 8). PowerSploit. Retrieved February 6, 2018.
Internal MISP references
UUID 7765d4f7-bf2d-43b9-a87e-74114a092645
which can be used as unique global reference for PowerShellMagazine PowerSploit July 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-06T00:00:00Z |
date_published | 2014-07-08T00:00:00Z |
source | MITRE |
title | PowerSploit |
PowerSploit Documentation
PowerSploit. (n.d.). PowerSploit. Retrieved February 6, 2018.
Internal MISP references
UUID 56628e55-94cd-4c5e-8f5a-34ffb7a45174
which can be used as unique global reference for PowerSploit Documentation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-06T00:00:00Z |
source | MITRE |
title | PowerSploit |
GitHub PowerSploit May 2012
PowerShellMafia. (2012, May 26). PowerSploit - A PowerShell Post-Exploitation Framework. Retrieved February 6, 2018.
Internal MISP references
UUID ec3edb54-9f1b-401d-a265-cd8924e5cb2b
which can be used as unique global reference for GitHub PowerSploit May 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-06T00:00:00Z |
date_published | 2012-05-26T00:00:00Z |
source | MITRE |
title | PowerSploit - A PowerShell Post-Exploitation Framework |
byt3bl33d3r NTLM Relaying
Salvati, M. (2017, June 2). Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes). Retrieved February 7, 2019.
Internal MISP references
UUID 34deeec2-6edc-492c-bb35-5ccb1dc8e4df
which can be used as unique global reference for byt3bl33d3r NTLM Relaying
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-07T00:00:00Z |
date_published | 2017-06-02T00:00:00Z |
source | MITRE |
title | Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes) |
U.S. CISA Volt Typhoon February 7 2024
Cybersecurity and Infrastructure Security Agency. (2024, February 7). PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure. Retrieved February 9, 2024.
Internal MISP references
UUID c74f5ecf-8810-4670-b778-24171c078724
which can be used as unique global reference for U.S. CISA Volt Typhoon February 7 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-09T00:00:00Z |
date_published | 2024-02-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure |
Zimbra Preauth
Zimbra. (2023, March 16). Preauth. Retrieved May 31, 2023.
Internal MISP references
UUID f8931e8d-9a03-5407-857a-2a1c5a895eed
which can be used as unique global reference for Zimbra Preauth
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-31T00:00:00Z |
date_published | 2023-03-16T00:00:00Z |
source | MITRE |
title | Preauth |
Microsoft Preauthentication Jul 2012
Microsoft. (2012, July 18). Preauthentication. Retrieved August 24, 2020.
Internal MISP references
UUID edaf08ec-0a56-480a-93ef-eb8038147e5c
which can be used as unique global reference for Microsoft Preauthentication Jul 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-24T00:00:00Z |
date_published | 2012-07-18T00:00:00Z |
source | MITRE |
title | Preauthentication |
Elastic Predicting DGA
Ahuja, A., Anderson, H., Grant, D., Woodbridge, J.. (2016, November 2). Predicting Domain Generation Algorithms with Long Short-Term Memory Networks. Retrieved April 26, 2019.
Internal MISP references
UUID 4462e71d-0373-4fc0-8cde-93a2972bedd5
which can be used as unique global reference for Elastic Predicting DGA
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-26T00:00:00Z |
date_published | 2016-11-02T00:00:00Z |
source | MITRE |
title | Predicting Domain Generation Algorithms with Long Short-Term Memory Networks |
WithSecure SystemBC May 10 2021
Callum Roxan, Sami Ruohonen. (2021, May 10). Prelude to Ransomware: SystemBC. Retrieved September 21, 2023.
Internal MISP references
UUID 4004e072-9e69-4e81-a2b7-840e106cf3d9
which can be used as unique global reference for WithSecure SystemBC May 10 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-21T00:00:00Z |
date_published | 2021-05-10T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Prelude to Ransomware: SystemBC |
URI
Michael Cobb. (2007, October 11). Preparing for uniform resource identifier (URI) exploits. Retrieved February 9, 2024.
Internal MISP references
UUID 8bb388d4-b7d1-5778-b599-2ed42206b88b
which can be used as unique global reference for URI
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-09T00:00:00Z |
date_published | 2007-10-11T00:00:00Z |
source | MITRE |
title | Preparing for uniform resource identifier (URI) exploits |
Presentationhost.exe - LOLBAS Project
LOLBAS. (2018, May 25). Presentationhost.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 37539e72-18f5-435a-a949-f9fa5991149a
which can be used as unique global reference for Presentationhost.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Presentationhost.exe |
Microsoft Sub Takeover 2020
Microsoft. (2020, September 29). Prevent dangling DNS entries and avoid subdomain takeover. Retrieved October 12, 2020.
Internal MISP references
UUID b8005a55-7e77-4dc1-abed-f75a0a3d8afb
which can be used as unique global reference for Microsoft Sub Takeover 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-12T00:00:00Z |
date_published | 2020-09-29T00:00:00Z |
source | MITRE |
title | Prevent dangling DNS entries and avoid subdomain takeover |
Microsoft Preventing SMB
Microsoft. (2020, March 10). Preventing SMB traffic from lateral connections and entering or leaving the network. Retrieved June 1, 2020.
Internal MISP references
UUID cd2fd958-63ce-4ac9-85e6-bb32f29d88b0
which can be used as unique global reference for Microsoft Preventing SMB
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-01T00:00:00Z |
date_published | 2020-03-10T00:00:00Z |
source | MITRE |
title | Preventing SMB traffic from lateral connections and entering or leaving the network |
Palo Alto Prince of Persia
Bar, T., Conant, S., Efraim, L. (2016, June 28). Prince of Persia – Game Over. Retrieved July 5, 2017.
Internal MISP references
UUID e08bfc40-a580-4fa3-9531-d5e1bede374e
which can be used as unique global reference for Palo Alto Prince of Persia
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-05T00:00:00Z |
date_published | 2016-06-28T00:00:00Z |
source | MITRE |
title | Prince of Persia – Game Over |
PrintBrm.exe - LOLBAS Project
LOLBAS. (2021, June 21). PrintBrm.exe. Retrieved December 4, 2023.
Internal MISP references
UUID a7ab6f09-c22f-4627-afb1-c13a963efca5
which can be used as unique global reference for PrintBrm.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-06-21T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | PrintBrm.exe |
Print.exe - LOLBAS Project
LOLBAS. (2018, May 25). Print.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 696ce89a-b3a1-4993-b30d-33a669a57031
which can be used as unique global reference for Print.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Print.exe |
PrivateLoader: The first step in many malware schemes | Intel471
Intel471. (2022, February 8). PrivateLoader: The first step in many malware schemes. Retrieved May 15, 2023.
Internal MISP references
UUID c84be284-03ad-4674-94db-03f264f2db9f
which can be used as unique global reference for PrivateLoader: The first step in many malware schemes | Intel471
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-15T00:00:00Z |
date_published | 2022-02-08T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | PrivateLoader: The first step in many malware schemes |
Rhino Google Cloud Privilege Escalation
Spencer Gietzen. (n.d.). Privilege Escalation in Google Cloud Platform – Part 1 (IAM). Retrieved September 21, 2023.
Internal MISP references
UUID 55173e12-9edc-5685-ac0b-acd51617cc6e
which can be used as unique global reference for Rhino Google Cloud Privilege Escalation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-21T00:00:00Z |
source | MITRE |
title | Privilege Escalation in Google Cloud Platform – Part 1 (IAM) |
Rhingo Security Labs GCP Privilege Escalation
Spencer Gietzen. (n.d.). Privilege Escalation in Google Cloud Platform – Part 1 (IAM). Retrieved May 27, 2022.
Internal MISP references
UUID 55373476-1cbe-49f5-aecb-69d60b336d38
which can be used as unique global reference for Rhingo Security Labs GCP Privilege Escalation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-27T00:00:00Z |
source | MITRE |
title | Privilege Escalation in Google Cloud Platform – Part 1 (IAM) |
FireEye APT19
Ahl, I. (2017, June 06). Privileges and Credentials: Phished at the Request of Counsel. Retrieved May 17, 2018.
Internal MISP references
UUID d75508b1-8b85-47c9-a087-bc64e8e4cb33
which can be used as unique global reference for FireEye APT19
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-17T00:00:00Z |
date_published | 2017-06-06T00:00:00Z |
source | MITRE |
title | Privileges and Credentials: Phished at the Request of Counsel |
Anomali Static Kitten February 2021
Mele, G. et al. (2021, February 10). Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies. Retrieved March 17, 2021.
Internal MISP references
UUID 710ed789-de1f-4601-a8ba-32147827adcb
which can be used as unique global reference for Anomali Static Kitten February 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-17T00:00:00Z |
date_published | 2021-02-10T00:00:00Z |
source | MITRE |
title | Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies |
sus mofcomp dos
The DFIR Report. (2023, January 8). proc_creation_win_mofcomp_execution.yml. Retrieved February 9, 2024.
Internal MISP references
UUID f7c4e24f-b91e-574f-8b16-fb93295ef9d8
which can be used as unique global reference for sus mofcomp dos
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-09T00:00:00Z |
date_published | 2023-01-08T00:00:00Z |
source | MITRE |
title | proc_creation_win_mofcomp_execution.yml |
Procdump.exe - LOLBAS Project
LOLBAS. (2020, October 14). Procdump.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 3e37fe71-71d0-424e-96ff-81070e2571ae
which can be used as unique global reference for Procdump.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-10-14T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Procdump.exe |
Microsoft Process Creation Flags May 2018
Schofield, M. & Satran, M. (2018, May 30). Process Creation Flags. Retrieved June 4, 2019.
Internal MISP references
UUID d4edd219-c91a-4ff1-8f22-10daa1057f29
which can be used as unique global reference for Microsoft Process Creation Flags May 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-04T00:00:00Z |
date_published | 2018-05-30T00:00:00Z |
source | MITRE |
title | Process Creation Flags |
hasherezade Process Doppelgänging Dec 2017
hasherezade. (2017, December 18). Process Doppelgänging – a new way to impersonate a process. Retrieved December 20, 2017.
Internal MISP references
UUID b7a86159-7005-4b61-8b4e-a3dcd77c6a7d
which can be used as unique global reference for hasherezade Process Doppelgänging Dec 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 2017-12-18T00:00:00Z |
source | MITRE |
title | Process Doppelgänging – a new way to impersonate a process |
Microsoft Processes and Threads
Microsoft. (2018, May 31). Processes and Threads. Retrieved September 28, 2021.
Internal MISP references
UUID 250c689d-9a9c-4f02-8b99-ca43fbdaddae
which can be used as unique global reference for Microsoft Processes and Threads
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-28T00:00:00Z |
date_published | 2018-05-31T00:00:00Z |
source | MITRE |
title | Processes and Threads |
ProcessHacker Github
ProcessHacker. (2009, October 27). Process Hacker. Retrieved April 11, 2022.
Internal MISP references
UUID 3fc82a92-cfba-405d-b30e-22eba69ab1ee
which can be used as unique global reference for ProcessHacker Github
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-11T00:00:00Z |
date_published | 2009-10-27T00:00:00Z |
source | MITRE |
title | Process Hacker |
Leitch Hollowing
Leitch, J. (n.d.). Process Hollowing. Retrieved November 12, 2014.
Internal MISP references
UUID 8feb180a-bfad-42cb-b8ee-792c5088567a
which can be used as unique global reference for Leitch Hollowing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
source | MITRE |
title | Process Hollowing |
Korean FSI TA505 2020
Financial Security Institute. (2020, February 28). Profiling of TA505 Threat Group That Continues to Attack the Financial Sector. Retrieved July 14, 2022.
Internal MISP references
UUID d4e2c109-341c-45b3-9d41-3eb980724524
which can be used as unique global reference for Korean FSI TA505 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-14T00:00:00Z |
date_published | 2020-02-28T00:00:00Z |
source | MITRE |
title | Profiling of TA505 Threat Group That Continues to Attack the Financial Sector |
Microsoft Profiling Mar 2017
Microsoft. (2017, March 30). Profiling Overview. Retrieved June 24, 2020.
Internal MISP references
UUID eb0909ea-616c-4d79-b145-ee2f1ae539fb
which can be used as unique global reference for Microsoft Profiling Mar 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-24T00:00:00Z |
date_published | 2017-03-30T00:00:00Z |
source | MITRE |
title | Profiling Overview |
Microsoft Win32
Microsoft. (n.d.). Programming reference for the Win32 API. Retrieved March 15, 2020.
Internal MISP references
UUID 585b9975-3cfb-4485-a9eb-5eea337ebd3c
which can be used as unique global reference for Microsoft Win32
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-15T00:00:00Z |
source | MITRE |
title | Programming reference for the Win32 API |
CameraShy
ThreatConnect Inc. and Defense Group Inc. (DGI). (2015, September 23). Project CameraShy: Closing the Aperture on China's Unit 78020. Retrieved December 17, 2015.
Internal MISP references
UUID 9942b6a5-6ffb-4a26-9392-6c8bb9954997
which can be used as unique global reference for CameraShy
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-12-17T00:00:00Z |
date_published | 2015-09-23T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Project CameraShy: Closing the Aperture on China's Unit 78020 |
Unit 42 ProjectM March 2016
Falcone, R. and Conant S. (2016, March 25). ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe. Retrieved September 2, 2021.
Internal MISP references
UUID adee82e6-a74a-4a91-ab5a-97847b135ca3
which can be used as unique global reference for Unit 42 ProjectM March 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-02T00:00:00Z |
date_published | 2016-03-25T00:00:00Z |
source | MITRE |
title | ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe |
Threatpost Sauron
Michael Mimoso. (2016, August 8). ProjectSauron APT On Par With Equation, Flame, Duqu. Retrieved January 10, 2024.
Internal MISP references
UUID 4d349f2f-c740-55c7-8e7b-b6957e382307
which can be used as unique global reference for Threatpost Sauron
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-10T00:00:00Z |
date_published | 2016-08-08T00:00:00Z |
source | MITRE |
title | ProjectSauron APT On Par With Equation, Flame, Duqu |
Kaspersky ProjectSauron Blog
Kaspersky Lab's Global Research & Analysis Team. (2016, August 8). ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms. Retrieved August 17, 2016.
Internal MISP references
UUID baeaa632-3fa5-4d2b-9537-ccc7674fd7d6
which can be used as unique global reference for Kaspersky ProjectSauron Blog
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-17T00:00:00Z |
date_published | 2016-08-08T00:00:00Z |
source | MITRE, Tidal Cyber |
title | ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms |
Kaspersky TajMahal April 2019
GReAT. (2019, April 10). Project TajMahal – a sophisticated new APT framework. Retrieved October 14, 2019.
Internal MISP references
UUID 1ed20522-52ae-4d0c-b42e-c680490958ac
which can be used as unique global reference for Kaspersky TajMahal April 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-14T00:00:00Z |
date_published | 2019-04-10T00:00:00Z |
source | MITRE |
title | Project TajMahal – a sophisticated new APT framework |
DarkReading FireEye FIN5 Oct 2015
Higgins, K. (2015, October 13). Prolific Cybercrime Gang Favors Legit Login Credentials. Retrieved October 4, 2017.
Internal MISP references
UUID afe0549d-dc1b-4bcf-9a1d-55698afd530e
which can be used as unique global reference for DarkReading FireEye FIN5 Oct 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-10-04T00:00:00Z |
date_published | 2015-10-13T00:00:00Z |
source | MITRE |
title | Prolific Cybercrime Gang Favors Legit Login Credentials |
Talos Promethium June 2020
Mercer, W. et al. (2020, June 29). PROMETHIUM extends global reach with StrongPity3 APT. Retrieved July 20, 2020.
Internal MISP references
UUID 188d990e-f0be-40f2-90f3-913dfe687d27
which can be used as unique global reference for Talos Promethium June 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-20T00:00:00Z |
date_published | 2020-06-29T00:00:00Z |
source | MITRE |
title | PROMETHIUM extends global reach with StrongPity3 APT |
Intel471 Pro-Russian Hacktivist 2022
Intel471. (2022, September 14). Pro-Russian Hacktivist Groups Target Ukraine Supporters. Retrieved April 30, 2024.
Internal MISP references
UUID f51610a7-1323-4cc4-85ec-2ebdab2a2a50
which can be used as unique global reference for Intel471 Pro-Russian Hacktivist 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-30T00:00:00Z |
date_published | 2022-09-14T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Pro-Russian Hacktivist Groups Target Ukraine Supporters |
TechNet Credential Guard
Lich, B. (2016, May 31). Protect derived domain credentials with Credential Guard. Retrieved June 1, 2016.
Internal MISP references
UUID d5b2446b-4685-490f-8181-1169cd049bee
which can be used as unique global reference for TechNet Credential Guard
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-01T00:00:00Z |
date_published | 2016-05-31T00:00:00Z |
source | MITRE |
title | Protect derived domain credentials with Credential Guard |
Microsoft Protected Users Security Group
Microsoft. (2016, October 12). Protected Users Security Group. Retrieved May 29, 2020.
Internal MISP references
UUID e6316ecd-da29-4928-a868-c9876badce62
which can be used as unique global reference for Microsoft Protected Users Security Group
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-29T00:00:00Z |
date_published | 2016-10-12T00:00:00Z |
source | MITRE |
title | Protected Users Security Group |
CISA Remote Monitoring and Management Software
CISA. (n.d.). Protecting Against Malicious Use of Remote Monitoring and Management Software. Retrieved February 2, 2023.
Internal MISP references
UUID 1ee55a8c-9e9d-520a-a3d3-1d2da57e0265
which can be used as unique global reference for CISA Remote Monitoring and Management Software
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-02T00:00:00Z |
source | MITRE |
title | Protecting Against Malicious Use of Remote Monitoring and Management Software |
Protecting Microsoft 365 From On-Premises Attacks
Microsoft. (2022, August 26). Protecting Microsoft 365 from on-premises attacks. Retrieved February 21, 2023.
Internal MISP references
UUID 95e19778-95ce-585a-892e-e6a8c20389f7
which can be used as unique global reference for Protecting Microsoft 365 From On-Premises Attacks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-21T00:00:00Z |
date_published | 2022-08-26T00:00:00Z |
source | MITRE |
title | Protecting Microsoft 365 from on-premises attacks |
SANS PsExec
Pilkington, M. (2012, December 17). Protecting Privileged Domain Accounts: PsExec Deep-Dive. Retrieved August 17, 2016.
Internal MISP references
UUID a8d1e40d-b291-443c-86cc-edf6db00b898
which can be used as unique global reference for SANS PsExec
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-17T00:00:00Z |
date_published | 2012-12-17T00:00:00Z |
source | MITRE |
title | Protecting Privileged Domain Accounts: PsExec Deep-Dive |
Docker Daemon Socket Protect
Docker. (n.d.). Protect the Docker Daemon Socket. Retrieved March 29, 2021.
Internal MISP references
UUID 48ce6b2c-57e7-4467-b0ea-3160ac46817e
which can be used as unique global reference for Docker Daemon Socket Protect
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-29T00:00:00Z |
source | MITRE |
title | Protect the Docker Daemon Socket |
Malwarebytes Emotet Dec 2017
Smith, A.. (2017, December 22). Protect your network from Emotet Trojan with Malwarebytes Endpoint Security. Retrieved January 17, 2019.
Internal MISP references
UUID 3642af0b-f14d-4860-a87c-fb57dc107a49
which can be used as unique global reference for Malwarebytes Emotet Dec 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-01-17T00:00:00Z |
date_published | 2017-12-22T00:00:00Z |
source | MITRE |
title | Protect your network from Emotet Trojan with Malwarebytes Endpoint Security |
ProtocolHandler.exe - LOLBAS Project
LOLBAS. (2022, July 24). ProtocolHandler.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 1f678111-dfa3-4c06-9359-816b9ca12cd0
which can be used as unique global reference for ProtocolHandler.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-07-24T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | ProtocolHandler.exe |
cybereason osx proton
Amit Serper. (2018, May 10). ProtonB What this Mac Malware Actually Does. Retrieved March 19, 2018.
Internal MISP references
UUID 9c43d646-9ac2-43b5-80b6-9e69dcb57617
which can be used as unique global reference for cybereason osx proton
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-19T00:00:00Z |
date_published | 2018-05-10T00:00:00Z |
source | MITRE |
title | ProtonB What this Mac Malware Actually Does |
Provlaunch.exe - LOLBAS Project
LOLBAS. (2023, June 30). Provlaunch.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 56a57369-4707-4dff-ad23-431109f24233
which can be used as unique global reference for Provlaunch.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2023-06-30T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Provlaunch.exe |
FBI Proxies Credential Stuffing
FBI. (2022, August 18). Proxies and Configurations Used for Credential Stuffing Attacks on Online Customer Accounts . Retrieved July 6, 2023.
Internal MISP references
UUID 17f9b7b0-3e1a-5d75-9030-da79fcccdb49
which can be used as unique global reference for FBI Proxies Credential Stuffing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-06T00:00:00Z |
date_published | 2022-08-18T00:00:00Z |
source | MITRE |
title | Proxies and Configurations Used for Credential Stuffing Attacks on Online Customer Accounts |
Sysdig Proxyjacking
Crystal Morin. (2023, April 4). Proxyjacking has Entered the Chat. Retrieved July 6, 2023.
Internal MISP references
UUID 26562be2-cab6-5867-9a43-d8a59c663596
which can be used as unique global reference for Sysdig Proxyjacking
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-06T00:00:00Z |
date_published | 2023-04-04T00:00:00Z |
source | MITRE |
title | Proxyjacking has Entered the Chat |
Password Protected Word Docs
Lawrence Abrams. (2017, July 12). PSA: Don't Open SPAM Containing Password Protected Word Docs. Retrieved January 5, 2022.
Internal MISP references
UUID fe6f3ee6-b0a4-4092-947b-48e02a9255c1
which can be used as unique global reference for Password Protected Word Docs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-05T00:00:00Z |
date_published | 2017-07-12T00:00:00Z |
source | MITRE |
title | PSA: Don't Open SPAM Containing Password Protected Word Docs |
Github PSAttack
Haight, J. (2016, April 21). PS>Attack. Retrieved June 1, 2016.
Internal MISP references
UUID 929e37ed-c230-4517-a2ef-b7896bd3e4a2
which can be used as unique global reference for Github PSAttack
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-01T00:00:00Z |
date_published | 2016-04-21T00:00:00Z |
source | MITRE |
title | PS>Attack |
PsExec Russinovich
Russinovich, M. (2004, June 28). PsExec. Retrieved December 17, 2015.
Internal MISP references
UUID d6216ce3-1e63-4bb1-b379-b530c8203a96
which can be used as unique global reference for PsExec Russinovich
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-12-17T00:00:00Z |
date_published | 2004-06-28T00:00:00Z |
source | MITRE |
title | PsExec |
SANS UAC Bypass
Medin, T. (2013, August 8). PsExec UAC Bypass. Retrieved June 3, 2016.
Internal MISP references
UUID 824739ac-633a-40e0-bb01-2bfd43714d67
which can be used as unique global reference for SANS UAC Bypass
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-03T00:00:00Z |
date_published | 2013-08-08T00:00:00Z |
source | MITRE |
title | PsExec UAC Bypass |
GitHub PSPKIAudit
HarmJ0y et al. (2021, June 16). PSPKIAudit. Retrieved August 2, 2022.
Internal MISP references
UUID ac3d5502-0ab9-446e-bf8c-22675f92f017
which can be used as unique global reference for GitHub PSPKIAudit
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-02T00:00:00Z |
date_published | 2021-06-16T00:00:00Z |
source | MITRE |
title | PSPKIAudit |
Psr.exe - LOLBAS Project
LOLBAS. (2020, June 27). Psr.exe. Retrieved December 4, 2023.
Internal MISP references
UUID a00782cf-f6b2-4b63-9d8d-97efe17e11c0
which can be used as unique global reference for Psr.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-06-27T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Psr.exe |
Microsoft PsSetCreateProcessNotifyRoutine routine
Microsoft. (n.d.). PsSetCreateProcessNotifyRoutine routine. Retrieved December 20, 2017.
Internal MISP references
UUID c407645d-1109-49a7-a4c0-51ec9cd54c8d
which can be used as unique global reference for Microsoft PsSetCreateProcessNotifyRoutine routine
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
source | MITRE |
title | PsSetCreateProcessNotifyRoutine routine |
PTRACE man
Kerrisk, M. (2020, February 9). PTRACE(2) - Linux Programmer's Manual. Retrieved February 21, 2020.
Internal MISP references
UUID fc5e63e7-090a-441b-8e34-9946e1840b49
which can be used as unique global reference for PTRACE man
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-21T00:00:00Z |
date_published | 2020-02-09T00:00:00Z |
source | MITRE |
title | PTRACE(2) - Linux Programmer's Manual |
Wikipedia Public Key Crypto
Wikipedia. (2017, June 29). Public-key cryptography. Retrieved July 5, 2017.
Internal MISP references
UUID 1b7514e7-477d-44a2-acee-d1819066dee4
which can be used as unique global reference for Wikipedia Public Key Crypto
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-05T00:00:00Z |
date_published | 2017-06-29T00:00:00Z |
source | MITRE |
title | Public-key cryptography |
SingHealth Breach Jan 2019
Committee of Inquiry into the Cyber Attack on SingHealth. (2019, January 10). Public Report of the Committee of Inquiry into the Cyber Attack on Singapore Health Services Private Limited's Patient Database. Retrieved June 29, 2020.
Internal MISP references
UUID d1f699e3-7c9d-4a95-ad58-f46e665a4d37
which can be used as unique global reference for SingHealth Breach Jan 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-29T00:00:00Z |
date_published | 2019-01-10T00:00:00Z |
source | MITRE |
title | Public Report of the Committee of Inquiry into the Cyber Attack on Singapore Health Services Private Limited's Patient Database |
pubprn
Jason Gerend. (2017, October 16). pubprn. Retrieved July 23, 2021.
Internal MISP references
UUID c845c67a-20ab-405c-95fe-2f667f83b886
which can be used as unique global reference for pubprn
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-07-23T00:00:00Z |
date_published | 2017-10-16T00:00:00Z |
source | MITRE |
title | pubprn |
Pubprn.vbs - LOLBAS Project
LOLBAS. (2018, May 25). Pubprn.vbs. Retrieved December 4, 2023.
Internal MISP references
UUID d2b6b9fd-5f80-41c0-ac22-06b78c86a9e5
which can be used as unique global reference for Pubprn.vbs - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Pubprn.vbs |
PaloAlto EncodedCommand March 2017
White, J. (2017, March 10). Pulling Back the Curtains on EncodedCommand PowerShell Attacks. Retrieved February 12, 2018.
Internal MISP references
UUID 069ef9af-3402-4b13-8c60-b397b0b0bfd7
which can be used as unique global reference for PaloAlto EncodedCommand March 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-12T00:00:00Z |
date_published | 2017-03-10T00:00:00Z |
source | MITRE |
title | Pulling Back the Curtains on EncodedCommand PowerShell Attacks |
Anomali Linux Rabbit 2018
Anomali Labs. (2018, December 6). Pulling Linux Rabbit/Rabbot Malware Out of a Hat. Retrieved March 4, 2019.
Internal MISP references
UUID e843eb47-21b0-44b9-8065-02aea0a0b05f
which can be used as unique global reference for Anomali Linux Rabbit 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-04T00:00:00Z |
date_published | 2018-12-06T00:00:00Z |
source | MITRE |
title | Pulling Linux Rabbit/Rabbot Malware Out of a Hat |
anomali-linux-rabbit
Anomali Threat Research. (2018, December 6). Pulling Linux Rabbit/Rabbot Malware Out of a Hat. Retrieved December 17, 2020.
Internal MISP references
UUID ec413dc7-028c-4153-9e98-abe85961747f
which can be used as unique global reference for anomali-linux-rabbit
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-17T00:00:00Z |
date_published | 2018-12-06T00:00:00Z |
source | MITRE |
title | Pulling Linux Rabbit/Rabbot Malware Out of a Hat |
CrowdStrike PUNK SPIDER
CrowdStrike. (n.d.). Punk Spider. Retrieved February 20, 2024.
Internal MISP references
UUID a16f89a4-5142-559b-acfa-f69ad9410bd2
which can be used as unique global reference for CrowdStrike PUNK SPIDER
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-20T00:00:00Z |
source | MITRE |
title | Punk Spider |
Menlo Security PureCrypter February 2023
Abhay Yadav. (2023, February 23). PureCrypter targets government entities through Discord. Retrieved May 10, 2023.
Internal MISP references
UUID 58b4eb62-4bdc-47fd-98b2-22dfff1b9dc3
which can be used as unique global reference for Menlo Security PureCrypter February 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-10T00:00:00Z |
date_published | 2023-02-23T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | PureCrypter targets government entities through Discord |
BleepingComputer Snowflake June 11 2024
Sergiu Gatlan. (2024, June 11). Pure Storage confirms data breach after Snowflake account hack. Retrieved June 13, 2024.
Internal MISP references
UUID 410920f2-8e0f-437b-928f-0a7b19a6b96e
which can be used as unique global reference for BleepingComputer Snowflake June 11 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-06-13T00:00:00Z |
date_published | 2024-06-11T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Pure Storage confirms data breach after Snowflake account hack |
Free Trial PurpleUrchin
Gamazo, William. Quist, Nathaniel.. (2023, January 5). PurpleUrchin Bypasses CAPTCHA and Steals Cloud Platform Resources. Retrieved February 28, 2024.
Internal MISP references
UUID 841f397d-d103-56d7-9854-7ce43c684879
which can be used as unique global reference for Free Trial PurpleUrchin
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-28T00:00:00Z |
date_published | 2023-01-05T00:00:00Z |
source | MITRE |
title | PurpleUrchin Bypasses CAPTCHA and Steals Cloud Platform Resources |
Cylance Putter Panda
Gross, J. and Walter, J.. (2016, January 12). Puttering into the Future.... Retrieved January 22, 2016.
Internal MISP references
UUID 058d6e8e-7ab9-4151-97de-1778ac95e18d
which can be used as unique global reference for Cylance Putter Panda
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-22T00:00:00Z |
date_published | 2016-01-12T00:00:00Z |
source | MITRE |
title | Puttering into the Future... |
Oddvar Moe ADS1 Jan 2018
Moe, O. (2018, January 14). Putting Data in Alternate Data Streams and How to Execute It. Retrieved June 30, 2018.
Internal MISP references
UUID 4a711970-870c-4710-9dbc-7cfebd2e315c
which can be used as unique global reference for Oddvar Moe ADS1 Jan 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-06-30T00:00:00Z |
date_published | 2018-01-14T00:00:00Z |
source | MITRE |
title | Putting Data in Alternate Data Streams and How to Execute It |
Oddvar Moe ADS2 Apr 2018
Moe, O. (2018, April 11). Putting Data in Alternate Data Streams and How to Execute It - Part 2. Retrieved June 30, 2018.
Internal MISP references
UUID b280f0c8-effe-45a4-a64a-a9a8b6ad2122
which can be used as unique global reference for Oddvar Moe ADS2 Apr 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-06-30T00:00:00Z |
date_published | 2018-04-11T00:00:00Z |
source | MITRE |
title | Putting Data in Alternate Data Streams and How to Execute It - Part 2 |
Moran RDPieces
Moran, B. (2020, November 18). Putting Together the RDPieces. Retrieved October 17, 2022.
Internal MISP references
UUID 794331fb-f1f2-4aaa-aae8-d1c4c95fb00f
which can be used as unique global reference for Moran RDPieces
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-10-17T00:00:00Z |
date_published | 2020-11-18T00:00:00Z |
source | MITRE |
title | Putting Together the RDPieces |
PuTTY Download Page
PuTTY. (n.d.). PuTTY Download Page. Retrieved November 16, 2023.
Internal MISP references
UUID bf278270-128e-483b-9f09-ce24f5f6ed80
which can be used as unique global reference for PuTTY Download Page
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | PuTTY Download Page |
Wikipedia pwdump
Wikipedia. (2007, August 9). pwdump. Retrieved June 22, 2016.
Internal MISP references
UUID 6a1a1ae1-a587-41f5-945f-011d6808e5b8
which can be used as unique global reference for Wikipedia pwdump
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-22T00:00:00Z |
date_published | 2007-08-09T00:00:00Z |
source | MITRE |
title | pwdump |
DFIR Pysa Nov 2020
THe DFIR Report. (2020, November 23). PYSA/Mespinoza Ransomware. Retrieved March 17, 2021.
Internal MISP references
UUID a00ae87e-6e64-4f1c-8639-adca436c217e
which can be used as unique global reference for DFIR Pysa Nov 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-17T00:00:00Z |
date_published | 2020-11-23T00:00:00Z |
source | MITRE |
title | PYSA/Mespinoza Ransomware |
NHS Digital Pysa Oct 2020
NHS Digital. (2020, October 10). Pysa Ransomware: Another 'big-game hunter' ransomware. Retrieved March 17, 2021.
Internal MISP references
UUID 5a853dfb-d935-4d85-a5bf-0ab5279fd32e
which can be used as unique global reference for NHS Digital Pysa Oct 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-17T00:00:00Z |
date_published | 2020-10-10T00:00:00Z |
source | MITRE |
title | Pysa Ransomware: Another 'big-game hunter' ransomware |
oletools toolkit
decalage2. (2019, December 3). python-oletools. Retrieved September 18, 2020.
Internal MISP references
UUID 9036fac0-dca8-4956-b0b4-469801adad28
which can be used as unique global reference for oletools toolkit
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-18T00:00:00Z |
date_published | 2019-12-03T00:00:00Z |
source | MITRE |
title | python-oletools |
GitHub PoshC2
Nettitude. (2018, July 23). Python Server for PoshC2. Retrieved April 23, 2019.
Internal MISP references
UUID 45e79c0e-a2f6-4b56-b621-4142756bd1b1
which can be used as unique global reference for GitHub PoshC2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-23T00:00:00Z |
date_published | 2018-07-23T00:00:00Z |
source | MITRE |
title | Python Server for PoshC2 |
Trend Micro Qakbot December 2020
Trend Micro. (2020, December 17). QAKBOT: A decade-old malware still with new tricks. Retrieved September 27, 2021.
Internal MISP references
UUID c061ce45-1452-4c11-9586-bd5eb2d718ab
which can be used as unique global reference for Trend Micro Qakbot December 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-27T00:00:00Z |
date_published | 2020-12-17T00:00:00Z |
source | MITRE |
title | QAKBOT: A decade-old malware still with new tricks |
Cyberint Qakbot May 2021
Cyberint. (2021, May 25). Qakbot Banking Trojan. Retrieved September 27, 2021.
Internal MISP references
UUID 1baeac94-9168-4813-ab72-72e609250745
which can be used as unique global reference for Cyberint Qakbot May 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-27T00:00:00Z |
date_published | 2021-05-25T00:00:00Z |
source | MITRE |
title | Qakbot Banking Trojan |
Kroll Qakbot June 2020
Sette, N. et al. (2020, June 4). Qakbot Malware Now Exfiltrating Emails for Sophisticated Thread Hijacking Attacks. Retrieved September 27, 2021.
Internal MISP references
UUID 716960fd-c22d-42af-ba9b-295fee02657f
which can be used as unique global reference for Kroll Qakbot June 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-27T00:00:00Z |
date_published | 2020-06-04T00:00:00Z |
source | MITRE |
title | Qakbot Malware Now Exfiltrating Emails for Sophisticated Thread Hijacking Attacks |
Trend Micro Qakbot May 2020
Mendoza, E. et al. (2020, May 25). Qakbot Resurges, Spreads through VBS Files. Retrieved September 27, 2021.
Internal MISP references
UUID e2791c37-e149-43e7-b7c3-c91a6d1bc91e
which can be used as unique global reference for Trend Micro Qakbot May 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-27T00:00:00Z |
date_published | 2020-05-25T00:00:00Z |
source | MITRE |
title | Qakbot Resurges, Spreads through VBS Files |
K7 QakBot Returns January 4 2024
Saikumaravel. (2024, January 4). Qakbot Returns. Retrieved January 24, 2024.
Internal MISP references
UUID 5cb5e645-b77b-4bd1-a742-c8f53f234713
which can be used as unique global reference for K7 QakBot Returns January 4 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-24T00:00:00Z |
date_published | 2024-01-04T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Qakbot Returns |
Kaspersky QakBot September 2021
Kuzmenko, A. et al. (2021, September 2). QakBot technical analysis. Retrieved September 27, 2021.
Internal MISP references
UUID f40cabe3-a324-4b4d-8e95-25c036dbd8b5
which can be used as unique global reference for Kaspersky QakBot September 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-27T00:00:00Z |
date_published | 2021-09-02T00:00:00Z |
source | MITRE |
title | QakBot technical analysis |
Red Canary Qbot
Rainey, K. (n.d.). Qbot. Retrieved September 27, 2021.
Internal MISP references
UUID 6e4960e7-ae5e-4b68-ac85-4bd84e940634
which can be used as unique global reference for Red Canary Qbot
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-27T00:00:00Z |
source | MITRE |
title | Qbot |
qr-phish-agriculture
Tim Bedard and Tyler Johnson. (2023, October 4). QR Code Scams & Phishing. Retrieved November 27, 2023.
Internal MISP references
UUID 58df8729-ab42-55ee-a27d-655644bdeb0d
which can be used as unique global reference for qr-phish-agriculture
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-27T00:00:00Z |
date_published | 2023-10-04T00:00:00Z |
source | MITRE |
title | QR Code Scams & Phishing |
TheEclecticLightCompany Quarantine and the flag
hoakley. (2020, October 29). Quarantine and the quarantine flag. Retrieved September 13, 2021.
Internal MISP references
UUID 7cce88cc-fbfb-43e1-a330-ac55bce9e394
which can be used as unique global reference for TheEclecticLightCompany Quarantine and the flag
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-13T00:00:00Z |
date_published | 2020-10-29T00:00:00Z |
source | MITRE |
title | Quarantine and the quarantine flag |
GitHub QuasarRAT
MaxXor. (n.d.). QuasarRAT. Retrieved July 10, 2018.
Internal MISP references
UUID c87e4427-af97-4e93-9596-ad5a588aa171
which can be used as unique global reference for GitHub QuasarRAT
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-10T00:00:00Z |
source | MITRE |
title | QuasarRAT |
0DAY IN {REA_TEAM} Pikabot January 6 2024
0DAY IN {REA_TEAM}. (2024, January 6). [QuickNote] Technical Analysis of recent Pikabot Core Module. Retrieved January 11, 2024.
Internal MISP references
UUID 08ec9726-5a1d-4b2e-82d5-a5a9e7e917ae
which can be used as unique global reference for 0DAY IN {REA_TEAM} Pikabot January 6 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-11T00:00:00Z |
date_published | 2024-01-06T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | [QuickNote] Technical Analysis of recent Pikabot Core Module |
DidierStevens SelectMyParent Nov 2009
Stevens, D. (2009, November 22). Quickpost: SelectMyParent or Playing With the Windows Process Tree. Retrieved June 3, 2019.
Internal MISP references
UUID 1fee31b0-2d9c-4c02-b494-d3a6b80f12f3
which can be used as unique global reference for DidierStevens SelectMyParent Nov 2009
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-03T00:00:00Z |
date_published | 2009-11-22T00:00:00Z |
source | MITRE |
title | Quickpost: SelectMyParent or Playing With the Windows Process Tree |
Microsoft - Azure AD App Registration - May 2019
Microsoft. (2019, May 8). Quickstart: Register an application with the Microsoft identity platform. Retrieved September 12, 2019.
Internal MISP references
UUID 36a06c99-55ca-4163-9450-c3b84ae10039
which can be used as unique global reference for Microsoft - Azure AD App Registration - May 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-12T00:00:00Z |
date_published | 2019-05-08T00:00:00Z |
source | MITRE |
title | Quickstart: Register an application with the Microsoft identity platform |
Microsoft Azure Key Vault
Microsoft. (2023, January 13). Quickstart: Set and retrieve a secret from Azure Key Vault using Azure CLI. Retrieved September 25, 2023.
Internal MISP references
UUID 8f076aae-38c0-5335-9f7a-1e29b90fc33f
which can be used as unique global reference for Microsoft Azure Key Vault
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-25T00:00:00Z |
date_published | 2023-01-13T00:00:00Z |
source | MITRE |
title | Quickstart: Set and retrieve a secret from Azure Key Vault using Azure CLI |
Google Command Center Dashboard
Google. (2019, October 3). Quickstart: Using the dashboard. Retrieved October 8, 2019.
Internal MISP references
UUID a470fe2a-40ce-4060-8dfc-2cdb56bbc18b
which can be used as unique global reference for Google Command Center Dashboard
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-08T00:00:00Z |
date_published | 2019-10-03T00:00:00Z |
source | MITRE |
title | Quickstart: Using the dashboard |
Trend Micro R980 2016
Antazo, F. and Yambao, M. (2016, August 10). R980 Ransomware Found Abusing Disposable Email Address Service. Retrieved October 13, 2020.
Internal MISP references
UUID 6afd89ba-2f51-4192-82b3-d961cc86adf1
which can be used as unique global reference for Trend Micro R980 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-13T00:00:00Z |
date_published | 2016-08-10T00:00:00Z |
source | MITRE |
title | R980 Ransomware Found Abusing Disposable Email Address Service |
Costa AvosLocker May 2022
Costa, F. (2022, May 1). RaaS AvosLocker Incident Response Analysis. Retrieved January 11, 2023.
Internal MISP references
UUID a94268d8-6b7c-574b-a588-d8fd80c27fd3
which can be used as unique global reference for Costa AvosLocker May 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-01-11T00:00:00Z |
date_published | 2022-05-01T00:00:00Z |
source | MITRE |
title | RaaS AvosLocker Incident Response Analysis |
Sekoia.io Raccoon Stealer June 28 2022
Quentin Bourgue, Pierre Le Bourhis, Threat & Detection Research Team - TDR. (2022, June 28). Raccoon Stealer v2 – Part 1: The return of the dead. Retrieved November 16, 2023.
Internal MISP references
UUID df0c9cbd-8692-497e-9f81-cf9e44a3a5cd
which can be used as unique global reference for Sekoia.io Raccoon Stealer June 28 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-16T00:00:00Z |
date_published | 2022-06-28T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Raccoon Stealer v2 – Part 1: The return of the dead |
DOJ Iran Indictments March 2018
DOJ. (2018, March 23). U.S. v. Rafatnejad et al . Retrieved February 3, 2021.
Internal MISP references
UUID 7dfdccd5-d035-4678-89c1-f5f1630d7a79
which can be used as unique global reference for DOJ Iran Indictments March 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-03T00:00:00Z |
source | MITRE |
title | Rafatnejad et al |
Sophos Ragnar May 2020
SophosLabs. (2020, May 21). Ragnar Locker ransomware deploys virtual machine to dodge security. Retrieved June 29, 2020.
Internal MISP references
UUID 04ed6dc0-45c2-4e36-8ec7-a75f6f715f0a
which can be used as unique global reference for Sophos Ragnar May 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-29T00:00:00Z |
date_published | 2020-05-21T00:00:00Z |
source | MITRE |
title | Ragnar Locker ransomware deploys virtual machine to dodge security |
GitHub Raindance
Stringer, M.. (2018, November 21). RainDance. Retrieved October 6, 2019.
Internal MISP references
UUID 321bba10-06c6-4c4f-a3e0-318561fa0fed
which can be used as unique global reference for GitHub Raindance
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-06T00:00:00Z |
date_published | 2018-11-21T00:00:00Z |
source | MITRE |
title | RainDance |
Symantec RAINDROP January 2021
Symantec Threat Hunter Team. (2021, January 18). Raindrop: New Malware Discovered in SolarWinds Investigation. Retrieved January 19, 2021.
Internal MISP references
UUID 9185092d-3d99-466d-b885-f4e76fe74b6b
which can be used as unique global reference for Symantec RAINDROP January 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-19T00:00:00Z |
date_published | 2021-01-18T00:00:00Z |
source | MITRE |
title | Raindrop: New Malware Discovered in SolarWinds Investigation |
Eset Ramsay May 2020
Sanmillan, I.. (2020, May 13). Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks. Retrieved May 27, 2020.
Internal MISP references
UUID 3c149b0b-f37c-4d4e-aa61-351c87fd57ce
which can be used as unique global reference for Eset Ramsay May 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-27T00:00:00Z |
date_published | 2020-05-13T00:00:00Z |
source | MITRE |
title | Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks |
Rancor WMI
Jen Miller-Osborn and Mike Harbison. (2019, December 17). Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia. Retrieved February 9, 2024.
Internal MISP references
UUID 462b8752-aa21-50d1-a21d-c9945373f37c
which can be used as unique global reference for Rancor WMI
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-09T00:00:00Z |
date_published | 2019-12-17T00:00:00Z |
source | MITRE |
title | Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia |
Rancor Unit42 June 2018
Ash, B., et al. (2018, June 26). RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families. Retrieved July 2, 2018.
Internal MISP references
UUID 45098a85-a61f-491a-a549-f62b02dc2ecd
which can be used as unique global reference for Rancor Unit42 June 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-02T00:00:00Z |
date_published | 2018-06-26T00:00:00Z |
source | MITRE, Tidal Cyber |
title | RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families |
BroadcomSW June 5 2024
Threat Hunter Team Symantec. (2024, June 5). RansomHub New Ransomware has Origins in Older Knight. Retrieved June 7, 2024.
Internal MISP references
UUID 3fa49490-cb22-4362-bf48-eaba9e83e6f5
which can be used as unique global reference for BroadcomSW June 5 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-06-07T00:00:00Z |
date_published | 2024-06-05T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | RansomHub New Ransomware has Origins in Older Knight |
FBI-ransomware
FBI. (n.d.). Ransomware. Retrieved August 18, 2023.
Internal MISP references
UUID 54e296c9-edcc-5af7-99be-b118da29711f
which can be used as unique global reference for FBI-ransomware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-18T00:00:00Z |
source | MITRE |
title | Ransomware |
IBM Ransomware Trends September 2020
Singleton, C. and Kiefer, C. (2020, September 28). Ransomware 2020: Attack Trends Affecting Organizations Worldwide. Retrieved September 20, 2021.
Internal MISP references
UUID eb767436-4a96-4e28-bd34-944842d7593e
which can be used as unique global reference for IBM Ransomware Trends September 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-20T00:00:00Z |
date_published | 2020-09-28T00:00:00Z |
source | MITRE |
title | Ransomware 2020: Attack Trends Affecting Organizations Worldwide |
DHS/CISA Ransomware Targeting Healthcare October 2020
DHS/CISA. (2020, October 28). Ransomware Activity Targeting the Healthcare and Public Health Sector. Retrieved October 28, 2020.
Internal MISP references
UUID 984e86e6-32e4-493c-8172-3d29de4720cc
which can be used as unique global reference for DHS/CISA Ransomware Targeting Healthcare October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-28T00:00:00Z |
date_published | 2020-10-28T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Ransomware Activity Targeting the Healthcare and Public Health Sector |
FireEye Ransomware Disrupt Industrial Production
Zafra, D. Lunden, K. Brubaker, N. Kennelly, J.. (2020, February 24). Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT. Retrieved February 9, 2021.
Internal MISP references
UUID 9ffa0f35-98e4-4265-8b66-9c805a2b6525
which can be used as unique global reference for FireEye Ransomware Disrupt Industrial Production
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-09T00:00:00Z |
date_published | 2020-02-24T00:00:00Z |
source | MITRE |
title | Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT |
FireEye Ransomware Feb 2020
Zafra, D., et al. (2020, February 24). Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT. Retrieved March 2, 2021.
Internal MISP references
UUID 44856547-2de5-45ff-898f-a523095bd593
which can be used as unique global reference for FireEye Ransomware Feb 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-02T00:00:00Z |
date_published | 2020-02-24T00:00:00Z |
source | MITRE |
title | Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT |
Check Point Pay2Key November 2020
Check Point. (2020, November 6). Ransomware Alert: Pay2Key. Retrieved January 4, 2021.
Internal MISP references
UUID e4ea263d-f70e-4f9c-92a1-cb0e565a5ae9
which can be used as unique global reference for Check Point Pay2Key November 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-04T00:00:00Z |
date_published | 2020-11-06T00:00:00Z |
source | MITRE |
title | Ransomware Alert: Pay2Key |
Microsoft Ransomware as a Service
Microsoft. (2022, May 9). Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself. Retrieved March 10, 2023.
Internal MISP references
UUID 833018b5-6ef6-5327-9af5-1a551df25cd2
which can be used as unique global reference for Microsoft Ransomware as a Service
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-10T00:00:00Z |
date_published | 2022-05-09T00:00:00Z |
source | MITRE |
title | Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself |
Www.invictus-ir.com 1 11 2024
Www.invictus-ir.com. (2024, January 11). Ransomware in the cloud. Retrieved April 17, 2024.
Internal MISP references
UUID 5e2a0756-d8f6-4359-9ca3-1e96fb8b5ac9
which can be used as unique global reference for Www.invictus-ir.com 1 11 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-17T00:00:00Z |
date_published | 2024-01-11T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Ransomware in the cloud |
McAfee Maze March 2020
Mundo, A. (2020, March 26). Ransomware Maze. Retrieved May 18, 2020.
Internal MISP references
UUID 627a14dd-5300-4f58-869c-0ec91ffb664e
which can be used as unique global reference for McAfee Maze March 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-18T00:00:00Z |
date_published | 2020-03-26T00:00:00Z |
source | MITRE |
title | Ransomware Maze |
Sophos SystemBC December 16 2020
Sivagnanam Gn, Sean Gallagher. (2020, December 16). Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor. Retrieved September 21, 2023.
Internal MISP references
UUID eca1301f-deeb-4a97-8c4e-e61210706116
which can be used as unique global reference for Sophos SystemBC December 16 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-21T00:00:00Z |
date_published | 2020-12-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor |
Fortinet Play Ransomware December 22 2022
Shunichi Imano, James Slaughter. (2022, December 22). Ransomware Roundup – Play. Retrieved August 10, 2023.
Internal MISP references
UUID a3fa463f-dd2f-4d23-8834-c428d90ea09b
which can be used as unique global reference for Fortinet Play Ransomware December 22 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-10T00:00:00Z |
date_published | 2022-12-22T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Ransomware Roundup – Play |
TrendMicro Akira October 5 2023
Trend Micro Research. (2023, October 5). Ransomware Spotlight: Akira. Retrieved February 27, 2024.
Internal MISP references
UUID 8f45fb21-c6ad-4b97-b459-da96eb643069
which can be used as unique global reference for TrendMicro Akira October 5 2023
in MISP communities and other software using the MISP galaxy
External references
- http:/www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-akira
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-27T00:00:00Z |
date_published | 2023-10-05T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Ransomware Spotlight: Akira |
Trend Micro AvosLocker Apr 2022
Trend Micro Research. (2022, April 4). Ransomware Spotlight AvosLocker. Retrieved January 11, 2023.
Internal MISP references
UUID 01fdc732-0951-59e2-afaf-5fe761357e7f
which can be used as unique global reference for Trend Micro AvosLocker Apr 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-01-11T00:00:00Z |
date_published | 2022-04-04T00:00:00Z |
source | MITRE |
title | Ransomware Spotlight AvosLocker |
Trend Micro Black Basta Spotlight September 2022
Trend Micro. (2022, September 1). Ransomware Spotlight Black Basta. Retrieved March 8, 2023.
Internal MISP references
UUID 1f2942ab-e6a9-5a50-b266-3436c8c0b5ec
which can be used as unique global reference for Trend Micro Black Basta Spotlight September 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-08T00:00:00Z |
date_published | 2022-09-01T00:00:00Z |
source | MITRE |
title | Ransomware Spotlight Black Basta |
Trend Micro BlackCat October 27 2022
Trend Micro Research. (2022, October 27). Ransomware Spotlight: BlackCat. Retrieved March 5, 2024.
Internal MISP references
UUID 94aef206-b4cb-4d91-9843-96cf50af157c
which can be used as unique global reference for Trend Micro BlackCat October 27 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-05T00:00:00Z |
date_published | 2022-10-27T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Ransomware Spotlight: BlackCat |
Trend Micro LockBit Spotlight February 08 2023
Trend Micro Research. (2022, February 8). Ransomware Spotlight: LockBit. Retrieved August 18, 2023.
Internal MISP references
UUID f72dade0-ec82-40e7-96a0-9f124d59bd35
which can be used as unique global reference for Trend Micro LockBit Spotlight February 08 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-18T00:00:00Z |
date_published | 2022-02-08T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Ransomware Spotlight: LockBit |
Trend Micro Play Spotlight July 21 2023
Trend Micro Research. (2023, July 21). Ransomware Spotlight: Play. Retrieved August 10, 2023.
Internal MISP references
UUID 6cf9c6f0-7818-45dd-9afc-f69e394c23e4
which can be used as unique global reference for Trend Micro Play Spotlight July 21 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-10T00:00:00Z |
date_published | 2023-07-21T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Ransomware Spotlight: Play |
Group IB Ransomware May 2020
Group IB. (2020, May). Ransomware Uncovered: Attackers’ Latest Methods. Retrieved August 5, 2020.
Internal MISP references
UUID 18d20965-f1f4-439f-a4a3-34437ad1fe14
which can be used as unique global reference for Group IB Ransomware May 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-05T00:00:00Z |
date_published | 2020-05-01T00:00:00Z |
source | MITRE |
title | Ransomware Uncovered: Attackers’ Latest Methods |
GitHub ransomwatch
joshhighet. (n.d.). ransomwatch. Retrieved June 30, 2023.
Internal MISP references
UUID 62037959-58e4-475a-bb91-ff360d20c1d7
which can be used as unique global reference for GitHub ransomwatch
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-30T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | ransomwatch |
PyPI RAR
mkz. (2020). rarfile 3.1. Retrieved February 20, 2020.
Internal MISP references
UUID e40d1cc8-b8c7-4f43-b6a7-c50a4f7bf1f0
which can be used as unique global reference for PyPI RAR
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-20T00:00:00Z |
date_published | 2020-01-01T00:00:00Z |
source | MITRE |
title | rarfile 3.1 |
WinRAR Homepage
A. Roshal. (2020). RARLAB. Retrieved February 20, 2020.
Internal MISP references
UUID c1334e4f-67c8-451f-b50a-86003f6e3d3b
which can be used as unique global reference for WinRAR Homepage
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-20T00:00:00Z |
date_published | 2020-01-01T00:00:00Z |
source | MITRE |
title | RARLAB |
Aquino RARSTONE
Aquino, M. (2013, June 13). RARSTONE Found In Targeted Attacks. Retrieved December 17, 2015.
Internal MISP references
UUID 2327592e-4e8a-481e-bdf9-d548c776adee
which can be used as unique global reference for Aquino RARSTONE
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-12-17T00:00:00Z |
date_published | 2013-06-13T00:00:00Z |
source | MITRE |
title | RARSTONE Found In Targeted Attacks |
Rasautou.exe - LOLBAS Project
LOLBAS. (2020, January 10). Rasautou.exe. Retrieved December 4, 2023.
Internal MISP references
UUID dc299f7a-403b-4a22-9386-0be3e160d185
which can be used as unique global reference for Rasautou.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-01-10T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Rasautou.exe |
Red Canary Raspberry Robin May 2022
Lauren Podber, Stef Rand. (2022, May 5). Raspberry Robin gets the worm early. Retrieved May 19, 2023.
Internal MISP references
UUID fb04d89a-3f39-48be-b986-9c4eac4dd8a4
which can be used as unique global reference for Red Canary Raspberry Robin May 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-19T00:00:00Z |
date_published | 2022-05-05T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Raspberry Robin gets the worm early |
Microsoft Security Raspberry Robin October 2022
Microsoft Threat Intelligence. (2022, October 27). Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity. Retrieved May 19, 2023.
Internal MISP references
UUID 8017e42a-8373-4d24-8d89-638a925b704b
which can be used as unique global reference for Microsoft Security Raspberry Robin October 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-19T00:00:00Z |
date_published | 2022-10-27T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity |
Dragos Raspite Aug 2018
Dragos, Inc. (2018, August 2). RASPITE. Retrieved November 26, 2018.
Internal MISP references
UUID bf4ccd52-0a03-41b6-bde7-34ead90171c3
which can be used as unique global reference for Dragos Raspite Aug 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-26T00:00:00Z |
date_published | 2018-08-02T00:00:00Z |
source | MITRE |
title | RASPITE |
RATANKBA
Trend Micro. (2017, February 27). RATANKBA: Delving into Large-scale Watering Holes against Enterprises. Retrieved May 22, 2018.
Internal MISP references
UUID 7d08ec64-7fb8-4520-b26b-95b0dee891fe
which can be used as unique global reference for RATANKBA
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-22T00:00:00Z |
date_published | 2017-02-27T00:00:00Z |
source | MITRE |
title | RATANKBA: Delving into Large-scale Watering Holes against Enterprises |
TrendMicro RawPOS April 2015
TrendLabs Security Intelligence Blog. (2015, April). RawPOS Technical Brief. Retrieved October 4, 2017.
Internal MISP references
UUID e483ed86-713b-42c6-ad77-e9b889bbcb81
which can be used as unique global reference for TrendMicro RawPOS April 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-10-04T00:00:00Z |
date_published | 2015-04-01T00:00:00Z |
source | MITRE |
title | RawPOS Technical Brief |
Rclone
Nick Craig-Wood. (n.d.). Rclone syncs your files to cloud storage. Retrieved August 30, 2022.
Internal MISP references
UUID 3c7824de-d958-4254-beec-bc4e5ab989b0
which can be used as unique global reference for Rclone
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-30T00:00:00Z |
source | MITRE |
title | Rclone syncs your files to cloud storage |
Rclone Wars
Justin Schoenfeld and Aaron Didier. (2021, May 4). Rclone Wars: Transferring leverage in a ransomware attack. Retrieved August 30, 2022.
Internal MISP references
UUID d47e5f7c-cf70-4f7c-ac83-57e4e1187485
which can be used as unique global reference for Rclone Wars
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-30T00:00:00Z |
date_published | 2021-05-04T00:00:00Z |
source | MITRE |
title | Rclone Wars: Transferring leverage in a ransomware attack |
rcsi.exe - LOLBAS Project
LOLBAS. (2018, May 25). rcsi.exe. Retrieved December 4, 2023.
Internal MISP references
UUID dc02058a-7ed3-4253-a976-6f99b9e91406
which can be used as unique global reference for rcsi.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | rcsi.exe |
RDP Hijacking Medium
Beaumont, K. (2017, March 19). RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an organisation. Retrieved December 11, 2017.
Internal MISP references
UUID 0a615508-c155-4004-86b8-916bbfd8ae42
which can be used as unique global reference for RDP Hijacking Medium
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-11T00:00:00Z |
date_published | 2017-03-19T00:00:00Z |
source | MITRE |
title | RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an organisation |
RDPWrap Github
Stas'M Corp. (2014, October 22). RDP Wrapper Library by Stas'M. Retrieved March 28, 2022.
Internal MISP references
UUID 777a0a6f-3684-4888-ae1b-adc386be763a
which can be used as unique global reference for RDPWrap Github
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-28T00:00:00Z |
date_published | 2014-10-22T00:00:00Z |
source | MITRE |
title | RDP Wrapper Library by Stas'M |
rdrleakdiag.exe - LOLBAS Project
LOLBAS. (2022, May 18). rdrleakdiag.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 1feff728-2230-4a45-bd64-6093f8b42646
which can be used as unique global reference for rdrleakdiag.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-05-18T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | rdrleakdiag.exe |
blog.vincss.net 1 13 2021
Yến Hứa. (2021, January 13). [RE019] From A to X analyzing some real cases which used recent Emotet samples. Retrieved February 27, 2024.
Internal MISP references
UUID 1ebae9fa-bab1-4a26-8d49-ae6778fdf094
which can be used as unique global reference for blog.vincss.net 1 13 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-27T00:00:00Z |
date_published | 2021-01-13T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | [RE019] From A to X analyzing some real cases which used recent Emotet samples |
ESET RTM Feb 2017
Faou, M. and Boutin, J. (2017, February). Read The Manual: A Guide to the RTM Banking Trojan. Retrieved March 9, 2017.
Internal MISP references
UUID ab2cced7-05b8-4788-8d3c-8eadb0aaf38c
which can be used as unique global reference for ESET RTM Feb 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-09T00:00:00Z |
date_published | 2017-02-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Read The Manual: A Guide to the RTM Banking Trojan |
FireEye Sunshop Campaign May 2013
Moran, N. (2013, May 20). Ready for Summer: The Sunshop Campaign. Retrieved March 19, 2018.
Internal MISP references
UUID ec246c7a-3396-46f9-acc4-a100cb5e5fe6
which can be used as unique global reference for FireEye Sunshop Campaign May 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-19T00:00:00Z |
date_published | 2013-05-20T00:00:00Z |
source | MITRE |
title | Ready for Summer: The Sunshop Campaign |
Mandiant golang stripped binaries explanation
STEPHEN ECKELS. (2022, February 28). Ready, Set, Go — Golang Internals and Symbol Recovery. Retrieved September 29, 2022.
Internal MISP references
UUID 60eb0109-9655-41ab-bf76-37b17bf9594a
which can be used as unique global reference for Mandiant golang stripped binaries explanation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-29T00:00:00Z |
date_published | 2022-02-28T00:00:00Z |
source | MITRE |
title | Ready, Set, Go — Golang Internals and Symbol Recovery |
reagentc_cmd
Microsoft, EliotSeattle, et al. (2022, August 18). REAgentC command-line options. Retrieved October 19, 2022.
Internal MISP references
UUID d26c830b-c196-5503-bf8c-4cfe90a6e7e5
which can be used as unique global reference for reagentc_cmd
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-10-19T00:00:00Z |
date_published | 2022-08-18T00:00:00Z |
source | MITRE |
title | REAgentC command-line options |
Microsoft DART Case Report 001
Berk Veral. (2020, March 9). Real-life cybercrime stories from DART, the Microsoft Detection and Response Team. Retrieved May 27, 2022.
Internal MISP references
UUID bd8c6a86-1a63-49cd-a97f-3d119e4223d4
which can be used as unique global reference for Microsoft DART Case Report 001
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-27T00:00:00Z |
date_published | 2020-03-09T00:00:00Z |
source | MITRE |
title | Real-life cybercrime stories from DART, the Microsoft Detection and Response Team |
Sans ARP Spoofing Aug 2003
Siles, R. (2003, August). Real World ARP Spoofing. Retrieved October 15, 2020.
Internal MISP references
UUID 1f9f5bfc-c044-4046-8586-39163a305c1e
which can be used as unique global reference for Sans ARP Spoofing Aug 2003
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-15T00:00:00Z |
date_published | 2003-08-01T00:00:00Z |
source | MITRE |
title | Real World ARP Spoofing |
Github CLI Create Webhook
Github. (n.d.). Receiving webhooks with the GitHub CLI. Retrieved August 4, 2023.
Internal MISP references
UUID 8ddee62e-adc0-5b28-b271-4b14b01f84c1
which can be used as unique global reference for Github CLI Create Webhook
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-04T00:00:00Z |
source | MITRE |
title | Receiving webhooks with the GitHub CLI |
Kaspersky Cloud Atlas August 2019
GReAT. (2019, August 12). Recent Cloud Atlas activity. Retrieved May 8, 2020.
Internal MISP references
UUID 4c3ae600-0787-4847-b528-ae3e8ff1b5ef
which can be used as unique global reference for Kaspersky Cloud Atlas August 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-08T00:00:00Z |
date_published | 2019-08-12T00:00:00Z |
source | MITRE |
title | Recent Cloud Atlas activity |
Talos MuddyWater May 2019
Adamitis, D. et al. (2019, May 20). Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques. Retrieved June 5, 2019.
Internal MISP references
UUID 5b8b6429-14ef-466b-b806-5603e694efc1
which can be used as unique global reference for Talos MuddyWater May 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-05T00:00:00Z |
date_published | 2019-05-20T00:00:00Z |
source | MITRE |
title | Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques |
Mandiant Pulse Secure Update May 2021
Perez, D. et al. (2021, May 27). Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices. Retrieved February 5, 2024.
Internal MISP references
UUID 5620adaf-c2a7-5f0f-ae70-554ce720426e
which can be used as unique global reference for Mandiant Pulse Secure Update May 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-05T00:00:00Z |
date_published | 2021-05-27T00:00:00Z |
source | MITRE |
title | Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices |
Free Desktop Entry Keys
Free Desktop. (2017, December 24). Recognized Desktop Entry Keys. Retrieved September 12, 2019.
Internal MISP references
UUID 4ffb9866-1cf4-46d1-b7e5-d75bd98de018
which can be used as unique global reference for Free Desktop Entry Keys
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-12T00:00:00Z |
date_published | 2017-12-24T00:00:00Z |
source | MITRE |
title | Recognized Desktop Entry Keys |
Recorded Future APT3 May 2017
Insikt Group (Recorded Future). (2017, May 17). Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3. Retrieved June 18, 2017.
Internal MISP references
UUID a894d79f-5977-4ef9-9aa5-7bfec795ceb2
which can be used as unique global reference for Recorded Future APT3 May 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-06-18T00:00:00Z |
date_published | 2017-05-17T00:00:00Z |
source | MITRE |
title | Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3 |
Trend Micro Daserf Nov 2017
Chen, J. and Hsieh, M. (2017, November 7). REDBALDKNIGHT/BRONZE BUTLER’s Daserf Backdoor Now Using Steganography. Retrieved December 27, 2017.
Internal MISP references
UUID 4ca0e6a9-8c20-49a0-957a-7108083a8a29
which can be used as unique global reference for Trend Micro Daserf Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-27T00:00:00Z |
date_published | 2017-11-07T00:00:00Z |
source | MITRE, Tidal Cyber |
title | REDBALDKNIGHT/BRONZE BUTLER’s Daserf Backdoor Now Using Steganography |
Red Canary SocGholish March 2024
Red Canary. (2024, March). Red Canary 2024 Threat Detection Report: SocGholish. Retrieved March 22, 2024.
Internal MISP references
UUID 70fa26e4-109c-5a48-b9fd-ac8b9acf2cf3
which can be used as unique global reference for Red Canary SocGholish March 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-22T00:00:00Z |
date_published | 2024-03-01T00:00:00Z |
source | MITRE |
title | Red Canary 2024 Threat Detection Report: SocGholish |
RHEL auditd
Jahoda, M. et al.. (2017, March 14). redhat Security Guide - Chapter 7 - System Auditing. Retrieved December 20, 2017.
Internal MISP references
UUID cdedab06-7745-4a5e-aa62-00ed81ccc8d0
which can be used as unique global reference for RHEL auditd
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 2017-03-14T00:00:00Z |
source | MITRE |
title | redhat Security Guide - Chapter 7 - System Auditing |
Red Hat System Auditing
Jahoda, M. et al.. (2017, March 14). Red Hat Security Guide - Chapter 7 - System Auditing. Retrieved December 20, 2017.
Internal MISP references
UUID 599337b3-8587-5578-9be5-e6e4f0edd0ef
which can be used as unique global reference for Red Hat System Auditing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 2017-03-14T00:00:00Z |
source | MITRE |
title | Red Hat Security Guide - Chapter 7 - System Auditing |
Recorded Future RedHotel August 2023
Insikt Group. (2023, August 8). RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale. Retrieved March 11, 2024.
Internal MISP references
UUID 006715e1-9354-51aa-812b-21a33a37ebb4
which can be used as unique global reference for Recorded Future RedHotel August 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-11T00:00:00Z |
date_published | 2023-08-08T00:00:00Z |
source | MITRE |
title | RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale |
Cylance Redirect to SMB
Cylance. (2015, April 13). Redirect to SMB. Retrieved December 21, 2017.
Internal MISP references
UUID 32c7626a-b284-424c-8294-7fac37e71336
which can be used as unique global reference for Cylance Redirect to SMB
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-21T00:00:00Z |
date_published | 2015-04-13T00:00:00Z |
source | MITRE |
title | Redirect to SMB |
Black Hills Red Teaming MS AD Azure, 2018
Felch, M.. (2018, August 31). Red Teaming Microsoft Part 1 Active Directory Leaks via Azure. Retrieved October 6, 2019.
Internal MISP references
UUID 48971032-8fa2-40ff-adef-e91d7109b859
which can be used as unique global reference for Black Hills Red Teaming MS AD Azure, 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-06T00:00:00Z |
date_published | 2018-08-31T00:00:00Z |
source | MITRE |
title | Red Teaming Microsoft Part 1 Active Directory Leaks via Azure |
OutFlank System Calls
de Plaa, C. (2019, June 19). Red Team Tactics: Combining Direct System Calls and sRDI to bypass AV/EDR. Retrieved September 29, 2021.
Internal MISP references
UUID c4c3370a-2d6b-4ebd-961e-58d584066377
which can be used as unique global reference for OutFlank System Calls
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
date_published | 2019-06-19T00:00:00Z |
source | MITRE |
title | Red Team Tactics: Combining Direct System Calls and sRDI to bypass AV/EDR |
US-CERT TA17-156A SNMP Abuse 2017
US-CERT. (2017, June 5). Reducing the Risk of SNMP Abuse. Retrieved October 19, 2020.
Internal MISP references
UUID 82b814f3-2853-48a9-93ff-701d16d97535
which can be used as unique global reference for US-CERT TA17-156A SNMP Abuse 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
date_published | 2017-06-05T00:00:00Z |
source | MITRE |
title | Reducing the Risk of SNMP Abuse |
Cloudflare ReflectionDoS May 2017
Marek Majkowsk, Cloudflare. (2017, May 24). Reflections on reflection (attacks). Retrieved April 23, 2019.
Internal MISP references
UUID a6914c13-f95f-4c30-a129-905ed43e3454
which can be used as unique global reference for Cloudflare ReflectionDoS May 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-23T00:00:00Z |
date_published | 2017-05-24T00:00:00Z |
source | MITRE |
title | Reflections on reflection (attacks) |
Trend Micro
Karen Victor. (2020, May 18). Reflective Loading Runs Netwalker Fileless Ransomware. Retrieved September 30, 2022.
Internal MISP references
UUID 2d4cb6f1-bc44-454b-94c1-88a81324903e
which can be used as unique global reference for Trend Micro
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-30T00:00:00Z |
date_published | 2020-05-18T00:00:00Z |
source | MITRE |
title | Reflective Loading Runs Netwalker Fileless Ransomware |
Microsoft Reg
Microsoft. (2012, April 17). Reg. Retrieved May 1, 2015.
Internal MISP references
UUID 1e1b21bd-18b3-4c77-8eb8-911b028ab603
which can be used as unique global reference for Microsoft Reg
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-05-01T00:00:00Z |
date_published | 2012-04-17T00:00:00Z |
source | MITRE |
title | Reg |
LOLBAS Regasm
LOLBAS. (n.d.). Regasm.exe. Retrieved July 31, 2019.
Internal MISP references
UUID b6a3356f-72c2-4ec2-a276-2432eb691055
which can be used as unique global reference for LOLBAS Regasm
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-31T00:00:00Z |
source | MITRE |
title | Regasm.exe |
MSDN Regasm
Microsoft. (n.d.). Regasm.exe (Assembly Registration Tool). Retrieved July 1, 2016.
Internal MISP references
UUID 66a3de54-4a16-4b1b-b18f-e3842aeb7b40
which can be used as unique global reference for MSDN Regasm
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-07-01T00:00:00Z |
source | MITRE |
title | Regasm.exe (Assembly Registration Tool) |
Microsoft RegDelNull July 2016
Russinovich, M. & Sharkey, K. (2016, July 4). RegDelNull v1.11. Retrieved August 10, 2018.
Internal MISP references
UUID d34d35ee-9d0b-4556-ad19-04cfa9001bf2
which can be used as unique global reference for Microsoft RegDelNull July 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-10T00:00:00Z |
date_published | 2016-07-04T00:00:00Z |
source | MITRE |
title | RegDelNull v1.11 |
Regedit.exe - LOLBAS Project
LOLBAS. (2018, May 25). Regedit.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 86e47198-751b-4754-8741-6dd8f2960416
which can be used as unique global reference for Regedit.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Regedit.exe |
Reg.exe - LOLBAS Project
LOLBAS. (2018, May 25). Reg.exe. Retrieved December 4, 2023.
Internal MISP references
UUID ba0e31a1-125b-43c3-adf0-567ca393eeab
which can be used as unique global reference for Reg.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Reg.exe |
Microsoft Reghide NOV 2006
Russinovich, M. & Sharkey, K. (2006, January 10). Reghide. Retrieved August 9, 2018.
Internal MISP references
UUID 42503ec7-f5da-4116-a3b3-a1b18a66eed3
which can be used as unique global reference for Microsoft Reghide NOV 2006
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-09T00:00:00Z |
date_published | 2006-01-10T00:00:00Z |
source | MITRE |
title | Reghide |
Regini.exe - LOLBAS Project
LOLBAS. (2020, July 3). Regini.exe. Retrieved December 4, 2023.
Internal MISP references
UUID db2573d2-6ecd-4c5a-b038-2f799f9723ae
which can be used as unique global reference for Regini.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-07-03T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Regini.exe |
Register-cimprovider.exe - LOLBAS Project
LOLBAS. (2018, May 25). Register-cimprovider.exe. Retrieved December 4, 2023.
Internal MISP references
UUID d445d016-c4f1-45c8-929d-913867275417
which can be used as unique global reference for Register-cimprovider.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Register-cimprovider.exe |
Microsoft Registry
Microsoft. (2018, May 31). Registry. Retrieved September 29, 2021.
Internal MISP references
UUID 08dc94ff-a289-45bd-93c2-1183fd507493
which can be used as unique global reference for Microsoft Registry
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
date_published | 2018-05-31T00:00:00Z |
source | MITRE |
title | Registry |
Tilbury 2014
Tilbury, C. (2014, August 28). Registry Analysis with CrowdResponse. Retrieved November 12, 2014.
Internal MISP references
UUID 136325ee-0712-49dd-b3ab-a6f2bfb218b0
which can be used as unique global reference for Tilbury 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
date_published | 2014-08-28T00:00:00Z |
source | MITRE |
title | Registry Analysis with CrowdResponse |
Microsoft COR_PROFILER Feb 2013
Microsoft. (2013, February 4). Registry-Free Profiler Startup and Attach. Retrieved June 24, 2020.
Internal MISP references
UUID 4e85ef68-dfb7-4db3-ac76-92f4b78cb1cd
which can be used as unique global reference for Microsoft COR_PROFILER Feb 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-24T00:00:00Z |
date_published | 2013-02-04T00:00:00Z |
source | MITRE |
title | Registry-Free Profiler Startup and Attach |
Microsoft Registry Auditing Aug 2016
Microsoft. (2016, August 31). Registry (Global Object Access Auditing). Retrieved January 31, 2018.
Internal MISP references
UUID f58ac1e4-c470-4aac-a077-7f358e25b0fa
which can be used as unique global reference for Microsoft Registry Auditing Aug 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-31T00:00:00Z |
date_published | 2016-08-31T00:00:00Z |
source | MITRE |
title | Registry (Global Object Access Auditing) |
Registry Key Security
Microsoft. (2018, May 31). Registry Key Security and Access Rights. Retrieved March 16, 2017.
Internal MISP references
UUID f8f12cbb-029c-48b1-87ce-624a7f98c8ab
which can be used as unique global reference for Registry Key Security
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-16T00:00:00Z |
date_published | 2018-05-31T00:00:00Z |
source | MITRE |
title | Registry Key Security and Access Rights |
MSDN Registry Key Security
Microsoft. (n.d.). Registry Key Security and Access Rights. Retrieved March 16, 2017.
Internal MISP references
UUID c5627d86-1b59-4c2a-aac0-88f1b4dc6974
which can be used as unique global reference for MSDN Registry Key Security
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-16T00:00:00Z |
source | MITRE |
title | Registry Key Security and Access Rights |
Microsoft Registry Drivers
Microsoft. (2021, December 14). Registry Trees for Devices and Drivers. Retrieved March 28, 2023.
Internal MISP references
UUID 4bde767e-d4a7-56c5-9aa3-b3f3cc2e3e70
which can be used as unique global reference for Microsoft Registry Drivers
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-28T00:00:00Z |
date_published | 2021-12-14T00:00:00Z |
source | MITRE |
title | Registry Trees for Devices and Drivers |
Microsoft System Wide Com Keys
Microsoft. (n.d.). Registry Values for System-Wide Security. Retrieved November 21, 2017.
