Skip to content

Hide Navigation Hide TOC

Edit

Tidal References

Tidal References Cluster

Authors
Authors and/or Contributors
Tidal Cyber

D3Secutrity CTI Feeds

Banerd, W. (2019, April 30). 10 of the Best Open Source Threat Intelligence Feeds. Retrieved October 20, 2020.

Internal MISP references

UUID 088f2cbd-cce1-477f-9ffb-319477d74b69 which can be used as unique global reference for D3Secutrity CTI Feeds in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2019-04-30T00:00:00Z
source MITRE
title 10 of the Best Open Source Threat Intelligence Feeds

Linux Logs

Marcel. (2018, April 19). 12 Critical Linux Log Files You Must be Monitoring. Retrieved March 29, 2020.

Internal MISP references

UUID aa25e385-802c-4f04-81bb-bb7d1a7599ec which can be used as unique global reference for Linux Logs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-29T00:00:00Z
date_published 2018-04-19T00:00:00Z
source MITRE
title 12 Critical Linux Log Files You Must be Monitoring

Netspi PowerShell Execution Policy Bypass

Sutherland, S. (2014, September 9). 15 Ways to Bypass the PowerShell Execution Policy. Retrieved July 23, 2015.

Internal MISP references

UUID 0ee90db4-f21c-4c68-bd35-aa6c5edd3b4e which can be used as unique global reference for Netspi PowerShell Execution Policy Bypass in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-07-23T00:00:00Z
date_published 2014-09-09T00:00:00Z
source MITRE
title 15 Ways to Bypass the PowerShell Execution Policy

Mandiant-leaks

DANIEL KAPELLMANN ZAFRA, COREY HIDELBRANDT, NATHAN BRUBAKER, KEITH LUNDEN. (2022, January 31). 1 in 7 OT Ransomware Extortion Attacks Leak Critical Operational Technology Information. Retrieved August 18, 2023.

Internal MISP references

UUID aecc3ffb-c524-5ad9-b621-7228f53e27c3 which can be used as unique global reference for Mandiant-leaks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-18T00:00:00Z
date_published 2022-01-31T00:00:00Z
source MITRE
title 1 in 7 OT Ransomware Extortion Attacks Leak Critical Operational Technology Information

Tilbury Windows Credentials

Chad Tilbury. (2017, August 8). 1Windows Credentials: Attack, Mitigation, Defense. Retrieved February 21, 2020.

Internal MISP references

UUID 2ddae0c9-910c-4c1a-b524-de3a58dbba13 which can be used as unique global reference for Tilbury Windows Credentials in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-21T00:00:00Z
date_published 2017-08-08T00:00:00Z
source MITRE
title 1Windows Credentials: Attack, Mitigation, Defense

CWE top 25

Christey, S., Brown, M., Kirby, D., Martin, B., Paller, A.. (2011, September 13). 2011 CWE/SANS Top 25 Most Dangerous Software Errors. Retrieved April 10, 2019.

Internal MISP references

UUID d8ee8b1f-c18d-48f3-9758-6860cd31c3e3 which can be used as unique global reference for CWE top 25 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-10T00:00:00Z
date_published 2011-09-13T00:00:00Z
source MITRE
title 2011 CWE/SANS Top 25 Most Dangerous Software Errors

CrowdStrike 2015 Global Threat Report

CrowdStrike Intelligence. (2016). 2015 Global Threat Report. Retrieved April 11, 2018.

Internal MISP references

UUID 50d467da-286b-45f3-8d5a-e9d8632f7bf1 which can be used as unique global reference for CrowdStrike 2015 Global Threat Report in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-11T00:00:00Z
date_published 2016-01-01T00:00:00Z
source MITRE
title 2015 Global Threat Report

Prolific OSX Malware History

Bit9 + Carbon Black Threat Research Team. (2015). 2015: The Most Prolific Year in History for OS X Malware. Retrieved July 8, 2017.

Internal MISP references

UUID 74b0f1a9-5822-4dcf-9a92-9a6df0b4db1e which can be used as unique global reference for Prolific OSX Malware History in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-08T00:00:00Z
date_published 2015-01-01T00:00:00Z
source MITRE
title 2015: The Most Prolific Year in History for OS X Malware

CERN Windigo June 2019

CERN. (2019, June 4). 2019/06/04 Advisory: Windigo attacks. Retrieved February 10, 2021.

Internal MISP references

UUID e9f1289f-a32e-441c-8787-cb32a26216d1 which can be used as unique global reference for CERN Windigo June 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-10T00:00:00Z
date_published 2019-06-04T00:00:00Z
source MITRE
title 2019/06/04 Advisory: Windigo attacks

CrowdStrike GTR 2019

CrowdStrike. (2019, January). 2019 Global Threat Report. Retrieved June 10, 2020.

Internal MISP references

UUID d6aa917e-baee-4379-8e69-a04b9aa5192a which can be used as unique global reference for CrowdStrike GTR 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-10T00:00:00Z
date_published 2019-01-01T00:00:00Z
source MITRE
title 2019 Global Threat Report

Crowdstrike GTR2020 Mar 2020

Crowdstrike. (2020, March 2). 2020 Global Threat Report. Retrieved December 11, 2020.

Internal MISP references

UUID a2325ace-e5a1-458d-80c1-5037bd7fa727 which can be used as unique global reference for Crowdstrike GTR2020 Mar 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-11T00:00:00Z
date_published 2020-03-02T00:00:00Z
source MITRE
title 2020 Global Threat Report

RecordedFuture 2021 Ad Infra

Insikt Group. (2022, January 18). 2021 Adversary Infrastructure Report. Retrieved March 25, 2022.

Internal MISP references

UUID d509e6f2-c317-4483-a51e-ad15a78a12c0 which can be used as unique global reference for RecordedFuture 2021 Ad Infra in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-25T00:00:00Z
date_published 2022-01-18T00:00:00Z
source MITRE
title 2021 Adversary Infrastructure Report

Red Canary 2021 Threat Detection Report March 2021

Red Canary. (2021, March 31). 2021 Threat Detection Report. Retrieved August 31, 2021.

Internal MISP references

UUID 83b906fc-ac2a-4f49-b87e-31f046e95fb7 which can be used as unique global reference for Red Canary 2021 Threat Detection Report March 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-31T00:00:00Z
date_published 2021-03-31T00:00:00Z
source MITRE
title 2021 Threat Detection Report

ACSC BlackCat Apr 2022

Australian Cyber Security Centre. (2022, April 14). 2022-004: ACSC Ransomware Profile - ALPHV (aka BlackCat). Retrieved December 20, 2022.

Internal MISP references

UUID 3b85eaeb-6bf5-529b-80a4-439ceb6c5d6d which can be used as unique global reference for ACSC BlackCat Apr 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-12-20T00:00:00Z
date_published 2022-04-14T00:00:00Z
source MITRE
title 2022-004: ACSC Ransomware Profile - ALPHV (aka BlackCat)

Internet crime report 2022

IC3. (2022). 2022 Internet Crime Report. Retrieved August 18, 2023.

Internal MISP references

UUID ef30c4eb-3da3-5c7b-a304-188acd2f7ebc which can be used as unique global reference for Internet crime report 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-18T00:00:00Z
date_published 2022-01-01T00:00:00Z
source MITRE
title 2022 Internet Crime Report

RC PowerShell

Red Canary. (n.d.). 2022 Threat Detection Report: PowerShell. Retrieved March 17, 2023.

Internal MISP references

UUID 0f154aa6-8c9d-5bfc-a3c4-5f3e1420f55f which can be used as unique global reference for RC PowerShell in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-17T00:00:00Z
source MITRE
title 2022 Threat Detection Report: PowerShell

20 macOS Common Tools and Techniques

Phil Stokes. (2021, February 16). 20 Common Tools & Techniques Used by macOS Threat Actors & Malware. Retrieved August 23, 2021.

Internal MISP references

UUID 3ee99ff4-daf4-4776-9d94-f7cf193c2b0c which can be used as unique global reference for 20 macOS Common Tools and Techniques in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-23T00:00:00Z
date_published 2021-02-16T00:00:00Z
source MITRE
title 20 Common Tools & Techniques Used by macOS Threat Actors & Malware

Microsoft GPP Key

Microsoft. (n.d.). 2.2.1.1.4 Password Encryption. Retrieved April 11, 2018.

Internal MISP references

UUID 24d8847b-d5de-4513-a55f-62c805dfa1dc which can be used as unique global reference for Microsoft GPP Key in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-11T00:00:00Z
source MITRE
title 2.2.1.1.4 Password Encryption

Microsoft _VBA_PROJECT Stream

Microsoft. (2020, February 19). 2.3.4.1 _VBA_PROJECT Stream: Version Dependent Project Information. Retrieved September 18, 2020.

Internal MISP references

UUID 70c75ee4-4ba4-4124-8001-0fadb49a5ac6 which can be used as unique global reference for Microsoft _VBA_PROJECT Stream in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-18T00:00:00Z
date_published 2020-02-19T00:00:00Z
source MITRE
title 2.3.4.1 _VBA_PROJECT Stream: Version Dependent Project Information

Microsoft Learn

Microsoft. (2021, April 6). 2.5 ExtraData. Retrieved September 30, 2022.

Internal MISP references

UUID 73ba4e07-cfbd-4b23-b52a-1ebbd7cc0fe4 which can be used as unique global reference for Microsoft Learn in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-30T00:00:00Z
date_published 2021-04-06T00:00:00Z
source MITRE
title 2.5 ExtraData

Hybrid Analysis Icacls2 May 2018

Hybrid Analysis. (2018, May 30). 2a8efbfadd798f6111340f7c1c956bee.dll. Retrieved August 19, 2018.

Internal MISP references

UUID 5d33fcb4-0f01-4b88-b1ee-dad6dcc867f4 which can be used as unique global reference for Hybrid Analysis Icacls2 May 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-19T00:00:00Z
date_published 2018-05-30T00:00:00Z
source MITRE
title 2a8efbfadd798f6111340f7c1c956bee.dll

Microsoft Wow6432Node 2018

Microsoft. (2018, May 31). 32-bit and 64-bit Application Data in the Registry. Retrieved August 3, 2020.

Internal MISP references

UUID cbc14af8-f0d9-46c9-ae2c-d93d706ac84e which can be used as unique global reference for Microsoft Wow6432Node 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-03T00:00:00Z
date_published 2018-05-31T00:00:00Z
source MITRE
title 32-bit and 64-bit Application Data in the Registry

DOJ-DPRK Heist

Department of Justice. (2021). 3 North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyber-attacks and Financial Crimes Across the Globe. Retrieved August 18, 2023.

Internal MISP references

UUID c50d2a5b-1d44-5f18-aaff-4be9f6d3f3ac which can be used as unique global reference for DOJ-DPRK Heist in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-18T00:00:00Z
date_published 2021-01-01T00:00:00Z
source MITRE
title 3 North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyber-attacks and Financial Crimes Across the Globe

ITWorld Hard Disk Health Dec 2014

Pinola, M. (2014, December 14). 3 tools to check your hard drive's health and make sure it's not already dying on you. Retrieved October 2, 2018.

Internal MISP references

UUID e48fab76-7e38-420e-b69b-709f37bde847 which can be used as unique global reference for ITWorld Hard Disk Health Dec 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-10-02T00:00:00Z
date_published 2014-12-14T00:00:00Z
source MITRE
title 3 tools to check your hard drive's health and make sure it's not already dying on you

Microsoft 4657 APR 2017

Miroshnikov, A. & Hall, J. (2017, April 18). 4657(S): A registry value was modified. Retrieved August 9, 2018.

Internal MISP references

UUID ee681893-edd6-46c7-bb11-38fc24eef899 which can be used as unique global reference for Microsoft 4657 APR 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-09T00:00:00Z
date_published 2017-04-18T00:00:00Z
source MITRE
title 4657(S): A registry value was modified

Microsoft 4697 APR 2017

Miroshnikov, A. & Hall, J. (2017, April 18). 4697(S): A service was installed in the system. Retrieved August 7, 2018.

Internal MISP references

UUID 17473dc7-39cd-4c90-85cb-05d4c1364fff which can be used as unique global reference for Microsoft 4697 APR 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-07T00:00:00Z
date_published 2017-04-18T00:00:00Z
source MITRE
title 4697(S): A service was installed in the system

Microsoft User Creation Event

Lich, B., Miroshnikov, A. (2017, April 5). 4720(S): A user account was created. Retrieved June 30, 2017.

Internal MISP references

UUID 01e2068b-83bc-4479-8fc9-dfaafdbf272b which can be used as unique global reference for Microsoft User Creation Event in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-06-30T00:00:00Z
date_published 2017-04-05T00:00:00Z
source MITRE
title 4720(S): A user account was created

Microsoft User Modified Event

Lich, B., Miroshnikov, A. (2017, April 5). 4738(S): A user account was changed. Retrieved June 30, 2017.

Internal MISP references

UUID fb4164f9-1e03-43f1-8143-179c9f08dff2 which can be used as unique global reference for Microsoft User Modified Event in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-06-30T00:00:00Z
date_published 2017-04-05T00:00:00Z
source MITRE
title 4738(S): A user account was changed

Microsoft 4768 TGT 2017

Microsoft. (2017, April 19). 4768(S, F): A Kerberos authentication ticket (TGT) was requested. Retrieved August 24, 2020.

Internal MISP references

UUID 19237af4-e535-4059-a8a9-63280cdf4722 which can be used as unique global reference for Microsoft 4768 TGT 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-24T00:00:00Z
date_published 2017-04-19T00:00:00Z
source MITRE
title 4768(S, F): A Kerberos authentication ticket (TGT) was requested

HIPAA Journal S3 Breach, 2017

HIPAA Journal. (2017, October 11). 47GB of Medical Records and Test Results Found in Unsecured Amazon S3 Bucket. Retrieved October 4, 2019.

Internal MISP references

UUID b0fbf593-4aeb-4167-814b-ed3d4479ded0 which can be used as unique global reference for HIPAA Journal S3 Breach, 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-04T00:00:00Z
date_published 2017-10-11T00:00:00Z
source MITRE
title 47GB of Medical Records and Test Results Found in Unsecured Amazon S3 Bucket

Slack Security Risks

Michael Osakwe. (2020, November 18). 4 SaaS and Slack Security Risks to Consider. Retrieved March 17, 2023.

Internal MISP references

UUID 4332430a-0dec-5942-88ce-21f6d02cc9a9 which can be used as unique global reference for Slack Security Risks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-17T00:00:00Z
date_published 2020-11-18T00:00:00Z
source MITRE
title 4 SaaS and Slack Security Risks to Consider

PurpleSec Data Loss Prevention

Michael Swanagan. (2020, October 24). 7 Data Loss Prevention Best Practices & Strategies. Retrieved August 30, 2021.

Internal MISP references

UUID b7d786db-c50e-4d1f-947e-205e8eefa2da which can be used as unique global reference for PurpleSec Data Loss Prevention in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-30T00:00:00Z
date_published 2020-10-24T00:00:00Z
source MITRE
title 7 Data Loss Prevention Best Practices & Strategies

7zip Homepage

I. Pavlov. (2019). 7-Zip. Retrieved February 20, 2020.

Internal MISP references

UUID fc1396d2-1ffd-4fd9-ba60-3f6e0a9dfffb which can be used as unique global reference for 7zip Homepage in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-20T00:00:00Z
date_published 2019-01-01T00:00:00Z
source MITRE
title 7-Zip

VMWare 8Base June 28 2023

Deborah Snyder, Fae Carlisle, Dana Behling, Bria Beathley. (2023, June 28). 8Base Ransomware: A Heavy Hitting Player. Retrieved August 4, 2023.

Internal MISP references

UUID 573e9520-6181-4535-9ed3-2338688a8e9f which can be used as unique global reference for VMWare 8Base June 28 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-04T00:00:00Z
date_published 2023-06-28T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title 8Base Ransomware: A Heavy Hitting Player

Acronis 8Base July 17 2023

Acronis Security Team. (2023, July 17). 8Base ransomware stays unseen for a year. Retrieved August 4, 2023.

Internal MISP references

UUID c9822477-1578-4068-9882-41e4d6eaee3f which can be used as unique global reference for Acronis 8Base July 17 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-04T00:00:00Z
date_published 2023-07-17T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title 8Base ransomware stays unseen for a year

MicroFocus 9002 Aug 2016

Petrovsky, O. (2016, August 30). “9002 RAT” -- a second building on the left. Retrieved February 20, 2018.

Internal MISP references

UUID a4d6bdd1-e70c-491b-a569-72708095c809 which can be used as unique global reference for MicroFocus 9002 Aug 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-20T00:00:00Z
date_published 2016-08-30T00:00:00Z
source MITRE
title “9002 RAT” -- a second building on the left

CISA AA21-200A APT40 July 2021

CISA. (2021, July 19). (AA21-200A) Joint Cybersecurity Advisory – Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department. Retrieved August 12, 2021.

Internal MISP references

UUID 3a2dbd8b-54e3-406a-b77c-b6fae5541b6d which can be used as unique global reference for CISA AA21-200A APT40 July 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-12T00:00:00Z
date_published 2021-07-19T00:00:00Z
source MITRE, Tidal Cyber
title (AA21-200A) Joint Cybersecurity Advisory – Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department

AADInternals

Dr. Nestori Syynimaa. (2018, October 25). AADInternals. Retrieved February 1, 2022.

Internal MISP references

UUID d6faadde-690d-44d1-b1aa-0991a5374604 which can be used as unique global reference for AADInternals in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-01T00:00:00Z
date_published 2018-10-25T00:00:00Z
source MITRE
title AADInternals

AADInternals Documentation

Dr. Nestori Syynimaa. (2018, October 25). AADInternals. Retrieved February 18, 2022.

Internal MISP references

UUID 320231a1-4dbe-4eaa-b14d-48de738ba697 which can be used as unique global reference for AADInternals Documentation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-18T00:00:00Z
date_published 2018-10-25T00:00:00Z
source MITRE
title AADInternals Documentation

AADInternals Github

Dr. Nestori Syynimaa. (2021, December 13). AADInternals. Retrieved February 1, 2022.

Internal MISP references

UUID 643d3947-c0ec-47c4-bb58-5e546084433c which can be used as unique global reference for AADInternals Github in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-01T00:00:00Z
date_published 2021-12-13T00:00:00Z
source MITRE
title AADInternals Github

Gigamon BADHATCH Jul 2019

Savelesky, K., et al. (2019, July 23). ABADBABE 8BADFOOD: Discovering BADHATCH and a Detailed Look at FIN8's Tooling. Retrieved September 8, 2021.

Internal MISP references

UUID 69a45479-e982-58ee-9e2d-caaf825f0ad4 which can be used as unique global reference for Gigamon BADHATCH Jul 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-08T00:00:00Z
date_published 2019-07-23T00:00:00Z
source MITRE
title ABADBABE 8BADFOOD: Discovering BADHATCH and a Detailed Look at FIN8's Tooling

bad_luck_blackcat

Kaspersky Global Research & Analysis Team (GReAT). (2022). A Bad Luck BlackCat. Retrieved May 5, 2022.

Internal MISP references

UUID 0d1e9635-b7b6-454b-9482-b1fc7d33bfff which can be used as unique global reference for bad_luck_blackcat in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-05T00:00:00Z
date_published 2022-01-01T00:00:00Z
source MITRE
title A Bad Luck BlackCat

Cybereason Bazar July 2020

Cybereason Nocturnus. (2020, July 16). A BAZAR OF TRICKS: FOLLOWING TEAM9’S DEVELOPMENT CYCLES. Retrieved November 18, 2020.

Internal MISP references

UUID 8819875a-5139-4dae-94c8-e7cc9f847580 which can be used as unique global reference for Cybereason Bazar July 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-18T00:00:00Z
date_published 2020-07-16T00:00:00Z
source MITRE
title A BAZAR OF TRICKS: FOLLOWING TEAM9’S DEVELOPMENT CYCLES

Red Canary Hospital Thwarted Ryuk October 2020

Brian Donohue, Katie Nickels, Paul Michaud, Adina Bodkins, Taylor Chapman, Tony Lambert, Jeff Felling, Kyle Rainey, Mike Haag, Matt Graeber, Aaron Didier.. (2020, October 29). A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak. Retrieved October 30, 2020.

Internal MISP references

UUID ae5d4c47-54c9-4f7b-9357-88036c524217 which can be used as unique global reference for Red Canary Hospital Thwarted Ryuk October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-30T00:00:00Z
date_published 2020-10-29T00:00:00Z
source MITRE
title A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak

CyberCX Anonymous Sudan June 19 2023

CyberCX Intelligence. (2023, June 19). A bear in wolf’s clothing: Insights into the infrastructure used by Anonymous Sudan to attack Australian organisations. Retrieved October 10, 2023.

Internal MISP references

UUID 68ded9b7-3042-44e0-8bf7-cdba2174a3d8 which can be used as unique global reference for CyberCX Anonymous Sudan June 19 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-10T00:00:00Z
date_published 2023-06-19T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title A bear in wolf’s clothing: Insights into the infrastructure used by Anonymous Sudan to attack Australian organisations

Netskope Cloud Phishing

Ashwin Vamshi. (2020, August 12). A Big Catch: Cloud Phishing from Google App Engine and Azure App Service. Retrieved August 18, 2022.

Internal MISP references

UUID 25d46bc1-4c05-48d3-95f0-aa3ee1100bf9 which can be used as unique global reference for Netskope Cloud Phishing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-18T00:00:00Z
date_published 2020-08-12T00:00:00Z
source MITRE
title A Big Catch: Cloud Phishing from Google App Engine and Azure App Service

Microsoft O365 Admin Roles

Ako-Adjei, K., Dickhaus, M., Baumgartner, P., Faigel, D., et. al.. (2019, October 8). About admin roles. Retrieved October 18, 2019.

Internal MISP references

UUID 8014a0cc-f793-4d9a-a2cc-ef9e9c5a826a which can be used as unique global reference for Microsoft O365 Admin Roles in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-18T00:00:00Z
date_published 2019-10-08T00:00:00Z
source MITRE
title About admin roles

Microsoft Atom Table

Microsoft. (n.d.). About Atom Tables. Retrieved December 8, 2017.

Internal MISP references

UUID a22636c8-8e39-4583-93ef-f0b7f0a218d8 which can be used as unique global reference for Microsoft Atom Table in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-08T00:00:00Z
source MITRE
title About Atom Tables

Microsoft About BITS

Microsoft. (2019, July 12). About BITS. Retrieved March 16, 2020.

Internal MISP references

UUID 8d6d47d1-a6ea-4673-8ade-ba61bfeef084 which can be used as unique global reference for Microsoft About BITS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-16T00:00:00Z
date_published 2019-07-12T00:00:00Z
source MITRE
title About BITS

Microsoft About Event Tracing 2018

Microsoft. (2018, May 30). About Event Tracing. Retrieved June 7, 2019.

Internal MISP references

UUID 689d944f-ad66-4908-91fb-bb1ecdafe8d9 which can be used as unique global reference for Microsoft About Event Tracing 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-07T00:00:00Z
date_published 2018-05-30T00:00:00Z
source MITRE
title About Event Tracing

Microsoft PowerShell Command History

Microsoft. (2020, May 13). About History. Retrieved September 4, 2020.

Internal MISP references

UUID 6c873fb4-db43-4bad-b5e4-a7d45cbe796f which can be used as unique global reference for Microsoft PowerShell Command History in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-04T00:00:00Z
date_published 2020-05-13T00:00:00Z
source MITRE
title About History

Microsoft List View Controls

Microsoft. (2021, May 25). About List-View Controls. Retrieved January 4, 2022.

Internal MISP references

UUID 7d6c6ba6-cda6-4f27-bfc8-af5b759305ed which can be used as unique global reference for Microsoft List View Controls in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-04T00:00:00Z
date_published 2021-05-25T00:00:00Z
source MITRE
title About List-View Controls

Microsoft PowerShell Logging

Microsoft. (2020, March 30). about_Logging_Windows. Retrieved September 28, 2021.

Internal MISP references

UUID 81c94686-741d-45d7-90f3-0c7979374e87 which can be used as unique global reference for Microsoft PowerShell Logging in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-28T00:00:00Z
date_published 2020-03-30T00:00:00Z
source MITRE
title about_Logging_Windows

Apple About Mac Scripting 2016

Apple. (2016, June 13). About Mac Scripting. Retrieved April 14, 2021.

Internal MISP references

UUID d2f32ac1-9b5b-408d-a7ab-d92dd9efe0ed which can be used as unique global reference for Apple About Mac Scripting 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-14T00:00:00Z
date_published 2016-06-13T00:00:00Z
source MITRE
title About Mac Scripting

PowerShell About 2019

Wheeler, S. et al.. (2019, May 1). About PowerShell.exe. Retrieved October 11, 2019.

Internal MISP references

UUID 2c504602-4f5d-47fc-9780-e1e5041a0b3a which can be used as unique global reference for PowerShell About 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-11T00:00:00Z
date_published 2019-05-01T00:00:00Z
source MITRE
title About PowerShell.exe

Microsoft PowerShellB64

Microsoft. (2023, February 8). about_PowerShell_exe: EncodedCommand. Retrieved March 17, 2023.

Internal MISP references

UUID 7e50721c-c6d5-5449-8326-529da4cf5465 which can be used as unique global reference for Microsoft PowerShellB64 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-17T00:00:00Z
date_published 2023-02-08T00:00:00Z
source MITRE
title about_PowerShell_exe: EncodedCommand

Microsoft Profiles

Microsoft. (2021, September 27). about_Profiles. Retrieved February 4, 2022.

Internal MISP references

UUID b25ab0bf-c28b-4747-b075-30bcdfbc0e35 which can be used as unique global reference for Microsoft Profiles in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-04T00:00:00Z
date_published 2021-09-27T00:00:00Z
source MITRE
title about_Profiles

Microsoft About Profiles

Microsoft. (2017, November 29). About Profiles. Retrieved June 14, 2019.

Internal MISP references

UUID 1da63665-7a96-4bc3-9606-a3575b913819 which can be used as unique global reference for Microsoft About Profiles in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-14T00:00:00Z
date_published 2017-11-29T00:00:00Z
source MITRE
title About Profiles

Microsoft Remote Desktop Services

Microsoft. (2019, August 23). About Remote Desktop Services. Retrieved March 28, 2022.

Internal MISP references

UUID a981e013-f839-46e9-9c8a-128c4897f77a which can be used as unique global reference for Microsoft Remote Desktop Services in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-28T00:00:00Z
date_published 2019-08-23T00:00:00Z
source MITRE
title About Remote Desktop Services

systemsetup mac time

Apple Support. (n.d.). About systemsetup in Remote Desktop. Retrieved March 27, 2024.

Internal MISP references

UUID a85bd111-a2ca-5e66-b90e-f52ff780fc5c which can be used as unique global reference for systemsetup mac time in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-27T00:00:00Z
source MITRE
title About systemsetup in Remote Desktop

MSDN Clipboard

Microsoft. (n.d.). About the Clipboard. Retrieved March 29, 2016.

Internal MISP references

UUID 2c1b2d58-a5dc-4aee-8bdb-129a81c10408 which can be used as unique global reference for MSDN Clipboard in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-29T00:00:00Z
source MITRE
title About the Clipboard

Microsoft HTML Help Executable Program

Microsoft. (n.d.). About the HTML Help Executable Program. Retrieved October 3, 2018.

Internal MISP references

UUID 1af226cc-bb93-43c8-972e-367482c5d487 which can be used as unique global reference for Microsoft HTML Help Executable Program in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-10-03T00:00:00Z
source MITRE
title About the HTML Help Executable Program

About UEFI

UEFI Forum. (n.d.). About UEFI Forum. Retrieved January 5, 2016.

Internal MISP references

UUID 2e6fe82c-d90f-42b6-8247-397ab8823c7c which can be used as unique global reference for About UEFI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-05T00:00:00Z
source MITRE
title About UEFI Forum

Microsoft Window Classes

Microsoft. (n.d.). About Window Classes. Retrieved December 16, 2017.

Internal MISP references

UUID cc620fcd-1f4a-4670-84b5-3f12c9b85053 which can be used as unique global reference for Microsoft Window Classes in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-16T00:00:00Z
source MITRE
title About Window Classes

Picus Sodinokibi January 2020

Ozarslan, S. (2020, January 15). A Brief History of Sodinokibi. Retrieved August 5, 2020.

Internal MISP references

UUID 2e9c2206-a04e-4278-9492-830cc9347ff9 which can be used as unique global reference for Picus Sodinokibi January 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-05T00:00:00Z
date_published 2020-01-15T00:00:00Z
source MITRE
title A Brief History of Sodinokibi

Application Bundle Manipulation Brandon Dalton

Brandon Dalton. (2022, August 9). A bundle of nerves: Tweaking macOS security controls to thwart application bundle manipulation. Retrieved September 27, 2022.

Internal MISP references

UUID 2a8fd573-6ab0-403b-b813-88d9d3edab36 which can be used as unique global reference for Application Bundle Manipulation Brandon Dalton in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-27T00:00:00Z
date_published 2022-08-09T00:00:00Z
source MITRE
title A bundle of nerves: Tweaking macOS security controls to thwart application bundle manipulation

NCC Group Chimera January 2021

Jansen, W . (2021, January 12). Abusing cloud services to fly under the radar. Retrieved January 19, 2021.

Internal MISP references

UUID 70c217c3-83a2-40f2-8f47-b68d8bd4cdf0 which can be used as unique global reference for NCC Group Chimera January 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-19T00:00:00Z
date_published 2021-01-12T00:00:00Z
source MITRE
title Abusing cloud services to fly under the radar

Electron 2

Trend Micro. (2023, June 6). Abusing Electronbased applications in targeted attacks. Retrieved March 7, 2024.

Internal MISP references

UUID 0be977fd-7b7e-5ddb-aa0c-def81b97b2a5 which can be used as unique global reference for Electron 2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-07T00:00:00Z
date_published 2023-06-06T00:00:00Z
source MITRE
title Abusing Electronbased applications in targeted attacks

Harmj0y Abusing GPO Permissions

Schroeder, W. (2016, March 17). Abusing GPO Permissions. Retrieved March 5, 2019.

Internal MISP references

UUID 18cc9426-9b51-46fa-9106-99688385ebe4 which can be used as unique global reference for Harmj0y Abusing GPO Permissions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-05T00:00:00Z
date_published 2016-03-17T00:00:00Z
source MITRE
title Abusing GPO Permissions

Retwin Directory Share Pivot

Routin, D. (2017, November 13). Abusing network shares for efficient lateral movements and privesc (DirSharePivot). Retrieved April 12, 2018.

Internal MISP references

UUID 027c5274-6b61-447a-9058-edb844f112dd which can be used as unique global reference for Retwin Directory Share Pivot in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-12T00:00:00Z
date_published 2017-11-13T00:00:00Z
source MITRE
title Abusing network shares for efficient lateral movements and privesc (DirSharePivot)

BOHOPS Abusing the COM Registry

BOHOPS. (2018, August 18). Abusing the COM Registry Structure (Part 2): Hijacking & Loading Techniques. Retrieved August 10, 2020.

Internal MISP references

UUID 3b5c0e62-7ac9-42e1-b2dd-8f2e0739b9d7 which can be used as unique global reference for BOHOPS Abusing the COM Registry in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-10T00:00:00Z
date_published 2018-08-18T00:00:00Z
source MITRE
title Abusing the COM Registry Structure (Part 2): Hijacking & Loading Techniques

abusing_com_reg

bohops. (2018, August 18). ABUSING THE COM REGISTRY STRUCTURE (PART 2): HIJACKING & LOADING TECHNIQUES. Retrieved September 20, 2021.

Internal MISP references

UUID 7f0f223f-09b1-4f8f-b6f1-1044e2ac7066 which can be used as unique global reference for abusing_com_reg in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-20T00:00:00Z
date_published 2018-08-18T00:00:00Z
source MITRE
title ABUSING THE COM REGISTRY STRUCTURE (PART 2): HIJACKING & LOADING TECHNIQUES

Rhino Security Labs AWS VPC Traffic Mirroring

Spencer Gietzen. (2019, September 17). Abusing VPC Traffic Mirroring in AWS. Retrieved March 17, 2022.

Internal MISP references

UUID 09cac813-862c-47c8-a47f-154c5436afbb which can be used as unique global reference for Rhino Security Labs AWS VPC Traffic Mirroring in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-17T00:00:00Z
date_published 2019-09-17T00:00:00Z
source MITRE
title Abusing VPC Traffic Mirroring in AWS

Narrator Accessibility Abuse

Comi, G. (2019, October 19). Abusing Windows 10 Narrator's 'Feedback-Hub' URI for Fileless Persistence. Retrieved April 28, 2020.

Internal MISP references

UUID fc889ba3-79a5-445a-81ea-dfe81c1cc542 which can be used as unique global reference for Narrator Accessibility Abuse in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-04-28T00:00:00Z
date_published 2019-10-19T00:00:00Z
source MITRE
title Abusing Windows 10 Narrator's 'Feedback-Hub' URI for Fileless Persistence

Intezer ACBackdoor

Sanmillan, I. (2019, November 18). ACBackdoor: Analysis of a New Multiplatform Backdoor. Retrieved October 4, 2021.

Internal MISP references

UUID e6cb833f-cf18-498b-a233-848853423412 which can be used as unique global reference for Intezer ACBackdoor in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-04T00:00:00Z
date_published 2019-11-18T00:00:00Z
source MITRE
title ACBackdoor: Analysis of a New Multiplatform Backdoor

AccCheckConsole.exe - LOLBAS Project

LOLBAS. (2022, January 2). AccCheckConsole.exe. Retrieved December 4, 2023.

Internal MISP references

UUID de5523bd-e735-4751-84e9-a1be1d2980ec which can be used as unique global reference for AccCheckConsole.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-01-02T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title AccCheckConsole.exe

CyberScoop APT28 Nov 2018

Shoorbajee, Z. (2018, November 29). Accenture: Russian hackers using Brexit talks to disguise phishing lures. Retrieved July 16, 2019.

Internal MISP references

UUID ef8f0990-b2da-4538-8b02-7401dc5a4120 which can be used as unique global reference for CyberScoop APT28 Nov 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-16T00:00:00Z
date_published 2018-11-29T00:00:00Z
source MITRE
title Accenture: Russian hackers using Brexit talks to disguise phishing lures

Microsoft Azure Kubernetes Service Service Accounts

Microsoft Azure. (2023, April 28). Access and identity options for Azure Kubernetes Service (AKS). Retrieved July 14, 2023.

Internal MISP references

UUID bf374b41-b2a3-5c07-bf84-9ea0e1a9e6c5 which can be used as unique global reference for Microsoft Azure Kubernetes Service Service Accounts in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-14T00:00:00Z
date_published 2023-04-28T00:00:00Z
source MITRE
title Access and identity options for Azure Kubernetes Service (AKS)

CrowdStrike Access Brokers

CrowdStrike Intelligence Team. (2022, February 23). Access Brokers: Who Are the Targets, and What Are They Worth?. Retrieved March 10, 2023.

Internal MISP references

UUID 0f772693-e09d-5c82-85c2-77f5fee39ef0 which can be used as unique global reference for CrowdStrike Access Brokers in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-10T00:00:00Z
date_published 2022-02-23T00:00:00Z
source MITRE
title Access Brokers: Who Are the Targets, and What Are They Worth?

Microsoft Access Control Lists May 2018

M. Satran, M. Jacobs. (2018, May 30). Access Control Lists. Retrieved February 4, 2020.

Internal MISP references

UUID 2aeda95a-7741-4a74-a5a4-29a9e7a89451 which can be used as unique global reference for Microsoft Access Control Lists May 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-04T00:00:00Z
date_published 2018-05-30T00:00:00Z
source MITRE
title Access Control Lists

Auth0 Access Tokens

Auth0. (n.d.). Access Tokens. Retrieved September 29, 2021.

Internal MISP references

UUID 43e8e178-a0da-44d8-be1b-853307e0d4ae which can be used as unique global reference for Auth0 Access Tokens in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
source MITRE
title Access Tokens

BSidesSLC 2020 - LNK Elastic

French, D., Filar, B.. (2020, March 21). A Chain Is No Stronger Than Its Weakest LNK. Retrieved November 30, 2020.

Internal MISP references

UUID 4c2ede51-33f6-4d09-9186-43b023b079c0 which can be used as unique global reference for BSidesSLC 2020 - LNK Elastic in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-30T00:00:00Z
date_published 2020-03-21T00:00:00Z
source MITRE
title A Chain Is No Stronger Than Its Weakest LNK

Mythic SpecterOps

Thomas, C. (2020, August 13). A Change of Mythic Proportions. Retrieved March 25, 2022.

Internal MISP references

UUID 98d4453e-2e80-422a-ac8c-47f650f46e3c which can be used as unique global reference for Mythic SpecterOps in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-25T00:00:00Z
date_published 2020-08-13T00:00:00Z
source MITRE
title A Change of Mythic Proportions

FireEye Chinese Espionage October 2019

Nalani Fraser, Kelli Vanderlee. (2019, October 10). Achievement Unlocked - Chinese Cyber Espionage Evolves to Support Higher Level Missions. Retrieved October 17, 2021.

Internal MISP references

UUID d37c069c-7fb8-44e1-8377-da97e8bbcf67 which can be used as unique global reference for FireEye Chinese Espionage October 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-17T00:00:00Z
date_published 2019-10-10T00:00:00Z
source MITRE, Tidal Cyber
title Achievement Unlocked - Chinese Cyber Espionage Evolves to Support Higher Level Missions

Unit42 AcidBox June 2020

Reichel, D. and Idrizovic, E. (2020, June 17). AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations. Retrieved March 16, 2021.

Internal MISP references

UUID f3f2eca0-fda3-451e-bf13-aacb14668e48 which can be used as unique global reference for Unit42 AcidBox June 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-16T00:00:00Z
date_published 2020-06-17T00:00:00Z
source MITRE
title AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations

AcidRain JAGS 2022

Juan Andres Guerrero-Saade and Max van Amerongen, SentinelOne. (2022, March 31). AcidRain | A Modem Wiper Rains Down on Europe. Retrieved March 25, 2024.

Internal MISP references

UUID bd4a7b2e-a387-5e1b-9d9e-52464a8e25c9 which can be used as unique global reference for AcidRain JAGS 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-25T00:00:00Z
date_published 2022-03-31T00:00:00Z
source MITRE
title AcidRain

acroread package compromised Arch Linux Mail 8JUL2018

Eli Schwartz. (2018, June 8). acroread package compromised. Retrieved April 23, 2019.

Internal MISP references

UUID 99245022-2130-404d-bf7a-095d84a515cd which can be used as unique global reference for acroread package compromised Arch Linux Mail 8JUL2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-23T00:00:00Z
date_published 2018-06-08T00:00:00Z
source MITRE
title acroread package compromised

Microsoft Actinium February 2022

Microsoft Threat Intelligence Center. (2022, February 4). ACTINIUM targets Ukrainian organizations. Retrieved February 18, 2022.

Internal MISP references

UUID 5ab658db-7f71-4213-8146-e22da54160b3 which can be used as unique global reference for Microsoft Actinium February 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-18T00:00:00Z
date_published 2022-02-04T00:00:00Z
source MITRE
title ACTINIUM targets Ukrainian organizations

Wikipedia Active Directory

Wikipedia. (2018, March 10). Active Directory. Retrieved April 11, 2018.

Internal MISP references

UUID 924e1186-57e5-43db-94ab-29afa3fdaa7b which can be used as unique global reference for Wikipedia Active Directory in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-11T00:00:00Z
date_published 2018-03-10T00:00:00Z
source MITRE
title Active Directory

Microsoft AD Accounts

Microsoft. (2019, August 23). Active Directory Accounts. Retrieved March 13, 2020.

Internal MISP references

UUID df734659-2441-487a-991d-59064c61b771 which can be used as unique global reference for Microsoft AD Accounts in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-13T00:00:00Z
date_published 2019-08-23T00:00:00Z
source MITRE
title Active Directory Accounts

Microsoft AD Admin Tier Model

Microsoft. (2019, February 14). Active Directory administrative tier model. Retrieved February 21, 2020.

Internal MISP references

UUID 3afba81a-3b1d-41ec-938e-24f055698d52 which can be used as unique global reference for Microsoft AD Admin Tier Model in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-21T00:00:00Z
date_published 2019-02-14T00:00:00Z
source MITRE
title Active Directory administrative tier model

Microsoft AD CS Overview

Microsoft. (2016, August 31). Active Directory Certificate Services Overview. Retrieved August 2, 2022.

Internal MISP references

UUID f1b2526a-1bf6-4954-a9b3-a5e008761ceb which can be used as unique global reference for Microsoft AD CS Overview in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-02T00:00:00Z
date_published 2016-08-31T00:00:00Z
source MITRE
title Active Directory Certificate Services Overview

Microsoft Get-ADUser

Microsoft. (n.d.). Active Directory Cmdlets - Get-ADUser. Retrieved November 30, 2017.

Internal MISP references

UUID b68ac85e-a007-4a72-9185-2877e9184fad which can be used as unique global reference for Microsoft Get-ADUser in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-30T00:00:00Z
source MITRE
title Active Directory Cmdlets - Get-ADUser

Active Directory Enumeration with LDIFDE

Microsoft. (2023, June 26). Active Directory Enumeration with LDIFDE. Retrieved July 11, 2023.

Internal MISP references

UUID 51e6623a-4448-4244-8c81-4eab102e5926 which can be used as unique global reference for Active Directory Enumeration with LDIFDE in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-11T00:00:00Z
date_published 2023-06-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Active Directory Enumeration with LDIFDE

Microsoft SID-History Attribute

Microsoft. (n.d.). Active Directory Schema - SID-History attribute. Retrieved November 30, 2017.

Internal MISP references

UUID 32150673-5593-4a2c-9872-aaa96a21aa5c which can be used as unique global reference for Microsoft SID-History Attribute in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-30T00:00:00Z
source MITRE
title Active Directory Schema - SID-History attribute

Volexity Ivanti Zero-Day Exploitation January 2024

Meltzer, M. et al. (2024, January 10). Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN. Retrieved February 27, 2024.

Internal MISP references

UUID 93eda380-ea21-59e0-97e8-5bec1f9a0e71 which can be used as unique global reference for Volexity Ivanti Zero-Day Exploitation January 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-27T00:00:00Z
date_published 2024-01-10T00:00:00Z
source MITRE
title Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN

ActiveMalwareEnergy

Dan Goodin. (2014, June 30). Active malware operation let attackers sabotage US energy industry. Retrieved March 9, 2017.

Internal MISP references

UUID f2ef73c6-5d4c-423e-a3f5-194cba121eb1 which can be used as unique global reference for ActiveMalwareEnergy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-09T00:00:00Z
date_published 2014-06-30T00:00:00Z
source MITRE
title Active malware operation let attackers sabotage US energy industry

Klein Active Setup 2010

Klein, H. (2010, April 22). Active Setup Explained. Retrieved December 18, 2020.

Internal MISP references

UUID cbdd6290-1dda-48af-a101-fb3db6581276 which can be used as unique global reference for Klein Active Setup 2010 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-18T00:00:00Z
date_published 2010-04-22T00:00:00Z
source MITRE
title Active Setup Explained

Dark Vortex Brute Ratel C4

Dark Vortex. (n.d.). A Customized Command and Control Center for Red Team and Adversary Simulation. Retrieved February 7, 2023.

Internal MISP references

UUID 47992cb5-df11-56c2-b266-6f58d75f8315 which can be used as unique global reference for Dark Vortex Brute Ratel C4 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-07T00:00:00Z
source MITRE
title A Customized Command and Control Center for Red Team and Adversary Simulation

ad_blocker_with_miner

Kuzmenko, A.. (2021, March 10). Ad blocker with miner included. Retrieved October 28, 2021.

Internal MISP references

UUID 8e30f71e-80b8-4662-bc95-bf3cf7cfcf40 which can be used as unique global reference for ad_blocker_with_miner in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-28T00:00:00Z
date_published 2021-03-10T00:00:00Z
source MITRE
title Ad blocker with miner included

Microsoft Support O365 Add Another Admin, October 2019

Microsoft. (n.d.). Add Another Admin. Retrieved October 18, 2019.

Internal MISP references

UUID c31cfc48-289e-42aa-8046-b41261fdeb96 which can be used as unique global reference for Microsoft Support O365 Add Another Admin, October 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-18T00:00:00Z
source MITRE
title Add Another Admin

Amazon AWS IMDS V2

MacCarthaigh, C. (2019, November 19). Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service. Retrieved October 14, 2020.

Internal MISP references

UUID f252eb18-86e9-4ed0-b9da-2c81f12a6e13 which can be used as unique global reference for Amazon AWS IMDS V2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-14T00:00:00Z
date_published 2019-11-19T00:00:00Z
source MITRE
title Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service

Adding Login Items

Apple. (2016, September 13). Adding Login Items. Retrieved July 11, 2017.

Internal MISP references

UUID 5ab3e243-37a6-46f1-b28f-6846ecdef0ae which can be used as unique global reference for Adding Login Items in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-11T00:00:00Z
date_published 2016-09-13T00:00:00Z
source MITRE
title Adding Login Items

MRWLabs Office Persistence Add-ins

Knowles, W. (2017, April 21). Add-In Opportunities for Office Persistence. Retrieved July 3, 2017.

Internal MISP references

UUID a5b6ab63-0e6f-4789-a017-ceab1719ed85 which can be used as unique global reference for MRWLabs Office Persistence Add-ins in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-03T00:00:00Z
date_published 2017-04-21T00:00:00Z
source MITRE
title Add-In Opportunities for Office Persistence

AddinUtil.exe - LOLBAS Project

LOLBAS. (2023, October 5). AddinUtil.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 91af546d-0a56-4c17-b292-6257943a8aba which can be used as unique global reference for AddinUtil.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2023-10-05T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title AddinUtil.exe

Microsoft - Add-MailboxPermission

Microsoft. (n.d.). Add-Mailbox Permission. Retrieved September 13, 2019.

Internal MISP references

UUID b8d40efb-c78d-47dd-9d83-e5a31af73691 which can be used as unique global reference for Microsoft - Add-MailboxPermission in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-13T00:00:00Z
source MITRE
title Add-Mailbox Permission

AddMonitor

Microsoft. (n.d.). AddMonitor function. Retrieved November 12, 2014.

Internal MISP references

UUID 8c1a719e-6ca1-4b41-966d-ddb87c849fe0 which can be used as unique global reference for AddMonitor in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
source MITRE
title AddMonitor function

Microsoft Azure AD Users

Microsoft. (2019, November 11). Add or delete users using Azure Active Directory. Retrieved January 30, 2020.

Internal MISP references

UUID b69468a2-693e-4bd0-8dc1-ccfd7d5630c0 which can be used as unique global reference for Microsoft Azure AD Users in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-01-30T00:00:00Z
date_published 2019-11-11T00:00:00Z
source MITRE
title Add or delete users using Azure Active Directory

Microsoft Office Add-ins

Microsoft. (n.d.). Add or remove add-ins. Retrieved July 3, 2017.

Internal MISP references

UUID 99b20e30-76a8-4108-84ae-daf92058b44b which can be used as unique global reference for Microsoft Office Add-ins in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-03T00:00:00Z
source MITRE
title Add or remove add-ins

Microsoft AddPrintProcessor May 2018

Microsoft. (2018, May 31). AddPrintProcessor function. Retrieved October 5, 2020.

Internal MISP references

UUID 12c7160b-c93c-44cd-b108-68d4823aec8c which can be used as unique global reference for Microsoft AddPrintProcessor May 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-05T00:00:00Z
date_published 2018-05-31T00:00:00Z
source MITRE
title AddPrintProcessor function

RFC1918

IETF Network Working Group. (1996, February). Address Allocation for Private Internets. Retrieved October 20, 2020.

Internal MISP references

UUID f2cdf62e-cb9b-4a48-99a2-d46e7d9e7a9e which can be used as unique global reference for RFC1918 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 1996-02-01T00:00:00Z
source MITRE
title Address Allocation for Private Internets

Microsoft Exchange Address Lists

Microsoft. (2020, February 7). Address lists in Exchange Server. Retrieved March 26, 2020.

Internal MISP references

UUID 138ec24a-4361-4ce0-b78e-508c11db397c which can be used as unique global reference for Microsoft Exchange Address Lists in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-26T00:00:00Z
date_published 2020-02-07T00:00:00Z
source MITRE
title Address lists in Exchange Server

Microsoft AD DS Getting Started

Foulds, I. et al. (2018, August 7). AD DS Getting Started. Retrieved September 23, 2021.

Internal MISP references

UUID 82d01c77-571b-4f33-a286-878f325462ae which can be used as unique global reference for Microsoft AD DS Getting Started in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-23T00:00:00Z
date_published 2018-08-07T00:00:00Z
source MITRE
title AD DS Getting Started

Akamai DGA Mitigation

Liu, H. and Yuzifovich, Y. (2018, January 9). A Death Match of Domain Generation Algorithms. Retrieved February 18, 2019.

Internal MISP references

UUID 5b14cdf6-261a-4d7e-acb4-74e7fafa9467 which can be used as unique global reference for Akamai DGA Mitigation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-18T00:00:00Z
date_published 2018-01-09T00:00:00Z
source MITRE
title A Death Match of Domain Generation Algorithms

Keychain Decryption Passware

Yana Gourenko. (n.d.). A Deep Dive into Apple Keychain Decryption. Retrieved April 13, 2022.

Internal MISP references

UUID 6a426ab4-5b0b-46d4-9dfe-e2587f69e111 which can be used as unique global reference for Keychain Decryption Passware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-13T00:00:00Z
source MITRE
title A Deep Dive into Apple Keychain Decryption

Trend Micro Deep Dive Into Defacement

Marco Balduzzi, Ryan Flores, Lion Gu, Federico Maggi, Vincenzo Ciancaglini, Roel Reyes, Akira Urano. (n.d.). A Deep Dive into Defacement: How Geopolitical Events Trigger Web Attacks. Retrieved April 19, 2019.

Internal MISP references

UUID 4886418b-3a2e-4f12-b91e-3bb2a8134112 which can be used as unique global reference for Trend Micro Deep Dive Into Defacement in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-19T00:00:00Z
source MITRE
title A Deep Dive into Defacement: How Geopolitical Events Trigger Web Attacks

Talos Lokibot Jan 2021

Muhammad, I., Unterbrink, H.. (2021, January 6). A Deep Dive into Lokibot Infection Chain. Retrieved August 31, 2021.

Internal MISP references

UUID 3baba4e6-0cf5-45eb-8abb-6c389743af89 which can be used as unique global reference for Talos Lokibot Jan 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-31T00:00:00Z
date_published 2021-01-06T00:00:00Z
source MITRE
title A Deep Dive into Lokibot Infection Chain

Malwarebytes Saint Bot April 2021

Hasherezade. (2021, April 6). A deep dive into Saint Bot, a new downloader. Retrieved June 9, 2022.

Internal MISP references

UUID 3a1faa47-7bd3-453f-9b7a-bb17efb8bb3c which can be used as unique global reference for Malwarebytes Saint Bot April 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-09T00:00:00Z
date_published 2021-04-06T00:00:00Z
source MITRE
title A deep dive into Saint Bot, a new downloader

SecurityScorecard CredoMap September 2022

Vlad Pasca. (2022, September 27). A Deep Dive Into the APT28’s stealer called CredoMap. Retrieved December 5, 2023.

Internal MISP references

UUID 3e683efc-4712-4397-8d55-4354ff7ad9f0 which can be used as unique global reference for SecurityScorecard CredoMap September 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-05T00:00:00Z
date_published 2022-09-27T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title A Deep Dive Into the APT28’s stealer called CredoMap

Krebs DNS Hijack 2019

Brian Krebs. (2019, February 18). A Deep Dive on the Recent Widespread DNS Hijacking Attacks. Retrieved February 14, 2022.

Internal MISP references

UUID 9bdc618d-ff55-4ac8-8967-6039c6c24cb1 which can be used as unique global reference for Krebs DNS Hijack 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-14T00:00:00Z
date_published 2019-02-18T00:00:00Z
source MITRE
title A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Reaqta MuddyWater November 2017

Reaqta. (2017, November 22). A dive into MuddyWater APT targeting Middle-East. Retrieved May 18, 2020.

Internal MISP references

UUID ecd28ccf-edb6-478d-a8f1-da630df42127 which can be used as unique global reference for Reaqta MuddyWater November 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-18T00:00:00Z
date_published 2017-11-22T00:00:00Z
source MITRE
title A dive into MuddyWater APT targeting Middle-East

ESET Turla PowerShell May 2019

Faou, M. and Dumont R.. (2019, May 29). A dive into Turla PowerShell usage. Retrieved June 14, 2019.

Internal MISP references

UUID 68c0f34b-691a-4847-8d49-f18b7f4e5188 which can be used as unique global reference for ESET Turla PowerShell May 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-14T00:00:00Z
date_published 2019-05-29T00:00:00Z
source MITRE
title A dive into Turla PowerShell usage

Kubernetes Admission Controllers

Kubernetes. (n.d.). Admission Controllers Reference. Retrieved March 8, 2023.

Internal MISP references

UUID ea035e41-159b-5f12-96fc-0638eace9fd2 which can be used as unique global reference for Kubernetes Admission Controllers in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-08T00:00:00Z
source MITRE
title Admission Controllers Reference

Krebs Adobe

Brian Krebs. (2013, October 3). Adobe To Announce Source Code, Customer Data Breach. Retrieved May 17, 2021.

Internal MISP references

UUID bc2b0b89-e00d-4beb-bf27-fe81d8c826a4 which can be used as unique global reference for Krebs Adobe in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-17T00:00:00Z
date_published 2013-10-03T00:00:00Z
source MITRE
title Adobe To Announce Source Code, Customer Data Breach

Github AD-Pentest-Script

Twi1ight. (2015, July 11). AD-Pentest-Script - wmiexec.vbs. Retrieved June 29, 2017.

Internal MISP references

UUID 45a5f6c2-b52e-4518-a10e-19797e6fdcc3 which can be used as unique global reference for Github AD-Pentest-Script in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-06-29T00:00:00Z
date_published 2015-07-11T00:00:00Z
source MITRE
title AD-Pentest-Script - wmiexec.vbs

adplus.exe - LOLBAS Project

LOLBAS. (2021, September 1). adplus.exe. Retrieved December 4, 2023.

Internal MISP references

UUID d407ca0a-7ace-4dc5-947d-69a1e5a1d459 which can be used as unique global reference for adplus.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-09-01T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title adplus.exe

Microsoft ADV170021 Dec 2017

Microsoft. (2017, December 12). ADV170021 - Microsoft Office Defense in Depth Update. Retrieved February 3, 2018.

Internal MISP references

UUID ce960e76-848f-440d-9843-54773f7b11cf which can be used as unique global reference for Microsoft ADV170021 Dec 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-03T00:00:00Z
date_published 2017-12-12T00:00:00Z
source MITRE
title ADV170021 - Microsoft Office Defense in Depth Update

FireEye APT Groups

FireEye. (n.d.). Advanced Persistent Threat Groups. Retrieved August 3, 2018.

Internal MISP references

UUID 5b6b909d-870a-4d14-85ec-6aa14e598740 which can be used as unique global reference for FireEye APT Groups in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-03T00:00:00Z
source MITRE, Tidal Cyber
title Advanced Persistent Threat Groups

Mandiant Advanced Persistent Threats

Mandiant. (n.d.). Advanced Persistent Threats (APTs). Retrieved February 14, 2024.

Internal MISP references

UUID 2d16615b-09fc-5925-8f59-6d20f334d236 which can be used as unique global reference for Mandiant Advanced Persistent Threats in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-14T00:00:00Z
source MITRE
title Advanced Persistent Threats (APTs)

Mandiant APT Groups List

Mandiant. (n.d.). Advanced Persistent Threats (APTs). Retrieved September 14, 2023.

Internal MISP references

UUID c984fcfc-1bfd-4b1e-9034-a6ff3e6ebf97 which can be used as unique global reference for Mandiant APT Groups List in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-14T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Advanced Persistent Threats (APTs)

Advanced_sec_audit_policy_settings

Simpson, D. et al. (2017, April 19). Advanced security audit policy settings. Retrieved September 14, 2021.

Internal MISP references

UUID 9aef57b1-1a2e-4833-815e-887616cc0570 which can be used as unique global reference for Advanced_sec_audit_policy_settings in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-14T00:00:00Z
date_published 2017-04-19T00:00:00Z
source MITRE
title Advanced security audit policy settings

Adversaries Hijack DLLs

CrowdStrike, Falcon OverWatch Team. (2022, December 30). Retrieved October 19, 2023.

Internal MISP references

UUID 01836e53-4316-51a7-852c-01e585212276 which can be used as unique global reference for Adversaries Hijack DLLs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-19T00:00:00Z
source MITRE
title Adversaries Hijack DLLs

CrowdStrike Richochet Chollima September 2021

CrowdStrike. (2021, September 30). Adversary Profile - Ricochet Chollima. Retrieved September 30, 2021.

Internal MISP references

UUID 69a23467-c55c-43a3-951d-c208e6ead6f7 which can be used as unique global reference for CrowdStrike Richochet Chollima September 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-30T00:00:00Z
date_published 2021-09-30T00:00:00Z
source MITRE
title Adversary Profile - Ricochet Chollima

Elastic - Hunting for Persistence Part 1

French, D., Murphy, B. (2020, March 24). Adversary tradecraft 101: Hunting for persistence using Elastic Security (Part 1). Retrieved December 21, 2020.

Internal MISP references

UUID bd9406d3-c3e3-4737-97a1-a4bc997c88cd which can be used as unique global reference for Elastic - Hunting for Persistence Part 1 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-21T00:00:00Z
date_published 2020-03-24T00:00:00Z
source MITRE
title Adversary tradecraft 101: Hunting for persistence using Elastic Security (Part 1)

NCSC APT29 July 2020

National Cyber Security Centre. (2020, July 16). Advisory: APT29 targets COVID-19 vaccine development. Retrieved September 29, 2020.

Internal MISP references

UUID 28da86a6-4ca1-4bb4-a401-d4aa469c0034 which can be used as unique global reference for NCSC APT29 July 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-29T00:00:00Z
date_published 2020-07-16T00:00:00Z
source MITRE
title Advisory: APT29 targets COVID-19 vaccine development

Advpack.dll - LOLBAS Project

LOLBAS. (2018, May 25). Advpack.dll. Retrieved December 4, 2023.

Internal MISP references

UUID 837ccb3c-316d-4d96-8a33-b5df40870aba which can be used as unique global reference for Advpack.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Advpack.dll

Kaspersky Adwind Feb 2016

Kamluk, V. & Gostev, A. (2016, February). Adwind - A Cross-Platform RAT. Retrieved April 23, 2019.

Internal MISP references

UUID 69fd8de4-81bc-4165-b77d-c5fc72cfa699 which can be used as unique global reference for Kaspersky Adwind Feb 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-23T00:00:00Z
date_published 2016-02-01T00:00:00Z
source MITRE
title Adwind - A Cross-Platform RAT

Bitdefender Trickbot VNC module Whitepaper 2021

Radu Tudorica. (2021, July 12). A Fresh Look at Trickbot’s Ever-Improving VNC Module. Retrieved September 28, 2021.

Internal MISP references

UUID ee2709d7-2b33-48ac-8e90-a2770d469d80 which can be used as unique global reference for Bitdefender Trickbot VNC module Whitepaper 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-28T00:00:00Z
date_published 2021-07-12T00:00:00Z
source MITRE
title A Fresh Look at Trickbot’s Ever-Improving VNC Module

Mac Backdoors are back

Dan Goodin. (2016, July 6). After hiatus, in-the-wild Mac backdoors are suddenly back. Retrieved July 8, 2017.

Internal MISP references

UUID c37f00dc-ee53-4be1-9046-0a28bdc5649a which can be used as unique global reference for Mac Backdoors are back in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-08T00:00:00Z
date_published 2016-07-06T00:00:00Z
source MITRE
title After hiatus, in-the-wild Mac backdoors are suddenly back

SentinelOne January 30 2023

SentinelOne. (2023, January 30). Agenda (Qilin). Retrieved June 7, 2024.

Internal MISP references

UUID 290e84bc-7dae-46ec-81de-78c94b98e45b which can be used as unique global reference for SentinelOne January 30 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-06-07T00:00:00Z
date_published 2023-01-30T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Agenda (Qilin)

Trend Micro March 26 2024

Arianne Dela Cruz; Raymart Yambot; Raighen Sanchez; Darrel Tristan Virtusio Read time. (2024, March 26). Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script. Retrieved April 5, 2024.

Internal MISP references

UUID d5634b8e-420a-4721-a3d2-19d9f36697f4 which can be used as unique global reference for Trend Micro March 26 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-05T00:00:00Z
date_published 2024-03-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script

Kaspersky MSSQL Aug 2019

Plakhov, A., Sitchikhin, D. (2019, August 22). Agent 1433: remote attack on Microsoft SQL Server. Retrieved September 4, 2019.

Internal MISP references

UUID 569a6be3-7a10-4aa4-be26-a62ed562a4ce which can be used as unique global reference for Kaspersky MSSQL Aug 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-04T00:00:00Z
date_published 2019-08-22T00:00:00Z
source MITRE
title Agent 1433: remote attack on Microsoft SQL Server

Securelist Agent.btz

Gostev, A.. (2014, March 12). Agent.btz: a Source of Inspiration?. Retrieved April 8, 2016.

Internal MISP references

UUID 3b876c56-1d18-49e3-9a96-5cee4af7ab72 which can be used as unique global reference for Securelist Agent.btz in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-08T00:00:00Z
date_published 2014-03-12T00:00:00Z
source MITRE
title Agent.btz: a Source of Inspiration?

ThreatExpert Agent.btz

Shevchenko, S.. (2008, November 30). Agent.btz - A Threat That Hit Pentagon. Retrieved April 8, 2016.

Internal MISP references

UUID b710c404-b02e-444c-9388-9a5e751971d2 which can be used as unique global reference for ThreatExpert Agent.btz in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-08T00:00:00Z
date_published 2008-11-30T00:00:00Z
source MITRE
title Agent.btz - A Threat That Hit Pentagon

AgentExecutor.exe - LOLBAS Project

LOLBAS. (2020, July 23). AgentExecutor.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 633d7f25-df9d-4619-9aa9-92d1d9d225d7 which can be used as unique global reference for AgentExecutor.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-07-23T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title AgentExecutor.exe

SentinelLabs Agent Tesla Aug 2020

Walter, J. (2020, August 10). Agent Tesla | Old RAT Uses New Tricks to Stay on Top. Retrieved December 11, 2020.

Internal MISP references

UUID 5f712e3f-5a9d-4af3-b846-a61dc1d59b3a which can be used as unique global reference for SentinelLabs Agent Tesla Aug 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-11T00:00:00Z
date_published 2020-08-10T00:00:00Z
source MITRE
title Agent Tesla

LogPoint Agent Tesla March 23 2023

Anish Bogati. (2023, March 23). AgentTesla's Capabilities: A Review and Detection Strategies. Retrieved May 7, 2023.

Internal MISP references

UUID 28bfb97b-4b58-408a-bef9-9081f6ddedb8 which can be used as unique global reference for LogPoint Agent Tesla March 23 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2023-03-23T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title AgentTesla's Capabilities: A Review and Detection Strategies

ATT Sidewinder January 2021

Hegel, T. (2021, January 13). A Global Perspective of the SideWinder APT. Retrieved January 27, 2021.

Internal MISP references

UUID d6644f88-d727-4f62-897a-bfa18f86380d which can be used as unique global reference for ATT Sidewinder January 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-27T00:00:00Z
date_published 2021-01-13T00:00:00Z
source MITRE, Tidal Cyber
title A Global Perspective of the SideWinder APT

Harmj0y Domain Trusts

Schroeder, W. (2017, October 30). A Guide to Attacking Domain Trusts. Retrieved February 14, 2019.

Internal MISP references

UUID 23a9ef6c-9f71-47bb-929f-9a92f24553eb which can be used as unique global reference for Harmj0y Domain Trusts in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-14T00:00:00Z
date_published 2017-10-30T00:00:00Z
source MITRE
title A Guide to Attacking Domain Trusts

airwalk backdoor unix systems

airwalk. (2023, January 1). A guide to backdooring Unix systems. Retrieved May 31, 2023.

Internal MISP references

UUID 3f3bca4a-68fa-5d4a-b86f-36f82345ff36 which can be used as unique global reference for airwalk backdoor unix systems in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-31T00:00:00Z
date_published 2023-01-01T00:00:00Z
source MITRE
title A guide to backdooring Unix systems

Wired Lockergoga 2019

Greenberg, A. (2019, March 25). A Guide to LockerGoga, the Ransomware Crippling Industrial Firms. Retrieved July 17, 2019.

Internal MISP references

UUID de12f263-f76d-4b63-beb8-b210f7a8310d which can be used as unique global reference for Wired Lockergoga 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-17T00:00:00Z
date_published 2019-03-25T00:00:00Z
source MITRE
title A Guide to LockerGoga, the Ransomware Crippling Industrial Firms

ZDNET Selling Data

Cimpanu, C. (2020, May 9). A hacker group is selling more than 73 million user records on the dark web. Retrieved October 20, 2020.

Internal MISP references

UUID 61d00ae2-5494-4c6c-8860-6826e701ade8 which can be used as unique global reference for ZDNET Selling Data in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2020-05-09T00:00:00Z
source MITRE
title A hacker group is selling more than 73 million user records on the dark web

ESET Zebrocy May 2019

ESET Research. (2019, May 22). A journey to Zebrocy land. Retrieved June 20, 2019.

Internal MISP references

UUID f8b837fb-e46c-4153-8e86-dc4b909b393a which can be used as unique global reference for ESET Zebrocy May 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-20T00:00:00Z
date_published 2019-05-22T00:00:00Z
source MITRE
title A journey to Zebrocy land

Kersten Akira 2023

Max Kersten & Alexandre Mundo. (2023, November 29). Akira Ransomware. Retrieved April 4, 2024.

Internal MISP references

UUID df191993-a2cb-5d26-960c-11d1c6d3d73b which can be used as unique global reference for Kersten Akira 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-04T00:00:00Z
date_published 2023-11-29T00:00:00Z
source MITRE
title Akira Ransomware

Akira Ransomware Analysis August 2023

SEQBOSS. (2023, August 10). AKIRA RANSOMWARE ANALYSIS. Retrieved April 3, 2024.

Internal MISP references

UUID b34d6a98-158e-4fe7-8fcd-79554c07631a which can be used as unique global reference for Akira Ransomware Analysis August 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-03T00:00:00Z
date_published 2023-08-10T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title AKIRA RANSOMWARE ANALYSIS

Sophos Akira May 9 2023

Paul Jaramillo. (2023, May 9). Akira Ransomware is “bringin’ 1988 back”. Retrieved February 27, 2024.

Internal MISP references

UUID 1343b052-b158-4dad-9ed4-9dbb7bb778dd which can be used as unique global reference for Sophos Akira May 9 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-27T00:00:00Z
date_published 2023-05-09T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Akira Ransomware is “bringin’ 1988 back”

Microsoft AKS Azure AD 2023

Microsoft. (2023, February 27). AKS-managed Azure Active Directory integration. Retrieved March 8, 2023.

Internal MISP references

UUID 809db259-3557-5597-9d1a-7c00cc10b89c which can be used as unique global reference for Microsoft AKS Azure AD 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-08T00:00:00Z
date_published 2023-02-27T00:00:00Z
source MITRE
title AKS-managed Azure Active Directory integration

Okta DPoP 2023

Venkat Viswanathan. (2023, June 13). A leap forward in token security: Okta adds support for DPoP. Retrieved January 2, 2024.

Internal MISP references

UUID d792ede9-6ff6-5fae-a045-fd8b57abd3d3 which can be used as unique global reference for Okta DPoP 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-02T00:00:00Z
date_published 2023-06-13T00:00:00Z
source MITRE
title A leap forward in token security: Okta adds support for DPoP

US-CERT SamSam 2018

US-CERT. (2018, December 3). Alert (AA18-337A): SamSam Ransomware. Retrieved March 15, 2019.

Internal MISP references

UUID b9d14fea-2330-4eed-892c-b4e05a35d273 which can be used as unique global reference for US-CERT SamSam 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-15T00:00:00Z
date_published 2018-12-03T00:00:00Z
source MITRE
title Alert (AA18-337A): SamSam Ransomware

CISA MSS Sep 2020

CISA. (2020, September 14). Alert (AA20-258A): Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity. Retrieved October 1, 2020.

Internal MISP references

UUID ffe613e3-b528-42bf-81d5-4d8de38b3457 which can be used as unique global reference for CISA MSS Sep 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-01T00:00:00Z
date_published 2020-09-14T00:00:00Z
source MITRE
title Alert (AA20-258A): Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

CISA Lokibot September 2020

DHS/CISA. (2020, September 22). Alert (AA20-266A) LokiBot Malware . Retrieved September 15, 2021.

Internal MISP references

UUID df979f7b-6de8-4029-ae47-700f29157db0 which can be used as unique global reference for CISA Lokibot September 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-15T00:00:00Z
date_published 2020-09-22T00:00:00Z
source MITRE
title Alert (AA20-266A) LokiBot Malware

CISA_AA21_200B

CISA. (2021, August 20). Alert (AA21-200B) Chinese State-Sponsored Cyber Operations: Observed TTPs. Retrieved June 21, 2022.

Internal MISP references

UUID 633c6045-8990-58ae-85f0-00139aa9a091 which can be used as unique global reference for CISA_AA21_200B in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-21T00:00:00Z
date_published 2021-08-20T00:00:00Z
source MITRE
title Alert (AA21-200B) Chinese State-Sponsored Cyber Operations: Observed TTPs

cisa_malware_orgs_ukraine

CISA. (2022, April 28). Alert (AA22-057A) Update: Destructive Malware Targeting Organizations in Ukraine. Retrieved July 29, 2022.

Internal MISP references

UUID ebe89b36-f87f-4e09-8030-a1328c0b8683 which can be used as unique global reference for cisa_malware_orgs_ukraine in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-29T00:00:00Z
date_published 2022-04-28T00:00:00Z
source MITRE
title Alert (AA22-057A) Update: Destructive Malware Targeting Organizations in Ukraine

US-CERT Ransomware 2016

US-CERT. (2016, March 31). Alert (TA16-091A): Ransomware and Recent Variants. Retrieved March 15, 2019.

Internal MISP references

UUID 866484fa-836d-4c5b-bbad-3594ef60599c which can be used as unique global reference for US-CERT Ransomware 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-15T00:00:00Z
date_published 2016-03-31T00:00:00Z
source MITRE
title Alert (TA16-091A): Ransomware and Recent Variants

US-CERT WannaCry 2017

US-CERT. (2017, May 12). Alert (TA17-132A): Indicators Associated With WannaCry Ransomware. Retrieved March 25, 2019.

Internal MISP references

UUID 349b8e9d-7172-4d01-b150-f0371d038b7e which can be used as unique global reference for US-CERT WannaCry 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-25T00:00:00Z
date_published 2017-05-12T00:00:00Z
source MITRE
title Alert (TA17-132A): Indicators Associated With WannaCry Ransomware

US-CERT HIDDEN COBRA June 2017

US-CERT. (2017, June 13). Alert (TA17-164A) HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure. Retrieved July 13, 2017.

Internal MISP references

UUID 8e57cea3-ee37-4507-bb56-7445050ec8ca which can be used as unique global reference for US-CERT HIDDEN COBRA June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-13T00:00:00Z
date_published 2017-06-13T00:00:00Z
source MITRE
title Alert (TA17-164A) HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure

US-CERT NotPetya 2017

US-CERT. (2017, July 1). Alert (TA17-181A): Petya Ransomware. Retrieved March 15, 2019.

Internal MISP references

UUID 6a009850-834b-4178-9028-2745921b6743 which can be used as unique global reference for US-CERT NotPetya 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-15T00:00:00Z
date_published 2017-07-01T00:00:00Z
source MITRE
title Alert (TA17-181A): Petya Ransomware

US-CERT APT Energy Oct 2017

US-CERT. (2017, October 20). Alert (TA17-293A): Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved November 2, 2017.

Internal MISP references

UUID e34ddf0a-a112-4557-ac09-1ff540241a89 which can be used as unique global reference for US-CERT APT Energy Oct 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-02T00:00:00Z
date_published 2017-10-20T00:00:00Z
source MITRE
title Alert (TA17-293A): Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors

US-CERT FALLCHILL Nov 2017

US-CERT. (2017, November 22). Alert (TA17-318A): HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL. Retrieved December 7, 2017.

Internal MISP references

UUID 045e03f9-af83-4442-b69e-b80f68e570ac which can be used as unique global reference for US-CERT FALLCHILL Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-07T00:00:00Z
date_published 2017-11-22T00:00:00Z
source MITRE
title Alert (TA17-318A): HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL

US-CERT Volgmer Nov 2017

US-CERT. (2017, November 22). Alert (TA17-318B): HIDDEN COBRA – North Korean Trojan: Volgmer. Retrieved December 7, 2017.

Internal MISP references

UUID c48c7ac0-8d55-4b62-9606-a9ce420459b6 which can be used as unique global reference for US-CERT Volgmer Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-07T00:00:00Z
date_published 2017-11-22T00:00:00Z
source MITRE
title Alert (TA17-318B): HIDDEN COBRA – North Korean Trojan: Volgmer

US-CERT TA18-074A

US-CERT. (2018, March 16). Alert (TA18-074A): Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved June 6, 2018.

Internal MISP references

UUID 94e87a92-bf80-43e2-a3ab-cd7d4895f2fc which can be used as unique global reference for US-CERT TA18-074A in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-06-06T00:00:00Z
date_published 2018-03-16T00:00:00Z
source MITRE
title Alert (TA18-074A): Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors

US-CERT-TA18-106A

US-CERT. (2018, April 20). Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices. Retrieved October 19, 2020.

Internal MISP references

UUID 1fe55557-94af-4697-a675-884701f70f2a which can be used as unique global reference for US-CERT-TA18-106A in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
date_published 2018-04-20T00:00:00Z
source MITRE
title Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices

US-CERT Emotet Jul 2018

US-CERT. (2018, July 20). Alert (TA18-201A) Emotet Malware. Retrieved March 25, 2019.

Internal MISP references

UUID 0043043a-4741-41c2-a6f2-f88d5caa8b7a which can be used as unique global reference for US-CERT Emotet Jul 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-25T00:00:00Z
date_published 2018-07-20T00:00:00Z
source MITRE
title Alert (TA18-201A) Emotet Malware

AlKhaser Debug

Noteworthy. (2019, January 6). Al-Khaser. Retrieved April 1, 2022.

Internal MISP references

UUID d9773aaf-e3ec-4ce3-b5c8-1ca3c4751622 which can be used as unique global reference for AlKhaser Debug in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-01T00:00:00Z
date_published 2019-01-06T00:00:00Z
source MITRE
title Al-Khaser

Fysbis Palo Alto Analysis

Bryan Lee and Rob Downs. (2016, February 12). A Look Into Fysbis: Sofacy’s Linux Backdoor. Retrieved September 10, 2017.

Internal MISP references

UUID 3e527ad6-6b56-473d-8178-e1c3c14f2311 which can be used as unique global reference for Fysbis Palo Alto Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-09-10T00:00:00Z
date_published 2016-02-12T00:00:00Z
source MITRE
title A Look Into Fysbis: Sofacy’s Linux Backdoor

Medium KONNI Jan 2020

Karmi, D. (2020, January 4). A Look Into Konni 2019 Campaign. Retrieved April 28, 2020.

Internal MISP references

UUID e117a6ac-eaa2-4494-b4ae-2d9ae52c3251 which can be used as unique global reference for Medium KONNI Jan 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-04-28T00:00:00Z
date_published 2020-01-04T00:00:00Z
source MITRE
title A Look Into Konni 2019 Campaign

Unit 42 Palo Alto Ransomware in Public Clouds 2022

Jay Chen. (2022, May 16). A Look Into Public Clouds From the Ransomware Actor's Perspective. Retrieved March 21, 2023.

Internal MISP references

UUID cc6c2b69-ca51-513e-9666-a03be2ea5fcd which can be used as unique global reference for Unit 42 Palo Alto Ransomware in Public Clouds 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-21T00:00:00Z
date_published 2022-05-16T00:00:00Z
source MITRE
title A Look Into Public Clouds From the Ransomware Actor's Perspective

Cyber Centre ALPHV/BlackCat July 25 2023

Canadian Centre for Cyber Security. (2023, July 25). ALPHV/BlackCat Ransomware Targeting of Canadian Industries. Retrieved September 13, 2023.

Internal MISP references

UUID 610c8f22-1a96-42d2-934d-8467d136eed2 which can be used as unique global reference for Cyber Centre ALPHV/BlackCat July 25 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-13T00:00:00Z
date_published 2023-07-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title ALPHV/BlackCat Ransomware Targeting of Canadian Industries

Mandiant ALPHV Affiliate April 3 2023

Jason Deyalsingh, Nick Smith, Eduardo Mattos, Tyler Mclellan. (2023, April 3). ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access. Retrieved March 5, 2024.

Internal MISP references

UUID b8375832-f6a9-4617-a2ac-d23aacbf2bfe which can be used as unique global reference for Mandiant ALPHV Affiliate April 3 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-05T00:00:00Z
date_published 2023-04-03T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access

Microsoft ADS Mar 2014

Marlin, J. (2013, March 24). Alternate Data Streams in NTFS. Retrieved March 21, 2018.

Internal MISP references

UUID eae434ff-97c0-4a82-9f80-215e515befae which can be used as unique global reference for Microsoft ADS Mar 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-21T00:00:00Z
date_published 2013-03-24T00:00:00Z
source MITRE
title Alternate Data Streams in NTFS

XPNSec PPID Nov 2017

Chester, A. (2017, November 20). Alternative methods of becoming SYSTEM. Retrieved June 4, 2019.

Internal MISP references

UUID 0dbf093e-4b54-4972-b048-2a6411037da4 which can be used as unique global reference for XPNSec PPID Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-04T00:00:00Z
date_published 2017-11-20T00:00:00Z
source MITRE
title Alternative methods of becoming SYSTEM

Microsoft AlwaysInstallElevated 2018

Microsoft. (2018, May 31). AlwaysInstallElevated. Retrieved December 14, 2020.

Internal MISP references

UUID 19026f4c-ad65-435e-8c0e-a8ccc9895348 which can be used as unique global reference for Microsoft AlwaysInstallElevated 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-14T00:00:00Z
date_published 2018-05-31T00:00:00Z
source MITRE
title AlwaysInstallElevated

ASEC BLOG July 21 2022

Sanseo. (2022, July 21). Amadey Bot Being Distributed Through SmokeLoader - ASEC BLOG. Retrieved May 15, 2023.

Internal MISP references

UUID e320cc74-005a-46db-8a04-6ec487df327f which can be used as unique global reference for ASEC BLOG July 21 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-15T00:00:00Z
date_published 2022-07-21T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Amadey Bot Being Distributed Through SmokeLoader - ASEC BLOG

Amazon Snapshots

Amazon. (n.d.). Amazon EBS snapshots. Retrieved October 13, 2021.

Internal MISP references

UUID 3961a653-b53c-4ba4-9ea6-709e1d1bdb55 which can be used as unique global reference for Amazon Snapshots in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-13T00:00:00Z
source MITRE
title Amazon EBS snapshots

Amazon AMI

Amazon. (n.d.). Amazon Machine Images (AMI). Retrieved October 13, 2021.

Internal MISP references

UUID bc9ecf45-2a20-47df-a634-064237e5f126 which can be used as unique global reference for Amazon AMI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-13T00:00:00Z
source MITRE
title Amazon Machine Images (AMI)

Amazon S3

Amazon. (n.d.). Amazon S3. Retrieved October 13, 2021.

Internal MISP references

UUID 7fecbd5d-626f-496a-a72f-5f166c78c204 which can be used as unique global reference for Amazon S3 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-13T00:00:00Z
source MITRE
title Amazon S3

Trend Micro S3 Exposed PII, 2017

Trend Micro. (2017, November 6). A Misconfigured Amazon S3 Exposed Almost 50 Thousand PII in Australia. Retrieved October 4, 2019.

Internal MISP references

UUID 1ba37b48-1219-4f87-af36-9bdd8d6265ca which can be used as unique global reference for Trend Micro S3 Exposed PII, 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-04T00:00:00Z
date_published 2017-11-06T00:00:00Z
source MITRE
title A Misconfigured Amazon S3 Exposed Almost 50 Thousand PII in Australia

Recorded Future Beacon Certificates

Insikt Group. (2019, June 18). A Multi-Method Approach to Identifying Rogue Cobalt Strike Servers. Retrieved October 16, 2020.

Internal MISP references

UUID 792ca8a7-c9b2-4e7f-8562-e1ccb60a402a which can be used as unique global reference for Recorded Future Beacon Certificates in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-16T00:00:00Z
date_published 2019-06-18T00:00:00Z
source MITRE
title A Multi-Method Approach to Identifying Rogue Cobalt Strike Servers

Botnet Scan

Dainotti, A. et al. (2012). Analysis of a “/0” Stealth Scan from a Botnet. Retrieved October 20, 2020.

Internal MISP references

UUID ca09941c-fcc8-460b-8b02-d1608a7d3813 which can be used as unique global reference for Botnet Scan in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2012-01-01T00:00:00Z
source MITRE
title Analysis of a “/0” Stealth Scan from a Botnet

Trend Micro Ngrok September 2020

Borja, A. Camba, A. et al (2020, September 14). Analysis of a Convoluted Attack Chain Involving Ngrok. Retrieved September 15, 2020.

Internal MISP references

UUID e7b57e64-3532-4b98-9fa5-b832e6fcd53a which can be used as unique global reference for Trend Micro Ngrok September 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-15T00:00:00Z
source MITRE
title Analysis of a Convoluted Attack Chain Involving Ngrok

CIRCL PlugX March 2013

Computer Incident Response Center Luxembourg. (2013, March 29). Analysis of a PlugX variant. Retrieved November 5, 2018.

Internal MISP references

UUID 8ab89236-6994-43a3-906c-383e294f65d1 which can be used as unique global reference for CIRCL PlugX March 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-05T00:00:00Z
date_published 2013-03-29T00:00:00Z
source MITRE
title Analysis of a PlugX variant

Apple Unified Log Analysis Remote Login and Screen Sharing

Sarah Edwards. (2020, April 30). Analysis of Apple Unified Logs: Quarantine Edition [Entry 6] – Working From Home? Remote Logins. Retrieved August 19, 2021.

Internal MISP references

UUID a2169171-8e4a-4faa-811c-98b6204a5a57 which can be used as unique global reference for Apple Unified Log Analysis Remote Login and Screen Sharing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-19T00:00:00Z
date_published 2020-04-30T00:00:00Z
source MITRE
title Analysis of Apple Unified Logs: Quarantine Edition [Entry 6] – Working From Home? Remote Logins

Medium S2W WhisperGate January 2022

S2W. (2022, January 18). Analysis of Destructive Malware (WhisperGate) targeting Ukraine. Retrieved March 14, 2022.

Internal MISP references

UUID 06cf7197-244a-431b-a288-4c2bbd431ad5 which can be used as unique global reference for Medium S2W WhisperGate January 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-14T00:00:00Z
date_published 2022-01-18T00:00:00Z
source MITRE
title Analysis of Destructive Malware (WhisperGate) targeting Ukraine

Analysis of FG-IR-22-369

Guillaume Lovet and Alex Kong. (2023, March 9). Analysis of FG-IR-22-369. Retrieved May 15, 2023.

Internal MISP references

UUID f12b141e-6bb2-5563-9665-5756fec2d5e7 which can be used as unique global reference for Analysis of FG-IR-22-369 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-15T00:00:00Z
date_published 2023-03-09T00:00:00Z
source MITRE
title Analysis of FG-IR-22-369

Graeber 2014

Graeber, M. (2014, October). Analysis of Malicious Security Support Provider DLLs. Retrieved March 1, 2017.

Internal MISP references

UUID f2f9a6bf-b4d9-461e-b961-0610ea72faf0 which can be used as unique global reference for Graeber 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-01T00:00:00Z
date_published 2014-10-01T00:00:00Z
source MITRE
title Analysis of Malicious Security Support Provider DLLs

Fortinet Agent Tesla April 2018

Zhang, X. (2018, April 05). Analysis of New Agent Tesla Spyware Variant. Retrieved November 5, 2018.

Internal MISP references

UUID 86a65be7-0f70-4755-b526-a26b92eabaa2 which can be used as unique global reference for Fortinet Agent Tesla April 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-05T00:00:00Z
date_published 2018-04-05T00:00:00Z
source MITRE
title Analysis of New Agent Tesla Spyware Variant

Antiy CERT Ramsay April 2020

Antiy CERT. (2020, April 20). Analysis of Ramsay components of Darkhotel's infiltration and isolation network. Retrieved March 24, 2021.

Internal MISP references

UUID 280636da-fa21-472c-947c-651a628ea2cd which can be used as unique global reference for Antiy CERT Ramsay April 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-24T00:00:00Z
date_published 2020-04-20T00:00:00Z
source MITRE
title Analysis of Ramsay components of Darkhotel's infiltration and isolation network

Storm-0558 techniques for unauthorized email access

Microsoft Threat Intelligence. (2023, July 14). Analysis of Storm-0558 techniques for unauthorized email access. Retrieved September 18, 2023.

Internal MISP references

UUID 74fd79a9-09f7-5149-a457-687a1e2989de which can be used as unique global reference for Storm-0558 techniques for unauthorized email access in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-18T00:00:00Z
date_published 2023-07-14T00:00:00Z
source MITRE
title Analysis of Storm-0558 techniques for unauthorized email access

ESET Telebots July 2017

Cherepanov, A.. (2017, July 4). Analysis of TeleBots’ cunning backdoor . Retrieved June 11, 2020.

Internal MISP references

UUID 5d62c323-6626-4aad-8bf2-0d988e436f3d which can be used as unique global reference for ESET Telebots July 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-11T00:00:00Z
date_published 2017-07-04T00:00:00Z
source MITRE
title Analysis of TeleBots’ cunning backdoor

EST Kimsuky SmokeScreen April 2019

ESTSecurity. (2019, April 17). Analysis of the APT Campaign ‘Smoke Screen’ targeting to Korea and US 출처: https://blog.alyac.co.kr/2243 [이스트시큐리티 알약 블로그]. Retrieved September 29, 2021.

Internal MISP references

UUID 15213a3c-1e9f-47fa-9864-8ef2707c7fb6 which can be used as unique global reference for EST Kimsuky SmokeScreen April 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
date_published 2019-04-17T00:00:00Z
source MITRE
title Analysis of the APT Campaign ‘Smoke Screen’ targeting to Korea and US 출처: https://blog.alyac.co.kr/2243 [이스트시큐리티 알약 블로그]

Ukraine15 - EISAC - 201603

Electricity Information Sharing and Analysis Center; SANS Industrial Control Systems. (2016, March 18). Analysis of the Cyber Attack on the Ukranian Power Grid: Defense Use Case. Retrieved March 27, 2018.

Internal MISP references

UUID 8adc6d36-3aa0-5d7b-8bb3-23f4426be8a6 which can be used as unique global reference for Ukraine15 - EISAC - 201603 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-27T00:00:00Z
date_published 2016-03-18T00:00:00Z
source MITRE
title Analysis of the Cyber Attack on the Ukranian Power Grid: Defense Use Case

Check Point Havij Analysis

Ganani, M. (2015, May 14). Analysis of the Havij SQL Injection tool. Retrieved March 19, 2018.

Internal MISP references

UUID 2e00a539-acbe-4462-a30f-43da4e8b9c4f which can be used as unique global reference for Check Point Havij Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-19T00:00:00Z
date_published 2015-05-14T00:00:00Z
source MITRE
title Analysis of the Havij SQL Injection tool

ESET Emotet Dec 2018

Perez, D.. (2018, December 28). Analysis of the latest Emotet propagation campaign. Retrieved April 16, 2019.

Internal MISP references

UUID 3fab9e25-e83e-4c90-ae32-dcd0c30757f8 which can be used as unique global reference for ESET Emotet Dec 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-16T00:00:00Z
date_published 2018-12-28T00:00:00Z
source MITRE
title Analysis of the latest Emotet propagation campaign

Rewterz Sidewinder COVID-19 June 2020

Rewterz. (2020, June 22). Analysis on Sidewinder APT Group – COVID-19. Retrieved January 29, 2021.

Internal MISP references

UUID cdd779f1-30c2-40be-a500-332920f0e21c which can be used as unique global reference for Rewterz Sidewinder COVID-19 June 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-29T00:00:00Z
date_published 2020-06-22T00:00:00Z
source MITRE
title Analysis on Sidewinder APT Group – COVID-19

CISA AR18-352A Quasar RAT December 2018

CISA. (2018, December 18). Analysis Report (AR18-352A) Quasar Open-Source Remote Administration Tool. Retrieved August 1, 2022.

Internal MISP references

UUID a109e42d-604f-4885-ada3-5d6895addc96 which can be used as unique global reference for CISA AR18-352A Quasar RAT December 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-01T00:00:00Z
date_published 2018-12-18T00:00:00Z
source MITRE
title Analysis Report (AR18-352A) Quasar Open-Source Remote Administration Tool

CISA AR21-126A FIVEHANDS May 2021

CISA. (2021, May 6). Analysis Report (AR21-126A) FiveHands Ransomware. Retrieved June 7, 2021.

Internal MISP references

UUID f98604dd-2881-4024-8e43-6f5f48c6c9fa which can be used as unique global reference for CISA AR21-126A FIVEHANDS May 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-07T00:00:00Z
date_published 2021-05-06T00:00:00Z
source MITRE
title Analysis Report (AR21-126A) FiveHands Ransomware

JoeSecurity Egregor 2020

Joe Security. (n.d.). Analysis Report fasm.dll. Retrieved January 6, 2021.

Internal MISP references

UUID d403e610-fa83-4c17-842f-223063864009 which can be used as unique global reference for JoeSecurity Egregor 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-06T00:00:00Z
source MITRE
title Analysis Report fasm.dll

GDATA Zeus Panda June 2017

Ebach, L. (2017, June 22). Analysis Results of Zeus.Variant.Panda. Retrieved November 5, 2018.

Internal MISP references

UUID 2d9a6957-5645-4863-968b-4a3c8736564b which can be used as unique global reference for GDATA Zeus Panda June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-05T00:00:00Z
date_published 2017-06-22T00:00:00Z
source MITRE
title Analysis Results of Zeus.Variant.Panda

jstnk9.github.io June 01 2022

jstnk9.github.io. (2022, June 1). Analyzing AsyncRAT distributed in Colombia | Welcome to Jstnk webpage. Retrieved May 7, 2023.

Internal MISP references

UUID 4e7f573d-f8cc-4538-9f8d-b945f037e46f which can be used as unique global reference for jstnk9.github.io June 01 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2022-06-01T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Analyzing AsyncRAT distributed in Colombia

Analyzing CS Dec 2020

Maynier, E. (2020, December 20). Analyzing Cobalt Strike for Fun and Profit. Retrieved October 12, 2021.

Internal MISP references

UUID f2cb06bc-66d5-4c60-a2a4-74e5a0c23bee which can be used as unique global reference for Analyzing CS Dec 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-12T00:00:00Z
date_published 2020-12-20T00:00:00Z
source MITRE
title Analyzing Cobalt Strike for Fun and Profit

Objective_See 1 4 2024

Objective_See. (2024, January 4). Analyzing DPRK's SpectralBlur. Retrieved March 8, 2024.

Internal MISP references

UUID c96535be-4859-4ae3-9ba0-d482f1195863 which can be used as unique global reference for Objective_See 1 4 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-08T00:00:00Z
date_published 2024-01-04T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Analyzing DPRK's SpectralBlur

Microsoft Security Blog 4 22 2024

Microsoft Threat Intelligence. (2024, April 22). Analyzing Forest Blizzard's custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials . Retrieved April 22, 2024.

Internal MISP references

UUID 050ff793-d81d-499f-a136-905e76bce321 which can be used as unique global reference for Microsoft Security Blog 4 22 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-22T00:00:00Z
date_published 2024-04-22T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Analyzing Forest Blizzard's custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

Uperesia Malicious Office Documents

Felix. (2016, September). Analyzing Malicious Office Documents. Retrieved April 11, 2018.

Internal MISP references

UUID f6ffb916-ac14-44d1-8566-26bafa06e77b which can be used as unique global reference for Uperesia Malicious Office Documents in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-11T00:00:00Z
date_published 2016-09-01T00:00:00Z
source MITRE
title Analyzing Malicious Office Documents

Unit42 OilRig Nov 2018

Falcone, R., Wilhoit, K.. (2018, November 16). Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery. Retrieved April 23, 2019.

Internal MISP references

UUID 9bc09d8a-d890-473b-a8cf-ea319fcc3462 which can be used as unique global reference for Unit42 OilRig Nov 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-23T00:00:00Z
date_published 2018-11-16T00:00:00Z
source MITRE
title Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery

McAfee GhostSecret

Sherstobitoff, R., Malhotra, A. (2018, April 24). Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide. Retrieved May 16, 2018.

Internal MISP references

UUID d1cd4f5b-253c-4833-8905-49fb58e7c016 which can be used as unique global reference for McAfee GhostSecret in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-16T00:00:00Z
date_published 2018-04-24T00:00:00Z
source MITRE
title Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide

Microsoft Analyzing Solorigate Dec 2020

MSTIC. (2020, December 18). Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers . Retrieved January 5, 2021.

Internal MISP references

UUID 8ad72d46-ba2c-426f-bb0d-eb47723c8e11 which can be used as unique global reference for Microsoft Analyzing Solorigate Dec 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-05T00:00:00Z
date_published 2020-12-18T00:00:00Z
source MITRE
title Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers

Lastline PlugX Analysis

Vasilenko, R. (2013, December 17). An Analysis of PlugX Malware. Retrieved November 24, 2015.

Internal MISP references

UUID 9f7fa262-cede-4f47-94ca-1534c65c86e2 which can be used as unique global reference for Lastline PlugX Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-11-24T00:00:00Z
date_published 2013-12-17T00:00:00Z
source MITRE
title An Analysis of PlugX Malware

TrendMicro Sandworm October 2014

Wu, W. (2014, October 14). An Analysis of Windows Zero-day Vulnerability ‘CVE-2014-4114’ aka “Sandworm”. Retrieved June 18, 2020.

Internal MISP references

UUID 84f289ce-c7b9-4f67-b6cc-bd058e5e6bcb which can be used as unique global reference for TrendMicro Sandworm October 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-18T00:00:00Z
date_published 2014-10-14T00:00:00Z
source MITRE
title An Analysis of Windows Zero-day Vulnerability ‘CVE-2014-4114’ aka “Sandworm”

Dragos Crashoverride 2018

Joe Slowik. (2018, October 12). Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE. Retrieved December 18, 2020.

Internal MISP references

UUID d14442d5-2557-4a92-9a29-b15a20752f56 which can be used as unique global reference for Dragos Crashoverride 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-18T00:00:00Z
date_published 2018-10-12T00:00:00Z
source MITRE
title Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE

Anatomy of an hVNC Attack

Keshet, Lior. Kessem, Limor. (2017, January 25). Anatomy of an hVNC Attack. Retrieved November 28, 2023.

Internal MISP references

UUID 293c5d41-cd23-5da5-9d2b-754b626bc22a which can be used as unique global reference for Anatomy of an hVNC Attack in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-28T00:00:00Z
date_published 2017-01-25T00:00:00Z
source MITRE
title Anatomy of an hVNC Attack

Syscall 2014

Drysdale, D. (2014, July 16). Anatomy of a system call, part 2. Retrieved June 16, 2020.

Internal MISP references

UUID 4e8fe849-ab1a-4c51-b5eb-16fcd10e8bd0 which can be used as unique global reference for Syscall 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-16T00:00:00Z
date_published 2014-07-16T00:00:00Z
source MITRE
title Anatomy of a system call, part 2

SCADAfence_ransomware

Shaked, O. (2020, January 20). Anatomy of a Targeted Ransomware Attack. Retrieved June 18, 2022.

Internal MISP references

UUID 24c80db5-37a7-46ee-b232-f3c3ffb10f0a which can be used as unique global reference for SCADAfence_ransomware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-18T00:00:00Z
date_published 2020-01-20T00:00:00Z
source MITRE
title Anatomy of a Targeted Ransomware Attack

ESET IIS Malware 2021

Hromcová, Z., Cherepanov, A. (2021). Anatomy of Native IIS Malware. Retrieved September 9, 2021.

Internal MISP references

UUID d9c6e55b-39b7-4097-8ab2-8b87421ce2f4 which can be used as unique global reference for ESET IIS Malware 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-09T00:00:00Z
date_published 2021-01-01T00:00:00Z
source MITRE
title Anatomy of Native IIS Malware

Medium Anchor DNS July 2020

Grange, W. (2020, July 13). Anchor_dns malware goes cross platform. Retrieved September 10, 2020.

Internal MISP references

UUID de246d53-385f-44be-bf0f-25a76442b835 which can be used as unique global reference for Medium Anchor DNS July 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-10T00:00:00Z
date_published 2020-07-13T00:00:00Z
source MITRE
title Anchor_dns malware goes cross platform

NSA Joint Advisory SVR SolarWinds April 2021

NSA, FBI, DHS. (2021, April 15). Russian SVR Targets U.S. and Allied Networks. Retrieved April 16, 2021.

Internal MISP references

UUID 43d9c469-1d54-454b-ba67-74e7f1de9c10 which can be used as unique global reference for NSA Joint Advisory SVR SolarWinds April 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-16T00:00:00Z
source MITRE
title and Allied Networks

Kaspersky Andariel Ransomware June 2021

Park, S. (2021, June 15). Andariel evolves to target South Korea with ransomware. Retrieved September 29, 2021.

Internal MISP references

UUID f4efbcb5-494c-40e0-8734-5df1b92ec39c which can be used as unique global reference for Kaspersky Andariel Ransomware June 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
date_published 2021-06-15T00:00:00Z
source MITRE
title Andariel evolves to target South Korea with ransomware

Sophos X-Ops C-23

Pankaj Kohli. (2021, November 23). Android APT spyware, targeting Middle East victims, enhances evasiveness. Retrieved October 30, 2023.

Internal MISP references

UUID 305c201b-ccc6-4e28-a1cb-97ca697bb214 which can be used as unique global reference for Sophos X-Ops C-23 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-30T00:00:00Z
date_published 2021-11-23T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Android APT spyware, targeting Middle East victims, enhances evasiveness

RFC826 ARP

Plummer, D. (1982, November). An Ethernet Address Resolution Protocol. Retrieved October 15, 2020.

Internal MISP references

UUID 8eef2b68-f932-4cba-8646-bff9a7848532 which can be used as unique global reference for RFC826 ARP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-15T00:00:00Z
date_published 1982-11-01T00:00:00Z
source MITRE
title An Ethernet Address Resolution Protocol

HP SVCReady Jun 2022

Schlapfer, Patrick. (2022, June 6). A New Loader Gets Ready. Retrieved December 13, 2022.

Internal MISP references

UUID 48d5ec83-f1b9-595c-bb9a-d6d5cc513a41 which can be used as unique global reference for HP SVCReady Jun 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-12-13T00:00:00Z
date_published 2022-06-06T00:00:00Z
source MITRE
title A New Loader Gets Ready

SecureList Fileless

Legezo, D. (2022, May 4). A new secret stash for “fileless” malware. Retrieved March 23, 2023.

Internal MISP references

UUID 03eb080d-0b83-5cbb-9317-c50b35996c9b which can be used as unique global reference for SecureList Fileless in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-23T00:00:00Z
date_published 2022-05-04T00:00:00Z
source MITRE
title A new secret stash for “fileless” malware

ESET Ebury Feb 2014

M.Léveillé, M.. (2014, February 21). An In-depth Analysis of Linux/Ebury. Retrieved April 19, 2019.

Internal MISP references

UUID eb6d4f77-ac63-4cb8-8487-20f9e709334b which can be used as unique global reference for ESET Ebury Feb 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-19T00:00:00Z
date_published 2014-02-21T00:00:00Z
source MITRE
title An In-depth Analysis of Linux/Ebury

Welivesecurity Ebury SSH

M.Léveillé, M. (2014, February 21). An In-depth Analysis of Linux/Ebury. Retrieved January 8, 2018.

Internal MISP references

UUID 39384c7a-3032-4b45-a5eb-8ebe7de22aa2 which can be used as unique global reference for Welivesecurity Ebury SSH in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-08T00:00:00Z
date_published 2014-02-21T00:00:00Z
source MITRE
title An In-depth Analysis of Linux/Ebury

Avertium Black Basta June 2022

Avertium. (2022, June 1). AN IN-DEPTH LOOK AT BLACK BASTA RANSOMWARE. Retrieved March 7, 2023.

Internal MISP references

UUID 31c2ef62-2852-5418-9d52-2479a3a619d0 which can be used as unique global reference for Avertium Black Basta June 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-07T00:00:00Z
date_published 2022-06-01T00:00:00Z
source MITRE
title AN IN-DEPTH LOOK AT BLACK BASTA RANSOMWARE

Myers 2007

Myers, M., and Youndt, S. (2007). An Introduction to Hardware-Assisted Virtual Machine (HVM) Rootkits. Retrieved November 13, 2014.

Internal MISP references

UUID 689dfe75-9c06-4438-86fa-5fbbb09f0fe7 which can be used as unique global reference for Myers 2007 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-13T00:00:00Z
date_published 2007-01-01T00:00:00Z
source MITRE
title An Introduction to Hardware-Assisted Virtual Machine (HVM) Rootkits

Linux Services Run Levels

The Linux Foundation. (2006, January 11). An introduction to services, runlevels, and rc.d scripts. Retrieved September 28, 2021.

Internal MISP references

UUID 091aa85d-7d30-4800-9b2d-97f96d257798 which can be used as unique global reference for Linux Services Run Levels in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-28T00:00:00Z
date_published 2006-01-11T00:00:00Z
source MITRE
title An introduction to services, runlevels, and rc.d scripts

Anomali Pirate Panda April 2020

Moore, S. et al. (2020, April 30). Anomali Suspects that China-Backed APT Pirate Panda May Be Seeking Access to Vietnam Government Data Center. Retrieved May 19, 2020.

Internal MISP references

UUID f1d28b91-a529-439d-9548-c597baa245d4 which can be used as unique global reference for Anomali Pirate Panda April 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-19T00:00:00Z
date_published 2020-04-30T00:00:00Z
source MITRE
title Anomali Suspects that China-Backed APT Pirate Panda May Be Seeking Access to Vietnam Government Data Center

AnonGhost Team Profile

ADL. (2015, July 6). AnonGhost Team. Retrieved October 10, 2023.

Internal MISP references

UUID f868f5fa-df66-435f-8b32-d58e4785e46c which can be used as unique global reference for AnonGhost Team Profile in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-10T00:00:00Z
date_published 2015-07-06T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title AnonGhost Team

AnonHBGary

Bright, P. (2011, February 15). Anonymous speaks: the inside story of the HBGary hack. Retrieved March 9, 2017.

Internal MISP references

UUID 19ab02ea-883f-441c-bebf-4be64855374a which can be used as unique global reference for AnonHBGary in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-09T00:00:00Z
date_published 2011-02-15T00:00:00Z
source MITRE
title Anonymous speaks: the inside story of the HBGary hack

Fortinet Metamorfo Feb 2020

Zhang, X. (2020, February 4). Another Metamorfo Variant Targeting Customers of Financial Institutions in More Countries. Retrieved July 30, 2020.

Internal MISP references

UUID e89e3825-85df-45cf-b309-e449afed0288 which can be used as unique global reference for Fortinet Metamorfo Feb 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-30T00:00:00Z
date_published 2020-02-04T00:00:00Z
source MITRE
title Another Metamorfo Variant Targeting Customers of Financial Institutions in More Countries

MuddyWater TrendMicro June 2018

Villanueva, M., Co, M. (2018, June 14). Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor. Retrieved July 3, 2018.

Internal MISP references

UUID b2c415e4-edbe-47fe-9820-b968114f81f0 which can be used as unique global reference for MuddyWater TrendMicro June 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-03T00:00:00Z
date_published 2018-06-14T00:00:00Z
source MITRE
title Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor

AlienVault Sykipot 2011

Blasco, J. (2011, December 12). Another Sykipot sample likely targeting US federal agencies. Retrieved March 28, 2016.

Internal MISP references

UUID 800363c1-60df-47e7-8ded-c0f4b6e758f4 which can be used as unique global reference for AlienVault Sykipot 2011 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-28T00:00:00Z
date_published 2011-12-12T00:00:00Z
source MITRE
title Another Sykipot sample likely targeting US federal agencies

RiskIQ Newegg September 2018

Klijnsma, Y. (2018, September 19). Another Victim of the Magecart Assault Emerges: Newegg. Retrieved September 9, 2020.

Internal MISP references

UUID 095a705f-810b-4c4f-90ce-016117a5b4b6 which can be used as unique global reference for RiskIQ Newegg September 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-09T00:00:00Z
date_published 2018-09-19T00:00:00Z
source MITRE
title Another Victim of the Magecart Assault Emerges: Newegg

Dell WMI Persistence

Dell SecureWorks Counter Threat Unit™ (CTU) Research Team. (2016, March 28). A Novel WMI Persistence Implementation. Retrieved March 30, 2016.

Internal MISP references

UUID a88dd548-ac8f-4297-9e23-de2643294846 which can be used as unique global reference for Dell WMI Persistence in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-30T00:00:00Z
date_published 2016-03-28T00:00:00Z
source MITRE
title A Novel WMI Persistence Implementation

iDefense Rootkit Overview

Chuvakin, A. (2003, February). An Overview of Rootkits. Retrieved April 6, 2018.

Internal MISP references

UUID c1aef861-9e31-42e6-a2eb-5151b056762b which can be used as unique global reference for iDefense Rootkit Overview in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-06T00:00:00Z
date_published 2003-02-01T00:00:00Z
source MITRE
title An Overview of Rootkits

Trend Micro Rhysida August 09 2023

Trend Micro Research. (2023, August 9). An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector. Retrieved August 11, 2023.

Internal MISP references

UUID 71704a3a-cf48-4764-af4e-8d2096bf5012 which can be used as unique global reference for Trend Micro Rhysida August 09 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-11T00:00:00Z
date_published 2023-08-09T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector

Mandiant Ukraine Cyber Threats January 2022

Hultquist, J. (2022, January 20). Anticipating Cyber Threats as the Ukraine Crisis Escalates. Retrieved January 24, 2022.

Internal MISP references

UUID 6f53117f-2e94-4981-be61-c3da4b783ce2 which can be used as unique global reference for Mandiant Ukraine Cyber Threats January 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-24T00:00:00Z
date_published 2022-01-20T00:00:00Z
source MITRE
title Anticipating Cyber Threats as the Ukraine Crisis Escalates

Microsoft AMSI

Microsoft. (2019, April 19). Antimalware Scan Interface (AMSI). Retrieved September 28, 2021.