Internal MISP references
UUID e0836ebc-66fd-46ac-adf6-727b46f2fb38
which can be used as unique global reference for Microsoft System Wide Com Keys
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-21T00:00:00Z |
source | MITRE |
title | Registry Values for System-Wide Security |
LOLBAS Regsvcs
LOLBAS. (n.d.). Regsvcs.exe. Retrieved July 31, 2019.
Internal MISP references
UUID 3f669f4c-0b94-4b78-ad3e-fd62f7600902
which can be used as unique global reference for LOLBAS Regsvcs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-31T00:00:00Z |
source | MITRE |
title | Regsvcs.exe |
MSDN Regsvcs
Microsoft. (n.d.). Regsvcs.exe (.NET Services Installation Tool). Retrieved July 1, 2016.
Internal MISP references
UUID 4f3651df-159e-4006-8cb6-de0d0712a194
which can be used as unique global reference for MSDN Regsvcs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-07-01T00:00:00Z |
source | MITRE |
title | Regsvcs.exe (.NET Services Installation Tool) |
LOLBAS Regsvr32
LOLBAS. (n.d.). Regsvr32.exe. Retrieved July 31, 2019.
Internal MISP references
UUID 8e32abef-534e-475a-baad-946b6ec681c1
which can be used as unique global reference for LOLBAS Regsvr32
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-31T00:00:00Z |
source | MITRE |
title | Regsvr32.exe |
Fortinet Remcos Feb 2017
Bacurio, F., Salvio, J. (2017, February 14). REMCOS: A New RAT In The Wild. Retrieved November 6, 2018.
Internal MISP references
UUID c4d5d6e7-47c0-457a-b396-53d34f87e444
which can be used as unique global reference for Fortinet Remcos Feb 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-06T00:00:00Z |
date_published | 2017-02-14T00:00:00Z |
source | MITRE |
title | REMCOS: A New RAT In The Wild |
Mandiant Remediation and Hardening Strategies for Microsoft 365
Mandiant. (2022, August). Remediation and Hardening Strategies for Microsoft 365 to Defend Against APT29. Retrieved February 21, 2023.
Internal MISP references
UUID 4054604b-7c0f-5012-b40c-2b117f6b54c2
which can be used as unique global reference for Mandiant Remediation and Hardening Strategies for Microsoft 365
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-21T00:00:00Z |
date_published | 2022-08-01T00:00:00Z |
source | MITRE |
title | Remediation and Hardening Strategies for Microsoft 365 to Defend Against APT29 |
Mandiant Defend UNC2452 White Paper
Mandiant. (2021, January 19). Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452. Retrieved January 22, 2021.
Internal MISP references
UUID ed031297-d0f5-44a7-9723-ba692e923a6e
which can be used as unique global reference for Mandiant Defend UNC2452 White Paper
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-22T00:00:00Z |
date_published | 2021-01-19T00:00:00Z |
source | MITRE |
title | Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 |
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
Mike Burns, Matthew McWhirt, Douglas Bienstock, Nick Bennett. (2021, January 19). Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452. Retrieved September 25, 2021.
Internal MISP references
UUID 7aa5c294-df8e-4994-9b9e-69444d75ef37
which can be used as unique global reference for Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-25T00:00:00Z |
date_published | 2021-01-19T00:00:00Z |
source | MITRE |
title | Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 |
TechNet Remote Desktop Services
Microsoft. (n.d.). Remote Desktop Services. Retrieved June 1, 2016.
Internal MISP references
UUID b8fc1bdf-f602-4a9b-a51c-fa49e70f24cd
which can be used as unique global reference for TechNet Remote Desktop Services
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-01T00:00:00Z |
source | MITRE |
title | Remote Desktop Services |
Remote.exe - LOLBAS Project
LOLBAS. (2021, June 1). Remote.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 9a298f83-80b8-45a3-9f63-6119be6621b4
which can be used as unique global reference for Remote.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-06-01T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Remote.exe |
Microsoft Remote Use of Local
Margosis, A.. (2018, December 10). Remote Use of Local Accounts: LAPS Changes Everything. Retrieved March 13, 2020.
Internal MISP references
UUID 2239d595-4b80-4828-9d06-f8de221f9534
which can be used as unique global reference for Microsoft Remote Use of Local
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-13T00:00:00Z |
date_published | 2018-12-10T00:00:00Z |
source | MITRE |
title | Remote Use of Local Accounts: LAPS Changes Everything |
SigmaHQ
Sittikorn S. (2022, April 15). Removal Of SD Value to Hide Schedule Task - Registry. Retrieved June 1, 2022.
Internal MISP references
UUID 27812e3f-9177-42ad-8681-91c65aba4743
which can be used as unique global reference for SigmaHQ
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-01T00:00:00Z |
date_published | 2022-04-15T00:00:00Z |
source | MITRE |
title | Removal Of SD Value to Hide Schedule Task - Registry |
disable_win_evt_logging
Heiligenstein, L. (n.d.). REP-25: Disable Windows Event Logging. Retrieved April 7, 2022.
Internal MISP references
UUID 408c0c8c-5d8e-5ebe-bd31-81b405c615d8
which can be used as unique global reference for disable_win_evt_logging
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-07T00:00:00Z |
source | MITRE |
title | REP-25: Disable Windows Event Logging |
Microsoft Replace Process Token
Brower, N., Lich, B. (2017, April 19). Replace a process level token. Retrieved December 19, 2017.
Internal MISP references
UUID 75130a36-e859-438b-9536-410c2831b2de
which can be used as unique global reference for Microsoft Replace Process Token
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-19T00:00:00Z |
date_published | 2017-04-19T00:00:00Z |
source | MITRE |
title | Replace a process level token |
Replace.exe - LOLBAS Project
LOLBAS. (2018, May 25). Replace.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 82a473e9-208c-4c47-bf38-92aee43238dd
which can be used as unique global reference for Replace.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Replace.exe |
Bugcrowd Replay Attack
Bugcrowd. (n.d.). Replay Attack. Retrieved September 27, 2023.
Internal MISP references
UUID ed31056c-23cb-5cb0-9b70-f363c54b27f7
which can be used as unique global reference for Bugcrowd Replay Attack
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-27T00:00:00Z |
source | MITRE |
title | Replay Attack |
Mac Forwarding Rules
Apple. (n.d.). Reply to, forward, or redirect emails in Mail on Mac. Retrieved June 22, 2021.
Internal MISP references
UUID 0ff40575-cd2d-4a70-a07b-fff85f520062
which can be used as unique global reference for Mac Forwarding Rules
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-22T00:00:00Z |
source | MITRE |
title | Reply to, forward, or redirect emails in Mail on Mac |
GitHub Reptile
Augusto, I. (2018, March 8). Reptile - LMK Linux rootkit. Retrieved April 9, 2018.
Internal MISP references
UUID 6e8cc88a-fb3f-4464-9380-868f597def6e
which can be used as unique global reference for GitHub Reptile
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-09T00:00:00Z |
date_published | 2018-03-08T00:00:00Z |
source | MITRE |
title | Reptile - LMK Linux rootkit |
AWS Temporary Security Credentials
AWS. (n.d.). Requesting temporary security credentials. Retrieved April 1, 2022.
Internal MISP references
UUID c6f29134-5af2-42e1-af4f-fbb9eae03432
which can be used as unique global reference for AWS Temporary Security Credentials
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-01T00:00:00Z |
source | MITRE |
title | Requesting temporary security credentials |
ARS Technica China Hack SK April 2017
Sean Gallagher. (2017, April 21). Researchers claim China trying to hack South Korea missile defense efforts. Retrieved October 17, 2021.
Internal MISP references
UUID c9c647b6-f4fb-44d6-9376-23c1ae9520b4
which can be used as unique global reference for ARS Technica China Hack SK April 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-17T00:00:00Z |
date_published | 2017-04-21T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Researchers claim China trying to hack South Korea missile defense efforts |
Wired SandCat Oct 2019
Zetter, K. (2019, October 3). Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC. Retrieved October 15, 2020.
Internal MISP references
UUID 5f28adee-1313-48ec-895c-27341bd1071f
which can be used as unique global reference for Wired SandCat Oct 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-15T00:00:00Z |
date_published | 2019-10-03T00:00:00Z |
source | MITRE |
title | Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC |
Vincens AcidPour 2024
A.J. Vincens, CyberScoop. (2024, March 18). Researchers spot updated version of malware that hit Viasat. Retrieved March 25, 2024.
Internal MISP references
UUID 742c8a5c-21e5-58d8-a90d-f4c186c0699a
which can be used as unique global reference for Vincens AcidPour 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-25T00:00:00Z |
date_published | 2024-03-18T00:00:00Z |
source | MITRE |
title | Researchers spot updated version of malware that hit Viasat |
MSitPros CMSTP Aug 2017
Moe, O. (2017, August 15). Research on CMSTP.exe. Retrieved April 11, 2018.
Internal MISP references
UUID 8dbbf13b-e73c-43c2-a053-7b07fdf25c85
which can be used as unique global reference for MSitPros CMSTP Aug 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-11T00:00:00Z |
date_published | 2017-08-15T00:00:00Z |
source | MITRE |
title | Research on CMSTP.exe |
sentinellabs resource named fork 2020
Phil Stokes. (2020, November 5). Resourceful macOS Malware Hides in Named Fork. Retrieved October 12, 2021.
Internal MISP references
UUID 0008dfd8-25a1-4e6a-9154-da7bcbb7daa7
which can be used as unique global reference for sentinellabs resource named fork 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-12T00:00:00Z |
date_published | 2020-11-05T00:00:00Z |
source | MITRE |
title | Resourceful macOS Malware Hides in Named Fork |
GitHub Responder
Gaffie, L. (2016, August 25). Responder. Retrieved November 17, 2017.
Internal MISP references
UUID 3ef681a9-4ab0-420b-9d1a-b8152c50b3ca
which can be used as unique global reference for GitHub Responder
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-17T00:00:00Z |
date_published | 2016-08-25T00:00:00Z |
source | MITRE |
title | Responder |
Mandiant UNC2589 March 2022
Sadowski, J; Hall, R. (2022, March 4). Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation. Retrieved June 9, 2022.
Internal MISP references
UUID 63d89139-9dd4-4ed6-bf6e-8cd872c5d034
which can be used as unique global reference for Mandiant UNC2589 March 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-09T00:00:00Z |
date_published | 2022-03-04T00:00:00Z |
source | MITRE |
title | Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation |
CrowdStrike BGH Ransomware 2021
Falcon Complete Team. (2021, May 11). Response When Minutes Matter: Rising Up Against Ransomware. Retrieved October 8, 2021.
Internal MISP references
UUID a4cb3caf-e7ef-4662-93c6-63a0c3352a32
which can be used as unique global reference for CrowdStrike BGH Ransomware 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-08T00:00:00Z |
date_published | 2021-05-11T00:00:00Z |
source | MITRE |
title | Response When Minutes Matter: Rising Up Against Ransomware |
Google - Restore Cloud Snapshot
Google. (2019, October 7). Restoring and deleting persistent disk snapshots. Retrieved October 8, 2019.
Internal MISP references
UUID ffa46676-518e-4fef-965d-e91efae95dfc
which can be used as unique global reference for Google - Restore Cloud Snapshot
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-08T00:00:00Z |
date_published | 2019-10-07T00:00:00Z |
source | MITRE |
title | Restoring and deleting persistent disk snapshots |
Google Instances Resource
Google. (n.d.). Rest Resource: instance. Retrieved March 3, 2020.
Internal MISP references
UUID 9733447c-072f-4da8-9cc7-0a0ce6a3b820
which can be used as unique global reference for Google Instances Resource
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-03T00:00:00Z |
source | MITRE |
title | Rest Resource: instance |
Secureworks IRON LIBERTY July 2019
Secureworks. (2019, July 24). Resurgent Iron Liberty Targeting Energy Sector. Retrieved August 12, 2020.
Internal MISP references
UUID c666200d-5392-43f2-9ad0-1268d7b2e86f
which can be used as unique global reference for Secureworks IRON LIBERTY July 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-12T00:00:00Z |
date_published | 2019-07-24T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Resurgent Iron Liberty Targeting Energy Sector |
Palo Alto Retefe
Levene, B., Falcone, R., Grunzweig, J., Lee, B., Olson, R. (2015, August 20). Retefe Banking Trojan Targets Sweden, Switzerland and Japan. Retrieved July 3, 2017.
Internal MISP references
UUID 52f841b0-10a8-4f48-8265-5b336489ff80
which can be used as unique global reference for Palo Alto Retefe
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-03T00:00:00Z |
date_published | 2015-08-20T00:00:00Z |
source | MITRE |
title | Retefe Banking Trojan Targets Sweden, Switzerland and Japan |
AWS Secrets Manager
AWS. (n.d.). Retrieve secrets from AWS Secrets Manager. Retrieved September 25, 2023.
Internal MISP references
UUID ec87e183-3018-5cac-9fab-711003be54f7
which can be used as unique global reference for AWS Secrets Manager
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-25T00:00:00Z |
source | MITRE |
title | Retrieve secrets from AWS Secrets Manager |
Directory Services Internals DPAPI Backup Keys Oct 2015
Grafnetter, M. (2015, October 26). Retrieving DPAPI Backup Keys from Active Directory. Retrieved December 19, 2017.
Internal MISP references
UUID e48dc4ce-e7c5-44e4-b033-7ab4bbdbe1cb
which can be used as unique global reference for Directory Services Internals DPAPI Backup Keys Oct 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-19T00:00:00Z |
date_published | 2015-10-26T00:00:00Z |
source | MITRE |
title | Retrieving DPAPI Backup Keys from Active Directory |
Malwarebytes RokRAT VBA January 2021
Jazi, Hossein. (2021, January 6). Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat. Retrieved March 22, 2022.
Internal MISP references
UUID 62ad7dbc-3ed2-4fa5-a56a-2810ce131167
which can be used as unique global reference for Malwarebytes RokRAT VBA January 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-22T00:00:00Z |
date_published | 2021-01-06T00:00:00Z |
source | MITRE |
title | Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat |
TCC Database
Marina Liang. (2024, April 23). Return of the mac(OS): Transparency, Consent, and Control (TCC) Database Manipulation. Retrieved March 28, 2024.
Internal MISP references
UUID 4929c08e-cc20-5f85-8ae0-6bb691ce7917
which can be used as unique global reference for TCC Database
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-28T00:00:00Z |
date_published | 2024-04-23T00:00:00Z |
source | MITRE |
title | Return of the mac(OS): Transparency, Consent, and Control (TCC) Database Manipulation |
jRAT Symantec Aug 2018
Sharma, R. (2018, August 15). Revamped jRAT Uses New Anti-Parsing Techniques. Retrieved September 21, 2018.
Internal MISP references
UUID 8aed9534-2ec6-4c9f-b63b-9bb135432cfb
which can be used as unique global reference for jRAT Symantec Aug 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-21T00:00:00Z |
date_published | 2018-08-15T00:00:00Z |
source | MITRE |
title | Revamped jRAT Uses New Anti-Parsing Techniques |
Sygnia Emperor Dragonfly October 2022
Biderman, O. et al. (2022, October 3). REVEALING EMPEROR DRAGONFLY: NIGHT SKY AND CHEERSCRYPT - A SINGLE RANSOMWARE GROUP. Retrieved December 6, 2023.
Internal MISP references
UUID f9e40a71-c963-53de-9266-13f9f326c5bf
which can be used as unique global reference for Sygnia Emperor Dragonfly October 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-06T00:00:00Z |
date_published | 2022-10-03T00:00:00Z |
source | MITRE |
title | REVEALING EMPEROR DRAGONFLY: NIGHT SKY AND CHEERSCRYPT - A SINGLE RANSOMWARE GROUP |
Morphisec Snip3 May 2021
Lorber, N. (2021, May 7). Revealing the Snip3 Crypter, a Highly Evasive RAT Loader. Retrieved September 13, 2023.
Internal MISP references
UUID abe44c50-8347-5c98-8b04-d41afbe59d4c
which can be used as unique global reference for Morphisec Snip3 May 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-13T00:00:00Z |
date_published | 2021-05-07T00:00:00Z |
source | MITRE |
title | Revealing the Snip3 Crypter, a Highly Evasive RAT Loader |
Microsoft DUBNIUM June 2016
Microsoft. (2016, June 9). Reverse-engineering DUBNIUM. Retrieved March 31, 2021.
Internal MISP references
UUID ae28afad-e2d6-4c3c-a309-ee7c44a3e586
which can be used as unique global reference for Microsoft DUBNIUM June 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-31T00:00:00Z |
date_published | 2016-06-09T00:00:00Z |
source | MITRE |
title | Reverse-engineering DUBNIUM |
Microsoft DUBNIUM Flash June 2016
Microsoft. (2016, June 20). Reverse-engineering DUBNIUM’s Flash-targeting exploit. Retrieved March 31, 2021.
Internal MISP references
UUID 999a471e-6373-463b-a77b-d3020b4a8702
which can be used as unique global reference for Microsoft DUBNIUM Flash June 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-31T00:00:00Z |
date_published | 2016-06-20T00:00:00Z |
source | MITRE |
title | Reverse-engineering DUBNIUM’s Flash-targeting exploit |
Microsoft DUBNIUM July 2016
Microsoft. (2016, July 14). Reverse engineering DUBNIUM – Stage 2 payload analysis . Retrieved March 31, 2021.
Internal MISP references
UUID e1bd8fb3-e0b4-4659-85a1-d37e1c3d167f
which can be used as unique global reference for Microsoft DUBNIUM July 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-31T00:00:00Z |
date_published | 2016-07-14T00:00:00Z |
source | MITRE |
title | Reverse engineering DUBNIUM – Stage 2 payload analysis |
CSRB LAPSUS$ July 24 2023
Cyber Safety Review Board. (2023, July 24). Review of the Attacks Associated with LAPSUS$ and Related Threat Groups. Retrieved November 16, 2023.
Internal MISP references
UUID f8311977-303c-4d05-a7f4-25b3ae36318b
which can be used as unique global reference for CSRB LAPSUS$ July 24 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-16T00:00:00Z |
date_published | 2023-07-24T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Review of the Attacks Associated with LAPSUS$ and Related Threat Groups |
Intel 471 REvil March 2020
Intel 471 Malware Intelligence team. (2020, March 31). REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation. Retrieved August 4, 2020.
Internal MISP references
UUID b939dc98-e00e-4d47-84a4-3eaaeb5c0abf
which can be used as unique global reference for Intel 471 REvil March 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-04T00:00:00Z |
date_published | 2020-03-31T00:00:00Z |
source | MITRE |
title | REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation |
BleepingComputer REvil 2021
Abrams, L. (2021, March 19). REvil ransomware has a new ‘Windows Safe Mode’ encryption mode. Retrieved June 23, 2021.
Internal MISP references
UUID 790ef274-aea4-49b7-8b59-1b95185c5f50
which can be used as unique global reference for BleepingComputer REvil 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-23T00:00:00Z |
date_published | 2021-03-19T00:00:00Z |
source | MITRE |
title | REvil ransomware has a new ‘Windows Safe Mode’ encryption mode |
Secureworks REvil September 2019
Counter Threat Unit Research Team. (2019, September 24). REvil/Sodinokibi Ransomware. Retrieved August 4, 2020.
Internal MISP references
UUID 8f4e2baf-4227-4bbd-bfdb-5598717dcf88
which can be used as unique global reference for Secureworks REvil September 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-04T00:00:00Z |
date_published | 2019-09-24T00:00:00Z |
source | MITRE, Tidal Cyber |
title | REvil/Sodinokibi Ransomware |
Secureworks GandCrab and REvil September 2019
Secureworks . (2019, September 24). REvil: The GandCrab Connection. Retrieved August 4, 2020.
Internal MISP references
UUID 46b5d57b-17be-48ff-b723-406f6a55d84a
which can be used as unique global reference for Secureworks GandCrab and REvil September 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-04T00:00:00Z |
date_published | 2019-09-24T00:00:00Z |
source | MITRE |
title | REvil: The GandCrab Connection |
Enigma Reviving DDE Jan 2018
Nelson, M. (2018, January 29). Reviving DDE: Using OneNote and Excel for Code Execution. Retrieved February 3, 2018.
Internal MISP references
UUID 188a0f02-8d1e-4e4e-b2c0-ddf1bf1bdf93
which can be used as unique global reference for Enigma Reviving DDE Jan 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-03T00:00:00Z |
date_published | 2018-01-29T00:00:00Z |
source | MITRE |
title | Reviving DDE: Using OneNote and Excel for Code Execution |
GitHub Revoke-Obfuscation
Bohannon, D. (2017, July 27). Revoke-Obfuscation. Retrieved February 12, 2018.
Internal MISP references
UUID 3624d75e-be50-4c10-9e8a-28523568ff9f
which can be used as unique global reference for GitHub Revoke-Obfuscation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-12T00:00:00Z |
date_published | 2017-07-27T00:00:00Z |
source | MITRE |
title | Revoke-Obfuscation |
FireEye Revoke-Obfuscation July 2017
Bohannon, D. & Holmes, L. (2017, July 27). Revoke-Obfuscation: PowerShell Obfuscation Detection Using Science. Retrieved February 12, 2018.
Internal MISP references
UUID e03e9d19-18bb-4d28-8c96-8c1cef89a20b
which can be used as unique global reference for FireEye Revoke-Obfuscation July 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-12T00:00:00Z |
date_published | 2017-07-27T00:00:00Z |
source | MITRE |
title | Revoke-Obfuscation: PowerShell Obfuscation Detection Using Science |
HC3 Analyst Note Rhysida Ransomware August 2023
Health Sector Cybersecurity Coordination Center (HC3). (2023, August 4). Rhysida Ransomware. Retrieved August 11, 2023.
Internal MISP references
UUID 3f6e2821-5073-4382-b5dd-08676eaa2240
which can be used as unique global reference for HC3 Analyst Note Rhysida Ransomware August 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-11T00:00:00Z |
date_published | 2023-08-04T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Rhysida Ransomware |
SentinelOne Rhysida June 29 2023
Alex Delamotte, Jim Walter. (2023, June 29). Rhysida Ransomware | RaaS Crawls Out of Crimeware Undergrowth to Attack Chilean Army. Retrieved August 11, 2023.
Internal MISP references
UUID 4fa2a841-71e8-4733-8622-cc068d077ad9
which can be used as unique global reference for SentinelOne Rhysida June 29 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-11T00:00:00Z |
date_published | 2023-06-29T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Rhysida Ransomware |
Prodaft RIG February 2023
PTI Team. (2023, February 27). [RIG] RIG Exploit Kit: In-Depth Analysis. Retrieved May 8, 2023.
Internal MISP references
UUID 13ed0c11-f258-47d8-9253-8bd13661c2a9
which can be used as unique global reference for Prodaft RIG February 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-08T00:00:00Z |
date_published | 2023-02-27T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | [RIG] RIG Exploit Kit: In-Depth Analysis |
Microsoft XorDdos Linux Stealth 2022
Microsoft Threat Intelligence. (2022, May 19). Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices. Retrieved September 27, 2023.
Internal MISP references
UUID 6425d351-2c88-5af9-970a-4d0d184d0c70
which can be used as unique global reference for Microsoft XorDdos Linux Stealth 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-27T00:00:00Z |
date_published | 2022-05-19T00:00:00Z |
source | MITRE |
title | Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices |
httrack_unhcr
RISKIQ. (2022, March 15). RiskIQ Threat Intelligence Roundup: Campaigns Targeting Ukraine and Global Malware Infrastructure. Retrieved July 29, 2022.
Internal MISP references
UUID a4a3fd3d-1c13-40e5-b462-fa69a1861986
which can be used as unique global reference for httrack_unhcr
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-29T00:00:00Z |
date_published | 2022-03-15T00:00:00Z |
source | MITRE |
title | RiskIQ Threat Intelligence Roundup: Campaigns Targeting Ukraine and Global Malware Infrastructure |
US-CERT Alert TA13-175A Risks of Default Passwords on the Internet
US-CERT. (n.d.). Risks of Default Passwords on the Internet. Retrieved April 12, 2019.
Internal MISP references
UUID 0c365c3f-3aa7-4c63-b96e-7716b95db049
which can be used as unique global reference for US-CERT Alert TA13-175A Risks of Default Passwords on the Internet
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-12T00:00:00Z |
source | MITRE |
title | Risks of Default Passwords on the Internet |
ROADtools Github
Dirk-jan Mollema. (2022, January 31). ROADtools. Retrieved January 31, 2022.
Internal MISP references
UUID 90c592dc-2c9d-401a-96ab-b539f7522956
which can be used as unique global reference for ROADtools Github
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-31T00:00:00Z |
date_published | 2022-01-31T00:00:00Z |
source | MITRE |
title | ROADtools |
Harmj0y Roasting AS-REPs Jan 2017
HarmJ0y. (2017, January 17). Roasting AS-REPs. Retrieved August 24, 2020.
Internal MISP references
UUID bfb01fbf-4dc0-4943-8a21-457f28f4b01f
which can be used as unique global reference for Harmj0y Roasting AS-REPs Jan 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-24T00:00:00Z |
date_published | 2017-01-17T00:00:00Z |
source | MITRE |
title | Roasting AS-REPs |
Anomali Rocke March 2019
Anomali Labs. (2019, March 15). Rocke Evolves Its Arsenal With a New Malware Family Written in Golang. Retrieved April 24, 2019.
Internal MISP references
UUID 31051c8a-b523-4b8e-b834-2168c59e783b
which can be used as unique global reference for Anomali Rocke March 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-24T00:00:00Z |
date_published | 2019-03-15T00:00:00Z |
source | MITRE |
title | Rocke Evolves Its Arsenal With a New Malware Family Written in Golang |
Talos Rocke August 2018
Liebenberg, D.. (2018, August 30). Rocke: The Champion of Monero Miners. Retrieved May 26, 2020.
Internal MISP references
UUID bff0ee40-e583-4f73-a013-4669ca576904
which can be used as unique global reference for Talos Rocke August 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-26T00:00:00Z |
date_published | 2018-08-30T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Rocke: The Champion of Monero Miners |
Check Point Rocket Kitten
Check Point Software Technologies. (2015). ROCKET KITTEN: A CAMPAIGN WITH 9 LIVES. Retrieved March 16, 2018.
Internal MISP references
UUID 71da7d4c-f1f8-4f5c-a609-78a414851baf
which can be used as unique global reference for Check Point Rocket Kitten
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-16T00:00:00Z |
date_published | 2015-01-01T00:00:00Z |
source | MITRE |
title | ROCKET KITTEN: A CAMPAIGN WITH 9 LIVES |
NCCGroup RokRat Nov 2018
Pantazopoulos, N.. (2018, November 8). RokRat Analysis. Retrieved May 21, 2020.
Internal MISP references
UUID bcad3b27-858f-4c1d-a24c-dbc4dcee3cdc
which can be used as unique global reference for NCCGroup RokRat Nov 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-21T00:00:00Z |
date_published | 2018-11-08T00:00:00Z |
source | MITRE |
title | RokRat Analysis |
Talos ROKRAT 2
Mercer, W., Rascagneres, P. (2017, November 28). ROKRAT Reloaded. Retrieved May 21, 2018.
Internal MISP references
UUID 116f6565-d36d-4d01-9a97-a40cf589afa9
which can be used as unique global reference for Talos ROKRAT 2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-21T00:00:00Z |
date_published | 2017-11-28T00:00:00Z |
source | MITRE |
title | ROKRAT Reloaded |
Kubernetes RBAC
Kubernetes. (n.d.). Role Based Access Control Good Practices. Retrieved March 8, 2023.
Internal MISP references
UUID 37c0e0e1-cc4d-5a93-b8a0-224f031b7324
which can be used as unique global reference for Kubernetes RBAC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-08T00:00:00Z |
source | MITRE |
title | Role Based Access Control Good Practices |
Google Cloud Service Account Authentication Roles
Google Cloud. (n.d.). Roles for service account authentication. Retrieved July 10, 2023.
Internal MISP references
UUID 525a8afc-64e9-5cc3-9c56-95da9811da0d
which can be used as unique global reference for Google Cloud Service Account Authentication Roles
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-10T00:00:00Z |
source | MITRE |
title | Roles for service account authentication |
BBC-Ronin
Joe Tidy. (2022, March 30). Ronin Network: What a $600m hack says about the state of crypto. Retrieved August 18, 2023.
Internal MISP references
UUID 8e162e39-a58f-5ba0-9a8e-101d4cfa324c
which can be used as unique global reference for BBC-Ronin
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-18T00:00:00Z |
date_published | 2022-03-30T00:00:00Z |
source | MITRE |
title | Ronin Network: What a $600m hack says about the state of crypto |
Wikipedia Root Certificate
Wikipedia. (2016, December 6). Root certificate. Retrieved February 20, 2017.
Internal MISP references
UUID 68b9ccbb-906e-4f06-b5bd-3969723c3616
which can be used as unique global reference for Wikipedia Root Certificate
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-02-20T00:00:00Z |
date_published | 2016-12-06T00:00:00Z |
source | MITRE |
title | Root certificate |
Wikipedia Rootkit
Wikipedia. (2016, June 1). Rootkit. Retrieved June 2, 2016.
Internal MISP references
UUID 7e877b6b-9873-48e2-b138-e02dcb5268ca
which can be used as unique global reference for Wikipedia Rootkit
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-02T00:00:00Z |
date_published | 2016-06-01T00:00:00Z |
source | MITRE |
title | Rootkit |
Sekoia HideDRV Oct 2016
Rascagnères, P.. (2016, October 27). Rootkit analysis: Use case on HideDRV. Retrieved March 9, 2017.
Internal MISP references
UUID c383811d-c036-4fe7-add8-b4d4f73b3ce4
which can be used as unique global reference for Sekoia HideDRV Oct 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-09T00:00:00Z |
date_published | 2016-10-27T00:00:00Z |
source | MITRE |
title | Rootkit analysis: Use case on HideDRV |
RotaJakiro 2021 netlab360 analysis
Alex Turing, Hui Wang. (2021, April 28). RotaJakiro: A long live secret backdoor with 0 VT detection. Retrieved June 14, 2023.
Internal MISP references
UUID 7a9c53dd-2c0e-5452-9ee2-01531fbf8ba8
which can be used as unique global reference for RotaJakiro 2021 netlab360 analysis
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-14T00:00:00Z |
date_published | 2021-04-28T00:00:00Z |
source | MITRE |
title | RotaJakiro: A long live secret backdoor with 0 VT detection |
netlab360 rotajakiro vs oceanlotus
Alex Turing. (2021, May 6). RotaJakiro, the Linux version of the OceanLotus. Retrieved June 14, 2023.
Internal MISP references
UUID 20967c9b-5bb6-5cdd-9466-2c9efd9ab98c
which can be used as unique global reference for netlab360 rotajakiro vs oceanlotus
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-14T00:00:00Z |
date_published | 2021-05-06T00:00:00Z |
source | MITRE |
title | RotaJakiro, the Linux version of the OceanLotus |
TechNet Route
Microsoft. (n.d.). Route. Retrieved April 17, 2016.
Internal MISP references
UUID 0e483ec8-af40-4139-9711-53b999e069ee
which can be used as unique global reference for TechNet Route
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-17T00:00:00Z |
source | MITRE |
title | Route |
U.S. HHS Royal & BlackCat Alert
Health Sector Cybersecurity Coordination Center (HC3). (2023, January 12). Royal & BlackCat Ransomware: The Threat to the Health Sector. Retrieved March 7, 2024.
Internal MISP references
UUID d1d6b6fe-ef93-4417-844b-7cd8dc76934b
which can be used as unique global reference for U.S. HHS Royal & BlackCat Alert
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-07T00:00:00Z |
date_published | 2023-01-12T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Royal & BlackCat Ransomware: The Threat to the Health Sector |
Kroll Royal Deep Dive February 2023
Iacono, L. and Green, S. (2023, February 13). Royal Ransomware Deep Dive. Retrieved March 30, 2023.
Internal MISP references
UUID dcdcc965-56d0-58e6-996b-d8bd40916745
which can be used as unique global reference for Kroll Royal Deep Dive February 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-30T00:00:00Z |
date_published | 2023-02-13T00:00:00Z |
source | MITRE |
title | Royal Ransomware Deep Dive |
Trend Micro Royal Linux ESXi February 2023
Morales, N. et al. (2023, February 20). Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers. Retrieved March 30, 2023.
Internal MISP references
UUID e5bb846f-d11f-580c-b96a-9de4ba5eaed6
which can be used as unique global reference for Trend Micro Royal Linux ESXi February 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-30T00:00:00Z |
date_published | 2023-02-20T00:00:00Z |
source | MITRE |
title | Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers |
Cybereason Royal December 2022
Cybereason Global SOC and Cybereason Security Research Teams. (2022, December 14). Royal Rumble: Analysis of Royal Ransomware. Retrieved March 30, 2023.
Internal MISP references
UUID 28aef64e-20d3-5227-a3c9-e657c6e2d07e
which can be used as unique global reference for Cybereason Royal December 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-30T00:00:00Z |
date_published | 2022-12-14T00:00:00Z |
source | MITRE |
title | Royal Rumble: Analysis of Royal Ransomware |
Royal Rumble: Analysis of Royal Ransomware
Cybereason global soc & cybereason security research teams. (n.d.). Royal Rumble: Analysis of Royal Ransomware. Retrieved May 18, 2023.
Internal MISP references
UUID 5afa7fd0-908e-4714-9ab3-2bbbc1fff976
which can be used as unique global reference for Royal Rumble: Analysis of Royal Ransomware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-18T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Royal Rumble: Analysis of Royal Ransomware |
Rpcping.exe - LOLBAS Project
LOLBAS. (2018, May 25). Rpcping.exe. Retrieved December 4, 2023.
Internal MISP references
UUID dc15a187-4de7-422e-a507-223e89e317b1
which can be used as unique global reference for Rpcping.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Rpcping.exe |
Threatpost New Op Sharpshooter Data March 2019
L. O'Donnell. (2019, March 3). RSAC 2019: New Operation Sharpshooter Data Reveals Higher Complexity, Scope. Retrieved September 26, 2022.
Internal MISP references
UUID 2361b5b1-3a01-4d77-99c6-261f444a498e
which can be used as unique global reference for Threatpost New Op Sharpshooter Data March 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-26T00:00:00Z |
date_published | 2019-03-03T00:00:00Z |
source | MITRE |
title | RSAC 2019: New Operation Sharpshooter Data Reveals Higher Complexity, Scope |
GCN RSA June 2011
Jackson, William. (2011, June 7). RSA confirms its tokens used in Lockheed hack. Retrieved September 24, 2018.
Internal MISP references
UUID 40564d23-b9ae-4bb3-8dd1-d6b01163a32d
which can be used as unique global reference for GCN RSA June 2011
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-24T00:00:00Z |
date_published | 2011-06-07T00:00:00Z |
source | MITRE |
title | RSA confirms its tokens used in Lockheed hack |
RSA Shell Crew
RSA Incident Response. (2014, January). RSA Incident Response Emerging Threat Profile: Shell Crew. Retrieved January 14, 2016.
Internal MISP references
UUID 6872a6d3-c4ab-40cf-82b7-5c5c8e077189
which can be used as unique global reference for RSA Shell Crew
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-14T00:00:00Z |
date_published | 2014-01-01T00:00:00Z |
source | MITRE |
title | RSA Incident Response Emerging Threat Profile: Shell Crew |
GitHub Rubeus March 2023
Harmj0y. (n.d.). Rubeus. Retrieved March 29, 2023.
Internal MISP references
UUID 4bde7ce6-7fc6-5660-a8aa-745f19350ee1
which can be used as unique global reference for GitHub Rubeus March 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-29T00:00:00Z |
source | MITRE |
title | Rubeus |
SOCPrime DoubleExtension
Eugene Tkachenko. (2020, May 1). Rule of the Week: Possible Malicious File Double Extension. Retrieved July 27, 2021.
Internal MISP references
UUID 14a99228-de84-4551-a6b5-9c6f1173f292
which can be used as unique global reference for SOCPrime DoubleExtension
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-07-27T00:00:00Z |
date_published | 2020-05-01T00:00:00Z |
source | MITRE |
title | Rule of the Week: Possible Malicious File Double Extension |
SensePost Ruler GitHub
SensePost. (2016, August 18). Ruler: A tool to abuse Exchange services. Retrieved February 4, 2019.
Internal MISP references
UUID aa0a1508-a872-4e69-bf20-d3c8202f18c1
which can be used as unique global reference for SensePost Ruler GitHub
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-04T00:00:00Z |
date_published | 2016-08-18T00:00:00Z |
source | MITRE |
title | Ruler: A tool to abuse Exchange services |
Microsoft Cloud App Security
Niv Goldenberg. (2018, December 12). Rule your inbox with Microsoft Cloud App Security. Retrieved June 7, 2021.
Internal MISP references
UUID be0a1168-fa84-4742-a658-41a078b7f5fa
which can be used as unique global reference for Microsoft Cloud App Security
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-07T00:00:00Z |
date_published | 2018-12-12T00:00:00Z |
source | MITRE |
title | Rule your inbox with Microsoft Cloud App Security |
Microsoft Run Key
Microsoft. (n.d.). Run and RunOnce Registry Keys. Retrieved November 12, 2014.
Internal MISP references
UUID 0d633a50-4afd-4479-898e-1a785f5637da
which can be used as unique global reference for Microsoft Run Key
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
source | MITRE |
title | Run and RunOnce Registry Keys |
Microsoft RunAs
Microsoft. (2016, August 31). Runas. Retrieved October 1, 2021.
Internal MISP references
UUID af05c12e-f9c6-421a-9a5d-0797c01ab2dc
which can be used as unique global reference for Microsoft RunAs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-01T00:00:00Z |
date_published | 2016-08-31T00:00:00Z |
source | MITRE |
title | Runas |
Microsoft runas - Duplicate
Microsoft TechNet. (n.d.). Runas. Retrieved April 21, 2017.
Internal MISP references
UUID 8b4bdce9-da19-443f-88d2-11466e126c09
which can be used as unique global reference for Microsoft runas - Duplicate
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-04-21T00:00:00Z |
source | MITRE |
title | Runas |
Wikipedia Run Command
Wikipedia. (2018, August 3). Run Command. Retrieved October 12, 2018.
Internal MISP references
UUID 2fd66037-95dd-4819-afc7-00b7fd6f54fe
which can be used as unique global reference for Wikipedia Run Command
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-12T00:00:00Z |
date_published | 2018-08-03T00:00:00Z |
source | MITRE |
title | Run Command |
Secpod Winexe June 2017
Prakash, T. (2017, June 21). Run commands on Windows system remotely using Winexe. Retrieved January 22, 2018.
Internal MISP references
UUID ca8ea354-44d4-4606-8b3e-1102b27f251c
which can be used as unique global reference for Secpod Winexe June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-22T00:00:00Z |
date_published | 2017-06-21T00:00:00Z |
source | MITRE |
title | Run commands on Windows system remotely using Winexe |
Rundll32.exe - LOLBAS Project
LOLBAS. (2018, May 25). Rundll32.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 90aff246-ce27-4f21-96f9-38543718ab07
which can be used as unique global reference for Rundll32.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Rundll32.exe |
Attackify Rundll32.exe Obscurity
Attackify. (n.d.). Rundll32.exe Obscurity. Retrieved August 23, 2021.
Internal MISP references
UUID daa35853-eb46-4ef4-b543-a2c5157f96bf
which can be used as unique global reference for Attackify Rundll32.exe Obscurity
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-23T00:00:00Z |
source | MITRE |
title | Rundll32.exe Obscurity |
Runexehelper.exe - LOLBAS Project
LOLBAS. (2022, December 13). Runexehelper.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 86ff0379-2b73-4981-9f13-2b02b53bc90f
which can be used as unique global reference for Runexehelper.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-12-13T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Runexehelper.exe |
ELC Running at startup
hoakley. (2018, May 22). Running at startup: when to use a Login Item or a LaunchAgent/LaunchDaemon. Retrieved October 5, 2021.
Internal MISP references
UUID 11ee6303-5103-4063-a765-659ead217c6c
which can be used as unique global reference for ELC Running at startup
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-05T00:00:00Z |
date_published | 2018-05-22T00:00:00Z |
source | MITRE |
title | Running at startup: when to use a Login Item or a LaunchAgent/LaunchDaemon |
Powershell Remote Commands
Microsoft. (2020, August 21). Running Remote Commands. Retrieved July 26, 2021.
Internal MISP references
UUID 24c526e1-7199-45ca-99b4-75e75c7041cd
which can be used as unique global reference for Powershell Remote Commands
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-07-26T00:00:00Z |
date_published | 2020-08-21T00:00:00Z |
source | MITRE |
title | Running Remote Commands |
AutoIT
AutoIT. (n.d.). Running Scripts. Retrieved March 29, 2024.
Internal MISP references
UUID 97e76bc2-9312-5f39-8491-8b42ddeb2067
which can be used as unique global reference for AutoIT
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-29T00:00:00Z |
source | MITRE |
title | Running Scripts |
Runonce.exe - LOLBAS Project
LOLBAS. (2018, May 25). Runonce.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b97d4b16-ead2-4cc7-90e5-f8b05d84faf3
which can be used as unique global reference for Runonce.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Runonce.exe |
Apple Developer Doco Archive Run-Path
Apple Inc.. (2012, July 7). Run-Path Dependent Libraries. Retrieved March 31, 2021.
Internal MISP references
UUID e9e5cff5-836a-4b66-87d5-03a727c0f467
which can be used as unique global reference for Apple Developer Doco Archive Run-Path
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-31T00:00:00Z |
date_published | 2012-07-07T00:00:00Z |
source | MITRE |
title | Run-Path Dependent Libraries |
Runscripthelper.exe - LOLBAS Project
LOLBAS. (2018, May 25). Runscripthelper.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 6d7151e3-685a-4dc7-a44d-aefae4f3db6a
which can be used as unique global reference for Runscripthelper.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Runscripthelper.exe |
Microsoft Run Command
Microsoft. (2023, March 10). Run scripts in your VM by using Run Command. Retrieved March 13, 2023.
Internal MISP references
UUID 4f2e6adb-6e3d-5f1f-b873-4b99797f2bfa
which can be used as unique global reference for Microsoft Run Command
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-13T00:00:00Z |
date_published | 2023-03-10T00:00:00Z |
source | MITRE |
title | Run scripts in your VM by using Run Command |
McAfee APT28 DDE2 Nov 2017
Paganini, P. (2017, November 9). Russia-Linked APT28 group observed using DDE attack to deliver malware. Retrieved November 21, 2017.
Internal MISP references
UUID d5ab8075-334f-492c-8318-c691f210b984
which can be used as unique global reference for McAfee APT28 DDE2 Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-21T00:00:00Z |
date_published | 2017-11-09T00:00:00Z |
source | MITRE |
title | Russia-Linked APT28 group observed using DDE attack to deliver malware |
Security Affairs DustSquad Oct 2018
Paganini, P. (2018, October 16). Russia-linked APT group DustSquad targets diplomatic entities in Central Asia. Retrieved August 24, 2021.
Internal MISP references
UUID 0e6b019c-cf8e-40a7-9e7c-6a7dc5309dc6
which can be used as unique global reference for Security Affairs DustSquad Oct 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-24T00:00:00Z |
date_published | 2018-10-16T00:00:00Z |
source | MITRE |
title | Russia-linked APT group DustSquad targets diplomatic entities in Central Asia |
SecurityWeek Nomadic Octopus Oct 2018
Kovacs, E. (2018, October 18). Russia-Linked Hackers Target Diplomatic Entities in Central Asia. Retrieved October 13, 2021.
Internal MISP references
UUID 659f86ef-7e90-42ff-87b7-2e289f9f6cc2
which can be used as unique global reference for SecurityWeek Nomadic Octopus Oct 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-13T00:00:00Z |
date_published | 2018-10-18T00:00:00Z |
source | MITRE |
title | Russia-Linked Hackers Target Diplomatic Entities in Central Asia |
U.S. Federal Bureau of Investigation 2 27 2024
U.S. Federal Bureau of Investigation. (2024, February 27). Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations. Retrieved February 28, 2024.
Internal MISP references
UUID 962fb031-dfd1-43a7-8202-3a2231b0472b
which can be used as unique global reference for U.S. Federal Bureau of Investigation 2 27 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-28T00:00:00Z |
date_published | 2024-02-27T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations |
U.S. CISA SVR TeamCity Exploits December 2023
Cybersecurity and Infrastructure Security Agency. (2023, December 13). Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally. Retrieved December 14, 2023.
Internal MISP references
UUID 5f66f864-58c2-4b41-8011-61f954e04b7e
which can be used as unique global reference for U.S. CISA SVR TeamCity Exploits December 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-14T00:00:00Z |
date_published | 2023-12-13T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally |
U.S. CISA Star Blizzard December 2023
Cybersecurity and Infrastructure Security Agency. (2023, December 7). Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns. Retrieved December 14, 2023.
Internal MISP references
UUID 3d53c154-8ced-4dbe-ab4e-db3bc15bfe4b
which can be used as unique global reference for U.S. CISA Star Blizzard December 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-14T00:00:00Z |
date_published | 2023-12-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns |
NSA/FBI Drovorub August 2020
NSA/FBI. (2020, August). Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware. Retrieved August 25, 2020.
Internal MISP references
UUID d697a342-4100-4e6b-95b9-4ae3ba80924b
which can be used as unique global reference for NSA/FBI Drovorub August 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-25T00:00:00Z |
date_published | 2020-08-01T00:00:00Z |
source | MITRE |
title | Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware |
Cybersecurity Advisory GRU Brute Force Campaign July 2021
NSA, CISA, FBI, NCSC. (2021, July). Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments. Retrieved July 26, 2021.
Internal MISP references
UUID e70f0742-5f3e-4701-a46b-4a58c0281537
which can be used as unique global reference for Cybersecurity Advisory GRU Brute Force Campaign July 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-07-26T00:00:00Z |
date_published | 2021-07-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments |
BleepingComputer Ebury March 2017
Cimpanu, C.. (2017, March 29). Russian Hacker Pleads Guilty for Role in Infamous Linux Ebury Malware. Retrieved April 23, 2019.
Internal MISP references
UUID e5d69297-b0f3-4586-9eb7-d2922b3ee7bb
which can be used as unique global reference for BleepingComputer Ebury March 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-23T00:00:00Z |
date_published | 2017-03-29T00:00:00Z |
source | MITRE |
title | Russian Hacker Pleads Guilty for Role in Infamous Linux Ebury Malware |
Russian 2FA Push Annoyance - Cimpanu
Catalin Cimpanu. (2021, December 9). Russian hackers bypass 2FA by annoying victims with repeated push notifications. Retrieved March 31, 2022.
Internal MISP references
UUID ad2b0648-b657-4daa-9510-82375a252fc4
which can be used as unique global reference for Russian 2FA Push Annoyance - Cimpanu
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-31T00:00:00Z |
date_published | 2021-12-09T00:00:00Z |
source | MITRE |
title | Russian hackers bypass 2FA by annoying victims with repeated push notifications |
Unit42 Redaman January 2019
Duncan, B., Harbison, M. (2019, January 23). Russian Language Malspam Pushing Redaman Banking Malware. Retrieved June 16, 2020.
Internal MISP references
UUID 433cd55a-f912-4d5a-aff6-92133d08267b
which can be used as unique global reference for Unit42 Redaman January 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-16T00:00:00Z |
date_published | 2019-01-23T00:00:00Z |
source | MITRE |
title | Russian Language Malspam Pushing Redaman Banking Malware |
Russians Exploit Default MFA Protocol - CISA March 2022
Cyber Security Infrastructure Agency. (2022, March 15). Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. Retrieved May 31, 2022.
Internal MISP references
UUID 00c6ff88-6eeb-486d-ae69-dffd5aebafe6
which can be used as unique global reference for Russians Exploit Default MFA Protocol - CISA March 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-31T00:00:00Z |
date_published | 2022-03-15T00:00:00Z |
source | MITRE |
title | Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability |
CISA MFA PrintNightmare
Cybersecurity and Infrastructure Security Agency. (2022, March 15). Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. Retrieved March 16, 2022.
Internal MISP references
UUID fa03324e-c79c-422e-80f1-c270fd87d4e2
which can be used as unique global reference for CISA MFA PrintNightmare
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-16T00:00:00Z |
date_published | 2022-03-15T00:00:00Z |
source | MITRE |
title | Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability |
US-CERT TA18-106A Network Infrastructure Devices 2018
US-CERT. (2018, April 20). Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices. Retrieved October 19, 2020.
Internal MISP references
UUID 8fdf280d-680f-4b8f-8fb9-6b3118ec3983
which can be used as unique global reference for US-CERT TA18-106A Network Infrastructure Devices 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
date_published | 2018-04-20T00:00:00Z |
source | MITRE |
title | Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices |
alert_TA18_106A
CISA. (2018, April 20). Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices. Retrieved February 14, 2022.
Internal MISP references
UUID 26b520dc-5c68-40f4-82fb-366d27fc0c2f
which can be used as unique global reference for alert_TA18_106A
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-14T00:00:00Z |
date_published | 2018-04-20T00:00:00Z |
source | MITRE |
title | Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices |
UK GOV FSB Factsheet April 2022
UK Gov. (2022, April 5). Russia's FSB malign activity: factsheet. Retrieved April 5, 2022.
Internal MISP references
UUID 27e7d347-9d85-4897-9e04-33f58acc5687
which can be used as unique global reference for UK GOV FSB Factsheet April 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-05T00:00:00Z |
date_published | 2022-04-05T00:00:00Z |
source | MITRE |
title | Russia's FSB malign activity: factsheet |
Unit 42 Gamaredon February 2022
Unit 42. (2022, February 3). Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine. Retrieved February 21, 2022.
Internal MISP references
UUID a5df39b2-77f8-4814-8198-8620655aa79b
which can be used as unique global reference for Unit 42 Gamaredon February 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-21T00:00:00Z |
date_published | 2022-02-03T00:00:00Z |
source | MITRE |
title | Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine |
Wired Russia Cyberwar
Greenberg, A. (2022, November 10). Russia’s New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless. Retrieved March 22, 2023.
Internal MISP references
UUID 28c53a97-5500-5bfb-8aac-3c0bf94c2dfe
which can be used as unique global reference for Wired Russia Cyberwar
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-22T00:00:00Z |
date_published | 2022-11-10T00:00:00Z |
source | MITRE |
title | Russia’s New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless |
RyanW3stman Tweet October 10 2023
RyanW3stman. (2023, October 10). RyanW3stman Tweet October 10 2023. Retrieved October 10, 2023.
Internal MISP references
UUID cfd0ad64-54b2-446f-9624-9c90a9a94f52
which can be used as unique global reference for RyanW3stman Tweet October 10 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-10T00:00:00Z |
date_published | 2023-10-10T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | RyanW3stman Tweet October 10 2023 |
Ryte Wiki
Ryte Wiki. (n.d.). Retrieved March 5, 2024.
Internal MISP references
UUID 51b4932e-f85a-5483-8bf8-48de9c85782d
which can be used as unique global reference for Ryte Wiki
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-05T00:00:00Z |
source | MITRE |
title | Ryte Wiki |
DFIR Ryuk in 5 Hours October 2020
The DFIR Report. (2020, October 18). Ryuk in 5 Hours. Retrieved October 19, 2020.
Internal MISP references
UUID 892150f4-769d-447d-b652-e5d85790ee37
which can be used as unique global reference for DFIR Ryuk in 5 Hours October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
date_published | 2020-10-18T00:00:00Z |
source | MITRE |
title | Ryuk in 5 Hours |
ANSSI RYUK RANSOMWARE
ANSSI. (2021, February 25). RYUK RANSOMWARE. Retrieved March 29, 2021.
Internal MISP references
UUID 0a23be83-3438-4437-9e51-0cfa16a00d57
which can be used as unique global reference for ANSSI RYUK RANSOMWARE
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-29T00:00:00Z |
date_published | 2021-02-25T00:00:00Z |
source | MITRE |
title | RYUK RANSOMWARE |
Bleeping Computer - Ryuk WoL
Abrams, L. (2021, January 14). Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices. Retrieved February 11, 2021.
Internal MISP references
UUID f6670b73-4d57-4aad-8264-1d42d585e280
which can be used as unique global reference for Bleeping Computer - Ryuk WoL
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-11T00:00:00Z |
date_published | 2021-01-14T00:00:00Z |
source | MITRE |
title | Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices |
DFIR Ryuk 2 Hour Speed Run November 2020
The DFIR Report. (2020, November 5). Ryuk Speed Run, 2 Hours to Ransom. Retrieved November 6, 2020.
Internal MISP references
UUID 3b904516-3b26-4caa-8814-6e69b76a7c8c
which can be used as unique global reference for DFIR Ryuk 2 Hour Speed Run November 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-06T00:00:00Z |
date_published | 2020-11-05T00:00:00Z |
source | MITRE |
title | Ryuk Speed Run, 2 Hours to Ransom |
DFIR Ryuk's Return October 2020
The DFIR Report. (2020, October 8). Ryuk’s Return. Retrieved October 9, 2020.
Internal MISP references
UUID eba1dafb-ff62-4d34-b268-3b9ba6a7a822
which can be used as unique global reference for DFIR Ryuk's Return October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-09T00:00:00Z |
date_published | 2020-10-08T00:00:00Z |
source | MITRE |
title | Ryuk’s Return |
Rhino S3 Ransomware Part 1
Gietzen, S. (n.d.). S3 Ransomware Part 1: Attack Vector. Retrieved April 14, 2021.
Internal MISP references
UUID bb28711f-186d-4101-b153-6340ce826343
which can be used as unique global reference for Rhino S3 Ransomware Part 1
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-14T00:00:00Z |
source | MITRE |
title | S3 Ransomware Part 1: Attack Vector |
Rhino S3 Ransomware Part 2
Gietzen, S. (n.d.). S3 Ransomware Part 2: Prevention and Defense. Retrieved April 14, 2021.
Internal MISP references
UUID a2b3e738-257c-4078-9fde-d55b08c8003b
which can be used as unique global reference for Rhino S3 Ransomware Part 2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-14T00:00:00Z |
source | MITRE |
title | S3 Ransomware Part 2: Prevention and Defense |
S3Recon GitHub
Travis Clarke. (2020, March 21). S3Recon GitHub. Retrieved March 4, 2022.
Internal MISP references
UUID 803c51be-a54e-4fab-8ea0-c6bef18e84d3
which can be used as unique global reference for S3Recon GitHub
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-04T00:00:00Z |
date_published | 2020-03-21T00:00:00Z |
source | MITRE |
title | S3Recon GitHub |
Dell Sakula
Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, July 30). Sakula Malware Family. Retrieved January 26, 2016.
Internal MISP references
UUID e9a2ffd8-7aed-4343-8678-66fc3e758d19
which can be used as unique global reference for Dell Sakula
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-26T00:00:00Z |
date_published | 2015-07-30T00:00:00Z |
source | MITRE |
title | Sakula Malware Family |
Wine API samlib.dll
Wine API. (n.d.). samlib.dll. Retrieved December 4, 2017.
Internal MISP references
UUID d0fdc669-959c-42ed-be5d-386a4e90a897
which can be used as unique global reference for Wine API samlib.dll
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-04T00:00:00Z |
source | MITRE |
title | samlib.dll |
Sophos SamSam Apr 2018
Palotay, D. and Mackenzie, P. (2018, April). SamSam Ransomware Chooses Its Targets Carefully. Retrieved April 15, 2019.
Internal MISP references
UUID 4da5e9c3-7205-4a6e-b147-be7c971380f0
which can be used as unique global reference for Sophos SamSam Apr 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-15T00:00:00Z |
date_published | 2018-04-01T00:00:00Z |
source | MITRE |
title | SamSam Ransomware Chooses Its Targets Carefully |
Symantec SamSam Oct 2018
Symantec Security Response Attack Investigation Team. (2018, October 30). SamSam: Targeted Ransomware Attacks Continue. Retrieved April 16, 2019.
Internal MISP references
UUID c5022a91-bdf4-4187-9967-dfe6362219ea
which can be used as unique global reference for Symantec SamSam Oct 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-16T00:00:00Z |
date_published | 2018-10-30T00:00:00Z |
source | MITRE |
title | SamSam: Targeted Ransomware Attacks Continue |
Talos SamSam Jan 2018
Ventura, V. (2018, January 22). SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks. Retrieved April 16, 2019.
Internal MISP references
UUID 0965bb64-be96-46b9-b60f-6829c43a661f
which can be used as unique global reference for Talos SamSam Jan 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-16T00:00:00Z |
date_published | 2018-01-22T00:00:00Z |
source | MITRE |
title | SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks |
NSA Sandworm 2020
National Security Agency. (2020, March 28). Sandworm Actors Exploiting Vulnerability In EXIM Mail Transfer Agent. Retrieved March 1, 2024.
Internal MISP references
UUID 5135c600-b2a6-59e7-9023-8e293736f8de
which can be used as unique global reference for NSA Sandworm 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-01T00:00:00Z |
date_published | 2020-03-28T00:00:00Z |
source | MITRE |
title | Sandworm Actors Exploiting Vulnerability In EXIM Mail Transfer Agent |
Mandiant Sandworm November 9 2023
Ken Proska, John Wolfram, Jared Wilson, Dan Black, Keith Lunden, Daniel Kapellmann Zafra, Nathan Brubaker, Tyler McLellan, Chris Sistrunk. (2023, November 9). Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology. Retrieved April 17, 2024.
Internal MISP references
UUID e35f005d-a3cd-4733-88ac-92bbf46e2c8a
which can be used as unique global reference for Mandiant Sandworm November 9 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-17T00:00:00Z |
date_published | 2023-11-09T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology |
Mandiant-Sandworm-Ukraine-2022
Ken Proska, John Wolfram, Jared Wilson, Dan Black, Keith Lunden, Daniel Kapellmann Zafra, Nathan Brubaker, Tyler Mclellan, Chris Sistrunk. (2023, November 9). Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology. Retrieved March 28, 2024.
Internal MISP references
UUID 7ad64744-2790-54e4-97cd-e412423f6ada
which can be used as unique global reference for Mandiant-Sandworm-Ukraine-2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-28T00:00:00Z |
date_published | 2023-11-09T00:00:00Z |
source | MITRE |
title | Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology |
ANSSI Sandworm January 2021
ANSSI. (2021, January 27). SANDWORM INTRUSION SET CAMPAIGN TARGETING CENTREON SYSTEMS. Retrieved March 30, 2021.
Internal MISP references
UUID 5e619fef-180a-46d4-8bf5-998860b5ad7e
which can be used as unique global reference for ANSSI Sandworm January 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-30T00:00:00Z |
date_published | 2021-01-27T00:00:00Z |
source | MITRE |
title | SANDWORM INTRUSION SET CAMPAIGN TARGETING CENTREON SYSTEMS |
iSIGHT Sandworm 2014
Hultquist, J.. (2016, January 7). Sandworm Team and the Ukrainian Power Authority Attacks. Retrieved October 6, 2017.
Internal MISP references
UUID 63622990-5467-42b2-8f45-b675dfc4dc8f
which can be used as unique global reference for iSIGHT Sandworm 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-10-06T00:00:00Z |
date_published | 2016-01-07T00:00:00Z |
source | MITRE |
title | Sandworm Team and the Ukrainian Power Authority Attacks |
DOJ - Cisco Insider
DOJ. (2020, August 26). San Jose Man Pleads Guilty To Damaging Cisco’s Network. Retrieved December 15, 2020.
Internal MISP references
UUID b8d9006d-7466-49cf-a70e-384edee530ce
which can be used as unique global reference for DOJ - Cisco Insider
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-15T00:00:00Z |
date_published | 2020-08-26T00:00:00Z |
source | MITRE |
title | San Jose Man Pleads Guilty To Damaging Cisco’s Network |
SANS 1
Joshua Wright. (2020, October 13). Retrieved March 22, 2024.
Internal MISP references
UUID 6fb8f825-5f77-501a-8277-22a5f551d13a
which can be used as unique global reference for SANS 1
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-22T00:00:00Z |
source | MITRE |
title | SANS 1 |
SANS 2
Joshua Wright. (2020, October 14). Retrieved March 22, 2024.
Internal MISP references
UUID 2a4c41f3-473f-516f-8c68-b771f7c3dfcb
which can be used as unique global reference for SANS 2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-22T00:00:00Z |
source | MITRE |
title | SANS 2 |
ATT ScanBox
Blasco, J. (2014, August 28). Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks. Retrieved October 19, 2020.
Internal MISP references
UUID 48753fc9-b7b7-465f-92a7-fb3f51b032cb
which can be used as unique global reference for ATT ScanBox
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
date_published | 2014-08-28T00:00:00Z |
source | MITRE |
title | Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks |
Mandiant SCANdalous Jul 2020
Stephens, A. (2020, July 13). SCANdalous! (External Detection Using Network Scan Data and Automation). Retrieved October 12, 2021.
Internal MISP references
UUID 3a60f7de-9ead-444e-9d08-689c655b26c7
which can be used as unique global reference for Mandiant SCANdalous Jul 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-12T00:00:00Z |
date_published | 2020-07-13T00:00:00Z |
source | MITRE |
title | SCANdalous! (External Detection Using Network Scan Data and Automation) |
Securelist ScarCruft May 2019
GReAT. (2019, May 13). ScarCruft continues to evolve, introduces Bluetooth harvester. Retrieved June 4, 2019.
Internal MISP references
UUID 2dd5b872-a4ab-4b77-8457-a3d947298fc0
which can be used as unique global reference for Securelist ScarCruft May 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-04T00:00:00Z |
date_published | 2019-05-13T00:00:00Z |
source | MITRE |
title | ScarCruft continues to evolve, introduces Bluetooth harvester |
Sysdig ScarletEel 2.0 2023
Alessandro Brucato. (2023, July 11). SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto. Retrieved September 25, 2023.
Internal MISP references
UUID 285266e7-7a62-5f98-9b0f-fefde4b21c88
which can be used as unique global reference for Sysdig ScarletEel 2.0 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-25T00:00:00Z |
date_published | 2023-07-11T00:00:00Z |
source | MITRE |
title | SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto |
Sysdig ScarletEel 2.0
SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto. (2023, July 11). SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto. Retrieved July 12, 2023.
Internal MISP references
UUID 90e60242-82d8-5648-b7e4-def6fd508e16
which can be used as unique global reference for Sysdig ScarletEel 2.0
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-12T00:00:00Z |
date_published | 2023-07-11T00:00:00Z |
source | MITRE |
title | SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto |
Sysdig Scarleteel February 28 2023
Alberto Pellitteri. (2023, February 28). SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft. Retrieved February 2, 2023.
Internal MISP references
UUID 18931f81-51bf-44af-9573-512ccb66c238
which can be used as unique global reference for Sysdig Scarleteel February 28 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-02T00:00:00Z |
date_published | 2023-02-28T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft |
Scarlet Mimic Jan 2016
Falcone, R. and Miller-Osborn, J.. (2016, January 24). Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists. Retrieved February 10, 2016.
Internal MISP references
UUID f84a5b6d-3af1-45b1-ac55-69ceced8735f
which can be used as unique global reference for Scarlet Mimic Jan 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-02-10T00:00:00Z |
date_published | 2016-01-24T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists |
U.S. CISA Scattered Spider November 16 2023
Cybersecurity and Infrastructure Security Agency. (2023, November 16). Scattered Spider. Retrieved November 16, 2023.
Internal MISP references
UUID 9c242265-c28c-4580-8e6a-478d8700b092
which can be used as unique global reference for U.S. CISA Scattered Spider November 16 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-16T00:00:00Z |
date_published | 2023-11-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Scattered Spider |
CrowdStrike Scattered Spider Profile
CrowdStrike. (n.d.). Scattered Spider. Retrieved July 5, 2023.
Internal MISP references
UUID a865a984-7f7b-5f82-ac4a-6fac79a2a753
which can be used as unique global reference for CrowdStrike Scattered Spider Profile
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-05T00:00:00Z |
source | MITRE |
title | Scattered Spider |
CrowdStrike Scattered Spider BYOVD January 2023
CrowdStrike. (2023, January 10). SCATTERED SPIDER Exploits Windows Security Deficiencies with Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security. Retrieved July 5, 2023.
Internal MISP references
UUID d7d86f5d-1f02-54b0-b6f4-879878563245
which can be used as unique global reference for CrowdStrike Scattered Spider BYOVD January 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-05T00:00:00Z |
date_published | 2023-01-10T00:00:00Z |
source | MITRE |
title | SCATTERED SPIDER Exploits Windows Security Deficiencies with Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security |
Trellix Scattered Spider MO August 2023
Trellix et. al.. (2023, August 17). Scattered Spider: The Modus Operandi. Retrieved March 18, 2024.
Internal MISP references
UUID 0041bf10-e26f-59e8-a212-6b1687aafb79
which can be used as unique global reference for Trellix Scattered Spider MO August 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-18T00:00:00Z |
date_published | 2023-08-17T00:00:00Z |
source | MITRE |
title | Scattered Spider: The Modus Operandi |
Sc.exe - LOLBAS Project
LOLBAS. (2018, May 25). Sc.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 5ce3ef73-f789-4939-a60e-e0a373048bda
which can be used as unique global reference for Sc.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Sc.exe |
TechNet Forum Scheduled Task Operational Setting
Satyajit321. (2015, November 3). Scheduled Tasks History Retention settings. Retrieved December 12, 2017.
Internal MISP references
UUID 63e53238-30b5-46ef-8083-7d2888b01561
which can be used as unique global reference for TechNet Forum Scheduled Task Operational Setting
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-12T00:00:00Z |
date_published | 2015-11-03T00:00:00Z |
source | MITRE |
title | Scheduled Tasks History Retention settings |
Kifarunix - Task Scheduling in Linux
Koromicha. (2019, September 7). Scheduling tasks using at command in Linux. Retrieved December 3, 2019.
Internal MISP references
UUID dbab6766-ab87-4528-97e5-cc3121aa77b9
which can be used as unique global reference for Kifarunix - Task Scheduling in Linux
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-12-03T00:00:00Z |
date_published | 2019-09-07T00:00:00Z |
source | MITRE |
title | Scheduling tasks using at command in Linux |
TechNet Schtasks
Microsoft. (n.d.). Schtasks. Retrieved April 28, 2016.
Internal MISP references
UUID 17c03e27-222d-41b5-9fa2-34f0939e5371
which can be used as unique global reference for TechNet Schtasks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-28T00:00:00Z |
source | MITRE |
title | Schtasks |
Schtasks.exe - LOLBAS Project
LOLBAS. (2018, May 25). Schtasks.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 2ef31677-b7ec-4200-a342-7c9196e1aa58
which can be used as unique global reference for Schtasks.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Schtasks.exe |
Secplicity Rhysida May 23 2023
Ryan Estes. (2023, May 23). Scratching the Surface of Rhysida Ransomware. Retrieved August 11, 2023.
Internal MISP references
UUID 1b73bfb6-376e-4252-b3a1-9b6cf5ccaaf3
which can be used as unique global reference for Secplicity Rhysida May 23 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-11T00:00:00Z |
date_published | 2023-05-23T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Scratching the Surface of Rhysida Ransomware |
Wikipedia Screensaver
Wikipedia. (2017, November 22). Screensaver. Retrieved December 5, 2017.
Internal MISP references
UUID b5d69465-27df-4acc-b6cc-f51be8780b7b
which can be used as unique global reference for Wikipedia Screensaver
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-05T00:00:00Z |
date_published | 2017-11-22T00:00:00Z |
source | MITRE |
title | Screensaver |
CobaltStrike Scripted Web Delivery
Strategic Cyber, LLC. (n.d.). Scripted Web Delivery. Retrieved January 23, 2018.
Internal MISP references
UUID 89ed4c93-b69d-4eed-8212-cd2ebee08bcb
which can be used as unique global reference for CobaltStrike Scripted Web Delivery
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-23T00:00:00Z |
source | MITRE |
title | Scripted Web Delivery |
Cobalt Strike DCOM Jan 2017
Mudge, R. (2017, January 24). Scripting Matt Nelson’s MMC20.Application Lateral Movement Technique. Retrieved November 21, 2017.
Internal MISP references
UUID ccafe7af-fbb3-4478-9035-f588e5e3c8b8
which can be used as unique global reference for Cobalt Strike DCOM Jan 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-21T00:00:00Z |
date_published | 2017-01-24T00:00:00Z |
source | MITRE |
title | Scripting Matt Nelson’s MMC20.Application Lateral Movement Technique |
Scriptrunner.exe - LOLBAS Project
LOLBAS. (2018, May 25). Scriptrunner.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 805d16cc-8bd0-4f80-b0ac-c5b5df51427c
which can be used as unique global reference for Scriptrunner.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Scriptrunner.exe |
Scrobj.dll - LOLBAS Project
LOLBAS. (2021, January 7). Scrobj.dll. Retrieved December 4, 2023.
Internal MISP references
UUID c50ff71f-c742-4d63-a18e-e1ce41d55193
which can be used as unique global reference for Scrobj.dll - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-01-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Scrobj.dll |
Microsoft SDelete July 2016
Russinovich, M. (2016, July 4). SDelete v2.0. Retrieved February 8, 2018.
Internal MISP references
UUID 356c7d49-5abc-4566-9657-5ce58cf7be67
which can be used as unique global reference for Microsoft SDelete July 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-08T00:00:00Z |
date_published | 2016-07-04T00:00:00Z |
source | MITRE |
title | SDelete v2.0 |
Sean Metcalf Twitter DNS Records
Sean Metcalf. (2019, May 9). Sean Metcalf Twitter. Retrieved May 27, 2022.
Internal MISP references
UUID c7482430-58f9-4365-a7c6-d17067b257e4
which can be used as unique global reference for Sean Metcalf Twitter DNS Records
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-27T00:00:00Z |
date_published | 2019-05-09T00:00:00Z |
source | MITRE |
title | Sean Metcalf Twitter |
AWS CloudTrail Search
Amazon. (n.d.). Search CloudTrail logs for API calls to EC2 Instances. Retrieved June 17, 2020.
Internal MISP references
UUID 636b933d-8953-4579-980d-227527dfcc94
which can be used as unique global reference for AWS CloudTrail Search
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-17T00:00:00Z |
source | MITRE |
title | Search CloudTrail logs for API calls to EC2 Instances |
Group IB Cobalt Aug 2017
Matveeva, V. (2017, August 15). Secrets of Cobalt. Retrieved October 10, 2018.
Internal MISP references
UUID 2d9ef1de-2ee6-4500-a87d-b55f83e65900
which can be used as unique global reference for Group IB Cobalt Aug 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-10T00:00:00Z |
date_published | 2017-08-15T00:00:00Z |
source | MITRE |
title | Secrets of Cobalt |
GitHub SHB Credential Guard
NSA IAD. (2017, April 20). Secure Host Baseline - Credential Guard. Retrieved April 25, 2017.
Internal MISP references
UUID 11bb1f9b-53c1-4738-ab66-56522f228743
which can be used as unique global reference for GitHub SHB Credential Guard
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-04-25T00:00:00Z |
date_published | 2017-04-20T00:00:00Z |
source | MITRE |
title | Secure Host Baseline - Credential Guard |
Secure Host Baseline EMET
National Security Agency. (2016, May 4). Secure Host Baseline EMET. Retrieved June 22, 2016.
Internal MISP references
UUID 00953d3e-5fe7-454a-8d01-6405f74cca80
which can be used as unique global reference for Secure Host Baseline EMET
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-22T00:00:00Z |
date_published | 2016-05-04T00:00:00Z |
source | MITRE |
title | Secure Host Baseline EMET |
TechNet Secure Boot Process
Microsoft. (n.d.). Secure the Windows 10 boot process. Retrieved April 23, 2020.
Internal MISP references
UUID 3f0ff65d-56a0-4c29-b561-e6342b0b6b65
which can be used as unique global reference for TechNet Secure Boot Process
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-04-23T00:00:00Z |
source | MITRE |
title | Secure the Windows 10 boot process |
Securing bash history
Mathew Branwell. (2012, March 21). Securing .bash_history file. Retrieved July 8, 2017.
Internal MISP references
UUID 15280399-e9c8-432c-8ee2-47ced9377378
which can be used as unique global reference for Securing bash history
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-08T00:00:00Z |
date_published | 2012-03-21T00:00:00Z |
source | MITRE |
title | Securing .bash_history file |
Microsoft Securing Privileged Access
Plett, C., Poggemeyer, L. (12, October 26). Securing Privileged Access Reference Material. Retrieved April 25, 2017.
Internal MISP references
UUID 716844d6-a6ed-41d4-9067-3822ed32828f
which can be used as unique global reference for Microsoft Securing Privileged Access
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-04-25T00:00:00Z |
date_published | 2026-10-12T00:00:00Z |
source | MITRE |
title | Securing Privileged Access Reference Material |
Berkley Secure
Berkeley Security, University of California. (n.d.). Securing Remote Desktop for System Administrators. Retrieved November 4, 2014.
Internal MISP references
UUID 98bdf25b-fbad-497f-abd2-8286d9e0479c
which can be used as unique global reference for Berkley Secure
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-04T00:00:00Z |
source | MITRE |
title | Securing Remote Desktop for System Administrators |
Cisco Securing SNMP
Cisco. (2006, May 10). Securing Simple Network Management Protocol. Retrieved October 19, 2020.
Internal MISP references
UUID 31de3a32-ae7a-42bf-9153-5d891651a7d1
which can be used as unique global reference for Cisco Securing SNMP
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
date_published | 2006-05-10T00:00:00Z |
source | MITRE |
title | Securing Simple Network Management Protocol |
ADSecurity Windows Secure Baseline
Metcalf, S. (2016, October 21). Securing Windows Workstations: Developing a Secure Baseline. Retrieved November 17, 2017.
Internal MISP references
UUID 078b9848-8e5f-4750-bb90-3e110876a6a4
which can be used as unique global reference for ADSecurity Windows Secure Baseline
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-17T00:00:00Z |
date_published | 2016-10-21T00:00:00Z |
source | MITRE |
title | Securing Windows Workstations: Developing a Secure Baseline |
Morphisec ShellTea June 2019
Gorelik, M.. (2019, June 10). SECURITY ALERT: FIN8 IS BACK IN BUSINESS, TARGETING THE HOSPITALITY INDUSTRY. Retrieved June 13, 2019.
Internal MISP references
UUID 1b6ce918-651a-480d-8305-82bccbf42e96
which can be used as unique global reference for Morphisec ShellTea June 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-13T00:00:00Z |
date_published | 2019-06-10T00:00:00Z |
source | MITRE |
title | SECURITY ALERT: FIN8 IS BACK IN BUSINESS, TARGETING THE HOSPITALITY INDUSTRY |
Carbon Black Obfuscation Sept 2016
Tedesco, B. (2016, September 23). Security Alert Summary. Retrieved February 12, 2018.
Internal MISP references
UUID bed8ae68-9738-46fb-abc9-0004fa35636a
which can be used as unique global reference for Carbon Black Obfuscation Sept 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-12T00:00:00Z |
date_published | 2016-09-23T00:00:00Z |
source | MITRE |
title | Security Alert Summary |
Havana authentication bug
Jay Pipes. (2013, December 23). Security Breach! Tenant A is seeing the VNC Consoles of Tenant B!. Retrieved October 6, 2021.
Internal MISP references
UUID 255181c2-b1c5-4531-bc16-853f21bc6435
which can be used as unique global reference for Havana authentication bug
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-06T00:00:00Z |
date_published | 2013-12-23T00:00:00Z |
source | MITRE |
title | Security Breach! Tenant A is seeing the VNC Consoles of Tenant B! |
Proofpoint TA450 Phishing March 2024
Miller, J. et al. (2024, March 21). Security Brief: TA450 Uses Embedded Links in PDF Attachments in Latest Campaign. Retrieved March 27, 2024.
Internal MISP references
UUID 263be6fe-d9ed-5216-a0be-e8391dbd83e6
which can be used as unique global reference for Proofpoint TA450 Phishing March 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-27T00:00:00Z |
date_published | 2024-03-21T00:00:00Z |
source | MITRE |
title | Security Brief: TA450 Uses Embedded Links in PDF Attachments in Latest Campaign |
Microsoft Trust Considerations Nov 2014
Microsoft. (2014, November 19). Security Considerations for Trusts. Retrieved November 30, 2017.