Internal MISP references

UUID 32a4b7b5-8560-4600-aba9-15a6342b4dc3 which can be used as unique global reference for Microsoft AMSI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-28T00:00:00Z
date_published 2019-04-19T00:00:00Z
source MITRE
title Antimalware Scan Interface (AMSI)

Microsoft Anti Spoofing

Microsoft. (2020, October 13). Anti-spoofing protection in EOP. Retrieved October 19, 2020.

Internal MISP references

UUID b3ac28ac-3f98-40fd-b1da-2461a9e3ffca which can be used as unique global reference for Microsoft Anti Spoofing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
date_published 2020-10-13T00:00:00Z
source MITRE
title Anti-spoofing protection in EOP

Fox-It Anunak Feb 2015

Prins, R. (2015, February 16). Anunak (aka Carbanak) Update. Retrieved January 20, 2017.

Internal MISP references

UUID d74a8d0b-887a-40b9-bd43-366764157990 which can be used as unique global reference for Fox-It Anunak Feb 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-01-20T00:00:00Z
date_published 2015-02-16T00:00:00Z
source MITRE
title Anunak (aka Carbanak) Update

Group-IB Anunak

Group-IB and Fox-IT. (2014, December). Anunak: APT against financial institutions. Retrieved April 20, 2016.

Internal MISP references

UUID fd254ecc-a076-4b9f-97f2-acb73c6a1695 which can be used as unique global reference for Group-IB Anunak in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-20T00:00:00Z
date_published 2014-12-01T00:00:00Z
source MITRE
title Anunak: APT against financial institutions

Google TAG Ukraine Threat Landscape March 2022

Huntley, S. (2022, March 7). An update on the threat landscape. Retrieved March 16, 2022.

Internal MISP references

UUID a6070f95-fbee-472e-a737-a8adbedbb4f8 which can be used as unique global reference for Google TAG Ukraine Threat Landscape March 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-16T00:00:00Z
date_published 2022-03-07T00:00:00Z
source MITRE
title An update on the threat landscape

Zairon Hooking Dec 2006

Felici, M. (2006, December 6). Any application-defined hook procedure on my machine?. Retrieved December 12, 2017.

Internal MISP references

UUID e816127a-04e4-4145-a784-50b1215612f2 which can be used as unique global reference for Zairon Hooking Dec 2006 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-12T00:00:00Z
date_published 2006-12-06T00:00:00Z
source MITRE
title Any application-defined hook procedure on my machine?

SentinelOne Aoqin Dragon June 2022

Chen, Joey. (2022, June 9). Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years. Retrieved July 14, 2022.

Internal MISP references

UUID b4e792e0-b1fa-4639-98b1-233aaec53594 which can be used as unique global reference for SentinelOne Aoqin Dragon June 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-14T00:00:00Z
date_published 2022-06-09T00:00:00Z
source MITRE
title Aoqin Dragon

Apache Server 2018

Apache. (n.d.). Apache HTTP Server Version 2.4 Documentation - Web Site Content. Retrieved July 27, 2018.

Internal MISP references

UUID 46f62435-bfb3-44b6-8c79-54af584cc35f which can be used as unique global reference for Apache Server 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-27T00:00:00Z
source MITRE
title Apache HTTP Server Version 2.4 Documentation - Web Site Content

Secureworks BRONZEUNION Feb 2019

Counter Threat Unit Research Team. (2019, February 27). A Peek into BRONZE UNION’s Toolbox. Retrieved September 24, 2019.

Internal MISP references

UUID 691df278-fd7d-4b73-a22c-227bc7641dec which can be used as unique global reference for Secureworks BRONZEUNION Feb 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-24T00:00:00Z
date_published 2019-02-27T00:00:00Z
source MITRE
title A Peek into BRONZE UNION’s Toolbox

AppArmor official

AppArmor. (2017, October 19). AppArmor Security Project Wiki. Retrieved December 20, 2017.

Internal MISP references

UUID 12df02e3-bbdd-4682-9662-1810402ad918 which can be used as unique global reference for AppArmor official in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 2017-10-19T00:00:00Z
source MITRE
title AppArmor Security Project Wiki

PenTestLabs AppDomainManagerInject

Administrator. (2020, May 26). APPDOMAINMANAGER INJECTION AND DETECTION. Retrieved March 28, 2024.

Internal MISP references

UUID f681fd40-5bfc-50c6-a654-f9a128af5ff1 which can be used as unique global reference for PenTestLabs AppDomainManagerInject in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-28T00:00:00Z
date_published 2020-05-26T00:00:00Z
source MITRE
title APPDOMAINMANAGER INJECTION AND DETECTION

Rapid7 AppDomain Manager Injection

Spagnola, N. (2023, May 5). AppDomain Manager Injection: New Techniques For Red Teams. Retrieved March 29, 2024.

Internal MISP references

UUID 881f8d23-908f-58cf-904d-5ef7b959eb39 which can be used as unique global reference for Rapid7 AppDomain Manager Injection in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-29T00:00:00Z
date_published 2023-05-05T00:00:00Z
source MITRE
title AppDomain Manager Injection: New Techniques For Red Teams

Mandiant APT1 Appendix

Mandiant. (n.d.). Appendix C (Digital) - The Malware Arsenal. Retrieved July 18, 2016.

Internal MISP references

UUID 1f31c09c-6a93-4142-8333-154138c1d70a which can be used as unique global reference for Mandiant APT1 Appendix in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-07-18T00:00:00Z
source MITRE
title Appendix C (Digital) - The Malware Arsenal

AppInit Secure Boot

Microsoft. (n.d.). AppInit DLLs and Secure Boot. Retrieved July 15, 2015.

Internal MISP references

UUID 2b951be3-5105-4665-972f-7809c057fd3f which can be used as unique global reference for AppInit Secure Boot in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-07-15T00:00:00Z
source MITRE
title AppInit DLLs and Secure Boot

AppInstaller.exe - LOLBAS Project

LOLBAS. (2020, December 2). AppInstaller.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 9a777e7c-e76c-465c-8b45-67503e715f7e which can be used as unique global reference for AppInstaller.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-12-02T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title AppInstaller.exe

objectivesee osx.shlayer apple approved 2020

Patrick Wardle. (2020, August 30). Apple Approved Malware malicious code ...now notarized!? #2020. Retrieved September 13, 2021.

Internal MISP references

UUID a2127d3d-c320-4637-a85c-16e20c2654f6 which can be used as unique global reference for objectivesee osx.shlayer apple approved 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-13T00:00:00Z
date_published 2020-08-30T00:00:00Z
source MITRE
title Apple Approved Malware malicious code ...now notarized!? #2020

AppleDocs AuthorizationExecuteWithPrivileges

Apple. (n.d.). Apple Developer Documentation - AuthorizationExecuteWithPrivileges. Retrieved August 8, 2019.

Internal MISP references

UUID 7b8875e8-5b93-4d49-a12b-2683bab2ba6e which can be used as unique global reference for AppleDocs AuthorizationExecuteWithPrivileges in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-08-08T00:00:00Z
source MITRE
title Apple Developer Documentation - AuthorizationExecuteWithPrivileges

AppleDocs Scheduling Timed Jobs

Apple. (n.d.). Retrieved July 17, 2017.

Internal MISP references

UUID 66dd8a7d-521f-4610-b478-52d748185ad3 which can be used as unique global reference for AppleDocs Scheduling Timed Jobs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-17T00:00:00Z
source MITRE
title AppleDocs Scheduling Timed Jobs

CISA AppleJeus Feb 2021

Cybersecurity and Infrastructure Security Agency. (2021, February 21). AppleJeus: Analysis of North Korea’s Cryptocurrency Malware. Retrieved March 1, 2021.

Internal MISP references

UUID 6873e14d-eba4-4e3c-9ccf-cec1d760f0be which can be used as unique global reference for CISA AppleJeus Feb 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-01T00:00:00Z
date_published 2021-02-21T00:00:00Z
source MITRE
title AppleJeus: Analysis of North Korea’s Cryptocurrency Malware

Apple Remote Desktop Admin Guide 3.3

Apple. (n.d.). Apple Remote Desktop Administrator Guide Version 3.3. Retrieved October 5, 2021.

Internal MISP references

UUID c57c2bba-a398-4e68-b2a7-fddcf0740b61 which can be used as unique global reference for Apple Remote Desktop Admin Guide 3.3 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-05T00:00:00Z
source MITRE
title Apple Remote Desktop Administrator Guide Version 3.3

applescript signing

Steven Sande. (2013, December 23). AppleScript and Automator gain new features in OS X Mavericks. Retrieved September 21, 2018.

Internal MISP references

UUID dd76c7ab-c3df-4f34-aaf0-684b56499065 which can be used as unique global reference for applescript signing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-21T00:00:00Z
date_published 2013-12-23T00:00:00Z
source MITRE
title AppleScript and Automator gain new features in OS X Mavericks

Microsoft Entra ID Service Principals

Microsoft. (2023, December 15). Application and service principal objects in Microsoft Entra ID. Retrieved February 28, 2024.

Internal MISP references

UUID 2a20c574-3e69-5da6-887e-68e34cee7562 which can be used as unique global reference for Microsoft Entra ID Service Principals in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-28T00:00:00Z
date_published 2023-12-15T00:00:00Z
source MITRE
title Application and service principal objects in Microsoft Entra ID

Microsoft App Domains

Microsoft. (2021, September 15). Application domains. Retrieved March 28, 2024.

Internal MISP references

UUID 268e7ade-c0a8-5859-8b16-6fa8aa3b0cb7 which can be used as unique global reference for Microsoft App Domains in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-28T00:00:00Z
date_published 2021-09-15T00:00:00Z
source MITRE
title Application domains

Corio 2008

Corio, C., & Sayana, D. P. (2008, June). Application Lockdown with Software Restriction Policies. Retrieved November 18, 2014.

Internal MISP references

UUID cae409ca-1c77-45df-88cd-c0998ac724ec which can be used as unique global reference for Corio 2008 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-18T00:00:00Z
date_published 2008-06-01T00:00:00Z
source MITRE
title Application Lockdown with Software Restriction Policies

Microsoft Application Lockdown

Corio, C., & Sayana, D. P.. (2008, June). Application Lockdown with Software Restriction Policies. Retrieved November 18, 2014.

Internal MISP references

UUID 5dab4466-0871-486a-84ad-0e648b2e937d which can be used as unique global reference for Microsoft Application Lockdown in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-18T00:00:00Z
date_published 2008-06-01T00:00:00Z
source MITRE
title Application Lockdown with Software Restriction Policies

SANS Application Whitelisting

Beechey, J.. (2014, November 18). Application Whitelisting: Panacea or Propaganda?. Retrieved November 18, 2014.

Internal MISP references

UUID a333f45f-1760-443a-9208-f3682ea32f67 which can be used as unique global reference for SANS Application Whitelisting in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-18T00:00:00Z
date_published 2014-11-18T00:00:00Z
source MITRE
title Application Whitelisting: Panacea or Propaganda?

Beechey 2010

Beechey, J. (2010, December). Application Whitelisting: Panacea or Propaganda?. Retrieved November 18, 2014.

Internal MISP references

UUID 4994e065-c6e4-4b41-8ae3-d72023135429 which can be used as unique global reference for Beechey 2010 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-18T00:00:00Z
date_published 2010-12-01T00:00:00Z
source MITRE
title Application Whitelisting: Panacea or Propaganda?

NSA MS AppLocker

NSA Information Assurance Directorate. (2014, August). Application Whitelisting Using Microsoft AppLocker. Retrieved March 31, 2016.

Internal MISP references

UUID 0db5c3ea-5392-4fd3-9f1d-9fa69aba4259 which can be used as unique global reference for NSA MS AppLocker in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-31T00:00:00Z
date_published 2014-08-01T00:00:00Z
source MITRE
title Application Whitelisting Using Microsoft AppLocker

Penetration Testing Lab MSXSL July 2017

netbiosX. (2017, July 6). AppLocker Bypass – MSXSL. Retrieved July 3, 2018.

Internal MISP references

UUID 2f1adf20-a4b8-48c1-861f-0a44271765d7 which can be used as unique global reference for Penetration Testing Lab MSXSL July 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-03T00:00:00Z
date_published 2017-07-06T00:00:00Z
source MITRE
title AppLocker Bypass – MSXSL

Microsoft Requests for Azure AD Roles in Privileged Identity Management

Microsoft. (2023, January 30). Approve or deny requests for Azure AD roles in Privileged Identity Management. Retrieved February 21, 2023.

Internal MISP references

UUID 1495effe-16a6-5b4e-9b50-1d1f7db48fa7 which can be used as unique global reference for Microsoft Requests for Azure AD Roles in Privileged Identity Management in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-21T00:00:00Z
date_published 2023-01-30T00:00:00Z
source MITRE
title Approve or deny requests for Azure AD roles in Privileged Identity Management

Apple App Security Overview

Apple Inc. (2021, February 18). App security overview. Retrieved October 12, 2021.

Internal MISP references

UUID 3b1e9a5d-7940-43b5-bc11-3112c0762740 which can be used as unique global reference for Apple App Security Overview in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-12T00:00:00Z
date_published 2021-02-18T00:00:00Z
source MITRE
title App security overview

Tripwire AppUNBlocker

Smith, T. (2016, October 27). AppUNBlocker: Bypassing AppLocker. Retrieved December 19, 2017.

Internal MISP references

UUID 2afb9a5f-c023-49df-90d1-e0ffb6d192f3 which can be used as unique global reference for Tripwire AppUNBlocker in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-19T00:00:00Z
date_published 2016-10-27T00:00:00Z
source MITRE
title AppUNBlocker: Bypassing AppLocker

Appvlp.exe - LOLBAS Project

LOLBAS. (2018, May 25). Appvlp.exe. Retrieved December 4, 2023.

Internal MISP references

UUID b0afe3e8-9f1d-4295-8811-8dfbe993c337 which can be used as unique global reference for Appvlp.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Appvlp.exe

BlackHat Atkinson Winchester Token Manipulation

Atkinson, J., Winchester, R. (2017, December 7). A Process is No One: Hunting for Token Manipulation. Retrieved December 21, 2017.

Internal MISP references

UUID 2eaee06d-529d-4fe0-9ca3-c62419f47a90 which can be used as unique global reference for BlackHat Atkinson Winchester Token Manipulation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-21T00:00:00Z
date_published 2017-12-07T00:00:00Z
source MITRE
title A Process is No One: Hunting for Token Manipulation

FireEye APT10 April 2017

FireEye iSIGHT Intelligence. (2017, April 6). APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat. Retrieved June 29, 2017.

Internal MISP references

UUID 2d494df8-83e3-45d2-b798-4c3bcf55f675 which can be used as unique global reference for FireEye APT10 April 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-06-29T00:00:00Z
date_published 2017-04-06T00:00:00Z
source MITRE
title APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat

Securelist APT10 March 2021

GREAT. (2021, March 30). APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign. Retrieved June 17, 2021.

Internal MISP references

UUID 90450a1e-59c3-491f-b842-2cf81023fc9e which can be used as unique global reference for Securelist APT10 March 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-17T00:00:00Z
date_published 2021-03-30T00:00:00Z
source MITRE
title APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign

FireEye APT10 Sept 2018

Matsuda, A., Muhammad I. (2018, September 13). APT10 Targeting Japanese Corporations Using Updated TTPs. Retrieved September 17, 2018.

Internal MISP references

UUID 5f122a27-2137-4016-a482-d04106187594 which can be used as unique global reference for FireEye APT10 Sept 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-17T00:00:00Z
date_published 2018-09-13T00:00:00Z
source MITRE
title APT10 Targeting Japanese Corporations Using Updated TTPs

NCC Group APT15 Alive and Strong

Smallridge, R. (2018, March 10). APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS. Retrieved April 4, 2018.

Internal MISP references

UUID 02a50445-de06-40ab-9ea4-da5c37e066cd which can be used as unique global reference for NCC Group APT15 Alive and Strong in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-04T00:00:00Z
date_published 2018-03-10T00:00:00Z
source MITRE
title APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS

Mandiant APT1

Mandiant. (n.d.). APT1 Exposing One of China’s Cyber Espionage Units. Retrieved July 18, 2016.

Internal MISP references

UUID 865eba93-cf6a-4e41-bc09-de9b0b3c2669 which can be used as unique global reference for Mandiant APT1 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-07-18T00:00:00Z
source MITRE, Tidal Cyber
title APT1 Exposing One of China’s Cyber Espionage Units

Profero APT27 December 2020

Global Threat Center, Intelligence Team. (2020, December). APT27 Turns to Ransomware. Retrieved November 12, 2021.

Internal MISP references

UUID 0290ea31-f817-471e-85ae-c3855c63f5c3 which can be used as unique global reference for Profero APT27 December 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-11-12T00:00:00Z
date_published 2020-12-01T00:00:00Z
source MITRE
title APT27 Turns to Ransomware

FireEye APT28 January 2017

FireEye iSIGHT Intelligence. (2017, January 11). APT28: At the Center of the Storm. Retrieved January 11, 2017.

Internal MISP references

UUID 61d80b8f-5bdb-41e6-b59a-d2d996392873 which can be used as unique global reference for FireEye APT28 January 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-01-11T00:00:00Z
date_published 2017-01-11T00:00:00Z
source MITRE, Tidal Cyber
title APT28: At the Center of the Storm

FireEye APT28

FireEye. (2015). APT28: A WINDOW INTO RUSSIA’S CYBER ESPIONAGE OPERATIONS?. Retrieved August 19, 2015.

Internal MISP references

UUID c423b2b2-25a3-4a8d-b89a-83ab07c0cd20 which can be used as unique global reference for FireEye APT28 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-08-19T00:00:00Z
date_published 2015-01-01T00:00:00Z
source MITRE, Tidal Cyber
title APT28: A WINDOW INTO RUSSIA’S CYBER ESPIONAGE OPERATIONS?

U.S. CISA APT28 Cisco Routers April 18 2023

Cybersecurity and Infrastructure Security Agency. (2023, April 18). APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers. Retrieved August 23, 2023.

Internal MISP references

UUID c532a6fc-b27f-4240-a071-3eaa866bce89 which can be used as unique global reference for U.S. CISA APT28 Cisco Routers April 18 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-23T00:00:00Z
date_published 2023-04-18T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers

Symantec APT28 Oct 2018

Symantec Security Response. (2018, October 04). APT28: New Espionage Operations Target Military and Government Organizations. Retrieved November 14, 2018.

Internal MISP references

UUID 777bc94a-6c21-4f8c-9efa-a1cf52ececc0 which can be used as unique global reference for Symantec APT28 Oct 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-14T00:00:00Z
date_published 2018-10-04T00:00:00Z
source MITRE
title APT28: New Espionage Operations Target Military and Government Organizations

FireEye APT28 Hospitality Aug 2017

Smith, L. and Read, B.. (2017, August 11). APT28 Targets Hospitality Sector, Presents Threat to Travelers. Retrieved August 17, 2017.

Internal MISP references

UUID 7887dc90-3f05-411a-81ea-b86aa392104b which can be used as unique global reference for FireEye APT28 Hospitality Aug 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-08-17T00:00:00Z
date_published 2017-08-11T00:00:00Z
source MITRE
title APT28 Targets Hospitality Sector, Presents Threat to Travelers

Bitdefender APT28 Dec 2015

Bitdefender. (2015, December). APT28 Under the Scope. Retrieved February 23, 2017.

Internal MISP references

UUID 3dd67aae-7feb-4b07-a985-ccadc1b16f1d which can be used as unique global reference for Bitdefender APT28 Dec 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-02-23T00:00:00Z
date_published 2015-12-01T00:00:00Z
source MITRE
title APT28 Under the Scope

FireEye APT29 Domain Fronting

Dunwoody, M. (2017, March 27). APT29 Domain Fronting With TOR. Retrieved March 27, 2017.

Internal MISP references

UUID 3e013b07-deaf-4387-acd7-2d0565d196a9 which can be used as unique global reference for FireEye APT29 Domain Fronting in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-27T00:00:00Z
date_published 2017-03-27T00:00:00Z
source MITRE
title APT29 Domain Fronting With TOR

FireEye APT29 Domain Fronting With TOR March 2017

Matthew Dunwoody. (2017, March 27). APT29 Domain Fronting With TOR. Retrieved November 20, 2017.

Internal MISP references

UUID 1d919991-bc87-41bf-9e58-edf1b3806bb8 which can be used as unique global reference for FireEye APT29 Domain Fronting With TOR March 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-20T00:00:00Z
date_published 2017-03-27T00:00:00Z
source MITRE
title APT29 Domain Fronting With TOR

FireEye APT30

FireEye Labs. (2015, April). APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION. Retrieved May 1, 2015.

Internal MISP references

UUID c48d2084-61cf-4e86-8072-01e5d2de8416 which can be used as unique global reference for FireEye APT30 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-05-01T00:00:00Z
date_published 2015-04-01T00:00:00Z
source MITRE, Tidal Cyber
title APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION

Zscaler APT31 Covid-19 October 2020

Singh, S. and Antil, S. (2020, October 27). APT-31 Leverages COVID-19 Vaccine Theme and Abuses Legitimate Online Services. Retrieved March 24, 2021.

Internal MISP references

UUID 1647c9a6-e475-4a9a-a202-0133dbeef9a0 which can be used as unique global reference for Zscaler APT31 Covid-19 October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-24T00:00:00Z
date_published 2020-10-27T00:00:00Z
source MITRE
title APT-31 Leverages COVID-19 Vaccine Theme and Abuses Legitimate Online Services

sentinelone apt32 macOS backdoor 2020

Phil Stokes. (2020, December 2). APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique. Retrieved September 13, 2021.

Internal MISP references

UUID d31dcbe6-06ec-475e-b121-fd25a93c3ef7 which can be used as unique global reference for sentinelone apt32 macOS backdoor 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-13T00:00:00Z
date_published 2020-12-02T00:00:00Z
source MITRE
title APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique

FireEye APT33 Webinar Sept 2017

Davis, S. and Carr, N. (2017, September 21). APT33: New Insights into Iranian Cyber Espionage Group. Retrieved February 15, 2018.

Internal MISP references

UUID 9b378592-5737-403d-8a07-27077f5b2d61 which can be used as unique global reference for FireEye APT33 Webinar Sept 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-15T00:00:00Z
date_published 2017-09-21T00:00:00Z
source MITRE
title APT33: New Insights into Iranian Cyber Espionage Group

FireEye APT34 Webinar Dec 2017

Davis, S. and Caban, D. (2017, December 19). APT34 - New Targeted Attack in the Middle East. Retrieved December 20, 2017.

Internal MISP references

UUID 4eef7032-de14-44a2-a403-82aefdc85c50 which can be used as unique global reference for FireEye APT34 Webinar Dec 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 2017-12-19T00:00:00Z
source MITRE
title APT34 - New Targeted Attack in the Middle East

DFIR Report APT35 ProxyShell March 2022

DFIR Report. (2022, March 21). APT35 Automates Initial Access Using ProxyShell. Retrieved May 25, 2022.

Internal MISP references

UUID 1837e917-d80b-4632-a1ca-c70d4b712ac7 which can be used as unique global reference for DFIR Report APT35 ProxyShell March 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-25T00:00:00Z
date_published 2022-03-21T00:00:00Z
source MITRE
title APT35 Automates Initial Access Using ProxyShell

Check Point APT35 CharmPower January 2022

Check Point. (2022, January 11). APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit. Retrieved January 24, 2022.

Internal MISP references

UUID 81dce660-93ea-42a4-902f-0c6021d30f59 which can be used as unique global reference for Check Point APT35 CharmPower January 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-24T00:00:00Z
date_published 2022-01-11T00:00:00Z
source MITRE
title APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit

FireEye APT37 Feb 2018

FireEye. (2018, February 20). APT37 (Reaper): The Overlooked North Korean Actor. Retrieved March 1, 2018.

Internal MISP references

UUID 4d575c1a-4ff9-49ce-97cd-f9d0637c2271 which can be used as unique global reference for FireEye APT37 Feb 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-01T00:00:00Z
date_published 2018-02-20T00:00:00Z
source MITRE, Tidal Cyber
title APT37 (Reaper): The Overlooked North Korean Actor

FireEye APT38 Oct 2018

FireEye. (2018, October 03). APT38: Un-usual Suspects. Retrieved November 6, 2018.

Internal MISP references

UUID 7c916329-af56-4723-820c-ef932a6e3409 which can be used as unique global reference for FireEye APT38 Oct 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-06T00:00:00Z
date_published 2018-10-03T00:00:00Z
source MITRE, Tidal Cyber
title APT38: Un-usual Suspects

FireEye APT39 Jan 2019

Hawley et al. (2019, January 29). APT39: An Iranian Cyber Espionage Group Focused on Personal Information. Retrieved February 19, 2019.

Internal MISP references

UUID ba366cfc-cc04-41a5-903b-a7bb73136bc3 which can be used as unique global reference for FireEye APT39 Jan 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-19T00:00:00Z
date_published 2019-01-29T00:00:00Z
source MITRE
title APT39: An Iranian Cyber Espionage Group Focused on Personal Information

APT3 Adversary Emulation Plan

Korban, C, et al. (2017, September). APT3 Adversary Emulation Plan. Retrieved January 16, 2018.

Internal MISP references

UUID 64c01921-c33f-402e-b30d-a2ba26583a24 which can be used as unique global reference for APT3 Adversary Emulation Plan in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-16T00:00:00Z
date_published 2017-09-01T00:00:00Z
source MITRE
title APT3 Adversary Emulation Plan

evolution of pirpi

Yates, M. (2017, June 18). APT3 Uncovered: The code evolution of Pirpi. Retrieved September 28, 2017.

Internal MISP references

UUID 9c8bd493-bf08-431b-9d53-29eb14a6eef5 which can be used as unique global reference for evolution of pirpi in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-09-28T00:00:00Z
date_published 2017-06-18T00:00:00Z
source MITRE
title APT3 Uncovered: The code evolution of Pirpi

FireEye APT40 March 2019

Plan, F., et al. (2019, March 4). APT40: Examining a China-Nexus Espionage Actor. Retrieved March 18, 2019.

Internal MISP references

UUID 8a44368f-3348-4817-aca7-81bfaca5ae6d which can be used as unique global reference for FireEye APT40 March 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-18T00:00:00Z
date_published 2019-03-04T00:00:00Z
source MITRE
title APT40: Examining a China-Nexus Espionage Actor

Rostovcev APT41 2021

Nikita Rostovcev. (2022, August 18). APT41 World Tour 2021 on a tight schedule. Retrieved February 22, 2024.

Internal MISP references

UUID b6e7fb29-7935-5454-8fb2-37585c46324a which can be used as unique global reference for Rostovcev APT41 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-22T00:00:00Z
date_published 2022-08-18T00:00:00Z
source MITRE
title APT41 World Tour 2021 on a tight schedule

Mandiant APT42

Mandiant. (n.d.). APT42: Crooked Charms, Cons and Compromise. Retrieved September 16, 2022.

Internal MISP references

UUID 10b3e476-a0c5-41fd-8cb8-5bfb245b118f which can be used as unique global reference for Mandiant APT42 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-16T00:00:00Z
source MITRE
title APT42: Crooked Charms, Cons and Compromise

NSA APT5 Citrix Threat Hunting December 2022

National Security Agency. (2022, December). APT5: Citrix ADC Threat Hunting Guidance. Retrieved February 5, 2024.

Internal MISP references

UUID 916e2137-46e6-53c2-a917-5b5b5c4bae3a which can be used as unique global reference for NSA APT5 Citrix Threat Hunting December 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-05T00:00:00Z
date_published 2022-12-01T00:00:00Z
source MITRE
title APT5: Citrix ADC Threat Hunting Guidance

welivesecurity_apt-c-23

Stefanko, L. (2020, September 30). APT‑C‑23 group evolves its Android spyware. Retrieved March 4, 2024.

Internal MISP references

UUID 7196226e-7d0d-5e14-a4e3-9b6322537039 which can be used as unique global reference for welivesecurity_apt-c-23 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-04T00:00:00Z
date_published 2020-09-30T00:00:00Z
source MITRE
title APT‑C‑23 group evolves its Android spyware

QiAnXin APT-C-36 Feb2019

QiAnXin Threat Intelligence Center. (2019, February 18). APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations. Retrieved May 5, 2020.

Internal MISP references

UUID cae075ea-42cb-4695-ac66-9187241393d1 which can be used as unique global reference for QiAnXin APT-C-36 Feb2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-05T00:00:00Z
date_published 2019-02-18T00:00:00Z
source MITRE, Tidal Cyber
title APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations

360 Machete Sep 2020

kate. (2020, September 25). APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries — HpReact campaign. Retrieved November 20, 2020.

Internal MISP references

UUID 682c843d-1bb8-4f30-9d2e-35e8d41b1976 which can be used as unique global reference for 360 Machete Sep 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-20T00:00:00Z
date_published 2020-09-25T00:00:00Z
source MITRE, Tidal Cyber
title APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries — HpReact campaign

Cycraft Chimera April 2020

Cycraft. (2020, April 15). APT Group Chimera - APT Operation Skeleton key Targets Taiwan Semiconductor Vendors. Retrieved August 24, 2020.

Internal MISP references

UUID a5a14a4e-2214-44ab-9067-75429409d744 which can be used as unique global reference for Cycraft Chimera April 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-24T00:00:00Z
date_published 2020-04-15T00:00:00Z
source MITRE
title APT Group Chimera - APT Operation Skeleton key Targets Taiwan Semiconductor Vendors

CISA IT Service Providers

CISA. (n.d.). APTs Targeting IT Service Provider Customers. Retrieved November 16, 2020.

Internal MISP references

UUID b8bee7f9-155e-4765-9492-01182e4435b7 which can be used as unique global reference for CISA IT Service Providers in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-16T00:00:00Z
source MITRE
title APTs Targeting IT Service Provider Customers

Securelist GCMAN

Kaspersky Lab's Global Research & Analysis Team. (2016, February 8). APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks. Retrieved April 20, 2016.

Internal MISP references

UUID 1f07f234-50f0-4c1e-942a-a01d3f733161 which can be used as unique global reference for Securelist GCMAN in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-20T00:00:00Z
date_published 2016-02-08T00:00:00Z
source MITRE, Tidal Cyber
title APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks

Proofpoint TA459 April 2017

Axel F. (2017, April 27). APT Targets Financial Analysts with CVE-2017-0199. Retrieved February 15, 2018.

Internal MISP references

UUID dabad6df-1e31-4c16-9217-e079f2493b02 which can be used as unique global reference for Proofpoint TA459 April 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-15T00:00:00Z
date_published 2017-04-27T00:00:00Z
source MITRE, Tidal Cyber
title APT Targets Financial Analysts with CVE-2017-0199

Kaspersky ToddyCat June 2022

Dedola, G. (2022, June 21). APT ToddyCat. Retrieved January 3, 2024.

Internal MISP references

UUID 285c038b-e5fc-57ef-9a98-d9e24c52e2cf which can be used as unique global reference for Kaspersky ToddyCat June 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-03T00:00:00Z
date_published 2022-06-21T00:00:00Z
source MITRE
title APT ToddyCat

Global Research and Analysis Team . (2018, April 12). APT Trends report Q1 2018. Retrieved January 27, 2021.

Internal MISP references

UUID 587f5195-e696-4a3c-8c85-90b9c002cd11 which can be used as unique global reference for Securelist APT Trends April 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-27T00:00:00Z
date_published 2018-04-12T00:00:00Z
source MITRE
title APT Trends report Q1 2018

Global Research and Analysis Team. (2020, April 30). APT trends report Q1 2020. Retrieved September 19, 2022.

Internal MISP references

UUID 23c91719-5ebe-4d03-8018-df1809fffd2f which can be used as unique global reference for Kaspersky APT Trends Q1 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-19T00:00:00Z
date_published 2020-04-30T00:00:00Z
source MITRE
title APT trends report Q1 2020

GReAT . (2021, April 27). APT trends report Q1 2021. Retrieved June 6, 2022.

Internal MISP references

UUID 3fd0ba3b-7919-46d3-a444-50508603956f which can be used as unique global reference for Kaspersky APT Trends Q1 April 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-06T00:00:00Z
date_published 2021-04-27T00:00:00Z
source MITRE
title APT trends report Q1 2021

Kaspersky Lab's Global Research & Analysis Team. (2017, August 8). APT Trends report Q2 2017. Retrieved February 15, 2018.

Internal MISP references

UUID fe28042c-d289-463f-9ece-1a75a70b966e which can be used as unique global reference for Securelist APT Trends Q2 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-15T00:00:00Z
date_published 2017-08-08T00:00:00Z
source MITRE
title APT Trends report Q2 2017

Wired ArcaneDoor April 24 2024

Andy Greenberg. (2024, April 24). ‘ArcaneDoor’ Cyberspies Hacked Cisco Firewalls to Access Government Networks. Retrieved May 6, 2024.

Internal MISP references

UUID 05a8afd3-0173-41ca-b23b-196ea0f3b1c1 which can be used as unique global reference for Wired ArcaneDoor April 24 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-05-06T00:00:00Z
date_published 2024-04-24T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title ‘ArcaneDoor’ Cyberspies Hacked Cisco Firewalls to Access Government Networks

Cisco Talos ArcaneDoor April 24 2024

Cisco Talos. (2024, April 24). ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices. Retrieved May 6, 2024.

Internal MISP references

UUID 531c3f6f-2d2b-4774-b069-e2b7a13602c1 which can be used as unique global reference for Cisco Talos ArcaneDoor April 24 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-05-06T00:00:00Z
date_published 2024-04-24T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices

Wald0 Guide to GPOs

Robbins, A. (2018, April 2). A Red Teamer’s Guide to GPOs and OUs. Retrieved March 5, 2019.

Internal MISP references

UUID 48bb84ac-56c8-4840-9a11-2cc76213e24e which can be used as unique global reference for Wald0 Guide to GPOs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-05T00:00:00Z
date_published 2018-04-02T00:00:00Z
source MITRE
title A Red Teamer’s Guide to GPOs and OUs

Lau 2011

Lau, H. (2011, August 8). Are MBR Infections Back in Fashion? (Infographic). Retrieved November 13, 2014.

Internal MISP references

UUID fa809aab-5051-4f9c-8e27-b5989608b03c which can be used as unique global reference for Lau 2011 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-13T00:00:00Z
date_published 2011-08-08T00:00:00Z
source MITRE
title Are MBR Infections Back in Fashion? (Infographic)

Krebs-Booter

Brian Krebs. (2016, October 27). Are the Days of “Booter” Services Numbered?. Retrieved May 15, 2017.

Internal MISP references

UUID d29a88ae-273b-439e-8808-dc9931f1ff72 which can be used as unique global reference for Krebs-Booter in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-05-15T00:00:00Z
date_published 2016-10-27T00:00:00Z
source MITRE
title Are the Days of “Booter” Services Numbered?

RSA Forfiles Aug 2017

Partington, E. (2017, August 14). Are you looking out for forfiles.exe (if you are watching for cmd.exe). Retrieved January 22, 2018.

Internal MISP references

UUID 923d6d3e-6117-43a5-92c6-ea0c131355c2 which can be used as unique global reference for RSA Forfiles Aug 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-22T00:00:00Z
date_published 2017-08-14T00:00:00Z
source MITRE
title Are you looking out for forfiles.exe (if you are watching for cmd.exe)

FireEye Respond Webinar July 2017

Scavella, T. and Rifki, A. (2017, July 20). Are you Ready to Respond? (Webinar). Retrieved October 4, 2017.

Internal MISP references

UUID e7091d66-7faa-49d6-b16f-be1f79db4471 which can be used as unique global reference for FireEye Respond Webinar July 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-10-04T00:00:00Z
date_published 2017-07-20T00:00:00Z
source MITRE
title Are you Ready to Respond? (Webinar)

Browser-updates

Dusty Miller. (2023, October 17). Are You Sure Your Browser is Up to Date? The Current Landscape of Fake Browser Updates . Retrieved February 13, 2024.

Internal MISP references

UUID 89e913a8-1d52-53fe-b692-fb72e21d794f which can be used as unique global reference for Browser-updates in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-13T00:00:00Z
date_published 2023-10-17T00:00:00Z
source MITRE
title Are You Sure Your Browser is Up to Date? The Current Landscape of Fake Browser Updates

Sekoia.io AridViper

Threat & Detection Research Team. (2023, October 26). AridViper, an intrusion set allegedly associated with Hamas. Retrieved October 30, 2023.

Internal MISP references

UUID 963a97b9-71b2-46e7-8315-1d7ef76d832c which can be used as unique global reference for Sekoia.io AridViper in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-30T00:00:00Z
date_published 2023-10-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title AridViper, an intrusion set allegedly associated with Hamas

TechNet Arp

Microsoft. (n.d.). Arp. Retrieved April 17, 2016.

Internal MISP references

UUID 7714222e-8046-4884-b460-493d9ef46305 which can be used as unique global reference for TechNet Arp in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-17T00:00:00Z
source MITRE
title Arp

Cisco ARP Poisoning Mitigation 2016

King, J., Lauerman, K. (2016, January 22). ARP Poisoning (Man-in-the-Middle) Attack and Mitigation Technique. Retrieved October 15, 2020.

Internal MISP references

UUID 715cd044-f5ef-4cad-8741-308d104f05a5 which can be used as unique global reference for Cisco ARP Poisoning Mitigation 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-15T00:00:00Z
date_published 2016-01-22T00:00:00Z
source MITRE
title ARP Poisoning (Man-in-the-Middle) Attack and Mitigation Technique

ASEC Emotet 2017

ASEC. (2017). ASEC REPORT VOL.88. Retrieved April 16, 2019.

Internal MISP references

UUID a02e3bbf-5864-4ccf-8b6f-5f8452395670 which can be used as unique global reference for ASEC Emotet 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-16T00:00:00Z
date_published 2017-01-01T00:00:00Z
source MITRE
title ASEC REPORT VOL.88

ASERT Seven Pointed Dagger Aug 2015

ASERT. (2015, August). ASERT Threat Intelligence Report – Uncovering the Seven Pointed Dagger. Retrieved March 19, 2018.

Internal MISP references

UUID a8f323c7-82bc-46e6-bd6c-0b631abc644a which can be used as unique global reference for ASERT Seven Pointed Dagger Aug 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-19T00:00:00Z
date_published 2015-08-01T00:00:00Z
source MITRE
title ASERT Threat Intelligence Report – Uncovering the Seven Pointed Dagger

Securelist Sofacy Feb 2018

Kaspersky Lab's Global Research & Analysis Team. (2018, February 20). A Slice of 2017 Sofacy Activity. Retrieved November 27, 2018.

Internal MISP references

UUID 3a043bba-2451-4765-946b-c1f3bf4aea36 which can be used as unique global reference for Securelist Sofacy Feb 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-27T00:00:00Z
date_published 2018-02-20T00:00:00Z
source MITRE
title A Slice of 2017 Sofacy Activity

THE FINANCIAL TIMES LTD 2019.

THE FINANCIAL TIMES. (2019, September 2). A sobering day. Retrieved October 8, 2019.

Internal MISP references

UUID 5a01f0b7-86f7-44a1-bf35-46a631402ceb which can be used as unique global reference for THE FINANCIAL TIMES LTD 2019. in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-08T00:00:00Z
date_published 2019-09-02T00:00:00Z
source MITRE
title A sobering day

Aspnet_Compiler.exe - LOLBAS Project

LOLBAS. (2021, September 26). Aspnet_Compiler.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 15864c56-115e-4163-b816-03bdb9bfd5c5 which can be used as unique global reference for Aspnet_Compiler.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-09-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Aspnet_Compiler.exe

Mandiant UNC2452 APT29 April 2022

Mandiant. (2020, April 27). Assembling the Russian Nesting Doll: UNC2452 Merged into APT29. Retrieved March 26, 2023.

Internal MISP references

UUID 5276508c-6792-56be-b757-e4b495ef6c37 which can be used as unique global reference for Mandiant UNC2452 APT29 April 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-26T00:00:00Z
date_published 2020-04-27T00:00:00Z
source MITRE
title Assembling the Russian Nesting Doll: UNC2452 Merged into APT29

Microsoft AssemblyLoad

Microsoft. (n.d.). Assembly.Load Method. Retrieved February 9, 2024.

Internal MISP references

UUID 3d980d7a-7074-5812-9bb1-ca8e27e028bd which can be used as unique global reference for Microsoft AssemblyLoad in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-09T00:00:00Z
source MITRE
title Assembly.Load Method

Kubernetes Assigning Pods to Nodes

Kubernetes. (n.d.). Assigning Pods to Nodes. Retrieved February 15, 2024.

Internal MISP references

UUID fe6ba97b-ff61-541b-9a67-a835290dc4ab which can be used as unique global reference for Kubernetes Assigning Pods to Nodes in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-15T00:00:00Z
source MITRE
title Assigning Pods to Nodes

Microsoft Assoc Oct 2017

Plett, C. et al.. (2017, October 15). assoc. Retrieved August 7, 2018.

Internal MISP references

UUID 63fb65d7-6423-42de-b868-37fbc2bc133d which can be used as unique global reference for Microsoft Assoc Oct 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-07T00:00:00Z
date_published 2017-10-15T00:00:00Z
source MITRE
title assoc

Rhino Security Labs Enumerating AWS Roles

Spencer Gietzen. (2018, August 8). Assume the Worst: Enumerating AWS Roles through ‘AssumeRole’. Retrieved April 1, 2022.

Internal MISP references

UUID f403fc54-bdac-415a-9cc0-78803dd84214 which can be used as unique global reference for Rhino Security Labs Enumerating AWS Roles in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-01T00:00:00Z
date_published 2018-08-08T00:00:00Z
source MITRE
title Assume the Worst: Enumerating AWS Roles through ‘AssumeRole’

Cybereason Astaroth Feb 2019

Salem, E. (2019, February 13). ASTAROTH MALWARE USES LEGITIMATE OS AND ANTIVIRUS PROCESSES TO STEAL PASSWORDS AND PERSONAL DATA. Retrieved April 17, 2019.

Internal MISP references

UUID eb4dc1f8-c6e7-4d6c-9258-b03a0ae64d2e which can be used as unique global reference for Cybereason Astaroth Feb 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-17T00:00:00Z
date_published 2019-02-13T00:00:00Z
source MITRE
title ASTAROTH MALWARE USES LEGITIMATE OS AND ANTIVIRUS PROCESSES TO STEAL PASSWORDS AND PERSONAL DATA

spamhaus-malvertising

Miller, Sarah. (2023, February 2). A surge of malvertising across Google Ads is distributing dangerous malware. Retrieved February 21, 2023.

Internal MISP references

UUID 15a4d429-28c3-52be-aeb8-d94ad2743866 which can be used as unique global reference for spamhaus-malvertising in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-21T00:00:00Z
date_published 2023-02-02T00:00:00Z
source MITRE
title A surge of malvertising across Google Ads is distributing dangerous malware

Microsoft APC

Microsoft. (n.d.). Asynchronous Procedure Calls. Retrieved December 8, 2017.

Internal MISP references

UUID 37f1ef6c-fc0e-4e47-85ab-20d53caba77e which can be used as unique global reference for Microsoft APC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-08T00:00:00Z
source MITRE
title Asynchronous Procedure Calls

Medium February 08 2023

Hack sydney. (2023, February 8). AsyncRAT: Analysing the Three Stages of Execution. Retrieved May 7, 2023.

Internal MISP references

UUID 86a69887-8d23-460f-9a51-96a10bfb3c29 which can be used as unique global reference for Medium February 08 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2023-02-08T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title AsyncRAT: Analysing the Three Stages of Execution

AsyncRAT Crusade: Detections and Defense | Splunk

Splunk-Blogs. (n.d.). AsyncRAT Crusade: Detections and Defense. Retrieved May 7, 2023.

Internal MISP references

UUID 2869d93c-d3fe-475e-adc9-ab6eb7e26c0f which can be used as unique global reference for AsyncRAT Crusade: Detections and Defense | Splunk in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title AsyncRAT Crusade: Detections and Defense

TechNet At

Microsoft. (n.d.). At. Retrieved April 28, 2016.

Internal MISP references

UUID 31b40c09-d68f-4889-b585-c077bd9cef28 which can be used as unique global reference for TechNet At in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-28T00:00:00Z
source MITRE
title At

Die.net Linux at Man Page

Thomas Koenig. (n.d.). at(1) - Linux man page. Retrieved December 19, 2017.

Internal MISP references

UUID 4bc1389d-9586-4dfc-a67c-58c6d3f6796a which can be used as unique global reference for Die.net Linux at Man Page in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-19T00:00:00Z
source MITRE
title at(1) - Linux man page

Linux at

IEEE/The Open Group. (2017). at(1p) — Linux manual page. Retrieved February 25, 2022.

Internal MISP references

UUID 3e3a84bc-ab6d-460d-8abc-cafae6eaaedd which can be used as unique global reference for Linux at in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-25T00:00:00Z
date_published 2017-01-01T00:00:00Z
source MITRE
title at(1p) — Linux manual page

PWC Pirpi Scanbox

Lancaster, T. (2015, July 25). A tale of Pirpi, Scanbox & CVE-2015-3113. Retrieved March 30, 2016.

Internal MISP references

UUID 4904261a-a3a9-4c3e-b6a7-079890026ee2 which can be used as unique global reference for PWC Pirpi Scanbox in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-30T00:00:00Z
date_published 2015-07-25T00:00:00Z
source MITRE
title A tale of Pirpi, Scanbox & CVE-2015-3113

Atbroker.exe - LOLBAS Project

LOLBAS. (2018, May 25). Atbroker.exe. Retrieved December 4, 2023.

Internal MISP references

UUID b0c21b56-6591-49c3-8e67-328ddb7b436d which can be used as unique global reference for Atbroker.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Atbroker.exe

ESET Attor Oct 2019

Hromcova, Z. (2019, October). AT COMMANDS, TOR-BASED COMMUNICATIONS: MEET ATTOR, A FANTASY CREATURE AND ALSO A SPY PLATFORM. Retrieved May 6, 2020.

Internal MISP references

UUID fdd57c56-d989-4a6f-8cc5-5b3713605dec which can be used as unique global reference for ESET Attor Oct 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-06T00:00:00Z
date_published 2019-10-01T00:00:00Z
source MITRE
title AT COMMANDS, TOR-BASED COMMUNICATIONS: MEET ATTOR, A FANTASY CREATURE AND ALSO A SPY PLATFORM

LogRhythm WannaCry

Noerenberg, E., Costis, A., and Quist, N. (2017, May 16). A Technical Analysis of WannaCry Ransomware. Retrieved March 25, 2019.

Internal MISP references

UUID 305d0742-154a-44af-8686-c6d8bd7f8636 which can be used as unique global reference for LogRhythm WannaCry in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-25T00:00:00Z
date_published 2017-05-16T00:00:00Z
source MITRE
title A Technical Analysis of WannaCry Ransomware

Malwarebytes Dyreza November 2015

hasherezade. (2015, November 4). A Technical Look At Dyreza. Retrieved June 15, 2020.

Internal MISP references

UUID 0a5719f2-8a88-44e2-81c5-2d16a39f1f8d which can be used as unique global reference for Malwarebytes Dyreza November 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-15T00:00:00Z
date_published 2015-11-04T00:00:00Z
source MITRE
title A Technical Look At Dyreza

At.exe - LOLBAS Project

LOLBAS. (2019, September 20). At.exe. Retrieved December 4, 2023.

Internal MISP references

UUID a31e1f5c-9b8d-4af4-875b-5c03d2400c12 which can be used as unique global reference for At.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2019-09-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title At.exe

ENSIL AtomBombing Oct 2016

Liberman, T. (2016, October 27). ATOMBOMBING: BRAND NEW CODE INJECTION FOR WINDOWS. Retrieved December 8, 2017.

Internal MISP references

UUID 9282dbab-391c-4ffd-ada9-1687413b686b which can be used as unique global reference for ENSIL AtomBombing Oct 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-08T00:00:00Z
date_published 2016-10-27T00:00:00Z
source MITRE
title ATOMBOMBING: BRAND NEW CODE INJECTION FOR WINDOWS

SentinelOne 5 3 2023

Phil Stokes. (2023, May 3). Atomic Stealer . Retrieved January 1, 2024.

Internal MISP references

UUID c4721cab-2895-48ed-bfde-748aa3c80209 which can be used as unique global reference for SentinelOne 5 3 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-01T00:00:00Z
date_published 2023-05-03T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Atomic Stealer

Malwarebytes 1 10 2024

Jerome Segura. (2024, January 10). Atomic Stealer rings in the new year with updated version . Retrieved January 11, 2024.

Internal MISP references

UUID 660de1b0-574d-48df-865a-257b8ed4b928 which can be used as unique global reference for Malwarebytes 1 10 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-11T00:00:00Z
date_published 2024-01-10T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Atomic Stealer rings in the new year with updated version

FireEye TRITON 2018

Miller, S. Reese, E. (2018, June 7). A Totally Tubular Treatise on TRITON and TriStation. Retrieved January 6, 2021.

Internal MISP references

UUID bfa5886a-a7f4-40d1-98d0-c3358abcf265 which can be used as unique global reference for FireEye TRITON 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-06T00:00:00Z
date_published 2018-06-07T00:00:00Z
source MITRE
title A Totally Tubular Treatise on TRITON and TriStation

The DFIR Report Truebot June 12 2023

The DFIR Report. (2023, June 12). A Truly Graceful Wipe Out. Retrieved June 15, 2023.

Internal MISP references

UUID a6311a66-bb36-4cad-a98f-2b0b89aafa3d which can be used as unique global reference for The DFIR Report Truebot June 12 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-15T00:00:00Z
date_published 2023-06-12T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title A Truly Graceful Wipe Out

att_def_ps_logging

Hao, M. (2019, February 27). Attack and Defense Around PowerShell Event Logging. Retrieved November 24, 2021.

Internal MISP references

UUID 52212570-b1a6-4249-99d4-3bcf66c27140 which can be used as unique global reference for att_def_ps_logging in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-11-24T00:00:00Z
date_published 2019-02-27T00:00:00Z
source MITRE
title Attack and Defense Around PowerShell Event Logging

Attack chain leads to XWORM and AGENTTESLA | Elastic

Elastic Blog. (2023, April 7). Attack chain leads to XWORM and AGENTTESLA. Retrieved May 10, 2023.

Internal MISP references

UUID 9b32397b-58be-4275-a701-fe0351ff2982 which can be used as unique global reference for Attack chain leads to XWORM and AGENTTESLA | Elastic in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-10T00:00:00Z
date_published 2023-04-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Attack chain leads to XWORM and AGENTTESLA

Intezer TeamTNT September 2020

Fishbein, N. (2020, September 8). Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks. Retrieved September 22, 2021.

Internal MISP references

UUID 1155a45e-86f4-497a-9a03-43b6dcb25202 which can be used as unique global reference for Intezer TeamTNT September 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-22T00:00:00Z
date_published 2020-09-08T00:00:00Z
source MITRE
title Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks

Metcalf 2015

Metcalf, S. (2015, January 19). Attackers Can Now Use Mimikatz to Implant Skeleton Key on Domain Controllers & BackDoor Your Active Directory Forest. Retrieved February 3, 2015.

Internal MISP references

UUID 1c899028-466c-49b0-8d64-1a954c812508 which can be used as unique global reference for Metcalf 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-02-03T00:00:00Z
date_published 2015-01-19T00:00:00Z
source MITRE
title Attackers Can Now Use Mimikatz to Implant Skeleton Key on Domain Controllers & BackDoor Your Active Directory Forest

Cisco Blog Legacy Device Attacks

Omar Santos. (2020, October 19). Attackers Continue to Target Legacy Devices. Retrieved October 20, 2020.

Internal MISP references

UUID f7ce5099-7e04-4c0b-8767-e0eec664b18e which can be used as unique global reference for Cisco Blog Legacy Device Attacks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2020-10-19T00:00:00Z
source MITRE
title Attackers Continue to Target Legacy Devices

FireEye TRITON 2017

Johnson, B, et. al. (2017, December 14). Attackers Deploy New ICS Attack Framework "TRITON" and Cause Operational Disruption to Critical Infrastructure. Retrieved January 6, 2021.

Internal MISP references

UUID 597a4d8b-ffb2-4551-86db-b319f5a5b707 which can be used as unique global reference for FireEye TRITON 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-06T00:00:00Z
date_published 2017-12-14T00:00:00Z
source MITRE
title Attackers Deploy New ICS Attack Framework "TRITON" and Cause Operational Disruption to Critical Infrastructure

FireEye TRITON Dec 2017

Blake Johnson, Dan Caban, Marina Krotofil, Dan Scali, Nathan Brubaker, Christopher Glyer. (2017, December 14). Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure. Retrieved January 12, 2018.

Internal MISP references

UUID d4ca3351-eeb8-5342-8c85-806614e22c48 which can be used as unique global reference for FireEye TRITON Dec 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-12T00:00:00Z
date_published 2017-12-14T00:00:00Z
source MITRE
title Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure

Forbes GitHub Creds

Sandvik, R. (2014, January 14). Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency. Retrieved October 19, 2020.

Internal MISP references

UUID 303f8801-bdd6-4a0c-a90a-37867898c99c which can be used as unique global reference for Forbes GitHub Creds in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
date_published 2014-01-14T00:00:00Z
source MITRE
title Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency

GitHub Cloud Service Credentials

Runa A. Sandvik. (2014, January 14). Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency. Retrieved August 9, 2022.

Internal MISP references

UUID d2186b8c-10c9-493b-8e25-7d69fce006e4 which can be used as unique global reference for GitHub Cloud Service Credentials in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-09T00:00:00Z
date_published 2014-01-14T00:00:00Z
source MITRE
title Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency

Unit 42 Unsecured Docker Daemons

Chen, J.. (2020, January 29). Attacker's Tactics and Techniques in Unsecured Docker Daemons Revealed. Retrieved March 31, 2021.

Internal MISP references

UUID efcbbbdd-9af1-46c2-8538-3fd22f2b67d2 which can be used as unique global reference for Unit 42 Unsecured Docker Daemons in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-31T00:00:00Z
date_published 2020-01-29T00:00:00Z
source MITRE
title Attacker's Tactics and Techniques in Unsecured Docker Daemons Revealed

Talos Roblox Scam 2023

Tiago Pereira. (2023, November 2). Attackers use JavaScript URLs, API forms and more to scam users in popular online game “Roblox”. Retrieved January 2, 2024.

Internal MISP references

UUID 9371ee4a-ac23-5acb-af3f-132ef3645392 which can be used as unique global reference for Talos Roblox Scam 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-02T00:00:00Z
date_published 2023-11-02T00:00:00Z
source MITRE
title Attackers use JavaScript URLs, API forms and more to scam users in popular online game “Roblox”

Black Hills Attacking Exchange MailSniper, 2016

Bullock, B.. (2016, October 3). Attacking Exchange with MailSniper. Retrieved October 6, 2019.

Internal MISP references

UUID adedfddc-29b7-4245-aa67-cc590acb7434 which can be used as unique global reference for Black Hills Attacking Exchange MailSniper, 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-06T00:00:00Z
date_published 2016-10-03T00:00:00Z
source MITRE
title Attacking Exchange with MailSniper

SANS Attacking Kerberos Nov 2014

Medin, T. (2014, November). Attacking Kerberos - Kicking the Guard Dog of Hades. Retrieved March 22, 2018.

Internal MISP references

UUID f20d6bd0-d699-4ee4-8ef6-3c45ec12cd42 which can be used as unique global reference for SANS Attacking Kerberos Nov 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-22T00:00:00Z
date_published 2014-11-01T00:00:00Z
source MITRE
title Attacking Kerberos - Kicking the Guard Dog of Hades

NetSPI SQL Server CLR

Sutherland, S. (2017, July 13). Attacking SQL Server CLR Assemblies. Retrieved July 8, 2019.

Internal MISP references

UUID 6f3d8c89-9d5d-4754-98d5-44fe3a5dd0d5 which can be used as unique global reference for NetSPI SQL Server CLR in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-08T00:00:00Z
date_published 2017-07-13T00:00:00Z
source MITRE
title Attacking SQL Server CLR Assemblies

Mandiant FIN5 GrrCON Oct 2016

Bromiley, M. and Lewis, P. (2016, October 7). Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 Years. Retrieved October 6, 2017.

Internal MISP references

UUID 2bd39baf-4223-4344-ba93-98aa8453dc11 which can be used as unique global reference for Mandiant FIN5 GrrCON Oct 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-10-06T00:00:00Z
date_published 2016-10-07T00:00:00Z
source MITRE
title Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 Years

Attacking VNC Servers PentestLab

Administrator, Penetration Testing Lab. (2012, October 30). Attacking VNC Servers. Retrieved October 6, 2021.

Internal MISP references

UUID f953ea41-f9ca-4f4e-a46f-ef1d2def1d07 which can be used as unique global reference for Attacking VNC Servers PentestLab in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-06T00:00:00Z
date_published 2012-10-30T00:00:00Z
source MITRE
title Attacking VNC Servers

Talos Template Injection July 2017

Baird, S. et al.. (2017, July 7). Attack on Critical Infrastructure Leverages Template Injection. Retrieved July 21, 2018.

Internal MISP references

UUID 175ea537-2a94-42c7-a83b-bec8906ee6b9 which can be used as unique global reference for Talos Template Injection July 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-21T00:00:00Z
date_published 2017-07-07T00:00:00Z
source MITRE
title Attack on Critical Infrastructure Leverages Template Injection

Lotus Blossom Dec 2015

Falcone, R. and Miller-Osborn, J.. (2015, December 18). Attack on French Diplomat Linked to Operation Lotus Blossom. Retrieved February 15, 2016.

Internal MISP references

UUID dcbe51a0-6d63-4401-b19e-46cd3c42204c which can be used as unique global reference for Lotus Blossom Dec 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-02-15T00:00:00Z
date_published 2015-12-18T00:00:00Z
source MITRE
title Attack on French Diplomat Linked to Operation Lotus Blossom

Symantec Attacks Against Government Sector

Symantec. (2021, June 10). Attacks Against the Government Sector. Retrieved September 28, 2021.

Internal MISP references

UUID f5940cc2-1bbd-4e42-813a-f50867b01035 which can be used as unique global reference for Symantec Attacks Against Government Sector in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-28T00:00:00Z
date_published 2021-06-10T00:00:00Z
source MITRE
title Attacks Against the Government Sector

Aqua Security Cloud Native Threat Report June 2021

Team Nautilus. (2021, June). Attacks in the Wild on the Container Supply Chain and Infrastructure. Retrieved August 26, 2021.

Internal MISP references

UUID be9652d5-7531-4143-9c44-aefd019b7a32 which can be used as unique global reference for Aqua Security Cloud Native Threat Report June 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-26T00:00:00Z
date_published 2021-06-01T00:00:00Z
source MITRE
title Attacks in the Wild on the Container Supply Chain and Infrastructure

CERT-FR PYSA April 2020

CERT-FR. (2020, April 1). ATTACKS INVOLVING THE MESPINOZA/PYSA RANSOMWARE. Retrieved March 1, 2021.

Internal MISP references

UUID 4e502db6-2e09-4422-9dcc-1e10e701e122 which can be used as unique global reference for CERT-FR PYSA April 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-01T00:00:00Z
date_published 2020-04-01T00:00:00Z
source MITRE
title ATTACKS INVOLVING THE MESPINOZA/PYSA RANSOMWARE

InsiderThreat NTFS EA Oct 2017

Sander, J. (2017, October 12). Attack Step 3: Persistence with NTFS Extended Attributes – File System Attacks. Retrieved March 21, 2018.

Internal MISP references

UUID 6d270128-0461-43ec-8925-204c7b5aacc9 which can be used as unique global reference for InsiderThreat NTFS EA Oct 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-21T00:00:00Z
date_published 2017-10-12T00:00:00Z
source MITRE
title Attack Step 3: Persistence with NTFS Extended Attributes – File System Attacks

Microsoft ASR Obfuscation

Microsoft. (2023, February 22). Attack surface reduction (ASR) rules reference: Block execution of potentially obfuscated scripts. Retrieved March 17, 2023.

Internal MISP references

UUID dec646d4-8b32-5091-b097-abe887aeca96 which can be used as unique global reference for Microsoft ASR Obfuscation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-17T00:00:00Z
date_published 2023-02-22T00:00:00Z
source MITRE
title Attack surface reduction (ASR) rules reference: Block execution of potentially obfuscated scripts

Obfuscated scripts

Microsoft. (2024, March 4). Attack surface reduction rules reference. Retrieved March 29, 2024.

Internal MISP references

UUID 2b4dcb27-f32e-50f0-83e0-350659e49f0b which can be used as unique global reference for Obfuscated scripts in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-29T00:00:00Z
date_published 2024-03-04T00:00:00Z
source MITRE
title Attack surface reduction rules reference

TrendMicro Msiexec Feb 2018

Co, M. and Sison, G. (2018, February 8). Attack Using Windows Installer msiexec.exe leads to LokiBot. Retrieved April 18, 2019.

Internal MISP references

UUID 768c99f3-ee28-47dc-bc33-06d50ac72dea which can be used as unique global reference for TrendMicro Msiexec Feb 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-18T00:00:00Z
date_published 2018-02-08T00:00:00Z
source MITRE
title Attack Using Windows Installer msiexec.exe leads to LokiBot

GitHub ATTACK Empire

Stepanic, D. (2018, September 2). attck_empire: Generate ATT&CK Navigator layer file from PowerShell Empire agent logs. Retrieved March 11, 2019.

Internal MISP references

UUID b3d6bb33-2b23-4c0a-b8fa-e002a5c7edfc which can be used as unique global reference for GitHub ATTACK Empire in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-11T00:00:00Z
date_published 2018-09-02T00:00:00Z
source MITRE
title attck_empire: Generate ATT&CK Navigator layer file from PowerShell Empire agent logs

lambert systemd 2022

Tony Lambert. (2022, November 13). ATT&CK T1501: Understanding systemd service persistence. Retrieved March 20, 2023.

Internal MISP references

UUID 196f0c77-4c98-57e7-ad79-eb43bdd2c848 which can be used as unique global reference for lambert systemd 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-20T00:00:00Z
date_published 2022-11-13T00:00:00Z
source MITRE
title ATT&CK T1501: Understanding systemd service persistence

TechNet Credential Theft

Microsoft. (2016, April 15). Attractive Accounts for Credential Theft. Retrieved June 3, 2016.

Internal MISP references

UUID 5c183c97-0ab2-4b75-8dbc-9db92a929ff4 which can be used as unique global reference for TechNet Credential Theft in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-03T00:00:00Z
date_published 2016-04-15T00:00:00Z
source MITRE
title Attractive Accounts for Credential Theft

AcidRain State Department 2022

Antony J. Blinken, US Department of State. (2022, May 10). Attribution of Russia’s Malicious Cyber Activity Against Ukraine. Retrieved March 25, 2024.

Internal MISP references

UUID 9d514c52-9def-5b11-aa06-fdf3ee9923ed which can be used as unique global reference for AcidRain State Department 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-25T00:00:00Z
date_published 2022-05-10T00:00:00Z
source MITRE
title Attribution of Russia’s Malicious Cyber Activity Against Ukraine

Audit OSX

Gagliardi, R. (n.d.). Audit in a OS X System. Retrieved September 23, 2021.

Internal MISP references

UUID c5181c95-0a94-4ea0-9940-04a9663d0069 which can be used as unique global reference for Audit OSX in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-23T00:00:00Z
source MITRE
title Audit in a OS X System

Microsoft Audit Logon Events

Microsoft. (2021, September 6). Audit logon events. Retrieved September 28, 2021.

Internal MISP references

UUID 050d6da7-a78c-489d-8bef-b06d802b55d7 which can be used as unique global reference for Microsoft Audit Logon Events in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-28T00:00:00Z
date_published 2021-09-06T00:00:00Z
source MITRE
title Audit logon events

Cloud Audit Logs

Google. (n.d.). Audit Logs. Retrieved June 1, 2020.

Internal MISP references

UUID 500bdcea-5f49-4949-80fb-5eec1ce5e09e which can be used as unique global reference for Cloud Audit Logs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-01T00:00:00Z
source MITRE
title Audit Logs

Microsoft Scheduled Task Events Win10

Microsoft. (2017, May 28). Audit Other Object Access Events. Retrieved June 27, 2019.

Internal MISP references

UUID 79e54b41-69ba-4738-86ef-88c4f540bce3 which can be used as unique global reference for Microsoft Scheduled Task Events Win10 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-27T00:00:00Z
date_published 2017-05-28T00:00:00Z
source MITRE
title Audit Other Object Access Events

auditpol

Jason Gerend, et al. (2017, October 16). auditpol. Retrieved September 1, 2021.

Internal MISP references

UUID 20d18ecf-d7d3-4433-9a3c-c28be71de4b1 which can be used as unique global reference for auditpol in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-01T00:00:00Z
date_published 2017-10-16T00:00:00Z
source MITRE
title auditpol

auditpol.exe_STRONTIC

STRONTIC. (n.d.). auditpol.exe. Retrieved September 9, 2021.

Internal MISP references

UUID c8a305b3-cd17-4415-a740-32787da703cd which can be used as unique global reference for auditpol.exe_STRONTIC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-09T00:00:00Z
source MITRE
title auditpol.exe

Audit_Policy_Microsoft

Daniel Simpson. (2017, April 19). Audit Policy. Retrieved September 13, 2021.

Internal MISP references

UUID 9ff43f64-7fcb-4aa3-9599-9d00774d8da5 which can be used as unique global reference for Audit_Policy_Microsoft in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-13T00:00:00Z
date_published 2017-04-19T00:00:00Z
source MITRE
title Audit Policy

TechNet Audit Policy

Microsoft. (2016, April 15). Audit Policy Recommendations. Retrieved June 3, 2016.

Internal MISP references

UUID 406cd8ff-e539-4853-85ed-775726155cf1 which can be used as unique global reference for TechNet Audit Policy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-03T00:00:00Z
date_published 2016-04-15T00:00:00Z
source MITRE
title Audit Policy Recommendations

Microsoft Audit Registry July 2012

Microsoft. (2012, July 2). Audit Registry. Retrieved January 31, 2018.

Internal MISP references

UUID 4e95ad81-cbc4-4f66-ba95-fb781d7d9c3c which can be used as unique global reference for Microsoft Audit Registry July 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-31T00:00:00Z
date_published 2012-07-02T00:00:00Z
source MITRE
title Audit Registry

Security Affairs Elderwood Sept 2012

Paganini, P. (2012, September 9). Elderwood project, who is behind Op. Aurora and ongoing attacks?. Retrieved February 13, 2018.

Internal MISP references

UUID ebfc56c5-0490-4b91-b49f-548c00a59162 which can be used as unique global reference for Security Affairs Elderwood Sept 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-13T00:00:00Z
source MITRE
title Aurora and ongoing attacks?

NIST Authentication

NIST. (n.d.). Authentication. Retrieved January 30, 2020.

Internal MISP references

UUID f3cfb9b9-62f4-4066-a2b9-7e6f25bd7a46 which can be used as unique global reference for NIST Authentication in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-01-30T00:00:00Z
source MITRE
title Authentication

MSDN Authentication Packages

Microsoft. (n.d.). Authentication Packages. Retrieved March 1, 2017.

Internal MISP references

UUID e9bb8434-9b6d-4301-bfe2-5c83ceabb020 which can be used as unique global reference for MSDN Authentication Packages in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-01T00:00:00Z
source MITRE
title Authentication Packages

Microsoft Authenticode

Microsoft. (n.d.). Authenticode. Retrieved January 31, 2018.

Internal MISP references

UUID 33efd1a3-ffe9-42b3-ae12-970ed11454bf which can be used as unique global reference for Microsoft Authenticode in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-31T00:00:00Z
source MITRE
title Authenticode

K8s Authorization Overview

Kubernetes. (n.d.). Authorization Overview. Retrieved June 24, 2021.

Internal MISP references

UUID 120f968a-c81f-4902-9b76-7544577b768d which can be used as unique global reference for K8s Authorization Overview in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-24T00:00:00Z
source MITRE
title Authorization Overview

SSH Authorized Keys

ssh.com. (n.d.). Authorized_keys File in SSH. Retrieved June 24, 2020.

Internal MISP references

UUID ff100b76-894e-4d7c-9b8d-5f0eedcf59cc which can be used as unique global reference for SSH Authorized Keys in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-24T00:00:00Z
source MITRE
title Authorized_keys File in SSH

Trend Micro njRAT 2018

Pascual, C. (2018, November 27). AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor. Retrieved June 4, 2019.

Internal MISP references

UUID d8e7b428-84dd-4d96-b3f3-70e7ed7f8271 which can be used as unique global reference for Trend Micro njRAT 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-04T00:00:00Z
date_published 2018-11-27T00:00:00Z
source MITRE
title AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor

Re-Open windows on Mac

Apple. (2016, December 6). Automatically re-open windows, apps, and documents on your Mac. Retrieved July 11, 2017.

Internal MISP references

UUID ed907f1e-71d6-45db-8ef3-75bec59c238b which can be used as unique global reference for Re-Open windows on Mac in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-11T00:00:00Z
date_published 2016-12-06T00:00:00Z
source MITRE
title Automatically re-open windows, apps, and documents on your Mac

TechNet Autoruns

Russinovich, M. (2016, January 4). Autoruns for Windows v13.51. Retrieved June 6, 2016.

Internal MISP references

UUID 709f4509-9d69-4033-8aa6-a947496a1703 which can be used as unique global reference for TechNet Autoruns in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-06T00:00:00Z
date_published 2016-01-04T00:00:00Z
source MITRE
title Autoruns for Windows v13.51

Autoruns for Windows

Mark Russinovich. (2019, June 28). Autoruns for Windows v13.96. Retrieved March 13, 2020.

Internal MISP references

UUID aaf66ad0-c444-48b5-875f-a0f66b82031c which can be used as unique global reference for Autoruns for Windows in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-13T00:00:00Z
date_published 2019-06-28T00:00:00Z
source MITRE
title Autoruns for Windows v13.96

Hornet Security Avaddon June 2020

Security Lab. (2020, June 5). Avaddon: From seeking affiliates to in-the-wild in 2 days. Retrieved August 19, 2021.

Internal MISP references

UUID 41377d56-2e7b-48a8-8561-681e04a65907 which can be used as unique global reference for Hornet Security Avaddon June 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-19T00:00:00Z
date_published 2020-06-05T00:00:00Z
source MITRE
title Avaddon: From seeking affiliates to in-the-wild in 2 days

Arxiv Avaddon Feb 2021

Yuste, J. Pastrana, S. (2021, February 9). Avaddon ransomware: an in-depth analysis and decryption of infected systems. Retrieved August 19, 2021.

Internal MISP references

UUID dbee8e7e-f477-4bd5-8225-84e0e222617e which can be used as unique global reference for Arxiv Avaddon Feb 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-19T00:00:00Z
date_published 2021-02-09T00:00:00Z
source MITRE
title Avaddon ransomware: an in-depth analysis and decryption of infected systems

CISA Phishing

CISA. (2021, February 1). Avoiding Social Engineering and Phishing Attacks. Retrieved September 8, 2023.

Internal MISP references

UUID 0c98bf66-f43c-5b09-ae43-d10c682f51e7 which can be used as unique global reference for CISA Phishing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-08T00:00:00Z
date_published 2021-02-01T00:00:00Z
source MITRE
title Avoiding Social Engineering and Phishing Attacks

Malwarebytes AvosLocker Jul 2021

Hasherezade. (2021, July 23). AvosLocker enters the ransomware scene, asks for partners. Retrieved January 11, 2023.

Internal MISP references

UUID 88dffb14-a7a7-5b36-b269-8283dec0f1a3 which can be used as unique global reference for Malwarebytes AvosLocker Jul 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-01-11T00:00:00Z
date_published 2021-07-23T00:00:00Z
source MITRE
title AvosLocker enters the ransomware scene, asks for partners

avoslocker_ransomware

Lakshmanan, R. (2022, May 2). AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection. Retrieved May 17, 2022.

Internal MISP references

UUID ea2756ce-a183-4c80-af11-92374ad045b2 which can be used as unique global reference for avoslocker_ransomware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-17T00:00:00Z
date_published 2022-05-02T00:00:00Z
source MITRE
title AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection

Cisco Talos Avos Jun 2022

Venere, G. Neal, C. (2022, June 21). Avos ransomware group expands with new attack arsenal. Retrieved January 11, 2023.

Internal MISP references

UUID 1170fdc2-6d8e-5b60-bf9e-ca915790e534 which can be used as unique global reference for Cisco Talos Avos Jun 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-01-11T00:00:00Z
date_published 2022-06-21T00:00:00Z
source MITRE
title Avos ransomware group expands with new attack arsenal

Awesome Executable Packing

Alexandre D'Hondt. (n.d.). Awesome Executable Packing. Retrieved March 11, 2022.

Internal MISP references

UUID 565bf600-5657-479b-9678-803e991c88a5 which can be used as unique global reference for Awesome Executable Packing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-11T00:00:00Z
source MITRE
title Awesome Executable Packing

ESET Kobalos Jan 2021

M.Leveille, M., Sanmillan, I. (2021, January). A WILD KOBALOS APPEARS Tricksy Linux malware goes after HPCs. Retrieved August 24, 2021.

Internal MISP references

UUID 745e963e-33fd-40d4-a8c6-1a9f321017f4 which can be used as unique global reference for ESET Kobalos Jan 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-24T00:00:00Z
date_published 2021-01-01T00:00:00Z
source MITRE
title A WILD KOBALOS APPEARS Tricksy Linux malware goes after HPCs

AWS Root User

Amazon. (n.d.). AWS Account Root User. Retrieved April 5, 2021.

Internal MISP references

UUID 5f315c21-f02f-4c9e-aac6-d648deff3ff9 which can be used as unique global reference for AWS Root User in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-05T00:00:00Z
source MITRE
title AWS Account Root User

GitHub AWS-ADFS-Credential-Generator

Damian Hickey. (2017, January 28). AWS-ADFS-Credential-Generator. Retrieved December 16, 2020.

Internal MISP references

UUID 340a3a20-0ee1-4fd8-87ab-10ac0d2a50c8 which can be used as unique global reference for GitHub AWS-ADFS-Credential-Generator in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-16T00:00:00Z
date_published 2017-01-28T00:00:00Z
source MITRE
title AWS-ADFS-Credential-Generator

AWS GetPasswordPolicy

Amazon Web Services. (n.d.). AWS API GetAccountPasswordPolicy. Retrieved June 8, 2021.

Internal MISP references

UUID dd44d565-b9d9-437e-a31a-a52c6a21e3b3 which can be used as unique global reference for AWS GetPasswordPolicy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-08T00:00:00Z
source MITRE
title AWS API GetAccountPasswordPolicy

AWS Console Sign-in Events

Amazon. (n.d.). AWS Console Sign-in Events. Retrieved October 23, 2019.

Internal MISP references

UUID 72578d0b-f68a-40fa-9a5d-379a66792be8 which can be used as unique global reference for AWS Console Sign-in Events in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-23T00:00:00Z
source MITRE
title AWS Console Sign-in Events

AWS Describe DB Instances

Amazon Web Services. (n.d.). Retrieved May 28, 2021.

Internal MISP references

UUID 85bda17d-7b7c-4d0e-a0d2-2adb5f0a6b82 which can be used as unique global reference for AWS Describe DB Instances in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-28T00:00:00Z
source MITRE
title AWS Describe DB Instances

AWS Get Bucket ACL

Amazon Web Services. (n.d.). Retrieved May 28, 2021.

Internal MISP references

UUID 1eddbd32-8314-4f95-812a-550904eac2fa which can be used as unique global reference for AWS Get Bucket ACL in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-28T00:00:00Z
source MITRE
title AWS Get Bucket ACL

AWS Get Public Access Block

Amazon Web Services. (n.d.). Retrieved May 28, 2021.

Internal MISP references

UUID f2887980-569a-4bc2-949e-bd8ff266c43c which can be used as unique global reference for AWS Get Public Access Block in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-28T00:00:00Z
source MITRE
title AWS Get Public Access Block

AWS Head Bucket

Amazon Web Services. (n.d.). AWS HeadBucket. Retrieved February 14, 2022.

Internal MISP references

UUID 1388a78e-9f86-4927-a619-e0fcbac5b7a1 which can be used as unique global reference for AWS Head Bucket in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-14T00:00:00Z
source MITRE
title AWS HeadBucket

Rhino Security Labs AWS Privilege Escalation

Spencer Gietzen. (n.d.). AWS IAM Privilege Escalation – Methods and Mitigation. Retrieved May 27, 2022.

Internal MISP references

UUID 693e5783-4aa1-40ce-8080-cec01c3e7b59 which can be used as unique global reference for Rhino Security Labs AWS Privilege Escalation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-27T00:00:00Z
source MITRE
title AWS IAM Privilege Escalation – Methods and Mitigation

AWS Lambda Redirector

Adam Chester. (2020, February 25). AWS Lambda Redirector. Retrieved July 8, 2022.

Internal MISP references

UUID 9ba87a5d-a140-4959-9905-c4a80e684d56 which can be used as unique global reference for AWS Lambda Redirector in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-08T00:00:00Z
date_published 2020-02-25T00:00:00Z
source MITRE
title AWS Lambda Redirector

Sysdig AMBERSQUID September 18 2023

Alessandro Brucato. (2023, September 18). AWS’s Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation. Retrieved April 11, 2024.

Internal MISP references

UUID 7ffa880f-5854-4b8a-83f5-da42c1c39345 which can be used as unique global reference for Sysdig AMBERSQUID September 18 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-11T00:00:00Z
date_published 2023-09-18T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title AWS’s Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation

Rhino Security Labs AWS S3 Ransomware

Spencer Gietzen. (n.d.). AWS Simple Storage Service S3 Ransomware Part 2: Prevention and Defense. Retrieved March 21, 2023.

Internal MISP references

UUID 785c6b11-c5f0-5cb4-931b-cf75fcc368a1 which can be used as unique global reference for Rhino Security Labs AWS S3 Ransomware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-21T00:00:00Z
source MITRE
title AWS Simple Storage Service S3 Ransomware Part 2: Prevention and Defense

AWS Systems Manager Run Command

AWS. (n.d.). AWS Systems Manager Run Command. Retrieved March 13, 2023.

Internal MISP references

UUID ef66f17b-6a5b-5eb8-83de-943e2bddd114 which can be used as unique global reference for AWS Systems Manager Run Command in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-13T00:00:00Z
source MITRE
title AWS Systems Manager Run Command

Pylos Xenotime 2019

Slowik, J.. (2019, April 12). A XENOTIME to Remember: Veles in the Wild. Retrieved April 16, 2019.

Internal MISP references

UUID e2f246d8-c75e-4e0f-bba8-869d82be26da which can be used as unique global reference for Pylos Xenotime 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-16T00:00:00Z
date_published 2019-04-12T00:00:00Z
source MITRE
title A XENOTIME to Remember: Veles in the Wild

objective-see ay mami 2018

Patrick Wardle. (2018, January 11). Ay MaMi. Retrieved March 19, 2018.

Internal MISP references

UUID 1b1d656c-4fe6-47d1-9ce5-a70c33003507 which can be used as unique global reference for objective-see ay mami 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-19T00:00:00Z
date_published 2018-01-11T00:00:00Z
source MITRE
title Ay MaMi

Microsoft AZ CLI

Microsoft. (n.d.). az ad user. Retrieved October 6, 2019.

Internal MISP references

UUID cfd94553-272b-466b-becb-3859942bcaa5 which can be used as unique global reference for Microsoft AZ CLI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-06T00:00:00Z
source MITRE
title az ad user

Intezer Russian APT Dec 2020

Kennedy, J. (2020, December 9). A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy. Retrieved February 22, 2021.

Internal MISP references

UUID 88d8a3b7-d994-4fd2-9aa1-83b79bccda7e which can be used as unique global reference for Intezer Russian APT Dec 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-22T00:00:00Z
date_published 2020-12-09T00:00:00Z
source MITRE
title A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy

az monitor diagnostic-settings

Microsoft. (n.d.). az monitor diagnostic-settings. Retrieved October 16, 2020.

Internal MISP references

UUID 6ddd92ee-1014-4b7a-953b-18ac396b100e which can be used as unique global reference for az monitor diagnostic-settings in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-16T00:00:00Z
source MITRE
title az monitor diagnostic-settings

Microsoft Azure AD Security Operations for Devices

Microsoft. (2020, September 16). Azure Active Directory security operations for devices. Retrieved February 21, 2023.

Internal MISP references

UUID eeba5eab-a9d8-55c0-b555-0414f65d2c2d which can be used as unique global reference for Microsoft Azure AD Security Operations for Devices in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-21T00:00:00Z
date_published 2020-09-16T00:00:00Z
source MITRE
title Azure Active Directory security operations for devices

Microsoft Azure Active Directory security operations guide

Microsoft . (2022, September 16). Azure Active Directory security operations guide. Retrieved February 21, 2023.

Internal MISP references

UUID b75a3f28-a028-50e6-b971-cc85e7d52e0c which can be used as unique global reference for Microsoft Azure Active Directory security operations guide in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-21T00:00:00Z
date_published 2022-09-16T00:00:00Z
source MITRE
title Azure Active Directory security operations guide

Azure AD Connect for Read Teamers

Adam Chester. (2019, February 18). Azure AD Connect for Red Teamers. Retrieved September 28, 2022.

Internal MISP references

UUID 0b9946ff-8c1c-4d93-8401-e1e4dd186305 which can be used as unique global reference for Azure AD Connect for Read Teamers in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-28T00:00:00Z
date_published 2019-02-18T00:00:00Z
source MITRE
title Azure AD Connect for Red Teamers

Microsoft - Azure PowerShell

Microsoft. (2014, December 12). Azure/azure-powershell. Retrieved March 24, 2023.

Internal MISP references

UUID 3b17b649-9efa-525f-aa49-cf6c9ad559d7 which can be used as unique global reference for Microsoft - Azure PowerShell in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-24T00:00:00Z
date_published 2014-12-12T00:00:00Z
source MITRE
title Azure/azure-powershell

Azure Blob Storage

Microsoft. (n.d.). Azure Blob Storage. Retrieved October 13, 2021.

Internal MISP references

UUID 7a392b85-872a-4a5a-984c-185a8e8f8a3f which can be used as unique global reference for Azure Blob Storage in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-13T00:00:00Z
source MITRE
title Azure Blob Storage

Microsoft Azure Instance Metadata 2021

Microsoft. (2021, February 21). Azure Instance Metadata Service (Windows). Retrieved April 2, 2021.

Internal MISP references

UUID 66e93b75-0067-4cdb-b695-8f8109ef26e0 which can be used as unique global reference for Microsoft Azure Instance Metadata 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-02T00:00:00Z
date_published 2021-02-21T00:00:00Z
source MITRE
title Azure Instance Metadata Service (Windows)

Microsoft Azure Policy

Microsoft. (2023, August 30). Azure Policy built-in policy definitions. Retrieved September 5, 2023.

Internal MISP references

UUID 761d102e-768a-5536-a098-0b1819029d33 which can be used as unique global reference for Microsoft Azure Policy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-05T00:00:00Z
date_published 2023-08-30T00:00:00Z
source MITRE
title Azure Policy built-in policy definitions

SpecterOps Azure Privilege Escalation

Andy Robbins. (2021, October 12). Azure Privilege Escalation via Service Principal Abuse. Retrieved April 1, 2022.

Internal MISP references

UUID 5dba5a6d-465e-4489-bc4d-299a891b62f6 which can be used as unique global reference for SpecterOps Azure Privilege Escalation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-01T00:00:00Z
date_published 2021-10-12T00:00:00Z
source MITRE
title Azure Privilege Escalation via Service Principal Abuse

Azure Products

Microsoft. (n.d.). Azure products. Retrieved October 13, 2021.

Internal MISP references

UUID 12a72e05-ada4-4f77-8d6e-03024f88cab6 which can be used as unique global reference for Azure Products in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-13T00:00:00Z
source MITRE
title Azure products

Azure - Resource Manager API

Microsoft. (2019, May 20). Azure Resource Manager. Retrieved June 17, 2020.

Internal MISP references

UUID 223cc020-e88a-4236-9c34-64fe606a1729 which can be used as unique global reference for Azure - Resource Manager API in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-17T00:00:00Z
date_published 2019-05-20T00:00:00Z
source MITRE
title Azure Resource Manager

Mandiant Azure Run Command 2021

Adrien Bataille, Anders Vejlby, Jared Scott Wilson, and Nader Zaveri. (2021, December 14). Azure Run Command for Dummies. Retrieved March 13, 2023.

Internal MISP references

UUID e15d38de-bc15-525b-bd03-27c0edca768d which can be used as unique global reference for Mandiant Azure Run Command 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-13T00:00:00Z
date_published 2021-12-14T00:00:00Z
source MITRE
title Azure Run Command for Dummies

Microsoft Azure security baseline for Azure Active Directory

Microsoft. (2022, November 14). Azure security baseline for Azure Active Directory. Retrieved February 21, 2023.

Internal MISP references

UUID 2bc66dc9-2ed2-52ad-8ae2-5497be3b0c53 which can be used as unique global reference for Microsoft Azure security baseline for Azure Active Directory in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-21T00:00:00Z
date_published 2022-11-14T00:00:00Z
source MITRE
title Azure security baseline for Azure Active Directory

Microsoft - Azure Sentinel ADFSDomainTrustMods

Microsoft. (2020, December). Azure Sentinel Detections. Retrieved December 30, 2020.

Internal MISP references

UUID 34314090-33c2-4276-affa-3d0b527bbcef which can be used as unique global reference for Microsoft - Azure Sentinel ADFSDomainTrustMods in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-30T00:00:00Z
date_published 2020-12-01T00:00:00Z
source MITRE
title Azure Sentinel Detections

Azure Serial Console

Microsoft. (2022, October 17). Azure Serial Console. Retrieved June 2, 2023.

Internal MISP references

UUID fd75d136-e818-5233-b2c2-5d8ed033b9e6 which can be used as unique global reference for Azure Serial Console in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-02T00:00:00Z
date_published 2022-10-17T00:00:00Z
source MITRE
title Azure Serial Console

Microsoft Azure Storage Security, 2019

Amlekar, M., Brooks, C., Claman, L., et. al.. (2019, March 20). Azure Storage security guide. Retrieved October 4, 2019.

Internal MISP references

UUID 95bda448-bb13-4fa6-b663-e48a9d1b866f which can be used as unique global reference for Microsoft Azure Storage Security, 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-04T00:00:00Z
date_published 2019-03-20T00:00:00Z
source MITRE
title Azure Storage security guide

Azure - Stormspotter

Microsoft. (2020). Azure Stormspotter GitHub. Retrieved June 17, 2020.

Internal MISP references

UUID 42383ed1-9705-4313-8068-28a22a23f50e which can be used as unique global reference for Azure - Stormspotter in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-17T00:00:00Z
date_published 2020-01-01T00:00:00Z
source MITRE
title Azure Stormspotter GitHub

Medium Babuk February 2021

Sebdraven. (2021, February 8). Babuk is distributed packed. Retrieved August 11, 2021.

Internal MISP references

UUID 58759b1c-8e2c-44fa-8e37-8bf7325c330d which can be used as unique global reference for Medium Babuk February 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-11T00:00:00Z
date_published 2021-02-08T00:00:00Z
source MITRE
title Babuk is distributed packed

Sogeti CERT ESEC Babuk March 2021

Sogeti. (2021, March). Babuk Ransomware. Retrieved August 11, 2021.

Internal MISP references

UUID e85e3bd9-6ddc-4d0f-a16c-b525a75baa7e which can be used as unique global reference for Sogeti CERT ESEC Babuk March 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-11T00:00:00Z
date_published 2021-03-01T00:00:00Z
source MITRE
title Babuk Ransomware

Unit42 BabyShark Apr 2019

Lim, M.. (2019, April 26). BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PCRat . Retrieved October 7, 2019.

Internal MISP references

UUID c020569d-9c85-45fa-9f0b-97be5bdbab08 which can be used as unique global reference for Unit42 BabyShark Apr 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-07T00:00:00Z
date_published 2019-04-26T00:00:00Z
source MITRE
title BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PCRat

Symantec Briba May 2012

Ladley, F. (2012, May 15). Backdoor.Briba. Retrieved February 21, 2018.

Internal MISP references

UUID bcf0f82b-1b26-4c0c-905e-0dd8b88d0903 which can be used as unique global reference for Symantec Briba May 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-21T00:00:00Z
date_published 2012-05-15T00:00:00Z
source MITRE
title Backdoor.Briba

TrendMicro Squiblydoo Aug 2017

Bermejo, L., Giagone, R., Wu, R., and Yarochkin, F. (2017, August 7). Backdoor-carrying Emails Set Sights on Russian-speaking Businesses. Retrieved March 7, 2019.

Internal MISP references

UUID efeb475c-2a7c-4ab6-814d-3ee7866fa322 which can be used as unique global reference for TrendMicro Squiblydoo Aug 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-07T00:00:00Z
date_published 2017-08-07T00:00:00Z
source MITRE
title Backdoor-carrying Emails Set Sights on Russian-speaking Businesses

Symantec Darkmoon Aug 2005

Hayashi, K. (2005, August 18). Backdoor.Darkmoon. Retrieved February 23, 2018.

Internal MISP references

UUID 7088234d-a6fc-49ad-b4fd-2fe8ca333c1d which can be used as unique global reference for Symantec Darkmoon Aug 2005 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-23T00:00:00Z
date_published 2005-08-18T00:00:00Z
source MITRE
title Backdoor.Darkmoon

ESET BackdoorDiplomacy Jun 2021

Adam Burgher. (2021, June 10). BackdoorDiplomacy: Upgrading from Quarian to Turian. Retrieved September 1, 2021

Internal MISP references

UUID 127d4b10-8d61-4bdf-b5b9-7d86bbc065b6 which can be used as unique global reference for ESET BackdoorDiplomacy Jun 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-01T00:00:00Z
date_published 2021-06-10T00:00:00Z
source MITRE, Tidal Cyber
title BackdoorDiplomacy: Upgrading from Quarian to Turian

Backdooring an AWS account

Daniel Grzelak. (2016, July 9). Backdooring an AWS account. Retrieved May 27, 2022.

Internal MISP references

UUID 2c867527-1584-44f7-b5e5-8ca54ea79619 which can be used as unique global reference for Backdooring an AWS account in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-27T00:00:00Z
date_published 2016-07-09T00:00:00Z
source MITRE
title Backdooring an AWS account

Symantec Linfo May 2012

Zhou, R. (2012, May 15). Backdoor.Linfo. Retrieved February 23, 2018.

Internal MISP references

UUID e6b88cd4-a58e-4139-b266-48d0f5957407 which can be used as unique global reference for Symantec Linfo May 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-23T00:00:00Z
date_published 2012-05-15T00:00:00Z
source MITRE
title Backdoor.Linfo

Symantec Backdoor.Mivast

Stama, D.. (2015, February 6). Backdoor.Mivast. Retrieved February 15, 2016.

Internal MISP references

UUID 800780e3-7d00-4cfc-8458-74fe17da2f71 which can be used as unique global reference for Symantec Backdoor.Mivast in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-02-15T00:00:00Z
date_published 2015-02-06T00:00:00Z
source MITRE
title Backdoor.Mivast

Symantec Nerex May 2012

Ladley, F. (2012, May 15). Backdoor.Nerex. Retrieved February 23, 2018.

Internal MISP references

UUID 1613fd6b-4d62-464b-9cda-6f7d3f0192e1 which can be used as unique global reference for Symantec Nerex May 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-23T00:00:00Z
date_published 2012-05-15T00:00:00Z
source MITRE
title Backdoor.Nerex

Symantec Backdoor.Nidiran

Sponchioni, R.. (2016, March 11). Backdoor.Nidiran. Retrieved August 3, 2016.

Internal MISP references

UUID 01852772-c333-47a3-9e3f-e234a87f0b9b which can be used as unique global reference for Symantec Backdoor.Nidiran in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-03T00:00:00Z
date_published 2016-03-11T00:00:00Z
source MITRE
title Backdoor.Nidiran

Symantec Remsec IOCs

Symantec Security Response. (2016, August 8). Backdoor.Remsec indicators of compromise. Retrieved August 17, 2016.

Internal MISP references

UUID b00bf616-96e6-42c9-a56c-380047ad5acb which can be used as unique global reference for Symantec Remsec IOCs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-17T00:00:00Z
date_published 2016-08-08T00:00:00Z
source MITRE
title Backdoor.Remsec indicators of compromise

Symantec Ristol May 2012

Ladley, F. (2012, May 15). Backdoor.Ritsol. Retrieved February 23, 2018.

Internal MISP references

UUID 1c8b1762-8abd-479b-b78c-43d8c7be7c27 which can be used as unique global reference for Symantec Ristol May 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-23T00:00:00Z
date_published 2012-05-15T00:00:00Z
source MITRE
title Backdoor.Ritsol

Symantec Vasport May 2012

Zhou, R. (2012, May 15). Backdoor.Vasport. Retrieved February 22, 2018.

Internal MISP references

UUID 2dc7d7fb-3d13-4647-b15b-5e501946d606 which can be used as unique global reference for Symantec Vasport May 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-22T00:00:00Z
date_published 2012-05-15T00:00:00Z
source MITRE
title Backdoor.Vasport

FSecure Hupigon

FSecure. (n.d.). Backdoor - W32/Hupigon.EMV - Threat Description. Retrieved December 18, 2017.

Internal MISP references

UUID 08ceb57f-065e-45e9-98e9-d58a92caa755 which can be used as unique global reference for FSecure Hupigon in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-18T00:00:00Z
source MITRE
title Backdoor - W32/Hupigon.EMV - Threat Description

Symantec Wiarp May 2012

Zhou, R. (2012, May 15). Backdoor.Wiarp. Retrieved February 22, 2018.

Internal MISP references

UUID 78285833-4b0d-4077-86d2-f34b010a5862 which can be used as unique global reference for Symantec Wiarp May 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-22T00:00:00Z
date_published 2012-05-15T00:00:00Z
source MITRE
title Backdoor.Wiarp

Microsoft Lamin Sept 2017

Microsoft. (2009, May 17). Backdoor:Win32/Lamin.A. Retrieved September 6, 2018.

Internal MISP references

UUID 84b8b159-6e85-4329-8903-aca156f4ed84 which can be used as unique global reference for Microsoft Lamin Sept 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-06T00:00:00Z
date_published 2009-05-17T00:00:00Z
source MITRE
title Backdoor:Win32/Lamin.A

Microsoft PoisonIvy 2017

McCormack, M. (2017, September 15). Backdoor:Win32/Poisonivy.E. Retrieved December 21, 2020.

Internal MISP references

UUID fc97a89c-c912-4b0c-b151-916695dbbca4 which can be used as unique global reference for Microsoft PoisonIvy 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-21T00:00:00Z
date_published 2017-09-15T00:00:00Z
source MITRE
title Backdoor:Win32/Poisonivy.E

Microsoft Win Defender Truvasys Sep 2017

Microsoft. (2017, September 15). Backdoor:Win32/Truvasys.A!dha. Retrieved November 30, 2017.

Internal MISP references

UUID 3c8ba6ef-8edc-44bf-9abe-655ba0f45912 which can be used as unique global reference for Microsoft Win Defender Truvasys Sep 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-30T00:00:00Z
date_published 2017-09-15T00:00:00Z
source MITRE
title Backdoor:Win32/Truvasys.A!dha

Microsoft Wingbird Nov 2017

Microsoft. (2017, November 9). Backdoor:Win32/Wingbird.A!dha. Retrieved November 27, 2017.

Internal MISP references

UUID 6c7e2b89-8f3a-443c-9b72-12934b9dc364 which can be used as unique global reference for Microsoft Wingbird Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-27T00:00:00Z
date_published 2017-11-09T00:00:00Z
source MITRE
title Backdoor:Win32/Wingbird.A!dha

Microsoft BITS

Microsoft. (n.d.). Background Intelligent Transfer Service. Retrieved January 12, 2018.

Internal MISP references

UUID 3d925a69-35f3-4337-8e1e-275de4c1783e which can be used as unique global reference for Microsoft BITS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-12T00:00:00Z
source MITRE
title Background Intelligent Transfer Service

NCC Group Research Blog August 19 2022

NCC Group Research Blog. (2022, August 19). Back in Black: Unlocking a LockBit 3.0 Ransomware Attack. Retrieved May 7, 2023.

Internal MISP references

UUID 8c1fbe98-5fc1-4e67-9b96-b740ffc9b1ae which can be used as unique global reference for NCC Group Research Blog August 19 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2022-08-19T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Back in Black: Unlocking a LockBit 3.0 Ransomware Attack

Tech Republic - Restore AWS Snapshots

Hardiman, N.. (2012, March 20). Backing up and restoring snapshots on Amazon EC2 machines. Retrieved October 8, 2019.

Internal MISP references

UUID bfe848a3-c855-4bca-a6ea-44804d48c7eb which can be used as unique global reference for Tech Republic - Restore AWS Snapshots in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-08T00:00:00Z
date_published 2012-03-20T00:00:00Z
source MITRE
title Backing up and restoring snapshots on Amazon EC2 machines

Secureworks COBALT DICKENS August 2018

Counter Threat Unit Research Team. (2018, August 24). Back to School: COBALT DICKENS Targets Universities. Retrieved February 3, 2021.

Internal MISP references

UUID addbb46b-b2b5-4844-b4be-f6294cf51caa which can be used as unique global reference for Secureworks COBALT DICKENS August 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-03T00:00:00Z
date_published 2018-08-24T00:00:00Z
source MITRE
title Back to School: COBALT DICKENS Targets Universities

Cybereason Kimsuky November 2020

Dahan, A. et al. (2020, November 2). Back to the Future: Inside the Kimsuky KGH Spyware Suite. Retrieved November 6, 2020.

Internal MISP references

UUID ecc2f5ad-b2a8-470b-b919-cb184d12d00f which can be used as unique global reference for Cybereason Kimsuky November 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-06T00:00:00Z
date_published 2020-11-02T00:00:00Z
source MITRE, Tidal Cyber
title Back to the Future: Inside the Kimsuky KGH Spyware Suite

Proofpoint TA453 March 2021

Miller, J. et al. (2021, March 30). BadBlood: TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns. Retrieved May 4, 2021.

Internal MISP references

UUID 5ba4217c-813b-4cc5-b694-3a4dcad776e4 which can be used as unique global reference for Proofpoint TA453 March 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-04T00:00:00Z
date_published 2021-03-30T00:00:00Z
source MITRE
title BadBlood: TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns

Unit 42 BadPatch Oct 2017

Bar, T., Conant, S. (2017, October 20). BadPatch. Retrieved November 13, 2018.

Internal MISP references

UUID 9c294bf7-24ba-408a-90b8-5b9885838e1b which can be used as unique global reference for Unit 42 BadPatch Oct 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-13T00:00:00Z
date_published 2017-10-20T00:00:00Z
source MITRE
title BadPatch

ESET Bad Rabbit

M.Léveille, M-E.. (2017, October 24). Bad Rabbit: Not‑Petya is back with improved ransomware. Retrieved January 28, 2021.

Internal MISP references

UUID a9664f01-78f0-4461-a757-12f54ec99a56 which can be used as unique global reference for ESET Bad Rabbit in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-28T00:00:00Z
date_published 2017-10-24T00:00:00Z
source MITRE
title Bad Rabbit: Not‑Petya is back with improved ransomware

Secure List Bad Rabbit

Mamedov, O. Sinitsyn, F. Ivanov, A.. (2017, October 24). Bad Rabbit ransomware. Retrieved January 28, 2021.

Internal MISP references

UUID f4cec03a-ea94-4874-9bea-16189e967ff9 which can be used as unique global reference for Secure List Bad Rabbit in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-28T00:00:00Z
date_published 2017-10-24T00:00:00Z
source MITRE
title Bad Rabbit ransomware

BlackBerry Bahamut

The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.

Internal MISP references

UUID 872c377b-724b-454c-8432-e38062a7c331 which can be used as unique global reference for BlackBerry Bahamut in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-08T00:00:00Z
date_published 2020-10-01T00:00:00Z
source MITRE
title BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps

BaltimoreSun RobbinHood May 2019

Duncan, I., Campbell, C. (2019, May 7). Baltimore city government computer network hit by ransomware attack. Retrieved July 29, 2019.

Internal MISP references

UUID f578de81-ea6b-49d0-9a0a-111e07249cd8 which can be used as unique global reference for BaltimoreSun RobbinHood May 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-29T00:00:00Z
date_published 2019-05-07T00:00:00Z
source MITRE
title Baltimore city government computer network hit by ransomware attack

ESET Research Bandook July 7 2021

Fernando Tavella, Matías Porolli. (2021, July 7). Bandidos at large: A spying campaign in Latin America. Retrieved October 25, 2023.

Internal MISP references

UUID da6cac04-a318-4972-bd78-8272116b4ad7 which can be used as unique global reference for ESET Research Bandook July 7 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-25T00:00:00Z
date_published 2021-07-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Bandidos at large: A spying campaign in Latin America

CheckPoint Bandook Nov 2020

Check Point. (2020, November 26). Bandook: Signed & Delivered. Retrieved May 31, 2021.

Internal MISP references

UUID 352652a9-86c9-42e1-8ee0-968180c6a51e which can be used as unique global reference for CheckPoint Bandook Nov 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-31T00:00:00Z
date_published 2020-11-26T00:00:00Z
source MITRE
title Bandook: Signed & Delivered

Banker Google Chrome Extension Steals Creds

Marinho, R. (n.d.). (Banker(GoogleChromeExtension)).targeting. Retrieved November 18, 2017.

Internal MISP references

UUID 93f37adc-d060-4b35-9a4d-62d2ad61cdf3 which can be used as unique global reference for Banker Google Chrome Extension Steals Creds in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-18T00:00:00Z
source MITRE
title (Banker(GoogleChromeExtension)).targeting

Unit42 Banking Trojans Hooking 2022

Or Chechik. (2022, October 31). Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure. Retrieved September 27, 2023.

Internal MISP references

UUID 411c3df4-08e6-518a-953d-19988b663dc4 which can be used as unique global reference for Unit42 Banking Trojans Hooking 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-27T00:00:00Z
date_published 2022-10-31T00:00:00Z
source MITRE
title Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure

Linux manual bash invocation

ArchWiki. (2021, January 19). Bash. Retrieved February 25, 2021.

Internal MISP references

UUID 06185cbd-6635-46c7-9783-67bd8742b66f which can be used as unique global reference for Linux manual bash invocation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-25T00:00:00Z
date_published 2021-01-19T00:00:00Z
source MITRE
title Bash

DieNet Bash

die.net. (n.d.). bash(1) - Linux man page. Retrieved June 12, 2020.

Internal MISP references

UUID c5b362ce-6bae-46f7-b047-e3a0b2bf2580 which can be used as unique global reference for DieNet Bash in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-12T00:00:00Z
source MITRE
title bash(1) - Linux man page

Bash.exe - LOLBAS Project

LOLBAS. (2018, May 25). Bash.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 7d3efbc7-6abf-4f3f-aec8-686100bb90ad which can be used as unique global reference for Bash.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Bash.exe

Bashfuscator Command Obfuscators

LeFevre, A. (n.d.). Bashfuscator Command Obfuscators. Retrieved March 17, 2023.

Internal MISP references

UUID c0256889-3ff0-59de-b0d1-39a947a4c89d which can be used as unique global reference for Bashfuscator Command Obfuscators in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-17T00:00:00Z
source MITRE
title Bashfuscator Command Obfuscators

Microsoft Basic TxF Concepts

Microsoft. (n.d.). Basic TxF Concepts. Retrieved December 20, 2017.

Internal MISP references

UUID 72798536-a7e3-43e2-84e3-b5b8b54f0bca which can be used as unique global reference for Microsoft Basic TxF Concepts in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
source MITRE
title Basic TxF Concepts

eSentire | BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif

eSentire. (2023, March 9). BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif. Retrieved May 10, 2023.

Internal MISP references

UUID 1bf10604-708f-4c4f-abe5-816768873496 which can be used as unique global reference for eSentire | BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-10T00:00:00Z
date_published 2023-03-09T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif

BATLOADER: The Evasive Downloader Malware

Bethany Hardin, Lavine Oluoch, Tatiana Vollbrecht. (2022, November 14). BATLOADER: The Evasive Downloader Malware. Retrieved June 5, 2023.

Internal MISP references

UUID 53e12ade-99ed-51ee-b5c8-32180f144658 which can be used as unique global reference for BATLOADER: The Evasive Downloader Malware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-05T00:00:00Z
date_published 2022-11-14T00:00:00Z
source MITRE
title BATLOADER: The Evasive Downloader Malware

Palo Alto Networks BBSRAT

Lee, B. Grunzweig, J. (2015, December 22). BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger. Retrieved August 19, 2016.

Internal MISP references

UUID 8c5d61ba-24c5-4f6c-a208-e0a5d23ebb49 which can be used as unique global reference for Palo Alto Networks BBSRAT in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-19T00:00:00Z
date_published 2015-12-22T00:00:00Z
source MITRE
title BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger

Microsoft bcdedit 2021

Microsoft. (2021, May 27). bcdedit. Retrieved June 23, 2021.

Internal MISP references

UUID 40dedfcb-f666-4f2d-a518-5cd4ae2e273c which can be used as unique global reference for Microsoft bcdedit 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-23T00:00:00Z
date_published 2021-05-27T00:00:00Z
source MITRE
title bcdedit

Securelist BlackEnergy Nov 2014

Baumgartner, K. and Garnaeva, M.. (2014, November 3). BE2 custom plugins, router abuse, and target profiles. Retrieved March 24, 2016.

Internal MISP references

UUID c64696d0-ee42-41e5-92cb-13cf43fac0c9 which can be used as unique global reference for Securelist BlackEnergy Nov 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-24T00:00:00Z
date_published 2014-11-03T00:00:00Z
source MITRE
title BE2 custom plugins, router abuse, and target profiles

Securelist BlackEnergy Feb 2015

Baumgartner, K. and Garnaeva, M.. (2015, February 17). BE2 extraordinary plugins, Siemens targeting, dev fails. Retrieved March 24, 2016.

Internal MISP references

UUID ef043c07-6ae6-4cd2-82cf-7cbdb259f676 which can be used as unique global reference for Securelist BlackEnergy Feb 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-24T00:00:00Z
date_published 2015-02-17T00:00:00Z
source MITRE
title BE2 extraordinary plugins, Siemens targeting, dev fails

Crowdstrike DNC June 2016

Alperovitch, D.. (2016, June 15). Bears in the Midst: Intrusion into the Democratic National Committee. Retrieved August 3, 2016.

Internal MISP references

UUID 7f4edc06-ac67-4d71-b39c-5df9ce521bbb which can be used as unique global reference for Crowdstrike DNC June 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-03T00:00:00Z
date_published 2016-06-15T00:00:00Z
source MITRE, Tidal Cyber
title Bears in the Midst: Intrusion into the Democratic National Committee

Deep Instinct Black Basta August 2022

Vilkomir-Preisman, S. (2022, August 18). Beating Black Basta Ransomware. Retrieved March 8, 2023.

Internal MISP references

UUID 72b64d7d-f8eb-54d3-83c8-a883906ceea1 which can be used as unique global reference for Deep Instinct Black Basta August 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-08T00:00:00Z
date_published 2022-08-18T00:00:00Z
source MITRE
title Beating Black Basta Ransomware

Bienstock, D. - Defending O365 - 2019

Bienstock, D.. (2019). BECS and Beyond: Investigating and Defending O365. Retrieved September 13, 2019.

Internal MISP references

UUID 4866e6c3-c1b2-4131-bd8f-0ac228168a10 which can be used as unique global reference for Bienstock, D. - Defending O365 - 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-13T00:00:00Z
date_published 2019-01-01T00:00:00Z
source MITRE
title BECS and Beyond: Investigating and Defending O365

Kevin Mandia Statement to US Senate Committee on Intelligence

Kevin Mandia. (2017, March 30). Prepared Statement of Kevin Mandia, CEO of FireEye, Inc. before the United States Senate Select Committee on Intelligence. Retrieved April 19, 2019.

Internal MISP references

UUID c40a3f96-75f4-4b1c-98a5-cb38129c6dc4 which can be used as unique global reference for Kevin Mandia Statement to US Senate Committee on Intelligence in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-19T00:00:00Z
source MITRE
title before the United States Senate Select Committee on Intelligence

Microsoft Dofoil 2018

Windows Defender Research. (2018, March 7). Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign. Retrieved March 20, 2018.

Internal MISP references

UUID 85069317-2c25-448b-9ff4-504e429dc1bf which can be used as unique global reference for Microsoft Dofoil 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-20T00:00:00Z
date_published 2018-03-07T00:00:00Z
source MITRE
title Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign

Obsidian SSPR Abuse 2023

Noah Corradin and Shuyang Wang. (2023, August 1). Behind The Breach: Self-Service Password Reset (SSPR) Abuse in Azure AD. Retrieved March 28, 2024.

Internal MISP references

UUID 7f28f770-ef06-5923-b759-b731ceabe08a which can be used as unique global reference for Obsidian SSPR Abuse 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-28T00:00:00Z
date_published 2023-08-01T00:00:00Z
source MITRE
title Behind The Breach: Self-Service Password Reset (SSPR) Abuse in Azure AD

FireEye CARBANAK June 2017

Bennett, J., Vengerik, B. (2017, June 12). Behind the CARBANAK Backdoor. Retrieved June 11, 2018.

Internal MISP references

UUID 39105492-6044-460c-9dc9-3d4473ee862e which can be used as unique global reference for FireEye CARBANAK June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-06-11T00:00:00Z
date_published 2017-06-12T00:00:00Z
source MITRE
title Behind the CARBANAK Backdoor

Expel Behind the Scenes

S. Lipton, L. Easterly, A. Randazzo and J. Hencinski. (2020, July 28). Behind the scenes in the Expel SOC: Alert-to-fix in AWS. Retrieved October 1, 2020.

Internal MISP references

UUID d538026c-da30-48d2-bc30-fde3776db1a8 which can be used as unique global reference for Expel Behind the Scenes in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-01T00:00:00Z
date_published 2020-07-28T00:00:00Z
source MITRE
title Behind the scenes in the Expel SOC: Alert-to-fix in AWS

Microsoft BEC Campaign

Carr, N., Sellmer, S. (2021, June 14). Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign. Retrieved June 15, 2021.

Internal MISP references

UUID 1de8c853-2b0c-439b-a31b-a2c4fa9f4206 which can be used as unique global reference for Microsoft BEC Campaign in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-15T00:00:00Z
date_published 2021-06-14T00:00:00Z
source MITRE
title Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign

Unit42 BendyBear Feb 2021

Harbison, M. (2021, February 9). BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech. Retrieved February 16, 2021.

Internal MISP references

UUID f5cbc08f-6f2c-4c81-9d68-07f61e16f138 which can be used as unique global reference for Unit42 BendyBear Feb 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-16T00:00:00Z
date_published 2021-02-09T00:00:00Z
source MITRE
title BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech

Google Cloud Storage Best Practices, 2019

Google. (2019, September 16). Best practices for Cloud Storage. Retrieved October 4, 2019.

Internal MISP references

UUID 752ad355-0f10-4c8d-bad8-42bf2fc75fa0 which can be used as unique global reference for Google Cloud Storage Best Practices, 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-04T00:00:00Z
date_published 2019-09-16T00:00:00Z
source MITRE
title Best practices for Cloud Storage

Shadowbunny VM Defense Evasion

Johann Rehberger. (2020, September 23). Beware of the Shadowbunny - Using virtual machines to persist and evade detections. Retrieved September 22, 2021.

Internal MISP references

UUID eef7cd8a-8cb6-4b24-ba49-9b17353d20b5 which can be used as unique global reference for Shadowbunny VM Defense Evasion in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-22T00:00:00Z
date_published 2020-09-23T00:00:00Z
source MITRE
title Beware of the Shadowbunny - Using virtual machines to persist and evade detections

T1105: Trellix_search-ms

Mathanraj Thangaraju, Sijo Jacob. (2023, July 26). Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler. Retrieved March 15, 2024.

Internal MISP references

UUID 7079d170-9ead-5be4-bbc8-13c3f082b3dd which can be used as unique global reference for T1105: Trellix_search-ms in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-15T00:00:00Z
date_published 2023-07-26T00:00:00Z
source MITRE
title Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler

Hexacorn Office Test

Hexacorn. (2014, April 16). Beyond good ol’ Run key, Part 10. Retrieved July 3, 2017.

Internal MISP references

UUID 60d90852-ea00-404d-b613-9ad1589aff31 which can be used as unique global reference for Hexacorn Office Test in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-03T00:00:00Z
date_published 2014-04-16T00:00:00Z
source MITRE
title Beyond good ol’ Run key, Part 10

Hexacorn Logon Scripts

Hexacorn. (2014, November 14). Beyond good ol’ Run key, Part 18. Retrieved November 15, 2019.

Internal MISP references

UUID bdcdfe9e-1f22-4472-9a86-faefcb5c5618 which can be used as unique global reference for Hexacorn Logon Scripts in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-11-15T00:00:00Z
date_published 2014-11-14T00:00:00Z
source MITRE
title Beyond good ol’ Run key, Part 18

Hexacorn Office Template Macros

Hexacorn. (2017, April 17). Beyond good ol’ Run key, Part 62. Retrieved July 3, 2017.

Internal MISP references

UUID 7d558a35-a5c0-4e4c-92bf-cb2435c41a95 which can be used as unique global reference for Hexacorn Office Template Macros in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-03T00:00:00Z
date_published 2017-04-17T00:00:00Z
source MITRE
title Beyond good ol’ Run key, Part 62

Bginfo.exe - LOLBAS Project

LOLBAS. (2018, May 25). Bginfo.exe. Retrieved December 4, 2023.

Internal MISP references

UUID ca1eaac2-7449-4a76-bec2-9dc5971fd808 which can be used as unique global reference for Bginfo.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Bginfo.exe

Cyble August 18 2022

Cybleinc. (2022, August 18). BianLian: New Ransomware variant on the rise. Retrieved May 18, 2023.

Internal MISP references

UUID 2de00d16-9b9e-4e03-925f-4fcdae4d6e1a which can be used as unique global reference for Cyble August 18 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-18T00:00:00Z
date_published 2022-08-18T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title BianLian: New Ransomware variant on the rise

BianLian Ransomware Gang Gives It a Go! | [redacted]

Ben Armstrong, Lauren Pearce, Brad Pittack, Danny Quist. (2022, September 1). BianLian Ransomware Gang Gives It a Go!. Retrieved May 18, 2023.

Internal MISP references

UUID fc1aa979-7dbc-4fff-a8d1-b35a3b2bec3d which can be used as unique global reference for BianLian Ransomware Gang Gives It a Go! | [redacted] in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-18T00:00:00Z
date_published 2022-09-01T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title BianLian Ransomware Gang Gives It a Go!

Group IB APT 41 June 2021

Rostovcev, N. (2021, June 10). Big airline heist APT41 likely behind a third-party attack on Air India. Retrieved August 26, 2021.

Internal MISP references

UUID a2bf43a0-c7da-4cb9-8f9a-b34fac92b625 which can be used as unique global reference for Group IB APT 41 June 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-26T00:00:00Z
date_published 2021-06-10T00:00:00Z
source MITRE
title Big airline heist APT41 likely behind a third-party attack on Air India

Crowdstrike Indrik November 2018

Frankoff, S., Hartley, B. (2018, November 14). Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware. Retrieved January 6, 2021.

Internal MISP references

UUID 0f85f611-90db-43ba-8b71-5d0d4ec8cdd5 which can be used as unique global reference for Crowdstrike Indrik November 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-06T00:00:00Z
date_published 2018-11-14T00:00:00Z
source MITRE, Tidal Cyber
title Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware

CrowdStrike Ryuk January 2019

Hanel, A. (2019, January 10). Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware. Retrieved May 12, 2020.

Internal MISP references

UUID df471757-2ce0-48a7-922f-a84c57704914 which can be used as unique global reference for CrowdStrike Ryuk January 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-12T00:00:00Z
date_published 2019-01-10T00:00:00Z
source MITRE, Tidal Cyber
title Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware

OWASP Binary Planting

OWASP. (2013, January 30). Binary planting. Retrieved June 7, 2016.

Internal MISP references

UUID 86fc5a62-385e-4c56-9812-138db0808fba which can be used as unique global reference for OWASP Binary Planting in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-07T00:00:00Z
date_published 2013-01-30T00:00:00Z
source MITRE
title Binary planting

Wikipedia Binary-to-text Encoding

Wikipedia. (2016, December 26). Binary-to-text encoding. Retrieved March 1, 2017.

Internal MISP references

UUID 9b3820e8-f094-4e87-9ed6-ab0207d509fb which can be used as unique global reference for Wikipedia Binary-to-text Encoding in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-01T00:00:00Z
date_published 2016-12-26T00:00:00Z
source MITRE
title Binary-to-text encoding

Sucuri BIND9 August 2015

Cid, D.. (2015, August 2). BIND9 – Denial of Service Exploit in the Wild. Retrieved April 26, 2019.

Internal MISP references

UUID 5e108782-2f32-4704-be01-055d9e767216 which can be used as unique global reference for Sucuri BIND9 August 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-26T00:00:00Z
date_published 2015-08-02T00:00:00Z
source MITRE
title BIND9 – Denial of Service Exploit in the Wild

Wikipedia BIOS

Wikipedia. (n.d.). BIOS. Retrieved January 5, 2016.

Internal MISP references

UUID 0c4a2cb3-d663-47ee-87af-c5e9e68fe15f which can be used as unique global reference for Wikipedia BIOS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-05T00:00:00Z
source MITRE
title BIOS

Ge 2011

Ge, L. (2011, September 9). BIOS Threat is Showing up Again!. Retrieved November 14, 2014.

Internal MISP references

UUID dd6032fb-8913-4593-81b9-86d1239e01f4 which can be used as unique global reference for Ge 2011 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-14T00:00:00Z
date_published 2011-09-09T00:00:00Z
source MITRE
title BIOS Threat is Showing up Again!

Talos Bisonal Mar 2020

Mercer, W., et al. (2020, March 5). Bisonal: 10 years of play. Retrieved January 26, 2022.

Internal MISP references

UUID eaecccff-e0a0-4fa0-81e5-799b23c26b5a which can be used as unique global reference for Talos Bisonal Mar 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-26T00:00:00Z
date_published 2020-03-05T00:00:00Z
source MITRE
title Bisonal: 10 years of play

Talos Bisonal 10 Years March 2020

Warren Mercer, Paul Rascagneres, Vitor Ventura. (2020, March 6). Bisonal 10 Years of Play. Retrieved October 17, 2021.

Internal MISP references

UUID 6844e59b-d393-43df-9978-e3e3cc7b8db6 which can be used as unique global reference for Talos Bisonal 10 Years March 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-17T00:00:00Z
date_published 2020-03-06T00:00:00Z
source MITRE
title Bisonal 10 Years of Play

Unit 42 Bisonal July 2018

Hayashi, K., Ray, V. (2018, July 31). Bisonal Malware Used in Attacks Against Russia and South Korea. Retrieved August 7, 2018.

Internal MISP references

UUID 30b2ec12-b785-43fb-ab72-b37387046d15 which can be used as unique global reference for Unit 42 Bisonal July 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-07T00:00:00Z
date_published 2018-07-31T00:00:00Z
source MITRE
title Bisonal Malware Used in Attacks Against Russia and South Korea

Bitsadmin.exe - LOLBAS Project

LOLBAS. (2018, May 25). Bitsadmin.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 89bdc17b-553c-4245-acde-f6c56602e357 which can be used as unique global reference for Bitsadmin.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Bitsadmin.exe

Microsoft BITSAdmin

Microsoft. (n.d.). BITSAdmin Tool. Retrieved January 12, 2018.

Internal MISP references

UUID 5b8c2a8c-f01e-491a-aaf9-504ee7a1caed which can be used as unique global reference for Microsoft BITSAdmin in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-12T00:00:00Z
source MITRE
title BITSAdmin Tool

Cisco Talos Bitter Bangladesh May 2022

Raghuprasad, C . (2022, May 11). Bitter APT adds Bangladesh to their targets. Retrieved June 1, 2022.

Internal MISP references

UUID 097583ed-03b0-41cd-bf85-66d473f46439 which can be used as unique global reference for Cisco Talos Bitter Bangladesh May 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-01T00:00:00Z
date_published 2022-05-11T00:00:00Z
source MITRE
title Bitter APT adds Bangladesh to their targets

Forcepoint BITTER Pakistan Oct 2016

Dela Paz, R. (2016, October 21). BITTER: a targeted attack against Pakistan. Retrieved June 1, 2022.

Internal MISP references

UUID 9fc54fb0-b7d9-49dc-b6dd-ab4cb2cd34fa which can be used as unique global reference for Forcepoint BITTER Pakistan Oct 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-01T00:00:00Z
date_published 2016-10-21T00:00:00Z
source MITRE
title BITTER: a targeted attack against Pakistan

Camba RARSTONE

Camba, A. (2013, February 27). BKDR_RARSTONE: New RAT to Watch Out For. Retrieved January 8, 2016.

Internal MISP references

UUID bca93846-457d-4644-ba43-f9293982916f which can be used as unique global reference for Camba RARSTONE in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-08T00:00:00Z
date_published 2013-02-27T00:00:00Z
source MITRE
title BKDR_RARSTONE: New RAT to Watch Out For

TrendMicro BKDR_URSNIF.SM

Sioting, S. (2013, June 15). BKDR_URSNIF.SM. Retrieved June 5, 2019.

Internal MISP references

UUID aa791512-039e-4230-ab49-f184ca0e38c5 which can be used as unique global reference for TrendMicro BKDR_URSNIF.SM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-05T00:00:00Z
date_published 2013-06-15T00:00:00Z
source MITRE
title BKDR_URSNIF.SM

Cyble September 28 2022

Cybleinc. (2023, September 28). Bl00dy – New Ransomware Strain Active in the Wild. Retrieved August 3, 2023.

Internal MISP references

UUID ae2daa9c-6741-4ab7-854d-bee1170b3d7a which can be used as unique global reference for Cyble September 28 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-03T00:00:00Z
date_published 2023-09-28T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Bl00dy – New Ransomware Strain Active in the Wild

Trend Micro Pikabot January 9 2024

Shinji Robert Arasawa, Joshua Aquino, Charles Steven Derion, Juhn Emmanuel Atanque, Francisrey Joshua Castillo, John Carlo Marquez, Henry Salcedo, John Rainier Navato, Arianne Dela Cruz, Raymart Yambot, Ian Kenefick. (2024, January 9). Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign. Retrieved January 11, 2024.

Internal MISP references

UUID dc7d882b-4e83-42da-8e2f-f557b675930a which can be used as unique global reference for Trend Micro Pikabot January 9 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-11T00:00:00Z
date_published 2024-01-09T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign

Check Point Black Basta October 2022

Check Point. (2022, October 20). BLACK BASTA AND THE UNNOTICED DELIVERY. Retrieved March 8, 2023.

Internal MISP references

UUID 7a00457b-ae72-5aea-904f-9ca7f4cb9fe9 which can be used as unique global reference for Check Point Black Basta October 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-08T00:00:00Z
date_published 2022-10-20T00:00:00Z
source MITRE
title BLACK BASTA AND THE UNNOTICED DELIVERY

BlackBasta

Antonio Cocomazzi and Antonio Pirozzi. (2022, November 3). Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor. Retrieved March 14, 2023.

Internal MISP references

UUID c7e55e37-d051-5111-8d0a-738656f88650 which can be used as unique global reference for BlackBasta in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-14T00:00:00Z
date_published 2022-11-03T00:00:00Z
source MITRE
title Black Basta Ransomware

Trend Micro Black Basta October 2022

Kenefick, I. et al. (2022, October 12). Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike. Retrieved February 6, 2023.

Internal MISP references

UUID 6e4a1565-4a30-5a6b-961c-226a6f1967ae which can be used as unique global reference for Trend Micro Black Basta October 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-06T00:00:00Z
date_published 2022-10-12T00:00:00Z
source MITRE
title Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike

Uptycs Black Basta ESXi June 2022

Sharma, S. and Hegde, N. (2022, June 7). Black basta Ransomware Goes Cross-Platform, Now Targets ESXi Systems. Retrieved March 8, 2023.

Internal MISP references

UUID a8145e38-c2a4-5021-824d-5a831299b9d9 which can be used as unique global reference for Uptycs Black Basta ESXi June 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-08T00:00:00Z
date_published 2022-06-07T00:00:00Z
source MITRE
title Black basta Ransomware Goes Cross-Platform, Now Targets ESXi Systems

Elliptic Black Basta November 29 2023

Elliptic Research. (2023, November 29). Black Basta ransomware victims have paid over $100 million. Retrieved May 14, 2024.

Internal MISP references

UUID dc7579c0-911d-417d-bba5-bc36e078b640 which can be used as unique global reference for Elliptic Black Basta November 29 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-05-14T00:00:00Z
date_published 2023-11-29T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Black Basta ransomware victims have paid over $100 million

BlackBerry Black Basta May 2022

Ballmer, D. (2022, May 6). Black Basta: Rebrand of Conti or Something New?. Retrieved March 7, 2023.

Internal MISP references

UUID 32a272fe-ac10-5478-88a0-b3dd366ec540 which can be used as unique global reference for BlackBerry Black Basta May 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-07T00:00:00Z
date_published 2022-05-06T00:00:00Z
source MITRE
title Black Basta: Rebrand of Conti or Something New?

WMI 6

Microsoft. (2022, June 13). BlackCat. Retrieved February 13, 2024.

Internal MISP references

UUID df07a086-0d38-570b-b0c5-9f5061212db7 which can be used as unique global reference for WMI 6 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-13T00:00:00Z
date_published 2022-06-13T00:00:00Z
source MITRE
title BlackCat

FBI BlackCat April 19 2022

FBI. (2022, April 19). BlackCat/ALPHV Ransomware Indicators of Compromise. Retrieved September 14, 2023.

Internal MISP references

UUID 2640b58c-8413-4691-80e1-33aec9b6c7f6 which can be used as unique global reference for FBI BlackCat April 19 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-14T00:00:00Z
date_published 2022-04-19T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title BlackCat/ALPHV Ransomware Indicators of Compromise

X-Force BlackCat May 30 2023

IBM Security X-Force Team. (2023, May 30). BlackCat (ALPHV) ransomware levels up for stealth, speed and exfiltration. Retrieved September 14, 2023.

Internal MISP references

UUID b80c1f70-9d05-4f4b-bdc2-6157c6837202 which can be used as unique global reference for X-Force BlackCat May 30 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-14T00:00:00Z
date_published 2023-05-30T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title BlackCat (ALPHV) ransomware levels up for stealth, speed and exfiltration

BlackBerry BlackCat Threat Overview

BlackBerry. (n.d.). BlackCat Malware (AKA ALPHV). Retrieved September 14, 2023.

Internal MISP references

UUID 59f98ae1-c62d-460f-8d2a-9ae287b59953 which can be used as unique global reference for BlackBerry BlackCat Threat Overview in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-14T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title BlackCat Malware (AKA ALPHV)

Huntress BlackCat

Carvey, H. (2024, February 28). BlackCat Ransomware Affiliate TTPs. Retrieved March 27, 2024.

Internal MISP references

UUID faa60cf9-0fc5-5728-90be-d0e11b48a921 which can be used as unique global reference for Huntress BlackCat in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-27T00:00:00Z
date_published 2024-02-28T00:00:00Z
source MITRE
title BlackCat Ransomware Affiliate TTPs

Sophos BlackCat Jul 2022

Brandt, Andrew. (2022, July 14). BlackCat ransomware attacks not merely a byproduct of bad luck. Retrieved December 20, 2022.

Internal MISP references

UUID 481a0106-d5b6-532c-8f5b-6c0c477185f4 which can be used as unique global reference for Sophos BlackCat Jul 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-12-20T00:00:00Z
date_published 2022-07-14T00:00:00Z
source MITRE
title BlackCat ransomware attacks not merely a byproduct of bad luck

ESEST Black Energy Jan 2016

Cherepanov, A.. (2016, January 3). BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry. Retrieved May 18, 2016.

Internal MISP references

UUID 4d626eb9-3722-4aa4-b95e-1650cc2865c2 which can be used as unique global reference for ESEST Black Energy Jan 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-05-18T00:00:00Z
date_published 2016-01-03T00:00:00Z
source MITRE
title BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry

ESET BlackEnergy Jan 2016

Cherepanov, A.. (2016, January 3). BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry . Retrieved June 10, 2020.

Internal MISP references

UUID a0103079-c966-46b6-8871-c01f7f0eea4c which can be used as unique global reference for ESET BlackEnergy Jan 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-10T00:00:00Z
date_published 2016-01-03T00:00:00Z
source MITRE
title BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry

F-Secure BlackEnergy 2014

F-Secure Labs. (2014). BlackEnergy & Quedagh: The convergence of crimeware and APT attacks. Retrieved March 24, 2016.

Internal MISP references

UUID 5f228fb5-d959-4c4a-bb8c-f9dc01d5af07 which can be used as unique global reference for F-Secure BlackEnergy 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-24T00:00:00Z
date_published 2014-01-01T00:00:00Z
source MITRE
title BlackEnergy & Quedagh: The convergence of crimeware and APT attacks

ESET BlackLotus March 01 2023

Martin Smolár. (2023, March 1). BlackLotus UEFI bootkit: Myth confirmed. Retrieved September 29, 2023.

Internal MISP references

UUID 1a4c134b-c701-400f-beee-e6b3cc835042 which can be used as unique global reference for ESET BlackLotus March 01 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-29T00:00:00Z
date_published 2023-03-01T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title BlackLotus UEFI bootkit: Myth confirmed

Securelist BlackOasis Oct 2017

Kaspersky Lab's Global Research & Analysis Team. (2017, October 16). BlackOasis APT and new targeted attacks leveraging zero-day exploit. Retrieved February 15, 2018.

Internal MISP references

UUID 66121c37-6b66-4ab2-9f63-1adb80dcec62 which can be used as unique global reference for Securelist BlackOasis Oct 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-15T00:00:00Z
date_published 2017-10-16T00:00:00Z
source MITRE, Tidal Cyber
title BlackOasis APT and new targeted attacks leveraging zero-day exploit

ReliaQuest May 28 2024

ReliaQuest Threat Research Team. (2024, May 28). BlackSuit Attack Analysis - ReliaQuest. Retrieved June 5, 2024.

Internal MISP references

UUID 2a67b1df-9a15-487e-a777-8a3fe46b0179 which can be used as unique global reference for ReliaQuest May 28 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-06-05T00:00:00Z
date_published 2024-05-28T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title BlackSuit Attack Analysis - ReliaQuest

HC3 Analyst Note BlackSuit Ransomware November 2023

Health Sector Cybersecurity Coordination Center (HC3). (2023, November 6). BlackSuit Ransomware. Retrieved June 7, 2024.

Internal MISP references

UUID d956f0c6-d90e-49e8-a64c-a46bfc177cc6 which can be used as unique global reference for HC3 Analyst Note BlackSuit Ransomware November 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-06-07T00:00:00Z
date_published 2023-11-06T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title BlackSuit Ransomware

Cyble May 12 2023

Cybleinc. (2023, May 12). BlackSuit Ransomware Strikes Windows and Linux Users. Retrieved January 1, 2024.

Internal MISP references

UUID 7e335494-86a7-49cd-a9f3-783d73c36d9d which can be used as unique global reference for Cyble May 12 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-01T00:00:00Z
date_published 2023-05-12T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title BlackSuit Ransomware Strikes Windows and Linux Users

Palo Alto Black-T October 2020

Quist, N. (2020, October 5). Black-T: New Cryptojacking Variant from TeamTNT. Retrieved September 22, 2021.

Internal MISP references

UUID d4351c8e-026d-4660-9344-166481ecf64a which can be used as unique global reference for Palo Alto Black-T October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-22T00:00:00Z
date_published 2020-10-05T00:00:00Z
source MITRE
title Black-T: New Cryptojacking Variant from TeamTNT

BlackWater Malware Cloudflare Workers

Lawrence Abrams. (2020, March 14). BlackWater Malware Abuses Cloudflare Workers for C2 Communication. Retrieved July 8, 2022.

Internal MISP references

UUID 053895e8-da3f-4291-a728-2198fde774e7 which can be used as unique global reference for BlackWater Malware Cloudflare Workers in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-08T00:00:00Z
date_published 2020-03-14T00:00:00Z
source MITRE
title BlackWater Malware Abuses Cloudflare Workers for C2 Communication

NHS UK BLINDINGCAN Aug 2020

NHS Digital . (2020, August 20). BLINDINGCAN Remote Access Trojan. Retrieved August 20, 2020.

Internal MISP references

UUID acca4c89-acce-4916-88b6-f4dac7d8ab19 which can be used as unique global reference for NHS UK BLINDINGCAN Aug 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-20T00:00:00Z
date_published 2020-08-20T00:00:00Z
source MITRE
title BLINDINGCAN Remote Access Trojan

Azure Blob Snapshots

Microsoft Azure. (2021, December 29). Blob snapshots. Retrieved March 2, 2022.

Internal MISP references

UUID 152628ab-3244-4cc7-a68e-a220b652039b which can be used as unique global reference for Azure Blob Snapshots in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-02T00:00:00Z
date_published 2021-12-29T00:00:00Z
source MITRE
title Blob snapshots

objsee block blocking login items

Patrick Wardle. (2018, July 23). Block Blocking Login Items. Retrieved October 1, 2021.

Internal MISP references

UUID 76511800-8331-476b-ab4f-0daa587f5e22 which can be used as unique global reference for objsee block blocking login items in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-01T00:00:00Z
date_published 2018-07-23T00:00:00Z
source MITRE
title Block Blocking Login Items

Technospot Chrome Extensions GP

Mohta, A. (n.d.). Block Chrome Extensions using Google Chrome Group Policy Settings. Retrieved January 10, 2018.

Internal MISP references

UUID 76faf20c-27d3-4e67-8ab7-8480f8f88ae5 which can be used as unique global reference for Technospot Chrome Extensions GP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-10T00:00:00Z
source MITRE
title Block Chrome Extensions using Google Chrome Group Policy Settings

Evi1cg Forfiles Nov 2017

Evi1cg. (2017, November 26). block cmd.exe ? try this :. Retrieved January 22, 2018.

Internal MISP references

UUID b292b85e-68eb-43c3-9b5b-222810e2f26a which can be used as unique global reference for Evi1cg Forfiles Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-22T00:00:00Z
date_published 2017-11-26T00:00:00Z
source MITRE
title block cmd.exe ? try this :

Fifield Blocking Resistent Communication through domain fronting 2015

David Fifield, Chang Lan, Rod Hynes, Percy Wegmann, and Vern Paxson. (2015). Blocking-resistant communication through domain fronting. Retrieved November 20, 2017.

Internal MISP references

UUID 52671075-c425-40c7-a49a-b75e44a0c58a which can be used as unique global reference for Fifield Blocking Resistent Communication through domain fronting 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-20T00:00:00Z
date_published 2015-01-01T00:00:00Z
source MITRE
title Blocking-resistant communication through domain fronting

GitHub Bloodhound

Robbins, A., Vazarkar, R., and Schroeder, W. (2016, April 17). Bloodhound: Six Degrees of Domain Admin. Retrieved March 5, 2019.

Internal MISP references

UUID e90b4941-5dff-4f38-b4dd-af3426fd621e which can be used as unique global reference for GitHub Bloodhound in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-05T00:00:00Z
date_published 2016-04-17T00:00:00Z
source MITRE
title Bloodhound: Six Degrees of Domain Admin

Blue Cloud of Death Video

Kunz, Bruce. (2018, October 14). Blue Cloud of Death: Red Teaming Azure. Retrieved November 21, 2019.

Internal MISP references

UUID 39b0adf6-c71e-4501-b8bb-fab82718486b which can be used as unique global reference for Blue Cloud of Death Video in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-11-21T00:00:00Z
date_published 2018-10-14T00:00:00Z
source MITRE
title Blue Cloud of Death: Red Teaming Azure

Blue Cloud of Death

Kunz, Bryce. (2018, May 11). Blue Cloud of Death: Red Teaming Azure. Retrieved October 23, 2019.

Internal MISP references

UUID 0c764280-9d8c-4fa4-9088-170f02550d4c which can be used as unique global reference for Blue Cloud of Death in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-23T00:00:00Z
date_published 2018-05-11T00:00:00Z
source MITRE
title Blue Cloud of Death: Red Teaming Azure

1 - appv

SEONGSU PARK. (2022, December 27). BlueNoroff introduces new methods bypassing MoTW. Retrieved February 6, 2024.

Internal MISP references

UUID acdf0a7f-f341-5bec-bfe0-f879827f0185 which can be used as unique global reference for 1 - appv in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-06T00:00:00Z
date_published 2022-12-27T00:00:00Z
source MITRE
title BlueNoroff introduces new methods bypassing MoTW

apple doco bonjour description

Apple Inc. (2013, April 23). Bonjour Overview. Retrieved October 11, 2021.

Internal MISP references

UUID b8538d67-ab91-41c2-9cc3-a7b00c6b372a which can be used as unique global reference for apple doco bonjour description in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-11T00:00:00Z
date_published 2013-04-23T00:00:00Z
source MITRE
title Bonjour Overview

Booby Trap Shortcut 2017

Weyne, F. (2017, April). Booby trap a shortcut with a backdoor. Retrieved October 3, 2023.

Internal MISP references

UUID 1a820fb8-3cff-584b-804f-9bad0592873b which can be used as unique global reference for Booby Trap Shortcut 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-03T00:00:00Z
date_published 2017-04-01T00:00:00Z
source MITRE
title Booby trap a shortcut with a backdoor

Microsoft Bootcfg

Gerend, J. et al. (2017, October 16). bootcfg. Retrieved August 30, 2021.

Internal MISP references

UUID 44ffaa60-4461-4463-a1b5-abc868368c0a which can be used as unique global reference for Microsoft Bootcfg in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-30T00:00:00Z
date_published 2017-10-16T00:00:00Z
source MITRE
title bootcfg

Imperva DDoS for Hire

Imperva. (n.d.). Booters, Stressers and DDoSers. Retrieved October 4, 2020.

Internal MISP references

UUID 86f87ec6-058e-45a7-9314-0579a2b4e8f2 which can be used as unique global reference for Imperva DDoS for Hire in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-04T00:00:00Z
source MITRE
title Booters, Stressers and DDoSers

Wikipedia Booting

Wikipedia. (n.d.). Booting. Retrieved November 13, 2019.

Internal MISP references

UUID 6d9c72cb-6cda-445e-89ea-7e695063d49a which can be used as unique global reference for Wikipedia Booting in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-11-13T00:00:00Z
source MITRE
title Booting

FireEye BOOTRASH SANS

Glyer, C.. (2017, June 22). Boot What?. Retrieved May 4, 2020.

Internal MISP references

UUID 835c9e5d-b291-43d9-9b8a-2978aa8c8cd3 which can be used as unique global reference for FireEye BOOTRASH SANS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-04T00:00:00Z
date_published 2017-06-22T00:00:00Z
source MITRE
title Boot What?

Booz Allen Hamilton

Booz Allen Hamilton. (n.d.). When The Lights Went Out. Retrieved October 22, 2019

Internal MISP references

UUID 7f0acd33-602e-5f07-a1ae-a87e3c8f2eb5 which can be used as unique global reference for Booz Allen Hamilton in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-22T00:00:00Z
source MITRE
title Booz Allen Hamilton

Unit42 LockerGoga 2019

Harbison, M. (2019, March 26). Born This Way? Origins of LockerGoga. Retrieved April 16, 2019.

Internal MISP references

UUID 8f058923-f2f7-4c0e-b90a-c7a0d5e62186 which can be used as unique global reference for Unit42 LockerGoga 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-16T00:00:00Z
date_published 2019-03-26T00:00:00Z
source MITRE
title Born This Way? Origins of LockerGoga

Threatexpress MetaTwin 2017

Vest, J. (2017, October 9). Borrowing Microsoft MetaData and Signatures to Hide Binary Payloads. Retrieved September 10, 2019.

Internal MISP references

UUID 156efefd-793f-4219-8904-ef160a45c9ec which can be used as unique global reference for Threatexpress MetaTwin 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-10T00:00:00Z
date_published 2017-10-09T00:00:00Z
source MITRE
title Borrowing Microsoft MetaData and Signatures to Hide Binary Payloads

Sandfly BPFDoor 2022

The Sandfly Security Team. (2022, May 11). BPFDoor - An Evasive Linux Backdoor Technical Analysis. Retrieved September 29, 2023.

Internal MISP references

UUID 01c8337f-614b-5f63-870f-5c880b390922 which can be used as unique global reference for Sandfly BPFDoor 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-29T00:00:00Z
date_published 2022-05-11T00:00:00Z
source MITRE
title BPFDoor - An Evasive Linux Backdoor Technical Analysis

AADInternals - BPRT

Dr. Nestori Syynimaa. (2021, January 31). BPRT unleashed: Joining multiple devices to Azure AD and Intune. Retrieved March 4, 2022.

Internal MISP references

UUID 19af3fce-eb57-4e67-9678-1968e9ea9677 which can be used as unique global reference for AADInternals - BPRT in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-04T00:00:00Z
date_published 2021-01-31T00:00:00Z
source MITRE
title BPRT unleashed: Joining multiple devices to Azure AD and Intune

Brazking-Websockets

Shahar Tavor. (n.d.). BrazKing Android Malware Upgraded and Targeting Brazilian Banks. Retrieved March 24, 2023.

Internal MISP references

UUID fa813afd-b8f0-535b-9108-6d3d3989b6b9 which can be used as unique global reference for Brazking-Websockets in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-24T00:00:00Z
source MITRE
title BrazKing Android Malware Upgraded and Targeting Brazilian Banks

Morphisec 3 26 2024

Arnold Osipov. (2024, March 26). Breaking Boundaries Mispadu's Infiltration Beyond LATAM. Retrieved April 4, 2024.

Internal MISP references

UUID 38d88851-1b71-4ed7-88e3-2ee5c3876c06 which can be used as unique global reference for Morphisec 3 26 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-04T00:00:00Z
date_published 2024-03-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Breaking Boundaries Mispadu's Infiltration Beyond LATAM

MSTIC Nobelium Toolset May 2021

MSTIC. (2021, May 28). Breaking down NOBELIUM’s latest early-stage toolset. Retrieved August 4, 2021.

Internal MISP references

UUID 52464e69-ff9e-4101-9596-dd0c6404bf76 which can be used as unique global reference for MSTIC Nobelium Toolset May 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-04T00:00:00Z
date_published 2021-05-28T00:00:00Z
source MITRE
title Breaking down NOBELIUM’s latest early-stage toolset

Lee 2013

Lee, T., Hanzlik, D., Ahl, I. (2013, August 7). Breaking Down the China Chopper Web Shell - Part I. Retrieved March 27, 2015.

Internal MISP references

UUID 6d1e2b0a-fed2-490b-be25-6580dfb7d6aa which can be used as unique global reference for Lee 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-03-27T00:00:00Z
date_published 2013-08-07T00:00:00Z
source MITRE
title Breaking Down the China Chopper Web Shell - Part I

sentinelone-malvertising

Hegel, Tom. (2023, January 19). Breaking Down the SEO Poisoning Attack | How Attackers Are Hijacking Search Results. Retrieved February 21, 2023.

Internal MISP references

UUID 7989f0de-90b8-5e6d-bc20-1764610d1568 which can be used as unique global reference for sentinelone-malvertising in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-21T00:00:00Z
date_published 2023-01-19T00:00:00Z
source MITRE
title Breaking Down the SEO Poisoning Attack

OS X Keychain

Juuso Salonen. (2012, September 5). Breaking into the OS X keychain. Retrieved July 15, 2017.

Internal MISP references

UUID bde3ff9c-fbf9-49c4-b414-70dc8356d57d which can be used as unique global reference for OS X Keychain in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-15T00:00:00Z
date_published 2012-09-05T00:00:00Z
source MITRE
title Breaking into the OS X keychain

Brown Exploiting Linkers

Tim Brown. (2011, June 29). Breaking the links: Exploiting the linker. Retrieved March 29, 2021.

Internal MISP references

UUID 24674e91-5cbf-4023-98ae-a9f0968ad99a which can be used as unique global reference for Brown Exploiting Linkers in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-29T00:00:00Z
date_published 2011-06-29T00:00:00Z
source MITRE
title Breaking the links: Exploiting the linker

FireEye Outlook Dec 2019

McWhirt, M., Carr, N., Bienstock, D. (2019, December 4). Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774). Retrieved June 23, 2020.

Internal MISP references

UUID f23a773f-9c50-4193-877d-97f7c13f48f1 which can be used as unique global reference for FireEye Outlook Dec 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-23T00:00:00Z
date_published 2019-12-04T00:00:00Z
source MITRE
title Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774)

Cisco Talos Blog December 08 2022

Cisco Talos Blog. (2022, December 8). Breaking the silence - Recent Truebot activity. Retrieved May 8, 2023.

Internal MISP references

UUID bcf92374-48a3-480f-a679-9fd34b67bcdd which can be used as unique global reference for Cisco Talos Blog December 08 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-08T00:00:00Z
date_published 2022-12-08T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Breaking the silence - Recent Truebot activity

PaloAlto Preventing Opportunistic Attacks Apr 2016

Kiwi. (2016, April 6). Breakout Recap: Cybersecurity Best Practices Part 1 - Preventing Opportunistic Attacks. Retrieved October 3, 2018.

Internal MISP references

UUID 60fac434-2815-4568-b951-4bde55c2e3af which can be used as unique global reference for PaloAlto Preventing Opportunistic Attacks Apr 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-10-03T00:00:00Z
date_published 2016-04-06T00:00:00Z
source MITRE
title Breakout Recap: Cybersecurity Best Practices Part 1 - Preventing Opportunistic Attacks

Mandiant BYOL

Kirk, N. (2018, June 18). Bring Your Own Land (BYOL) – A Novel Red Teaming Technique. Retrieved October 4, 2021.

Internal MISP references

UUID 445efe8b-659a-4023-afc7-aa7cd21ee5a1 which can be used as unique global reference for Mandiant BYOL in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-04T00:00:00Z
date_published 2018-06-18T00:00:00Z
source MITRE
title Bring Your Own Land (BYOL) – A Novel Red Teaming Technique

Mandiant BYOL 2018

Kirk, N. (2018, June 18). Bring Your Own Land (BYOL) – A Novel Red Teaming Technique. Retrieved October 8, 2021.

Internal MISP references

UUID 104a1c1c-0899-4ff9-a5c4-73de702c467d which can be used as unique global reference for Mandiant BYOL 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-08T00:00:00Z
date_published 2018-06-18T00:00:00Z
source MITRE
title Bring Your Own Land (BYOL) – A Novel Red Teaming Technique

Comparitech Leak

Bischoff, P. (2020, October 15). Broadvoice database of more than 350 million customer records exposed online. Retrieved October 20, 2020.

Internal MISP references

UUID fa0eac56-45ea-4628-88cf-b843874b4a4d which can be used as unique global reference for Comparitech Leak in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2020-10-15T00:00:00Z
source MITRE
title Broadvoice database of more than 350 million customer records exposed online

ThreatPost Broadvoice Leak

Seals, T. (2020, October 15). Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts. Retrieved October 20, 2020.

Internal MISP references

UUID 91d20979-d4e7-4372-8a83-1e1512c8d3a9 which can be used as unique global reference for ThreatPost Broadvoice Leak in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2020-10-15T00:00:00Z
source MITRE
title Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts

Secureworks BRONZE BUTLER Oct 2017

Counter Threat Unit Research Team. (2017, October 12). BRONZE BUTLER Targets Japanese Enterprises. Retrieved January 4, 2018.

Internal MISP references

UUID c62d8d1a-cd1b-4b39-95b6-68f3f063dacf which can be used as unique global reference for Secureworks BRONZE BUTLER Oct 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-04T00:00:00Z
date_published 2017-10-12T00:00:00Z
source MITRE, Tidal Cyber
title BRONZE BUTLER Targets Japanese Enterprises

Secureworks BRONZE FLEETWOOD Profile

Secureworks CTU. (n.d.). BRONZE FLEETWOOD. Retrieved February 5, 2024.

Internal MISP references

UUID 4fbb113c-94b4-56fd-b292-1ccf84e1c8f3 which can be used as unique global reference for Secureworks BRONZE FLEETWOOD Profile in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-05T00:00:00Z
source MITRE
title BRONZE FLEETWOOD

Secureworks BRONZE HUNTLEY

Secureworks. (2021, January 1). BRONZE HUNTLEY Threat Profile. Retrieved May 5, 2021.

Internal MISP references

UUID 9558ebc5-4de3-4b1d-b32c-a170adbc3451 which can be used as unique global reference for Secureworks BRONZE HUNTLEY in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-05T00:00:00Z
date_published 2021-01-01T00:00:00Z
source MITRE
title BRONZE HUNTLEY Threat Profile

Secureworks BRONZE PRESIDENT December 2019

Counter Threat Unit Research Team. (2019, December 29). BRONZE PRESIDENT Targets NGOs. Retrieved April 13, 2021.

Internal MISP references

UUID 019889e0-a2ce-476f-9a31-2fc394de2821 which can be used as unique global reference for Secureworks BRONZE PRESIDENT December 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-13T00:00:00Z
date_published 2019-12-29T00:00:00Z
source MITRE, Tidal Cyber
title BRONZE PRESIDENT Targets NGOs

Dell SecureWorks BRONZE STARLIGHT Profile

SecureWorks. (n.d.). BRONZE STARLIGHT. Retrieved December 6, 2023.

Internal MISP references

UUID d2e8cd95-fcd5-58e4-859a-c4724ec94ab4 which can be used as unique global reference for Dell SecureWorks BRONZE STARLIGHT Profile in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-06T00:00:00Z
source MITRE
title BRONZE STARLIGHT

SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022

Counter Threat Unit Research Team . (2022, June 23). BRONZE STARLIGHT RANSOMWARE OPERATIONS USE HUI LOADER. Retrieved December 7, 2023.

Internal MISP references

UUID 0b275cf9-a885-58cc-b859-112090a711e3 which can be used as unique global reference for SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-07T00:00:00Z
date_published 2022-06-23T00:00:00Z
source MITRE
title BRONZE STARLIGHT RANSOMWARE OPERATIONS USE HUI LOADER

SecureWorks BRONZE UNION June 2017

Counter Threat Unit Research Team. (2017, June 27). BRONZE UNION Cyberespionage Persists Despite Disclosures. Retrieved July 13, 2017.

Internal MISP references

UUID 42adda47-f5d6-4d34-9b3d-3748a782f886 which can be used as unique global reference for SecureWorks BRONZE UNION June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-13T00:00:00Z
date_published 2017-06-27T00:00:00Z
source MITRE, Tidal Cyber
title BRONZE UNION Cyberespionage Persists Despite Disclosures

Wikipedia Browser Extension

Wikipedia. (2017, October 8). Browser Extension. Retrieved January 11, 2018.

Internal MISP references

UUID 52aef082-3f8e-41b4-af95-6631ce4c9e91 which can be used as unique global reference for Wikipedia Browser Extension in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-11T00:00:00Z
date_published 2017-10-08T00:00:00Z
source MITRE
title Browser Extension

Mr. D0x BitB 2022

mr.d0x. (2022, March 15). Browser In The Browser (BITB) Attack. Retrieved March 8, 2023.

Internal MISP references

UUID 447f6b34-ac3a-58d9-af96-aa1d947a3e0e which can be used as unique global reference for Mr. D0x BitB 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-08T00:00:00Z
date_published 2022-03-15T00:00:00Z
source MITRE
title Browser In The Browser (BITB) Attack

Cobalt Strike Browser Pivot

Mudge, R. (n.d.). Browser Pivoting. Retrieved January 10, 2018.

Internal MISP references

UUID 0c1dd453-7281-4ee4-9c8f-bdc401cf48d7 which can be used as unique global reference for Cobalt Strike Browser Pivot in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-10T00:00:00Z
source MITRE
title Browser Pivoting

Symantec Buckeye

Symantec Security Response. (2016, September 6). Buckeye cyberespionage group shifts gaze from US to Hong Kong. Retrieved September 26, 2016.

Internal MISP references

UUID dbf3ce3e-bcf2-4e47-ad42-839e51967395 which can be used as unique global reference for Symantec Buckeye in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-09-26T00:00:00Z
date_published 2016-09-06T00:00:00Z
source MITRE, Tidal Cyber
title Buckeye cyberespionage group shifts gaze from US to Hong Kong

ESET Buhtrap and Buran April 2019

ESET Research. (2019, April 30). Buhtrap backdoor and Buran ransomware distributed via major advertising platform. Retrieved May 11, 2020.

Internal MISP references

UUID e308a957-fb5c-44e8-a846-be6daef4b940 which can be used as unique global reference for ESET Buhtrap and Buran April 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-11T00:00:00Z
date_published 2019-04-30T00:00:00Z
source MITRE
title Buhtrap backdoor and Buran ransomware distributed via major advertising platform

S1 Custom Shellcode Tool

Bunce, D. (2019, October 31). Building A Custom Tool For Shellcode Analysis. Retrieved October 4, 2021.

Internal MISP references

UUID f49bfd00-48d5-4d84-a7b7-cb23fcdf861b which can be used as unique global reference for S1 Custom Shellcode Tool in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-04T00:00:00Z
date_published 2019-10-31T00:00:00Z
source MITRE
title Building A Custom Tool For Shellcode Analysis

Data Driven Security DGA

Jacobs, J. (2014, October 2). Building a DGA Classifier: Part 2, Feature Engineering. Retrieved February 18, 2019.

Internal MISP references

UUID c92fb2ec-c144-42d4-bd42-179d3d737db0 which can be used as unique global reference for Data Driven Security DGA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-18T00:00:00Z
date_published 2014-10-02T00:00:00Z
source MITRE
title Building a DGA Classifier: Part 2, Feature Engineering

CTD PPID Spoofing Macro Mar 2019

Tafani-Dereeper, C. (2019, March 12). Building an Office macro to spoof parent processes and command line arguments. Retrieved June 3, 2019.

Internal MISP references

UUID b06b72ba-dbd6-4190-941a-0cdd3d659ab6 which can be used as unique global reference for CTD PPID Spoofing Macro Mar 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-03T00:00:00Z
date_published 2019-03-12T00:00:00Z
source MITRE
title Building an Office macro to spoof parent processes and command line arguments

Trend Micro September 02 2022

Trend Micro. (2022, September 2). BumbleBee a New Modular Backdoor Evolved From BookWorm. Retrieved May 7, 2023.

Internal MISP references

UUID acb25abb-23c7-4b5d-849b-346388dde15c which can be used as unique global reference for Trend Micro September 02 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2022-09-02T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title BumbleBee a New Modular Backdoor Evolved From BookWorm

Proofpoint 2 12 2024

Axel F; Selena Larson; The Proofpoint Threat Research Team. (2024, February 12). Bumblebee Buzzes Back in Black . Retrieved February 14, 2024.

Internal MISP references

UUID 643968ec-bc01-4317-ba91-b2bafeb421c9 which can be used as unique global reference for Proofpoint 2 12 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-14T00:00:00Z
date_published 2024-02-12T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Bumblebee Buzzes Back in Black

Toxin Labs 3 4 2023

Toxin Labs. (2023, March 4). BumbleBee DocuSign Campaign. Retrieved February 19, 2024.

Internal MISP references

UUID 8404527a-9197-47ea-8bdf-c824b66ffede which can be used as unique global reference for Toxin Labs 3 4 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-19T00:00:00Z
date_published 2023-03-04T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title BumbleBee DocuSign Campaign

SEC Consult Bumblebee April 11 2023

Angelo Violetti. (2023, April 11). BumbleBee hunting with a Velociraptor. Retrieved May 6, 2023.

Internal MISP references

UUID c4cdaaeb-5776-4899-bdcf-8daf9d6ea615 which can be used as unique global reference for SEC Consult Bumblebee April 11 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-06T00:00:00Z
date_published 2023-04-11T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title BumbleBee hunting with a Velociraptor

Cybereason Bumblebee August 2022

Cybereason. (2022, August 17). Bumblebee Loader – The High Road to Enterprise Domain Control. Retrieved August 29, 2022.

Internal MISP references

UUID 64bfb605-af69-4df0-ae56-32fa997516bc which can be used as unique global reference for Cybereason Bumblebee August 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-29T00:00:00Z
date_published 2022-08-17T00:00:00Z
source MITRE
title Bumblebee Loader – The High Road to Enterprise Domain Control

Secureworks Bumblebee April 20 2023

Counter Threat Unit Research Team. (2023, April 20). Bumblebee Malware Distributed Via Trojanized Installer Downloads. Retrieved May 6, 2023.

Internal MISP references

UUID ac31c45d-ba78-4158-b163-723ab22c4dc4 which can be used as unique global reference for Secureworks Bumblebee April 20 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-06T00:00:00Z
date_published 2023-04-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Bumblebee Malware Distributed Via Trojanized Installer Downloads

Symantec Bumblebee June 2022

Kamble, V. (2022, June 28). Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem. Retrieved August 24, 2022.

Internal MISP references

UUID 81bfabad-b5b3-4e45-ac1d-1e2e829fca33 which can be used as unique global reference for Symantec Bumblebee June 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-24T00:00:00Z
date_published 2022-06-28T00:00:00Z
source MITRE
title Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem

Cyble September 07 2022

Cybleinc. (2022, September 7). Bumblebee Returns with New Infection Technique. Retrieved May 7, 2023.

Internal MISP references

UUID 9d194526-2d01-4f92-9055-39e66d26081a which can be used as unique global reference for Cyble September 07 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2022-09-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Bumblebee Returns with New Infection Technique

The DFIR Report Bumblebee September 26 2022

The DFIR Report. (2022, September 26). BumbleBee: Round Two. Retrieved May 7, 2023.

Internal MISP references

UUID 8b51d35c-7a2a-4f03-95b1-c0b319f73c05 which can be used as unique global reference for The DFIR Report Bumblebee September 26 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2022-09-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title BumbleBee: Round Two

The DFIR Report Bumblebee November 14 2022

The DFIR Report. (2022, November 14). BumbleBee Zeros in on Meterpreter. Retrieved May 7, 2023.

Internal MISP references

UUID 831e1b4e-6edd-498f-863c-606d2392b622 which can be used as unique global reference for The DFIR Report Bumblebee November 14 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2022-11-14T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title BumbleBee Zeros in on Meterpreter

objsee netwire backdoor 2019

Patrick Wardle. (2019, June 20). Burned by Fire(fox). Retrieved October 1, 2021.

Internal MISP references

UUID 866c5305-8629-4f09-8dfe-192c8573ffb0 which can be used as unique global reference for objsee netwire backdoor 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-01T00:00:00Z
date_published 2019-06-20T00:00:00Z
source MITRE
title Burned by Fire(fox)

401 TRG Winnti Umbrella May 2018

Hegel, T. (2018, May 3). Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers. Retrieved July 8, 2018.

Internal MISP references

UUID e3f1f2e4-dc1c-4d9c-925d-47013f44a69f which can be used as unique global reference for 401 TRG Winnti Umbrella May 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-08T00:00:00Z
date_published 2018-05-03T00:00:00Z
source MITRE
title Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers

Bypassing Gatekeeper

Thomas Reed. (2016, March 31). Bypassing Apple's Gatekeeper. Retrieved July 5, 2017.

Internal MISP references

UUID 957a0916-614e-4c7b-a6dd-1baa4fc6f93e which can be used as unique global reference for Bypassing Gatekeeper in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-05T00:00:00Z
date_published 2016-03-31T00:00:00Z
source MITRE
title Bypassing Apple's Gatekeeper

engima0x3 DNX Bypass

Nelson, M. (2017, November 17). Bypassing Application Whitelisting By Using dnx.exe. Retrieved May 25, 2017.

Internal MISP references

UUID e0186f1d-100d-4e52-b6f7-0a7e1c1a35f0 which can be used as unique global reference for engima0x3 DNX Bypass in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-05-25T00:00:00Z
date_published 2017-11-17T00:00:00Z
source MITRE
title Bypassing Application Whitelisting By Using dnx.exe

engima0x3 RCSI Bypass

Nelson, M. (2016, November 21). Bypassing Application Whitelisting By Using rcsi.exe. Retrieved May 26, 2017.

Internal MISP references

UUID 0b815bd9-6c7f-4bd8-9031-667fa6252f89 which can be used as unique global reference for engima0x3 RCSI Bypass in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-05-26T00:00:00Z
date_published 2016-11-21T00:00:00Z
source MITRE
title Bypassing Application Whitelisting By Using rcsi.exe

Exploit Monday WinDbg

Graeber, M. (2016, August 15). Bypassing Application Whitelisting by using WinDbg/CDB as a Shellcode Runner. Retrieved May 26, 2017.

Internal MISP references

UUID abd5f871-e12e-4355-af72-d4be79cb0291 which can be used as unique global reference for Exploit Monday WinDbg in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-05-26T00:00:00Z
date_published 2016-08-15T00:00:00Z
source MITRE
title Bypassing Application Whitelisting by using WinDbg/CDB as a Shellcode Runner

SubTee MSBuild

Smith, C. (2016, September 13). Bypassing Application Whitelisting using MSBuild.exe - Device Guard Example and Mitigations. Retrieved September 13, 2016.

Internal MISP references

UUID 82a762d0-c59f-456d-a7d3-1cab3fa02526 which can be used as unique global reference for SubTee MSBuild in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
date_accessed 2016-09-13T00:00:00Z
date_published 2016-09-13T00:00:00Z
source MITRE
title Bypassing Application Whitelisting using MSBuild.exe - Device Guard Example and Mitigations

Bypassing CloudTrail in AWS Service Catalog

Nick Frichette. (2023, March 20). Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research. Retrieved September 18, 2023.

Internal MISP references

UUID de50bd67-96bb-537c-b91d-e541a717b7a1 which can be used as unique global reference for Bypassing CloudTrail in AWS Service Catalog in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-18T00:00:00Z
date_published 2023-03-20T00:00:00Z
source MITRE
title Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research

AADInternals - Conditional Access Bypass

Dr. Nestori Syynimaa. (2020, September 6). Bypassing conditional access by faking device compliance. Retrieved March 4, 2022.

Internal MISP references

UUID 832841a1-92d1-4fcc-90f7-afbabad84aec which can be used as unique global reference for AADInternals - Conditional Access Bypass in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-04T00:00:00Z
date_published 2020-09-06T00:00:00Z
source MITRE
title Bypassing conditional access by faking device compliance

MsitPros CHM Aug 2017

Moe, O. (2017, August 13). Bypassing Device guard UMCI using CHM – CVE-2017-8625. Retrieved October 3, 2018.

Internal MISP references

UUID d4e4cc8a-3246-463f-ba06-d68459d907d4 which can be used as unique global reference for MsitPros CHM Aug 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-10-03T00:00:00Z
date_published 2017-08-13T00:00:00Z
source MITRE
title Bypassing Device guard UMCI using CHM – CVE-2017-8625

TCC macOS bypass

Phil Stokes. (2021, July 1). Bypassing macOS TCC User Privacy Protections By Accident and Design. Retrieved March 21, 2024.

Internal MISP references

UUID 4fc68e85-cd7a-5a15-84e3-8fbea0b28fd5 which can be used as unique global reference for TCC macOS bypass in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-21T00:00:00Z
date_published 2021-07-01T00:00:00Z
source MITRE
title Bypassing macOS TCC User Privacy Protections By Accident and Design

enigma0x3 sdclt app paths

Nelson, M. (2017, March 14). Bypassing UAC using App Paths. Retrieved May 25, 2017.

Internal MISP references

UUID 2e69a4a7-dc7f-4b7d-99b2-190c60d7efd1 which can be used as unique global reference for enigma0x3 sdclt app paths in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-05-25T00:00:00Z
date_published 2017-03-14T00:00:00Z
source MITRE
title Bypassing UAC using App Paths

MDSec System Calls

MDSec Research. (2020, December). Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams. Retrieved September 29, 2021.

Internal MISP references

UUID b461e226-1317-4ce4-a195-ba4c4957db99 which can be used as unique global reference for MDSec System Calls in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
date_published 2020-12-01T00:00:00Z
source MITRE
title Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams

Hybrid Analysis Icacls1 June 2018

Hybrid Analysis. (2018, June 12). c9b65b764985dfd7a11d3faf599c56b8.exe. Retrieved August 19, 2018.

Internal MISP references

UUID 74df644a-06b8-4331-85a3-932358d65b62 which can be used as unique global reference for Hybrid Analysis Icacls1 June 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-19T00:00:00Z
date_published 2018-06-12T00:00:00Z
source MITRE
title c9b65b764985dfd7a11d3faf599c56b8.exe

Microsoft Credential Manager store

Microsoft. (2016, August 31). Cached and Stored Credentials Technical Overview. Retrieved November 24, 2020.

Internal MISP references

UUID c949a29b-bb31-4bd7-a967-ddd48c7efb8e which can be used as unique global reference for Microsoft Credential Manager store in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-24T00:00:00Z
date_published 2016-08-31T00:00:00Z
source MITRE
title Cached and Stored Credentials Technical Overview

Microsoft - Cached Creds

Microsoft. (2016, August 21). Cached and Stored Credentials Technical Overview. Retrieved February 21, 2020.

Internal MISP references

UUID 590ea63f-f800-47e4-8d39-df11a184ba84 which can be used as unique global reference for Microsoft - Cached Creds in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-21T00:00:00Z
date_published 2016-08-21T00:00:00Z
source MITRE
title Cached and Stored Credentials Technical Overview

Kaspersky CactusPete Aug 2020

Zykov, K. (2020, August 13). CactusPete APT group’s updated Bisonal backdoor. Retrieved May 5, 2021.

Internal MISP references

UUID 1c393964-e717-45ad-8eb6-5df5555d3c70 which can be used as unique global reference for Kaspersky CactusPete Aug 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-05T00:00:00Z
date_published 2020-08-13T00:00:00Z
source MITRE, Tidal Cyber
title CactusPete APT group’s updated Bisonal backdoor

Kroll CACTUS Ransomware May 10 2023

Laurie Iacono, Stephen Green, Dave Truman. (2023, May 10). CACTUS Ransomware: Prickly New Variant Evades Detection. Retrieved August 10, 2023.

Internal MISP references

UUID f50de2f6-465f-4cae-a79c-cc135ebfee4f which can be used as unique global reference for Kroll CACTUS Ransomware May 10 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-10T00:00:00Z
date_published 2023-05-10T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title CACTUS Ransomware: Prickly New Variant Evades Detection

ESET CaddyWiper March 2022

ESET. (2022, March 15). CaddyWiper: New wiper malware discovered in Ukraine. Retrieved March 23, 2022.

Internal MISP references

UUID 9fa97444-311f-40c1-8728-c5f91634c750 which can be used as unique global reference for ESET CaddyWiper March 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-23T00:00:00Z
date_published 2022-03-15T00:00:00Z
source MITRE
title CaddyWiper: New wiper malware discovered in Ukraine

Cadet Blizzard emerges as novel threat actor

Microsoft Threat Intelligence. (2023, June 14). Cadet Blizzard emerges as a novel and distinct Russian threat actor. Retrieved July 10, 2023.

Internal MISP references

UUID 7180c6a7-e6ea-54bf-bcd7-c5238bbc5f5b which can be used as unique global reference for Cadet Blizzard emerges as novel threat actor in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-10T00:00:00Z
date_published 2023-06-14T00:00:00Z
source MITRE
title Cadet Blizzard emerges as a novel and distinct Russian threat actor

Cado Security Denonia

Matt Muir. (2022, April 6). Cado Discovers Denonia: The First Malware Specifically Targeting Lambda. Retrieved May 27, 2022.

Internal MISP references

UUID 584e7ace-ef33-423b-9801-4728a447cb34 which can be used as unique global reference for Cado Security Denonia in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-27T00:00:00Z
date_published 2022-04-06T00:00:00Z
source MITRE
title Cado Discovers Denonia: The First Malware Specifically Targeting Lambda

Cado Denonia April 3 2022

jbowen. (2022, April 3). Cado Discovers Denonia: The First Malware Specifically Targeting Lambda. Retrieved April 11, 2024.

Internal MISP references

UUID b276c28d-1488-4a21-86d1-7acdfd77794b which can be used as unique global reference for Cado Denonia April 3 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-11T00:00:00Z
date_published 2022-04-03T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Cado Discovers Denonia: The First Malware Specifically Targeting Lambda

Caesars Scattered Spider September 13 2023

William Turton. (2023, September 13). Caesars Entertainment Paid Millions to Hackers in Attack. Retrieved September 14, 2023.

Internal MISP references

UUID 6915c003-7c8b-451c-8fb1-3541f00c14fb which can be used as unique global reference for Caesars Scattered Spider September 13 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-14T00:00:00Z
date_published 2023-09-13T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Caesars Entertainment Paid Millions to Hackers in Attack

Securelist Calisto July 2018

Kuzin, M., Zelensky S. (2018, July 20). Calisto Trojan for macOS. Retrieved September 7, 2018.

Internal MISP references

UUID a292d77b-9150-46ea-b217-f51e091fdb57 which can be used as unique global reference for Securelist Calisto July 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-07T00:00:00Z
date_published 2018-07-20T00:00:00Z
source MITRE
title Calisto Trojan for macOS

CERTFR-2023-CTI-009

CERT-FR. (2023, October 26). Campagnes d'attaques du mode opératoire APT28 depuis 2021. Retrieved October 26, 2023.

Internal MISP references

UUID 5365ac4c-fbb8-4389-989e-a64cb7693371 which can be used as unique global reference for CERTFR-2023-CTI-009 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-26T00:00:00Z
date_published 2023-10-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Campagnes d'attaques du mode opératoire APT28 depuis 2021

FSI Andariel Campaign Rifle July 2017

FSI. (2017, July 27). Campaign Rifle - Andariel, the Maiden of Anguish. Retrieved September 29, 2021.

Internal MISP references

UUID bde61ee9-16f9-4bd9-a847-5cc9df21335c which can be used as unique global reference for FSI Andariel Campaign Rifle July 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
date_published 2017-07-27T00:00:00Z
source MITRE
title Campaign Rifle - Andariel, the Maiden of Anguish

Check Point Research January 5 2022

Check Point Research. (2022, January 5). Can You Trust a File's Digital Signature? New Zloader Campaign Exploits Microsoft's Signature Verification Putting Users at Risk. Retrieved May 11, 2023.

Internal MISP references

UUID d26dfc4d-e563-4262-b527-0fffb7228234 which can be used as unique global reference for Check Point Research January 5 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-11T00:00:00Z
date_published 2022-01-05T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Can You Trust a File's Digital Signature? New Zloader Campaign Exploits Microsoft's Signature Verification Putting Users at Risk

Kaspersky Carbanak

Kaspersky Lab's Global Research and Analysis Team. (2015, February). CARBANAK APT THE GREAT BANK ROBBERY. Retrieved August 23, 2018.

Internal MISP references

UUID 2f7e77db-fe39-4004-9945-3c8943708494 which can be used as unique global reference for Kaspersky Carbanak in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-23T00:00:00Z
date_published 2015-02-01T00:00:00Z
source MITRE, Tidal Cyber
title CARBANAK APT THE GREAT BANK ROBBERY

KasperskyCarbanak

Kaspersky Lab's Global Research & Analysis Team. (2015, February). CARBANAK APT THE GREAT BANK ROBBERY. Retrieved March 27, 2017.

Internal MISP references

UUID 053a2bbb-5509-4aba-bbd7-ccc3d8074291 which can be used as unique global reference for KasperskyCarbanak in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-27T00:00:00Z
date_published 2015-02-01T00:00:00Z
source MITRE
title CARBANAK APT THE GREAT BANK ROBBERY

Forcepoint Carbanak Google C2

Griffin, N. (2017, January 17). CARBANAK GROUP USES GOOGLE FOR MALWARE COMMAND-AND-CONTROL. Retrieved February 15, 2017.

Internal MISP references

UUID 3da6084f-5e12-4472-afb9-82efd3e22cf6 which can be used as unique global reference for Forcepoint Carbanak Google C2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-02-15T00:00:00Z
date_published 2017-01-17T00:00:00Z
source MITRE
title CARBANAK GROUP USES GOOGLE FOR MALWARE COMMAND-AND-CONTROL

Trend Micro Carberp February 2014

Trend Micro. (2014, February 27). CARBERP. Retrieved July 29, 2020.

Internal MISP references

UUID 069e458f-d780-47f9-8ebe-21b195fe9b33 which can be used as unique global reference for Trend Micro Carberp February 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-29T00:00:00Z
date_published 2014-02-27T00:00:00Z
source MITRE
title CARBERP

Prevx Carberp March 2011

Giuliani, M., Allievi, A. (2011, February 28). Carberp - a modular information stealing trojan. Retrieved July 15, 2020.

Internal MISP references

UUID 8f95d81a-ea8c-44bf-950d-9eb868182d39 which can be used as unique global reference for Prevx Carberp March 2011 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-15T00:00:00Z
date_published 2011-02-28T00:00:00Z
source MITRE
title Carberp - a modular information stealing trojan

Trusteer Carberp October 2010

Trusteer Fraud Prevention Center. (2010, October 7). Carberp Under the Hood of Carberp: Malware & Configuration Analysis. Retrieved July 15, 2020.

Internal MISP references

UUID f7af5be2-0cb4-4b41-9d08-2f652b6bac3c which can be used as unique global reference for Trusteer Carberp October 2010 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-15T00:00:00Z
date_published 2010-10-07T00:00:00Z
source MITRE
title Carberp Under the Hood of Carberp: Malware & Configuration Analysis

ESET Carbon Mar 2017

ESET. (2017, March 30). Carbon Paper: Peering into Turla’s second stage backdoor. Retrieved November 7, 2018.

Internal MISP references

UUID 5d2a3a81-e7b7-430d-b748-b773f89d3c77 which can be used as unique global reference for ESET Carbon Mar 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-07T00:00:00Z
date_published 2017-03-30T00:00:00Z
source MITRE
title Carbon Paper: Peering into Turla’s second stage backdoor

CrowdStrike Carbon Spider August 2021

Loui, E. and Reynolds, J. (2021, August 30). CARBON SPIDER Embraces Big Game Hunting, Part 1. Retrieved September 20, 2021.

Internal MISP references

UUID 36f0ddb0-94af-494c-ad10-9d3f75d1d810 which can be used as unique global reference for CrowdStrike Carbon Spider August 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-20T00:00:00Z
date_published 2021-08-30T00:00:00Z
source MITRE
title CARBON SPIDER Embraces Big Game Hunting, Part 1

PaloAlto CardinalRat Apr 2017

Grunzweig, J.. (2017, April 20). Cardinal RAT Active for Over Two Years. Retrieved December 8, 2018.

Internal MISP references

UUID 8d978b94-75c9-46a1-812a-bafe3396eda9 which can be used as unique global reference for PaloAlto CardinalRat Apr 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-12-08T00:00:00Z
date_published 2017-04-20T00:00:00Z
source MITRE
title Cardinal RAT Active for Over Two Years

ESET Casbaneiro Oct 2019

ESET Research. (2019, October 3). Casbaneiro: peculiarities of this banking Trojan that affects Brazil and Mexico. Retrieved September 23, 2021.

Internal MISP references

UUID a5cb3ee6-9a0b-4e90-bf32-be7177a858b1 which can be used as unique global reference for ESET Casbaneiro Oct 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-23T00:00:00Z
date_published 2019-10-03T00:00:00Z
source MITRE
title Casbaneiro: peculiarities of this banking Trojan that affects Brazil and Mexico

Microsoft Catalog Files and Signatures April 2017

Hudek, T. (2017, April 20). Catalog Files and Digital Signatures. Retrieved January 31, 2018.

Internal MISP references

UUID 5b6ae460-a1cf-4afe-a0c8-d6ea24741ebe which can be used as unique global reference for Microsoft Catalog Files and Signatures April 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-31T00:00:00Z
date_published 2017-04-20T00:00:00Z
source MITRE
title Catalog Files and Digital Signatures

Catch All Chrome Extension

Marinho, R. (n.d.). "Catch-All" Google Chrome Malicious Extension Steals All Posted Data. Retrieved November 16, 2017.

Internal MISP references

UUID eddd2ea8-89c1-40f9-b6e3-37cbdebd210e which can be used as unique global reference for Catch All Chrome Extension in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-16T00:00:00Z
source MITRE
title "Catch-All" Google Chrome Malicious Extension Steals All Posted Data

Akamai JS

Katz, O. (2020, October 26). Catch Me if You Can—JavaScript Obfuscation. Retrieved March 17, 2023.

Internal MISP references

UUID 379a177b-0c31-5840-ad54-3fdfc9904a88 which can be used as unique global reference for Akamai JS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-17T00:00:00Z
date_published 2020-10-26T00:00:00Z
source MITRE
title Catch Me if You Can—JavaScript Obfuscation

Categorisation_not_boundary

MDSec Research. (2017, July). Categorisation is not a Security Boundary. Retrieved September 20, 2019.

Internal MISP references

UUID 3c320f38-e691-46f7-a20d-58b024ea2fa2 which can be used as unique global reference for Categorisation_not_boundary in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-20T00:00:00Z
date_published 2017-07-01T00:00:00Z
source MITRE
title Categorisation is not a Security Boundary

CrowdStrike Flying Kitten

Dahl, M.. (2014, May 13). Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN. Retrieved May 27, 2020.

Internal MISP references

UUID ab669ded-e659-4313-b5ab-8c5362562f39 which can be used as unique global reference for CrowdStrike Flying Kitten in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-27T00:00:00Z
date_published 2014-05-13T00:00:00Z
source MITRE
title Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN

Telephone Attack Delivery

Selena Larson, Sam Scholten, Timothy Kromphardt. (2021, November 4). Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery. Retrieved January 5, 2022.

Internal MISP references

UUID 9670da7b-0600-4072-9ecc-65a918b89ac5 which can be used as unique global reference for Telephone Attack Delivery in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-05T00:00:00Z
date_published 2021-11-04T00:00:00Z
source MITRE
title Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery

Tetra Defense Sodinokibi March 2020

Tetra Defense. (2020, March). CAUSE AND EFFECT: SODINOKIBI RANSOMWARE ANALYSIS. Retrieved December 14, 2020.

Internal MISP references

UUID a6ef0302-7bf4-4c5c-a6fc-4bd1c3d67d50 which can be used as unique global reference for Tetra Defense Sodinokibi March 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-14T00:00:00Z
date_published 2020-03-01T00:00:00Z
source MITRE
title CAUSE AND EFFECT: SODINOKIBI RANSOMWARE ANALYSIS

CarbonBlack RobbinHood May 2019

Lee, S. (2019, May 17). CB TAU Threat Intelligence Notification: RobbinHood Ransomware Stops 181 Windows Services Before Encryption. Retrieved July 29, 2019.

Internal MISP references

UUID cb9e49fa-253a-447a-9c88-c6e507bae0bb which can be used as unique global reference for CarbonBlack RobbinHood May 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-29T00:00:00Z
date_published 2019-05-17T00:00:00Z
source MITRE
title CB TAU Threat Intelligence Notification: RobbinHood Ransomware Stops 181 Windows Services Before Encryption

Talos CCleanup 2017

Brumaghin, E. et al. (2017, September 18). CCleanup: A Vast Number of Machines at Risk. Retrieved March 9, 2018.

Internal MISP references

UUID f2522cf4-dc65-4dc5-87e3-9e88212fcfe9 which can be used as unique global reference for Talos CCleanup 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-09T00:00:00Z
date_published 2017-09-18T00:00:00Z
source MITRE
title CCleanup: A Vast Number of Machines at Risk

Cdb.exe - LOLBAS Project

LOLBAS. (2018, May 25). Cdb.exe. Retrieved December 4, 2023.

Internal MISP references

UUID e61b035f-6247-47e3-918c-2892815dfddf which can be used as unique global reference for Cdb.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Cdb.exe

Slowik Sandworm 2021

Joseph Slowik, DomainTools. (2021, March 3). Centreon to Exim and Back: On the Trail of Sandworm. Retrieved April 6, 2024.

Internal MISP references

UUID e1753588-bc53-5265-935e-cbbaf3e13a82 which can be used as unique global reference for Slowik Sandworm 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-06T00:00:00Z
date_published 2021-03-03T00:00:00Z
source MITRE
title Centreon to Exim and Back: On the Trail of Sandworm

ESET PLEAD Malware July 2018

Cherepanov, A.. (2018, July 9). Certificates stolen from Taiwanese tech‑companies misused in Plead malware campaign. Retrieved May 6, 2020.

Internal MISP references

UUID 2c28640d-e4ee-47db-a8f1-b34def7d2e9a which can be used as unique global reference for ESET PLEAD Malware July 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-06T00:00:00Z
date_published 2018-07-09T00:00:00Z
source MITRE
title Certificates stolen from Taiwanese tech‑companies misused in Plead malware campaign

Medium Certified Pre Owned

Schroeder, W. (2021, June 17). Certified Pre-Owned. Retrieved August 2, 2022.

Internal MISP references

UUID 04e53c69-3f29-4bb4-83c9-ff3a2db1526b which can be used as unique global reference for Medium Certified Pre Owned in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-02T00:00:00Z
date_published 2021-06-17T00:00:00Z
source MITRE
title Certified Pre-Owned

SpecterOps Certified Pre Owned

Schroeder, W. & Christensen, L. (2021, June 22). Certified Pre-Owned - Abusing Active Directory Certificate Services. Retrieved August 2, 2022.

Internal MISP references

UUID 73b6a6a6-c2b8-4aed-9cbc-d3bdcbb97698 which can be used as unique global reference for SpecterOps Certified Pre Owned in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-02T00:00:00Z
date_published 2021-06-22T00:00:00Z
source MITRE
title Certified Pre-Owned - Abusing Active Directory Certificate Services

GitHub Certify

HarmJ0y et al. (2021, June 9). Certify. Retrieved August 4, 2022.

Internal MISP references

UUID 27fce38b-07d6-43ed-a3da-174458c4acbe which can be used as unique global reference for GitHub Certify in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-04T00:00:00Z
date_published 2021-06-09T00:00:00Z
source MITRE
title Certify

CertOC.exe - LOLBAS Project

LOLBAS. (2021, October 7). CertOC.exe. Retrieved December 4, 2023.

Internal MISP references

UUID b906498e-2773-419b-8c6d-3e974925ac18 which can be used as unique global reference for CertOC.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-10-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title CertOC.exe

CertReq.exe - LOLBAS Project

LOLBAS. (2020, July 7). CertReq.exe. Retrieved December 4, 2023.

Internal MISP references

UUID be446484-8ecc-486e-8940-658c147f6978 which can be used as unique global reference for CertReq.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-07-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title CertReq.exe

GitHub CertStealer

TheWover. (2021, April 21). CertStealer. Retrieved August 2, 2022.

Internal MISP references

UUID da06ce8f-f950-4ae8-a62a-b59b236e91a3 which can be used as unique global reference for GitHub CertStealer in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-02T00:00:00Z
date_published 2021-04-21T00:00:00Z
source MITRE
title CertStealer

TechNet Certutil

Microsoft. (2012, November 14). Certutil. Retrieved July 3, 2017.

Internal MISP references

UUID 8d095aeb-c72c-49c1-8482-dbf4ce9203ce which can be used as unique global reference for TechNet Certutil in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-03T00:00:00Z
date_published 2012-11-14T00:00:00Z
source MITRE
title Certutil

LOLBAS Certutil

LOLBAS. (n.d.). Certutil.exe. Retrieved July 31, 2019.

Internal MISP references

UUID 4c875710-9b5d-47b5-bc9e-69ef95797c8f which can be used as unique global reference for LOLBAS Certutil in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-31T00:00:00Z
source MITRE
title Certutil.exe

FireEye CFR Watering Hole 2012

Kindlund, D. (2012, December 30). CFR Watering Hole Attack Details. Retrieved December 18, 2020.

Internal MISP references

UUID 6108ab77-e4fd-43f2-9d49-8ce9c219ca9c which can be used as unique global reference for FireEye CFR Watering Hole 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-18T00:00:00Z
date_published 2012-12-30T00:00:00Z
source MITRE
title CFR Watering Hole Attack Details

Twitter Cglyer Status Update APT3 eml

Glyer, C. (2018, April 14). @cglyer Status Update. Retrieved October 11, 2018.

Internal MISP references

UUID cfcb0839-0736-489f-9779-72e5c96cce3d which can be used as unique global reference for Twitter Cglyer Status Update APT3 eml in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-10-11T00:00:00Z
date_published 2018-04-14T00:00:00Z
source MITRE
title @cglyer Status Update

Cybereason Chaes Nov 2020

Salem, E. (2020, November 17). CHAES: Novel Malware Targeting Latin American E-Commerce. Retrieved June 30, 2021.

Internal MISP references

UUID aaefa162-82a8-4b6d-b7be-fd31fafd9246 which can be used as unique global reference for Cybereason Chaes Nov 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-30T00:00:00Z
date_published 2020-11-17T00:00:00Z
source MITRE
title CHAES: Novel Malware Targeting Latin American E-Commerce

Symantec Chafer February 2018

Symantec. (2018, February 28). Chafer: Latest Attacks Reveal Heightened Ambitions. Retrieved May 22, 2020.

Internal MISP references

UUID 3daaa402-5477-4868-b8f1-a2f6e38f04ef which can be used as unique global reference for Symantec Chafer February 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-22T00:00:00Z
date_published 2018-02-28T00:00:00Z
source MITRE
title Chafer: Latest Attacks Reveal Heightened Ambitions

Securelist Remexi Jan 2019

Legezo, D. (2019, January 30). Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities. Retrieved April 17, 2019.

Internal MISP references

UUID 07dfd8e7-4e51-4c6e-a4f6-aaeb74ff8845 which can be used as unique global reference for Securelist Remexi Jan 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-17T00:00:00Z
date_published 2019-01-30T00:00:00Z
source MITRE
title Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities

change_rdp_port_conti

The DFIR Report. (2022, March 1). "Change RDP port" #ContiLeaks. Retrieved March 1, 2022.

Internal MISP references

UUID c0deb077-6c26-52f1-9e7c-d1fb535a02a0 which can be used as unique global reference for change_rdp_port_conti in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-01T00:00:00Z
date_published 2022-03-01T00:00:00Z
source MITRE
title "Change RDP port" #ContiLeaks

Microsoft Change Normal Template

Microsoft. (n.d.). Change the Normal template (Normal.dotm). Retrieved July 3, 2017.

Internal MISP references

UUID 76bf3ce1-b94c-4b3d-9707-aca8a1ae5555 which can be used as unique global reference for Microsoft Change Normal Template in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-03T00:00:00Z
source MITRE
title Change the Normal template (Normal.dotm)

Microsoft Change Default Programs

Microsoft. (n.d.). Change which programs Windows 7 uses by default. Retrieved July 26, 2016.

Internal MISP references

UUID de515277-a280-40e5-ba34-3e8f16a5c703 which can be used as unique global reference for Microsoft Change Default Programs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-07-26T00:00:00Z
source MITRE
title Change which programs Windows 7 uses by default

Chaos Stolen Backdoor

Sebastian Feldmann. (2018, February 14). Chaos: a Stolen Backdoor Rising Again. Retrieved March 5, 2018.

Internal MISP references

UUID 8e6916c1-f102-4b54-b6a5-a58fed825c2e which can be used as unique global reference for Chaos Stolen Backdoor in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-05T00:00:00Z
date_published 2018-02-14T00:00:00Z
source MITRE
title Chaos: a Stolen Backdoor Rising Again

Wardle Persistence Chapter

Patrick Wardle. (n.d.). Chapter 0x2: Persistence. Retrieved April 13, 2022.

Internal MISP references

UUID 6272b9a2-d704-43f3-9e25-6c434bb5d1ef which can be used as unique global reference for Wardle Persistence Chapter in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-13T00:00:00Z
source MITRE
title Chapter 0x2: Persistence

cisco_deploy_rsa_keys

Cisco. (2023, February 17). Chapter: Deploying RSA Keys Within a PKI . Retrieved March 27, 2023.

Internal MISP references

UUID 132f387e-4ee3-51d3-a3b6-d61102ada152 which can be used as unique global reference for cisco_deploy_rsa_keys in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-27T00:00:00Z
date_published 2023-02-17T00:00:00Z
source MITRE
title Chapter: Deploying RSA Keys Within a PKI

Wikipedia Character Encoding

Wikipedia. (2017, February 19). Character Encoding. Retrieved March 1, 2017.

Internal MISP references

UUID 3e7df20f-5d11-4102-851f-04e89c25d12f which can be used as unique global reference for Wikipedia Character Encoding in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-01T00:00:00Z
date_published 2017-02-19T00:00:00Z
source MITRE
title Character Encoding

ClearSky Charming Kitten Dec 2017

ClearSky Cyber Security. (2017, December). Charming Kitten. Retrieved December 27, 2017.

Internal MISP references

UUID 23ab1ad2-e9d4-416a-926f-6220a59044ab which can be used as unique global reference for ClearSky Charming Kitten Dec 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-27T00:00:00Z
date_published 2017-12-01T00:00:00Z
source MITRE
title Charming Kitten

Certfa Charming Kitten January 2021

Certfa Labs. (2021, January 8). Charming Kitten’s Christmas Gift. Retrieved May 3, 2021.

Internal MISP references

UUID c38a8af6-3f9b-40c3-8122-a2a51eb50664 which can be used as unique global reference for Certfa Charming Kitten January 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-03T00:00:00Z
date_published 2021-01-08T00:00:00Z
source MITRE
title Charming Kitten’s Christmas Gift

Proofpoint TA2541 February 2022

Larson, S. and Wise, J. (2022, February 15). Charting TA2541's Flight. Retrieved September 12, 2023.

Internal MISP references

UUID db0b1425-8bd7-51b5-bae3-53c5ccccb8da which can be used as unique global reference for Proofpoint TA2541 February 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-12T00:00:00Z
date_published 2022-02-15T00:00:00Z
source MITRE
title Charting TA2541's Flight

JPCERT ChChes Feb 2017

Nakamura, Y.. (2017, February 17). ChChes - Malware that Communicates with C&C Servers Using Cookie Headers. Retrieved March 1, 2017.

Internal MISP references

UUID 657b43aa-ead2-41d3-911a-d714d9b28e19 which can be used as unique global reference for JPCERT ChChes Feb 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-01T00:00:00Z
date_published 2017-02-17T00:00:00Z
source MITRE
title ChChes - Malware that Communicates with C&C Servers Using Cookie Headers

EclecticLightChecksonEXECodeSigning

Howard Oakley. (2020, November 16). Checks on executable code in Catalina and Big Sur: a first draft. Retrieved September 21, 2022.

Internal MISP references

UUID 2885db46-4f8c-4c35-901c-7641c7701293 which can be used as unique global reference for EclecticLightChecksonEXECodeSigning in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-21T00:00:00Z
date_published 2020-11-16T00:00:00Z
source MITRE
title Checks on executable code in Catalina and Big Sur: a first draft

Mandiant Pulse Secure Zero-Day April 2021

Perez, D. et al. (2021, April 20). Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day. Retrieved February 5, 2024.

Internal MISP references

UUID 0760480c-97be-5fc9-a6aa-f1df91a314a3 which can be used as unique global reference for Mandiant Pulse Secure Zero-Day April 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-05T00:00:00Z
date_published 2021-04-20T00:00:00Z
source MITRE
title Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day

Anomali MUSTANG PANDA October 2019

Anomali Threat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021.

Internal MISP references

UUID 70277fa4-60a8-475e-993a-c74241b76127 which can be used as unique global reference for Anomali MUSTANG PANDA October 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-12T00:00:00Z
date_published 2019-10-07T00:00:00Z
source MITRE, Tidal Cyber
title China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations

FireEye admin@338

FireEye Threat Intelligence. (2015, December 1). China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets. Retrieved December 4, 2015.

Internal MISP references

UUID f3470275-9652-440e-914d-ad4fc5165413 which can be used as unique global reference for FireEye admin@338 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-12-04T00:00:00Z
date_published 2015-12-01T00:00:00Z
source MITRE, Tidal Cyber
title China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets

IronNet BlackTech Oct 2021

Demboski, M., et al. (2021, October 26). China cyber attacks: the current threat landscape. Retrieved March 25, 2022.

Internal MISP references

UUID 98b2d114-4246-409d-934a-238682fd5ae6 which can be used as unique global reference for IronNet BlackTech Oct 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-25T00:00:00Z
date_published 2021-10-26T00:00:00Z
source MITRE
title China cyber attacks: the current threat landscape

Recorded Future RedEcho Feb 2021

Insikt Group. (2021, February 28). China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions. Retrieved March 22, 2021.

Internal MISP references

UUID 6da7eb8a-aab4-41ea-a0b7-5313d88cbe91 which can be used as unique global reference for Recorded Future RedEcho Feb 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-22T00:00:00Z
date_published 2021-02-28T00:00:00Z
source MITRE
title China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions

EFF China GitHub Attack

Budington, B. (2015, April 2). China Uses Unencrypted Websites to Hijack Browsers in GitHub Attack. Retrieved September 1, 2023.

Internal MISP references

UUID b8405628-6366-5cc9-a9af-b97d5c9176dd which can be used as unique global reference for EFF China GitHub Attack in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-01T00:00:00Z
date_published 2015-04-02T00:00:00Z
source MITRE
title China Uses Unencrypted Websites to Hijack Browsers in GitHub Attack

PaloAlto 3102 Sept 2015

Falcone, R. & Miller-Osborn, J. (2015, September 23). Chinese Actors Use ‘3102’ Malware in Attacks on US Government and EU Media. Retrieved March 19, 2018.

Internal MISP references

UUID db340043-43a7-4b16-a570-92a0d879b2bf which can be used as unique global reference for PaloAlto 3102 Sept 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-19T00:00:00Z
date_published 2015-09-23T00:00:00Z
source MITRE
title Chinese Actors Use ‘3102’ Malware in Attacks on US Government and EU Media

ZScaler Hacking Team

Desai, D.. (2015, August 14). Chinese cyber espionage APT group leveraging recently leaked Hacking Team exploits to target a Financial Services Firm. Retrieved January 26, 2016.

Internal MISP references

UUID 83e6ab22-1f01-4c9b-90e5-0279af487805 which can be used as unique global reference for ZScaler Hacking Team in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-26T00:00:00Z
date_published 2015-08-14T00:00:00Z
source MITRE
title Chinese cyber espionage APT group leveraging recently leaked Hacking Team exploits to target a Financial Services Firm

Hacker News LuckyMouse June 2018

Khandelwal, S. (2018, June 14). Chinese Hackers Carried Out Country-Level Watering Hole Attack. Retrieved August 18, 2018.

Internal MISP references

UUID de78446a-cb46-4422-820b-9ddf07557b1a which can be used as unique global reference for Hacker News LuckyMouse June 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-18T00:00:00Z
date_published 2018-06-14T00:00:00Z
source MITRE
title Chinese Hackers Carried Out Country-Level Watering Hole Attack

The Record APT31 Router Hacks

Catalin Cimpanu. (2021, July 20). Chinese hacking group APT31 uses mesh of home routers to disguise attacks. Retrieved April 25, 2024.

Internal MISP references

UUID 41fc3724-85a0-4ad0-9494-47f89f3b079b which can be used as unique global reference for The Record APT31 Router Hacks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-25T00:00:00Z
date_published 2021-07-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Chinese hacking group APT31 uses mesh of home routers to disguise attacks

Dark Reading Codoso Feb 2015

Chickowski, E. (2015, February 10). Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole. Retrieved September 13, 2018.

Internal MISP references

UUID c24035b1-2021-44ae-b01e-651e44526737 which can be used as unique global reference for Dark Reading Codoso Feb 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-13T00:00:00Z
date_published 2015-02-10T00:00:00Z
source MITRE
title Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole

Recorded Future TAG-22 July 2021

INSIKT GROUP. (2021, July 8). Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling. Retrieved September 2, 2022.

Internal MISP references

UUID 258433e7-f829-4365-adbb-c5690159070f which can be used as unique global reference for Recorded Future TAG-22 July 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-02T00:00:00Z
date_published 2021-07-08T00:00:00Z
source MITRE
title Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling

Recorded Future Chinese Activity in Southeast Asia December 2021

Insikt Group. (2021, December 8). Chinese State-Sponsored Cyber Espionage Activity Supports Expansion of Regional Power and Influence in Southeast Asia. Retrieved September 19, 2022.

Internal MISP references

UUID 0809db3b-81a8-475d-920a-cb913b30f42e which can be used as unique global reference for Recorded Future Chinese Activity in Southeast Asia December 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-19T00:00:00Z
date_published 2021-12-08T00:00:00Z
source MITRE
title Chinese State-Sponsored Cyber Espionage Activity Supports Expansion of Regional Power and Influence in Southeast Asia

Recorded Future REDDELTA July 2020

Insikt Group. (2020, July 28). CHINESE STATE-SPONSORED GROUP ‘REDDELTA’ TARGETS THE VATICAN AND CATHOLIC ORGANIZATIONS. Retrieved April 13, 2021.

Internal MISP references

UUID e2bc037e-d483-4670-8281-70e51b16effe which can be used as unique global reference for Recorded Future REDDELTA July 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-13T00:00:00Z
date_published 2020-07-28T00:00:00Z
source MITRE
title CHINESE STATE-SPONSORED GROUP ‘REDDELTA’ TARGETS THE VATICAN AND CATHOLIC ORGANIZATIONS

Github CHIPSEC

Intel. (2017, March 18). CHIPSEC Platform Security Assessment Framework. Retrieved March 20, 2017.

Internal MISP references

UUID 47501334-56cb-453b-a9e3-33990d88018b which can be used as unique global reference for Github CHIPSEC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-20T00:00:00Z
date_published 2017-03-18T00:00:00Z
source MITRE
title CHIPSEC Platform Security Assessment Framework

McAfee CHIPSEC Blog

Beek, C., Samani, R. (2017, March 8). CHIPSEC Support Against Vault 7 Disclosure Scanning. Retrieved March 13, 2017.

Internal MISP references

UUID b65ed687-c279-4f64-9dd2-839164cd269c which can be used as unique global reference for McAfee CHIPSEC Blog in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-13T00:00:00Z
date_published 2017-03-08T00:00:00Z
source MITRE
title CHIPSEC Support Against Vault 7 Disclosure Scanning

Chkrootkit Main

Murilo, N., Steding-Jessen, K. (2017, August 23). Chkrootkit. Retrieved April 9, 2018.

Internal MISP references

UUID 828fb4b9-17a6-4a87-ac2a-631643adb18d which can be used as unique global reference for Chkrootkit Main in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-09T00:00:00Z
date_published 2017-08-23T00:00:00Z
source MITRE
title Chkrootkit

Azure AD Hybrid Identity

Microsoft. (2022, August 26). Choose the right authentication method for your Azure Active Directory hybrid identity solution. Retrieved September 28, 2022.

Internal MISP references

UUID b019406c-6e39-41a2-a8b4-97f8d6482147 which can be used as unique global reference for Azure AD Hybrid Identity in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-28T00:00:00Z
date_published 2022-08-26T00:00:00Z
source MITRE
title Choose the right authentication method for your Azure Active Directory hybrid identity solution

Chrome Remote Desktop

Huntress. (n.d.). Retrieved March 14, 2024.

Internal MISP references

UUID c1b2d0e9-2396-5080-aea3-58a99c027d20 which can be used as unique global reference for Chrome Remote Desktop in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-14T00:00:00Z
source MITRE
title Chrome Remote Desktop

show_ssh_users_cmd_cisco

Cisco. (2023, March 7). Cisco IOS Security Command Reference: Commands S to Z . Retrieved July 13, 2022.

Internal MISP references

UUID 11d34884-4559-57ad-8910-54e517c6493e which can be used as unique global reference for show_ssh_users_cmd_cisco in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-13T00:00:00Z
date_published 2023-03-07T00:00:00Z
source MITRE
title Cisco IOS Security Command Reference: Commands S to Z

Cisco IOS Shellcode

George Nosenko. (2015). CISCO IOS SHELLCODE: ALL-IN-ONE. Retrieved October 21, 2020.

Internal MISP references

UUID 55a45f9b-7be4-4f1b-8b19-a0addf9da8d8 which can be used as unique global reference for Cisco IOS Shellcode in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-21T00:00:00Z
date_published 2015-01-01T00:00:00Z
source MITRE
title CISCO IOS SHELLCODE: ALL-IN-ONE

Cisco IOS Software Integrity Assurance - AAA

Cisco. (n.d.). Cisco IOS Software Integrity Assurance - AAA. Retrieved October 19, 2020.

Internal MISP references

UUID 2d1b5021-91ad-43c9-8527-4978fa779168 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - AAA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
source MITRE
title Cisco IOS Software Integrity Assurance - AAA

Cisco IOS Software Integrity Assurance - Boot Information

Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Boot Information. Retrieved October 21, 2020.

Internal MISP references

UUID 5349863a-00c1-42bf-beac-4e7d053d6311 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Boot Information in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-21T00:00:00Z
source MITRE
title Cisco IOS Software Integrity Assurance - Boot Information

Cisco IOS Software Integrity Assurance - Change Control

Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Change Control. Retrieved October 21, 2020.

Internal MISP references

UUID 8fb532f2-c730-4b86-b8d2-2314ce559289 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Change Control in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-21T00:00:00Z
source MITRE
title Cisco IOS Software Integrity Assurance - Change Control

Cisco IOS Software Integrity Assurance - Image File Verification

Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Cisco IOS Image File Verification. Retrieved October 19, 2020.

Internal MISP references

UUID f1d736cb-63c1-43e8-a83b-ed86b7c27606 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Image File Verification in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
source MITRE
title Cisco IOS Software Integrity Assurance - Cisco IOS Image File Verification

Cisco IOS Software Integrity Assurance - Run-Time Memory Verification

Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Cisco IOS Run-Time Memory Integrity Verification. Retrieved October 19, 2020.

Internal MISP references

UUID 284608ea-3769-470e-950b-cbd67796b20f which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Run-Time Memory Verification in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
source MITRE
title Cisco IOS Software Integrity Assurance - Cisco IOS Run-Time Memory Integrity Verification

Cisco IOS Software Integrity Assurance - Command History

Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Command History. Retrieved October 21, 2020.

Internal MISP references

UUID dbca06dd-1184-4d52-9ee8-b059e368033c which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Command History in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-21T00:00:00Z
source MITRE
title Cisco IOS Software Integrity Assurance - Command History

Cisco IOS Software Integrity Assurance - Credentials Management

Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Credentials Management. Retrieved October 19, 2020.

Internal MISP references

UUID 9a7428e3-bd77-4c3e-ac90-c4e30d504ba6 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Credentials Management in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
source MITRE
title Cisco IOS Software Integrity Assurance - Credentials Management

Cisco IOS Software Integrity Assurance - Deploy Signed IOS

Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Deploy Signed IOS. Retrieved October 21, 2020.

Internal MISP references

UUID 71ea5591-6e46-4c58-a4e8-c629eba1b6c5 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Deploy Signed IOS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-21T00:00:00Z
source MITRE
title Cisco IOS Software Integrity Assurance - Deploy Signed IOS

Cisco IOS Software Integrity Assurance - Image File Integrity

Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Image File Integrity. Retrieved October 21, 2020.

Internal MISP references

UUID 90909bd4-15e8-48ee-8067-69f04736c583 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Image File Integrity in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-21T00:00:00Z
source MITRE
title Cisco IOS Software Integrity Assurance - Image File Integrity

Cisco IOS Software Integrity Assurance - Secure Boot

Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Secure Boot. Retrieved October 19, 2020.

Internal MISP references

UUID 4f6f686e-bcda-480a-88a1-ad7b00084c13 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Secure Boot in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
source MITRE
title Cisco IOS Software Integrity Assurance - Secure Boot

Cisco IOS Software Integrity Assurance - TACACS

Cisco. (n.d.). Cisco IOS Software Integrity Assurance - TACACS. Retrieved October 19, 2020.

Internal MISP references

UUID 54506dc2-6496-4edb-a5bf-fe64bf235ac0 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - TACACS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
source MITRE
title Cisco IOS Software Integrity Assurance - TACACS

Cisco Traffic Mirroring

Cisco. (n.d.). Cisco IOS XR Interface and Hardware Component Configuration Guide for the Cisco CRS Router, Release 5.1.x. Retrieved October 19, 2020.

Internal MISP references

UUID 1a5c86ad-d3b1-408b-a6b4-14ca0e572020 which can be used as unique global reference for Cisco Traffic Mirroring in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
source MITRE
title Cisco IOS XR Interface and Hardware Component Configuration Guide for the Cisco CRS Router, Release 5.1.x

Talos - Cisco Attack 2022

Nick Biasini. (2022, August 10). Cisco Talos shares insights related to recent cyber attack on Cisco. Retrieved March 9, 2023.

Internal MISP references

UUID 143182ad-6a16-5a0d-a5c4-7dae721a9e26 which can be used as unique global reference for Talos - Cisco Attack 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-09T00:00:00Z
date_published 2022-08-10T00:00:00Z
source MITRE
title Cisco Talos shares insights related to recent cyber attack on Cisco

Citrix Bulletin CVE-2023-3519

Citrix. (2023, July 18). Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467. Retrieved July 24, 2023.

Internal MISP references

UUID 245ef1b7-778d-4df2-99a9-b51c95c57580 which can be used as unique global reference for Citrix Bulletin CVE-2023-3519 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-24T00:00:00Z
date_published 2023-07-18T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467

Malwarebytes Citrix Bleed November 24 2023

Pieter Arntz. (2023, November 24). Citrix Bleed widely exploited, warn government agencies. Retrieved November 30, 2023.

Internal MISP references

UUID fdc86cea-0015-48d1-934f-b22244de6306 which can be used as unique global reference for Malwarebytes Citrix Bleed November 24 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-30T00:00:00Z
date_published 2023-11-24T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Citrix Bleed widely exploited, warn government agencies

Cyble April 28 2023

Cybleinc. (2023, April 28). Citrix Users at Risk: AresLoader Spreading Through Disguised GitLab Repo. Retrieved May 7, 2023.

Internal MISP references

UUID 2d6bea2c-cc19-4ff7-873f-151f1ff354cb which can be used as unique global reference for Cyble April 28 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2023-04-28T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Citrix Users at Risk: AresLoader Spreading Through Disguised GitLab Repo

Cyble April 03 2023

Cybleinc. (2023, April 3). Cl0p Ransomware: Active Threat Plaguing Businesses Worldwide. Retrieved May 25, 2023.

Internal MISP references

UUID 8c7815c4-ed8d-47c3-84af-b7cdabd49652 which can be used as unique global reference for Cyble April 03 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-25T00:00:00Z
date_published 2023-04-03T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Cl0p Ransomware: Active Threat Plaguing Businesses Worldwide

Talent-Jump Clambling February 2020

Chen, T. and Chen, Z. (2020, February 17). CLAMBLING - A New Backdoor Base On Dropbox. Retrieved November 12, 2021.

Internal MISP references

UUID 51144a8a-0cd4-4d5d-826b-21c2dc8422be which can be used as unique global reference for Talent-Jump Clambling February 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-11-12T00:00:00Z
date_published 2020-02-17T00:00:00Z
source MITRE
title CLAMBLING - A New Backdoor Base On Dropbox

FireEye Clandestine Fox Part 2

Scott, M.. (2014, June 10). Clandestine Fox, Part Deux. Retrieved January 14, 2016.

Internal MISP references

UUID 82500741-984d-4039-8f53-b303845c2849 which can be used as unique global reference for FireEye Clandestine Fox Part 2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-14T00:00:00Z
date_published 2014-06-10T00:00:00Z
source MITRE
title Clandestine Fox, Part Deux

Microsoft Clear-EventLog

Microsoft. (n.d.). Clear-EventLog. Retrieved July 2, 2018.

Internal MISP references

UUID 35944ff0-2bbd-4055-8e8a-cfff27241a8a which can be used as unique global reference for Microsoft Clear-EventLog in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-02T00:00:00Z
source MITRE
title Clear-EventLog

Clearing quarantine attribute

Rich Trouton. (2012, November 20). Clearing the quarantine extended attribute from downloaded applications. Retrieved July 5, 2017.

Internal MISP references

UUID 4115ab53-751c-4016-9151-a55eab7d6ddf which can be used as unique global reference for Clearing quarantine attribute in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-05T00:00:00Z
date_published 2012-11-20T00:00:00Z
source MITRE
title Clearing the quarantine extended attribute from downloaded applications

NPPSPY - Huntress

Dray Agha. (2022, August 16). Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY. Retrieved March 30, 2023.

Internal MISP references

UUID df1f7379-38c3-5ca9-8333-d684022c000c which can be used as unique global reference for NPPSPY - Huntress in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-30T00:00:00Z
date_published 2022-08-16T00:00:00Z
source MITRE
title Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY

CL_Invocation.ps1 - LOLBAS Project

LOLBAS. (2018, May 25). CL_Invocation.ps1. Retrieved December 4, 2023.

Internal MISP references

UUID a53e093a-973c-491d-91e3-bc7804d87b8b which can be used as unique global reference for CL_Invocation.ps1 - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title CL_Invocation.ps1

clip_win_server

Microsoft, JasonGerend, et al. (2023, February 3). clip. Retrieved June 21, 2022.

Internal MISP references

UUID 8a961fa1-def0-5efe-8599-62e884d4ea22 which can be used as unique global reference for clip_win_server in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-21T00:00:00Z
date_published 2023-02-03T00:00:00Z
source MITRE
title clip

Red Canary Silver Sparrow Feb2021

Tony Lambert. (2021, February 18). Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight. Retrieved April 20, 2021.

Internal MISP references

UUID f08a856d-6c3e-49e2-b7ba-399831c637e5 which can be used as unique global reference for Red Canary Silver Sparrow Feb2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-20T00:00:00Z
date_published 2021-02-18T00:00:00Z
source MITRE
title Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight

CL_LoadAssembly.ps1 - LOLBAS Project

LOLBAS. (2021, September 26). CL_LoadAssembly.ps1. Retrieved December 4, 2023.

Internal MISP references

UUID 31a14027-1181-49b9-87bf-78a65a551312 which can be used as unique global reference for CL_LoadAssembly.ps1 - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-09-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title CL_LoadAssembly.ps1

CL_Mutexverifiers.ps1 - LOLBAS Project

LOLBAS. (2018, May 25). CL_Mutexverifiers.ps1. Retrieved December 4, 2023.

Internal MISP references

UUID 75b89502-21ed-4920-95cc-212eaf17f281 which can be used as unique global reference for CL_Mutexverifiers.ps1 - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title CL_Mutexverifiers.ps1

Cybereason Clop Dec 2020

Cybereason Nocturnus. (2020, December 23). Cybereason vs. Clop Ransomware. Retrieved May 11, 2021.

Internal MISP references

UUID f54d682d-100e-41bb-96be-6a79ea422066 which can be used as unique global reference for Cybereason Clop Dec 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-11T00:00:00Z
source MITRE
title Clop Ransomware

Mcafee Clop Aug 2019

Mundo, A. (2019, August 1). Clop Ransomware. Retrieved May 10, 2021.

Internal MISP references

UUID 458141bd-7dd2-41fd-82e8-7ea2e4a477ab which can be used as unique global reference for Mcafee Clop Aug 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-10T00:00:00Z
date_published 2019-08-01T00:00:00Z
source MITRE
title Clop Ransomware

Bleeping Computer Clop February 2023

Sergiu Gatlan. (2023, February 10). Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day. Retrieved May 8, 2023.

Internal MISP references

UUID ccfa7e78-1ee9-4d46-9f03-137eb12cf474 which can be used as unique global reference for Bleeping Computer Clop February 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-08T00:00:00Z
date_published 2023-02-10T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day

Kaspersky Cloud Atlas December 2014

GReAT. (2014, December 10). Cloud Atlas: RedOctober APT is back in style. Retrieved May 8, 2020.

Internal MISP references

UUID 41a9b3e3-0953-4bde-9e1d-c2f51de1120e which can be used as unique global reference for Kaspersky Cloud Atlas December 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-08T00:00:00Z
date_published 2014-12-10T00:00:00Z
source MITRE
title Cloud Atlas: RedOctober APT is back in style

Kandji 4 8 2024

Adam Kohler; Christopher Lopez. (2024, April 8). CloudChat Infostealer How It Works, What It Does. Retrieved April 19, 2024.

Internal MISP references

UUID f2e74613-f578-4408-bc76-144ec671808b which can be used as unique global reference for Kandji 4 8 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-19T00:00:00Z
date_published 2024-04-08T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title CloudChat Infostealer How It Works, What It Does

Rhino Labs Cloud Backdoor September 2019

Rhino Labs. (2019, September). Cloud Container Attack Tool (CCAT). Retrieved September 12, 2019.

Internal MISP references

UUID ac31b781-dbe4-49c2-b7af-dfb23d435ce8 which can be used as unique global reference for Rhino Labs Cloud Backdoor September 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-12T00:00:00Z
date_published 2019-09-01T00:00:00Z
source MITRE
title Cloud Container Attack Tool (CCAT)

Google Cloud Storage

Google. (n.d.). Cloud Storage. Retrieved October 13, 2021.

Internal MISP references

UUID 5fe51b4e-9b82-4e97-bb65-73708349538a which can be used as unique global reference for Google Cloud Storage in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-13T00:00:00Z
source MITRE
title Cloud Storage

Office 265 Azure Domain Availability

Microsoft. (2017, January 23). (Cloud) Tip of the Day: Advanced way to check domain availability for Office 365 and Azure. Retrieved May 27, 2022.

Internal MISP references

UUID dddf33ea-d074-4bc4-98d2-39b7e843e37d which can be used as unique global reference for Office 265 Azure Domain Availability in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-27T00:00:00Z
date_published 2017-01-23T00:00:00Z
source MITRE
title (Cloud) Tip of the Day: Advanced way to check domain availability for Office 365 and Azure

Mandiant Cloudy Logs 2023

Pany, D. & Hanley, C. (2023, May 3). Cloudy with a Chance of Bad Logs: Cloud Platform Log Configurations to Consider in Investigations. Retrieved October 16, 2023.

Internal MISP references

UUID a9835fe9-8227-5310-a728-1d09f19342b3 which can be used as unique global reference for Mandiant Cloudy Logs 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-16T00:00:00Z
date_published 2023-05-03T00:00:00Z
source MITRE
title Cloudy with a Chance of Bad Logs: Cloud Platform Log Configurations to Consider in Investigations

win_clsid_key

Microsoft. (2018, May 31). CLSID Key. Retrieved September 24, 2021.