Internal MISP references
UUID 01ddd53c-1f02-466d-abf2-43bf1ab2d3fc
which can be used as unique global reference for Microsoft Trust Considerations Nov 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-30T00:00:00Z |
date_published | 2014-11-19T00:00:00Z |
source | MITRE |
title | Security Considerations for Trusts |
AWS Sec Groups VPC
Amazon. (n.d.). Security groups for your VPC. Retrieved October 13, 2021.
Internal MISP references
UUID a5dd078b-10c7-433d-b7b5-929cf8437413
which can be used as unique global reference for AWS Sec Groups VPC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-13T00:00:00Z |
source | MITRE |
title | Security groups for your VPC |
Microsoft SID
Microsoft. (n.d.). Security Identifiers. Retrieved November 30, 2017.
Internal MISP references
UUID c921c476-741e-4b49-8f94-752984adbba5
which can be used as unique global reference for Microsoft SID
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-30T00:00:00Z |
source | MITRE |
title | Security Identifiers |
Schneider Electric USB Malware
Schneider Electric. (2018, August 24). Security Notification – USB Removable Media Provided With Conext Combox and Conext Battery Monitor. Retrieved May 28, 2019.
Internal MISP references
UUID e4d8ce63-8626-4c8f-a437-b6a120ff61c7
which can be used as unique global reference for Schneider Electric USB Malware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-28T00:00:00Z |
date_published | 2018-08-24T00:00:00Z |
source | MITRE |
title | Security Notification – USB Removable Media Provided With Conext Combox and Conext Battery Monitor |
Electron 3
Alanna Titterington. (2023, September 14). Security of Electron-based desktop applications. Retrieved March 7, 2024.
Internal MISP references
UUID e3e9d747-d5d7-5d36-b5fc-9f58b1d330f3
which can be used as unique global reference for Electron 3
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-07T00:00:00Z |
date_published | 2023-09-14T00:00:00Z |
source | MITRE |
title | Security of Electron-based desktop applications |
Apple Dev SecurityD
Apple. (n.d.). Security Server and Security Agent. Retrieved March 29, 2024.
Internal MISP references
UUID 2b63d6c7-138b-5a9b-83e0-58f3d34723da
which can be used as unique global reference for Apple Dev SecurityD
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-29T00:00:00Z |
source | MITRE |
title | Security Server and Security Agent |
Microsoft Security Subsystem
Microsoft. (n.d.). Security Subsystem Architecture. Retrieved November 27, 2017.
Internal MISP references
UUID 27dae010-e3b3-4080-8039-9f89a29607e6
which can be used as unique global reference for Microsoft Security Subsystem
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-27T00:00:00Z |
source | MITRE |
title | Security Subsystem Architecture |
CISA IDN ST05-016
CISA. (2019, September 27). Security Tip (ST05-016): Understanding Internationalized Domain Names. Retrieved October 20, 2020.
Internal MISP references
UUID 3cc2c996-10e9-4e25-999c-21dc2c69e4af
which can be used as unique global reference for CISA IDN ST05-016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2019-09-27T00:00:00Z |
source | MITRE |
title | Security Tip (ST05-016): Understanding Internationalized Domain Names |
Azure AD Federation Vulnerability
Dr. Nestori Syynimaa.. (2017, November 16). Security vulnerability in Azure AD & Office 365 identity federation. Retrieved February 1, 2022.
Internal MISP references
UUID 123995be-36f5-4cd6-b80a-d601c2d0971e
which can be used as unique global reference for Azure AD Federation Vulnerability
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-01T00:00:00Z |
date_published | 2017-11-16T00:00:00Z |
source | MITRE |
title | Security vulnerability in Azure AD & Office 365 identity federation |
AADInternals zure AD Federated Domain
Dr. Nestori Syynimaa. (2017, November 16). Security vulnerability in Azure AD & Office 365 identity federation. Retrieved September 28, 2022.
Internal MISP references
UUID d2005eb6-4da4-4938-97fb-caa0e2381f4e
which can be used as unique global reference for AADInternals zure AD Federated Domain
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-28T00:00:00Z |
date_published | 2017-11-16T00:00:00Z |
source | MITRE |
title | Security vulnerability in Azure AD & Office 365 identity federation |
ESET Sednit July 2015
ESET Research. (2015, July 10). Sednit APT Group Meets Hacking Team. Retrieved March 1, 2017.
Internal MISP references
UUID e21c39ad-85e5-49b4-8df7-e8890b09c7c1
which can be used as unique global reference for ESET Sednit July 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-01T00:00:00Z |
date_published | 2015-07-10T00:00:00Z |
source | MITRE |
title | Sednit APT Group Meets Hacking Team |
ESET Sednit USBStealer 2014
Calvet, J. (2014, November 11). Sednit Espionage Group Attacking Air-Gapped Networks. Retrieved January 4, 2017.
Internal MISP references
UUID 8673f7fc-5b23-432a-a2d8-700ece46bd0f
which can be used as unique global reference for ESET Sednit USBStealer 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-01-04T00:00:00Z |
date_published | 2014-11-11T00:00:00Z |
source | MITRE |
title | Sednit Espionage Group Attacking Air-Gapped Networks |
ESET Sednit 2017 Activity
ESET. (2017, December 21). Sednit update: How Fancy Bear Spent the Year. Retrieved February 18, 2019.
Internal MISP references
UUID 406e434e-0602-4a08-bbf6-6d72311a720e
which can be used as unique global reference for ESET Sednit 2017 Activity
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-18T00:00:00Z |
date_published | 2017-12-21T00:00:00Z |
source | MITRE |
title | Sednit update: How Fancy Bear Spent the Year |
ESET Zebrocy Nov 2018
ESET. (2018, November 20). Sednit: What’s going on with Zebrocy?. Retrieved February 12, 2019.
Internal MISP references
UUID 1e503e32-75aa-482b-81d3-ac61e806fa5c
which can be used as unique global reference for ESET Zebrocy Nov 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-12T00:00:00Z |
date_published | 2018-11-20T00:00:00Z |
source | MITRE |
title | Sednit: What’s going on with Zebrocy? |
Symantec MuddyWater Dec 2018
Symantec DeepSight Adversary Intelligence Team. (2018, December 10). Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms. Retrieved December 14, 2018.
Internal MISP references
UUID a8e58ef1-91e1-4f93-b2ff-faa7a6365f5d
which can be used as unique global reference for Symantec MuddyWater Dec 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-12-14T00:00:00Z |
date_published | 2018-12-10T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms |
SanDisk SMART
SanDisk. (n.d.). Self-Monitoring, Analysis and Reporting Technology (S.M.A.R.T.). Retrieved October 2, 2018.
Internal MISP references
UUID 578464ff-79d4-4358-9aa6-df8d7063fee1
which can be used as unique global reference for SanDisk SMART
in MISP communities and other software using the MISP galaxy
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-02T00:00:00Z |
source | MITRE |
title | Self-Monitoring, Analysis and Reporting Technology (S.M.A.R.T.) |
SELinux official
SELinux Project. (2017, November 30). SELinux Project Wiki. Retrieved December 20, 2017.
Internal MISP references
UUID 3b64ce9e-6eec-42ee-bec1-1a8b5420f01d
which can be used as unique global reference for SELinux official
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 2017-11-30T00:00:00Z |
source | MITRE |
title | SELinux Project Wiki |
Microsoft SendNotifyMessage function
Microsoft. (n.d.). SendNotifyMessage function. Retrieved December 16, 2017.
Internal MISP references
UUID c65b3dc8-4129-4c14-b3d1-7fdd1d39ebd5
which can be used as unique global reference for Microsoft SendNotifyMessage function
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-16T00:00:00Z |
source | MITRE |
title | SendNotifyMessage function |
DFIR Report Gootloader
The DFIR Report. (2022, May 9). SEO Poisoning – A Gootloader Story. Retrieved September 30, 2022.
Internal MISP references
UUID aa12dc30-ba81-46c5-b412-ca4a01e72d7f
which can be used as unique global reference for DFIR Report Gootloader
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-30T00:00:00Z |
date_published | 2022-05-09T00:00:00Z |
source | MITRE |
title | SEO Poisoning – A Gootloader Story |
MalwareBytes SEO
Arntz, P. (2018, May 29). SEO poisoning: Is it worth it?. Retrieved September 30, 2022.
Internal MISP references
UUID 250b09a2-dd97-4fbf-af2f-618d1f126957
which can be used as unique global reference for MalwareBytes SEO
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-30T00:00:00Z |
date_published | 2018-05-29T00:00:00Z |
source | MITRE |
title | SEO poisoning: Is it worth it? |
Sophos Attachment
Ducklin, P. (2020, October 2). Serious Security: Phishing without links – when phishers bring along their own web pages. Retrieved October 20, 2020.
Internal MISP references
UUID b4aa5bf9-31db-42ee-93e8-a576ecc00b57
which can be used as unique global reference for Sophos Attachment
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2020-10-02T00:00:00Z |
source | MITRE |
title | Serious Security: Phishing without links – when phishers bring along their own web pages |
ProofPoint Serpent
Campbell, B. et al. (2022, March 21). Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain. Retrieved April 11, 2022.
Internal MISP references
UUID c2f7958b-f521-4133-9aeb-c5c8fae23e78
which can be used as unique global reference for ProofPoint Serpent
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-11T00:00:00Z |
date_published | 2022-03-21T00:00:00Z |
source | MITRE |
title | Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain |
Wikipedia SMB
Wikipedia. (2016, June 12). Server Message Block. Retrieved June 12, 2016.
Internal MISP references
UUID 087b4779-22d5-4872-adb7-583904a92285
which can be used as unique global reference for Wikipedia SMB
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-12T00:00:00Z |
date_published | 2016-06-12T00:00:00Z |
source | MITRE |
title | Server Message Block |
Wikipedia Server Message Block
Wikipedia. (2017, December 16). Server Message Block. Retrieved December 21, 2017.
Internal MISP references
UUID 3ea03c65-12e0-4e28-bbdc-17bb8c1e1831
which can be used as unique global reference for Wikipedia Server Message Block
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-21T00:00:00Z |
date_published | 2017-12-16T00:00:00Z |
source | MITRE |
title | Server Message Block |
Proofpoint TA505 Jan 2019
Schwarz, D. and Proofpoint Staff. (2019, January 9). ServHelper and FlawedGrace - New malware introduced by TA505. Retrieved May 28, 2019.
Internal MISP references
UUID b744f739-8810-4fb9-96e3-6488f9ed6305
which can be used as unique global reference for Proofpoint TA505 Jan 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-28T00:00:00Z |
date_published | 2019-01-09T00:00:00Z |
source | MITRE |
title | ServHelper and FlawedGrace - New malware introduced by TA505 |
Kubernetes Service Accounts Security
Kubernetes. (n.d.). Service Accounts. Retrieved July 14, 2023.
Internal MISP references
UUID 522eaa6b-0075-5346-bf3c-db1e7820aba2
which can be used as unique global reference for Kubernetes Service Accounts Security
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-14T00:00:00Z |
source | MITRE |
title | Service Accounts |
GCP Service Accounts
Google. (n.d.). Service Accounts Overview. Retrieved February 28, 2024.
Internal MISP references
UUID 7409c7d3-97a0-5f17-9061-cdaf41274647
which can be used as unique global reference for GCP Service Accounts
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-28T00:00:00Z |
source | MITRE |
title | Service Accounts Overview |
Microsoft Service Control Manager
Microsoft. (2018, May 31). Service Control Manager. Retrieved March 28, 2020.
Internal MISP references
UUID 00d22c6d-a51a-4107-bf75-53ec3330db92
which can be used as unique global reference for Microsoft Service Control Manager
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-28T00:00:00Z |
date_published | 2018-05-31T00:00:00Z |
source | MITRE |
title | Service Control Manager |
Rapid7 Service Persistence 22JUNE2016
Rapid7. (2016, June 22). Service Persistence. Retrieved April 23, 2019.
Internal MISP references
UUID 75441af3-2ff6-42c8-b7f1-c8dc2c27efe2
which can be used as unique global reference for Rapid7 Service Persistence 22JUNE2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-23T00:00:00Z |
date_published | 2016-06-22T00:00:00Z |
source | MITRE |
title | Service Persistence |
Microsoft SPN
Microsoft. (n.d.). Service Principal Names. Retrieved March 22, 2018.
Internal MISP references
UUID 985ad31b-c385-473d-978d-40b6cd85268a
which can be used as unique global reference for Microsoft SPN
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-22T00:00:00Z |
source | MITRE |
title | Service Principal Names |
Microsoft SetSPN
Microsoft. (2010, April 13). Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe). Retrieved March 22, 2018.
Internal MISP references
UUID dd5dc432-32de-4bf3-b2c7-0bbdda031dd0
which can be used as unique global reference for Microsoft SetSPN
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-22T00:00:00Z |
date_published | 2010-04-13T00:00:00Z |
source | MITRE |
title | Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe) |
Twitter Service Recovery Nov 2017
The Cyber (@r0wdy_). (2017, November 30). Service Recovery Parameters. Retrieved April 9, 2018.
Internal MISP references
UUID 8875ff5d-65bc-402a-bfe0-32adc10fb008
which can be used as unique global reference for Twitter Service Recovery Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-09T00:00:00Z |
date_published | 2017-11-30T00:00:00Z |
source | MITRE |
title | Service Recovery Parameters |
Tweet Registry Perms Weakness
@r0wdy_. (2017, November 30). Service Recovery Parameters. Retrieved April 9, 2018.
Internal MISP references
UUID 7757776d-b0e9-4a99-8a55-2cd1b248c4a0
which can be used as unique global reference for Tweet Registry Perms Weakness
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-09T00:00:00Z |
date_published | 2017-11-30T00:00:00Z |
source | MITRE |
title | Service Recovery Parameters |
TechNet Services
Microsoft. (n.d.). Services. Retrieved June 7, 2016.
Internal MISP references
UUID b50a3c2e-e997-4af5-8be0-3a8b3a959827
which can be used as unique global reference for TechNet Services
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-07T00:00:00Z |
source | MITRE |
title | Services |
Krebs Access Brokers Fortune 500
Brian Krebs. (2012, October 22). Service Sells Access to Fortune 500 Firms. Retrieved March 10, 2023.
Internal MISP references
UUID 37d237ae-f0a8-5b30-8f97-d751c1560391
which can be used as unique global reference for Krebs Access Brokers Fortune 500
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-10T00:00:00Z |
date_published | 2012-10-22T00:00:00Z |
source | MITRE |
title | Service Sells Access to Fortune 500 Firms |
Session Management Cheat Sheet
OWASP CheatSheets Series Team. (n.d.). Session Management Cheat Sheet. Retrieved December 26, 2023.
Internal MISP references
UUID 8b979a57-8238-5a68-bb0f-0301fa1b6432
which can be used as unique global reference for Session Management Cheat Sheet
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-26T00:00:00Z |
source | MITRE |
title | Session Management Cheat Sheet |
Medium Authentication Tokens
Hsu, S. (2018, June 30). Session vs Token Based Authentication. Retrieved September 29, 2021.
Internal MISP references
UUID 08b5165c-1c98-4ebc-9f9f-778115e9e06d
which can be used as unique global reference for Medium Authentication Tokens
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
date_published | 2018-06-30T00:00:00Z |
source | MITRE |
title | Session vs Token Based Authentication |
Microsoft Set-InboxRule
Microsoft. (n.d.). Set-InboxRule. Retrieved June 7, 2021.
Internal MISP references
UUID 28cc6142-cc4f-4e63-bcff-94347bc06b37
which can be used as unique global reference for Microsoft Set-InboxRule
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-07T00:00:00Z |
source | MITRE |
title | Set-InboxRule |
Setres.exe - LOLBAS Project
LOLBAS. (2022, October 21). Setres.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 631de0bd-d536-4183-bc5a-25af83bd795a
which can be used as unique global reference for Setres.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-10-21T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Setres.exe |
Microsoft Process Wide Com Keys
Microsoft. (n.d.). Setting Process-Wide Security Through the Registry. Retrieved November 21, 2017.
Internal MISP references
UUID 749d83a9-3c9f-42f4-b5ed-fa775b079716
which can be used as unique global reference for Microsoft Process Wide Com Keys
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-21T00:00:00Z |
source | MITRE |
title | Setting Process-Wide Security Through the Registry |
SettingSyncHost.exe - LOLBAS Project
LOLBAS. (2021, August 26). SettingSyncHost.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 57f573f2-1c9b-4037-8f4d-9ae65d13af94
which can be used as unique global reference for SettingSyncHost.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-08-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | SettingSyncHost.exe |
Petri Logon Script AD
Daniel Petri. (2009, January 8). Setting up a Logon Script through Active Directory Users and Computers in Windows Server 2008. Retrieved November 15, 2019.
Internal MISP references
UUID 1de42b0a-3dd6-4f75-bcf3-a2373e349a39
which can be used as unique global reference for Petri Logon Script AD
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-11-15T00:00:00Z |
date_published | 2009-01-08T00:00:00Z |
source | MITRE |
title | Setting up a Logon Script through Active Directory Users and Computers in Windows Server 2008 |
AWS Setting Up Run Command
AWS. (n.d.). Setting up Run Command. Retrieved March 13, 2023.
Internal MISP references
UUID 9d320336-5be4-5c20-8205-a139376fe648
which can be used as unique global reference for AWS Setting Up Run Command
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-13T00:00:00Z |
source | MITRE |
title | Setting up Run Command |
VNC Authentication
Tegan. (2019, August 15). Setting up System Authentication. Retrieved September 20, 2021.
Internal MISP references
UUID de6e1202-19aa-41af-8446-521abc20200d
which can be used as unique global reference for VNC Authentication
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-20T00:00:00Z |
date_published | 2019-08-15T00:00:00Z |
source | MITRE |
title | Setting up System Authentication |
MacOS VNC software for Remote Desktop
Apple Support. (n.d.). Set up a computer running VNC software for Remote Desktop. Retrieved August 18, 2021.
Internal MISP references
UUID c1f7fb59-6e61-4a7f-b14d-a3d1d3da45af
which can be used as unique global reference for MacOS VNC software for Remote Desktop
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-18T00:00:00Z |
source | MITRE |
title | Set up a computer running VNC software for Remote Desktop |
Setupapi.dll - LOLBAS Project
LOLBAS. (2018, May 25). Setupapi.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 1a8a1434-fc4a-4c3e-9a9b-fb91692d7efd
which can be used as unique global reference for Setupapi.dll - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Setupapi.dll |
Microsoft Service Recovery Feb 2013
Microsoft. (2013, February 22). Set up Recovery Actions to Take Place When a Service Fails. Retrieved April 9, 2018.
Internal MISP references
UUID 6284d130-83e5-4961-a723-af4f9a01c24e
which can be used as unique global reference for Microsoft Service Recovery Feb 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-09T00:00:00Z |
date_published | 2013-02-22T00:00:00Z |
source | MITRE |
title | Set up Recovery Actions to Take Place When a Service Fails |
Microsoft SetWindowLong function
Microsoft. (n.d.). SetWindowLong function. Retrieved December 16, 2017.
Internal MISP references
UUID 11755d06-a9df-4a19-a165-2995f25c4b12
which can be used as unique global reference for Microsoft SetWindowLong function
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-16T00:00:00Z |
source | MITRE |
title | SetWindowLong function |
Securelist ShadowPad Aug 2017
GReAT. (2017, August 15). ShadowPad in corporate networks. Retrieved March 22, 2021.
Internal MISP references
UUID 862877d7-e18c-4613-bdad-0700bf3d45ae
which can be used as unique global reference for Securelist ShadowPad Aug 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-22T00:00:00Z |
date_published | 2017-08-15T00:00:00Z |
source | MITRE |
title | ShadowPad in corporate networks |
Kaspersky ShadowPad Aug 2017
Kaspersky Lab. (2017, August). ShadowPad: popular server management software hit in supply chain attack. Retrieved March 22, 2021.
Internal MISP references
UUID 95c9a28d-6056-4f87-9a46-9491318889e2
which can be used as unique global reference for Kaspersky ShadowPad Aug 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-22T00:00:00Z |
date_published | 2017-08-01T00:00:00Z |
source | MITRE |
title | ShadowPad: popular server management software hit in supply chain attack |
Palo Alto Shamoon Nov 2016
Falcone, R.. (2016, November 30). Shamoon 2: Return of the Disttrack Wiper. Retrieved January 11, 2017.
Internal MISP references
UUID 15007a87-a281-41ae-b203-fdafe02a885f
which can be used as unique global reference for Palo Alto Shamoon Nov 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-01-11T00:00:00Z |
date_published | 2016-11-30T00:00:00Z |
source | MITRE |
title | Shamoon 2: Return of the Disttrack Wiper |
Unit 42 Shamoon3 2018
Falcone, R. (2018, December 13). Shamoon 3 Targets Oil and Gas Organization. Retrieved March 14, 2019.
Internal MISP references
UUID c2148166-faf4-4ab7-a37e-deae0c88c08d
which can be used as unique global reference for Unit 42 Shamoon3 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-14T00:00:00Z |
date_published | 2018-12-13T00:00:00Z |
source | MITRE |
title | Shamoon 3 Targets Oil and Gas Organization |
McAfee Shamoon December19 2018
Roccia, T., Saavedra-Morales, J., Beek, C.. (2018, December 19). Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems. Retrieved May 29, 2020.
Internal MISP references
UUID 11cb784e-0bfe-4e64-a1ed-56530798f358
which can be used as unique global reference for McAfee Shamoon December19 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-29T00:00:00Z |
date_published | 2018-12-19T00:00:00Z |
source | MITRE |
title | Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems |
McAfee Shamoon December 2018
Mundo, A., Roccia, T., Saavedra-Morales, J., Beek, C.. (2018, December 14). Shamoon Returns to Wipe Systems in Middle East, Europe . Retrieved May 29, 2020.
Internal MISP references
UUID d731f5b4-77a1-4de1-a00a-e2ad918de670
which can be used as unique global reference for McAfee Shamoon December 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-29T00:00:00Z |
date_published | 2018-12-14T00:00:00Z |
source | MITRE |
title | Shamoon Returns to Wipe Systems in Middle East, Europe |
TechNet Shared Folder
Microsoft. (n.d.). Share a Folder or Drive. Retrieved June 30, 2017.
Internal MISP references
UUID 80a9b92a-1404-4454-88f0-dd929a12e16f
which can be used as unique global reference for TechNet Shared Folder
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-06-30T00:00:00Z |
source | MITRE |
title | Share a Folder or Drive |
AWS EBS Snapshot Sharing
Amazon Web Services. (n.d.). Share an Amazon EBS snapshot. Retrieved March 2, 2022.
Internal MISP references
UUID 6f454218-91b7-4606-9467-c6d465c0fd1f
which can be used as unique global reference for AWS EBS Snapshot Sharing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-02T00:00:00Z |
source | MITRE |
title | Share an Amazon EBS snapshot |
Linux Shared Libraries
Wheeler, D. (2003, April 11). Shared Libraries. Retrieved September 7, 2023.
Internal MISP references
UUID 054d769a-f88e-55e9-971a-f169ee434cfe
which can be used as unique global reference for Linux Shared Libraries
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-07T00:00:00Z |
date_published | 2003-04-11T00:00:00Z |
source | MITRE |
title | Shared Libraries |
TLDP Shared Libraries
The Linux Documentation Project. (n.d.). Shared Libraries. Retrieved January 31, 2020.
Internal MISP references
UUID 2862845b-72b3-41d8-aafb-b36e90c6c30a
which can be used as unique global reference for TLDP Shared Libraries
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-01-31T00:00:00Z |
source | MITRE |
title | Shared Libraries |
Phrack halfdead 1997
halflife. (1997, September 1). Shared Library Redirection Techniques. Retrieved December 20, 2017.
Internal MISP references
UUID 9b3f0dc7-d830-43c5-8a5b-ad3c811920c5
which can be used as unique global reference for Phrack halfdead 1997
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 1997-09-01T00:00:00Z |
source | MITRE |
title | Shared Library Redirection Techniques |
Wikipedia Shared Resource
Wikipedia. (2017, April 15). Shared resource. Retrieved June 30, 2017.
Internal MISP references
UUID 6cc6164e-84b3-4413-9895-6719248808fb
which can be used as unique global reference for Wikipedia Shared Resource
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-06-30T00:00:00Z |
date_published | 2017-04-15T00:00:00Z |
source | MITRE |
title | Shared resource |
Sharepoint Sharing Events
Microsoft. (n.d.). Sharepoint Sharing Events. Retrieved October 8, 2021.
Internal MISP references
UUID 2086d37a-05a8-4604-9c69-75a178406b4a
which can be used as unique global reference for Sharepoint Sharing Events
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-08T00:00:00Z |
source | MITRE |
title | Sharepoint Sharing Events |
GitHub GhostPack Certificates
HarmJ0y. (2018, August 22). SharpDPAPI - Certificates. Retrieved August 2, 2022.
Internal MISP references
UUID 941e214d-4188-4ca0-9ef8-b26aa96373a2
which can be used as unique global reference for GitHub GhostPack Certificates
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-02T00:00:00Z |
date_published | 2018-08-22T00:00:00Z |
source | MITRE |
title | SharpDPAPI - Certificates |
Shdocvw.dll - LOLBAS Project
LOLBAS. (2018, May 25). Shdocvw.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 0739d5fe-b460-4ed4-be75-cff422643a32
which can be used as unique global reference for Shdocvw.dll - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Shdocvw.dll |
Securelist Turla Oct 2018
Kaspersky Lab's Global Research & Analysis Team. (2018, October 04). Shedding Skin – Turla’s Fresh Faces. Retrieved November 7, 2018.
Internal MISP references
UUID 5b08ea46-e25d-4df9-9b91-f8e7a1d5f7ee
which can be used as unique global reference for Securelist Turla Oct 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-07T00:00:00Z |
date_published | 2018-10-04T00:00:00Z |
source | MITRE |
title | Shedding Skin – Turla’s Fresh Faces |
Shell32.dll - LOLBAS Project
LOLBAS. (2018, May 25). Shell32.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 9465358f-e0cc-41f0-a7f9-01d5faca8157
which can be used as unique global reference for Shell32.dll - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Shell32.dll |
Cylance Shell Crew Feb 2017
Cylance SPEAR Team. (2017, February 9). Shell Crew Variants Continue to Fly Under Big AV’s Radar. Retrieved February 15, 2017.
Internal MISP references
UUID c0fe5d29-838b-4e91-bd33-59ab3dbcfbc3
which can be used as unique global reference for Cylance Shell Crew Feb 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-02-15T00:00:00Z |
date_published | 2017-02-09T00:00:00Z |
source | MITRE |
title | Shell Crew Variants Continue to Fly Under Big AV’s Radar |
Magento
Cesar Anjos. (2018, May 31). Shell Logins as a Magento Reinfection Vector. Retrieved December 17, 2020.
Internal MISP references
UUID b8b3f360-e14c-49ea-a4e5-8d6d9727e731
which can be used as unique global reference for Magento
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-17T00:00:00Z |
date_published | 2018-05-31T00:00:00Z |
source | MITRE |
title | Shell Logins as a Magento Reinfection Vector |
Trend Micro TA505 June 2019
Hiroaki, H. and Lu, L. (2019, June 12). Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns. Retrieved May 29, 2020.
Internal MISP references
UUID e664a0c7-154f-449e-904d-335be1b72b29
which can be used as unique global reference for Trend Micro TA505 June 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-29T00:00:00Z |
date_published | 2019-06-12T00:00:00Z |
source | MITRE |
title | Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns |
Shimgvw.dll - LOLBAS Project
LOLBAS. (2021, January 6). Shimgvw.dll. Retrieved December 4, 2023.
Internal MISP references
UUID aba1cc57-ac30-400f-8b02-db7bf279dfb6
which can be used as unique global reference for Shimgvw.dll - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-01-06T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Shimgvw.dll |
FireEye Shining A Light on DARKSIDE May 2021
FireEye. (2021, May 11). Shining a Light on DARKSIDE Ransomware Operations. Retrieved September 22, 2021.
Internal MISP references
UUID 6ac6acc2-9fea-4887-99b2-9988991b47b6
which can be used as unique global reference for FireEye Shining A Light on DARKSIDE May 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-22T00:00:00Z |
date_published | 2021-05-11T00:00:00Z |
source | MITRE |
title | Shining a Light on DARKSIDE Ransomware Operations |
Telekom Security DarkGate August 25 2023
Fabian Marquardt. (2023, August 25). Shining some light on the DarkGate loader. Retrieved October 20, 2023.
Internal MISP references
UUID 1cb60362-f73e-49e6-b0ee-e8f67a25c058
which can be used as unique global reference for Telekom Security DarkGate August 25 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-20T00:00:00Z |
date_published | 2023-08-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Shining some light on the DarkGate loader |
NCC Group Black Basta June 2022
Inman, R. and Gurney, P. (2022, June 6). Shining the Light on Black Basta. Retrieved March 8, 2023.
Internal MISP references
UUID b5f91f77-b102-5812-a79f-69b254487da8
which can be used as unique global reference for NCC Group Black Basta June 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-08T00:00:00Z |
date_published | 2022-06-06T00:00:00Z |
source | MITRE |
title | Shining the Light on Black Basta |
Trustwave Cherry Picker
Merritt, E.. (2015, November 16). Shining the Spotlight on Cherry Picker PoS Malware. Retrieved April 20, 2016.
Internal MISP references
UUID e09f639e-bdd3-4e88-8032-f665e347272b
which can be used as unique global reference for Trustwave Cherry Picker
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-20T00:00:00Z |
date_published | 2015-11-16T00:00:00Z |
source | MITRE |
title | Shining the Spotlight on Cherry Picker PoS Malware |
File obfuscation
Aspen Lindblom, Joseph Goodwin, and Chris Sheldon. (2021, July 19). Shlayer Malvertising Campaigns Still Using Flash Update Disguise. Retrieved March 29, 2024.
Internal MISP references
UUID 1fb860e8-47e4-5b6e-85ef-afe8de81a3b9
which can be used as unique global reference for File obfuscation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-29T00:00:00Z |
date_published | 2021-07-19T00:00:00Z |
source | MITRE |
title | Shlayer Malvertising Campaigns Still Using Flash Update Disguise |
Shlayer jamf gatekeeper bypass 2021
Jaron Bradley. (2021, April 26). Shlayer malware abusing Gatekeeper bypass on macOS. Retrieved September 22, 2021.
Internal MISP references
UUID 9ece29ee-c4e9-4a30-9958-88b114a417ce
which can be used as unique global reference for Shlayer jamf gatekeeper bypass 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-22T00:00:00Z |
date_published | 2021-04-26T00:00:00Z |
source | MITRE |
title | Shlayer malware abusing Gatekeeper bypass on macOS |
Shodan
Shodan. (n.d.). Shodan. Retrieved October 20, 2020.
Internal MISP references
UUID a142aceb-3ef5-4231-8771-bb3b2dae9acd
which can be used as unique global reference for Shodan
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
source | MITRE |
title | Shodan |
Shortcut for Persistence
Elastic. (n.d.). Shortcut File Written or Modified for Persistence. Retrieved June 1, 2022.
Internal MISP references
UUID 4a12e927-0511-40b1-85f3-869ffc452c2e
which can be used as unique global reference for Shortcut for Persistence
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-01T00:00:00Z |
source | MITRE |
title | Shortcut File Written or Modified for Persistence |
Unprotect Shortcut
Unprotect Project. (2019, March 18). Shortcut Hiding. Retrieved October 3, 2023.
Internal MISP references
UUID b62d40bc-2782-538a-8913-429908c6a2ee
which can be used as unique global reference for Unprotect Shortcut
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-03T00:00:00Z |
date_published | 2019-03-18T00:00:00Z |
source | MITRE |
title | Shortcut Hiding |
Sleep, shut down, hibernate
AVG. (n.d.). Should You Shut Down, Sleep or Hibernate Your PC or Mac Laptop?. Retrieved June 8, 2023.
Internal MISP references
UUID e9064801-0297-51d0-9089-db58f4811a9f
which can be used as unique global reference for Sleep, shut down, hibernate
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-08T00:00:00Z |
source | MITRE |
title | Should You Shut Down, Sleep or Hibernate Your PC or Mac Laptop? |
show_clock_detail_cisco_cmd
Cisco. (2023, March 6). show clock detail - Cisco IOS Security Command Reference: Commands S to Z . Retrieved July 13, 2022.
Internal MISP references
UUID a2215813-31b0-5624-92d8-479e7bd1a30b
which can be used as unique global reference for show_clock_detail_cisco_cmd
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-13T00:00:00Z |
date_published | 2023-03-06T00:00:00Z |
source | MITRE |
title | show clock detail - Cisco IOS Security Command Reference: Commands S to Z |
show_processes_cisco_cmd
Cisco. (2022, August 16). show processes - . Retrieved July 13, 2022.
Internal MISP references
UUID 944e529b-5e8a-54a1-b205-71dcb7dd304f
which can be used as unique global reference for show_processes_cisco_cmd
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-13T00:00:00Z |
date_published | 2022-08-16T00:00:00Z |
source | MITRE |
title | show processes - |
show_run_config_cmd_cisco
Cisco. (2022, August 16). show running-config - Cisco IOS Configuration Fundamentals Command Reference . Retrieved July 13, 2022.
Internal MISP references
UUID 5a68a45a-a53e-5d73-a82a-0cc951071aef
which can be used as unique global reference for show_run_config_cmd_cisco
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-13T00:00:00Z |
date_published | 2022-08-16T00:00:00Z |
source | MITRE |
title | show running-config - Cisco IOS Configuration Fundamentals Command Reference |
Symantec Shuckworm January 2022
Symantec. (2022, January 31). Shuckworm Continues Cyber-Espionage Attacks Against Ukraine. Retrieved February 17, 2022.
Internal MISP references
UUID 3abb9cfb-8927-4447-b904-6ed071787bef
which can be used as unique global reference for Symantec Shuckworm January 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-17T00:00:00Z |
date_published | 2022-01-31T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Shuckworm Continues Cyber-Espionage Attacks Against Ukraine |
Microsoft Shutdown Oct 2017
Microsoft. (2017, October 15). Shutdown. Retrieved October 4, 2019.
Internal MISP references
UUID c587f021-596a-4e63-ac51-afa2793a859d
which can be used as unique global reference for Microsoft Shutdown Oct 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-04T00:00:00Z |
date_published | 2017-10-15T00:00:00Z |
source | MITRE |
title | Shutdown |
MalwareBytes SideCopy Dec 2021
Threat Intelligence Team. (2021, December 2). SideCopy APT: Connecting lures victims, payloads to infrastructure. Retrieved June 13, 2022.
Internal MISP references
UUID 466569a7-1ef8-4824-bd9c-d25301184ea4
which can be used as unique global reference for MalwareBytes SideCopy Dec 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-13T00:00:00Z |
date_published | 2021-12-02T00:00:00Z |
source | MITRE |
title | SideCopy APT: Connecting lures victims, payloads to infrastructure |
Rewterz Sidewinder APT April 2020
Rewterz. (2020, April 20). Sidewinder APT Group Campaign Analysis. Retrieved January 29, 2021.
Internal MISP references
UUID e1cecdab-d6d1-47c6-a942-3f3329e5d98d
which can be used as unique global reference for Rewterz Sidewinder APT April 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-29T00:00:00Z |
date_published | 2020-04-20T00:00:00Z |
source | MITRE |
title | Sidewinder APT Group Campaign Analysis |
Cyble Sidewinder September 2020
Cyble. (2020, September 26). SideWinder APT Targets with futuristic Tactics and Techniques. Retrieved January 29, 2021.
Internal MISP references
UUID 25d8d6df-d3b9-4f57-bce0-d5285660e746
which can be used as unique global reference for Cyble Sidewinder September 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-29T00:00:00Z |
date_published | 2020-09-26T00:00:00Z |
source | MITRE |
title | SideWinder APT Targets with futuristic Tactics and Techniques |
Microsoft Sigcheck May 2017
Russinovich, M. et al.. (2017, May 22). Sigcheck. Retrieved April 3, 2018.
Internal MISP references
UUID 7f3a0f44-03d4-4b02-9d9d-74e8ee9eede8
which can be used as unique global reference for Microsoft Sigcheck May 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-03T00:00:00Z |
date_published | 2017-05-22T00:00:00Z |
source | MITRE |
title | Sigcheck |
Linux Signal Man
Linux man-pages. (2023, April 3). signal(7). Retrieved August 30, 2023.
Internal MISP references
UUID 63483956-fa3e-52da-a834-b3b762c4e84e
which can be used as unique global reference for Linux Signal Man
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-30T00:00:00Z |
date_published | 2023-04-03T00:00:00Z |
source | MITRE |
title | signal(7) |
f-secure janicab
Brod. (2013, July 15). Signed Mac Malware Using Right-to-Left Override Trick. Retrieved July 17, 2017.
Internal MISP references
UUID 07e484cb-7e72-4938-a029-f9904d751777
which can be used as unique global reference for f-secure janicab
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-17T00:00:00Z |
date_published | 2013-07-15T00:00:00Z |
source | MITRE |
title | Signed Mac Malware Using Right-to-Left Override Trick |
Group IB Silence Aug 2019
Group-IB. (2019, August). Silence 2.0: Going Global. Retrieved May 5, 2020.
Internal MISP references
UUID 2c314eb6-767f-45b9-8a60-dba11e06afd8
which can be used as unique global reference for Group IB Silence Aug 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-05T00:00:00Z |
date_published | 2019-08-01T00:00:00Z |
source | MITRE |
title | Silence 2.0: Going Global |
SecureList Silence Nov 2017
GReAT. (2017, November 1). Silence – a new Trojan attacking financial organizations. Retrieved May 24, 2019.
Internal MISP references
UUID 004a8877-7e57-48ad-a6ce-b9ad8577cc68
which can be used as unique global reference for SecureList Silence Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-24T00:00:00Z |
date_published | 2017-11-01T00:00:00Z |
source | MITRE |
title | Silence – a new Trojan attacking financial organizations |
Cyber Forensicator Silence Jan 2019
Skulkin, O.. (2019, January 20). Silence: Dissecting Malicious CHM Files and Performing Forensic Analysis. Retrieved May 24, 2019.
Internal MISP references
UUID c328d6d3-5e8b-45a6-8487-eecd7e8cbf7e
which can be used as unique global reference for Cyber Forensicator Silence Jan 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-24T00:00:00Z |
date_published | 2019-01-20T00:00:00Z |
source | MITRE |
title | Silence: Dissecting Malicious CHM Files and Performing Forensic Analysis |
Group IB Silence Sept 2018
Group-IB. (2018, September). Silence: Moving Into the Darkside. Retrieved May 5, 2020.
Internal MISP references
UUID 10d41d2e-44be-41a7-84c1-b8f39689cb93
which can be used as unique global reference for Group IB Silence Sept 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-05T00:00:00Z |
date_published | 2018-09-01T00:00:00Z |
source | MITRE |
title | Silence: Moving Into the Darkside |
CrowdStrike Silent Chollima Adversary September 2021
CrowdStrike. (2021, September 29). Silent Chollima Adversary Profile. Retrieved September 29, 2021.
Internal MISP references
UUID 835283b5-af3b-4baf-805e-da8ebbe8b5d2
which can be used as unique global reference for CrowdStrike Silent Chollima Adversary September 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
date_published | 2021-09-29T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Silent Chollima Adversary Profile |
Malwarebytes Silent Librarian October 2020
Malwarebytes Threat Intelligence Team. (2020, October 14). Silent Librarian APT right on schedule for 20/21 academic year. Retrieved February 3, 2021.
Internal MISP references
UUID 9bb8ddd0-a8ec-459b-9983-79ccf46297ca
which can be used as unique global reference for Malwarebytes Silent Librarian October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-03T00:00:00Z |
date_published | 2020-10-14T00:00:00Z |
source | MITRE |
title | Silent Librarian APT right on schedule for 20/21 academic year |
Phish Labs Silent Librarian
Hassold, Crane. (2018, March 26). Silent Librarian: More to the Story of the Iranian Mabna Institute Indictment. Retrieved February 3, 2021.
Internal MISP references
UUID d79d0510-4d49-464d-8074-daedd186f1c1
which can be used as unique global reference for Phish Labs Silent Librarian
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-03T00:00:00Z |
date_published | 2018-03-26T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Silent Librarian: More to the Story of the Iranian Mabna Institute Indictment |
GitHub SILENTTRINITY Modules July 2019
Salvati, M. (2019, August 6). SILENTTRINITY Modules. Retrieved March 24, 2022.
Internal MISP references
UUID df9252e6-2727-4b39-a5f8-9f01c85aae9d
which can be used as unique global reference for GitHub SILENTTRINITY Modules July 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-24T00:00:00Z |
date_published | 2019-08-06T00:00:00Z |
source | MITRE |
title | SILENTTRINITY Modules |
Unit 42 Siloscape Jun 2021
Prizmant, D. (2021, June 7). Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments. Retrieved June 9, 2021.
Internal MISP references
UUID 4be128a7-97b8-48fa-8a52-a53c1e56f086
which can be used as unique global reference for Unit 42 Siloscape Jun 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-09T00:00:00Z |
date_published | 2021-06-07T00:00:00Z |
source | MITRE |
title | Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments |
Unit42 SilverTerrier 2016
Renals, P., Conant, S. (2016). SILVERTERRIER: The Next Evolution in Nigerian Cybercrime. Retrieved November 13, 2018.
Internal MISP references
UUID a6ba79ca-7d4a-48d3-aae3-ee766770f83b
which can be used as unique global reference for Unit42 SilverTerrier 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-13T00:00:00Z |
date_published | 2016-01-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | SILVERTERRIER: The Next Evolution in Nigerian Cybercrime |
Unit42 SilverTerrier 2018
Unit42. (2016). SILVERTERRIER: THE RISE OF NIGERIAN BUSINESS EMAIL COMPROMISE. Retrieved November 13, 2018.
Internal MISP references
UUID 59630d6e-d034-4788-b418-a72bafefe54e
which can be used as unique global reference for Unit42 SilverTerrier 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-13T00:00:00Z |
date_published | 2016-01-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | SILVERTERRIER: THE RISE OF NIGERIAN BUSINESS EMAIL COMPROMISE |
Timac DYLD_INSERT_LIBRARIES
Timac. (2012, December 18). Simple code injection using DYLD_INSERT_LIBRARIES. Retrieved March 26, 2020.
Internal MISP references
UUID 54fcbc49-f4e3-48a4-9d67-52ca08b322b2
which can be used as unique global reference for Timac DYLD_INSERT_LIBRARIES
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-26T00:00:00Z |
date_published | 2012-12-18T00:00:00Z |
source | MITRE |
title | Simple code injection using DYLD_INSERT_LIBRARIES |
SIM Swapping and Abuse of the Microsoft Azure Serial Console
Mandiant Intelligence. (2023, May 16). SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack. Retrieved June 2, 2023.
Internal MISP references
UUID c596a0e0-6e9c-52e4-b1bb-9c0542f960f2
which can be used as unique global reference for SIM Swapping and Abuse of the Microsoft Azure Serial Console
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-02T00:00:00Z |
date_published | 2023-05-16T00:00:00Z |
source | MITRE |
title | SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack |
EduardosBlog SIPs July 2008
Navarro, E. (2008, July 11). SIP’s (Subject Interface Package) and Authenticode. Retrieved January 31, 2018.
Internal MISP references
UUID ac37f167-3ae9-437b-9215-c30c1ab4e249
which can be used as unique global reference for EduardosBlog SIPs July 2008
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-31T00:00:00Z |
date_published | 2008-07-11T00:00:00Z |
source | MITRE |
title | SIP’s (Subject Interface Package) and Authenticode |
Anonymous Hackers Deface Russian Govt Site
Andy. (2018, May 12). ‘Anonymous’ Hackers Deface Russian Govt. Site to Protest Web-Blocking (NSFW). Retrieved April 19, 2019.
Internal MISP references
UUID ca63ccd4-8c81-4de6-8eb4-06a6c68ce4d3
which can be used as unique global reference for Anonymous Hackers Deface Russian Govt Site
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-19T00:00:00Z |
source | MITRE |
title | Site to Protest Web-Blocking (NSFW) |
Dell Skeleton
Dell SecureWorks. (2015, January 12). Skeleton Key Malware Analysis. Retrieved April 8, 2019.
Internal MISP references
UUID cea9ce77-7641-4086-b92f-a4c3ad94a49c
which can be used as unique global reference for Dell Skeleton
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-08T00:00:00Z |
date_published | 2015-01-12T00:00:00Z |
source | MITRE |
title | Skeleton Key Malware Analysis |
Command Five SK 2011
Command Five Pty Ltd. (2011, September). SK Hack by an Advanced Persistent Threat. Retrieved April 6, 2018.
Internal MISP references
UUID ccca927e-fa03-4eba-b631-9989804a1f3c
which can be used as unique global reference for Command Five SK 2011
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-06T00:00:00Z |
date_published | 2011-09-01T00:00:00Z |
source | MITRE |
title | SK Hack by an Advanced Persistent Threat |
Trend Micro Skidmap
Remillano, A., Urbanec, J. (2019, September 19). Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload. Retrieved June 4, 2020.
Internal MISP references
UUID 53291621-f0ad-4cb7-af08-78b96eb67168
which can be used as unique global reference for Trend Micro Skidmap
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-04T00:00:00Z |
date_published | 2019-09-19T00:00:00Z |
source | MITRE |
title | Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload |
Detectify Slack Tokens
Detectify. (2016, April 28). Slack bot token leakage exposing business critical information. Retrieved October 19, 2020.
Internal MISP references
UUID 46c40ed4-5a15-4b38-b625-bebc569dbf69
which can be used as unique global reference for Detectify Slack Tokens
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
date_published | 2016-04-28T00:00:00Z |
source | MITRE |
title | Slack bot token leakage exposing business critical information |
Huntress ScreenConnect 2 23 2024
Team Huntress. (2024, February 23). SlashAndGrab ScreenConnect Post-Exploitation in the Wild (CVE-2024-1709 & CVE-2024-1708). Retrieved February 23, 2024.
Internal MISP references
UUID 203e002f-09b0-436d-b9c2-a8988ee0b7aa
which can be used as unique global reference for Huntress ScreenConnect 2 23 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-23T00:00:00Z |
date_published | 2024-02-23T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | SlashAndGrab ScreenConnect Post-Exploitation in the Wild (CVE-2024-1709 & CVE-2024-1708) |
GitHub Sliver C2
BishopFox. (n.d.). Sliver. Retrieved September 15, 2021.
Internal MISP references
UUID f706839a-c6e7-469b-a0c0-02c0d55eb4f6
which can be used as unique global reference for GitHub Sliver C2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-15T00:00:00Z |
source | MITRE |
title | Sliver |
GitHub Sliver C2 DNS
BishopFox. (n.d.). Sliver DNS C2 . Retrieved September 15, 2021.
Internal MISP references
UUID 41c1ac3e-d03a-4e09-aebe-a8c191236e7e
which can be used as unique global reference for GitHub Sliver C2 DNS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-15T00:00:00Z |
source | MITRE |
title | Sliver DNS C2 |
GitHub Sliver Download
BishopFox. (n.d.). Sliver Download. Retrieved September 16, 2021.
Internal MISP references
UUID f9f6468f-6115-4753-a1ff-3658e410f964
which can be used as unique global reference for GitHub Sliver Download
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-16T00:00:00Z |
source | MITRE |
title | Sliver Download |
GitHub Sliver File System August 2021
BishopFox. (2021, August 18). Sliver Filesystem. Retrieved September 22, 2021.
Internal MISP references
UUID 820beaff-a0d5-4017-9a9c-6fbd7874b585
which can be used as unique global reference for GitHub Sliver File System August 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-22T00:00:00Z |
date_published | 2021-08-18T00:00:00Z |
source | MITRE |
title | Sliver Filesystem |
GitHub Sliver HTTP
BishopFox. (n.d.). Sliver HTTP(S) C2. Retrieved September 16, 2021.
Internal MISP references
UUID 0194a86d-c7bf-4115-ab45-4c67fcfdb2a1
which can be used as unique global reference for GitHub Sliver HTTP
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-16T00:00:00Z |
source | MITRE |
title | Sliver HTTP(S) C2 |
GitHub Sliver Ifconfig
BishopFox. (n.d.). Sliver Ifconfig. Retrieved September 16, 2021.
Internal MISP references
UUID e9783116-144f-49e9-a3c5-28bf3ff9c654
which can be used as unique global reference for GitHub Sliver Ifconfig
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-16T00:00:00Z |
source | MITRE |
title | Sliver Ifconfig |
GitHub Sliver Netstat
BishopFox. (n.d.). Sliver Netstat. Retrieved September 16, 2021.
Internal MISP references
UUID 37ef7619-8157-4522-aea7-779d75464029
which can be used as unique global reference for GitHub Sliver Netstat
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-16T00:00:00Z |
source | MITRE |
title | Sliver Netstat |
GitHub Sliver Screen
BishopFox. (n.d.). Sliver Screenshot. Retrieved September 16, 2021.
Internal MISP references
UUID 0417572e-d1c7-4db5-8644-5b94c79cc14d
which can be used as unique global reference for GitHub Sliver Screen
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-16T00:00:00Z |
source | MITRE |
title | Sliver Screenshot |
GitHub Sliver Encryption
BishopFox. (n.d.). Sliver Transport Encryption. Retrieved September 16, 2021.
Internal MISP references
UUID b33a9d44-1468-4b3e-8d27-9c48c81bec74
which can be used as unique global reference for GitHub Sliver Encryption
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-16T00:00:00Z |
source | MITRE |
title | Sliver Transport Encryption |
GitHub Sliver Upload
BishopFox. (n.d.). Sliver Upload. Retrieved September 16, 2021.
Internal MISP references
UUID 96e6e207-bf8b-4a3e-9a92-779e8bb6bb67
which can be used as unique global reference for GitHub Sliver Upload
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-16T00:00:00Z |
source | MITRE |
title | Sliver Upload |
Zdnet Ngrok September 2018
Cimpanu, C. (2018, September 13). Sly malware author hides cryptomining botnet behind ever-shifting proxy service. Retrieved September 15, 2020.
Internal MISP references
UUID 3edb88be-2ca6-4925-ba2e-a5a4ac5f9ab0
which can be used as unique global reference for Zdnet Ngrok September 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-15T00:00:00Z |
date_published | 2018-09-13T00:00:00Z |
source | MITRE |
title | Sly malware author hides cryptomining botnet behind ever-shifting proxy service |
NCSC GCHQ Small Sieve Jan 2022
NCSC GCHQ. (2022, January 27). Small Sieve Malware Analysis Report. Retrieved August 22, 2022.
Internal MISP references
UUID 0edb8946-be38-45f5-a27c-bdbebc383d72
which can be used as unique global reference for NCSC GCHQ Small Sieve Jan 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-22T00:00:00Z |
date_published | 2022-01-27T00:00:00Z |
source | MITRE |
title | Small Sieve Malware Analysis Report |
SmartMontools
smartmontools. (n.d.). smartmontools. Retrieved October 2, 2018.
Internal MISP references
UUID efae8de6-1b8d-47c0-b7a0-e3d0c227a14c
which can be used as unique global reference for SmartMontools
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-10-02T00:00:00Z |
source | MITRE |
title | smartmontools |
CME Github September 2018
byt3bl33d3r. (2018, September 8). SMB: Command Reference. Retrieved July 17, 2020.
Internal MISP references
UUID a6e1e3b4-1b69-43b7-afbe-aedb812c5778
which can be used as unique global reference for CME Github September 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-17T00:00:00Z |
date_published | 2018-09-08T00:00:00Z |
source | MITRE |
title | SMB: Command Reference |
US-CERT SMB Security
US-CERT. (2017, March 16). SMB Security Best Practices. Retrieved December 21, 2017.
Internal MISP references
UUID 710d2292-c693-4857-9196-397449061e76
which can be used as unique global reference for US-CERT SMB Security
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-21T00:00:00Z |
date_published | 2017-03-16T00:00:00Z |
source | MITRE |
title | SMB Security Best Practices |
SMLoginItemSetEnabled Schroeder 2013
Tim Schroeder. (2013, April 21). SMLoginItemSetEnabled Demystified. Retrieved October 5, 2021.
Internal MISP references
UUID ad14bad2-95c8-49b0-9777-e464fc8359a0
which can be used as unique global reference for SMLoginItemSetEnabled Schroeder 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-05T00:00:00Z |
date_published | 2013-04-21T00:00:00Z |
source | MITRE |
title | SMLoginItemSetEnabled Demystified |
Malwarebytes SmokeLoader 2016
Hasherezade. (2016, September 12). Smoke Loader – downloader with a smokescreen still alive. Retrieved March 20, 2018.
Internal MISP references
UUID b619e338-16aa-478c-b227-b22f78d572a3
which can be used as unique global reference for Malwarebytes SmokeLoader 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-20T00:00:00Z |
date_published | 2016-09-12T00:00:00Z |
source | MITRE |
title | Smoke Loader – downloader with a smokescreen still alive |
Talos Smoke Loader July 2018
Baker, B., Unterbrink H. (2018, July 03). Smoking Guns - Smoke Loader learned new tricks. Retrieved July 5, 2018.
Internal MISP references
UUID 072ac051-7564-4dd3-a279-7f75c91b55f1
which can be used as unique global reference for Talos Smoke Loader July 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-05T00:00:00Z |
date_published | 2018-07-03T00:00:00Z |
source | MITRE |
title | Smoking Guns - Smoke Loader learned new tricks |
FireEye SMOKEDHAM June 2021
FireEye. (2021, June 16). Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise. Retrieved September 22, 2021.
Internal MISP references
UUID a81ad3ef-fd96-432c-a7c8-ccc86d127a1b
which can be used as unique global reference for FireEye SMOKEDHAM June 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-22T00:00:00Z |
date_published | 2021-06-16T00:00:00Z |
source | MITRE |
title | Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise |
nccgroup Smuggling HTA 2017
Warren, R. (2017, August 8). Smuggling HTA files in Internet Explorer/Edge. Retrieved May 20, 2021.
Internal MISP references
UUID f5615cdc-bc56-415b-8e38-6f3fd1c33c88
which can be used as unique global reference for nccgroup Smuggling HTA 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-20T00:00:00Z |
date_published | 2017-08-08T00:00:00Z |
source | MITRE |
title | Smuggling HTA files in Internet Explorer/Edge |
Environmental Keyed HTA
Warren, R. (2017, August 8). Smuggling HTA files in Internet Explorer/Edge. Retrieved January 16, 2019.
Internal MISP references
UUID b16bae1a-75aa-478b-b8c7-458ee5a3f7e5
which can be used as unique global reference for Environmental Keyed HTA
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-01-16T00:00:00Z |
date_published | 2017-08-08T00:00:00Z |
source | MITRE |
title | Smuggling HTA files in Internet Explorer/Edge |
Accenture SNAKEMACKEREL Nov 2018
Accenture Security. (2018, November 29). SNAKEMACKEREL. Retrieved April 15, 2019.
Internal MISP references
UUID c38d021c-d84c-4aa7-b7a5-be47e18df1d8
which can be used as unique global reference for Accenture SNAKEMACKEREL Nov 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-15T00:00:00Z |
date_published | 2018-11-29T00:00:00Z |
source | MITRE |
title | SNAKEMACKEREL |
Sophos Snatch Ransomware 2019
Sophos. (2019, December 9). Snatch ransomware reboots PCs into Safe Mode to bypass protection. Retrieved June 23, 2021.
Internal MISP references
UUID 63019d16-07ec-4e53-98b7-529cc09b8429
which can be used as unique global reference for Sophos Snatch Ransomware 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-23T00:00:00Z |
date_published | 2019-12-09T00:00:00Z |
source | MITRE |
title | Snatch ransomware reboots PCs into Safe Mode to bypass protection |
AdSecurity SID History Sept 2015
Metcalf, S. (2015, September 19). Sneaky Active Directory Persistence #14: SID History. Retrieved November 30, 2017.
Internal MISP references
UUID 26961107-c48e-46d5-8d80-cda543b3be3b
which can be used as unique global reference for AdSecurity SID History Sept 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-30T00:00:00Z |
date_published | 2015-09-19T00:00:00Z |
source | MITRE |
title | Sneaky Active Directory Persistence #14: SID History |
ADSecurity GPO Persistence 2016
Metcalf, S. (2016, March 14). Sneaky Active Directory Persistence #17: Group Policy. Retrieved March 5, 2019.
Internal MISP references
UUID e304715f-7da1-4342-ba5b-d0387d93aeb2
which can be used as unique global reference for ADSecurity GPO Persistence 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-05T00:00:00Z |
date_published | 2016-03-14T00:00:00Z |
source | MITRE |
title | Sneaky Active Directory Persistence #17: Group Policy |
Telefonica Snip3 December 2021
Jornet, A. (2021, December 23). Snip3, an investigation into malware. Retrieved September 19, 2023.
Internal MISP references
UUID f026dd44-1491-505b-8a8a-e4f28c6cd6a7
which can be used as unique global reference for Telefonica Snip3 December 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-19T00:00:00Z |
date_published | 2021-12-23T00:00:00Z |
source | MITRE |
title | Snip3, an investigation into malware |
Cybereason SocGholish Zloader April 2022
Cybereason Global SOC Team. (2022, April 25). SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems. Retrieved May 7, 2023.
Internal MISP references
UUID c28b2fbf-f309-4fb3-9743-1c11651e03ee
which can be used as unique global reference for Cybereason SocGholish Zloader April 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2022-04-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems |
ReliaQuest SocGholish
Dean Murphy, Brandon Tirado, Joseph Morales. (2023, January 30). SocGholish: A Tale of FakeUpdates. Retrieved May 7, 2023.
Internal MISP references
UUID de4c13b5-1707-4d8f-a562-6e5fd5504dda
which can be used as unique global reference for ReliaQuest SocGholish
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2023-01-30T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | SocGholish: A Tale of FakeUpdates |
SocGholish-update
Andrew Northern. (2022, November 22). SocGholish, a very real threat from a very fake update. Retrieved February 13, 2024.
Internal MISP references
UUID 01d9c3ba-29e2-5090-b399-0e7adf50a6b9
which can be used as unique global reference for SocGholish-update
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-13T00:00:00Z |
date_published | 2022-11-22T00:00:00Z |
source | MITRE |
title | SocGholish, a very real threat from a very fake update |
SentinelOne SocGholish Infrastructure November 2022
Milenkoski, A. (2022, November 7). SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders. Retrieved March 22, 2024.
Internal MISP references
UUID 8a26eeb6-6f80-58f1-b773-b38835c6781d
which can be used as unique global reference for SentinelOne SocGholish Infrastructure November 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-22T00:00:00Z |
date_published | 2022-11-07T00:00:00Z |
source | MITRE |
title | SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders |
SentinelLabs SocGholish November 2022
Aleksandar Milenkoski. (2022, November 7). SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders. Retrieved May 7, 2023.
Internal MISP references
UUID c2dd119c-25d8-4e48-8eeb-89552a5a096c
which can be used as unique global reference for SentinelLabs SocGholish November 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2022-11-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders |
Proofpoint November 21 2022
Proofpoint. (2022, November 21). SocGholish Malware: A Real Threat from a Fake Update | Proofpoint US. Retrieved May 7, 2023.
Internal MISP references
UUID dc4117ea-be69-47db-ab75-03100fee230c
which can be used as unique global reference for Proofpoint November 21 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2022-11-21T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | SocGholish Malware: A Real Threat from a Fake Update |
Rapid7 Blog 5 10 2024
Rapid7. (2024, May 10). Social Engineering Campaign Linked to Black Basta Ransomware Operators . Retrieved May 21, 2024.
Internal MISP references
UUID ba749fe0-1ac7-4767-85df-97e6351c37f9
which can be used as unique global reference for Rapid7 Blog 5 10 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-05-21T00:00:00Z |
date_published | 2024-05-10T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Social Engineering Campaign Linked to Black Basta Ransomware Operators |
Security Joes Sockbot March 09 2022
Felipe Duarte, Ido Naor. (2022, March 9). Sockbot in GoLand. Retrieved September 22, 2023.
Internal MISP references
UUID bca2b5c2-bc3b-4504-806e-5c5b6fee96e6
which can be used as unique global reference for Security Joes Sockbot March 09 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-22T00:00:00Z |
date_published | 2022-03-09T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Sockbot in GoLand |
Kaspersky Sodin July 2019
Mamedov, O, et al. (2019, July 3). Sodin ransomware exploits Windows vulnerability and processor architecture. Retrieved August 4, 2020.
Internal MISP references
UUID ea46271d-3251-4bd7-afa8-f1bd7baf9570
which can be used as unique global reference for Kaspersky Sodin July 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-04T00:00:00Z |
date_published | 2019-07-03T00:00:00Z |
source | MITRE |
title | Sodin ransomware exploits Windows vulnerability and processor architecture |
Kaspersky Sofacy
Kaspersky Lab's Global Research and Analysis Team. (2015, December 4). Sofacy APT hits high profile targets with updated toolset. Retrieved December 10, 2015.
Internal MISP references
UUID 46226f98-c762-48e3-9bcd-19ff14184bb5
which can be used as unique global reference for Kaspersky Sofacy
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-12-10T00:00:00Z |
date_published | 2015-12-04T00:00:00Z |
source | MITRE |
title | Sofacy APT hits high profile targets with updated toolset |
Unit 42 Sofacy Feb 2018
Lee, B, et al. (2018, February 28). Sofacy Attacks Multiple Government Entities. Retrieved March 15, 2018.
Internal MISP references
UUID 0bcc2d76-987c-4a9b-9e00-1400eec4e606
which can be used as unique global reference for Unit 42 Sofacy Feb 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-15T00:00:00Z |
date_published | 2018-02-28T00:00:00Z |
source | MITRE |
title | Sofacy Attacks Multiple Government Entities |
Unit 42 Sofacy Nov 2018
Falcone, R., Lee, B.. (2018, November 20). Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan. Retrieved April 23, 2019.
Internal MISP references
UUID 1523c6de-8879-4652-ac51-1a5085324370
which can be used as unique global reference for Unit 42 Sofacy Nov 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-23T00:00:00Z |
date_published | 2018-11-20T00:00:00Z |
source | MITRE |
title | Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan |
Unit42 Cannon Nov 2018
Falcone, R., Lee, B. (2018, November 20). Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan. Retrieved November 26, 2018.
Internal MISP references
UUID 8c634bbc-4878-4b27-aa18-5996ec968809
which can be used as unique global reference for Unit42 Cannon Nov 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-26T00:00:00Z |
date_published | 2018-11-20T00:00:00Z |
source | MITRE |
title | Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan |
Palo Alto Sofacy 06-2018
Lee, B., Falcone, R. (2018, June 06). Sofacy Group’s Parallel Attacks. Retrieved June 18, 2018.
Internal MISP references
UUID a32357eb-3226-4bee-aeed-d2fbcfa52da0
which can be used as unique global reference for Palo Alto Sofacy 06-2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-06-18T00:00:00Z |
date_published | 2018-06-06T00:00:00Z |
source | MITRE |
title | Sofacy Group’s Parallel Attacks |
F-Secure Sofacy 2015
F-Secure. (2015, September 8). Sofacy Recycles Carberp and Metasploit Code. Retrieved August 3, 2016.
Internal MISP references
UUID 56a95d3c-5268-4e69-b669-7055fb38d570
which can be used as unique global reference for F-Secure Sofacy 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-03T00:00:00Z |
date_published | 2015-09-08T00:00:00Z |
source | MITRE |
title | Sofacy Recycles Carberp and Metasploit Code |
Sofacy Komplex Trojan
Dani Creus, Tyler Halfpop, Robert Falcone. (2016, September 26). Sofacy's 'Komplex' OS X Trojan. Retrieved July 8, 2017.
Internal MISP references
UUID a21be45e-26c3-446d-b336-b58d08df5749
which can be used as unique global reference for Sofacy Komplex Trojan
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-08T00:00:00Z |
date_published | 2016-09-26T00:00:00Z |
source | MITRE |
title | Sofacy's 'Komplex' OS X Trojan |
Sofacy DealersChoice
Falcone, R. (2018, March 15). Sofacy Uses DealersChoice to Target European Government Agency. Retrieved June 4, 2018.
Internal MISP references
UUID ec157d0c-4091-43f5-85f1-a271c4aac1fc
which can be used as unique global reference for Sofacy DealersChoice
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-06-04T00:00:00Z |
date_published | 2018-03-15T00:00:00Z |
source | MITRE |
title | Sofacy Uses DealersChoice to Target European Government Agency |
Unit 42 SolarStorm December 2020
Unit 42. (2020, December 23). SolarStorm Supply Chain Attack Timeline. Retrieved March 24, 2023.
Internal MISP references
UUID ecbb602a-2427-5eba-8c2b-25d90c95f166
which can be used as unique global reference for Unit 42 SolarStorm December 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-24T00:00:00Z |
date_published | 2020-12-23T00:00:00Z |
source | MITRE |
title | SolarStorm Supply Chain Attack Timeline |
Symantec Sunburst Sending Data January 2021
Symantec Threat Hunter Team. (2021, January 22). SolarWinds: How Sunburst Sends Data Back to the Attackers. Retrieved January 22, 2021.
Internal MISP references
UUID 50be20ca-48d1-4eb9-a25f-76935a0770b3
which can be used as unique global reference for Symantec Sunburst Sending Data January 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-22T00:00:00Z |
date_published | 2021-01-22T00:00:00Z |
source | MITRE |
title | SolarWinds: How Sunburst Sends Data Back to the Attackers |
Carnegie Mellon University Supernova Dec 2020
Carnegie Mellon University. (2020, December 26). SolarWinds Orion API authentication bypass allows remote command execution. Retrieved February 22, 2021.
Internal MISP references
UUID ad43df0c-bdac-43e2-bd86-640036367b6c
which can be used as unique global reference for Carnegie Mellon University Supernova Dec 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-22T00:00:00Z |
date_published | 2020-12-26T00:00:00Z |
source | MITRE |
title | SolarWinds Orion API authentication bypass allows remote command execution |
SolarWinds Advisory Dec 2020
SolarWinds. (2020, December 24). SolarWinds Security Advisory. Retrieved February 22, 2021.
Internal MISP references
UUID 4e8b908a-bdc5-441b-bc51-98dfa87f6b7a
which can be used as unique global reference for SolarWinds Advisory Dec 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-22T00:00:00Z |
date_published | 2020-12-24T00:00:00Z |
source | MITRE |
title | SolarWinds Security Advisory |
solution_monitor_dhcp_scopes
Shoemaker, E. (2015, December 31). Solution: Monitor DHCP Scopes and Detect Man-in-the-Middle Attacks with PRTG and PowerShell. Retrieved March 7, 2022.
Internal MISP references
UUID 6fce30c3-17d6-42a0-8470-319e2930e573
which can be used as unique global reference for solution_monitor_dhcp_scopes
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-07T00:00:00Z |
date_published | 2015-12-31T00:00:00Z |
source | MITRE |
title | Solution: Monitor DHCP Scopes and Detect Man-in-the-Middle Attacks with PRTG and PowerShell |
Sophos X-Ops Tweet September 13 2023
SophosXOps. (2023, September 13). Sophos X-Ops Tweet September 13 2023. Retrieved September 22, 2023.
Internal MISP references
UUID 98af96a6-98bb-4d81-bb0c-a550e765e6ac
which can be used as unique global reference for Sophos X-Ops Tweet September 13 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-22T00:00:00Z |
date_published | 2023-09-13T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Sophos X-Ops Tweet September 13 2023 |
Source Manual
ss64. (n.d.). Source or Dot Operator. Retrieved May 21, 2019.
Internal MISP references
UUID a39354fc-334f-4f65-ba8a-56550f91710f
which can be used as unique global reference for Source Manual
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-21T00:00:00Z |
source | MITRE |
title | Source or Dot Operator |
FireEye Southeast Asia Threat Landscape March 2015
FireEye. (2015, March). SOUTHEAST ASIA: AN EVOLVING CYBER THREAT LANDSCAPE. Retrieved February 5, 2024.
Internal MISP references
UUID 59658f8b-af24-5df5-8f7d-cb6b9cf7579e
which can be used as unique global reference for FireEye Southeast Asia Threat Landscape March 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-05T00:00:00Z |
date_published | 2015-03-01T00:00:00Z |
source | MITRE |
title | SOUTHEAST ASIA: AN EVOLVING CYBER THREAT LANDSCAPE |
Symantec Sowbug Nov 2017
Symantec Security Response. (2017, November 7). Sowbug: Cyber espionage group targets South American and Southeast Asian governments. Retrieved November 16, 2017.
Internal MISP references
UUID 14f49074-fc46-45d3-bf7e-30c896c39c07
which can be used as unique global reference for Symantec Sowbug Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-16T00:00:00Z |
date_published | 2017-11-07T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Sowbug: Cyber espionage group targets South American and Southeast Asian governments |
NIST 800-63-3
Grassi, P., et al. (2017, December 1). SP 800-63-3, Digital Identity Guidelines. Retrieved January 16, 2019.
Internal MISP references
UUID 143599bf-167b-4041-82c5-8612c3e81095
which can be used as unique global reference for NIST 800-63-3
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-01-16T00:00:00Z |
date_published | 2017-12-01T00:00:00Z |
source | MITRE |
title | SP 800-63-3, Digital Identity Guidelines |
Threatpost Hancitor
Tom Spring. (2017, January 11). Spammers Revive Hancitor Downloader Campaigns. Retrieved August 13, 2020.
Internal MISP references
UUID 70ad77af-88aa-4f06-a9cb-df9608157841
which can be used as unique global reference for Threatpost Hancitor
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-13T00:00:00Z |
date_published | 2017-01-11T00:00:00Z |
source | MITRE |
title | Spammers Revive Hancitor Downloader Campaigns |
CheckPoint SpeakUp Feb 2019
Check Point Research. (2019, February 4). SpeakUp: A New Undetected Backdoor Linux Trojan. Retrieved April 17, 2019.
Internal MISP references
UUID 8f0d6a8d-6bd4-4df5-aa28-70e1ec4b0b12
which can be used as unique global reference for CheckPoint SpeakUp Feb 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-17T00:00:00Z |
date_published | 2019-02-04T00:00:00Z |
source | MITRE |
title | SpeakUp: A New Undetected Backdoor Linux Trojan |
Cyfirma Kimsuky Spear Phishing
Cyfirma. (2020, December 16). Spear Phishing Attack by N. Korean Hacking Group, Kimsuky. Retrieved October 30, 2023.
Internal MISP references
UUID de9817bc-1ac0-4f19-b5af-c402c874f431
which can be used as unique global reference for Cyfirma Kimsuky Spear Phishing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-30T00:00:00Z |
date_published | 2020-12-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Spear Phishing Attack by N. Korean Hacking Group, Kimsuky |
Palo Alto Unit 42 OutSteel SaintBot February 2022
Unit 42. (2022, February 25). Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot. Retrieved June 9, 2022.
Internal MISP references
UUID b0632490-76be-4018-982d-4b73b3d13881
which can be used as unique global reference for Palo Alto Unit 42 OutSteel SaintBot February 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-09T00:00:00Z |
date_published | 2022-02-25T00:00:00Z |
source | MITRE |
title | Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot |
Zscaler Bazar September 2020
Sadique, M. and Singh, A. (2020, September 29). Spear Phishing Campaign Delivers Buer and Bazar Malware. Retrieved November 19, 2020.
Internal MISP references
UUID fc46f152-9ed7-4850-8127-7b1f486ef2fe
which can be used as unique global reference for Zscaler Bazar September 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-19T00:00:00Z |
date_published | 2020-09-29T00:00:00Z |
source | MITRE |
title | Spear Phishing Campaign Delivers Buer and Bazar Malware |
Reaqta MSXSL Spearphishing MAR 2018
Admin. (2018, March 2). Spear-phishing campaign leveraging on MSXSL. Retrieved July 3, 2018.
Internal MISP references
UUID 927737c9-63a3-49a6-85dc-620e055aaf0a
which can be used as unique global reference for Reaqta MSXSL Spearphishing MAR 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-03T00:00:00Z |
date_published | 2018-03-02T00:00:00Z |
source | MITRE |
title | Spear-phishing campaign leveraging on MSXSL |
FireEye Regsvr32 Targeting Mongolian Gov
Anubhav, A., Kizhakkinan, D. (2017, February 22). Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government. Retrieved February 24, 2017.
Internal MISP references
UUID d1509d15-04af-46bd-a6b1-30fbd179b257
which can be used as unique global reference for FireEye Regsvr32 Targeting Mongolian Gov
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-02-24T00:00:00Z |
date_published | 2017-02-22T00:00:00Z |
source | MITRE |
title | Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government |
FireEye admin@338 March 2014
Moran, N. and Lanstein, A.. (2014, March 25). Spear Phishing the News Cycle: APT Actors Leverage Interest in the Disappearance of Malaysian Flight MH 370. Retrieved April 15, 2016.
Internal MISP references
UUID 6a37e6eb-b767-4b10-9c39-660a42b19ddd
which can be used as unique global reference for FireEye admin@338 March 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-15T00:00:00Z |
date_published | 2014-03-25T00:00:00Z |
source | MITRE |
title | Spear Phishing the News Cycle: APT Actors Leverage Interest in the Disappearance of Malaysian Flight MH 370 |
Microsoft File Handlers
Microsoft. (n.d.). Specifying File Handlers for File Name Extensions. Retrieved November 13, 2014.
Internal MISP references
UUID cc12cd2c-4f41-4d7b-902d-53c35eb41210
which can be used as unique global reference for Microsoft File Handlers
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-13T00:00:00Z |
source | MITRE |
title | Specifying File Handlers for File Name Extensions |
GTFO split
GTFOBins. (2020, November 13). split. Retrieved April 18, 2022.
Internal MISP references
UUID 4b86c8c3-57b0-4558-be21-f928acb23f49
which can be used as unique global reference for GTFO split
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-18T00:00:00Z |
date_published | 2020-11-13T00:00:00Z |
source | MITRE |
title | split |
split man page
Torbjorn Granlund, Richard M. Stallman. (2020, March null). split(1) — Linux manual page. Retrieved March 25, 2022.
Internal MISP references
UUID 3a4dc770-8bfa-44e9-bb0e-f0af0ae92994
which can be used as unique global reference for split man page
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-25T00:00:00Z |
source | MITRE |
title | split(1) — Linux manual page |
Spoofing credential dialogs
Johann Rehberger. (2021, April 18). Spoofing credential dialogs on macOS Linux and Windows. Retrieved August 19, 2021.
Internal MISP references
UUID 4f8abaae-1483-4bf6-a79c-6a801ae5a640
which can be used as unique global reference for Spoofing credential dialogs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-19T00:00:00Z |
date_published | 2021-04-18T00:00:00Z |
source | MITRE |
title | Spoofing credential dialogs on macOS Linux and Windows |
Infosecinstitute RTLO Technique
Security Ninja. (2015, April 16). Spoof Using Right to Left Override (RTLO) Technique. Retrieved April 22, 2019.
Internal MISP references
UUID 79d21506-07a8-444d-a2d7-c91de67c393e
which can be used as unique global reference for Infosecinstitute RTLO Technique
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-22T00:00:00Z |
date_published | 2015-04-16T00:00:00Z |
source | MITRE |
title | Spoof Using Right to Left Override (RTLO) Technique |
BBC-malvertising
BBC. (2011, March 29). Spotify ads hit by malware attack. Retrieved February 21, 2023.
Internal MISP references
UUID 425775e4-2948-5a73-a2d8-9a3edca74b1b
which can be used as unique global reference for BBC-malvertising
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-21T00:00:00Z |
date_published | 2011-03-29T00:00:00Z |
source | MITRE |
title | Spotify ads hit by malware attack |
NSA Spotting
National Security Agency/Central Security Service Information Assurance Directorate. (2015, August 7). Spotting the Adversary with Windows Event Log Monitoring. Retrieved September 6, 2018.
Internal MISP references
UUID c1fa6c1d-f11a-47d4-88fc-ec0a3dc44279
which can be used as unique global reference for NSA Spotting
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-06T00:00:00Z |
date_published | 2015-08-07T00:00:00Z |
source | MITRE |
title | Spotting the Adversary with Windows Event Log Monitoring |
Villeneuve 2014
Villeneuve, N., Homan, J. (2014, July 31). Spy of the Tiger. Retrieved September 29, 2015.