Internal MISP references

UUID 239bb629-2733-4da3-87c2-47a7ab55433f which can be used as unique global reference for win_clsid_key in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-24T00:00:00Z
date_published 2018-05-31T00:00:00Z
source MITRE
title CLSID Key

Kube Cluster Admin

kubernetes. (2021, January 16). Cluster Administration. Retrieved October 13, 2021.

Internal MISP references

UUID 6c5f2465-1db3-46cc-8d2a-9763c21aa8cc which can be used as unique global reference for Kube Cluster Admin in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-13T00:00:00Z
date_published 2021-01-16T00:00:00Z
source MITRE
title Cluster Administration

Kube Cluster Info

kubernetes. (n.d.). cluster-info. Retrieved October 13, 2021.

Internal MISP references

UUID 0f8b5d79-2393-45a2-b6d4-df394e513e39 which can be used as unique global reference for Kube Cluster Info in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-13T00:00:00Z
source MITRE
title cluster-info

TechNet Cmd

Microsoft. (n.d.). Cmd. Retrieved April 18, 2016.

Internal MISP references

UUID dbfc01fe-c300-4c27-ab9a-a20508c1e04b which can be used as unique global reference for TechNet Cmd in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-18T00:00:00Z
source MITRE
title Cmd

Cmd.exe - LOLBAS Project

LOLBAS. (2019, June 26). Cmd.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 887aa9af-3f0e-42bb-8c40-39149f34b922 which can be used as unique global reference for Cmd.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2019-06-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Cmd.exe

Cmdkey.exe - LOLBAS Project

LOLBAS. (2018, May 25). Cmdkey.exe. Retrieved December 4, 2023.

Internal MISP references

UUID c9ca075a-8327-463d-96ec-adddf6f1a7bb which can be used as unique global reference for Cmdkey.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Cmdkey.exe

cmdl32.exe - LOLBAS Project

LOLBAS. (2021, August 26). cmdl32.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 2628e452-caa1-4058-a405-7c4657fa3245 which can be used as unique global reference for cmdl32.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-08-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title cmdl32.exe

Cmstp.exe - LOLBAS Project

LOLBAS. (2018, May 25). Cmstp.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 86c21dcd-464a-4870-8aae-25fcaccc889d which can be used as unique global reference for Cmstp.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Cmstp.exe

Twitter CMSTP Jan 2018

Tyrer, N. (2018, January 30). CMSTP.exe - remote .sct execution applocker bypass. Retrieved April 11, 2018.

Internal MISP references

UUID 3847149c-1463-4d94-be19-0a8cf1db0b58 which can be used as unique global reference for Twitter CMSTP Jan 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-11T00:00:00Z
date_published 2018-01-30T00:00:00Z
source MITRE
title CMSTP.exe - remote .sct execution applocker bypass

Secureworks COBALT DICKENS September 2019

Counter Threat Unit Research Team. (2019, September 11). COBALT DICKENS Goes Back to School…Again. Retrieved February 3, 2021.

Internal MISP references

UUID 45815e4d-d678-4823-8315-583893e263e6 which can be used as unique global reference for Secureworks COBALT DICKENS September 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-03T00:00:00Z
date_published 2019-09-11T00:00:00Z
source MITRE
title COBALT DICKENS Goes Back to School…Again

Morphisec Cobalt Gang Oct 2018

Gorelik, M. (2018, October 08). Cobalt Group 2.0. Retrieved November 5, 2018.

Internal MISP references

UUID 0a0bdd4b-a680-4a38-967d-3ad92f04d619 which can be used as unique global reference for Morphisec Cobalt Gang Oct 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-05T00:00:00Z
date_published 2018-10-08T00:00:00Z
source MITRE
title Cobalt Group 2.0

Secureworks COBALT GYPSY Threat Profile

Secureworks. (n.d.). COBALT GYPSY Threat Profile. Retrieved April 14, 2021.

Internal MISP references

UUID f1c21834-7536-430b-8539-e68373718b4d which can be used as unique global reference for Secureworks COBALT GYPSY Threat Profile in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-14T00:00:00Z
source MITRE
title COBALT GYPSY Threat Profile

Secureworks COBALT ILLUSION Threat Profile

Secureworks. (n.d.). COBALT ILLUSION Threat Profile. Retrieved April 14, 2021.

Internal MISP references

UUID 8d9a5b77-2516-4ad5-9710-4c8165df2882 which can be used as unique global reference for Secureworks COBALT ILLUSION Threat Profile in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-14T00:00:00Z
source MITRE
title COBALT ILLUSION Threat Profile

PTSecurity Cobalt Dec 2016

Positive Technologies. (2016, December 16). Cobalt Snatch. Retrieved October 9, 2018.

Internal MISP references

UUID 2de4d38f-c99d-4149-89e6-0349a4902aa2 which can be used as unique global reference for PTSecurity Cobalt Dec 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-10-09T00:00:00Z
date_published 2016-12-16T00:00:00Z
source MITRE
title Cobalt Snatch

CobaltStrike Daddy May 2017

Mudge, R. (2017, May 23). Cobalt Strike 3.8 – Who’s Your Daddy?. Retrieved June 4, 2019.

Internal MISP references

UUID 056ef3cd-885d-41d6-9547-a2a575b03662 which can be used as unique global reference for CobaltStrike Daddy May 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-04T00:00:00Z
date_published 2017-05-23T00:00:00Z
source MITRE
title Cobalt Strike 3.8 – Who’s Your Daddy?

Cobalt Strike Manual 4.3 November 2020

Strategic Cyber LLC. (2020, November 5). Cobalt Strike: Advanced Threat Tactics for Penetration Testers. Retrieved April 13, 2021.

Internal MISP references

UUID eb7abdb2-b270-46ae-a950-5a93d09b3565 which can be used as unique global reference for Cobalt Strike Manual 4.3 November 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-13T00:00:00Z
date_published 2020-11-05T00:00:00Z
source MITRE
title Cobalt Strike: Advanced Threat Tactics for Penetration Testers

cobaltstrike manual

Strategic Cyber LLC. (2017, March 14). Cobalt Strike Manual. Retrieved May 24, 2017.

Internal MISP references

UUID 43277d05-0aa4-4cee-ac41-6f03a49851a9 which can be used as unique global reference for cobaltstrike manual in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-05-24T00:00:00Z
date_published 2017-03-14T00:00:00Z
source MITRE
title Cobalt Strike Manual

TrendMicro Cobalt Group Nov 2017

Giagone, R., Bermejo, L., and Yarochkin, F. (2017, November 20). Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks. Retrieved March 7, 2019.

Internal MISP references

UUID 81847e06-fea0-4d90-8a9e-5bc99a2bf3f0 which can be used as unique global reference for TrendMicro Cobalt Group Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-07T00:00:00Z
date_published 2017-11-20T00:00:00Z
source MITRE
title Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks

PTSecurity Cobalt Group Aug 2017

Positive Technologies. (2017, August 16). Cobalt Strikes Back: An Evolving Multinational Threat to Finance. Retrieved September 5, 2018.

Internal MISP references

UUID f4ce1b4d-4f01-4083-8bc6-931cbac9ac38 which can be used as unique global reference for PTSecurity Cobalt Group Aug 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-05T00:00:00Z
date_published 2017-08-16T00:00:00Z
source MITRE, Tidal Cyber
title Cobalt Strikes Back: An Evolving Multinational Threat to Finance

Zscaler Cobian Aug 2017

Yadav, A., et al. (2017, August 31). Cobian RAT – A backdoored RAT. Retrieved November 13, 2018.

Internal MISP references

UUID 46541bb9-15cb-4a7c-a624-48a1c7e838e3 which can be used as unique global reference for Zscaler Cobian Aug 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-13T00:00:00Z
date_published 2017-08-31T00:00:00Z
source MITRE
title Cobian RAT – A backdoored RAT

MACOS Cocoa

Apple. (2015, September 16). Cocoa Application Layer. Retrieved June 25, 2020.

Internal MISP references

UUID 6ada4c6a-23dc-4469-a3a1-1d3b4935db97 which can be used as unique global reference for MACOS Cocoa in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-25T00:00:00Z
date_published 2015-09-16T00:00:00Z
source MITRE
title Cocoa Application Layer

code.exe - LOLBAS Project

LOLBAS. (2023, February 1). code.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 4a93063b-f3a3-4726-870d-b8f744651363 which can be used as unique global reference for code.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2023-02-01T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title code.exe

Dark Reading Code Spaces Cyber Attack

Brian Prince. (2014, June 20). Code Hosting Service Shuts Down After Cyber Attack. Retrieved March 21, 2023.

Internal MISP references

UUID e5a3028a-f4cc-537c-9ddd-769792ab33be which can be used as unique global reference for Dark Reading Code Spaces Cyber Attack in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-21T00:00:00Z
date_published 2014-06-20T00:00:00Z
source MITRE
title Code Hosting Service Shuts Down After Cyber Attack

Medium Ptrace JUL 2018

Jain, S. (2018, July 25). Code injection in running process using ptrace. Retrieved February 21, 2020.

Internal MISP references

UUID 6dbfe4b5-9430-431b-927e-e8e775874cd9 which can be used as unique global reference for Medium Ptrace JUL 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-21T00:00:00Z
date_published 2018-07-25T00:00:00Z
source MITRE
title Code injection in running process using ptrace

Wikipedia Code Signing

Wikipedia. (2015, November 10). Code Signing. Retrieved March 31, 2016.

Internal MISP references

UUID 363e860d-e14c-4fcd-985f-f76353018908 which can be used as unique global reference for Wikipedia Code Signing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-31T00:00:00Z
date_published 2015-11-10T00:00:00Z
source MITRE
title Code Signing

SpectorOps Code Signing Dec 2017

Graeber, M. (2017, December 22). Code Signing Certificate Cloning Attacks and Defenses. Retrieved April 3, 2018.

Internal MISP references

UUID 3efc5ae9-c63a-4a07-bbbd-d7324acdbaf5 which can be used as unique global reference for SpectorOps Code Signing Dec 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-03T00:00:00Z
date_published 2017-12-22T00:00:00Z
source MITRE
title Code Signing Certificate Cloning Attacks and Defenses

CoinLoader: A Sophisticated Malware Loader Campaign

Avira. (2019, November 28). CoinLoader: A Sophisticated Malware Loader Campaign. Retrieved June 5, 2023.

Internal MISP references

UUID 83469ab3-0199-5679-aa25-7b6885019552 which can be used as unique global reference for CoinLoader: A Sophisticated Malware Loader Campaign in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-05T00:00:00Z
date_published 2019-11-28T00:00:00Z
source MITRE
title CoinLoader: A Sophisticated Malware Loader Campaign

NYT-Colonial

Nicole Perlroth. (2021, May 13). Colonial Pipeline paid 75 Bitcoin, or roughly $5 million, to hackers.. Retrieved August 18, 2023.

Internal MISP references

UUID 58900911-ab4b-5157-968c-67fa69cc122d which can be used as unique global reference for NYT-Colonial in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-18T00:00:00Z
date_published 2021-05-13T00:00:00Z
source MITRE
title Colonial Pipeline paid 75 Bitcoin, or roughly $5 million, to hackers.

Colorcpl.exe - LOLBAS Project

LOLBAS. (2023, June 26). Colorcpl.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 53ff662d-a0b3-41bd-ab9e-a9bb8bbdea25 which can be used as unique global reference for Colorcpl.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2023-06-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Colorcpl.exe

mod_rewrite

Bluescreenofjeff.com. (2015, April 12). Combatting Incident Responders with Apache mod_rewrite. Retrieved February 13, 2024.

Internal MISP references

UUID 3568b09c-7368-5fc2-85b3-d16ee9b9c686 which can be used as unique global reference for mod_rewrite in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-13T00:00:00Z
date_published 2015-04-12T00:00:00Z
source MITRE
title Combatting Incident Responders with Apache mod_rewrite

sentinelone shlayer to zshlayer

Phil Stokes. (2020, September 8). Coming Out of Your Shell: From Shlayer to ZShlayer. Retrieved September 13, 2021.

Internal MISP references

UUID 17277b12-af29-475a-bc9a-0731bbe0bae2 which can be used as unique global reference for sentinelone shlayer to zshlayer in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-13T00:00:00Z
date_published 2020-09-08T00:00:00Z
source MITRE
title Coming Out of Your Shell: From Shlayer to ZShlayer

University of Birmingham C2

Gardiner, J., Cova, M., Nagaraja, S. (2014, February). Command & Control Understanding, Denying and Detecting. Retrieved April 20, 2016.

Internal MISP references

UUID 113ce14e-147f-4a86-8b83-7b49b43a4e88 which can be used as unique global reference for University of Birmingham C2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-20T00:00:00Z
date_published 2014-02-01T00:00:00Z
source MITRE
title Command & Control Understanding, Denying and Detecting

Microsoft Command-line Logging

Mathers, B. (2017, March 7). Command line process auditing. Retrieved April 21, 2017.

Internal MISP references

UUID 4a58170b-906c-4df4-ad1e-0e5bc15366fa which can be used as unique global reference for Microsoft Command-line Logging in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-04-21T00:00:00Z
date_published 2017-03-07T00:00:00Z
source MITRE
title Command line process auditing

Microsoft Netdom Trust Sept 2012

Microsoft. (2012, September 11). Command-Line Reference - Netdom Trust. Retrieved November 30, 2017.

Internal MISP references

UUID 380dc9fe-d490-4914-9595-05d765b27a85 which can be used as unique global reference for Microsoft Netdom Trust Sept 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-30T00:00:00Z
date_published 2012-09-11T00:00:00Z
source MITRE
title Command-Line Reference - Netdom Trust

Microsoft msxsl.exe

Microsoft. (n.d.). Command Line Transformation Utility (msxsl.exe). Retrieved July 3, 2018.

Internal MISP references

UUID a25d664c-d109-466f-9b6a-7e9ea8c57895 which can be used as unique global reference for Microsoft msxsl.exe in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-03T00:00:00Z
source MITRE
title Command Line Transformation Utility (msxsl.exe)

Kettle CSV DDE Aug 2014

Kettle, J. (2014, August 29). Comma Separated Vulnerabilities. Retrieved November 22, 2017.

Internal MISP references

UUID 2badfb63-19a3-4829-bbb5-7c3dfab877d5 which can be used as unique global reference for Kettle CSV DDE Aug 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-22T00:00:00Z
date_published 2014-08-29T00:00:00Z
source MITRE
title Comma Separated Vulnerabilities

Microsoft CLR Integration 2017

Microsoft. (2017, June 19). Common Language Runtime Integration. Retrieved July 8, 2019.

Internal MISP references

UUID 83fc7522-5eb1-4710-8391-090389948686 which can be used as unique global reference for Microsoft CLR Integration 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-08T00:00:00Z
date_published 2017-06-19T00:00:00Z
source MITRE
title Common Language Runtime Integration

Palo Alto Comnie

Grunzweig, J. (2018, January 31). Comnie Continues to Target Organizations in East Asia. Retrieved June 7, 2018.

Internal MISP references

UUID ff3cc105-2798-45de-8561-983bf57eb9d9 which can be used as unique global reference for Palo Alto Comnie in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-06-07T00:00:00Z
date_published 2018-01-31T00:00:00Z
source MITRE
title Comnie Continues to Target Organizations in East Asia

GDATA COM Hijacking

G DATA. (2014, October). COM Object hijacking: the discreet way of persistence. Retrieved August 13, 2016.

Internal MISP references

UUID 98e88505-b916-430d-aef6-616ba7ddd88e which can be used as unique global reference for GDATA COM Hijacking in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-13T00:00:00Z
date_published 2014-10-01T00:00:00Z
source MITRE
title COM Object hijacking: the discreet way of persistence

AP-NotPetya

FRANK BAJAK AND RAPHAEL SATTER. (2017, June 30). Companies still hobbled from fearsome cyberattack. Retrieved August 18, 2023.

Internal MISP references

UUID 7f1af58a-33fd-538f-b092-789a8776780c which can be used as unique global reference for AP-NotPetya in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-18T00:00:00Z
date_published 2017-06-30T00:00:00Z
source MITRE
title Companies still hobbled from fearsome cyberattack

Microsoft COM

Microsoft. (n.d.). Component Object Model (COM). Retrieved November 22, 2017.

Internal MISP references

UUID edcd917d-ca5b-4e5c-b3be-118e828abe97 which can be used as unique global reference for Microsoft COM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-22T00:00:00Z
source MITRE
title Component Object Model (COM)

Unit 42 12 8 2022

Dror Alon. (2022, December 8). Compromised Cloud Compute Credentials Case Studies From the Wild. Retrieved April 17, 2024.

Internal MISP references

UUID e7a4a0cf-ffa2-48cc-9b21-a2333592c773 which can be used as unique global reference for Unit 42 12 8 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-17T00:00:00Z
date_published 2022-12-08T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Compromised Cloud Compute Credentials Case Studies From the Wild

Palo Alto Unit 42 Compromised Cloud Compute Credentials 2022

Dror Alon. (2022, December 8). Compromised Cloud Compute Credentials: Case Studies From the Wild. Retrieved March 9, 2023.

Internal MISP references

UUID af755ba2-97c2-5152-ab00-2e24740f69f3 which can be used as unique global reference for Palo Alto Unit 42 Compromised Cloud Compute Credentials 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-09T00:00:00Z
date_published 2022-12-08T00:00:00Z
source MITRE
title Compromised Cloud Compute Credentials: Case Studies From the Wild

US-CERT Alert TA15-314A Web Shells

US-CERT. (2015, November 13). Compromised Web Servers and Web Shells - Threat Awareness and Guidance. Retrieved June 8, 2016.

Internal MISP references

UUID 61ceb0c4-62f6-46cd-b42b-5736c869421f which can be used as unique global reference for US-CERT Alert TA15-314A Web Shells in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-08T00:00:00Z
date_published 2015-11-13T00:00:00Z
source MITRE
title Compromised Web Servers and Web Shells - Threat Awareness and Guidance

Comsvcs.dll - LOLBAS Project

LOLBAS. (2019, August 30). Comsvcs.dll. Retrieved December 4, 2023.

Internal MISP references

UUID 2eb2756d-5a49-4df3-9e2f-104c41c645cd which can be used as unique global reference for Comsvcs.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2019-08-30T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Comsvcs.dll

Condi-Botnet-binaries

Joie Salvio and Roy Tay. (2023, June 20). Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389. Retrieved September 5, 2023.

Internal MISP references

UUID a92b0d6c-b3e8-56a4-b1b4-1d117e59db84 which can be used as unique global reference for Condi-Botnet-binaries in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-05T00:00:00Z
date_published 2023-06-20T00:00:00Z
source MITRE
title Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389

Okta Conditional Access Policies

Okta. (2023, November 30). Conditional Access Based on Device Security Posture. Retrieved January 2, 2024.

Internal MISP references

UUID c914578c-dcc2-539e-bb3d-50bf7a0e7101 which can be used as unique global reference for Okta Conditional Access Policies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-02T00:00:00Z
date_published 2023-11-30T00:00:00Z
source MITRE
title Conditional Access Based on Device Security Posture

Microsoft Common Conditional Access Policies

Microsoft. (2022, December 14). Conditional Access templates. Retrieved February 21, 2023.

Internal MISP references

UUID 9ed9870b-d09a-511d-96f9-4956f26d46bf which can be used as unique global reference for Microsoft Common Conditional Access Policies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-21T00:00:00Z
date_published 2022-12-14T00:00:00Z
source MITRE
title Conditional Access templates

Microsoft Token Protection 2023

Microsoft. (2023, October 23). Conditional Access: Token protection (preview). Retrieved January 2, 2024.

Internal MISP references

UUID aa4629cf-f11f-5921-9f72-5a8d3f752603 which can be used as unique global reference for Microsoft Token Protection 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-02T00:00:00Z
date_published 2023-10-23T00:00:00Z
source MITRE
title Conditional Access: Token protection (preview)

Trend Micro Conficker

Trend Micro. (2014, March 18). Conficker. Retrieved February 18, 2021.

Internal MISP references

UUID 62cf7f3a-9011-45eb-a7d9-91c76a2177e9 which can be used as unique global reference for Trend Micro Conficker in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-18T00:00:00Z
date_published 2014-03-18T00:00:00Z
source MITRE
title Conficker

ConfigSecurityPolicy.exe - LOLBAS Project

LOLBAS. (2020, September 4). ConfigSecurityPolicy.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 30b8a5d8-596c-4ab3-b3db-b799cc8923e1 which can be used as unique global reference for ConfigSecurityPolicy.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-09-04T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title ConfigSecurityPolicy.exe

Microsoft SAML Token Lifetimes

Microsoft. (2020, December 14). Configurable token lifetimes in Microsoft Identity Platform. Retrieved December 22, 2020.

Internal MISP references

UUID 8b810f7c-1f26-420b-9014-732f1469f145 which can be used as unique global reference for Microsoft SAML Token Lifetimes in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-22T00:00:00Z
date_published 2020-12-14T00:00:00Z
source MITRE
title Configurable token lifetimes in Microsoft Identity Platform

Apple Developer Configuration Profile

Apple. (2019, May 3). Configuration Profile Reference. Retrieved September 23, 2021.

Internal MISP references

UUID 8453f06d-5007-4e53-a9a2-1c0edb99be3d which can be used as unique global reference for Apple Developer Configuration Profile in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-23T00:00:00Z
date_published 2019-05-03T00:00:00Z
source MITRE
title Configuration Profile Reference

MDMProfileConfigMacOS

Apple. (2019, May 3). Configuration Profile Reference, Developer. Retrieved April 15, 2022.

Internal MISP references

UUID a7078eee-5478-4a93-9a7e-8db1d020e1da which can be used as unique global reference for MDMProfileConfigMacOS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-15T00:00:00Z
date_published 2019-05-03T00:00:00Z
source MITRE
title Configuration Profile Reference, Developer

Azure Just in Time Access 2023

Microsoft. (2023, August 29). Configure and approve just-in-time access for Azure Managed Applications. Retrieved September 21, 2023.

Internal MISP references

UUID ee35e13f-ca39-5faf-81ae-230d33329a28 which can be used as unique global reference for Azure Just in Time Access 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-21T00:00:00Z
date_published 2023-08-29T00:00:00Z
source MITRE
title Configure and approve just-in-time access for Azure Managed Applications

capture_embedded_packet_on_software

Cisco. (2022, August 17). Configure and Capture Embedded Packet on Software. Retrieved July 13, 2022.

Internal MISP references

UUID 5d973180-a28a-5c8f-b13a-45d21331700f which can be used as unique global reference for capture_embedded_packet_on_software in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-13T00:00:00Z
date_published 2022-08-17T00:00:00Z
source MITRE
title Configure and Capture Embedded Packet on Software

Kubernetes Security Context

Kubernetes. (n.d.). Configure a Security Context for a Pod or Container. Retrieved March 8, 2023.

Internal MISP references

UUID bd91ec00-95bb-572f-9452-8040ec633e00 which can be used as unique global reference for Kubernetes Security Context in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-08T00:00:00Z
source MITRE
title Configure a Security Context for a Pod or Container

Microsoft SharePoint Logging

Microsoft. (2017, July 19). Configure audit settings for a site collection. Retrieved April 4, 2018.

Internal MISP references

UUID 9a6a08c0-94f2-4dbc-a0b3-01d5234e7753 which can be used as unique global reference for Microsoft SharePoint Logging in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-04T00:00:00Z
date_published 2017-07-19T00:00:00Z
source MITRE
title Configure audit settings for a site collection

TechNet RDP NLA

Microsoft. (n.d.). Configure Network Level Authentication for Remote Desktop Services Connections. Retrieved June 6, 2016.

Internal MISP references

UUID 39e28cae-a35a-4cf2-a281-c35f4ebd16ba which can be used as unique global reference for TechNet RDP NLA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-06T00:00:00Z
source MITRE
title Configure Network Level Authentication for Remote Desktop Services Connections

Microsoft Security Alerts for Azure AD Roles

Microsoft. (2022, November 14). Configure security alerts for Azure AD roles in Privileged Identity Management. Retrieved February 21, 2023.

Internal MISP references

UUID 7bde8cd2-6c10-5342-9a4b-a45e84a861b6 which can be used as unique global reference for Microsoft Security Alerts for Azure AD Roles in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-21T00:00:00Z
date_published 2022-11-14T00:00:00Z
source MITRE
title Configure security alerts for Azure AD roles in Privileged Identity Management

Kubernetes Service Accounts

Kubernetes. (2022, February 26). Configure Service Accounts for Pods. Retrieved April 1, 2022.

Internal MISP references

UUID a74ffa28-8a2e-4bfd-bc66-969b463bebd9 which can be used as unique global reference for Kubernetes Service Accounts in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-01T00:00:00Z
date_published 2022-02-26T00:00:00Z
source MITRE
title Configure Service Accounts for Pods

Windows RDP Sessions

Microsoft. (n.d.). Configure Timeout and Reconnection Settings for Remote Desktop Services Sessions. Retrieved December 11, 2017.

Internal MISP references

UUID ccd0d241-4ff7-4a15-b2b4-06945980c6bf which can be used as unique global reference for Windows RDP Sessions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-11T00:00:00Z
source MITRE
title Configure Timeout and Reconnection Settings for Remote Desktop Services Sessions

Microsoft Configure LSA

Microsoft. (2013, July 31). Configuring Additional LSA Protection. Retrieved June 24, 2015.

Internal MISP references

UUID 4adfc72b-cd32-46a6-bdf4-a4c2c6cffa73 which can be used as unique global reference for Microsoft Configure LSA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-06-24T00:00:00Z
date_published 2013-07-31T00:00:00Z
source MITRE
title Configuring Additional LSA Protection

Microsoft LSA Protection Mar 2014

Microsoft. (2014, March 12). Configuring Additional LSA Protection. Retrieved November 27, 2017.

Internal MISP references

UUID da3f1d7d-188f-4500-9bc6-3299ba043b5c which can be used as unique global reference for Microsoft LSA Protection Mar 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-27T00:00:00Z
date_published 2014-03-12T00:00:00Z
source MITRE
title Configuring Additional LSA Protection

Microsoft LSA

Microsoft. (2013, July 31). Configuring Additional LSA Protection. Retrieved February 13, 2015.

Internal MISP references

UUID 3ad49746-4e42-4663-a49e-ae64152b9463 which can be used as unique global reference for Microsoft LSA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-02-13T00:00:00Z
date_published 2013-07-31T00:00:00Z
source MITRE
title Configuring Additional LSA Protection

Configuring Data Access audit logs

Google. (n.d.). Configuring Data Access audit logs. Retrieved October 16, 2020.

Internal MISP references

UUID bd310606-f472-4eda-a696-50a3a25f07b3 which can be used as unique global reference for Configuring Data Access audit logs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-16T00:00:00Z
source MITRE
title Configuring Data Access audit logs

Microsoft SID Filtering Quarantining Jan 2009

Microsoft. (n.d.). Configuring SID Filter Quarantining on External Trusts. Retrieved November 30, 2017.

Internal MISP references

UUID 134169f1-7bd3-4d04-81a8-f01e1407a4b6 which can be used as unique global reference for Microsoft SID Filtering Quarantining Jan 2009 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-30T00:00:00Z
source MITRE
title Configuring SID Filter Quarantining on External Trusts

TechRepublic Wireless GPO FEB 2009

Schauland, D. (2009, February 24). Configuring Wireless settings via Group Policy. Retrieved July 26, 2018.

Internal MISP references

UUID b62415f8-76bd-4585-ae81-a4d04ccfc703 which can be used as unique global reference for TechRepublic Wireless GPO FEB 2009 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-26T00:00:00Z
date_published 2009-02-24T00:00:00Z
source MITRE
title Configuring Wireless settings via Group Policy

ZDNet Dtrack

Catalin Cimpanu. (2019, October 30). Confirmed: North Korean malware found on Indian nuclear plant's network. Retrieved January 20, 2021.

Internal MISP references

UUID 6e6e02da-b805-47d7-b410-343a1b5da042 which can be used as unique global reference for ZDNet Dtrack in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-20T00:00:00Z
date_published 2019-10-30T00:00:00Z
source MITRE
title Confirmed: North Korean malware found on Indian nuclear plant's network

Uptycs Confucius APT Jan 2021

Uptycs Threat Research Team. (2021, January 12). Confucius APT deploys Warzone RAT. Retrieved December 17, 2021.

Internal MISP references

UUID d74f2c25-cd53-4587-b087-7ba0b8427dc4 which can be used as unique global reference for Uptycs Confucius APT Jan 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-17T00:00:00Z
date_published 2021-01-12T00:00:00Z
source MITRE
title Confucius APT deploys Warzone RAT

TrendMicro Confucius APT Aug 2021

Lunghi, D. (2021, August 17). Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military. Retrieved December 26, 2021.

Internal MISP references

UUID 5c16aae9-d253-463b-8bbc-f14402ce77e4 which can be used as unique global reference for TrendMicro Confucius APT Aug 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-26T00:00:00Z
date_published 2021-08-17T00:00:00Z
source MITRE, Tidal Cyber
title Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military

Conhost.exe - LOLBAS Project

LOLBAS. (2022, April 5). Conhost.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 5ed807c1-15d1-48aa-b497-8cd74fe5b299 which can be used as unique global reference for Conhost.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-04-05T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Conhost.exe

EC2 Instance Connect

AWS. (2023, June 2). Connect using EC2 Instance Connect. Retrieved June 2, 2023.

Internal MISP references

UUID deefa5b7-5a28-524c-b500-bc5574aa9920 which can be used as unique global reference for EC2 Instance Connect in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-02T00:00:00Z
date_published 2023-06-02T00:00:00Z
source MITRE
title Connect using EC2 Instance Connect

Sophos News 2 23 2024

Andrew Brandt. (2024, February 23). ConnectWise ScreenConnect attacks deliver malware. Retrieved February 23, 2024.

Internal MISP references

UUID 3d342acf-a451-4473-82ac-8afee61bc984 which can be used as unique global reference for Sophos News 2 23 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-23T00:00:00Z
date_published 2024-02-23T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title ConnectWise ScreenConnect attacks deliver malware

Docker Docs Container

docker docs. (n.d.). Containers. Retrieved October 13, 2021.

Internal MISP references

UUID 3475b705-3ab8-401d-bee6-e187c43ad3c2 which can be used as unique global reference for Docker Docs Container in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-13T00:00:00Z
source MITRE
title Containers

DigitalShadows CDN

Swisscom & Digital Shadows. (2017, September 6). Content Delivery Networks (CDNs) Can Leave You Exposed – How You Might Be Affected And What You Can Do About It. Retrieved October 20, 2020.

Internal MISP references

UUID 183a070f-6c8c-46e3-915b-6edc58bb5e91 which can be used as unique global reference for DigitalShadows CDN in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2017-09-06T00:00:00Z
source MITRE
title Content Delivery Networks (CDNs) Can Leave You Exposed – How You Might Be Affected And What You Can Do About It

Content trust in Azure Container Registry

Microsoft. (2019, September 5). Content trust in Azure Container Registry. Retrieved October 16, 2019.

Internal MISP references

UUID fcd211a1-ac81-4ebc-b395-c8fa2a4d614a which can be used as unique global reference for Content trust in Azure Container Registry in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-16T00:00:00Z
date_published 2019-09-05T00:00:00Z
source MITRE
title Content trust in Azure Container Registry

Content trust in Docker

Docker. (2019, October 10). Content trust in Docker. Retrieved October 16, 2019.

Internal MISP references

UUID 57691166-5a22-44a0-8724-6b3b19658c3b which can be used as unique global reference for Content trust in Docker in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-16T00:00:00Z
date_published 2019-10-10T00:00:00Z
source MITRE
title Content trust in Docker

Microsoft File Folder Exclusions

Microsoft. (2024, February 27). Contextual file and folder exclusions. Retrieved March 29, 2024.

Internal MISP references

UUID 7a511f0d-8feb-5370-87db-b33b96ea2367 which can be used as unique global reference for Microsoft File Folder Exclusions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-29T00:00:00Z
date_published 2024-02-27T00:00:00Z
source MITRE
title Contextual file and folder exclusions

Arctic Wolf Akira 2023

Steven Campbell, Akshay Suthar, & Connor Belfiorre. (2023, July 26). Conti and Akira: Chained Together. Retrieved February 20, 2024.

Internal MISP references

UUID aa34f2a1-a398-5dc4-b898-cdc02afeca5d which can be used as unique global reference for Arctic Wolf Akira 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-20T00:00:00Z
date_published 2023-07-26T00:00:00Z
source MITRE
title Conti and Akira: Chained Together

Arctic Wolf Conti Akira July 26 2023

Steven Campbell, Akshay Suthar, Connor Belfiore, Arctic Wolf Labs Team. (2023, July 26). Conti and Akira: Chained Together. Retrieved March 13, 2024.

Internal MISP references

UUID 72e1b75b-edf7-45b0-9c14-14776a146d0e which can be used as unique global reference for Arctic Wolf Conti Akira July 26 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-13T00:00:00Z
date_published 2023-07-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Conti and Akira: Chained Together

DFIR Conti Bazar Nov 2021

DFIR Report. (2021, November 29). CONTInuing the Bazar Ransomware Story. Retrieved September 29, 2022.

Internal MISP references

UUID a6f1a15d-448b-41d4-81f0-ee445cba83bd which can be used as unique global reference for DFIR Conti Bazar Nov 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-29T00:00:00Z
date_published 2021-11-29T00:00:00Z
source MITRE
title CONTInuing the Bazar Ransomware Story

Cybereason Conti Jan 2021

Rochberger, L. (2021, January 12). Cybereason vs. Conti Ransomware. Retrieved February 17, 2021.

Internal MISP references

UUID 3c0e82a2-41ab-4e63-ac10-bd691c786234 which can be used as unique global reference for Cybereason Conti Jan 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-17T00:00:00Z
source MITRE
title Conti Ransomware

Cybleinc Conti January 2020

Cybleinc. (2021, January 21). Conti Ransomware Resurfaces, Targeting Government & Large Organizations. Retrieved April 13, 2021.

Internal MISP references

UUID 5ef0ad9d-f34d-4771-a595-7ee4994f6c91 which can be used as unique global reference for Cybleinc Conti January 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-13T00:00:00Z
date_published 2021-01-21T00:00:00Z
source MITRE
title Conti Ransomware Resurfaces, Targeting Government & Large Organizations

Control.exe - LOLBAS Project

LOLBAS. (2018, May 25). Control.exe. Retrieved December 4, 2023.

Internal MISP references

UUID d0c821b9-7d37-4158-89fa-0dabe6e06800 which can be used as unique global reference for Control.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Control.exe

Wikipedia Control Flow Integrity

Wikipedia. (2018, January 11). Control-flow integrity. Retrieved March 12, 2018.

Internal MISP references

UUID a9b2f525-d812-4dea-b4a6-c0d057d5f071 which can be used as unique global reference for Wikipedia Control Flow Integrity in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-12T00:00:00Z
date_published 2018-01-11T00:00:00Z
source MITRE
title Control-flow integrity

Kubernetes API Control Access

The Kubernetes Authors. (n.d.). Controlling Access to The Kubernetes API. Retrieved March 29, 2021.

Internal MISP references

UUID fd4577b6-0085-44c0-b4c3-4d66dcb39fe7 which can be used as unique global reference for Kubernetes API Control Access in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-29T00:00:00Z
source MITRE
title Controlling Access to The Kubernetes API

TrendMicro CPL Malware Dec 2013

Bernardino, J. (2013, December 17). Control Panel Files Used As Malicious Attachments. Retrieved January 18, 2018.

Internal MISP references

UUID fd38f1fd-37e9-4173-b319-3f92c2743055 which can be used as unique global reference for TrendMicro CPL Malware Dec 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-18T00:00:00Z
date_published 2013-12-17T00:00:00Z
source MITRE
title Control Panel Files Used As Malicious Attachments

GitHub Conveigh

Robertson, K. (2016, August 28). Conveigh. Retrieved November 17, 2017.

Internal MISP references

UUID 4deb8c8e-2da1-4634-bf04-5ccf620a2143 which can be used as unique global reference for GitHub Conveigh in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-17T00:00:00Z
date_published 2016-08-28T00:00:00Z
source MITRE
title Conveigh

MITRE Copernicus

Butterworth, J. (2013, July 30). Copernicus: Question Your Assumptions about BIOS Security. Retrieved December 11, 2015.

Internal MISP references

UUID 55d139fe-f5e5-4b5e-9123-8133b459ea72 which can be used as unique global reference for MITRE Copernicus in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-12-11T00:00:00Z
date_published 2013-07-30T00:00:00Z
source MITRE
title Copernicus: Question Your Assumptions about BIOS Security

Secureworks COPPER FIELDSTONE Profile

Secureworks. (n.d.). COPPER FIELDSTONE. Retrieved October 6, 2021.

Internal MISP references

UUID d7f5f154-3638-47c1-8e1e-a30a6504a735 which can be used as unique global reference for Secureworks COPPER FIELDSTONE Profile in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-06T00:00:00Z
source MITRE
title COPPER FIELDSTONE

TechNet Copy

Microsoft. (n.d.). Copy. Retrieved April 26, 2016.

Internal MISP references

UUID 4e0d4b94-6b4c-4104-86e6-499b6aa7ba78 which can be used as unique global reference for TechNet Copy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-26T00:00:00Z
source MITRE
title Copy

copy_cmd_cisco

Cisco. (2022, August 16). copy - Cisco IOS Configuration Fundamentals Command Reference . Retrieved July 13, 2022.

Internal MISP references

UUID 88138372-550f-5da5-be5e-b5ba0fe32f64 which can be used as unique global reference for copy_cmd_cisco in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-13T00:00:00Z
date_published 2022-08-16T00:00:00Z
source MITRE
title copy - Cisco IOS Configuration Fundamentals Command Reference

CopyKittens Nov 2015

Minerva Labs LTD and ClearSky Cyber Security. (2015, November 23). CopyKittens Attack Group. Retrieved September 11, 2017.

Internal MISP references

UUID 04e3ce40-5487-4931-98db-f55da83f412e which can be used as unique global reference for CopyKittens Nov 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-09-11T00:00:00Z
date_published 2015-11-23T00:00:00Z
source MITRE
title CopyKittens Attack Group

coregen.exe - LOLBAS Project

LOLBAS. (2020, October 9). coregen.exe. Retrieved December 4, 2023.

Internal MISP references

UUID f24d4cf5-9ca9-46bd-bd43-86b37e2a638a which can be used as unique global reference for coregen.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-10-09T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title coregen.exe

Apple Core Services

Apple. (n.d.). Core Services. Retrieved June 25, 2020.

Internal MISP references

UUID 0ef05e47-1305-4715-a677-67f1b55b24a3 which can be used as unique global reference for Apple Core Services in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-25T00:00:00Z
source MITRE
title Core Services

Microsoft IoT Compromises August 05 2019

MSRC Team. (2019, August 5). Corporate IoT - a path to intrusion. Retrieved August 24, 2023.

Internal MISP references

UUID 037ace78-e997-40f3-a891-916bc596a9c0 which can be used as unique global reference for Microsoft IoT Compromises August 05 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-24T00:00:00Z
date_published 2019-08-05T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Corporate IoT - a path to intrusion

Microsoft STRONTIUM Aug 2019

MSRC Team. (2019, August 5). Corporate IoT – a path to intrusion. Retrieved August 16, 2019.

Internal MISP references

UUID 7efd3c8d-5e69-4b6f-8edb-9186abdf0e1a which can be used as unique global reference for Microsoft STRONTIUM Aug 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-08-16T00:00:00Z
date_published 2019-08-05T00:00:00Z
source MITRE
title Corporate IoT – a path to intrusion

Palo Alto ARP

Palo Alto Networks. (2021, November 24). Cortex XDR Analytics Alert Reference: Uncommon ARP cache listing via arp.exe. Retrieved December 7, 2021.

Internal MISP references

UUID 96ce4324-57d2-422b-8403-f5d4f3ce410c which can be used as unique global reference for Palo Alto ARP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-07T00:00:00Z
date_published 2021-11-24T00:00:00Z
source MITRE
title Cortex XDR Analytics Alert Reference: Uncommon ARP cache listing via arp.exe

F-Secure Cosmicduke

F-Secure Labs. (2014, July). COSMICDUKE Cosmu with a twist of MiniDuke. Retrieved July 3, 2014.

Internal MISP references

UUID d0d5ecbe-1051-4ceb-b558-b8b451178358 which can be used as unique global reference for F-Secure Cosmicduke in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-07-03T00:00:00Z
date_published 2014-07-01T00:00:00Z
source MITRE
title COSMICDUKE Cosmu with a twist of MiniDuke

Costin Raiu IAmTheKing October 2020

Costin Raiu. (2020, October 2). Costin Raiu Twitter IAmTheKing SlothfulMedia. Retrieved November 16, 2020.

Internal MISP references

UUID 2be88843-ed3a-460e-87c1-85aa50e827c8 which can be used as unique global reference for Costin Raiu IAmTheKing October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-16T00:00:00Z
date_published 2020-10-02T00:00:00Z
source MITRE
title Costin Raiu Twitter IAmTheKing SlothfulMedia

Google Iran Threats October 2021

Bash, A. (2021, October 14). Countering threats from Iran. Retrieved January 4, 2023.

Internal MISP references

UUID 6d568141-eb54-5001-b880-ae8ac1156746 which can be used as unique global reference for Google Iran Threats October 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-01-04T00:00:00Z
date_published 2021-10-14T00:00:00Z
source MITRE
title Countering threats from Iran

Cisco DNSMessenger March 2017

Brumaghin, E. and Grady, C.. (2017, March 2). Covert Channels and Poor Decisions: The Tale of DNSMessenger. Retrieved March 8, 2017.

Internal MISP references

UUID 49f22ba2-5aca-4204-858e-c2499a7050ae which can be used as unique global reference for Cisco DNSMessenger March 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-08T00:00:00Z
date_published 2017-03-02T00:00:00Z
source MITRE
title Covert Channels and Poor Decisions: The Tale of DNSMessenger

Juniper IcedID June 2020

Kimayong, P. (2020, June 18). COVID-19 and FMLA Campaigns used to install new IcedID banking malware. Retrieved July 14, 2020.

Internal MISP references

UUID 426886d0-cdf2-4af7-a0e4-366c1b0a1942 which can be used as unique global reference for Juniper IcedID June 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-14T00:00:00Z
date_published 2020-06-18T00:00:00Z
source MITRE
title COVID-19 and FMLA Campaigns used to install new IcedID banking malware

PTSecurity Higaisa 2020

PT ESC Threat Intelligence. (2020, June 4). COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group. Retrieved March 2, 2021.

Internal MISP references

UUID cf8f3d9c-0d21-4587-a707-46848a15bd46 which can be used as unique global reference for PTSecurity Higaisa 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-02T00:00:00Z
date_published 2020-06-04T00:00:00Z
source MITRE, Tidal Cyber
title COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group

F-Secure CozyDuke

F-Secure Labs. (2015, April 22). CozyDuke: Malware Analysis. Retrieved December 10, 2015.

Internal MISP references

UUID 08e1d233-0580-484e-b737-af091e2aa9ea which can be used as unique global reference for F-Secure CozyDuke in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-12-10T00:00:00Z
date_published 2015-04-22T00:00:00Z
source MITRE
title CozyDuke: Malware Analysis

TrendMicro CPL Malware Jan 2014

Mercês, F. (2014, January 27). CPL Malware - Malicious Control Panel Items. Retrieved January 18, 2018.

Internal MISP references

UUID 9549f9b6-b771-4500-bd82-426c7abdfd8f which can be used as unique global reference for TrendMicro CPL Malware Jan 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-18T00:00:00Z
date_published 2014-01-27T00:00:00Z
source MITRE
title CPL Malware - Malicious Control Panel Items

Trend Micro CPL

Merces, F. (2014). CPL Malware Malicious Control Panel Items. Retrieved November 1, 2017.

Internal MISP references

UUID d90a33aa-8f20-49cb-aa27-771249cb65eb which can be used as unique global reference for Trend Micro CPL in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-01T00:00:00Z
date_published 2014-01-01T00:00:00Z
source MITRE
title CPL Malware Malicious Control Panel Items

SANS Brute Ratel October 2022

Thomas, W. (2022, October 5). Cracked Brute Ratel C4 framework proliferates across the cybercriminal underground. Retrieved February 6, 2023.

Internal MISP references

UUID 9544e762-6f72-59e7-8384-5bbef13bfe96 which can be used as unique global reference for SANS Brute Ratel October 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-06T00:00:00Z
date_published 2022-10-05T00:00:00Z
source MITRE
title Cracked Brute Ratel C4 framework proliferates across the cybercriminal underground

Stealthbits Cracking AS-REP Roasting Jun 2019

Jeff Warren. (2019, June 27). Cracking Active Directory Passwords with AS-REP Roasting. Retrieved August 24, 2020.

Internal MISP references

UUID 3af06034-8384-4de8-9356-e9aaa35b95a2 which can be used as unique global reference for Stealthbits Cracking AS-REP Roasting Jun 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-24T00:00:00Z
date_published 2019-06-27T00:00:00Z
source MITRE
title Cracking Active Directory Passwords with AS-REP Roasting

AdSecurity Cracking Kerberos Dec 2015

Metcalf, S. (2015, December 31). Cracking Kerberos TGS Tickets Using Kerberoast – Exploiting Kerberos to Compromise the Active Directory Domain. Retrieved March 22, 2018.

Internal MISP references

UUID 1b018fc3-515a-4ec4-978f-6d5649ceb0c5 which can be used as unique global reference for AdSecurity Cracking Kerberos Dec 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-22T00:00:00Z
date_published 2015-12-31T00:00:00Z
source MITRE
title Cracking Kerberos TGS Tickets Using Kerberoast – Exploiting Kerberos to Compromise the Active Directory Domain

Dragos Crashoverride 2017

Dragos Inc.. (2017, June 13). CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Retrieved December 18, 2020.

Internal MISP references

UUID c8f624e3-2ba2-4564-bd1c-f06b9a6a8bce which can be used as unique global reference for Dragos Crashoverride 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-18T00:00:00Z
date_published 2017-06-13T00:00:00Z
source MITRE
title CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations

Unit 42 ATOM Crawling Taurus

Unit 42. (n.d.). Crawling Taurus. Retrieved September 14, 2023.

Internal MISP references

UUID 75098b2c-4928-4e3f-9bcc-b4f6b8de96f8 which can be used as unique global reference for Unit 42 ATOM Crawling Taurus in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-14T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Crawling Taurus

Microsoft Image

Microsoft. (2021, August 23). Create a managed image of a generalized VM in Azure. Retrieved October 13, 2021.

Internal MISP references

UUID 5317c625-d0be-45eb-9321-0cc9aa295cc9 which can be used as unique global reference for Microsoft Image in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-13T00:00:00Z
date_published 2021-08-23T00:00:00Z
source MITRE
title Create a managed image of a generalized VM in Azure

Microsoft Snapshot

Microsoft. (2021, September 16). Create a snapshot of a virtual hard disk. Retrieved October 13, 2021.

Internal MISP references

UUID 693549da-d9b9-4b67-a1bb-c8ea4a099842 which can be used as unique global reference for Microsoft Snapshot in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-13T00:00:00Z
date_published 2021-09-16T00:00:00Z
source MITRE
title Create a snapshot of a virtual hard disk

Microsoft Create Token

Brower, N., Lich, B. (2017, April 19). Create a token object. Retrieved December 19, 2017.

Internal MISP references

UUID d36d4f06-007e-4ff0-8660-4c65721d0b92 which can be used as unique global reference for Microsoft Create Token in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-19T00:00:00Z
date_published 2017-04-19T00:00:00Z
source MITRE
title Create a token object

GCP Create Cloud Identity Users

Google. (n.d.). Create Cloud Identity user accounts. Retrieved January 29, 2020.

Internal MISP references

UUID e91748b2-1432-4203-a1fe-100aa70458d2 which can be used as unique global reference for GCP Create Cloud Identity Users in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-01-29T00:00:00Z
source MITRE
title Create Cloud Identity user accounts

Createdump.exe - LOLBAS Project

LOLBAS. (2022, January 20). Createdump.exe. Retrieved December 4, 2023.

Internal MISP references

UUID f3ccacc1-3b42-4042-9a5c-f5b483a5e801 which can be used as unique global reference for Createdump.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-01-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Createdump.exe

Google Cloud Kubernetes IAM

Google Cloud. (n.d.). Create IAM policies. Retrieved July 14, 2023.

Internal MISP references

UUID e8ee3ac6-ae7c-5fd3-a339-b579a419dd96 which can be used as unique global reference for Google Cloud Kubernetes IAM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-14T00:00:00Z
source MITRE
title Create IAM policies

Microsoft CreateProcess

Microsoft. (n.d.). CreateProcess function. Retrieved December 5, 2014.

Internal MISP references

UUID aa336e3a-464d-48ce-bebb-760b73764610 which can be used as unique global reference for Microsoft CreateProcess in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-05T00:00:00Z
source MITRE
title CreateProcess function

Microsoft CLI Create Subscription

Microsoft . (n.d.). Create subscription. Retrieved August 4, 2023.

Internal MISP references

UUID 1331b524-7d6f-59d9-a2bd-78ff7b3e371f which can be used as unique global reference for Microsoft CLI Create Subscription in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-04T00:00:00Z
source MITRE
title Create subscription

Microsoft. (2021, October 28). Create symbolic links. Retrieved April 27, 2022.

Internal MISP references

UUID 06bfdf8f-8671-47f7-9d0c-baf234c7ae96 which can be used as unique global reference for create_sym_links in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-27T00:00:00Z
date_published 2021-10-28T00:00:00Z
source MITRE
title Create symbolic links

GCP - Creating and Starting a VM

Google. (2020, April 23). Creating and Starting a VM instance. Retrieved May 1, 2020.

Internal MISP references

UUID c1b87a56-115a-46d7-9117-80442091ac3c which can be used as unique global reference for GCP - Creating and Starting a VM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-01T00:00:00Z
date_published 2020-04-23T00:00:00Z
source MITRE
title Creating and Starting a VM instance

AWS Create IAM User

AWS. (n.d.). Creating an IAM User in Your AWS Account. Retrieved January 29, 2020.

Internal MISP references

UUID bb474e88-b7bb-4b92-837c-95fe7bdd03f7 which can be used as unique global reference for AWS Create IAM User in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-01-29T00:00:00Z
source MITRE
title Creating an IAM User in Your AWS Account

GNU Fork

Free Software Foundation, Inc.. (2020, June 18). Creating a Process. Retrieved June 25, 2020.

Internal MISP references

UUID c46331cb-328a-46e3-89c4-e43fa345d6e8 which can be used as unique global reference for GNU Fork in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-25T00:00:00Z
date_published 2020-06-18T00:00:00Z
source MITRE
title Creating a Process

AppleDocs Launch Agent Daemons

Apple. (n.d.). Creating Launch Daemons and Agents. Retrieved July 10, 2017.

Internal MISP references

UUID 310d18f8-6f9a-48b7-af12-6b921209d1ab which can be used as unique global reference for AppleDocs Launch Agent Daemons in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-10T00:00:00Z
source MITRE
title Creating Launch Daemons and Agents

TechNet Logon Scripts

Microsoft. (2005, January 21). Creating logon scripts. Retrieved April 27, 2016.

Internal MISP references

UUID 896cf5dd-3fe7-44ab-bbaf-d8b2b9980dca which can be used as unique global reference for TechNet Logon Scripts in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-27T00:00:00Z
date_published 2005-01-21T00:00:00Z
source MITRE
title Creating logon scripts

Google Cloud Service Account Credentials

Google Cloud. (2022, March 31). Creating short-lived service account credentials. Retrieved April 1, 2022.

Internal MISP references

UUID c4befa09-3c7f-49f3-bfcc-4fcbb7bace22 which can be used as unique global reference for Google Cloud Service Account Credentials in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-01T00:00:00Z
date_published 2022-03-31T00:00:00Z
source MITRE
title Creating short-lived service account credentials

creatingXPCservices

Apple. (2016, September 9). Creating XPC Services. Retrieved April 19, 2022.

Internal MISP references

UUID 029acdee-95d6-47a7-86de-0f6b925cef9c which can be used as unique global reference for creatingXPCservices in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-19T00:00:00Z
date_published 2016-09-09T00:00:00Z
source MITRE
title Creating XPC Services

GitHub Creddump7

Flathers, R. (2018, February 19). creddump7. Retrieved April 11, 2018.

Internal MISP references

UUID 276975da-7b5f-49aa-975e-4ac9bc527cf2 which can be used as unique global reference for GitHub Creddump7 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-11T00:00:00Z
date_published 2018-02-19T00:00:00Z
source MITRE
title creddump7

Microsoft Midnight Blizzard Replay Attack

Microsoft Threat Intelligence. (2023, June 21). Credential Attacks. Retrieved September 27, 2023.

Internal MISP references

UUID 5af0008b-0ced-5d1d-bbc9-6c9d60835071 which can be used as unique global reference for Microsoft Midnight Blizzard Replay Attack in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-27T00:00:00Z
date_published 2023-06-21T00:00:00Z
source MITRE
title Credential Attacks

Anomali Template Injection MAR 2018

Intel_Acquisition_Team. (2018, March 1). Credential Harvesting and Malicious File Delivery using Microsoft Office Template Injection. Retrieved July 20, 2018.

Internal MISP references

UUID 3cdeb2a2-9582-4725-a132-6503dbe04e1d which can be used as unique global reference for Anomali Template Injection MAR 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-20T00:00:00Z
date_published 2018-03-01T00:00:00Z
source MITRE
title Credential Harvesting and Malicious File Delivery using Microsoft Office Template Injection

Microsoft Credential Locker

Microsoft. (2013, October 23). Credential Locker Overview. Retrieved November 24, 2020.

Internal MISP references

UUID 77505354-bb08-464c-9176-d0015a62c7c9 which can be used as unique global reference for Microsoft Credential Locker in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-24T00:00:00Z
date_published 2013-10-23T00:00:00Z
source MITRE
title Credential Locker Overview

Microsoft CredEnumerate

Microsoft. (2018, December 5). CredEnumarateA function (wincred.h). Retrieved November 24, 2020.

Internal MISP references

UUID ec3e7b3f-99dd-4f2f-885b-09d66b01fe3e which can be used as unique global reference for Microsoft CredEnumerate in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-24T00:00:00Z
date_published 2018-12-05T00:00:00Z
source MITRE
title CredEnumarateA function (wincred.h)

SentinelLabs Intermittent Encryption September 08 2022

Aleksandar Milenkoski, Jim Walter. (2022, September 8). Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection. Retrieved August 10, 2023.

Internal MISP references

UUID 09cae6de-e026-43a5-a8bc-7ff8e8205232 which can be used as unique global reference for SentinelLabs Intermittent Encryption September 08 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-10T00:00:00Z
date_published 2022-09-08T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Crimeware Trends

TrendmicroHideoutsLease

Max Goncharov. (2015, July 15). Criminal Hideouts for Lease: Bulletproof Hosting Services. Retrieved March 6, 2017.

Internal MISP references

UUID 527de869-3c76-447c-98c4-c37a2acf75e2 which can be used as unique global reference for TrendmicroHideoutsLease in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-06T00:00:00Z
date_published 2015-07-15T00:00:00Z
source MITRE
title Criminal Hideouts for Lease: Bulletproof Hosting Services

doppelpaymer_crowdstrike

Hurley, S. (2021, December 7). Critical Hit: How DoppelPaymer Hunts and Kills Windows Processes. Retrieved January 26, 2022.

Internal MISP references

UUID 54b5d8af-21f0-4d1c-ada8-b87db85dd742 which can be used as unique global reference for doppelpaymer_crowdstrike in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-26T00:00:00Z
date_published 2021-12-07T00:00:00Z
source MITRE
title Critical Hit: How DoppelPaymer Hunts and Kills Windows Processes

Critical Vulnerabilities in PaperCut Print Management Software

Team Huntress. (2023, April 21). Critical Vulnerabilities in PaperCut Print Management Software. Retrieved May 8, 2023.

Internal MISP references

UUID 874f40f9-146d-4a52-93fd-9b2e7981b6da which can be used as unique global reference for Critical Vulnerabilities in PaperCut Print Management Software in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-08T00:00:00Z
date_published 2023-04-21T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Critical Vulnerabilities in PaperCut Print Management Software

Security Affairs SILENTTRINITY July 2019

Paganini, P. (2019, July 7). Croatia government agencies targeted with news SilentTrinity malware. Retrieved March 23, 2022.

Internal MISP references

UUID b4945fc0-b89b-445c-abfb-14959deba3d0 which can be used as unique global reference for Security Affairs SILENTTRINITY July 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-23T00:00:00Z
date_published 2019-07-07T00:00:00Z
source MITRE
title Croatia government agencies targeted with news SilentTrinity malware

Die.net Linux crontab Man Page

Paul Vixie. (n.d.). crontab(5) - Linux man page. Retrieved December 19, 2017.

Internal MISP references

UUID 0339c2ab-7a08-4976-90eb-1637c23c5644 which can be used as unique global reference for Die.net Linux crontab Man Page in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-19T00:00:00Z
source MITRE
title crontab(5) - Linux man page

Symantec Frutas Feb 2013

Bingham, J. (2013, February 11). Cross-Platform Frutas RAT Builder and Back Door. Retrieved April 23, 2019.

Internal MISP references

UUID 8d9f88be-9ddf-485b-9333-7e41704ec64f which can be used as unique global reference for Symantec Frutas Feb 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-23T00:00:00Z
date_published 2013-02-11T00:00:00Z
source MITRE
title Cross-Platform Frutas RAT Builder and Back Door

Bishop Fox Sliver Framework August 2019

Kervella, R. (2019, August 4). Cross-platform General Purpose Implant Framework Written in Golang. Retrieved July 30, 2021.

Internal MISP references

UUID 51e67e37-2d61-4228-999b-bec6f80cf106 which can be used as unique global reference for Bishop Fox Sliver Framework August 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-07-30T00:00:00Z
date_published 2019-08-04T00:00:00Z
source MITRE
title Cross-platform General Purpose Implant Framework Written in Golang

Okta Cross-Tenant Impersonation 2023

Okta Defensive Cyber Operations. (2023, August 31). Cross-Tenant Impersonation: Prevention and Detection. Retrieved February 15, 2024.

Internal MISP references

UUID d54188b5-86eb-52a0-8384-823c45431762 which can be used as unique global reference for Okta Cross-Tenant Impersonation 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-15T00:00:00Z
date_published 2023-08-31T00:00:00Z
source MITRE
title Cross-Tenant Impersonation: Prevention and Detection

Okta Cross-Tenant Impersonation

Okta Defensive Cyber Operations. (2023, August 31). Cross-Tenant Impersonation: Prevention and Detection. Retrieved March 4, 2024.

Internal MISP references

UUID 77dbd22f-ce57-50f7-9c6b-8dc874a4d80d which can be used as unique global reference for Okta Cross-Tenant Impersonation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-04T00:00:00Z
date_published 2023-08-31T00:00:00Z
source MITRE
title Cross-Tenant Impersonation: Prevention and Detection

Crowdstrike CrowdCast Oct 2013

Crowdstrike. (2013, October 16). CrowdCasts Monthly: You Have an Adversary Problem. Retrieved March 1, 2017.

Internal MISP references

UUID 2062a229-58b3-4610-99cb-8907e7fbb350 which can be used as unique global reference for Crowdstrike CrowdCast Oct 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-01T00:00:00Z
date_published 2013-10-16T00:00:00Z
source MITRE
title CrowdCasts Monthly: You Have an Adversary Problem

Crowdstrike Global Threat Report Feb 2018

CrowdStrike. (2018, February 26). CrowdStrike 2018 Global Threat Report. Retrieved October 10, 2018.

Internal MISP references

UUID 6c1ace5b-66b2-4c56-9301-822aad2c3c16 which can be used as unique global reference for Crowdstrike Global Threat Report Feb 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-10-10T00:00:00Z
date_published 2018-02-26T00:00:00Z
source MITRE
title CrowdStrike 2018 Global Threat Report

CrowdStrike GTR 2021 June 2021

CrowdStrike. (2021, June 7). CrowdStrike 2021 Global Threat Report. Retrieved September 29, 2021.

Internal MISP references

UUID ec58e524-6de5-4cbb-a5d3-984b9b652f26 which can be used as unique global reference for CrowdStrike GTR 2021 June 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
date_published 2021-06-07T00:00:00Z
source MITRE
title CrowdStrike 2021 Global Threat Report

CrowdStrike Adversary Carbon Spider

CrowdStrike. (2022, June 01). CrowdStrike Adversary Carbon Spider. Retrieved June 01, 2022.

Internal MISP references

UUID 9e28d375-c4a7-405f-9fff-7374c19f3af7 which can be used as unique global reference for CrowdStrike Adversary Carbon Spider in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-01T00:00:00Z
source Tidal Cyber
title CrowdStrike Adversary Carbon Spider

CrowdStrike Adversary Cozy Bear

CrowdStrike. (2022, May 4). CrowdStrike Adversary Cozy Bear. Retrieved May 4, 2022.

Internal MISP references

UUID 0998ad7a-b4aa-44af-a665-dc58a3a6f800 which can be used as unique global reference for CrowdStrike Adversary Cozy Bear in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-04T00:00:00Z
source Tidal Cyber
title CrowdStrike Adversary Cozy Bear

CrowdStrike Labyrinth Chollima Feb 2022

CrowdStrike. (2022, February 1). CrowdStrike Adversary Labyrinth Chollima. Retrieved February 1, 2022.

Internal MISP references

UUID ffe31bbf-a40d-4285-96a0-53c54298a680 which can be used as unique global reference for CrowdStrike Labyrinth Chollima Feb 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-01T00:00:00Z
date_published 2022-02-01T00:00:00Z
source MITRE
title CrowdStrike Adversary Labyrinth Chollima

CrowdStrike Adversary Ocean Buffalo

CrowdStrike. (2022, June 25). CrowdStrike Adversary Ocean Bufallo. Retrieved June 25, 2022.

Internal MISP references

UUID 466795cb-0269-4d0c-a48c-d71e9dfd9a3c which can be used as unique global reference for CrowdStrike Adversary Ocean Buffalo in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-25T00:00:00Z
source Tidal Cyber
title CrowdStrike Adversary Ocean Buffalo

CrowdStrike Adversary Venomous Bear

CrowdStrike. (2022, May 4). CrowdStrike Adversary Venomous Bear. Retrieved May 4, 2022.

Internal MISP references

UUID 8c04f2b8-74ba-44a5-9580-96eabdbbcda9 which can be used as unique global reference for CrowdStrike Adversary Venomous Bear in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-04T00:00:00Z
source Tidal Cyber
title CrowdStrike Adversary Venomous Bear

CrowdStrike Adversary Wizard Spider

CrowdStrike. (2022, June 23). CrowdStrike Adversary Wizard Spider. Retrieved June 23, 2022.

Internal MISP references

UUID 05f382c4-5163-49e0-a8a0-cf3a5992ef18 which can be used as unique global reference for CrowdStrike Adversary Wizard Spider in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-23T00:00:00Z
source Tidal Cyber
title CrowdStrike Adversary Wizard Spider

Crowdstrike DriveSlayer February 2022

Thomas, W. et al. (2022, February 25). CrowdStrike Falcon Protects from New Wiper Malware Used in Ukraine Cyberattacks. Retrieved March 25, 2022.

Internal MISP references

UUID 4f01e901-58f8-4fdb-ac8c-ef4b6bfd068e which can be used as unique global reference for Crowdstrike DriveSlayer February 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-25T00:00:00Z
date_published 2022-02-25T00:00:00Z
source MITRE
title CrowdStrike Falcon Protects from New Wiper Malware Used in Ukraine Cyberattacks

CrowdStrike Putter Panda

Crowdstrike Global Intelligence Team. (2014, June 9). CrowdStrike Intelligence Report: Putter Panda. Retrieved January 22, 2016.

Internal MISP references

UUID 413962d0-bd66-4000-a077-38c2677995d1 which can be used as unique global reference for CrowdStrike Putter Panda in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-22T00:00:00Z
date_published 2014-06-09T00:00:00Z
source MITRE, Tidal Cyber
title CrowdStrike Intelligence Report: Putter Panda

Softpedia MinerC

Cimpanu, C.. (2016, September 9). Cryptocurrency Mining Malware Discovered Targeting Seagate NAS Hard Drives. Retrieved October 12, 2016.

Internal MISP references

UUID 087b9bf1-bd9e-4cd6-a386-d9d2c812c927 which can be used as unique global reference for Softpedia MinerC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-10-12T00:00:00Z
date_published 2016-09-09T00:00:00Z
source MITRE
title Cryptocurrency Mining Malware Discovered Targeting Seagate NAS Hard Drives

Microsoft Cryptojacking 2023

Microsoft Threat Intelligence. (2023, July 25). Cryptojacking: Understanding and defending against cloud compute resource abuse. Retrieved September 5, 2023.

Internal MISP references

UUID e2dbc963-b913-5a44-bb61-88a3f0d8d8a3 which can be used as unique global reference for Microsoft Cryptojacking 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-05T00:00:00Z
date_published 2023-07-25T00:00:00Z
source MITRE
title Cryptojacking: Understanding and defending against cloud compute resource abuse

Microsoft CryptUnprotectData April 2018

Microsoft. (2018, April 12). CryptUnprotectData function. Retrieved June 18, 2019.

Internal MISP references

UUID 258088ae-96c2-4520-8eb5-1a7e540a9a24 which can be used as unique global reference for Microsoft CryptUnprotectData April 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-18T00:00:00Z
date_published 2018-04-12T00:00:00Z
source MITRE
title CryptUnprotectData function

Csc.exe - LOLBAS Project

LOLBAS. (2018, May 25). Csc.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 276c9e55-4673-426d-8f49-06edee2e3b30 which can be used as unique global reference for Csc.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Csc.exe

Cscript.exe - LOLBAS Project

LOLBAS. (2018, May 25). Cscript.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 428b6223-63b7-497f-b13a-e472b4583a9f which can be used as unique global reference for Cscript.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Cscript.exe

csi.exe - LOLBAS Project

LOLBAS. (2018, May 25). csi.exe. Retrieved December 4, 2023.

Internal MISP references

UUID b810ee91-de4e-4c7b-8fa8-24dca95133e5 which can be used as unique global reference for csi.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title csi.exe

OWASP CSV Injection

Albinowax Timo Goosen. (n.d.). CSV Injection. Retrieved February 7, 2022.

Internal MISP references

UUID 0cdde66c-a7ae-48a2-8ade-067643de304d which can be used as unique global reference for OWASP CSV Injection in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-07T00:00:00Z
source MITRE
title CSV Injection

Microsoft Subkey

Microsoft. (n.d.). CurrentControlSet\Services Subkey Entries. Retrieved November 30, 2014.

Internal MISP references

UUID be233077-7bb4-48be-aecf-03258931527d which can be used as unique global reference for Microsoft Subkey in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-30T00:00:00Z
source MITRE
title CurrentControlSet\Services Subkey Entries

Microsoft SolarWinds Customer Guidance

MSRC. (2020, December 13). Customer Guidance on Recent Nation-State Cyber Attacks. Retrieved December 17, 2020.

Internal MISP references

UUID b486ae40-a854-4998-bf1b-aaf6ea2047ed which can be used as unique global reference for Microsoft SolarWinds Customer Guidance in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-17T00:00:00Z
date_published 2020-12-13T00:00:00Z
source MITRE
title Customer Guidance on Recent Nation-State Cyber Attacks

Microsoft - Customer Guidance on Recent Nation-State Cyber Attacks

MSRC. (2020, December 13). Customer Guidance on Recent Nation-State Cyber Attacks. Retrieved December 30, 2020.

Internal MISP references

UUID 47031992-841f-4ef4-87c6-bb4c077fb8dc which can be used as unique global reference for Microsoft - Customer Guidance on Recent Nation-State Cyber Attacks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-30T00:00:00Z
date_published 2020-12-13T00:00:00Z
source MITRE
title Customer Guidance on Recent Nation-State Cyber Attacks

Login Scripts Apple Dev

Apple. (2016, September 13). Customizing Login and Logout. Retrieved April 1, 2022.

Internal MISP references

UUID 9c0094b6-a8e3-4f4d-8d2e-33b408d44a06 which can be used as unique global reference for Login Scripts Apple Dev in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-01T00:00:00Z
date_published 2016-09-13T00:00:00Z
source MITRE
title Customizing Login and Logout

TechNet Screensaver GP

Microsoft. (n.d.). Customizing the Desktop. Retrieved December 5, 2017.

Internal MISP references

UUID 7cf8056e-6d3b-4930-9d2c-160d7d9636ac which can be used as unique global reference for TechNet Screensaver GP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-05T00:00:00Z
source MITRE
title Customizing the Desktop

CustomShellHost.exe - LOLBAS Project

LOLBAS. (2021, November 14). CustomShellHost.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 96324ab1-7eb8-42dc-b19a-fa1d9f85e239 which can be used as unique global reference for CustomShellHost.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-11-14T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title CustomShellHost.exe

Mandiant Cutting Edge Part 2 January 2024

Lin, M. et al. (2024, January 31). Cutting Edge, Part 2: Investigating Ivanti Connect Secure VPN Zero-Day Exploitation. Retrieved February 27, 2024.

Internal MISP references

UUID 5209d259-4293-58c0-bbdc-f30ff77d57f7 which can be used as unique global reference for Mandiant Cutting Edge Part 2 January 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-27T00:00:00Z
date_published 2024-01-31T00:00:00Z
source MITRE
title Cutting Edge, Part 2: Investigating Ivanti Connect Secure VPN Zero-Day Exploitation

Mandiant Cutting Edge Part 3 February 2024

Lin, M. et al. (2024, February 27). Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts. Retrieved March 1, 2024.

Internal MISP references

UUID 49e5b125-5503-5cb0-9a56-a93f82b55753 which can be used as unique global reference for Mandiant Cutting Edge Part 3 February 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-01T00:00:00Z
date_published 2024-02-27T00:00:00Z
source MITRE
title Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts

Mandiant Cutting Edge January 2024

McLellan, T. et al. (2024, January 12). Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation. Retrieved February 27, 2024.

Internal MISP references

UUID 9d9ec923-89c1-5155-ae6e-98d4776d4250 which can be used as unique global reference for Mandiant Cutting Edge January 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-27T00:00:00Z
date_published 2024-01-12T00:00:00Z
source MITRE
title Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation

Symantec Naid in the Wild June 2012

Symantec Security Response. (2012, June 18). CVE-2012-1875 Exploited in the Wild - Part 1 (Trojan.Naid). Retrieved February 22, 2018.

Internal MISP references

UUID e1531171-709c-4043-9e3a-af9e37f3ac57 which can be used as unique global reference for Symantec Naid in the Wild June 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-22T00:00:00Z
date_published 2012-06-18T00:00:00Z
source MITRE
title CVE-2012-1875 Exploited in the Wild - Part 1 (Trojan.Naid)

NVD CVE-2014-7169

National Vulnerability Database. (2017, September 24). CVE-2014-7169 Detail. Retrieved April 3, 2018.

Internal MISP references

UUID c3aab918-51c6-4773-8677-a89b27a00eb1 which can be used as unique global reference for NVD CVE-2014-7169 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-03T00:00:00Z
date_published 2017-09-24T00:00:00Z
source MITRE
title CVE-2014-7169 Detail

NVD CVE-2016-6662

National Vulnerability Database. (2017, February 2). CVE-2016-6662 Detail. Retrieved April 3, 2018.

Internal MISP references

UUID 1813c26d-da68-4a82-a959-27351dd5e51b which can be used as unique global reference for NVD CVE-2016-6662 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-03T00:00:00Z
date_published 2017-02-02T00:00:00Z
source MITRE
title CVE-2016-6662 Detail

NVD CVE-2017-0176

National Vulnerability Database. (2017, June 22). CVE-2017-0176 Detail. Retrieved April 3, 2018.

Internal MISP references

UUID 82602351-0ab0-48d7-90dd-f4536b4d009b which can be used as unique global reference for NVD CVE-2017-0176 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-03T00:00:00Z
date_published 2017-06-22T00:00:00Z
source MITRE
title CVE-2017-0176 Detail

FireEye Attacks Leveraging HTA

Berry, A., Galang, L., Jiang, G., Leathery, J., Mohandas, R. (2017, April 11). CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler. Retrieved October 27, 2017.

Internal MISP references

UUID 1876a476-b2ff-4605-a78b-89443d21b063 which can be used as unique global reference for FireEye Attacks Leveraging HTA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-10-27T00:00:00Z
date_published 2017-04-11T00:00:00Z
source MITRE
title CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler

Microsoft CVE-2017-8625 Aug 2017

Microsoft. (2017, August 8). CVE-2017-8625 - Internet Explorer Security Feature Bypass Vulnerability. Retrieved October 3, 2018.

Internal MISP references

UUID 402cb526-ef57-4d27-b96b-f98008abe716 which can be used as unique global reference for Microsoft CVE-2017-8625 Aug 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-10-03T00:00:00Z
date_published 2017-08-08T00:00:00Z
source MITRE
title CVE-2017-8625 - Internet Explorer Security Feature Bypass Vulnerability

NVD CVE-2019-3610

National Vulnerability Database. (2019, October 9). CVE-2019-3610 Detail. Retrieved April 14, 2021.

Internal MISP references

UUID 889b742e-7572-4aad-8944-7f071483b613 which can be used as unique global reference for NVD CVE-2019-3610 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-14T00:00:00Z
date_published 2019-10-09T00:00:00Z
source MITRE
title CVE-2019-3610 Detail

CVMServer Vuln

Mickey Jin. (2021, June 3). CVE-2021-30724: CVMServer Vulnerability in macOS and iOS. Retrieved October 12, 2021.

Internal MISP references

UUID 6f83da0c-d2ce-4923-ba32-c6886eb22587 which can be used as unique global reference for CVMServer Vuln in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-12T00:00:00Z
date_published 2021-06-03T00:00:00Z
source MITRE
title CVE-2021-30724: CVMServer Vulnerability in macOS and iOS

Crowdstrike Kubernetes Container Escape

Manoj Ahuje. (2022, January 31). CVE-2022-0185: Kubernetes Container Escape Using Linux Kernel Exploit. Retrieved July 6, 2022.

Internal MISP references

UUID 84d5f015-9014-417c-b2a9-f650fe19d448 which can be used as unique global reference for Crowdstrike Kubernetes Container Escape in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-06T00:00:00Z
date_published 2022-01-31T00:00:00Z
source MITRE
title CVE-2022-0185: Kubernetes Container Escape Using Linux Kernel Exploit

CyberArk Labs Safe Mode 2016

Naim, D.. (2016, September 15). CyberArk Labs: From Safe Mode to Domain Compromise. Retrieved June 23, 2021.

Internal MISP references

UUID bd9c14dd-0e2a-447b-a245-f548734d2400 which can be used as unique global reference for CyberArk Labs Safe Mode 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-23T00:00:00Z
date_published 2016-09-15T00:00:00Z
source MITRE
title CyberArk Labs: From Safe Mode to Domain Compromise

PJ Cyber Army of Russia 2023

PJ04857920. (2023, November 30). Cyber Army of Russia — DDoS Tool. Retrieved April 30, 2024.

Internal MISP references

UUID 3e42ff96-fc7e-418e-8d8b-076a1a47981e which can be used as unique global reference for PJ Cyber Army of Russia 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-30T00:00:00Z
date_published 2023-11-30T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Cyber Army of Russia — DDoS Tool

Cyware Ngrok May 2019

Cyware. (2019, May 29). Cyber attackers leverage tunneling service to drop Lokibot onto victims’ systems. Retrieved September 15, 2020.

Internal MISP references

UUID 583a01b6-cb4e-41e7-aade-ac2fd19bda4e which can be used as unique global reference for Cyware Ngrok May 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-15T00:00:00Z
date_published 2019-05-29T00:00:00Z
source MITRE
title Cyber attackers leverage tunneling service to drop Lokibot onto victims’ systems

The Record RansomHub June 3 2024

Jonathan Greig. (2024, June 3). Cyberattack on telecom giant Frontier claimed by RansomHub. Retrieved June 7, 2024.

Internal MISP references

UUID 1e474240-bd12-4472-8e69-1631b0e4c102 which can be used as unique global reference for The Record RansomHub June 3 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-06-07T00:00:00Z
date_published 2024-06-03T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Cyberattack on telecom giant Frontier claimed by RansomHub

Microsoft Phosphorus Oct 2020

Burt, T. (2020, October 28). Cyberattacks target international conference attendees. Retrieved March 8, 2021.

Internal MISP references

UUID 8986c21c-16a0-4a53-8e37-9935bbbfaa4b which can be used as unique global reference for Microsoft Phosphorus Oct 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-08T00:00:00Z
date_published 2020-10-28T00:00:00Z
source MITRE
title Cyberattacks target international conference attendees

Check Point Mid-Year Report 2022

Check Point Software. (2022, August 3). Cyber Attack Trends: Check Point's 2022 Mid-Year Report. Retrieved May 18, 2022.

Internal MISP references

UUID e929cd86-9903-481c-a841-ba387831cb77 which can be used as unique global reference for Check Point Mid-Year Report 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-18T00:00:00Z
date_published 2022-08-03T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Cyber Attack Trends: Check Point's 2022 Mid-Year Report

Talos Seduploader Oct 2017

Mercer, W., et al. (2017, October 22). "Cyber Conflict" Decoy Document Used in Real Cyber Conflict. Retrieved November 2, 2018.

Internal MISP references

UUID 2db77619-72df-461f-84bf-2d1c3499a5c0 which can be used as unique global reference for Talos Seduploader Oct 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-02T00:00:00Z
date_published 2017-10-22T00:00:00Z
source MITRE
title "Cyber Conflict" Decoy Document Used in Real Cyber Conflict

FBI. (2022, December 21). Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users. Retrieved February 21, 2023.

Internal MISP references

UUID deea5b42-bfab-50af-8d85-cc04fd317a82 which can be used as unique global reference for FBI-search in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-21T00:00:00Z
date_published 2022-12-21T00:00:00Z
source MITRE
title Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users

Secureworks GOLD KINGSWOOD September 2018

CTU. (2018, September 27). Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish. Retrieved September 20, 2021.

Internal MISP references

UUID cda529b2-e152-4ff0-a6b3-d0305b09fef9 which can be used as unique global reference for Secureworks GOLD KINGSWOOD September 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-20T00:00:00Z
date_published 2018-09-27T00:00:00Z
source MITRE
title Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish

Cybereason OSX Pirrit

Amit Serper. (2016). Cybereason Lab Analysis OSX.Pirrit. Retrieved December 10, 2021.

Internal MISP references

UUID ebdf09ed-6eec-450f-aaea-067504ec25ca which can be used as unique global reference for Cybereason OSX Pirrit in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-10T00:00:00Z
date_published 2016-01-01T00:00:00Z
source MITRE
title Cybereason Lab Analysis OSX.Pirrit

Zdnet Kimsuky Dec 2018

Cimpanu, C.. (2018, December 5). Cyber-espionage group uses Chrome extension to infect victims. Retrieved August 26, 2019.

Internal MISP references

UUID b17acdc3-0163-4c98-b5fb-a457a7e6b58d which can be used as unique global reference for Zdnet Kimsuky Dec 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-08-26T00:00:00Z
date_published 2018-12-05T00:00:00Z
source MITRE
title Cyber-espionage group uses Chrome extension to infect victims

FireEye APT32 May 2017

Carr, N.. (2017, May 14). Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations. Retrieved June 18, 2017.

Internal MISP references

UUID b72d017b-a70f-4003-b3d9-90d79aca812d which can be used as unique global reference for FireEye APT32 May 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-06-18T00:00:00Z
date_published 2017-05-14T00:00:00Z
source MITRE, Tidal Cyber
title Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations

Shadowserver Strategic Web Compromise

Adair, S., Moran, N. (2012, May 15). Cyber Espionage & Strategic Web Compromises – Trusted Websites Serving Dangerous Results. Retrieved March 13, 2018.

Internal MISP references

UUID cf531866-ac3c-4078-b847-5b4af7eb161f which can be used as unique global reference for Shadowserver Strategic Web Compromise in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-13T00:00:00Z
date_published 2012-05-15T00:00:00Z
source MITRE
title Cyber Espionage & Strategic Web Compromises – Trusted Websites Serving Dangerous Results

CyberKnow Tweet July 7 2022

Cyberknow20. (2022, July 7). CyberKnow Tweet July 7 2022. Retrieved October 10, 2023.

Internal MISP references

UUID a37564a4-ff83-4ce0-818e-80750172f302 which can be used as unique global reference for CyberKnow Tweet July 7 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-10T00:00:00Z
date_published 2022-07-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title CyberKnow Tweet July 7 2022

Cyber Safety Review Board: Lapsus

CISA. (2023, August). Cyber Safety Review Board: Lapsus. Retrieved January 5, 2024.

Internal MISP references

UUID 4b713738-d767-5243-b9af-4d7ac7b0b349 which can be used as unique global reference for Cyber Safety Review Board: Lapsus in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-05T00:00:00Z
date_published 2023-08-01T00:00:00Z
source MITRE
title Cyber Safety Review Board: Lapsus

CISA Scattered Spider Advisory November 2023

CISA. (2023, November 16). Cybersecurity Advisory: Scattered Spider (AA23-320A). Retrieved March 18, 2024.

Internal MISP references

UUID deae8b2c-39dd-5252-b846-88e1cab099c2 which can be used as unique global reference for CISA Scattered Spider Advisory November 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-18T00:00:00Z
date_published 2023-11-16T00:00:00Z
source MITRE
title Cybersecurity Advisory: Scattered Spider (AA23-320A)

NSA NCSC Turla OilRig

NSA/NCSC. (2019, October 21). Cybersecurity Advisory: Turla Group Exploits Iranian APT To Expand Coverage Of Victims. Retrieved October 16, 2020.

Internal MISP references

UUID 3e86a807-5188-4278-9a58-babd23b86410 which can be used as unique global reference for NSA NCSC Turla OilRig in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-16T00:00:00Z
date_published 2019-10-21T00:00:00Z
source MITRE
title Cybersecurity Advisory: Turla Group Exploits Iranian APT To Expand Coverage Of Victims

OPM Leak

Cybersecurity Resource Center. (n.d.). CYBERSECURITY INCIDENTS. Retrieved October 20, 2020.

Internal MISP references

UUID b67ed4e9-ed44-460a-bd59-c978bdfda32f which can be used as unique global reference for OPM Leak in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
source MITRE
title CYBERSECURITY INCIDENTS

ExpressVPN PATH env Windows 2021

ExpressVPN Security Team. (2021, November 16). Cybersecurity lessons: A PATH vulnerability in Windows. Retrieved September 28, 2023.

Internal MISP references

UUID 26096485-1dd6-512a-a2a1-27dbbfb6fde0 which can be used as unique global reference for ExpressVPN PATH env Windows 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-28T00:00:00Z
date_published 2021-11-16T00:00:00Z
source MITRE
title Cybersecurity lessons: A PATH vulnerability in Windows

SCILabs Malteiro 2021

SCILabs. (2021, December 23). Cyber Threat Profile Malteiro. Retrieved March 13, 2024.

Internal MISP references

UUID c6948dfc-b133-556b-a8ac-b3a4dba09c0e which can be used as unique global reference for SCILabs Malteiro 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-13T00:00:00Z
date_published 2021-12-23T00:00:00Z
source MITRE
title Cyber Threat Profile Malteiro

Cyber Threat Profile MALTEIRO – Sciblog

blog.scilabs.mx. (2021, December 23). Cyber Threat Profile MALTEIRO – Sciblog. Retrieved May 17, 2023.

Internal MISP references

UUID 1f46872c-6255-4ce0-a6c3-2bfa9e767765 which can be used as unique global reference for Cyber Threat Profile MALTEIRO – Sciblog in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-17T00:00:00Z
date_published 2021-12-23T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Cyber Threat Profile MALTEIRO – Sciblog

NCSC. (2022, February 23). Cyclops Blink Malware Analysis Report. Retrieved March 3, 2022.

Internal MISP references

UUID 91ed6adf-f066-49e4-8ec7-1989bc6615a6 which can be used as unique global reference for NCSC Cyclops Blink February 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-03T00:00:00Z
date_published 2022-02-23T00:00:00Z
source MITRE
title Cyclops Blink Malware Analysis Report

Haquebord, F. et al. (2022, March 17). Cyclops Blink Sets Sights on Asus Routers. Retrieved March 17, 2022.

Internal MISP references

UUID 64e9a24f-f386-4774-9874-063e0ebfb8e1 which can be used as unique global reference for Trend Micro Cyclops Blink March 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-17T00:00:00Z
date_published 2022-03-17T00:00:00Z
source MITRE
title Cyclops Blink Sets Sights on Asus Routers

Cynet Ragnar Apr 2020

Gold, B. (2020, April 27). Cynet Detection Report: Ragnar Locker Ransomware. Retrieved June 29, 2020.

Internal MISP references

UUID aeb637ea-0b83-42a0-8f68-9fdc59aa462a which can be used as unique global reference for Cynet Ragnar Apr 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-29T00:00:00Z
date_published 2020-04-27T00:00:00Z
source MITRE
title Cynet Detection Report: Ragnar Locker Ransomware

Microsoft DACL May 2018

Microsoft. (2018, May 30). DACLs and ACEs. Retrieved August 19, 2018.

Internal MISP references

UUID 32a250ca-a7eb-4d7f-af38-f3e6a09540e2 which can be used as unique global reference for Microsoft DACL May 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-19T00:00:00Z
date_published 2018-05-30T00:00:00Z
source MITRE
title DACLs and ACEs

Apple Developer Doco Archive Launchd

Apple. (2016, September 13). Daemons and Services Programming Guide - Creating Launch Daemons and Agents. Retrieved February 24, 2021.

Internal MISP references

UUID 41311827-3d81-422a-9b07-ee8ddc2fc7f1 which can be used as unique global reference for Apple Developer Doco Archive Launchd in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-24T00:00:00Z
date_published 2016-09-13T00:00:00Z
source MITRE
title Daemons and Services Programming Guide - Creating Launch Daemons and Agents

Kubernetes DaemonSet

Kubernetes. (n.d.). DaemonSet. Retrieved February 15, 2024.

Internal MISP references

UUID 4e4668bd-9bef-597e-ad41-8afe1974b7f6 which can be used as unique global reference for Kubernetes DaemonSet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-15T00:00:00Z
source MITRE
title DaemonSet

Picus Daixin Team October 24 2022

Huseyin Can Yuceel. (2022, October 24). Daixin Team Targets Healthcare Organizations with Ransomware Attacks. Retrieved December 1, 2023.

Internal MISP references

UUID eba3b1b9-d0a0-4c03-8c14-21f7bbcc8a02 which can be used as unique global reference for Picus Daixin Team October 24 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-01T00:00:00Z
date_published 2022-10-24T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Daixin Team Targets Healthcare Organizations with Ransomware Attacks

Medium Eli Salem GuLoader April 2021

Salem, E. (2021, April 19). Dancing With Shellcodes: Cracking the latest version of Guloader. Retrieved July 7, 2021.

Internal MISP references

UUID 87c5e84a-b96d-489d-aa10-db95b78c5a93 which can be used as unique global reference for Medium Eli Salem GuLoader April 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-07-07T00:00:00Z
date_published 2021-04-19T00:00:00Z
source MITRE
title Dancing With Shellcodes: Cracking the latest version of Guloader

Lookout Dark Caracal Jan 2018

Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.

Internal MISP references

UUID c558f5db-a426-4041-b883-995ec56e7155 which can be used as unique global reference for Lookout Dark Caracal Jan 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-11T00:00:00Z
date_published 2018-01-18T00:00:00Z
source MITRE, Tidal Cyber
title Dark Caracal: Cyber-espionage at a Global Scale

Dark Clouds_Usenix_Mulazzani_08_2011

Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Markus Huber, and Edgar Weippl. (2011, August). Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space. Retrieved July 14, 2022.

Internal MISP references

UUID ee5d2c9c-c704-4f35-baeb-055a35dd04b5 which can be used as unique global reference for Dark Clouds_Usenix_Mulazzani_08_2011 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-14T00:00:00Z
date_published 2011-08-01T00:00:00Z
source MITRE
title Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space

TrendMicro DarkComet Sept 2014

TrendMicro. (2014, September 03). DARKCOMET. Retrieved November 6, 2018.

Internal MISP references

UUID fb365600-4961-43ed-8292-1c07cbc530ef which can be used as unique global reference for TrendMicro DarkComet Sept 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-06T00:00:00Z
date_published 2014-09-03T00:00:00Z
source MITRE
title DARKCOMET

DarkGate Loader delivered via Teams - Truesec

Jakob Nordenlund. (2023, September 6). DarkGate Loader delivered via Teams - Truesec. Retrieved October 20, 2023.

Internal MISP references

UUID 4222a06f-9528-4076-8037-a27012c2930c which can be used as unique global reference for DarkGate Loader delivered via Teams - Truesec in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-20T00:00:00Z
date_published 2023-09-06T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title DarkGate Loader delivered via Teams - Truesec

Bleeping Computer DarkGate October 14 2023

Sergiu Gatlan. (2023, October 14). DarkGate malware spreads through compromised Skype accounts. Retrieved October 20, 2023.

Internal MISP references

UUID 313e5558-d8f9-4457-9004-810d9fa5340c which can be used as unique global reference for Bleeping Computer DarkGate October 14 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-20T00:00:00Z
date_published 2023-10-14T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title DarkGate malware spreads through compromised Skype accounts

Trend Micro DarkGate October 12 2023

Trent Bessell, Ryan Maglaque, Aira Marcelo, Jack Walsh, David Walsh. (2023, October 12). DarkGate Opens Organizations for Attack via Skype, Teams. Retrieved October 20, 2023.

Internal MISP references

UUID 81650f5b-628b-4e76-80d6-2c15cf70d37a which can be used as unique global reference for Trend Micro DarkGate October 12 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-20T00:00:00Z
date_published 2023-10-12T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title DarkGate Opens Organizations for Attack via Skype, Teams

DarkGate - Threat Breakdown Journey

0xToxin. (n.d.). DarkGate - Threat Breakdown Journey. Retrieved October 20, 2023.

Internal MISP references

UUID 8a1ac4b8-05f6-4be9-a866-e3026bc92c7f which can be used as unique global reference for DarkGate - Threat Breakdown Journey in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title DarkGate - Threat Breakdown Journey

Kaspersky Tomiris Sep 2021

Kwiatkoswki, I. and Delcher, P. (2021, September 29). DarkHalo After SolarWinds: the Tomiris connection. Retrieved December 27, 2021.

Internal MISP references

UUID a881a7e4-a1df-4ad2-b67f-ef03caddb721 which can be used as unique global reference for Kaspersky Tomiris Sep 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-27T00:00:00Z
date_published 2021-09-29T00:00:00Z
source MITRE
title DarkHalo After SolarWinds: the Tomiris connection

Volexity SolarWinds

Cash, D. et al. (2020, December 14). Dark Halo Leverages SolarWinds Compromise to Breach Organizations. Retrieved December 29, 2020.

Internal MISP references

UUID 355cecf8-ef3e-4a6e-a652-3bf26fe46d88 which can be used as unique global reference for Volexity SolarWinds in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-29T00:00:00Z
date_published 2020-12-14T00:00:00Z
source MITRE
title Dark Halo Leverages SolarWinds Compromise to Breach Organizations

Securelist Darkhotel Aug 2015

Kaspersky Lab's Global Research & Analysis Team. (2015, August 10). Darkhotel's attacks in 2015. Retrieved November 2, 2018.

Internal MISP references

UUID 5a45be49-f5f1-4d5b-b7da-0a2f38194ec1 which can be used as unique global reference for Securelist Darkhotel Aug 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-02T00:00:00Z
date_published 2015-08-10T00:00:00Z
source MITRE, Tidal Cyber
title Darkhotel's attacks in 2015

Unit42 DarkHydrus Jan 2019

Lee, B., Falcone, R. (2019, January 18). DarkHydrus delivers new Trojan that can use Google Drive for C2 communications. Retrieved April 17, 2019.

Internal MISP references

UUID eb235504-d142-4c6d-9ffd-3c0b0dd23e80 which can be used as unique global reference for Unit42 DarkHydrus Jan 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-17T00:00:00Z
date_published 2019-01-18T00:00:00Z
source MITRE
title DarkHydrus delivers new Trojan that can use Google Drive for C2 communications

Unit 42 Phishery Aug 2018

Falcone, R. (2018, August 07). DarkHydrus Uses Phishery to Harvest Credentials in the Middle East. Retrieved August 10, 2018.

Internal MISP references

UUID ab9d59c1-8ea5-4f9c-b733-b16223ffe84a which can be used as unique global reference for Unit 42 Phishery Aug 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-10T00:00:00Z
date_published 2018-08-07T00:00:00Z
source MITRE
title DarkHydrus Uses Phishery to Harvest Credentials in the Middle East

Darkside Ransomware Cybereason

Cybereason Nocturnus. (2021, April 1). Cybereason vs. Darkside Ransomware. Retrieved August 18, 2021.

Internal MISP references

UUID eded380e-33e9-4fdc-8e1f-b51d650b9731 which can be used as unique global reference for Darkside Ransomware Cybereason in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-18T00:00:00Z
source MITRE
title Darkside Ransomware

DarkSide Ransomware Gang

Ramarcus Baylor. (2021, May 12). DarkSide Ransomware Gang: An Overview. Retrieved August 30, 2022.

Internal MISP references

UUID 5f8d49e8-22da-425f-b63b-a799b97ec2b5 which can be used as unique global reference for DarkSide Ransomware Gang in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-30T00:00:00Z
date_published 2021-05-12T00:00:00Z
source MITRE
title DarkSide Ransomware Gang: An Overview

Secureworks DarkTortilla Aug 2022

Secureworks Counter Threat Unit Research Team. (2022, August 17). DarkTortilla Malware Analysis. Retrieved November 3, 2022.

Internal MISP references

UUID 4b48cc22-55ac-5b61-b183-9008f7db37fd which can be used as unique global reference for Secureworks DarkTortilla Aug 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-11-03T00:00:00Z
date_published 2022-08-17T00:00:00Z
source MITRE
title DarkTortilla Malware Analysis

Securelist DarkVishnya Dec 2018

Golovanov, S. (2018, December 6). DarkVishnya: Banks attacked through direct connection to local network. Retrieved May 15, 2020.

Internal MISP references

UUID da9ac5a7-c644-45fa-ab96-30ac6bfc9f81 which can be used as unique global reference for Securelist DarkVishnya Dec 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-15T00:00:00Z
date_published 2018-12-06T00:00:00Z
source MITRE, Tidal Cyber
title DarkVishnya: Banks attacked through direct connection to local network

Prevailion DarkWatchman 2021

Smith, S., Stafford, M. (2021, December 14). DarkWatchman: A new evolution in fileless techniques. Retrieved January 10, 2022.

Internal MISP references

UUID 449e7b5c-7c62-4a63-a676-80026a597fc9 which can be used as unique global reference for Prevailion DarkWatchman 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-10T00:00:00Z
date_published 2021-12-14T00:00:00Z
source MITRE
title DarkWatchman: A new evolution in fileless techniques

Moran 2014

Moran, N., Oppenheim, M., Engle, S., & Wartell, R.. (2014, September 3). Darwin’s Favorite APT Group [Blog]. Retrieved November 12, 2014.

Internal MISP references

UUID 15ef155b-7628-4b18-bc53-1d30be4eac5d which can be used as unique global reference for Moran 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
date_published 2014-09-03T00:00:00Z
source MITRE, Tidal Cyber
title Darwin’s Favorite APT Group [Blog]

DataSvcUtil.exe - LOLBAS Project

LOLBAS. (2020, December 1). DataSvcUtil.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 0c373780-3202-4036-8c83-f3d468155b35 which can be used as unique global reference for DataSvcUtil.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-12-01T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title DataSvcUtil.exe

Operation Emmental

botconf eu. (2014, December 31). David Sancho - Finding Holes in Banking 2FA: Operation Emmental. Retrieved January 4, 2024.

Internal MISP references

UUID 36443369-4fa9-4802-8b21-68cc382b949f which can be used as unique global reference for Operation Emmental in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-04T00:00:00Z
date_published 2014-12-31T00:00:00Z
source MITRE
title David Sancho - Finding Holes in Banking 2FA: Operation Emmental

Hijacking VNC

Z3RO. (2019, March 10). Day 70: Hijacking VNC (Enum, Brute, Access and Crack). Retrieved September 20, 2021.

Internal MISP references

UUID 7a58938f-058b-4c84-aa95-9c37dcdda1fb which can be used as unique global reference for Hijacking VNC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-20T00:00:00Z
date_published 2019-03-10T00:00:00Z
source MITRE
title Day 70: Hijacking VNC (Enum, Brute, Access and Crack)

DBatLoader Actively Distributing Malwares Targeting European Businesses

Zscaler. (2023, March 27). DBatLoader Actively Distributing Malwares Targeting European Businesses. Retrieved May 7, 2023.

Internal MISP references

UUID 42ee2e91-4dac-41ce-b2ec-fde21c258a28 which can be used as unique global reference for DBatLoader Actively Distributing Malwares Targeting European Businesses in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2023-03-27T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title DBatLoader Actively Distributing Malwares Targeting European Businesses

Microsoft COM ACL

Microsoft. (n.d.). DCOM Security Enhancements in Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1. Retrieved November 22, 2017.

Internal MISP references

UUID 88769217-57f1-46d4-977c-2cb2969db437 which can be used as unique global reference for Microsoft COM ACL in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-22T00:00:00Z
source MITRE
title DCOM Security Enhancements in Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1

DCShadow Blog

Delpy, B. & LE TOUX, V. (n.d.). DCShadow. Retrieved March 20, 2018.

Internal MISP references

UUID 37514816-b8b3-499f-842b-2d8cce9e140b which can be used as unique global reference for DCShadow Blog in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-20T00:00:00Z
source MITRE
title DCShadow

GitHub DCSYNCMonitor

Spencer S. (2018, February 22). DCSYNCMonitor. Retrieved March 30, 2018.

Internal MISP references

UUID be03c794-d9f3-4678-8198-257abf6dcdbd which can be used as unique global reference for GitHub DCSYNCMonitor in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-30T00:00:00Z
date_published 2018-02-22T00:00:00Z
source MITRE
title DCSYNCMonitor

DD Man

Kerrisk, M. (2020, February 2). DD(1) User Commands. Retrieved February 21, 2020.

Internal MISP references

UUID f64bee0d-e37d-45d5-9968-58e622e89bfe which can be used as unique global reference for DD Man in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-21T00:00:00Z
date_published 2020-02-02T00:00:00Z
source MITRE
title DD(1) User Commands

Arbor SSLDoS April 2012

ASERT Team, Netscout Arbor. (2012, April 24). DDoS Attacks on SSL: Something Old, Something New. Retrieved April 22, 2019.

Internal MISP references

UUID b5de4376-0deb-45de-83a0-09df98480464 which can be used as unique global reference for Arbor SSLDoS April 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-22T00:00:00Z
date_published 2012-04-24T00:00:00Z
source MITRE
title DDoS Attacks on SSL: Something Old, Something New

CERT-EU DDoS March 2017

Meintanis, S., Revuelto, V., Socha, K.. (2017, March 10). DDoS Overview and Response Guide. Retrieved April 24, 2019.

Internal MISP references

UUID 64341348-f448-4e56-bf78-442b92e6d435 which can be used as unique global reference for CERT-EU DDoS March 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-24T00:00:00Z
date_published 2017-03-10T00:00:00Z
source MITRE
title DDoS Overview and Response Guide

Unit42 Sofacy Dec 2018

Lee, B., Falcone, R. (2018, December 12). Dear Joohn: The Sofacy Group’s Global Campaign. Retrieved April 19, 2019.

Internal MISP references

UUID 540c4c33-d4c2-4324-94cd-f57646666e32 which can be used as unique global reference for Unit42 Sofacy Dec 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-19T00:00:00Z
date_published 2018-12-12T00:00:00Z
source MITRE
title Dear Joohn: The Sofacy Group’s Global Campaign

Death by 1000 installers; it's all broken!

Patrick Wardle. (2017). Death by 1000 installers; it's all broken!. Retrieved August 8, 2019.

Internal MISP references

UUID 2ae99e9b-cd00-4e60-ba9e-bcc50e709e88 which can be used as unique global reference for Death by 1000 installers; it's all broken! in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-08-08T00:00:00Z
date_published 2017-01-01T00:00:00Z
source MITRE
title Death by 1000 installers; it's all broken!

SpecterOps Lateral Movement from Azure to On-Prem AD 2020

Andy Robbins. (2020, August 17). Death from Above: Lateral Movement from Azure to On-Prem AD. Retrieved March 13, 2023.

Internal MISP references

UUID eb97d3d6-21cb-5f27-9a78-1e8576acecdc which can be used as unique global reference for SpecterOps Lateral Movement from Azure to On-Prem AD 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-13T00:00:00Z
date_published 2020-08-17T00:00:00Z
source MITRE
title Death from Above: Lateral Movement from Azure to On-Prem AD

Microsoft PowerShell SilentlyContinue

Microsoft. (2023, March 2). $DebugPreference. Retrieved August 30, 2023.

Internal MISP references

UUID ece52a64-1c8d-547d-aedc-ff43d7418cd2 which can be used as unique global reference for Microsoft PowerShell SilentlyContinue in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-30T00:00:00Z
date_published 2023-03-02T00:00:00Z
source MITRE
title $DebugPreference

virtualization.info 2006

virtualization.info. (Interviewer) & Liguori, A. (Interviewee). (2006, August 11). Debunking Blue Pill myth [Interview transcript]. Retrieved November 13, 2014.

Internal MISP references

UUID 8ff8fb53-e468-4df7-b7e3-b344be1507ae which can be used as unique global reference for virtualization.info 2006 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-13T00:00:00Z
date_published 2006-08-11T00:00:00Z
source MITRE
title Debunking Blue Pill myth [Interview transcript]

TrendMicro Confucius APT Feb 2018

Lunghi, D and Horejsi, J. (2018, February 13). Deciphering Confucius: A Look at the Group's Cyberespionage Operations. Retrieved December 26, 2021.

Internal MISP references

UUID d1d5a708-75cb-4d41-b2a3-d035a14ac956 which can be used as unique global reference for TrendMicro Confucius APT Feb 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-26T00:00:00Z
date_published 2018-02-13T00:00:00Z
source MITRE, Tidal Cyber
title Deciphering Confucius: A Look at the Group's Cyberespionage Operations

Ciberseguridad Decoding malicious RTF files

Pedrero, R.. (2021, July). Decoding malicious RTF files. Retrieved November 16, 2021.

Internal MISP references

UUID 82d2451b-300f-4891-b1e7-ade53dff1126 which can be used as unique global reference for Ciberseguridad Decoding malicious RTF files in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-11-16T00:00:00Z
date_published 2021-07-01T00:00:00Z
source MITRE
title Decoding malicious RTF files

Nccgroup Gh0st April 2018

Pantazopoulos, N. (2018, April 17). Decoding network data from a Gh0st RAT variant. Retrieved November 2, 2018.

Internal MISP references

UUID 4476aa0a-b1ef-4ac6-9e44-5721a0b3e92b which can be used as unique global reference for Nccgroup Gh0st April 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-02T00:00:00Z
date_published 2018-04-17T00:00:00Z
source MITRE
title Decoding network data from a Gh0st RAT variant

MalwareBytes Template Injection OCT 2017

Segura, J. (2017, October 13). Decoy Microsoft Word document delivers malware through a RAT. Retrieved July 21, 2018.

Internal MISP references

UUID 7ef0ab1f-c7d6-46fe-b489-fab4db623e0a which can be used as unique global reference for MalwareBytes Template Injection OCT 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-21T00:00:00Z
date_published 2017-10-13T00:00:00Z
source MITRE
title Decoy Microsoft Word document delivers malware through a RAT

Crowdstrike PartyTicket March 2022

Crowdstrike. (2022, March 1). Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities. Retrieved March 1, 2022.

Internal MISP references

UUID 8659fea7-7d65-4ee9-8ceb-cf41204b57e0 which can be used as unique global reference for Crowdstrike PartyTicket March 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-01T00:00:00Z
date_published 2022-03-01T00:00:00Z
source MITRE
title Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities

Fortinet Emotet May 2017

Xiaopeng Zhang. (2017, May 3). Deep Analysis of New Emotet Variant – Part 1. Retrieved April 1, 2019.

Internal MISP references

UUID 2b8b6ab4-906f-4732-94f8-eaac5ec0151d which can be used as unique global reference for Fortinet Emotet May 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-01T00:00:00Z
date_published 2017-05-03T00:00:00Z
source MITRE
title Deep Analysis of New Emotet Variant – Part 1

Aqua TeamTNT August 2020

Kol, Roi. Morag, A. (2020, August 25). Deep Analysis of TeamTNT Techniques Using Container Images to Attack. Retrieved September 22, 2021.

Internal MISP references

UUID ca10ad0d-1a47-4006-8f76-c2246aee7752 which can be used as unique global reference for Aqua TeamTNT August 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-22T00:00:00Z
date_published 2020-08-25T00:00:00Z
source MITRE
title Deep Analysis of TeamTNT Techniques Using Container Images to Attack

Bitdefender FIN8 July 2021

Martin Zugec. (2021, July 27). Deep Dive Into a FIN8 Attack - A Forensic Investigation. Retrieved September 1, 2021.

Internal MISP references

UUID aee3179e-1536-40ab-9965-1c10bdaa6dff which can be used as unique global reference for Bitdefender FIN8 July 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-01T00:00:00Z
date_published 2021-07-27T00:00:00Z
source MITRE
title Deep Dive Into a FIN8 Attack - A Forensic Investigation

Cyble Ragnar Locker January 20 2022

Cybleinc. (2022, January 20). Deep dive into Ragnar_locker Ransomware Gang. Retrieved September 29, 2023.

Internal MISP references

UUID 390b3063-8d7b-4dee-b5f7-bfd0804f2e30 which can be used as unique global reference for Cyble Ragnar Locker January 20 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-29T00:00:00Z
date_published 2022-01-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Deep dive into Ragnar_locker Ransomware Gang

Sophos Pikabot June 12 2023

Karl Ackerman. (2023, June 12). Deep dive into the Pikabot cyber threat. Retrieved January 11, 2024.

Internal MISP references

UUID f10c37d8-2efe-4d9e-8987-8978beef7e9d which can be used as unique global reference for Sophos Pikabot June 12 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-11T00:00:00Z
date_published 2023-06-12T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Deep dive into the Pikabot cyber threat

Microsoft Deep Dive Solorigate January 2021

MSTIC, CDOC, 365 Defender Research Team. (2021, January 20). Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop . Retrieved January 22, 2021.

Internal MISP references

UUID ddd70eef-ab94-45a9-af43-c396c9e3fbc6 which can be used as unique global reference for Microsoft Deep Dive Solorigate January 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-22T00:00:00Z
date_published 2021-01-20T00:00:00Z
source MITRE
title Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop

AADInternals - Device Registration

Dr. Nestori Syynimaa. (2021, March 3). Deep-dive to Azure AD device join. Retrieved March 9, 2022.