Internal MISP references
UUID a156e24e-0da5-4ac7-b914-29f2f05e7d6f
which can be used as unique global reference for Villeneuve 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-09-29T00:00:00Z |
date_published | 2014-07-31T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Spy of the Tiger |
Sqldumper.exe - LOLBAS Project
LOLBAS. (2018, May 25). Sqldumper.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 793d6262-37af-46e1-a6b5-a5262f4a749d
which can be used as unique global reference for Sqldumper.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Sqldumper.exe |
sqlmap Introduction
Damele, B., Stampar, M. (n.d.). sqlmap. Retrieved March 19, 2018.
Internal MISP references
UUID ac643245-d54f-470f-a393-26875c0877c8
which can be used as unique global reference for sqlmap Introduction
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-19T00:00:00Z |
source | MITRE |
title | sqlmap |
Sqlps.exe - LOLBAS Project
LOLBAS. (2018, May 25). Sqlps.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 31cc851a-c536-4cef-9391-d3c7d3eab64f
which can be used as unique global reference for Sqlps.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Sqlps.exe |
SQLToolsPS.exe - LOLBAS Project
LOLBAS. (2018, May 25). SQLToolsPS.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 612c9569-80af-48d2-a853-0f6e3f55aa50
which can be used as unique global reference for SQLToolsPS.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | SQLToolsPS.exe |
Squirrel.exe - LOLBAS Project
LOLBAS. (2019, June 26). Squirrel.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 952b5ca5-1251-4e27-bd30-5d55d7d2da5e
which can be used as unique global reference for Squirrel.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2019-06-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Squirrel.exe |
ZScaler Squirrelwaffle Sep 2021
Kumar, A., Stone-Gross, Brett. (2021, September 28). Squirrelwaffle: New Loader Delivering Cobalt Strike. Retrieved August 9, 2022.
Internal MISP references
UUID 624a62db-f00f-45f9-89f6-2c3505b4979f
which can be used as unique global reference for ZScaler Squirrelwaffle Sep 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-09T00:00:00Z |
date_published | 2021-09-28T00:00:00Z |
source | MITRE |
title | Squirrelwaffle: New Loader Delivering Cobalt Strike |
Netskope Squirrelwaffle Oct 2021
Palazolo, G. (2021, October 7). SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot. Retrieved August 9, 2022.
Internal MISP references
UUID 5559895a-4647-438f-b3d5-6d6aa323a6f9
which can be used as unique global reference for Netskope Squirrelwaffle Oct 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-09T00:00:00Z |
date_published | 2021-10-07T00:00:00Z |
source | MITRE |
title | SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot |
Clockwork SSH Agent Hijacking
Beuchler, B. (2012, September 28). SSH Agent Hijacking. Retrieved December 20, 2017.
Internal MISP references
UUID 4a4026e3-977a-4f25-aeee-794947f384b2
which can be used as unique global reference for Clockwork SSH Agent Hijacking
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 2012-09-28T00:00:00Z |
source | MITRE |
title | SSH Agent Hijacking |
Symantec SSH and ssh-agent
Hatch, B. (2004, November 22). SSH and ssh-agent. Retrieved January 8, 2018.
Internal MISP references
UUID 0d576bca-511d-40a2-9916-26832eb28861
which can be used as unique global reference for Symantec SSH and ssh-agent
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-08T00:00:00Z |
date_published | 2004-11-22T00:00:00Z |
source | MITRE |
title | SSH and ssh-agent |
ssh.exe - LOLBAS Project
LOLBAS. (2021, November 8). ssh.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b1a9af1c-0cfc-4e8a-88ac-7d33cddc26a1
which can be used as unique global reference for ssh.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-11-08T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | ssh.exe |
SSH Secure Shell
SSH.COM. (n.d.). SSH (Secure Shell). Retrieved March 23, 2020.
Internal MISP references
UUID ac5fc103-1946-488b-8af5-eda0636cbdd0
which can be used as unique global reference for SSH Secure Shell
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-23T00:00:00Z |
source | MITRE |
title | SSH (Secure Shell) |
SSH Tunneling
SSH.COM. (n.d.). SSH tunnel. Retrieved March 15, 2020.
Internal MISP references
UUID 13280f38-0f17-42d3-9f92-693f1da60ffa
which can be used as unique global reference for SSH Tunneling
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-15T00:00:00Z |
source | MITRE |
title | SSH tunnel |
SSLShopper Lookup
SSL Shopper. (n.d.). SSL Checker. Retrieved October 20, 2020.
Internal MISP references
UUID a8dc493f-2021-48fa-8f28-afd13756b789
which can be used as unique global reference for SSLShopper Lookup
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
source | MITRE |
title | SSL Checker |
Ubuntu SSSD Docs
Ubuntu. (n.d.). SSSD. Retrieved September 23, 2021.
Internal MISP references
UUID f2ed1c28-8cde-4279-a04c-217a4dc68121
which can be used as unique global reference for Ubuntu SSSD Docs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-23T00:00:00Z |
source | MITRE |
title | SSSD |
Stantinko Botnet
Vachon, F., Faou, M. (2017, July 20). Stantinko: A massive adware campaign operating covertly since 2012. Retrieved November 16, 2017.
Internal MISP references
UUID d81e0274-76f4-43ce-b829-69f761e280dc
which can be used as unique global reference for Stantinko Botnet
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-16T00:00:00Z |
date_published | 2017-07-20T00:00:00Z |
source | MITRE |
title | Stantinko: A massive adware campaign operating covertly since 2012 |
StarBlizzard
Microsoft Threat Intelligence. (2023, December 7). Star Blizzard increases sophistication and evasion in ongoing attacks. Retrieved February 13, 2024.
Internal MISP references
UUID 68b16960-1893-51a1-b46c-974a09d4a0c4
which can be used as unique global reference for StarBlizzard
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-13T00:00:00Z |
date_published | 2023-12-07T00:00:00Z |
source | MITRE |
title | Star Blizzard increases sophistication and evasion in ongoing attacks |
Amazon AWS
Amazon. (n.d.). Start Building on AWS Today. Retrieved October 13, 2021.
Internal MISP references
UUID b7d41cde-18c8-4e15-a0ac-ca0afc127e33
which can be used as unique global reference for Amazon AWS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-13T00:00:00Z |
source | MITRE |
title | Start Building on AWS Today |
Docker Systemd
Docker. (n.d.). Start containers automatically. Retrieved February 15, 2024.
Internal MISP references
UUID 5969a1d0-7645-5a58-a461-446d49b63b17
which can be used as unique global reference for Docker Systemd
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-15T00:00:00Z |
source | MITRE |
title | Start containers automatically |
Startup Items
Apple. (2016, September 13). Startup Items. Retrieved July 11, 2017.
Internal MISP references
UUID e36dd211-22e4-4b23-befb-fbfe1a84b866
which can be used as unique global reference for Startup Items
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-11T00:00:00Z |
date_published | 2016-09-13T00:00:00Z |
source | MITRE |
title | Startup Items |
Microsoft Safe Mode
Microsoft. (n.d.). Start your PC in safe mode in Windows 10. Retrieved June 23, 2021.
Internal MISP references
UUID fdddb25b-22ba-4433-b25f-bad340ffc849
which can be used as unique global reference for Microsoft Safe Mode
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-23T00:00:00Z |
source | MITRE |
title | Start your PC in safe mode in Windows 10 |
Mandiant APT41
Rufus Brown, Van Ta, Douglas Bienstock, Geoff Ackerman, John Wolfram. (2022, March 8). Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments. Retrieved July 8, 2022.
Internal MISP references
UUID e54415fe-40c2-55ff-9e75-881bc8a912b8
which can be used as unique global reference for Mandiant APT41
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-08T00:00:00Z |
source | MITRE |
title | State Governments |
Twitter SquiblyTwo Detection APR 2018
Desimone, J. (2018, April 18). Status Update. Retrieved July 3, 2018.
Internal MISP references
UUID 9cee0681-3ad2-4b1d-8eeb-5160134f3069
which can be used as unique global reference for Twitter SquiblyTwo Detection APR 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-03T00:00:00Z |
date_published | 2018-04-18T00:00:00Z |
source | MITRE |
title | Status Update |
MSFT-AI
Microsoft Threat Intelligence. (2024, February 14). Staying ahead of threat actors in the age of AI. Retrieved March 11, 2024.
Internal MISP references
UUID 4f08a1a3-3cc5-5dfb-9190-2e4991e43d94
which can be used as unique global reference for MSFT-AI
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-11T00:00:00Z |
date_published | 2024-02-14T00:00:00Z |
source | MITRE |
title | Staying ahead of threat actors in the age of AI |
Mandiant Endpoint Evading 2019
Pena, E., Erikson, C. (2019, October 10). Staying Hidden on the Endpoint: Evading Detection with Shellcode. Retrieved November 29, 2021.
Internal MISP references
UUID 5d43542f-aad5-4ac5-b5b6-1a2b03222fc8
which can be used as unique global reference for Mandiant Endpoint Evading 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-11-29T00:00:00Z |
date_published | 2019-10-10T00:00:00Z |
source | MITRE |
title | Staying Hidden on the Endpoint: Evading Detection with Shellcode |
Sekoia.io Stealc February 20 2023
Quentin Bourgue, Pierre Le Bourhis, Threat & Detection Research Team. (2023, February 20). Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part 1. Retrieved July 28, 2023.
Internal MISP references
UUID ca5b727d-f35b-4009-b4d4-21a69d41162d
which can be used as unique global reference for Sekoia.io Stealc February 20 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-28T00:00:00Z |
date_published | 2023-02-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part 1 |
Sekoia.io Stealc February 27 2023
Pierre Le Bourhis, Quentin Bourgue, Threat & Detection Research Team. (2023, February 27). Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part 2. Retrieved July 28, 2023.
Internal MISP references
UUID edd0cab4-48f7-48d8-a318-ced118af6a63
which can be used as unique global reference for Sekoia.io Stealc February 27 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-28T00:00:00Z |
date_published | 2023-02-27T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part 2 |
AADInternals Azure AD Device Identities
Dr. Nestori Syynimaa. (2022, February 15). Stealing and faking Azure AD device identities. Retrieved February 21, 2023.
Internal MISP references
UUID b5ef16c4-1db0-51e9-93ab-54a8e480debc
which can be used as unique global reference for AADInternals Azure AD Device Identities
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-21T00:00:00Z |
date_published | 2022-02-15T00:00:00Z |
source | MITRE |
title | Stealing and faking Azure AD device identities |
O365 Blog Azure AD Device IDs
Syynimaa, N. (2022, February 15). Stealing and faking Azure AD device identities. Retrieved August 3, 2022.
Internal MISP references
UUID ec94c043-92ef-4691-b21a-7ea68f39e338
which can be used as unique global reference for O365 Blog Azure AD Device IDs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-03T00:00:00Z |
date_published | 2022-02-15T00:00:00Z |
source | MITRE |
title | Stealing and faking Azure AD device identities |
Carnal Ownage Password Filters Sept 2013
Fuller, R. (2013, September 11). Stealing passwords every time they change. Retrieved November 21, 2017.
Internal MISP references
UUID 78ed9074-a46c-4ce6-ab7d-a587bd585dc5
which can be used as unique global reference for Carnal Ownage Password Filters Sept 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-21T00:00:00Z |
date_published | 2013-09-11T00:00:00Z |
source | MITRE |
title | Stealing passwords every time they change |
CSM Elderwood Sept 2012
Clayton, M.. (2012, September 14). Stealing US business secrets: Experts ID two huge cyber 'gangs' in China. Retrieved February 15, 2018.
Internal MISP references
UUID 6b79006d-f6de-489c-82fa-8c3c28d652ef
which can be used as unique global reference for CSM Elderwood Sept 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-15T00:00:00Z |
date_published | 2012-09-14T00:00:00Z |
source | MITRE |
title | Stealing US business secrets: Experts ID two huge cyber 'gangs' in China |
DEFCON2016 Sticky Keys
Maldonado, D., McGuffin, T. (2016, August 6). Sticky Keys to the Kingdom. Retrieved July 5, 2017.
Internal MISP references
UUID f903146d-b63d-4771-8d53-28ef137c9349
which can be used as unique global reference for DEFCON2016 Sticky Keys
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-05T00:00:00Z |
date_published | 2016-08-06T00:00:00Z |
source | MITRE |
title | Sticky Keys to the Kingdom |
The DFIR Report Stolen Images Conti
The DFIR Report. (2023, April 4). Stolen Images Campaign Ends in Conti Ransomware. Retrieved June 23, 2023.
Internal MISP references
UUID 4a89916f-3919-41fd-bf93-27f25a2363f5
which can be used as unique global reference for The DFIR Report Stolen Images Conti
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-23T00:00:00Z |
date_published | 2023-04-04T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Stolen Images Campaign Ends in Conti Ransomware |
Netscout Stolen Pencil Dec 2018
ASERT team. (2018, December 5). STOLEN PENCIL Campaign Targets Academia. Retrieved February 5, 2019.
Internal MISP references
UUID 6d3b31da-a784-4da0-91dd-b72c04fd520a
which can be used as unique global reference for Netscout Stolen Pencil Dec 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-05T00:00:00Z |
date_published | 2018-12-05T00:00:00Z |
source | MITRE |
title | STOLEN PENCIL Campaign Targets Academia |
FireEye VBA stomp Feb 2020
Cole, R., Moore, A., Stark, G., Stancill, B. (2020, February 5). STOMP 2 DIS: Brilliance in the (Visual) Basics. Retrieved September 17, 2020.
Internal MISP references
UUID bd034cc8-29e2-4d58-a72a-161b831191b7
which can be used as unique global reference for FireEye VBA stomp Feb 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-17T00:00:00Z |
date_published | 2020-02-05T00:00:00Z |
source | MITRE |
title | STOMP 2 DIS: Brilliance in the (Visual) Basics |
Stopping CloudTrail from Sending Events to CloudWatch Logs
Amazon Web Services. (n.d.). Stopping CloudTrail from Sending Events to CloudWatch Logs. Retrieved October 16, 2020.
Internal MISP references
UUID affb4d4f-5c96-4c27-b702-b8ad9bc8e1b3
which can be used as unique global reference for Stopping CloudTrail from Sending Events to CloudWatch Logs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-16T00:00:00Z |
source | MITRE |
title | Stopping CloudTrail from Sending Events to CloudWatch Logs |
McAfee Virtual Jan 2017
Roccia, T. (2017, January 19). Stopping Malware With a Fake Virtual Machine. Retrieved April 17, 2019.
Internal MISP references
UUID a541a027-733c-438f-a723-6f7e8e6f354c
which can be used as unique global reference for McAfee Virtual Jan 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-17T00:00:00Z |
date_published | 2017-01-19T00:00:00Z |
source | MITRE |
title | Stopping Malware With a Fake Virtual Machine |
Checkpoint Dridex Jan 2021
Check Point Research. (2021, January 4). Stopping Serial Killer: Catching the Next Strike. Retrieved September 7, 2021.
Internal MISP references
UUID a988084f-1a58-4e5b-a616-ed31d311cccf
which can be used as unique global reference for Checkpoint Dridex Jan 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-07T00:00:00Z |
date_published | 2021-01-04T00:00:00Z |
source | MITRE |
title | Stopping Serial Killer: Catching the Next Strike |
U.S. CISA Akira April 18 2024
Cybersecurity and Infrastructure Security Agency. (2024, April 18). #StopRansomware: Akira Ransomware. Retrieved April 19, 2024.
Internal MISP references
UUID 2e8cf25e-1c06-4f14-a6aa-cb7b876ad5be
which can be used as unique global reference for U.S. CISA Akira April 18 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-19T00:00:00Z |
date_published | 2024-04-18T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | #StopRansomware: Akira Ransomware |
U.S. CISA ALPHV Blackcat December 2023
Cybersecurity and Infrastructure Security Agency. (2023, December 19). #StopRansomware: ALPHV Blackcat. Retrieved December 19, 2023.
Internal MISP references
UUID d28d64cf-b5db-4438-8c5c-907ce5f55f69
which can be used as unique global reference for U.S. CISA ALPHV Blackcat December 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-19T00:00:00Z |
date_published | 2023-12-19T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | #StopRansomware: ALPHV Blackcat |
U.S. CISA AvosLocker October 11 2023
Cybersecurity and Infrastructure Security Agency. (2023, October 11). #StopRansomware: AvosLocker Ransomware (Update). Retrieved October 20, 2023.
Internal MISP references
UUID d419a317-6599-4fc5-91d1-a4c2bc83bf6a
which can be used as unique global reference for U.S. CISA AvosLocker October 11 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-20T00:00:00Z |
date_published | 2023-10-11T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | #StopRansomware: AvosLocker Ransomware (Update) |
U.S. CISA BianLian Ransomware May 2023
Cybersecurity and Infrastructure Security Agency. (2023, May 16). #StopRansomware: BianLian Ransomware Group. Retrieved May 18, 2023.
Internal MISP references
UUID aa52e826-f292-41f6-985d-0282230c8948
which can be used as unique global reference for U.S. CISA BianLian Ransomware May 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-18T00:00:00Z |
date_published | 2023-05-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | #StopRansomware: BianLian Ransomware Group |
U.S. CISA Black Basta May 10 2024
Cybersecurity and Infrastructure Security Agency. (2024, May 10). #StopRansomware: Black Basta. Retrieved May 13, 2024.
Internal MISP references
UUID 10fed6c7-4d73-49cd-9170-3f67d06365ca
which can be used as unique global reference for U.S. CISA Black Basta May 10 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-05-13T00:00:00Z |
date_published | 2024-05-10T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | #StopRansomware: Black Basta |
U.S. CISA CL0P CVE-2023-34362 Exploitation
Cybersecurity and Infrastructure Security Agency. (2023, June 7). #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability. Retrieved July 27, 2023.
Internal MISP references
UUID 07e48ca8-b965-4234-b04a-dfad45d58b22
which can be used as unique global reference for U.S. CISA CL0P CVE-2023-34362 Exploitation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-27T00:00:00Z |
date_published | 2023-06-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability |
U.S. CISA Cuba Ransomware October 2022
Cybersecurity and Infrastructure Security Agency. (2023, January 5). #StopRansomware: Cuba Ransomware. Retrieved May 19, 2023.
Internal MISP references
UUID d6ed5172-a319-45b0-b1cb-d270a2a48fa3
which can be used as unique global reference for U.S. CISA Cuba Ransomware October 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-19T00:00:00Z |
date_published | 2023-01-05T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | #StopRansomware: Cuba Ransomware |
U.S. CISA Daixin Team October 2022
Cybersecurity and Infrastructure Security Agency. (2022, October 26). #StopRansomware: Daixin Team. Retrieved May 19, 2023.
Internal MISP references
UUID cbf5ecfb-de79-41cc-8250-01790ff6e89b
which can be used as unique global reference for U.S. CISA Daixin Team October 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-19T00:00:00Z |
date_published | 2022-10-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | #StopRansomware: Daixin Team |
U.S. CISA LockBit 3.0 March 2023
Cybersecurity and Infrastructure Security Agency. (2023, March 16). #StopRansomware: LockBit 3.0. Retrieved May 19, 2023.
Internal MISP references
UUID 06de9247-ce40-4709-a17a-a65b8853758b
which can be used as unique global reference for U.S. CISA LockBit 3.0 March 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-19T00:00:00Z |
date_published | 2023-03-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | #StopRansomware: LockBit 3.0 |
U.S. CISA LockBit Citrix Bleed November 21 2023
Cybersecurity and Infrastructure Security Agency. (2023, November 21). #StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability. Retrieved November 30, 2023.
Internal MISP references
UUID 21f56e0c-9605-4fbb-9cb1-f868ba6eb053
which can be used as unique global reference for U.S. CISA LockBit Citrix Bleed November 21 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-30T00:00:00Z |
date_published | 2023-11-21T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | #StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability |
U.S. CISA MedusaLocker August 11 2022
Cybersecurity and Infrastructure Security Agency. (2022, August 11). #StopRansomware: MedusaLocker. Retrieved August 4, 2023.
Internal MISP references
UUID 48b34fb3-c346-4165-a4c6-caeaa9b02dba
which can be used as unique global reference for U.S. CISA MedusaLocker August 11 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-04T00:00:00Z |
date_published | 2022-08-11T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | #StopRansomware: MedusaLocker |
U.S. CISA Phobos February 29 2024
Cybersecurity and Infrastructure Security Agency. (2024, February 29). #StopRansomware: Phobos Ransomware. Retrieved March 7, 2024.
Internal MISP references
UUID bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a
which can be used as unique global reference for U.S. CISA Phobos February 29 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-07T00:00:00Z |
date_published | 2024-02-29T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | #StopRansomware: Phobos Ransomware |
U.S. CISA Play Ransomware December 2023
Cybersecurity and Infrastructure Security Agency. (2023, December 18). #StopRansomware: Play Ransomware. Retrieved December 18, 2023.
Internal MISP references
UUID ad96148c-8230-4923-86fd-4b1da211db1a
which can be used as unique global reference for U.S. CISA Play Ransomware December 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-18T00:00:00Z |
date_published | 2023-12-18T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | #StopRansomware: Play Ransomware |
U.S. CISA Rhysida Ransomware November 15 2023
Cybersecurity and Infrastructure Security Agency. (2023, November 15). #StopRansomware: Rhysida Ransomware. Retrieved November 16, 2023.
Internal MISP references
UUID 6d902955-d9a9-4ec1-8dd4-264f7594605e
which can be used as unique global reference for U.S. CISA Rhysida Ransomware November 15 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-16T00:00:00Z |
date_published | 2023-11-15T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | #StopRansomware: Rhysida Ransomware |
CISA Royal AA23-061A March 2023
CISA. (2023, March 2). #StopRansomware: Royal Ransomware. Retrieved March 31, 2023.
Internal MISP references
UUID 81baa61e-13c3-51e0-bf22-08383dbfb2a1
which can be used as unique global reference for CISA Royal AA23-061A March 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-31T00:00:00Z |
date_published | 2023-03-02T00:00:00Z |
source | MITRE |
title | #StopRansomware: Royal Ransomware |
#StopRansomware: Royal Ransomware | CISA
Cybersecurity and Infrastructure Security Agency. (2023, March 2). #StopRansomware: Royal Ransomware | CISA. Retrieved May 10, 2023.
Internal MISP references
UUID dd094572-da2e-4e54-9e54-b243dd4fcd2b
which can be used as unique global reference for #StopRansomware: Royal Ransomware | CISA
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-10T00:00:00Z |
date_published | 2023-03-02T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | #StopRansomware: Royal Ransomware |
U.S. CISA Vice Society September 2022
Cybersecurity and Infrastructure Security Agency. (2022, September 8). #StopRansomware: Vice Society. Retrieved May 19, 2023.
Internal MISP references
UUID 0a754513-5f20-44a0-8cea-c5d9519106c8
which can be used as unique global reference for U.S. CISA Vice Society September 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-19T00:00:00Z |
date_published | 2022-09-08T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | #StopRansomware: Vice Society |
Stordiag.exe - LOLBAS Project
LOLBAS. (2021, October 21). Stordiag.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 5e52a211-7ef6-42bd-93a1-5902f5e1c2ea
which can be used as unique global reference for Stordiag.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-10-21T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Stordiag.exe |
Pentestlab Stored Credentials
netbiosX. (2017, April 19). Stored Credentials. Retrieved April 6, 2018.
Internal MISP references
UUID 5be9afb8-749e-45a2-8e86-b5e6dc167b41
which can be used as unique global reference for Pentestlab Stored Credentials
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-06T00:00:00Z |
date_published | 2017-04-19T00:00:00Z |
source | MITRE |
title | Stored Credentials |
store_pwd_rev_enc
Microsoft. (2021, October 28). Store passwords using reversible encryption. Retrieved January 3, 2022.
Internal MISP references
UUID d3b9df24-b776-4658-9bb4-f43a2fe0094c
which can be used as unique global reference for store_pwd_rev_enc
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-03T00:00:00Z |
date_published | 2021-10-28T00:00:00Z |
source | MITRE |
title | Store passwords using reversible encryption |
IBM Storwize
IBM Support. (2017, April 26). Storwize USB Initialization Tool may contain malicious code. Retrieved May 28, 2019.
Internal MISP references
UUID 321cf27a-327d-4824-84d0-56634d3b86f5
which can be used as unique global reference for IBM Storwize
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-28T00:00:00Z |
date_published | 2017-04-26T00:00:00Z |
source | MITRE |
title | Storwize USB Initialization Tool may contain malicious code |
G Data Sodinokibi June 2019
Han, Karsten. (2019, June 4). Strange Bits: Sodinokibi Spam, CinaRAT, and Fake G DATA. Retrieved August 4, 2020.
Internal MISP references
UUID 03b1ef5a-aa63-453a-affc-aa0caf174ce4
which can be used as unique global reference for G Data Sodinokibi June 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-04T00:00:00Z |
date_published | 2019-06-04T00:00:00Z |
source | MITRE |
title | Strange Bits: Sodinokibi Spam, CinaRAT, and Fake G DATA |
Windows Blogs Microsoft Edge Sandbox
Cowan, C. (2017, March 23). Strengthening the Microsoft Edge Sandbox. Retrieved March 12, 2018.
Internal MISP references
UUID d7097b1e-507b-4626-9cef-39367c09f722
which can be used as unique global reference for Windows Blogs Microsoft Edge Sandbox
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-12T00:00:00Z |
date_published | 2017-03-23T00:00:00Z |
source | MITRE |
title | Strengthening the Microsoft Edge Sandbox |
ComputerWeekly Strider
Warwick Ashford. (2016, August 8). Strider cyber attack group deploying malware for espionage. Retrieved January 10, 2024.
Internal MISP references
UUID dc9cfd06-54fb-553c-b538-1e93fed6c538
which can be used as unique global reference for ComputerWeekly Strider
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-10T00:00:00Z |
date_published | 2016-08-08T00:00:00Z |
source | MITRE |
title | Strider cyber attack group deploying malware for espionage |
Symantec Strider Blog
Symantec Security Response. (2016, August 7). Strider: Cyberespionage group turns eye of Sauron on targets. Retrieved August 17, 2016.
Internal MISP references
UUID 664eac41-257f-4d4d-aba5-5d2e8e2117a7
which can be used as unique global reference for Symantec Strider Blog
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-17T00:00:00Z |
date_published | 2016-08-07T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Strider: Cyberespionage group turns eye of Sauron on targets |
Cybereason StrifeWater Feb 2022
Cybereason Nocturnus. (2022, February 1). StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations. Retrieved August 15, 2022.
Internal MISP references
UUID 30c911b2-9a5e-4510-a78c-c65e84398c7e
which can be used as unique global reference for Cybereason StrifeWater Feb 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-15T00:00:00Z |
date_published | 2022-02-01T00:00:00Z |
source | MITRE |
title | StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations |
Bitdefender StrongPity June 2020
Tudorica, R. et al. (2020, June 30). StrongPity APT - Revealing Trojanized Tools, Working Hours and Infrastructure. Retrieved July 20, 2020.
Internal MISP references
UUID 7d2e20f2-20ba-4d51-9495-034c07be41a8
which can be used as unique global reference for Bitdefender StrongPity June 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-20T00:00:00Z |
date_published | 2020-06-30T00:00:00Z |
source | MITRE |
title | StrongPity APT - Revealing Trojanized Tools, Working Hours and Infrastructure |
welivesec_strongpity
Stefanko, L. (2023, January 10). StrongPity espionage campaign targeting Android users. Retrieved January 31, 2023.
Internal MISP references
UUID 1b89df2c-e756-599a-9f7f-a5230db9de46
which can be used as unique global reference for welivesec_strongpity
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-01-31T00:00:00Z |
date_published | 2023-01-10T00:00:00Z |
source | MITRE |
title | StrongPity espionage campaign targeting Android users |
Microsoft STRONTIUM New Patterns Cred Harvesting Sept 2020
Microsoft Threat Intelligence Center (MSTIC). (2020, September 10). STRONTIUM: Detecting new patterns in credential harvesting. Retrieved September 11, 2020.
Internal MISP references
UUID 0a65008c-acdd-40fa-af1a-3d9941af8eac
which can be used as unique global reference for Microsoft STRONTIUM New Patterns Cred Harvesting Sept 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-11T00:00:00Z |
date_published | 2020-09-10T00:00:00Z |
source | MITRE |
title | STRONTIUM: Detecting new patterns in credential harvesting |
ESET Stuxnet Under the Microscope
Matrosov, A., Rodionov, E., Harley, D., Malcho, J.. (n.d.). Stuxnet Under the Microscope. Retrieved December 7, 2020.
Internal MISP references
UUID 4ec039a9-f843-42de-96ed-185c4e8c2d9f
which can be used as unique global reference for ESET Stuxnet Under the Microscope
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-07T00:00:00Z |
source | MITRE |
title | Stuxnet Under the Microscope |
subTee .NET Profilers May 2017
Smith, C. (2017, May 18). Subvert CLR Process Listing With .NET Profilers. Retrieved June 24, 2020.
Internal MISP references
UUID 6ef42019-5393-423e-811d-29b728c877e1
which can be used as unique global reference for subTee .NET Profilers May 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-24T00:00:00Z |
date_published | 2017-05-18T00:00:00Z |
source | MITRE |
title | Subvert CLR Process Listing With .NET Profilers |
SpectorOps Subverting Trust Sept 2017
Graeber, M. (2017, September). Subverting Trust in Windows. Retrieved January 31, 2018.
Internal MISP references
UUID 0b6e7651-0e17-4101-ab2b-22cb09fe1691
which can be used as unique global reference for SpectorOps Subverting Trust Sept 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-31T00:00:00Z |
date_published | 2017-09-01T00:00:00Z |
source | MITRE |
title | Subverting Trust in Windows |
Symantec Suckfly March 2016
DiMaggio, J. (2016, March 15). Suckfly: Revealing the secret life of your code signing certificates. Retrieved August 3, 2016.
Internal MISP references
UUID 8711c175-e405-4cb0-8c86-8aaa471e5573
which can be used as unique global reference for Symantec Suckfly March 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-03T00:00:00Z |
date_published | 2016-03-15T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Suckfly: Revealing the secret life of your code signing certificates |
sudo man page 2018
Todd C. Miller. (2018). Sudo Man Page. Retrieved March 19, 2018.
Internal MISP references
UUID 659d4302-d4cf-41af-8007-aa1da0208aa0
which can be used as unique global reference for sudo man page 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-19T00:00:00Z |
date_published | 2018-01-01T00:00:00Z |
source | MITRE |
title | Sudo Man Page |
FireEye SUNBURST Additional Details Dec 2020
Stephen Eckels, Jay Smith, William Ballenthin. (2020, December 24). SUNBURST Additional Technical Details. Retrieved January 6, 2021.
Internal MISP references
UUID c5d94f7f-f796-4872-9a19-f030c825588e
which can be used as unique global reference for FireEye SUNBURST Additional Details Dec 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-06T00:00:00Z |
date_published | 2020-12-24T00:00:00Z |
source | MITRE |
title | SUNBURST Additional Technical Details |
CheckPoint Sunburst & Teardrop December 2020
Check Point Research. (2020, December 22). SUNBURST, TEARDROP and the NetSec New Normal. Retrieved January 6, 2021.
Internal MISP references
UUID 4e3d9201-83d4-5375-b3b7-e00dfb16342d
which can be used as unique global reference for CheckPoint Sunburst & Teardrop December 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-06T00:00:00Z |
date_published | 2020-12-22T00:00:00Z |
source | MITRE |
title | SUNBURST, TEARDROP and the NetSec New Normal |
Check Point Sunburst Teardrop December 2020
Check Point Research. (2020, December 22). SUNBURST, TEARDROP and the NetSec New Normal. Retrieved January 6, 2021.
Internal MISP references
UUID a6b75979-af51-42ed-9bb9-01d5fb9ceac9
which can be used as unique global reference for Check Point Sunburst Teardrop December 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-06T00:00:00Z |
date_published | 2020-12-22T00:00:00Z |
source | MITRE |
title | SUNBURST, TEARDROP and the NetSec New Normal |
CrowdStrike SUNSPOT Implant January 2021
CrowdStrike Intelligence Team. (2021, January 11). SUNSPOT: An Implant in the Build Process. Retrieved January 11, 2021.
Internal MISP references
UUID 3a7b71cf-961a-4f63-84a8-31b43b18fb95
which can be used as unique global reference for CrowdStrike SUNSPOT Implant January 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-11T00:00:00Z |
date_published | 2021-01-11T00:00:00Z |
source | MITRE |
title | SUNSPOT: An Implant in the Build Process |
Kaspersky Superfish
Onuma. (2015, February 24). Superfish: Adware Preinstalled on Lenovo Laptops. Retrieved February 20, 2017.
Internal MISP references
UUID 3d554c05-992c-41f3-99f4-6b0baac56b3a
which can be used as unique global reference for Kaspersky Superfish
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-02-20T00:00:00Z |
date_published | 2015-02-24T00:00:00Z |
source | MITRE |
title | Superfish: Adware Preinstalled on Lenovo Laptops |
Unit42 SUPERNOVA Dec 2020
Tennis, M. (2020, December 17). SUPERNOVA: A Novel .NET Webshell. Retrieved February 22, 2021.
Internal MISP references
UUID e884d0b5-f2a2-47cb-bb77-3acdac6b1790
which can be used as unique global reference for Unit42 SUPERNOVA Dec 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-22T00:00:00Z |
date_published | 2020-12-17T00:00:00Z |
source | MITRE |
title | SUPERNOVA: A Novel .NET Webshell |
Guidepoint SUPERNOVA Dec 2020
Riley, W. (2020, December 1). SUPERNOVA SolarWinds .NET Webshell Analysis. Retrieved February 18, 2021.
Internal MISP references
UUID 78fee365-ab2b-4823-8358-46c362be1ac0
which can be used as unique global reference for Guidepoint SUPERNOVA Dec 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-18T00:00:00Z |
date_published | 2020-12-01T00:00:00Z |
source | MITRE |
title | SUPERNOVA SolarWinds .NET Webshell Analysis |
00sec Droppers
0x00pico. (2017, September 25). Super-Stealthy Droppers. Retrieved October 4, 2021.
Internal MISP references
UUID 7569e79b-5a80-4f42-b467-8548cc9fc319
which can be used as unique global reference for 00sec Droppers
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-04T00:00:00Z |
date_published | 2017-09-25T00:00:00Z |
source | MITRE |
title | Super-Stealthy Droppers |
FireEyeSupplyChain
FireEye. (2014). SUPPLY CHAIN ANALYSIS: From Quartermaster to SunshopFireEye. Retrieved March 6, 2017.
Internal MISP references
UUID 0647b285-963b-4427-bc96-a17b5f8839a9
which can be used as unique global reference for FireEyeSupplyChain
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-06T00:00:00Z |
date_published | 2014-01-01T00:00:00Z |
source | MITRE |
title | SUPPLY CHAIN ANALYSIS: From Quartermaster to SunshopFireEye |
Moran 2013
Moran, N., & Villeneuve, N. (2013, August 12). Survival of the Fittest: New York Times Attackers Evolve Quickly [Blog]. Retrieved November 12, 2014.
Internal MISP references
UUID d38bdb47-1a8d-43f8-b7ed-dfa5e430ac2f
which can be used as unique global reference for Moran 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
date_published | 2013-08-12T00:00:00Z |
source | MITRE |
title | Survival of the Fittest: New York Times Attackers Evolve Quickly [Blog] |
4 - appv
John Fokker. (2022, March 17). Suspected DarkHotel APT activity update. Retrieved February 6, 2024.
Internal MISP references
UUID 2b64284f-bc2c-5ca5-bf16-f862345cef80
which can be used as unique global reference for 4 - appv
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-06T00:00:00Z |
date_published | 2022-03-17T00:00:00Z |
source | MITRE |
title | Suspected DarkHotel APT activity update |
Dell Threat Group 2889
Dell SecureWorks. (2015, October 7). Suspected Iran-Based Hacker Group Creates Network of Fake LinkedIn Profiles. Retrieved January 14, 2016.
Internal MISP references
UUID de7003cb-5127-4fd7-9475-d69e0d7f5cc8
which can be used as unique global reference for Dell Threat Group 2889
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-14T00:00:00Z |
date_published | 2015-10-07T00:00:00Z |
source | MITRE |
title | Suspected Iran-Based Hacker Group Creates Network of Fake LinkedIn Profiles |
Mandiant UNC3890 Aug 2022
Mandiant Israel Research Team. (2022, August 17). Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors. Retrieved September 21, 2022.
Internal MISP references
UUID 7b3fda0b-d327-4f02-bebe-2b8974f9959d
which can be used as unique global reference for Mandiant UNC3890 Aug 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-21T00:00:00Z |
date_published | 2022-08-17T00:00:00Z |
source | MITRE |
title | Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors |
Suspected Russian Activity Targeting Government and Business Entities Around the Globe
Luke Jenkins, Sarah Hawley, Parnian Najafi, Doug Bienstock. (2021, December 6). Suspected Russian Activity Targeting Government and Business Entities Around the Globe. Retrieved April 15, 2022.
Internal MISP references
UUID f45a0551-8d49-4d40-989f-659416dc25ec
which can be used as unique global reference for Suspected Russian Activity Targeting Government and Business Entities Around the Globe
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-15T00:00:00Z |
date_published | 2021-12-06T00:00:00Z |
source | MITRE |
title | Suspected Russian Activity Targeting Government and Business Entities Around the Globe |
NCSC et al APT29 2024
UK National Cyber Security Center et al. (2024, February). SVR cyber actors adapt tactics for initial cloud access. Retrieved March 1, 2024.
Internal MISP references
UUID e04e6419-a086-598d-a794-925e42f3f237
which can be used as unique global reference for NCSC et al APT29 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-01T00:00:00Z |
date_published | 2024-02-01T00:00:00Z |
source | MITRE |
title | SVR cyber actors adapt tactics for initial cloud access |
U.S. CISA APT29 Cloud Access
Cybersecurity and Infrastructure Security Agency. (2024, February 26). SVR Cyber Actors Adapt Tactics for Initial Cloud Access. Retrieved March 1, 2024.
Internal MISP references
UUID e9e08eca-1e01-4ff0-a8ef-49ecf66aaf3d
which can be used as unique global reference for U.S. CISA APT29 Cloud Access
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-01T00:00:00Z |
date_published | 2024-02-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | SVR Cyber Actors Adapt Tactics for Initial Cloud Access |
Recorded Future Turla Infra 2020
Insikt Group. (2020, March 12). Swallowing the Snake’s Tail: Tracking Turla Infrastructure. Retrieved October 20, 2020.
Internal MISP references
UUID 73aaff33-5a0e-40b7-a089-77ac57da8dca
which can be used as unique global reference for Recorded Future Turla Infra 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2020-03-12T00:00:00Z |
source | MITRE |
title | Swallowing the Snake’s Tail: Tracking Turla Infrastructure |
Microsoft Sxstrace
Gerend, J. et al.. (2017, October 16). sxstrace. Retrieved April 26, 2021.
Internal MISP references
UUID a0a753c6-7d8c-4ad9-91a9-a2c385178054
which can be used as unique global reference for Microsoft Sxstrace
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-26T00:00:00Z |
date_published | 2017-10-16T00:00:00Z |
source | MITRE |
title | sxstrace |
Alienvault Sykipot DOD Smart Cards
Blasco, J. (2012, January 12). Sykipot variant hijacks DOD and Windows smart cards. Retrieved January 10, 2016.
Internal MISP references
UUID 1a96544f-5b4e-4e1a-8db0-a989df9e4aaa
which can be used as unique global reference for Alienvault Sykipot DOD Smart Cards
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-10T00:00:00Z |
date_published | 2012-01-12T00:00:00Z |
source | MITRE |
title | Sykipot variant hijacks DOD and Windows smart cards |
SecureList SynAck Doppelgänging May 2018
Ivanov, A. et al. (2018, May 7). SynAck targeted ransomware uses the Doppelgänging technique. Retrieved May 22, 2018.
Internal MISP references
UUID d9f0af0f-8a65-406b-9d7e-4051086ef301
which can be used as unique global reference for SecureList SynAck Doppelgänging May 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-22T00:00:00Z |
date_published | 2018-05-07T00:00:00Z |
source | MITRE |
title | SynAck targeted ransomware uses the Doppelgänging technique |
6 - appv
Strontic. (n.d.). SyncAppvPublishingServer.exe. Retrieved February 6, 2024.
Internal MISP references
UUID bc5d8a1a-5cf9-5974-bf13-245fa53721da
which can be used as unique global reference for 6 - appv
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-06T00:00:00Z |
source | MITRE |
title | SyncAppvPublishingServer.exe |
SyncAppvPublishingServer.exe - LOLBAS Project
LOLBAS. (2018, May 25). SyncAppvPublishingServer.exe. Retrieved December 4, 2023.
Internal MISP references
UUID ce371df7-aab6-4338-9491-656481cb5601
which can be used as unique global reference for SyncAppvPublishingServer.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | SyncAppvPublishingServer.exe |
5 - appv
Nick Landers, Casey Smith. (n.d.). /Syncappvpublishingserver.vbs. Retrieved February 6, 2024.
Internal MISP references
UUID 926c9e06-cc6a-55ea-8436-1211b4cc4d92
which can be used as unique global reference for 5 - appv
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-06T00:00:00Z |
source | MITRE |
title | /Syncappvpublishingserver.vbs |
Syncappvpublishingserver.vbs - LOLBAS Project
LOLBAS. (2018, May 25). Syncappvpublishingserver.vbs. Retrieved December 4, 2023.
Internal MISP references
UUID adb09226-894c-4874-a2e3-fb2c6de30173
which can be used as unique global reference for Syncappvpublishingserver.vbs - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Syncappvpublishingserver.vbs |
Mac Time Sync
Cone, Matt. (2021, January 14). Synchronize your Mac's Clock with a Time Server. Retrieved March 27, 2024.
Internal MISP references
UUID b36dd8af-045d-57b0-b0a9-45d831fe6373
which can be used as unique global reference for Mac Time Sync
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-27T00:00:00Z |
date_published | 2021-01-14T00:00:00Z |
source | MITRE |
title | Synchronize your Mac's Clock with a Time Server |
Mandiant - Synful Knock
Bill Hau, Tony Lee, Josh Homan. (2015, September 15). SYNful Knock - A Cisco router implant - Part I. Retrieved October 19, 2020.
Internal MISP references
UUID 1f6eaa98-9184-4341-8634-5512a9c632dd
which can be used as unique global reference for Mandiant - Synful Knock
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
date_published | 2015-09-15T00:00:00Z |
source | MITRE |
title | SYNful Knock - A Cisco router implant - Part I |
sysdig
Sysdig. (2023). Sysdig Global Cloud Threat Report. Retrieved March 1, 2024.
Internal MISP references
UUID 80cb54c2-2c44-5e19-bbc5-da9f4aaf976a
which can be used as unique global reference for sysdig
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-01T00:00:00Z |
date_published | 2023-01-01T00:00:00Z |
source | MITRE |
title | Sysdig Global Cloud Threat Report |
Sysmon EID 9
Russinovich, R. & Garnier, T. (2021, August 18). Sysmon Event ID 9. Retrieved September 24, 2021.
Internal MISP references
UUID b24440b2-43c3-46f2-be4c-1147f6acfe57
which can be used as unique global reference for Sysmon EID 9
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-24T00:00:00Z |
date_published | 2021-08-18T00:00:00Z |
source | MITRE |
title | Sysmon Event ID 9 |
Microsoft Sysmon v6 May 2017
Russinovich, M. & Garnier, T. (2017, May 22). Sysmon v6.20. Retrieved December 13, 2017.
Internal MISP references
UUID 41cd9e06-a56c-4b68-948c-efc497a8d0dc
which can be used as unique global reference for Microsoft Sysmon v6 May 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-13T00:00:00Z |
date_published | 2017-05-22T00:00:00Z |
source | MITRE |
title | Sysmon v6.20 |
Syssetup.dll - LOLBAS Project
LOLBAS. (2018, May 25). Syssetup.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 3bb7027f-7cbb-47e7-8cbb-cf45604669af
which can be used as unique global reference for Syssetup.dll - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Syssetup.dll |
System and kernel extensions in macOS
Apple. (n.d.). System and kernel extensions in macOS. Retrieved March 31, 2022.
Internal MISP references
UUID e5c4974d-dfd4-4c1c-ba4c-b6fb276effac
which can be used as unique global reference for System and kernel extensions in macOS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-31T00:00:00Z |
source | MITRE |
title | System and kernel extensions in macOS |
Linux man-pages: systemd January 2014
Linux man-pages. (2014, January). systemd(1) - Linux manual page. Retrieved April 23, 2019.
Internal MISP references
UUID e9a58efd-8de6-40c9-9638-c642311d6a07
which can be used as unique global reference for Linux man-pages: systemd January 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-23T00:00:00Z |
date_published | 2014-01-01T00:00:00Z |
source | MITRE |
title | systemd(1) - Linux manual page |
FreeDesktop Journal
freedesktop.org. (n.d.). systemd-journald.service. Retrieved June 15, 2022.
Internal MISP references
UUID 5ded9060-9a23-42dc-b13b-15e4e3ccabf9
which can be used as unique global reference for FreeDesktop Journal
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-15T00:00:00Z |
source | MITRE |
title | systemd-journald.service |
Ubuntu Manpage systemd rc
Canonical Ltd.. (n.d.). systemd-rc-local-generator - Compatibility generator for starting /etc/rc.local and /usr/sbin/halt.local during boot and shutdown. Retrieved February 23, 2021.
Internal MISP references
UUID 6be16aba-a37f-49c4-9a36-51d2676f64e6
which can be used as unique global reference for Ubuntu Manpage systemd rc
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-23T00:00:00Z |
source | MITRE |
title | systemd-rc-local-generator - Compatibility generator for starting /etc/rc.local and /usr/sbin/halt.local during boot and shutdown |
Systemd Service Units
Freedesktop.org. (n.d.). systemd.service — Service unit configuration. Retrieved March 16, 2020.
Internal MISP references
UUID 43bae447-d2e3-4b53-b17b-12a0b54ac604
which can be used as unique global reference for Systemd Service Units
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-16T00:00:00Z |
source | MITRE |
title | systemd.service — Service unit configuration |
freedesktop systemd.service
Free Desktop. (n.d.). systemd.service — Service unit configuration. Retrieved March 20, 2023.
Internal MISP references
UUID cae49a7a-db3b-5202-ba45-fbfa98b073c9
which can be used as unique global reference for freedesktop systemd.service
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-20T00:00:00Z |
source | MITRE |
title | systemd.service — Service unit configuration |
systemdsleep Linux
Man7. (n.d.). systemd-sleep.conf(5) — Linux manual page. Retrieved June 7, 2023.
Internal MISP references
UUID 9537f6f9-1521-5c21-b14f-ac459a2d1b70
which can be used as unique global reference for systemdsleep Linux
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-07T00:00:00Z |
source | MITRE |
title | systemd-sleep.conf(5) — Linux manual page |
Freedesktop.org Linux systemd 29SEP2018
Freedesktop.org. (2018, September 29). systemd System and Service Manager. Retrieved April 23, 2019.
Internal MISP references
UUID 940dcbbe-45d3-4f36-8d48-d606d41a679e
which can be used as unique global reference for Freedesktop.org Linux systemd 29SEP2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-23T00:00:00Z |
date_published | 2018-09-29T00:00:00Z |
source | MITRE |
title | systemd System and Service Manager |
archlinux Systemd Timers Aug 2020
archlinux. (2020, August 11). systemd/Timers. Retrieved October 12, 2020.
Internal MISP references
UUID 670f02f1-3927-4f38-aa2b-9ca0d8cf5b8e
which can be used as unique global reference for archlinux Systemd Timers Aug 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-12T00:00:00Z |
date_published | 2020-08-11T00:00:00Z |
source | MITRE |
title | systemd/Timers |
TechNet Systeminfo
Microsoft. (n.d.). Systeminfo. Retrieved April 8, 2016.
Internal MISP references
UUID 5462ba66-6e26-41c2-bc28-6c19085d4469
which can be used as unique global reference for TechNet Systeminfo
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-08T00:00:00Z |
source | MITRE |
title | Systeminfo |
Peripheral Discovery macOS
SS64. (n.d.). system_profiler. Retrieved March 11, 2022.
Internal MISP references
UUID 2a3c5216-b153-4d89-b0b1-f32af3aa83d0
which can be used as unique global reference for Peripheral Discovery macOS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-11T00:00:00Z |
source | MITRE |
title | system_profiler |
MSDN System Time
Microsoft. (n.d.). System Time. Retrieved November 25, 2016.
Internal MISP references
UUID 5e15e03b-be8b-4f3d-a3ae-0df7a4ecfbec
which can be used as unique global reference for MSDN System Time
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-11-25T00:00:00Z |
source | MITRE |
title | System Time |
linux system time
ArchLinux. (2024, February 1). System Time. Retrieved March 27, 2024.
Internal MISP references
UUID 2dfd22d7-c78b-5967-b732-736f37ea5489
which can be used as unique global reference for linux system time
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-27T00:00:00Z |
date_published | 2024-02-01T00:00:00Z |
source | MITRE |
title | System Time |
atomic-red proc file system
Atomic Red Team. (2023, November). T1003.007 - OS Credential Dumping: Proc Filesystem. Retrieved March 28, 2024.
Internal MISP references
UUID c7e77109-36d3-5549-a0f7-bacc0d9288b2
which can be used as unique global reference for atomic-red proc file system
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-28T00:00:00Z |
date_published | 2023-11-01T00:00:00Z |
source | MITRE |
title | T1003.007 - OS Credential Dumping: Proc Filesystem |
T1562.002_redcanaryco
redcanaryco. (2021, September 3). T1562.002 - Disable Windows Event Logging. Retrieved September 13, 2021.
Internal MISP references
UUID e136f5a2-d4c2-4c6c-8f72-0f8ed9abeed1
which can be used as unique global reference for T1562.002_redcanaryco
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-13T00:00:00Z |
date_published | 2021-09-03T00:00:00Z |
source | MITRE |
title | T1562.002 - Disable Windows Event Logging |
Palo Alto T9000 Feb 2016
Grunzweig, J. and Miller-Osborn, J.. (2016, February 4). T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques. Retrieved April 15, 2016.
Internal MISP references
UUID d7eefe85-86cf-4b9d-bf70-f16c5a0227cc
which can be used as unique global reference for Palo Alto T9000 Feb 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-15T00:00:00Z |
date_published | 2016-02-04T00:00:00Z |
source | MITRE |
title | T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques |
US-CERT TA18-068A 2018
US-CERT. (2018, March 27). TA18-068A Brute Force Attacks Conducted by Cyber Actors. Retrieved October 2, 2019.
Internal MISP references
UUID d9992f57-8ff3-432f-b445-937ff4a6ebf9
which can be used as unique global reference for US-CERT TA18-068A 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-02T00:00:00Z |
date_published | 2018-03-27T00:00:00Z |
source | MITRE |
title | TA18-068A Brute Force Attacks Conducted by Cyber Actors |
Browers FriarFox
Raggi, Michael. Proofpoint Threat Research Team. (2021, February 25). TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organizations. Retrieved February 26, 2024.
Internal MISP references
UUID 3fe79fc8-c86d-57ad-961f-30fddd0e5f62
which can be used as unique global reference for Browers FriarFox
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-26T00:00:00Z |
date_published | 2021-02-25T00:00:00Z |
source | MITRE |
title | TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organizations |
Proofpoint TA416 November 2020
Proofpoint Threat Research Team. (2020, November 23). TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader. Retrieved April 13, 2021.
Internal MISP references
UUID f72685de-c775-41c4-94ed-45fd7f873a1d
which can be used as unique global reference for Proofpoint TA416 November 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-13T00:00:00Z |
date_published | 2020-11-23T00:00:00Z |
source | MITRE |
title | TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader |
NCC Group TA505
Terefos, A. (2020, November 18). TA505: A Brief History of Their Time. Retrieved July 14, 2022.
Internal MISP references
UUID 45e0b869-5447-491b-9e8b-fbf63c62f5d6
which can be used as unique global reference for NCC Group TA505
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-14T00:00:00Z |
date_published | 2020-11-18T00:00:00Z |
source | MITRE |
title | TA505: A Brief History of Their Time |
ProofPoint SettingContent-ms July 2018
Proofpoint Staff. (2018, July 19). TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT. Retrieved April 19, 2019.
Internal MISP references
UUID 4f92af77-0428-4c67-8eec-98ecc3b55630
which can be used as unique global reference for ProofPoint SettingContent-ms July 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-19T00:00:00Z |
date_published | 2018-07-19T00:00:00Z |
source | MITRE |
title | TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT |
IBM TA505 April 2020
Frydrych, M. (2020, April 14). TA505 Continues to Infect Networks With SDBbot RAT. Retrieved May 29, 2020.
Internal MISP references
UUID bcef8bf8-5fc2-4921-b920-74ef893b8a27
which can be used as unique global reference for IBM TA505 April 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-29T00:00:00Z |
date_published | 2020-04-14T00:00:00Z |
source | MITRE |
title | TA505 Continues to Infect Networks With SDBbot RAT |
Proofpoint TA505 October 2019
Schwarz, D. et al. (2019, October 16). TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader. Retrieved May 29, 2020.
Internal MISP references
UUID 711ea2b3-58e2-4b38-aa71-877029c12e64
which can be used as unique global reference for Proofpoint TA505 October 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-29T00:00:00Z |
date_published | 2019-10-16T00:00:00Z |
source | MITRE |
title | TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader |
Proofpoint TA505 June 2018
Proofpoint Staff. (2018, June 8). TA505 shifts with the times. Retrieved May 28, 2019.
Internal MISP references
UUID e48dec7b-5635-4ae0-b0db-229660806c06
which can be used as unique global reference for Proofpoint TA505 June 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-28T00:00:00Z |
date_published | 2018-06-08T00:00:00Z |
source | MITRE |
title | TA505 shifts with the times |
TrendMicro TA505 Aug 2019
Trend Micro. (2019, August 27). TA505: Variety in Use of ServHelper and FlawedAmmyy. Retrieved February 22, 2021.
Internal MISP references
UUID 460758ea-ed3e-4e9b-ba2e-97c9d42154a4
which can be used as unique global reference for TrendMicro TA505 Aug 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-22T00:00:00Z |
date_published | 2019-08-27T00:00:00Z |
source | MITRE |
title | TA505: Variety in Use of ServHelper and FlawedAmmyy |
Unit 42 TA551 Jan 2021
Duncan, B. (2021, January 7). TA551: Email Attack Campaign Switches from Valak to IcedID. Retrieved March 17, 2021.
Internal MISP references
UUID 8e34bf1e-86ce-4d52-a6fa-037572766e99
which can be used as unique global reference for Unit 42 TA551 Jan 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-17T00:00:00Z |
date_published | 2021-01-07T00:00:00Z |
source | MITRE |
title | TA551: Email Attack Campaign Switches from Valak to IcedID |
Proofpoint February 23 2023
Proofpoint. (2023, February 23). TA569: SocGholish and Beyond | Proofpoint US. Retrieved May 7, 2023.
Internal MISP references
UUID fe7924b1-a385-4784-b308-15c2d0dbd840
which can be used as unique global reference for Proofpoint February 23 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2023-02-23T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | TA569: SocGholish and Beyond |
TA571
Axel F, Selena Larson. (2023, October 30). TA571 Delivers IcedID Forked Loader. Retrieved February 13, 2024.
Internal MISP references
UUID 5b463ad7-f425-5e70-b0b0-28514730a888
which can be used as unique global reference for TA571
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-13T00:00:00Z |
date_published | 2023-10-30T00:00:00Z |
source | MITRE |
title | TA571 Delivers IcedID Forked Loader |
IBM TA577 OneNote Malspam
IBM X-Force. (2023, May 30). TA577 OneNote Malspam Results in QakBot Deployment. Retrieved January 24, 2024.
Internal MISP references
UUID 30ebffb8-be3e-4094-a41b-882aec9e14b8
which can be used as unique global reference for IBM TA577 OneNote Malspam
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-24T00:00:00Z |
date_published | 2023-05-30T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | TA577 OneNote Malspam Results in QakBot Deployment |
Proofpoint TA577 NTLM March 4 2024
Tommy Madjar, Kelsey Merriman, Selena Larson, Proofpoint Threat Research Team. (2024, March 4). TA577’s Unusual Attack Chain Leads to NTLM Data Theft. Retrieved March 11, 2024.
Internal MISP references
UUID bbbef77a-8cd8-411c-a8a7-7faa7b5fdb2c
which can be used as unique global reference for Proofpoint TA577 NTLM March 4 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-11T00:00:00Z |
date_published | 2024-03-04T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | TA577’s Unusual Attack Chain Leads to NTLM Data Theft |
Cobalt Strike TTPs Dec 2017
Cobalt Strike. (2017, December 8). Tactics, Techniques, and Procedures. Retrieved December 20, 2017.
Internal MISP references
UUID ee56d7a3-32c4-4f75-ad0c-73164a83b5a6
which can be used as unique global reference for Cobalt Strike TTPs Dec 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 2017-12-08T00:00:00Z |
source | MITRE |
title | Tactics, Techniques, and Procedures |
Reuters Taiwan BlackTech August 2020
Lee, Y. (2020, August 19). Taiwan says China behind cyberattacks on government agencies, emails. Retrieved April 6, 2022.
Internal MISP references
UUID 77293f88-e336-4786-b042-7f0080bbff32
which can be used as unique global reference for Reuters Taiwan BlackTech August 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-06T00:00:00Z |
date_published | 2020-08-19T00:00:00Z |
source | MITRE |
title | Taiwan says China behind cyberattacks on government agencies, emails |
Microsoft Process Snapshot
Microsoft. (n.d.). Taking a Snapshot and Viewing Processes. Retrieved December 12, 2017.
Internal MISP references
UUID 6e4b1921-99b2-41ce-a7dc-72c05b17c682
which can be used as unique global reference for Microsoft Process Snapshot
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-12T00:00:00Z |
source | MITRE |
title | Taking a Snapshot and Viewing Processes |
Lacework TeamTNT May 2021
Stroud, J. (2021, May 25). Taking TeamTNT's Docker Images Offline. Retrieved September 22, 2021.
Internal MISP references
UUID 5908b04b-dbca-4fd8-bacc-141ef15546a1
which can be used as unique global reference for Lacework TeamTNT May 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-22T00:00:00Z |
date_published | 2021-05-25T00:00:00Z |
source | MITRE |
title | Taking TeamTNT's Docker Images Offline |
Datadog ECS January 19 2024
Martin McCloskey, Christophe Tafani-Dereeper. (2024, January 19). Tales from the cloud trenches: Amazon ECS is the new EC2 for crypto mining. Retrieved April 11, 2024.
Internal MISP references
UUID 7e4e44a7-b079-41af-b41d-176ba7e99563
which can be used as unique global reference for Datadog ECS January 19 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-11T00:00:00Z |
date_published | 2024-01-19T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Tales from the cloud trenches: Amazon ECS is the new EC2 for crypto mining |
Splunk Kovar Certificates 2017
Kovar, R. (2017, December 11). Tall Tales of Hunting with TLS/SSL Certificates. Retrieved October 16, 2020.
Internal MISP references
UUID 2b341021-897e-4e3f-9141-825d3501c498
which can be used as unique global reference for Splunk Kovar Certificates 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-16T00:00:00Z |
date_published | 2017-12-11T00:00:00Z |
source | MITRE |
title | Tall Tales of Hunting with TLS/SSL Certificates |
Dragos TALONITE
Dragos. (null). TALONITE. Retrieved February 25, 2021.
Internal MISP references
UUID f8ef1920-a4ad-4d65-b9de-8357d75f6929
which can be used as unique global reference for Dragos TALONITE
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-25T00:00:00Z |
source | MITRE |
title | TALONITE |
Talos Sodinokibi April 2019
Cadieux, P, et al (2019, April 30). Sodinokibi ransomware exploits WebLogic Server vulnerability. Retrieved August 4, 2020.
Internal MISP references
UUID fb948877-da2b-4abd-9d57-de9866b7a7c2
which can be used as unique global reference for Talos Sodinokibi April 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-04T00:00:00Z |
source | MITRE |
title | Talos Sodinokibi April 2019 |
Medium Event Tracing Tampering 2018
Palantir. (2018, December 24). Tampering with Windows Event Tracing: Background, Offense, and Defense. Retrieved June 7, 2019.
Internal MISP references
UUID cd1a7b9a-183f-4acf-95c8-14d9475d0551
which can be used as unique global reference for Medium Event Tracing Tampering 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-07T00:00:00Z |
date_published | 2018-12-24T00:00:00Z |
source | MITRE |
title | Tampering with Windows Event Tracing: Background, Offense, and Defense |
Tar.exe - LOLBAS Project
LOLBAS. (2023, January 30). Tar.exe. Retrieved December 4, 2023.
Internal MISP references
UUID e5f54ded-3ec1-49c1-9302-6b9f372d5015
which can be used as unique global reference for Tar.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2023-01-30T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Tar.exe |
NGLite Trojan
Robert Falcone, Jeff White, and Peter Renals. (2021, November 7). Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer. Retrieved February 8, 2024.
Internal MISP references
UUID 7cdd99d2-bbb2-5c81-ad09-92b581f33ffe
which can be used as unique global reference for NGLite Trojan
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-08T00:00:00Z |
date_published | 2021-11-07T00:00:00Z |
source | MITRE |
title | Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer |
Netskope GCP Redirection
Ashwin Vamshi. (2019, January 24). Targeted Attacks Abusing Google Cloud Platform Open Redirection. Retrieved August 18, 2022.
Internal MISP references
UUID 18efeffc-c47b-46ad-8e7b-2eda30a406f0
which can be used as unique global reference for Netskope GCP Redirection
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-18T00:00:00Z |
date_published | 2019-01-24T00:00:00Z |
source | MITRE |
title | Targeted Attacks Abusing Google Cloud Platform Open Redirection |
AhnLab Andariel Subgroup of Lazarus June 2018
AhnLab. (2018, June 23). Targeted attacks by Andariel Threat Group, a subgroup of the Lazarus. Retrieved September 29, 2021.
Internal MISP references
UUID bbc66e9f-98f9-4e34-b568-2833ea536f2e
which can be used as unique global reference for AhnLab Andariel Subgroup of Lazarus June 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
date_published | 2018-06-23T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Targeted attacks by Andariel Threat Group, a subgroup of the Lazarus |
Sood and Enbody
Aditya Sood and Richard Enbody. (2014, December 16). Targeted Cyber Attacks. Retrieved January 4, 2024.
Internal MISP references
UUID 61aca848-6376-560a-8f14-c23a3a9c832b
which can be used as unique global reference for Sood and Enbody
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-04T00:00:00Z |
date_published | 2014-12-16T00:00:00Z |
source | MITRE |
title | Targeted Cyber Attacks |
dharma_ransomware
Loui, E. Scheuerman, K. et al. (2020, April 16). Targeted Dharma Ransomware Intrusions Exhibit Consistent Techniques. Retrieved January 26, 2022.
Internal MISP references
UUID dfd168c0-40da-4402-a123-963eb8e2125a
which can be used as unique global reference for dharma_ransomware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-26T00:00:00Z |
date_published | 2020-04-16T00:00:00Z |
source | MITRE |
title | Targeted Dharma Ransomware Intrusions Exhibit Consistent Techniques |
Targeted SSL Stripping Attacks Are Real
Check Point. (n.d.). Targeted SSL Stripping Attacks Are Real. Retrieved May 24, 2023.
Internal MISP references
UUID 714528e8-0f2e-50a3-93c0-c560a34ba973
which can be used as unique global reference for Targeted SSL Stripping Attacks Are Real
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-24T00:00:00Z |
source | MITRE |
title | Targeted SSL Stripping Attacks Are Real |
CFR Vaccine Development Threats
Council on Foreign Relations. (2020, November 28). Targeting of companies involved in vaccine development. Retrieved October 30, 2023.
Internal MISP references
UUID 2ec4f877-de9a-44bf-8236-20d7ecd631df
which can be used as unique global reference for CFR Vaccine Development Threats
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-30T00:00:00Z |
date_published | 2020-11-28T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Targeting of companies involved in vaccine development |
Tarrask scheduled task
Microsoft Threat Intelligence Team & Detection and Response Team . (2022, April 12). Tarrask malware uses scheduled tasks for defense evasion. Retrieved June 1, 2022.
Internal MISP references
UUID 87682623-d1dd-4ee8-ae68-b08be5113e3e
which can be used as unique global reference for Tarrask scheduled task
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-01T00:00:00Z |
date_published | 2022-04-12T00:00:00Z |
source | MITRE |
title | Tarrask malware uses scheduled tasks for defense evasion |
Microsoft Tasklist
Microsoft. (n.d.). Tasklist. Retrieved December 23, 2015.
Internal MISP references
UUID 2c09561a-02ee-4948-9745-9d6c8eb2881d
which can be used as unique global reference for Microsoft Tasklist
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-12-23T00:00:00Z |
source | MITRE |
title | Tasklist |
Microsoft Tasks
Microsoft. (2018, May 31). Tasks. Retrieved September 28, 2021.
Internal MISP references
UUID def6601b-67e6-41e5-bcf3-9c701b86fd10
which can be used as unique global reference for Microsoft Tasks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-28T00:00:00Z |
date_published | 2018-05-31T00:00:00Z |
source | MITRE |
title | Tasks |
TechNet Task Scheduler Security
Microsoft. (2005, January 21). Task Scheduler and security. Retrieved June 8, 2016.
Internal MISP references
UUID 3a6d08ba-d79d-46f7-917d-075a98c59228
which can be used as unique global reference for TechNet Task Scheduler Security
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-08T00:00:00Z |
date_published | 2005-01-21T00:00:00Z |
source | MITRE |
title | Task Scheduler and security |
tau bundlore erika noerenberg 2020
Erika Noerenberg. (2020, June 29). TAU Threat Analysis: Bundlore (macOS) mm-install-macos. Retrieved October 12, 2021.
Internal MISP references
UUID 1c62ed57-43f7-40d7-a5c9-46b40a40af0e
which can be used as unique global reference for tau bundlore erika noerenberg 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-12T00:00:00Z |
date_published | 2020-06-29T00:00:00Z |
source | MITRE |
title | TAU Threat Analysis: Bundlore (macOS) mm-install-macos |
CarbonBlack Conti July 2020
Baskin, B. (2020, July 8). TAU Threat Discovery: Conti Ransomware. Retrieved February 17, 2021.
Internal MISP references
UUID 3c3a6dc0-66f2-492e-8c9c-c0bcca73008e
which can be used as unique global reference for CarbonBlack Conti July 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-17T00:00:00Z |
date_published | 2020-07-08T00:00:00Z |
source | MITRE |
title | TAU Threat Discovery: Conti Ransomware |
CarbonBlack LockerGoga 2019
CarbonBlack Threat Analysis Unit. (2019, March 22). TAU Threat Intelligence Notification – LockerGoga Ransomware. Retrieved April 16, 2019.
Internal MISP references
UUID 9970063c-6df7-4638-a247-6b1102289372
which can be used as unique global reference for CarbonBlack LockerGoga 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-16T00:00:00Z |
date_published | 2019-03-22T00:00:00Z |
source | MITRE |
title | TAU Threat Intelligence Notification – LockerGoga Ransomware |
GitHub Turla Driver Loader
TDL Project. (2016, February 4). TDL (Turla Driver Loader). Retrieved April 22, 2021.
Internal MISP references
UUID ed3534be-06ce-487b-911d-abe2fba70210
which can be used as unique global reference for GitHub Turla Driver Loader
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-22T00:00:00Z |
date_published | 2016-02-04T00:00:00Z |
source | MITRE |
title | TDL (Turla Driver Loader) |
S1 Old Rat New Tricks
Landry, J. (2016, April 21). Teaching an old RAT new tricks. Retrieved October 4, 2021.
Internal MISP references
UUID 20ef3645-fb92-4e13-a5a8-99367869bcba
which can be used as unique global reference for S1 Old Rat New Tricks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-04T00:00:00Z |
date_published | 2016-04-21T00:00:00Z |
source | MITRE |
title | Teaching an old RAT new tricks |
Teams.exe - LOLBAS Project
LOLBAS. (2022, January 17). Teams.exe. Retrieved December 4, 2023.
Internal MISP references
UUID ceee2b13-331f-4019-9c27-af0ce8b25414
which can be used as unique global reference for Teams.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-01-17T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Teams.exe |
TeamTNT Cloud Enumeration
Nathaniel Quist. (2021, June 4). TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations. Retrieved February 8, 2022.
Internal MISP references
UUID a672b74f-1f04-4d3a-84a6-1dd50e1a9951
which can be used as unique global reference for TeamTNT Cloud Enumeration
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-08T00:00:00Z |
date_published | 2021-06-04T00:00:00Z |
source | MITRE |
title | TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations |
Intezer TeamTNT Explosion September 2021
Intezer. (2021, September 1). TeamTNT Cryptomining Explosion. Retrieved October 15, 2021.
Internal MISP references
UUID e0d6208b-a4d6-45f0-bb3a-6c8681630b55
which can be used as unique global reference for Intezer TeamTNT Explosion September 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-15T00:00:00Z |
date_published | 2021-09-01T00:00:00Z |
source | MITRE |
title | TeamTNT Cryptomining Explosion |
AquaSec TeamTNT 2023
Ofek Itach and Assaf Morag. (2023, July 13). TeamTNT Reemerged with New Aggressive Cloud Campaign. Retrieved February 15, 2024.
Internal MISP references
UUID b98f1967-c62f-5afe-a2f7-4c426615d576
which can be used as unique global reference for AquaSec TeamTNT 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-15T00:00:00Z |
date_published | 2023-07-13T00:00:00Z |
source | MITRE |
title | TeamTNT Reemerged with New Aggressive Cloud Campaign |
Talos TeamTNT
Darin Smith. (2022, April 21). TeamTNT targeting AWS, Alibaba. Retrieved July 8, 2022.
Internal MISP references
UUID acd1b4c5-da28-584e-b892-599180a8dbb0
which can be used as unique global reference for Talos TeamTNT
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-08T00:00:00Z |
date_published | 2022-04-21T00:00:00Z |
source | MITRE |
title | TeamTNT targeting AWS, Alibaba |
Cisco Talos Intelligence Group
Darin Smith. (2022, April 21). TeamTNT targeting AWS, Alibaba. Retrieved August 4, 2022.
Internal MISP references
UUID f39b5f92-6e14-4c7f-b79d-7bade722e6d9
which can be used as unique global reference for Cisco Talos Intelligence Group
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-04T00:00:00Z |
date_published | 2022-04-21T00:00:00Z |
source | MITRE |
title | TeamTNT targeting AWS, Alibaba |
Cado Security TeamTNT Worm August 2020
Cado Security. (2020, August 16). Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials. Retrieved September 22, 2021.
Internal MISP references
UUID 8ccab4fe-155d-44b0-b0f2-941e9f8f87db
which can be used as unique global reference for Cado Security TeamTNT Worm August 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-22T00:00:00Z |
date_published | 2020-08-16T00:00:00Z |
source | MITRE |
title | Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials |
ATT TeamTNT Chimaera September 2020
AT&T Alien Labs. (2021, September 8). TeamTNT with new campaign aka Chimaera. Retrieved September 22, 2021.
Internal MISP references
UUID 5d9f402f-4ff4-4993-8685-e5656e2f3aff
which can be used as unique global reference for ATT TeamTNT Chimaera September 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-22T00:00:00Z |
date_published | 2021-09-08T00:00:00Z |
source | MITRE |
title | TeamTNT with new campaign aka Chimaera |
OSX Coldroot RAT
Patrick Wardle. (2018, February 17). Tearing Apart the Undetected (OSX)Coldroot RAT. Retrieved August 8, 2019.
Internal MISP references
UUID 5ee3a92c-df33-4ecd-b21e-7b9a4f6de227
which can be used as unique global reference for OSX Coldroot RAT
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-08-08T00:00:00Z |
date_published | 2018-02-17T00:00:00Z |
source | MITRE |
title | Tearing Apart the Undetected (OSX)Coldroot RAT |
Kaspersky ProjectSauron Technical Analysis
Kaspersky Lab's Global Research & Analysis Team. (2016, August 9). The ProjectSauron APT. Technical Analysis. Retrieved August 17, 2016.
Internal MISP references
UUID 1664726e-3a79-4d90-86e0-b2d50e9e0ba2
which can be used as unique global reference for Kaspersky ProjectSauron Technical Analysis
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-17T00:00:00Z |
source | MITRE |
title | Technical Analysis |
McAfee Babuk February 2021
Mundo, A. et al. (2021, February). Technical Analysis of Babuk Ransomware. Retrieved August 11, 2021.
Internal MISP references
UUID bb23ca19-78bb-4406-90a4-bf82bd467e04
which can be used as unique global reference for McAfee Babuk February 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-11T00:00:00Z |
date_published | 2021-02-01T00:00:00Z |
source | MITRE |
title | Technical Analysis of Babuk Ransomware |
Crytox Ransomware
Romain Dumont . (2022, September 21). Technical Analysis of Crytox Ransomware. Retrieved November 22, 2023.
Internal MISP references
UUID 7c22d9d0-a2d8-5936-a6b1-5c696a2a19c6
which can be used as unique global reference for Crytox Ransomware
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-22T00:00:00Z |
date_published | 2022-09-21T00:00:00Z |
source | MITRE |
title | Technical Analysis of Crytox Ransomware |
McAfee Cuba April 2021
Roccio, T., et al. (2021, April). Technical Analysis of Cuba Ransomware. Retrieved June 18, 2021.
Internal MISP references
UUID e0e86e08-64ec-48dc-91e6-24fde989cd77
which can be used as unique global reference for McAfee Cuba April 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-18T00:00:00Z |
date_published | 2021-04-01T00:00:00Z |
source | MITRE |
title | Technical Analysis of Cuba Ransomware |
McAfee Dianxun March 2021
Roccia, T., Seret, T., Fokker, J. (2021, March 16). Technical Analysis of Operation Dianxun. Retrieved April 13, 2021.
Internal MISP references
UUID a40a69d7-7abc-4829-9905-98c156a809fe
which can be used as unique global reference for McAfee Dianxun March 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-13T00:00:00Z |
date_published | 2021-03-16T00:00:00Z |
source | MITRE |
title | Technical Analysis of Operation Dianxun |
Zscaler Pikabot May 24 2023
Brett Stone-Gross, Nikolaos Pantazopoulos. (2023, May 24). Technical Analysis of Pikabot. Retrieved January 11, 2024.
Internal MISP references
UUID ec87676b-bc88-44b5-9e9a-5eb8eb39b4a1
which can be used as unique global reference for Zscaler Pikabot May 24 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-11T00:00:00Z |
date_published | 2023-05-24T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Technical Analysis of Pikabot |
Technical Analysis of PureCrypter | Zscaler Blog
Zscaler. (2022, June 13). Technical Analysis of PureCrypter | Zscaler Blog. Retrieved May 10, 2023.
Internal MISP references
UUID 5e3fa76b-0ca3-4935-830a-6ca132fa2fb4
which can be used as unique global reference for Technical Analysis of PureCrypter | Zscaler Blog
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-10T00:00:00Z |
date_published | 2022-06-13T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Technical Analysis of PureCrypter |
Crowdstrike WhisperGate January 2022
Crowdstrike. (2022, January 19). Technical Analysis of the WhisperGate Malicious Bootloader. Retrieved March 10, 2022.
Internal MISP references
UUID 846bccb4-b177-4c17-8cc5-56769c1d4b60
which can be used as unique global reference for Crowdstrike WhisperGate January 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-10T00:00:00Z |
date_published | 2022-01-19T00:00:00Z |
source | MITRE |
title | Technical Analysis of the WhisperGate Malicious Bootloader |
Apple TN2459 Kernel Extensions
Apple. (2018, April 19). Technical Note TN2459: User-Approved Kernel Extension Loading. Retrieved June 30, 2020.