Internal MISP references

UUID 978b408d-f9e9-422c-b2d7-741f6cc298d4 which can be used as unique global reference for AADInternals - Device Registration in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-09T00:00:00Z
date_published 2021-03-03T00:00:00Z
source MITRE
title Deep-dive to Azure AD device join

Alperovitch 2014

Alperovitch, D. (2014, July 7). Deep in Thought: Chinese Targeting of National Security Think Tanks. Retrieved November 12, 2014.

Internal MISP references

UUID 72e19be9-35dd-4199-bc07-bd9d0c664df6 which can be used as unique global reference for Alperovitch 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
date_published 2014-07-07T00:00:00Z
source MITRE, Tidal Cyber
title Deep in Thought: Chinese Targeting of National Security Think Tanks

DefaultPack.EXE - LOLBAS Project

LOLBAS. (2020, October 1). DefaultPack.EXE. Retrieved December 4, 2023.

Internal MISP references

UUID 106efc3e-5816-44ae-a384-5e026e68ab89 which can be used as unique global reference for DefaultPack.EXE - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-10-01T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title DefaultPack.EXE

Lastline DarkHotel Just In Time Decryption Nov 2015

Arunpreet Singh, Clemens Kolbitsch. (2015, November 5). Defeating Darkhotel Just-In-Time Decryption. Retrieved April 15, 2021.

Internal MISP references

UUID e43341ae-178f-43ba-9d66-f4d0380d2c59 which can be used as unique global reference for Lastline DarkHotel Just In Time Decryption Nov 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-15T00:00:00Z
date_published 2015-11-05T00:00:00Z
source MITRE
title Defeating Darkhotel Just-In-Time Decryption

piazza launch agent mitigation

Antonio Piazza (4n7m4n). (2021, November 23). Defeating Malicious Launch Persistence. Retrieved April 19, 2022.

Internal MISP references

UUID 8a3591f2-34b0-4914-bb42-d4621966faed which can be used as unique global reference for piazza launch agent mitigation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-19T00:00:00Z
date_published 2021-11-23T00:00:00Z
source MITRE
title Defeating Malicious Launch Persistence

VectorSec ForFiles Aug 2017

vector_sec. (2017, August 11). Defenders watching launches of cmd? What about forfiles?. Retrieved January 22, 2018.

Internal MISP references

UUID 8088d15d-9512-4d12-a99a-c76ad9dc3390 which can be used as unique global reference for VectorSec ForFiles Aug 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-22T00:00:00Z
date_published 2017-08-11T00:00:00Z
source MITRE
title Defenders watching launches of cmd? What about forfiles?

Black Hat 2015 App Shim

Pierce, Sean. (2015, November). Defending Against Malicious Application Compatibility Shims. Retrieved June 22, 2017.

Internal MISP references

UUID 19e3cddb-b077-40cf-92e0-131b12efa4f7 which can be used as unique global reference for Black Hat 2015 App Shim in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-06-22T00:00:00Z
date_published 2015-11-01T00:00:00Z
source MITRE
title Defending Against Malicious Application Compatibility Shims

TechNet O365 Outlook Rules

Koeller, B.. (2018, February 21). Defending Against Rules and Forms Injection. Retrieved November 5, 2019.

Internal MISP references

UUID c7f9bd2f-254a-4254-8a92-a3ab02455fcb which can be used as unique global reference for TechNet O365 Outlook Rules in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-11-05T00:00:00Z
date_published 2018-02-21T00:00:00Z
source MITRE
title Defending Against Rules and Forms Injection

Defending Against Scheduled Task Attacks in Windows Environments

Harshal Tupsamudre. (2022, June 20). Defending Against Scheduled Tasks. Retrieved July 5, 2022.

Internal MISP references

UUID 111d21df-5531-4927-a173-fac9cd7672b3 which can be used as unique global reference for Defending Against Scheduled Task Attacks in Windows Environments in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-05T00:00:00Z
date_published 2022-06-20T00:00:00Z
source MITRE
title Defending Against Scheduled Tasks

Rapid7 HAFNIUM Mar 2021

Eoin Miller. (2021, March 23). Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange. Retrieved October 27, 2022.

Internal MISP references

UUID cf05d229-c2ba-54f2-a79d-4b7c9185c663 which can be used as unique global reference for Rapid7 HAFNIUM Mar 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-10-27T00:00:00Z
date_published 2021-03-23T00:00:00Z
source MITRE
title Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange

Microsoft SQL Server

Microsoft Threat Intelligence. (2023, October 3). Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement. Retrieved October 3, 2023.

Internal MISP references

UUID a904fde8-b8f9-5411-ab46-0dacf39cc81f which can be used as unique global reference for Microsoft SQL Server in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-03T00:00:00Z
date_published 2023-10-03T00:00:00Z
source MITRE
title Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement

rundll32.exe defense evasion

Ariel silver. (2022, February 1). Defense Evasion Techniques. Retrieved April 8, 2022.

Internal MISP references

UUID 0f31f0ff-9ddb-4ea9-88d0-7b3b688764af which can be used as unique global reference for rundll32.exe defense evasion in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-08T00:00:00Z
date_published 2022-02-01T00:00:00Z
source MITRE
title Defense Evasion Techniques

def_ev_win_event_logging

Chandel, R. (2021, April 22). Defense Evasion: Windows Event Logging (T1562.002). Retrieved September 14, 2021.

Internal MISP references

UUID 166e3a8a-047a-4798-b6cb-5aa36903a764 which can be used as unique global reference for def_ev_win_event_logging in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-14T00:00:00Z
date_published 2021-04-22T00:00:00Z
source MITRE
title Defense Evasion: Windows Event Logging (T1562.002)

Kaspersky DeftTorero October 3 2022

Global Research & Analysis Team. (2022, October 3). DeftTorero: tactics, techniques and procedures of intrusions revealed. Retrieved October 25, 2023.

Internal MISP references

UUID f6b43988-4d8b-455f-865e-3150e43d4f11 which can be used as unique global reference for Kaspersky DeftTorero October 3 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-25T00:00:00Z
date_published 2022-10-03T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title DeftTorero: tactics, techniques and procedures of intrusions revealed

TechNet Del

Microsoft. (n.d.). Del. Retrieved April 22, 2016.

Internal MISP references

UUID 01fc44b9-0eb3-4fd2-b755-d611825374ae which can be used as unique global reference for TechNet Del in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-22T00:00:00Z
source MITRE
title Del

Hunters Domain Wide Delegation Google Workspace 2023

Yonatan Khanashvilli. (2023, November 28). DeleFriend: Severe design flaw in Domain Wide Delegation could leave Google Workspace vulnerable for takeover. Retrieved January 16, 2024.

Internal MISP references

UUID 290cebe1-a2fd-5ccd-8ef6-afa9d4c3c9df which can be used as unique global reference for Hunters Domain Wide Delegation Google Workspace 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-16T00:00:00Z
date_published 2023-11-28T00:00:00Z
source MITRE
title DeleFriend: Severe design flaw in Domain Wide Delegation could leave Google Workspace vulnerable for takeover

Azure Shared Access Signature

Delegate access with a shared access signature. (2019, December 18). Delegate access with a shared access signature. Retrieved March 2, 2022.

Internal MISP references

UUID f6ffe1ef-13f3-4225-b714-cfb89aaaf3fa which can be used as unique global reference for Azure Shared Access Signature in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-02T00:00:00Z
date_published 2019-12-18T00:00:00Z
source MITRE
title Delegate access with a shared access signature

Register Deloitte

Thomson, I. (2017, September 26). Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked'. Retrieved October 19, 2020.

Internal MISP references

UUID e6b10687-8666-4c9c-ac77-1988378e096d which can be used as unique global reference for Register Deloitte in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
date_published 2017-09-26T00:00:00Z
source MITRE
title Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked'

Talos Micropsia June 2017

Rascagneres, P., Mercer, W. (2017, June 19). Delphi Used To Score Against Palestine. Retrieved November 13, 2018.

Internal MISP references

UUID c727152c-079a-4ff9-a0e5-face919cf59b which can be used as unique global reference for Talos Micropsia June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-13T00:00:00Z
date_published 2017-06-19T00:00:00Z
source MITRE
title Delphi Used To Score Against Palestine

TrendMicro EarthLusca 2022

Chen, J., et al. (2022). Delving Deep: An Analysis of Earth Lusca’s Operations. Retrieved July 1, 2022.

Internal MISP references

UUID f6e1bffd-e35b-4eae-b9bf-c16a82bf7004 which can be used as unique global reference for TrendMicro EarthLusca 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-01T00:00:00Z
date_published 2022-01-01T00:00:00Z
source MITRE
title Delving Deep: An Analysis of Earth Lusca’s Operations

Warren, R. (2017, August 2). Demiguise: virginkey.js. Retrieved January 17, 2019.

Internal MISP references

UUID 2e55d33a-fe75-4397-b6f0-a28d397b4c24 which can be used as unique global reference for Demiguise Guardrail Router Logo in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-01-17T00:00:00Z
date_published 2017-08-02T00:00:00Z
source MITRE
title Demiguise: virginkey.js

FireEye Hacking Team

FireEye Threat Intelligence. (2015, July 13). Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak. Retrieved January 25, 2016.

Internal MISP references

UUID c1e798b8-6771-4ba7-af25-69c640321e40 which can be used as unique global reference for FireEye Hacking Team in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-25T00:00:00Z
date_published 2015-07-13T00:00:00Z
source MITRE
title Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak

Demystifying Azure AD Service Principals

Bellavance, Ned. (2019, July 16). Demystifying Azure AD Service Principals. Retrieved January 19, 2020.

Internal MISP references

UUID 3e285884-2191-4773-9243-74100ce177c8 which can be used as unique global reference for Demystifying Azure AD Service Principals in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-01-19T00:00:00Z
date_published 2019-07-16T00:00:00Z
source MITRE
title Demystifying Azure AD Service Principals

demystifying_ryuk

Tran, T. (2020, November 24). Demystifying Ransomware Attacks Against Microsoft Defender Solution. Retrieved January 26, 2022.

Internal MISP references

UUID 3dc684c7-14de-4dc0-9f11-79160c4f5038 which can be used as unique global reference for demystifying_ryuk in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-26T00:00:00Z
date_published 2020-11-24T00:00:00Z
source MITRE
title Demystifying Ransomware Attacks Against Microsoft Defender Solution

DOJ Iran Indictments September 2020

DOJ. (2020, September 17). Department of Justice and Partner Departments and Agencies Conduct Coordinated Actions to Disrupt and Deter Iranian Malicious Cyber Activities Targeting the United States and the Broader International Community. Retrieved December 10, 2020.

Internal MISP references

UUID f30a77dd-d1d0-41b8-b82a-461dd6cd126f which can be used as unique global reference for DOJ Iran Indictments September 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-10T00:00:00Z
date_published 2020-09-17T00:00:00Z
source MITRE
title Department of Justice and Partner Departments and Agencies Conduct Coordinated Actions to Disrupt and Deter Iranian Malicious Cyber Activities Targeting the United States and the Broader International Community

Microsoft GitHub Device Guard CI Policies

Microsoft. (2017, June 16). Deploy code integrity policies: steps. Retrieved June 28, 2017.

Internal MISP references

UUID 9646af1a-19fe-44c9-96ca-3c8ec097c3db which can be used as unique global reference for Microsoft GitHub Device Guard CI Policies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-06-28T00:00:00Z
date_published 2017-06-16T00:00:00Z
source MITRE
title Deploy code integrity policies: steps

Microsoft Deploying AD Federation

Microsoft. (n.d.). Deploying Active Directory Federation Services in Azure. Retrieved March 13, 2020.

Internal MISP references

UUID beeb460e-4dba-42fb-8109-0861cd0df562 which can be used as unique global reference for Microsoft Deploying AD Federation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-13T00:00:00Z
source MITRE
title Deploying Active Directory Federation Services in Azure

Apple Kernel Extension Deprecation

Apple. (n.d.). Deprecated Kernel Extensions and System Extension Alternatives. Retrieved November 4, 2020.

Internal MISP references

UUID 86053c5a-f2dd-4eb3-9dc2-6a6a4e1c2ae5 which can be used as unique global reference for Apple Kernel Extension Deprecation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-04T00:00:00Z
source MITRE
title Deprecated Kernel Extensions and System Extension Alternatives

Amazon Describe Instance

Amazon. (n.d.). describe-instance-information. Retrieved March 3, 2020.

Internal MISP references

UUID c0b6a8a4-0d94-414d-b5ab-cf5485240dee which can be used as unique global reference for Amazon Describe Instance in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-03T00:00:00Z
source MITRE
title describe-instance-information

Amazon Describe Instances API

Amazon. (n.d.). DescribeInstances. Retrieved May 26, 2020.

Internal MISP references

UUID 95629746-43d2-4f41-87da-4bd44a43ef4a which can be used as unique global reference for Amazon Describe Instances API in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-26T00:00:00Z
source MITRE
title DescribeInstances

DescribeSecurityGroups - Amazon Elastic Compute Cloud

Amazon Web Services, Inc. . (2022). DescribeSecurityGroups. Retrieved January 28, 2022.

Internal MISP references

UUID aa953df5-40b5-42d2-9e33-a227a093497f which can be used as unique global reference for DescribeSecurityGroups - Amazon Elastic Compute Cloud in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-28T00:00:00Z
date_published 2022-01-01T00:00:00Z
source MITRE
title DescribeSecurityGroups

Microsoft RunOnceEx APR 2018

Microsoft. (2018, August 20). Description of the RunOnceEx Registry Key. Retrieved June 29, 2018.

Internal MISP references

UUID f80bb86f-ce75-4778-bdee-777cf37a6de7 which can be used as unique global reference for Microsoft RunOnceEx APR 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-06-29T00:00:00Z
date_published 2018-08-20T00:00:00Z
source MITRE
title Description of the RunOnceEx Registry Key

Designing Daemons Apple Dev

Apple. (n.d.). Retrieved October 12, 2021.

Internal MISP references

UUID 4baac228-1f6a-4c65-ae98-5a542600dfc6 which can be used as unique global reference for Designing Daemons Apple Dev in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-12T00:00:00Z
source MITRE
title Designing Daemons Apple Dev

Desk.cpl - LOLBAS Project

LOLBAS. (2022, April 21). Desk.cpl. Retrieved December 4, 2023.

Internal MISP references

UUID 487a54d9-9f90-478e-b305-bd041af55e12 which can be used as unique global reference for Desk.cpl - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-04-21T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Desk.cpl

Free Desktop Application Autostart Feb 2006

Free Desktop. (2006, February 13). Desktop Application Autostart Specification. Retrieved September 12, 2019.

Internal MISP references

UUID 0885434e-3908-4425-9597-ce6abe531ca5 which can be used as unique global reference for Free Desktop Application Autostart Feb 2006 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-12T00:00:00Z
date_published 2006-02-13T00:00:00Z
source MITRE
title Desktop Application Autostart Specification

Desktopimgdownldr.exe - LOLBAS Project

LOLBAS. (2020, June 28). Desktopimgdownldr.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 1df3aacf-76c4-472a-92c8-2a85ae9e2860 which can be used as unique global reference for Desktopimgdownldr.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-06-28T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Desktopimgdownldr.exe

CISA AA22-057A Destructive Malware February 2022

CISA. (2022, February 26). Destructive Malware Targeting Organizations in Ukraine. Retrieved March 25, 2022.

Internal MISP references

UUID 18684085-c156-4610-8b1f-cc9646f2c06e which can be used as unique global reference for CISA AA22-057A Destructive Malware February 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-25T00:00:00Z
date_published 2022-02-26T00:00:00Z
source MITRE
title Destructive Malware Targeting Organizations in Ukraine

Microsoft WhisperGate January 2022

MSTIC. (2022, January 15). Destructive malware targeting Ukrainian organizations. Retrieved March 10, 2022.

Internal MISP references

UUID e0c1fcd3-b7a8-42af-8984-873a6f969975 which can be used as unique global reference for Microsoft WhisperGate January 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-10T00:00:00Z
date_published 2022-01-15T00:00:00Z
source MITRE
title Destructive malware targeting Ukrainian organizations

URI Unique

Australian Cyber Security Centre. National Security Agency. (2020, April 21). Detect and Prevent Web Shell Malware. Retrieved February 9, 2024.

Internal MISP references

UUID b91963c4-07ea-5e36-9cc8-8a2149ee7473 which can be used as unique global reference for URI Unique in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-09T00:00:00Z
date_published 2020-04-21T00:00:00Z
source MITRE
title Detect and Prevent Web Shell Malware

NSA and ASD Detect and Prevent Web Shells 2020

NSA and ASD. (2020, April 3). Detect and Prevent Web Shell Malware. Retrieved July 23, 2021.

Internal MISP references

UUID e9a882a5-1a88-4fdf-9349-205f4fa167c9 which can be used as unique global reference for NSA and ASD Detect and Prevent Web Shells 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-07-23T00:00:00Z
date_published 2020-04-03T00:00:00Z
source MITRE
title Detect and Prevent Web Shell Malware

Microsoft Detect Outlook Forms

Fox, C., Vangel, D. (2018, April 22). Detect and Remediate Outlook Rules and Custom Forms Injections Attacks in Office 365. Retrieved February 4, 2019.

Internal MISP references

UUID fd63775c-8482-477d-ab41-8c64ca17b602 which can be used as unique global reference for Microsoft Detect Outlook Forms in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-04T00:00:00Z
date_published 2018-04-22T00:00:00Z
source MITRE
title Detect and Remediate Outlook Rules and Custom Forms Injections Attacks in Office 365

ADDSecurity DCShadow Feb 2018

Lucand,G. (2018, February 18). Detect DCShadow, impossible?. Retrieved March 30, 2018.

Internal MISP references

UUID c1cd4767-b5a1-4821-8574-b5782a83920f which can be used as unique global reference for ADDSecurity DCShadow Feb 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-30T00:00:00Z
date_published 2018-02-18T00:00:00Z
source MITRE
title Detect DCShadow, impossible?

Pace University Detecting DGA May 2017

Chen, L., Wang, T.. (2017, May 5). Detecting Algorithmically Generated Domains Using Data Visualization and N-Grams Methods . Retrieved April 26, 2019.

Internal MISP references

UUID 7a4e7e05-986b-4549-a021-8c3c729bd3cc which can be used as unique global reference for Pace University Detecting DGA May 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-26T00:00:00Z
date_published 2017-05-05T00:00:00Z
source MITRE
title Detecting Algorithmically Generated Domains Using Data Visualization and N-Grams Methods

MDSec Detecting DOTNET

MDSec Research. (n.d.). Detecting and Advancing In-Memory .NET Tradecraft. Retrieved October 4, 2021.

Internal MISP references

UUID a7952f0e-6690-48de-ad93-9922d6d6989c which can be used as unique global reference for MDSec Detecting DOTNET in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-04T00:00:00Z
source MITRE
title Detecting and Advancing In-Memory .NET Tradecraft

Cisco DoSdetectNetflow

Cisco. (n.d.). Detecting and Analyzing Network Threats With NetFlow. Retrieved April 25, 2019.

Internal MISP references

UUID ce447063-ec9a-4729-aaec-64ec123077ce which can be used as unique global reference for Cisco DoSdetectNetflow in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-25T00:00:00Z
source MITRE
title Detecting and Analyzing Network Threats With NetFlow

RSA2017 Detect and Respond Adair

Adair, S. (2017, February 17). Detecting and Responding to Advanced Threats within Exchange Environments. Retrieved March 20, 2017.

Internal MISP references

UUID 005a276c-3369-4d29-bf0e-c7fa4e7d90bb which can be used as unique global reference for RSA2017 Detect and Respond Adair in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-20T00:00:00Z
date_published 2017-02-17T00:00:00Z
source MITRE
title Detecting and Responding to Advanced Threats within Exchange Environments

Nmap Firewalls NIDS

Nmap. (n.d.). Chapter 10. Detecting and Subverting Firewalls and Intrusion Detection Systems. Retrieved October 20, 2020.

Internal MISP references

UUID c696ac8c-2c7a-4708-a369-0832a493e0a6 which can be used as unique global reference for Nmap Firewalls NIDS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
source MITRE
title Detecting and Subverting Firewalls and Intrusion Detection Systems

Medium Detecting Attempts to Steal Passwords from Memory

French, D. (2018, October 2). Detecting Attempts to Steal Passwords from Memory. Retrieved October 11, 2019.

Internal MISP references

UUID 63955204-3cf9-4628-88d2-361de4dae94f which can be used as unique global reference for Medium Detecting Attempts to Steal Passwords from Memory in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-11T00:00:00Z
date_published 2018-10-02T00:00:00Z
source MITRE
title Detecting Attempts to Steal Passwords from Memory

Endurant CMSTP July 2018

Seetharaman, N. (2018, July 7). Detecting CMSTP-Enabled Code Execution and UAC Bypass With Sysmon.. Retrieved August 6, 2018.

Internal MISP references

UUID d67901a4-8774-42d3-98de-c20158f88eb6 which can be used as unique global reference for Endurant CMSTP July 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-06T00:00:00Z
date_published 2018-07-07T00:00:00Z
source MITRE
title Detecting CMSTP-Enabled Code Execution and UAC Bypass With Sysmon.

Red Canary COR_PROFILER May 2020

Brown, J. (2020, May 7). Detecting COR_PROFILER manipulation for persistence. Retrieved June 24, 2020.

Internal MISP references

UUID 3d8cb4d3-1cbe-416a-95b5-15003cbc2beb which can be used as unique global reference for Red Canary COR_PROFILER May 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-24T00:00:00Z
date_published 2020-05-07T00:00:00Z
source MITRE
title Detecting COR_PROFILER manipulation for persistence

NVisio Labs DDE Detection Oct 2017

NVISO Labs. (2017, October 11). Detecting DDE in MS Office documents. Retrieved November 21, 2017.

Internal MISP references

UUID 75ccde9a-2d51-4492-9a8a-02fce30f9167 which can be used as unique global reference for NVisio Labs DDE Detection Oct 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-21T00:00:00Z
date_published 2017-10-11T00:00:00Z
source MITRE
title Detecting DDE in MS Office documents

Zhang 2013

Zhang, H., Papadopoulos, C., & Massey, D. (2013, April). Detecting encrypted botnet traffic. Retrieved August 19, 2015.

Internal MISP references

UUID 29edb7ad-3b3a-4fdb-9c4e-bb99fc2a1c67 which can be used as unique global reference for Zhang 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-08-19T00:00:00Z
date_published 2013-04-01T00:00:00Z
source MITRE
title Detecting encrypted botnet traffic

ADSecurity Detecting Forged Tickets

Metcalf, S. (2015, May 03). Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory. Retrieved December 23, 2015.

Internal MISP references

UUID 4c328a1a-6a83-4399-86c5-d6e1586da8a3 which can be used as unique global reference for ADSecurity Detecting Forged Tickets in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-12-23T00:00:00Z
date_published 2015-05-03T00:00:00Z
source MITRE
title Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory

Microsoft Detecting Kerberoasting Feb 2018

Bani, M. (2018, February 23). Detecting Kerberoasting activity using Azure Security Center. Retrieved March 23, 2018.

Internal MISP references

UUID b36d82a8-82ca-4f22-85c0-ee82be3b6940 which can be used as unique global reference for Microsoft Detecting Kerberoasting Feb 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-23T00:00:00Z
date_published 2018-02-23T00:00:00Z
source MITRE
title Detecting Kerberoasting activity using Azure Security Center

Medium Detecting Lateral Movement

French, D. (2018, September 30). Detecting Lateral Movement Using Sysmon and Splunk. Retrieved October 11, 2019.

Internal MISP references

UUID 91bea3c2-df54-424e-8667-035e6e15fe38 which can be used as unique global reference for Medium Detecting Lateral Movement in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-11T00:00:00Z
date_published 2018-09-30T00:00:00Z
source MITRE
title Detecting Lateral Movement Using Sysmon and Splunk

macOS root VNC login without authentication

Nick Miles. (2017, November 30). Detecting macOS High Sierra root account without authentication. Retrieved September 20, 2021.

Internal MISP references

UUID 4dc6ea85-a41b-4218-a9ae-e1eea841f2f2 which can be used as unique global reference for macOS root VNC login without authentication in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-20T00:00:00Z
date_published 2017-11-30T00:00:00Z
source MITRE
title Detecting macOS High Sierra root account without authentication

Sans Virtual Jan 2016

Keragala, D. (2016, January 16). Detecting Malware and Sandbox Evasion Techniques. Retrieved April 17, 2019.

Internal MISP references

UUID 5d3d567c-dc25-44c1-8d2a-71ae00b60dbe which can be used as unique global reference for Sans Virtual Jan 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-17T00:00:00Z
date_published 2016-01-16T00:00:00Z
source MITRE
title Detecting Malware and Sandbox Evasion Techniques

Mandiant Azure AD Backdoors

Mike Burns. (2020, September 30). Detecting Microsoft 365 and Azure Active Directory Backdoors. Retrieved September 28, 2022.

Internal MISP references

UUID 7b4502ff-a45c-4ba7-b00e-ca9f6e9c2ac8 which can be used as unique global reference for Mandiant Azure AD Backdoors in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-28T00:00:00Z
date_published 2020-09-30T00:00:00Z
source MITRE
title Detecting Microsoft 365 and Azure Active Directory Backdoors

CounterCept PPID Spoofing Dec 2018

Loh, I. (2018, December 21). Detecting Parent PID Spoofing. Retrieved June 3, 2019.

Internal MISP references

UUID a1fdb8db-4c5f-4fb9-a013-b232cd8471f8 which can be used as unique global reference for CounterCept PPID Spoofing Dec 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-03T00:00:00Z
date_published 2018-12-21T00:00:00Z
source MITRE
title Detecting Parent PID Spoofing

CISA SolarWinds Cloud Detection

CISA. (2021, January 8). Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments. Retrieved January 8, 2021.

Internal MISP references

UUID b8fd5fe3-dbfa-4f28-a9b5-39f1d7db9e62 which can be used as unique global reference for CISA SolarWinds Cloud Detection in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-08T00:00:00Z
date_published 2021-01-08T00:00:00Z
source MITRE
title Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments

Detecting Rclone

Aaron Greetham. (2021, May 27). Detecting Rclone – An Effective Tool for Exfiltration. Retrieved August 30, 2022.

Internal MISP references

UUID 2e44290c-32f5-4e7f-96de-9874df79fe89 which can be used as unique global reference for Detecting Rclone in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-30T00:00:00Z
date_published 2021-05-27T00:00:00Z
source MITRE
title Detecting Rclone – An Effective Tool for Exfiltration

Medium Detecting WMI Persistence

French, D. (2018, October 9). Detecting & Removing an Attacker’s WMI Persistence. Retrieved October 11, 2019.

Internal MISP references

UUID 539e7cd0-d1e9-46ba-96fe-d8a1061c857e which can be used as unique global reference for Medium Detecting WMI Persistence in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-11T00:00:00Z
date_published 2018-10-09T00:00:00Z
source MITRE
title Detecting & Removing an Attacker’s WMI Persistence

Okta Scatter Swine 2022

Okta. (2022, August 25). Detecting Scatter Swine: Insights into a Relentless Phishing Campaign. Retrieved February 24, 2023.

Internal MISP references

UUID 66d1b6e2-c069-5832-b549-fc5f0edeed40 which can be used as unique global reference for Okta Scatter Swine 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-24T00:00:00Z
date_published 2022-08-25T00:00:00Z
source MITRE
title Detecting Scatter Swine: Insights into a Relentless Phishing Campaign

Splunk Supernova Jan 2021

Stoner, J. (2021, January 21). Detecting Supernova Malware: SolarWinds Continued. Retrieved February 22, 2021.

Internal MISP references

UUID 7e43bda5-0978-46aa-b3b3-66ffb62b9fdb which can be used as unique global reference for Splunk Supernova Jan 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-22T00:00:00Z
date_published 2021-01-21T00:00:00Z
source MITRE
title Detecting Supernova Malware: SolarWinds Continued

Microsoft Winnti Jan 2017

Cap, P., et al. (2017, January 25). Detecting threat actors in recent German industrial attacks with Windows Defender ATP. Retrieved February 8, 2017.

Internal MISP references

UUID 6b63fac9-4bde-4fc8-a016-e77c8485fab7 which can be used as unique global reference for Microsoft Winnti Jan 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-02-08T00:00:00Z
date_published 2017-01-25T00:00:00Z
source MITRE
title Detecting threat actors in recent German industrial attacks with Windows Defender ATP

Chokepoint preload rootkits

stderr. (2014, February 14). Detecting Userland Preload Rootkits. Retrieved December 20, 2017.

Internal MISP references

UUID 16c00830-eade-40e2-9ee6-6e1af4b58e5d which can be used as unique global reference for Chokepoint preload rootkits in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 2014-02-14T00:00:00Z
source MITRE
title Detecting Userland Preload Rootkits

Sygnia Golden SAML

Sygnia. (2020, December). Detection and Hunting of Golden SAML Attack. Retrieved January 6, 2021.

Internal MISP references

UUID 1a6673b0-2a30-481e-a2a4-9e17e2676c5d which can be used as unique global reference for Sygnia Golden SAML in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-06T00:00:00Z
date_published 2020-12-01T00:00:00Z
source MITRE
title Detection and Hunting of Golden SAML Attack

FireEye Exchange Zero Days March 2021

Bromiley, M. et al. (2021, March 4). Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities. Retrieved March 9, 2021.

Internal MISP references

UUID 5e5452a4-c3f5-4802-bcb4-198612cc8282 which can be used as unique global reference for FireEye Exchange Zero Days March 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-09T00:00:00Z
date_published 2021-03-04T00:00:00Z
source MITRE
title Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities

Microsoft DEV-0537

Microsoft. (2022, March 22). DEV-0537 criminal actor targeting organizations for data exfiltration and destruction. Retrieved March 23, 2022.

Internal MISP references

UUID 2f7a59f3-620d-4e2e-8595-af96cd4e16c3 which can be used as unique global reference for Microsoft DEV-0537 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-23T00:00:00Z
date_published 2022-03-22T00:00:00Z
source MITRE
title DEV-0537 criminal actor targeting organizations for data exfiltration and destruction

MSTIC DEV-0537 Mar 2022

MSTIC, DART, M365 Defender. (2022, March 24). DEV-0537 Criminal Actor Targeting Organizations for Data Exfiltration and Destruction. Retrieved May 17, 2022.

Internal MISP references

UUID a9ce7e34-6e7d-4681-9869-8e8f2b5b0390 which can be used as unique global reference for MSTIC DEV-0537 Mar 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-17T00:00:00Z
date_published 2022-03-24T00:00:00Z
source MITRE
title DEV-0537 Criminal Actor Targeting Organizations for Data Exfiltration and Destruction

Microsoft Royal ransomware November 2022

MSTIC. (2022, November 17). DEV-0569 finds new ways to deliver Royal ransomware, various payloads. Retrieved March 30, 2023.

Internal MISP references

UUID 91efc6bf-e15c-514a-96c1-e838268d222f which can be used as unique global reference for Microsoft Royal ransomware November 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-30T00:00:00Z
date_published 2022-11-17T00:00:00Z
source MITRE
title DEV-0569 finds new ways to deliver Royal ransomware, various payloads

Cisco IOS Forensics Developments

Felix 'FX' Lindner. (2008, February). Developments in Cisco IOS Forensics. Retrieved October 21, 2020.

Internal MISP references

UUID 95fdf251-f40d-4f7a-bb12-8762e9c961b9 which can be used as unique global reference for Cisco IOS Forensics Developments in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-21T00:00:00Z
date_published 2008-02-01T00:00:00Z
source MITRE
title Developments in Cisco IOS Forensics

DeviceCredentialDeployment.exe - LOLBAS Project

LOLBAS. (2021, August 16). DeviceCredentialDeployment.exe. Retrieved December 4, 2023.

Internal MISP references

UUID fef281e8-8138-4420-b11b-66d1e6a19805 which can be used as unique global reference for DeviceCredentialDeployment.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-08-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title DeviceCredentialDeployment.exe

GitHub mattifestation DeviceGuardBypass

Graeber, M. (2016, November 13). DeviceGuardBypassMitigationRules. Retrieved November 30, 2016.

Internal MISP references

UUID 4ecd64b4-8014-447a-91d2-a431f4adbfcd which can be used as unique global reference for GitHub mattifestation DeviceGuardBypass in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-11-30T00:00:00Z
date_published 2016-11-13T00:00:00Z
source MITRE
title DeviceGuardBypassMitigationRules

Devinit.exe - LOLBAS Project

LOLBAS. (2022, January 20). Devinit.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 27343583-c17d-4c11-a7e3-14d725756556 which can be used as unique global reference for Devinit.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-01-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Devinit.exe

Devtoolslauncher.exe - LOLBAS Project

LOLBAS. (2019, October 4). Devtoolslauncher.exe. Retrieved December 4, 2023.

Internal MISP references

UUID cb263978-019c-40c6-b6de-61db0e7a8941 which can be used as unique global reference for Devtoolslauncher.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2019-10-04T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Devtoolslauncher.exe

devtunnel.exe - LOLBAS Project

LOLBAS. (2023, September 16). devtunnel.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 657c8b4c-1eee-4997-8461-c7592eaed9e8 which can be used as unique global reference for devtunnel.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2023-09-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title devtunnel.exe

Dfshim.dll - LOLBAS Project

LOLBAS. (2018, May 25). Dfshim.dll. Retrieved December 4, 2023.

Internal MISP references

UUID 30503e42-6047-46a9-8189-e6caa5f4deb0 which can be used as unique global reference for Dfshim.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Dfshim.dll

Dfsvc.exe - LOLBAS Project

LOLBAS. (2018, May 25). Dfsvc.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 7f3a78c0-68b2-4a9d-ae6a-6e63e8ddac3f which can be used as unique global reference for Dfsvc.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Dfsvc.exe

dhcp_serv_op_events

Microsoft. (2006, August 31). DHCP Server Operational Events. Retrieved March 7, 2022.

Internal MISP references

UUID e2b1e810-2a78-4553-8927-38ed5fba0f38 which can be used as unique global reference for dhcp_serv_op_events in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-07T00:00:00Z
date_published 2006-08-31T00:00:00Z
source MITRE
title DHCP Server Operational Events

GitHub Diamorphine

Mello, V. (2018, March 8). Diamorphine - LMK rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64). Retrieved April 9, 2018.

Internal MISP references

UUID 92993055-d2e6-46b2-92a3-ad70b62e4cc0 which can be used as unique global reference for GitHub Diamorphine in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-09T00:00:00Z
date_published 2018-03-08T00:00:00Z
source MITRE
title Diamorphine - LMK rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64)

diantz.exe_lolbas

Living Off The Land Binaries, Scripts and Libraries (LOLBAS). (n.d.). Diantz.exe. Retrieved October 25, 2021.

Internal MISP references

UUID 66652db8-5594-414f-8a6b-83d708a0c1fa which can be used as unique global reference for diantz.exe_lolbas in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-25T00:00:00Z
source MITRE
title Diantz.exe

Fortinet Diavol July 2021

Neeamni, D., Rubinfeld, A.. (2021, July 1). Diavol - A New Ransomware Used By Wizard Spider?. Retrieved November 12, 2021.

Internal MISP references

UUID 28c650f2-8ce8-4c78-ab4a-cae56c1548ed which can be used as unique global reference for Fortinet Diavol July 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-11-12T00:00:00Z
date_published 2021-07-01T00:00:00Z
source MITRE
title Diavol - A New Ransomware Used By Wizard Spider?

DFIR Diavol Ransomware December 2021

DFIR Report. (2021, December 13). Diavol Ransomware. Retrieved March 9, 2022.

Internal MISP references

UUID eb89f18d-684c-4220-b2a8-967f1f8f9162 which can be used as unique global reference for DFIR Diavol Ransomware December 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-09T00:00:00Z
date_published 2021-12-13T00:00:00Z
source MITRE
title Diavol Ransomware

Überwachung APT28 Forfiles June 2015

Guarnieri, C. (2015, June 19). Digital Attack on German Parliament: Investigative Report on the Hack of the Left Party Infrastructure in Bundestag. Retrieved January 22, 2018.

Internal MISP references

UUID 3b85fff0-88d8-4df6-af0b-66e57492732e which can be used as unique global reference for Überwachung APT28 Forfiles June 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-22T00:00:00Z
date_published 2015-06-19T00:00:00Z
source MITRE
title Digital Attack on German Parliament: Investigative Report on the Hack of the Left Party Infrastructure in Bundestag

Microsoft DSE June 2017

Microsoft. (2017, June 1). Digital Signatures for Kernel Modules on Windows. Retrieved April 22, 2021.

Internal MISP references

UUID 451bdfe3-0b30-425c-97a0-44727b70c1da which can be used as unique global reference for Microsoft DSE June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-22T00:00:00Z
date_published 2017-06-01T00:00:00Z
source MITRE
title Digital Signatures for Kernel Modules on Windows

Microsoft East Asia Threats September 2023

Microsoft Threat Intelligence. (2023, September). Digital threats from East Asia increase in breadth and effectiveness. Retrieved February 5, 2024.

Internal MISP references

UUID 31f2c61e-cefe-5df7-9c2b-780bf03c88ec which can be used as unique global reference for Microsoft East Asia Threats September 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-05T00:00:00Z
date_published 2023-09-01T00:00:00Z
source MITRE
title Digital threats from East Asia increase in breadth and effectiveness

ESET Turla Mosquito Jan 2018

ESET, et al. (2018, January). Diplomats in Eastern Europe bitten by a Turla mosquito. Retrieved July 3, 2018.

Internal MISP references

UUID cd177c2e-ef22-47be-9926-61e25fd5f33b which can be used as unique global reference for ESET Turla Mosquito Jan 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-03T00:00:00Z
date_published 2018-01-01T00:00:00Z
source MITRE
title Diplomats in Eastern Europe bitten by a Turla mosquito

TechNet Dir

Microsoft. (n.d.). Dir. Retrieved April 18, 2016.

Internal MISP references

UUID f1eb8631-6bea-4688-a5ff-a388b1fdceb0 which can be used as unique global reference for TechNet Dir in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-18T00:00:00Z
source MITRE
title Dir

Frisk DMA August 2016

Ulf Frisk. (2016, August 5). Direct Memory Attack the Kernel. Retrieved March 30, 2018.

Internal MISP references

UUID c504485b-2daa-4159-96da-481a0b97a979 which can be used as unique global reference for Frisk DMA August 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-30T00:00:00Z
date_published 2016-08-05T00:00:00Z
source MITRE
title Direct Memory Attack the Kernel

Redops Syscalls

Feichter, D. (2023, June 30). Direct Syscalls vs Indirect Syscalls. Retrieved September 27, 2023.

Internal MISP references

UUID dd8c2edd-b5ba-5a41-b65d-c3a2951d07b8 which can be used as unique global reference for Redops Syscalls in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-27T00:00:00Z
date_published 2023-06-30T00:00:00Z
source MITRE
title Direct Syscalls vs Indirect Syscalls

GitHub Disable DDEAUTO Oct 2017

Dormann, W. (2017, October 20). Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016. Retrieved February 3, 2018.

Internal MISP references

UUID eea0dd34-4efa-4093-bd11-a59d1601868f which can be used as unique global reference for GitHub Disable DDEAUTO Oct 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-03T00:00:00Z
date_published 2017-10-20T00:00:00Z
source MITRE
title Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016

Disable automount for ISO

wordmann. (2022, February 8). Disable Disc Imgage. Retrieved February 8, 2022.

Internal MISP references

UUID 2155591e-eacf-4575-b7a6-f031675ef1b3 which can be used as unique global reference for Disable automount for ISO in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-08T00:00:00Z
date_published 2022-02-08T00:00:00Z
source MITRE
title Disable Disc Imgage

Disable_Win_Event_Logging

dmcxblue. (n.d.). Disable Windows Event Logging. Retrieved September 10, 2021.

Internal MISP references

UUID 0fa5e507-33dc-40ea-b960-bcd9aa024ab1 which can be used as unique global reference for Disable_Win_Event_Logging in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-10T00:00:00Z
source MITRE
title Disable Windows Event Logging

GitHub MOTW

wdormann. (2019, August 29). Disable Windows Explorer file associations for Disc Image Mount. Retrieved April 16, 2022.

Internal MISP references

UUID 044aa74a-9320-496a-9d15-37d8b934c244 which can be used as unique global reference for GitHub MOTW in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-16T00:00:00Z
date_published 2019-08-29T00:00:00Z
source MITRE
title Disable Windows Explorer file associations for Disc Image Mount

Apple Disable SIP

Apple. (n.d.). Disabling and Enabling System Integrity Protection. Retrieved April 22, 2021.

Internal MISP references

UUID d7545e0c-f0b7-4be4-800b-06a02240385e which can be used as unique global reference for Apple Disable SIP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-22T00:00:00Z
source MITRE
title Disabling and Enabling System Integrity Protection

Microsoft GPO Bluetooth FEB 2009

Microsoft. (2009, February 9). Disabling Bluetooth and Infrared Beaming. Retrieved July 26, 2018.

Internal MISP references

UUID 27573597-5269-4894-87fb-24afcdb8f30a which can be used as unique global reference for Microsoft GPO Bluetooth FEB 2009 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-26T00:00:00Z
date_published 2009-02-09T00:00:00Z
source MITRE
title Disabling Bluetooth and Infrared Beaming

ITSyndicate Disabling PHP functions

Kondratiev, A. (n.d.). Disabling dangerous PHP functions. Retrieved July 26, 2021.

Internal MISP references

UUID 6e91f485-5777-4a06-94a3-cdc4718a8e39 which can be used as unique global reference for ITSyndicate Disabling PHP functions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-07-26T00:00:00Z
source MITRE
title Disabling dangerous PHP functions

disable_notif_synology_ransom

TheDFIRReport. (2022, March 1). Disabling notifications on Synology servers before ransom. Retrieved October 19, 2022.

Internal MISP references

UUID d53e8f89-df78-565b-a316-cf2644c5ed36 which can be used as unique global reference for disable_notif_synology_ransom in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-10-19T00:00:00Z
date_published 2022-03-01T00:00:00Z
source MITRE
title Disabling notifications on Synology servers before ransom

Krebs Discord Bookmarks 2023

Brian Krebs. (2023, May 30). Discord Admins Hacked by Malicious Bookmarks. Retrieved January 2, 2024.

Internal MISP references

UUID 1d0a21f4-9a8e-5514-894a-3d55263ff973 which can be used as unique global reference for Krebs Discord Bookmarks 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-02T00:00:00Z
date_published 2023-05-30T00:00:00Z
source MITRE
title Discord Admins Hacked by Malicious Bookmarks

Diskshadow

Microsoft Windows Server. (2023, February 3). Diskshadow. Retrieved November 21, 2023.

Internal MISP references

UUID 9e8b57a5-7e31-5add-ac3e-8b9c0f7f27aa which can be used as unique global reference for Diskshadow in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-21T00:00:00Z
date_published 2023-02-03T00:00:00Z
source MITRE
title Diskshadow

Diskshadow.exe - LOLBAS Project

LOLBAS. (2018, May 25). Diskshadow.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 27a3f0b4-e699-4319-8b52-8eae4581faa2 which can be used as unique global reference for Diskshadow.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Diskshadow.exe

OpenAI-CTI

OpenAI. (2024, February 14). Disrupting malicious uses of AI by state-affiliated threat actors. Retrieved March 11, 2024.

Internal MISP references

UUID d8f576cb-0afc-54a7-a449-570c4311ef7a which can be used as unique global reference for OpenAI-CTI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-11T00:00:00Z
date_published 2024-02-14T00:00:00Z
source MITRE
title Disrupting malicious uses of AI by state-affiliated threat actors

Bitdefender FunnyDream Campaign November 2020

Vrabie, V. (2020, November). Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions. Retrieved September 19, 2022.

Internal MISP references

UUID b62a9f2c-02ca-4dfa-95fc-5dc6ad9568de which can be used as unique global reference for Bitdefender FunnyDream Campaign November 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-19T00:00:00Z
date_published 2020-11-01T00:00:00Z
source MITRE
title Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions

FireEye NETWIRE March 2019

Maniath, S. and Kadam P. (2019, March 19). Dissecting a NETWIRE Phishing Campaign's Usage of Process Hollowing. Retrieved January 7, 2021.

Internal MISP references

UUID 404d4f7e-62de-4483-9320-a90fb255e783 which can be used as unique global reference for FireEye NETWIRE March 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-07T00:00:00Z
date_published 2019-03-19T00:00:00Z
source MITRE
title Dissecting a NETWIRE Phishing Campaign's Usage of Process Hollowing

Cybereason Dissecting DGAs

Sternfeld, U. (2016). Dissecting Domain Generation Algorithms: Eight Real World DGA Variants. Retrieved February 18, 2019.

Internal MISP references

UUID 9888cdb6-fe85-49b4-937c-75005ac9660d which can be used as unique global reference for Cybereason Dissecting DGAs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-18T00:00:00Z
date_published 2016-01-01T00:00:00Z
source MITRE
title Dissecting Domain Generation Algorithms: Eight Real World DGA Variants

FireEye POSHSPY April 2017

Dunwoody, M.. (2017, April 3). Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY). Retrieved April 5, 2017.

Internal MISP references

UUID b1271e05-80d7-4761-a13f-b6f0db7d7e5a which can be used as unique global reference for FireEye POSHSPY April 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-04-05T00:00:00Z
date_published 2017-04-03T00:00:00Z
source MITRE
title Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY)

Microsoft DTC

Microsoft. (2011, January 12). Distributed Transaction Coordinator. Retrieved February 25, 2016.

Internal MISP references

UUID d2a1aab3-a4c9-4583-9cf8-170eeb77d828 which can be used as unique global reference for Microsoft DTC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-02-25T00:00:00Z
date_published 2011-01-12T00:00:00Z
source MITRE
title Distributed Transaction Coordinator

Mandiant Search Order

Mandiant. (2010, August 31). DLL Search Order Hijacking Revisited. Retrieved December 5, 2014.

Internal MISP references

UUID 2f602a6c-0305-457c-b329-a17b55d8e094 which can be used as unique global reference for Mandiant Search Order in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-05T00:00:00Z
date_published 2010-08-31T00:00:00Z
source MITRE
title DLL Search Order Hijacking Revisited

FireEye DLL Search Order Hijacking

Nick Harbour. (2010, September 1). DLL Search Order Hijacking Revisited. Retrieved March 13, 2020.

Internal MISP references

UUID 0ba2675d-4d7f-406a-81fa-b87e62d7a539 which can be used as unique global reference for FireEye DLL Search Order Hijacking in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-13T00:00:00Z
date_published 2010-09-01T00:00:00Z
source MITRE
title DLL Search Order Hijacking Revisited

Stewart 2014

Stewart, A. (2014). DLL SIDE-LOADING: A Thorn in the Side of the Anti-Virus Industry. Retrieved November 12, 2014.

Internal MISP references

UUID 813905b5-7aa5-4bab-b2ac-eaafdea55805 which can be used as unique global reference for Stewart 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
date_published 2014-01-01T00:00:00Z
source MITRE
title DLL SIDE-LOADING: A Thorn in the Side of the Anti-Virus Industry

Dnscmd.exe - LOLBAS Project

LOLBAS. (2018, May 25). Dnscmd.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 3571ca9d-3388-4e74-8b30-dd92ef2b5f10 which can be used as unique global reference for Dnscmd.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Dnscmd.exe

Dnscmd Microsoft

Microsoft. (2023, February 3). Dnscmd Microsoft. Retrieved July 11, 2023.

Internal MISP references

UUID 24b1cb7b-357f-470f-9715-fa0ec3958cbb which can be used as unique global reference for Dnscmd Microsoft in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-11T00:00:00Z
date_published 2023-02-03T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Dnscmd Microsoft

DNS Dumpster

Hacker Target. (n.d.). DNS Dumpster. Retrieved October 20, 2020.

Internal MISP references

UUID 0bbe1e50-28af-4265-a493-4bb4fd693bad which can be used as unique global reference for DNS Dumpster in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
source MITRE
title DNS Dumpster

Talos DNSpionage Nov 2018

Mercer, W., Rascagneres, P. (2018, November 27). DNSpionage Campaign Targets Middle East. Retrieved October 9, 2020.

Internal MISP references

UUID d597ad7d-f808-4289-b42a-79807248c2d6 which can be used as unique global reference for Talos DNSpionage Nov 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-09T00:00:00Z
date_published 2018-11-27T00:00:00Z
source MITRE
title DNSpionage Campaign Targets Middle East

Unit42 DNS Mar 2019

Hinchliffe, A. (2019, March 15). DNS Tunneling: how DNS can be (ab)used by malicious actors. Retrieved October 3, 2020.

Internal MISP references

UUID e41fde80-5ced-4f66-9852-392d1ef79520 which can be used as unique global reference for Unit42 DNS Mar 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-03T00:00:00Z
date_published 2019-03-15T00:00:00Z
source MITRE
title DNS Tunneling: how DNS can be (ab)used by malicious actors

dnx.exe - LOLBAS Project

LOLBAS. (2018, May 25). dnx.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 50652a27-c47b-41d4-a2eb-2ebf74e5bd09 which can be used as unique global reference for dnx.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title dnx.exe

GTFOBins Docker

GTFOBins. (n.d.). docker. Retrieved February 15, 2024.

Internal MISP references

UUID c4fa5825-85f9-5ab1-a59d-a86b20ef0570 which can be used as unique global reference for GTFOBins Docker in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-15T00:00:00Z
source MITRE
title docker

Docker Daemon CLI

Docker. (n.d.). DockerD CLI. Retrieved March 29, 2021.

Internal MISP references

UUID ea86eae4-6ad4-4d79-9dd3-dd965a7feb5c which can be used as unique global reference for Docker Daemon CLI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-29T00:00:00Z
source MITRE
title DockerD CLI

Docker API

Docker. (n.d.). Docker Engine API v1.41 Reference. Retrieved March 31, 2021.

Internal MISP references

UUID b8ec1e37-7286-40e8-9577-ff9c54801086 which can be used as unique global reference for Docker API in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-31T00:00:00Z
source MITRE
title Docker Engine API v1.41 Reference

Docker Build Image

Docker. ( null). Docker Engine API v1.41 Reference - Build an Image. Retrieved March 30, 2021.

Internal MISP references

UUID ee708b64-57f3-4b47-af05-1e26b698c21f which can be used as unique global reference for Docker Build Image in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-30T00:00:00Z
source MITRE
title Docker Engine API v1.41 Reference - Build an Image

Docker Containers API

Docker. (n.d.). Docker Engine API v1.41 Reference - Container. Retrieved March 29, 2021.

Internal MISP references

UUID 2351cb32-23d6-4557-9c52-e6e228402bab which can be used as unique global reference for Docker Containers API in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-29T00:00:00Z
source MITRE
title Docker Engine API v1.41 Reference - Container

Docker Exec

Docker. (n.d.). Docker Exec. Retrieved March 29, 2021.

Internal MISP references

UUID 5f1ace27-6584-4585-98de-52cb71d419c1 which can be used as unique global reference for Docker Exec in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-29T00:00:00Z
source MITRE
title Docker Exec

Docker Images

Docker. (n.d.). Docker Images. Retrieved April 6, 2021.

Internal MISP references

UUID 9b4d1e80-61e9-4557-a562-5eda66d0bbf7 which can be used as unique global reference for Docker Images in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-06T00:00:00Z
source MITRE
title Docker Images

Docker Overview

Docker. (n.d.). Docker Overview. Retrieved March 30, 2021.

Internal MISP references

UUID 52954bb1-16b0-4717-a72c-8a6dec97610b which can be used as unique global reference for Docker Overview in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-30T00:00:00Z
source MITRE
title Docker Overview

Docker Entrypoint

Docker. (n.d.). Docker run reference. Retrieved March 29, 2021.

Internal MISP references

UUID c80ad3fd-d7fc-4a7a-8565-da3feaa4a915 which can be used as unique global reference for Docker Entrypoint in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-29T00:00:00Z
source MITRE
title Docker run reference

TechNet Server Operator Scheduled Task

Microsoft. (2012, November 15). Domain controller: Allow server operators to schedule tasks. Retrieved December 18, 2017.

Internal MISP references

UUID a9497afa-42c8-499e-a6b6-4231b1c22f6e which can be used as unique global reference for TechNet Server Operator Scheduled Task in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-18T00:00:00Z
date_published 2012-11-15T00:00:00Z
source MITRE
title Domain controller: Allow server operators to schedule tasks

Cisco Umbrella DGA

Scarfo, A. (2016, October 10). Domain Generation Algorithms – Why so effective?. Retrieved February 18, 2019.

Internal MISP references

UUID 5dbe2bcb-40b9-4ff8-a37a-0893a7a6cb58 which can be used as unique global reference for Cisco Umbrella DGA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-18T00:00:00Z
date_published 2016-10-10T00:00:00Z
source MITRE
title Domain Generation Algorithms – Why so effective?

Microsoft GetAllTrustRelationships

Microsoft. (n.d.). Domain.GetAllTrustRelationships Method. Retrieved February 14, 2019.

Internal MISP references

UUID 571086ce-42d3-4416-9521-315f694647a6 which can be used as unique global reference for Microsoft GetAllTrustRelationships in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-14T00:00:00Z
source MITRE
title Domain.GetAllTrustRelationships Method

ICANNDomainNameHijacking

ICANN Security and Stability Advisory Committee. (2005, July 12). Domain Name Hijacking: Incidents, Threats, Risks and Remediation. Retrieved March 6, 2017.

Internal MISP references

UUID 96c5ec6c-d53d-49c3-bca1-0b6abe0080e6 which can be used as unique global reference for ICANNDomainNameHijacking in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-06T00:00:00Z
date_published 2005-07-12T00:00:00Z
source MITRE
title Domain Name Hijacking: Incidents, Threats, Risks and Remediation

Palo Alto Unit 42 Domain Shadowing 2022

Janos Szurdi, Rebekah Houser and Daiping Liu. (2022, September 21). Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime. Retrieved March 7, 2023.

Internal MISP references

UUID ec460017-fd25-5975-b697-c8c11fee960d which can be used as unique global reference for Palo Alto Unit 42 Domain Shadowing 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-07T00:00:00Z
date_published 2022-09-21T00:00:00Z
source MITRE
title Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime

ASERT Donot March 2018

Schwarz, D., Sopko J. (2018, March 08). Donot Team Leverages New Modular Malware Framework in South Asia. Retrieved June 11, 2018.

Internal MISP references

UUID a1b987cc-7789-411c-9673-3cf6357b207c which can be used as unique global reference for ASERT Donot March 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-06-11T00:00:00Z
date_published 2018-03-08T00:00:00Z
source MITRE
title Donot Team Leverages New Modular Malware Framework in South Asia

Mandiant URL Obfuscation 2023

Nick Simonian. (2023, May 22). Don't @ Me: URL Obfuscation Through Schema Abuse. Retrieved August 4, 2023.

Internal MISP references

UUID b63f5934-2ace-5326-89be-7a850469a563 which can be used as unique global reference for Mandiant URL Obfuscation 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-04T00:00:00Z
date_published 2023-05-22T00:00:00Z
source MITRE
title Don't @ Me: URL Obfuscation Through Schema Abuse

mandiant-masking

Simonian, Nick. (2023, May 22). Don't @ Me: URL Obfuscation Through Schema Abuse. Retrieved January 17, 2024.

Internal MISP references

UUID d5ed4c98-6d37-5000-bba0-9aada295a50c which can be used as unique global reference for mandiant-masking in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-17T00:00:00Z
date_published 2023-05-22T00:00:00Z
source MITRE
title Don't @ Me: URL Obfuscation Through Schema Abuse

Schema-abuse

Nick Simonian. (2023, May 22). Don't @ Me: URL Obfuscation Through Schema Abuse. Retrieved February 13, 2024.

Internal MISP references

UUID 75b860d9-a48d-57de-ba1e-b0db970abb1b which can be used as unique global reference for Schema-abuse in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-13T00:00:00Z
date_published 2023-05-22T00:00:00Z
source MITRE
title Don't @ Me: URL Obfuscation Through Schema Abuse

Donut Github

TheWover. (2019, May 9). donut. Retrieved March 25, 2022.

Internal MISP references

UUID 5f28c41f-6903-4779-93d4-3de99e031b70 which can be used as unique global reference for Donut Github in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-25T00:00:00Z
date_published 2019-05-09T00:00:00Z
source MITRE
title donut

Introducing Donut

The Wover. (2019, May 9). Donut - Injecting .NET Assemblies as Shellcode. Retrieved October 4, 2021.

Internal MISP references

UUID 8fd099c6-e002-44d0-8b7f-65f290a42c07 which can be used as unique global reference for Introducing Donut in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-04T00:00:00Z
date_published 2019-05-09T00:00:00Z
source MITRE
title Donut - Injecting .NET Assemblies as Shellcode

Dotnet.exe - LOLBAS Project

LOLBAS. (2019, November 12). Dotnet.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 8abe21ad-88d1-4a5c-b79e-8216b4b06862 which can be used as unique global reference for Dotnet.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2019-11-12T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Dotnet.exe

cyberproof-double-bounce

Itkin, Liora. (2022, September 1). Double-bounced attacks with email spoofing . Retrieved February 24, 2023.

Internal MISP references

UUID 4406d688-c392-5244-b438-6995f38dfc61 which can be used as unique global reference for cyberproof-double-bounce in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-24T00:00:00Z
date_published 2022-09-01T00:00:00Z
source MITRE
title Double-bounced attacks with email spoofing

FireEye APT41 Aug 2019

Fraser, N., et al. (2019, August 7). Double DragonAPT41, a dual espionage and cyber crime operation APT41. Retrieved September 23, 2019.

Internal MISP references

UUID 20f8e252-0a95-4ebd-857c-d05b0cde0904 which can be used as unique global reference for FireEye APT41 Aug 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-23T00:00:00Z
date_published 2019-08-07T00:00:00Z
source MITRE, Tidal Cyber
title Double DragonAPT41, a dual espionage and cyber crime operation APT41

FireEye APT41 2019

FireEye. (2019). Double DragonAPT41, a dual espionage andcyber crime operationAPT41. Retrieved September 23, 2019.

Internal MISP references

UUID daa31f35-15a6-413b-9319-80d6921d1598 which can be used as unique global reference for FireEye APT41 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-23T00:00:00Z
date_published 2019-01-01T00:00:00Z
source MITRE
title Double DragonAPT41, a dual espionage andcyber crime operationAPT41

Malwarebytes IssacWiper CaddyWiper March 2022

Threat Intelligence Team. (2022, March 18). Double header: IsaacWiper and CaddyWiper . Retrieved April 11, 2022.

Internal MISP references

UUID 931aed95-a629-4f94-8762-aad580f5d3e2 which can be used as unique global reference for Malwarebytes IssacWiper CaddyWiper March 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-11T00:00:00Z
date_published 2022-03-18T00:00:00Z
source MITRE
title Double header: IsaacWiper and CaddyWiper

Crowdstrike-leaks

Crowdstrike. (2020, September 24). Double Trouble: Ransomware with Data Leak Extortion, Part 1. Retrieved December 6, 2023.

Internal MISP references

UUID a91c3252-94b8-52a8-bb0d-cadac6afa161 which can be used as unique global reference for Crowdstrike-leaks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-06T00:00:00Z
date_published 2020-09-24T00:00:00Z
source MITRE
title Double Trouble: Ransomware with Data Leak Extortion, Part 1

tlseminar_downgrade_att

Team Cinnamon. (2017, February 3). Downgrade Attacks. Retrieved December 9, 2021.

Internal MISP references

UUID 8b5d46bf-fb4e-4ecd-b8a9-9c084c1864a3 which can be used as unique global reference for tlseminar_downgrade_att in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-09T00:00:00Z
date_published 2017-02-03T00:00:00Z
source MITRE
title Downgrade Attacks

LogRhythm Do You Trust Oct 2014

Foss, G. (2014, October 3). Do You Trust Your Computer?. Retrieved December 17, 2018.

Internal MISP references

UUID 88a84f9a-e077-4fdd-9936-30fc7b290476 which can be used as unique global reference for LogRhythm Do You Trust Oct 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-12-17T00:00:00Z
date_published 2014-10-03T00:00:00Z
source MITRE
title Do You Trust Your Computer?

VNC Vulnerabilities

Sergiu Gatlan. (2019, November 22). Dozens of VNC Vulnerabilities Found in Linux, Windows Solutions. Retrieved September 20, 2021.

Internal MISP references

UUID 3ec5440a-cb3b-4aa9-8e0e-0f92525ef51c which can be used as unique global reference for VNC Vulnerabilities in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-20T00:00:00Z
date_published 2019-11-22T00:00:00Z
source MITRE
title Dozens of VNC Vulnerabilities Found in Linux, Windows Solutions

Accenture Dragonfish Jan 2018

Accenture Security. (2018, January 27). DRAGONFISH DELIVERS NEW FORM OF ELISE MALWARE TARGETING ASEAN DEFENCE MINISTERS’ MEETING AND ASSOCIATES. Retrieved November 14, 2018.

Internal MISP references

UUID f692c6fa-7b3a-4d1d-9002-b1a59f7116f4 which can be used as unique global reference for Accenture Dragonfish Jan 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-14T00:00:00Z
date_published 2018-01-27T00:00:00Z
source MITRE
title DRAGONFISH DELIVERS NEW FORM OF ELISE MALWARE TARGETING ASEAN DEFENCE MINISTERS’ MEETING AND ASSOCIATES

Symantec Dragonfly

Symantec Security Response. (2014, June 30). Dragonfly: Cyberespionage Attacks Against Energy Suppliers. Retrieved April 8, 2016.

Internal MISP references

UUID 9514c5cd-2ed6-4dbf-aa9e-1c425e969226 which can be used as unique global reference for Symantec Dragonfly in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-08T00:00:00Z
date_published 2014-06-30T00:00:00Z
source MITRE, Tidal Cyber
title Dragonfly: Cyberespionage Attacks Against Energy Suppliers

Symantec Dragonfly 2.0 October 2017

Symantec. (2017, October 7). Dragonfly: Western energy sector targeted by sophisticated attack group. Retrieved April 19, 2022.

Internal MISP references

UUID a0439d4a-a3ea-4be5-9a01-f223ca259681 which can be used as unique global reference for Symantec Dragonfly 2.0 October 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-19T00:00:00Z
date_published 2017-10-07T00:00:00Z
source MITRE
title Dragonfly: Western energy sector targeted by sophisticated attack group

Symantec Dragonfly Sept 2017

Symantec Security Response. (2014, July 7). Dragonfly: Western energy sector targeted by sophisticated attack group. Retrieved September 9, 2017.

Internal MISP references

UUID 11bbeafc-ed5d-4d2b-9795-a0a9544fb64e which can be used as unique global reference for Symantec Dragonfly Sept 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-09-09T00:00:00Z
date_published 2014-07-07T00:00:00Z
source MITRE
title Dragonfly: Western energy sector targeted by sophisticated attack group

Kaspersky Dridex May 2017

Slepogin, N. (2017, May 25). Dridex: A History of Evolution. Retrieved May 31, 2019.

Internal MISP references

UUID 52c48bc3-2b53-4214-85c3-7e5dd036c969 which can be used as unique global reference for Kaspersky Dridex May 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-31T00:00:00Z
date_published 2017-05-25T00:00:00Z
source MITRE
title Dridex: A History of Evolution

Dell Dridex Oct 2015

Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, October 13). Dridex (Bugat v5) Botnet Takeover Operation. Retrieved May 31, 2019.

Internal MISP references

UUID f81ce947-d875-4631-9709-b54c8b5d25bc which can be used as unique global reference for Dell Dridex Oct 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-31T00:00:00Z
date_published 2015-10-13T00:00:00Z
source MITRE
title Dridex (Bugat v5) Botnet Takeover Operation

Red Canary Dridex Threat Report 2021

Red Canary. (2021, February 9). Dridex - Red Canary Threat Detection Report. Retrieved August 3, 2023.

Internal MISP references

UUID 3be25132-6655-5fa9-92cb-772d02f49d2b which can be used as unique global reference for Red Canary Dridex Threat Report 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-03T00:00:00Z
date_published 2021-02-09T00:00:00Z
source MITRE
title Dridex - Red Canary Threat Detection Report

volexity_0day_sophos_FW

Adair, S., Lancaster, T., Volexity Threat Research. (2022, June 15). DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach. Retrieved July 1, 2022.

Internal MISP references

UUID 85bee18e-216d-4ea6-b34e-b071e3f63382 which can be used as unique global reference for volexity_0day_sophos_FW in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-01T00:00:00Z
date_published 2022-06-15T00:00:00Z
source MITRE
title DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach

Google Drive Log Events

Google. (n.d.). Drive log events. Retrieved March 4, 2024.

Internal MISP references

UUID f546898e-3639-58f4-85a2-6268dfaab207 which can be used as unique global reference for Google Drive Log Events in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-04T00:00:00Z
source MITRE
title Drive log events

Microsoft Driverquery

Microsoft. (n.d.). driverquery. Retrieved March 28, 2023.

Internal MISP references

UUID 7302dc00-a75a-5787-a04c-88ef4922ac09 which can be used as unique global reference for Microsoft Driverquery in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-28T00:00:00Z
source MITRE
title driverquery

Dropbox Malware Sync

David Talbot. (2013, August 21). Dropbox and Similar Services Can Sync Malware. Retrieved May 31, 2023.

Internal MISP references

UUID 06ca63fa-8c6c-501c-96d3-5e7e45ca1e04 which can be used as unique global reference for Dropbox Malware Sync in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-31T00:00:00Z
date_published 2013-08-21T00:00:00Z
source MITRE
title Dropbox and Similar Services Can Sync Malware

Cyberreason Anchor December 2019

Dahan, A. et al. (2019, December 11). DROPPING ANCHOR: FROM A TRICKBOT INFECTION TO THE DISCOVERY OF THE ANCHOR MALWARE. Retrieved September 10, 2020.

Internal MISP references

UUID a8dc5598-9963-4a1d-a473-bee8d2c72c57 which can be used as unique global reference for Cyberreason Anchor December 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-10T00:00:00Z
date_published 2019-12-11T00:00:00Z
source MITRE
title DROPPING ANCHOR: FROM A TRICKBOT INFECTION TO THE DISCOVERY OF THE ANCHOR MALWARE

Samba DRSUAPI

SambaWiki. (n.d.). DRSUAPI. Retrieved December 4, 2017.

Internal MISP references

UUID 79e8f598-9962-4124-b884-eb10f86885af which can be used as unique global reference for Samba DRSUAPI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-04T00:00:00Z
source MITRE
title DRSUAPI

dsdbutil.exe - LOLBAS Project

LOLBAS. (2023, May 31). dsdbutil.exe. Retrieved December 4, 2023.

Internal MISP references

UUID fc982faf-a37d-4d0b-949c-f7a27adc3030 which can be used as unique global reference for dsdbutil.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2023-05-31T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title dsdbutil.exe

TechNet Dsquery

Microsoft. (n.d.). Dsquery. Retrieved April 18, 2016.

Internal MISP references

UUID bbbb4a45-2963-4f04-901a-fb2752800e12 which can be used as unique global reference for TechNet Dsquery in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-18T00:00:00Z
source MITRE
title Dsquery

CyberBit Dtrack

Hod Gavriel. (2019, November 21). Dtrack: In-depth analysis of APT on a nuclear power plant. Retrieved January 20, 2021.

Internal MISP references

UUID 1ac944f4-868c-4312-8b5d-1580fd6542a0 which can be used as unique global reference for CyberBit Dtrack in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-20T00:00:00Z
date_published 2019-11-21T00:00:00Z
source MITRE
title Dtrack: In-depth analysis of APT on a nuclear power plant

Kaspersky Dtrack

Kaspersky Global Research and Analysis Team. (2019, September 23). DTrack: previously unknown spy-tool by Lazarus hits financial institutions and research centers. Retrieved January 20, 2021.

Internal MISP references

UUID 0122ee35-938d-493f-a3bb-bc75fc808f62 which can be used as unique global reference for Kaspersky Dtrack in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-20T00:00:00Z
date_published 2019-09-23T00:00:00Z
source MITRE
title DTrack: previously unknown spy-tool by Lazarus hits financial institutions and research centers

Crowdstrike Qakbot October 2020

CS. (2020, October 7). Duck Hunting with Falcon Complete: A Fowl Banking Trojan Evolves, Part 2. Retrieved September 27, 2021.

Internal MISP references

UUID 636a9b94-8260-45cc-bd74-a764cd8f50b0 which can be used as unique global reference for Crowdstrike Qakbot October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-27T00:00:00Z
date_published 2020-10-07T00:00:00Z
source MITRE
title Duck Hunting with Falcon Complete: A Fowl Banking Trojan Evolves, Part 2

Dump64.exe - LOLBAS Project

LOLBAS. (2021, November 16). Dump64.exe. Retrieved December 4, 2023.

Internal MISP references

UUID b0186447-a6d5-40d7-a11d-ab2e9fb93087 which can be used as unique global reference for Dump64.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-11-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Dump64.exe

dump_pwd_dcsync

Metcalf, S. (2015, November 22). Dump Clear-Text Passwords for All Admins in the Domain Using Mimikatz DCSync. Retrieved November 15, 2021.

Internal MISP references

UUID bd1d7e75-feee-47fd-abfb-7e3dfc648a72 which can be used as unique global reference for dump_pwd_dcsync in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-11-15T00:00:00Z
date_published 2015-11-22T00:00:00Z
source MITRE
title Dump Clear-Text Passwords for All Admins in the Domain Using Mimikatz DCSync

ired mscache

Mantvydas Baranauskas. (2019, November 16). Dumping and Cracking mscash - Cached Domain Credentials. Retrieved February 21, 2020.

Internal MISP references

UUID 5b643e7d-1ace-4517-88c2-96115cac1209 which can be used as unique global reference for ired mscache in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-21T00:00:00Z
date_published 2019-11-16T00:00:00Z
source MITRE
title Dumping and Cracking mscash - Cached Domain Credentials

ired Dumping LSA Secrets

Mantvydas Baranauskas. (2019, November 16). Dumping LSA Secrets. Retrieved February 21, 2020.

Internal MISP references

UUID cf883397-11e9-4f94-977a-bbe46e3107f5 which can be used as unique global reference for ired Dumping LSA Secrets in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-21T00:00:00Z
date_published 2019-11-16T00:00:00Z
source MITRE
title Dumping LSA Secrets

DumpMinitool.exe - LOLBAS Project

LOLBAS. (2022, January 20). DumpMinitool.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 4634e025-c005-46fe-b97c-5d7dda455ba0 which can be used as unique global reference for DumpMinitool.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-01-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title DumpMinitool.exe

DuplicateToken function

Microsoft. (2021, October 12). DuplicateToken function (securitybaseapi.h). Retrieved January 8, 2024.

Internal MISP references

UUID fbf31bc2-7883-56fa-975f-d083288464dc which can be used as unique global reference for DuplicateToken function in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-08T00:00:00Z
date_published 2021-10-12T00:00:00Z
source MITRE
title DuplicateToken function (securitybaseapi.h)

Wikipedia Duqu

Wikipedia. (2017, December 29). Duqu. Retrieved April 10, 2018.

Internal MISP references

UUID 5cf0101e-c036-4c1c-b322-48f04e2aef0b which can be used as unique global reference for Wikipedia Duqu in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-10T00:00:00Z
date_published 2017-12-29T00:00:00Z
source MITRE
title Duqu

Dxcap.exe - LOLBAS Project

LOLBAS. (2018, May 25). Dxcap.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 7611eb7a-46b7-4c76-9728-67c1fbf20e17 which can be used as unique global reference for Dxcap.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Dxcap.exe

TheEvilBit DYLD_INSERT_LIBRARIES

Fitzl, C. (2019, July 9). DYLD_INSERT_LIBRARIES DYLIB injection in macOS / OSX. Retrieved March 26, 2020.

Internal MISP references

UUID bd27026c-81eb-480e-b092-f861472ac775 which can be used as unique global reference for TheEvilBit DYLD_INSERT_LIBRARIES in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-26T00:00:00Z
date_published 2019-07-09T00:00:00Z
source MITRE
title DYLD_INSERT_LIBRARIES DYLIB injection in macOS / OSX

Wardle Dylib Hijacking OSX 2015

Patrick Wardle. (2015, March 1). Dylib Hijacking on OS X. Retrieved March 29, 2021.

Internal MISP references

UUID c78d8c94-4fe3-4aa9-b879-f0b0e9d2714b which can be used as unique global reference for Wardle Dylib Hijacking OSX 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-29T00:00:00Z
date_published 2015-03-01T00:00:00Z
source MITRE
title Dylib Hijacking on OS X

Dragos DYMALLOY

Dragos. (n.d.). DYMALLOY. Retrieved August 20, 2020.

Internal MISP references

UUID d2785c6e-e0d1-4e90-a2d5-2c302176d5d3 which can be used as unique global reference for Dragos DYMALLOY in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-20T00:00:00Z
source MITRE
title DYMALLOY

MWRInfoSecurity Dynamic Hooking 2015

Hillman, M. (2015, August 8). Dynamic Hooking Techniques: User Mode. Retrieved December 20, 2017.

Internal MISP references

UUID 3cb6d0b1-4d6b-4f2d-bd7d-e4b2dcde081d which can be used as unique global reference for MWRInfoSecurity Dynamic Hooking 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 2015-08-08T00:00:00Z
source MITRE
title Dynamic Hooking Techniques: User Mode

rfc2131

Droms, R. (1997, March). Dynamic Host Configuration Protocol. Retrieved March 9, 2022.

Internal MISP references

UUID b16bd2d5-162b-44cb-a812-7becd6684021 which can be used as unique global reference for rfc2131 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-09T00:00:00Z
date_published 1997-03-01T00:00:00Z
source MITRE
title Dynamic Host Configuration Protocol

rfc3315

J. Bound, et al. (2003, July). Dynamic Host Configuration Protocol for IPv6 (DHCPv6). Retrieved June 27, 2022.

Internal MISP references

UUID 9349f864-79e9-4481-ad77-44099621795a which can be used as unique global reference for rfc3315 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-27T00:00:00Z
date_published 2003-07-01T00:00:00Z
source MITRE
title Dynamic Host Configuration Protocol for IPv6 (DHCPv6)

Microsoft DLL Redirection

Microsoft. (n.d.). Dynamic-Link Library Redirection. Retrieved December 5, 2014.

Internal MISP references

UUID ac60bb28-cb14-4ff9-bc05-df48273a28a9 which can be used as unique global reference for Microsoft DLL Redirection in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-05T00:00:00Z
source MITRE
title Dynamic-Link Library Redirection

Microsoft. (2018, May 31). Dynamic-Link Library Redirection. Retrieved March 13, 2020.

Internal MISP references

UUID 72458590-ee1b-4447-adb8-ca4f486d1db5 which can be used as unique global reference for Microsoft Dynamic-Link Library Redirection in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-13T00:00:00Z
date_published 2018-05-31T00:00:00Z
source MITRE
title Dynamic-Link Library Redirection

Microsoft. (2018, May 31). Dynamic-Link Library Search Order. Retrieved November 30, 2014.

Internal MISP references

UUID 7b1f945b-2547-4bc6-98bf-30248bdf3587 which can be used as unique global reference for Microsoft Dynamic Link Library Search Order in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-30T00:00:00Z
date_published 2018-05-31T00:00:00Z
source MITRE
title Dynamic-Link Library Search Order

Microsoft. (n.d.). Dynamic-Link Library Search Order. Retrieved November 30, 2014.

Internal MISP references

UUID c157444d-bf2b-4806-b069-519122b7a459 which can be used as unique global reference for Microsoft DLL Search in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-30T00:00:00Z
source MITRE
title Dynamic-Link Library Search Order

MSDN DLL Security

Microsoft. (n.d.). Dynamic-Link Library Security. Retrieved July 25, 2016.

Internal MISP references

UUID 5d1d1916-cef4-49d1-b8e2-a6d18fb297f6 which can be used as unique global reference for MSDN DLL Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-07-25T00:00:00Z
source MITRE
title Dynamic-Link Library Security

Microsoft DLL Security

Microsoft. (n.d.). Dynamic-Link Library Security. Retrieved November 27, 2017.

Internal MISP references

UUID 584490c7-b155-4f62-b68d-a5a2a1799e60 which can be used as unique global reference for Microsoft DLL Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-27T00:00:00Z
source MITRE
title Dynamic-Link Library Security

Microsoft. (n.d.). Dynamic-Link Library Security. Retrieved July 25, 2016.

Internal MISP references

UUID e087442a-0a53-4cc8-9fd6-772cbd0295d5 which can be used as unique global reference for Microsoft Dynamic-Link Library Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-07-25T00:00:00Z
source MITRE
title Dynamic-Link Library Security

Symantec Dyre June 2015

Symantec Security Response. (2015, June 23). Dyre: Emerging threat on financial fraud landscape. Retrieved August 23, 2018.

Internal MISP references

UUID a9780bb0-302f-44c2-8252-b53d94da24e6 which can be used as unique global reference for Symantec Dyre June 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-23T00:00:00Z
date_published 2015-06-23T00:00:00Z
source MITRE
title Dyre: Emerging threat on financial fraud landscape

EA Hacked via Slack - June 2021

Anthony Spadafora. (2021, June 11). EA hack reportedly used stolen cookies and Slack to target gaming giant. Retrieved May 31, 2022.

Internal MISP references

UUID 3362e1df-cfb9-4281-a0a1-9a3710d76945 which can be used as unique global reference for EA Hacked via Slack - June 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-31T00:00:00Z
date_published 2021-06-11T00:00:00Z
source MITRE
title EA hack reportedly used stolen cookies and Slack to target gaming giant

CrowdStrike StellarParticle January 2022

CrowdStrike. (2022, January 27). Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign. Retrieved February 7, 2022.

Internal MISP references

UUID 149c1446-d6a1-4a63-9420-def9272d6cb9 which can be used as unique global reference for CrowdStrike StellarParticle January 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-07T00:00:00Z
date_published 2022-01-27T00:00:00Z
source MITRE
title Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign

Trend Micro Muddy Water March 2021

Peretz, A. and Theck, E. (2021, March 5). Earth Vetala – MuddyWater Continues to Target Organizations in the Middle East. Retrieved March 18, 2021.

Internal MISP references

UUID 16b4b834-2f44-4bac-b810-f92080c41f09 which can be used as unique global reference for Trend Micro Muddy Water March 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-18T00:00:00Z
date_published 2021-03-05T00:00:00Z
source MITRE
title Earth Vetala – MuddyWater Continues to Target Organizations in the Middle East

Earthworm English Project Page

rootkiter. (2019, March 9). Earthworm. Retrieved July 7, 2023.

Internal MISP references

UUID 88170ef5-03ac-42f2-9b03-2ce204b5d45c which can be used as unique global reference for Earthworm English Project Page in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-07T00:00:00Z
date_published 2019-03-09T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Earthworm

U.S. SEC. (n.d.). EDGAR - Search and Access. Retrieved August 27, 2021.

Internal MISP references

UUID 97958143-80c5-41f6-9fa6-4748e90e9f12 which can be used as unique global reference for SEC EDGAR Search in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-27T00:00:00Z
source MITRE
title EDGAR - Search and Access

Intrinsec Egregor Nov 2020

Bichet, J. (2020, November 12). Egregor – Prolock: Fraternal Twins ?. Retrieved January 6, 2021.

Internal MISP references

UUID e55604da-b419-411a-85cf-073f2d78e0c1 which can be used as unique global reference for Intrinsec Egregor Nov 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-06T00:00:00Z
date_published 2020-11-12T00:00:00Z
source MITRE
title Egregor – Prolock: Fraternal Twins ?

Cybereason Egregor Nov 2020

Rochberger, L. (2020, November 26). Cybereason vs. Egregor Ransomware. Retrieved December 30, 2020.

Internal MISP references

UUID c36b38d4-cfa2-4f1e-a410-6d629a24be62 which can be used as unique global reference for Cybereason Egregor Nov 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-30T00:00:00Z
source MITRE
title Egregor Ransomware

Cyble Egregor Oct 2020

Cybleinc. (2020, October 31). Egregor Ransomware – A Deep Dive Into Its Activities and Techniques. Retrieved December 29, 2020.

Internal MISP references

UUID 545a131d-88fc-4b34-923c-0b759b45fc7f which can be used as unique global reference for Cyble Egregor Oct 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-29T00:00:00Z
date_published 2020-10-31T00:00:00Z
source MITRE
title Egregor Ransomware – A Deep Dive Into Its Activities and Techniques

NHS Digital Egregor Nov 2020

NHS Digital. (2020, November 26). Egregor Ransomware The RaaS successor to Maze. Retrieved December 29, 2020.

Internal MISP references

UUID 92f74037-2a20-4667-820d-2ccc0e4dbd3d which can be used as unique global reference for NHS Digital Egregor Nov 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-29T00:00:00Z
date_published 2020-11-26T00:00:00Z
source MITRE
title Egregor Ransomware The RaaS successor to Maze

Security Boulevard Egregor Oct 2020

Meskauskas, T.. (2020, October 29). Egregor: Sekhmet’s Cousin. Retrieved January 6, 2021.

Internal MISP references

UUID cd37a000-9e15-45a3-a7c9-bb508c10e55d which can be used as unique global reference for Security Boulevard Egregor Oct 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-06T00:00:00Z
date_published 2020-10-29T00:00:00Z
source MITRE
title Egregor: Sekhmet’s Cousin

Cybersecurity and Infrastructure Security Agency. (2020, June 30). EINSTEIN Data Trends – 30-day Lookback. Retrieved October 25, 2023.

Internal MISP references

UUID b97e9a02-4cc5-4845-8058-0be4c566cd7c which can be used as unique global reference for U.S. CISA Trends June 30 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-25T00:00:00Z
date_published 2020-06-30T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title EINSTEIN Data Trends – 30-day Lookback

Dragos EKANS

Dragos. (2020, February 3). EKANS Ransomware and ICS Operations. Retrieved February 9, 2021.

Internal MISP references

UUID c8a018c5-caa3-4af1-b210-b65bbf94c8b2 which can be used as unique global reference for Dragos EKANS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-09T00:00:00Z
date_published 2020-02-03T00:00:00Z
source MITRE
title EKANS Ransomware and ICS Operations

EldoS RawDisk ITpro

Edwards, M. (2007, March 14). EldoS Provides Raw Disk Access for Vista and XP. Retrieved March 26, 2019.

Internal MISP references

UUID a6cf3d1d-2310-42bb-9324-495b4e94d329 which can be used as unique global reference for EldoS RawDisk ITpro in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-26T00:00:00Z
date_published 2007-03-14T00:00:00Z
source MITRE
title EldoS Provides Raw Disk Access for Vista and XP

Microsoft Targeting Elections September 2020

Burt, T. (2020, September 10). New cyberattacks targeting U.S. elections. Retrieved March 24, 2021.

Internal MISP references

UUID 1d7070fd-01be-4776-bb21-13368a6173b1 which can be used as unique global reference for Microsoft Targeting Elections September 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-24T00:00:00Z
source MITRE, Tidal Cyber
title elections

Secureworks IRON RITUAL USAID Phish May 2021

Secureworks CTU. (2021, May 28). USAID-Themed Phishing Campaign Leverages U.S. Elections Lure. Retrieved February 24, 2022.

Internal MISP references

UUID 0d42c329-5847-4970-9580-2318a566df4e which can be used as unique global reference for Secureworks IRON RITUAL USAID Phish May 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-24T00:00:00Z
source MITRE
title Elections Lure

Electron Security

ElectronJS.org. (n.d.). Retrieved March 7, 2024.

Internal MISP references

UUID e44c8abf-77c1-5e19-93e6-99397d7eaa41 which can be used as unique global reference for Electron Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-07T00:00:00Z
source MITRE
title Electron Security

Dragos-Sandworm-Ukraine-2022

Dragos, Inc.. (2023, December 11). ELECTRUM Targeted Ukrainian Electric Entity Using Custom Tools and CaddyWiper Malware, October 2022. Retrieved March 28, 2024.

Internal MISP references

UUID a17aa1b1-cda4-5aeb-b401-f4fd47d29f93 which can be used as unique global reference for Dragos-Sandworm-Ukraine-2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-28T00:00:00Z
date_published 2023-12-11T00:00:00Z
source MITRE
title ELECTRUM Targeted Ukrainian Electric Entity Using Custom Tools and CaddyWiper Malware, October 2022

Dragos ELECTRUM

Dragos. (2017, January 1). ELECTRUM Threat Profile. Retrieved June 10, 2020.

Internal MISP references

UUID 494f7056-7a39-4fa0-958d-fb1172d01852 which can be used as unique global reference for Dragos ELECTRUM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-10T00:00:00Z
date_published 2017-01-01T00:00:00Z
source MITRE
title ELECTRUM Threat Profile

Symantec Elfin Mar 2019

Security Response attack Investigation Team. (2019, March 27). Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.. Retrieved April 10, 2019.

Internal MISP references

UUID 55671ede-f309-4924-a1b4-3d597517b27e which can be used as unique global reference for Symantec Elfin Mar 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-10T00:00:00Z
date_published 2019-03-27T00:00:00Z
source MITRE
title Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.

Backtrace VDSO

backtrace. (2016, April 22). ELF SHARED LIBRARY INJECTION FORENSICS. Retrieved June 15, 2020.

Internal MISP references

UUID 1c8fa804-6579-4e68-a0b3-d16e0bee5654 which can be used as unique global reference for Backtrace VDSO in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-15T00:00:00Z
date_published 2016-04-22T00:00:00Z
source MITRE
title ELF SHARED LIBRARY INJECTION FORENSICS

Securelist Machete Aug 2014

Kaspersky Global Research and Analysis Team. (2014, August 20). El Machete. Retrieved September 13, 2019.

Internal MISP references

UUID fc7be240-bd15-4ec4-bc01-f8891d7210d9 which can be used as unique global reference for Securelist Machete Aug 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-13T00:00:00Z
date_published 2014-08-20T00:00:00Z
source MITRE, Tidal Cyber
title El Machete

Cylance Machete Mar 2017

The Cylance Threat Research Team. (2017, March 22). El Machete's Malware Attacks Cut Through LATAM. Retrieved September 13, 2019.

Internal MISP references

UUID 92a9a311-1e0b-4819-9856-2dfc8dbfc08d which can be used as unique global reference for Cylance Machete Mar 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-13T00:00:00Z
date_published 2017-03-22T00:00:00Z
source MITRE, Tidal Cyber
title El Machete's Malware Attacks Cut Through LATAM

Sophos News September 24 2020

Sophos News. (2020, September 24). Email-delivered MoDi RAT attack pastes PowerShell commands. Retrieved May 7, 2023.

Internal MISP references

UUID 8cfa3dc4-a6b4-4204-b1e5-5b325955936d which can be used as unique global reference for Sophos News September 24 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2020-09-24T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Email-delivered MoDi RAT attack pastes PowerShell commands

Power Automate Email Exfiltration Controls

Microsoft. (2022, February 15). Email exfiltration controls for connectors. Retrieved May 27, 2022.

Internal MISP references

UUID 79eeaadf-5c1e-4608-84a5-6c903966a7f3 which can be used as unique global reference for Power Automate Email Exfiltration Controls in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-27T00:00:00Z
date_published 2022-02-15T00:00:00Z
source MITRE
title Email exfiltration controls for connectors

HackersArise Email

Hackers Arise. (n.d.). Email Scraping and Maltego. Retrieved October 20, 2020.

Internal MISP references

UUID b6aefd99-fd97-4ca0-b717-f9dc147c9413 which can be used as unique global reference for HackersArise Email in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
source MITRE
title Email Scraping and Maltego

Elastic - Koadiac Detection with EQL

Stepanic, D.. (2020, January 13). Embracing offensive tooling: Building detections against Koadic using EQL. Retrieved November 30, 2020.

Internal MISP references

UUID 689b71f4-f8e5-455f-91c2-c599c8650f11 which can be used as unique global reference for Elastic - Koadiac Detection with EQL in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-30T00:00:00Z
date_published 2020-01-13T00:00:00Z
source MITRE
title Embracing offensive tooling: Building detections against Koadic using EQL

Nccgroup Emissary Panda May 2018

Pantazopoulos, N., Henry T. (2018, May 18). Emissary Panda – A potential new malicious tool. Retrieved June 25, 2018.

Internal MISP references

UUID e279c308-fabc-47d3-bdeb-296266c80988 which can be used as unique global reference for Nccgroup Emissary Panda May 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-06-25T00:00:00Z
date_published 2018-05-18T00:00:00Z
source MITRE
title Emissary Panda – A potential new malicious tool

Unit42 Emissary Panda May 2019

Falcone, R. and Lancaster, T. (2019, May 28). Emissary Panda Attacks Middle East Government Sharepoint Servers. Retrieved July 9, 2019.

Internal MISP references

UUID 3a3ec86c-88da-40ab-8e5f-a7d5102c026b which can be used as unique global reference for Unit42 Emissary Panda May 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-09T00:00:00Z
date_published 2019-05-28T00:00:00Z
source MITRE
title Emissary Panda Attacks Middle East Government Sharepoint Servers

Emissary Trojan Feb 2016

Falcone, R. and Miller-Osborn, J. (2016, February 3). Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?. Retrieved February 15, 2016.

Internal MISP references

UUID 580ce22f-b76b-4a92-9fab-26ce8f449ab6 which can be used as unique global reference for Emissary Trojan Feb 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-02-15T00:00:00Z
date_published 2016-02-03T00:00:00Z
source MITRE
title Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?

Sophos Emotet Apr 2019

Brandt, A.. (2019, May 5). Emotet 101, stage 4: command and control. Retrieved April 16, 2019.

Internal MISP references

UUID 0bd01e6c-6fb5-4bae-9fe9-395de061c1da which can be used as unique global reference for Sophos Emotet Apr 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-16T00:00:00Z
date_published 2019-05-05T00:00:00Z
source MITRE
title Emotet 101, stage 4: command and control

Deep Instinct March 10 2023

Deep Instinct. (2023, March 10). Emotet Again! The First Malspam Wave of 2023 | Deep Instinct. Retrieved May 7, 2023.

Internal MISP references

UUID 8016eca2-f702-4081-83ba-06262c29e6c2 which can be used as unique global reference for Deep Instinct March 10 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2023-03-10T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Emotet Again! The First Malspam Wave of 2023

CIS Emotet Apr 2017

CIS. (2017, April 28). Emotet Changes TTPs and Arrives in United States. Retrieved January 17, 2019.

Internal MISP references

UUID 8dc7653f-84ef-4f0a-91f6-9b10ff50b756 which can be used as unique global reference for CIS Emotet Apr 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-01-17T00:00:00Z
date_published 2017-04-28T00:00:00Z
source MITRE
title Emotet Changes TTPs and Arrives in United States

Binary Defense Emotes Wi-Fi Spreader

Binary Defense. (n.d.). Emotet Evolves With new Wi-Fi Spreader. Retrieved September 8, 2023.

Internal MISP references

UUID 05e624ee-c53d-5cd1-8fd2-6b2d38344bfd which can be used as unique global reference for Binary Defense Emotes Wi-Fi Spreader in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-08T00:00:00Z
source MITRE
title Emotet Evolves With new Wi-Fi Spreader

ESET Emotet Nov 2018

ESET . (2018, November 9). Emotet launches major new spam campaign. Retrieved March 25, 2019.

Internal MISP references

UUID e954c9aa-4995-452c-927e-11d0a6e2f442 which can be used as unique global reference for ESET Emotet Nov 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-25T00:00:00Z
date_published 2018-11-09T00:00:00Z
source MITRE
title Emotet launches major new spam campaign

Trend Micro Emotet 2020

Cybercrime & Digital Threat Team. (2020, February 13). Emotet Now Spreads via Wi-Fi. Retrieved February 16, 2022.

Internal MISP references

UUID 150327e6-db4b-4588-8cf2-ee131569150b which can be used as unique global reference for Trend Micro Emotet 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-16T00:00:00Z
date_published 2020-02-13T00:00:00Z
source MITRE
title Emotet Now Spreads via Wi-Fi

Talos Emotet Jan 2019

Brumaghin, E.. (2019, January 15). Emotet re-emerges after the holidays. Retrieved March 25, 2019.

Internal MISP references

UUID 83180391-89b6-4431-87f4-2703b47cb81b which can be used as unique global reference for Talos Emotet Jan 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-25T00:00:00Z
date_published 2019-01-15T00:00:00Z
source MITRE
title Emotet re-emerges after the holidays

Cybersécurité - INTRINSEC January 09 2023

Equipe cti. (2023, January 9). Emotet returns and deploys loaders. Retrieved May 7, 2023.

Internal MISP references

UUID 6d39aba3-ae77-4a95-8242-7dacae8c89d8 which can be used as unique global reference for Cybersécurité - INTRINSEC January 09 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2023-01-09T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Emotet returns and deploys loaders

Emotet shutdown

The DFIR Report. (2022, November 8). Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware. Retrieved March 6, 2023.

Internal MISP references

UUID 02e6c7bf-f81c-53a3-b771-fd77d4cdb5a0 which can be used as unique global reference for Emotet shutdown in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-06T00:00:00Z
date_published 2022-11-08T00:00:00Z
source MITRE
title Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware

Carbon Black Emotet Apr 2019

Lee, S.. (2019, April 24). Emotet Using WMI to Launch PowerShell Encoded Code. Retrieved May 24, 2019.

Internal MISP references

UUID db8fe753-d674-4668-9ee5-c1269085a7a1 which can be used as unique global reference for Carbon Black Emotet Apr 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-24T00:00:00Z
date_published 2019-04-24T00:00:00Z
source MITRE
title Emotet Using WMI to Launch PowerShell Encoded Code

DanielManea Emotet May 2017

Manea, D.. (2019, May 25). Emotet v4 Analysis. Retrieved April 16, 2019.

Internal MISP references

UUID 578e44f2-9ff5-4bed-8dee-a992711df8ce which can be used as unique global reference for DanielManea Emotet May 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-16T00:00:00Z
date_published 2019-05-25T00:00:00Z
source MITRE
title Emotet v4 Analysis

Empire Keychain Decrypt

Empire. (2018, March 8). Empire keychaindump_decrypt Module. Retrieved April 14, 2022.

Internal MISP references

UUID 41075230-73a2-4195-b716-379f9e5ae93b which can be used as unique global reference for Empire Keychain Decrypt in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-14T00:00:00Z
date_published 2018-03-08T00:00:00Z
source MITRE
title Empire keychaindump_decrypt Module

Github EmpireProject CreateHijacker Dylib

Wardle, P., Ross, C. (2018, April 8). EmpireProject Create Dylib Hijacker. Retrieved April 1, 2021.

Internal MISP references

UUID 2908418d-54cf-4245-92c6-63f616b04e91 which can be used as unique global reference for Github EmpireProject CreateHijacker Dylib in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-01T00:00:00Z
date_published 2018-04-08T00:00:00Z
source MITRE
title EmpireProject Create Dylib Hijacker

Github EmpireProject HijackScanner

Wardle, P., Ross, C. (2017, September 21). Empire Project Dylib Hijack Vulnerability Scanner. Retrieved April 1, 2021.

Internal MISP references

UUID c83e8833-9648-4178-b5be-6fa0af8f737f which can be used as unique global reference for Github EmpireProject HijackScanner in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-01T00:00:00Z
date_published 2017-09-21T00:00:00Z
source MITRE
title Empire Project Dylib Hijack Vulnerability Scanner

Microsoft ASR Nov 2017

Brower, N. & D'Souza-Wiltshire, I. (2017, November 9). Enable Attack surface reduction. Retrieved February 3, 2018.

Internal MISP references

UUID 1cb445f6-a366-4ae6-a698-53da6c61b4c9 which can be used as unique global reference for Microsoft ASR Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-03T00:00:00Z
date_published 2017-11-09T00:00:00Z
source MITRE
title Enable Attack surface reduction

Microsoft TESTSIGNING Feb 2021

Microsoft. (2021, February 15). Enable Loading of Test Signed Drivers. Retrieved April 22, 2021.

Internal MISP references

UUID c04153f9-d4c7-4349-9bef-3f883eec0028 which can be used as unique global reference for Microsoft TESTSIGNING Feb 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-22T00:00:00Z
date_published 2021-02-15T00:00:00Z
source MITRE
title Enable Loading of Test Signed Drivers

Microsoft Disable DCOM

Microsoft. (n.d.). Enable or Disable DCOM. Retrieved November 22, 2017.

Internal MISP references

UUID 1aeac4da-f5fd-4fa3-9cc0-b1a50427c121 which can be used as unique global reference for Microsoft Disable DCOM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-22T00:00:00Z
source MITRE
title Enable or Disable DCOM

Microsoft Disable Macros

Microsoft. (n.d.). Enable or disable macros in Office files. Retrieved September 13, 2018.

Internal MISP references

UUID cfe592a1-c06d-4555-a30f-c5d533dfd73e which can be used as unique global reference for Microsoft Disable Macros in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-13T00:00:00Z
source MITRE
title Enable or disable macros in Office files

Microsoft Remote

Microsoft. (n.d.). Enable the Remote Registry Service. Retrieved May 1, 2015.

Internal MISP references

UUID 331d59e3-ce7f-483c-b77d-001c8a9ae1df which can be used as unique global reference for Microsoft Remote in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-05-01T00:00:00Z
source MITRE
title Enable the Remote Registry Service

PCMag DoubleExtension

PCMag. (n.d.). Encyclopedia: double extension. Retrieved August 4, 2021.

Internal MISP references

UUID a729519d-8c9f-477c-b992-434076a9d294 which can be used as unique global reference for PCMag DoubleExtension in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-04T00:00:00Z
source MITRE
title Encyclopedia: double extension

FireEye Periscope March 2018

FireEye. (2018, March 16). Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries. Retrieved April 11, 2018.

Internal MISP references

UUID 8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f which can be used as unique global reference for FireEye Periscope March 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-11T00:00:00Z
source MITRE
title Engineering and Maritime Industries

NCCIC AR-17-20045 February 2017

NCCIC. (2017, February 10). Enhanced Analysis of GRIZZLY STEPPE Activity. Retrieved April 12, 2021.

Internal MISP references

UUID b930e838-649b-42ab-86dc-0443667276de which can be used as unique global reference for NCCIC AR-17-20045 February 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-12T00:00:00Z
date_published 2017-02-10T00:00:00Z
source MITRE
title Enhanced Analysis of GRIZZLY STEPPE Activity

ESET Sednit Part 1

ESET. (2016, October). En Route with Sednit - Part 1: Approaching the Target. Retrieved November 8, 2016.

Internal MISP references

UUID a2016103-ead7-46b3-bae5-aa97c45a12b7 which can be used as unique global reference for ESET Sednit Part 1 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-11-08T00:00:00Z
date_published 2016-10-01T00:00:00Z
source MITRE
title En Route with Sednit - Part 1: Approaching the Target

ESET Sednit Part 2

ESET. (2016, October). En Route with Sednit - Part 2: Observing the Comings and Goings. Retrieved November 21, 2016.

Internal MISP references

UUID aefb9eda-df5a-437f-af2a-ec1b6c04628b which can be used as unique global reference for ESET Sednit Part 2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-11-21T00:00:00Z
date_published 2016-10-01T00:00:00Z
source MITRE
title En Route with Sednit - Part 2: Observing the Comings and Goings

ESET Sednit Part 3

ESET. (2016, October). En Route with Sednit - Part 3: A Mysterious Downloader. Retrieved November 21, 2016.

Internal MISP references

UUID 7c2be444-a947-49bc-b5f6-8f6bec870c6a which can be used as unique global reference for ESET Sednit Part 3 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-11-21T00:00:00Z
date_published 2016-10-01T00:00:00Z
source MITRE
title En Route with Sednit - Part 3: A Mysterious Downloader

Google Ensuring Your Information is Safe

Google. (2011, June 1). Ensuring your information is safe online. Retrieved April 1, 2022.

Internal MISP references

UUID ad3eda19-08eb-4d59-a2c9-3b5ed8302205 which can be used as unique global reference for Google Ensuring Your Information is Safe in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-01T00:00:00Z
date_published 2011-06-01T00:00:00Z
source MITRE
title Ensuring your information is safe online

Fortinet Blog November 13 2018

Fortinet Blog. (2018, November 13). Enter The DarkGate - New Cryptocurrency Mining and Ransomware Campaign. Retrieved October 20, 2023.

Internal MISP references

UUID 1b9b5c48-d504-4c73-aedc-37e935c47f17 which can be used as unique global reference for Fortinet Blog November 13 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-20T00:00:00Z
date_published 2018-11-13T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Enter The DarkGate - New Cryptocurrency Mining and Ransomware Campaign

Ensilo Darkgate 2018

Adi Zeligson & Rotem Kerner. (2018, November 13). Enter The DarkGate - New Cryptocurrency Mining and Ransomware Campaign. Retrieved February 9, 2024.

Internal MISP references

UUID 31796564-4154-54c0-958a-7d6802dfefad which can be used as unique global reference for Ensilo Darkgate 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-09T00:00:00Z
date_published 2018-11-13T00:00:00Z
source MITRE
title Enter The DarkGate - New Cryptocurrency Mining and Ransomware Campaign

Splunk DarkGate

Splunk Threat Research Team. (2024, January 17). Enter The Gates: An Analysis of the DarkGate AutoIt Loader. Retrieved March 29, 2024.

Internal MISP references

UUID adc6384c-e0d7-547f-a1e3-2c57ff0525ae which can be used as unique global reference for Splunk DarkGate in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-29T00:00:00Z
date_published 2024-01-17T00:00:00Z
source MITRE
title Enter The Gates: An Analysis of the DarkGate AutoIt Loader

Splunk DarkGate January 17 2024

Splunk Threat Research Team. (2024, January 17). Enter The Gates: An Analysis of the DarkGate AutoIt Loader. Retrieved January 24, 2024.

Internal MISP references

UUID a45a920c-3bda-4442-8650-4ad78f950283 which can be used as unique global reference for Splunk DarkGate January 17 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-24T00:00:00Z
date_published 2024-01-17T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Enter The Gates: An Analysis of the DarkGate AutoIt Loader

Microsoft EnumDeviceDrivers

Microsoft. (2021, October 12). EnumDeviceDrivers function (psapi.h). Retrieved March 28, 2023.

Internal MISP references

UUID 647ffc70-8eab-5f2f-abf4-9bbf42554043 which can be used as unique global reference for Microsoft EnumDeviceDrivers in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-28T00:00:00Z
date_published 2021-10-12T00:00:00Z
source MITRE
title EnumDeviceDrivers function (psapi.h)

EK Clueless Agents

Riordan, J., Schneier, B. (1998, June 18). Environmental Key Generation towards Clueless Agents. Retrieved January 18, 2019.

Internal MISP references

UUID ef7409d2-af39-4ad8-8469-76f0165687bd which can be used as unique global reference for EK Clueless Agents in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-01-18T00:00:00Z
date_published 1998-06-18T00:00:00Z
source MITRE
title Environmental Key Generation towards Clueless Agents

Deloitte Environment Awareness

Torello, A. & Guibernau, F. (n.d.). Environment Awareness. Retrieved May 18, 2021.

Internal MISP references

UUID af842a1f-8f39-4b4f-b4d2-0bbb810e6c31 which can be used as unique global reference for Deloitte Environment Awareness in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-18T00:00:00Z
source MITRE
title Environment Awareness

MSDN Environment Property

Microsoft. (n.d.). Environment Property. Retrieved July 27, 2016.

Internal MISP references

UUID 79ea888c-2dd7-40cb-9149-e2469a35ea3a which can be used as unique global reference for MSDN Environment Property in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-07-27T00:00:00Z
source MITRE
title Environment Property

Microsoft Environment Property

Microsoft. (2011, October 24). Environment Property. Retrieved July 27, 2016.

Internal MISP references

UUID 64598969-864d-4bc7-805e-c289cccb7bc6 which can be used as unique global reference for Microsoft Environment Property in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-07-27T00:00:00Z
date_published 2011-10-24T00:00:00Z
source MITRE
title Environment Property

Kaspersky Equation QA

Kaspersky Lab's Global Research and Analysis Team. (2015, February). Equation Group: Questions and Answers. Retrieved December 21, 2015.

Internal MISP references

UUID 34674802-fbd9-4cdb-8611-c58665c430e5 which can be used as unique global reference for Kaspersky Equation QA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-12-21T00:00:00Z
date_published 2015-02-01T00:00:00Z
source MITRE, Tidal Cyber
title Equation Group: Questions and Answers

erase_cmd_cisco

Cisco. (2022, August 16). erase - Cisco IOS Configuration Fundamentals Command Reference . Retrieved July 13, 2022.

Internal MISP references

UUID 4c90eba9-118e-5d50-ad58-27bcb0e1e228 which can be used as unique global reference for erase_cmd_cisco in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-13T00:00:00Z
date_published 2022-08-16T00:00:00Z
source MITRE
title erase - Cisco IOS Configuration Fundamentals Command Reference

Container Escape

0xn3va. (n.d.). Escaping. Retrieved May 27, 2022.

Internal MISP references

UUID 8248917a-9afd-4ec6-a086-1a97a68deff1 which can be used as unique global reference for Container Escape in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-27T00:00:00Z
source MITRE
title Escaping

Microsoft Esentutl

Microsoft. (2016, August 30). Esentutl. Retrieved September 3, 2019.

Internal MISP references

UUID 08fb9e84-495f-4710-bd1e-417eb8191a10 which can be used as unique global reference for Microsoft Esentutl in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-03T00:00:00Z
date_published 2016-08-30T00:00:00Z
source MITRE
title Esentutl

LOLBAS Esentutl

LOLBAS. (n.d.). Esentutl.exe. Retrieved September 3, 2019.

Internal MISP references

UUID 691b4907-3544-4ad0-989c-b5c845e0330f which can be used as unique global reference for LOLBAS Esentutl in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-03T00:00:00Z
source MITRE
title Esentutl.exe

ESET Twitter Ida Pro Nov 2021

Cherepanov, Anton. (2019, November 10). ESETresearch discovered a trojanized IDA Pro installer. Retrieved March 2, 2022.

Internal MISP references

UUID 6d079207-a7c0-4023-b504-1010dd538221 which can be used as unique global reference for ESET Twitter Ida Pro Nov 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-02T00:00:00Z
date_published 2019-11-10T00:00:00Z
source MITRE
title ESETresearch discovered a trojanized IDA Pro installer

ESET PowerPool Code October 2020

ESET Research. (2020, October 1). ESET Research Tweet Linking Slothfulmedia and PowerPool. Retrieved November 17, 2020.

Internal MISP references

UUID d583b409-35bd-45ea-8f2a-c0d566a6865b which can be used as unique global reference for ESET PowerPool Code October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-17T00:00:00Z
date_published 2020-10-01T00:00:00Z
source MITRE
title ESET Research Tweet Linking Slothfulmedia and PowerPool

ESET FinFisher Jan 2018

Kafka, F. (2018, January). ESET's Guide to Deobfuscating and Devirtualizing FinFisher. Retrieved August 12, 2019.