Internal MISP references
UUID 8cd7676a-bbef-4c31-8288-365837acf65d
which can be used as unique global reference for Apple TN2459 Kernel Extensions
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-30T00:00:00Z |
date_published | 2018-04-19T00:00:00Z |
source | MITRE |
title | Technical Note TN2459: User-Approved Kernel Extension Loading |
fb_arid_viper
Flossman, M., Scott, M. (2021, April). Technical Paper // Taking Action Against Arid Viper. Retrieved March 4, 2024.
Internal MISP references
UUID 1dca5e73-0b6e-51cd-867c-927d081f228d
which can be used as unique global reference for fb_arid_viper
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-04T00:00:00Z |
date_published | 2021-04-01T00:00:00Z |
source | MITRE |
title | Technical Paper // Taking Action Against Arid Viper |
GovCERT Carbon May 2016
GovCERT. (2016, May 23). Technical Report about the Espionage Case at RUAG. Retrieved November 7, 2018.
Internal MISP references
UUID 2e4a445f-b55c-4800-9d75-9d8fe20abc74
which can be used as unique global reference for GovCERT Carbon May 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-07T00:00:00Z |
date_published | 2016-05-23T00:00:00Z |
source | MITRE |
title | Technical Report about the Espionage Case at RUAG |
Palo Alto Office Test Sofacy
Falcone, R. (2016, July 20). Technical Walkthrough: Office Test Persistence Method Used In Recent Sofacy Attacks. Retrieved July 3, 2017.
Internal MISP references
UUID 3138f32c-f89c-439c-a8c5-2964c356308d
which can be used as unique global reference for Palo Alto Office Test Sofacy
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-03T00:00:00Z |
date_published | 2016-07-20T00:00:00Z |
source | MITRE |
title | Technical Walkthrough: Office Test Persistence Method Used In Recent Sofacy Attacks |
te.exe - LOLBAS Project
LOLBAS. (2018, May 25). te.exe. Retrieved December 4, 2023.
Internal MISP references
UUID e7329381-319e-4dcc-8187-92882e6f2e12
which can be used as unique global reference for te.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | te.exe |
ESET Telebots June 2017
Cherepanov, A.. (2017, June 30). TeleBots are back: Supply chain attacks against Ukraine. Retrieved June 11, 2020.
Internal MISP references
UUID eb5c2951-b149-4e40-bc5f-b2630213eb8b
which can be used as unique global reference for ESET Telebots June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-11T00:00:00Z |
date_published | 2017-06-30T00:00:00Z |
source | MITRE |
title | TeleBots are back: Supply chain attacks against Ukraine |
SANS Brian Wiltse Template Injection
Wiltse, B.. (2018, November 7). Template Injection Attacks - Bypassing Security Controls by Living off the Land. Retrieved April 10, 2019.
Internal MISP references
UUID 8c010c87-865b-4168-87a7-4a24db413def
which can be used as unique global reference for SANS Brian Wiltse Template Injection
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-10T00:00:00Z |
date_published | 2018-11-07T00:00:00Z |
source | MITRE |
title | Template Injection Attacks - Bypassing Security Controls by Living off the Land |
Amazon AWS Temporary Security Credentials
Amazon. (n.d.). Temporary Security Credentials. Retrieved October 18, 2019.
Internal MISP references
UUID d3740d23-1561-47c4-a6e5-df1b6277839e
which can be used as unique global reference for Amazon AWS Temporary Security Credentials
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-18T00:00:00Z |
source | MITRE |
title | Temporary Security Credentials |
Elastic Process Injection July 2017
Hosseini, A. (2017, July 18). Ten Process Injection Techniques: A Technical Survey Of Common And Trending Process Injection Techniques. Retrieved December 7, 2017.
Internal MISP references
UUID 02c9100d-27eb-4f2f-b302-adf890055546
which can be used as unique global reference for Elastic Process Injection July 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-07T00:00:00Z |
date_published | 2017-07-18T00:00:00Z |
source | MITRE |
title | Ten Process Injection Techniques: A Technical Survey Of Common And Trending Process Injection Techniques |
TestWindowRemoteAgent.exe - LOLBAS Project
LOLBAS. (2023, August 21). TestWindowRemoteAgent.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 0cc891bc-692c-4a52-9985-39ddb434294d
which can be used as unique global reference for TestWindowRemoteAgent.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2023-08-21T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | TestWindowRemoteAgent.exe |
Sygnia Elephant Beetle Jan 2022
Sygnia Incident Response Team. (2022, January 5). TG2003: ELEPHANT BEETLE UNCOVERING AN ORGANIZED FINANCIAL-THEFT OPERATION. Retrieved February 9, 2023.
Internal MISP references
UUID 932897a6-0fa4-5be3-bf0b-20d6ddad238e
which can be used as unique global reference for Sygnia Elephant Beetle Jan 2022
in MISP communities and other software using the MISP galaxy
External references
- https://f.hubspotusercontent30.net/hubfs/8776530/Sygnia-%20Elephant%20Beetle_Jan2022.pdf?__hstc=147695848.3e8f1a482c8f8d4531507747318e660b.1680005306711.1680005306711.1680005306711.1&__hssc=147695848.1.1680005306711&__hsfp=3000179024&hsCtaTracking=189ec409-ae2d-4909-8bf1-62dcdd694372%7Cca91d317-8f10-4a38-9f80-367f551ad64d - webarchive
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-09T00:00:00Z |
date_published | 2022-01-05T00:00:00Z |
source | MITRE |
title | TG2003: ELEPHANT BEETLE UNCOVERING AN ORGANIZED FINANCIAL-THEFT OPERATION |
Cloudflare February 5 2024
Matthew Prince. (2024, February 1). Thanksgiving 2023 security incident. Retrieved February 5, 2024.
Internal MISP references
UUID 0d183112-77d9-472f-8b0e-5724e1bb4706
which can be used as unique global reference for Cloudflare February 5 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-05T00:00:00Z |
date_published | 2024-02-01T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Thanksgiving 2023 security incident |
Domain_Steal_CC
Krebs, B. (2018, November 13). That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards. Retrieved September 20, 2019.
Internal MISP references
UUID 30ab5d35-db9b-401f-89cb-73f2c7fea060
which can be used as unique global reference for Domain_Steal_CC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-20T00:00:00Z |
date_published | 2018-11-13T00:00:00Z |
source | MITRE |
title | That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards |
Kali Hydra
Kali. (2014, February 18). THC-Hydra. Retrieved November 2, 2017.
Internal MISP references
UUID d8c93272-00f8-4dc4-b4cd-03246fc0fc23
which can be used as unique global reference for Kali Hydra
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-02T00:00:00Z |
date_published | 2014-02-18T00:00:00Z |
source | MITRE |
title | THC-Hydra |
Adventures of a Keystroke
Tinaztepe, E. (n.d.). The Adventures of a Keystroke: An in-depth look into keyloggers on Windows. Retrieved April 27, 2016.
Internal MISP references
UUID f29ed400-2986-4b2c-9b8a-7dde37562d22
which can be used as unique global reference for Adventures of a Keystroke
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-27T00:00:00Z |
source | MITRE |
title | The Adventures of a Keystroke: An in-depth look into keyloggers on Windows |
ThreatConnect Anthem
ThreatConnect Research Team. (2015, February 27). The Anthem Hack: All Roads Lead to China. Retrieved January 26, 2016.
Internal MISP references
UUID 61ecd0b4-6cac-4d9f-8e8c-3d488fef6fec
which can be used as unique global reference for ThreatConnect Anthem
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-26T00:00:00Z |
date_published | 2015-02-27T00:00:00Z |
source | MITRE, Tidal Cyber |
title | The Anthem Hack: All Roads Lead to China |
Talos Cobalt Strike September 2020
Mavis, N. (2020, September 21). The Art and Science of Detecting Cobalt Strike. Retrieved April 6, 2021.
Internal MISP references
UUID 60a5ee63-3d98-466a-8037-4a1edfcdef8c
which can be used as unique global reference for Talos Cobalt Strike September 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-06T00:00:00Z |
date_published | 2020-09-21T00:00:00Z |
source | MITRE |
title | The Art and Science of Detecting Cobalt Strike |
wardle chp2 persistence
Patrick Wardle. (2022, January 1). The Art of Mac Malware Volume 0x1:Analysis. Retrieved April 19, 2022.
Internal MISP references
UUID 3684bacb-24cb-4467-b463-d0d3f5075c5c
which can be used as unique global reference for wardle chp2 persistence
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-19T00:00:00Z |
date_published | 2022-01-01T00:00:00Z |
source | MITRE |
title | The Art of Mac Malware Volume 0x1:Analysis |
wardle artofmalware volume1
Patrick Wardle. (2020, August 5). The Art of Mac Malware Volume 0x1: Analysis. Retrieved March 19, 2021.
Internal MISP references
UUID 53d0279e-4f30-4bbe-a9c7-90e36cd81570
which can be used as unique global reference for wardle artofmalware volume1
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-19T00:00:00Z |
date_published | 2020-08-05T00:00:00Z |
source | MITRE |
title | The Art of Mac Malware Volume 0x1: Analysis |
ArtOfMemoryForensics
Ligh, M.H. et al.. (2014, July). The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory. Retrieved December 20, 2017.
Internal MISP references
UUID 054404b7-48a6-4578-9828-9f1e8e21d2df
which can be used as unique global reference for ArtOfMemoryForensics
in MISP communities and other software using the MISP galaxy
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 2014-07-01T00:00:00Z |
source | MITRE |
title | The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory |
STIG Audit Kernel Modules
Unified Compliance Framework. (2016, December 20). The audit system must be configured to audit the loading and unloading of dynamic kernel modules.. Retrieved September 28, 2021.
Internal MISP references
UUID 44c10623-557f-445d-8b88-6006af13c54d
which can be used as unique global reference for STIG Audit Kernel Modules
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-28T00:00:00Z |
date_published | 2016-12-20T00:00:00Z |
source | MITRE |
title | The audit system must be configured to audit the loading and unloading of dynamic kernel modules. |
Medium Metamorfo Apr 2020
Erlich, C. (2020, April 3). The Avast Abuser: Metamorfo Banking Malware Hides By Abusing Avast Executable. Retrieved May 26, 2020.
Internal MISP references
UUID 356defac-b976-41c1-aac8-5d6ff0c80e28
which can be used as unique global reference for Medium Metamorfo Apr 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-26T00:00:00Z |
date_published | 2020-04-03T00:00:00Z |
source | MITRE |
title | The Avast Abuser: Metamorfo Banking Malware Hides By Abusing Avast Executable |
Gigamon Berserk Bear October 2021
Slowik, J. (2021, October). THE BAFFLING BERSERK BEAR: A DECADE’S ACTIVITY TARGETING CRITICAL INFRASTRUCTURE. Retrieved December 6, 2021.
Internal MISP references
UUID 06b6cbe3-8e35-4594-b36f-76b503c11520
which can be used as unique global reference for Gigamon Berserk Bear October 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-06T00:00:00Z |
date_published | 2021-10-01T00:00:00Z |
source | MITRE |
title | THE BAFFLING BERSERK BEAR: A DECADE’S ACTIVITY TARGETING CRITICAL INFRASTRUCTURE |
Kaspersky Emotet Jan 2019
Shulmin, A. . (2015, April 9). The Banking Trojan Emotet: Detailed Analysis. Retrieved March 25, 2019.
Internal MISP references
UUID 4824dfdf-8dbb-4b98-afcc-4a703c31fbda
which can be used as unique global reference for Kaspersky Emotet Jan 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-25T00:00:00Z |
date_published | 2015-04-09T00:00:00Z |
source | MITRE |
title | The Banking Trojan Emotet: Detailed Analysis |
Symantec Black Vine
DiMaggio, J.. (2015, August 6). The Black Vine cyberespionage group. Retrieved January 26, 2016.
Internal MISP references
UUID 0b7745ce-04c0-41d9-a440-df9084a45d09
which can be used as unique global reference for Symantec Black Vine
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-26T00:00:00Z |
date_published | 2015-08-06T00:00:00Z |
source | MITRE, Tidal Cyber |
title | The Black Vine cyberespionage group |
Group IB GrimAgent July 2021
Priego, A. (2021, July). THE BROTHERS GRIM: THE REVERSING TALE OF GRIMAGENT MALWARE USED BY RYUK. Retrieved July 16, 2021.
Internal MISP references
UUID 6b0dd676-3ea5-4b56-a27b-b1685787de02
which can be used as unique global reference for Group IB GrimAgent July 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-07-16T00:00:00Z |
date_published | 2021-07-01T00:00:00Z |
source | MITRE |
title | THE BROTHERS GRIM: THE REVERSING TALE OF GRIMAGENT MALWARE USED BY RYUK |
RSA Carbanak November 2017
RSA. (2017, November 21). THE CARBANAK/FIN7 SYNDICATE A HISTORICAL OVERVIEW OF AN EVOLVING THREAT. Retrieved July 29, 2020.
Internal MISP references
UUID eb947d49-26f4-4104-8296-1552a273c9c3
which can be used as unique global reference for RSA Carbanak November 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-29T00:00:00Z |
date_published | 2017-11-21T00:00:00Z |
source | MITRE |
title | THE CARBANAK/FIN7 SYNDICATE A HISTORICAL OVERVIEW OF AN EVOLVING THREAT |
Picus Emotet Dec 2018
Özarslan, S. (2018, December 21). The Christmas Card you never wanted - A new wave of Emotet is back to wreak havoc. Retrieved March 25, 2019.
Internal MISP references
UUID d7594fb4-e544-491b-a406-228a5c7884a9
which can be used as unique global reference for Picus Emotet Dec 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-25T00:00:00Z |
date_published | 2018-12-21T00:00:00Z |
source | MITRE |
title | The Christmas Card you never wanted - A new wave of Emotet is back to wreak havoc |
Medium Ali Salem Bumblebee April 2022
Salem, A. (2022, April 27). The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection. Retrieved September 2, 2022.
Internal MISP references
UUID 5f6752a7-50a9-4202-b69b-c5f9d24b86de
which can be used as unique global reference for Medium Ali Salem Bumblebee April 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-02T00:00:00Z |
date_published | 2022-04-27T00:00:00Z |
source | MITRE |
title | The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection |
Avira XWorm April 2023
Gurumoorthi Ramanathan. (2023, April 25). The Claws of Evilcode Gauntlet – XWorm RAT . Retrieved May 10, 2023.
Internal MISP references
UUID 564931cf-a3e1-488f-bc90-be37c448f3b3
which can be used as unique global reference for Avira XWorm April 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-10T00:00:00Z |
date_published | 2023-04-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | The Claws of Evilcode Gauntlet – XWorm RAT |
MSDN COM Elevation
Microsoft. (n.d.). The COM Elevation Moniker. Retrieved July 26, 2016.
Internal MISP references
UUID 898df7c7-4f19-40cb-a216-7b0f6c6155b3
which can be used as unique global reference for MSDN COM Elevation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-07-26T00:00:00Z |
source | MITRE |
title | The COM Elevation Moniker |
Microsoft Component Object Model
Microsoft. (n.d.). The Component Object Model. Retrieved August 18, 2016.
Internal MISP references
UUID e1bb3872-7748-4e64-818f-6187a20d59f0
which can be used as unique global reference for Microsoft Component Object Model
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-18T00:00:00Z |
source | MITRE |
title | The Component Object Model |
SANS Conficker
Burton, K. (n.d.). The Conficker Worm. Retrieved February 18, 2021.
Internal MISP references
UUID 2dca2274-5f25-475a-b87d-97f3e3a525de
which can be used as unique global reference for SANS Conficker
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-18T00:00:00Z |
source | MITRE |
title | The Conficker Worm |
Trellix Darkgate 2023
Ernesto Fernández Provecho, Pham Duy Phuc, Ciana Driscoll & Vinoo Thomas. (2023, November 21). The Continued Evolution of the DarkGate Malware-as-a-Service. Retrieved February 9, 2024.
Internal MISP references
UUID 83fb92d8-1245-5d68-b9f2-0915c10401c6
which can be used as unique global reference for Trellix Darkgate 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-09T00:00:00Z |
date_published | 2023-11-21T00:00:00Z |
source | MITRE |
title | The Continued Evolution of the DarkGate Malware-as-a-Service |
Symantec DDoS October 2014
Wueest, C.. (2014, October 21). The continued rise of DDoS attacks. Retrieved April 24, 2019.
Internal MISP references
UUID 878e0382-4191-4bca-8adc-c379b0d57ba8
which can be used as unique global reference for Symantec DDoS October 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-24T00:00:00Z |
date_published | 2014-10-21T00:00:00Z |
source | MITRE |
title | The continued rise of DDoS attacks |
BlackBerry CostaRicto November 2020
The BlackBerry Research and Intelligence Team. (2020, November 12). The CostaRicto Campaign: Cyber-Espionage Outsourced. Retrieved May 24, 2021.
Internal MISP references
UUID 93a23447-641c-4ee2-9fbd-64b2adea8a5f
which can be used as unique global reference for BlackBerry CostaRicto November 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-05-24T00:00:00Z |
date_published | 2020-11-12T00:00:00Z |
source | MITRE |
title | The CostaRicto Campaign: Cyber-Espionage Outsourced |
Invictus IR DangerDev 2024
Invictus Incident Response. (2024, January 31). The curious case of DangerDev@protonmail.me. Retrieved March 19, 2024.
Internal MISP references
UUID 90d608b9-ddbf-5476-bce1-85e8466aca47
which can be used as unique global reference for Invictus IR DangerDev 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-19T00:00:00Z |
date_published | 2024-01-31T00:00:00Z |
source | MITRE |
title | The curious case of DangerDev@protonmail.me |
Www.invictus-ir.com 1 31 2024
Www.invictus-ir.com. (2024, January 31). The curious case of DangerDev@protonmail.me. Retrieved April 17, 2024.
Internal MISP references
UUID 803a084a-0468-4c43-9843-a0b5652acdba
which can be used as unique global reference for Www.invictus-ir.com 1 31 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-17T00:00:00Z |
date_published | 2024-01-31T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | The curious case of DangerDev@protonmail.me |
SecureWorks Mia Ash July 2017
Counter Threat Unit Research Team. (2017, July 27). The Curious Case of Mia Ash: Fake Persona Lures Middle Eastern Targets. Retrieved February 26, 2018.
Internal MISP references
UUID 754c9276-ef05-4d05-956f-75866090aa78
which can be used as unique global reference for SecureWorks Mia Ash July 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-26T00:00:00Z |
date_published | 2017-07-27T00:00:00Z |
source | MITRE |
title | The Curious Case of Mia Ash: Fake Persona Lures Middle Eastern Targets |
Trustwave IIS Module 2013
Grunzweig, J. (2013, December 9). The Curious Case of the Malicious IIS Module. Retrieved June 3, 2021.
Internal MISP references
UUID cbb79c3c-1e2c-42ac-8183-9566ccde0cd6
which can be used as unique global reference for Trustwave IIS Module 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-03T00:00:00Z |
date_published | 2013-12-09T00:00:00Z |
source | MITRE |
title | The Curious Case of the Malicious IIS Module |
CloudSploit - Unused AWS Regions
CloudSploit. (2019, June 8). The Danger of Unused AWS Regions. Retrieved October 8, 2019.
Internal MISP references
UUID 7c237b73-233f-4fe3-b4a6-ce523fd82853
which can be used as unique global reference for CloudSploit - Unused AWS Regions
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-08T00:00:00Z |
date_published | 2019-06-08T00:00:00Z |
source | MITRE |
title | The Danger of Unused AWS Regions |
Dormann Dangers of VHD 2019
Dormann, W. (2019, September 4). The Dangers of VHD and VHDX Files. Retrieved March 16, 2021.
Internal MISP references
UUID e58b4e78-d858-4b28-8d06-2fb467b26337
which can be used as unique global reference for Dormann Dangers of VHD 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-16T00:00:00Z |
date_published | 2019-09-04T00:00:00Z |
source | MITRE |
title | The Dangers of VHD and VHDX Files |
Kaspersky Darkhotel
Kaspersky Lab's Global Research and Analysis Team. (2014, November). The Darkhotel APT A Story of Unusual Hospitality. Retrieved November 12, 2014.
Internal MISP references
UUID 3247c03a-a57c-4945-9b85-72a70719e1cd
which can be used as unique global reference for Kaspersky Darkhotel
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
date_published | 2014-11-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | The Darkhotel APT A Story of Unusual Hospitality |
ESET ForSSHe December 2018
Dumont, R., M.Léveillé, M., Porcher, H. (2018, December 1). THE DARK SIDE OF THE FORSSHE A landscape of OpenSSH backdoors. Retrieved July 16, 2020.
Internal MISP references
UUID 0e25bf8b-3c9e-4661-a9fd-79b2ad3b8dd2
which can be used as unique global reference for ESET ForSSHe December 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-16T00:00:00Z |
date_published | 2018-12-01T00:00:00Z |
source | MITRE |
title | THE DARK SIDE OF THE FORSSHE A landscape of OpenSSH backdoors |
Zscaler 2 12 2024
Nikolaos Pantazopoulos. (2024, February 12). The (D)Evolution of Pikabot. Retrieved March 12, 2024.
Internal MISP references
UUID 17ebabfb-6399-4b5f-8274-b34045e2d51a
which can be used as unique global reference for Zscaler 2 12 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-12T00:00:00Z |
date_published | 2024-02-12T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | The (D)Evolution of Pikabot |
Binary Reverse Engineering Blog 9 6 2023
Binary Reverse Engineering Blog. (2023, September 6). The DGA of BumbleBee. Retrieved February 19, 2024.
Internal MISP references
UUID 8cc9f506-65ce-4adb-aa79-c6cea1efb99b
which can be used as unique global reference for Binary Reverse Engineering Blog 9 6 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-19T00:00:00Z |
date_published | 2023-09-06T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | The DGA of BumbleBee |
Securelist Dropping Elephant
Kaspersky Lab's Global Research & Analysis Team. (2016, July 8). The Dropping Elephant – aggressive cyber-espionage in the Asian region. Retrieved August 3, 2016.
Internal MISP references
UUID 2efa655f-ebd3-459b-9fd7-712d3f4ba1f8
which can be used as unique global reference for Securelist Dropping Elephant
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-03T00:00:00Z |
date_published | 2016-07-08T00:00:00Z |
source | MITRE |
title | The Dropping Elephant – aggressive cyber-espionage in the Asian region |
F-Secure The Dukes
F-Secure Labs. (2015, September 17). The Dukes: 7 years of Russian cyberespionage. Retrieved December 10, 2015.
Internal MISP references
UUID cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27
which can be used as unique global reference for F-Secure The Dukes
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-12-10T00:00:00Z |
date_published | 2015-09-17T00:00:00Z |
source | MITRE |
title | The Dukes: 7 years of Russian cyberespionage |
Kaspersky Duqu 2.0
Kaspersky Lab. (2015, June 11). The Duqu 2.0. Retrieved April 21, 2017.
Internal MISP references
UUID b4d6db03-1587-4af3-87ff-51542ef7c87b
which can be used as unique global reference for Kaspersky Duqu 2.0
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-04-21T00:00:00Z |
date_published | 2015-06-11T00:00:00Z |
source | MITRE |
title | The Duqu 2.0 |
Symantec Elderwood Sept 2012
O'Gorman, G., and McDonald, G.. (2012, September 6). The Elderwood Project. Retrieved February 15, 2018.
Internal MISP references
UUID 5e908748-d260-42f1-a599-ac38b4e22559
which can be used as unique global reference for Symantec Elderwood Sept 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-15T00:00:00Z |
date_published | 2012-09-06T00:00:00Z |
source | MITRE |
title | The Elderwood Project |
Kaspersky Turla Aug 2014
Kaspersky Lab's Global Research & Analysis Team. (2014, August 06). The Epic Turla Operation: Solving some of the mysteries of Snake/Uroboros. Retrieved November 7, 2018.
Internal MISP references
UUID 52577f34-0aa6-4765-9f6b-dd7397183223
which can be used as unique global reference for Kaspersky Turla Aug 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-07T00:00:00Z |
date_published | 2014-08-06T00:00:00Z |
source | MITRE |
title | The Epic Turla Operation: Solving some of the mysteries of Snake/Uroboros |
Kaspersky Turla
Kaspersky Lab's Global Research and Analysis Team. (2014, August 7). The Epic Turla Operation: Solving some of the mysteries of Snake/Uroburos. Retrieved December 11, 2014.
Internal MISP references
UUID 535e9f1a-f89e-4766-a290-c5b8100968f8
which can be used as unique global reference for Kaspersky Turla
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-11T00:00:00Z |
date_published | 2014-08-07T00:00:00Z |
source | MITRE, Tidal Cyber |
title | The Epic Turla Operation: Solving some of the mysteries of Snake/Uroburos |
FireEye EPS Awakens Part 2
Winters, R. (2015, December 20). The EPS Awakens - Part 2. Retrieved January 22, 2016.
Internal MISP references
UUID 7fd58ef5-a0b7-40b6-8771-ca5e87740965
which can be used as unique global reference for FireEye EPS Awakens Part 2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-22T00:00:00Z |
date_published | 2015-12-20T00:00:00Z |
source | MITRE, Tidal Cyber |
title | The EPS Awakens - Part 2 |
Symantec Emotet Jul 2018
Symantec. (2018, July 18). The Evolution of Emotet: From Banking Trojan to Threat Distributor. Retrieved March 25, 2019.
Internal MISP references
UUID b94b5be4-1c77-48e1-875e-0cff0023fbd9
which can be used as unique global reference for Symantec Emotet Jul 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-25T00:00:00Z |
date_published | 2018-07-18T00:00:00Z |
source | MITRE |
title | The Evolution of Emotet: From Banking Trojan to Threat Distributor |
SilentBreak Offensive PS Dec 2015
Christensen, L.. (2015, December 28). The Evolution of Offensive PowerShell Invocation. Retrieved December 8, 2018.
Internal MISP references
UUID 8eec1af3-c65e-4522-8087-73122ac6c281
which can be used as unique global reference for SilentBreak Offensive PS Dec 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-12-08T00:00:00Z |
date_published | 2015-12-28T00:00:00Z |
source | MITRE |
title | The Evolution of Offensive PowerShell Invocation |
CrowdStrike Evolution of Pinchy Spider July 2021
Meyers, Adam. (2021, July 6). The Evolution of PINCHY SPIDER from GandCrab to REvil. Retrieved March 28, 2023.
Internal MISP references
UUID 7578541b-1ae3-58d0-a8b9-120bd6cd96f5
which can be used as unique global reference for CrowdStrike Evolution of Pinchy Spider July 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-28T00:00:00Z |
date_published | 2021-07-06T00:00:00Z |
source | MITRE |
title | The Evolution of PINCHY SPIDER from GandCrab to REvil |
ATT Felismus
Julia Kisielius. (2017, April 25). The Felismus RAT: Powerful Threat, Mysterious Purpose. Retrieved January 10, 2024.
Internal MISP references
UUID 5c74fdea-e5d5-5a77-a945-4819184e571f
which can be used as unique global reference for ATT Felismus
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-10T00:00:00Z |
date_published | 2017-04-25T00:00:00Z |
source | MITRE |
title | The Felismus RAT: Powerful Threat, Mysterious Purpose |
Proofpoint Ransomware Initial Access June 2021
Selena Larson, Daniel Blackford, Garrett G. (2021, June 16). The First Step: Initial Access Leads to Ransomware. Retrieved January 24, 2024.
Internal MISP references
UUID 3b0631ae-f589-4b7c-a00a-04dcd5f3a77b
which can be used as unique global reference for Proofpoint Ransomware Initial Access June 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-24T00:00:00Z |
date_published | 2021-06-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | The First Step: Initial Access Leads to Ransomware |
Kaspersky Flame
Gostev, A. (2012, May 28). The Flame: Questions and Answers. Retrieved March 1, 2017.
Internal MISP references
UUID 6db8f76d-fe38-43b1-ad85-ad372da9c09d
which can be used as unique global reference for Kaspersky Flame
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-01T00:00:00Z |
date_published | 2012-05-28T00:00:00Z |
source | MITRE |
title | The Flame: Questions and Answers |
Unit 42 CARROTBAT November 2018
Grunzweig, J. and Wilhoit, K. (2018, November 29). The Fractured Block Campaign: CARROTBAT Used to Deliver Malware Targeting Southeast Asia. Retrieved June 2, 2020.
Internal MISP references
UUID 6986a64a-5fe6-4697-b70b-79cccaf3d730
which can be used as unique global reference for Unit 42 CARROTBAT November 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-02T00:00:00Z |
date_published | 2018-11-29T00:00:00Z |
source | MITRE |
title | The Fractured Block Campaign: CARROTBAT Used to Deliver Malware Targeting Southeast Asia |
Palo Alto Gamaredon Feb 2017
Kasza, A. and Reichel, D. (2017, February 27). The Gamaredon Group Toolset Evolution. Retrieved March 1, 2017.
Internal MISP references
UUID 3f9a6343-1db3-4696-99ed-f22c6eabee71
which can be used as unique global reference for Palo Alto Gamaredon Feb 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-01T00:00:00Z |
date_published | 2017-02-27T00:00:00Z |
source | MITRE, Tidal Cyber |
title | The Gamaredon Group Toolset Evolution |
GNU Acct
GNU. (2010, February 5). The GNU Accounting Utilities. Retrieved December 20, 2017.
Internal MISP references
UUID ef3edd44-b8d1-4d7d-a0d8-0e75aa441eac
which can be used as unique global reference for GNU Acct
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 2010-02-05T00:00:00Z |
source | MITRE |
title | The GNU Accounting Utilities |
GLIBC
glibc developer community. (2020, February 1). The GNU C Library (glibc). Retrieved June 25, 2020.
Internal MISP references
UUID 75a6a1bf-a5a7-419d-b290-6662aeddb7eb
which can be used as unique global reference for GLIBC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-25T00:00:00Z |
date_published | 2020-02-01T00:00:00Z |
source | MITRE |
title | The GNU C Library (glibc) |
Trustwave GoldenSpy June 2020
Trustwave SpiderLabs. (2020, June 25). The Golden Tax Department and Emergence of GoldenSpy Malware. Retrieved July 23, 2020.
Internal MISP references
UUID 2a27a2ea-2815-4d97-88c0-47a6e04e84f8
which can be used as unique global reference for Trustwave GoldenSpy June 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-23T00:00:00Z |
date_published | 2020-06-25T00:00:00Z |
source | MITRE |
title | The Golden Tax Department and Emergence of GoldenSpy Malware |
Proofpoint TA416 Europe March 2022
Raggi, M. et al. (2022, March 7). The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates. Retrieved March 16, 2022.
Internal MISP references
UUID 5731d7e4-dd19-4d08-b493-7b1a467599d3
which can be used as unique global reference for Proofpoint TA416 Europe March 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-16T00:00:00Z |
date_published | 2022-03-07T00:00:00Z |
source | MITRE |
title | The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates |
Red Canary Gootloader April 2023
Tony Lambert, Lauren Podber. (2023, April 28). The Goot cause: Detecting Gootloader and its follow-on activity. Retrieved May 7, 2023.
Internal MISP references
UUID 658e3a1a-2f68-4e84-8dab-43e48766703e
which can be used as unique global reference for Red Canary Gootloader April 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2023-04-28T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | The Goot cause: Detecting Gootloader and its follow-on activity |
Unit 42 Gorgon Group Aug 2018
Falcone, R., et al. (2018, August 02). The Gorgon Group: Slithering Between Nation State and Cybercrime. Retrieved August 7, 2018.
Internal MISP references
UUID d0605185-3f8d-4846-a718-15572714e15b
which can be used as unique global reference for Unit 42 Gorgon Group Aug 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-07T00:00:00Z |
date_published | 2018-08-02T00:00:00Z |
source | MITRE, Tidal Cyber |
title | The Gorgon Group: Slithering Between Nation State and Cybercrime |
Trend Micro HeartBeat Campaign January 2013
Roland Dela Paz. (2003, January 3). The HeartBeat APT Campaign. Retrieved October 17, 2021.
Internal MISP references
UUID f42a36c2-1ca5-49ff-a7ec-7de90379a6d5
which can be used as unique global reference for Trend Micro HeartBeat Campaign January 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-17T00:00:00Z |
date_published | 2003-01-03T00:00:00Z |
source | MITRE |
title | The HeartBeat APT Campaign |
FireEye Hikit Rootkit
Glyer, C., Kazanciyan, R. (2012, August 20). The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 1). Retrieved June 6, 2016.
Internal MISP references
UUID 65d751cb-fdd2-4a45-81db-8a5a11bbee62
which can be used as unique global reference for FireEye Hikit Rootkit
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-06T00:00:00Z |
date_published | 2012-08-20T00:00:00Z |
source | MITRE |
title | The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 1) |
FireEye HIKIT Rootkit Part 2
Glyer, C., Kazanciyan, R. (2012, August 22). The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 2). Retrieved May 4, 2020.
Internal MISP references
UUID 48448972-a5ed-4371-b930-b51dcb174b82
which can be used as unique global reference for FireEye HIKIT Rootkit Part 2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-04T00:00:00Z |
date_published | 2012-08-22T00:00:00Z |
source | MITRE |
title | The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 2) |
Proofpoint Human Factor
Proofpoint. (n.d.). The Human Factor 2023: Analyzing the cyber attack chain. Retrieved July 20, 2023.
Internal MISP references
UUID 143e191f-9175-557b-8fe1-41dbe04867a6
which can be used as unique global reference for Proofpoint Human Factor
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-20T00:00:00Z |
source | MITRE |
title | The Human Factor 2023: Analyzing the cyber attack chain |
TechNet Blogs Credential Protection
Wilson, B. (2016, April 18). The Importance of KB2871997 and KB2928120 for Credential Protection. Retrieved April 11, 2018.
Internal MISP references
UUID 88367099-df19-4044-8c9b-2db4c9f418c4
which can be used as unique global reference for TechNet Blogs Credential Protection
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-11T00:00:00Z |
date_published | 2016-04-18T00:00:00Z |
source | MITRE |
title | The Importance of KB2871997 and KB2928120 for Credential Protection |
dhs_threat_to_net_devices
U.S. Department of Homeland Security. (2016, August 30). The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations. Retrieved July 29, 2022.
Internal MISP references
UUID f1d16045-d365-43d2-bc08-65ba1ddbe0fd
which can be used as unique global reference for dhs_threat_to_net_devices
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-29T00:00:00Z |
date_published | 2016-08-30T00:00:00Z |
source | MITRE |
title | The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations |
Triton-EENews-2017
Blake Sobczak. (2019, March 7). The inside story of the world’s most dangerous malware. Retrieved March 25, 2024.
Internal MISP references
UUID 5cc54d85-ee53-579d-a8fb-9b54b3540dc0
which can be used as unique global reference for Triton-EENews-2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-25T00:00:00Z |
date_published | 2019-03-07T00:00:00Z |
source | MITRE |
title | The inside story of the world’s most dangerous malware |
sentinelone_israel_hamas_war
Hegel, T., Milenkoski, A. (2023, October 24). The Israel-Hamas War | Cyber Domain State-Sponsored Activity of Interest. Retrieved March 4, 2024.
Internal MISP references
UUID 8fa21bad-0186-5181-b52e-32f7f116695c
which can be used as unique global reference for sentinelone_israel_hamas_war
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-04T00:00:00Z |
date_published | 2023-10-24T00:00:00Z |
source | MITRE |
title | The Israel-Hamas War |
PWC KeyBoys Feb 2017
Parys, B. (2017, February 11). The KeyBoys are back in town. Retrieved June 13, 2019.
Internal MISP references
UUID 9ac6737b-c8a2-416f-bbc3-8c5556ad4833
which can be used as unique global reference for PWC KeyBoys Feb 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-13T00:00:00Z |
date_published | 2017-02-11T00:00:00Z |
source | MITRE |
title | The KeyBoys are back in town |
Securelist Kimsuky Sept 2013
Tarakanov , D.. (2013, September 11). The “Kimsuky” Operation: A North Korean APT?. Retrieved August 13, 2019.
Internal MISP references
UUID f26771b0-2101-4fed-ac82-1bd9683dd7da
which can be used as unique global reference for Securelist Kimsuky Sept 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-08-13T00:00:00Z |
date_published | 2013-09-11T00:00:00Z |
source | MITRE |
title | The “Kimsuky” Operation: A North Korean APT? |
ClearSky Kittens Back 2 Oct 2019
ClearSky Research Team. (2019, October 1). The Kittens Are Back in Town2 - Charming Kitten Campaign KeepsGoing on, Using New Impersonation Methods. Retrieved April 21, 2021.
Internal MISP references
UUID f5114978-2528-4199-a586-0158c5f8a138
which can be used as unique global reference for ClearSky Kittens Back 2 Oct 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-21T00:00:00Z |
date_published | 2019-10-01T00:00:00Z |
source | MITRE |
title | The Kittens Are Back in Town2 - Charming Kitten Campaign KeepsGoing on, Using New Impersonation Methods |
ClearSky Kittens Back 3 August 2020
ClearSky Research Team. (2020, August 1). The Kittens Are Back in Town 3 - Charming Kitten Campaign Evolved and Deploying Spear-Phishing link by WhatsApp. Retrieved April 21, 2021.
Internal MISP references
UUID a10c6a53-79bb-4454-b444-cfb9136ecd36
which can be used as unique global reference for ClearSky Kittens Back 3 August 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-21T00:00:00Z |
date_published | 2020-08-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | The Kittens Are Back in Town 3 - Charming Kitten Campaign Evolved and Deploying Spear-Phishing link by WhatsApp |
Kubernetes API
The Kubernetes Authors. (n.d.). The Kubernetes API. Retrieved March 29, 2021.
Internal MISP references
UUID 5bdd1b82-9e5c-4db0-9764-240e37a1cc99
which can be used as unique global reference for Kubernetes API
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-29T00:00:00Z |
source | MITRE |
title | The Kubernetes API |
GitHub LaZagne Dec 2018
Zanni, A. (n.d.). The LaZagne Project !!!. Retrieved December 14, 2018.
Internal MISP references
UUID 9347b507-3a41-405d-87f9-d4fc2bfc48e5
which can be used as unique global reference for GitHub LaZagne Dec 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-12-14T00:00:00Z |
source | MITRE |
title | The LaZagne Project !!! |
GitHub LaZange Dec 2018
Zanni, A. (n.d.). The LaZagne Project !!!. Retrieved December 14, 2018.
Internal MISP references
UUID 33cca4fa-72a8-59a3-a62f-12f71a499a15
which can be used as unique global reference for GitHub LaZange Dec 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-12-14T00:00:00Z |
source | MITRE |
title | The LaZagne Project !!! |
Dell P2P ZeuS
SecureWorks. (2013). The Lifecycle of Peer-to-Peer (Gameover) ZeuS. Retrieved August 19, 2015.
Internal MISP references
UUID 773d1d91-a93c-4bb3-928b-4c3f82f2c889
which can be used as unique global reference for Dell P2P ZeuS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-08-19T00:00:00Z |
date_published | 2013-01-01T00:00:00Z |
source | MITRE |
title | The Lifecycle of Peer-to-Peer (Gameover) ZeuS |
Cylera Kwampirs 2022
Pablo Rincón Crespo. (2022, January). The link between Kwampirs (Orangeworm) and Shamoon APTs. Retrieved February 8, 2024.
Internal MISP references
UUID 06442111-2c71-5efb-9530-cabeba159a91
which can be used as unique global reference for Cylera Kwampirs 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-08T00:00:00Z |
date_published | 2022-01-01T00:00:00Z |
source | MITRE |
title | The link between Kwampirs (Orangeworm) and Shamoon APTs |
Linux Kernel API
Linux Kernel Organization, Inc. (n.d.). The Linux Kernel API. Retrieved June 25, 2020.
Internal MISP references
UUID 0a30d54e-187a-43e0-9725-3c80aa1c7619
which can be used as unique global reference for Linux Kernel API
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-25T00:00:00Z |
source | MITRE |
title | The Linux Kernel API |
Linux Kernel Programming
Pomerantz, O., Salzman, P.. (2003, April 4). The Linux Kernel Module Programming Guide. Retrieved April 6, 2018.
Internal MISP references
UUID 70f31f19-e0b3-40b1-b8dd-6667557bb334
which can be used as unique global reference for Linux Kernel Programming
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-06T00:00:00Z |
date_published | 2003-04-04T00:00:00Z |
source | MITRE |
title | The Linux Kernel Module Programming Guide |
The DFIR Report Dharma Ransomware June 2020
The DFIR Report. (2020, June 16). The Little Ransomware That Couldn’t (Dharma). Retrieved March 7, 2024.
Internal MISP references
UUID b1002e9a-020d-4224-bf60-0c2a66d511f2
which can be used as unique global reference for The DFIR Report Dharma Ransomware June 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-07T00:00:00Z |
date_published | 2020-06-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | The Little Ransomware That Couldn’t (Dharma) |
Villeneuve 2011
Villeneuve, N., Sancho, D. (2011). THE “LURID” DOWNLOADER. Retrieved November 12, 2014.
Internal MISP references
UUID ed5a2ec0-8328-40db-9f58-7eaac4ad39a0
which can be used as unique global reference for Villeneuve 2011
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
date_published | 2011-01-01T00:00:00Z |
source | MITRE |
title | THE “LURID” DOWNLOADER |
Microsoft BlackCat Jun 2022
Microsoft Defender Threat Intelligence. (2022, June 13). The many lives of BlackCat ransomware. Retrieved December 20, 2022.
Internal MISP references
UUID 55be1ca7-fdb7-5d76-a9c8-5f44a0d00b0e
which can be used as unique global reference for Microsoft BlackCat Jun 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-12-20T00:00:00Z |
date_published | 2022-06-13T00:00:00Z |
source | MITRE |
title | The many lives of BlackCat ransomware |
Talos Nyetya MEDoc 2017
Maynor, D., Nikolic, A., Olney, M., and Younan, Y. (2017, July 5). The MeDoc Connection. Retrieved March 26, 2019.
Internal MISP references
UUID a055d7a2-a356-4f0e-9a66-7f7b3ac7e74a
which can be used as unique global reference for Talos Nyetya MEDoc 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-26T00:00:00Z |
date_published | 2017-07-05T00:00:00Z |
source | MITRE |
title | The MeDoc Connection |
PegasusCitizenLab
Bill Marczak and John Scott-Railton. (2016, August 24). The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender. Retrieved December 12, 2016.
Internal MISP references
UUID d248e284-37d3-4425-a29e-5a0c814ae803
which can be used as unique global reference for PegasusCitizenLab
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-12-12T00:00:00Z |
date_published | 2016-08-24T00:00:00Z |
source | MITRE |
title | The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender |
Securelist MiniDuke Feb 2013
Kaspersky Lab's Global Research & Analysis Team. (2013, February 27). The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor. Retrieved April 5, 2017.
Internal MISP references
UUID def2a635-d322-4c27-9167-2642bf8f153c
which can be used as unique global reference for Securelist MiniDuke Feb 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-04-05T00:00:00Z |
date_published | 2013-02-27T00:00:00Z |
source | MITRE |
title | The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor |
Harmj0y SeEnableDelegationPrivilege Right
Schroeder, W. (2017, January 10). The Most Dangerous User Right You (Probably) Have Never Heard Of. Retrieved March 5, 2019.
Internal MISP references
UUID e8f7df08-1a62-41d9-b8a4-ff39a2160294
which can be used as unique global reference for Harmj0y SeEnableDelegationPrivilege Right
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-05T00:00:00Z |
date_published | 2017-01-10T00:00:00Z |
source | MITRE |
title | The Most Dangerous User Right You (Probably) Have Never Heard Of |
Baumgartner Naikon 2015
Baumgartner, K., Golovkin, M.. (2015, May). The MsnMM Campaigns: The Earliest Naikon APT Campaigns. Retrieved April 10, 2019.
Internal MISP references
UUID 09302b4f-7f71-4289-92f6-076c685f0810
which can be used as unique global reference for Baumgartner Naikon 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-10T00:00:00Z |
date_published | 2015-05-01T00:00:00Z |
source | MITRE |
title | The MsnMM Campaigns: The Earliest Naikon APT Campaigns |
SentinelLabs Metador Sept 2022
Ehrlich, A., et al. (2022, September). THE MYSTERY OF METADOR | AN UNATTRIBUTED THREAT HIDING IN TELCOS, ISPS, AND UNIVERSITIES. Retrieved January 23, 2023.
Internal MISP references
UUID 137474b7-638a-56d7-9ce2-ab906f207175
which can be used as unique global reference for SentinelLabs Metador Sept 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-01-23T00:00:00Z |
date_published | 2022-09-01T00:00:00Z |
source | MITRE |
title | THE MYSTERY OF METADOR |
Baumgartner Golovkin Naikon 2015
Baumgartner, K., Golovkin, M.. (2015, May 14). The Naikon APT. Retrieved January 14, 2015.
Internal MISP references
UUID 5163576f-0b2c-49ba-8f34-b7efe3f3f6db
which can be used as unique global reference for Baumgartner Golovkin Naikon 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-01-14T00:00:00Z |
date_published | 2015-05-14T00:00:00Z |
source | MITRE |
title | The Naikon APT |
Cofense NanoCore Mar 2018
Patel, K. (2018, March 02). The NanoCore RAT Has Resurfaced From the Sewers. Retrieved November 9, 2018.
Internal MISP references
UUID de31ba54-5634-48c5-aa57-c6b0dbb53870
which can be used as unique global reference for Cofense NanoCore Mar 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-09T00:00:00Z |
date_published | 2018-03-02T00:00:00Z |
source | MITRE |
title | The NanoCore RAT Has Resurfaced From the Sewers |
Kaspersky NetTraveler
Kaspersky Lab's Global Research and Analysis Team. (n.d.). The NetTraveler (aka ‘Travnet’). Retrieved November 12, 2014.
Internal MISP references
UUID a7d4b322-3710-436f-bd51-e5c258073dba
which can be used as unique global reference for Kaspersky NetTraveler
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
source | MITRE |
title | The NetTraveler (aka ‘Travnet’) |
Unit42 OceanLotus 2017
Erye Hernandez and Danny Tsechansky. (2017, June 22). The New and Improved macOS Backdoor from OceanLotus. Retrieved September 8, 2023.
Internal MISP references
UUID fcaf57f1-6696-54a5-a78c-255c8f6ac235
which can be used as unique global reference for Unit42 OceanLotus 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-08T00:00:00Z |
date_published | 2017-06-22T00:00:00Z |
source | MITRE |
title | The New and Improved macOS Backdoor from OceanLotus |
CyberArk Labs Discord
CyberArk Labs. (2023, April 13). The (Not so) Secret War on Discord. Retrieved July 20, 2023.
Internal MISP references
UUID 4b3cd2c0-fd0b-5583-8746-648229fc5f9d
which can be used as unique global reference for CyberArk Labs Discord
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-20T00:00:00Z |
date_published | 2023-04-13T00:00:00Z |
source | MITRE |
title | The (Not so) Secret War on Discord |
Gh0stRAT ATT March 2019
Quinn, J. (2019, March 25). The odd case of a Gh0stRAT variant. Retrieved July 15, 2020.
Internal MISP references
UUID 88d7bf25-985a-4b5e-92d6-ec4fa47a314f
which can be used as unique global reference for Gh0stRAT ATT March 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-15T00:00:00Z |
date_published | 2019-03-25T00:00:00Z |
source | MITRE |
title | The odd case of a Gh0stRAT variant |
Palo Alto OilRig May 2016
Falcone, R. and Lee, B.. (2016, May 26). The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor. Retrieved May 3, 2017.
Internal MISP references
UUID 53836b95-a30a-4e95-8e19-e2bb2f18c738
which can be used as unique global reference for Palo Alto OilRig May 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-05-03T00:00:00Z |
date_published | 2016-05-26T00:00:00Z |
source | MITRE, Tidal Cyber |
title | The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor |
STIG krbtgt reset
UCF. (n.d.). The password for the krbtgt account on a domain must be reset at least every 180 days. Retrieved November 5, 2020.
Internal MISP references
UUID a42fc58f-e7a7-46de-a2f4-25fa8498b3b3
which can be used as unique global reference for STIG krbtgt reset
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-05T00:00:00Z |
source | MITRE |
title | The password for the krbtgt account on a domain must be reset at least every 180 days |
Haq 2014
Haq, T., Moran, N., Scott, M., & Vashisht, S. O. (2014, September 10). The Path to Mass-Producing Cyber Attacks [Blog]. Retrieved November 12, 2014.
Internal MISP references
UUID 4e10228d-d9da-4ba4-bca7-d3bbdce42e0d
which can be used as unique global reference for Haq 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
date_published | 2014-09-10T00:00:00Z |
source | MITRE, Tidal Cyber |
title | The Path to Mass-Producing Cyber Attacks [Blog] |
Kaspersky Turla Penquin December 2014
Baumgartner, K. and Raiu, C. (2014, December 8). The ‘Penquin’ Turla. Retrieved March 11, 2021.
Internal MISP references
UUID 957edb5c-b893-4968-9603-1a6b8577f3aa
which can be used as unique global reference for Kaspersky Turla Penquin December 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-11T00:00:00Z |
date_published | 2014-12-08T00:00:00Z |
source | MITRE |
title | The ‘Penquin’ Turla |
FireEye PLA
FireEye Labs. (2014, May 20). The PLA and the 8:00am-5:00pm Work Day: FireEye Confirms DOJ’s Findings on APT1 Intrusion Activity. Retrieved November 4, 2014.
Internal MISP references
UUID b8b72a8e-87a1-4ce7-94df-ed938f9eb61c
which can be used as unique global reference for FireEye PLA
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-04T00:00:00Z |
date_published | 2014-05-20T00:00:00Z |
source | MITRE |
title | The PLA and the 8:00am-5:00pm Work Day: FireEye Confirms DOJ’s Findings on APT1 Intrusion Activity |
Kaspersky ProjectSauron Full Report
Kaspersky Lab's Global Research & Analysis Team. (2016, August 9). The ProjectSauron APT. Retrieved August 17, 2016.
Internal MISP references
UUID 6840c1d6-89dc-4138-99e8-fbd2a45f2a1c
which can be used as unique global reference for Kaspersky ProjectSauron Full Report
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-17T00:00:00Z |
date_published | 2016-08-09T00:00:00Z |
source | MITRE |
title | The ProjectSauron APT |
McMillan Pwn March 2012
Robert McMillan. (2012, March 3). The Pwn Plug is a little white box that can hack your network. Retrieved March 30, 2018.
Internal MISP references
UUID 6b57e883-75a1-4a71-accc-2d18148b9c3d
which can be used as unique global reference for McMillan Pwn March 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-30T00:00:00Z |
date_published | 2012-03-03T00:00:00Z |
source | MITRE |
title | The Pwn Plug is a little white box that can hack your network |
FireEye Application Shimming
Ballenthin, W., Tomczak, J.. (2015). The Real Shim Shary. Retrieved May 4, 2020.
Internal MISP references
UUID 658c8dd6-1a6a-40f0-a7b5-286fd4b1985d
which can be used as unique global reference for FireEye Application Shimming
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-04T00:00:00Z |
date_published | 2015-01-01T00:00:00Z |
source | MITRE |
title | The Real Shim Shary |
Kaspersky Regin
Kaspersky Lab's Global Research and Analysis Team. (2014, November 24). THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS. Retrieved December 1, 2014.
Internal MISP references
UUID 1b521b76-5b8f-4bd9-b312-7c795fc97898
which can be used as unique global reference for Kaspersky Regin
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-01T00:00:00Z |
date_published | 2014-11-24T00:00:00Z |
source | MITRE |
title | THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS |
The Remote Framebuffer Protocol
T. Richardson, J. Levine, RealVNC Ltd.. (2011, March). The Remote Framebuffer Protocol. Retrieved September 20, 2021.
Internal MISP references
UUID 4c75a00d-aa90-4260-ab7a-2addc17d1728
which can be used as unique global reference for The Remote Framebuffer Protocol
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-20T00:00:00Z |
date_published | 2011-03-01T00:00:00Z |
source | MITRE |
title | The Remote Framebuffer Protocol |
Malwarebytes Heroku Skimmers
Jérôme Segura. (2019, December 4). There's an app for that: web skimmers found on PaaS Heroku. Retrieved August 18, 2022.
Internal MISP references
UUID 4656cc2c-aff3-4416-b18d-995876d37e06
which can be used as unique global reference for Malwarebytes Heroku Skimmers
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-18T00:00:00Z |
date_published | 2019-12-04T00:00:00Z |
source | MITRE |
title | There's an app for that: web skimmers found on PaaS Heroku |
Electron 1
TOM ABAI. (2023, August 10). There’s a New Stealer Variant in Town, and It’s Using Electron to Stay Fully Undetected. Retrieved March 7, 2024.
Internal MISP references
UUID e1762a94-5efc-5211-a714-f4d6d71bfe37
which can be used as unique global reference for Electron 1
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-07T00:00:00Z |
date_published | 2023-08-10T00:00:00Z |
source | MITRE |
title | There’s a New Stealer Variant in Town, and It’s Using Electron to Stay Fully Undetected |
ELC Extended Attributes
Howard Oakley. (2020, October 24). There's more to files than data: Extended Attributes. Retrieved October 12, 2021.
Internal MISP references
UUID e62d67ed-48d0-4141-aacc-92e165d66f16
which can be used as unique global reference for ELC Extended Attributes
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-12T00:00:00Z |
date_published | 2020-10-24T00:00:00Z |
source | MITRE |
title | There's more to files than data: Extended Attributes |
FireEye WMI SANS 2015
Devon Kerr. (2015). There's Something About WMI. Retrieved May 4, 2020.
Internal MISP references
UUID a9333ef5-5637-4a4c-9aaf-fdc9daf8b860
which can be used as unique global reference for FireEye WMI SANS 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-04T00:00:00Z |
date_published | 2015-01-01T00:00:00Z |
source | MITRE |
title | There's Something About WMI |
Nviso Spoof Command Line 2020
Daman, R. (2020, February 4). The return of the spoof part 2: Command line spoofing. Retrieved November 19, 2021.
Internal MISP references
UUID a3fa92ed-763c-4082-8220-cab82d70fad4
which can be used as unique global reference for Nviso Spoof Command Line 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-11-19T00:00:00Z |
date_published | 2020-02-04T00:00:00Z |
source | MITRE |
title | The return of the spoof part 2: Command line spoofing |
Zscaler Higaisa 2020
Singh, S. Singh, A. (2020, June 11). The Return on the Higaisa APT. Retrieved March 2, 2021.
Internal MISP references
UUID 26d7ee2c-d4f7-441a-9073-49c9049b017e
which can be used as unique global reference for Zscaler Higaisa 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-02T00:00:00Z |
date_published | 2020-06-11T00:00:00Z |
source | MITRE |
title | The Return on the Higaisa APT |
Check Point Research Rhysida August 08 2023
Check Point Research. (2023, August 8). The Rhysida Ransomware: Activity Analysis and Ties to Vice Society. Retrieved August 11, 2023.
Internal MISP references
UUID 0d01416f-4888-4b68-be47-a3245549cec5
which can be used as unique global reference for Check Point Research Rhysida August 08 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-11T00:00:00Z |
date_published | 2023-08-08T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | The Rhysida Ransomware: Activity Analysis and Ties to Vice Society |
DigiTrust Agent Tesla Jan 2017
The DigiTrust Group. (2017, January 12). The Rise of Agent Tesla. Retrieved November 5, 2018.
Internal MISP references
UUID dbae7e21-20d4-454c-88db-43e2a195808e
which can be used as unique global reference for DigiTrust Agent Tesla Jan 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-05T00:00:00Z |
date_published | 2017-01-12T00:00:00Z |
source | MITRE |
title | The Rise of Agent Tesla |
Cofense Agent Tesla
James Arndt. (2023, February 21). The Rise of Agent Tesla: Understanding the Notorious Keylogger. Retrieved January 10, 2024.
Internal MISP references
UUID f8a8a3a0-5b30-5f3e-a7b0-f8a4aaae7ee7
which can be used as unique global reference for Cofense Agent Tesla
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-10T00:00:00Z |
date_published | 2023-02-21T00:00:00Z |
source | MITRE |
title | The Rise of Agent Tesla: Understanding the Notorious Keylogger |
ATT QakBot April 2021
Morrow, D. (2021, April 15). The rise of QakBot. Retrieved September 27, 2021.
Internal MISP references
UUID c7b0b3f3-e9ea-4159-acd1-f6d92ed41828
which can be used as unique global reference for ATT QakBot April 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-27T00:00:00Z |
date_published | 2021-04-15T00:00:00Z |
source | MITRE |
title | The rise of QakBot |
ESET Telebots Dec 2016
Cherepanov, A.. (2016, December 13). The rise of TeleBots: Analyzing disruptive KillDisk attacks. Retrieved June 10, 2020.
Internal MISP references
UUID 34e6e415-099a-4f29-aad0-fc0331a733a4
which can be used as unique global reference for ESET Telebots Dec 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-10T00:00:00Z |
date_published | 2016-12-13T00:00:00Z |
source | MITRE |
title | The rise of TeleBots: Analyzing disruptive KillDisk attacks |
SEI SSL Inspection Risks
Dormann, W. (2015, March 13). The Risks of SSL Inspection. Retrieved April 5, 2016.
Internal MISP references
UUID 3fafc00e-b808-486e-81bc-c08b6a410133
which can be used as unique global reference for SEI SSL Inspection Risks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-05T00:00:00Z |
date_published | 2015-03-13T00:00:00Z |
source | MITRE |
title | The Risks of SSL Inspection |
SourceForge rkhunter
Rootkit Hunter Project. (2018, February 20). The Rootkit Hunter project. Retrieved April 9, 2018.
Internal MISP references
UUID e52cf1aa-3d14-40ce-a1d4-e9de672261ef
which can be used as unique global reference for SourceForge rkhunter
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-09T00:00:00Z |
date_published | 2018-02-20T00:00:00Z |
source | MITRE |
title | The Rootkit Hunter project |
Campbell 2014
Campbell, C. (2014). The Secret Life of Krbtgt. Retrieved December 4, 2014.
Internal MISP references
UUID 8bef22ff-f2fc-4e1a-b4d2-d746a120f6c6
which can be used as unique global reference for Campbell 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-04T00:00:00Z |
date_published | 2014-01-01T00:00:00Z |
source | MITRE |
title | The Secret Life of Krbtgt |
Proofpoint Domain Shadowing
Proofpoint Staff. (2015, December 15). The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK. Retrieved October 16, 2020.
Internal MISP references
UUID 4653a9a5-95f1-4b02-9bf0-8f1b8cd6c059
which can be used as unique global reference for Proofpoint Domain Shadowing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-16T00:00:00Z |
date_published | 2015-12-15T00:00:00Z |
source | MITRE |
title | The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK |
Symantec Shamoon 2012
Symantec. (2012, August 16). The Shamoon Attacks. Retrieved March 14, 2019.
Internal MISP references
UUID ac634e99-d951-402b-bb1c-e575753dfda8
which can be used as unique global reference for Symantec Shamoon 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-14T00:00:00Z |
date_published | 2012-08-16T00:00:00Z |
source | MITRE |
title | The Shamoon Attacks |
Spring Dragon Jun 2015
Baumgartner, K.. (2015, June 17). The Spring Dragon APT. Retrieved February 15, 2016.
Internal MISP references
UUID 2cc38587-a18e-47e9-a8bb-e3498e4737f5
which can be used as unique global reference for Spring Dragon Jun 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-02-15T00:00:00Z |
date_published | 2015-06-17T00:00:00Z |
source | MITRE |
title | The Spring Dragon APT |
Check Point APT31 February 2021
Itkin, E. and Cohen, I. (2021, February 22). The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day. Retrieved March 24, 2021.
Internal MISP references
UUID 84ac99ef-106f-44e9-97f0-3eda90570932
which can be used as unique global reference for Check Point APT31 February 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-24T00:00:00Z |
date_published | 2021-02-22T00:00:00Z |
source | MITRE |
title | The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day |
System Information Discovery Technique
YUCEEL, Huseyin Can. Picus Labs. (2022, June 9). The System Information Discovery Technique Explained - MITRE ATT&CK T1082. Retrieved March 27, 2024.
Internal MISP references
UUID 6123fbd4-c6fc-504c-92f2-5d405730c298
which can be used as unique global reference for System Information Discovery Technique
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-27T00:00:00Z |
date_published | 2022-06-09T00:00:00Z |
source | MITRE |
title | The System Information Discovery Technique Explained - MITRE ATT&CK T1082 |
UCF STIG Elevation Account Enumeration
UCF. (n.d.). The system must require username and password to elevate a running application.. Retrieved December 18, 2017.
Internal MISP references
UUID 7b895692-d401-4d74-ab3f-e6f8e432877a
which can be used as unique global reference for UCF STIG Elevation Account Enumeration
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-18T00:00:00Z |
source | MITRE |
title | The system must require username and password to elevate a running application. |
TrendMicro Taidoor
Trend Micro. (2012). The Taidoor Campaign. Retrieved November 12, 2014.
Internal MISP references
UUID 3d703dfa-97c5-498f-a712-cb4995119297
which can be used as unique global reference for TrendMicro Taidoor
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
date_published | 2012-01-01T00:00:00Z |
source | MITRE |
title | The Taidoor Campaign |
SpectorOPs SettingContent-ms Jun 2018
Nelson, M. (2018, June 11). The Tale of SettingContent-ms Files. Retrieved April 18, 2019.
Internal MISP references
UUID 88ffa36e-c1d8-4e40-86c9-bdefad9a6c95
which can be used as unique global reference for SpectorOPs SettingContent-ms Jun 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-18T00:00:00Z |
date_published | 2018-06-11T00:00:00Z |
source | MITRE |
title | The Tale of SettingContent-ms Files |
Securelist Brazilian Banking Malware July 2020
GReAT. (2020, July 14). The Tetrade: Brazilian banking malware goes global. Retrieved November 9, 2020.
Internal MISP references
UUID ccc34875-93f3-40ed-a9ee-f31b86708507
which can be used as unique global reference for Securelist Brazilian Banking Malware July 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-09T00:00:00Z |
date_published | 2020-07-14T00:00:00Z |
source | MITRE |
title | The Tetrade: Brazilian banking malware goes global |
Symantec Trojan.Hydraq Jan 2010
Symantec Security Response. (2010, January 18). The Trojan.Hydraq Incident. Retrieved February 20, 2018.
Internal MISP references
UUID 10bed842-400f-4276-972d-5fca794ea778
which can be used as unique global reference for Symantec Trojan.Hydraq Jan 2010
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-20T00:00:00Z |
date_published | 2010-01-18T00:00:00Z |
source | MITRE |
title | The Trojan.Hydraq Incident |
Fidelis Turbo
Fidelis Cybersecurity. (2016, February 29). The Turbo Campaign, Featuring Derusbi for 64-bit Linux. Retrieved March 2, 2016.
Internal MISP references
UUID f19877f1-3e0f-4c68-b6c9-ef5b0bd470ed
which can be used as unique global reference for Fidelis Turbo
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-02T00:00:00Z |
date_published | 2016-02-29T00:00:00Z |
source | MITRE |
title | The Turbo Campaign, Featuring Derusbi for 64-bit Linux |
USDOJ Sandworm Feb 2020
Pompeo, M. (2020, February 20). The United States Condemns Russian Cyber Attack Against the Country of Georgia. Retrieved June 18, 2020.
Internal MISP references
UUID fefa7321-cd60-4c7e-a9d5-c723d88013f2
which can be used as unique global reference for USDOJ Sandworm Feb 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-18T00:00:00Z |
date_published | 2020-02-20T00:00:00Z |
source | MITRE |
title | The United States Condemns Russian Cyber Attack Against the Country of Georgia |
Securelist Ventir
Mikhail, K. (2014, October 16). The Ventir Trojan: assemble your MacOS spy. Retrieved April 6, 2018.
Internal MISP references
UUID 5e4e82c0-16b6-43bc-a70d-6b8d55aaef52
which can be used as unique global reference for Securelist Ventir
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-06T00:00:00Z |
date_published | 2014-10-16T00:00:00Z |
source | MITRE |
title | The Ventir Trojan: assemble your MacOS spy |
Symantec Waterbug
Symantec. (2015, January 26). The Waterbug attack group. Retrieved April 10, 2015.
Internal MISP references
UUID ec02f951-17b8-44cb-945a-e5c313555124
which can be used as unique global reference for Symantec Waterbug
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-04-10T00:00:00Z |
date_published | 2015-01-26T00:00:00Z |
source | MITRE |
title | The Waterbug attack group |
Windows NT Command Shell
Tim Hill. (2014, February 2). The Windows NT Command Shell. Retrieved December 5, 2014.
Internal MISP references
UUID aee1e76c-8ff2-4ff0-83e3-edcb76f34d19
which can be used as unique global reference for Windows NT Command Shell
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-05T00:00:00Z |
date_published | 2014-02-02T00:00:00Z |
source | MITRE |
title | The Windows NT Command Shell |
Malwarebytes The Windows Vault
Arntz, P. (2016, March 30). The Windows Vault . Retrieved November 23, 2020.
Internal MISP references
UUID f09fdc31-38ca-411d-8478-683b08a68535
which can be used as unique global reference for Malwarebytes The Windows Vault
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-23T00:00:00Z |
date_published | 2016-03-30T00:00:00Z |
source | MITRE |
title | The Windows Vault |
Microsoft JScript 2007
Microsoft. (2007, August 15). The World of JScript, JavaScript, ECMAScript …. Retrieved June 23, 2020.
Internal MISP references
UUID e3c97d0f-150e-4fe3-a4ce-fc146a2fa718
which can be used as unique global reference for Microsoft JScript 2007
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-23T00:00:00Z |
date_published | 2007-08-15T00:00:00Z |
source | MITRE |
title | The World of JScript, JavaScript, ECMAScript … |
ntlm_relaying_kerberos_del
Mollema, D. (2019, March 4). The worst of both worlds: Combining NTLM Relaying and Kerberos delegation . Retrieved August 15, 2022.
Internal MISP references
UUID 08f44086-2387-4254-a0b6-3b9be2b6ee30
which can be used as unique global reference for ntlm_relaying_kerberos_del
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-15T00:00:00Z |
date_published | 2019-03-04T00:00:00Z |
source | MITRE |
title | The worst of both worlds: Combining NTLM Relaying and Kerberos delegation |
trendmicro xcsset xcode project 2020
Mac Threat Response, Mobile Research Team. (2020, August 13). The XCSSET Malware: Inserts Malicious Code Into Xcode Projects, Performs UXSS Backdoor Planting in Safari, and Leverages Two Zero-day Exploits. Retrieved October 5, 2021.
Internal MISP references
UUID 0194bb11-8b97-4d61-8ddb-824077edc7db
which can be used as unique global reference for trendmicro xcsset xcode project 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-05T00:00:00Z |
date_published | 2020-08-13T00:00:00Z |
source | MITRE |
title | The XCSSET Malware: Inserts Malicious Code Into Xcode Projects, Performs UXSS Backdoor Planting in Safari, and Leverages Two Zero-day Exploits |
Sophos New Ryuk Attack October 2020
Sean Gallagher, Peter Mackenzie, Elida Leite, Syed Shahram, Bill Kearney, Anand Aijan, Sivagnanam Gn, Suraj Mundalik. (2020, October 14). They’re back: inside a new Ryuk ransomware attack. Retrieved October 14, 2020.
Internal MISP references
UUID bfc6f6fe-b504-4b99-a7c0-1efba08ac14e
which can be used as unique global reference for Sophos New Ryuk Attack October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-14T00:00:00Z |
date_published | 2020-10-14T00:00:00Z |
source | MITRE |
title | They’re back: inside a new Ryuk ransomware attack |
RSA EU12 They're Inside
Rivner, U., Schwartz, E. (2012). They’re Inside… Now What?. Retrieved November 25, 2016.
Internal MISP references
UUID 8330ab88-9c73-4332-97d6-c1fb95b1a155
which can be used as unique global reference for RSA EU12 They're Inside
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-11-25T00:00:00Z |
date_published | 2012-01-01T00:00:00Z |
source | MITRE |
title | They’re Inside… Now What? |
APT29 Deep Look at Credential Roaming
Thibault Van Geluwe De Berlaere. (2022, November 8). They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming. Retrieved November 9, 2022.
Internal MISP references
UUID 691fb596-07b6-5c13-9cec-e28530ffde12
which can be used as unique global reference for APT29 Deep Look at Credential Roaming
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-11-09T00:00:00Z |
date_published | 2022-11-08T00:00:00Z |
source | MITRE |
title | They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming |
ZDNet Ransomware Backups 2020
Steve Ranger. (2020, February 27). Ransomware victims thought their backups were safe. They were wrong. Retrieved March 21, 2023.
Internal MISP references
UUID 301da9c8-60de-58f0-989f-6b504e3457a3
which can be used as unique global reference for ZDNet Ransomware Backups 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-21T00:00:00Z |
source | MITRE |
title | They were wrong |
Microsoft Unidentified Dec 2018
Microsoft Defender Research Team. (2018, December 3). Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers. Retrieved April 15, 2019.
Internal MISP references
UUID 896c88f9-8765-4b60-b679-667b338757e3
which can be used as unique global reference for Microsoft Unidentified Dec 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-15T00:00:00Z |
source | MITRE |
title | think tanks, non-profits, public sector by unidentified attackers |
iPhone Charging Cable Hack
Zack Whittaker. (2019, August 12). This hacker’s iPhone charging cable can hijack your computer. Retrieved May 25, 2022.
Internal MISP references
UUID b8bb0bc5-e131-47b5-8c42-48cd3dc25250
which can be used as unique global reference for iPhone Charging Cable Hack
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-25T00:00:00Z |
date_published | 2019-08-12T00:00:00Z |
source | MITRE |
title | This hacker’s iPhone charging cable can hijack your computer |
Mandiant APT41 Global Intrusion
Gyler, C.,Perez D.,Jones, S.,Miller, S.. (2021, February 25). This is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits. Retrieved February 17, 2022.
Internal MISP references
UUID 9b75a38e-e5c7-43c8-a7fb-c7f212e00497
which can be used as unique global reference for Mandiant APT41 Global Intrusion
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-17T00:00:00Z |
date_published | 2021-02-25T00:00:00Z |
source | MITRE |
title | This is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits |
FireEye APT41 March 2020
Glyer, C, et al. (2020, March). This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits. Retrieved April 28, 2020.
Internal MISP references
UUID e4d7c8f6-e202-4aac-b39d-7b2c9c5ea48d
which can be used as unique global reference for FireEye APT41 March 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-04-28T00:00:00Z |
date_published | 2020-03-01T00:00:00Z |
source | MITRE |
title | This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits |
Proofpoint Bumblebee April 2022
Merriman, K. and Trouerbach, P. (2022, April 28). This isn't Optimus Prime's Bumblebee but it's Still Transforming. Retrieved August 22, 2022.
Internal MISP references
UUID 765b0ce9-7305-4b35-b5be-2f6f42339646
which can be used as unique global reference for Proofpoint Bumblebee April 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-22T00:00:00Z |
date_published | 2022-04-28T00:00:00Z |
source | MITRE |
title | This isn't Optimus Prime's Bumblebee but it's Still Transforming |
Code Injection on Linux and macOS
Itamar Turner-Trauring. (2017, April 18). “This will only hurt for a moment”: code injection on Linux and macOS with LD_PRELOAD. Retrieved December 20, 2017.
Internal MISP references
UUID 82d41fd8-495d-41b6-b908-6ada5764c94d
which can be used as unique global reference for Code Injection on Linux and macOS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 2017-04-18T00:00:00Z |
source | MITRE |
title | “This will only hurt for a moment”: code injection on Linux and macOS with LD_PRELOAD |
TrendMicros ScreenConnect February 27 2024
Ian Kenefick, Junestherry Dela Cruz, Peter Girnus. (2024, February 27). Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities. Retrieved February 28, 2024.
Internal MISP references
UUID 186dff50-f68a-4a5a-aa55-8ffbd89859c8
which can be used as unique global reference for TrendMicros ScreenConnect February 27 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-28T00:00:00Z |
date_published | 2024-02-27T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities |
FireEye Fin8 May 2016
Kizhakkinan, D., et al. (2016, May 11). Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks. Retrieved February 12, 2018.
Internal MISP references
UUID 2079101c-d988-430a-9082-d25c475b2af5
which can be used as unique global reference for FireEye Fin8 May 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-12T00:00:00Z |
date_published | 2016-05-11T00:00:00Z |
source | MITRE |
title | Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks |
Proofpoint TA407 September 2019
Proofpoint Threat Insight Team. (2019, September 5). Threat Actor Profile: TA407, the Silent Librarian. Retrieved February 3, 2021.
Internal MISP references
UUID e787e9af-f496-442a-8b36-16056ff8bfc1
which can be used as unique global reference for Proofpoint TA407 September 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-03T00:00:00Z |
date_published | 2019-09-05T00:00:00Z |
source | MITRE |
title | Threat Actor Profile: TA407, the Silent Librarian |
Proofpoint TA505 Sep 2017
Proofpoint Staff. (2017, September 27). Threat Actor Profile: TA505, From Dridex to GlobeImposter. Retrieved May 28, 2019.
Internal MISP references
UUID c1fff36f-802b-4436-abce-7f2787c148db
which can be used as unique global reference for Proofpoint TA505 Sep 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-28T00:00:00Z |
date_published | 2017-09-27T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Threat Actor Profile: TA505, From Dridex to GlobeImposter |
Cyble 4 26 2023
Cybleinc. (2023, April 26). Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram. Retrieved January 1, 2024.
Internal MISP references
UUID cdef460c-a2e0-4a44-83fe-1cf1adc3ebf1
which can be used as unique global reference for Cyble 4 26 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-01T00:00:00Z |
date_published | 2023-04-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram |
U.S. CISA CVE-2023-3519 Exploits
Cybersecurity and Infrastructure Security Agency. (2023, July 20). Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells. Retrieved July 24, 2023.
Internal MISP references
UUID 021c4caa-7a7a-4e49-9c5c-6eec176bf923
which can be used as unique global reference for U.S. CISA CVE-2023-3519 Exploits
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-24T00:00:00Z |
date_published | 2023-07-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells |
U.S. CISA CVE-2023-35078 Exploits
Cybersecurity and Infrastructure Security Agency. (2023, August 1). Threat Actors Exploiting Ivanti EPMM Vulnerabilities. Retrieved August 3, 2023.
Internal MISP references
UUID 62305b8a-76c8-49ec-82dc-6756643ccf7a
which can be used as unique global reference for U.S. CISA CVE-2023-35078 Exploits
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-03T00:00:00Z |
date_published | 2023-08-01T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Threat Actors Exploiting Ivanti EPMM Vulnerabilities |
U.S. CISA Ivanti Exploits February 2024
Cybersecurity and Infrastructure Security Agency. (2024, February 29). Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways. Retrieved March 1, 2024.
Internal MISP references
UUID a501b21d-916d-454e-b5a0-c3d3bdb4e45c
which can be used as unique global reference for U.S. CISA Ivanti Exploits February 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-01T00:00:00Z |
date_published | 2024-02-29T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways |
Microsoft Security Blog 5 15 2024
Microsoft Threat Intelligence. (2024, May 15). Threat actors misusing Quick Assist in social engineering attacks leading to ransomware . Retrieved May 16, 2024.
Internal MISP references
UUID 0876de6e-ea0c-4717-89a4-9c7baed53b6f
which can be used as unique global reference for Microsoft Security Blog 5 15 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-05-16T00:00:00Z |
date_published | 2024-05-15T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Threat actors misusing Quick Assist in social engineering attacks leading to ransomware |
Atlas SEO
Atlas Cybersecurity. (2021, April 19). Threat Actors use Search-Engine-Optimization Tactics to Redirect Traffic and Install Malware. Retrieved September 30, 2022.
Internal MISP references
UUID 26d7134e-7b93-4aa1-a859-03cf964ca1b5
which can be used as unique global reference for Atlas SEO
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-30T00:00:00Z |
date_published | 2021-04-19T00:00:00Z |
source | MITRE |
title | Threat Actors use Search-Engine-Optimization Tactics to Redirect Traffic and Install Malware |
Cybereason TA505 April 2019
Salem, E. (2019, April 25). Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware. Retrieved May 28, 2019.
Internal MISP references
UUID 076f2b95-97d2-4d50-bb9b-6199c161e5c6
which can be used as unique global reference for Cybereason TA505 April 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-28T00:00:00Z |
date_published | 2019-04-25T00:00:00Z |
source | MITRE |
title | Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware |
Cisco CaddyWiper March 2022
Malhotra, A. (2022, March 15). Threat Advisory: CaddyWiper. Retrieved March 23, 2022.
Internal MISP references
UUID 88fc1f96-2d55-4c92-a929-234248490c30
which can be used as unique global reference for Cisco CaddyWiper March 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-23T00:00:00Z |
date_published | 2022-03-15T00:00:00Z |
source | MITRE |
title | Threat Advisory: CaddyWiper |
Carbon Black Squiblydoo Apr 2016
Nolen, R. et al.. (2016, April 28). Threat Advisory: “Squiblydoo” Continues Trend of Attackers Using Native OS Tools to “Live off the Land”. Retrieved April 9, 2018.
Internal MISP references
UUID b23fc191-cc84-49c8-9eb0-09db7e23b24d
which can be used as unique global reference for Carbon Black Squiblydoo Apr 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-09T00:00:00Z |
date_published | 2016-04-28T00:00:00Z |
source | MITRE |
title | Threat Advisory: “Squiblydoo” Continues Trend of Attackers Using Native OS Tools to “Live off the Land” |
Aqua Build Images on Hosts
Assaf Morag. (2020, July 15). Threat Alert: Attackers Building Malicious Images on Your Hosts. Retrieved March 29, 2021.
Internal MISP references
UUID efd64f41-13cc-4b2b-864c-4d2352cdadcd
which can be used as unique global reference for Aqua Build Images on Hosts
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-29T00:00:00Z |
date_published | 2020-07-15T00:00:00Z |
source | MITRE |
title | Threat Alert: Attackers Building Malicious Images on Your Hosts |
Aqua Kinsing April 2020
Singer, G. (2020, April 3). Threat Alert: Kinsing Malware Attacks Targeting Container Environments. Retrieved April 1, 2021.
Internal MISP references
UUID 67dd04dd-c0e0-49e6-9341-4e445d660641
which can be used as unique global reference for Aqua Kinsing April 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-01T00:00:00Z |
date_published | 2020-04-03T00:00:00Z |
source | MITRE |
title | Threat Alert: Kinsing Malware Attacks Targeting Container Environments |
Segurança Informática URSA Sophisticated Loader 2020
Pedro Tavares (Segurança Informática). (2020, September 15). Threat analysis: The emergent URSA trojan impacts many countries using a sophisticated loader. Retrieved March 13, 2024.
Internal MISP references
UUID 29d25b85-ae13-57d6-9e6f-d0f65783b5ac
which can be used as unique global reference for Segurança Informática URSA Sophisticated Loader 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-13T00:00:00Z |
date_published | 2020-09-15T00:00:00Z |
source | MITRE |
title | Threat analysis: The emergent URSA trojan impacts many countries using a sophisticated loader |
Palo Alto Networks Black Basta August 2022
Elsad, A. (2022, August 25). Threat Assessment: Black Basta Ransomware. Retrieved March 8, 2023.
Internal MISP references
UUID fc9ee531-3680-549b-86e0-a10a70c3ec67
which can be used as unique global reference for Palo Alto Networks Black Basta August 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-08T00:00:00Z |
date_published | 2022-08-25T00:00:00Z |
source | MITRE |
title | Threat Assessment: Black Basta Ransomware |
Unit42 Clop April 2021
Santos, D. (2021, April 13). Threat Assessment: Clop Ransomware. Retrieved July 30, 2021.
Internal MISP references
UUID ce48d631-757c-480b-8572-b7d9f4d738c6
which can be used as unique global reference for Unit42 Clop April 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-07-30T00:00:00Z |
date_published | 2021-04-13T00:00:00Z |
source | MITRE |
title | Threat Assessment: Clop Ransomware |
Palo Alto Unit 42 EKANS
Hinchliffe, A. Santos, D. (2020, June 26). Threat Assessment: EKANS Ransomware. Retrieved February 9, 2021.
Internal MISP references
UUID dcdd4e48-3c3d-4008-a6f6-390f896f147b
which can be used as unique global reference for Palo Alto Unit 42 EKANS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-09T00:00:00Z |
date_published | 2020-06-26T00:00:00Z |
source | MITRE |
title | Threat Assessment: EKANS Ransomware |
UNIT 42 LAPSUS Mar 2022
UNIT 42. (2022, March 24). Threat Brief: Lapsus$ Group. Retrieved May 17, 2022.
Internal MISP references
UUID 50f4c1ed-b046-405a-963d-a113324355a3
which can be used as unique global reference for UNIT 42 LAPSUS Mar 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-17T00:00:00Z |
date_published | 2022-03-24T00:00:00Z |
source | MITRE |
title | Threat Brief: Lapsus$ Group |
Unit 42 WhisperGate January 2022
Falcone, R. et al.. (2022, January 20). Threat Brief: Ongoing Russia and Ukraine Cyber Conflict. Retrieved March 10, 2022.
Internal MISP references
UUID 3daa8c9e-da17-4eda-aa0d-df97c5de8f64
which can be used as unique global reference for Unit 42 WhisperGate January 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-10T00:00:00Z |
date_published | 2022-01-20T00:00:00Z |
source | MITRE |
title | Threat Brief: Ongoing Russia and Ukraine Cyber Conflict |
Unit 42 DGA Feb 2019
Unit 42. (2019, February 7). Threat Brief: Understanding Domain Generation Algorithms (DGA). Retrieved February 19, 2019.
Internal MISP references
UUID 5e1db76a-0a3e-42ce-a66c-f914fb1a3471
which can be used as unique global reference for Unit 42 DGA Feb 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-19T00:00:00Z |
date_published | 2019-02-07T00:00:00Z |
source | MITRE |
title | Threat Brief: Understanding Domain Generation Algorithms (DGA) |
Dell TG-3390
Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, August 5). Threat Group-3390 Targets Organizations for Cyberespionage. Retrieved August 18, 2018.
Internal MISP references
UUID dfd2d832-a6c5-40e7-a554-5a92f05bebae
which can be used as unique global reference for Dell TG-3390
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-18T00:00:00Z |
date_published | 2015-08-05T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Threat Group-3390 Targets Organizations for Cyberespionage |
SecureWorks TG-4127
SecureWorks Counter Threat Unit Threat Intelligence. (2016, June 16). Threat Group-4127 Targets Hillary Clinton Presidential Campaign. Retrieved August 3, 2016.
Internal MISP references
UUID 5f401c82-4e16-43a1-b234-48918fe7df9f
which can be used as unique global reference for SecureWorks TG-4127
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-03T00:00:00Z |
date_published | 2016-06-16T00:00:00Z |
source | MITRE |
title | Threat Group-4127 Targets Hillary Clinton Presidential Campaign |
McAfee APT28 DDE1 Nov 2017
Sherstobitoff, R., Rea, M. (2017, November 7). Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack. Retrieved November 21, 2017.
Internal MISP references
UUID 8670f4ee-7491-4c37-9832-99d6f8f54ba8
which can be used as unique global reference for McAfee APT28 DDE1 Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-21T00:00:00Z |
date_published | 2017-11-07T00:00:00Z |
source | MITRE |
title | Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack |
Unit 42 9 15 2023
Amer Elsad; Kristopher Russo; Austin Dever. (2023, September 15). Threat Group Assessment Muddled Libra (Updated). Retrieved January 1, 2024.
Internal MISP references
UUID 5e9842ae-180f-4645-a5f5-5ddfb8b2d810
which can be used as unique global reference for Unit 42 9 15 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-01T00:00:00Z |
date_published | 2023-09-15T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Threat Group Assessment Muddled Libra (Updated) |
Awake Security Avaddon
Gahlot, A. (n.d.). Threat Hunting for Avaddon Ransomware. Retrieved August 19, 2021.
Internal MISP references
UUID c113cde7-5dd5-45e9-af16-3ab6ed0b1728
which can be used as unique global reference for Awake Security Avaddon
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-19T00:00:00Z |
source | MITRE |
title | Threat Hunting for Avaddon Ransomware |
Detecting Command & Control in the Cloud
Gary Golomb. (n.d.). Threat Hunting Series: Detecting Command & Control in the Cloud. Retrieved July 8, 2022.
Internal MISP references
UUID b12e0288-48cd-46ec-8305-0f4d050782f2
which can be used as unique global reference for Detecting Command & Control in the Cloud
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-08T00:00:00Z |
source | MITRE |
title | Threat Hunting Series: Detecting Command & Control in the Cloud |
Awake Security C2 Cloud
Gary Golomb and Tory Kei. (n.d.). Threat Hunting Series: Detecting Command & Control in the Cloud. Retrieved May 27, 2022.
Internal MISP references
UUID fa3762ce-3e60-4991-b464-12601d2a6912
which can be used as unique global reference for Awake Security C2 Cloud
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-27T00:00:00Z |
source | MITRE |
title | Threat Hunting Series: Detecting Command & Control in the Cloud |
Threat Matrix for Kubernetes
Weizman, Y. (2020, April 2). Threat Matrix for Kubernetes. Retrieved March 30, 2021.
Internal MISP references
UUID 43fab719-e348-4902-8df3-8807765b95f0
which can be used as unique global reference for Threat Matrix for Kubernetes
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-30T00:00:00Z |
date_published | 2020-04-02T00:00:00Z |
source | MITRE |
title | Threat Matrix for Kubernetes |
SecureWorks BRONZE MOHAWK n.d.
SecureWorks. (n.d.). Threat Profile - BRONZE MOHAWK. Retrieved August 24, 2021.
Internal MISP references
UUID b741fe9a-4b08-44b9-b6e7-5988eee486a3
which can be used as unique global reference for SecureWorks BRONZE MOHAWK n.d.
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-24T00:00:00Z |
source | MITRE |
title | Threat Profile - BRONZE MOHAWK |
ESET T3 Threat Report 2021
ESET. (2022, February). THREAT REPORT T3 2021. Retrieved February 10, 2022.
Internal MISP references
UUID 34a23b22-2d39-47cc-a1e9-47f7f490dcbd
which can be used as unique global reference for ESET T3 Threat Report 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-10T00:00:00Z |
date_published | 2022-02-01T00:00:00Z |
source | MITRE |
title | THREAT REPORT T3 2021 |
BlackBerry Amadey 2020
Kasuya, M. (2020, January 8). Threat Spotlight: Amadey Bot Targets Non-Russian Users. Retrieved July 14, 2022.
Internal MISP references
UUID 21b7a7c7-55a2-4235-ba11-d34ba68d1bf5
which can be used as unique global reference for BlackBerry Amadey 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-14T00:00:00Z |
date_published | 2020-01-08T00:00:00Z |
source | MITRE |
title | Threat Spotlight: Amadey Bot Targets Non-Russian Users |
CiscoAngler
Nick Biasini. (2015, March 3). Threat Spotlight: Angler Lurking in the Domain Shadows. Retrieved March 6, 2017.
Internal MISP references
UUID 0b10d7d4-9c18-4fd8-933a-b46e41d618ab
which can be used as unique global reference for CiscoAngler
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-06T00:00:00Z |
date_published | 2015-03-03T00:00:00Z |
source | MITRE |
title | Threat Spotlight: Angler Lurking in the Domain Shadows |
Talos IPFS 2022
Edmund Brumaghin. (2022, November 9). Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns. Retrieved March 8, 2023.
Internal MISP references
UUID dc98c7ce-0a3f-5f35-9885-6c1c73e5858d
which can be used as unique global reference for Talos IPFS 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-08T00:00:00Z |
date_published | 2022-11-09T00:00:00Z |
source | MITRE |
title | Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns |
Cisco Group 72
Esler, J., Lee, M., and Williams, C. (2014, October 14). Threat Spotlight: Group 72. Retrieved January 14, 2016.
Internal MISP references
UUID b9201737-ef72-46d4-8e86-89fee5b98aa8
which can be used as unique global reference for Cisco Group 72
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-14T00:00:00Z |
date_published | 2014-10-14T00:00:00Z |
source | MITRE |
title | Threat Spotlight: Group 72 |
Talos ZxShell Oct 2014
Allievi, A., et al. (2014, October 28). Threat Spotlight: Group 72, Opening the ZxShell. Retrieved September 24, 2019.
Internal MISP references
UUID 41c20013-71b3-4957-98f0-fb919014c93e
which can be used as unique global reference for Talos ZxShell Oct 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-24T00:00:00Z |
date_published | 2014-10-28T00:00:00Z |
source | MITRE |
title | Threat Spotlight: Group 72, Opening the ZxShell |
Infinitum IT LockBit 3.0
Infinitum IT. (n.d.). Threat Spotlight: Lockbit Black 3.0 Ransomware. Retrieved May 19, 2023.
Internal MISP references
UUID 8bee2689-dfd8-45b2-b8dd-e87ab3ade0ec
which can be used as unique global reference for Infinitum IT LockBit 3.0
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-19T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Threat Spotlight: Lockbit Black 3.0 Ransomware |
BlackBerry SystemBC June 10 2021
The BlackBerry Research & Intelligence Team. (2021, June 10). Threat Thursday: SystemBC – a RAT in the Pipeline. Retrieved September 21, 2023.
Internal MISP references
UUID 08186ff9-6ca5-4c09-b5e7-b883eb15fdba
which can be used as unique global reference for BlackBerry SystemBC June 10 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-21T00:00:00Z |
date_published | 2021-06-10T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Threat Thursday: SystemBC – a RAT in the Pipeline |
DOJ North Korea Indictment Feb 2021
Department of Justice. (2021, February 17). Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe. Retrieved June 9, 2021.
Internal MISP references
UUID d702653f-a9da-4a36-8f84-97caeb445266
which can be used as unique global reference for DOJ North Korea Indictment Feb 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-09T00:00:00Z |
date_published | 2021-02-17T00:00:00Z |
source | MITRE |
title | Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe |
Symantec Thrip June 2018
Security Response Attack Investigation Team. (2018, June 19). Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies. Retrieved July 10, 2018.
Internal MISP references
UUID 482a6946-b663-4789-a31f-83fb2132118d
which can be used as unique global reference for Symantec Thrip June 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-10T00:00:00Z |
date_published | 2018-06-19T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies |
FireEye Bootkits
Andonov, D., et al. (2015, December 7). Thriving Beyond The Operating System: Financial Threat Group Targets Volume Boot Record. Retrieved May 13, 2016.
Internal MISP references
UUID 585827a8-1f03-439d-b66e-ad5290117c1b
which can be used as unique global reference for FireEye Bootkits
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-05-13T00:00:00Z |
date_published | 2015-12-07T00:00:00Z |
source | MITRE |
title | Thriving Beyond The Operating System: Financial Threat Group Targets Volume Boot Record |
SpecterOps AWS Traffic Mirroring
Luke Paine. (2020, March 11). Through the Looking Glass — Part 1. Retrieved March 17, 2022.
Internal MISP references
UUID 6ab2cfa1-230f-498e-8049-fcdd2f7296dd
which can be used as unique global reference for SpecterOps AWS Traffic Mirroring
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-17T00:00:00Z |
date_published | 2020-03-11T00:00:00Z |
source | MITRE |
title | Through the Looking Glass — Part 1 |
Ossmann Star Feb 2011
Michael Ossmann. (2011, February 17). Throwing Star LAN Tap. Retrieved March 30, 2018.
Internal MISP references
UUID 1be27354-1326-4568-b26a-d0034acecba2
which can be used as unique global reference for Ossmann Star Feb 2011
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-30T00:00:00Z |
date_published | 2011-02-17T00:00:00Z |
source | MITRE |
title | Throwing Star LAN Tap |
Trend Micro April 05 2022
Trend Micro. (2022, April 5). Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload. Retrieved May 7, 2023.
Internal MISP references
UUID c049ac17-1fa9-42ff-9220-1ed40890dc77
which can be used as unique global reference for Trend Micro April 05 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2022-04-05T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload |
Symantec Tick Apr 2016
DiMaggio, J. (2016, April 28). Tick cyberespionage group zeros in on Japan. Retrieved July 16, 2018.
Internal MISP references
UUID 3e29cacc-2c05-4f35-8dd1-948f8aee6713
which can be used as unique global reference for Symantec Tick Apr 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-16T00:00:00Z |
date_published | 2016-04-28T00:00:00Z |
source | MITRE |
title | Tick cyberespionage group zeros in on Japan |
TightVNC Software Project Page
TightVNC Software. (n.d.). TightVNC Software. Retrieved July 10, 2023.
Internal MISP references
UUID e1725230-4f6c-47c5-8e30-90dfb01a75d7
which can be used as unique global reference for TightVNC Software Project Page
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-10T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | TightVNC Software |
AnyRun TimeBomb
Malicious History. (2020, September 17). Time Bombs: Malware With Delayed Execution. Retrieved April 22, 2021.
Internal MISP references
UUID cd369bf9-80a8-426f-a0aa-c9745b40696c
which can be used as unique global reference for AnyRun TimeBomb
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-22T00:00:00Z |
date_published | 2020-09-17T00:00:00Z |
source | MITRE |
title | Time Bombs: Malware With Delayed Execution |
Microsoft TimeProvider
Microsoft. (n.d.). Time Provider. Retrieved March 26, 2018.
Internal MISP references
UUID cf7c1db8-6282-4ccd-9609-5a012faf70d6
which can be used as unique global reference for Microsoft TimeProvider
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-26T00:00:00Z |
source | MITRE |
title | Time Provider |
Talos TinyTurla September 2021
Cisco Talos. (2021, September 21). TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines. Retrieved December 2, 2021.
Internal MISP references
UUID 94cdbd73-a31a-4ec3-aa36-de3ea077c1c7
which can be used as unique global reference for Talos TinyTurla September 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-02T00:00:00Z |
date_published | 2021-09-21T00:00:00Z |
source | MITRE |
title | TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines |
Kaspersky ToddyCat Check Logs October 2023
Dedola, G. et al. (2023, October 12). ToddyCat: Keep calm and check logs. Retrieved January 3, 2024.
Internal MISP references
UUID dbdaf320-eada-5bbb-95ab-aaa987ed7960
which can be used as unique global reference for Kaspersky ToddyCat Check Logs October 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-03T00:00:00Z |
date_published | 2023-10-12T00:00:00Z |
source | MITRE |
title | ToddyCat: Keep calm and check logs |
Pentestlab Token Manipulation
netbiosX. (2017, April 3). Token Manipulation. Retrieved April 21, 2017.
Internal MISP references
UUID 243deb44-4d47-4c41-bd5d-262c4319cce5
which can be used as unique global reference for Pentestlab Token Manipulation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-04-21T00:00:00Z |
date_published | 2017-04-03T00:00:00Z |
source | MITRE |
title | Token Manipulation |
Token tactics
Microsoft Incident Response. (2022, November 16). Token tactics: How to prevent, detect, and respond to cloud token theft. Retrieved December 26, 2023.
Internal MISP references
UUID e254e336-2e3e-5bea-a9e9-0f42f333b894
which can be used as unique global reference for Token tactics
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-26T00:00:00Z |
date_published | 2022-11-16T00:00:00Z |
source | MITRE |
title | Token tactics: How to prevent, detect, and respond to cloud token theft |
Langer Stuxnet
Ralph Langner. (2013, November). To Kill a Centrifuge: A Technical Analysis of What Stuxnet's Creators Tried to Achieve. Retrieved December 7, 2020.
Internal MISP references
UUID 76b99581-e94d-4e51-8110-80557474048e
which can be used as unique global reference for Langer Stuxnet
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-07T00:00:00Z |
date_published | 2013-11-01T00:00:00Z |
source | MITRE |
title | To Kill a Centrifuge: A Technical Analysis of What Stuxnet's Creators Tried to Achieve |
TrendMicro Tonto Team October 2020
Daniel Lughi, Jaromir Horejsi. (2020, October 2). Tonto Team - Exploring the TTPs of an advanced threat actor operating a large infrastructure. Retrieved October 17, 2021.
Internal MISP references
UUID 140e6b01-6b98-4f82-9455-0c84b3856b86
which can be used as unique global reference for TrendMicro Tonto Team October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-17T00:00:00Z |
date_published | 2020-10-02T00:00:00Z |
source | MITRE |
title | Tonto Team - Exploring the TTPs of an advanced threat actor operating a large infrastructure |
NorthSec 2015 GData Uroburos Tools
Rascagneres, P. (2015, May). Tools used by the Uroburos actors. Retrieved August 18, 2016.
Internal MISP references
UUID 99e2709e-a32a-4fbf-a20a-ffcdd8befdc8
which can be used as unique global reference for NorthSec 2015 GData Uroburos Tools
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-18T00:00:00Z |
date_published | 2015-05-01T00:00:00Z |
source | MITRE |
title | Tools used by the Uroburos actors |
Cider Security Top 10 CICD Security Risks
Daniel Krivelevich and Omer Gil. (n.d.). Top 10 CI/CD Security Risks. Retrieved March 24, 2024.
Internal MISP references
UUID 512974b7-b464-52af-909a-2cb880b524e5
which can be used as unique global reference for Cider Security Top 10 CICD Security Risks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-24T00:00:00Z |
source | MITRE |
title | Top 10 CI/CD Security Risks |
Dingledine Tor The Second-Generation Onion Router
Roger Dingledine, Nick Mathewson and Paul Syverson. (2004). Tor: The Second-Generation Onion Router. Retrieved December 21, 2017.
Internal MISP references
UUID ffb6a26d-2da9-4cce-bb2d-5280e9cc16b4
which can be used as unique global reference for Dingledine Tor The Second-Generation Onion Router
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-21T00:00:00Z |
date_published | 2004-01-01T00:00:00Z |
source | MITRE |
title | Tor: The Second-Generation Onion Router |
FireEye FIN7 Shim Databases
Erickson, J., McWhirt, M., Palombo, D. (2017, May 3). To SDB, Or Not To SDB: FIN7 Leveraging Shim Databases for Persistence. Retrieved July 18, 2017.
Internal MISP references
UUID 25d8bac0-9187-45db-ad96-c7bce20cef00
which can be used as unique global reference for FireEye FIN7 Shim Databases
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-18T00:00:00Z |
date_published | 2017-05-03T00:00:00Z |
source | MITRE |
title | To SDB, Or Not To SDB: FIN7 Leveraging Shim Databases for Persistence |
LOLBAS Tracker
LOLBAS. (n.d.). Tracker.exe. Retrieved July 31, 2019.
Internal MISP references
UUID f0e368f1-3347-41ef-91fb-995c3cb07707
which can be used as unique global reference for LOLBAS Tracker
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-31T00:00:00Z |
source | MITRE |
title | Tracker.exe |
BushidoToken Akira 2023
Will Thomas. (2023, September 15). Tracking Adversaries: Akira, another descendent of Conti. Retrieved February 21, 2024.
Internal MISP references
UUID 8fe09ef1-f72e-5261-b79f-5d41fad51eac
which can be used as unique global reference for BushidoToken Akira 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-21T00:00:00Z |
date_published | 2023-09-15T00:00:00Z |
source | MITRE |
title | Tracking Adversaries: Akira, another descendent of Conti |
BushidoToken Scattered Spider August 16 2023
BushidoToken. (2023, August 16). Tracking Adversaries: Scattered Spider, the BlackCat affiliate. Retrieved September 14, 2023.
Internal MISP references
UUID 621a8320-0e3c-444f-b82a-7fd4fdf9fb67
which can be used as unique global reference for BushidoToken Scattered Spider August 16 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-14T00:00:00Z |
date_published | 2023-08-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Tracking Adversaries: Scattered Spider, the BlackCat affiliate |
Lateral Movement Payne
Payne, J. (2015, November 26). Tracking Lateral Movement Part One - Special Groups and Specific Service Accounts. Retrieved February 1, 2016.
Internal MISP references
UUID 5d5ca6a4-5e2f-4679-9040-b68d524778ff
which can be used as unique global reference for Lateral Movement Payne
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-02-01T00:00:00Z |
date_published | 2015-11-26T00:00:00Z |
source | MITRE |
title | Tracking Lateral Movement Part One - Special Groups and Specific Service Accounts |
Unit 42 KerrDown February 2019
Ray, V. and Hayashi, K. (2019, February 1). Tracking OceanLotus’ new Downloader, KerrDown. Retrieved October 1, 2021.
Internal MISP references
UUID bff5dbfe-d080-46c1-82b7-272e03d2aa8c
which can be used as unique global reference for Unit 42 KerrDown February 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-01T00:00:00Z |
date_published | 2019-02-01T00:00:00Z |
source | MITRE |
title | Tracking OceanLotus’ new Downloader, KerrDown |
Trend Micro TeamTNT
Fiser, D. Oliveira, A. (n.d.). Tracking the Activities of TeamTNT A Closer Look at a Cloud-Focused Malicious Actor Group. Retrieved September 22, 2021.
Internal MISP references
UUID d6b52135-6bb2-4e37-8f94-1e1d6354bdfd
which can be used as unique global reference for Trend Micro TeamTNT
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-22T00:00:00Z |
source | MITRE |
title | Tracking the Activities of TeamTNT A Closer Look at a Cloud-Focused Malicious Actor Group |
Okta HAR Files Incident Notice
David Bradbury. (2023, October 20). Tracking Unauthorized Access to Okta's Support System. Retrieved December 19, 2023.
Internal MISP references
UUID 14855034-494e-477d-8c91-fc534fd7790d
which can be used as unique global reference for Okta HAR Files Incident Notice
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-19T00:00:00Z |
date_published | 2023-10-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Tracking Unauthorized Access to Okta's Support System |
SANS Windshift August 2018
Karim, T. (2018, August). TRAILS OF WINDSHIFT. Retrieved June 25, 2020.
Internal MISP references
UUID 97eac0f2-d528-4f7c-8425-7531eae4fc39
which can be used as unique global reference for SANS Windshift August 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-25T00:00:00Z |
date_published | 2018-08-01T00:00:00Z |
source | MITRE |
title | TRAILS OF WINDSHIFT |
Microsoft TxF
Microsoft. (n.d.). Transactional NTFS (TxF). Retrieved December 20, 2017.
Internal MISP references
UUID f7f2eecc-19e6-4d93-8a53-91afea2f242e
which can be used as unique global reference for Microsoft TxF
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
source | MITRE |
title | Transactional NTFS (TxF) |
Rclone-mega-extortion_05_2021
Justin Schoenfeld, Aaron Didier. (2021, May 4). Transferring leverage in a ransomware attack. Retrieved July 14, 2022.
Internal MISP references
UUID 9b492a2f-1326-4733-9c0e-a9454bf7fabb
which can be used as unique global reference for Rclone-mega-extortion_05_2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-14T00:00:00Z |
date_published | 2021-05-04T00:00:00Z |
source | MITRE |
title | Transferring leverage in a ransomware attack |
JScrip May 2018
Microsoft. (2018, May 31). Translating to JScript. Retrieved June 23, 2020.
Internal MISP references
UUID 99e48516-f918-477c-b85e-4ad894cc031f
which can be used as unique global reference for JScrip May 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-23T00:00:00Z |
date_published | 2018-05-31T00:00:00Z |
source | MITRE |
title | Translating to JScript |
tt_obliqueRAT
Malhotra, A., McKay, K. et al. (2021, May 13). Transparent Tribe APT expands its Windows malware arsenal . Retrieved July 29, 2022.
Internal MISP references
UUID be1e3092-1981-457b-ae76-b55b057e1d73
which can be used as unique global reference for tt_obliqueRAT
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-29T00:00:00Z |
date_published | 2021-05-13T00:00:00Z |
source | MITRE |
title | Transparent Tribe APT expands its Windows malware arsenal |
Talos Transparent Tribe May 2021
Malhotra, A. et al. (2021, May 13). Transparent Tribe APT expands its Windows malware arsenal. Retrieved September 2, 2021.
Internal MISP references
UUID 5d58c285-bc7d-4a8a-a96a-ac7118c1089d
which can be used as unique global reference for Talos Transparent Tribe May 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-02T00:00:00Z |
date_published | 2021-05-13T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Transparent Tribe APT expands its Windows malware arsenal |
Cisco Talos Transparent Tribe Education Campaign July 2022
N. Baisini. (2022, July 13). Transparent Tribe begins targeting education sector in latest campaign. Retrieved September 22, 2022.
Internal MISP references
UUID acb10fb6-608f-44d3-9faf-7e577b0e2786
which can be used as unique global reference for Cisco Talos Transparent Tribe Education Campaign July 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-22T00:00:00Z |
date_published | 2022-07-13T00:00:00Z |
source | MITRE |
title | Transparent Tribe begins targeting education sector in latest campaign |
tt_httrack_fake_domains
Malhotra, A., Thattil, J. et al. (2022, March 29). Transparent Tribe campaign uses new bespoke malware to target Indian government officials . Retrieved September 6, 2022.
Internal MISP references
UUID 9bdda422-dbf7-4b70-a7b1-9e3ad658c239
which can be used as unique global reference for tt_httrack_fake_domains
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-06T00:00:00Z |
date_published | 2022-03-29T00:00:00Z |
source | MITRE |
title | Transparent Tribe campaign uses new bespoke malware to target Indian government officials |
Securelist Trasparent Tribe 2020
Dedola, G. (2020, August 20). Transparent Tribe: Evolution analysis, part 1. Retrieved April 1, 2021.
Internal MISP references
UUID 0db470b1-ab22-4b67-a858-472e4de7c6f0
which can be used as unique global reference for Securelist Trasparent Tribe 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-01T00:00:00Z |
date_published | 2020-08-20T00:00:00Z |
source | MITRE |
title | Transparent Tribe: Evolution analysis, part 1 |
Kaspersky Transparent Tribe August 2020
Dedola, G. (2020, August 20). Transparent Tribe: Evolution analysis, part 1. Retrieved September 2, 2021.
Internal MISP references
UUID 42c7faa2-f664-4e4a-9d23-93c88a09da5b
which can be used as unique global reference for Kaspersky Transparent Tribe August 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-02T00:00:00Z |
date_published | 2020-08-20T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Transparent Tribe: Evolution analysis, part 1 |
Microsoft TransportAgent Jun 2016
Microsoft. (2016, June 1). Transport agents. Retrieved June 24, 2019.
Internal MISP references
UUID 16ae3e7e-5f0d-4ca9-8453-be960b2111b6
which can be used as unique global reference for Microsoft TransportAgent Jun 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-24T00:00:00Z |
date_published | 2016-06-01T00:00:00Z |
source | MITRE |
title | Transport agents |
Trap Manual
ss64. (n.d.). trap. Retrieved May 21, 2019.
Internal MISP references
UUID 143462e1-b7e8-4e18-9cb1-6f4f3969e891
which can be used as unique global reference for Trap Manual
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-21T00:00:00Z |
source | MITRE |
title | trap |
Red Canary Netwire Linux 2022
TONY LAMBERT. (2022, June 7). Trapping the Netwire RAT on Linux. Retrieved September 28, 2023.
Internal MISP references
UUID 6d4c6c52-38ae-52f5-b438-edeceed446a5
which can be used as unique global reference for Red Canary Netwire Linux 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-28T00:00:00Z |
date_published | 2022-06-07T00:00:00Z |
source | MITRE |
title | Trapping the Netwire RAT on Linux |
Cyberciti Trap Statements
Cyberciti. (2016, March 29). Trap statement. Retrieved May 21, 2019.
Internal MISP references
UUID 24cf5471-f327-4407-b32f-055537f3495e
which can be used as unique global reference for Cyberciti Trap Statements
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-21T00:00:00Z |
date_published | 2016-03-29T00:00:00Z |
source | MITRE |
title | Trap statement |
Dept. of Treasury Iran Sanctions September 2020
Dept. of Treasury. (2020, September 17). Treasury Sanctions Cyber Actors Backed by Iranian Intelligence. Retrieved December 10, 2020.
Internal MISP references
UUID 0c8ff80a-6b1d-4212-aa40-99aeef04ce05
which can be used as unique global reference for Dept. of Treasury Iran Sanctions September 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-10T00:00:00Z |
date_published | 2020-09-17T00:00:00Z |
source | MITRE |
title | Treasury Sanctions Cyber Actors Backed by Iranian Intelligence |
Treasury EvilCorp Dec 2019
U.S. Department of Treasury. (2019, December 5). Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware. Retrieved September 15, 2021.
Internal MISP references
UUID 074a52c4-26d9-4083-9349-c14e2639c1bc
which can be used as unique global reference for Treasury EvilCorp Dec 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-15T00:00:00Z |
date_published | 2019-12-05T00:00:00Z |
source | MITRE |
title | Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware |
Treasury North Korean Cyber Groups September 2019
US Treasury . (2019, September 13). Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups. Retrieved September 29, 2021.
Internal MISP references
UUID 54977bb2-2929-41d7-bdea-06d39dc76174
which can be used as unique global reference for Treasury North Korean Cyber Groups September 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
date_published | 2019-09-13T00:00:00Z |
source | MITRE |
title | Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups |
Mandiant APT29 Trello
Wolfram, J. et al. (2022, April 28). Trello From the Other Side: Tracking APT29 Phishing Campaigns. Retrieved August 3, 2022.
Internal MISP references
UUID 5590bb5c-d9d1-480c-bb69-1944c1cf2431
which can be used as unique global reference for Mandiant APT29 Trello
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-03T00:00:00Z |
date_published | 2022-04-28T00:00:00Z |
source | MITRE |
title | Trello From the Other Side: Tracking APT29 Phishing Campaigns |
Mandiant Trending Evil Q1 2022
Mandiant. (n.d.). Trending Evil Q1 2022. Retrieved May 18, 2023.
Internal MISP references
UUID 5643a6d5-a660-4416-a4d9-6fd4d0da74ef
which can be used as unique global reference for Mandiant Trending Evil Q1 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-18T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Trending Evil Q1 2022 |
Trend Micro - Int SP
Trend Micro. (n.d.). Retrieved February 16, 2024.
Internal MISP references
UUID 1c21c911-11db-560c-b623-5937dc478b74
which can be used as unique global reference for Trend Micro - Int SP
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-16T00:00:00Z |
source | MITRE |
title | Trend Micro - Int SP |
Malicious Chrome Extension Numbers
Jagpal, N., et al. (2015, August). Trends and Lessons from Three Years Fighting Malicious Extensions. Retrieved November 17, 2017.
Internal MISP references
UUID f34fcf1f-370e-4b6e-9cc4-7ee4075faf6e
which can be used as unique global reference for Malicious Chrome Extension Numbers
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-17T00:00:00Z |
date_published | 2015-08-01T00:00:00Z |
source | MITRE |
title | Trends and Lessons from Three Years Fighting Malicious Extensions |
Triage 23893f035f8564dfea5030b9fdd54120d96072bb
tria.ge. (n.d.). Triage 23893f035f8564dfea5030b9fdd54120d96072bb. Retrieved October 20, 2023.
Internal MISP references
UUID 3c4857e0-0318-435f-9459-bd57d83e84fe
which can be used as unique global reference for Triage 23893f035f8564dfea5030b9fdd54120d96072bb
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Triage 23893f035f8564dfea5030b9fdd54120d96072bb |
Triage e82c11612c0870e8175eafa8c9c5f9151d0b80d7
tria.ge. (n.d.). Triage e82c11612c0870e8175eafa8c9c5f9151d0b80d7. Retrieved October 20, 2023.
Internal MISP references
UUID fd9800c3-c556-4804-a4ea-f31c2b198dcf
which can be used as unique global reference for Triage e82c11612c0870e8175eafa8c9c5f9151d0b80d7
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Triage e82c11612c0870e8175eafa8c9c5f9151d0b80d7 |
exatrack bpf filters passive backdoors
ExaTrack. (2022, May 11). Tricephalic Hellkeeper: a tale of a passive backdoor. Retrieved October 18, 2022.
Internal MISP references
UUID 84ffd130-97b9-4bbf-bc3e-42accdf248ce
which can be used as unique global reference for exatrack bpf filters passive backdoors
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-10-18T00:00:00Z |
date_published | 2022-05-11T00:00:00Z |
source | MITRE |
title | Tricephalic Hellkeeper: a tale of a passive backdoor |
Malwarebytes TrickBot Sep 2019
Umawing, J. (2019, September 3). TrickBot adds new trick to its arsenal: tampering with trusted texts. Retrieved June 15, 2020.
Internal MISP references
UUID 4d6d258f-a57f-4cfd-880a-1ecd98e26d9f
which can be used as unique global reference for Malwarebytes TrickBot Sep 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-15T00:00:00Z |
date_published | 2019-09-03T00:00:00Z |
source | MITRE |
title | TrickBot adds new trick to its arsenal: tampering with trusted texts |
TrendMicro Trickbot Feb 2019
Llimos, N., Pascual, C.. (2019, February 12). Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire. Retrieved March 12, 2019.
Internal MISP references
UUID c402888a-ccd1-4cbc-856c-ff0bdcb8b30b
which can be used as unique global reference for TrendMicro Trickbot Feb 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-12T00:00:00Z |
date_published | 2019-02-12T00:00:00Z |
source | MITRE |
title | Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire |
Eclypsium Trickboot December 2020
Eclypsium, Advanced Intelligence. (2020, December 1). TRICKBOT NOW OFFERS ‘TRICKBOOT’: PERSIST, BRICK, PROFIT. Retrieved March 15, 2021.
Internal MISP references
UUID ad72e27f-ae4f-425a-a4ef-c76a20382691
which can be used as unique global reference for Eclypsium Trickboot December 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-15T00:00:00Z |
date_published | 2020-12-01T00:00:00Z |
source | MITRE |
title | TRICKBOT NOW OFFERS ‘TRICKBOOT’: PERSIST, BRICK, PROFIT |
IBM X-Force ITG23 Oct 2021
Villadsen, O., et al. (2021, October 13). Trickbot Rising - Gang Doubles Down on Infection Efforts to Amass Network Footholds. Retrieved June 15, 2023.
Internal MISP references
UUID d796e773-7335-549f-a79b-a2961f85a8ec
which can be used as unique global reference for IBM X-Force ITG23 Oct 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-15T00:00:00Z |
date_published | 2021-10-13T00:00:00Z |
source | MITRE |
title | Trickbot Rising - Gang Doubles Down on Infection Efforts to Amass Network Footholds |
Trend Micro Trickbot Nov 2018
Anthony, N., Pascual, C.. (2018, November 1). Trickbot Shows Off New Trick: Password Grabber Module. Retrieved November 16, 2018.
Internal MISP references
UUID 5504d906-579e-4b1c-8864-d811b67a25f8
which can be used as unique global reference for Trend Micro Trickbot Nov 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-16T00:00:00Z |
date_published | 2018-11-01T00:00:00Z |
source | MITRE |
title | Trickbot Shows Off New Trick: Password Grabber Module |
Joe Sec Trickbot
Joe Security. (2020, July 13). TrickBot's new API-Hammering explained. Retrieved September 30, 2021.
Internal MISP references
UUID f5441718-3c0d-4b26-863c-24df1130b090
which can be used as unique global reference for Joe Sec Trickbot
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-30T00:00:00Z |
date_published | 2020-07-13T00:00:00Z |
source | MITRE |
title | TrickBot's new API-Hammering explained |
Fortinet TrickBot
Bacurio Jr., F. and Salvio, J. (2018, April 9). Trickbot’s New Reconnaissance Plugin. Retrieved February 14, 2019.
Internal MISP references
UUID a5dc1702-1930-463a-a581-74cc13e66ba5
which can be used as unique global reference for Fortinet TrickBot
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-14T00:00:00Z |
date_published | 2018-04-09T00:00:00Z |
source | MITRE |
title | Trickbot’s New Reconnaissance Plugin |
Trickbot VNC module July 2021
Ionut Illascu. (2021, July 14). Trickbot updates its VNC module for high-value targets. Retrieved September 10, 2021.
Internal MISP references
UUID 0484ddd0-5402-4300-99d4-4504591dddc0
which can be used as unique global reference for Trickbot VNC module July 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-10T00:00:00Z |
date_published | 2021-07-14T00:00:00Z |
source | MITRE |
title | Trickbot updates its VNC module for high-value targets |
Fidelis TrickBot Oct 2016
Reaves, J. (2016, October 15). TrickBot: We Missed you, Dyre. Retrieved August 2, 2018.
Internal MISP references
UUID 839c02d1-58ec-4e25-a981-0276dbb1acc8
which can be used as unique global reference for Fidelis TrickBot Oct 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-02T00:00:00Z |
date_published | 2016-10-15T00:00:00Z |
source | MITRE |
title | TrickBot: We Missed you, Dyre |
Bromium Ursnif Mar 2017
Holland, A. (2019, March 7). Tricks and COMfoolery: How Ursnif Evades Detection. Retrieved June 10, 2019.
Internal MISP references
UUID 04028685-b2e0-4faf-8c9d-36d1b07f09fc
which can be used as unique global reference for Bromium Ursnif Mar 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-10T00:00:00Z |
date_published | 2019-03-07T00:00:00Z |
source | MITRE |
title | Tricks and COMfoolery: How Ursnif Evades Detection |
IBM TrickBot Nov 2016
Keshet, L. (2016, November 09). Tricks of the Trade: A Deeper Look Into TrickBot’s Machinations. Retrieved August 2, 2018.
Internal MISP references
UUID 092aec63-aea0-4bc9-9c05-add89b4233ff
which can be used as unique global reference for IBM TrickBot Nov 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-02T00:00:00Z |
date_published | 2016-11-09T00:00:00Z |
source | MITRE |
title | Tricks of the Trade: A Deeper Look Into TrickBot’s Machinations |
TrendMictro Phishing
Babon, P. (2020, September 3). Tricky 'Forms' of Phishing. Retrieved October 20, 2020.
Internal MISP references
UUID 621f1c52-5f34-4293-a507-b58c4084a19b
which can be used as unique global reference for TrendMictro Phishing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
date_published | 2020-09-03T00:00:00Z |
source | MITRE |
title | Tricky 'Forms' of Phishing |
Trimarc Detecting Password Spraying
Metcalf, S. (2018, May 6). Trimarc Research: Detecting Password Spraying with Security Event Auditing. Retrieved January 16, 2019.
Internal MISP references
UUID aadbd0a8-00f2-404b-8d02-6d36292726da
which can be used as unique global reference for Trimarc Detecting Password Spraying
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-01-16T00:00:00Z |
date_published | 2018-05-06T00:00:00Z |
source | MITRE |
title | Trimarc Research: Detecting Password Spraying with Security Event Auditing |
Emotet Deploys TrickBot
Cybereason Nocturnus. (n.d.). Triple Threat: Emotet Deploys TrickBot to Steal Data & Spread Ryuk. Retrieved November 28, 2023.
Internal MISP references
UUID 672743fe-f83a-507e-bd38-2315d7a062e0
which can be used as unique global reference for Emotet Deploys TrickBot
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-28T00:00:00Z |
source | MITRE |
title | Triple Threat: Emotet Deploys TrickBot to Steal Data & Spread Ryuk |
Dragos TRISIS
Dragos. (2017, December 13). TRISIS Malware Analysis of Safety System Targeted Malware. Retrieved January 6, 2021.
Internal MISP references
UUID 7659f7bc-2059-4a4d-a12c-17ccd99b737a
which can be used as unique global reference for Dragos TRISIS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-06T00:00:00Z |
date_published | 2017-12-13T00:00:00Z |
source | MITRE |
title | TRISIS Malware Analysis of Safety System Targeted Malware |
FireEye TRITON 2019
Miller, S, et al. (2019, April 10). TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping. Retrieved April 16, 2019.
Internal MISP references
UUID 49c97b85-ca22-400a-9dc4-6290cc117f04
which can be used as unique global reference for FireEye TRITON 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-16T00:00:00Z |
date_published | 2019-04-10T00:00:00Z |
source | MITRE |
title | TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping |
FireEye TEMP.Veles JSON April 2019
Miller, S., et al. (2019, April 10). TRITON Appendix C. Retrieved April 29, 2019.
Internal MISP references
UUID 491783dc-7a6b-42a6-b923-c4439117e7e4
which can be used as unique global reference for FireEye TEMP.Veles JSON April 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-29T00:00:00Z |
date_published | 2019-04-10T00:00:00Z |
source | MITRE |
title | TRITON Appendix C |
FireEye TEMP.Veles 2018
FireEye Intelligence . (2018, October 23). TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers. Retrieved April 16, 2019.
Internal MISP references
UUID e41151fa-ea11-43ca-9689-c65aae63a8d2
which can be used as unique global reference for FireEye TEMP.Veles 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-16T00:00:00Z |
date_published | 2018-10-23T00:00:00Z |
source | MITRE |
title | TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers |
Palo Alto MoonWind March 2017
Miller-Osborn, J. and Grunzweig, J.. (2017, March 30). Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations. Retrieved March 30, 2017.
Internal MISP references
UUID 4f3d7a08-2cf5-49ed-8bcd-6df180f3d194
which can be used as unique global reference for Palo Alto MoonWind March 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-30T00:00:00Z |
date_published | 2017-03-30T00:00:00Z |
source | MITRE |
title | Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations |
CyberESI GTALK
CyberESI. (2011). TROJAN.GTALK. Retrieved June 29, 2015.
Internal MISP references
UUID 7952f365-1284-4461-8bc3-d8e20e38e1ba
which can be used as unique global reference for CyberESI GTALK
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-06-29T00:00:00Z |
date_published | 2011-01-01T00:00:00Z |
source | MITRE |
title | TROJAN.GTALK |
Symantec Hydraq Jan 2010
Lelli, A. (2010, January 11). Trojan.Hydraq. Retrieved February 20, 2018.
Internal MISP references
UUID 2f99e508-6d0c-4590-8156-cdcadeef8ed9
which can be used as unique global reference for Symantec Hydraq Jan 2010
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-20T00:00:00Z |
date_published | 2010-01-11T00:00:00Z |
source | MITRE |
title | Trojan.Hydraq |
Symantec Security Center Trojan.Kwampirs
Moench, B. and Aboud, E. (2016, August 23). Trojan.Kwampirs. Retrieved May 10, 2018.
Internal MISP references
UUID d6fb6b97-042c-4a66-a2ba-31c13f96a144
which can be used as unique global reference for Symantec Security Center Trojan.Kwampirs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-10T00:00:00Z |
date_published | 2016-08-23T00:00:00Z |
source | MITRE |
title | Trojan.Kwampirs |
Symantec Naid June 2012
Neville, A. (2012, June 15). Trojan.Naid. Retrieved February 22, 2018.
Internal MISP references
UUID dc3c16b3-e06b-4b56-b6bd-b98a0b39df3b
which can be used as unique global reference for Symantec Naid June 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-22T00:00:00Z |
date_published | 2012-06-15T00:00:00Z |
source | MITRE |
title | Trojan.Naid |
Symantec Pasam May 2012
Mullaney, C. & Honda, H. (2012, May 4). Trojan.Pasam. Retrieved February 22, 2018.
Internal MISP references
UUID c8135017-43c5-4bde-946e-141684c29b7a
which can be used as unique global reference for Symantec Pasam May 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-22T00:00:00Z |
date_published | 2012-05-04T00:00:00Z |
source | MITRE |
title | Trojan.Pasam |
Microsoft TrojanSpy:Win32/Ursnif.gen!I Sept 2017
Microsoft. (2017, September 15). TrojanSpy:Win32/Ursnif.gen!I. Retrieved December 18, 2017.
Internal MISP references
UUID 2b0c16e3-9ea0-455e-ae01-18d9b388fea6
which can be used as unique global reference for Microsoft TrojanSpy:Win32/Ursnif.gen!I Sept 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-18T00:00:00Z |
date_published | 2017-09-15T00:00:00Z |
source | MITRE |
title | TrojanSpy:Win32/Ursnif.gen!I |
Symantec Ushedix June 2008
Symantec. (2008, June 28). Trojan.Ushedix. Retrieved December 18, 2017.
Internal MISP references
UUID 9df2b407-df20-403b-ba1b-a681b9c74c7e
which can be used as unique global reference for Symantec Ushedix June 2008
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-18T00:00:00Z |
date_published | 2008-06-28T00:00:00Z |
source | MITRE |
title | Trojan.Ushedix |
Symantec Volgmer Aug 2014
Yagi, J. (2014, August 24). Trojan.Volgmer. Retrieved July 16, 2018.
Internal MISP references
UUID 8f5ba106-267a-4f9e-9498-04e27f509c5e
which can be used as unique global reference for Symantec Volgmer Aug 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-16T00:00:00Z |
date_published | 2014-08-24T00:00:00Z |
source | MITRE |
title | Trojan.Volgmer |
FSecure Lokibot November 2019
Kazem, M. (2019, November 25). Trojan:W32/Lokibot. Retrieved May 15, 2020.
Internal MISP references
UUID e4ed8915-8f1e-47a0-ad99-075c66fa9cd3
which can be used as unique global reference for FSecure Lokibot November 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-15T00:00:00Z |
date_published | 2019-11-25T00:00:00Z |
source | MITRE |
title | Trojan:W32/Lokibot |
Microsoft Totbrick Oct 2017
Pornasdoro, A. (2017, October 12). Trojan:Win32/Totbrick. Retrieved September 14, 2018.
Internal MISP references
UUID 3abe861b-0e3b-458a-98cf-38450058b4a5
which can be used as unique global reference for Microsoft Totbrick Oct 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-14T00:00:00Z |
date_published | 2017-10-12T00:00:00Z |
source | MITRE |
title | Trojan:Win32/Totbrick |
Ciubotariu 2014
Ciubotariu, M. (2014, January 23). Trojan.Zeroaccess.C Hidden in NTFS EA. Retrieved December 2, 2014.
Internal MISP references
UUID 8a4583fe-cf73-47ba-a4ea-3e5ef1eb51b6
which can be used as unique global reference for Ciubotariu 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-02T00:00:00Z |
date_published | 2014-01-23T00:00:00Z |
source | MITRE |
title | Trojan.Zeroaccess.C Hidden in NTFS EA |
TrendMicro TROJ-FAKEAV OCT 2012
Sioting, S. (2012, October 8). TROJ_FAKEAV.GZD. Retrieved August 8, 2018.
Internal MISP references
UUID 5d9e974f-07f8-48e4-96b6-632ecb31465d
which can be used as unique global reference for TrendMicro TROJ-FAKEAV OCT 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-08T00:00:00Z |
date_published | 2012-10-08T00:00:00Z |
source | MITRE |
title | TROJ_FAKEAV.GZD |
troj_zegost
Trend Micro. (2012, October 9). TROJ_ZEGOST. Retrieved September 2, 2021.
Internal MISP references
UUID c3790ad6-704a-4076-8729-61b5df9d7983
which can be used as unique global reference for troj_zegost
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-02T00:00:00Z |
date_published | 2012-10-09T00:00:00Z |
source | MITRE |
title | TROJ_ZEGOST |
TrendMicro Tropic Trooper May 2020
Chen, J.. (2020, May 12). Tropic Trooper’s Back: USBferry Attack Targets Air gapped Environments. Retrieved May 20, 2020.
Internal MISP references
UUID 4fbc1df0-f174-4461-817d-0baf6e947ba1
which can be used as unique global reference for TrendMicro Tropic Trooper May 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-20T00:00:00Z |
date_published | 2020-05-12T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Tropic Trooper’s Back: USBferry Attack Targets Air gapped Environments |
TrendMicro Tropic Trooper Mar 2018
Horejsi, J., et al. (2018, March 14). Tropic Trooper’s New Strategy. Retrieved November 9, 2018.
Internal MISP references
UUID 5d69d122-13bc-45c4-95ab-68283a21b699
which can be used as unique global reference for TrendMicro Tropic Trooper Mar 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-09T00:00:00Z |
date_published | 2018-03-14T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Tropic Trooper’s New Strategy |
Unit 42 Tropic Trooper Nov 2016
Ray, V. (2016, November 22). Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy. Retrieved November 9, 2018.
Internal MISP references
UUID cad84e3d-9506-44f8-bdd9-d090e6ce9b06
which can be used as unique global reference for Unit 42 Tropic Trooper Nov 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-09T00:00:00Z |
date_published | 2016-11-22T00:00:00Z |
source | MITRE |
title | Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy |
paloalto Tropic Trooper 2016
Ray, V., et al. (2016, November 22). Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy. Retrieved December 18, 2020.
Internal MISP references
UUID 47524b17-1acd-44b1-8de5-168369fa9455
which can be used as unique global reference for paloalto Tropic Trooper 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-18T00:00:00Z |
date_published | 2016-11-22T00:00:00Z |
source | MITRE |
title | Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy |
Microsoft Conditional Access Policy Changes
Microsoft. (2023, October 23). Troubleshooting Conditional Access policy changes. Retrieved January 2, 2024.
Internal MISP references
UUID fb9ad2ce-c6bc-584b-b42e-0e7c23e5d6cc
which can be used as unique global reference for Microsoft Conditional Access Policy Changes
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-02T00:00:00Z |
date_published | 2023-10-23T00:00:00Z |
source | MITRE |
title | Troubleshooting Conditional Access policy changes |
GitHub truffleHog
Dylan Ayrey. (2016, December 31). truffleHog. Retrieved October 19, 2020.
Internal MISP references
UUID 324a563f-55ee-49e9-9fc7-2b8e35f36875
which can be used as unique global reference for GitHub truffleHog
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
date_published | 2016-12-31T00:00:00Z |
source | MITRE |
title | truffleHog |
TCG Trusted Platform Module
Trusted Computing Group. (2008, April 29). Trusted Platform Module (TPM) Summary. Retrieved June 8, 2016.
Internal MISP references
UUID 51a2a2fd-7828-449d-aab5-dbcf5d37f020
which can be used as unique global reference for TCG Trusted Platform Module
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-08T00:00:00Z |
date_published | 2008-04-29T00:00:00Z |
source | MITRE |
title | Trusted Platform Module (TPM) Summary |
Microsoft Trusts
Microsoft. (2009, October 7). Trust Technologies. Retrieved February 14, 2019.
Internal MISP references
UUID e6bfc6a8-9eea-4c65-9c2b-04749da72a92
which can be used as unique global reference for Microsoft Trusts
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-14T00:00:00Z |
date_published | 2009-10-07T00:00:00Z |
source | MITRE |
title | Trust Technologies |
SSHjack Blackhat
Adam Boileau. (2005, August 5). Trust Transience: Post Intrusion SSH Hijacking. Retrieved December 19, 2017.
Internal MISP references
UUID 64f94126-de4c-4204-8409-d26804f32cff
which can be used as unique global reference for SSHjack Blackhat
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-19T00:00:00Z |
date_published | 2005-08-05T00:00:00Z |
source | MITRE |
title | Trust Transience: Post Intrusion SSH Hijacking |
Trend Micro Totbrick Oct 2016
Antazo, F. (2016, October 31). TSPY_TRICKLOAD.N. Retrieved September 14, 2018.
Internal MISP references
UUID d6419764-f203-4089-8b38-860c442238e7
which can be used as unique global reference for Trend Micro Totbrick Oct 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-14T00:00:00Z |
date_published | 2016-10-31T00:00:00Z |
source | MITRE |
title | TSPY_TRICKLOAD.N |
Ttdinject.exe - LOLBAS Project
LOLBAS. (2020, May 12). Ttdinject.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 3146c9c9-9836-4ce5-afe6-ef8f7b4a7b9d
which can be used as unique global reference for Ttdinject.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-05-12T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Ttdinject.exe |
ttint_rat
Tu, L. Ma, Y. Ye, G. (2020, October 1). Ttint: An IoT Remote Access Trojan spread through 2 0-day vulnerabilities. Retrieved October 28, 2021.
Internal MISP references
UUID f3e60cae-3225-4800-bc15-cb46ff715061
which can be used as unique global reference for ttint_rat
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-28T00:00:00Z |
date_published | 2020-10-01T00:00:00Z |
source | MITRE |
title | Ttint: An IoT Remote Access Trojan spread through 2 0-day vulnerabilities |
Tttracer.exe - LOLBAS Project
LOLBAS. (2019, November 5). Tttracer.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 7c88a77e-034e-4847-8bd7-1be3a684a158
which can be used as unique global reference for Tttracer.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2019-11-05T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Tttracer.exe |
Invincea XTunnel
Belcher, P.. (2016, July 28). Tunnel of Gov: DNC Hack and the Russian XTunnel. Retrieved August 3, 2016.
Internal MISP references
UUID 43773784-92b8-4722-806c-4b1fc4278bb0
which can be used as unique global reference for Invincea XTunnel
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-03T00:00:00Z |
date_published | 2016-07-28T00:00:00Z |
source | MITRE |
title | Tunnel of Gov: DNC Hack and the Russian XTunnel |
Sysadmins of the North April 28 2015
Jan reilink. (2015, April 28). Tunnel RDP through SSH & PuTTY. Retrieved May 25, 2023.
Internal MISP references
UUID 4fc8c559-c2a1-4834-914f-c66621b117c3
which can be used as unique global reference for Sysadmins of the North April 28 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-25T00:00:00Z |
date_published | 2015-04-28T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Tunnel RDP through SSH & PuTTY |
ThreatGeek Derusbi Converge
Fidelis Threat Research Team. (2016, May 2). Turbo Twist: Two 64-bit Derusbi Strains Converge. Retrieved August 16, 2018.
Internal MISP references
UUID a386b614-a808-42cf-be23-658f71b31560
which can be used as unique global reference for ThreatGeek Derusbi Converge
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-16T00:00:00Z |
date_published | 2016-05-02T00:00:00Z |
source | MITRE |
title | Turbo Twist: Two 64-bit Derusbi Strains Converge |
Mandiant Suspected Turla Campaign February 2023
Hawley, S. et al. (2023, February 2). Turla: A Galaxy of Opportunity. Retrieved May 15, 2023.
Internal MISP references
UUID d8f43a52-a59e-5567-8259-821b1b6bde43
which can be used as unique global reference for Mandiant Suspected Turla Campaign February 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-15T00:00:00Z |
date_published | 2023-02-02T00:00:00Z |
source | MITRE |
title | Turla: A Galaxy of Opportunity |
ESET Crutch December 2020
Faou, M. (2020, December 2). Turla Crutch: Keeping the “back door” open. Retrieved December 4, 2020.
Internal MISP references
UUID 8b2f40f5-7dca-4edf-8314-a8f5bc4831b8
which can be used as unique global reference for ESET Crutch December 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-04T00:00:00Z |
date_published | 2020-12-02T00:00:00Z |
source | MITRE |
title | Turla Crutch: Keeping the “back door” open |
ESET LightNeuron May 2019
Faou, M. (2019, May). Turla LightNeuron: One email away from remote code execution. Retrieved June 24, 2019.
Internal MISP references
UUID 679aa333-572c-44ba-b94a-606f168d1ed2
which can be used as unique global reference for ESET LightNeuron May 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-24T00:00:00Z |
date_published | 2019-05-01T00:00:00Z |
source | MITRE |
title | Turla LightNeuron: One email away from remote code execution |
ESET Turla Mosquito May 2018
ESET Research. (2018, May 22). Turla Mosquito: A shift towards more generic tools. Retrieved July 3, 2018.
Internal MISP references
UUID d683b8a2-7f90-4ae3-b763-c25fd701dbf6
which can be used as unique global reference for ESET Turla Mosquito May 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-03T00:00:00Z |
date_published | 2018-05-22T00:00:00Z |
source | MITRE |
title | Turla Mosquito: A shift towards more generic tools |
ESET Turla August 2018
ESET. (2018, August). Turla Outlook Backdoor: Analysis of an unusual Turla backdoor. Retrieved March 11, 2019.
Internal MISP references
UUID e725fb9d-65b9-4e3f-9930-13c2c74b7fa4
which can be used as unique global reference for ESET Turla August 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-11T00:00:00Z |
date_published | 2018-08-01T00:00:00Z |
source | MITRE |
title | Turla Outlook Backdoor: Analysis of an unusual Turla backdoor |
Accenture HyperStack October 2020
Accenture. (2020, October). Turla uses HyperStack, Carbon, and Kazuar to compromise government entity. Retrieved December 2, 2020.
Internal MISP references
UUID 680f2a0b-f69d-48bd-93ed-20ee2f79e3f7
which can be used as unique global reference for Accenture HyperStack October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-02T00:00:00Z |
date_published | 2020-10-01T00:00:00Z |
source | MITRE |
title | Turla uses HyperStack, Carbon, and Kazuar to compromise government entity |
Gmail Delegation
Google. (n.d.). Turn Gmail delegation on or off. Retrieved April 1, 2022.
Internal MISP references
UUID dfd28a01-56ba-4c0c-9742-d8b1db49df06
which can be used as unique global reference for Gmail Delegation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-01T00:00:00Z |
source | MITRE |
title | Turn Gmail delegation on or off |
Google Cloud Privilege Escalation
Chris Moberly. (2020, February 12). Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments. Retrieved April 1, 2022.
Internal MISP references
UUID 3dc4b69c-8cae-4489-8df2-5f55419fb3b1
which can be used as unique global reference for Google Cloud Privilege Escalation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-01T00:00:00Z |
date_published | 2020-02-12T00:00:00Z |
source | MITRE |
title | Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments |
SSH in Windows
Microsoft. (2020, May 19). Tutorial: SSH in Windows Terminal. Retrieved July 26, 2021.
Internal MISP references
UUID 3006af23-b802-400f-841d-7eea7d748d28
which can be used as unique global reference for SSH in Windows
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-07-26T00:00:00Z |
date_published | 2020-05-19T00:00:00Z |
source | MITRE |
title | Tutorial: SSH in Windows Terminal |
Microsoft NEODYMIUM Dec 2016
Microsoft. (2016, December 14). Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe. Retrieved November 27, 2017.
Internal MISP references
UUID 87c9f8e4-f8d1-4f19-86ca-6fd18a33890b
which can be used as unique global reference for Microsoft NEODYMIUM Dec 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-27T00:00:00Z |
date_published | 2016-12-14T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe |
Twitter Richard WMIC
Ackroyd, R. (2023, March 24). Twitter. Retrieved March 24, 2023.
Internal MISP references
UUID 7d701a8e-6816-5112-ac16-b36e71d7c5db
which can be used as unique global reference for Twitter Richard WMIC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-24T00:00:00Z |
date_published | 2023-03-24T00:00:00Z |
source | MITRE |
title |
Twitter Nick Carr APT10
Carr, N.. (2017, April 6). Retrieved June 29, 2017.
Internal MISP references
UUID 0f133f2c-3b02-4b3b-a960-ef6a7862cf8f
which can be used as unique global reference for Twitter Nick Carr APT10
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-06-29T00:00:00Z |
source | MITRE |
title | Twitter Nick Carr APT10 |
Crowdstrike KRYPTONITE PANDA August 2018
Adam Kozy. (2018, August 30). Two Birds, One Stone Panda. Retrieved August 24, 2021.
Internal MISP references
UUID 42fe94f5-bc4c-4b0b-9c35-0bc32cbc5d79
which can be used as unique global reference for Crowdstrike KRYPTONITE PANDA August 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-24T00:00:00Z |
date_published | 2018-08-30T00:00:00Z |
source | MITRE |
title | Two Birds, One Stone Panda |
Two New Monero Malware Attacks Target Windows and Android Users
Douglas Bonderud. (2018, September 17). Two New Monero Malware Attacks Target Windows and Android Users. Retrieved June 5, 2023.
Internal MISP references
UUID a797397b-2af7-58b9-b66a-5ded260659f0
which can be used as unique global reference for Two New Monero Malware Attacks Target Windows and Android Users
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-05T00:00:00Z |
date_published | 2018-09-17T00:00:00Z |
source | MITRE |
title | Two New Monero Malware Attacks Target Windows and Android Users |
Trend Micro Pawn Storm April 2017
Hacquebord, F.. (2017, April 25). Two Years of Pawn Storm: Examining an Increasingly Relevant Threat. Retrieved May 3, 2017.
Internal MISP references
UUID d92f22a7-7753-47da-a850-00c073b5fd27
which can be used as unique global reference for Trend Micro Pawn Storm April 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-05-03T00:00:00Z |
date_published | 2017-04-25T00:00:00Z |
source | MITRE |
title | Two Years of Pawn Storm: Examining an Increasingly Relevant Threat |
Almond COR_PROFILER Apr 2019
Almond. (2019, April 30). UAC bypass via elevated .NET applications. Retrieved June 24, 2020.
Internal MISP references
UUID a49c5870-2a48-4cd7-8b4e-e80c5414f565
which can be used as unique global reference for Almond COR_PROFILER Apr 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-24T00:00:00Z |
date_published | 2019-04-30T00:00:00Z |
source | MITRE |
title | UAC bypass via elevated .NET applications |
Github UACMe
UACME Project. (2016, June 16). UACMe. Retrieved July 26, 2016.
Internal MISP references
UUID 7006d59d-3b61-4030-a680-5dac52133722
which can be used as unique global reference for Github UACMe
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-07-26T00:00:00Z |
date_published | 2016-06-16T00:00:00Z |
source | MITRE |
title | UACMe |
ZScaler SEO
Wang, J. (2018, October 17). Ubiquitous SEO Poisoning URLs. Retrieved September 30, 2022.
Internal MISP references
UUID f117cfa5-1bad-43ae-9eaa-3b9123061f93
which can be used as unique global reference for ZScaler SEO
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-30T00:00:00Z |
date_published | 2018-10-17T00:00:00Z |
source | MITRE |
title | Ubiquitous SEO Poisoning URLs |
PaloAlto UBoatRAT Nov 2017
Hayashi, K. (2017, November 28). UBoatRAT Navigates East Asia. Retrieved January 12, 2018.
Internal MISP references
UUID 235a1129-2f35-4861-90b8-1f761d89b0f9
which can be used as unique global reference for PaloAlto UBoatRAT Nov 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-12T00:00:00Z |
date_published | 2017-11-28T00:00:00Z |
source | MITRE |
title | UBoatRAT Navigates East Asia |
UK NSCS Russia SolarWinds April 2021
UK NCSC. (2021, April 15). UK and US call out Russia for SolarWinds compromise. Retrieved April 16, 2021.
Internal MISP references
UUID f49e6780-8caa-4c3c-8d68-47a2cc4319a1
which can be used as unique global reference for UK NSCS Russia SolarWinds April 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-16T00:00:00Z |
date_published | 2021-04-15T00:00:00Z |
source | MITRE |
title | UK and US call out Russia for SolarWinds compromise |
UK Gov Malign RIS Activity April 2021
UK Gov. (2021, April 15). UK and US expose global campaign of malign activity by Russian intelligence services . Retrieved April 16, 2021.
Internal MISP references
UUID 7fe5a605-c33e-4d3d-b787-2d1f649bee53
which can be used as unique global reference for UK Gov Malign RIS Activity April 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-16T00:00:00Z |
date_published | 2021-04-15T00:00:00Z |
source | MITRE |
title | UK and US expose global campaign of malign activity by Russian intelligence services |
UK Gov UK Exposes Russia SolarWinds April 2021
UK Gov. (2021, April 15). UK exposes Russian involvement in SolarWinds cyber compromise . Retrieved April 16, 2021.
Internal MISP references
UUID ffbd83d7-9d4f-42b9-adc0-eb144045aef2
which can be used as unique global reference for UK Gov UK Exposes Russia SolarWinds April 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-16T00:00:00Z |
date_published | 2021-04-15T00:00:00Z |
source | MITRE |
title | UK exposes Russian involvement in SolarWinds cyber compromise |
UK NCSC Olympic Attacks October 2020
UK NCSC. (2020, October 19). UK exposes series of Russian cyber attacks against Olympic and Paralympic Games . Retrieved November 30, 2020.
Internal MISP references
UUID 93053f1b-917c-4573-ba20-99fcaa16a2dd
which can be used as unique global reference for UK NCSC Olympic Attacks October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-30T00:00:00Z |
date_published | 2020-10-19T00:00:00Z |
source | MITRE |
title | UK exposes series of Russian cyber attacks against Olympic and Paralympic Games |
Cisco Ukraine Wipers January 2022
Biasini, N. et al.. (2022, January 21). Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation. Retrieved March 14, 2022.
Internal MISP references
UUID db17cc3d-9cd3-4faa-9de9-3b8fbec909c3
which can be used as unique global reference for Cisco Ukraine Wipers January 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-14T00:00:00Z |
date_published | 2022-01-21T00:00:00Z |
source | MITRE |
title | Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation |
Symantec Ukraine Wipers February 2022
Symantec Threat Hunter Team. (2022, February 24). Ukraine: Disk-wiping Attacks Precede Russian Invasion. Retrieved March 25, 2022.
Internal MISP references
UUID 3ed4cd00-3387-4b80-bda8-0a190dc6353c
which can be used as unique global reference for Symantec Ukraine Wipers February 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-25T00:00:00Z |
date_published | 2022-02-24T00:00:00Z |
source | MITRE |
title | Ukraine: Disk-wiping Attacks Precede Russian Invasion |
Bleepingcomputer Gamardeon FSB November 2021
Toulas, B. (2018, November 4). Ukraine links members of Gamaredon hacker group to Russian FSB. Retrieved April 15, 2022.
Internal MISP references
UUID c565b025-df74-40a9-9535-b630ca06f777
which can be used as unique global reference for Bleepingcomputer Gamardeon FSB November 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-15T00:00:00Z |
date_published | 2018-11-04T00:00:00Z |
source | MITRE |
title | Ukraine links members of Gamaredon hacker group to Russian FSB |
Leonard TAG 2023
Billy Leonard. (2023, April 19). Ukraine remains Russia’s biggest cyber focus in 2023. Retrieved March 1, 2024.
Internal MISP references
UUID 95c6ad1d-df16-5dd3-a6ef-75c1247ec5e0
which can be used as unique global reference for Leonard TAG 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-01T00:00:00Z |
date_published | 2023-04-19T00:00:00Z |
source | MITRE |
title | Ukraine remains Russia’s biggest cyber focus in 2023 |
Qualys Hermetic Wiper March 2022
Dani, M. (2022, March 1). Ukrainian Targets Hit by HermeticWiper, New Datawiper Malware. Retrieved March 25, 2022.
Internal MISP references
UUID 2b25969b-2f0b-4204-9277-596e80c4e626
which can be used as unique global reference for Qualys Hermetic Wiper March 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-25T00:00:00Z |
date_published | 2022-03-01T00:00:00Z |
source | MITRE |
title | Ukrainian Targets Hit by HermeticWiper, New Datawiper Malware |
GitHub Ultimate AppLocker Bypass List
Moe, O. (2018, March 1). Ultimate AppLocker Bypass List. Retrieved April 10, 2018.
Internal MISP references
UUID a2fa7fb8-ddba-44cf-878f-448fb2aa6149
which can be used as unique global reference for GitHub Ultimate AppLocker Bypass List
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-10T00:00:00Z |
date_published | 2018-03-01T00:00:00Z |
source | MITRE |
title | Ultimate AppLocker Bypass List |
Okta HAR Files RCA
David Bradbury. (2023, November 3). Unauthorized Access to Okta's Support Case Management System: Root Cause and Remediation. Retrieved December 19, 2023.
Internal MISP references
UUID 742d095c-9bd1-4f4a-8bc6-16db6d15a9f4
which can be used as unique global reference for Okta HAR Files RCA
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-19T00:00:00Z |
date_published | 2023-11-03T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Unauthorized Access to Okta's Support Case Management System: Root Cause and Remediation |
UCF STIG Symbolic Links
UCF. (n.d.). Unauthorized accounts must not have the Create symbolic links user right.. Retrieved December 18, 2017.
Internal MISP references
UUID 93716db0-6f88-425c-af00-ed2e941214d3
which can be used as unique global reference for UCF STIG Symbolic Links
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-18T00:00:00Z |
source | MITRE |
title | Unauthorized accounts must not have the Create symbolic links user right. |
FireEye FiveHands April 2021
McLellan, T. and Moore, J. et al. (2021, April 29). UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat. Retrieved June 2, 2021.
Internal MISP references
UUID 832aeb46-b248-43e8-9157-a2f56bcd1806
which can be used as unique global reference for FireEye FiveHands April 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-02T00:00:00Z |
date_published | 2021-04-29T00:00:00Z |
source | MITRE |
title | UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat |
Mandiant APT29 Eye Spy Email Nov 22
Mandiant. (2022, May 2). UNC3524: Eye Spy on Your Email. Retrieved August 17, 2023.
Internal MISP references
UUID 452ca091-42b1-5bef-8a01-921c1f46bbee
which can be used as unique global reference for Mandiant APT29 Eye Spy Email Nov 22
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-17T00:00:00Z |
date_published | 2022-05-02T00:00:00Z |
source | MITRE |
title | UNC3524: Eye Spy on Your Email |
Google Cloud June 10 2024
Mandiant. (2024, June 10). UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion . Retrieved June 13, 2024.
Internal MISP references
UUID 0afe3662-b55c-4189-9c9a-2be55a9b6a70
which can be used as unique global reference for Google Cloud June 10 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-06-13T00:00:00Z |
date_published | 2024-06-10T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion |
Mandiant UNC961 March 23 2023
Ryan Tomcik, Rufus Brown, Josh Fleischer. (2023, March 23). UNC961 in the Multiverse of Mandiant: Three Encounters with a Financially Motivated Threat Actor. Retrieved November 1, 2023.
Internal MISP references
UUID cef19ceb-179f-4d49-acba-5ce40ab9f65e
which can be used as unique global reference for Mandiant UNC961 March 23 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-01T00:00:00Z |
date_published | 2023-03-23T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | UNC961 in the Multiverse of Mandiant: Three Encounters with a Financially Motivated Threat Actor |
Trend Micro DRBControl February 2020
Lunghi, D. et al. (2020, February). Uncovering DRBControl. Retrieved November 12, 2021.
Internal MISP references
UUID 4dfbf26d-023b-41dd-82c8-12fe18cb10e6
which can be used as unique global reference for Trend Micro DRBControl February 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-11-12T00:00:00Z |
date_published | 2020-02-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Uncovering DRBControl |
Checkpoint MosesStaff Nov 2021
Checkpoint Research. (2021, November 15). Uncovering MosesStaff techniques: Ideology over Money. Retrieved August 11, 2022.
Internal MISP references
UUID d6da2849-cff0-408a-9f09-81a33fc88a56
which can be used as unique global reference for Checkpoint MosesStaff Nov 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-11T00:00:00Z |
date_published | 2021-11-15T00:00:00Z |
source | MITRE |
title | Uncovering MosesStaff techniques: Ideology over Money |
bencane blog bashrc
Benjamin Cane. (2013, September 16). Understanding a little more about /etc/profile and /etc/bashrc. Retrieved February 25, 2021.
Internal MISP references
UUID 503a4cd6-5cfe-4cce-b363-0cf3c8bc9feb
which can be used as unique global reference for bencane blog bashrc
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-25T00:00:00Z |
date_published | 2013-09-16T00:00:00Z |
source | MITRE |
title | Understanding a little more about /etc/profile and /etc/bashrc |
Juniper DAI 2020
Juniper. (2020, September 23). Understanding and Using Dynamic ARP Inspection (DAI). Retrieved October 15, 2020.
Internal MISP references
UUID f63b099d-a316-42a1-b1ce-17f11d0f3d2e
which can be used as unique global reference for Juniper DAI 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-15T00:00:00Z |
date_published | 2020-09-23T00:00:00Z |
source | MITRE |
title | Understanding and Using Dynamic ARP Inspection (DAI) |
Understanding BumbleBee Loader The Delivery - VMRay 9 1 2023
Emre Güler Threat Researcher. (2023, September 1). Understanding BumbleBee Loader The Delivery. Retrieved February 19, 2024.
Internal MISP references
UUID ce1bddab-f63b-400f-ba49-0a06c4f5066a
which can be used as unique global reference for Understanding BumbleBee Loader The Delivery - VMRay 9 1 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-19T00:00:00Z |
date_published | 2023-09-01T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Understanding BumbleBee Loader The Delivery |
Understanding BumbleBee The malicious behavior - VMRay 9 1 2023
Emre Güler Threat Researcher. (2023, September 1). Understanding BumbleBee The malicious behavior. Retrieved February 19, 2024.
Internal MISP references
UUID b0bedc26-d075-448e-9adc-741c047a851c
which can be used as unique global reference for Understanding BumbleBee The malicious behavior - VMRay 9 1 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-19T00:00:00Z |
date_published | 2023-09-01T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Understanding BumbleBee The malicious behavior |
Google Cloud IAM Policies
Google Cloud. (2022, March 31). Understanding policies. Retrieved April 1, 2022.