Internal MISP references

UUID be169308-19e8-4ee9-8ff6-e08eb9291ef8 which can be used as unique global reference for ESET FinFisher Jan 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-08-12T00:00:00Z
date_published 2018-01-01T00:00:00Z
source MITRE
title ESET's Guide to Deobfuscating and Devirtualizing FinFisher

ESET Trickbot Oct 2020

Boutin, J. (2020, October 12). ESET takes part in global operation to disrupt Trickbot. Retrieved March 15, 2021.

Internal MISP references

UUID c3320c11-4631-4e02-8025-5c1e5b54e521 which can be used as unique global reference for ESET Trickbot Oct 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-15T00:00:00Z
date_published 2020-10-12T00:00:00Z
source MITRE
title ESET takes part in global operation to disrupt Trickbot

WeLiveSecurity April 19 2022

Jean-Ian Boutin, Tomáš Procházka. (2022, April 19). ESET takes part in global operation to disrupt Zloader botnets | WeLiveSecurity. Retrieved May 10, 2023.

Internal MISP references

UUID f86845b9-03c4-446b-845f-b31b79b247ee which can be used as unique global reference for WeLiveSecurity April 19 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-10T00:00:00Z
date_published 2022-04-19T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title ESET takes part in global operation to disrupt Zloader botnets

Riskiq Remcos Jan 2018

Klijnsma, Y. (2018, January 23). Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors. Retrieved November 6, 2018.

Internal MISP references

UUID a641a41c-dcd8-47e5-9b29-109dd2eb7f1e which can be used as unique global reference for Riskiq Remcos Jan 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-06T00:00:00Z
date_published 2018-01-23T00:00:00Z
source MITRE
title Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors

EventLog_Core_Technologies

Core Technologies. (2021, May 24). Essential Windows Services: EventLog / Windows Event Log. Retrieved September 14, 2021.

Internal MISP references

UUID 2a1f452f-57b6-4764-b474-befa7787642d which can be used as unique global reference for EventLog_Core_Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-14T00:00:00Z
date_published 2021-05-24T00:00:00Z
source MITRE
title Essential Windows Services: EventLog / Windows Event Log

ISACA Malware Tricks

Kolbitsch, C. (2017, November 1). Evasive Malware Tricks: How Malware Evades Detection by Sandboxes. Retrieved March 30, 2021.

Internal MISP references

UUID a071bf02-066b-46e6-a554-f43d0c170807 which can be used as unique global reference for ISACA Malware Tricks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-30T00:00:00Z
date_published 2017-11-01T00:00:00Z
source MITRE
title Evasive Malware Tricks: How Malware Evades Detection by Sandboxes

ThreatStream Evasion Analysis

Shelmire, A.. (2015, July 6). Evasive Maneuvers. Retrieved January 22, 2016.

Internal MISP references

UUID de6bc044-6275-4cab-80a1-feefebd3c1f0 which can be used as unique global reference for ThreatStream Evasion Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-22T00:00:00Z
date_published 2015-07-06T00:00:00Z
source MITRE
title Evasive Maneuvers

Anomali Evasive Maneuvers July 2015

Shelmire, A. (2015, July 06). Evasive Maneuvers by the Wekby group with custom ROP-packing and DNS covert channels. Retrieved November 15, 2018.

Internal MISP references

UUID 471ae30c-2753-468e-8e4d-6e7a3be599c9 which can be used as unique global reference for Anomali Evasive Maneuvers July 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-15T00:00:00Z
date_published 2015-07-06T00:00:00Z
source MITRE
title Evasive Maneuvers by the Wekby group with custom ROP-packing and DNS covert channels

Unit42 OilRig Playbook 2023

Unit42. (2016, May 1). Evasive Serpens Unit 42 Playbook Viewer. Retrieved February 6, 2023.

Internal MISP references

UUID e38902bb-9bab-5beb-817b-668a67a76541 which can be used as unique global reference for Unit42 OilRig Playbook 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-06T00:00:00Z
date_published 2016-05-01T00:00:00Z
source MITRE
title Evasive Serpens Unit 42 Playbook Viewer

Microsoft EventLog.Clear

Microsoft. (n.d.). EventLog.Clear Method (). Retrieved July 2, 2018.

Internal MISP references

UUID b2711ad3-981c-4c77-bb64-643b547bfda6 which can be used as unique global reference for Microsoft EventLog.Clear in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-02T00:00:00Z
source MITRE
title EventLog.Clear Method ()

evt_log_tampering

svch0st. (2020, September 30). Event Log Tampering Part 1: Disrupting the EventLog Service. Retrieved September 14, 2021.

Internal MISP references

UUID 7757bbc6-8058-4584-a5aa-14b647d932a6 which can be used as unique global reference for evt_log_tampering in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-14T00:00:00Z
date_published 2020-09-30T00:00:00Z
source MITRE
title Event Log Tampering Part 1: Disrupting the EventLog Service

Microsoft ETW May 2018

Microsoft. (2018, May 30). Event Tracing. Retrieved September 6, 2018.

Internal MISP references

UUID 876f8690-1874-41c0-bd38-d3bd41c96acc which can be used as unique global reference for Microsoft ETW May 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-06T00:00:00Z
date_published 2018-05-30T00:00:00Z
source MITRE
title Event Tracing

Eventvwr.exe - LOLBAS Project

LOLBAS. (2018, November 1). Eventvwr.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 0c09812a-a936-4282-b574-35a00f631857 which can be used as unique global reference for Eventvwr.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-11-01T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Eventvwr.exe

Secure Ideas SMB Relay

Kuehn, E. (2018, April 11). Ever Run a Relay? Why SMB Relays Should Be On Your Mind. Retrieved February 7, 2019.

Internal MISP references

UUID ac4b2e91-f338-44c3-8950-435102136991 which can be used as unique global reference for Secure Ideas SMB Relay in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-07T00:00:00Z
date_published 2018-04-11T00:00:00Z
source MITRE
title Ever Run a Relay? Why SMB Relays Should Be On Your Mind

CSV Excel Macro Injection

Ishaq Mohammed . (2021, January 10). Everything about CSV Injection and CSV Excel Macro Injection. Retrieved February 7, 2022.

Internal MISP references

UUID 22c871ff-2701-4809-9f5b-fb29da7481e8 which can be used as unique global reference for CSV Excel Macro Injection in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-07T00:00:00Z
date_published 2021-01-10T00:00:00Z
source MITRE
title Everything about CSV Injection and CSV Excel Macro Injection

Avertium callback phishing

Avertium. (n.d.). EVERYTHING YOU NEED TO KNOW ABOUT CALLBACK PHISHING. Retrieved February 2, 2023.

Internal MISP references

UUID abeb1146-e5e5-5ecc-9b70-b348fba097f6 which can be used as unique global reference for Avertium callback phishing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-02T00:00:00Z
source MITRE
title EVERYTHING YOU NEED TO KNOW ABOUT CALLBACK PHISHING

Intezer Aurora Sept 2017

Rosenberg, J. (2017, September 20). Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner. Retrieved February 13, 2018.

Internal MISP references

UUID b2999bd7-50d5-4d49-8893-8c0903d49104 which can be used as unique global reference for Intezer Aurora Sept 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-13T00:00:00Z
date_published 2017-09-20T00:00:00Z
source MITRE
title Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner

Cyphort EvilBunny Dec 2014

Marschalek, M.. (2014, December 16). EvilBunny: Malware Instrumented By Lua. Retrieved June 28, 2019.

Internal MISP references

UUID a0218d0f-3378-4508-9d3c-a7cd3e00a156 which can be used as unique global reference for Cyphort EvilBunny Dec 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-28T00:00:00Z
date_published 2014-12-16T00:00:00Z
source MITRE
title EvilBunny: Malware Instrumented By Lua

Evil Clippy May 2019

Hegt, S. (2019, May 5). Evil Clippy: MS Office maldoc assistant. Retrieved September 17, 2020.

Internal MISP references

UUID aafa27e8-5df7-4fc6-9fe5-9a438f2b507a which can be used as unique global reference for Evil Clippy May 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-17T00:00:00Z
date_published 2019-05-05T00:00:00Z
source MITRE
title Evil Clippy: MS Office maldoc assistant

Cyble August 19 2022

Cybleinc. (2022, August 19). EvilCoder Project Selling Multiple Dangerous Tools Online. Retrieved May 10, 2023.

Internal MISP references

UUID 7b5617f8-5d0d-4185-97c7-82acf023f3c3 which can be used as unique global reference for Cyble August 19 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-10T00:00:00Z
date_published 2022-08-19T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title EvilCoder Project Selling Multiple Dangerous Tools Online

Evilginx 2 July 2018

Gretzky, K.. (2018, July 26). Evilginx 2 - Next Generation of Phishing 2FA Tokens. Retrieved October 14, 2019.

Internal MISP references

UUID 9099b5aa-25eb-4cb7-9e3a-da4c3244f15a which can be used as unique global reference for Evilginx 2 July 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-14T00:00:00Z
date_published 2018-07-26T00:00:00Z
source MITRE
title Evilginx 2 - Next Generation of Phishing 2FA Tokens

Evilginx Sources & Methods December 2023

Matthew Conway. (2023, December 14). Evilginx Phishing Proxy. Retrieved January 3, 2023.

Internal MISP references

UUID 13bdabb2-5956-492a-baf9-b0c3a0629806 which can be used as unique global reference for Evilginx Sources & Methods December 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-01-03T00:00:00Z
date_published 2023-12-14T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Evilginx Phishing Proxy

SentinelOne EvilQuest Ransomware Spyware 2020

Phil Stokes. (2020, July 8). “EvilQuest” Rolls Ransomware, Spyware & Data Theft Into One. Retrieved April 1, 2021.

Internal MISP references

UUID 4dc26c77-d0ce-4836-a4cc-0490b6d7f115 which can be used as unique global reference for SentinelOne EvilQuest Ransomware Spyware 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-01T00:00:00Z
date_published 2020-07-08T00:00:00Z
source MITRE
title “EvilQuest” Rolls Ransomware, Spyware & Data Theft Into One

Cisco Synful Knock Evolution

Graham Holmes. (2015, October 8). Evolution of attacks on Cisco IOS devices. Retrieved October 19, 2020.

Internal MISP references

UUID 29301297-8343-4f75-8096-7fe229812f75 which can be used as unique global reference for Cisco Synful Knock Evolution in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
date_published 2015-10-08T00:00:00Z
source MITRE
title Evolution of attacks on Cisco IOS devices

SCILabs URSA/Mispadu Evolution 2023

SCILabs. (2023, May 23). Evolution of banking trojan URSA/Mispadu. Retrieved March 13, 2024.

Internal MISP references

UUID a7a0db8d-bc1c-5e89-8c42-a3a6cc2cf28d which can be used as unique global reference for SCILabs URSA/Mispadu Evolution 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-13T00:00:00Z
date_published 2023-05-23T00:00:00Z
source MITRE
title Evolution of banking trojan URSA/Mispadu

Securelist JSWorm

Fedor Sinitsyn. (2021, May 25). Evolution of JSWorm Ransomware. Retrieved August 18, 2021.

Internal MISP references

UUID c29ca9f2-1e48-4913-b10b-15e558868ed8 which can be used as unique global reference for Securelist JSWorm in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-18T00:00:00Z
date_published 2021-05-25T00:00:00Z
source MITRE
title Evolution of JSWorm Ransomware

S2 Grupo TrickBot June 2017

Salinas, M., Holguin, J. (2017, June). Evolution of Trickbot. Retrieved July 31, 2018.

Internal MISP references

UUID 28faff77-3e68-4f5c-974d-dc7c9d06ce5e which can be used as unique global reference for S2 Grupo TrickBot June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-31T00:00:00Z
date_published 2017-06-01T00:00:00Z
source MITRE
title Evolution of Trickbot

Unit 42 Valak July 2020

Duncan, B. (2020, July 24). Evolution of Valak, from Its Beginnings to Mass Distribution. Retrieved August 31, 2020.

Internal MISP references

UUID 9a96da13-5795-49bc-ab82-dfd4f964d9d0 which can be used as unique global reference for Unit 42 Valak July 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-31T00:00:00Z
date_published 2020-07-24T00:00:00Z
source MITRE
title Evolution of Valak, from Its Beginnings to Mass Distribution

Microsoft - Device Registration

Microsoft 365 Defender Threat Intelligence Team. (2022, January 26). Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA. Retrieved March 4, 2022.

Internal MISP references

UUID 3f42fc18-2adc-46ef-ae0a-c2d530518435 which can be used as unique global reference for Microsoft - Device Registration in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-04T00:00:00Z
date_published 2022-01-26T00:00:00Z
source MITRE
title Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA

Amnesty OAuth Phishing Attacks, August 2019

Amnesty International. (2019, August 16). Evolving Phishing Attacks Targeting Journalists and Human Rights Defenders from the Middle-East and North Africa. Retrieved October 8, 2019.

Internal MISP references

UUID 0b0f9cf6-f0af-4f86-9699-a63ff36c49e2 which can be used as unique global reference for Amnesty OAuth Phishing Attacks, August 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-08T00:00:00Z
date_published 2019-08-16T00:00:00Z
source MITRE
title Evolving Phishing Attacks Targeting Journalists and Human Rights Defenders from the Middle-East and North Africa

RSAC 2015 Abu Dhabi Stefano Maccaglia

Maccaglia, S. (2015, November 4). Evolving Threats: dissection of a CyberEspionage attack. Retrieved April 4, 2018.

Internal MISP references

UUID a6cb597e-e25b-4f49-bbb0-d270b1ac53f2 which can be used as unique global reference for RSAC 2015 Abu Dhabi Stefano Maccaglia in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-04T00:00:00Z
date_published 2015-11-04T00:00:00Z
source MITRE
title Evolving Threats: dissection of a CyberEspionage attack

MSTIC. (2021, November 16). Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021. Retrieved January 12, 2023.

Internal MISP references

UUID 78d39ee7-1cd5-5cb8-844a-1c3649e367a1 which can be used as unique global reference for Microsoft Iranian Threat Actor Trends November 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-01-12T00:00:00Z
date_published 2021-11-16T00:00:00Z
source MITRE
title Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021

Palo Alto Unit 42 VBA Infostealer 2014

Vicky Ray and Rob Downs. (2014, October 29). Examining a VBA-Initiated Infostealer Campaign. Retrieved March 13, 2023.

Internal MISP references

UUID c3eccab6-b12b-513a-9a04-396f7b3dcf63 which can be used as unique global reference for Palo Alto Unit 42 VBA Infostealer 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-13T00:00:00Z
date_published 2014-10-29T00:00:00Z
source MITRE
title Examining a VBA-Initiated Infostealer Campaign

Trend Micro Black Basta May 2022

Gonzalez, I., Chavez I., et al. (2022, May 9). Examining the Black Basta Ransomware’s Infection Routine. Retrieved March 7, 2023.

Internal MISP references

UUID b0351b0a-112f-543f-8909-f4b4a9f23e2e which can be used as unique global reference for Trend Micro Black Basta May 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-07T00:00:00Z
date_published 2022-05-09T00:00:00Z
source MITRE
title Examining the Black Basta Ransomware’s Infection Routine

Mandiant Glyer APT 2010

Glyer, C. (2010). Examples of Recent APT Persistence Mechanism. Retrieved December 18, 2020.

Internal MISP references

UUID bb336a6f-d76e-4535-ba81-0c7932ae91e3 which can be used as unique global reference for Mandiant Glyer APT 2010 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-18T00:00:00Z
date_published 2010-01-01T00:00:00Z
source MITRE
title Examples of Recent APT Persistence Mechanism

Excel.exe - LOLBAS Project

LOLBAS. (2019, July 19). Excel.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 9a2458f7-63ca-4eca-8c61-b6098ec0798f which can be used as unique global reference for Excel.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2019-07-19T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Excel.exe

Microsoft Tim McMichael Exchange Mail Forwarding 2

McMichael, T.. (2015, June 8). Exchange and Office 365 Mail Forwarding. Retrieved October 8, 2019.

Internal MISP references

UUID b5bf8e12-0133-46ea-85e3-b48c9901b518 which can be used as unique global reference for Microsoft Tim McMichael Exchange Mail Forwarding 2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-08T00:00:00Z
date_published 2015-06-08T00:00:00Z
source MITRE
title Exchange and Office 365 Mail Forwarding

DFIR Phosphorus November 2021

DFIR Report. (2021, November 15). Exchange Exploit Leads to Domain Wide Ransomware. Retrieved January 5, 2023.

Internal MISP references

UUID 0156d408-a36d-5876-96fd-f0b0cf296ea2 which can be used as unique global reference for DFIR Phosphorus November 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-01-05T00:00:00Z
date_published 2021-11-15T00:00:00Z
source MITRE
title Exchange Exploit Leads to Domain Wide Ransomware

Mandiant UNC2596 Cuba Ransomware February 2022

Tyler McLellan, Joshua Shilko, Shambavi Sadayappan. (2022, February 23). (Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware. Retrieved May 19, 2023.

Internal MISP references

UUID c03c0f35-3b86-4733-8a2c-71524f0e3d17 which can be used as unique global reference for Mandiant UNC2596 Cuba Ransomware February 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-19T00:00:00Z
date_published 2022-02-23T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title (Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware

ExchangePowerShell Module

Microsoft. (2017, September 25). ExchangePowerShell. Retrieved June 10, 2022.

Internal MISP references

UUID 8af67c2a-15e2-48c9-9ec2-b62ffca0f677 which can be used as unique global reference for ExchangePowerShell Module in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-10T00:00:00Z
date_published 2017-09-25T00:00:00Z
source MITRE
title ExchangePowerShell

ESET Exchange Mar 2021

Faou, M., Tartare, M., Dupuy, T. (2021, March 10). Exchange servers under siege from at least 10 APT groups. Retrieved May 21, 2021.

Internal MISP references

UUID c83f1810-22bb-4def-ab2f-3f3d67703f47 which can be used as unique global reference for ESET Exchange Mar 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-21T00:00:00Z
date_published 2021-03-10T00:00:00Z
source MITRE, Tidal Cyber
title Exchange servers under siege from at least 10 APT groups

Executable Installers are Vulnerable

Stefan Kanthak. (2015, December 8). Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege. Retrieved December 4, 2014.

Internal MISP references

UUID 5c2791d4-556d-426a-b305-44e23b50f013 which can be used as unique global reference for Executable Installers are Vulnerable in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-04T00:00:00Z
date_published 2015-12-08T00:00:00Z
source MITRE
title Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege

Seclists Kanthak 7zip Installer

Kanthak, S. (2015, December 8). Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege. Retrieved March 10, 2017.

Internal MISP references

UUID f2ebfc35-1bd9-4bc5-8a54-e2dea4e1caf5 which can be used as unique global reference for Seclists Kanthak 7zip Installer in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-10T00:00:00Z
date_published 2015-12-08T00:00:00Z
source MITRE
title Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege

Redxorblue Remote Template Injection

Hawkins, J. (2018, July 18). Executing Macros From a DOCX With Remote Template Injection. Retrieved October 12, 2018.

Internal MISP references

UUID bce1cd78-b55e-40cf-8a90-64240db867ac which can be used as unique global reference for Redxorblue Remote Template Injection in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-10-12T00:00:00Z
date_published 2018-07-18T00:00:00Z
source MITRE
title Executing Macros From a DOCX With Remote Template Injection

Microsoft PSfromCsharp APR 2014

Babinec, K. (2014, April 28). Executing PowerShell scripts from C#. Retrieved April 22, 2019.

Internal MISP references

UUID 83e346d5-1894-4c46-98eb-88a61ce7f003 which can be used as unique global reference for Microsoft PSfromCsharp APR 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-22T00:00:00Z
date_published 2014-04-28T00:00:00Z
source MITRE
title Executing PowerShell scripts from C#

PAM Creds

Fernández, J. M. (2018, June 27). Exfiltrating credentials via PAM backdoors & DNS requests. Retrieved June 26, 2020.

Internal MISP references

UUID aa9d5bdd-2102-4322-8736-56db8e083fc0 which can be used as unique global reference for PAM Creds in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-26T00:00:00Z
date_published 2018-06-27T00:00:00Z
source MITRE
title Exfiltrating credentials via PAM backdoors & DNS requests

Microsoft Expand Utility

Microsoft. (2017, October 15). Expand. Retrieved February 19, 2019.

Internal MISP references

UUID bf73a375-87b7-4603-8734-9f3d8d11967e which can be used as unique global reference for Microsoft Expand Utility in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-19T00:00:00Z
date_published 2017-10-15T00:00:00Z
source MITRE
title Expand

LOLBAS Expand

LOLBAS. (n.d.). Expand.exe. Retrieved February 19, 2019.

Internal MISP references

UUID 689b058e-a4ec-45bf-b0f8-8885eb8d8b63 which can be used as unique global reference for LOLBAS Expand in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-19T00:00:00Z
source MITRE
title Expand.exe

Mandiant CVE-2023-3519 Exploitation

James Nugent, Foti Castelan, Doug Bienstock, Justin Moore, Josh Murchie. (2023, July 21). Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519). Retrieved July 24, 2023.

Internal MISP references

UUID 4404ed65-3020-453d-8c51-2885018ba03b which can be used as unique global reference for Mandiant CVE-2023-3519 Exploitation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-24T00:00:00Z
date_published 2023-07-21T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519)

Exploit Database

Offensive Security. (n.d.). Exploit Database. Retrieved October 15, 2020.

Internal MISP references

UUID 38f7b3ea-9959-4dfb-8216-a745d071e7e2 which can be used as unique global reference for Exploit Database in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-15T00:00:00Z
source MITRE
title Exploit Database

Rhino Labs Cloud Image Backdoor Technique Sept 2019

Rhino Labs. (2019, August). Exploiting AWS ECR and ECS with the Cloud Container Attack Tool (CCAT). Retrieved September 12, 2019.

Internal MISP references

UUID 8fb46ed8-0c21-4b57-b2a6-89cb28f0abaf which can be used as unique global reference for Rhino Labs Cloud Image Backdoor Technique Sept 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-12T00:00:00Z
date_published 2019-08-01T00:00:00Z
source MITRE
title Exploiting AWS ECR and ECS with the Cloud Container Attack Tool (CCAT)

Azure AD PTA Vulnerabilities

Dr. Nestori Syynimaa. (2022, September 20). Exploiting Azure AD PTA vulnerabilities: Creating backdoor and harvesting credentials. Retrieved September 28, 2022.

Internal MISP references

UUID a0ddb60b-5445-46b3-94c5-b47e76de553d which can be used as unique global reference for Azure AD PTA Vulnerabilities in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-28T00:00:00Z
date_published 2022-09-20T00:00:00Z
source MITRE
title Exploiting Azure AD PTA vulnerabilities: Creating backdoor and harvesting credentials

Exploiting Smartphone USB

Zhaohui Wang & Angelos Stavrou. (n.d.). Exploiting Smart-Phone USB Connectivity For Fun And Profit. Retrieved May 25, 2022.

Internal MISP references

UUID 573796bd-4553-4ae1-884a-9af71b5de873 which can be used as unique global reference for Exploiting Smartphone USB in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-25T00:00:00Z
source MITRE
title Exploiting Smart-Phone USB Connectivity For Fun And Profit

versprite xpc vpn

VerSprite. (2018, January 24). Exploiting VyprVPN for MacOS. Retrieved April 20, 2022.

Internal MISP references

UUID 5e65d8cc-142b-4724-8a07-8e21558e0f64 which can be used as unique global reference for versprite xpc vpn in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-20T00:00:00Z
date_published 2018-01-24T00:00:00Z
source MITRE
title Exploiting VyprVPN for MacOS

Explorer.exe - LOLBAS Project

LOLBAS. (2020, June 24). Explorer.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 9ba3d54c-02d1-45bd-bfe8-939e84d9d44b which can be used as unique global reference for Explorer.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-06-24T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Explorer.exe

Palo Alto Unit 42 Google Workspace Domain Wide Delegation 2023

Zohar Zigdon. (2023, November 30). Exploring a Critical Risk in Google Workspace's Domain-Wide Delegation Feature. Retrieved January 16, 2024.

Internal MISP references

UUID cd76910f-1c15-50fb-a942-f19b6cc1ca69 which can be used as unique global reference for Palo Alto Unit 42 Google Workspace Domain Wide Delegation 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-16T00:00:00Z
date_published 2023-11-30T00:00:00Z
source MITRE
title Exploring a Critical Risk in Google Workspace's Domain-Wide Delegation Feature

Trend Micro Emotet Jan 2019

Trend Micro. (2019, January 16). Exploring Emotet's Activities . Retrieved March 25, 2019.

Internal MISP references

UUID a81f1dad-5841-4142-80c1-483b240fd67d which can be used as unique global reference for Trend Micro Emotet Jan 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-25T00:00:00Z
date_published 2019-01-16T00:00:00Z
source MITRE
title Exploring Emotet's Activities

SecurityTrails Google Hacking

Borges, E. (2019, March 5). Exploring Google Hacking Techniques. Retrieved October 20, 2020.

Internal MISP references

UUID 3e7fdeaf-24a7-4cb5-8ed3-6057c9035303 which can be used as unique global reference for SecurityTrails Google Hacking in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2019-03-05T00:00:00Z
source MITRE
title Exploring Google Hacking Techniques

Medium SSL Cert

Jain, M. (2019, September 16). Export & Download — SSL Certificate from Server (Site URL). Retrieved October 20, 2020.

Internal MISP references

UUID 6502425f-3435-4162-8c96-9e10a789d362 which can be used as unique global reference for Medium SSL Cert in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2019-09-16T00:00:00Z
source MITRE
title Export & Download — SSL Certificate from Server (Site URL)

Google EXOTIC LILY March 2022

Stolyarov, V. (2022, March 17). Exposing initial access broker with ties to Conti. Retrieved August 18, 2022.

Internal MISP references

UUID 19d2cb48-bdb2-41fe-ba24-0769d7bd4d94 which can be used as unique global reference for Google EXOTIC LILY March 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-18T00:00:00Z
date_published 2022-03-17T00:00:00Z
source MITRE
title Exposing initial access broker with ties to Conti

Microsoft POLONIUM June 2022

Microsoft. (2022, June 2). Exposing POLONIUM activity and infrastructure targeting Israeli organizations. Retrieved July 1, 2022.

Internal MISP references

UUID 689ff1ab-9fed-4aa2-8e5e-78dac31e6fbd which can be used as unique global reference for Microsoft POLONIUM June 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-01T00:00:00Z
date_published 2022-06-02T00:00:00Z
source MITRE
title Exposing POLONIUM activity and infrastructure targeting Israeli organizations

External to DA, the OS X Way

Alex Rymdeko-Harvey, Steve Borosh. (2016, May 14). External to DA, the OS X Way. Retrieved July 3, 2017.

Internal MISP references

UUID b714e6a9-5c12-4a3b-89f9-d379c0284f06 which can be used as unique global reference for External to DA, the OS X Way in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-03T00:00:00Z
date_published 2016-05-14T00:00:00Z
source MITRE
title External to DA, the OS X Way

Extexport.exe - LOLBAS Project

LOLBAS. (2018, May 25). Extexport.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 2aa09a10-a492-4753-bbd8-aacd31e4fee3 which can be used as unique global reference for Extexport.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Extexport.exe

Extrac32.exe - LOLBAS Project

LOLBAS. (2018, May 25). Extrac32.exe. Retrieved December 4, 2023.

Internal MISP references

UUID ae632afc-336c-488e-81f6-91ffe1829595 which can be used as unique global reference for Extrac32.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Extrac32.exe

Journey into IR ZeroAccess NTFS EA

Harrell, C. (2012, December 11). Extracting ZeroAccess from NTFS Extended Attributes. Retrieved June 3, 2016.

Internal MISP references

UUID e9dff187-fe7d-469d-81cb-30ad520dbd3d which can be used as unique global reference for Journey into IR ZeroAccess NTFS EA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-03T00:00:00Z
date_published 2012-12-11T00:00:00Z
source MITRE
title Extracting ZeroAccess from NTFS Extended Attributes

Bizeul 2014

Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Pernet, C. (2014, July 11). Eye of the Tiger. Retrieved September 29, 2015.

Internal MISP references

UUID a4617ef4-e6d2-47e7-8f81-68e7380279bf which can be used as unique global reference for Bizeul 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-09-29T00:00:00Z
date_published 2014-07-11T00:00:00Z
source MITRE, Tidal Cyber
title Eye of the Tiger

Facad1ng

Spyboy. (2023). Facad1ng. Retrieved February 13, 2024.

Internal MISP references

UUID bd80f3d7-e653-5f8f-ba8a-00b8780ae935 which can be used as unique global reference for Facad1ng in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-13T00:00:00Z
date_published 2023-01-01T00:00:00Z
source MITRE
title Facad1ng

ThreatPost Social Media Phishing

O'Donnell, L. (2020, October 20). Facebook: A Top Launching Pad For Phishing Attacks. Retrieved October 20, 2020.

Internal MISP references

UUID 186c1213-d0c5-4eb6-aa0f-0fd61b07a1f7 which can be used as unique global reference for ThreatPost Social Media Phishing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2020-10-20T00:00:00Z
source MITRE
title Facebook: A Top Launching Pad For Phishing Attacks

SentinelLabs reversing run-only applescripts 2021

Phil Stokes. (2021, January 11). FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts. Retrieved September 29, 2022.

Internal MISP references

UUID 34dc9010-e800-420c-ace4-4f426c915d2f which can be used as unique global reference for SentinelLabs reversing run-only applescripts 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-29T00:00:00Z
date_published 2021-01-11T00:00:00Z
source MITRE
title FADE DEAD

Sentinel Labs

Phil Stokes. (2021, January 11). FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts. Retrieved September 30, 2022.

Internal MISP references

UUID 785f7692-2be8-4f5d-921e-51efdfe0c0b9 which can be used as unique global reference for Sentinel Labs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-30T00:00:00Z
date_published 2021-01-11T00:00:00Z
source MITRE
title FADE DEAD

ESET OceanLotus Mar 2019

Dumont, R. (2019, March 20). Fake or Fake: Keeping up with OceanLotus decoys. Retrieved April 1, 2019.

Internal MISP references

UUID b2745f5c-a181-48e1-b1cf-37a1ffe1fdf0 which can be used as unique global reference for ESET OceanLotus Mar 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-01T00:00:00Z
date_published 2019-03-20T00:00:00Z
source MITRE
title Fake or Fake: Keeping up with OceanLotus decoys

ZScaler BitB 2020

ZScaler. (2020, February 11). Fake Sites Stealing Steam Credentials. Retrieved March 8, 2023.

Internal MISP references

UUID c2f01a3b-a164-59b7-be5d-5eec4eb69ee5 which can be used as unique global reference for ZScaler BitB 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-08T00:00:00Z
date_published 2020-02-11T00:00:00Z
source MITRE
title Fake Sites Stealing Steam Credentials

FalconFeedsio Tweet October 9 2023

FalconFeedsio. (2023, October 9). FalconFeedsio Tweet October 9 2023. Retrieved October 10, 2023.

Internal MISP references

UUID e9810a28-f060-468b-b4ea-ffed9403ae8b which can be used as unique global reference for FalconFeedsio Tweet October 9 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-10T00:00:00Z
date_published 2023-10-09T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title FalconFeedsio Tweet October 9 2023

FalconFeedsio Tweet September 28 2023

FalconFeedsio. (2023, September 28). FalconFeedsio Tweet September 28 2023. Retrieved October 10, 2023.

Internal MISP references

UUID 78128031-bcbb-42c2-8bed-4613a10a02ca which can be used as unique global reference for FalconFeedsio Tweet September 28 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-10T00:00:00Z
date_published 2023-09-28T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title FalconFeedsio Tweet September 28 2023

falconoverwatch_blackcat_attack

Falcon OverWatch Team. (2022, March 23). Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack. Retrieved May 5, 2022.

Internal MISP references

UUID 9d0ff77c-09e9-4d58-86f4-e2398f298ca9 which can be used as unique global reference for falconoverwatch_blackcat_attack in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-05T00:00:00Z
date_published 2022-03-23T00:00:00Z
source MITRE
title Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack

CitizenLab Tropic Trooper Aug 2018

Alexander, G., et al. (2018, August 8). Familiar Feeling: A Malware Campaign Targeting the Tibetan Diaspora Resurfaces. Retrieved June 17, 2019.

Internal MISP references

UUID 5c662775-9703-4d01-844b-40a0e5c24fb9 which can be used as unique global reference for CitizenLab Tropic Trooper Aug 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-17T00:00:00Z
date_published 2018-08-08T00:00:00Z
source MITRE
title Familiar Feeling: A Malware Campaign Targeting the Tibetan Diaspora Resurfaces

CISA AA20-239A BeagleBoyz August 2020

DHS/CISA. (2020, August 26). FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks. Retrieved September 29, 2021.

Internal MISP references

UUID a8a2e3f2-3967-4e82-a36a-2436c654fb3f which can be used as unique global reference for CISA AA20-239A BeagleBoyz August 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
date_published 2020-08-26T00:00:00Z
source MITRE, Tidal Cyber
title FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks

Fast Flux - Welivesecurity

Albors, Josep. (2017, January 12). Fast Flux networks: What are they and how do they work?. Retrieved March 11, 2020.

Internal MISP references

UUID e232d739-663e-4878-b13b-9248cd81e657 which can be used as unique global reference for Fast Flux - Welivesecurity in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-11T00:00:00Z
date_published 2017-01-12T00:00:00Z
source MITRE
title Fast Flux networks: What are they and how do they work?

MehtaFastFluxPt1

Mehta, L. (2014, December 17). Fast Flux Networks Working and Detection, Part 1. Retrieved March 6, 2017.

Internal MISP references

UUID 5f169cae-6b59-4879-9a8f-93fdcea5cc58 which can be used as unique global reference for MehtaFastFluxPt1 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-06T00:00:00Z
date_published 2014-12-17T00:00:00Z
source MITRE
title Fast Flux Networks Working and Detection, Part 1

MehtaFastFluxPt2

Mehta, L. (2014, December 23). Fast Flux Networks Working and Detection, Part 2. Retrieved March 6, 2017.

Internal MISP references

UUID f8a98e55-c91e-4b5e-b6f3-0065ef07375d which can be used as unique global reference for MehtaFastFluxPt2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-06T00:00:00Z
date_published 2014-12-23T00:00:00Z
source MITRE
title Fast Flux Networks Working and Detection, Part 2

FBI-BEC

FBI. (2022). FBI 2022 Congressional Report on BEC and Real Estate Wire Fraud. Retrieved August 18, 2023.

Internal MISP references

UUID 3388bfec-7822-56dc-a384-95aa79f42fe8 which can be used as unique global reference for FBI-BEC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-18T00:00:00Z
date_published 2022-01-01T00:00:00Z
source MITRE
title FBI 2022 Congressional Report on BEC and Real Estate Wire Fraud

FBI Flash FIN7 USB

The Record. (2022, January 7). FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware. Retrieved January 14, 2022.

Internal MISP references

UUID 42dc957c-007b-4f90-88c6-1afd6d1032e8 which can be used as unique global reference for FBI Flash FIN7 USB in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-14T00:00:00Z
date_published 2022-01-07T00:00:00Z
source MITRE
title FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware

FBI Lazarus Stake.com Theft Attribution September 2023

FBI National Press Office. (2023, September 6). FBI Identifies Lazarus Group Cyber Actors as Responsible for Theft of $41 Million from Stake.com. Retrieved September 13, 2023.

Internal MISP references

UUID d753c01c-c0f6-4382-ae79-5605a28c94d5 which can be used as unique global reference for FBI Lazarus Stake.com Theft Attribution September 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-13T00:00:00Z
date_published 2023-09-06T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title FBI Identifies Lazarus Group Cyber Actors as Responsible for Theft of $41 Million from Stake.com

Hakobyan 2009

Hakobyan, A. (2009, January 8). FDump - Dumping File Sectors Directly from Disk using Logical Offsets. Retrieved November 12, 2014.

Internal MISP references

UUID d92f6dc0-e902-4a4a-9083-8d1667a7003e which can be used as unique global reference for Hakobyan 2009 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
date_published 2009-01-08T00:00:00Z
source MITRE
title FDump - Dumping File Sectors Directly from Disk using Logical Offsets

Google Federating GC

Google. (n.d.). Federating Google Cloud with Active Directory. Retrieved March 13, 2020.

Internal MISP references

UUID 4e17ca9b-5c98-409b-9496-7c37fe9ee837 which can be used as unique global reference for Google Federating GC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-13T00:00:00Z
source MITRE
title Federating Google Cloud with Active Directory

Kaspersky Ferocious Kitten Jun 2021

GReAT. (2021, June 16). Ferocious Kitten: 6 Years of Covert Surveillance in Iran. Retrieved September 22, 2021.

Internal MISP references

UUID b8f8020d-3f5c-4b5e-8761-6ecdd63fcd50 which can be used as unique global reference for Kaspersky Ferocious Kitten Jun 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-22T00:00:00Z
date_published 2021-06-16T00:00:00Z
source MITRE, Tidal Cyber
title Ferocious Kitten: 6 Years of Covert Surveillance in Iran

Fidelis njRAT June 2013

Fidelis Cybersecurity. (2013, June 28). Fidelis Threat Advisory #1009: "njRAT" Uncovered. Retrieved June 4, 2019.

Internal MISP references

UUID 6c985470-a923-48fd-82c9-9128b6d59bcb which can be used as unique global reference for Fidelis njRAT June 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-04T00:00:00Z
date_published 2013-06-28T00:00:00Z
source MITRE
title Fidelis Threat Advisory #1009: "njRAT" Uncovered

Fidelis INOCNATION

Fidelis Cybersecurity. (2015, December 16). Fidelis Threat Advisory #1020: Dissecting the Malware Involved in the INOCNATION Campaign. Retrieved March 24, 2016.

Internal MISP references

UUID 9d9c0c71-d5a2-41e4-aa90-d1046e0742c7 which can be used as unique global reference for Fidelis INOCNATION in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-24T00:00:00Z
date_published 2015-12-16T00:00:00Z
source MITRE
title Fidelis Threat Advisory #1020: Dissecting the Malware Involved in the INOCNATION Campaign

Securelist fileless attacks Feb 2017

Kaspersky Lab's Global Research and Analysis Team. (2017, February 8). Fileless attacks against enterprise networks. Retrieved February 8, 2017.

Internal MISP references

UUID b58d9c32-89c5-449a-88e7-1c7dd3f8380e which can be used as unique global reference for Securelist fileless attacks Feb 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-02-08T00:00:00Z
date_published 2017-02-08T00:00:00Z
source MITRE
title Fileless attacks against enterprise networks

Airbus Security Kovter Analysis

Dove, A. (2016, March 23). Fileless Malware – A Behavioural Analysis Of Kovter Persistence. Retrieved December 5, 2017.

Internal MISP references

UUID a8420828-9e00-45a1-90d7-a37f898204f9 which can be used as unique global reference for Airbus Security Kovter Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-05T00:00:00Z
date_published 2016-03-23T00:00:00Z
source MITRE
title Fileless Malware – A Behavioural Analysis Of Kovter Persistence

Microsoft Fileless

Microsoft. (2023, February 6). Fileless threats. Retrieved March 23, 2023.

Internal MISP references

UUID 263fc1ab-f928-583f-986d-1e1bae9b3c85 which can be used as unique global reference for Microsoft Fileless in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-23T00:00:00Z
date_published 2023-02-06T00:00:00Z
source MITRE
title Fileless threats

enigma0x3 Fileless UAC Bypass

Nelson, M. (2016, August 15). "Fileless" UAC Bypass using eventvwr.exe and Registry Hijacking. Retrieved December 27, 2016.

Internal MISP references

UUID 74b16ca4-9494-4f10-97c5-103a8521818f which can be used as unique global reference for enigma0x3 Fileless UAC Bypass in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-12-27T00:00:00Z
date_published 2016-08-15T00:00:00Z
source MITRE
title "Fileless" UAC Bypass using eventvwr.exe and Registry Hijacking

enigma0x3 sdclt bypass

Nelson, M. (2017, March 17). "Fileless" UAC Bypass Using sdclt.exe. Retrieved May 25, 2017.

Internal MISP references

UUID 5e5597e2-ea05-41e0-8752-ca95a89a5aa3 which can be used as unique global reference for enigma0x3 sdclt bypass in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-05-25T00:00:00Z
date_published 2017-03-17T00:00:00Z
source MITRE
title "Fileless" UAC Bypass Using sdclt.exe

Microsoft File Mgmt

Microsoft. (2018, May 31). File Management (Local File Systems). Retrieved September 28, 2021.

Internal MISP references

UUID e6d84416-5808-4e7d-891b-ba67dada8726 which can be used as unique global reference for Microsoft File Mgmt in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-28T00:00:00Z
date_published 2018-05-31T00:00:00Z
source MITRE
title File Management (Local File Systems)

Microsoft File Streams

Microsoft. (n.d.). File Streams. Retrieved December 2, 2014.

Internal MISP references

UUID ef3f58da-e735-4b1d-914c-fafabb7439bf which can be used as unique global reference for Microsoft File Streams in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-02T00:00:00Z
source MITRE
title File Streams

file_upload_attacks_pt2

YesWeRHackers. (2021, June 16). File Upload Attacks (Part 2). Retrieved August 23, 2022.

Internal MISP references

UUID 4f7c7d6c-ad56-594f-bcb8-79523f436f2c which can be used as unique global reference for file_upload_attacks_pt2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-23T00:00:00Z
date_published 2021-06-16T00:00:00Z
source MITRE
title File Upload Attacks (Part 2)

Microsoft GPO Security Filtering

Microsoft. (2018, May 30). Filtering the Scope of a GPO. Retrieved March 13, 2019.

Internal MISP references

UUID 327caed7-a53f-4245-8774-a9f170932012 which can be used as unique global reference for Microsoft GPO Security Filtering in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-13T00:00:00Z
date_published 2018-05-30T00:00:00Z
source MITRE
title Filtering the Scope of a GPO

FireEye FIN10 June 2017

FireEye iSIGHT Intelligence. (2017, June 16). FIN10: Anatomy of a Cyber Extortion Operation. Retrieved June 25, 2017.

Internal MISP references

UUID 9d5c3956-7169-48d5-b4d0-f7a56a742adf which can be used as unique global reference for FireEye FIN10 June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-06-25T00:00:00Z
date_published 2017-06-16T00:00:00Z
source MITRE, Tidal Cyber
title FIN10: Anatomy of a Cyber Extortion Operation

Mandiant FIN12 Group Profile October 07 2021

Joshua Shilko, Zach Riddle, Jennifer Brooks, Genevieve Stark, Adam Brunner, Kimberly Goody, Jeremy Kennelly. (2021, October 7). FIN12 Group Profile. Retrieved September 22, 2023.

Internal MISP references

UUID 7af84b3d-bbd6-449f-b29b-2f14591c9f05 which can be used as unique global reference for Mandiant FIN12 Group Profile October 07 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-22T00:00:00Z
date_published 2021-10-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title FIN12 Group Profile

Mandiant FIN12 Oct 2021

Shilko, J., et al. (2021, October 7). FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets. Retrieved June 15, 2023.

Internal MISP references

UUID 4514d7cc-b999-5711-a398-d90e5d3570f2 which can be used as unique global reference for Mandiant FIN12 Oct 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-15T00:00:00Z
date_published 2021-10-07T00:00:00Z
source MITRE
title FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets

CERTFR-2023-CTI-007

CERT-FR. (2023, September 18). FIN12: Un Groupe Cybercriminel aux Multiples Rançongiciel. Retrieved September 21, 2023.

Internal MISP references

UUID 0f4a03c5-79b3-418e-a77d-305d5a32caca which can be used as unique global reference for CERTFR-2023-CTI-007 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-21T00:00:00Z
date_published 2023-09-18T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title FIN12: Un Groupe Cybercriminel aux Multiples Rançongiciel

Mandiant FIN13 Aug 2022

Ta, V., et al. (2022, August 8). FIN13: A Cybercriminal Threat Actor Focused on Mexico. Retrieved February 9, 2023.

Internal MISP references

UUID ebd9d479-1954-5a4a-b7f0-d5372489733c which can be used as unique global reference for Mandiant FIN13 Aug 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-09T00:00:00Z
date_published 2022-08-08T00:00:00Z
source MITRE
title FIN13: A Cybercriminal Threat Actor Focused on Mexico

FireEye FIN4 Stealing Insider NOV 2014

Dennesen, K. et al.. (2014, November 30). FIN4: Stealing Insider Information for an Advantage in Stock Trading?. Retrieved December 17, 2018.

Internal MISP references

UUID b27f1040-46e5-411a-b238-0b40f6160680 which can be used as unique global reference for FireEye FIN4 Stealing Insider NOV 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-12-17T00:00:00Z
date_published 2014-11-30T00:00:00Z
source MITRE
title FIN4: Stealing Insider Information for an Advantage in Stock Trading?

Visa FIN6 Feb 2019

Visa Public. (2019, February). FIN6 Cybercrime Group Expands Threat to eCommerce Merchants. Retrieved September 16, 2019.

Internal MISP references

UUID 9e9e8811-1d8e-4400-8688-e634f859c4e0 which can be used as unique global reference for Visa FIN6 Feb 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-16T00:00:00Z
date_published 2019-02-01T00:00:00Z
source MITRE
title FIN6 Cybercrime Group Expands Threat to eCommerce Merchants

SentinelOne FrameworkPOS September 2019

Kremez, V. (2019, September 19). FIN6 “FrameworkPOS”: Point-of-Sale Malware Analysis & Internals. Retrieved September 8, 2020.

Internal MISP references

UUID 054d7827-3d0c-40a7-b2a0-1428ad7729ea which can be used as unique global reference for SentinelOne FrameworkPOS September 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-08T00:00:00Z
date_published 2019-09-19T00:00:00Z
source MITRE
title FIN6 “FrameworkPOS”: Point-of-Sale Malware Analysis & Internals

SecureList Griffon May 2019

Namestnikov, Y. and Aime, F. (2019, May 8). FIN7.5: the infamous cybercrime rig “FIN7” continues its activities. Retrieved October 11, 2019.

Internal MISP references

UUID 42e196e4-42a7-427d-a69b-d78fa6375f8c which can be used as unique global reference for SecureList Griffon May 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-11T00:00:00Z
date_published 2019-05-08T00:00:00Z
source MITRE
title FIN7.5: the infamous cybercrime rig “FIN7” continues its activities

Threatpost Lizar May 2021

Seals, T. (2021, May 14). FIN7 Backdoor Masquerades as Ethical Hacking Tool. Retrieved February 2, 2022.

Internal MISP references

UUID 1b89f62f-586d-4dee-b6dd-e5a5cd090a0e which can be used as unique global reference for Threatpost Lizar May 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-02T00:00:00Z
date_published 2021-05-14T00:00:00Z
source MITRE
title FIN7 Backdoor Masquerades as Ethical Hacking Tool

FireEye FIN7 April 2017

Carr, N., et al. (2017, April 24). FIN7 Evolution and the Phishing LNK. Retrieved April 24, 2017.

Internal MISP references

UUID 6ee27fdb-1753-4fdf-af72-3295b072ff10 which can be used as unique global reference for FireEye FIN7 April 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-04-24T00:00:00Z
date_published 2017-04-24T00:00:00Z
source MITRE
title FIN7 Evolution and the Phishing LNK

Mandiant FIN7 April 4 2022

Bryce Abdo, Zander Work, Ioana Teaca, Brendan McKeague. (2022, April 4). FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7. Retrieved May 25, 2023.

Internal MISP references

UUID fbc3ea90-d3d4-440e-964d-6cd2e991df0c which can be used as unique global reference for Mandiant FIN7 April 4 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-25T00:00:00Z
date_published 2022-04-04T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7

Mandiant FIN7 Apr 2022

Abdo, B., et al. (2022, April 4). FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7. Retrieved April 5, 2022.

Internal MISP references

UUID be9919c0-ca52-593b-aea0-c5e9a262b570 which can be used as unique global reference for Mandiant FIN7 Apr 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-05T00:00:00Z
date_published 2022-04-04T00:00:00Z
source MITRE
title FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7

Gemini FIN7 Oct 2021

Gemini Advisory. (2021, October 21). FIN7 Recruits Talent For Push Into Ransomware. Retrieved February 2, 2022.

Internal MISP references

UUID bbaef178-8577-4398-8e28-604faf0950b4 which can be used as unique global reference for Gemini FIN7 Oct 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-02T00:00:00Z
date_published 2021-10-21T00:00:00Z
source MITRE
title FIN7 Recruits Talent For Push Into Ransomware

Flashpoint FIN 7 March 2019

Platt, J. and Reeves, J.. (2019, March). FIN7 Revisited: Inside Astra Panel and SQLRat Malware. Retrieved June 18, 2019.

Internal MISP references

UUID b09453a3-c0df-4e96-b399-e7b34e068e9d which can be used as unique global reference for Flashpoint FIN 7 March 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-18T00:00:00Z
date_published 2019-03-01T00:00:00Z
source MITRE
title FIN7 Revisited: Inside Astra Panel and SQLRat Malware

FireEye FIN7 March 2017

Miller, S., et al. (2017, March 7). FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filings. Retrieved March 8, 2017.

Internal MISP references

UUID 7987bb91-ec41-42f8-bd2d-dabc26509a08 which can be used as unique global reference for FireEye FIN7 March 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-08T00:00:00Z
date_published 2017-03-07T00:00:00Z
source MITRE, Tidal Cyber
title FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filings

Morphisec FIN7 June 2017

Gorelik, M.. (2017, June 9). FIN7 Takes Another Bite at the Restaurant Industry. Retrieved July 13, 2017.

Internal MISP references

UUID 3831173c-7c67-4f16-b652-ad992a7ce411 which can be used as unique global reference for Morphisec FIN7 June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-13T00:00:00Z
date_published 2017-06-09T00:00:00Z
source MITRE
title FIN7 Takes Another Bite at the Restaurant Industry

Esentire 5 8 2024

Esentire Threat Response Unit. (2024, May 8). FIN7 Uses Trusted Brands and Sponsored Google Ads to Distribute MSIX…. Retrieved May 14, 2024.

Internal MISP references

UUID 67c3a7ed-e2e2-4566-aca7-61e766f177bf which can be used as unique global reference for Esentire 5 8 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-05-14T00:00:00Z
date_published 2024-05-08T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title FIN7 Uses Trusted Brands and Sponsored Google Ads to Distribute MSIX…

CyberScoop FIN7 Oct 2017

Waterman, S. (2017, October 16). Fin7 weaponization of DDE is just their latest slick move, say researchers. Retrieved November 21, 2017.

Internal MISP references

UUID e38adff1-7f53-4b0c-9d58-a4640b09b10d which can be used as unique global reference for CyberScoop FIN7 Oct 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-21T00:00:00Z
date_published 2017-10-16T00:00:00Z
source MITRE
title Fin7 weaponization of DDE is just their latest slick move, say researchers

Bitdefender FIN8 BADHATCH Report

Bitdefender. (2021, March 10). FIN8 Returns with Improved BADHATCH Toolkit. Retrieved October 30, 2023.

Internal MISP references

UUID 501b6391-e09e-47dc-9cfc-c8ed4c034aca which can be used as unique global reference for Bitdefender FIN8 BADHATCH Report in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-30T00:00:00Z
date_published 2021-03-10T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title FIN8 Returns with Improved BADHATCH Toolkit

BitDefender BADHATCH Mar 2021

Vrabie, V., et al. (2021, March 10). FIN8 Returns with Improved BADHATCH Toolkit. Retrieved September 8, 2021.

Internal MISP references

UUID 958cfc9a-901c-549d-96c2-956272b240e3 which can be used as unique global reference for BitDefender BADHATCH Mar 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-08T00:00:00Z
date_published 2021-03-10T00:00:00Z
source MITRE
title FIN8 Returns with Improved BADHATCH Toolkit

Bitdefender Sardonic Aug 2021

Budaca, E., et al. (2021, August 25). FIN8 Threat Actor Goes Agile with New Sardonic Backdoor. Retrieved August 9, 2023.

Internal MISP references

UUID 8e9d05c9-6783-5738-ac85-a444810a8074 which can be used as unique global reference for Bitdefender Sardonic Aug 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-09T00:00:00Z
date_published 2021-08-25T00:00:00Z
source MITRE
title FIN8 Threat Actor Goes Agile with New Sardonic Backdoor

Symantec FIN8 Jul 2023

Symantec Threat Hunter Team. (2023, July 18). FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware. Retrieved August 9, 2023.

Internal MISP references

UUID 9b08b7f0-1a33-5d76-817f-448fac0d165a which can be used as unique global reference for Symantec FIN8 Jul 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-09T00:00:00Z
date_published 2023-07-18T00:00:00Z
source MITRE
title FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware

DiginotarCompromise

Fisher, D. (2012, October 31). Final Report on DigiNotar Hack Shows Total Compromise of CA Servers. Retrieved March 6, 2017.

Internal MISP references

UUID 3c9b7b9a-d30a-4865-a96c-6e68d9e20452 which can be used as unique global reference for DiginotarCompromise in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-06T00:00:00Z
date_published 2012-10-31T00:00:00Z
source MITRE
title Final Report on DigiNotar Hack Shows Total Compromise of CA Servers

FireEye Financial Actors Moving into OT

Brubaker, N. Zafra, D. K. Lunden, K. Proska, K. Hildebrandt, C.. (2020, July 15). Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families. Retrieved February 15, 2021.

Internal MISP references

UUID 4bd514b8-1f79-4946-b001-110ce5cf29a9 which can be used as unique global reference for FireEye Financial Actors Moving into OT in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-15T00:00:00Z
date_published 2020-07-15T00:00:00Z
source MITRE
title Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families

MITRECND FindAPIHash

Jason (jxb5151). (2021, January 28). findapihash.py. Retrieved August 22, 2022.

Internal MISP references

UUID 2260f0a1-2a6c-4373-9e3a-624fd89446e3 which can be used as unique global reference for MITRECND FindAPIHash in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-22T00:00:00Z
date_published 2021-01-28T00:00:00Z
source MITRE
title findapihash.py

Expel IO Evil in AWS

A. Randazzo, B. Manahan and S. Lipton. (2020, April 28). Finding Evil in AWS. Retrieved June 25, 2020.

Internal MISP references

UUID 4c2424d6-670b-4db0-a752-868b4c954e29 which can be used as unique global reference for Expel IO Evil in AWS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-25T00:00:00Z
date_published 2020-04-28T00:00:00Z
source MITRE
title Finding Evil in AWS

Evil WMI

Chad Tilbury. (2023, May 22). Finding Evil WMI Event Consumers with Disk Forensics. Retrieved February 9, 2024.

Internal MISP references

UUID ee46fd07-3df3-50f6-b922-263f031ee23f which can be used as unique global reference for Evil WMI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-09T00:00:00Z
date_published 2023-05-22T00:00:00Z
source MITRE
title Finding Evil WMI Event Consumers with Disk Forensics

SANS Decrypting SSL

Butler, M. (2013, November). Finding Hidden Threats by Decrypting SSL. Retrieved April 5, 2016.

Internal MISP references

UUID d251a79b-8516-41a7-b394-47a761d0ab3b which can be used as unique global reference for SANS Decrypting SSL in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-05T00:00:00Z
date_published 2013-11-01T00:00:00Z
source MITRE
title Finding Hidden Threats by Decrypting SSL

ADSecurity Finding Passwords in SYSVOL

Sean Metcalf. (2015, December 28). Finding Passwords in SYSVOL & Exploiting Group Policy Preferences. Retrieved February 17, 2020.

Internal MISP references

UUID 538def90-5de4-4b8c-b535-0e2570ba1841 which can be used as unique global reference for ADSecurity Finding Passwords in SYSVOL in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-17T00:00:00Z
date_published 2015-12-28T00:00:00Z
source MITRE
title Finding Passwords in SYSVOL & Exploiting Group Policy Preferences

Findstr.exe - LOLBAS Project

LOLBAS. (2018, May 25). Findstr.exe. Retrieved December 4, 2023.

Internal MISP references

UUID fc4b7b28-ac74-4a8f-a39d-ce55df5fca08 which can be used as unique global reference for Findstr.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Findstr.exe

FinFisher Citation

FinFisher. (n.d.). Retrieved December 20, 2017.

Internal MISP references

UUID 6ef0b8d8-ba98-49ce-807d-5a85d111b027 which can be used as unique global reference for FinFisher Citation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
source MITRE
title FinFisher Citation

Microsoft FinFisher March 2018

Allievi, A.,Flori, E. (2018, March 01). FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines. Retrieved July 9, 2018.

Internal MISP references

UUID 88c97a9a-ef14-4695-bde0-9de2b5f5343b which can be used as unique global reference for Microsoft FinFisher March 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-09T00:00:00Z
date_published 2018-03-01T00:00:00Z
source MITRE
title FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines

FinFisher exposed

Microsoft Defender Security Research Team. (2018, March 1). FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines. Retrieved January 27, 2022.

Internal MISP references

UUID b2f4541e-f981-4b25-abf4-1bec92b16faa which can be used as unique global reference for FinFisher exposed in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-27T00:00:00Z
date_published 2018-03-01T00:00:00Z
source MITRE
title FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines

Finger.exe - LOLBAS Project

LOLBAS. (2021, August 30). Finger.exe. Retrieved December 4, 2023.

Internal MISP references

UUID e32d01eb-d904-43dc-a7e2-bdcf42f3ebb2 which can be used as unique global reference for Finger.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-08-30T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Finger.exe

FireEye Cyber Threats to Media Industries

FireEye. (n.d.). Retrieved April 19, 2019.

Internal MISP references

UUID 7b9bd753-01b7-4923-9964-19c59123ace2 which can be used as unique global reference for FireEye Cyber Threats to Media Industries in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-19T00:00:00Z
source MITRE
title FireEye Cyber Threats to Media Industries

FireEye DLL Side-Loading

Amanda Steward. (2014). FireEye DLL Side-Loading: A Thorn in the Side of the Anti-Virus Industry. Retrieved March 13, 2020.

Internal MISP references

UUID 9d58bcbb-5b96-4e12-8ff2-e0b084c3eb8c which can be used as unique global reference for FireEye DLL Side-Loading in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-13T00:00:00Z
date_published 2014-01-01T00:00:00Z
source MITRE
title FireEye DLL Side-Loading: A Thorn in the Side of the Anti-Virus Industry

FireEye Shamoon Nov 2016

FireEye. (2016, November 30). FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region. Retrieved January 11, 2017.

Internal MISP references

UUID 44b2eb6b-4902-4ca0-80e5-7333d620e075 which can be used as unique global reference for FireEye Shamoon Nov 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-01-11T00:00:00Z
date_published 2016-11-30T00:00:00Z
source MITRE
title FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region

FireEye Ryuk and Trickbot January 2019

Goody, K., et al (2019, January 11). A Nasty Trick: From Credential Theft Malware to Business Disruption. Retrieved May 12, 2020.

Internal MISP references

UUID b29dc755-f1f0-4206-9ecf-29257a1909ee which can be used as unique global reference for FireEye Ryuk and Trickbot January 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-12T00:00:00Z
source MITRE
title FireEye Ryuk and Trickbot January 2019

DarkReading FireEye SolarWinds

Kelly Jackson Higgins. (2021, January 7). FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack. Retrieved April 18, 2022.

Internal MISP references

UUID a662c764-8954-493f-88e5-e022e093a785 which can be used as unique global reference for DarkReading FireEye SolarWinds in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-18T00:00:00Z
date_published 2021-01-07T00:00:00Z
source MITRE
title FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack

FireEye FinSpy Sept 2017

Jiang, G., et al. (2017, September 12). FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY. Retrieved February 15, 2018.

Internal MISP references

UUID 142cf7a3-2ca2-4cf3-b95a-9f4b3bc1cdce which can be used as unique global reference for FireEye FinSpy Sept 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-15T00:00:00Z
date_published 2017-09-12T00:00:00Z
source MITRE
title FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY

RiskIQ Cobalt Jan 2018

Klijnsma, Y.. (2018, January 16). First Activities of Cobalt Group in 2018: Spear Phishing Russian Banks. Retrieved October 10, 2018.

Internal MISP references

UUID 7d48b679-d44d-466e-b12b-16f0f9858d15 which can be used as unique global reference for RiskIQ Cobalt Jan 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-10-10T00:00:00Z
date_published 2018-01-16T00:00:00Z
source MITRE
title First Activities of Cobalt Group in 2018: Spear Phishing Russian Banks

Chrome Extension Crypto Miner

Brinkmann, M. (2017, September 19). First Chrome extension with JavaScript Crypto Miner detected. Retrieved November 16, 2017.

Internal MISP references

UUID ae28f530-40da-451e-89b8-b472340c3e0a which can be used as unique global reference for Chrome Extension Crypto Miner in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-16T00:00:00Z
date_published 2017-09-19T00:00:00Z
source MITRE
title First Chrome extension with JavaScript Crypto Miner detected

Aquasec Kubernetes Attack 2023

Michael Katchinskiy, Assaf Morag. (2023, April 21). First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters. Retrieved July 14, 2023.

Internal MISP references

UUID 6d6e2fc8-9806-5480-bfaa-a43a962a4980 which can be used as unique global reference for Aquasec Kubernetes Attack 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-14T00:00:00Z
date_published 2023-04-21T00:00:00Z
source MITRE
title First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters

ESET-Twitoor

ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016.

Internal MISP references

UUID 845896a6-b21d-489d-b75c-1e35b3ec78e0 which can be used as unique global reference for ESET-Twitoor in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-12-22T00:00:00Z
date_published 2016-08-24T00:00:00Z
source MITRE
title First Twitter-controlled Android botnet discovered

Baldwin, M., Flores, J., Kess, B.. (2018, June 17). Five steps to securing your identity infrastructure. Retrieved October 4, 2019.

Internal MISP references

UUID 3a0c4458-c8ec-44f9-95cc-0eb136a927cb which can be used as unique global reference for Microsoft Azure AD Admin Consent in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-04T00:00:00Z
date_published 2018-06-17T00:00:00Z
source MITRE
title Five steps to securing your identity infrastructure

NTT Security Flagpro new December 2021

Hada, H. (2021, December 28). Flagpro The new malware used by BlackTech. Retrieved March 25, 2022.

Internal MISP references

UUID c0f523fa-7f3b-4c85-b48f-19ae770e9f3b which can be used as unique global reference for NTT Security Flagpro new December 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-25T00:00:00Z
date_published 2021-12-28T00:00:00Z
source MITRE
title Flagpro The new malware used by BlackTech

Kaspersky Flame Functionality

Gostev, A. (2012, May 30). Flame: Bunny, Frog, Munch and BeetleJuice…. Retrieved March 1, 2017.

Internal MISP references

UUID c7d030ad-0ecf-458f-85d4-93778d759dc1 which can be used as unique global reference for Kaspersky Flame Functionality in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-01T00:00:00Z
date_published 2012-05-30T00:00:00Z
source MITRE
title Flame: Bunny, Frog, Munch and BeetleJuice…

Crysys Skywiper

sKyWIper Analysis Team. (2012, May 31). sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks. Retrieved September 6, 2018.

Internal MISP references

UUID ea35f530-b0fd-4e27-a7a9-6ba41566154c which can be used as unique global reference for Crysys Skywiper in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-06T00:00:00Z
source MITRE
title Flamer): A complex malware for targeted attacks

Symantec Beetlejuice

Symantec Security Response. (2012, May 31). Flamer: A Recipe for Bluetoothache. Retrieved February 25, 2017.

Internal MISP references

UUID 691ada65-fe64-4917-b379-1db2573eea32 which can be used as unique global reference for Symantec Beetlejuice in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-02-25T00:00:00Z
date_published 2012-05-31T00:00:00Z
source MITRE
title Flamer: A Recipe for Bluetoothache

Microsoft Flax Typhoon August 24 2023

Microsoft Threat Intelligence. (2023, August 24). Flax Typhoon using legitimate software to quietly access Taiwanese organizations. Retrieved August 28, 2023.

Internal MISP references

UUID ec962b72-7b7f-4f7e-b6d6-7c5380b07201 which can be used as unique global reference for Microsoft Flax Typhoon August 24 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-28T00:00:00Z
date_published 2023-08-24T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Flax Typhoon using legitimate software to quietly access Taiwanese organizations

fltMC.exe - LOLBAS Project

LOLBAS. (2021, September 18). fltMC.exe. Retrieved December 4, 2023.

Internal MISP references

UUID cf9b4bd3-92f0-405b-85e7-95e65d548b79 which can be used as unique global reference for fltMC.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-09-18T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title fltMC.exe

IranThreats Kittens Dec 2017

Iran Threats . (2017, December 5). Flying Kitten to Rocket Kitten, A Case of Ambiguity and Shared Code. Retrieved May 28, 2020.

Internal MISP references

UUID 8338ad75-89f2-47d8-b85b-7cbf331bd7cd which can be used as unique global reference for IranThreats Kittens Dec 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-28T00:00:00Z
date_published 2017-12-05T00:00:00Z
source MITRE
title Flying Kitten to Rocket Kitten, A Case of Ambiguity and Shared Code

MSTIC FoggyWeb September 2021

Ramin Nafisi. (2021, September 27). FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor. Retrieved October 4, 2021.

Internal MISP references

UUID 1ef61100-c5e7-4725-8456-e508c5f6d68a which can be used as unique global reference for MSTIC FoggyWeb September 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-04T00:00:00Z
date_published 2021-09-27T00:00:00Z
source MITRE
title FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor

Following the CloudTrail: Generating strong AWS security signals with Sumo Logic

Dan Whalen. (2019, September 10). Following the CloudTrail: Generating strong AWS security signals with Sumo Logic. Retrieved October 16, 2020.

Internal MISP references

UUID 96560211-59b3-4eae-b8a3-2f988f6fdca3 which can be used as unique global reference for Following the CloudTrail: Generating strong AWS security signals with Sumo Logic in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-16T00:00:00Z
date_published 2019-09-10T00:00:00Z
source MITRE
title Following the CloudTrail: Generating strong AWS security signals with Sumo Logic

Group IB RTM August 2019

Skulkin, O. (2019, August 5). Following the RTM Forensic examination of a computer infected with a banking trojan. Retrieved May 11, 2020.

Internal MISP references

UUID 739da2f2-2aea-4f65-bc4d-ec6723f90520 which can be used as unique global reference for Group IB RTM August 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-11T00:00:00Z
date_published 2019-08-05T00:00:00Z
source MITRE
title Following the RTM Forensic examination of a computer infected with a banking trojan

TrendMicro BlackTech June 2017

Bermejo, L., et al. (2017, June 22). Following the Trail of BlackTech’s Cyber Espionage Campaigns. Retrieved May 5, 2020.

Internal MISP references

UUID abb9cb19-d30e-4048-b106-eb29a6dad7fc which can be used as unique global reference for TrendMicro BlackTech June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-05T00:00:00Z
date_published 2017-06-22T00:00:00Z
source MITRE, Tidal Cyber
title Following the Trail of BlackTech’s Cyber Espionage Campaigns

FireEye FIN6 April 2016

FireEye Threat Intelligence. (2016, April). Follow the Money: Dissecting the Operations of the Cyber Crime Group FIN6. Retrieved June 1, 2016.

Internal MISP references

UUID 8c0997e1-b285-42dd-9492-75065eac8f8b which can be used as unique global reference for FireEye FIN6 April 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-01T00:00:00Z
date_published 2016-04-01T00:00:00Z
source MITRE, Tidal Cyber
title Follow the Money: Dissecting the Operations of the Cyber Crime Group FIN6

ESET FontOnLake Analysis 2021

Vladislav Hrčka. (2021, January 1). FontOnLake. Retrieved September 27, 2023.

Internal MISP references

UUID dbcced87-91ee-514f-98c8-29a85d967384 which can be used as unique global reference for ESET FontOnLake Analysis 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-27T00:00:00Z
date_published 2021-01-01T00:00:00Z
source MITRE
title FontOnLake

amnesty_nso_pegasus

Amnesty International Security Lab. (2021, July 18). Forensic Methodology Report: How to catch NSO Group’s Pegasus. Retrieved February 22, 2022.

Internal MISP references

UUID 9e40d93a-fe91-504a-a6f2-e6546067ba53 which can be used as unique global reference for amnesty_nso_pegasus in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-22T00:00:00Z
date_published 2021-07-18T00:00:00Z
source MITRE
title Forensic Methodology Report: How to catch NSO Group’s Pegasus

Microsoft Forfiles Aug 2016

Microsoft. (2016, August 31). Forfiles. Retrieved January 22, 2018.

Internal MISP references

UUID fd7eaa47-3512-4dbd-b881-bc679d06cd1b which can be used as unique global reference for Microsoft Forfiles Aug 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-22T00:00:00Z
date_published 2016-08-31T00:00:00Z
source MITRE
title Forfiles

Forfiles.exe - LOLBAS Project

LOLBAS. (2018, May 25). Forfiles.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 9e2c3833-b667-431c-a9e5-1b412583cc5a which can be used as unique global reference for Forfiles.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Forfiles.exe

Mandiant Log4Shell March 28 2022

Geoff Ackerman, Tufail Ahmed, James Maclachlan, Dallin Warne, John Wolfram, Brandon Wilbur. (2022, March 28). Forged in Fire: A Survey of MobileIron Log4Shell Exploitation. Retrieved November 1, 2023.

Internal MISP references

UUID 62d4d685-09c4-47b6-865c-4a6096e551cd which can be used as unique global reference for Mandiant Log4Shell March 28 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-01T00:00:00Z
date_published 2022-03-28T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Forged in Fire: A Survey of MobileIron Log4Shell Exploitation

Proofpoint March 24 2023

Proofpoint. (2023, March 24). Fork in the Ice: The New Era of IcedID | Proofpoint US. Retrieved May 10, 2023.

Internal MISP references

UUID 71d5e4ce-3785-48f9-9566-fe5151ad6dc2 which can be used as unique global reference for Proofpoint March 24 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-10T00:00:00Z
date_published 2023-03-24T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Fork in the Ice: The New Era of IcedID

Symantec Seaduke 2015

Symantec Security Response. (2015, July 13). “Forkmeiamfamous”: Seaduke, latest weapon in the Duke armory. Retrieved July 22, 2015.

Internal MISP references

UUID 5ec05c01-8767-44c1-9855-e1b0e5ee0002 which can be used as unique global reference for Symantec Seaduke 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-07-22T00:00:00Z
date_published 2015-07-13T00:00:00Z
source MITRE
title “Forkmeiamfamous”: Seaduke, latest weapon in the Duke armory

Register Uber

McCarthy, K. (2015, February 28). FORK ME! Uber hauls GitHub into court to find who hacked database of 50,000 drivers. Retrieved October 19, 2020.

Internal MISP references

UUID 89b85928-a962-4230-875c-63742b3c9d37 which can be used as unique global reference for Register Uber in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
date_published 2015-02-28T00:00:00Z
source MITRE
title FORK ME! Uber hauls GitHub into court to find who hacked database of 50,000 drivers

format_cmd_cisco

Cisco. (2022, August 16). format - Cisco IOS Configuration Fundamentals Command Reference. Retrieved July 13, 2022.

Internal MISP references

UUID 9442e08d-0858-5aa5-b642-a6b1e46018bc which can be used as unique global reference for format_cmd_cisco in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-13T00:00:00Z
date_published 2022-08-16T00:00:00Z
source MITRE
title format - Cisco IOS Configuration Fundamentals Command Reference

Quick Heal Blog February 17 2023

Quick Heal Blog. (2023, February 17). FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data. Retrieved May 7, 2023.

Internal MISP references

UUID 02233ce3-abb2-4aed-95b8-56b65c68a665 which can be used as unique global reference for Quick Heal Blog February 17 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2023-02-17T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data

Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation

ALEXANDER MARVI, BRAD SLAYBAUGH, DAN EBREO, TUFAIL AHMED, MUHAMMAD UMAIR, TINA JOHNSON. (2023, March 16). Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation. Retrieved May 15, 2023.

Internal MISP references

UUID a43dd8ce-23d6-5768-8522-6973dc45e1ac which can be used as unique global reference for Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-15T00:00:00Z
date_published 2023-03-16T00:00:00Z
source MITRE
title Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation

Mandiant Fortinet Zero Day

Marvi, A. et al.. (2023, March 16). Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation. Retrieved March 22, 2023.

Internal MISP references

UUID 7bdc5bbb-ebbd-5eb8-bd10-9087c883aea7 which can be used as unique global reference for Mandiant Fortinet Zero Day in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-22T00:00:00Z
date_published 2023-03-16T00:00:00Z
source MITRE
title Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation

macOS Foundation

Apple. (n.d.). Foundation. Retrieved July 1, 2020.

Internal MISP references

UUID ea194268-0a8f-4494-be09-ef5f679f68fe which can be used as unique global reference for macOS Foundation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-01T00:00:00Z
source MITRE
title Foundation

SentinelOne Lazarus macOS July 2020

Stokes, P. (2020, July 27). Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform. Retrieved August 7, 2020.

Internal MISP references

UUID 489c52a2-34cc-47ff-b42b-9d48f83b9e90 which can be used as unique global reference for SentinelOne Lazarus macOS July 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-07T00:00:00Z
date_published 2020-07-27T00:00:00Z
source MITRE
title Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform

DOJ Russia Targeting Critical Infrastructure March 2022

Department of Justice. (2022, March 24). Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide. Retrieved April 5, 2022.

Internal MISP references

UUID 768a0ec6-b767-4044-acad-82834508640f which can be used as unique global reference for DOJ Russia Targeting Critical Infrastructure March 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-05T00:00:00Z
date_published 2022-03-24T00:00:00Z
source MITRE
title Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide

ClearkSky Fox Kitten February 2020

ClearSky. (2020, February 16). Fox Kitten – Widespread Iranian Espionage-Offensive Campaign. Retrieved December 21, 2020.

Internal MISP references

UUID a5ad6321-897a-4adc-9cdd-034a2538e3d6 which can be used as unique global reference for ClearkSky Fox Kitten February 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-21T00:00:00Z
date_published 2020-02-16T00:00:00Z
source MITRE, Tidal Cyber
title Fox Kitten – Widespread Iranian Espionage-Offensive Campaign

FSISAC FraudNetDoS September 2012

FS-ISAC. (2012, September 17). Fraud Alert – Cyber Criminals Targeting Financial Institution Employee Credentials to Conduct Wire Transfer Fraud. Retrieved April 18, 2019.

Internal MISP references

UUID 9c8772eb-6d1d-4742-a2db-a5e1006effaa which can be used as unique global reference for FSISAC FraudNetDoS September 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-18T00:00:00Z
date_published 2012-09-17T00:00:00Z
source MITRE
title Fraud Alert – Cyber Criminals Targeting Financial Institution Employee Credentials to Conduct Wire Transfer Fraud

MalwareBytes Ngrok February 2020

Segura, J. (2020, February 26). Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server. Retrieved September 15, 2020.

Internal MISP references

UUID 531206c7-11ec-46bf-a35c-0464244a58c9 which can be used as unique global reference for MalwareBytes Ngrok February 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-15T00:00:00Z
date_published 2020-02-26T00:00:00Z
source MITRE
title Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server

ESET ComRAT May 2020

Faou, M. (2020, May). From Agent.btz to ComRAT v4: A ten-year journey. Retrieved June 15, 2020.

Internal MISP references

UUID cd9043b8-4d14-449b-a6b2-2e9b99103bb0 which can be used as unique global reference for ESET ComRAT May 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-15T00:00:00Z
date_published 2020-05-01T00:00:00Z
source MITRE
title From Agent.btz to ComRAT v4: A ten-year journey

Azure AD to AD

Sean Metcalf. (2020, May 27). From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path. Retrieved September 28, 2022.

Internal MISP references

UUID 087d07a9-0d33-4253-b7c1-d55be13c0467 which can be used as unique global reference for Azure AD to AD in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-28T00:00:00Z
date_published 2020-05-27T00:00:00Z
source MITRE
title From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path

blackmatter_blackcat

Pereira, T. Huey, C. (2022, March 17). From BlackMatter to BlackCat: Analyzing two attacks from one affiliate. Retrieved May 5, 2022.

Internal MISP references

UUID 605b58ea-9544-49b8-b3c8-0a97b2b155dc which can be used as unique global reference for blackmatter_blackcat in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-05T00:00:00Z
date_published 2022-03-17T00:00:00Z
source MITRE
title From BlackMatter to BlackCat: Analyzing two attacks from one affiliate

Unit42 Malware Roundup December 29 2023

Samantha Stallings, Brad Duncan. (2023, December 29). From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence. Retrieved January 11, 2024.

Internal MISP references

UUID a18e19b5-9046-4c2c-bd94-2cd5061064bf which can be used as unique global reference for Unit42 Malware Roundup December 29 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-11T00:00:00Z
date_published 2023-12-29T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence

Reaqta Mavinject

Reaqta. (2017, December 16). From False Positive to True Positive: the story of Mavinject.exe, the Microsoft Injector. Retrieved September 22, 2021.

Internal MISP references

UUID 5c0e0c84-2992-4098-8913-66a20ca61bf4 which can be used as unique global reference for Reaqta Mavinject in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-22T00:00:00Z
date_published 2017-12-16T00:00:00Z
source MITRE
title From False Positive to True Positive: the story of Mavinject.exe, the Microsoft Injector

IBM MegaCortex

Del Fierro, C. Kessem, L.. (2020, January 8). From Mega to Giga: Cross-Version Comparison of Top MegaCortex Modifications. Retrieved February 15, 2021.

Internal MISP references

UUID 3d70d9b7-88e4-411e-a59a-bc862da965a7 which can be used as unique global reference for IBM MegaCortex in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-15T00:00:00Z
date_published 2020-01-08T00:00:00Z
source MITRE
title From Mega to Giga: Cross-Version Comparison of Top MegaCortex Modifications

BiZone Lizar May 2021

BI.ZONE Cyber Threats Research Team. (2021, May 13). From pentest to APT attack: cybercriminal group FIN7 disguises its malware as an ethical hacker’s toolkit. Retrieved February 2, 2022.

Internal MISP references

UUID 315f47e1-69e5-4dcb-94b2-59583e91dd26 which can be used as unique global reference for BiZone Lizar May 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-02T00:00:00Z
date_published 2021-05-13T00:00:00Z
source MITRE
title From pentest to APT attack: cybercriminal group FIN7 disguises its malware as an ethical hacker’s toolkit

Kaspersky StoneDrill 2017

Kaspersky Lab. (2017, March 7). From Shamoon to StoneDrill: Wipers attacking Saudi organizations and beyond. Retrieved March 14, 2019.

Internal MISP references

UUID e2637cb3-c449-4609-af7b-ac78a900cc8b which can be used as unique global reference for Kaspersky StoneDrill 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-14T00:00:00Z
date_published 2017-03-07T00:00:00Z
source MITRE
title From Shamoon to StoneDrill: Wipers attacking Saudi organizations and beyond

FsiAnyCpu.exe - LOLBAS Project

LOLBAS. (2021, September 26). FsiAnyCpu.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 87031d31-b6d7-4860-b11b-5a0dc8774d92 which can be used as unique global reference for FsiAnyCpu.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-09-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title FsiAnyCpu.exe

Fsi.exe - LOLBAS Project

LOLBAS. (2021, September 26). Fsi.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 4e14e87f-2ad9-4959-8cb2-8585b67931c0 which can be used as unique global reference for Fsi.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-09-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Fsi.exe

fsutil_behavior

Microsoft. (2021, September 27). fsutil behavior. Retrieved January 14, 2022.

Internal MISP references

UUID 07712696-b1fd-4704-b157-9e420840fb2c which can be used as unique global reference for fsutil_behavior in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-14T00:00:00Z
date_published 2021-09-27T00:00:00Z
source MITRE
title fsutil behavior

Fsutil.exe - LOLBAS Project

LOLBAS. (2021, August 16). Fsutil.exe. Retrieved December 4, 2023.

Internal MISP references

UUID e2305dac-4245-4fac-8813-69cb210e9cd3 which can be used as unique global reference for Fsutil.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-08-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Fsutil.exe

Microsoft FTP

Microsoft. (2021, July 21). ftp. Retrieved February 25, 2022.

Internal MISP references

UUID 970f8d16-f5b7-44e2-b81f-738b931c60d9 which can be used as unique global reference for Microsoft FTP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-25T00:00:00Z
date_published 2021-07-21T00:00:00Z
source MITRE
title ftp

Linux FTP

N/A. (n.d.). ftp(1) - Linux man page. Retrieved February 25, 2022.

Internal MISP references

UUID 021ea6bc-abff-48de-a6bb-315dbbfa6147 which can be used as unique global reference for Linux FTP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-25T00:00:00Z
source MITRE
title ftp(1) - Linux man page

Ftp.exe - LOLBAS Project

LOLBAS. (2018, December 10). Ftp.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 3b51993d-6062-4138-bfc6-a2c0fc5d039a which can be used as unique global reference for Ftp.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-12-10T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Ftp.exe

Microsoft WMI Filters

Microsoft. (2008, September 11). Fun with WMI Filters in Group Policy. Retrieved March 13, 2019.

Internal MISP references

UUID 2894c3bf-6f8d-4338-8206-4dc873e3bb8d which can be used as unique global reference for Microsoft WMI Filters in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-13T00:00:00Z
date_published 2008-09-11T00:00:00Z
source MITRE
title Fun with WMI Filters in Group Policy

Cybersecurity Advisory SVR TTP May 2021

NCSC, CISA, FBI, NSA. (2021, May 7). Further TTPs associated with SVR cyber actors. Retrieved July 29, 2021.

Internal MISP references

UUID e18c1b56-f29d-4ea9-a425-a6af8ac6a347 which can be used as unique global reference for Cybersecurity Advisory SVR TTP May 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-07-29T00:00:00Z
date_published 2021-05-07T00:00:00Z
source MITRE
title Further TTPs associated with SVR cyber actors

RiskIQ Cobalt Nov 2017

Klijnsma, Y.. (2017, November 28). Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions. Retrieved October 10, 2018.

Internal MISP references

UUID ebf961c5-bd68-42f3-8fd3-000946c7ae9c which can be used as unique global reference for RiskIQ Cobalt Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-10-10T00:00:00Z
date_published 2017-11-28T00:00:00Z
source MITRE
title Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions

Unit 42 PingPull Jun 2022

Unit 42. (2022, June 13). GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool. Retrieved August 7, 2022.

Internal MISP references

UUID ac6491ab-6ef1-4091-8a15-50e2cbafe157 which can be used as unique global reference for Unit 42 PingPull Jun 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-07T00:00:00Z
date_published 2022-06-13T00:00:00Z
source MITRE
title GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool

Microsoft GALLIUM December 2019

MSTIC. (2019, December 12). GALLIUM: Targeting global telecom. Retrieved January 13, 2021.

Internal MISP references

UUID 5bc76b47-ff68-4031-a347-f2dc0daba203 which can be used as unique global reference for Microsoft GALLIUM December 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-13T00:00:00Z
date_published 2019-12-12T00:00:00Z
source MITRE, Tidal Cyber
title GALLIUM: Targeting global telecom

Symantec Gallmaker Oct 2018

Symantec Security Response. (2018, October 10). Gallmaker: New Attack Group Eschews Malware to Live off the Land. Retrieved November 27, 2018.

Internal MISP references

UUID f47b3e2b-acdd-4487-88b9-de5cbe45cf33 which can be used as unique global reference for Symantec Gallmaker Oct 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-27T00:00:00Z
date_published 2018-10-10T00:00:00Z
source MITRE, Tidal Cyber
title Gallmaker: New Attack Group Eschews Malware to Live off the Land

TrendMicro Gamaredon April 2020

Kakara, H., Maruyama, E. (2020, April 17). Gamaredon APT Group Use Covid-19 Lure in Campaigns. Retrieved May 19, 2020.

Internal MISP references

UUID 3800cfc2-0260-4b36-b629-7a336b9f9f10 which can be used as unique global reference for TrendMicro Gamaredon April 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-19T00:00:00Z
date_published 2020-04-17T00:00:00Z
source MITRE
title Gamaredon APT Group Use Covid-19 Lure in Campaigns

ESET Gamaredon June 2020

Boutin, J. (2020, June 11). Gamaredon group grows its game. Retrieved June 16, 2020.

Internal MISP references

UUID 6532664d-2311-4b38-8960-f43762471729 which can be used as unique global reference for ESET Gamaredon June 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-16T00:00:00Z
date_published 2020-06-11T00:00:00Z
source MITRE
title Gamaredon group grows its game

CERT-EE Gamaredon January 2021

CERT-EE. (2021, January 27). Gamaredon Infection: From Dropper to Entry. Retrieved February 17, 2022.

Internal MISP references

UUID fec320ed-29c1-40db-ad2e-701fda428922 which can be used as unique global reference for CERT-EE Gamaredon January 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-17T00:00:00Z
date_published 2021-01-27T00:00:00Z
source MITRE
title Gamaredon Infection: From Dropper to Entry

Kaspersky Winnti June 2015

Tarakanov, D. (2015, June 22). Games are over: Winnti is now targeting pharmaceutical companies. Retrieved January 14, 2016.

Internal MISP references

UUID 86504950-0f4f-42bc-b003-24f60ae97c99 which can be used as unique global reference for Kaspersky Winnti June 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-14T00:00:00Z
date_published 2015-06-22T00:00:00Z
source MITRE
title Games are over: Winnti is now targeting pharmaceutical companies

WeLiveSecurity Gapz and Redyms Mar 2013

Matrosov, A. (2013, March 19). Gapz and Redyms droppers based on Power Loader code. Retrieved December 16, 2017.

Internal MISP references

UUID b8d328b7-2eb3-4851-8d44-2e1bad7710c2 which can be used as unique global reference for WeLiveSecurity Gapz and Redyms Mar 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-16T00:00:00Z
date_published 2013-03-19T00:00:00Z
source MITRE
title Gapz and Redyms droppers based on Power Loader code

theevilbit gatekeeper bypass 2021

Csaba Fitzl. (2021, June 29). GateKeeper - Not a Bypass (Again). Retrieved September 22, 2021.

Internal MISP references

UUID d00f373d-2133-47c3-9b0a-104ecc9a6869 which can be used as unique global reference for theevilbit gatekeeper bypass 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-22T00:00:00Z
date_published 2021-06-29T00:00:00Z
source MITRE
title GateKeeper - Not a Bypass (Again)

Kaspersky Gauss Whitepaper

Kaspersky Lab. (2012, August). Gauss: Abnormal Distribution. Retrieved January 17, 2019.

Internal MISP references

UUID 4bf39390-f3ca-4132-841e-b35abefe7dee which can be used as unique global reference for Kaspersky Gauss Whitepaper in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-01-17T00:00:00Z
date_published 2012-08-01T00:00:00Z
source MITRE
title Gauss: Abnormal Distribution

Kaspersky MoleRATs April 2019

GReAT. (2019, April 10). Gaza Cybergang Group1, operation SneakyPastes. Retrieved May 13, 2020.

Internal MISP references

UUID 38216a34-5ffd-4e79-80b1-7270743b728e which can be used as unique global reference for Kaspersky MoleRATs April 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-13T00:00:00Z
date_published 2019-04-10T00:00:00Z
source MITRE
title Gaza Cybergang Group1, operation SneakyPastes

ESET Gazer Aug 2017

ESET. (2017, August). Gazing at Gazer: Turla’s new second stage backdoor. Retrieved September 14, 2017.

Internal MISP references

UUID 9d1c40af-d4bc-4d4a-b667-a17378942685 which can be used as unique global reference for ESET Gazer Aug 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-09-14T00:00:00Z
date_published 2017-08-01T00:00:00Z
source MITRE
title Gazing at Gazer: Turla’s new second stage backdoor

file_sig_table

Kessler, G. (2022, December 9). GCK'S FILE SIGNATURES TABLE. Retrieved August 23, 2022.

Internal MISP references

UUID 4bc3a8af-d0c1-514d-9edd-dcebb3344db8 which can be used as unique global reference for file_sig_table in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-23T00:00:00Z
date_published 2022-12-09T00:00:00Z
source MITRE
title GCK'S FILE SIGNATURES TABLE

Google Cloud Add Metadata

Google Cloud. (2022, March 31). gcloud compute instances add-metadata. Retrieved April 1, 2022.

Internal MISP references

UUID eba4b850-8784-4da2-b87d-54b5bd0f58d6 which can be used as unique global reference for Google Cloud Add Metadata in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-01T00:00:00Z
date_published 2022-03-31T00:00:00Z
source MITRE
title gcloud compute instances add-metadata

Google Compute Instances

Google. (n.d.). gcloud compute instances list. Retrieved May 26, 2020.

Internal MISP references

UUID ae09e791-a00c-487b-b0e5-7768df0679a3 which can be used as unique global reference for Google Compute Instances in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-26T00:00:00Z
source MITRE
title gcloud compute instances list

GCP SSH Key Add

Google. (n.d.). gcloud compute os-login ssh-keys add. Retrieved October 1, 2020.

Internal MISP references

UUID 372b6cfd-abdc-41b7-be78-4b1dc0426044 which can be used as unique global reference for GCP SSH Key Add in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-01T00:00:00Z
source MITRE
title gcloud compute os-login ssh-keys add

Google Cloud - IAM Servie Accounts List API

Google. (2020, June 23). gcloud iam service-accounts list. Retrieved August 4, 2020.

Internal MISP references

UUID 3ffad706-1dac-41dd-b197-06f22fec3b30 which can be used as unique global reference for Google Cloud - IAM Servie Accounts List API in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-04T00:00:00Z
date_published 2020-06-23T00:00:00Z
source MITRE
title gcloud iam service-accounts list

ESET Gelsemium June 2021

Dupuy, T. and Faou, M. (2021, June). Gelsemium. Retrieved November 30, 2021.

Internal MISP references

UUID ea28cf8c-8c92-48cb-b499-ffb7ff0e3cf5 which can be used as unique global reference for ESET Gelsemium June 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-11-30T00:00:00Z
date_published 2021-06-01T00:00:00Z
source MITRE
title Gelsemium

TechNet Scheduled Task Events

Microsoft. (n.d.). General Task Registration. Retrieved December 12, 2017.

Internal MISP references

UUID 344703ac-f67c-465b-8c56-c9617675a00b which can be used as unique global reference for TechNet Scheduled Task Events in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-12T00:00:00Z
source MITRE
title General Task Registration

Ebowla: Genetic Malware

Morrow, T., Pitts, J. (2016, October 28). Genetic Malware: Designing Payloads for Specific Targets. Retrieved January 18, 2019.

Internal MISP references

UUID 8c65dbc1-33ad-470c-b172-7497c6fd2480 which can be used as unique global reference for Ebowla: Genetic Malware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-01-18T00:00:00Z
date_published 2016-10-28T00:00:00Z
source MITRE
title Genetic Malware: Designing Payloads for Specific Targets

Proofpoint NETWIRE December 2020

Proofpoint. (2020, December 2). Geofenced NetWire Campaigns. Retrieved January 7, 2021.

Internal MISP references

UUID 5a974fc5-31bb-44b5-9834-ef98175402ec which can be used as unique global reference for Proofpoint NETWIRE December 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-07T00:00:00Z
date_published 2020-12-02T00:00:00Z
source MITRE
title Geofenced NetWire Campaigns

Hartrell cd00r 2002

Hartrell, Greg. (2002, August). Get a handle on cd00r: The invisible backdoor. Retrieved October 13, 2018.

Internal MISP references

UUID 739e6517-10f5-484d-8000-8818d63e7341 which can be used as unique global reference for Hartrell cd00r 2002 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-10-13T00:00:00Z
date_published 2002-08-01T00:00:00Z
source MITRE
title Get a handle on cd00r: The invisible backdoor

Kubectl Exec Get Shell

The Kubernetes Authors. (n.d.). Get a Shell to a Running Container. Retrieved March 29, 2021.

Internal MISP references

UUID ffb9c0ca-533f-4911-8c0c-a2653410a76d which can be used as unique global reference for Kubectl Exec Get Shell in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-29T00:00:00Z
source MITRE
title Get a Shell to a Running Container

Microsoft getglobaladdresslist

Microsoft. (n.d.). Get-GlobalAddressList. Retrieved October 6, 2019.

Internal MISP references

UUID a4948a80-d11c-44ed-ae63-e3f5660463f9 which can be used as unique global reference for Microsoft getglobaladdresslist in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-06T00:00:00Z
source MITRE
title Get-GlobalAddressList

Jay GetHooks Sept 2011

Satiro, J. (2011, September 14). GetHooks. Retrieved December 12, 2017.

Internal MISP references

UUID 228ac239-3a97-446f-8e1c-d5c0f580710c which can be used as unique global reference for Jay GetHooks Sept 2011 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-12T00:00:00Z
date_published 2011-09-14T00:00:00Z
source MITRE
title GetHooks

Microsoft Get-InboxRule

Microsoft. (n.d.). Get-InboxRule. Retrieved June 10, 2021.

Internal MISP references

UUID c6a1b00c-22d4-407a-a515-fbce5c197606 which can be used as unique global reference for Microsoft Get-InboxRule in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-10T00:00:00Z
source MITRE
title Get-InboxRule

Microsoft Msolrole

Microsoft. (n.d.). Get-MsolRole. Retrieved October 6, 2019.

Internal MISP references

UUID e36f4e3a-61c9-4fdc-98de-d51a2b3b4865 which can be used as unique global reference for Microsoft Msolrole in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-06T00:00:00Z
source MITRE
title Get-MsolRole

Microsoft msolrolemember

Microsoft. (n.d.). Get-MsolRoleMember. Retrieved October 6, 2019.

Internal MISP references

UUID ca28494c-d834-4afc-9237-ab78dcfc427b which can be used as unique global reference for Microsoft msolrolemember in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-06T00:00:00Z
source MITRE
title Get-MsolRoleMember

JumpCloud Conditional Access Policies

JumpCloud. (n.d.). Get Started: Conditional Access Policies. Retrieved January 2, 2024.

Internal MISP references

UUID 585b4ed7-1f1b-5e7f-bf2b-3732e07309af which can be used as unique global reference for JumpCloud Conditional Access Policies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-02T00:00:00Z
source MITRE
title Get Started: Conditional Access Policies

rowland linux at 2019

Craig Rowland. (2019, July 25). Getting an Attacker IP Address from a Malicious Linux At Job. Retrieved October 15, 2021.

Internal MISP references

UUID 85056eba-c587-4619-b5e4-dff9680be7b3 which can be used as unique global reference for rowland linux at 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-15T00:00:00Z
date_published 2019-07-25T00:00:00Z
source MITRE
title Getting an Attacker IP Address from a Malicious Linux At Job

Elastic GuLoader December 5 2023

Daniel Stepanic. (2023, December 5). Getting gooey with GULOADER: deobfuscating the downloader. Retrieved February 27, 2024.

Internal MISP references

UUID 291fb8ac-a3d6-48a0-9c78-09e358634012 which can be used as unique global reference for Elastic GuLoader December 5 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-27T00:00:00Z
date_published 2023-12-05T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Getting gooey with GULOADER: deobfuscating the downloader

BlackHatRobinSage

Ryan, T. (2010). “Getting In Bed with Robin Sage.”. Retrieved March 6, 2017.

Internal MISP references

UUID 82068e93-a3f8-4d05-9358-6fe76a0055bb which can be used as unique global reference for BlackHatRobinSage in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-06T00:00:00Z
date_published 2010-01-01T00:00:00Z
source MITRE
title “Getting In Bed with Robin Sage.”

AADInternals Root Access to Azure VMs

Dr. Nestori Syynimaa. (2020, June 4). Getting root access to Azure VMs as a Azure AD Global Administrator. Retrieved March 13, 2023.

Internal MISP references

UUID 7080ae79-bec4-5886-9a43-6039d0cfd32f which can be used as unique global reference for AADInternals Root Access to Azure VMs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-13T00:00:00Z
date_published 2020-06-04T00:00:00Z
source MITRE
title Getting root access to Azure VMs as a Azure AD Global Administrator

Wardle Dylib Hijack Vulnerable Apps

Patrick Wardle. (2019, July 2). Getting Root with Benign AppStore Apps. Retrieved March 31, 2021.

Internal MISP references

UUID 128b4e3f-bb58-45e0-b8d9-bff9fc3ec3df which can be used as unique global reference for Wardle Dylib Hijack Vulnerable Apps in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-31T00:00:00Z
date_published 2019-07-02T00:00:00Z
source MITRE
title Getting Root with Benign AppStore Apps

2 - appv

Microsoft. (2022, November 3). Getting started with App-V for Windows client. Retrieved February 6, 2024.

Internal MISP references

UUID 8305a718-e79f-5bf7-8af3-b117cf106c81 which can be used as unique global reference for 2 - appv in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-06T00:00:00Z
date_published 2022-11-03T00:00:00Z
source MITRE
title Getting started with App-V for Windows client

MSDN VBA in Office

Austin, J. (2017, June 6). Getting Started with VBA in Office. Retrieved July 3, 2017.

Internal MISP references

UUID 9c44416d-1f3d-4d99-b497-4615ed6f5546 which can be used as unique global reference for MSDN VBA in Office in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-03T00:00:00Z
date_published 2017-06-06T00:00:00Z
source MITRE
title Getting Started with VBA in Office

Windows Getting Started Drivers

Viviano, A. (2021, August 17). Getting started with Windows drivers: User mode and kernel mode. Retrieved September 24, 2021.

Internal MISP references

UUID 1b93e7ba-6afa-45ff-a9e2-3586cdae822c which can be used as unique global reference for Windows Getting Started Drivers in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-24T00:00:00Z
date_published 2021-08-17T00:00:00Z
source MITRE
title Getting started with Windows drivers: User mode and kernel mode

Bloxham

Bloxham, B. (n.d.). Getting Windows to Play with Itself [PowerPoint slides]. Retrieved November 12, 2014.

Internal MISP references

UUID b212d16f-5347-49ab-8339-432b4fd1ef50 which can be used as unique global reference for Bloxham in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
source MITRE
title Getting Windows to Play with Itself [PowerPoint slides]

Microsoft GetWindowLong function

Microsoft. (n.d.). GetWindowLong function. Retrieved December 16, 2017.

Internal MISP references

UUID 4366217a-2325-4056-ab68-f5f4d2a0703c which can be used as unique global reference for Microsoft GetWindowLong function in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-16T00:00:00Z
source MITRE
title GetWindowLong function

Microsoft GFlags Mar 2017

Microsoft. (2017, May 23). GFlags Overview. Retrieved December 18, 2017.

Internal MISP references

UUID 9c11c382-b420-4cf9-9db2-eaa7b60aee2d which can be used as unique global reference for Microsoft GFlags Mar 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-18T00:00:00Z
date_published 2017-05-23T00:00:00Z
source MITRE
title GFlags Overview

GfxDownloadWrapper.exe - LOLBAS Project

LOLBAS. (2019, December 27). GfxDownloadWrapper.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 5d97b7d7-428e-4408-a4d3-00f52cf4bf15 which can be used as unique global reference for GfxDownloadWrapper.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2019-12-27T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GfxDownloadWrapper.exe

GhostToken GCP flaw

Sergiu Gatlan. (2023, April 21). GhostToken GCP flaw let attackers backdoor Google accounts. Retrieved September 18, 2023.

Internal MISP references

UUID 3f87bd65-4194-5be6-93a1-acde6eaef547 which can be used as unique global reference for GhostToken GCP flaw in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-18T00:00:00Z
date_published 2023-04-21T00:00:00Z
source MITRE
title GhostToken GCP flaw let attackers backdoor Google accounts

GitHub ADRecon

adrecon. (n.d.). GitHub ADRecon. Retrieved March 5, 2024.

Internal MISP references

UUID 8ef4bcee-673d-4bab-8e18-947f45c6fc77 which can be used as unique global reference for GitHub ADRecon in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-05T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GitHub ADRecon

GitHub BeichenDream BadPotato

BeichenDream. (n.d.). GitHub BeichenDream BadPotato. Retrieved August 28, 2023.

Internal MISP references

UUID e7f1d932-4bcd-4a78-b975-f4ebbce8c05e which can be used as unique global reference for GitHub BeichenDream BadPotato in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-28T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GitHub BeichenDream BadPotato

GitHub Chisel

jpillora. (n.d.). GitHub Chisel. Retrieved October 20, 2023.

Internal MISP references

UUID 4a60fb46-06b7-44ea-a9f6-8d6fa81e9363 which can be used as unique global reference for GitHub Chisel in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GitHub Chisel

Github evilginx2

Gretzky, Kuba. (2019, April 10). Retrieved October 8, 2019.

Internal MISP references

UUID 322e5d90-5095-47ea-b0e2-e7e5fb45fcca which can be used as unique global reference for Github evilginx2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-08T00:00:00Z
source MITRE
title Github evilginx2

GitHub evilginx2 - Duplicate

kgretzky. (n.d.). GitHub evilginx2. Retrieved December 14, 2023.

Internal MISP references

UUID eea178f4-80bd-49d1-84b1-f80671e9a3e4 which can be used as unique global reference for GitHub evilginx2 - Duplicate in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-14T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GitHub evilginx2

GitHub Malleable C2

Mudge, R. (2014, July 14). Github Malleable-C2-Profiles safebrowsing.profile. Retrieved June 18, 2017.

Internal MISP references

UUID 0a609b90-dbaf-47bc-a642-1d180ca56498 which can be used as unique global reference for GitHub Malleable C2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-06-18T00:00:00Z
date_published 2014-07-14T00:00:00Z
source MITRE
title Github Malleable-C2-Profiles safebrowsing.profile

GitHub masscan

robertdavidgraham. (n.d.). GitHub masscan. Retrieved March 13, 2024.

Internal MISP references

UUID 7ae0b5c6-c9e5-4922-9e98-6483c81a8b42 which can be used as unique global reference for GitHub masscan in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-13T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GitHub masscan

GitHub meganz MEGAsync

GitHub. (n.d.). GitHub - meganz/MEGAsync: Easy automated syncing between your computers and your MEGA Cloud Drive. Retrieved June 22, 2023.

Internal MISP references

UUID 6e59c47d-597c-4687-942f-9f1cf1db75d5 which can be used as unique global reference for GitHub meganz MEGAsync in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-22T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GitHub - meganz/MEGAsync: Easy automated syncing between your computers and your MEGA Cloud Drive

GitHub - NYAN-x-CAT/AsyncRAT-C-Sharp: Open-Source Remote Administration Tool For Windows C

GitHub. (n.d.). GitHub - NYAN-x-CAT/AsyncRAT-C-Sharp: Open-Source Remote Administration Tool For Windows C#. Retrieved May 7, 2023.

Internal MISP references

UUID 6747f2cf-61bd-4d26-9bc1-10ce7a8e3e39 which can be used as unique global reference for GitHub - NYAN-x-CAT/AsyncRAT-C-Sharp: Open-Source Remote Administration Tool For Windows C# in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GitHub - NYAN-x-CAT/AsyncRAT-C-Sharp: Open-Source Remote Administration Tool For Windows C#

GitHub ohpe Juicy Potato

ohpe. (n.d.). GitHub ohpe Juicy Potato. Retrieved August 28, 2023.

Internal MISP references

UUID 16d0dd05-763a-4503-aa88-c8867d8f202d which can be used as unique global reference for GitHub ohpe Juicy Potato in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-28T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GitHub ohpe Juicy Potato

code_persistence_zsh

Leo Pitt. (2020, November 11). Github - PersistentJXA/BashProfilePersist.js. Retrieved January 11, 2021.

Internal MISP references

UUID b76d3ed0-e484-4ed1-aa6b-892a6f34e478 which can be used as unique global reference for code_persistence_zsh in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-11T00:00:00Z
date_published 2020-11-11T00:00:00Z
source MITRE
title Github - PersistentJXA/BashProfilePersist.js

Github PowerShell Empire

Schroeder, W., Warner, J., Nelson, M. (n.d.). Github PowerShellEmpire. Retrieved April 28, 2016.

Internal MISP references

UUID 017ec673-454c-492a-a65b-10d3a20dfdab which can be used as unique global reference for Github PowerShell Empire in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-28T00:00:00Z
source MITRE
title Github PowerShellEmpire

GitHub Pupy

Nicolas Verdier. (n.d.). Retrieved January 29, 2018.

Internal MISP references

UUID 69d5cb59-6545-4405-8ca6-733db99d3ee9 which can be used as unique global reference for GitHub Pupy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-29T00:00:00Z
source MITRE
title GitHub Pupy

GitHub purple-team-attack-automation - Available Modules

praetorian-inc. (n.d.). GitHub purple-team-attack-automation - Available Modules. Retrieved September 8, 2023.

Internal MISP references

UUID 9bca14cc-1302-49b3-b905-cdf48dedc32b which can be used as unique global reference for GitHub purple-team-attack-automation - Available Modules in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-08T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GitHub purple-team-attack-automation - Available Modules

GitHub random_c2_profile

threatexpress. (n.d.). GitHub random_c2_profile. Retrieved September 21, 2023.

Internal MISP references

UUID dcb30328-6aa4-461b-8333-451d6af4b384 which can be used as unique global reference for GitHub random_c2_profile in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-21T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GitHub random_c2_profile

GitHub ransomware_map

cert-orangecyberdefense. (n.d.). GitHub ransomware_map. Retrieved March 13, 2024.

Internal MISP references

UUID d995f4b2-3262-4c37-855a-61aef7d7b8a8 which can be used as unique global reference for GitHub ransomware_map in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-13T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GitHub ransomware_map

GitHub rsockstun

llkat. (n.d.). GitHub rsockstun. Retrieved December 14, 2023.

Internal MISP references

UUID 1644457f-75d6-4064-a11b-9217249fa5e6 which can be used as unique global reference for GitHub rsockstun in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-14T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GitHub rsockstun

GitHub secretsdump

fortra. (n.d.). GitHub secretsdump. Retrieved November 16, 2023.

Internal MISP references

UUID c29a90a7-016f-49b7-a970-334290964f19 which can be used as unique global reference for GitHub secretsdump in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GitHub secretsdump

GitHub SharpChromium

djhohnstein. (n.d.). GitHub SharpChromium. Retrieved December 14, 2023.

Internal MISP references

UUID ca1956a5-72f2-43ad-a17f-a52ca97bd84e which can be used as unique global reference for GitHub SharpChromium in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-14T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GitHub SharpChromium

GitHub SharpHound

BloodHoundAD. (n.d.). GitHub SharpHound. Retrieved March 7, 2024.

Internal MISP references

UUID e1c405b4-b591-4469-848c-7a7dd69151c0 which can be used as unique global reference for GitHub SharpHound in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GitHub SharpHound

GitHub SharpRoast

GhostPack. (n.d.). GitHub SharpRoast. Retrieved September 22, 2023.

Internal MISP references

UUID 43a2e05d-4662-4a5c-9c99-3165f0d71169 which can be used as unique global reference for GitHub SharpRoast in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-22T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GitHub SharpRoast

GitHub SILENTTRINITY March 2022

Salvati, M (2019, August 6). SILENTTRINITY. Retrieved March 23, 2022.

Internal MISP references

UUID cff66280-c592-4e3c-a56c-32a9620cf95c which can be used as unique global reference for GitHub SILENTTRINITY March 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-23T00:00:00Z
source MITRE
title GitHub SILENTTRINITY March 2022

GitHub SoftEtherVPN SoftEtherVPN_Stable

SoftEtherVPN. (n.d.). GitHub SoftEtherVPN SoftEtherVPN_Stable. Retrieved August 28, 2023.