Internal MISP references
UUID b23a0df2-923d-4a5d-a40c-3ae218a0be94
which can be used as unique global reference for Google Cloud IAM Policies
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-01T00:00:00Z |
date_published | 2022-03-31T00:00:00Z |
source | MITRE |
title | Understanding policies |
Juniper Traffic Mirroring
Juniper. (n.d.). Understanding Port Mirroring on EX2200, EX3200, EX3300, EX4200, EX4500, EX4550, EX6200, and EX8200 Series Switches. Retrieved October 19, 2020.
Internal MISP references
UUID a6f62986-0b62-4316-b762-021f1bb14903
which can be used as unique global reference for Juniper Traffic Mirroring
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-19T00:00:00Z |
source | MITRE |
title | Understanding Port Mirroring on EX2200, EX3200, EX3300, EX4200, EX4500, EX4550, EX6200, and EX8200 Series Switches |
U.S. CISA Understanding LockBit June 2023
Cybersecurity and Infrastructure Security Agency. (2023, June 14). Understanding Ransomware Threat Actors: LockBit. Retrieved June 30, 2023.
Internal MISP references
UUID 9c03b801-2ebe-4c7b-aa29-1b7a3625964a
which can be used as unique global reference for U.S. CISA Understanding LockBit June 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-30T00:00:00Z |
date_published | 2023-06-14T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Understanding Ransomware Threat Actors: LockBit |
Auth0 Understanding Refresh Tokens
Auth0 Inc.. (n.d.). Understanding Refresh Tokens. Retrieved December 16, 2021.
Internal MISP references
UUID 84eb3d8a-f6b1-4bb5-9411-2c8da29b5946
which can be used as unique global reference for Auth0 Understanding Refresh Tokens
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-16T00:00:00Z |
source | MITRE |
title | Understanding Refresh Tokens |
Huntress ScreenConnect 2 19 2024
Team Huntress. (2024, February 19). Understanding the ConnectWise ScreenConnect CVE-2024-1709 & CVE-2024-1708 . Retrieved February 22, 2024.
Internal MISP references
UUID 8d08b5e2-13ed-4283-8bd2-f3d9a5d02bc5
which can be used as unique global reference for Huntress ScreenConnect 2 19 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-22T00:00:00Z |
date_published | 2024-02-19T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Understanding the ConnectWise ScreenConnect CVE-2024-1709 & CVE-2024-1708 |
baeldung Linux proc map 2022
baeldung. (2022, April 8). Understanding the Linux /proc/id/maps File. Retrieved March 31, 2023.
Internal MISP references
UUID b70d04e4-c5f9-5cb2-b896-9bd64e97369e
which can be used as unique global reference for baeldung Linux proc map 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-31T00:00:00Z |
date_published | 2022-04-08T00:00:00Z |
source | MITRE |
title | Understanding the Linux /proc/id/maps File |
Talos Phobos November 17 2023
Guilherme Venere. (2023, November 17). Understanding the Phobos affiliate structure and activity. Retrieved March 7, 2024.
Internal MISP references
UUID c049d198-efd0-40e2-a675-cf099b8211b3
which can be used as unique global reference for Talos Phobos November 17 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-07T00:00:00Z |
date_published | 2023-11-17T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Understanding the Phobos affiliate structure and activity |
Mandiant APT44 April 17 2024
Gabby Roncone, Dan Black, John Wolfram, Tyler McLellan, Nick Simonian, Ryan Hall, Anton Prokopenkov, Luke Jenkins, Dan Perez, Lexie Aytes, Alden Wahlstrom. (2024, April 17). Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm. Retrieved April 17, 2024.
Internal MISP references
UUID a64f689e-2bb4-4253-86cd-545e7f633a7e
which can be used as unique global reference for Mandiant APT44 April 17 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-17T00:00:00Z |
date_published | 2024-04-17T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm |
FireEye KEGTAP SINGLEMALT October 2020
Kimberly Goody, Jeremy Kennelly, Joshua Shilko, Steve Elovitz, Douglas Bienstock. (2020, October 28). Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser. Retrieved October 28, 2020.
Internal MISP references
UUID 59162ffd-cb95-4757-bb1e-0c2a4ad5c083
which can be used as unique global reference for FireEye KEGTAP SINGLEMALT October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-28T00:00:00Z |
date_published | 2020-10-28T00:00:00Z |
source | MITRE |
title | Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser |
Wikipedia UEFI
Wikipedia. (2017, July 10). Unified Extensible Firmware Interface. Retrieved July 11, 2017.
Internal MISP references
UUID 681c6a57-76db-410b-82d6-4e614bcdb6e0
which can be used as unique global reference for Wikipedia UEFI
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-11T00:00:00Z |
date_published | 2017-07-10T00:00:00Z |
source | MITRE |
title | Unified Extensible Firmware Interface |
New DragonOK
Miller-Osborn, J., Grunzweig, J.. (2015, April). Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets. Retrieved November 4, 2015.
Internal MISP references
UUID 82c1ed0d-a41d-4212-a3ae-a1d661bede2d
which can be used as unique global reference for New DragonOK
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-11-04T00:00:00Z |
date_published | 2015-04-01T00:00:00Z |
source | MITRE |
title | Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets |
Unit 42 Playbook Dec 2017
Unit 42. (2017, December 15). Unit 42 Playbook Viewer. Retrieved December 20, 2017.
Internal MISP references
UUID 9923f9ff-a7b8-4058-8213-3c83c54c10a6
which can be used as unique global reference for Unit 42 Playbook Dec 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 2017-12-15T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Unit 42 Playbook Viewer |
Unit 42 SeaDuke 2015
Grunzweig, J.. (2015, July 14). Unit 42 Technical Analysis: Seaduke. Retrieved August 3, 2016.
Internal MISP references
UUID 735d38da-9214-4141-86af-11eefa5c4d04
which can be used as unique global reference for Unit 42 SeaDuke 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-03T00:00:00Z |
date_published | 2015-07-14T00:00:00Z |
source | MITRE |
title | Unit 42 Technical Analysis: Seaduke |
3OHA double-fork 2022
Juan Tapiador. (2022, April 11). UNIX daemonization and the double fork. Retrieved September 29, 2023.
Internal MISP references
UUID 521b79fe-bb7b-52fd-a899-b73e254027a5
which can be used as unique global reference for 3OHA double-fork 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-29T00:00:00Z |
date_published | 2022-04-11T00:00:00Z |
source | MITRE |
title | UNIX daemonization and the double fork |
Flashpoint Anonymous Sudan Timeline
Flashpoint. (2023, June 20). Unmasking Anonymous Sudan: Timeline of DDoS Attacks, Affiliations, and Motivations. Retrieved October 10, 2023.
Internal MISP references
UUID 2e7060d2-f7bc-457e-a2e6-12897d503ea6
which can be used as unique global reference for Flashpoint Anonymous Sudan Timeline
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-10T00:00:00Z |
date_published | 2023-06-20T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Unmasking Anonymous Sudan: Timeline of DDoS Attacks, Affiliations, and Motivations |
AADInternals Azure AD On-Prem to Cloud
Dr. Nestori Syynimaa. (2020, July 13). Unnoticed sidekick: Getting access to cloud as an on-prem admin. Retrieved September 28, 2022.
Internal MISP references
UUID 7a6a7ecd-b9c7-4371-9924-34733597556c
which can be used as unique global reference for AADInternals Azure AD On-Prem to Cloud
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-09-28T00:00:00Z |
date_published | 2020-07-13T00:00:00Z |
source | MITRE |
title | Unnoticed sidekick: Getting access to cloud as an on-prem admin |
Adsecurity Mimikatz Guide
Metcalf, S. (2015, November 13). Unofficial Guide to Mimikatz & Command Reference. Retrieved December 23, 2015.
Internal MISP references
UUID b251ed65-a145-4053-9dc2-bf0dad83d76c
which can be used as unique global reference for Adsecurity Mimikatz Guide
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-12-23T00:00:00Z |
date_published | 2015-11-13T00:00:00Z |
source | MITRE |
title | Unofficial Guide to Mimikatz & Command Reference |
InfoSec Write-ups 7 23 2023
Mov Eax. (2023, July 23). Unpacking Emotet Trojan. Retrieved February 27, 2024.
Internal MISP references
UUID 684835bb-7d67-440d-82c2-5f98c3e29341
which can be used as unique global reference for InfoSec Write-ups 7 23 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-27T00:00:00Z |
date_published | 2023-07-23T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Unpacking Emotet Trojan |
Cyble Akira May 10 2023
Cybleinc. (2023, May 10). Unraveling Akira Ransomware. Retrieved February 27, 2024.
Internal MISP references
UUID 4a6cde5d-971e-4260-9ab4-777ee81d5af0
which can be used as unique global reference for Cyble Akira May 10 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-27T00:00:00Z |
date_published | 2023-05-10T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Unraveling Akira Ransomware |
Kaspersky Lamberts Toolkit April 2017
GREAT. (2017, April 11). Unraveling the Lamberts Toolkit. Retrieved March 21, 2022.
Internal MISP references
UUID 2be23bfb-c6fb-455e-ae88-2ae910ccef60
which can be used as unique global reference for Kaspersky Lamberts Toolkit April 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-21T00:00:00Z |
date_published | 2017-04-11T00:00:00Z |
source | MITRE |
title | Unraveling the Lamberts Toolkit |
CrowdStrike Grim Spider May 2019
John, E. and Carvey, H. (2019, May 30). Unraveling the Spiderweb: Timelining ATT&CK Artifacts Used by GRIM SPIDER. Retrieved May 12, 2020.
Internal MISP references
UUID 103f2b78-81ed-4096-a67a-dedaffd67e9b
which can be used as unique global reference for CrowdStrike Grim Spider May 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-12T00:00:00Z |
date_published | 2019-05-30T00:00:00Z |
source | MITRE |
title | Unraveling the Spiderweb: Timelining ATT&CK Artifacts Used by GRIM SPIDER |
Unregmp2.exe - LOLBAS Project
LOLBAS. (2021, December 6). Unregmp2.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 9ad11187-bf91-4205-98c7-c7b981e4ab6f
which can be used as unique global reference for Unregmp2.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-12-06T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Unregmp2.exe |
TrendMicro Patchwork Dec 2017
Lunghi, D., et al. (2017, December). Untangling the Patchwork Cyberespionage Group. Retrieved July 10, 2018.
Internal MISP references
UUID 15465b26-99e1-4956-8c81-cda3388169b8
which can be used as unique global reference for TrendMicro Patchwork Dec 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-10T00:00:00Z |
date_published | 2017-12-01T00:00:00Z |
source | MITRE |
title | Untangling the Patchwork Cyberespionage Group |
Kaspersky Careto
Kaspersky Labs. (2014, February 11). Unveiling “Careto” - The Masked APT. Retrieved July 5, 2017.
Internal MISP references
UUID 547f1a4a-7e4a-461d-8c19-f4775cd60ac0
which can be used as unique global reference for Kaspersky Careto
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-05T00:00:00Z |
date_published | 2014-02-11T00:00:00Z |
source | MITRE |
title | Unveiling “Careto” - The Masked APT |
NKAbuse SL
KASPERSKY GERT. (2023, December 14). Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol. Retrieved February 8, 2024.
Internal MISP references
UUID 96e199f8-1d33-574f-a507-05303db728e1
which can be used as unique global reference for NKAbuse SL
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-08T00:00:00Z |
date_published | 2023-12-14T00:00:00Z |
source | MITRE |
title | Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol |
Cymmetria Patchwork
Cymmetria. (2016). Unveiling Patchwork - The Copy-Paste APT. Retrieved August 3, 2016.
Internal MISP references
UUID d4e43b2c-a858-4285-984f-f59db5c657bd
which can be used as unique global reference for Cymmetria Patchwork
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-03T00:00:00Z |
date_published | 2016-01-01T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Unveiling Patchwork - The Copy-Paste APT |
Orange Residential Proxies
Orange Cyberdefense. (2024, March 14). Unveiling the depths of residential proxies providers. Retrieved April 11, 2024.
Internal MISP references
UUID df4b99f3-1796-57b3-a352-37be5380badc
which can be used as unique global reference for Orange Residential Proxies
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-04-11T00:00:00Z |
date_published | 2024-03-14T00:00:00Z |
source | MITRE |
title | Unveiling the depths of residential proxies providers |
The DFIR Report Ursnif January 2023
The DFIR Report. (2023, January 9). Unwrapping Ursnifs Gifts. Retrieved May 10, 2023.
Internal MISP references
UUID 0c017bf7-0ec7-4e45-8c20-7db284c4a51e
which can be used as unique global reference for The DFIR Report Ursnif January 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-10T00:00:00Z |
date_published | 2023-01-09T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Unwrapping Ursnifs Gifts |
Rapid7G20Espionage
Rapid7. (2013, August 26). Upcoming G20 Summit Fuels Espionage Operations. Retrieved March 6, 2017.
Internal MISP references
UUID 2235ff2a-07b8-4198-b91d-e50739e274f4
which can be used as unique global reference for Rapid7G20Espionage
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-06T00:00:00Z |
date_published | 2013-08-26T00:00:00Z |
source | MITRE |
title | Upcoming G20 Summit Fuels Espionage Operations |
Unit 42 BackConfig May 2020
Hinchliffe, A. and Falcone, R. (2020, May 11). Updated BackConfig Malware Targeting Government and Military Organizations in South Asia. Retrieved June 17, 2020.
Internal MISP references
UUID f26629db-c641-4b6b-abbf-b55b9cc91cf1
which can be used as unique global reference for Unit 42 BackConfig May 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-17T00:00:00Z |
date_published | 2020-05-11T00:00:00Z |
source | MITRE |
title | Updated BackConfig Malware Targeting Government and Military Organizations in South Asia |
Secureworks Karagany July 2019
Secureworks. (2019, July 24). Updated Karagany Malware Targets Energy Sector. Retrieved August 12, 2020.
Internal MISP references
UUID 61c05edf-24aa-4399-8cdf-01d27f6595a1
which can be used as unique global reference for Secureworks Karagany July 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-12T00:00:00Z |
date_published | 2019-07-24T00:00:00Z |
source | MITRE |
title | Updated Karagany Malware Targets Energy Sector |
Update.exe - LOLBAS Project
LOLBAS. (2019, June 26). Update.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 2c85d5e5-2cb2-4af7-8c33-8aaac3360706
which can be used as unique global reference for Update.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2019-06-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Update.exe |
Microsoft - Update or Repair Federated domain
Microsoft. (2020, September 14). Update or repair the settings of a federated domain in Office 365, Azure, or Intune. Retrieved December 30, 2020.
Internal MISP references
UUID 1db3856e-d581-42e6-8038-44b0a2a2b435
which can be used as unique global reference for Microsoft - Update or Repair Federated domain
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-30T00:00:00Z |
date_published | 2020-09-14T00:00:00Z |
source | MITRE |
title | Update or repair the settings of a federated domain in Office 365, Azure, or Intune |
Trendmicro Evolving ThiefQuest 2020
Gabrielle Joyce Mabutas, Luis Magisa, Steven Du. (2020, July 17). Updates on Quickly-Evolving ThiefQuest macOS Malware. Retrieved April 26, 2021.
Internal MISP references
UUID 880c1b9e-55a1-404c-9754-1fc2ee30a72b
which can be used as unique global reference for Trendmicro Evolving ThiefQuest 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-26T00:00:00Z |
date_published | 2020-07-17T00:00:00Z |
source | MITRE |
title | Updates on Quickly-Evolving ThiefQuest macOS Malware |
AWS Update Trail
AWS. (n.d.). update-trail. Retrieved August 4, 2023.
Internal MISP references
UUID a94e1e4a-2963-5563-a8a6-ab9f64a86476
which can be used as unique global reference for AWS Update Trail
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-04T00:00:00Z |
source | MITRE |
title | update-trail |
Unit 42 Pirpi July 2015
Falcone, R., Wartell, R.. (2015, July 27). UPS: Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload. Retrieved April 23, 2019.
Internal MISP references
UUID 42d35b93-2866-46d8-b8ff-675df05db9db
which can be used as unique global reference for Unit 42 Pirpi July 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-23T00:00:00Z |
date_published | 2015-07-27T00:00:00Z |
source | MITRE |
title | UPS: Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload |
PaperCut MF/NG vulnerability bulletin
PaperCut. (2023, March 8). URGENT MF/NG vulnerability bulletin (March 2023) | PaperCut. Retrieved August 3, 2023.
Internal MISP references
UUID d6e71b45-fc91-40f4-8201-2186994ae42a
which can be used as unique global reference for PaperCut MF/NG vulnerability bulletin
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-03T00:00:00Z |
date_published | 2023-03-08T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | URGENT MF/NG vulnerability bulletin (March 2023) |
URI Use
Nathan McFeters. Billy Kim Rios. Rob Carter.. (2008). URI Use and Abuse. Retrieved February 9, 2024.
Internal MISP references
UUID 8d0aea35-c1af-5dda-a4c9-814f0e9c9334
which can be used as unique global reference for URI Use
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-09T00:00:00Z |
date_published | 2008-01-01T00:00:00Z |
source | MITRE |
title | URI Use and Abuse |
Url.dll - LOLBAS Project
LOLBAS. (2018, May 25). Url.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 0c88fb72-6be5-4a01-af1c-553650779253
which can be used as unique global reference for Url.dll - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Url.dll |
SCILabs Malteiro Threat Overlap 2023
SCILabs. (2023, October 8). URSA/Mispadu: Overlap analysis with other threats. Retrieved March 13, 2024.
Internal MISP references
UUID ed4aab9c-6b94-593b-b81e-47393197ee48
which can be used as unique global reference for SCILabs Malteiro Threat Overlap 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-13T00:00:00Z |
date_published | 2023-10-08T00:00:00Z |
source | MITRE |
title | URSA/Mispadu: Overlap analysis with other threats |
NJCCIC Ursnif Sept 2016
NJCCIC. (2016, September 27). Ursnif. Retrieved June 4, 2019.
Internal MISP references
UUID d57a2efe-8c98-491e-aecd-e051241a1779
which can be used as unique global reference for NJCCIC Ursnif Sept 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-04T00:00:00Z |
date_published | 2016-09-27T00:00:00Z |
source | MITRE |
title | Ursnif |
TrendMicro Ursnif Mar 2015
Caragay, R. (2015, March 26). URSNIF: The Multifaceted Malware. Retrieved June 5, 2019.
Internal MISP references
UUID d02287df-9d93-4cbe-8e59-8f4ef3debc65
which can be used as unique global reference for TrendMicro Ursnif Mar 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-06-05T00:00:00Z |
date_published | 2015-03-26T00:00:00Z |
source | MITRE |
title | URSNIF: The Multifaceted Malware |
Proofpoint August 29 2016
Proofpoint. (2016, August 29). Ursnif Variant Dreambot Adds Tor Functionality | Proofpoint. Retrieved May 11, 2023.
Internal MISP references
UUID f05ecd1b-7844-4920-8c3a-0b30ff126ac9
which can be used as unique global reference for Proofpoint August 29 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-11T00:00:00Z |
date_published | 2016-08-29T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Ursnif Variant Dreambot Adds Tor Functionality |
US Coast Guard Killnet August 17 2022
US Coast Guard Cyber Command. (2022, August 17). US Coast Guard Cyber Command Maritime Cyber Alert 03-22. Retrieved October 9, 2023.
Internal MISP references
UUID 2d2a6f76-9531-4b35-b247-ae5da8663a92
which can be used as unique global reference for US Coast Guard Killnet August 17 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-09T00:00:00Z |
date_published | 2022-08-17T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | US Coast Guard Cyber Command Maritime Cyber Alert 03-22 |
USCYBERCOM SLOTHFULMEDIA October 2020
USCYBERCOM. (2020, October 1). USCYBERCOM Cybersecurity Alert SLOTHFULMEDIA. Retrieved November 16, 2020.
Internal MISP references
UUID 600de668-f128-4368-8667-24ed9a9db47a
which can be used as unique global reference for USCYBERCOM SLOTHFULMEDIA October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-16T00:00:00Z |
date_published | 2020-10-01T00:00:00Z |
source | MITRE |
title | USCYBERCOM Cybersecurity Alert SLOTHFULMEDIA |
win10_asr
Microsoft. (2021, July 2). Use attack surface reduction rules to prevent malware infection. Retrieved June 24, 2021.
Internal MISP references
UUID 4499df4a-53c2-4f17-ac90-b99272f5f522
which can be used as unique global reference for win10_asr
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-24T00:00:00Z |
date_published | 2021-07-02T00:00:00Z |
source | MITRE |
title | Use attack surface reduction rules to prevent malware infection |
Azure AD Conditional Access Exclusions
Microsoft. (2022, August 26). Use Azure AD access reviews to manage users excluded from Conditional Access policies. Retrieved August 30, 2022.
Internal MISP references
UUID 8cfb45ec-b660-4a3a-9175-af4ea01ef473
which can be used as unique global reference for Azure AD Conditional Access Exclusions
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-30T00:00:00Z |
date_published | 2022-08-26T00:00:00Z |
source | MITRE |
title | Use Azure AD access reviews to manage users excluded from Conditional Access policies |
Docker Bind Mounts
Docker. (n.d.). Use Bind Mounts. Retrieved March 30, 2021.
Internal MISP references
UUID b298b3d1-30c1-4894-b1de-be11812cde6b
which can be used as unique global reference for Docker Bind Mounts
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-30T00:00:00Z |
source | MITRE |
title | Use Bind Mounts |
Chrome Roaming Profiles
Chrome Enterprise and Education Help. (n.d.). Use Chrome Browser with Roaming User Profiles. Retrieved March 28, 2023.
Internal MISP references
UUID cf0bb77d-c7f7-515b-9217-ba9120cdddec
which can be used as unique global reference for Chrome Roaming Profiles
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-28T00:00:00Z |
source | MITRE |
title | Use Chrome Browser with Roaming User Profiles |
Ars Technica GRU indictment Jul 2018
Gallagher, S. (2018, July 27). How they did it (and will likely try again): GRU hackers vs. US elections. Retrieved September 13, 2018.
Internal MISP references
UUID a1192cb3-4536-4900-93c7-a127ca06c690
which can be used as unique global reference for Ars Technica GRU indictment Jul 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-13T00:00:00Z |
source | MITRE |
title | US elections |
Remote Management MDM macOS
Apple. (n.d.). Use MDM to enable Remote Management in macOS. Retrieved September 23, 2021.
Internal MISP references
UUID e5f59848-7014-487d-9bae-bed81af1b72b
which can be used as unique global reference for Remote Management MDM macOS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-23T00:00:00Z |
source | MITRE |
title | Use MDM to enable Remote Management in macOS |
Securelist Denis April 2017
Shulmin, A., Yunakovsky, S. (2017, April 28). Use of DNS Tunneling for C&C Communications. Retrieved November 5, 2018.
Internal MISP references
UUID 07855a81-1b72-4361-917e-a413b0124eca
which can be used as unique global reference for Securelist Denis April 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-05T00:00:00Z |
date_published | 2017-04-28T00:00:00Z |
source | MITRE |
title | Use of DNS Tunneling for C&C Communications |
Microsoft UAC
Microsoft. (n.d.). User Account Control. Retrieved January 18, 2018.
Internal MISP references
UUID 2eb2fb2f-0b43-4c8c-a69f-3f76a8fd90f3
which can be used as unique global reference for Microsoft UAC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-18T00:00:00Z |
source | MITRE |
title | User Account Control |
TechNet Inside UAC
Russinovich, M. (2009, July). User Account Control: Inside Windows 7 User Account Control. Retrieved July 26, 2016.
Internal MISP references
UUID dea47af6-677a-4625-8664-adf0e6839c9f
which can be used as unique global reference for TechNet Inside UAC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-07-26T00:00:00Z |
date_published | 2009-07-01T00:00:00Z |
source | MITRE |
title | User Account Control: Inside Windows 7 User Account Control |
User Approved Kernel Extension Pike’s
Pikeralpha. (2017, August 29). User Approved Kernel Extension Loading…. Retrieved September 23, 2021.
Internal MISP references
UUID 7700928b-2d27-470c-a2d9-e5c5f9a43af3
which can be used as unique global reference for User Approved Kernel Extension Pike’s
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-23T00:00:00Z |
date_published | 2017-08-29T00:00:00Z |
source | MITRE |
title | User Approved Kernel Extension Loading… |
Adlice Software IAT Hooks Oct 2014
Tigzy. (2014, October 15). Userland Rootkits: Part 1, IAT hooks. Retrieved December 12, 2017.
Internal MISP references
UUID 9a0e7054-9239-43cd-8e5f-aac8b665be72
which can be used as unique global reference for Adlice Software IAT Hooks Oct 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-12T00:00:00Z |
date_published | 2014-10-15T00:00:00Z |
source | MITRE |
title | Userland Rootkits: Part 1, IAT hooks |
cisco_username_cmd
Cisco. (2023, March 6). username - Cisco IOS Security Command Reference: Commands S to Z. Retrieved July 13, 2022.
Internal MISP references
UUID 8e7b99d7-ad94-5802-a1ee-6334842e7e0b
which can be used as unique global reference for cisco_username_cmd
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-07-13T00:00:00Z |
date_published | 2023-03-06T00:00:00Z |
source | MITRE |
title | username - Cisco IOS Security Command Reference: Commands S to Z |
Jamf User Password Policies
Holland, J. (2016, January 25). User password policies on non AD machines. Retrieved April 5, 2018.
Internal MISP references
UUID aa3846fd-a307-4be5-a487-9aa2688d5816
which can be used as unique global reference for Jamf User Password Policies
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-05T00:00:00Z |
date_published | 2016-01-25T00:00:00Z |
source | MITRE |
title | User password policies on non AD machines |
MacOS Email Rules
Apple. (n.d.). Use rules to manage emails you receive in Mail on Mac. Retrieved June 14, 2021.
Internal MISP references
UUID f83283aa-3aaf-4ebd-8503-0d84c2c627c4
which can be used as unique global reference for MacOS Email Rules
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-14T00:00:00Z |
source | MITRE |
title | Use rules to manage emails you receive in Mail on Mac |
Microsoft 365 Sharing Auditing
Microsoft. (2023, October 1). Use sharing auditing in the audit log. Retrieved March 4, 2024.
Internal MISP references
UUID f45d4d73-31b5-557d-b734-f5c186a2e31c
which can be used as unique global reference for Microsoft 365 Sharing Auditing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-04T00:00:00Z |
date_published | 2023-10-01T00:00:00Z |
source | MITRE |
title | Use sharing auditing in the audit log |
Kickstart Apple Remote Desktop commands
Apple. (n.d.). Use the kickstart command-line utility in Apple Remote Desktop. Retrieved September 23, 2021.
Internal MISP references
UUID f26542dd-aa61-4d2a-a05a-8f9674b49f82
which can be used as unique global reference for Kickstart Apple Remote Desktop commands
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-23T00:00:00Z |
source | MITRE |
title | Use the kickstart command-line utility in Apple Remote Desktop |
Microsoft Windows Event Forwarding FEB 2018
Hardy, T. & Hall, J. (2018, February 15). Use Windows Event Forwarding to help with intrusion detection. Retrieved August 7, 2018.
Internal MISP references
UUID 4e7c36b9-415f-41f1-980e-251d92994eb4
which can be used as unique global reference for Microsoft Windows Event Forwarding FEB 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-07T00:00:00Z |
date_published | 2018-02-15T00:00:00Z |
source | MITRE |
title | Use Windows Event Forwarding to help with intrusion detection |
Google Workspace Data Loss Prevention
Google. (n.d.). Use Workspace DLP to prevent data loss. Retrieved March 4, 2024.
Internal MISP references
UUID 81dc5818-342c-5efb-90c6-425c218e130f
which can be used as unique global reference for Google Workspace Data Loss Prevention
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-04T00:00:00Z |
source | MITRE |
title | Use Workspace DLP to prevent data loss |
Apple ZShell
Apple. (2020, January 28). Use zsh as the default shell on your Mac. Retrieved June 12, 2020.
Internal MISP references
UUID 5374ad8e-96a2-4d19-b2cf-28232fa97b52
which can be used as unique global reference for Apple ZShell
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-12T00:00:00Z |
date_published | 2020-01-28T00:00:00Z |
source | MITRE |
title | Use zsh as the default shell on your Mac |
Kuberentes ABAC
Kuberenets. (n.d.). Using ABAC Authorization. Retrieved July 14, 2023.
Internal MISP references
UUID 7f960599-a3d6-53bb-91ff-f0e6117a30ed
which can be used as unique global reference for Kuberentes ABAC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-14T00:00:00Z |
source | MITRE |
title | Using ABAC Authorization |
Cisco Umbrella DGA Brute Force
Kasza, A. (2015, February 18). Using Algorithms to Brute Force Algorithms. Retrieved February 18, 2019.
Internal MISP references
UUID d0eacad8-a6ff-4282-8fbc-d7984ad03b56
which can be used as unique global reference for Cisco Umbrella DGA Brute Force
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-18T00:00:00Z |
date_published | 2015-02-18T00:00:00Z |
source | MITRE |
title | Using Algorithms to Brute Force Algorithms |
Exploit Monday Mitigate Device Guard Bypases
Graeber, M. (2016, September 8). Using Device Guard to Mitigate Against Device Guard Bypasses. Retrieved September 13, 2016.
Internal MISP references
UUID 8130e5e1-376f-4945-957a-aaf8684b361b
which can be used as unique global reference for Exploit Monday Mitigate Device Guard Bypases
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-09-13T00:00:00Z |
date_published | 2016-09-08T00:00:00Z |
source | MITRE |
title | Using Device Guard to Mitigate Against Device Guard Bypasses |
Microsoft DsAddSidHistory
Microsoft. (n.d.). Using DsAddSidHistory. Retrieved November 30, 2017.
Internal MISP references
UUID 11c44e1e-28d8-4d45-8539-6586466a5b3c
which can be used as unique global reference for Microsoft DsAddSidHistory
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-30T00:00:00Z |
source | MITRE |
title | Using DsAddSidHistory |
AWS Instance Profiles
AWS. (n.d.). Using instance profiles. Retrieved February 28, 2024.
Internal MISP references
UUID d114854b-50eb-5d60-896b-401df1e6cada
which can be used as unique global reference for AWS Instance Profiles
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-28T00:00:00Z |
source | MITRE |
title | Using instance profiles |
Microsoft 365 Defender Solorigate
Microsoft 365 Defender Team. (2020, December 28). Using Microsoft 365 Defender to protect against Solorigate. Retrieved January 7, 2021.
Internal MISP references
UUID 449cf112-535b-44af-9001-55123b342779
which can be used as unique global reference for Microsoft 365 Defender Solorigate
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-07T00:00:00Z |
date_published | 2020-12-28T00:00:00Z |
source | MITRE |
title | Using Microsoft 365 Defender to protect against Solorigate |
TechNet Netsh
Microsoft. (n.d.). Using Netsh. Retrieved February 13, 2017.
Internal MISP references
UUID 58112a3a-06bd-4a46-8a09-4dba5f42a04f
which can be used as unique global reference for TechNet Netsh
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-02-13T00:00:00Z |
source | MITRE |
title | Using Netsh |
Demaske Netsh Persistence
Demaske, M. (2016, September 23). USING NETSHELL TO EXECUTE EVIL DLLS AND PERSIST ON A HOST. Retrieved April 8, 2017.
Internal MISP references
UUID 663b3fd6-0dd6-45c8-afba-dc0ea6d331b5
which can be used as unique global reference for Demaske Netsh Persistence
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-04-08T00:00:00Z |
date_published | 2016-09-23T00:00:00Z |
source | MITRE |
title | USING NETSHELL TO EXECUTE EVIL DLLS AND PERSIST ON A HOST |
CrowdStrike Outlook Forms
Parisi, T., et al. (2017, July). Using Outlook Forms for Lateral Movement and Persistence. Retrieved February 5, 2019.
Internal MISP references
UUID ad412d39-c0c5-4119-9193-0ba1309edb3f
which can be used as unique global reference for CrowdStrike Outlook Forms
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-05T00:00:00Z |
date_published | 2017-07-01T00:00:00Z |
source | MITRE |
title | Using Outlook Forms for Lateral Movement and Persistence |
Red Hat PAM
Red Hat. (n.d.). CHAPTER 2. USING PLUGGABLE AUTHENTICATION MODULES (PAM). Retrieved June 25, 2020.
Internal MISP references
UUID 3dc88605-64c8-495a-9e3b-e5686fd2eb03
which can be used as unique global reference for Red Hat PAM
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-25T00:00:00Z |
source | MITRE |
title | USING PLUGGABLE AUTHENTICATION MODULES (PAM) |
Varonis Power Automate Data Exfiltration
Eric Saraga. (2022, February 2). Using Power Automate for Covert Data Exfiltration in Microsoft 365. Retrieved May 27, 2022.
Internal MISP references
UUID 16436468-1daf-433d-bb3b-f842119594b4
which can be used as unique global reference for Varonis Power Automate Data Exfiltration
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-27T00:00:00Z |
date_published | 2022-02-02T00:00:00Z |
source | MITRE |
title | Using Power Automate for Covert Data Exfiltration in Microsoft 365 |
Microsoft Disable NTLM Nov 2012
Microsoft. (2012, November 29). Using security policies to restrict NTLM traffic. Retrieved December 4, 2017.
Internal MISP references
UUID 5861ed76-fedd-4ff9-8242-308c7206e4cb
which can be used as unique global reference for Microsoft Disable NTLM Nov 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-04T00:00:00Z |
date_published | 2012-11-29T00:00:00Z |
source | MITRE |
title | Using security policies to restrict NTLM traffic |
Microsoft SMB Packet Signing
Microsoft. (2008, September 10). Using SMB Packet Signing. Retrieved February 7, 2019.
Internal MISP references
UUID 32a30a3f-3ed1-4def-86b1-f40bbffa1cc5
which can be used as unique global reference for Microsoft SMB Packet Signing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-07T00:00:00Z |
date_published | 2008-09-10T00:00:00Z |
source | MITRE |
title | Using SMB Packet Signing |
Microsoft Using Software Restriction
Microsoft. (2012, June 27). Using Software Restriction Policies and AppLocker Policies. Retrieved April 7, 2016.
Internal MISP references
UUID 774e6598-0926-4adb-890f-00824de07ae0
which can be used as unique global reference for Microsoft Using Software Restriction
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-07T00:00:00Z |
date_published | 2012-06-27T00:00:00Z |
source | MITRE |
title | Using Software Restriction Policies and AppLocker Policies |
TechNet Applocker vs SRP
Microsoft. (2012, June 27). Using Software Restriction Policies and AppLocker Policies. Retrieved April 7, 2016.
Internal MISP references
UUID 84e1c53f-e858-4106-9c14-1b536d5b56f9
which can be used as unique global reference for TechNet Applocker vs SRP
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-07T00:00:00Z |
date_published | 2012-06-27T00:00:00Z |
source | MITRE |
title | Using Software Restriction Policies and AppLocker Policies |
OSX Keychain Schaumann
Jan Schaumann. (2015, November 5). Using the OS X Keychain to store and retrieve passwords. Retrieved March 31, 2022.
Internal MISP references
UUID d0ac448a-7299-4ddc-8730-be72fb840ccb
which can be used as unique global reference for OSX Keychain Schaumann
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-31T00:00:00Z |
date_published | 2015-11-05T00:00:00Z |
source | MITRE |
title | Using the OS X Keychain to store and retrieve passwords |
AutoHotKey
AutoHotkey Foundation LLC. (n.d.). Using the Program. Retrieved March 29, 2024.
Internal MISP references
UUID 0ddfa2ec-a8a5-5cf0-b1b9-7ff6890bc666
which can be used as unique global reference for AutoHotKey
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-29T00:00:00Z |
source | MITRE |
title | Using the Program |
USNYAG IranianBotnet March 2016
Preet Bharara, US Attorney. (2016, March 24). Retrieved April 23, 2019.
Internal MISP references
UUID 69ee73c1-359f-4584-a6e7-75119d24bbf5
which can be used as unique global reference for USNYAG IranianBotnet March 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-23T00:00:00Z |
source | MITRE |
title | USNYAG IranianBotnet March 2016 |
UtilityFunctions.ps1 - LOLBAS Project
LOLBAS. (2021, September 26). UtilityFunctions.ps1. Retrieved December 4, 2023.
Internal MISP references
UUID 8f15755b-2e32-420e-8463-497e3f8d8cfd
which can be used as unique global reference for UtilityFunctions.ps1 - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-09-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | UtilityFunctions.ps1 |
Kernel.org Restrict Kernel Module
Vander Stoep, J. (2016, April 5). [v3] selinux: restrict kernel module loadinglogin register. Retrieved April 9, 2018.
Internal MISP references
UUID a7c3fc64-9b79-4324-8177-0061208d018c
which can be used as unique global reference for Kernel.org Restrict Kernel Module
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-09T00:00:00Z |
date_published | 2016-04-05T00:00:00Z |
source | MITRE |
title | [v3] selinux: restrict kernel module loadinglogin register |
SentinelOne Valak June 2020
Reaves, J. and Platt, J. (2020, June). Valak Malware and the Connection to Gozi Loader ConfCrew. Retrieved August 31, 2020.
Internal MISP references
UUID 92b8ff34-05ef-4139-a6bd-56eb8af9d5e9
which can be used as unique global reference for SentinelOne Valak June 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-31T00:00:00Z |
date_published | 2020-06-01T00:00:00Z |
source | MITRE |
title | Valak Malware and the Connection to Gozi Loader ConfCrew |
Cybereason Valak May 2020
Salem, E. et al. (2020, May 28). VALAK: MORE THAN MEETS THE EYE . Retrieved June 19, 2020.
Internal MISP references
UUID 235d1cf1-2413-4620-96cf-083d348410c2
which can be used as unique global reference for Cybereason Valak May 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-19T00:00:00Z |
date_published | 2020-05-28T00:00:00Z |
source | MITRE |
title | VALAK: MORE THAN MEETS THE EYE |
Walmart Roberts Oct 2018
Sayre, K., Ogden, H., Roberts, C. (2018, October 10). VBA Stomping — Advanced Maldoc Techniques. Retrieved September 17, 2020.
Internal MISP references
UUID d1c88a57-85f4-4a35-a7fa-35e8c7fcd943
which can be used as unique global reference for Walmart Roberts Oct 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-17T00:00:00Z |
date_published | 2018-10-10T00:00:00Z |
source | MITRE |
title | VBA Stomping — Advanced Maldoc Techniques |
vbc.exe - LOLBAS Project
LOLBAS. (2020, February 27). vbc.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 25eb4048-ee6d-44ca-a70b-37605028bd3c
which can be used as unique global reference for vbc.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-02-27T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | vbc.exe |
Veil_Ref
Veil Framework. (n.d.). Retrieved December 4, 2014.
Internal MISP references
UUID 722755a8-305f-4e37-8278-afb360836bec
which can be used as unique global reference for Veil_Ref
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-04T00:00:00Z |
source | MITRE |
title | Veil_Ref |
HC3 Analyst Note Venus Ransomware November 2022
Health Sector Cybersecurity Coordination Center (HC3). (2022, November 9). Venus Ransomware Targets Publicly Exposed Remote Desktop Services. Retrieved May 19, 2023.
Internal MISP references
UUID bd6e6a59-3a73-48f6-84cd-e7c027c8671f
which can be used as unique global reference for HC3 Analyst Note Venus Ransomware November 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-19T00:00:00Z |
date_published | 2022-11-09T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Venus Ransomware Targets Publicly Exposed Remote Desktop Services |
LOLBAS Verclsid
LOLBAS. (n.d.). Verclsid.exe. Retrieved August 10, 2020.
Internal MISP references
UUID 63ac9e95-aad8-4735-9e63-f45d8c499030
which can be used as unique global reference for LOLBAS Verclsid
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-10T00:00:00Z |
source | MITRE |
title | Verclsid.exe |
WinOSBite verclsid.exe
verclsid-exe. (2019, December 17). verclsid.exe File Information - What is it & How to Block . Retrieved August 10, 2020.
Internal MISP references
UUID 5d5fa25b-64a9-4fdb-87c5-1a69a7d2f874
which can be used as unique global reference for WinOSBite verclsid.exe
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-10T00:00:00Z |
date_published | 2019-12-17T00:00:00Z |
source | MITRE |
title | verclsid.exe File Information - What is it & How to Block |
Unit 42 VERMIN Jan 2018
Lancaster, T., Cortes, J. (2018, January 29). VERMIN: Quasar RAT and Custom Malware Used In Ukraine. Retrieved July 5, 2018.
Internal MISP references
UUID 0d6db249-9368-495e-9f1f-c7f10041f5ff
which can be used as unique global reference for Unit 42 VERMIN Jan 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-05T00:00:00Z |
date_published | 2018-01-29T00:00:00Z |
source | MITRE |
title | VERMIN: Quasar RAT and Custom Malware Used In Ukraine |
Unit 42 Vice Society December 6 2022
JR Gumarin. (2022, December 6). Vice Society: Profiling a Persistent Threat to the Education Sector. Retrieved November 14, 2023.
Internal MISP references
UUID 6abf7387-0857-4938-b36e-1374a66d4ed8
which can be used as unique global reference for Unit 42 Vice Society December 6 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-14T00:00:00Z |
date_published | 2022-12-06T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Vice Society: Profiling a Persistent Threat to the Education Sector |
Minerva Labs Vidar Stealer Evasion
Minerva Labs. (2021, September 23). Vidar Stealer Evasion Arsenal. Retrieved November 16, 2023.
Internal MISP references
UUID ce9714d3-7f7c-4068-bcc8-0f0eeaf0dc0b
which can be used as unique global reference for Minerva Labs Vidar Stealer Evasion
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-16T00:00:00Z |
date_published | 2021-09-23T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Vidar Stealer Evasion Arsenal |
Amnesty Intl. Ocean Lotus February 2021
Amnesty International. (2021, February 24). Vietnamese activists targeted by notorious hacking group. Retrieved March 1, 2021.
Internal MISP references
UUID a54a2f68-8406-43ab-8758-07edd49dfb83
which can be used as unique global reference for Amnesty Intl. Ocean Lotus February 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-01T00:00:00Z |
date_published | 2021-02-24T00:00:00Z |
source | MITRE |
title | Vietnamese activists targeted by notorious hacking group |
FireEye APT32 April 2020
Henderson, S., et al. (2020, April 22). Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage. Retrieved April 28, 2020.
Internal MISP references
UUID 347ad5a1-d0b1-4f2b-9abd-eff96d05987d
which can be used as unique global reference for FireEye APT32 April 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-04-28T00:00:00Z |
date_published | 2020-04-22T00:00:00Z |
source | MITRE |
title | Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage |
Slack Help Center Access Logs
Slack Help Center. (n.d.). View Access Logs for your workspace. Retrieved April 10, 2023.
Internal MISP references
UUID b179d0d4-e115-59f1-86a7-7dcfc253e16f
which can be used as unique global reference for Slack Help Center Access Logs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-04-10T00:00:00Z |
source | MITRE |
title | View Access Logs for your workspace |
Azure Activity Logs
Microsoft. (n.d.). View Azure activity logs. Retrieved June 17, 2020.
Internal MISP references
UUID 19b55c10-f4fd-49c2-b267-0d3d8e9acdd7
which can be used as unique global reference for Azure Activity Logs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-17T00:00:00Z |
source | MITRE |
title | View Azure activity logs |
DOJ GRU Indictment Jul 2018
Mueller, R. (2018, July 13). Indictment - United States of America vs. VIKTOR BORISOVICH NETYKSHO, et al. Retrieved September 13, 2018.
Internal MISP references
UUID d65f371b-19d0-49de-b92b-94a2bea1d988
which can be used as unique global reference for DOJ GRU Indictment Jul 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-09-13T00:00:00Z |
source | MITRE |
title | VIKTOR BORISOVICH NETYKSHO, et al |
MalwareTech VFS Nov 2014
Hutchins, M. (2014, November 28). Virtual File Systems for Beginners. Retrieved June 22, 2020.
Internal MISP references
UUID c06af73d-5ed0-46a0-a5a9-161035075884
which can be used as unique global reference for MalwareTech VFS Nov 2014
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-22T00:00:00Z |
date_published | 2014-11-28T00:00:00Z |
source | MITRE |
title | Virtual File Systems for Beginners |
Virtualization/Sandbox Evasion
YUCEEL, Huseyin Can. Picus Labs. (2022, June 9). Virtualization/Sandbox Evasion - How Attackers Avoid Malware Analysis. Retrieved December 26, 2023.
Internal MISP references
UUID a3031616-f21a-574f-a9a5-a808a6230aa8
which can be used as unique global reference for Virtualization/Sandbox Evasion
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-26T00:00:00Z |
date_published | 2022-06-09T00:00:00Z |
source | MITRE |
title | Virtualization/Sandbox Evasion - How Attackers Avoid Malware Analysis |
Ars Technica Pwn2Own 2017 VM Escape
Goodin, D. (2017, March 17). Virtual machine escape fetches $105,000 at Pwn2Own hacking contest - updated. Retrieved March 12, 2018.
Internal MISP references
UUID e75f2d0f-f63e-48c7-a0c3-8f00f371624e
which can be used as unique global reference for Ars Technica Pwn2Own 2017 VM Escape
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-12T00:00:00Z |
date_published | 2017-03-17T00:00:00Z |
source | MITRE |
title | Virtual machine escape fetches $105,000 at Pwn2Own hacking contest - updated |
Google VM
Google. (n.d.). Virtual machine instances. Retrieved October 13, 2021.
Internal MISP references
UUID 2b7ec610-5654-4c94-b5df-9cf5670eec33
which can be used as unique global reference for Google VM
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-13T00:00:00Z |
source | MITRE |
title | Virtual machine instances |
Microsoft Virutal Machine API
Microsoft. (2019, March 1). Virtual Machines - Get. Retrieved October 8, 2019.
Internal MISP references
UUID f565c237-07c5-4e9e-9879-513627517109
which can be used as unique global reference for Microsoft Virutal Machine API
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-08T00:00:00Z |
date_published | 2019-03-01T00:00:00Z |
source | MITRE |
title | Virtual Machines - Get |
Azure Update Virtual Machines
Microsoft. (n.d.). Virtual Machines - Update. Retrieved April 1, 2022.
Internal MISP references
UUID 299f231f-70d1-4c1a-818f-8a01cf65382c
which can be used as unique global reference for Azure Update Virtual Machines
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-01T00:00:00Z |
source | MITRE |
title | Virtual Machines - Update |
Azure Virtual Network TAP
Microsoft. (2022, February 9). Virtual network TAP. Retrieved March 17, 2022.
Internal MISP references
UUID 3f106d7e-f101-4adb-bbd1-d8c04a347f85
which can be used as unique global reference for Azure Virtual Network TAP
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-17T00:00:00Z |
date_published | 2022-02-09T00:00:00Z |
source | MITRE |
title | Virtual network TAP |
Google VPC Overview
Google. (2019, September 23). Virtual Private Cloud (VPC) network overview. Retrieved October 6, 2019.
Internal MISP references
UUID 9ebe53cf-657f-475d-85e4-9e30f4af1e7d
which can be used as unique global reference for Google VPC Overview
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-06T00:00:00Z |
date_published | 2019-09-23T00:00:00Z |
source | MITRE |
title | Virtual Private Cloud (VPC) network overview |
Volexity Virtual Private Keylogging
Adair, S. (2015, October 7). Virtual Private Keylogging: Cisco Web VPNs Leveraged for Access and Persistence. Retrieved March 20, 2017.
Internal MISP references
UUID b299f8e7-01da-4d59-9657-ef93cf284cc0
which can be used as unique global reference for Volexity Virtual Private Keylogging
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-03-20T00:00:00Z |
date_published | 2015-10-07T00:00:00Z |
source | MITRE |
title | Virtual Private Keylogging: Cisco Web VPNs Leveraged for Access and Persistence |
VirusTotal Behavior def.exe
VirusTotal. (2023, July 11). VirusTotal Behavior def.exe. Retrieved July 11, 2023.
Internal MISP references
UUID 3502c98d-b61d-42fa-b23e-7128a4042c03
which can be used as unique global reference for VirusTotal Behavior def.exe
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-11T00:00:00Z |
date_published | 2023-07-11T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | VirusTotal Behavior def.exe |
VirusTotal FAQ
VirusTotal. (n.d.). VirusTotal FAQ. Retrieved May 23, 2019.
Internal MISP references
UUID 5cd965f6-c4af-40aa-8f08-620cf5f1242a
which can be used as unique global reference for VirusTotal FAQ
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-23T00:00:00Z |
source | MITRE |
title | VirusTotal FAQ |
Visa RawPOS March 2015
Visa. (2015, March). Visa Security Alert: "RawPOS" Malware Targeting Lodging Merchants. Retrieved October 6, 2017.
Internal MISP references
UUID a2371f44-0a88-4d68-bbe7-7e79f13f78c2
which can be used as unique global reference for Visa RawPOS March 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-10-06T00:00:00Z |
date_published | 2015-03-01T00:00:00Z |
source | MITRE |
title | Visa Security Alert: "RawPOS" Malware Targeting Lodging Merchants |
ESET Recon Snake Nest
Boutin, J. and Faou, M. (2018). Visiting the snake nest. Retrieved May 7, 2019.
Internal MISP references
UUID b69d7c73-40c2-4cb2-b9ad-088ef61e2f7f
which can be used as unique global reference for ESET Recon Snake Nest
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-07T00:00:00Z |
date_published | 2018-01-01T00:00:00Z |
source | MITRE |
title | Visiting the snake nest |
VB Microsoft
Microsoft. (n.d.). Visual Basic documentation. Retrieved June 23, 2020.
Internal MISP references
UUID b23a1a5d-48dd-4346-bf8d-390624214081
which can be used as unique global reference for VB Microsoft
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-23T00:00:00Z |
source | MITRE |
title | Visual Basic documentation |
Wikipedia VBA
Wikipedia. (n.d.). Visual Basic for Applications. Retrieved August 13, 2020.
Internal MISP references
UUID 70818420-c3ec-46c3-9e97-d8f989f2e3db
which can be used as unique global reference for Wikipedia VBA
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-08-13T00:00:00Z |
source | MITRE |
title | Visual Basic for Applications |
VB .NET Mar 2020
.NET Team. (2020, March 11). Visual Basic support planned for .NET 5.0. Retrieved June 23, 2020.
Internal MISP references
UUID da6d1b56-8e59-4125-b318-48a40a1c8e94
which can be used as unique global reference for VB .NET Mar 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-23T00:00:00Z |
date_published | 2020-03-11T00:00:00Z |
source | MITRE |
title | Visual Basic support planned for .NET 5.0 |
VisualUiaVerifyNative.exe - LOLBAS Project
LOLBAS. (2021, September 26). VisualUiaVerifyNative.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b17be296-15ad-468f-8157-8cb4093b2e97
which can be used as unique global reference for VisualUiaVerifyNative.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-09-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | VisualUiaVerifyNative.exe |
Carbon Black HotCroissant April 2020
Knight, S.. (2020, April 16). VMware Carbon Black TAU Threat Analysis: The Evolution of Lazarus. Retrieved May 1, 2020.
Internal MISP references
UUID 43bcb35b-56e1-47a8-9c74-f7543a25b2a6
which can be used as unique global reference for Carbon Black HotCroissant April 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-01T00:00:00Z |
date_published | 2020-04-16T00:00:00Z |
source | MITRE |
title | VMware Carbon Black TAU Threat Analysis: The Evolution of Lazarus |
Offensive Security VNC Authentication Check
Offensive Security. (n.d.). VNC Authentication. Retrieved October 6, 2021.
Internal MISP references
UUID 90a5ab3c-c2a8-4b02-9bd7-628672907737
which can be used as unique global reference for Offensive Security VNC Authentication Check
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-06T00:00:00Z |
source | MITRE |
title | VNC Authentication |
Trend Micro Void Rabisu May 30 2023
Feike Hacquebord, Stephen Hilt, Fernando Merces, Lord Alfred Remorin. (2023, May 30). Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals. Retrieved June 4, 2023.
Internal MISP references
UUID 5fd628ca-f366-4f0d-b493-8be19fa4dd4e
which can be used as unique global reference for Trend Micro Void Rabisu May 30 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-04T00:00:00Z |
date_published | 2023-05-30T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals |
CheckPoint Volatile Cedar March 2015
Threat Intelligence and Research. (2015, March 30). VOLATILE CEDAR. Retrieved February 8, 2021.
Internal MISP references
UUID a26344a2-63ca-422e-8cf9-0cf22a5bee72
which can be used as unique global reference for CheckPoint Volatile Cedar March 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-08T00:00:00Z |
date_published | 2015-03-30T00:00:00Z |
source | MITRE, Tidal Cyber |
title | VOLATILE CEDAR |
Microsoft Volt Typhoon May 2023
Microsoft Threat Intelligence. (2023, May 24). Volt Typhoon targets US critical infrastructure with living-off-the-land techniques. Retrieved July 27, 2023.
Internal MISP references
UUID 8b74f0b7-9719-598c-b3ee-61d734393e6f
which can be used as unique global reference for Microsoft Volt Typhoon May 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-27T00:00:00Z |
date_published | 2023-05-24T00:00:00Z |
source | MITRE |
title | Volt Typhoon targets US critical infrastructure with living-off-the-land techniques |
Microsoft Volt Typhoon May 24 2023
Microsoft Threat Intelligence. (2023, May 24). Volt Typhoon targets US critical infrastructure with living-off-the-land techniques. Retrieved May 25, 2023.
Internal MISP references
UUID 2e94c44a-d2a7-4e56-ac8a-df315fc14ec1
which can be used as unique global reference for Microsoft Volt Typhoon May 24 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-25T00:00:00Z |
date_published | 2023-05-24T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Volt Typhoon targets US critical infrastructure with living-off-the-land techniques |
VSDiagnostics.exe - LOLBAS Project
LOLBAS. (2023, July 12). VSDiagnostics.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b4658fc0-af16-45b1-8403-a9676760a36a
which can be used as unique global reference for VSDiagnostics.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2023-07-12T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | VSDiagnostics.exe |
Vshadow.exe - LOLBAS Project
LOLBAS. (2023, September 6). Vshadow.exe. Retrieved December 4, 2023.
Internal MISP references
UUID ae3b1e26-d7d7-4049-b4a7-80cd2b149b7c
which can be used as unique global reference for Vshadow.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2023-09-06T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Vshadow.exe |
VSIISExeLauncher.exe - LOLBAS Project
LOLBAS. (2021, September 24). VSIISExeLauncher.exe. Retrieved December 4, 2023.
Internal MISP references
UUID e2fda344-77b8-4650-a7da-1e422db6d3a1
which can be used as unique global reference for VSIISExeLauncher.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-09-24T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | VSIISExeLauncher.exe |
vsjitdebugger.exe - LOLBAS Project
LOLBAS. (2018, May 25). vsjitdebugger.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 94a880fa-70b0-46c3-997e-b22dc9180134
which can be used as unique global reference for vsjitdebugger.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | vsjitdebugger.exe |
vsls-agent.exe - LOLBAS Project
LOLBAS. (2022, November 1). vsls-agent.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 325eab54-bcdd-4a12-ab41-aaf06a0405e9
which can be used as unique global reference for vsls-agent.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-11-01T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | vsls-agent.exe |
vstest.console.exe - LOLBAS Project
LOLBAS. (2023, September 8). vstest.console.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 70c168a0-9ddf-408d-ba29-885c0c5c936a
which can be used as unique global reference for vstest.console.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2023-09-08T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | vstest.console.exe |
Kanthak Sentinel
Kanthak, S. (2016, July 20). Vulnerability and Exploit Detector. Retrieved February 3, 2017.
Internal MISP references
UUID 94f99326-1512-47ca-8c99-9b382e4d0261
which can be used as unique global reference for Kanthak Sentinel
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-02-03T00:00:00Z |
date_published | 2016-07-20T00:00:00Z |
source | MITRE |
title | Vulnerability and Exploit Detector |
Vulnerability and Exploit Detector
Kanthak, S.. (2016, July 20). Vulnerability and Exploit Detector. Retrieved February 3, 2017.
Internal MISP references
UUID d63d6e14-8fe7-4893-a42f-3752eaec8770
which can be used as unique global reference for Vulnerability and Exploit Detector
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-02-03T00:00:00Z |
date_published | 2016-07-20T00:00:00Z |
source | MITRE |
title | Vulnerability and Exploit Detector |
Electron Security 3
CertiK. (2020, June 30). Vulnerability in Electron-based Application: Unintentionally Giving Malicious Code Room to Run. Retrieved March 7, 2024.
Internal MISP references
UUID b425f1b5-0375-5747-abd0-c5cd7ba3b781
which can be used as unique global reference for Electron Security 3
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-07T00:00:00Z |
date_published | 2020-06-30T00:00:00Z |
source | MITRE |
title | Vulnerability in Electron-based Application: Unintentionally Giving Malicious Code Room to Run |
Technet MS14-068
Microsoft. (2014, November 18). Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780). Retrieved December 23, 2015.
Internal MISP references
UUID db78c095-b7b2-4422-8473-49d4a1129b76
which can be used as unique global reference for Technet MS14-068
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-12-23T00:00:00Z |
date_published | 2014-11-18T00:00:00Z |
source | MITRE |
title | Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780) |
vxunderground debug
vxunderground. (2021, June 30). VX-API. Retrieved April 1, 2022.
Internal MISP references
UUID 8c7fe2a2-64a1-4680-a4e6-f6eefe00407a
which can be used as unique global reference for vxunderground debug
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-01T00:00:00Z |
date_published | 2021-06-30T00:00:00Z |
source | MITRE |
title | VX-API |
Symantec W32.Duqu
Symantec Security Response. (2011, November). W32.Duqu: The precursor to the next Stuxnet. Retrieved September 17, 2015.
Internal MISP references
UUID 8660411a-6b9c-46c2-8f5f-049ec60c7d40
which can be used as unique global reference for Symantec W32.Duqu
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-09-17T00:00:00Z |
date_published | 2011-11-01T00:00:00Z |
source | MITRE |
title | W32.Duqu: The precursor to the next Stuxnet |
Symantec W.32 Stuxnet Dossier
Nicolas Falliere, Liam O. Murchu, Eric Chien. (2011, February). W32.Stuxnet Dossier. Retrieved December 7, 2020.
Internal MISP references
UUID ef65ab18-fd84-4098-8805-df0268fc3a38
which can be used as unique global reference for Symantec W.32 Stuxnet Dossier
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-07T00:00:00Z |
date_published | 2011-02-01T00:00:00Z |
source | MITRE |
title | W32.Stuxnet Dossier |
w32.tidserv.g
Symantec. (2009, March 22). W32.Tidserv.G. Retrieved January 14, 2022.
Internal MISP references
UUID 9d4ac51b-d870-43e8-bc6f-d7159343b00c
which can be used as unique global reference for w32.tidserv.g
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-14T00:00:00Z |
date_published | 2009-03-22T00:00:00Z |
source | MITRE |
title | W32.Tidserv.G |
Github W32Time Oct 2017
Lundgren, S. (2017, October 28). w32time. Retrieved March 26, 2018.
Internal MISP references
UUID a248fd87-c3c1-4de7-a9af-0436a10f71aa
which can be used as unique global reference for Github W32Time Oct 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-26T00:00:00Z |
date_published | 2017-10-28T00:00:00Z |
source | MITRE |
title | w32time |
Symantec Chernobyl W95.CIH
Yamamura, M. (2002, April 25). W95.CIH. Retrieved April 12, 2019.
Internal MISP references
UUID a35cab17-634d-4a7a-a42c-4a4280e8785d
which can be used as unique global reference for Symantec Chernobyl W95.CIH
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-12T00:00:00Z |
date_published | 2002-04-25T00:00:00Z |
source | MITRE |
title | W95.CIH |
Wab.exe - LOLBAS Project
LOLBAS. (2018, May 25). Wab.exe. Retrieved December 4, 2023.
Internal MISP references
UUID c432556e-c7f9-4e36-af7e-d7bea6f51e95
which can be used as unique global reference for Wab.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Wab.exe |
GitLab WakeOnLAN
Perry, David. (2020, August 11). WakeOnLAN (WOL). Retrieved February 17, 2021.
Internal MISP references
UUID 120e3b14-f08b-40e0-9d20-4ddda6b8cc06
which can be used as unique global reference for GitLab WakeOnLAN
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-17T00:00:00Z |
date_published | 2020-08-11T00:00:00Z |
source | MITRE |
title | WakeOnLAN (WOL) |
FireEye WannaCry 2017
Berry, A., Homan, J., and Eitzman, R. (2017, May 23). WannaCry Malware Profile. Retrieved March 15, 2019.
Internal MISP references
UUID 34b15fe1-c550-4150-87bc-ac9662547247
which can be used as unique global reference for FireEye WannaCry 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-15T00:00:00Z |
date_published | 2017-05-23T00:00:00Z |
source | MITRE |
title | WannaCry Malware Profile |
BfV North Korea February 17 2024
Bundesamt fur Verfassungsschutz. (2024, February 17). Warning of North Korean cyber threats targeting the Defense Sector. Retrieved February 26, 2024.
Internal MISP references
UUID cc76be15-6d9d-40b2-b7f3-196bb0a7106a
which can be used as unique global reference for BfV North Korea February 17 2024
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-26T00:00:00Z |
date_published | 2024-02-17T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Warning of North Korean cyber threats targeting the Defense Sector |
Trend Micro War of Crypto Miners
Oliveira, A., Fiser, D. (2020, September 10). War of Linux Cryptocurrency Miners: A Battle for Resources. Retrieved April 6, 2021.
Internal MISP references
UUID 1ba47efe-35f8-4d52-95c7-65cdc829c8e5
which can be used as unique global reference for Trend Micro War of Crypto Miners
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-06T00:00:00Z |
date_published | 2020-09-10T00:00:00Z |
source | MITRE |
title | War of Linux Cryptocurrency Miners: A Battle for Resources |
Check Point Warzone Feb 2020
Harakhavik, Y. (2020, February 3). Warzone: Behind the enemy lines. Retrieved December 17, 2021.
Internal MISP references
UUID c214c36e-2bc7-4b98-a74e-529aae99f9cf
which can be used as unique global reference for Check Point Warzone Feb 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-17T00:00:00Z |
date_published | 2020-02-03T00:00:00Z |
source | MITRE |
title | Warzone: Behind the enemy lines |
Uptycs Warzone UAC Bypass November 2020
Mohanta, A. (2020, November 25). Warzone RAT comes with UAC bypass technique. Retrieved April 7, 2022.
Internal MISP references
UUID 1324b314-a4d9-43e7-81d6-70b6917fe527
which can be used as unique global reference for Uptycs Warzone UAC Bypass November 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-07T00:00:00Z |
date_published | 2020-11-25T00:00:00Z |
source | MITRE |
title | Warzone RAT comes with UAC bypass technique |
Dragos WASSONITE
Dragos. (n.d.). WASSONITE. Retrieved January 20, 2021.
Internal MISP references
UUID 39e6ab06-9f9f-4292-9034-b2f56064164d
which can be used as unique global reference for Dragos WASSONITE
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-01-20T00:00:00Z |
source | MITRE |
title | WASSONITE |
NCC Group WastedLocker June 2020
Antenucci, S., Pantazopoulos, N., Sandee, M. (2020, June 23). WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group. Retrieved September 14, 2021.
Internal MISP references
UUID 1520f2e5-2689-428f-9ee4-05e153a52381
which can be used as unique global reference for NCC Group WastedLocker June 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-14T00:00:00Z |
date_published | 2020-06-23T00:00:00Z |
source | MITRE |
title | WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group |
Sentinel Labs WastedLocker July 2020
Walter, J.. (2020, July 23). WastedLocker Ransomware: Abusing ADS and NTFS File Attributes. Retrieved September 14, 2021.
Internal MISP references
UUID 5ed4eb07-cc90-46bc-8527-0bb59e1eefe1
which can be used as unique global reference for Sentinel Labs WastedLocker July 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-14T00:00:00Z |
date_published | 2020-07-23T00:00:00Z |
source | MITRE |
title | WastedLocker Ransomware: Abusing ADS and NTFS File Attributes |
Intezer Doki July 20
Fishbein, N., Kajiloti, M.. (2020, July 28). Watch Your Containers: Doki Infecting Docker Servers in the Cloud. Retrieved March 30, 2021.
Internal MISP references
UUID 688b2582-6602-44e1-aaac-3a4b8e168b04
which can be used as unique global reference for Intezer Doki July 20
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-30T00:00:00Z |
date_published | 2020-07-28T00:00:00Z |
source | MITRE |
title | Watch Your Containers: Doki Infecting Docker Servers in the Cloud |
Trend Micro Waterbear December 2019
Su, V. et al. (2019, December 11). Waterbear Returns, Uses API Hooking to Evade Security. Retrieved February 22, 2021.
Internal MISP references
UUID bf320133-3823-4232-b7d2-d07da9bbccc2
which can be used as unique global reference for Trend Micro Waterbear December 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-22T00:00:00Z |
date_published | 2019-12-11T00:00:00Z |
source | MITRE |
title | Waterbear Returns, Uses API Hooking to Evade Security |
Symantec Waterbug Jun 2019
Symantec DeepSight Adversary Intelligence Team. (2019, June 20). Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments. Retrieved July 8, 2019.
Internal MISP references
UUID ddd5c2c9-7126-4b89-b415-dc651a2ccc0e
which can be used as unique global reference for Symantec Waterbug Jun 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-08T00:00:00Z |
date_published | 2019-06-20T00:00:00Z |
source | MITRE |
title | Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments |
ESET DazzleSpy Jan 2022
M.Léveillé, M., Cherepanov, A.. (2022, January 25). Watering hole deploys new macOS malware, DazzleSpy, in Asia. Retrieved May 6, 2022.
Internal MISP references
UUID 212012ac-9084-490f-8dd2-5cc9ac6e6de1
which can be used as unique global reference for ESET DazzleSpy Jan 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-06T00:00:00Z |
date_published | 2022-01-25T00:00:00Z |
source | MITRE |
title | Watering hole deploys new macOS malware, DazzleSpy, in Asia |
win_wbadmin_delete_catalog
Microsoft. (2017, October 16). wbadmin delete catalog. Retrieved September 20, 2021.
Internal MISP references
UUID 6adfba35-3bf1-4915-813e-40c4a843ae34
which can be used as unique global reference for win_wbadmin_delete_catalog
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-20T00:00:00Z |
date_published | 2017-10-16T00:00:00Z |
source | MITRE |
title | wbadmin delete catalog |
SecureWorks WannaCry Analysis
Counter Threat Unit Research Team. (2017, May 18). WCry Ransomware Analysis. Retrieved March 26, 2019.
Internal MISP references
UUID 522b2a19-1d15-48f8-8801-c64d3abd945a
which can be used as unique global reference for SecureWorks WannaCry Analysis
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-03-26T00:00:00Z |
date_published | 2017-05-18T00:00:00Z |
source | MITRE |
title | WCry Ransomware Analysis |
Aleks Weapons Nov 2015
Nick Aleks. (2015, November 7). Weapons of a Pentester - Understanding the virtual & physical tools used by white/black hat hackers. Retrieved March 30, 2018.
Internal MISP references
UUID fd22c941-b0dc-4420-b363-2f5777981041
which can be used as unique global reference for Aleks Weapons Nov 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-30T00:00:00Z |
date_published | 2015-11-07T00:00:00Z |
source | MITRE |
title | Weapons of a Pentester - Understanding the virtual & physical tools used by white/black hat hackers |
NIST Web Bug
NIST Information Technology Laboratory. (n.d.). web bug. Retrieved March 22, 2023.
Internal MISP references
UUID b4362602-faf0-5b28-a147-b3153da1903f
which can be used as unique global reference for NIST Web Bug
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-22T00:00:00Z |
source | MITRE |
title | web bug |
Didier Stevens WebDAV Traffic
Stevens, D. (2017, November 13). WebDAV Traffic To Malicious Sites. Retrieved December 21, 2017.
Internal MISP references
UUID b521efe2-5c1c-48c5-a2a9-95da2367f537
which can be used as unique global reference for Didier Stevens WebDAV Traffic
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-21T00:00:00Z |
date_published | 2017-11-13T00:00:00Z |
source | MITRE |
title | WebDAV Traffic To Malicious Sites |
Checkmarx Webhooks
Jossef Harush Kadouri. (2022, March 7). Webhook Party — Malicious packages caught exfiltrating data via legit webhook services. Retrieved July 20, 2023.
Internal MISP references
UUID f68f1151-839e-5ae7-bab1-aa2b4c0d11ec
which can be used as unique global reference for Checkmarx Webhooks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-20T00:00:00Z |
date_published | 2022-03-07T00:00:00Z |
source | MITRE |
title | Webhook Party — Malicious packages caught exfiltrating data via legit webhook services |
Push Security SaaS Attacks Repository Webhooks
Push Security. (2023, July 31). Webhooks. Retrieved August 4, 2023.
Internal MISP references
UUID 519693e2-71c9-55d2-98fd-be451837582a
which can be used as unique global reference for Push Security SaaS Attacks Repository Webhooks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-04T00:00:00Z |
date_published | 2023-07-31T00:00:00Z |
source | MITRE |
title | Webhooks |
acunetix Server Secuirty
Acunetix. (n.d.). Web Server Security and Database Server Security. Retrieved July 26, 2018.
Internal MISP references
UUID cedbdeb8-6669-4c5c-a8aa-d37576aaa1ba
which can be used as unique global reference for acunetix Server Secuirty
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-26T00:00:00Z |
source | MITRE |
title | Web Server Security and Database Server Security |
Microsoft Well Known SIDs Jun 2017
Microsoft. (2017, June 23). Well-known security identifiers in Windows operating systems. Retrieved November 30, 2017.
Internal MISP references
UUID 14b344ed-bde6-4755-b59a-595edb23a210
which can be used as unique global reference for Microsoft Well Known SIDs Jun 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-30T00:00:00Z |
date_published | 2017-06-23T00:00:00Z |
source | MITRE |
title | Well-known security identifiers in Windows operating systems |
PWC WellMess C2 August 2020
PWC. (2020, August 17). WellMess malware: analysis of its Command and Control (C2) server. Retrieved September 29, 2020.
Internal MISP references
UUID 3afca6f1-680a-46ae-8cea-10b6b870d5e7
which can be used as unique global reference for PWC WellMess C2 August 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-09-29T00:00:00Z |
date_published | 2020-08-17T00:00:00Z |
source | MITRE |
title | WellMess malware: analysis of its Command and Control (C2) server |
Cofense Astaroth Sept 2018
Doaty, J., Garrett, P.. (2018, September 10). We’re Seeing a Resurgence of the Demonic Astaroth WMIC Trojan. Retrieved April 17, 2019.
Internal MISP references
UUID d316c581-646d-48e7-956e-34e2f957c67d
which can be used as unique global reference for Cofense Astaroth Sept 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-17T00:00:00Z |
date_published | 2018-09-10T00:00:00Z |
source | MITRE |
title | We’re Seeing a Resurgence of the Demonic Astaroth WMIC Trojan |
Microsoft wevtutil Oct 2017
Plett, C. et al.. (2017, October 16). wevtutil. Retrieved July 2, 2018.
Internal MISP references
UUID 8896d802-96c6-4546-8a82-c1f7f2d71ea1
which can be used as unique global reference for Microsoft wevtutil Oct 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-02T00:00:00Z |
date_published | 2017-10-16T00:00:00Z |
source | MITRE |
title | wevtutil |
Wevtutil Microsoft Documentation
Microsoft. (n.d.). wevtutil. Retrieved September 14, 2021.
Internal MISP references
UUID 25511dde-9e13-4e03-8ae4-2495e9f5eb5e
which can be used as unique global reference for Wevtutil Microsoft Documentation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-14T00:00:00Z |
source | MITRE |
title | wevtutil |
Wfc.exe - LOLBAS Project
LOLBAS. (2021, September 26). Wfc.exe. Retrieved December 4, 2023.
Internal MISP references
UUID a937012a-01c8-457c-8808-47c1753e8781
which can be used as unique global reference for Wfc.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-09-26T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Wfc.exe |
Crowdstrike Downgrade
Bart Lenaerts-Bergman. (2023, March 14). WHAT ARE DOWNGRADE ATTACKS?. Retrieved May 24, 2023.
Internal MISP references
UUID 47856c5f-6c4c-5b4c-bbc1-ccb6848d9b74
which can be used as unique global reference for Crowdstrike Downgrade
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-24T00:00:00Z |
date_published | 2023-03-14T00:00:00Z |
source | MITRE |
title | WHAT ARE DOWNGRADE ATTACKS? |
Chrome Extensions Definition
Chrome. (n.d.). What are Extensions?. Retrieved November 16, 2017.
Internal MISP references
UUID fe00cee9-54d9-4775-86da-b7db73295bf7
which can be used as unique global reference for Chrome Extensions Definition
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-16T00:00:00Z |
source | MITRE |
title | What are Extensions? |
StackExchange Hooks Jul 2012
Stack Exchange - Security. (2012, July 31). What are the methods to find hooked functions and APIs?. Retrieved December 12, 2017.
Internal MISP references
UUID dfa76ff1-df9e-4cdf-aabe-476479cdcf13
which can be used as unique global reference for StackExchange Hooks Jul 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-12T00:00:00Z |
date_published | 2012-07-31T00:00:00Z |
source | MITRE |
title | What are the methods to find hooked functions and APIs? |
macOS APT Activity Bradley
Jaron Bradley. (2021, November 14). What does APT Activity Look Like on macOS?. Retrieved January 19, 2022.
Internal MISP references
UUID 7ccda957-b38d-4c3f-a8f5-6cecdcb3f584
which can be used as unique global reference for macOS APT Activity Bradley
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-01-19T00:00:00Z |
date_published | 2021-11-14T00:00:00Z |
source | MITRE |
title | What does APT Activity Look Like on macOS? |
okta
okta. (n.d.). What Happens If Your JWT Is Stolen?. Retrieved September 12, 2019.
Internal MISP references
UUID 61e2fb16-d04b-494c-8bea-fb34e81faa73
which can be used as unique global reference for okta
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-12T00:00:00Z |
source | MITRE |
title | What Happens If Your JWT Is Stolen? |
Norton Botnet
Norton. (n.d.). What is a botnet?. Retrieved October 4, 2020.
Internal MISP references
UUID f97427f1-ea16-4e92-a4a2-4d62a800df15
which can be used as unique global reference for Norton Botnet
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-04T00:00:00Z |
source | MITRE |
title | What is a botnet? |
Microsoft DLL
Microsoft. (2023, April 28). What is a DLL. Retrieved September 7, 2023.
Internal MISP references
UUID f0ae2788-537c-5644-ba1b-d06a612e73c1
which can be used as unique global reference for Microsoft DLL
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-07T00:00:00Z |
date_published | 2023-04-28T00:00:00Z |
source | MITRE |
title | What is a DLL |
Cloudflare DNSamplficationDoS
Cloudflare. (n.d.). What is a DNS amplification attack?. Retrieved April 23, 2019.
Internal MISP references
UUID 734cb2bb-462a-4bdc-9774-6883f99379b9
which can be used as unique global reference for Cloudflare DNSamplficationDoS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-23T00:00:00Z |
source | MITRE |
title | What is a DNS amplification attack? |
Amazon AWS VPC Guide
Amazon. (n.d.). What Is Amazon VPC?. Retrieved October 6, 2019.
Internal MISP references
UUID 7972332d-fbe9-4f14-9511-4298f65f2a86
which can be used as unique global reference for Amazon AWS VPC Guide
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-06T00:00:00Z |
source | MITRE |
title | What Is Amazon VPC? |
Cloudflare HTTPflood
Cloudflare. (n.d.). What is an HTTP flood DDoS attack?. Retrieved April 22, 2019.
Internal MISP references
UUID 1a5934a4-35ce-4f7c-be9c-c1faf4ee0838
which can be used as unique global reference for Cloudflare HTTPflood
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-22T00:00:00Z |
source | MITRE |
title | What is an HTTP flood DDoS attack? |
Cloudflare NTPamplifciationDoS
Cloudflare. (n.d.). What is a NTP amplificaiton attack?. Retrieved April 23, 2019.
Internal MISP references
UUID 09ce093a-d378-4915-a35f-bf18a278d873
which can be used as unique global reference for Cloudflare NTPamplifciationDoS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-23T00:00:00Z |
source | MITRE |
title | What is a NTP amplificaiton attack? |
Microsoft Primary Refresh Token
Microsoft. (2022, September 9). What is a Primary Refresh Token?. Retrieved February 21, 2023.
Internal MISP references
UUID d23bf6dc-979b-5f34-86a7-637979a5f20e
which can be used as unique global reference for Microsoft Primary Refresh Token
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-21T00:00:00Z |
date_published | 2022-09-09T00:00:00Z |
source | MITRE |
title | What is a Primary Refresh Token? |
Comparitech Replay Attack
Justin Schamotta. (2022, October 28). What is a replay attack?. Retrieved September 27, 2023.
Internal MISP references
UUID a9f0b569-8f18-579f-bf98-f4f9b93e5524
which can be used as unique global reference for Comparitech Replay Attack
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-27T00:00:00Z |
date_published | 2022-10-28T00:00:00Z |
source | MITRE |
title | What is a replay attack? |
Corero SYN-ACKflood
Corero. (n.d.). What is a SYN-ACK Flood Attack?. Retrieved April 22, 2019.
Internal MISP references
UUID ec41de8a-c673-41bf-b713-4a647b135532
which can be used as unique global reference for Corero SYN-ACKflood
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-22T00:00:00Z |
source | MITRE |
title | What is a SYN-ACK Flood Attack? |
Cloudflare SynFlood
Cloudflare. (n.d.). What is a SYN flood attack?. Retrieved April 22, 2019.
Internal MISP references
UUID e292c4fe-ae77-4393-b666-fb6290cb4aa8
which can be used as unique global reference for Cloudflare SynFlood
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-22T00:00:00Z |
source | MITRE |
title | What is a SYN flood attack? |
Amazon VM
Microsoft. (n.d.). What is a virtual machine (VM)?. Retrieved October 13, 2021.
Internal MISP references
UUID 9afbd6a5-1c31-4727-8f36-04d4d8e65660
which can be used as unique global reference for Amazon VM
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-13T00:00:00Z |
source | MITRE |
title | What is a virtual machine (VM)? |
RedHat Webhooks
RedHat. (2022, June 1). What is a webhook?. Retrieved July 20, 2023.
Internal MISP references
UUID 37321591-40fd-537e-ba74-71042bc5064e
which can be used as unique global reference for RedHat Webhooks
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-20T00:00:00Z |
date_published | 2022-06-01T00:00:00Z |
source | MITRE |
title | What is a webhook? |
AWS System Manager
AWS. (2023, June 2). What is AWS System Manager?. Retrieved June 2, 2023.
Internal MISP references
UUID a7813928-4351-54c5-a64e-61bd4689e93b
which can be used as unique global reference for AWS System Manager
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-02T00:00:00Z |
date_published | 2023-06-02T00:00:00Z |
source | MITRE |
title | What is AWS System Manager? |
Microsoft Azure Virtual Network Overview
Annamalai, N., Casey, C., Almeida, M., et. al.. (2019, June 18). What is Azure Virtual Network?. Retrieved October 6, 2019.
Internal MISP references
UUID bf7f2e7a-f5ae-4b6e-8c90-fd41a92c4615
which can be used as unique global reference for Microsoft Azure Virtual Network Overview
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-06T00:00:00Z |
date_published | 2019-06-18T00:00:00Z |
source | MITRE |
title | What is Azure Virtual Network? |
CrowdStrike-BEC
Bart Lenaerts-Bergmans. (2023, March 10). What is Business Email Compromise?. Retrieved August 8, 2023.
Internal MISP references
UUID 7e674a8d-e79f-5cb0-8ad2-a7678e647c6f
which can be used as unique global reference for CrowdStrike-BEC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-08-08T00:00:00Z |
date_published | 2023-03-10T00:00:00Z |
source | MITRE |
title | What is Business Email Compromise? |
Microsoft Conditional Access
Microsoft. (2023, November 15). What is Conditional Access?. Retrieved January 2, 2024.
Internal MISP references
UUID 7d39522c-5a9c-5a19-a0e4-e5aec68f5f08
which can be used as unique global reference for Microsoft Conditional Access
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-02T00:00:00Z |
date_published | 2023-11-15T00:00:00Z |
source | MITRE |
title | What is Conditional Access? |
PAN DNS Tunneling
Palo Alto Networks. (n.d.). What Is DNS Tunneling?. Retrieved March 15, 2020.
Internal MISP references
UUID efe1c443-475b-45fc-8d33-5bf3bdf941c5
which can be used as unique global reference for PAN DNS Tunneling
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-15T00:00:00Z |
source | MITRE |
title | What Is DNS Tunneling? |
Proofpoint-spoof
Proofpoint. (n.d.). What Is Email Spoofing?. Retrieved February 24, 2023.
Internal MISP references
UUID fe9f7542-bbf0-5e34-b3a9-8596cc5aa754
which can be used as unique global reference for Proofpoint-spoof
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-24T00:00:00Z |
source | MITRE |
title | What Is Email Spoofing? |
magnusviri emond Apr 2016
Reynolds, James. (2016, April 7). What is emond?. Retrieved September 10, 2019.
Internal MISP references
UUID 373f64a5-a30f-4b6e-b352-d0c6f8b65fdb
which can be used as unique global reference for magnusviri emond Apr 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-10T00:00:00Z |
date_published | 2016-04-07T00:00:00Z |
source | MITRE |
title | What is emond? |
Microsoft - Azure AD Federation
Microsoft. (2018, November 28). What is federation with Azure AD?. Retrieved December 30, 2020.
Internal MISP references
UUID fedb345f-b5a7-40cd-98c7-6b14bab95ed9
which can be used as unique global reference for Microsoft - Azure AD Federation
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-30T00:00:00Z |
date_published | 2018-11-28T00:00:00Z |
source | MITRE |
title | What is federation with Azure AD? |
What Is FormBook Malware?
www.blackberry.com. (n.d.). What Is FormBook Malware?. Retrieved May 18, 2023.
Internal MISP references
UUID d1f57ed6-8f44-46cc-afb7-53d9543f68ed
which can be used as unique global reference for What Is FormBook Malware?
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-18T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | What Is FormBook Malware? |
What is FormBook Malware? - Check Point Software
Check Point Software. (n.d.). What is FormBook Malware? - Check Point Software. Retrieved May 18, 2023.
Internal MISP references
UUID c7670c6d-014b-4937-ac0f-9f2aec60e2d8
which can be used as unique global reference for What is FormBook Malware? - Check Point Software
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-18T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | What is FormBook Malware? - Check Point Software |
grsecurity official
grsecurity. (2017, December 12). What is grsecurity?. Retrieved December 20, 2017.
Internal MISP references
UUID f87c0c95-65bd-4b57-9b7d-1b7936f03c2a
which can be used as unique global reference for grsecurity official
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
date_published | 2017-12-12T00:00:00Z |
source | MITRE |
title | What is grsecurity? |
VDSO Aug 2005
Petersson, J. (2005, August 14). What is linux-gate.so.1?. Retrieved June 16, 2020.
Internal MISP references
UUID ae70f799-ebb6-4ffe-898e-945cb754c1cb
which can be used as unique global reference for VDSO Aug 2005
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-16T00:00:00Z |
date_published | 2005-08-14T00:00:00Z |
source | MITRE |
title | What is linux-gate.so.1? |
what_is_mmc
Microsoft. (2020, September 27). What is Microsoft Management Console?. Retrieved October 5, 2021.
Internal MISP references
UUID 57e130ab-f981-423e-bafe-51d0d0e1abdf
which can be used as unique global reference for what_is_mmc
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-05T00:00:00Z |
date_published | 2020-09-27T00:00:00Z |
source | MITRE |
title | What is Microsoft Management Console? |
Microsoft NET - Duplicate
Microsoft. (n.d.). What is .NET Framework?. Retrieved March 15, 2020.
Internal MISP references
UUID b4727044-51bb-43b3-afdb-515bb4bb0f7e
which can be used as unique global reference for Microsoft NET - Duplicate
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-15T00:00:00Z |
source | MITRE |
title | What is .NET Framework? |
Pastebin EchoSec
Ciarniello, A. (2019, September 24). What is Pastebin and Why Do Hackers Love It?. Retrieved April 11, 2023.
Internal MISP references
UUID 3fc422e5-9a1d-5ac4-8e65-1df13d8a688e
which can be used as unique global reference for Pastebin EchoSec
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-04-11T00:00:00Z |
date_published | 2019-09-24T00:00:00Z |
source | MITRE |
title | What is Pastebin and Why Do Hackers Love It? |
Microsoft Protected View
Microsoft. (n.d.). What is Protected View?. Retrieved November 22, 2017.
Internal MISP references
UUID 5261895f-367f-4c5d-b4df-7ff44bbbe28e
which can be used as unique global reference for Microsoft Protected View
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-11-22T00:00:00Z |
source | MITRE |
title | What is Protected View? |
TechNet RPC
Microsoft. (2003, March 28). What Is RPC?. Retrieved June 12, 2016.
Internal MISP references
UUID 7eaa0fa8-953a-482e-8f6b-02607e928525
which can be used as unique global reference for TechNet RPC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-12T00:00:00Z |
date_published | 2003-03-28T00:00:00Z |
source | MITRE |
title | What Is RPC? |
IOKit Fundamentals
Apple. (2014, April 9). What Is the I/O Kit?. Retrieved September 24, 2021.
Internal MISP references
UUID ac90279f-becd-4a96-a08e-8c4c26dba3c0
which can be used as unique global reference for IOKit Fundamentals
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-24T00:00:00Z |
date_published | 2014-04-09T00:00:00Z |
source | MITRE |
title | What Is the I/O Kit? |
Baeldung LD_PRELOAD
baeldung. (2020, August 9). What Is the LD_PRELOAD Trick?. Retrieved March 24, 2021.
Internal MISP references
UUID 6fd6ea96-1cf4-4169-8069-4f29dbc9f217
which can be used as unique global reference for Baeldung LD_PRELOAD
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-24T00:00:00Z |
date_published | 2020-08-09T00:00:00Z |
source | MITRE |
title | What Is the LD_PRELOAD Trick? |
Microsoft VBScript
Microsoft. (2011, April 19). What Is VBScript?. Retrieved March 28, 2020.
Internal MISP references
UUID 5ea8d8c7-8039-4210-967a-a4dcd566bf95
which can be used as unique global reference for Microsoft VBScript
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-28T00:00:00Z |
date_published | 2011-04-19T00:00:00Z |
source | MITRE |
title | What Is VBScript? |
VEC
CloudFlare. (n.d.). What is vendor email compromise (VEC)?. Retrieved September 12, 2023.
Internal MISP references
UUID 4fd7c9f7-4731-524a-b332-9cb7f2c025ae
which can be used as unique global reference for VEC
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-12T00:00:00Z |
source | MITRE |
title | What is vendor email compromise (VEC)? |
Proofpoint Vishing
Proofpoint. (n.d.). What Is Vishing?. Retrieved September 8, 2023.
Internal MISP references
UUID 7a200d34-b4f3-5036-8582-23872ef27eb1
which can be used as unique global reference for Proofpoint Vishing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-08T00:00:00Z |
source | MITRE |
title | What Is Vishing? |
taxonomy_downgrade_att_tls
Alashwali, E. S., Rasmussen, K. (2019, January 26). What's in a Downgrade? A Taxonomy of Downgrade Attacks in the TLS Protocol and Application Protocols Using TLS. Retrieved December 7, 2021.
Internal MISP references
UUID 4459076e-7c79-4855-9091-5aabd274f586
which can be used as unique global reference for taxonomy_downgrade_att_tls
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-12-07T00:00:00Z |
date_published | 2019-01-26T00:00:00Z |
source | MITRE |
title | What's in a Downgrade? A Taxonomy of Downgrade Attacks in the TLS Protocol and Application Protocols Using TLS |
ESET Emotet July 6 2023
Jakub Kaloč. (2023, July 6). What’s up with Emotet?. Retrieved February 27, 2024.
Internal MISP references
UUID d351b4a1-72b8-488d-a926-176c77ee9d1c
which can be used as unique global reference for ESET Emotet July 6 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-27T00:00:00Z |
date_published | 2023-07-06T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | What’s up with Emotet? |
FireEye fxsst June 2011
Harbour, N. (2011, June 3). What the fxsst?. Retrieved November 17, 2020.
Internal MISP references
UUID 06f8f5b2-2ebe-4210-84b6-f86e911a7118
which can be used as unique global reference for FireEye fxsst June 2011
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-17T00:00:00Z |
date_published | 2011-06-03T00:00:00Z |
source | MITRE |
title | What the fxsst? |
Krebs Capital One August 2019
Krebs, B.. (2019, August 19). What We Can Learn from the Capital One Hack. Retrieved March 25, 2020.
Internal MISP references
UUID 7d917231-735c-40d8-806d-7fee60d2f996
which can be used as unique global reference for Krebs Capital One August 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-03-25T00:00:00Z |
date_published | 2019-08-19T00:00:00Z |
source | MITRE |
title | What We Can Learn from the Capital One Hack |
Symantec ADS May 2009
Pravs. (2009, May 25). What you need to know about alternate data streams in windows? Is your Data secure? Can you restore that?. Retrieved March 21, 2018.
Internal MISP references
UUID e2970bef-439d-435d-92e7-8c58abbd270c
which can be used as unique global reference for Symantec ADS May 2009
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-21T00:00:00Z |
date_published | 2009-05-25T00:00:00Z |
source | MITRE |
title | What you need to know about alternate data streams in windows? Is your Data secure? Can you restore that? |
BH Manul Aug 2016
Galperin, E., Et al.. (2016, August 4). When Governments Attack: State Sponsored Malware Attacks Against Activists, Lawyers, and Journalists. Retrieved May 23, 2018.
Internal MISP references
UUID 1debebac-6578-433f-b8c3-d17e704ee501
which can be used as unique global reference for BH Manul Aug 2016
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-23T00:00:00Z |
date_published | 2016-08-04T00:00:00Z |
source | MITRE |
title | When Governments Attack: State Sponsored Malware Attacks Against Activists, Lawyers, and Journalists |
Dragos Heroku Watering Hole
Kent Backman. (2021, May 18). When Intrusions Don’t Align: A New Water Watering Hole and Oldsmar. Retrieved August 18, 2022.
Internal MISP references
UUID 8768909c-f511-4067-9a97-6f7dee24f276
which can be used as unique global reference for Dragos Heroku Watering Hole
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-18T00:00:00Z |
date_published | 2021-05-18T00:00:00Z |
source | MITRE |
title | When Intrusions Don’t Align: A New Water Watering Hole and Oldsmar |
SpectorOps Bifrost Kerberos macOS 2019
Cody Thomas. (2019, November 14). When Kirbi walks the Bifrost. Retrieved October 6, 2021.
Internal MISP references
UUID 58ecb4e9-25fc-487b-9fed-25c781cc531b
which can be used as unique global reference for SpectorOps Bifrost Kerberos macOS 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-06T00:00:00Z |
date_published | 2019-11-14T00:00:00Z |
source | MITRE |
title | When Kirbi walks the Bifrost |
Palo Alto Brute Ratel July 2022
Harbison, M. and Renals, P. (2022, July 5). When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors. Retrieved February 1, 2023.
Internal MISP references
UUID a9ab0444-386b-5baf-84e1-0e6df4a21296
which can be used as unique global reference for Palo Alto Brute Ratel July 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-01T00:00:00Z |
date_published | 2022-07-05T00:00:00Z |
source | MITRE |
title | When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors |
Trend Micro When Phishing Starts from the Inside 2017
Chris Taylor. (2017, October 5). When Phishing Starts from the Inside. Retrieved October 8, 2019.
Internal MISP references
UUID dbdc2009-a468-439b-bd96-e6153b3fb8a1
which can be used as unique global reference for Trend Micro When Phishing Starts from the Inside 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-10-08T00:00:00Z |
date_published | 2017-10-05T00:00:00Z |
source | MITRE |
title | When Phishing Starts from the Inside |
Microsoft Where to use TxF
Microsoft. (n.d.). When to Use Transactional NTFS. Retrieved December 20, 2017.
Internal MISP references
UUID f315072c-67cb-4166-aa18-8e92e00ef7e8
which can be used as unique global reference for Microsoft Where to use TxF
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
source | MITRE |
title | When to Use Transactional NTFS |
Brining MimiKatz to Unix
Tim Wadhwa-Brown. (2018, November). Where 2 worlds collide Bringing Mimikatz et al to UNIX. Retrieved October 13, 2021.
Internal MISP references
UUID 5ad06565-6694-4c42-81c9-880d66f6d07f
which can be used as unique global reference for Brining MimiKatz to Unix
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-13T00:00:00Z |
date_published | 2018-11-01T00:00:00Z |
source | MITRE |
title | Where 2 worlds collide Bringing Mimikatz et al to UNIX |
Dell Lateral Movement
Carvey, H.. (2014, September 2). Where you AT?: Indicators of lateral movement using at.exe on Windows 7 systems. Retrieved January 25, 2016.
Internal MISP references
UUID fcc9b52a-751f-4985-8c32-7aaf411706ad
which can be used as unique global reference for Dell Lateral Movement
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-25T00:00:00Z |
date_published | 2014-09-02T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Where you AT?: Indicators of lateral movement using at.exe on Windows 7 systems |
Secureworks - AT.exe Scheduled Task
Carvey, H.. (2014, September). Where You AT?: Indicators of Lateral Movement Using at.exe on Windows 7 Systems. Retrieved November 27, 2019.
Internal MISP references
UUID cd197a24-3671-427f-8ee6-da001ec985c8
which can be used as unique global reference for Secureworks - AT.exe Scheduled Task
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-11-27T00:00:00Z |
date_published | 2014-09-01T00:00:00Z |
source | MITRE |
title | Where You AT?: Indicators of Lateral Movement Using at.exe on Windows 7 Systems |
Cybereason WhisperGate February 2022
Cybereason Nocturnus. (2022, February 15). Cybereason vs. WhisperGate and HermeticWiper. Retrieved March 10, 2022.
Internal MISP references
UUID 464d9cac-04c7-4e57-a5d6-604fba90a982
which can be used as unique global reference for Cybereason WhisperGate February 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-10T00:00:00Z |
source | MITRE |
title | WhisperGate and HermeticWiper |
RecordedFuture WhisperGate Jan 2022
Insikt Group. (2020, January 28). WhisperGate Malware Corrupts Computers in Ukraine. Retrieved March 31, 2023.
Internal MISP references
UUID 4610e4db-a75b-5fdd-826d-15099d131585
which can be used as unique global reference for RecordedFuture WhisperGate Jan 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-03-31T00:00:00Z |
date_published | 2020-01-28T00:00:00Z |
source | MITRE |
title | WhisperGate Malware Corrupts Computers in Ukraine |
Symantec Whitefly March 2019
Symantec. (2019, March 6). Whitefly: Espionage Group has Singapore in Its Sights. Retrieved May 26, 2020.
Internal MISP references
UUID d0e48356-36d9-4b4c-b621-e3c4404378d2
which can be used as unique global reference for Symantec Whitefly March 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-05-26T00:00:00Z |
date_published | 2019-03-06T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Whitefly: Espionage Group has Singapore in Its Sights |
Accenture Lyceum Targets November 2021
Accenture. (2021, November 9). Who are latest targets of cyber group Lyceum?. Retrieved June 16, 2022.
Internal MISP references
UUID 127836ce-e459-405d-a75c-32fd5f0ab198
which can be used as unique global reference for Accenture Lyceum Targets November 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-16T00:00:00Z |
date_published | 2021-11-09T00:00:00Z |
source | MITRE |
title | Who are latest targets of cyber group Lyceum? |
Who Hid My Desktop
Safran, Or. Asinovsky, Pavel. (2017, November). Who Hid My Desktop: Deep Dive Into HVNC. Retrieved November 28, 2023.
Internal MISP references
UUID f9c81b1d-b58c-54d4-8eb8-cd86e9121ce4
which can be used as unique global reference for Who Hid My Desktop
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-28T00:00:00Z |
date_published | 2017-11-01T00:00:00Z |
source | MITRE |
title | Who Hid My Desktop: Deep Dive Into HVNC |
Krebs-Anna
Brian Krebs. (2017, January 18). Who is Anna-Senpai, the Mirai Worm Author?. Retrieved May 15, 2017.
Internal MISP references
UUID 028b7582-be46-4642-9e36-b781cac66340
which can be used as unique global reference for Krebs-Anna
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-05-15T00:00:00Z |
date_published | 2017-01-18T00:00:00Z |
source | MITRE |
title | Who is Anna-Senpai, the Mirai Worm Author? |
CrowdStrike Ember Bear Profile March 2022
CrowdStrike. (2022, March 30). Who is EMBER BEAR?. Retrieved June 9, 2022.
Internal MISP references
UUID 0639c340-b495-4d91-8418-3069f3fe0df1
which can be used as unique global reference for CrowdStrike Ember Bear Profile March 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-09T00:00:00Z |
date_published | 2022-03-30T00:00:00Z |
source | MITRE |
title | Who is EMBER BEAR? |
WHOIS
NTT America. (n.d.). Whois Lookup. Retrieved October 20, 2020.
Internal MISP references
UUID fa6cba30-66e9-4a6b-85e8-a8c3773a3efe
which can be used as unique global reference for WHOIS
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-10-20T00:00:00Z |
source | MITRE |
title | Whois Lookup |
Meyers Numbered Panda
Meyers, A. (2013, March 29). Whois Numbered Panda. Retrieved January 14, 2016.
Internal MISP references
UUID 988dfcfc-0c16-4129-9523-a77539291951
which can be used as unique global reference for Meyers Numbered Panda
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-01-14T00:00:00Z |
date_published | 2013-03-29T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Whois Numbered Panda |
CrowdStrike PIONEER KITTEN August 2020
Orleans, A. (2020, August 31). Who Is PIONEER KITTEN?. Retrieved December 21, 2020.
Internal MISP references
UUID 4fce29cc-ddab-4b96-b295-83c282a87564
which can be used as unique global reference for CrowdStrike PIONEER KITTEN August 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-21T00:00:00Z |
date_published | 2020-08-31T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Who Is PIONEER KITTEN? |
SECURELIST Bright Star 2015
Baumgartner, K., Guerrero-Saade, J. (2015, March 4). Who’s Really Spreading through the Bright Star?. Retrieved December 18, 2020.
Internal MISP references
UUID 59cba16f-91ed-458c-91c9-5b02c03678f5
which can be used as unique global reference for SECURELIST Bright Star 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-18T00:00:00Z |
date_published | 2015-03-04T00:00:00Z |
source | MITRE |
title | Who’s Really Spreading through the Bright Star? |
Trend Micro Privileged Container
Fiser, D., Oliveira, A.. (2019, December 20). Why a Privileged Container in Docker is a Bad Idea. Retrieved March 30, 2021.
Internal MISP references
UUID 92ac290c-4863-4774-b334-848ed72e3627
which can be used as unique global reference for Trend Micro Privileged Container
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-03-30T00:00:00Z |
date_published | 2019-12-20T00:00:00Z |
source | MITRE |
title | Why a Privileged Container in Docker is a Bad Idea |
Mandiant UNC3944 September 14 2023
Mandiant Intelligence. (2023, September 14). Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety. Retrieved November 16, 2023.
Internal MISP references
UUID 7420d79f-c6a3-4932-9c2e-c9cc36e2ca35
which can be used as unique global reference for Mandiant UNC3944 September 14 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-11-16T00:00:00Z |
date_published | 2023-09-14T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety |
Mandiant UNC3944 SMS Phishing 2023
Mandiant Intelligence. (2023, September 14). Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety. Retrieved January 2, 2024.
Internal MISP references
UUID 3a310dbd-4b5c-5eaf-a4ce-699e52007c9b
which can be used as unique global reference for Mandiant UNC3944 SMS Phishing 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-02T00:00:00Z |
date_published | 2023-09-14T00:00:00Z |
source | MITRE |
title | Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety |
Electron Security 2
Stack Overflow. (n.d.). Why do I see an "Electron Security Warning" after updating my Electron project to the latest version?. Retrieved March 7, 2024.
Internal MISP references
UUID 8ec05b76-ec57-5173-9e1e-cf4131d7bd51
which can be used as unique global reference for Electron Security 2
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-07T00:00:00Z |
source | MITRE |
title | Why do I see an "Electron Security Warning" after updating my Electron project to the latest version? |
Auth0 - Why You Should Always Use Access Tokens to Secure APIs Sept 2019
Auth0. (n.d.). Why You Should Always Use Access Tokens to Secure APIs. Retrieved September 12, 2019.
Internal MISP references
UUID 8ec52402-7e54-463d-8906-f373e5855018
which can be used as unique global reference for Auth0 - Why You Should Always Use Access Tokens to Secure APIs Sept 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-12T00:00:00Z |
source | MITRE |
title | Why You Should Always Use Access Tokens to Secure APIs |
Securelist Digital Certificates
Ladikov, A. (2015, January 29). Why You Shouldn’t Completely Trust Files Signed with Digital Certificates. Retrieved March 31, 2016.
Internal MISP references
UUID 3568163b-24b8-42fd-b111-b9d83c34cc4f
which can be used as unique global reference for Securelist Digital Certificates
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-31T00:00:00Z |
date_published | 2015-01-29T00:00:00Z |
source | MITRE |
title | Why You Shouldn’t Completely Trust Files Signed with Digital Certificates |
Crowdstrike DNS Hijack 2019
Matt Dahl. (2019, January 25). Widespread DNS Hijacking Activity Targets Multiple Sectors. Retrieved February 14, 2022.
Internal MISP references
UUID 969ad6de-9415-464d-ba52-2e61e1814a92
which can be used as unique global reference for Crowdstrike DNS Hijack 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-14T00:00:00Z |
date_published | 2019-01-25T00:00:00Z |
source | MITRE |
title | Widespread DNS Hijacking Activity Targets Multiple Sectors |
Browser Adrozek
Microsoft Threat Intelligence. (2020, December 10). Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers. Retrieved February 26, 2024.
Internal MISP references
UUID 48afb730-b5e1-5a85-bb60-9ef9b536e397
which can be used as unique global reference for Browser Adrozek
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-26T00:00:00Z |
date_published | 2020-12-10T00:00:00Z |
source | MITRE |
title | Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers |
Wi-Fi Password of All Connected Networks in Windows/Linux
Geeks for Geeks. (n.d.). Wi-Fi Password of All Connected Networks in Windows/Linux. Retrieved September 8, 2023.
Internal MISP references
UUID 7005f62f-0239-56c7-964b-64384e17b8da
which can be used as unique global reference for Wi-Fi Password of All Connected Networks in Windows/Linux
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-09-08T00:00:00Z |
source | MITRE |
title | Wi-Fi Password of All Connected Networks in Windows/Linux |
Wikipedia Exe Compression
Executable compression. (n.d.). Retrieved December 4, 2014.
Internal MISP references
UUID 13ac05f8-f2a9-4243-8039-aff9ee1d5fc6
which can be used as unique global reference for Wikipedia Exe Compression
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-04T00:00:00Z |
source | MITRE |
title | Wikipedia Exe Compression |
ESET Carberp March 2012
Matrosov, A., Rodionov, E., Volkov, D., Harley, D. (2012, March 2). Win32/Carberp When You’re in a Black Hole, Stop Digging. Retrieved July 15, 2020.
Internal MISP references
UUID 806eadfc-f473-4f2b-b03b-8a1f1c0a2d96
which can be used as unique global reference for ESET Carberp March 2012
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-07-15T00:00:00Z |
date_published | 2012-03-02T00:00:00Z |
source | MITRE |
title | Win32/Carberp When You’re in a Black Hole, Stop Digging |
ESET Industroyer
Anton Cherepanov. (2017, June 12). Win32/Industroyer: A new threat for industrial controls systems. Retrieved December 18, 2020.
Internal MISP references
UUID 9197f712-3c53-4746-9722-30e248511611
which can be used as unique global reference for ESET Industroyer
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-18T00:00:00Z |
date_published | 2017-06-12T00:00:00Z |
source | MITRE |
title | Win32/Industroyer: A new threat for industrial controls systems |
Microsoft Kasidet
Manuel, J. and Plantado, R.. (2015, August 9). Win32/Kasidet. Retrieved March 24, 2016.
Internal MISP references
UUID 7c34c189-6581-4a56-aead-871400839d1a
which can be used as unique global reference for Microsoft Kasidet
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-24T00:00:00Z |
date_published | 2015-08-09T00:00:00Z |
source | MITRE |
title | Win32/Kasidet |
ESET Ebury Oct 2017
Vachon, F. (2017, October 30). Windigo Still not Windigone: An Ebury Update . Retrieved February 10, 2021.
Internal MISP references
UUID 5257a8ed-1cc8-42f8-86a7-8c0fd0e553a7
which can be used as unique global reference for ESET Ebury Oct 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-10T00:00:00Z |
date_published | 2017-10-30T00:00:00Z |
source | MITRE |
title | Windigo Still not Windigone: An Ebury Update |
Microsoft AMSI June 2015
Microsoft. (2015, June 9). Windows 10 to offer application developers new malware defenses. Retrieved February 12, 2018.
Internal MISP references
UUID d3724d08-f89b-4fb9-a0ea-3a6f929e0b6a
which can be used as unique global reference for Microsoft AMSI June 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-02-12T00:00:00Z |
date_published | 2015-06-09T00:00:00Z |
source | MITRE |
title | Windows 10 to offer application developers new malware defenses |
Davidson Windows
Davidson, L. (n.d.). Windows 7 UAC whitelist. Retrieved November 12, 2014.
Internal MISP references
UUID 49af01f2-06c5-4b21-9882-901ad828ee28
which can be used as unique global reference for Davidson Windows
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
source | MITRE |
title | Windows 7 UAC whitelist |
IRED API Hashing
spotheplanet. (n.d.). Windows API Hashing in Malware. Retrieved August 22, 2022.
Internal MISP references
UUID 1b8b87d5-1b70-401b-8850-d8afd3b22356
which can be used as unique global reference for IRED API Hashing
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-08-22T00:00:00Z |
source | MITRE |
title | Windows API Hashing in Malware |
TrendMicro WindowsAppMac
Trend Micro. (2019, February 11). Windows App Runs on Mac, Downloads Info Stealer and Adware. Retrieved April 25, 2019.
Internal MISP references
UUID dc673650-1a37-4af1-aa03-8f57a064156b
which can be used as unique global reference for TrendMicro WindowsAppMac
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-25T00:00:00Z |
date_published | 2019-02-11T00:00:00Z |
source | MITRE |
title | Windows App Runs on Mac, Downloads Info Stealer and Adware |
Windows Commands JPCERT
Tomonaga, S. (2016, January 26). Windows Commands Abused by Attackers. Retrieved February 2, 2016.
Internal MISP references
UUID 9d935f7f-bc2a-4d09-a51a-82074ffd7d77
which can be used as unique global reference for Windows Commands JPCERT
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-02-02T00:00:00Z |
date_published | 2016-01-26T00:00:00Z |
source | MITRE |
title | Windows Commands Abused by Attackers |
Amplia WCE
Amplia Security. (n.d.). Windows Credentials Editor (WCE) F.A.Q.. Retrieved December 17, 2015.
Internal MISP references
UUID 790ea33a-7a64-488e-ab90-d82e021e0c06
which can be used as unique global reference for Amplia WCE
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-12-17T00:00:00Z |
source | MITRE |
title | Windows Credentials Editor (WCE) F.A.Q. |
Microsoft Windows Defender Application Control
Gorzelany, A., Hall, J., Poggemeyer, L.. (2019, January 7). Windows Defender Application Control. Retrieved July 16, 2019.
Internal MISP references
UUID 678ef307-d203-4b65-bed4-b844ada7ab83
which can be used as unique global reference for Microsoft Windows Defender Application Control
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-16T00:00:00Z |
date_published | 2019-01-07T00:00:00Z |
source | MITRE |
title | Windows Defender Application Control |
Microsoft Operation Wilysupply
Florio, E.. (2017, May 4). Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack. Retrieved February 14, 2019.
Internal MISP references
UUID 567ce633-a061-460b-84af-01dfe3d818c7
which can be used as unique global reference for Microsoft Operation Wilysupply
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-02-14T00:00:00Z |
date_published | 2017-05-04T00:00:00Z |
source | MITRE |
title | Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack |
PassLib mscache
Eli Collins. (2016, November 25). Windows' Domain Cached Credentials v2. Retrieved February 21, 2020.
Internal MISP references
UUID ce40e997-d04b-49a6-8838-13205c54243a
which can be used as unique global reference for PassLib mscache
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-21T00:00:00Z |
date_published | 2016-11-25T00:00:00Z |
source | MITRE |
title | Windows' Domain Cached Credentials v2 |
ProjectZero File Write EoP Apr 2018
Forshaw, J. (2018, April 18). Windows Exploitation Tricks: Exploiting Arbitrary File Writes for Local Elevation of Privilege. Retrieved May 3, 2018.
Internal MISP references
UUID 2c49288b-438d-487a-8e6e-f9d9eda73e2f
which can be used as unique global reference for ProjectZero File Write EoP Apr 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-05-03T00:00:00Z |
date_published | 2018-04-18T00:00:00Z |
source | MITRE |
title | Windows Exploitation Tricks: Exploiting Arbitrary File Writes for Local Elevation of Privilege |
DBAPPSecurity BITTER zero-day Feb 2021
JinQuan, MaDongZe, TuXiaoYi, and LiHao. (2021, February 10). Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack. Retrieved June 1, 2022.
Internal MISP references
UUID fb98df9a-303d-4658-93da-0dcbd7bf9b1e
which can be used as unique global reference for DBAPPSecurity BITTER zero-day Feb 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-01T00:00:00Z |
date_published | 2021-02-10T00:00:00Z |
source | MITRE |
title | Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack |
EyeofRa Detecting Hooking June 2017
Eye of Ra. (2017, June 27). Windows Keylogger Part 2: Defense against user-land. Retrieved December 12, 2017.
Internal MISP references
UUID d2d2186c-040f-4045-b161-fc468aa09534
which can be used as unique global reference for EyeofRa Detecting Hooking June 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-12T00:00:00Z |
date_published | 2017-06-27T00:00:00Z |
source | MITRE |
title | Windows Keylogger Part 2: Defense against user-land |
Passcape LSA Secrets
Passcape. (n.d.). Windows LSA secrets. Retrieved February 21, 2020.
Internal MISP references
UUID 64b0e13f-de5f-4964-bcfa-bb0f6206383a
which can be used as unique global reference for Passcape LSA Secrets
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-21T00:00:00Z |
source | MITRE |
title | Windows LSA secrets |
Windows Malware Infecting Android
Lucian Constantin. (2014, January 23). Windows malware tries to infect Android devices connected to PCs. Retrieved May 25, 2022.
Internal MISP references
UUID 3733386a-14bd-44a6-8241-a10660ba25d9
which can be used as unique global reference for Windows Malware Infecting Android
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-05-25T00:00:00Z |
date_published | 2014-01-23T00:00:00Z |
source | MITRE |
title | Windows malware tries to infect Android devices connected to PCs |
MSDN WMI
Microsoft. (n.d.). Windows Management Instrumentation. Retrieved April 27, 2016.
Internal MISP references
UUID 210ca539-71f6-4494-91ea-402a3e0e2a10
which can be used as unique global reference for MSDN WMI
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-27T00:00:00Z |
source | MITRE |
title | Windows Management Instrumentation |
FireEye WMI 2015
Ballenthin, W., et al. (2015). Windows Management Instrumentation (WMI) Offense, Defense, and Forensics. Retrieved March 30, 2016.
Internal MISP references
UUID 135ccd72-2714-4453-9c8f-f5fde31905ee
which can be used as unique global reference for FireEye WMI 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-03-30T00:00:00Z |
date_published | 2015-01-01T00:00:00Z |
source | MITRE |
title | Windows Management Instrumentation (WMI) Offense, Defense, and Forensics |
win_msc_files_overview
Brinkmann, M.. (2017, June 10). Windows .msc files overview. Retrieved September 20, 2021.
Internal MISP references
UUID 81aa896a-3498-4c37-8882-2b77933b71a8
which can be used as unique global reference for win_msc_files_overview
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-20T00:00:00Z |
date_published | 2017-06-10T00:00:00Z |
source | MITRE |
title | Windows .msc files overview |
Hill NT Shell
Hill, T. (n.d.). Windows NT Command Shell. Retrieved December 5, 2014.
Internal MISP references
UUID 0e5dfc7e-c908-49b4-a54f-7dcecf332ee8
which can be used as unique global reference for Hill NT Shell
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-05T00:00:00Z |
source | MITRE |
title | Windows NT Command Shell |
passcape Windows Vault
Passcape. (n.d.). Windows Password Recovery - Vault Explorer and Decoder. Retrieved November 24, 2020.
Internal MISP references
UUID a8a56a64-8e73-4331-9961-b1f9b6cbb348
which can be used as unique global reference for passcape Windows Vault
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-24T00:00:00Z |
source | MITRE |
title | Windows Password Recovery - Vault Explorer and Decoder |
Malware Archaeology PowerShell Cheat Sheet
Malware Archaeology. (2016, June). WINDOWS POWERSHELL LOGGING CHEAT SHEET - Win 7/Win 2008 or later. Retrieved June 24, 2016.
Internal MISP references
UUID d7da4285-aeed-42dc-8f55-facbe6daf317
which can be used as unique global reference for Malware Archaeology PowerShell Cheat Sheet
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-06-24T00:00:00Z |
date_published | 2016-06-01T00:00:00Z |
source | MITRE |
title | WINDOWS POWERSHELL LOGGING CHEAT SHEET - Win 7/Win 2008 or later |
TechNet PowerShell
Microsoft. (n.d.). Windows PowerShell Scripting. Retrieved April 28, 2016.
Internal MISP references
UUID 20ec94d1-4a5c-43f5-bb65-f3ea965d2b6e
which can be used as unique global reference for TechNet PowerShell
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-04-28T00:00:00Z |
source | MITRE |
title | Windows PowerShell Scripting |
Windows Privilege Escalation Guide
absolomb. (2018, January 26). Windows Privilege Escalation Guide. Retrieved August 10, 2018.
Internal MISP references
UUID 185154f2-5f2e-48bf-b609-991e9d6a037b
which can be used as unique global reference for Windows Privilege Escalation Guide
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-10T00:00:00Z |
date_published | 2018-01-26T00:00:00Z |
source | MITRE |
title | Windows Privilege Escalation Guide |
SploitSpren Windows Priv Jan 2018
McFarland, R. (2018, January 26). Windows Privilege Escalation Guide. Retrieved August 10, 2018.
Internal MISP references
UUID c52945dc-eb20-4e69-8f8e-a262f33c244c
which can be used as unique global reference for SploitSpren Windows Priv Jan 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-10T00:00:00Z |
date_published | 2018-01-26T00:00:00Z |
source | MITRE |
title | Windows Privilege Escalation Guide |
SecurityBoulevard Unquoted Services APR 2018
HackHappy. (2018, April 23). Windows Privilege Escalation – Unquoted Services. Retrieved August 10, 2018.
Internal MISP references
UUID 939c05ae-bb21-4ed2-8fa3-a729f717ee3a
which can be used as unique global reference for SecurityBoulevard Unquoted Services APR 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-10T00:00:00Z |
date_published | 2018-04-23T00:00:00Z |
source | MITRE |
title | Windows Privilege Escalation – Unquoted Services |
Windows Unquoted Services
HackHappy. (2018, April 23). Windows Privilege Escalation – Unquoted Services. Retrieved August 10, 2018.
Internal MISP references
UUID 30681a0a-a49f-416a-b5bc-621c60f1130a
which can be used as unique global reference for Windows Unquoted Services
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-08-10T00:00:00Z |
date_published | 2018-04-23T00:00:00Z |
source | MITRE |
title | Windows Privilege Escalation – Unquoted Services |
Windows Process Injection KernelCallbackTable
odzhan. (2019, May 25). Windows Process Injection: KernelCallbackTable used by FinFisher / FinSpy. Retrieved February 4, 2022.
Internal MISP references
UUID 01a3fc64-ff07-48f7-b0d9-5728012761c7
which can be used as unique global reference for Windows Process Injection KernelCallbackTable
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-04T00:00:00Z |
date_published | 2019-05-25T00:00:00Z |
source | MITRE |
title | Windows Process Injection: KernelCallbackTable used by FinFisher / FinSpy |
Modexp Windows Process Injection
odzhan. (2019, April 25). Windows Process Injection: WordWarping, Hyphentension, AutoCourgette, Streamception, Oleum, ListPlanting, Treepoline. Retrieved November 15, 2021.
Internal MISP references
UUID 1bf45166-bfce-450e-87d1-b1e3b19fdb62
which can be used as unique global reference for Modexp Windows Process Injection
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-11-15T00:00:00Z |
date_published | 2019-04-25T00:00:00Z |
source | MITRE |
title | Windows Process Injection: WordWarping, Hyphentension, AutoCourgette, Streamception, Oleum, ListPlanting, Treepoline |
Wikipedia Windows Registry
Wikipedia. (n.d.). Windows Registry. Retrieved February 2, 2015.
Internal MISP references
UUID 656f0ffd-33e0-40ef-bdf7-70758f855f18
which can be used as unique global reference for Wikipedia Windows Registry
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-02-02T00:00:00Z |
source | MITRE |
title | Windows Registry |
Cylance Reg Persistence Sept 2013
Langendorf, S. (2013, September 24). Windows Registry Persistence, Part 2: The Run Keys and Search-Order. Retrieved April 11, 2018.
Internal MISP references
UUID 9e9c745f-19fd-4218-b8dc-85df804ecb70
which can be used as unique global reference for Cylance Reg Persistence Sept 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-11T00:00:00Z |
date_published | 2013-09-24T00:00:00Z |
source | MITRE |
title | Windows Registry Persistence, Part 2: The Run Keys and Search-Order |
Microsoft WinRM
Microsoft. (n.d.). Windows Remote Management. Retrieved November 12, 2014.
Internal MISP references
UUID ddbe110c-88f1-4774-bcb9-cd18b6218fc4
which can be used as unique global reference for Microsoft WinRM
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-11-12T00:00:00Z |
source | MITRE |
title | Windows Remote Management |
Symantec Windows Rootkits
Symantec. (n.d.). Windows Rootkit Overview. Retrieved December 21, 2017.
Internal MISP references
UUID 5b8d9094-dabf-4c29-a95b-b90dbcf07382
which can be used as unique global reference for Symantec Windows Rootkits
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-21T00:00:00Z |
source | MITRE |
title | Windows Rootkit Overview |
insecure_reg_perms
Clément Labro. (2020, November 12). Windows RpcEptMapper Service Insecure Registry Permissions EoP. Retrieved August 25, 2021.
Internal MISP references
UUID d18717ae-7fe4-40f9-aff2-b35120d31dc8
which can be used as unique global reference for insecure_reg_perms
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-08-25T00:00:00Z |
date_published | 2020-11-12T00:00:00Z |
source | MITRE |
title | Windows RpcEptMapper Service Insecure Registry Permissions EoP |
Microsoft Windows Scripts
Microsoft. (2017, January 18). Windows Script Interfaces. Retrieved June 23, 2020.
Internal MISP references
UUID 9e7cd4da-da18-4d20-809a-19abb4352807
which can be used as unique global reference for Microsoft Windows Scripts
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-06-23T00:00:00Z |
date_published | 2017-01-18T00:00:00Z |
source | MITRE |
title | Windows Script Interfaces |
Microsoft Security Event 4670
Franklin Smith, R. (n.d.). Windows Security Log Event ID 4670. Retrieved November 4, 2019.
Internal MISP references
UUID 23a50cd5-ac76-4dbe-8937-0fe8aec8cbf6
which can be used as unique global reference for Microsoft Security Event 4670
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-11-04T00:00:00Z |
source | MITRE |
title | Windows Security Log Event ID 4670 |
Windows Log Events
Franklin Smith. (n.d.). Windows Security Log Events. Retrieved February 21, 2020.
Internal MISP references
UUID 53464503-6e6f-45d8-a208-1820678deeac
which can be used as unique global reference for Windows Log Events
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-21T00:00:00Z |
source | MITRE |
title | Windows Security Log Events |
winser19_file_overwrite_bug_twitter
Naceri, A. (2021, November 7). Windows Server 2019 file overwrite bug. Retrieved April 7, 2022.
Internal MISP references
UUID 158d971e-2f96-5200-8a87-d3887de30ff0
which can be used as unique global reference for winser19_file_overwrite_bug_twitter
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-04-07T00:00:00Z |
date_published | 2021-11-07T00:00:00Z |
source | MITRE |
title | Windows Server 2019 file overwrite bug |
Windows Server Containers Are Open
Daniel Prizmant. (2020, July 15). Windows Server Containers Are Open, and Here's How You Can Break Out. Retrieved October 1, 2021.
Internal MISP references
UUID 9a801256-5852-433e-95bd-768f9b70b9fe
which can be used as unique global reference for Windows Server Containers Are Open
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-10-01T00:00:00Z |
date_published | 2020-07-15T00:00:00Z |
source | MITRE |
title | Windows Server Containers Are Open, and Here's How You Can Break Out |
Sysinternals AppCertDlls Oct 2007
Microsoft. (2007, October 24). Windows Sysinternals - AppCertDlls. Retrieved December 18, 2017.
Internal MISP references
UUID 68e006df-9fb6-4890-9952-7bad38b16dee
which can be used as unique global reference for Sysinternals AppCertDlls Oct 2007
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-18T00:00:00Z |
date_published | 2007-10-24T00:00:00Z |
source | MITRE |
title | Windows Sysinternals - AppCertDlls |
Russinovich Sysinternals
Russinovich, M. (2014, May 2). Windows Sysinternals PsExec v2.11. Retrieved May 13, 2015.
Internal MISP references
UUID 72d27aca-62c5-4e96-9977-c41951aaa888
which can be used as unique global reference for Russinovich Sysinternals
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-05-13T00:00:00Z |
date_published | 2014-05-02T00:00:00Z |
source | MITRE |
title | Windows Sysinternals PsExec v2.11 |
Microsoft System Services Fundamentals
Microsoft. (2018, February 17). Windows System Services Fundamentals. Retrieved March 28, 2022.
Internal MISP references
UUID 25d54a16-59a0-497d-a4a5-021420da8f1c
which can be used as unique global reference for Microsoft System Services Fundamentals
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-03-28T00:00:00Z |
date_published | 2018-02-17T00:00:00Z |
source | MITRE |
title | Windows System Services Fundamentals |
Microsoft W32Time May 2017
Mathers, B. (2017, May 31). Windows Time Service Tools and Settings. Retrieved March 26, 2018.
Internal MISP references
UUID 9e3d8dec-745a-4744-b80c-d65897ebba3c
which can be used as unique global reference for Microsoft W32Time May 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-26T00:00:00Z |
date_published | 2017-05-31T00:00:00Z |
source | MITRE |
title | Windows Time Service Tools and Settings |
Technet Windows Time Service
Mathers, B. (2016, September 30). Windows Time Service Tools and Settings. Retrieved November 25, 2016.
Internal MISP references
UUID 0d908e07-abc1-40fc-b147-9b9fd483b262
which can be used as unique global reference for Technet Windows Time Service
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-11-25T00:00:00Z |
date_published | 2016-09-30T00:00:00Z |
source | MITRE |
title | Windows Time Service Tools and Settings |
Microsoft W32Time Feb 2018
Microsoft. (2018, February 1). Windows Time Service (W32Time). Retrieved March 26, 2018.
Internal MISP references
UUID 991f7a9f-4317-42fa-bc9b-f533fe36b517
which can be used as unique global reference for Microsoft W32Time Feb 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-03-26T00:00:00Z |
date_published | 2018-02-01T00:00:00Z |
source | MITRE |
title | Windows Time Service (W32Time) |
Microsoft CVE-2021-1732 Feb 2021
Microsoft. (2018, February 9). Windows Win32k Elevation of Privilege Vulnerability CVE-2021-1732. Retrieved June 1, 2022.
Internal MISP references
UUID 7bbf39dd-851d-42dd-8be2-87de83f3abc0
which can be used as unique global reference for Microsoft CVE-2021-1732 Feb 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-06-01T00:00:00Z |
date_published | 2018-02-09T00:00:00Z |
source | MITRE |
title | Windows Win32k Elevation of Privilege Vulnerability CVE-2021-1732 |
win_xml_evt_log
Forensics Wiki. (2021, June 19). Windows XML Event Log (EVTX). Retrieved September 13, 2021.
Internal MISP references
UUID baeaad76-0acf-4921-9d6c-245649b32976
which can be used as unique global reference for win_xml_evt_log
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-13T00:00:00Z |
date_published | 2021-06-19T00:00:00Z |
source | MITRE |
title | Windows XML Event Log (EVTX) |
Winexe Github Sept 2013
Skalkotos, N. (2013, September 20). WinExe. Retrieved January 22, 2018.
Internal MISP references
UUID 7003e2d4-83e5-4672-aaa9-53cc4bcb08b5
which can be used as unique global reference for Winexe Github Sept 2013
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-22T00:00:00Z |
date_published | 2013-09-20T00:00:00Z |
source | MITRE |
title | WinExe |
Microsoft WinExec
Microsoft. (n.d.). WinExec function. Retrieved December 5, 2014.
Internal MISP references
UUID 9e1ae9ae-bafc-460a-891e-e75df01c96c4
which can be used as unique global reference for Microsoft WinExec
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2014-12-05T00:00:00Z |
source | MITRE |
title | WinExec function |
winget.exe - LOLBAS Project
LOLBAS. (2022, January 3). winget.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 5ef334f3-fe6f-4cc1-b37d-d147180a8b8d
which can be used as unique global reference for winget.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-01-03T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | winget.exe |
PreKageo Winhook Jul 2011
Prekas, G. (2011, July 11). Winhook. Retrieved December 12, 2017.
Internal MISP references
UUID 9461f70f-bb14-4e40-9136-97f93aa16f33
which can be used as unique global reference for PreKageo Winhook Jul 2011
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-12T00:00:00Z |
date_published | 2011-07-11T00:00:00Z |
source | MITRE |
title | Winhook |
Novetta Winnti April 2015
Novetta Threat Research Group. (2015, April 7). Winnti Analysis. Retrieved February 8, 2017.
Internal MISP references
UUID cbe8373b-f14b-4890-99fd-35ffd7090dea
which can be used as unique global reference for Novetta Winnti April 2015
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-02-08T00:00:00Z |
date_published | 2015-04-07T00:00:00Z |
source | MITRE |
title | Winnti Analysis |
Chronicle Winnti for Linux May 2019
Chronicle Blog. (2019, May 15). Winnti: More than just Windows and Gates. Retrieved April 29, 2020.
Internal MISP references
UUID e815e47a-c924-4b03-91e5-d41f2bb74773
which can be used as unique global reference for Chronicle Winnti for Linux May 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-04-29T00:00:00Z |
date_published | 2019-05-15T00:00:00Z |
source | MITRE |
title | Winnti: More than just Windows and Gates |
WinRAR Website
WinRAR. (n.d.). WinRAR download free and support: WinRAR. Retrieved December 18, 2023.
Internal MISP references
UUID ad620d61-108c-4bb0-a897-02764ea9a903
which can be used as unique global reference for WinRAR Website
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-18T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | WinRAR download free and support: WinRAR |
winrm.vbs - LOLBAS Project
LOLBAS. (2018, May 25). winrm.vbs. Retrieved December 4, 2023.
Internal MISP references
UUID 86107810-8a1d-4c13-80f0-c1624143d057
which can be used as unique global reference for winrm.vbs - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | winrm.vbs |
Microsoft WinVerifyTrust
Microsoft. (n.d.). WinVerifyTrust function. Retrieved January 31, 2018.
Internal MISP references
UUID cc14faff-c164-4135-ae36-ba68e1a50024
which can be used as unique global reference for Microsoft WinVerifyTrust
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-01-31T00:00:00Z |
source | MITRE |
title | WinVerifyTrust function |
Winword.exe - LOLBAS Project
LOLBAS. (2019, July 19). Winword.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 6d75b154-a51d-4541-8353-22ee1d12ebed
which can be used as unique global reference for Winword.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2019-07-19T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Winword.exe |
WinZip Homepage
Corel Corporation. (2020). WinZip. Retrieved February 20, 2020.
Internal MISP references
UUID dc047688-2ea3-415c-b516-06542048b049
which can be used as unique global reference for WinZip Homepage
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-20T00:00:00Z |
date_published | 2020-01-01T00:00:00Z |
source | MITRE |
title | WinZip |
Dell Wiper
Dell SecureWorks. (2013, March 21). Wiper Malware Analysis Attacking Korean Financial Sector. Retrieved May 13, 2015.
Internal MISP references
UUID be6629ef-e7c6-411c-9bd2-34e59062cadd
which can be used as unique global reference for Dell Wiper
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-05-13T00:00:00Z |
date_published | 2013-03-21T00:00:00Z |
source | MITRE |
title | Wiper Malware Analysis Attacking Korean Financial Sector |
WireLurker
Claud Xiao. (n.d.). WireLurker: A New Era in iOS and OS X Malware. Retrieved July 10, 2017.
Internal MISP references
UUID fd33f71b-767d-4312-a8c9-5446939bb5ae
which can be used as unique global reference for WireLurker
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-10T00:00:00Z |
source | MITRE |
title | WireLurker: A New Era in iOS and OS X Malware |
Lab52 WIRTE Apr 2019
S2 Grupo. (2019, April 2). WIRTE Group attacking the Middle East. Retrieved May 24, 2019.
Internal MISP references
UUID 884b675e-390c-4f6d-8cb7-5d97d84115e5
which can be used as unique global reference for Lab52 WIRTE Apr 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-24T00:00:00Z |
date_published | 2019-04-02T00:00:00Z |
source | MITRE |
title | WIRTE Group attacking the Middle East |
Kaspersky WIRTE November 2021
Yamout, M. (2021, November 29). WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019. Retrieved February 1, 2022.
Internal MISP references
UUID 143b4694-024d-49a5-be3c-d9ceca7295b2
which can be used as unique global reference for Kaspersky WIRTE November 2021
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-02-01T00:00:00Z |
date_published | 2021-11-29T00:00:00Z |
source | MITRE |
title | WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019 |
Cofense RevengeRAT Feb 2019
Gannon, M. (2019, February 11). With Upgrades in Delivery and Support Infrastructure, Revenge RAT Malware is a Bigger Threat. Retrieved May 1, 2019.
Internal MISP references
UUID 3abfc3eb-7f9d-49e5-8048-4118cde3122e
which can be used as unique global reference for Cofense RevengeRAT Feb 2019
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-05-01T00:00:00Z |
date_published | 2019-02-11T00:00:00Z |
source | MITRE |
title | With Upgrades in Delivery and Support Infrastructure, Revenge RAT Malware is a Bigger Threat |
CrowdStrike Wizard Spider October 2020
Podlosky, A., Hanel, A. et al. (2020, October 16). WIZARD SPIDER Update: Resilient, Reactive and Resolute. Retrieved June 15, 2021.
Internal MISP references
UUID 5c8d67ea-63bc-4765-b6f6-49fa5210abe6
which can be used as unique global reference for CrowdStrike Wizard Spider October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-06-15T00:00:00Z |
date_published | 2020-10-16T00:00:00Z |
source | MITRE, Tidal Cyber |
title | WIZARD SPIDER Update: Resilient, Reactive and Resolute |
Wlrmdr.exe - LOLBAS Project
LOLBAS. (2022, February 16). Wlrmdr.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 43bebdc3-3072-4a3d-a0b7-0b23f1119136
which can be used as unique global reference for Wlrmdr.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-02-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Wlrmdr.exe |
WMI 1-3
Microsoft. (2023, March 7). Retrieved February 13, 2024.
Internal MISP references
UUID fe0a3b0c-8526-5a0d-acb8-660bbc0c9328
which can be used as unique global reference for WMI 1-3
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-13T00:00:00Z |
source | MITRE |
title | WMI 1-3 |
Microsoft WMI Architecture
Microsoft. (2018, May 31). WMI Architecture. Retrieved September 29, 2021.
Internal MISP references
UUID 3778449c-e8b4-4ee5-914b-746053e8ca70
which can be used as unique global reference for Microsoft WMI Architecture
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
date_published | 2018-05-31T00:00:00Z |
source | MITRE |
title | WMI Architecture |
WMI 7,8
Microsoft. (2024, January 26). WMIC Deprecation. Retrieved February 13, 2024.
Internal MISP references
UUID 819cecb2-5bd3-5c20-bbda-372516b00d6e
which can be used as unique global reference for WMI 7,8
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-02-13T00:00:00Z |
date_published | 2024-01-26T00:00:00Z |
source | MITRE |
title | WMIC Deprecation |
LOLBAS Wmic
LOLBAS. (n.d.). Wmic.exe. Retrieved July 31, 2019.
Internal MISP references
UUID 497e73d4-9f27-4b30-ba09-f152ce866d0f
which can be used as unique global reference for LOLBAS Wmic
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-07-31T00:00:00Z |
source | MITRE |
title | Wmic.exe |
Microsoft WMI System Classes
Microsoft. (2018, May 31). WMI System Classes. Retrieved September 29, 2021.
Internal MISP references
UUID 60a5c359-3523-4638-aee2-3e13e0077ba9
which can be used as unique global reference for Microsoft WMI System Classes
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-29T00:00:00Z |
date_published | 2018-05-31T00:00:00Z |
source | MITRE |
title | WMI System Classes |
MalwareBytes WoodyRAT Aug 2022
MalwareBytes Threat Intelligence Team. (2022, August 3). Woody RAT: A new feature-rich malware spotted in the wild. Retrieved December 6, 2022.
Internal MISP references
UUID 5c2ecb15-14e9-5bd3-be5f-628fa4e98ee6
which can be used as unique global reference for MalwareBytes WoodyRAT Aug 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2022-12-06T00:00:00Z |
date_published | 2022-08-03T00:00:00Z |
source | MITRE |
title | Woody RAT: A new feature-rich malware spotted in the wild |
WorkFolders.exe - LOLBAS Project
LOLBAS. (2021, August 16). WorkFolders.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 42cfa3eb-7a8c-482e-b8d8-78ae5c30b843
which can be used as unique global reference for WorkFolders.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2021-08-16T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | WorkFolders.exe |
Confluence Logs
Confluence Support. (2021, April 22). Working with Confluence Logs. Retrieved September 23, 2021.
Internal MISP references
UUID f715468d-7d72-4ca4-a828-9fc909ca4f37
which can be used as unique global reference for Confluence Logs
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-09-23T00:00:00Z |
date_published | 2021-04-22T00:00:00Z |
source | MITRE |
title | Working with Confluence Logs |
AppInit Registry
Microsoft. (2006, October). Working with the AppInit_DLLs registry value. Retrieved July 15, 2015.
Internal MISP references
UUID dd3f98d9-0228-45a6-9e7b-1babf911a9ac
which can be used as unique global reference for AppInit Registry
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2015-07-15T00:00:00Z |
date_published | 2006-10-01T00:00:00Z |
source | MITRE |
title | Working with the AppInit_DLLs registry value |
Kubernetes Workload Management
Kubernetes. (n.d.). Workload Management. Retrieved March 28, 2024.
Internal MISP references
UUID f207163b-08a8-5219-aca8-812e83e0dad3
which can be used as unique global reference for Kubernetes Workload Management
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-28T00:00:00Z |
source | MITRE |
title | Workload Management |
ESF_filemonitor
Patrick Wardle. (2019, September 17). Writing a File Monitor with Apple's Endpoint Security Framework. Retrieved December 17, 2020.
Internal MISP references
UUID 280ddf42-92d1-4850-9241-96c1ef9c0609
which can be used as unique global reference for ESF_filemonitor
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-17T00:00:00Z |
date_published | 2019-09-17T00:00:00Z |
source | MITRE |
title | Writing a File Monitor with Apple's Endpoint Security Framework |
Writing Bad Malware for OSX
Patrick Wardle. (2015). Writing Bad @$$ Malware for OS X. Retrieved July 10, 2017.
Internal MISP references
UUID 5628ecd9-48da-4a50-94ba-4b70abe56089
which can be used as unique global reference for Writing Bad Malware for OSX
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-10T00:00:00Z |
date_published | 2015-01-01T00:00:00Z |
source | MITRE |
title | Writing Bad @$$ Malware for OS X |
Wscript.exe - LOLBAS Project
LOLBAS. (2018, May 25). Wscript.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 6c536675-84dd-44c3-8771-70120b413db7
which can be used as unique global reference for Wscript.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Wscript.exe |
Enigma0x3 PubPrn Bypass
Nelson, M. (2017, August 3). WSH INJECTION: A CASE STUDY. Retrieved April 9, 2018.
Internal MISP references
UUID 8b12e87b-3836-4c79-877b-0a2761b34533
which can be used as unique global reference for Enigma0x3 PubPrn Bypass
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-04-09T00:00:00Z |
date_published | 2017-08-03T00:00:00Z |
source | MITRE |
title | WSH INJECTION: A CASE STUDY |
Wsl.exe - LOLBAS Project
LOLBAS. (2019, June 27). Wsl.exe. Retrieved December 4, 2023.
Internal MISP references
UUID c147902a-e8e4-449f-8106-9e268d5367d8
which can be used as unique global reference for Wsl.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2019-06-27T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Wsl.exe |
Wsreset.exe - LOLBAS Project
LOLBAS. (2019, March 18). Wsreset.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 24b73a27-f2ec-4cfa-a9df-59d4d4c1dd89
which can be used as unique global reference for Wsreset.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2019-03-18T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Wsreset.exe |
wt.exe - LOLBAS Project
LOLBAS. (2022, July 27). wt.exe. Retrieved December 4, 2023.
Internal MISP references
UUID bbdd85b0-fdbb-4bd2-b962-a915c23c83c2
which can be used as unique global reference for wt.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2022-07-27T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | wt.exe |
wuauclt.exe - LOLBAS Project
LOLBAS. (2020, September 23). wuauclt.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 09229ea3-ffd8-4d97-9728-f8c683ef6f26
which can be used as unique global reference for wuauclt.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2020-09-23T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | wuauclt.exe |
XAgentOSX 2017
Robert Falcone. (2017, February 14). XAgentOSX: Sofacy's Xagent macOS Tool. Retrieved July 12, 2017.
Internal MISP references
UUID 2dc7a8f1-ccee-46f0-a995-268694f11b02
which can be used as unique global reference for XAgentOSX 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-12T00:00:00Z |
date_published | 2017-02-14T00:00:00Z |
source | MITRE |
title | XAgentOSX: Sofacy's Xagent macOS Tool |
XAgentOSX
Robert Falcone. (2017, February 14). XAgentOSX: Sofacy's Xagent macOS Tool. Retrieved July 12, 2017.
Internal MISP references
UUID b4fd246d-9bd1-4bed-a9cb-92233c5c45c4
which can be used as unique global reference for XAgentOSX
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-07-12T00:00:00Z |
date_published | 2017-02-14T00:00:00Z |
source | MITRE |
title | XAgentOSX: Sofacy's Xagent macOS Tool |
Unit42 Xbash Sept 2018
Xiao, C. (2018, September 17). Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows. Retrieved November 14, 2018.
Internal MISP references
UUID 21b890f7-82db-4840-a05e-2155b8ddce8c
which can be used as unique global reference for Unit42 Xbash Sept 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-14T00:00:00Z |
date_published | 2018-09-17T00:00:00Z |
source | MITRE |
title | Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows |
xCmd
Rayaprolu, A.. (2011, April 12). xCmd an Alternative to PsExec. Retrieved August 10, 2016.
Internal MISP references
UUID 430fc6ef-33c5-4cd8-b785-358e4aae5230
which can be used as unique global reference for xCmd
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-08-10T00:00:00Z |
date_published | 2011-04-12T00:00:00Z |
source | MITRE |
title | xCmd an Alternative to PsExec |
xcopy Microsoft
Microsoft. (2023, February 3). xcopy Microsoft. Retrieved July 11, 2023.
Internal MISP references
UUID 05e01751-ebb4-4b09-be89-4e405ab7e7e4
which can be used as unique global reference for xcopy Microsoft
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-07-11T00:00:00Z |
date_published | 2023-02-03T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | xcopy Microsoft |
Dragos Xenotime 2018
Dragos, Inc.. (n.d.). Xenotime. Retrieved April 16, 2019.
Internal MISP references
UUID b20fe65f-df43-4a59-af3f-43afafba15ab
which can be used as unique global reference for Dragos Xenotime 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-16T00:00:00Z |
source | MITRE |
title | Xenotime |
gist Arch package compromise 10JUL2018
Catalin Cimpanu. (2018, July 10). ~x file downloaded in public Arch package compromise. Retrieved April 23, 2019.
Internal MISP references
UUID b2900049-444a-4fe5-af1f-b9cd2cd9491c
which can be used as unique global reference for gist Arch package compromise 10JUL2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-23T00:00:00Z |
date_published | 2018-07-10T00:00:00Z |
source | MITRE |
title | ~x file downloaded in public Arch package compromise |
Cyble July 01 2022
Cybleinc. (2022, July 1). Xloader Returns with New Infection Technique. Retrieved May 7, 2023.
Internal MISP references
UUID 1b0e143a-3c5d-4445-9a99-8e42815130ac
which can be used as unique global reference for Cyble July 01 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-07T00:00:00Z |
date_published | 2022-07-01T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Xloader Returns with New Infection Technique |
SentinelOne 8 21 2023
Dinesh Devadoss; Phil Stokes. (2023, August 21). XLoader's Latest Trick . Retrieved January 1, 2024.
Internal MISP references
UUID fc9b3eac-a638-4b84-92ae-591bc16a845e
which can be used as unique global reference for SentinelOne 8 21 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-01-01T00:00:00Z |
date_published | 2023-08-21T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | XLoader's Latest Trick |
Trend Micro Exposed Docker Server
Remillano II, A., et al. (2020, June 20). XORDDoS, Kaiji Variants Target Exposed Docker Servers. Retrieved April 5, 2021.
Internal MISP references
UUID 05c8909c-749c-4153-9a05-173d5d7a80a9
which can be used as unique global reference for Trend Micro Exposed Docker Server
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-05T00:00:00Z |
date_published | 2020-06-20T00:00:00Z |
source | MITRE |
title | XORDDoS, Kaiji Variants Target Exposed Docker Servers |
Microsoft xp_cmdshell 2017
Microsoft. (2017, March 15). xp_cmdshell (Transact-SQL). Retrieved September 9, 2019.
Internal MISP references
UUID 1945b8b2-de29-4f7a-8957-cc96fbad3b11
which can be used as unique global reference for Microsoft xp_cmdshell 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-09-09T00:00:00Z |
date_published | 2017-03-15T00:00:00Z |
source | MITRE |
title | xp_cmdshell (Transact-SQL) |
Microsoft XSLT Script Mar 2017
Wenzel, M. et al. (2017, March 30). XSLT Stylesheet Scripting Using
Internal MISP references
UUID 7ff47640-2a98-4a55-939a-ab6c8c8d2d09
which can be used as unique global reference for Microsoft XSLT Script Mar 2017
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-07-03T00:00:00Z |
date_published | 2017-03-30T00:00:00Z |
source | MITRE |
title | XSLT Stylesheet Scripting Using |
Xwizard.exe - LOLBAS Project
LOLBAS. (2018, May 25). Xwizard.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 573df5d1-83e7-4437-bdad-604f093b3cfd
which can be used as unique global reference for Xwizard.exe - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Xwizard.exe |
Linux kernel Yama
Linux Kernel Archives. (n.d.). Yama Documentation - ptrace_scope. Retrieved December 20, 2017.
Internal MISP references
UUID 615d7744-327e-4f14-bce0-a16c352e7486
which can be used as unique global reference for Linux kernel Yama
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-20T00:00:00Z |
source | MITRE |
title | Yama Documentation - ptrace_scope |
Red Canary Yellow Cockatoo June 2022
RED CANARY INTELLIGENCE. (2022, June 7). Yellow Cockatoo: Search engine redirects, in-memory remote access trojan, and more. Retrieved May 10, 2023.
Internal MISP references
UUID f97537c2-f080-4438-8728-4d2a91388132
which can be used as unique global reference for Red Canary Yellow Cockatoo June 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-05-10T00:00:00Z |
date_published | 2022-06-07T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Yellow Cockatoo: Search engine redirects, in-memory remote access trojan, and more |
PwC Yellow Liderc
PwC Threat Intelligence. (2023, October 25). Yellow Liderc ships its scripts and delivers IMAPLoader malware. Retrieved March 29, 2024.
Internal MISP references
UUID b6544ea7-befa-53ae-95fa-5c227c848c46
which can be used as unique global reference for PwC Yellow Liderc
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2024-03-29T00:00:00Z |
date_published | 2023-10-25T00:00:00Z |
source | MITRE |
title | Yellow Liderc ships its scripts and delivers IMAPLoader malware |
PwC Yellow Liderc October 25 2023
PwC Threat Intelligence. (2023, October 25). Yellow Liderc ships its scripts and delivers IMAPLoader malware. Retrieved October 25, 2023.
Internal MISP references
UUID cbeaf9b5-865f-44a1-a913-9eec28d7a5ff
which can be used as unique global reference for PwC Yellow Liderc October 25 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-10-25T00:00:00Z |
date_published | 2023-10-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Yellow Liderc ships its scripts and delivers IMAPLoader malware |
Mandiant APT29 Microsoft 365 2022
Douglas Bienstock. (2022, August 18). You Can’t Audit Me: APT29 Continues Targeting Microsoft 365. Retrieved February 23, 2023.
Internal MISP references
UUID e141408e-d22b-58e4-884f-0cbff25444da
which can be used as unique global reference for Mandiant APT29 Microsoft 365 2022
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-02-23T00:00:00Z |
date_published | 2022-08-18T00:00:00Z |
source | MITRE |
title | You Can’t Audit Me: APT29 Continues Targeting Microsoft 365 |
BlackHat Mac OSX Rootkit
Pan, M., Tsai, S. (2014). You can’t see me: A Mac OS X Rootkit uses the tricks you haven't known yet. Retrieved December 21, 2017.
Internal MISP references
UUID e01a6d46-5b38-42df-bd46-3995d38bb60e
which can be used as unique global reference for BlackHat Mac OSX Rootkit
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2017-12-21T00:00:00Z |
date_published | 2014-01-01T00:00:00Z |
source | MITRE |
title | You can’t see me: A Mac OS X Rootkit uses the tricks you haven't known yet |
Malwarebytes DarkComet March 2018
Kujawa, A. (2018, March 27). You dirty RAT! Part 1: DarkComet. Retrieved November 6, 2018.
Internal MISP references
UUID 6a765a99-8d9f-4076-8741-6415a5ab918b
which can be used as unique global reference for Malwarebytes DarkComet March 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2018-11-06T00:00:00Z |
date_published | 2018-03-27T00:00:00Z |
source | MITRE |
title | You dirty RAT! Part 1: DarkComet |
FireEye Mail CDS 2018
Caban, D. and Hirani, M. (2018, October 3). You’ve Got Mail! Enterprise Email Compromise. Retrieved April 22, 2019.
Internal MISP references
UUID 0af1795c-9cdd-43fa-8184-73f33d9f5366
which can be used as unique global reference for FireEye Mail CDS 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-22T00:00:00Z |
date_published | 2018-10-03T00:00:00Z |
source | MITRE |
title | You’ve Got Mail! Enterprise Email Compromise |
US District Court Indictment GRU Unit 74455 October 2020
Scott W. Brady. (2020, October 15). United States vs. Yuriy Sergeyevich Andrienko et al.. Retrieved November 25, 2020.
Internal MISP references
UUID 77788d05-30ff-4308-82e6-d123a3c2fd80
which can be used as unique global reference for US District Court Indictment GRU Unit 74455 October 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-11-25T00:00:00Z |
source | MITRE |
title | Yuriy Sergeyevich Andrienko et al. |
Sophos ZeroAccess
Wyke, J. (2012, April). ZeroAccess. Retrieved July 18, 2016.
Internal MISP references
UUID 41b51767-62f1-45c2-98cb-47c44c975a58
which can be used as unique global reference for Sophos ZeroAccess
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2016-07-18T00:00:00Z |
date_published | 2012-04-01T00:00:00Z |
source | MITRE |
title | ZeroAccess |
Mandiant MOVEit Transfer June 2 2023
Nader Zaveri, Jeremy Kennelly, Genevieve Stark, Matthew Mcwhirt, Dan Nutting, Kimberly Goody, Justin Moore, Joe Pisano, Zander Work, Peter Ukhanov, Juraj Sucik, Will Silverstone, Zach Schramm, Greg Blaum, Ollie Styles, Nicholas Bennett, Josh Murchie. (2023, June 2). Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft. Retrieved June 16, 2023.
Internal MISP references
UUID 232c7555-0483-4a57-88cb-71a990f7d683
which can be used as unique global reference for Mandiant MOVEit Transfer June 2 2023
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-06-16T00:00:00Z |
date_published | 2023-06-02T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft |
Kaspersky RTLO Cyber Crime
Firsh, A.. (2018, February 13). Zero-day vulnerability in Telegram - Cybercriminals exploited Telegram flaw to launch multipurpose attacks. Retrieved April 22, 2019.
Internal MISP references
UUID 38fbd993-de98-49e9-8437-bc6a1493d6ed
which can be used as unique global reference for Kaspersky RTLO Cyber Crime
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-22T00:00:00Z |
date_published | 2018-02-13T00:00:00Z |
source | MITRE |
title | Zero-day vulnerability in Telegram - Cybercriminals exploited Telegram flaw to launch multipurpose attacks |
DOJ APT10 Dec 2018
United States District Court Southern District of New York (USDC SDNY) . (2018, December 17). United States of America v. Zhu Hua and Zhang Shilong. Retrieved April 17, 2019.
Internal MISP references
UUID 3ddc68b4-53f1-4fa5-b7f3-4e5d7d9661f2
which can be used as unique global reference for DOJ APT10 Dec 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2019-04-17T00:00:00Z |
source | MITRE, Tidal Cyber |
title | Zhu Hua and Zhang Shilong |
District Court of NY APT10 Indictment December 2018
US District Court Southern District of New York. (2018, December 17). United States v. Zhu Hua Indictment. Retrieved December 17, 2020.
Internal MISP references
UUID 79ccbc74-b9c4-4dc8-91ae-1d15c4db563b
which can be used as unique global reference for District Court of NY APT10 Indictment December 2018
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-12-17T00:00:00Z |
source | MITRE |
title | Zhu Hua Indictment |
Zipfldr.dll - LOLBAS Project
LOLBAS. (2018, May 25). Zipfldr.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 3bee0640-ea48-4164-be57-ac565d8cbea7
which can be used as unique global reference for Zipfldr.dll - LOLBAS Project
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2023-12-04T00:00:00Z |
date_published | 2018-05-25T00:00:00Z |
owner | TidalCyberIan |
source | Tidal Cyber |
title | Zipfldr.dll |
Zlib Github
madler. (2017). zlib. Retrieved February 20, 2020.
Internal MISP references
UUID 982bcacc-afb2-4bbb-9197-f44d765b9e07
which can be used as unique global reference for Zlib Github
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2020-02-20T00:00:00Z |
date_published | 2017-01-01T00:00:00Z |
source | MITRE |
title | zlib |
Microsoft Zone.Identifier 2020
Microsoft. (2020, August 31). Zone.Identifier Stream Name. Retrieved February 22, 2021.
Internal MISP references
UUID 2efbb7be-3ca1-444a-8584-7ceb08101e74
which can be used as unique global reference for Microsoft Zone.Identifier 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-02-22T00:00:00Z |
date_published | 2020-08-31T00:00:00Z |
source | MITRE |
title | Zone.Identifier Stream Name |
Sysdig Kinsing November 2020
Huang, K. (2020, November 23). Zoom into Kinsing. Retrieved April 1, 2021.
Internal MISP references
UUID 4922dbb5-d3fd-4bf2-8af7-3b8889579c31
which can be used as unique global reference for Sysdig Kinsing November 2020
in MISP communities and other software using the MISP galaxy
External references
Associated metadata
Metadata key | Value |
---|---|
date_accessed | 2021-04-01T00:00:00Z |
date_published | 2020-11-23T00:00:00Z |
source | MITRE |
title | Zoom into Kinsing |