Internal MISP references

UUID f9d28db2-499f-407c-94d2-652b9ed5f928 which can be used as unique global reference for GitHub SoftEtherVPN SoftEtherVPN_Stable in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-28T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GitHub SoftEtherVPN SoftEtherVPN_Stable

GitHub Terminator

ZeroMemoryEx. (n.d.). GitHub Terminator. Retrieved March 13, 2024.

Internal MISP references

UUID c2556bcf-9cc9-4f46-8a0f-8f8d801dfdbf which can be used as unique global reference for GitHub Terminator in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-13T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GitHub Terminator

GitHub xmrig-proxy

xmrig. (n.d.). GitHub xmrig-proxy. Retrieved October 25, 2023.

Internal MISP references

UUID bd2a5de0-f55f-4eeb-a11f-8ec1e9f2ae2b which can be used as unique global reference for GitHub xmrig-proxy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GitHub xmrig-proxy

GitHub Gitrob

Michael Henriksen. (2018, June 9). Gitrob: Putting the Open Source in OSINT. Retrieved October 19, 2020.

Internal MISP references

UUID 1dee0842-15cc-4835-b8a8-938e0c94807b which can be used as unique global reference for GitHub Gitrob in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
date_published 2018-06-09T00:00:00Z
source MITRE
title Gitrob: Putting the Open Source in OSINT

FireEye DNS Hijack 2019

Hirani, M., Jones, S., Read, B. (2019, January 10). Global DNS Hijacking Campaign: DNS Record Manipulation at Scale. Retrieved October 9, 2020.

Internal MISP references

UUID 2c696e90-11eb-4196-9946-b5c4c11ccddc which can be used as unique global reference for FireEye DNS Hijack 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-09T00:00:00Z
date_published 2019-01-10T00:00:00Z
source MITRE
title Global DNS Hijacking Campaign: DNS Record Manipulation at Scale

McAfee Night Dragon

McAfee® Foundstone® Professional Services and McAfee Labs™. (2011, February 10). Global Energy Cyberattacks: “Night Dragon”. Retrieved February 19, 2018.

Internal MISP references

UUID 242d2933-ca2b-4511-803a-454727a3acc5 which can be used as unique global reference for McAfee Night Dragon in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-19T00:00:00Z
date_published 2011-02-10T00:00:00Z
source MITRE
title Global Energy Cyberattacks: “Night Dragon”

GMER Rootkits

GMER. (n.d.). GMER. Retrieved December 12, 2017.

Internal MISP references

UUID f43e9881-4919-4ccc-b2ed-929d7838b2b4 which can be used as unique global reference for GMER Rootkits in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-12T00:00:00Z
source MITRE
title GMER

Gnome Remote Desktop grd-settings

Pascal Nowack. (n.d.). Retrieved September 21, 2021.

Internal MISP references

UUID 8f494ff3-b02b-470b-a57d-d2275989f541 which can be used as unique global reference for Gnome Remote Desktop grd-settings in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-21T00:00:00Z
source MITRE
title Gnome Remote Desktop grd-settings

Gnome Remote Desktop gschema

Pascal Nowack. (n.d.). Retrieved September 21, 2021.

Internal MISP references

UUID c7c749d5-b1b0-4a0f-8d14-eef47cfa1279 which can be used as unique global reference for Gnome Remote Desktop gschema in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-21T00:00:00Z
source MITRE
title Gnome Remote Desktop gschema

MITRE Trustworthy Firmware Measurement

Upham, K. (2014, March). Going Deep into the BIOS with MITRE Firmware Security Research. Retrieved January 5, 2016.

Internal MISP references

UUID 25f52172-293e-4b23-9239-201a0ddbcdf1 which can be used as unique global reference for MITRE Trustworthy Firmware Measurement in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-05T00:00:00Z
date_published 2014-03-01T00:00:00Z
source MITRE
title Going Deep into the BIOS with MITRE Firmware Security Research

Secureworks Gold Blackburn Mar 2022

Secureworks Counter Threat Unit. (2022, March 1). Gold Blackburn Threat Profile. Retrieved June 15, 2023.

Internal MISP references

UUID b6b27fa9-488c-5b6d-8e12-fe8371846cd3 which can be used as unique global reference for Secureworks Gold Blackburn Mar 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-15T00:00:00Z
date_published 2022-03-01T00:00:00Z
source MITRE
title Gold Blackburn Threat Profile

Secureworks GOLD CABIN

Secureworks. (n.d.). GOLD CABIN Threat Profile. Retrieved March 17, 2021.

Internal MISP references

UUID 778babec-e7d3-4341-9e33-aab361f2b98a which can be used as unique global reference for Secureworks GOLD CABIN in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-17T00:00:00Z
source MITRE, Tidal Cyber
title GOLD CABIN Threat Profile

McAfee Gold Dragon

Sherstobitoff, R., Saavedra-Morales, J. (2018, February 02). Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims’ Systems. Retrieved June 6, 2018.

Internal MISP references

UUID 4bdfa92b-cbbd-43e6-aa3e-422561ff8d7a which can be used as unique global reference for McAfee Gold Dragon in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-06-06T00:00:00Z
date_published 2018-02-02T00:00:00Z
source MITRE
title Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims’ Systems

Cyberark Golden SAML

Reiner, S. (2017, November 21). Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps. Retrieved December 17, 2020.

Internal MISP references

UUID 58083370-8126-47d3-827c-1910ed3f4b2a which can be used as unique global reference for Cyberark Golden SAML in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-17T00:00:00Z
date_published 2017-11-21T00:00:00Z
source MITRE
title Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps

Trustwave GoldenSpy2 June 2020

Trustwave SpiderLabs. (2020, June 26). GoldenSpy: Chapter Two – The Uninstaller. Retrieved July 23, 2020.

Internal MISP references

UUID 5031e82e-66e8-4ae0-be47-53daa87ddf94 which can be used as unique global reference for Trustwave GoldenSpy2 June 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-23T00:00:00Z
date_published 2020-06-26T00:00:00Z
source MITRE
title GoldenSpy: Chapter Two – The Uninstaller

Secureworks GOLD KINGSWOOD Threat Profile

Secureworks. (n.d.). GOLD KINGSWOOD. Retrieved October 18, 2021.

Internal MISP references

UUID 36035bbb-1609-4461-be27-ef4a920b814c which can be used as unique global reference for Secureworks GOLD KINGSWOOD Threat Profile in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-18T00:00:00Z
source MITRE
title GOLD KINGSWOOD

MSTIC NOBELIUM Mar 2021

Nafisi, R., Lelli, A. (2021, March 4). GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence. Retrieved March 8, 2021.

Internal MISP references

UUID 8688a0a9-d644-4b96-81bb-031f1f898652 which can be used as unique global reference for MSTIC NOBELIUM Mar 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-08T00:00:00Z
date_published 2021-03-04T00:00:00Z
source MITRE
title GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence

Secureworks GOLD NIAGARA Threat Profile

CTU. (n.d.). GOLD NIAGARA. Retrieved September 21, 2021.

Internal MISP references

UUID b11276cb-f6dd-4e91-90cd-9c287fb3e6b1 which can be used as unique global reference for Secureworks GOLD NIAGARA Threat Profile in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-21T00:00:00Z
source MITRE
title GOLD NIAGARA

Secureworks Gold Prelude Profile

Secureworks. (n.d.). GOLD PRELUDE . Retrieved March 22, 2024.

Internal MISP references

UUID b16ae37d-5244-5c1e-92a9-e494b5a9ef49 which can be used as unique global reference for Secureworks Gold Prelude Profile in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-22T00:00:00Z
source MITRE
title GOLD PRELUDE

Secureworks GOLD SAHARA

Secureworks. (n.d.). GOLD SAHARA. Retrieved February 20, 2024.

Internal MISP references

UUID 3abb7995-4a62-56a6-9492-942965edf0a0 which can be used as unique global reference for Secureworks GOLD SAHARA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-20T00:00:00Z
source MITRE
title GOLD SAHARA

Secureworks GOLD SOUTHFIELD

Secureworks. (n.d.). GOLD SOUTHFIELD. Retrieved October 6, 2020.

Internal MISP references

UUID 01d1ffaa-16b3-41c4-bb5a-afe2b41f1142 which can be used as unique global reference for Secureworks GOLD SOUTHFIELD in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-06T00:00:00Z
source MITRE
title GOLD SOUTHFIELD

Google Chrome Remote Desktop

Google. (n.d.). Retrieved March 14, 2024.

Internal MISP references

UUID 70c87a07-38eb-53d2-8b63-013eb3ce62c8 which can be used as unique global reference for Google Chrome Remote Desktop in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-14T00:00:00Z
source MITRE
title Google Chrome Remote Desktop

Google Cloud Identity API Documentation

Google. (n.d.). Retrieved March 16, 2021.

Internal MISP references

UUID 67f2719e-74fd-4bc1-9eeb-07d3095a5191 which can be used as unique global reference for Google Cloud Identity API Documentation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-16T00:00:00Z
source MITRE
title Google Cloud Identity API Documentation

GCPBucketBrute

Spencer Gietzen. (2019, February 26). Google Cloud Platform (GCP) Bucket Enumeration and Privilege Escalation. Retrieved March 4, 2022.

Internal MISP references

UUID d956e1f6-37ca-4352-b275-84c174888b88 which can be used as unique global reference for GCPBucketBrute in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-04T00:00:00Z
date_published 2019-02-26T00:00:00Z
source MITRE
title Google Cloud Platform (GCP) Bucket Enumeration and Privilege Escalation

ExploitDB GoogleHacking

Offensive Security. (n.d.). Google Hacking Database. Retrieved October 23, 2020.

Internal MISP references

UUID 29714b88-a1ff-4684-a3b0-35c3a2c78947 which can be used as unique global reference for ExploitDB GoogleHacking in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-23T00:00:00Z
source MITRE
title Google Hacking Database

Freejacked

Clark, Michael. (2023, August 14). Google’s Vertex AI Platform Gets Freejacked. Retrieved February 28, 2024.

Internal MISP references

UUID c7007fa4-bc07-59aa-820e-ffeea1486ed6 which can be used as unique global reference for Freejacked in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-28T00:00:00Z
date_published 2023-08-14T00:00:00Z
source MITRE
title Google’s Vertex AI Platform Gets Freejacked

Google Workspace Global Access List

Google. (n.d.). Retrieved March 16, 2021.

Internal MISP references

UUID 5104f0ea-1fb6-4260-a9b6-95922b3a8e5b which can be used as unique global reference for Google Workspace Global Access List in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-16T00:00:00Z
source MITRE
title Google Workspace Global Access List

Trend Micro January 09 2023

Trend Micro. (2023, January 9). Gootkit Loader Actively Targets Australian Healthcare Industry. Retrieved May 7, 2023.

Internal MISP references

UUID 903861d2-cd45-4bda-bc70-2a44c6d49aa6 which can be used as unique global reference for Trend Micro January 09 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2023-01-09T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Gootkit Loader Actively Targets Australian Healthcare Industry

Sophos Gootloader

Szappanos, G. & Brandt, A. (2021, March 1). “Gootloader” expands its payload delivery options. Retrieved September 30, 2022.

Internal MISP references

UUID 63357292-0f08-4405-a45a-34b606ab7110 which can be used as unique global reference for Sophos Gootloader in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-30T00:00:00Z
date_published 2021-03-01T00:00:00Z
source MITRE
title “Gootloader” expands its payload delivery options

SentinelLabs Gootloader June 2021

Antonio Pirozzi. (2021, June 16). Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets. Retrieved May 7, 2023.

Internal MISP references

UUID 1ab5b9c2-4e91-420f-9a27-661588d0bd71 which can be used as unique global reference for SentinelLabs Gootloader June 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2021-06-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets

Cybereason Gootloader February 2023

Loïc Castel, Jakes Jansen, Nitin Grover. (2023, February 14). GootLoader - SEO Poisoning and Large Payloads Leading to Compromise. Retrieved May 18, 2023.

Internal MISP references

UUID 098bf58f-3868-4892-bb4d-c78ce8817a02 which can be used as unique global reference for Cybereason Gootloader February 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-18T00:00:00Z
date_published 2023-02-14T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GootLoader - SEO Poisoning and Large Payloads Leading to Compromise

SentinelOne 1 16 2023

Jim Walter. (2023, January 16). Gotta Catch 'Em All . Retrieved January 1, 2024.

Internal MISP references

UUID 1482155f-e70d-434c-ade0-23543a4124fe which can be used as unique global reference for SentinelOne 1 16 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-01T00:00:00Z
date_published 2023-01-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Gotta Catch 'Em All

Unit 42 CARROTBAT January 2020

McCabe, A. (2020, January 23). The Fractured Statue Campaign: U.S. Government Agency Targeted in Spear-Phishing Attacks. Retrieved June 2, 2020.

Internal MISP references

UUID b65442ca-18ca-42e0-8be0-7c2b66c26d02 which can be used as unique global reference for Unit 42 CARROTBAT January 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-02T00:00:00Z
source MITRE
title Government Agency Targeted in Spear-Phishing Attacks

Secureworks BRONZE SILHOUETTE May 2023

Counter Threat Unit Research Team. (2023, May 24). Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations. Retrieved July 27, 2023.

Internal MISP references

UUID 77624549-e170-5894-9219-a15b4aa31726 which can be used as unique global reference for Secureworks BRONZE SILHOUETTE May 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-27T00:00:00Z
source MITRE
title Government and Defense Organizations

FireEye HAWKBALL Jun 2019

Patil, S. and Williams, M.. (2019, June 5). Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities. Retrieved June 20, 2019.

Internal MISP references

UUID c88150b1-8c0a-4fc5-b5b7-11e242af1c43 which can be used as unique global reference for FireEye HAWKBALL Jun 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-20T00:00:00Z
date_published 2019-06-05T00:00:00Z
source MITRE
title Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities

CISA AA20-296A Berserk Bear December 2020

CISA. (2020, December 1). Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets. Retrieved December 9, 2021.

Internal MISP references

UUID c7bc4b25-2043-4f43-8320-590f82d0e09a which can be used as unique global reference for CISA AA20-296A Berserk Bear December 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-09T00:00:00Z
source MITRE, Tidal Cyber
title Government Targets

Obscuresecurity Get-GPPPassword

Campbell, C. (2012, May 24). GPP Password Retrieval with PowerShell. Retrieved April 11, 2018.

Internal MISP references

UUID 54351cf9-8d2a-47fb-92d5-fe64b628ab06 which can be used as unique global reference for Obscuresecurity Get-GPPPassword in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-11T00:00:00Z
date_published 2012-05-24T00:00:00Z
source MITRE
title GPP Password Retrieval with PowerShell

Microsoft gpresult

Microsoft. (2017, October 16). gpresult. Retrieved August 6, 2021.

Internal MISP references

UUID 88af38e8-e437-4153-80af-a1be8c6a8629 which can be used as unique global reference for Microsoft gpresult in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-06T00:00:00Z
date_published 2017-10-16T00:00:00Z
source MITRE
title gpresult

Gpscript.exe - LOLBAS Project

LOLBAS. (2018, May 25). Gpscript.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 619f57d9-d93b-4e9b-aae0-6ce89d91deb6 which can be used as unique global reference for Gpscript.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Gpscript.exe

ESET Grandoreiro April 2020

ESET. (2020, April 28). Grandoreiro: How engorged can an EXE get?. Retrieved November 13, 2020.

Internal MISP references

UUID d6270492-986b-4fb6-bdbc-2e364947847c which can be used as unique global reference for ESET Grandoreiro April 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-13T00:00:00Z
date_published 2020-04-28T00:00:00Z
source MITRE
title Grandoreiro: How engorged can an EXE get?

IBM Grandoreiro April 2020

Abramov, D. (2020, April 13). Grandoreiro Malware Now Targeting Banks in Spain. Retrieved November 12, 2020.

Internal MISP references

UUID a2d4bca5-d57d-4a77-95c6-409f90115e2f which can be used as unique global reference for IBM Grandoreiro April 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-12T00:00:00Z
date_published 2020-04-13T00:00:00Z
source MITRE
title Grandoreiro Malware Now Targeting Banks in Spain

AWS PassRole

AWS. (n.d.). Granting a user permissions to pass a role to an AWS service. Retrieved July 10, 2023.

Internal MISP references

UUID 01e0c198-dd59-5dd1-b632-73cb316eafe0 which can be used as unique global reference for AWS PassRole in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-10T00:00:00Z
source MITRE
title Granting a user permissions to pass a role to an AWS service

Microsoft Azure Storage Shared Access Signature

Microsoft. (2023, June 7). Grant limited access to Azure Storage resources using shared access signatures (SAS). Retrieved March 4, 2024.

Internal MISP references

UUID 9031357f-04ac-5c07-a59d-97b9e32edf79 which can be used as unique global reference for Microsoft Azure Storage Shared Access Signature in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-04T00:00:00Z
date_published 2023-06-07T00:00:00Z
source MITRE
title Grant limited access to Azure Storage resources using shared access signatures (SAS)

CopyFromScreen .NET

Microsoft. (n.d.). Graphics.CopyFromScreen Method. Retrieved March 24, 2020.

Internal MISP references

UUID b9733af4-ffb4-416e-884e-d51649aecbce which can be used as unique global reference for CopyFromScreen .NET in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-24T00:00:00Z
source MITRE
title Graphics.CopyFromScreen Method

Talos GravityRAT

Mercer, W., Rascagneres, P. (2018, April 26). GravityRAT - The Two-Year Evolution Of An APT Targeting India. Retrieved May 16, 2018.

Internal MISP references

UUID 2d7a1d72-cc9a-4b0b-a89a-e24ca836879b which can be used as unique global reference for Talos GravityRAT in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-16T00:00:00Z
date_published 2018-04-26T00:00:00Z
source MITRE
title GravityRAT - The Two-Year Evolution Of An APT Targeting India

FireEye PowerShell Logging

Dunwoody, M. (2016, February 11). Greater Visibility Through PowerShell Logging. Retrieved September 28, 2021.

Internal MISP references

UUID 02ee8297-60e8-42bf-8791-2461ebc29207 which can be used as unique global reference for FireEye PowerShell Logging in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-28T00:00:00Z
date_published 2016-02-11T00:00:00Z
source MITRE
title Greater Visibility Through PowerShell Logging

FireEye PowerShell Logging 2016

Dunwoody, M. (2016, February 11). GREATER VISIBILITY THROUGH POWERSHELL LOGGING. Retrieved February 16, 2016.

Internal MISP references

UUID eb1e9dc7-b935-42ae-bbde-d2fdda5953db which can be used as unique global reference for FireEye PowerShell Logging 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-02-16T00:00:00Z
date_published 2016-02-11T00:00:00Z
source MITRE
title GREATER VISIBILITY THROUGH POWERSHELL LOGGING

Glitch-Cat Green Lambert ATTCK Oct 2021

Sandvik, Runa. (2021, October 18). Green Lambert and ATT&CK. Retrieved March 21, 2022.

Internal MISP references

UUID f22d033c-4474-4bd7-b194-c7a4d9819a2b which can be used as unique global reference for Glitch-Cat Green Lambert ATTCK Oct 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-21T00:00:00Z
date_published 2021-10-18T00:00:00Z
source MITRE
title Green Lambert and ATT&CK

GreenMwizi - Kenyan scamming campaign using Twitter bots

blog.bushidotoken.net. (n.d.). GreenMwizi - Kenyan scamming campaign using Twitter bots. Retrieved May 7, 2023.

Internal MISP references

UUID 3b09696a-1345-4283-a59b-e9a13124ef59 which can be used as unique global reference for GreenMwizi - Kenyan scamming campaign using Twitter bots in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title GreenMwizi - Kenyan scamming campaign using Twitter bots

ESET GreyEnergy Oct 2018

Cherepanov, A. (2018, October). GREYENERGY A successor to BlackEnergy. Retrieved November 15, 2018.

Internal MISP references

UUID f3e70f41-6c22-465c-b872-a7ec5e6a3e67 which can be used as unique global reference for ESET GreyEnergy Oct 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-15T00:00:00Z
date_published 2018-10-01T00:00:00Z
source MITRE
title GREYENERGY A successor to BlackEnergy

GRIZZLY STEPPE JAR

Department of Homeland Security and Federal Bureau of Investigation. (2016, December 29). GRIZZLY STEPPE – Russian Malicious Cyber Activity. Retrieved January 11, 2017.

Internal MISP references

UUID 4b26d274-497f-49bc-a2a5-b93856a49893 which can be used as unique global reference for GRIZZLY STEPPE JAR in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-01-11T00:00:00Z
date_published 2016-12-29T00:00:00Z
source MITRE
title GRIZZLY STEPPE – Russian Malicious Cyber Activity

Citizen Lab Group5

Scott-Railton, J., et al. (2016, August 2). Group5: Syria and the Iranian Connection. Retrieved September 26, 2016.

Internal MISP references

UUID ffbec5e8-947a-4363-b7e1-812dfd79935a which can be used as unique global reference for Citizen Lab Group5 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-09-26T00:00:00Z
date_published 2016-08-02T00:00:00Z
source MITRE, Tidal Cyber
title Group5: Syria and the Iranian Connection

Group-IB Threat Intelligence Tweet October 9 2023

GroupIB_TI. (2023, October 9). Group-IB Threat Intelligence Tweet October 9 2023. Retrieved October 10, 2023.

Internal MISP references

UUID 2df546ed-6577-44b2-9b26-0a17c3622df7 which can be used as unique global reference for Group-IB Threat Intelligence Tweet October 9 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-10T00:00:00Z
date_published 2023-10-09T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Group-IB Threat Intelligence Tweet October 9 2023

TechNet Group Policy Basics

srachui. (2012, February 13). Group Policy Basics – Part 1: Understanding the Structure of a Group Policy Object. Retrieved March 5, 2019.

Internal MISP references

UUID 9b9c8c6c-c272-424e-a594-a34b7bf62477 which can be used as unique global reference for TechNet Group Policy Basics in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-05T00:00:00Z
date_published 2012-02-13T00:00:00Z
source MITRE
title Group Policy Basics – Part 1: Understanding the Structure of a Group Policy Object

Microsoft GPP 2016

Microsoft. (2016, August 31). Group Policy Preferences. Retrieved March 9, 2020.

Internal MISP references

UUID fa3beaf1-81e7-411b-849a-24cffaf7c552 which can be used as unique global reference for Microsoft GPP 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-09T00:00:00Z
date_published 2016-08-31T00:00:00Z
source MITRE
title Group Policy Preferences

groups man page

MacKenzie, D. and Youngman, J. (n.d.). groups(1) - Linux man page. Retrieved January 11, 2024.

Internal MISP references

UUID 3d3c9756-4700-5db3-b8bc-8d2958df6a42 which can be used as unique global reference for groups man page in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-11T00:00:00Z
source MITRE
title groups(1) - Linux man page

Venafi SSH Key Abuse

Blachman, Y. (2020, April 22). Growing Abuse of SSH Keys: Commodity Malware Campaigns Now Equipped with SSH Capabilities. Retrieved June 24, 2020.

Internal MISP references

UUID cba14230-13bc-47ad-8f3f-d798217657bd which can be used as unique global reference for Venafi SSH Key Abuse in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-24T00:00:00Z
date_published 2020-04-22T00:00:00Z
source MITRE
title Growing Abuse of SSH Keys: Commodity Malware Campaigns Now Equipped with SSH Capabilities

Wikibooks Grsecurity

Wikibooks. (2018, August 19). Grsecurity/The RBAC System. Retrieved June 4, 2020.

Internal MISP references

UUID 8a7abfa0-97e8-4cac-9d76-c886e9666a16 which can be used as unique global reference for Wikibooks Grsecurity in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-04T00:00:00Z
date_published 2018-08-19T00:00:00Z
source MITRE
title Grsecurity/The RBAC System

TrueSec Gsecdump

TrueSec. (n.d.). gsecdump v2.0b5. Retrieved September 29, 2015.

Internal MISP references

UUID ba1d07ed-2e18-4f5f-9d44-082530946f14 which can be used as unique global reference for TrueSec Gsecdump in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-09-29T00:00:00Z
source MITRE
title gsecdump v2.0b5

GTFOBins Suid

Emilio Pinna, Andrea Cardaci. (n.d.). GTFOBins. Retrieved January 28, 2022.

Internal MISP references

UUID 0b7d8e81-da8e-4f6a-a1b7-4ed81e441b4d which can be used as unique global reference for GTFOBins Suid in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-28T00:00:00Z
source MITRE
title GTFOBins

GTFObins at

Emilio Pinna, Andrea Cardaci. (n.d.). gtfobins at. Retrieved September 28, 2021.

Internal MISP references

UUID 3fad6618-5a85-4f7a-be2b-0600269d7768 which can be used as unique global reference for GTFObins at in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-28T00:00:00Z
source MITRE
title gtfobins at

Fortinet Moses Staff February 15 2022

Rotem Sde-Or. (2022, February 15). Guard Your Drive from DriveGuard: Moses Staff Campaigns Against Israeli Organizations Span Several Months. Retrieved October 23, 2023.

Internal MISP references

UUID 4a435edb-18ae-4c31-beff-2b8f2e6cad34 which can be used as unique global reference for Fortinet Moses Staff February 15 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-23T00:00:00Z
date_published 2022-02-15T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Guard Your Drive from DriveGuard: Moses Staff Campaigns Against Israeli Organizations Span Several Months

Microsoft Log4j Vulnerability Exploitation December 2021

Microsoft Threat Intelligence. (2021, December 11). Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability. Retrieved December 7, 2023.

Internal MISP references

UUID 456ed22f-0de1-5ee4-bb8a-29e3baedc7b1 which can be used as unique global reference for Microsoft Log4j Vulnerability Exploitation December 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-07T00:00:00Z
date_published 2021-12-11T00:00:00Z
source MITRE
title Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability

Unit 42 NETWIRE April 2020

Duncan, B. (2020, April 3). GuLoader: Malspam Campaign Installing NetWire RAT. Retrieved January 7, 2021.

Internal MISP references

UUID b42f119d-144a-470a-b9fe-ccbf80a78fbb which can be used as unique global reference for Unit 42 NETWIRE April 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-07T00:00:00Z
date_published 2020-04-03T00:00:00Z
source MITRE
title GuLoader: Malspam Campaign Installing NetWire RAT

H0lyGh0st - North Korean Threat Group Strikes Back With New Ransomware

www.picussecurity.com. (n.d.). H0lyGh0st - North Korean Threat Group Strikes Back With New Ransomware. Retrieved May 19, 2023.

Internal MISP references

UUID 3f66ef62-ac0d-4ece-9a4b-917ae70f1617 which can be used as unique global reference for H0lyGh0st - North Korean Threat Group Strikes Back With New Ransomware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-19T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title H0lyGh0st - North Korean Threat Group Strikes Back With New Ransomware

Cisco H1N1 Part 1

Reynolds, J.. (2016, September 13). H1N1: Technical analysis reveals new capabilities. Retrieved September 26, 2016.

Internal MISP references

UUID 03a2faca-1a47-4f68-9f26-3fa98145f2ab which can be used as unique global reference for Cisco H1N1 Part 1 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-09-26T00:00:00Z
date_published 2016-09-13T00:00:00Z
source MITRE
title H1N1: Technical analysis reveals new capabilities

Cisco H1N1 Part 2

Reynolds, J.. (2016, September 14). H1N1: Technical analysis reveals new capabilities – part 2. Retrieved September 26, 2016.

Internal MISP references

UUID b53e55dc-078d-4535-a99f-c979ad8ca6e6 which can be used as unique global reference for Cisco H1N1 Part 2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-09-26T00:00:00Z
date_published 2016-09-14T00:00:00Z
source MITRE
title H1N1: Technical analysis reveals new capabilities – part 2

Wired Magecart S3 Buckets, 2019

Barrett, B.. (2019, July 11). Hack Brief: A Card-Skimming Hacker Group Hit 17K Domains—and Counting. Retrieved October 4, 2019.

Internal MISP references

UUID 47fb06ed-b4ce-454c-9bbe-21b28309f351 which can be used as unique global reference for Wired Magecart S3 Buckets, 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-04T00:00:00Z
date_published 2019-07-11T00:00:00Z
source MITRE
title Hack Brief: A Card-Skimming Hacker Group Hit 17K Domains—and Counting

Wired Uber Breach

Andy Greenberg. (2017, January 21). Hack Brief: Uber Paid Off Hackers to Hide a 57-Million User Data Breach. Retrieved May 14, 2021.

Internal MISP references

UUID 3bdf88b3-8f41-4945-9292-e299bab4f98e which can be used as unique global reference for Wired Uber Breach in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-14T00:00:00Z
date_published 2017-01-21T00:00:00Z
source MITRE
title Hack Brief: Uber Paid Off Hackers to Hide a 57-Million User Data Breach

Trendmicro NPM Compromise

Trendmicro. (2018, November 29). Hacker Infects Node.js Package to Steal from Bitcoin Wallets. Retrieved April 10, 2019.

Internal MISP references

UUID 69eac1b0-1c50-4534-99e0-2d0fd738ab8f which can be used as unique global reference for Trendmicro NPM Compromise in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-10T00:00:00Z
date_published 2018-11-29T00:00:00Z
source MITRE
title Hacker Infects Node.js Package to Steal from Bitcoin Wallets

Data Destruction - Threat Post

Mimoso, M.. (2014, June 18). Hacker Puts Hosting Service Code Spaces Out of Business. Retrieved December 15, 2020.

Internal MISP references

UUID 97d16d3a-98a0-4a7d-9f74-8877c8088ddf which can be used as unique global reference for Data Destruction - Threat Post in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-15T00:00:00Z
date_published 2014-06-18T00:00:00Z
source MITRE
title Hacker Puts Hosting Service Code Spaces Out of Business

Bloomberg Scattered Spider May 8 2024

Katrina Manson. (2024, May 8). Hackers Behind MGM Attack Targeting Financial Sector in New Campaign. Retrieved May 22, 2024.

Internal MISP references

UUID 2bf7e84a-805d-48aa-b911-8cd8a9dbf1cf which can be used as unique global reference for Bloomberg Scattered Spider May 8 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-05-22T00:00:00Z
date_published 2024-05-08T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Hackers Behind MGM Attack Targeting Financial Sector in New Campaign

Salesforce zero-day in facebook phishing attack

Bill Toulas. (2023, August 2). Hackers exploited Salesforce zero-day in Facebook phishing attack. Retrieved September 18, 2023.

Internal MISP references

UUID cbd360bb-f4b6-5326-8861-b05f3a2a8737 which can be used as unique global reference for Salesforce zero-day in facebook phishing attack in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-18T00:00:00Z
date_published 2023-08-02T00:00:00Z
source MITRE
title Hackers exploited Salesforce zero-day in Facebook phishing attack

Fortune Dragonfly 2.0 Sept 2017

Hackett, R. (2017, September 6). Hackers Have Penetrated Energy Grid, Symantec Warns. Retrieved June 6, 2018.

Internal MISP references

UUID b56c5b41-b8e0-4fef-a6d8-183bb283dc7c which can be used as unique global reference for Fortune Dragonfly 2.0 Sept 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-06-06T00:00:00Z
date_published 2017-09-06T00:00:00Z
source MITRE
title Hackers Have Penetrated Energy Grid, Symantec Warns

Wired Cyber Army of Russia April 17 2024

Andy Greenberg. (2024, April 17). Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities. Retrieved April 30, 2024.

Internal MISP references

UUID 53583baf-4e09-4d19-9348-6110206b88be which can be used as unique global reference for Wired Cyber Army of Russia April 17 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-30T00:00:00Z
date_published 2024-04-17T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities

Huntress API Hash

Brennan, M. (2022, February 16). Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection. Retrieved August 22, 2022.

Internal MISP references

UUID e9f91661-29e3-408e-bfdd-c7df22f3f400 which can be used as unique global reference for Huntress API Hash in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-22T00:00:00Z
date_published 2022-02-16T00:00:00Z
source MITRE
title Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection

BleepingComputer Agent Tesla steal wifi passwords

Sergiu Gatlan. (2020, April 16). Hackers steal WiFi passwords using upgraded Agent Tesla malware. Retrieved September 8, 2023.

Internal MISP references

UUID 93b5ecd2-35a3-5bd8-9d6e-87bace012546 which can be used as unique global reference for BleepingComputer Agent Tesla steal wifi passwords in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-08T00:00:00Z
date_published 2020-04-16T00:00:00Z
source MITRE
title Hackers steal WiFi passwords using upgraded Agent Tesla malware

SWAT-hospital

Giles, Bruce. (2024, January 4). Hackers threaten to send SWAT teams to Fred Hutch patients' homes. Retrieved January 5, 2024.

Internal MISP references

UUID ce8bc906-875a-53bd-8b9c-b2191e369e4e which can be used as unique global reference for SWAT-hospital in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-05T00:00:00Z
date_published 2024-01-04T00:00:00Z
source MITRE
title Hackers threaten to send SWAT teams to Fred Hutch patients' homes

PCMag FakeLogin

Kan, M. (2019, October 24). Hackers Try to Phish United Nations Staffers With Fake Login Pages. Retrieved October 20, 2020.

Internal MISP references

UUID f652524c-7950-4a8a-9860-0e658a9581d8 which can be used as unique global reference for PCMag FakeLogin in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2019-10-24T00:00:00Z
source MITRE
title Hackers Try to Phish United Nations Staffers With Fake Login Pages

Krebs-Bazaar

Brian Krebs. (2016, October 31). Hackforums Shutters Booter Service Bazaar. Retrieved May 15, 2017.

Internal MISP references

UUID b46efda2-18e0-451e-b945-28421c2d5274 which can be used as unique global reference for Krebs-Bazaar in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-05-15T00:00:00Z
date_published 2016-10-31T00:00:00Z
source MITRE
title Hackforums Shutters Booter Service Bazaar

BleepingComputer Molerats Dec 2020

Ilascu, I. (2020, December 14). Hacking group’s new malware abuses Google and Facebook services. Retrieved December 28, 2020.

Internal MISP references

UUID 307108c8-9c72-4f31-925b-0b9bd4b31e7b which can be used as unique global reference for BleepingComputer Molerats Dec 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-28T00:00:00Z
date_published 2020-12-14T00:00:00Z
source MITRE
title Hacking group’s new malware abuses Google and Facebook services

Microsoft Hacking Team Breach

Microsoft Secure Team. (2016, June 1). Hacking Team Breach: A Cyber Jurassic Park. Retrieved March 5, 2019.

Internal MISP references

UUID 8daac742-6467-40db-9fe5-87efd2a96f09 which can be used as unique global reference for Microsoft Hacking Team Breach in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-05T00:00:00Z
date_published 2016-06-01T00:00:00Z
source MITRE
title Hacking Team Breach: A Cyber Jurassic Park

Intel HackingTeam UEFI Rootkit

Intel Security. (2005, July 16). HackingTeam's UEFI Rootkit Details. Retrieved March 20, 2017.

Internal MISP references

UUID 1c476cb2-8ce0-4559-8037-646d0ea09398 which can be used as unique global reference for Intel HackingTeam UEFI Rootkit in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-20T00:00:00Z
date_published 2005-07-16T00:00:00Z
source MITRE
title HackingTeam's UEFI Rootkit Details

TrendMicro Hacking Team UEFI

Lin, P. (2015, July 13). Hacking Team Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems. Retrieved December 11, 2015.

Internal MISP references

UUID 24796535-d516-45e9-bcc7-8f03a3f3cd73 which can be used as unique global reference for TrendMicro Hacking Team UEFI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-12-11T00:00:00Z
date_published 2015-07-13T00:00:00Z
source MITRE
title Hacking Team Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems

TempertonDarkHotel

Temperton, J. (2015, August 10). Hacking Team zero-day used in new Darkhotel attacks. Retrieved March 9, 2017.

Internal MISP references

UUID 4de7960b-bd62-452b-9e64-b52a0d580858 which can be used as unique global reference for TempertonDarkHotel in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-09T00:00:00Z
date_published 2015-08-10T00:00:00Z
source MITRE
title Hacking Team zero-day used in new Darkhotel attacks

FireEye Hacking FIN4 Video Dec 2014

Vengerik, B. & Dennesen, K.. (2014, December 5). Hacking the Street? FIN4 Likely Playing the Market. Retrieved January 15, 2019.

Internal MISP references

UUID 6dcfe3fb-c310-49cf-a657-f2cec65c5499 which can be used as unique global reference for FireEye Hacking FIN4 Video Dec 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-01-15T00:00:00Z
date_published 2014-12-05T00:00:00Z
source MITRE
title Hacking the Street? FIN4 Likely Playing the Market

FireEye Hacking FIN4 Dec 2014

Vengerik, B. et al.. (2014, December 5). Hacking the Street? FIN4 Likely Playing the Market. Retrieved December 17, 2018.

Internal MISP references

UUID c3ac1c2a-21cc-42a9-a214-88f302371766 which can be used as unique global reference for FireEye Hacking FIN4 Dec 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-12-17T00:00:00Z
date_published 2014-12-05T00:00:00Z
source MITRE
title Hacking the Street? FIN4 Likely Playing the Market

Malwarebytes OSINT Leaky Buckets - Hioureas

Vasilios Hioureas. (2019, September 13). Hacking with AWS: incorporating leaky buckets into your OSINT workflow. Retrieved February 14, 2022.

Internal MISP references

UUID 67ebcf71-828e-4202-b842-f071140883f8 which can be used as unique global reference for Malwarebytes OSINT Leaky Buckets - Hioureas in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-14T00:00:00Z
date_published 2019-09-13T00:00:00Z
source MITRE
title Hacking with AWS: incorporating leaky buckets into your OSINT workflow

Microsoft Gsecdump

Vincent Tiu. (2017, September 15). HackTool:Win32/Gsecdump. Retrieved January 10, 2024.

Internal MISP references

UUID e9c12a7f-ce8a-5f20-8283-509e16532d9b which can be used as unique global reference for Microsoft Gsecdump in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-10T00:00:00Z
date_published 2017-09-15T00:00:00Z
source MITRE
title HackTool:Win32/Gsecdump

Microsoft HAFNIUM March 2020

MSTIC. (2021, March 2). HAFNIUM targeting Exchange Servers with 0-day exploits. Retrieved March 3, 2021.

Internal MISP references

UUID 6a986c46-79a3-49c6-94d2-d9b1f5db08f3 which can be used as unique global reference for Microsoft HAFNIUM March 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-03T00:00:00Z
date_published 2021-03-02T00:00:00Z
source MITRE, Tidal Cyber
title HAFNIUM targeting Exchange Servers with 0-day exploits

haking9 libpcap network sniffing

Luis Martin Garcia. (2008, February 1). Hakin9 Issue 2/2008 Vol 3 No.2 VoIP Abuse: Storming SIP Security. Retrieved October 18, 2022.

Internal MISP references

UUID 2803d0b8-78ee-4b19-aad3-daf84cd292b5 which can be used as unique global reference for haking9 libpcap network sniffing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-10-18T00:00:00Z
date_published 2008-02-01T00:00:00Z
source MITRE
title Hakin9 Issue 2/2008 Vol 3 No.2 VoIP Abuse: Storming SIP Security

FireEye APT29

FireEye Labs. (2015, July). HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group. Retrieved September 17, 2015.

Internal MISP references

UUID 78ead31e-7450-46e8-89cf-461ae1981994 which can be used as unique global reference for FireEye APT29 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-09-17T00:00:00Z
date_published 2015-07-01T00:00:00Z
source MITRE
title HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group

FireEye Hancitor

Anubhav, A., Jallepalli, D. (2016, September 23). Hancitor (AKA Chanitor) observed using multiple attack approaches. Retrieved August 13, 2020.

Internal MISP references

UUID 65a07c8c-5b29-445f-8f01-6e577df4ea62 which can be used as unique global reference for FireEye Hancitor in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-13T00:00:00Z
date_published 2016-09-23T00:00:00Z
source MITRE
title Hancitor (AKA Chanitor) observed using multiple attack approaches

NCC Group Fivehands June 2021

Matthews, M. and Backhouse, W. (2021, June 15). Handy guide to a new Fivehands ransomware variant. Retrieved June 24, 2021.

Internal MISP references

UUID 33955c35-e8cd-4486-b1ab-6f992319c81c which can be used as unique global reference for NCC Group Fivehands June 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-24T00:00:00Z
date_published 2021-06-15T00:00:00Z
source MITRE
title Handy guide to a new Fivehands ransomware variant

Apple Developer Doco Hardened Runtime

Apple Inc.. (2021, January 1). Hardened Runtime: Manage security protections and resource access for your macOS apps.. Retrieved March 24, 2021.

Internal MISP references

UUID b41de1e5-63ab-4556-a61f-3baca1873283 which can be used as unique global reference for Apple Developer Doco Hardened Runtime in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-24T00:00:00Z
date_published 2021-01-01T00:00:00Z
source MITRE
title Hardened Runtime: Manage security protections and resource access for your macOS apps.

FireEye APT34 July 2019

Bromiley, M., et al.. (2019, July 18). Hard Pass: Declining APT34’s Invite to Join Their Professional Network. Retrieved August 26, 2019.

Internal MISP references

UUID 09a00ded-1afc-4555-894e-a151162796eb which can be used as unique global reference for FireEye APT34 July 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-08-26T00:00:00Z
date_published 2019-07-18T00:00:00Z
source MITRE
title Hard Pass: Declining APT34’s Invite to Join Their Professional Network

GitHub Hashjacking

Dunning, J. (2016, August 1). Hashjacking. Retrieved December 21, 2017.

Internal MISP references

UUID d31f6612-c552-45e1-bf6b-889fe619ab5f which can be used as unique global reference for GitHub Hashjacking in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-21T00:00:00Z
date_published 2016-08-01T00:00:00Z
source MITRE
title Hashjacking

FireEye HawkEye Malware July 2017

Swapnil Patil, Yogesh Londhe. (2017, July 25). HawkEye Credential Theft Malware Distributed in Recent Phishing Campaign. Retrieved June 18, 2019.

Internal MISP references

UUID 7ad228a8-5450-45ec-86fc-ea038f7c6ef7 which can be used as unique global reference for FireEye HawkEye Malware July 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-18T00:00:00Z
date_published 2017-07-25T00:00:00Z
source MITRE
title HawkEye Credential Theft Malware Distributed in Recent Phishing Campaign

Specter Ops - Cloud Credential Storage

Maddalena, C.. (2018, September 12). Head in the Clouds. Retrieved October 4, 2019.

Internal MISP references

UUID 95d6d1ce-ceba-48ee-88c4-0fb30058bd80 which can be used as unique global reference for Specter Ops - Cloud Credential Storage in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-04T00:00:00Z
date_published 2018-09-12T00:00:00Z
source MITRE
title Head in the Clouds

Securelist Dtrack2

KONSTANTIN ZYKOV. (2019, September 23). Hello! My name is Dtrack. Retrieved September 30, 2022.

Internal MISP references

UUID a011b68a-30e0-4204-9bf3-fa73f2a238b4 which can be used as unique global reference for Securelist Dtrack2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-30T00:00:00Z
date_published 2019-09-23T00:00:00Z
source MITRE
title Hello! My name is Dtrack

Securelist Dtrack

Konstantin Zykov. (2019, September 23). Hello! My name is Dtrack. Retrieved January 20, 2021.

Internal MISP references

UUID 49bd8841-a4b5-4ced-adfa-0ad0c8625ccd which can be used as unique global reference for Securelist Dtrack in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-20T00:00:00Z
date_published 2019-09-23T00:00:00Z
source MITRE
title Hello! My name is Dtrack

Baggett 2012

Baggett, M. (2012, November 8). Help eliminate unquoted path vulnerabilities. Retrieved December 4, 2014.

Internal MISP references

UUID 9b234329-5e05-4035-af38-dd8ab20fd68e which can be used as unique global reference for Baggett 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-04T00:00:00Z
date_published 2012-11-08T00:00:00Z
source MITRE
title Help eliminate unquoted path vulnerabilities

Help eliminate unquoted path

Mark Baggett. (2012, November 8). Help eliminate unquoted path vulnerabilities. Retrieved November 8, 2012.

Internal MISP references

UUID 23ad5a8c-cbe1-4f40-8757-f1784a4003a1 which can be used as unique global reference for Help eliminate unquoted path in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2012-11-08T00:00:00Z
date_published 2012-11-08T00:00:00Z
source MITRE
title Help eliminate unquoted path vulnerabilities

Default VBS macros Blocking

Kellie Eickmeyer. (2022, February 7). Helping users stay safe: Blocking internet macros by default in Office. Retrieved February 7, 2022.

Internal MISP references

UUID d86883dd-3766-4971-91c7-b205ed13cc37 which can be used as unique global reference for Default VBS macros Blocking in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-07T00:00:00Z
date_published 2022-02-07T00:00:00Z
source MITRE
title Helping users stay safe: Blocking internet macros by default in Office

Twitter CMSTP Usage Jan 2018

Carr, N. (2018, January 31). Here is some early bad cmstp.exe... Retrieved April 11, 2018.

Internal MISP references

UUID 836621f3-83e1-4c55-8e3b-740fc9ba1e46 which can be used as unique global reference for Twitter CMSTP Usage Jan 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-11T00:00:00Z
date_published 2018-01-31T00:00:00Z
source MITRE
title Here is some early bad cmstp.exe..

ESET Hermetic Wiper February 2022

ESET. (2022, February 24). HermeticWiper: New data wiping malware hits Ukraine. Retrieved March 25, 2022.

Internal MISP references

UUID 07ef66e8-195b-4afe-a518-ce9e77220038 which can be used as unique global reference for ESET Hermetic Wiper February 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-25T00:00:00Z
date_published 2022-02-24T00:00:00Z
source MITRE
title HermeticWiper: New data wiping malware hits Ukraine

SentinelOne Hermetic Wiper February 2022

Guerrero-Saade, J. (2022, February 23). HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine. Retrieved March 25, 2022.

Internal MISP references

UUID 96825555-1936-4ee3-bb25-423dc16a9116 which can be used as unique global reference for SentinelOne Hermetic Wiper February 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-25T00:00:00Z
date_published 2022-02-23T00:00:00Z
source MITRE
title HermeticWiper

Dragos Hexane

Dragos. (n.d.). Hexane. Retrieved October 27, 2019.

Internal MISP references

UUID 11838e67-5032-4352-ad1f-81ba0398a14f which can be used as unique global reference for Dragos Hexane in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-27T00:00:00Z
source MITRE
title Hexane

Sourceforge Heyoka 2022

Sourceforge. (n.d.). Heyoka POC Exfiltration Tool. Retrieved October 11, 2022.

Internal MISP references

UUID f6677391-cb7a-4abc-abb7-3a8cd47fbc90 which can be used as unique global reference for Sourceforge Heyoka 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-10-11T00:00:00Z
source MITRE
title Heyoka POC Exfiltration Tool

Hh.exe - LOLBAS Project

LOLBAS. (2018, May 25). Hh.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 4e09bfcf-f5be-46c5-9ebf-8742ac8d1edc which can be used as unique global reference for Hh.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Hh.exe

CrowdStrike BloodHound April 2018

Red Team Labs. (2018, April 24). Hidden Administrative Accounts: BloodHound to the Rescue. Retrieved October 28, 2020.

Internal MISP references

UUID fa99f290-e42c-4311-9f6d-c519c9ab89fe which can be used as unique global reference for CrowdStrike BloodHound April 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-28T00:00:00Z
date_published 2018-04-24T00:00:00Z
source MITRE
title Hidden Administrative Accounts: BloodHound to the Rescue

McAfee Bankshot

Sherstobitoff, R. (2018, March 08). Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant. Retrieved May 18, 2018.

Internal MISP references

UUID c748dc6c-8c19-4a5c-840f-3d47955a6c78 which can be used as unique global reference for McAfee Bankshot in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-18T00:00:00Z
date_published 2018-03-08T00:00:00Z
source MITRE
title Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant

Pfammatter - Hidden Inbox Rules

Damian Pfammatter. (2018, September 17). Hidden Inbox Rules in Microsoft Exchange. Retrieved October 12, 2021.

Internal MISP references

UUID 8a00b664-5a75-4365-9069-a32e0ed20a80 which can be used as unique global reference for Pfammatter - Hidden Inbox Rules in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-12T00:00:00Z
date_published 2018-09-17T00:00:00Z
source MITRE
title Hidden Inbox Rules in Microsoft Exchange

Hidden VNC

Hutchins, Marcus. (2015, September 13). Hidden VNC for Beginners. Retrieved November 28, 2023.

Internal MISP references

UUID 1d50ce73-ad6a-5286-8ef9-0b2bfed321dc which can be used as unique global reference for Hidden VNC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-28T00:00:00Z
date_published 2015-09-13T00:00:00Z
source MITRE
title Hidden VNC for Beginners

Intezer HiddenWasp Map 2019

Sanmillan, I. (2019, May 29). HiddenWasp Malware Stings Targeted Linux Systems. Retrieved June 24, 2019.

Internal MISP references

UUID dfef8451-031b-42a6-8b78-d25950cc9d23 which can be used as unique global reference for Intezer HiddenWasp Map 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-24T00:00:00Z
date_published 2019-05-29T00:00:00Z
source MITRE
title HiddenWasp Malware Stings Targeted Linux Systems

Apple Support Hide a User Account

Apple. (2020, November 30). Hide a user account in macOS. Retrieved December 10, 2021.

Internal MISP references

UUID e901df3b-76a6-41a5-9083-b28065e75aa2 which can be used as unique global reference for Apple Support Hide a User Account in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-10T00:00:00Z
date_published 2020-11-30T00:00:00Z
source MITRE
title Hide a user account in macOS

Malwarebytes Wow6432Node 2016

Arntz, P. (2016, March 30). Hiding in Plain Sight. Retrieved August 3, 2020.

Internal MISP references

UUID d4eba34c-d76b-45b4-bcaf-0f13459daaad which can be used as unique global reference for Malwarebytes Wow6432Node 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-03T00:00:00Z
date_published 2016-03-30T00:00:00Z
source MITRE
title Hiding in Plain Sight

FireEye APT17

FireEye Labs/FireEye Threat Intelligence. (2015, May 14). Hiding in Plain Sight: FireEye and Microsoft Expose Obfuscation Tactic. Retrieved January 22, 2016.

Internal MISP references

UUID a303f97a-72dd-4833-bac7-a421addc3242 which can be used as unique global reference for FireEye APT17 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-22T00:00:00Z
date_published 2015-05-14T00:00:00Z
source MITRE, Tidal Cyber
title Hiding in Plain Sight: FireEye and Microsoft Expose Obfuscation Tactic

Crowdstrike Hiding in Plain Sight 2018

Crowdstrike. (2018, July 18). Hiding in Plain Sight: Using the Office 365 Activities API to Investigate Business Email Compromises. Retrieved January 19, 2020.

Internal MISP references

UUID 8612fb31-5806-47ca-ba43-265a590b61fb which can be used as unique global reference for Crowdstrike Hiding in Plain Sight 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-01-19T00:00:00Z
date_published 2018-07-18T00:00:00Z
source MITRE
title Hiding in Plain Sight: Using the Office 365 Activities API to Investigate Business Email Compromises

Hiding Malicious Code with Module Stomping

Aliz Hammond. (2019, August 15). Hiding Malicious Code with "Module Stomping": Part 1. Retrieved July 14, 2022.

Internal MISP references

UUID 88983d22-980d-4442-858a-3b70ec485b94 which can be used as unique global reference for Hiding Malicious Code with Module Stomping in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-14T00:00:00Z
date_published 2019-08-15T00:00:00Z
source MITRE
title Hiding Malicious Code with "Module Stomping": Part 1

SpectorOps Hiding Reg Jul 2017

Reitz, B. (2017, July 14). Hiding Registry keys with PSReflect. Retrieved August 9, 2018.

Internal MISP references

UUID 877a5ae4-ec5f-4f53-b69d-ba74ff9e1619 which can be used as unique global reference for SpectorOps Hiding Reg Jul 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-09T00:00:00Z
date_published 2017-07-14T00:00:00Z
source MITRE
title Hiding Registry keys with PSReflect

FireEye SUNBURST Backdoor December 2020

FireEye. (2020, December 13). Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor. Retrieved January 4, 2021.

Internal MISP references

UUID d006ed03-a8af-4887-9356-3481d81d43e4 which can be used as unique global reference for FireEye SUNBURST Backdoor December 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-04T00:00:00Z
date_published 2020-12-13T00:00:00Z
source MITRE, Tidal Cyber
title Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor

Redirectors_Domain_Fronting

Mudge, R. (2017, February 6). High-reputation Redirectors and Domain Fronting. Retrieved July 11, 2022.

Internal MISP references

UUID 42c81d97-b6ee-458e-bff3-e8c4de882cd6 which can be used as unique global reference for Redirectors_Domain_Fronting in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-11T00:00:00Z
date_published 2017-02-06T00:00:00Z
source MITRE
title High-reputation Redirectors and Domain Fronting

Synack Secure Kernel Extension Broken

Wardle, P. (2017, September 8). High Sierra’s ‘Secure Kernel Extension Loading’ is Broken. Retrieved April 6, 2018.

Internal MISP references

UUID 647f6be8-fe95-4045-8778-f7d7ff00c96c which can be used as unique global reference for Synack Secure Kernel Extension Broken in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-06T00:00:00Z
date_published 2017-09-08T00:00:00Z
source MITRE
title High Sierra’s ‘Secure Kernel Extension Loading’ is Broken

Unit 42 Hildegard Malware

Chen, J. et al. (2021, February 3). Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes. Retrieved April 5, 2021.

Internal MISP references

UUID 0941cf0e-75d8-4c96-bc42-c99d809e75f9 which can be used as unique global reference for Unit 42 Hildegard Malware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-05T00:00:00Z
date_published 2021-02-03T00:00:00Z
source MITRE
title Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes

Drakonia HInvoke

drakonia. (2022, August 10). HInvoke and avoiding PInvoke. Retrieved August 22, 2022.

Internal MISP references

UUID 11d936fd-aba0-4eed-8007-aca71c340c59 which can be used as unique global reference for Drakonia HInvoke in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-22T00:00:00Z
date_published 2022-08-10T00:00:00Z
source MITRE
title HInvoke and avoiding PInvoke

Hive Ransomware Analysis | Kroll

Stephen Green, Elio Biasiotto. (2023, February 2). Hive Ransomware Analysis | Kroll. Retrieved May 7, 2023.

Internal MISP references

UUID f5e43446-04ea-4dcd-be3a-22f8b10b8aa1 which can be used as unique global reference for Hive Ransomware Analysis | Kroll in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2023-02-02T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Hive Ransomware Analysis

Microsoft CurrentControlSet Services

Microsoft. (2017, April 20). HKLM\SYSTEM\CurrentControlSet\Services Registry Tree. Retrieved March 16, 2020.

Internal MISP references

UUID cb9b5391-773f-4b56-8c41-d4f548c7b835 which can be used as unique global reference for Microsoft CurrentControlSet Services in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-16T00:00:00Z
date_published 2017-04-20T00:00:00Z
source MITRE
title HKLM\SYSTEM\CurrentControlSet\Services Registry Tree

microsoft_services_registry_tree

Microsoft. (2021, August 5). HKLM\SYSTEM\CurrentControlSet\Services Registry Tree. Retrieved August 25, 2021.

Internal MISP references

UUID 171cfdf1-d91c-4df3-831e-89b6237e3c8b which can be used as unique global reference for microsoft_services_registry_tree in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-25T00:00:00Z
date_published 2021-08-05T00:00:00Z
source MITRE
title HKLM\SYSTEM\CurrentControlSet\Services Registry Tree

Accenture Hogfish April 2018

Accenture Security. (2018, April 23). Hogfish Redleaves Campaign. Retrieved July 2, 2018.

Internal MISP references

UUID c8e9fee1-9981-499f-a62f-ffe59f4bb1e7 which can be used as unique global reference for Accenture Hogfish April 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-02T00:00:00Z
date_published 2018-04-23T00:00:00Z
source MITRE
title Hogfish Redleaves Campaign

Proofpoint Router Malvertising

Kafeine. (2016, December 13). Home Routers Under Attack via Malvertising on Windows, Android Devices. Retrieved January 16, 2019.

Internal MISP references

UUID b964139f-7c02-451d-8d22-a87975e60aa2 which can be used as unique global reference for Proofpoint Router Malvertising in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-01-16T00:00:00Z
date_published 2016-12-13T00:00:00Z
source MITRE
title Home Routers Under Attack via Malvertising on Windows, Android Devices

Trustwave Honeypot SkidMap 2023

Radoslaw Zdonczyk. (2023, July 30). Honeypot Recon: New Variant of SkidMap Targeting Redis. Retrieved September 29, 2023.

Internal MISP references

UUID 300505ae-bb7a-503d-84c5-9ff021eb6f3a which can be used as unique global reference for Trustwave Honeypot SkidMap 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-29T00:00:00Z
date_published 2023-07-30T00:00:00Z
source MITRE
title Honeypot Recon: New Variant of SkidMap Targeting Redis

Microsoft Hook Overview

Microsoft. (n.d.). Hooks Overview. Retrieved December 12, 2017.

Internal MISP references

UUID 54997a52-f78b-4af4-8916-787bcb215ce1 which can be used as unique global reference for Microsoft Hook Overview in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-12T00:00:00Z
source MITRE
title Hooks Overview

SpectorOps Host-Based Jul 2017

Atkinson, J. (2017, July 18). Host-based Threat Modeling & Indicator Design. Retrieved March 21, 2018.

Internal MISP references

UUID 5fbf3a1d-eac2-44b8-a0a9-70feca168647 which can be used as unique global reference for SpectorOps Host-Based Jul 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-21T00:00:00Z
date_published 2017-07-18T00:00:00Z
source MITRE
title Host-based Threat Modeling & Indicator Design

Crowdstrike AWS User Federation Persistence

Vaishnav Murthy and Joel Eng. (2023, January 30). How Adversaries Can Persist with AWS User Federation. Retrieved March 10, 2023.

Internal MISP references

UUID 8c4f806c-b6f2-5bde-8525-05da6692e59c which can be used as unique global reference for Crowdstrike AWS User Federation Persistence in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-10T00:00:00Z
date_published 2023-01-30T00:00:00Z
source MITRE
title How Adversaries Can Persist with AWS User Federation

Andy Greenberg June 2017

Andy Greenberg. (2017, June 28). How an Entire Nation Became Russia's Test Lab for Cyberwar. Retrieved September 27, 2023.

Internal MISP references

UUID 6a013c48-3b58-5b87-9af5-0b7d01f27c48 which can be used as unique global reference for Andy Greenberg June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-27T00:00:00Z
date_published 2017-06-28T00:00:00Z
source MITRE
title How an Entire Nation Became Russia's Test Lab for Cyberwar

Symantec Digital Certificates

Shinotsuka, H. (2013, February 22). How Attackers Steal Private Keys from Digital Certificates. Retrieved March 31, 2016.

Internal MISP references

UUID 4b4f0171-827d-45c3-8c89-66ea801e77e8 which can be used as unique global reference for Symantec Digital Certificates in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-31T00:00:00Z
date_published 2013-02-22T00:00:00Z
source MITRE
title How Attackers Steal Private Keys from Digital Certificates

ADSecurity Silver Tickets

Sean Metcalf. (2015, November 17). How Attackers Use Kerberos Silver Tickets to Exploit Systems. Retrieved February 27, 2020.

Internal MISP references

UUID 5185560e-b8f0-4c40-8c90-cb12348a0f7f which can be used as unique global reference for ADSecurity Silver Tickets in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-27T00:00:00Z
date_published 2015-11-17T00:00:00Z
source MITRE
title How Attackers Use Kerberos Silver Tickets to Exploit Systems

Amazon S3 Security, 2019

Amazon. (2019, May 17). How can I secure the files in my Amazon S3 bucket?. Retrieved October 4, 2019.

Internal MISP references

UUID 4c434ca5-2544-45e0-82d9-71343d8aa960 which can be used as unique global reference for Amazon S3 Security, 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-04T00:00:00Z
date_published 2019-05-17T00:00:00Z
source MITRE
title How can I secure the files in my Amazon S3 bucket?

Microsoft Connection Manager Oct 2009

Microsoft. (2009, October 8). How Connection Manager Works. Retrieved April 11, 2018.

Internal MISP references

UUID 0b0880a8-82cc-4e23-afd9-95d099c753a4 which can be used as unique global reference for Microsoft Connection Manager Oct 2009 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-11T00:00:00Z
date_published 2009-10-08T00:00:00Z
source MITRE
title How Connection Manager Works

Kaspersky-masking

Dedenok, Roman. (2023, December 12). How cybercriminals disguise URLs. Retrieved January 17, 2024.

Internal MISP references

UUID 811eb587-effd-50ad-abb4-83221cc5d567 which can be used as unique global reference for Kaspersky-masking in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-17T00:00:00Z
date_published 2023-12-12T00:00:00Z
source MITRE
title How cybercriminals disguise URLs

dns_changer_trojans

Abendan, O. (2012, June 14). How DNS Changer Trojans Direct Users to Threats. Retrieved October 28, 2021.

Internal MISP references

UUID 082a0fde-d9f9-45f2-915d-f14c77b62254 which can be used as unique global reference for dns_changer_trojans in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-28T00:00:00Z
date_published 2012-06-14T00:00:00Z
source MITRE
title How DNS Changer Trojans Direct Users to Threats

Entrust Enable CAPI2 Aug 2017

Entrust Datacard. (2017, August 16). How do I enable CAPI 2.0 logging in Windows Vista, Windows 7 and Windows 2008 Server?. Retrieved January 31, 2018.

Internal MISP references

UUID ad6dfcab-792a-4b4d-8ada-aa418e2ea1aa which can be used as unique global reference for Entrust Enable CAPI2 Aug 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-31T00:00:00Z
date_published 2017-08-16T00:00:00Z
source MITRE
title How do I enable CAPI 2.0 logging in Windows Vista, Windows 7 and Windows 2008 Server?

Apple Culprit Access

rjben. (2012, May 30). How do you find the culprit when unauthorized access to a computer is a problem?. Retrieved August 3, 2022.

Internal MISP references

UUID 9254d3f5-7fc1-4710-b885-b0ddb3a3dca9 which can be used as unique global reference for Apple Culprit Access in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-03T00:00:00Z
date_published 2012-05-30T00:00:00Z
source MITRE
title How do you find the culprit when unauthorized access to a computer is a problem?

SFX - Encrypted/Encoded File

Jai Minton. (2023, March 31). How Falcon OverWatch Investigates Malicious Self-Extracting Archives, Decoy Files and Their Hidden Payloads. Retrieved March 29, 2024.

Internal MISP references

UUID 55171e0e-6b6d-568c-941a-85adcafceb43 which can be used as unique global reference for SFX - Encrypted/Encoded File in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-29T00:00:00Z
date_published 2023-03-31T00:00:00Z
source MITRE
title How Falcon OverWatch Investigates Malicious Self-Extracting Archives, Decoy Files and Their Hidden Payloads

DOJ FIN7 Aug 2018

Department of Justice. (2018, August 01). HOW FIN7 ATTACKED AND STOLE DATA. Retrieved August 24, 2018.

Internal MISP references

UUID 6a588eff-2b79-41c3-9834-613a628a0355 which can be used as unique global reference for DOJ FIN7 Aug 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-24T00:00:00Z
date_published 2018-08-01T00:00:00Z
source MITRE
title HOW FIN7 ATTACKED AND STOLE DATA

Charles McLellan March 2016

Charles McLellan. (2016, March 4). How hackers attacked Ukraine's power grid: Implications for Industrial IoT security. Retrieved September 27, 2023.

Internal MISP references

UUID a9156c24-42ad-5f15-a18e-2382f84d702e which can be used as unique global reference for Charles McLellan March 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-27T00:00:00Z
date_published 2016-03-04T00:00:00Z
source MITRE
title How hackers attacked Ukraine's power grid: Implications for Industrial IoT security

Cyware Social Media

Cyware Hacker News. (2019, October 2). How Hackers Exploit Social Media To Break Into Your Company. Retrieved October 20, 2020.

Internal MISP references

UUID e6136a63-81fe-4363-8d98-f7d1e85a0f2b which can be used as unique global reference for Cyware Social Media in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2019-10-02T00:00:00Z
source MITRE
title How Hackers Exploit Social Media To Break Into Your Company

malware_hides_service

Lawrence Abrams. (2004, September 10). How Malware hides and is installed as a Service. Retrieved August 30, 2021.

Internal MISP references

UUID c5982f65-1782-452a-9667-a8732d31e89a which can be used as unique global reference for malware_hides_service in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-30T00:00:00Z
date_published 2004-09-10T00:00:00Z
source MITRE
title How Malware hides and is installed as a Service

S1 macOs Persistence

Stokes, P. (2019, July 17). How Malware Persists on macOS. Retrieved March 27, 2020.

Internal MISP references

UUID ce952a0d-9c0d-4a51-9564-7cc5d9e43e2c which can be used as unique global reference for S1 macOs Persistence in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-27T00:00:00Z
date_published 2019-07-17T00:00:00Z
source MITRE
title How Malware Persists on macOS

sentinelone macos persist Jun 2019

Stokes, Phil. (2019, June 17). HOW MALWARE PERSISTS ON MACOS. Retrieved September 10, 2019.

Internal MISP references

UUID 81a49043-cac5-40e0-a626-fd242d21c56d which can be used as unique global reference for sentinelone macos persist Jun 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-10T00:00:00Z
date_published 2019-06-17T00:00:00Z
source MITRE
title HOW MALWARE PERSISTS ON MACOS

Kaspersky Autofill

Golubev, S. (n.d.). How malware steals autofill data from browsers. Retrieved March 28, 2023.

Internal MISP references

UUID 561ff84d-17ce-511c-af0c-059310f3c129 which can be used as unique global reference for Kaspersky Autofill in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-28T00:00:00Z
source MITRE
title How malware steals autofill data from browsers

Microsoft Threat Actor Naming July 2023

Microsoft . (2023, July 12). How Microsoft names threat actors. Retrieved November 17, 2023.

Internal MISP references

UUID 78a8137d-694e-533d-aed3-6bd48fc0cd4a which can be used as unique global reference for Microsoft Threat Actor Naming July 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-17T00:00:00Z
date_published 2023-07-12T00:00:00Z
source MITRE
title How Microsoft names threat actors

Microsoft Threat Actor Naming

diannegali, schmurky, Dansimp, chrisda, Stacyrch140. (2023, April 20). How Microsoft names threat actors. Retrieved June 22, 2023.

Internal MISP references

UUID de9cda86-0b23-4bc8-b524-e74fecf99448 which can be used as unique global reference for Microsoft Threat Actor Naming in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-22T00:00:00Z
date_published 2023-04-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title How Microsoft names threat actors

TheEclecticLightCompany apple notarization

How Notarization Works. (2020, August 28). How notarization works. Retrieved September 13, 2021.

Internal MISP references

UUID 80c840ab-782a-4f15-bc7b-2d2ab4e51702 which can be used as unique global reference for TheEclecticLightCompany apple notarization in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-13T00:00:00Z
date_published 2020-08-28T00:00:00Z
source MITRE
title How notarization works

SentinelOne AppleScript

Phil Stokes. (2020, March 16). How Offensive Actors Use AppleScript For Attacking macOS. Retrieved July 17, 2020.

Internal MISP references

UUID bb6aafcb-ed30-404a-a9d9-b90503a0ec7c which can be used as unique global reference for SentinelOne AppleScript in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-17T00:00:00Z
date_published 2020-03-16T00:00:00Z
source MITRE
title How Offensive Actors Use AppleScript For Attacking macOS

SecureWorld - How Secure Is Your Slack Channel - Dec 2021

Drew Todd. (2021, December 28). How Secure Is Your Slack Channel?. Retrieved May 31, 2022.

Internal MISP references

UUID 78199414-7b5e-45d8-8bda-d6f5a7c3988b which can be used as unique global reference for SecureWorld - How Secure Is Your Slack Channel - Dec 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-31T00:00:00Z
date_published 2021-12-28T00:00:00Z
source MITRE
title How Secure Is Your Slack Channel?

Windows OS Hub RDP

Windows OS Hub. (2021, November 10). How to Allow Multiple RDP Sessions in Windows 10 and 11?. Retrieved March 28, 2022.

Internal MISP references

UUID 335480f8-8f40-4da7-b083-6a4b158496c1 which can be used as unique global reference for Windows OS Hub RDP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-28T00:00:00Z
date_published 2021-11-10T00:00:00Z
source MITRE
title How to Allow Multiple RDP Sessions in Windows 10 and 11?

Xpn Argue Like Cobalt 2019

Chester, A. (2019, January 28). How to Argue like Cobalt Strike. Retrieved November 19, 2021.

Internal MISP references

UUID 724464f6-1a86-46e3-9a81-192b136c73ba which can be used as unique global reference for Xpn Argue Like Cobalt 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-11-19T00:00:00Z
date_published 2019-01-28T00:00:00Z
source MITRE
title How to Argue like Cobalt Strike

Seqrite DoubleExtension

Seqrite. (n.d.). How to avoid dual attack and vulnerable files with double extension?. Retrieved July 27, 2021.

Internal MISP references

UUID 77af0be9-174a-4330-8122-d0bd0c754973 which can be used as unique global reference for Seqrite DoubleExtension in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-07-27T00:00:00Z
source MITRE
title How to avoid dual attack and vulnerable files with double extension?

BOA Telephone Scams

Bank of America. (n.d.). How to avoid telephone scams. Retrieved September 8, 2023.

Internal MISP references

UUID ee1abe19-f38b-5127-8377-f13f57f2abcb which can be used as unique global reference for BOA Telephone Scams in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-08T00:00:00Z
source MITRE
title How to avoid telephone scams

bypass_webproxy_filtering

Fehrman, B. (2017, April 13). How to Bypass Web-Proxy Filtering. Retrieved September 20, 2019.

Internal MISP references

UUID fab84597-99a0-4560-8c8c-11fd8c01d5fa which can be used as unique global reference for bypass_webproxy_filtering in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-20T00:00:00Z
date_published 2017-04-13T00:00:00Z
source MITRE
title How to Bypass Web-Proxy Filtering

Systemd Remote Control

Aaron Kili. (2018, January 16). How to Control Systemd Services on Remote Linux Server. Retrieved July 26, 2021.

Internal MISP references

UUID 0461b58e-400e-4e3e-b7c4-eed7a9b0fdd6 which can be used as unique global reference for Systemd Remote Control in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-07-26T00:00:00Z
date_published 2018-01-16T00:00:00Z
source MITRE
title How to Control Systemd Services on Remote Linux Server

Microsoft Admin Shares

Microsoft. (n.d.). How to create and delete hidden or administrative shares on client computers. Retrieved November 20, 2014.

Internal MISP references

UUID 68d23cb0-b812-4d77-a3aa-34e24a923a50 which can be used as unique global reference for Microsoft Admin Shares in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-20T00:00:00Z
source MITRE
title How to create and delete hidden or administrative shares on client computers

Delpy Mimikatz Crendential Manager

Delpy, B. (2017, December 12). howto ~ credential manager saved credentials. Retrieved November 23, 2020.

Internal MISP references

UUID 24c6027b-e0d2-4c0c-83af-4536a631ea85 which can be used as unique global reference for Delpy Mimikatz Crendential Manager in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-23T00:00:00Z
date_published 2017-12-12T00:00:00Z
source MITRE
title howto ~ credential manager saved credentials

Stealthbits Overpass-the-Hash

Warren, J. (2019, February 26). How to Detect Overpass-the-Hash Attacks. Retrieved February 4, 2021.

Internal MISP references

UUID e0bf051c-21ab-4454-a6b0-31ae29b6e162 which can be used as unique global reference for Stealthbits Overpass-the-Hash in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-04T00:00:00Z
date_published 2019-02-26T00:00:00Z
source MITRE
title How to Detect Overpass-the-Hash Attacks

Stealthbits Detect PtT 2019

Jeff Warren. (2019, February 19). How to Detect Pass-the-Ticket Attacks. Retrieved February 27, 2020.

Internal MISP references

UUID 5bdb759e-949d-4470-a4e4-925b6579da54 which can be used as unique global reference for Stealthbits Detect PtT 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-27T00:00:00Z
date_published 2019-02-19T00:00:00Z
source MITRE
title How to Detect Pass-the-Ticket Attacks

WindowsIR Anti-Forensic Techniques

Carvey, H. (2013, July 23). HowTo: Determine/Detect the use of Anti-Forensics Techniques. Retrieved June 3, 2016.

Internal MISP references

UUID 646211a7-77be-4e5a-bd02-eeb70d67113d which can be used as unique global reference for WindowsIR Anti-Forensic Techniques in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-03T00:00:00Z
date_published 2013-07-23T00:00:00Z
source MITRE
title HowTo: Determine/Detect the use of Anti-Forensics Techniques

Microsoft Disable Autorun

Microsoft. (n.d.). How to disable the Autorun functionality in Windows. Retrieved April 20, 2016.

Internal MISP references

UUID 64bcc943-29be-4dd8-92c8-8a5dd94cbda4 which can be used as unique global reference for Microsoft Disable Autorun in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-20T00:00:00Z
source MITRE
title How to disable the Autorun functionality in Windows

Superuser Linux Password Policies

Matutiae, M. (2014, August 6). How to display password policy information for a user (Ubuntu)?. Retrieved April 5, 2018.

Internal MISP references

UUID c0bbc881-594a-408c-86a2-211ce6279231 which can be used as unique global reference for Superuser Linux Password Policies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-05T00:00:00Z
date_published 2014-08-06T00:00:00Z
source MITRE
title How to display password policy information for a user (Ubuntu)?

Confluence Linux Command Line

Confluence Support. (2021, September 8). How to enable command line audit logging in linux. Retrieved September 23, 2021.

Internal MISP references

UUID 9ac72e5a-0b00-4936-9a78-bf2694d956c9 which can be used as unique global reference for Confluence Linux Command Line in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-23T00:00:00Z
date_published 2021-09-08T00:00:00Z
source MITRE
title How to enable command line audit logging in linux

Atlassian Confluence Logging

Atlassian. (2018, January 9). How to Enable User Access Logging. Retrieved April 4, 2018.

Internal MISP references

UUID cd3ca4ce-c512-4612-94cc-3cf4d4dbba56 which can be used as unique global reference for Atlassian Confluence Logging in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-04T00:00:00Z
date_published 2018-01-09T00:00:00Z
source MITRE
title How to Enable User Access Logging

Remote Shell Execution in Python

Abdou Rockikz. (2020, July). How to Execute Shell Commands in a Remote Machine in Python. Retrieved July 26, 2021.

Internal MISP references

UUID 4ea54256-42f9-4b35-8f9e-e595ab9be9ce which can be used as unique global reference for Remote Shell Execution in Python in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-07-26T00:00:00Z
date_published 2020-07-01T00:00:00Z
source MITRE
title How to Execute Shell Commands in a Remote Machine in Python

Find Wi-Fi Password on Mac

Ruslana Lishchuk. (2021, March 26). How to Find a Saved Wi-Fi Password on a Mac. Retrieved September 8, 2023.

Internal MISP references

UUID 695f3d20-7a46-5a4a-aef0-0a05a5e35304 which can be used as unique global reference for Find Wi-Fi Password on Mac in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-08T00:00:00Z
date_published 2021-03-26T00:00:00Z
source MITRE
title How to Find a Saved Wi-Fi Password on a Mac

Microsoft Web Root OCT 2016

Microsoft. (2016, October 20). How to: Find the Web Application Root. Retrieved July 27, 2018.

Internal MISP references

UUID bce1230a-5303-4e58-97c9-3e65ecd714d3 which can be used as unique global reference for Microsoft Web Root OCT 2016 in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
date_accessed 2018-07-27T00:00:00Z
date_published 2016-10-20T00:00:00Z
source MITRE
title How to: Find the Web Application Root

Microsoft Replication ACL

Microsoft. (n.d.). How to grant the "Replicating Directory Changes" permission for the Microsoft Metadirectory Services ADMA service account. Retrieved December 4, 2017.

Internal MISP references

UUID 1b17e5ec-6f09-4668-949a-59be2d1f1b65 which can be used as unique global reference for Microsoft Replication ACL in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-04T00:00:00Z
source MITRE
title How to grant the "Replicating Directory Changes" permission for the Microsoft Metadirectory Services ADMA service account

Hide GDM User Accounts

Ji Mingkui. (2021, June 17). How to Hide All The User Accounts in Ubuntu 20.04, 21.04 Login Screen. Retrieved March 15, 2022.

Internal MISP references

UUID 88c3c460-3792-4881-ae7d-031c8901610d which can be used as unique global reference for Hide GDM User Accounts in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-15T00:00:00Z
date_published 2021-06-17T00:00:00Z
source MITRE
title How to Hide All The User Accounts in Ubuntu 20.04, 21.04 Login Screen

Elastic COM Hijacking

Ewing, P. Strom, B. (2016, September 15). How to Hunt: Detecting Persistence & Evasion with the COM. Retrieved September 15, 2016.

Internal MISP references

UUID bb325d97-5f69-4645-82d8-fdd6badecd9d which can be used as unique global reference for Elastic COM Hijacking in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-09-15T00:00:00Z
date_published 2016-09-15T00:00:00Z
source MITRE
title How to Hunt: Detecting Persistence & Evasion with the COM

Elastic Masquerade Ball

Ewing, P. (2016, October 31). How to Hunt: The Masquerade Ball. Retrieved October 31, 2016.

Internal MISP references

UUID 29c17b60-f947-4482-afa6-c80ca5819d10 which can be used as unique global reference for Elastic Masquerade Ball in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-10-31T00:00:00Z
date_published 2016-10-31T00:00:00Z
source MITRE
title How to Hunt: The Masquerade Ball

Linux Loadable Kernel Module Insert and Remove LKMs

Henderson, B. (2006, September 24). How To Insert And Remove LKMs. Retrieved April 9, 2018.

Internal MISP references

UUID 044d0df8-61e4-4a29-8a24-0bd1227d4317 which can be used as unique global reference for Linux Loadable Kernel Module Insert and Remove LKMs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-09T00:00:00Z
date_published 2006-09-24T00:00:00Z
source MITRE
title How To Insert And Remove LKMs

DigiCert Install SSL Cert

DigiCert. (n.d.). How to Install an SSL Certificate. Retrieved April 19, 2021.

Internal MISP references

UUID a1d7d368-6092-4421-99de-44e458deee21 which can be used as unique global reference for DigiCert Install SSL Cert in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-19T00:00:00Z
source MITRE
title How to Install an SSL Certificate

HowToGeek ShowExtension

Chris Hoffman. (2017, March 8). How to Make Windows Show File Extensions. Retrieved August 4, 2021.

Internal MISP references

UUID 51584201-40a4-4e39-ad23-14453e1eea46 which can be used as unique global reference for HowToGeek ShowExtension in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-04T00:00:00Z
date_published 2017-03-08T00:00:00Z
source MITRE
title How to Make Windows Show File Extensions

Microsoft RDP Removal

Microsoft. (2021, September 24). How to remove entries from the Remote Desktop Connection Computer box. Retrieved June 15, 2022.

Internal MISP references

UUID 367d3f80-9b13-44fa-938a-744a95518571 which can be used as unique global reference for Microsoft RDP Removal in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-15T00:00:00Z
date_published 2021-09-24T00:00:00Z
source MITRE
title How to remove entries from the Remote Desktop Connection Computer box

Startup Items Eclectic

hoakley. (2021, September 16). How to run an app or tool at startup. Retrieved October 5, 2021.

Internal MISP references

UUID 397be6f9-a109-4185-85f7-8d994fb31eaa which can be used as unique global reference for Startup Items Eclectic in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-05T00:00:00Z
date_published 2021-09-16T00:00:00Z
source MITRE
title How to run an app or tool at startup

Podman Systemd

Valentin Rothberg. (2022, March 16). How to run pods as systemd services with Podman. Retrieved February 15, 2024.

Internal MISP references

UUID 1657c650-7739-5ba3-8c95-b35cb74ee79f which can be used as unique global reference for Podman Systemd in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-15T00:00:00Z
date_published 2022-03-16T00:00:00Z
source MITRE
title How to run pods as systemd services with Podman

CrowdStrike Endpoint Security Testing Oct 2021

Radu Vlad, Liviu Arsene. (2021, October 15). How to Test Endpoint Security Efficacy and What to Expect. Retrieved March 7, 2024.

Internal MISP references

UUID 4cecfe1f-c1d2-4a71-ac17-0effd5f045df which can be used as unique global reference for CrowdStrike Endpoint Security Testing Oct 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-07T00:00:00Z
date_published 2021-10-15T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title How to Test Endpoint Security Efficacy and What to Expect

Microsoft Disable VBA Jan 2020

Microsoft. (2020, January 23). How to turn off Visual Basic for Applications when you deploy Office. Retrieved September 17, 2020.

Internal MISP references

UUID 104db93c-c5cd-431c-ac79-d76cb1694d7c which can be used as unique global reference for Microsoft Disable VBA Jan 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-17T00:00:00Z
date_published 2020-01-23T00:00:00Z
source MITRE
title How to turn off Visual Basic for Applications when you deploy Office

Microsoft Regsvr32

Microsoft. (2015, August 14). How to use the Regsvr32 tool and troubleshoot Regsvr32 error messages. Retrieved June 22, 2016.

Internal MISP references

UUID 723ec577-5ea8-4ced-b6c3-b7aaabe1d7e8 which can be used as unique global reference for Microsoft Regsvr32 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-22T00:00:00Z
date_published 2015-08-14T00:00:00Z
source MITRE
title How to use the Regsvr32 tool and troubleshoot Regsvr32 error messages

Microsoft SAM

Microsoft. (2006, October 30). How to use the SysKey utility to secure the Windows Security Accounts Manager database. Retrieved August 3, 2016.

Internal MISP references

UUID bde9acb0-c1c3-44e1-b3b1-cfc0898baead which can be used as unique global reference for Microsoft SAM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-03T00:00:00Z
date_published 2006-10-30T00:00:00Z
source MITRE
title How to use the SysKey utility to secure the Windows Security Accounts Manager database

AWS Traffic Mirroring

Amazon Web Services. (n.d.). How Traffic Mirroring works. Retrieved March 17, 2022.

Internal MISP references

UUID 6b77a2f3-39b8-4574-8dee-cde7ba9debff which can be used as unique global reference for AWS Traffic Mirroring in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-17T00:00:00Z
source MITRE
title How Traffic Mirroring works

Symantec Hydraq Persistence Jan 2010

Fitzgerald, P. (2010, January 26). How Trojan.Hydraq Stays On Your Computer. Retrieved February 22, 2018.

Internal MISP references

UUID b3ef4b78-2ed6-4cf4-afcc-4e4cb09d806a which can be used as unique global reference for Symantec Hydraq Persistence Jan 2010 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-22T00:00:00Z
date_published 2010-01-26T00:00:00Z
source MITRE
title How Trojan.Hydraq Stays On Your Computer

Microsoft UAC Nov 2018

Montemayor, D. et al.. (2018, November 15). How User Account Control works. Retrieved June 3, 2019.

Internal MISP references

UUID abda4184-18f9-4799-9c1f-3ba484473e35 which can be used as unique global reference for Microsoft UAC Nov 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-03T00:00:00Z
date_published 2018-11-15T00:00:00Z
source MITRE
title How User Account Control works

TechNet How UAC Works

Lich, B. (2016, May 31). How User Account Control Works. Retrieved June 3, 2016.

Internal MISP references

UUID bbf8d1a3-115e-4bc8-be43-47ce3b295d45 which can be used as unique global reference for TechNet How UAC Works in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-03T00:00:00Z
date_published 2016-05-31T00:00:00Z
source MITRE
title How User Account Control Works

PWC WellMess July 2020

PWC. (2020, July 16). How WellMess malware has been used to target COVID-19 vaccines. Retrieved September 24, 2020.

Internal MISP references

UUID 22794e37-3c55-444a-b659-e5a1a6bc2da0 which can be used as unique global reference for PWC WellMess July 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-24T00:00:00Z
date_published 2020-07-16T00:00:00Z
source MITRE
title How WellMess malware has been used to target COVID-19 vaccines

Google Election Threats October 2020

Huntley, S. (2020, October 16). How We're Tackling Evolving Online Threats. Retrieved March 24, 2021.

Internal MISP references

UUID 8538a963-3e67-47fe-9afd-216b93a2be00 which can be used as unique global reference for Google Election Threats October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-24T00:00:00Z
date_published 2020-10-16T00:00:00Z
source MITRE
title How We're Tackling Evolving Online Threats

Microsoft Credential Guard April 2017

Lich, B., Tobin, J. (2017, April 5). How Windows Defender Credential Guard works. Retrieved November 27, 2017.

Internal MISP references

UUID aa52db88-5d03-42ae-b371-6210d7079a84 which can be used as unique global reference for Microsoft Credential Guard April 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-27T00:00:00Z
date_published 2017-04-05T00:00:00Z
source MITRE
title How Windows Defender Credential Guard works

NPPSPY Video

Grzegorz Tworek. (2021, December 14). How winlogon.exe shares the cleartext password with custom DLLs. Retrieved March 30, 2023.

Internal MISP references

UUID 6533d5df-7388-5c59-8c63-0923de34b61d which can be used as unique global reference for NPPSPY Video in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-30T00:00:00Z
date_published 2021-12-14T00:00:00Z
source MITRE
title How winlogon.exe shares the cleartext password with custom DLLs

BleepingComputer HPE January 24 2024

Lawrence Abrams. (2024, January 24). HPE: Russian hackers breached its security team’s email accounts. Retrieved February 5, 2024.

Internal MISP references

UUID fc77948f-332a-4e59-8c93-f430cbbbf68f which can be used as unique global reference for BleepingComputer HPE January 24 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-05T00:00:00Z
date_published 2024-01-24T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title HPE: Russian hackers breached its security team’s email accounts

Cylance Sodinokibi July 2019

Cylance. (2019, July 3). hreat Spotlight: Sodinokibi Ransomware. Retrieved August 4, 2020.

Internal MISP references

UUID 3ad8def7-3a8a-49bb-8f47-dea2e570c99e which can be used as unique global reference for Cylance Sodinokibi July 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-04T00:00:00Z
date_published 2019-07-03T00:00:00Z
source MITRE
title hreat Spotlight: Sodinokibi Ransomware

Wikipedia HTML Application

Wikipedia. (2017, October 14). HTML Application. Retrieved October 27, 2017.

Internal MISP references

UUID f1f76055-91f8-4977-9392-bed347e4f181 which can be used as unique global reference for Wikipedia HTML Application in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-10-27T00:00:00Z
date_published 2017-10-14T00:00:00Z
source MITRE
title HTML Application

MSDN HTML Applications

Microsoft. (n.d.). HTML Applications. Retrieved October 27, 2017.

Internal MISP references

UUID 2de103a8-8d72-40f9-b366-b908364dd090 which can be used as unique global reference for MSDN HTML Applications in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-10-27T00:00:00Z
source MITRE
title HTML Applications

Microsoft HTML Help ActiveX

Microsoft. (n.d.). HTML Help ActiveX Control Overview. Retrieved October 3, 2018.

Internal MISP references

UUID ae5728bd-571a-451f-9ba3-3198067135b4 which can be used as unique global reference for Microsoft HTML Help ActiveX in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-10-03T00:00:00Z
source MITRE
title HTML Help ActiveX Control Overview

Outlflank HTML Smuggling 2018

Hegt, S. (2018, August 14). HTML smuggling explained. Retrieved May 20, 2021.

Internal MISP references

UUID 9a99f431-4d15-47f8-a31b-4f98671cd95d which can be used as unique global reference for Outlflank HTML Smuggling 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-20T00:00:00Z
date_published 2018-08-14T00:00:00Z
source MITRE
title HTML smuggling explained

CrowdStrike Linux Rootkit

Kurtz, G. (2012, November 19). HTTP iframe Injecting Linux Rootkit. Retrieved December 21, 2017.

Internal MISP references

UUID eb3590bf-ff12-4ccd-bf9d-cf8eacd82135 which can be used as unique global reference for CrowdStrike Linux Rootkit in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-21T00:00:00Z
date_published 2012-11-19T00:00:00Z
source MITRE
title HTTP iframe Injecting Linux Rootkit

Wikipedia HPKP

Wikipedia. (2017, February 28). HTTP Public Key Pinning. Retrieved March 31, 2017.

Internal MISP references

UUID 2da110e7-d3a8-433f-87c3-eb744adf811b which can be used as unique global reference for Wikipedia HPKP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-31T00:00:00Z
date_published 2017-02-28T00:00:00Z
source MITRE
title HTTP Public Key Pinning

Cobalt Strike Arguments 2019

Mudge, R. (2019, January 2). https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue/. Retrieved November 19, 2021.

Internal MISP references

UUID e845f741-eabe-469b-97c1-f51a2aeb18b0 which can be used as unique global reference for Cobalt Strike Arguments 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-11-19T00:00:00Z
date_published 2019-01-02T00:00:00Z
source MITRE
title https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue/

Talos Discord Webhook Abuse

Nick Biasini, Edmund Brumaghin, Chris Neal, and Paul Eubanks. (2021, April 7). https://blog.talosintelligence.com/collab-app-abuse/. Retrieved July 20, 2023.

Internal MISP references

UUID affa93d8-5c8b-557d-80b4-1366df13d77a which can be used as unique global reference for Talos Discord Webhook Abuse in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-20T00:00:00Z
date_published 2021-04-07T00:00:00Z
source MITRE
title https://blog.talosintelligence.com/collab-app-abuse/

Red Canary Emotet Feb 2019

Donohue, B.. (2019, February 13). https://redcanary.com/blog/stopping-emotet-before-it-moves-laterally/. Retrieved March 25, 2019.

Internal MISP references

UUID 132915dc-d906-4c23-b1e3-885af817b840 which can be used as unique global reference for Red Canary Emotet Feb 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-25T00:00:00Z
date_published 2019-02-13T00:00:00Z
source MITRE
title https://redcanary.com/blog/stopping-emotet-before-it-moves-laterally/

TechNet Removable Media Control

Microsoft. (2007, August 31). https://technet.microsoft.com/en-us/library/cc771759(v=ws.10).aspx. Retrieved April 20, 2016.

Internal MISP references

UUID db86cd0a-1188-4079-afed-1f986166a2e7 which can be used as unique global reference for TechNet Removable Media Control in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-20T00:00:00Z
date_published 2007-08-31T00:00:00Z
source MITRE
title https://technet.microsoft.com/en-us/library/cc771759(v=ws.10).aspx

Chromium HSTS

Chromium. (n.d.). HTTP Strict Transport Security. Retrieved May 24, 2023.

Internal MISP references

UUID 1ad03be3-d863-5a55-a371-42b6d3b7ed31 which can be used as unique global reference for Chromium HSTS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-24T00:00:00Z
source MITRE
title HTTP Strict Transport Security

CISA AA20-301A Kimsuky

CISA, FBI, CNMF. (2020, October 27). https://us-cert.cisa.gov/ncas/alerts/aa20-301a. Retrieved November 4, 2020.

Internal MISP references

UUID 685aa213-7902-46fb-b90a-64be5c851f73 which can be used as unique global reference for CISA AA20-301A Kimsuky in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-04T00:00:00Z
date_published 2020-10-27T00:00:00Z
source MITRE
title https://us-cert.cisa.gov/ncas/alerts/aa20-301a

FireEye Targeted Attacks Middle East Banks

Singh, S., Yin, H. (2016, May 22). https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html. Retrieved April 5, 2018.

Internal MISP references

UUID fedb3a9d-4f9e-495c-ac92-d5457688608d which can be used as unique global reference for FireEye Targeted Attacks Middle East Banks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-05T00:00:00Z
date_published 2016-05-22T00:00:00Z
source MITRE
title https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html

Forbes Dyre May 2017

Brewster, T. (2017, May 4). https://www.forbes.com/sites/thomasbrewster/2017/05/04/dyre-hackers-stealing-millions-from-american-coporates/#601c77842a0a. Retrieved June 15, 2020.

Internal MISP references

UUID 8fb3ef2f-3652-4563-8921-2c601d1b9bc9 which can be used as unique global reference for Forbes Dyre May 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-15T00:00:00Z
date_published 2017-05-04T00:00:00Z
source MITRE
title https://www.forbes.com/sites/thomasbrewster/2017/05/04/dyre-hackers-stealing-millions-from-american-coporates/#601c77842a0a

Microsoft Subscription Hijacking 2022

Dor Edry. (2022, August 24). Hunt for compromised Azure subscriptions using Microsoft Defender for Cloud Apps. Retrieved September 5, 2023.

Internal MISP references

UUID e5944e4c-76c6-55d1-97ec-8367b7f98c28 which can be used as unique global reference for Microsoft Subscription Hijacking 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-05T00:00:00Z
date_published 2022-08-24T00:00:00Z
source MITRE
title Hunt for compromised Azure subscriptions using Microsoft Defender for Cloud Apps

crowdstrike bpf socket filters

Jamie Harries. (2022, May 25). Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun. Retrieved October 18, 2022.

Internal MISP references

UUID f68a59a1-cb07-4f58-b755-25c91938b611 which can be used as unique global reference for crowdstrike bpf socket filters in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-10-18T00:00:00Z
date_published 2022-05-25T00:00:00Z
source MITRE
title Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun

Koczwara Beacon Hunting Sep 2021

Koczwara, M. (2021, September 7). Hunting Cobalt Strike C2 with Shodan. Retrieved October 12, 2021.

Internal MISP references

UUID e3984769-f6d7-43dd-8179-7df9d441512e which can be used as unique global reference for Koczwara Beacon Hunting Sep 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-12T00:00:00Z
date_published 2021-09-07T00:00:00Z
source MITRE
title Hunting Cobalt Strike C2 with Shodan

Fireeye Hunting COM June 2019

Hamilton, C. (2019, June 4). Hunting COM Objects. Retrieved June 10, 2019.

Internal MISP references

UUID 84311e46-cea1-486a-a737-c4a4946ab837 which can be used as unique global reference for Fireeye Hunting COM June 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-10T00:00:00Z
date_published 2019-06-04T00:00:00Z
source MITRE
title Hunting COM Objects

Berba hunting linux systemd

Pepe Berba. (2022, January 30). Hunting for Persistence in Linux (Part 3): Systemd, Timers, and Cron. Retrieved March 20, 2023.

Internal MISP references

UUID 7dfd6a67-3935-506a-8661-1caa7eb508e2 which can be used as unique global reference for Berba hunting linux systemd in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-20T00:00:00Z
date_published 2022-01-30T00:00:00Z
source MITRE
title Hunting for Persistence in Linux (Part 3): Systemd, Timers, and Cron

Elastic HuntingNMemory June 2017

Desimone, J. (2017, June 13). Hunting in Memory. Retrieved December 7, 2017.

Internal MISP references

UUID 8cd58716-4ff1-4ba2-b980-32c52cf7dee8 which can be used as unique global reference for Elastic HuntingNMemory June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-07T00:00:00Z
date_published 2017-06-13T00:00:00Z
source MITRE
title Hunting in Memory

LogPoint Hunting LockBit

LogPoint. (n.d.). Hunting LockBit Variations using Logpoint. Retrieved May 19, 2023.

Internal MISP references

UUID 22aa7792-6296-4f16-826f-d0f1c55ddb2a which can be used as unique global reference for LogPoint Hunting LockBit in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-19T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Hunting LockBit Variations using Logpoint

Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023

FBI et al. (2023, May 9). Hunting Russian Intelligence “Snake” Malware. Retrieved June 8, 2023.

Internal MISP references

UUID 1931b80a-effb-59ec-acae-c0f17efb8cad which can be used as unique global reference for Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-08T00:00:00Z
date_published 2023-05-09T00:00:00Z
source MITRE
title Hunting Russian Intelligence “Snake” Malware

Falcon Sandbox smp: 28553b3a9d

Hybrid Analysis. (2018, July 11). HybridAnalsysis of sample 28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7. Retrieved September 8, 2023.

Internal MISP references

UUID f27ab4cb-1666-501a-aa96-537d2b2d1f08 which can be used as unique global reference for Falcon Sandbox smp: 28553b3a9d in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-08T00:00:00Z
date_published 2018-07-11T00:00:00Z
source MITRE
title HybridAnalsysis of sample 28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7

Wikipedia Hypervisor

Wikipedia. (2016, May 23). Hypervisor. Retrieved June 11, 2016.

Internal MISP references

UUID 1a6ae877-ef30-4d40-abd0-fde308f1a1f0 which can be used as unique global reference for Wikipedia Hypervisor in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-11T00:00:00Z
date_published 2016-05-23T00:00:00Z
source MITRE
title Hypervisor

FireEye ADFS

Bierstock, D., Baker, A. (2019, March 21). I am AD FS and So Can You. Retrieved December 17, 2020.

Internal MISP references

UUID 6891eaf4-6857-4106-860c-1708d2a3bd33 which can be used as unique global reference for FireEye ADFS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-17T00:00:00Z
date_published 2019-03-21T00:00:00Z
source MITRE
title I am AD FS and So Can You

AWS IAM Conditions

AWS. (n.d.). IAM JSON policy elements: Condition. Retrieved January 2, 2024.

Internal MISP references

UUID 0fabd95b-a8cc-5a03-9a48-ffac8e5c5e28 which can be used as unique global reference for AWS IAM Conditions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-02T00:00:00Z
source MITRE
title IAM JSON policy elements: Condition

AWS EKS IAM Roles for Service Accounts

Amazon Web Services. (n.d.). IAM roles for service accounts. Retrieved July 14, 2023.

Internal MISP references

UUID b2452f0e-93b0-55b7-add8-8338d171f0bf which can be used as unique global reference for AWS EKS IAM Roles for Service Accounts in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-14T00:00:00Z
source MITRE
title IAM roles for service accounts

Kaspersky IAmTheKing October 2020

Ivan Kwiatkowski, Pierre Delcher, Felix Aime. (2020, October 15). IAmTheKing and the SlothfulMedia malware family. Retrieved October 15, 2020.

Internal MISP references

UUID fe4050f3-1a73-4e98-9bf1-e8fb73a23b7a which can be used as unique global reference for Kaspersky IAmTheKing October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-15T00:00:00Z
date_published 2020-10-15T00:00:00Z
source MITRE
title IAmTheKing and the SlothfulMedia malware family

Amazon IAM Groups

Amazon. (n.d.). IAM user groups. Retrieved October 13, 2021.

Internal MISP references

UUID 16f6b02a-912b-42c6-8d32-4e4f11fa70ec which can be used as unique global reference for Amazon IAM Groups in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-13T00:00:00Z
source MITRE
title IAM user groups

IAPP

IAPP. (n.d.). Retrieved March 5, 2024.

Internal MISP references

UUID a7dac249-f34a-557c-94ea-b16723f7a4f7 which can be used as unique global reference for IAPP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-05T00:00:00Z
source MITRE
title IAPP

CrowdStrike IceApple May 2022

CrowdStrike. (2022, May). ICEAPPLE: A NOVEL INTERNET INFORMATION SERVICES (IIS) POST-EXPLOITATION FRAMEWORK. Retrieved June 27, 2022.

Internal MISP references

UUID 325988b8-1c7d-4296-83d6-bfcbe533b75e which can be used as unique global reference for CrowdStrike IceApple May 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-27T00:00:00Z
date_published 2022-05-01T00:00:00Z
source MITRE
title ICEAPPLE: A NOVEL INTERNET INFORMATION SERVICES (IIS) POST-EXPLOITATION FRAMEWORK

ICIT China's Espionage Jul 2016

Scott, J. and Spaniel, D. (2016, July 28). ICIT Brief - China’s Espionage Dynasty: Economic Death by a Thousand Cuts. Retrieved June 7, 2018.

Internal MISP references

UUID 1a824860-6978-454d-963a-a56414a4312b which can be used as unique global reference for ICIT China's Espionage Jul 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-06-07T00:00:00Z
date_published 2016-07-28T00:00:00Z
source MITRE
title ICIT Brief - China’s Espionage Dynasty: Economic Death by a Thousand Cuts

CISA ICS Advisory ICSA-10-272-01

CISA. (2010, September 10). ICS Advisory (ICSA-10-272-01). Retrieved December 7, 2020.

Internal MISP references

UUID 25b3c18c-e017-4773-91dd-b489220d4fcb which can be used as unique global reference for CISA ICS Advisory ICSA-10-272-01 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-07T00:00:00Z
date_published 2010-09-10T00:00:00Z
source MITRE
title ICS Advisory (ICSA-10-272-01)

US-CERT Ukraine Feb 2016

US-CERT. (2016, February 25). ICS Alert (IR-ALERT-H-16-056-01) Cyber-Attack Against Ukrainian Critical Infrastructure. Retrieved June 10, 2020.

Internal MISP references

UUID 403ea040-8c08-423f-99cb-d7e7852c16e4 which can be used as unique global reference for US-CERT Ukraine Feb 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-10T00:00:00Z
date_published 2016-02-25T00:00:00Z
source MITRE
title ICS Alert (IR-ALERT-H-16-056-01) Cyber-Attack Against Ukrainian Critical Infrastructure

Dragos Threat Report 2020

Dragos. (n.d.). ICS Cybersecurity Year in Review 2020. Retrieved February 25, 2021.

Internal MISP references

UUID 8bb3147c-3178-4449-9978-f1248b1bcb0a which can be used as unique global reference for Dragos Threat Report 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-25T00:00:00Z
source MITRE
title ICS Cybersecurity Year in Review 2020

id man page

MacKenzie, D. and Robbins, A. (n.d.). id(1) - Linux man page. Retrieved January 11, 2024.

Internal MISP references

UUID 158f088c-4d51-567d-bc58-be0b9a087c9a which can be used as unique global reference for id man page in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-11T00:00:00Z
source MITRE
title id(1) - Linux man page

Cisco Advisory SNMP v3 Authentication Vulnerabilities

Cisco. (2008, June 10). Identifying and Mitigating Exploitation of the SNMP Version 3 Authentication Vulnerabilities. Retrieved October 19, 2020.

Internal MISP references

UUID ed7897e5-21f0-49fa-9b26-c397eaebc88a which can be used as unique global reference for Cisco Advisory SNMP v3 Authentication Vulnerabilities in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
date_published 2008-06-10T00:00:00Z
source MITRE
title Identifying and Mitigating Exploitation of the SNMP Version 3 Authentication Vulnerabilities

Resource and Data Forks

Flylib. (n.d.). Identifying Resource and Data Forks. Retrieved October 12, 2021.

Internal MISP references

UUID b8eaf053-40e0-414e-a89e-409dbf218554 which can be used as unique global reference for Resource and Data Forks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-12T00:00:00Z
source MITRE
title Identifying Resource and Data Forks

AWS Identity Federation

Amazon. (n.d.). Identity Federation in AWS. Retrieved March 13, 2020.

Internal MISP references

UUID b55ac071-483b-4802-895f-ea4eaac1de92 which can be used as unique global reference for AWS Identity Federation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-13T00:00:00Z
source MITRE
title Identity Federation in AWS

Microsoft GetNCCChanges

Microsoft. (n.d.). IDL_DRSGetNCChanges (Opnum 3). Retrieved December 4, 2017.

Internal MISP references

UUID 410570e4-b578-4838-a25d-f03d92fcf3cb which can be used as unique global reference for Microsoft GetNCCChanges in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-04T00:00:00Z
source MITRE
title IDL_DRSGetNCChanges (Opnum 3)

Ie4uinit.exe - LOLBAS Project

LOLBAS. (2018, May 25). Ie4uinit.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 01f9a368-5933-47a1-85a9-e5883a5ca266 which can be used as unique global reference for Ie4uinit.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Ie4uinit.exe

Ieadvpack.dll - LOLBAS Project

LOLBAS. (2018, May 25). Ieadvpack.dll. Retrieved December 4, 2023.

Internal MISP references

UUID 79943a49-23d6-499b-a022-7c2f8bd68aee which can be used as unique global reference for Ieadvpack.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Ieadvpack.dll

iediagcmd.exe - LOLBAS Project

LOLBAS. (2022, March 29). iediagcmd.exe. Retrieved December 4, 2023.

Internal MISP references

UUID de238a18-2275-497e-adcf-453a016a24c4 which can be used as unique global reference for iediagcmd.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-03-29T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title iediagcmd.exe

Wikipedia 802.1x

Wikipedia. (2018, March 30). IEEE 802.1X. Retrieved April 11, 2018.

Internal MISP references

UUID 5d382527-ffbd-486e-adbe-d60508567281 which can be used as unique global reference for Wikipedia 802.1x in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-11T00:00:00Z
date_published 2018-03-30T00:00:00Z
source MITRE
title IEEE 802.1X

Ieexec.exe - LOLBAS Project

LOLBAS. (2018, May 25). Ieexec.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 91f31525-585d-4b71-83d7-9b7c2feacd34 which can be used as unique global reference for Ieexec.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Ieexec.exe

Ieframe.dll - LOLBAS Project

LOLBAS. (2018, May 25). Ieframe.dll. Retrieved December 4, 2023.

Internal MISP references

UUID aab9c80d-1f1e-47ba-954d-65e7400054df which can be used as unique global reference for Ieframe.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Ieframe.dll

Wikipedia Ifconfig

Wikipedia. (2016, January 26). ifconfig. Retrieved April 17, 2016.

Internal MISP references

UUID 7bb238d4-4571-4cd0-aab2-76797570724a which can be used as unique global reference for Wikipedia Ifconfig in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-17T00:00:00Z
date_published 2016-01-26T00:00:00Z
source MITRE
title ifconfig

EFF Manul Aug 2016

Galperin, E., Et al.. (2016, August). I Got a Letter From the Government the Other Day.... Retrieved April 25, 2018.

Internal MISP references

UUID 311a3863-3897-4ddf-a251-d0467a56675f which can be used as unique global reference for EFF Manul Aug 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-25T00:00:00Z
date_published 2016-08-01T00:00:00Z
source MITRE
title I Got a Letter From the Government the Other Day...

IIS Backdoor 2011

Julien. (2011, February 2). IIS Backdoor. Retrieved June 3, 2021.

Internal MISP references

UUID fd450382-cca0-40c4-8144-cc90a3b0011b which can be used as unique global reference for IIS Backdoor 2011 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-03T00:00:00Z
date_published 2011-02-02T00:00:00Z
source MITRE
title IIS Backdoor

Microsoft IIS Modules Overview 2007

Microsoft. (2007, November 24). IIS Modules Overview. Retrieved June 17, 2021.

Internal MISP references

UUID c8db6bfd-3a08-43b3-b33b-91a32e9bd694 which can be used as unique global reference for Microsoft IIS Modules Overview 2007 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-17T00:00:00Z
date_published 2007-11-24T00:00:00Z
source MITRE
title IIS Modules Overview

Proofpoint TA456 Defense Contractor July 2021

Miller, J. et. al. (2021, July 28). I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona. Retrieved March 11, 2024.

Internal MISP references

UUID 0cc015d9-96d0-534e-a34a-221267250f90 which can be used as unique global reference for Proofpoint TA456 Defense Contractor July 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-11T00:00:00Z
date_published 2021-07-28T00:00:00Z
source MITRE
title I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona

Ilasm.exe - LOLBAS Project

LOLBAS. (2020, March 17). Ilasm.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 347a1f01-02ce-488e-9100-862971c1833f which can be used as unique global reference for Ilasm.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-03-17T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Ilasm.exe

anomali-rocke-tactics

Anomali Threat Research. (2019, October 15). Illicit Cryptomining Threat Actor Rocke Changes Tactics, Now More Difficult to Detect. Retrieved December 17, 2020.

Internal MISP references

UUID 2308c5ca-04a4-43c5-b92b-ffa6a60ae3a9 which can be used as unique global reference for anomali-rocke-tactics in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-17T00:00:00Z
date_published 2019-10-15T00:00:00Z
source MITRE
title Illicit Cryptomining Threat Actor Rocke Changes Tactics, Now More Difficult to Detect

Microsoft Dev Blog IFEO Mar 2010

Shanbhag, M. (2010, March 24). Image File Execution Options (IFEO). Retrieved December 18, 2017.

Internal MISP references

UUID 4c62c2cb-bee2-4fc0-aa81-65d66e71a5c2 which can be used as unique global reference for Microsoft Dev Blog IFEO Mar 2010 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-18T00:00:00Z
date_published 2010-03-24T00:00:00Z
source MITRE
title Image File Execution Options (IFEO)

IMEWDBLD.exe - LOLBAS Project

LOLBAS. (2020, March 5). IMEWDBLD.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 9d1d6bc1-61cf-4465-b3cb-b6af36769027 which can be used as unique global reference for IMEWDBLD.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-03-05T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title IMEWDBLD.exe

Imminent Unit42 Dec2019

Unit 42. (2019, December 2). Imminent Monitor – a RAT Down Under. Retrieved May 5, 2020.

Internal MISP references

UUID 28f858c6-4c00-4c0c-bb27-9e000ba22690 which can be used as unique global reference for Imminent Unit42 Dec2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-05T00:00:00Z
date_published 2019-12-02T00:00:00Z
source MITRE
title Imminent Monitor – a RAT Down Under

Core Security Impacket

Core Security. (n.d.). Impacket. Retrieved November 2, 2017.

Internal MISP references

UUID 9b88d7d6-5cf3-40d5-b624-ddf01508cb95 which can be used as unique global reference for Core Security Impacket in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-02T00:00:00Z
source MITRE
title Impacket

Impacket Tools

SecureAuth. (n.d.). Retrieved January 15, 2019.

Internal MISP references

UUID cdaf72ce-e8f7-42ae-b815-14a7fd47e292 which can be used as unique global reference for Impacket Tools in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-01-15T00:00:00Z
source MITRE
title Impacket Tools

EK Impeding Malware Analysis

Song, C., et al. (2012, August 7). Impeding Automated Malware Analysis with Environment-sensitive Malware. Retrieved January 18, 2019.

Internal MISP references

UUID c3e6c8da-1399-419c-96f5-7dade6fccd29 which can be used as unique global reference for EK Impeding Malware Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-01-18T00:00:00Z
date_published 2012-08-07T00:00:00Z
source MITRE
title Impeding Automated Malware Analysis with Environment-sensitive Malware

Microsoft Impersonation and EWS in Exchange

Microsoft. (2022, September 13). Impersonation and EWS in Exchange. Retrieved July 10, 2023.

Internal MISP references

UUID d7755dbd-0b38-5776-b63a-d792a4d027a4 which can be used as unique global reference for Microsoft Impersonation and EWS in Exchange in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-10T00:00:00Z
date_published 2022-09-13T00:00:00Z
source MITRE
title Impersonation and EWS in Exchange

Microsoft Implementing CPL

M. (n.d.). Implementing Control Panel Items. Retrieved January 18, 2018.

Internal MISP references

UUID 63c5c654-e885-4427-a644-068f4057f35f which can be used as unique global reference for Microsoft Implementing CPL in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-18T00:00:00Z
source MITRE
title Implementing Control Panel Items

TechNet Least Privilege

Microsoft. (2016, April 16). Implementing Least-Privilege Administrative Models. Retrieved June 3, 2016.

Internal MISP references

UUID 21e595be-d028-4013-b3d0-811c08581709 which can be used as unique global reference for TechNet Least Privilege in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-03T00:00:00Z
date_published 2016-04-16T00:00:00Z
source MITRE
title Implementing Least-Privilege Administrative Models

Dragos IT ICS Ransomware

Slowik, J.. (2019, April 10). Implications of IT Ransomware for ICS Environments. Retrieved January 28, 2021.

Internal MISP references

UUID 60187301-8d70-4023-8e6d-59cbb1468f0d which can be used as unique global reference for Dragos IT ICS Ransomware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-28T00:00:00Z
date_published 2019-04-10T00:00:00Z
source MITRE
title Implications of IT Ransomware for ICS Environments

Microsoft SolarWinds Steps

Lambert, J. (2020, December 13). Important steps for customers to protect themselves from recent nation-state cyberattacks. Retrieved December 17, 2020.

Internal MISP references

UUID 33e84eb1-4835-404b-8c1a-40695c04cdb4 which can be used as unique global reference for Microsoft SolarWinds Steps in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-17T00:00:00Z
date_published 2020-12-13T00:00:00Z
source MITRE
title Important steps for customers to protect themselves from recent nation-state cyberattacks

White House Imposing Costs RU Gov April 2021

White House. (2021, April 15). Imposing Costs for Harmful Foreign Activities by the Russian Government. Retrieved April 16, 2021.

Internal MISP references

UUID c2bf9e2f-cd0a-411d-84bc-61454a369c6b which can be used as unique global reference for White House Imposing Costs RU Gov April 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-16T00:00:00Z
date_published 2021-04-15T00:00:00Z
source MITRE
title Imposing Costs for Harmful Foreign Activities by the Russian Government

Malicious Driver Reporting Center

Azure Edge and Platform Security Team & Microsoft 365 Defender Research Team. (2021, December 8). Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center. Retrieved April 6, 2022.

Internal MISP references

UUID fde77ea9-2b4d-40d7-99c5-433bfdbcb994 which can be used as unique global reference for Malicious Driver Reporting Center in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-06T00:00:00Z
date_published 2021-12-08T00:00:00Z
source MITRE
title Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center

Unit 42 Inception November 2018

Lancaster, T. (2018, November 5). Inception Attackers Target Europe with Year-old Office Vulnerability. Retrieved May 8, 2020.

Internal MISP references

UUID 5cb98fce-f386-4878-b69c-5c6440ad689c which can be used as unique global reference for Unit 42 Inception November 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-08T00:00:00Z
date_published 2018-11-05T00:00:00Z
source MITRE, Tidal Cyber
title Inception Attackers Target Europe with Year-old Office Vulnerability

Symantec Inception Framework March 2018

Symantec. (2018, March 14). Inception Framework: Alive and Well, and Hiding Behind Proxies. Retrieved May 8, 2020.

Internal MISP references

UUID 166f5c44-7d8c-45d5-8d9f-3b8bd21a2af3 which can be used as unique global reference for Symantec Inception Framework March 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-08T00:00:00Z
date_published 2018-03-14T00:00:00Z
source MITRE, Tidal Cyber
title Inception Framework: Alive and Well, and Hiding Behind Proxies

Expel AWS Attacker

Brian Bahtiarian, David Blanton, Britton Manahan and Kyle Pellett. (2022, April 5). Incident report: From CLI to console, chasing an attacker in AWS. Retrieved April 7, 2022.

Internal MISP references

UUID 089f6f4e-370c-49cb-a35c-c80be0fd39de which can be used as unique global reference for Expel AWS Attacker in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-07T00:00:00Z
date_published 2022-04-05T00:00:00Z
source MITRE
title Incident report: From CLI to console, chasing an attacker in AWS

Dark Reading Microsoft 365 Attacks 2021

Kelly Sheridan. (2021, August 5). Incident Responders Explore Microsoft 365 Attacks in the Wild. Retrieved March 17, 2023.

Internal MISP references

UUID f26d3aa4-6966-53c4-b9d1-848420377eae which can be used as unique global reference for Dark Reading Microsoft 365 Attacks 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-17T00:00:00Z
date_published 2021-08-05T00:00:00Z
source MITRE
title Incident Responders Explore Microsoft 365 Attacks in the Wild

Nicole Hoffman. (2023, July 26). Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical. Retrieved August 4, 2023.

Internal MISP references

UUID f5367abc-e776-41a0-b8e5-6dc60079c081 which can be used as unique global reference for Cisco Talos Q2 Trends July 26 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-04T00:00:00Z
date_published 2023-07-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical

U.S. CISA Increased Truebot Activity July 6 2023

Cybersecurity and Infrastructure Security Agency. (2023, July 6). Increased Truebot Activity Infects U.S. and Canada Based Networks. Retrieved July 6, 2023.

Internal MISP references

UUID 6f9b8f72-c55f-4268-903e-1f8a82efa5bb which can be used as unique global reference for U.S. CISA Increased Truebot Activity July 6 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-06T00:00:00Z
date_published 2023-07-06T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Increased Truebot Activity Infects U.S. and Canada Based Networks

Increasing Linux kernel integrity

Boelen, M. (2015, October 7). Increase kernel integrity with disabled Linux kernel modules loading. Retrieved June 4, 2020.

Internal MISP references

UUID 23b12551-0bec-4f7d-8468-f372a8ba521b which can be used as unique global reference for Increasing Linux kernel integrity in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-04T00:00:00Z
date_published 2015-10-07T00:00:00Z
source MITRE
title Increase kernel integrity with disabled Linux kernel modules loading

TechNet Scheduling Priority

Microsoft. (2013, May 8). Increase scheduling priority. Retrieved December 18, 2017.

Internal MISP references

UUID b785ceda-fea9-4e96-87d8-38cfd1f8b5bd which can be used as unique global reference for TechNet Scheduling Priority in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-18T00:00:00Z
date_published 2013-05-08T00:00:00Z
source MITRE
title Increase scheduling priority

Revil Independence Day

Loman, M. et al. (2021, July 4). Independence Day: REvil uses supply chain exploit to attack hundreds of businesses. Retrieved September 30, 2021.

Internal MISP references

UUID d7c4f03e-7dc0-4196-866b-c1a8eb943f77 which can be used as unique global reference for Revil Independence Day in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-30T00:00:00Z
date_published 2021-07-04T00:00:00Z
source MITRE
title Independence Day: REvil uses supply chain exploit to attack hundreds of businesses

Fortinet Agent Tesla June 2017

Zhang, X. (2017, June 28). In-Depth Analysis of A New Variant of .NET Malware AgentTesla. Retrieved November 5, 2018.

Internal MISP references

UUID 24e5c321-c418-4010-b158-0ada2dbb4f7f which can be used as unique global reference for Fortinet Agent Tesla June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-05T00:00:00Z
date_published 2017-06-28T00:00:00Z
source MITRE
title In-Depth Analysis of A New Variant of .NET Malware AgentTesla

NCC Group Team9 June 2020

Pantazopoulos, N. (2020, June 2). In-depth analysis of the new Team9 malware family. Retrieved December 1, 2020.

Internal MISP references

UUID 0ea8f87d-e19d-438d-b05b-30f2ccd0ea3b which can be used as unique global reference for NCC Group Team9 June 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-01T00:00:00Z
date_published 2020-06-02T00:00:00Z
source MITRE
title In-depth analysis of the new Team9 malware family

Trend Micro APT Attack Tools

Wilhoit, K. (2013, March 4). In-Depth Look: APT Attack Tools of the Trade. Retrieved December 2, 2015.

Internal MISP references

UUID dac5cda3-97bc-4e38-b54f-554a75a18c5b which can be used as unique global reference for Trend Micro APT Attack Tools in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-12-02T00:00:00Z
date_published 2013-03-04T00:00:00Z
source MITRE
title In-Depth Look: APT Attack Tools of the Trade

Symantec Suckfly May 2016

DiMaggio, J. (2016, May 17). Indian organizations targeted in Suckfly attacks. Retrieved August 3, 2016.

Internal MISP references

UUID 59fd16cd-426f-472d-a5df-e7c1484a6481 which can be used as unique global reference for Symantec Suckfly May 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-03T00:00:00Z
date_published 2016-05-17T00:00:00Z
source MITRE
title Indian organizations targeted in Suckfly attacks

Joint CSA AvosLocker Mar 2022

FBI, FinCEN, Treasury. (2022, March 17). Indicators of Compromise Associated with AvosLocker Ransomware. Retrieved January 11, 2023.

Internal MISP references

UUID 8ad57a0d-d74f-5802-ab83-4ddac1beb083 which can be used as unique global reference for Joint CSA AvosLocker Mar 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-01-11T00:00:00Z
date_published 2022-03-17T00:00:00Z
source MITRE
title Indicators of Compromise Associated with AvosLocker Ransomware

FBI Flash Diavol January 2022

FBI. (2022, January 19). Indicators of Compromise Associated with Diavol. Retrieved March 9, 2022.

Internal MISP references

UUID a1691741-9ecd-4b20-8cc9-b9bdfc1592b5 which can be used as unique global reference for FBI Flash Diavol January 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-09T00:00:00Z
date_published 2022-01-19T00:00:00Z
source MITRE
title Indicators of Compromise Associated with Diavol

FBI Ragnar Locker 2020

FBI. (2020, November 19). Indicators of Compromise Associated with Ragnar Locker Ransomware. Retrieved April 1, 2021.

Internal MISP references

UUID 38b9b8a3-6fd3-4650-9192-14ee3f302705 which can be used as unique global reference for FBI Ragnar Locker 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-01T00:00:00Z
date_published 2020-11-19T00:00:00Z
source MITRE
title Indicators of Compromise Associated with Ragnar Locker Ransomware

FBI FLASH APT39 September 2020

FBI. (2020, September 17). Indicators of Compromise Associated with Rana Intelligence Computing, also known as Advanced Persistent Threat 39, Chafer, Cadelspy, Remexi, and ITG07. Retrieved December 10, 2020.

Internal MISP references

UUID 76869199-e9fa-41b4-b045-41015e6daaec which can be used as unique global reference for FBI FLASH APT39 September 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-10T00:00:00Z
date_published 2020-09-17T00:00:00Z
source MITRE
title Indicators of Compromise Associated with Rana Intelligence Computing, also known as Advanced Persistent Threat 39, Chafer, Cadelspy, Remexi, and ITG07

US District Court Indictment GRU Oct 2018

Brady, S . (2018, October 3). Indictment - United States vs Aleksei Sergeyevich Morenets, et al.. Retrieved October 1, 2020.

Internal MISP references

UUID 56aeab4e-b046-4426-81a8-c3b2323492f0 which can be used as unique global reference for US District Court Indictment GRU Oct 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-01T00:00:00Z
date_published 2018-10-03T00:00:00Z
source MITRE
title Indictment - United States vs Aleksei Sergeyevich Morenets, et al.

Checkpoint IndigoZebra July 2021

CheckPoint Research. (2021, July 1). IndigoZebra APT continues to attack Central Asia with evolving tools. Retrieved September 24, 2021.

Internal MISP references

UUID cf4a8c8c-eab1-421f-b313-344aed03b42d which can be used as unique global reference for Checkpoint IndigoZebra July 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-24T00:00:00Z
date_published 2021-07-01T00:00:00Z
source MITRE, Tidal Cyber
title IndigoZebra APT continues to attack Central Asia with evolving tools

HackerNews IndigoZebra July 2021

Lakshmanan, R.. (2021, July 1). IndigoZebra APT Hacking Campaign Targets the Afghan Government. Retrieved September 24, 2021.

Internal MISP references

UUID fcf8265a-3084-4162-87d0-9e77c0a5cff0 which can be used as unique global reference for HackerNews IndigoZebra July 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-24T00:00:00Z
date_published 2021-07-01T00:00:00Z
source MITRE
title IndigoZebra APT Hacking Campaign Targets the Afghan Government

3 - appv

Raj Chandel. (2022, March 17). Indirect Command Execution: Defense Evasion (T1202). Retrieved February 6, 2024.

Internal MISP references

UUID c07f1b2b-ae56-5a1a-b607-1f3bc7e119cf which can be used as unique global reference for 3 - appv in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-06T00:00:00Z
date_published 2022-03-17T00:00:00Z
source MITRE
title Indirect Command Execution: Defense Evasion (T1202)

Check Point Meteor Aug 2021

Check Point Research Team. (2021, August 14). Indra - Hackers Behind Recent Attacks on Iran. Retrieved February 17, 2022.

Internal MISP references

UUID bb79207f-3ab4-4b86-8b1c-d587724efb7c which can be used as unique global reference for Check Point Meteor Aug 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-17T00:00:00Z
date_published 2021-08-14T00:00:00Z
source MITRE
title Indra - Hackers Behind Recent Attacks on Iran

Crowdstrike EvilCorp March 2021

Podlosky, A., Feeley, B. (2021, March 17). INDRIK SPIDER Supersedes WastedLocker with Hades Ransomware to Circumvent OFAC Sanctions. Retrieved September 15, 2021.

Internal MISP references

UUID 4b77d313-ef3c-4d2f-bfde-609fa59a8f55 which can be used as unique global reference for Crowdstrike EvilCorp March 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-15T00:00:00Z
date_published 2021-03-17T00:00:00Z
source MITRE, Tidal Cyber
title INDRIK SPIDER Supersedes WastedLocker with Hades Ransomware to Circumvent OFAC Sanctions

Industroyer2 ESET April 2022

ESET. (2022, April 12). Industroyer2: Industroyer reloaded. Retrieved March 30, 2023.

Internal MISP references

UUID 3ec01405-3240-5679-924f-f1194bca9a72 which can be used as unique global reference for Industroyer2 ESET April 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-30T00:00:00Z
date_published 2022-04-12T00:00:00Z
source MITRE
title Industroyer2: Industroyer reloaded

Industroyer2 Blackhat ESET

Anton Cherepanov, Robert Lipovsky. (2022, August). Industroyer2: Sandworm's Cyberwarfare Targets Ukraine's Power Grid. Retrieved April 6, 2023.

Internal MISP references

UUID d9e8ca96-8646-5dd9-bede-56305385b2e4 which can be used as unique global reference for Industroyer2 Blackhat ESET in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-04-06T00:00:00Z
date_published 2022-08-01T00:00:00Z
source MITRE
title Industroyer2: Sandworm's Cyberwarfare Targets Ukraine's Power Grid

Industroyer2 Mandiant April 2022

Daniel Kapellmann Zafra, Raymond Leong, Chris Sistrunk, Ken Proska, Corey Hildebrandt, Keith Lunden, Nathan Brubaker. (2022, April 25). INDUSTROYER.V2: Old Malware Learns New Tricks. Retrieved March 30, 2023.

Internal MISP references

UUID 48edeadc-f1e7-5fda-be96-1c41f78fc65a which can be used as unique global reference for Industroyer2 Mandiant April 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-30T00:00:00Z
date_published 2022-04-25T00:00:00Z
source MITRE
title INDUSTROYER.V2: Old Malware Learns New Tricks

Sixdub PowerPick Jan 2016

Warner, J.. (2015, January 6). Inexorable PowerShell – A Red Teamer’s Tale of Overcoming Simple AppLocker Policies. Retrieved December 8, 2018.

Internal MISP references

UUID 52190592-5809-4e7b-a19c-fc87b245025c which can be used as unique global reference for Sixdub PowerPick Jan 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-12-08T00:00:00Z
date_published 2015-01-06T00:00:00Z
source MITRE
title Inexorable PowerShell – A Red Teamer’s Tale of Overcoming Simple AppLocker Policies

Infdefaultinstall.exe - LOLBAS Project

LOLBAS. (2018, May 25). Infdefaultinstall.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 5e83d17c-dbdd-4a6c-a395-4f921b68ebec which can be used as unique global reference for Infdefaultinstall.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Infdefaultinstall.exe

Trend Micro Exposed Docker APIs

Oliveira, A. (2019, May 30). Infected Containers Target Docker via Exposed APIs. Retrieved April 6, 2021.

Internal MISP references

UUID 24ae5092-42ea-4c83-bdf7-c0e5026d9559 which can be used as unique global reference for Trend Micro Exposed Docker APIs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-06T00:00:00Z
date_published 2019-05-30T00:00:00Z
source MITRE
title Infected Containers Target Docker via Exposed APIs

SentinelOne MacMa Nov 2021

Stokes, P. (2021, November 15). Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma. Retrieved June 30, 2022.

Internal MISP references

UUID 5033e741-834c-49d6-bc89-f64b9508f8b5 which can be used as unique global reference for SentinelOne MacMa Nov 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-30T00:00:00Z
date_published 2021-11-15T00:00:00Z
source MITRE
title Infect If Needed

SANS Information Security Reading Room Securing SNMP Securing SNMP

Michael Stump. (2003). Information Security Reading Room Securing SNMP: A Look atNet-SNMP (SNMPv3). Retrieved October 19, 2020.

Internal MISP references

UUID 616c9177-ca57-45f3-a613-d6450a94697d which can be used as unique global reference for SANS Information Security Reading Room Securing SNMP Securing SNMP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
date_published 2003-01-01T00:00:00Z
source MITRE
title Information Security Reading Room Securing SNMP: A Look atNet-SNMP (SNMPv3)

InfoSec Handlers Diary Blog - SANS Internet Storm Center

SANS Internet Storm Center. (n.d.). InfoSec Handlers Diary Blog - SANS Internet Storm Center. Retrieved May 7, 2023.

Internal MISP references

UUID 227fd123-65ed-48da-af8b-3f7674f33e12 which can be used as unique global reference for InfoSec Handlers Diary Blog - SANS Internet Storm Center in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title InfoSec Handlers Diary Blog - SANS Internet Storm Center

Symantec Catchamas April 2018

Balanza, M. (2018, April 02). Infostealer.Catchamas. Retrieved July 10, 2018.

Internal MISP references

UUID 155cc2df-adf4-4b5f-a377-272947e5757e which can be used as unique global reference for Symantec Catchamas April 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-10T00:00:00Z
date_published 2018-04-02T00:00:00Z
source MITRE
title Infostealer.Catchamas

TrendMicro Ursnif File Dec 2014

Caragay, R. (2014, December 11). Info-Stealing File Infector Hits US, UK. Retrieved June 5, 2019.

Internal MISP references

UUID 889a21f2-e00b-44c2-aa8c-a33f5615678a which can be used as unique global reference for TrendMicro Ursnif File Dec 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-05T00:00:00Z
date_published 2014-12-11T00:00:00Z
source MITRE
title Info-Stealing File Infector Hits US, UK

ThreatConnect Infrastructure Dec 2020

ThreatConnect. (2020, December 15). Infrastructure Research and Hunting: Boiling the Domain Ocean. Retrieved October 12, 2021.

Internal MISP references

UUID 96d479df-d312-4af7-a47d-2597a66291f1 which can be used as unique global reference for ThreatConnect Infrastructure Dec 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-12T00:00:00Z
date_published 2020-12-15T00:00:00Z
source MITRE
title Infrastructure Research and Hunting: Boiling the Domain Ocean

elastic.co 6 21 2023

Colson Wilhoit. (2023, June 21). Initial research exposing JOKERSPY — Elastic Security Labs. Retrieved April 19, 2024.

Internal MISP references

UUID 42c40ec8-f46a-48fa-bd97-818e3d3d320e which can be used as unique global reference for elastic.co 6 21 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-19T00:00:00Z
date_published 2023-06-21T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Initial research exposing JOKERSPY — Elastic Security Labs

Init Man Page

Kerrisk, M. (2021, March 22). INIT_MODULE(2). Retrieved September 28, 2021.

Internal MISP references

UUID ab9c01ad-905e-4f73-b64f-1c6a5fb9a375 which can be used as unique global reference for Init Man Page in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-28T00:00:00Z
date_published 2021-03-22T00:00:00Z
source MITRE
title INIT_MODULE(2)

Proofpoint RTF Injection

Raggi, M. (2021, December 1). Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors . Retrieved December 9, 2021.

Internal MISP references

UUID 8deb6edb-293f-4b9d-882a-541675864eb5 which can be used as unique global reference for Proofpoint RTF Injection in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-09T00:00:00Z
date_published 2021-12-01T00:00:00Z
source MITRE
title Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors

HighTech Bridge Inline Hooking Sept 2011

Mariani, B. (2011, September 6). Inline Hooking in Windows. Retrieved December 12, 2017.

Internal MISP references

UUID 39ad1769-3dfb-4572-ab82-1e0c4f869ec8 which can be used as unique global reference for HighTech Bridge Inline Hooking Sept 2011 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-12T00:00:00Z
date_published 2011-09-06T00:00:00Z
source MITRE
title Inline Hooking in Windows

Stuart ELF Memory

Stuart. (2018, March 31). In-Memory-Only ELF Execution (Without tmpfs). Retrieved October 4, 2021.

Internal MISP references

UUID 402745e1-a65a-4fa1-a86d-99b37221095c which can be used as unique global reference for Stuart ELF Memory in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-04T00:00:00Z
date_published 2018-03-31T00:00:00Z
source MITRE
title In-Memory-Only ELF Execution (Without tmpfs)

ASERT InnaputRAT April 2018

ASERT Team. (2018, April 04). Innaput Actors Utilize Remote Access Trojan Since 2016, Presumably Targeting Victim Files. Retrieved July 9, 2018.

Internal MISP references

UUID 29c6575f-9e47-48cb-8162-15280002a6d5 which can be used as unique global reference for ASERT InnaputRAT April 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-09T00:00:00Z
date_published 2018-04-04T00:00:00Z
source MITRE
title Innaput Actors Utilize Remote Access Trojan Since 2016, Presumably Targeting Victim Files

Microsoft Holmium June 2020

Microsoft Threat Protection Intelligence Team. (2020, June 18). Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint. Retrieved June 22, 2020.

Internal MISP references

UUID c249bfcf-25c4-4502-b5a4-17783d581163 which can be used as unique global reference for Microsoft Holmium June 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-22T00:00:00Z
date_published 2020-06-18T00:00:00Z
source MITRE
title Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint

Metabase Q Mispadu Trojan 2023

Garcia, F., Regalado, D. (2023, March 7). Inside Mispadu massive infection campaign in LATAM. Retrieved March 15, 2024.

Internal MISP references

UUID 960ae534-6de5-5bcc-b600-db0c2de64305 which can be used as unique global reference for Metabase Q Mispadu Trojan 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-15T00:00:00Z
date_published 2023-03-07T00:00:00Z
source MITRE
title Inside Mispadu massive infection campaign in LATAM

RiskIQ British Airways September 2018

Klijnsma, Y. (2018, September 11). Inside the Magecart Breach of British Airways: How 22 Lines of Code Claimed 380,000 Victims. Retrieved September 9, 2020.

Internal MISP references

UUID f6c0f295-c034-4957-8cd9-e2f4b89b5671 which can be used as unique global reference for RiskIQ British Airways September 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-09T00:00:00Z
date_published 2018-09-11T00:00:00Z
source MITRE
title Inside the Magecart Breach of British Airways: How 22 Lines of Code Claimed 380,000 Victims

Arbor AnnualDoSreport Jan 2018

Philippe Alcoy, Steinthor Bjarnason, Paul Bowen, C.F. Chui, Kirill Kasavchnko, and Gary Sockrider of Netscout Arbor. (2018, January). Insight into the Global Threat Landscape - Netscout Arbor's 13th Annual Worldwide Infrastructure Security Report. Retrieved April 22, 2019.

Internal MISP references

UUID cede4c72-718b-48c2-8a59-1f91555f6cf6 which can be used as unique global reference for Arbor AnnualDoSreport Jan 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-22T00:00:00Z
date_published 2018-01-01T00:00:00Z
source MITRE
title Insight into the Global Threat Landscape - Netscout Arbor's 13th Annual Worldwide Infrastructure Security Report

FireEye APT33 Sept 2017

O'Leary, J., et al. (2017, September 20). Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware. Retrieved February 15, 2018.

Internal MISP references

UUID 70610469-db0d-45ab-a790-6e56309a39ec which can be used as unique global reference for FireEye APT33 Sept 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-15T00:00:00Z
date_published 2017-09-20T00:00:00Z
source MITRE, Tidal Cyber
title Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware

Microsoft Installation Procedures

Microsoft. (2021, January 7). Installation Procedure Tables Group. Retrieved December 27, 2023.

Internal MISP references

UUID 8fbe8a88-683c-5640-840c-1389b9c9972d which can be used as unique global reference for Microsoft Installation Procedures in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-27T00:00:00Z
date_published 2021-01-07T00:00:00Z
source MITRE
title Installation Procedure Tables Group

Installer Package Scripting Rich Trouton

Rich Trouton. (2019, August 9). Installer Package Scripting: Making your deployments easier, one ! at a time. Retrieved September 27, 2022.

Internal MISP references

UUID 7a877b67-ac4b-4d82-860a-75b5f0b8daae which can be used as unique global reference for Installer Package Scripting Rich Trouton in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-27T00:00:00Z
date_published 2019-08-09T00:00:00Z
source MITRE
title Installer Package Scripting: Making your deployments easier, one ! at a time

Microsoft Install Password Filter n.d

Microsoft. (n.d.). Installing and Registering a Password Filter DLL. Retrieved November 21, 2017.

Internal MISP references

UUID 6e440b5d-e09a-4d65-b874-2c5babaa609d which can be used as unique global reference for Microsoft Install Password Filter n.d in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-21T00:00:00Z
source MITRE
title Installing and Registering a Password Filter DLL

Microsoft Unsigned Driver Apr 2017

Microsoft. (2017, April 20). Installing an Unsigned Driver during Development and Test. Retrieved April 22, 2021.

Internal MISP references

UUID 5964ff2e-0860-4e00-8103-89ba6466314c which can be used as unique global reference for Microsoft Unsigned Driver Apr 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-22T00:00:00Z
date_published 2017-04-20T00:00:00Z
source MITRE
title Installing an Unsigned Driver during Development and Test

LOLBAS Installutil

LOLBAS. (n.d.). Installutil.exe. Retrieved July 31, 2019.

Internal MISP references

UUID 7dfb2c45-862a-4c25-a65a-55abea4b0e44 which can be used as unique global reference for LOLBAS Installutil in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-31T00:00:00Z
source MITRE
title Installutil.exe

MSDN InstallUtil

Microsoft. (n.d.). Installutil.exe (Installer Tool). Retrieved July 1, 2016.

Internal MISP references

UUID 54d962fc-4ca6-4f5f-b383-ec87d711a764 which can be used as unique global reference for MSDN InstallUtil in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-07-01T00:00:00Z
source MITRE
title Installutil.exe (Installer Tool)

AWS Instance Identity Documents

Amazon. (n.d.). Instance identity documents. Retrieved April 2, 2021.

Internal MISP references

UUID efff0080-59fc-4ba7-ac91-771358f68405 which can be used as unique global reference for AWS Instance Identity Documents in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-02T00:00:00Z
source MITRE
title Instance identity documents

AWS Instance Metadata API

AWS. (n.d.). Instance Metadata and User Data. Retrieved July 18, 2019.

Internal MISP references

UUID 54a17f92-d73d-469f-87b3-34fb633bd9ed which can be used as unique global reference for AWS Instance Metadata API in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-18T00:00:00Z
source MITRE
title Instance Metadata and User Data

RedLock Instance Metadata API 2018

Higashi, Michael. (2018, May 15). Instance Metadata API: A Modern Day Trojan Horse. Retrieved July 16, 2019.

Internal MISP references

UUID f85fa206-d5bf-41fc-a521-01ad6281bee7 which can be used as unique global reference for RedLock Instance Metadata API 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-16T00:00:00Z
date_published 2018-05-15T00:00:00Z
source MITRE
title Instance Metadata API: A Modern Day Trojan Horse

Nick Tyrer GitHub

Tyrer, N. (n.d.). Instructions. Retrieved August 10, 2020.

Internal MISP references

UUID f4f89926-71eb-4130-a644-8240d2bab721 which can be used as unique global reference for Nick Tyrer GitHub in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-10T00:00:00Z
source MITRE
title Instructions

Intel Hardware-based Security Technologies

Intel. (2013). Intel Hardware-based Security Technologies for Intelligent Retail Devices. Retrieved May 19, 2020.

Internal MISP references

UUID bffb9e71-ba97-4010-9ad7-29eb330a350c which can be used as unique global reference for Intel Hardware-based Security Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-19T00:00:00Z
date_published 2013-01-01T00:00:00Z
source MITRE
title Intel Hardware-based Security Technologies for Intelligent Retail Devices

Red Canary Intelligence Insights July 20 2023

The Red Canary Team. (2023, July 20). Intelligence Insights: July 2023. Retrieved July 28, 2023.

Internal MISP references

UUID ad1d3f99-e5bf-41c6-871b-dd2c9d540341 which can be used as unique global reference for Red Canary Intelligence Insights July 20 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-28T00:00:00Z
date_published 2023-07-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Intelligence Insights: July 2023

checkpoint_interactive_map_apt-c-23

Kayal, A. (2018, August 26). Interactive Mapping of APT-C-23. Retrieved March 4, 2024.

Internal MISP references

UUID 24dd2641-839b-5a0e-b5ca-ea121ea70992 which can be used as unique global reference for checkpoint_interactive_map_apt-c-23 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-04T00:00:00Z
date_published 2018-08-26T00:00:00Z
source MITRE
title Interactive Mapping of APT-C-23

Microsoft ISAPI Extension All Incoming 2017

Microsoft. (2017, June 16). Intercepting All Incoming IIS Requests. Retrieved June 3, 2021.

Internal MISP references

UUID 7d182eee-eaa8-4b6f-803d-8eb64e338663 which can be used as unique global reference for Microsoft ISAPI Extension All Incoming 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-03T00:00:00Z
date_published 2017-06-16T00:00:00Z
source MITRE
title Intercepting All Incoming IIS Requests

Clymb3r Function Hook Passwords Sept 2013

Bialek, J. (2013, September 15). Intercepting Password Changes With Function Hooking. Retrieved November 21, 2017.

Internal MISP references

UUID 4889912b-4512-45c7-83d3-70ae47c5a4a0 which can be used as unique global reference for Clymb3r Function Hook Passwords Sept 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-21T00:00:00Z
date_published 2013-09-15T00:00:00Z
source MITRE
title Intercepting Password Changes With Function Hooking

Microsoft ICMP

Microsoft. (n.d.). Internet Control Message Protocol (ICMP) Basics. Retrieved December 1, 2014.

Internal MISP references

UUID 47612548-dad1-4bf3-aa6f-a53aefa06f6a which can be used as unique global reference for Microsoft ICMP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-01T00:00:00Z
source MITRE
title Internet Control Message Protocol (ICMP) Basics

Linux IPC

N/A. (2021, April 1). Inter Process Communication (IPC). Retrieved March 11, 2022.

Internal MISP references

UUID 05293061-ce09-49b5-916a-bb7353acfdfa which can be used as unique global reference for Linux IPC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-11T00:00:00Z
date_published 2021-04-01T00:00:00Z
source MITRE
title Inter Process Communication (IPC)

HackerNews - 3 SaaS App Cyber Attacks - April 2022

Hananel Livneh. (2022, April 7). Into the Breach: Breaking Down 3 SaaS App Cyber Attacks in 2022. Retrieved May 31, 2022.

Internal MISP references

UUID e4ff75cd-b8fd-4fba-a2da-379a073003ab which can be used as unique global reference for HackerNews - 3 SaaS App Cyber Attacks - April 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-31T00:00:00Z
date_published 2022-04-07T00:00:00Z
source MITRE
title Into the Breach: Breaking Down 3 SaaS App Cyber Attacks in 2022

RedCanary Mockingbird May 2020

Lambert, T. (2020, May 7). Introducing Blue Mockingbird. Retrieved May 26, 2020.

Internal MISP references

UUID 596bfbb3-72e0-4d4c-a1a9-b8d54455ffd0 which can be used as unique global reference for RedCanary Mockingbird May 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-26T00:00:00Z
date_published 2020-05-07T00:00:00Z
source MITRE, Tidal Cyber
title Introducing Blue Mockingbird

Fidelis Hi-Zor

Fidelis Threat Research Team. (2016, January 27). Introducing Hi-Zor RAT. Retrieved March 24, 2016.

Internal MISP references

UUID 0c9ff201-283a-4527-8cb8-6f0d05a4f724 which can be used as unique global reference for Fidelis Hi-Zor in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-24T00:00:00Z
date_published 2016-01-27T00:00:00Z
source MITRE
title Introducing Hi-Zor RAT

Roadtools

Dirk-jan Mollema. (2020, April 16). Introducing ROADtools - The Azure AD exploration framework. Retrieved January 31, 2022.

Internal MISP references

UUID 803f3512-1831-4535-8b16-b89fae20f944 which can be used as unique global reference for Roadtools in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-31T00:00:00Z
date_published 2020-04-16T00:00:00Z
source MITRE
title Introducing ROADtools - The Azure AD exploration framework

Talos ROKRAT

Mercer, W., Rascagneres, P. (2017, April 03). Introducing ROKRAT. Retrieved May 21, 2018.

Internal MISP references

UUID 1bd78a2f-2bc6-426f-ac9f-16bf3fdf4cdf which can be used as unique global reference for Talos ROKRAT in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-21T00:00:00Z
date_published 2017-04-03T00:00:00Z
source MITRE
title Introducing ROKRAT

Microsoft Open XML July 2017

Microsoft. (2014, July 9). Introducing the Office (2007) Open XML File Formats. Retrieved July 20, 2018.

Internal MISP references

UUID 8145f894-6477-4629-81de-1dd26070ee0a which can be used as unique global reference for Microsoft Open XML July 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-20T00:00:00Z
date_published 2014-07-09T00:00:00Z
source MITRE
title Introducing the Office (2007) Open XML File Formats

Securelist WhiteBear Aug 2017

Kaspersky Lab's Global Research & Analysis Team. (2017, August 30). Introducing WhiteBear. Retrieved September 21, 2017.

Internal MISP references

UUID 44626060-3d9b-480e-b4ea-7dac27878e5e which can be used as unique global reference for Securelist WhiteBear Aug 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-09-21T00:00:00Z
date_published 2017-08-30T00:00:00Z
source MITRE
title Introducing WhiteBear

MalwareBytes ADS July 2015

Arntz, P. (2015, July 22). Introduction to Alternate Data Streams. Retrieved March 21, 2018.

Internal MISP references

UUID b552cf89-1880-48de-9088-c755c38821c1 which can be used as unique global reference for MalwareBytes ADS July 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-21T00:00:00Z
date_published 2015-07-22T00:00:00Z
source MITRE
title Introduction to Alternate Data Streams

Apple AppleScript

Apple. (2016, January 25). Introduction to AppleScript Language Guide. Retrieved March 28, 2020.

Internal MISP references

UUID b23abcb8-3004-4a42-8ada-58cdbd65e171 which can be used as unique global reference for Apple AppleScript in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-28T00:00:00Z
date_published 2016-01-25T00:00:00Z
source MITRE
title Introduction to AppleScript Language Guide

Microsoft Outlook Files

Microsoft. (n.d.). Introduction to Outlook Data Files (.pst and .ost). Retrieved February 19, 2020.

Internal MISP references

UUID 29f4cc6b-1fa5-434d-ab4f-6bb169e2287a which can be used as unique global reference for Microsoft Outlook Files in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-19T00:00:00Z
source MITRE
title Introduction to Outlook Data Files (.pst and .ost)

Microsoft Intro Print Processors

Microsoft. (2023, June 26). Introduction to print processors. Retrieved September 27, 2023.

Internal MISP references

UUID ba04b0d0-1c39-5f48-824c-110ee7affbf3 which can be used as unique global reference for Microsoft Intro Print Processors in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-27T00:00:00Z
date_published 2023-06-26T00:00:00Z
source MITRE
title Introduction to print processors

Microsoft Services

Microsoft. (2017, March 30). Introduction to Windows Service Applications. Retrieved September 28, 2021.

Internal MISP references

UUID 444c8983-47ef-45b4-a3a6-5566f4fa2732 which can be used as unique global reference for Microsoft Services in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-28T00:00:00Z
date_published 2017-03-30T00:00:00Z
source MITRE
title Introduction to Windows Service Applications

Red Canary NETWIRE January 2020

Lambert, T. (2020, January 29). Intro to Netwire. Retrieved January 7, 2021.

Internal MISP references

UUID 563249e1-edda-48fc-ac90-f198dd71619e which can be used as unique global reference for Red Canary NETWIRE January 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-07T00:00:00Z
date_published 2020-01-29T00:00:00Z
source MITRE
title Intro to Netwire

Discord Intro to Webhooks

D. (n.d.). Intro to Webhooks. Retrieved July 20, 2023.

Internal MISP references

UUID bf5b3773-29cc-539a-a0f0-a6d1d63dee2d which can be used as unique global reference for Discord Intro to Webhooks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-20T00:00:00Z
source MITRE
title Intro to Webhooks

GitHub Inveigh

Robertson, K. (2015, April 2). Inveigh: Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool. Retrieved March 11, 2019.

Internal MISP references

UUID cca306e5-f9da-4782-a06f-ba3ad70e34ca which can be used as unique global reference for GitHub Inveigh in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-11T00:00:00Z
date_published 2015-04-02T00:00:00Z
source MITRE
title Inveigh: Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool

Summit Route Malicious AMIs

Piper, S.. (2018, September 24). Investigating Malicious AMIs. Retrieved March 30, 2021.

Internal MISP references

UUID e93e16fc-4ae4-4f1f-9d80-dc48c1c30e25 which can be used as unique global reference for Summit Route Malicious AMIs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-30T00:00:00Z
date_published 2018-09-24T00:00:00Z
source MITRE
title Investigating Malicious AMIs

inv_ps_attacks

Hastings, M. (2014, July 16). Investigating PowerShell Attacks. Retrieved December 1, 2021.

Internal MISP references

UUID 07d9d2c6-dd79-42a5-9024-ba0e66b1913b which can be used as unique global reference for inv_ps_attacks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-01T00:00:00Z
date_published 2014-07-16T00:00:00Z
source MITRE
title Investigating PowerShell Attacks

Kazanciyan 2014

Kazanciyan, R. & Hastings, M. (2014). Defcon 22 Presentation. Investigating PowerShell Attacks [slides]. Retrieved November 3, 2014.

Internal MISP references

UUID bd3f04cd-04ef-41f0-9a15-d9f0a3ed1db9 which can be used as unique global reference for Kazanciyan 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-03T00:00:00Z
source MITRE
title Investigating PowerShell Attacks [slides]

Beek Use of VHD Dec 2020

Beek, C. (2020, December 3). Investigating the Use of VHD Files By Cybercriminals. Retrieved February 22, 2021.

Internal MISP references

UUID 7a1131ab-e4b1-4569-8e28-3650312cc804 which can be used as unique global reference for Beek Use of VHD Dec 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-22T00:00:00Z
date_published 2020-12-03T00:00:00Z
source MITRE
title Investigating the Use of VHD Files By Cybercriminals

ESET InvisiMole June 2018

Hromcová, Z. (2018, June 07). InvisiMole: Surprisingly equipped spyware, undercover since 2013. Retrieved July 10, 2018.

Internal MISP references

UUID 629fa1d8-06cb-405c-a2f7-c511b54cd727 which can be used as unique global reference for ESET InvisiMole June 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-10T00:00:00Z
date_published 2018-06-07T00:00:00Z
source MITRE
title InvisiMole: Surprisingly equipped spyware, undercover since 2013

ESET InvisiMole June 2020

Hromcova, Z. and Cherpanov, A. (2020, June). INVISIMOLE: THE HIDDEN PART OF THE STORY. Retrieved July 16, 2020.

Internal MISP references

UUID d10cfda8-8fd8-4ada-8c61-dba6065b0bac which can be used as unique global reference for ESET InvisiMole June 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-16T00:00:00Z
date_published 2020-06-01T00:00:00Z
source MITRE
title INVISIMOLE: THE HIDDEN PART OF THE STORY

GitHub OmerYa Invisi-Shell

Yair, O. (2019, August 19). Invisi-Shell. Retrieved June 24, 2020.

Internal MISP references

UUID 26c1b8f4-ff59-409e-b616-04eee38a8a9f which can be used as unique global reference for GitHub OmerYa Invisi-Shell in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-24T00:00:00Z
date_published 2019-08-19T00:00:00Z
source MITRE
title Invisi-Shell

Invoke-DOSfuscation

Bohannon, D. (2018, March 19). Invoke-DOSfuscation. Retrieved March 17, 2023.

Internal MISP references

UUID d2f7fe4a-1a3a-5b26-8247-4f05c96974bf which can be used as unique global reference for Invoke-DOSfuscation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-17T00:00:00Z
date_published 2018-03-19T00:00:00Z
source MITRE
title Invoke-DOSfuscation

PowerSploit Invoke Kerberoast

Schroeder, W. & Hart M. (2016, October 31). Invoke-Kerberoast. Retrieved March 23, 2018.

Internal MISP references

UUID 8db88e6f-3d45-4896-87e9-75b24c8628f3 which can be used as unique global reference for PowerSploit Invoke Kerberoast in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-23T00:00:00Z
date_published 2016-10-31T00:00:00Z
source MITRE
title Invoke-Kerberoast

Empire InvokeKerberoast Oct 2016

EmpireProject. (2016, October 31). Invoke-Kerberoast.ps1. Retrieved March 22, 2018.

Internal MISP references

UUID a358bf8f-166e-4726-adfd-415e953d4ffe which can be used as unique global reference for Empire InvokeKerberoast Oct 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-22T00:00:00Z
date_published 2016-10-31T00:00:00Z
source MITRE
title Invoke-Kerberoast.ps1

Github PowerSploit Ninjacopy

Bialek, J. (2015, December 16). Invoke-NinjaCopy.ps1. Retrieved June 2, 2016.

Internal MISP references

UUID e92aed6b-348b-4dab-8292-fee0698e4a85 which can be used as unique global reference for Github PowerSploit Ninjacopy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-02T00:00:00Z
date_published 2015-12-16T00:00:00Z
source MITRE
title Invoke-NinjaCopy.ps1

Invoke-Obfuscation

Bohannon, D. (2016, September 24). Invoke-Obfuscation. Retrieved March 17, 2023.

Internal MISP references

UUID 4cc6a80f-d758-524b-9519-5b839d4918bd which can be used as unique global reference for Invoke-Obfuscation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-17T00:00:00Z
date_published 2016-09-24T00:00:00Z
source MITRE
title Invoke-Obfuscation

GitHub Invoke-Obfuscation

Bohannon, D.. (2017, March 13). Invoke-Obfuscation - PowerShell Obfuscator. Retrieved June 18, 2017.

Internal MISP references

UUID 956b3d80-4e19-4cab-a65f-ad86f233aa12 which can be used as unique global reference for GitHub Invoke-Obfuscation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-06-18T00:00:00Z
date_published 2017-03-13T00:00:00Z
source MITRE
title Invoke-Obfuscation - PowerShell Obfuscator

GitHub PSImage

Barrett Adams . (n.d.). Invoke-PSImage . Retrieved September 30, 2022.

Internal MISP references

UUID 449c873c-c5af-45b8-8bd7-505d2181a05c which can be used as unique global reference for GitHub PSImage in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-30T00:00:00Z
source MITRE
title Invoke-PSImage

GitHub Invoke-PSImage

Adams, B. (2017, December 17). Invoke-PSImage. Retrieved April 10, 2018.

Internal MISP references

UUID dd210b79-bd5f-4282-9542-4d1ae2f16438 which can be used as unique global reference for GitHub Invoke-PSImage in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-10T00:00:00Z
date_published 2017-12-17T00:00:00Z
source MITRE
title Invoke-PSImage

GitHub - PowerSploit Invoke-Shellcode

PowerShellMafia. (2016, December 14). Invoke-Shellcode. Retrieved May 25, 2023.

Internal MISP references

UUID cf75a442-c6c0-4e83-87bf-8bb42839452b which can be used as unique global reference for GitHub - PowerSploit Invoke-Shellcode in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-25T00:00:00Z
date_published 2016-12-14T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Invoke-Shellcode

Wikipedia Xen

Xen. (n.d.). In Wikipedia. Retrieved November 13, 2014.

Internal MISP references

UUID 4ce05edd-da25-4559-8489-b78cdd2c0f3d which can be used as unique global reference for Wikipedia Xen in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-13T00:00:00Z
source MITRE
title In Wikipedia

iOS URL Scheme

Ostorlab. (n.d.). iOS URL Scheme Hijacking. Retrieved February 9, 2024.

Internal MISP references

UUID 9910b0aa-f276-54da-a4df-fd47b42efb10 which can be used as unique global reference for iOS URL Scheme in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-09T00:00:00Z
source MITRE
title iOS URL Scheme Hijacking

TechNet Ipconfig

Microsoft. (n.d.). Ipconfig. Retrieved April 17, 2016.

Internal MISP references

UUID 8a6e6f59-70fb-48bf-96d2-318dd92df995 which can be used as unique global reference for TechNet Ipconfig in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-17T00:00:00Z
source MITRE
title Ipconfig

cisco_ip_ssh_pubkey_ch_cmd

Cisco. (2021, August 23). ip ssh pubkey-chain. Retrieved July 13, 2022.

Internal MISP references

UUID c6ffe974-f304-598c-bc4d-5da607c73802 which can be used as unique global reference for cisco_ip_ssh_pubkey_ch_cmd in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-13T00:00:00Z
date_published 2021-08-23T00:00:00Z
source MITRE
title ip ssh pubkey-chain

Symantec Chafer Dec 2015

Symantec Security Response. (2015, December 7). Iran-based attackers use back door threats to spy on Middle Eastern targets. Retrieved April 17, 2019.

Internal MISP references

UUID 0a6166a3-5649-4117-97f4-7b8b5b559929 which can be used as unique global reference for Symantec Chafer Dec 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-17T00:00:00Z
date_published 2015-12-07T00:00:00Z
source MITRE
title Iran-based attackers use back door threats to spy on Middle Eastern targets

CISA AA20-259A Iran-Based Actor September 2020

CISA. (2020, September 15). Iran-Based Threat Actor Exploits VPN Vulnerabilities. Retrieved December 21, 2020.

Internal MISP references

UUID 1bbc9446-9214-4fcd-bc7c-bf528370b4f8 which can be used as unique global reference for CISA AA20-259A Iran-Based Actor September 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-21T00:00:00Z
date_published 2020-09-15T00:00:00Z
source MITRE
title Iran-Based Threat Actor Exploits VPN Vulnerabilities

U.S. CISA Iran Voter Data November 3 2020

Cybersecurity and Infrastructure Security Agency. (2020, November 3). Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data. Retrieved October 25, 2023.

Internal MISP references

UUID be89be75-c33f-4c58-8bf0-979c1debaad7 which can be used as unique global reference for U.S. CISA Iran Voter Data November 3 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-25T00:00:00Z
date_published 2020-11-03T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data

ClearSky MuddyWater June 2019

ClearSky. (2019, June). Iranian APT group ‘MuddyWater’ Adds Exploits to Their Arsenal. Retrieved May 14, 2020.

Internal MISP references

UUID 9789d60b-a417-42dc-b690-24ccb77b8658 which can be used as unique global reference for ClearSky MuddyWater June 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-14T00:00:00Z
date_published 2019-06-01T00:00:00Z
source MITRE
title Iranian APT group ‘MuddyWater’ Adds Exploits to Their Arsenal

Talos MuddyWater Jan 2022

Malhortra, A and Ventura, V. (2022, January 31). Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables. Retrieved June 22, 2022.

Internal MISP references

UUID a2d79c6a-16d6-4dbd-b8a5-845dcc36212d which can be used as unique global reference for Talos MuddyWater Jan 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-22T00:00:00Z
date_published 2022-01-31T00:00:00Z
source MITRE
title Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables

BitDefender Chafer May 2020

Rusu, B. (2020, May 21). Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia. Retrieved May 22, 2020.

Internal MISP references

UUID 24ea6a5d-2593-4639-8616-72988bf2fa07 which can be used as unique global reference for BitDefender Chafer May 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-22T00:00:00Z
date_published 2020-05-21T00:00:00Z
source MITRE
title Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia

DHS CISA AA22-055A MuddyWater February 2022

FBI, CISA, CNMF, NCSC-UK. (2022, February 24). Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks. Retrieved September 27, 2022.

Internal MISP references

UUID e76570e1-43ab-4819-80bc-895ede67a205 which can be used as unique global reference for DHS CISA AA22-055A MuddyWater February 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-27T00:00:00Z
date_published 2022-02-24T00:00:00Z
source MITRE
title Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks

U.S. CISA Advisory November 25 2022

Cybersecurity and Infrastructure Security Agency. (2022, November 25). Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. Retrieved October 25, 2023.

Internal MISP references

UUID daae1f54-8471-4620-82d5-023d04144acd which can be used as unique global reference for U.S. CISA Advisory November 25 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-25T00:00:00Z
date_published 2022-11-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester

U.S. CISA Iranian Government Actors November 19 2021

Cybersecurity and Infrastructure Security Agency. (2021, November 19). Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities. Retrieved October 25, 2023.

Internal MISP references

UUID d7014279-bc6a-43d4-953a-a6bc1d97a13b which can be used as unique global reference for U.S. CISA Iranian Government Actors November 19 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-25T00:00:00Z
date_published 2021-11-19T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities

NEWSCASTER2014

Lennon, M. (2014, May 29). Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation. Retrieved March 1, 2017.

Internal MISP references

UUID 9abb4bbb-bad3-4d22-b235-c8a35465f2ce which can be used as unique global reference for NEWSCASTER2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-01T00:00:00Z
date_published 2014-05-29T00:00:00Z
source MITRE
title Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation

CYBERCOM Iranian Intel Cyber January 2022

Cyber National Mission Force. (2022, January 12). Iranian intel cyber suite of malware uses open source tools. Retrieved September 30, 2022.

Internal MISP references

UUID 671e1559-c7dc-4cb4-a9a1-21776f2ae56a which can be used as unique global reference for CYBERCOM Iranian Intel Cyber January 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-30T00:00:00Z
date_published 2022-01-12T00:00:00Z
source MITRE
title Iranian intel cyber suite of malware uses open source tools

U.S. CISA IRGC Actors September 14 2022

Cybersecurity and Infrastructure Security Agency. (2022, September 14). Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations. Retrieved October 25, 2023.

Internal MISP references

UUID 728b20b0-f702-4dbe-afea-50270648a3a2 which can be used as unique global reference for U.S. CISA IRGC Actors September 14 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-25T00:00:00Z
date_published 2022-09-14T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations

Secureworks Cobalt Gypsy Feb 2017

Counter Threat Unit Research Team. (2017, February 15). Iranian PupyRAT Bites Middle Eastern Organizations. Retrieved December 27, 2017.

Internal MISP references

UUID f9de25b4-5539-4a33-84b5-f26a84544859 which can be used as unique global reference for Secureworks Cobalt Gypsy Feb 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-27T00:00:00Z
date_published 2017-02-15T00:00:00Z
source MITRE
title Iranian PupyRAT Bites Middle Eastern Organizations

ClearSky OilRig Jan 2017

ClearSky Cybersecurity. (2017, January 5). Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford. Retrieved May 3, 2017.

Internal MISP references

UUID f19f9ad4-bb31-443b-9c26-87946469a0c3 which can be used as unique global reference for ClearSky OilRig Jan 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-05-03T00:00:00Z
date_published 2017-01-05T00:00:00Z
source MITRE
title Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford

FireEye MuddyWater Mar 2018

Singh, S. et al.. (2018, March 13). Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign. Retrieved April 11, 2018.

Internal MISP references

UUID 82cddfa6-9463-49bb-8bdc-0c7d6b0e1472 which can be used as unique global reference for FireEye MuddyWater Mar 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-11T00:00:00Z
date_published 2018-03-13T00:00:00Z
source MITRE
title Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign

Check Point APT34 April 2021

Check Point. (2021, April 8). Iran’s APT34 Returns with an Updated Arsenal. Retrieved May 5, 2021.

Internal MISP references

UUID 593e8f9f-88ec-4bdc-90c3-1a320fa8a041 which can be used as unique global reference for Check Point APT34 April 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-05T00:00:00Z
date_published 2021-04-08T00:00:00Z
source MITRE
title Iran’s APT34 Returns with an Updated Arsenal

Dark Reading APT39 JAN 2019

Higgins, K. (2019, January 30). Iran Ups its Traditional Cyber Espionage Tradecraft. Retrieved May 22, 2020.

Internal MISP references

UUID b310dfa4-f4ee-4a0c-82af-b0fdef1a1f58 which can be used as unique global reference for Dark Reading APT39 JAN 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-22T00:00:00Z
date_published 2019-01-30T00:00:00Z
source MITRE
title Iran Ups its Traditional Cyber Espionage Tradecraft

U.S. CISA IRGC-Affiliated PLC Activity December 2023

Cybersecurity and Infrastructure Security Agency. (2023, December 1). IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities. Retrieved December 5, 2023.

Internal MISP references

UUID 51a18523-5276-4a67-8644-2bc6997d043c which can be used as unique global reference for U.S. CISA IRGC-Affiliated PLC Activity December 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-05T00:00:00Z
date_published 2023-12-01T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities

Secureworks IRON HEMLOCK Profile

Secureworks CTU. (n.d.). IRON HEMLOCK. Retrieved February 22, 2022.

Internal MISP references

UUID 36191a48-4661-42ea-b194-2915c9b184f3 which can be used as unique global reference for Secureworks IRON HEMLOCK Profile in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-22T00:00:00Z
source MITRE
title IRON HEMLOCK

Secureworks IRON HUNTER Profile

Secureworks CTU. (n.d.). IRON HUNTER. Retrieved February 22, 2022.

Internal MISP references

UUID af5cb7da-61e0-49dc-8132-c019ce5ea6d3 which can be used as unique global reference for Secureworks IRON HUNTER Profile in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-22T00:00:00Z
source MITRE
title IRON HUNTER

Secureworks IRON LIBERTY

Secureworks. (n.d.). IRON LIBERTY. Retrieved October 15, 2020.

Internal MISP references

UUID b82ba824-4543-41ec-a686-6479d5f67b4d which can be used as unique global reference for Secureworks IRON LIBERTY in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-15T00:00:00Z
source MITRE
title IRON LIBERTY

Unit 42 IronNetInjector February 2021

Reichel, D. (2021, February 19). IronNetInjector: Turla’s New Malware Loading Tool. Retrieved February 24, 2021.

Internal MISP references

UUID f04c89f7-d951-4ebc-a5e4-2cc69476c43f which can be used as unique global reference for Unit 42 IronNetInjector February 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-24T00:00:00Z
date_published 2021-02-19T00:00:00Z
source MITRE
title IronNetInjector: Turla’s New Malware Loading Tool

Secureworks IRON RITUAL Profile

Secureworks CTU. (n.d.). IRON RITUAL. Retrieved February 24, 2022.

Internal MISP references

UUID c1ff66d6-3ea3-4347-8a8b-447cd8b48dab which can be used as unique global reference for Secureworks IRON RITUAL Profile in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-24T00:00:00Z
source MITRE
title IRON RITUAL

Trend Micro Iron Tiger April 2021

Lunghi, D. and Lu, K. (2021, April 9). Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware. Retrieved November 12, 2021.

Internal MISP references

UUID d0890d4f-e7ca-4280-a54e-d147f6dd72aa which can be used as unique global reference for Trend Micro Iron Tiger April 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-11-12T00:00:00Z
date_published 2021-04-09T00:00:00Z
source MITRE
title Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware

Lunghi Iron Tiger Linux

Daniel Lunghi. (2023, March 1). Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting. Retrieved March 20, 2023.

Internal MISP references

UUID 1acc2a21-4456-5fbc-9732-87550cea8b53 which can be used as unique global reference for Lunghi Iron Tiger Linux in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-20T00:00:00Z
date_published 2023-03-01T00:00:00Z
source MITRE
title Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting

Secureworks IRON TILDEN Profile

Secureworks CTU. (n.d.). IRON TILDEN. Retrieved February 24, 2022.

Internal MISP references

UUID 45969d87-02c1-4074-b708-59f4c3e39426 which can be used as unique global reference for Secureworks IRON TILDEN Profile in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-24T00:00:00Z
source MITRE
title IRON TILDEN

Secureworks IRON TWILIGHT Profile

Secureworks CTU. (n.d.). IRON TWILIGHT. Retrieved February 28, 2022.

Internal MISP references

UUID 2fc5b9dc-3745-4760-b116-5cc5abb9101d which can be used as unique global reference for Secureworks IRON TWILIGHT Profile in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-28T00:00:00Z
source MITRE
title IRON TWILIGHT

Secureworks IRON TWILIGHT Active Measures March 2017

Secureworks CTU. (2017, March 30). IRON TWILIGHT Supports Active Measures. Retrieved February 28, 2022.

Internal MISP references

UUID 0d28c882-5175-4bcf-9c82-e6c4394326b6 which can be used as unique global reference for Secureworks IRON TWILIGHT Active Measures March 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-28T00:00:00Z
date_published 2017-03-30T00:00:00Z
source MITRE, Tidal Cyber
title IRON TWILIGHT Supports Active Measures

Secureworks IRON VIKING

Secureworks. (2020, May 1). IRON VIKING Threat Profile. Retrieved June 10, 2020.

Internal MISP references

UUID 900753b3-c5a2-4fb5-ab7b-d38df867077b which can be used as unique global reference for Secureworks IRON VIKING in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-10T00:00:00Z
date_published 2020-05-01T00:00:00Z
source MITRE
title IRON VIKING Threat Profile

ESET Hermetic Wizard March 2022

ESET. (2022, March 1). IsaacWiper and HermeticWizard: New wiper and worm targetingUkraine. Retrieved April 10, 2022.

Internal MISP references

UUID e0337ce9-2ca9-4877-b116-8c4d9d864df0 which can be used as unique global reference for ESET Hermetic Wizard March 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-10T00:00:00Z
date_published 2022-03-01T00:00:00Z
source MITRE
title IsaacWiper and HermeticWizard: New wiper and worm targetingUkraine

Microsoft ISAPICGIRestriction 2016

Microsoft. (2016, September 26). ISAPI/CGI Restrictions . Retrieved June 3, 2021.

Internal MISP references

UUID 7d42501b-5a6e-4916-aa58-64ce6c00501e which can be used as unique global reference for Microsoft ISAPICGIRestriction 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-03T00:00:00Z
date_published 2016-09-26T00:00:00Z
source MITRE
title ISAPI/CGI Restrictions

Microsoft ISAPI Extension Overview 2017

Microsoft. (2017, June 16). ISAPI Extension Overview. Retrieved June 3, 2021.

Internal MISP references

UUID d00a692f-b990-4757-8acd-56818462ac0c which can be used as unique global reference for Microsoft ISAPI Extension Overview 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-03T00:00:00Z
date_published 2017-06-16T00:00:00Z
source MITRE
title ISAPI Extension Overview

Microsoft ISAPI Filter Overview 2017

Microsoft. (2017, June 16). ISAPI Filter Overview. Retrieved June 3, 2021.

Internal MISP references

UUID 2fdbf1ba-0480-4d70-9981-3b5967656472 which can be used as unique global reference for Microsoft ISAPI Filter Overview 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-03T00:00:00Z
date_published 2017-06-16T00:00:00Z
source MITRE
title ISAPI Filter Overview

welivesecurity TCC

Marc-Etienne M.Léveillé. (2022, July 19). I see what you did there: A look at the CloudMensis macOS spyware. Retrieved March 21, 2024.

Internal MISP references

UUID cf42e04a-3593-51ff-bb0b-60d681dc4cd6 which can be used as unique global reference for welivesecurity TCC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-21T00:00:00Z
date_published 2022-07-19T00:00:00Z
source MITRE
title I see what you did there: A look at the CloudMensis macOS spyware

iSight Sandworm Oct 2014

Ward, S.. (2014, October 14). iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign. Retrieved June 10, 2020.

Internal MISP references

UUID 31262b8d-27fb-4976-9d53-4fb39b5b835a which can be used as unique global reference for iSight Sandworm Oct 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-10T00:00:00Z
date_published 2014-10-14T00:00:00Z
source MITRE
title iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign

CrySyS Blog TeamSpy

CrySyS Lab. (2013, March 20). TeamSpy – Obshie manevri. Ispolzovat’ tolko s razreshenija S-a. Retrieved April 11, 2018.

Internal MISP references

UUID f21ea3e2-7983-44d2-b78f-80d84bbc4f52 which can be used as unique global reference for CrySyS Blog TeamSpy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-11T00:00:00Z
source MITRE
title Ispolzovat’ tolko s razreshenija S-a

NYTStuxnet

William J. Broad, John Markoff, and David E. Sanger. (2011, January 15). Israeli Test on Worm Called Crucial in Iran Nuclear Delay. Retrieved March 1, 2017.

Internal MISP references

UUID 38b0cf78-88d0-487f-b2b0-81264f457dd0 which can be used as unique global reference for NYTStuxnet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-01T00:00:00Z
date_published 2011-01-15T00:00:00Z
source MITRE
title Israeli Test on Worm Called Crucial in Iran Nuclear Delay

Microsoft Issues with BITS July 2011

Microsoft. (2011, July 19). Issues with BITS. Retrieved January 12, 2018.

Internal MISP references

UUID c67ddc5e-9e6c-40c0-9876-ee191cda7658 which can be used as unique global reference for Microsoft Issues with BITS July 2011 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-12T00:00:00Z
date_published 2011-07-19T00:00:00Z
source MITRE
title Issues with BITS

Ready.gov IT DRP

Ready.gov. (n.d.). IT Disaster Recovery Plan. Retrieved March 15, 2019.

Internal MISP references

UUID 66da7fcb-421b-4e2f-b575-222f465d5901 which can be used as unique global reference for Ready.gov IT DRP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-15T00:00:00Z
source MITRE
title IT Disaster Recovery Plan

Security Intelligence ITG08 April 2020

Villadsen, O. (2020, April 7). ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework. Retrieved October 8, 2020.

Internal MISP references

UUID 32569f59-14fb-4581-8a42-3bf49fb189e9 which can be used as unique global reference for Security Intelligence ITG08 April 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-08T00:00:00Z
date_published 2020-04-07T00:00:00Z
source MITRE
title ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework

Talos Frankenstein June 2019

Adamitis, D. et al. (2019, June 4). It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign. Retrieved May 11, 2020.

Internal MISP references

UUID a6faa495-db01-43e8-9db3-d446570802bc which can be used as unique global reference for Talos Frankenstein June 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-11T00:00:00Z
date_published 2019-06-04T00:00:00Z
source MITRE
title It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign

AdSecurity Forging Trust Tickets

Metcalf, S. (2015, July 15). It’s All About Trust – Forging Kerberos Trust Tickets to Spoof Access across Active Directory Trusts. Retrieved February 14, 2019.

Internal MISP references

UUID 09d3ccc1-cd8a-4675-88c0-84110f5b8e8b which can be used as unique global reference for AdSecurity Forging Trust Tickets in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-14T00:00:00Z
date_published 2015-07-15T00:00:00Z
source MITRE
title It’s All About Trust – Forging Kerberos Trust Tickets to Spoof Access across Active Directory Trusts

It’s Always DarkGate Before the Dawn

Micah Babinski. (2020, October 16). It’s Always DarkGate Before the Dawn. Retrieved October 20, 2023.

Internal MISP references

UUID 0c7c6dfa-2ba9-4f74-aeca-d97dd3a3a1cc which can be used as unique global reference for It’s Always DarkGate Before the Dawn in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-20T00:00:00Z
date_published 2020-10-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title It’s Always DarkGate Before the Dawn

CitizenLab KeyBoy Nov 2016

Hulcoop, A., et al. (2016, November 17). It’s Parliamentary KeyBoy and the targeting of the Tibetan Community. Retrieved June 13, 2019.

Internal MISP references

UUID a9394372-3981-4f41-ad66-9db343e773b1 which can be used as unique global reference for CitizenLab KeyBoy Nov 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-13T00:00:00Z
date_published 2016-11-17T00:00:00Z
source MITRE
title It’s Parliamentary KeyBoy and the targeting of the Tibetan Community

Twitter ItsReallyNick Status Update APT32 PubPrn

Carr, N. (2017, December 22). ItsReallyNick Status Update. Retrieved April 9, 2018.

Internal MISP references

UUID 2ca502a2-664c-4b85-9d6c-1bc96dfb8332 which can be used as unique global reference for Twitter ItsReallyNick Status Update APT32 PubPrn in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-09T00:00:00Z
date_published 2017-12-22T00:00:00Z
source MITRE
title ItsReallyNick Status Update

Volexity Ivanti Global Exploitation January 2024

Gurkok, C. et al. (2024, January 15). Ivanti Connect Secure VPN Exploitation Goes Global. Retrieved February 27, 2024.

Internal MISP references

UUID b96fa4f2-864d-5d88-9a29-b117da8f8c5c which can be used as unique global reference for Volexity Ivanti Global Exploitation January 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-27T00:00:00Z
date_published 2024-01-15T00:00:00Z
source MITRE
title Ivanti Connect Secure VPN Exploitation Goes Global

Trend Micro IXESHE 2012

Sancho, D., et al. (2012, May 22). IXESHE An APT Campaign. Retrieved June 7, 2019.

Internal MISP references

UUID fcea0121-cd45-4b05-8c3f-f8dad8c790b3 which can be used as unique global reference for Trend Micro IXESHE 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-07T00:00:00Z
date_published 2012-05-22T00:00:00Z
source MITRE
title IXESHE An APT Campaign

James TermServ DLL

James. (2019, July 14). @James_inthe_box. Retrieved March 28, 2022.

Internal MISP references

UUID 5a9e4f0f-83d6-4f18-a358-a9ad450c2734 which can be used as unique global reference for James TermServ DLL in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-28T00:00:00Z
date_published 2019-07-14T00:00:00Z
source MITRE
title @James_inthe_box

Jamfsoftware 3 29 2024

March. (2024, March 29). Jamf Threat Labs dissects infostealer malware. Retrieved April 5, 2024.

Internal MISP references

UUID 8b8fedb6-0922-441a-8e17-6bd92055a9b0 which can be used as unique global reference for Jamfsoftware 3 29 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-05T00:00:00Z
date_published 2024-03-29T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Jamf Threat Labs dissects infostealer malware

Symantec Cicada November 2020

Symantec. (2020, November 17). Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign. Retrieved December 17, 2020.

Internal MISP references

UUID 28a7bbd8-d664-4234-9311-2befe0238b5b which can be used as unique global reference for Symantec Cicada November 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-17T00:00:00Z
date_published 2020-11-17T00:00:00Z
source MITRE
title Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign

Carbon Black JCry May 2019

Lee, S.. (2019, May 14). JCry Ransomware. Retrieved June 18, 2019.

Internal MISP references

UUID deb97163-323a-493a-9c73-b41c8c5e5cd1 which can be used as unique global reference for Carbon Black JCry May 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-18T00:00:00Z
date_published 2019-05-14T00:00:00Z
source MITRE
title JCry Ransomware

ClearSky CopyKittens March 2017

ClearSky Cyber Security. (2017, March 30). Jerusalem Post and other Israeli websites compromised by Iranian threat agent CopyKitten. Retrieved August 21, 2017.

Internal MISP references

UUID f5a42615-0e4e-4d43-937d-05d2efe636cf which can be used as unique global reference for ClearSky CopyKittens March 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-08-21T00:00:00Z
date_published 2017-03-30T00:00:00Z
source MITRE, Tidal Cyber
title Jerusalem Post and other Israeli websites compromised by Iranian threat agent CopyKitten

Joe Sandbox 23893f035f8564dfea5030b9fdd54120d96072bb

Joe Sandbox. (n.d.). Joe Sandbox 23893f035f8564dfea5030b9fdd54120d96072bb. Retrieved October 20, 2023.

Internal MISP references

UUID c2a10cde-2c20-4090-9e8d-ca60edf07a2e which can be used as unique global reference for Joe Sandbox 23893f035f8564dfea5030b9fdd54120d96072bb in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Joe Sandbox 23893f035f8564dfea5030b9fdd54120d96072bb

Joe Slowik August 2019

Joe Slowik. (2019, August 15) CRASHOVERRIDE: Reassessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack. Retrieved October 22, 2019

Internal MISP references

UUID 7297ee41-b26e-5762-8b0f-7dcdf780f86a which can be used as unique global reference for Joe Slowik August 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-22T00:00:00Z
source MITRE
title Joe Slowik August 2019

US District Court of DC Phosphorus Complaint 2019

US District Court of DC. (2019, March 14). MICROSOFT CORPORATION v. JOHN DOES 1-2, CONTROLLING A COMPUTER NETWORK AND THEREBY INJURING PLAINTIFF AND ITS CUSTOMERS. Retrieved March 8, 2021.

Internal MISP references

UUID 8f73a709-fb7e-4d9e-9743-4ba39ea26ea8 which can be used as unique global reference for US District Court of DC Phosphorus Complaint 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-08T00:00:00Z
source MITRE
title JOHN DOES 1-2, CONTROLLING A COMPUTER NETWORK AND THEREBY INJURING PLAINTIFF AND ITS CUSTOMERS

NCSC Joint Report Public Tools

The Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), CERT New Zealand, the UK National Cyber Security Centre (UK NCSC) and the US National Cybersecurity and Communications Integration Center (NCCIC). (2018, October 11). Joint report on publicly available hacking tools. Retrieved March 11, 2019.

Internal MISP references

UUID 601d88c5-4789-4fa8-a9ab-abc8137f061c which can be used as unique global reference for NCSC Joint Report Public Tools in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-11T00:00:00Z
date_published 2018-10-11T00:00:00Z
source MITRE
title Joint report on publicly available hacking tools

USG Joint Statement SolarWinds January 2021

FBI, CISA, ODNI, NSA. (2022, January 5). Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA). Retrieved March 26, 2023.

Internal MISP references

UUID 336a6549-a95d-5763-bbaf-5ef0d3141800 which can be used as unique global reference for USG Joint Statement SolarWinds January 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-26T00:00:00Z
date_published 2022-01-05T00:00:00Z
source MITRE
title Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA)

Jsc.exe - LOLBAS Project

LOLBAS. (2019, May 31). Jsc.exe. Retrieved December 4, 2023.

Internal MISP references

UUID ae25ff74-05eb-46d7-9c60-4c149b7c7f1f which can be used as unique global reference for Jsc.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2019-05-31T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Jsc.exe

Juniper Netscreen of the Dead

Graeme Neilson . (2009, August). Juniper Netscreen of the Dead. Retrieved October 20, 2020.

Internal MISP references

UUID 3b87bd85-c6dd-4bd9-9427-33b5bd84db4a which can be used as unique global reference for Juniper Netscreen of the Dead in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2009-08-01T00:00:00Z
source MITRE
title Juniper Netscreen of the Dead

Microsoft PS JEA

Microsoft. (2022, November 17). Just Enough Administration. Retrieved March 27, 2023.

Internal MISP references

UUID 09c99ca2-5f10-5f78-9ba3-5e0e79ce8d96 which can be used as unique global reference for Microsoft PS JEA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-27T00:00:00Z
date_published 2022-11-17T00:00:00Z
source MITRE
title Just Enough Administration

Justice GRU 2024

Office of Public Affairs. (2024, February 15). Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU). Retrieved March 28, 2024.

Internal MISP references

UUID 957488f8-c2a8-54b0-a3cb-7b510640a2c4 which can be used as unique global reference for Justice GRU 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-28T00:00:00Z
date_published 2024-02-15T00:00:00Z
source MITRE
title Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU)

U.S. Justice Department GRU Botnet February 2024

Office of Public Affairs. (2024, February 15). Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU). Retrieved February 29, 2024.

Internal MISP references

UUID 26a554dc-39c0-4638-902d-7e84fe01b961 which can be used as unique global reference for U.S. Justice Department GRU Botnet February 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-29T00:00:00Z
date_published 2024-02-15T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU)

Azure Active Directory Reconnaisance

Dr. Nestori Syynimaa. (2020, June 13). Just looking: Azure Active Directory reconnaissance as an outsider. Retrieved May 27, 2022.

Internal MISP references

UUID 42dad2a3-5b33-4be4-a19b-58a27fb3ee5d which can be used as unique global reference for Azure Active Directory Reconnaisance in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-27T00:00:00Z
date_published 2020-06-13T00:00:00Z
source MITRE
title Just looking: Azure Active Directory reconnaissance as an outsider

Azure AD Recon

Dr. Nestori Syynimaa. (2020, June 13). Just looking: Azure Active Directory reconnaissance as an outsider. Retrieved February 1, 2022.

Internal MISP references

UUID 16565eaf-44fb-44f4-b490-40dc1160ff2b which can be used as unique global reference for Azure AD Recon in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-01T00:00:00Z
date_published 2020-06-13T00:00:00Z
source MITRE
title Just looking: Azure Active Directory reconnaissance as an outsider

intezer-kaiji-malware

Paul Litvak. (2020, May 4). Kaiji: New Chinese Linux malware turning to Golang. Retrieved December 17, 2020.

Internal MISP references

UUID ef1fbb40-da6f-41d0-a44a-9ff444e2ad89 which can be used as unique global reference for intezer-kaiji-malware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-17T00:00:00Z
date_published 2020-05-04T00:00:00Z
source MITRE
title Kaiji: New Chinese Linux malware turning to Golang

Kali Redsnarf

NCC Group PLC. (2016, November 1). Kali Redsnarf. Retrieved December 11, 2017.

Internal MISP references

UUID 459fcde2-7ac3-4640-a5bc-cd8750e54962 which can be used as unique global reference for Kali Redsnarf in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-11T00:00:00Z
date_published 2016-11-01T00:00:00Z
source MITRE
title Kali Redsnarf

TrustedSignal Service Failure

Hull, D. (2014, May 3). Kansa: Service related collectors and analysis. Retrieved October 10, 2019.

Internal MISP references

UUID 58d5bc0b-8548-4c3a-8302-e07df3b961ff which can be used as unique global reference for TrustedSignal Service Failure in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-10T00:00:00Z
date_published 2014-05-03T00:00:00Z
source MITRE
title Kansa: Service related collectors and analysis

Hull, D.. (2014, May 3). Kansa: Service related collectors and analysis. Retrieved October 10, 2019.

Internal MISP references

UUID d854f84a-4d70-4ef4-9197-d8f5396feabb which can be used as unique global reference for Kansa Service related collectors in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-10T00:00:00Z
date_published 2014-05-03T00:00:00Z
source MITRE
title Kansa: Service related collectors and analysis

U.S. CISA Karakurt December 12 2023

Cybersecurity and Infrastructure Security Agency. (2023, December 12). Karakurt Data Extortion Group. Retrieved May 1, 2024.

Internal MISP references

UUID ca7ae918-5fbb-472a-b9fa-8e0eaee93af7 which can be used as unique global reference for U.S. CISA Karakurt December 12 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-05-01T00:00:00Z
date_published 2023-12-12T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Karakurt Data Extortion Group

CISA Karakurt 2022

Cybersecurity Infrastructure and Defense Agency. (2022, June 2). Karakurt Data Extortion Group. Retrieved March 10, 2023.

Internal MISP references

UUID 5a9a79fa-532b-582b-9741-cb732803cd22 which can be used as unique global reference for CISA Karakurt 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-10T00:00:00Z
date_published 2022-06-02T00:00:00Z
source MITRE
title Karakurt Data Extortion Group

Kaspersky Lab SynAck May 2018

Bettencourt, J. (2018, May 7). Kaspersky Lab finds new variant of SynAck ransomware using sophisticated Doppelgänging technique. Retrieved May 24, 2018.

Internal MISP references

UUID bbb9bcb5-cd44-4dcb-a7e5-f6c4cf93f74f which can be used as unique global reference for Kaspersky Lab SynAck May 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-24T00:00:00Z
date_published 2018-05-07T00:00:00Z
source MITRE
title Kaspersky Lab finds new variant of SynAck ransomware using sophisticated Doppelgänging technique

Unit 42 Kazuar May 2017

Levene, B, et al. (2017, May 03). Kazuar: Multiplatform Espionage Backdoor with API Access. Retrieved July 17, 2018.

Internal MISP references

UUID 07e64ee6-3d3e-49e4-bb06-ff5897e26ea9 which can be used as unique global reference for Unit 42 Kazuar May 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-17T00:00:00Z
date_published 2017-05-03T00:00:00Z
source MITRE
title Kazuar: Multiplatform Espionage Backdoor with API Access

Citizen Lab Stealth Falcon May 2016

Marczak, B. and Scott-Railton, J.. (2016, May 29). Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents. Retrieved June 8, 2016.

Internal MISP references

UUID 11f46b1e-a141-4d25-bff0-e955251be7f5 which can be used as unique global reference for Citizen Lab Stealth Falcon May 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-08T00:00:00Z
date_published 2016-05-29T00:00:00Z
source MITRE, Tidal Cyber
title Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents

Github KeeThief

Lee, C., Schoreder, W. (n.d.). KeeThief. Retrieved February 8, 2021.

Internal MISP references

UUID 3b6231fb-5b52-4a3a-a21f-0881901d0037 which can be used as unique global reference for Github KeeThief in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-08T00:00:00Z
source MITRE
title KeeThief

Kekeo

Benjamin Delpy. (n.d.). Kekeo. Retrieved October 4, 2021.

Internal MISP references

UUID 0b69f0f5-dd4a-4926-9369-8253a0c3ddea which can be used as unique global reference for Kekeo in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-04T00:00:00Z
source MITRE
title Kekeo

Harmj0y Kerberoast Nov 2016

Schroeder, W. (2016, November 1). Kerberoasting Without Mimikatz. Retrieved March 23, 2018.

Internal MISP references

UUID 6f1f8bc3-421e-46ff-88e3-48fcc6f7b76a which can be used as unique global reference for Harmj0y Kerberoast Nov 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-23T00:00:00Z
date_published 2016-11-01T00:00:00Z
source MITRE
title Kerberoasting Without Mimikatz

ADSecurity Kerberos Ring Decoder

Sean Metcalf. (2014, September 12). Kerberos, Active Directory’s Secret Decoder Ring. Retrieved February 27, 2020.

Internal MISP references

UUID 5f78a554-2d5c-49af-8c6c-6e10f9aec997 which can be used as unique global reference for ADSecurity Kerberos Ring Decoder in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-27T00:00:00Z
date_published 2014-09-12T00:00:00Z
source MITRE
title Kerberos, Active Directory’s Secret Decoder Ring

macOS kerberos framework MIT

Massachusetts Institute of Technology. (2007, October 27). Kerberos for Macintosh Preferences Documentation. Retrieved October 6, 2021.

Internal MISP references

UUID 8e09346b-03ce-4627-a365-f2f63089d1e0 which can be used as unique global reference for macOS kerberos framework MIT in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-06T00:00:00Z
date_published 2007-10-27T00:00:00Z
source MITRE
title Kerberos for Macintosh Preferences Documentation

Microsoft Kerberos Golden Ticket

Microsoft. (2015, March 24). Kerberos Golden Ticket Check (Updated). Retrieved February 27, 2020.

Internal MISP references

UUID 2d8790db-b088-40d0-be99-acd3e695c7a6 which can be used as unique global reference for Microsoft Kerberos Golden Ticket in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-27T00:00:00Z
date_published 2015-03-24T00:00:00Z
source MITRE
title Kerberos Golden Ticket Check (Updated)

CERT-EU Golden Ticket Protection

Abolins, D., Boldea, C., Socha, K., Soria-Machado, M. (2016, April 26). Kerberos Golden Ticket Protection. Retrieved July 13, 2017.

Internal MISP references

UUID 268f9cfa-71f4-4cb1-96f3-c61e71892d30 which can be used as unique global reference for CERT-EU Golden Ticket Protection in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-13T00:00:00Z
date_published 2016-04-26T00:00:00Z
source MITRE
title Kerberos Golden Ticket Protection

AdSecurity Kerberos GT Aug 2015

Metcalf, S. (2015, August 7). Kerberos Golden Tickets are Now More Golden. Retrieved December 1, 2017.

Internal MISP references

UUID aac51d49-9a72-4456-8539-8a5f5d0ef7d7 which can be used as unique global reference for AdSecurity Kerberos GT Aug 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-01T00:00:00Z
date_published 2015-08-07T00:00:00Z
source MITRE
title Kerberos Golden Tickets are Now More Golden

ADSecurity Kerberos and KRBTGT

Sean Metcalf. (2014, November 10). Kerberos & KRBTGT: Active Directory’s Domain Kerberos Service Account. Retrieved January 30, 2020.

Internal MISP references

UUID 6e61f3e1-35e6-44f4-9bc4-60b2bcb71b15 which can be used as unique global reference for ADSecurity Kerberos and KRBTGT in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-01-30T00:00:00Z
date_published 2014-11-10T00:00:00Z
source MITRE
title Kerberos & KRBTGT: Active Directory’s Domain Kerberos Service Account

Microsoft Kerberos Preauth 2014

Sanyal, M.. (2014, March 18). Kerberos Pre-Authentication: Why It Should Not Be Disabled. Retrieved August 25, 2020.

Internal MISP references

UUID 328953ed-93c7-46c0-9a05-53dc44d294fe which can be used as unique global reference for Microsoft Kerberos Preauth 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-25T00:00:00Z
date_published 2014-03-18T00:00:00Z
source MITRE
title Kerberos Pre-Authentication: Why It Should Not Be Disabled

Linux Kerberos Tickets

Trevor Haskell. (2020, April 1). Kerberos Tickets on Linux Red Teams. Retrieved October 4, 2021.

Internal MISP references

UUID 5aea042f-4eb1-4092-89be-3db695053470 which can be used as unique global reference for Linux Kerberos Tickets in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-04T00:00:00Z
date_published 2020-04-01T00:00:00Z
source MITRE
title Kerberos Tickets on Linux Red Teams

Kernel Self Protection Project

Kernel.org. (2020, February 6). Kernel Self-Protection. Retrieved June 4, 2020.

Internal MISP references

UUID b75466f2-c20e-4c4a-b71b-e91fb39cfcd3 which can be used as unique global reference for Kernel Self Protection Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-04T00:00:00Z
date_published 2020-02-06T00:00:00Z
source MITRE
title Kernel Self-Protection

Rapid7 KeyBoy Jun 2013

Guarnieri, C., Schloesser M. (2013, June 7). KeyBoy, Targeted Attacks against Vietnam and India. Retrieved June 14, 2019.

Internal MISP references

UUID e549add8-1dfd-40d6-8974-35e1a38a707b which can be used as unique global reference for Rapid7 KeyBoy Jun 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-14T00:00:00Z
date_published 2013-06-07T00:00:00Z
source MITRE
title KeyBoy, Targeted Attacks against Vietnam and India

Keychain Items Apple Dev API

Apple. (n.d.). Keychain Items. Retrieved April 12, 2022.

Internal MISP references

UUID 4e499819-b910-4c07-a8b4-a7d40f2c0ac4 which can be used as unique global reference for Keychain Items Apple Dev API in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-12T00:00:00Z
source MITRE
title Keychain Items

Keychain Services Apple

Apple. (n.d.). Keychain Services. Retrieved April 11, 2022.

Internal MISP references

UUID 0754f48d-dad8-480c-953c-256be4dfcfc3 which can be used as unique global reference for Keychain Services Apple in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-11T00:00:00Z
source MITRE
title Keychain Services

Wikipedia keychain

Wikipedia. (n.d.). Keychain (software). Retrieved July 5, 2017.

Internal MISP references

UUID 8aac5356-31cb-4e0b-a766-9aa07d977acd which can be used as unique global reference for Wikipedia keychain in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-05T00:00:00Z
source MITRE
title Keychain (software)

Keyctl-unmask

Mark Manning. (2020, July 23). Keyctl-unmask: "Going Florida" on The State Of Containerizing Linux Keyrings. Retrieved July 6, 2022.

Internal MISP references

UUID 75db8c88-e547-4d1b-8f22-6ace2b3d7ad4 which can be used as unique global reference for Keyctl-unmask in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-06T00:00:00Z
date_published 2020-07-23T00:00:00Z
source MITRE
title Keyctl-unmask: "Going Florida" on The State Of Containerizing Linux Keyrings

Google Cloud Encryption Key Rotation

Google. (n.d.). Key rotation. Retrieved October 18, 2019.

Internal MISP references

UUID 4ba76434-f5ca-4a1d-b111-9292f6debfdb which can be used as unique global reference for Google Cloud Encryption Key Rotation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-18T00:00:00Z
source MITRE
title Key rotation

KillDisk Ransomware

Catalin Cimpanu. (2016, December 29). KillDisk Disk-Wiping Malware Adds Ransomware Component. Retrieved January 12, 2021.

Internal MISP references

UUID 9d22f13d-af6d-47b5-93ed-5e4b85b94978 which can be used as unique global reference for KillDisk Ransomware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-12T00:00:00Z
date_published 2016-12-29T00:00:00Z
source MITRE
title KillDisk Disk-Wiping Malware Adds Ransomware Component

Trend Micro KillDisk 1

Fernando Merces, Byron Gelera, Martin Co. (2018, June 7). KillDisk Variant Hits Latin American Finance Industry. Retrieved January 12, 2021.

Internal MISP references

UUID 8ae31db0-2744-4366-9747-55fc4679dbf5 which can be used as unique global reference for Trend Micro KillDisk 1 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-12T00:00:00Z
date_published 2018-06-07T00:00:00Z
source MITRE
title KillDisk Variant Hits Latin American Finance Industry

Trend Micro KillDisk 2

Gilbert Sison, Rheniel Ramos, Jay Yaneza, Alfredo Oliveira. (2018, January 15). KillDisk Variant Hits Latin American Financial Groups. Retrieved January 12, 2021.

Internal MISP references

UUID 62d9a4c9-e669-4dd4-a584-4f3e3e54f97f which can be used as unique global reference for Trend Micro KillDisk 2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-12T00:00:00Z
date_published 2018-01-15T00:00:00Z
source MITRE
title KillDisk Variant Hits Latin American Financial Groups

Killing IOS diversity myth

Ang Cui, Jatin Kataria, Salvatore J. Stolfo. (2011, August). Killing the myth of Cisco IOS diversity: recent advances in reliable shellcode design. Retrieved October 20, 2020.

Internal MISP references

UUID 19d7ccc6-76ed-4b12-af50-f810fbc22037 which can be used as unique global reference for Killing IOS diversity myth in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2011-08-01T00:00:00Z
source MITRE
title Killing the myth of Cisco IOS diversity: recent advances in reliable shellcode design

Killing the myth of Cisco IOS rootkits

Sebastian 'topo' Muñiz. (2008, May). Killing the myth of Cisco IOS rootkits. Retrieved October 20, 2020.

Internal MISP references

UUID 538070d6-fbdb-4cc9-8ddf-c331e4375cfb which can be used as unique global reference for Killing the myth of Cisco IOS rootkits in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2008-05-01T00:00:00Z
source MITRE
title Killing the myth of Cisco IOS rootkits

Vedere Labs Killnet 2022

Vedere Labs. (2022, June 2). Killnet: Analysis of Attacks from a Prominent Pro-Russian Hacktivist Group. Retrieved October 9, 2023.

Internal MISP references

UUID 628a9288-ae87-4deb-92ce-081ba88c15be which can be used as unique global reference for Vedere Labs Killnet 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-09T00:00:00Z
date_published 2022-06-02T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Killnet: Analysis of Attacks from a Prominent Pro-Russian Hacktivist Group

Flashpoint Glossary Killnet

Flashpoint. (n.d.). Killnet: Inside the World’s Most Prominent Pro-Kremlin Hacktivist Collective. Retrieved October 10, 2023.

Internal MISP references

UUID 502cc03b-350b-4e2d-9436-364c43a0a203 which can be used as unique global reference for Flashpoint Glossary Killnet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-10T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Killnet: Inside the World’s Most Prominent Pro-Kremlin Hacktivist Collective

Malwarebytes Kimsuky June 2021

Jazi, H. (2021, June 1). Kimsuky APT continues to target South Korean government using AppleSeed backdoor. Retrieved June 10, 2021.

Internal MISP references

UUID 9a497c56-f1d3-4889-8c1a-14b013f14668 which can be used as unique global reference for Malwarebytes Kimsuky June 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-10T00:00:00Z
date_published 2021-06-01T00:00:00Z
source MITRE, Tidal Cyber
title Kimsuky APT continues to target South Korean government using AppleSeed backdoor

Kimsuky Malwarebytes

Hossein Jazi. (2021, June 1). Kimsuky APT continues to target South Korean government using AppleSeed backdoor. Retrieved January 10, 2024.

Internal MISP references

UUID 8b0dd1d7-dc9c-50d3-a47e-20304591ac40 which can be used as unique global reference for Kimsuky Malwarebytes in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-10T00:00:00Z
date_published 2021-06-01T00:00:00Z
source MITRE
title Kimsuky APT continues to target South Korean government using AppleSeed backdoor

VirusBulletin Kimsuky October 2019

Kim, J. et al. (2019, October). KIMSUKY GROUP: TRACKING THE KING OF THE SPEAR PHISHING. Retrieved November 2, 2020.

Internal MISP references

UUID e9a8db17-8b10-44c2-a0e1-88e6bcfb67f1 which can be used as unique global reference for VirusBulletin Kimsuky October 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-02T00:00:00Z
date_published 2019-10-01T00:00:00Z
source MITRE
title KIMSUKY GROUP: TRACKING THE KING OF THE SPEAR PHISHING

EST Kimsuky April 2019

Alyac. (2019, April 3). Kimsuky Organization Steals Operation Stealth Power. Retrieved August 13, 2019.

Internal MISP references

UUID 8e52db6b-5ac3-448a-93f6-96a21787a346 which can be used as unique global reference for EST Kimsuky April 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-08-13T00:00:00Z
date_published 2019-04-03T00:00:00Z
source MITRE
title Kimsuky Organization Steals Operation Stealth Power

ThreatConnect Kimsuky September 2020

ThreatConnect. (2020, September 28). Kimsuky Phishing Operations Putting In Work. Retrieved October 30, 2020.

Internal MISP references

UUID 45d64462-2bed-46e8-ac52-9d4914608a93 which can be used as unique global reference for ThreatConnect Kimsuky September 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-30T00:00:00Z
date_published 2020-09-28T00:00:00Z
source MITRE
title Kimsuky Phishing Operations Putting In Work

BRI Kimsuky April 2019

BRI. (2019, April). Kimsuky unveils APT campaign 'Smoke Screen' aimed at Korea and America. Retrieved October 7, 2019.

Internal MISP references

UUID b72dd3a1-62ca-4a05-96a8-c4bddb17db50 which can be used as unique global reference for BRI Kimsuky April 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-07T00:00:00Z
date_published 2019-04-01T00:00:00Z
source MITRE
title Kimsuky unveils APT campaign 'Smoke Screen' aimed at Korea and America

Microsoft Klist

Microsoft. (2021, March 3). klist. Retrieved October 14, 2021.

Internal MISP references

UUID f500340f-23fc-406a-97ef-0de787ef8cec which can be used as unique global reference for Microsoft Klist in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-14T00:00:00Z
date_published 2021-03-03T00:00:00Z
source MITRE
title klist

FireEye Know Your Enemy FIN8 Aug 2016

Elovitz, S. & Ahl, I. (2016, August 18). Know Your Enemy: New Financially-Motivated & Spear-Phishing Group. Retrieved February 26, 2018.

Internal MISP references

UUID 0119687c-b46b-4b5f-a6d8-affa14258392 which can be used as unique global reference for FireEye Know Your Enemy FIN8 Aug 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-26T00:00:00Z
date_published 2016-08-18T00:00:00Z
source MITRE
title Know Your Enemy: New Financially-Motivated & Spear-Phishing Group

Github Koadic

Magius, J., et al. (2017, July 19). Koadic. Retrieved June 18, 2018.

Internal MISP references

UUID 54cbf1bd-9aed-4f82-8c15-6e88dd5d8d64 which can be used as unique global reference for Github Koadic in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-06-18T00:00:00Z
date_published 2017-07-19T00:00:00Z
source MITRE
title Koadic

ESET Kobalos Feb 2021

M.Leveille, M., Sanmillan, I. (2021, February 2). Kobalos – A complex Linux threat to high performance computing infrastructure. Retrieved August 24, 2021.

Internal MISP references

UUID 883a9417-f7f6-4aa6-8708-8c320d4e0a7a which can be used as unique global reference for ESET Kobalos Feb 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-24T00:00:00Z
date_published 2021-02-02T00:00:00Z
source MITRE
title Kobalos – A complex Linux threat to high performance computing infrastructure

Talos Konni May 2017

Rascagneres, P. (2017, May 03). KONNI: A Malware Under The Radar For Years. Retrieved November 5, 2018.

Internal MISP references

UUID 4cb69c58-4e47-4fb9-9eef-8a0b5447a553 which can be used as unique global reference for Talos Konni May 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-05T00:00:00Z
date_published 2017-05-03T00:00:00Z
source MITRE
title KONNI: A Malware Under The Radar For Years

Malwarebytes KONNI Evolves Jan 2022

Santos, R. (2022, January 26). KONNI evolves into stealthier RAT. Retrieved April 13, 2022.

Internal MISP references

UUID 5dbb84dc-a991-4fa7-8528-639b1430ca02 which can be used as unique global reference for Malwarebytes KONNI Evolves Jan 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-13T00:00:00Z
date_published 2022-01-26T00:00:00Z
source MITRE
title KONNI evolves into stealthier RAT

Talos Group123

Mercer, W., Rascagneres, P. (2018, January 16). Korea In The Crosshairs. Retrieved May 21, 2018.

Internal MISP references

UUID bf8b2bf0-cca3-437b-a640-715f9cc945f7 which can be used as unique global reference for Talos Group123 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-21T00:00:00Z
date_published 2018-01-16T00:00:00Z
source MITRE
title Korea In The Crosshairs

Kube Kubectl

kubernetes. (n.d.). kubectl. Retrieved October 13, 2021.

Internal MISP references

UUID 5aae1cd7-4e24-40a5-90d8-1f6431851a8f which can be used as unique global reference for Kube Kubectl in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-13T00:00:00Z
source MITRE
title kubectl

Kubernetes Kubelet

The Kubernetes Authors. (n.d.). Kubelet. Retrieved March 29, 2021.

Internal MISP references

UUID 57527fb9-d076-4ce1-afb5-e7bdb9c9d74c which can be used as unique global reference for Kubernetes Kubelet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-29T00:00:00Z
source MITRE
title Kubelet

Kubernetes CronJob

The Kubernetes Authors. (n.d.). Kubernetes CronJob. Retrieved March 29, 2021.

Internal MISP references

UUID 354d242c-227e-4827-b559-dc1650d37acd which can be used as unique global reference for Kubernetes CronJob in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-29T00:00:00Z
source MITRE
title Kubernetes CronJob

Kubernetes Hardening Guide

National Security Agency, Cybersecurity and Infrastructure Security Agency. (2022, March). Kubernetes Hardening Guide. Retrieved April 1, 2022.

Internal MISP references

UUID e423b14c-dd39-4b36-9b95-96efbcaf0a12 which can be used as unique global reference for Kubernetes Hardening Guide in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-01T00:00:00Z
date_published 2022-03-01T00:00:00Z
source MITRE
title Kubernetes Hardening Guide

Kubernetes Jobs

The Kubernetes Authors. (n.d.). Kubernetes Jobs. Retrieved March 30, 2021.

Internal MISP references

UUID 21a4388d-dbf8-487b-a2a2-67927b099e4a which can be used as unique global reference for Kubernetes Jobs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-30T00:00:00Z
source MITRE
title Kubernetes Jobs

AppSecco Kubernetes Namespace Breakout 2020

Abhisek Datta. (2020, March 18). Kubernetes Namespace Breakout using Insecure Host Path Volume — Part 1. Retrieved January 16, 2024.

Internal MISP references

UUID 85852b3e-f6a3-5406-9dd5-a649358a53de which can be used as unique global reference for AppSecco Kubernetes Namespace Breakout 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-16T00:00:00Z
date_published 2020-03-18T00:00:00Z
source MITRE
title Kubernetes Namespace Breakout using Insecure Host Path Volume — Part 1

Kubernetes Dashboard

The Kubernetes Authors. (n.d.). Kubernetes Web UI (Dashboard). Retrieved March 29, 2021.

Internal MISP references

UUID 02f23351-df83-4aae-a0bd-614ed91bc683 which can be used as unique global reference for Kubernetes Dashboard in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-29T00:00:00Z
source MITRE
title Kubernetes Web UI (Dashboard)

Intezer App Service Phishing

Paul Litvak. (2020, October 8). Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure. Retrieved August 18, 2022.

Internal MISP references

UUID e86abbd9-f349-4d90-8ec9-899fe1637f94 which can be used as unique global reference for Intezer App Service Phishing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-18T00:00:00Z
date_published 2020-10-08T00:00:00Z
source MITRE
title Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure

Alintanahin 2014

Alintanahin, K. (2014, March 13). Kunming Attack Leads to Gh0st RAT Variant. Retrieved November 12, 2014.

Internal MISP references

UUID 1c5ee0d2-4d6c-4a5f-9790-79bfb7abc53f which can be used as unique global reference for Alintanahin 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
date_published 2014-03-13T00:00:00Z
source MITRE
title Kunming Attack Leads to Gh0st RAT Variant

Wits End and Shady PowerShell Profiles

DeRyke, A.. (2019, June 7). Lab Notes: Persistence and Privilege Elevation using the Powershell Profile. Retrieved July 8, 2019.

Internal MISP references

UUID 8fcbd99a-1fb8-4ca3-9efd-a98734d4397d which can be used as unique global reference for Wits End and Shady PowerShell Profiles in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-08T00:00:00Z
date_published 2019-06-07T00:00:00Z
source MITRE
title Lab Notes: Persistence and Privilege Elevation using the Powershell Profile

AWS Lambda Execution Role

AWS. (n.d.). Lambda execution role. Retrieved February 28, 2024.

Internal MISP references

UUID 18e41da7-8dd3-569b-a54d-253aa8cd22ff which can be used as unique global reference for AWS Lambda Execution Role in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-28T00:00:00Z
source MITRE
title Lambda execution role

NCC Group LAPSUS Apr 2022

Brown, D., et al. (2022, April 28). LAPSUS$: Recent techniques, tactics and procedures. Retrieved December 22, 2022.

Internal MISP references

UUID d2e7c69d-8a10-51ca-af7b-22d08f4dfe45 which can be used as unique global reference for NCC Group LAPSUS Apr 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-12-22T00:00:00Z
date_published 2022-04-28T00:00:00Z
source MITRE
title LAPSUS$: Recent techniques, tactics and procedures

BBC LAPSUS Apr 2022

BBC. (2022, April 1). LAPSUS: Two UK Teenagers Charged with Hacking for Gang. Retrieved June 9, 2022.

Internal MISP references

UUID 6c9f4312-6c9d-401c-b20f-12ce50c94a96 which can be used as unique global reference for BBC LAPSUS Apr 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-09T00:00:00Z
date_published 2022-04-01T00:00:00Z
source MITRE
title LAPSUS: Two UK Teenagers Charged with Hacking for Gang

Enigma Excel DCOM Sept 2017

Nelson, M. (2017, September 11). Lateral Movement using Excel.Application and DCOM. Retrieved November 21, 2017.

Internal MISP references

UUID 953dc856-d906-4d87-a421-4e708f30208c which can be used as unique global reference for Enigma Excel DCOM Sept 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-21T00:00:00Z
date_published 2017-09-11T00:00:00Z
source MITRE
title Lateral Movement using Excel.Application and DCOM

Enigma Outlook DCOM Lateral Movement Nov 2017

Nelson, M. (2017, November 16). Lateral Movement using Outlook's CreateObject Method and DotNetToJScript. Retrieved November 21, 2017.

Internal MISP references

UUID 48c8b8c4-1ce2-4fbc-a95d-dc8b39304200 which can be used as unique global reference for Enigma Outlook DCOM Lateral Movement Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-21T00:00:00Z
date_published 2017-11-16T00:00:00Z
source MITRE
title Lateral Movement using Outlook's CreateObject Method and DotNetToJScript

Enigma MMC20 COM Jan 2017

Nelson, M. (2017, January 5). Lateral Movement using the MMC20 Application COM Object. Retrieved November 21, 2017.

Internal MISP references

UUID ecc1023d-ef37-46e3-8dce-8fd5bb6a10dc which can be used as unique global reference for Enigma MMC20 COM Jan 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-21T00:00:00Z
date_published 2017-01-05T00:00:00Z
source MITRE
title Lateral Movement using the MMC20 Application COM Object

Enigma DCOM Lateral Movement Jan 2017

Nelson, M. (2017, January 23). Lateral Movement via DCOM: Round 2. Retrieved November 21, 2017.

Internal MISP references

UUID 62a14d3b-c61b-4c96-ad28-0519745121e3 which can be used as unique global reference for Enigma DCOM Lateral Movement Jan 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-21T00:00:00Z
date_published 2017-01-23T00:00:00Z
source MITRE
title Lateral Movement via DCOM: Round 2

Jacobsen 2014

Jacobsen, K. (2014, May 16). Lateral Movement with PowerShell[slides]. Retrieved November 12, 2014.

Internal MISP references

UUID f9ca049c-5cab-4d80-a84b-1695365871e3 which can be used as unique global reference for Jacobsen 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
date_published 2014-05-16T00:00:00Z
source MITRE
title Lateral Movement with PowerShell[slides]

Launchctl Man

SS64. (n.d.). launchctl. Retrieved March 28, 2020.

Internal MISP references

UUID 26bd50ba-c359-4804-b574-7ec731b37fa6 which can be used as unique global reference for Launchctl Man in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-28T00:00:00Z
source MITRE
title launchctl

LaunchDaemon Hijacking

Bradley Kemp. (2021, May 10). LaunchDaemon Hijacking: privilege escalation and persistence via insecure folder permissions. Retrieved July 26, 2021.

Internal MISP references

UUID 51d1e4d9-265a-48ca-834b-4daa1f386bb4 which can be used as unique global reference for LaunchDaemon Hijacking in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-07-26T00:00:00Z
date_published 2021-05-10T00:00:00Z
source MITRE
title LaunchDaemon Hijacking: privilege escalation and persistence via insecure folder permissions

launchd Keywords for plists

Dennis German. (2020, November 20). launchd Keywords for plists. Retrieved October 7, 2021.

Internal MISP references

UUID 1bcd2a93-93e7-48d8-ad25-6f09e94123aa which can be used as unique global reference for launchd Keywords for plists in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-07T00:00:00Z
date_published 2020-11-20T00:00:00Z
source MITRE
title launchd Keywords for plists

Launch Services Apple Developer

Apple. (n.d.). Launch Services. Retrieved October 5, 2021.

Internal MISP references

UUID 9973ceb1-2fee-451b-a512-c544671ee9fd which can be used as unique global reference for Launch Services Apple Developer in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-05T00:00:00Z
source MITRE
title Launch Services

Launch Service Keys Developer Apple

Apple. (2018, June 4). Launch Services Keys. Retrieved October 5, 2021.

Internal MISP references

UUID d75fd3e6-c1cd-4555-b131-80e34f51f09d which can be used as unique global reference for Launch Service Keys Developer Apple in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-05T00:00:00Z
date_published 2018-06-04T00:00:00Z
source MITRE
title Launch Services Keys

Launch-VsDevShell.ps1 - LOLBAS Project

LOLBAS. (2022, June 13). Launch-VsDevShell.ps1. Retrieved December 4, 2023.

Internal MISP references

UUID 6e81ff6a-a386-495e-bd4b-cf698b02bce8 which can be used as unique global reference for Launch-VsDevShell.ps1 - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-06-13T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Launch-VsDevShell.ps1

MalwareBytes Lazarus-Andariel Conceals Code April 2021

Jazi, H. (2021, April 19). Lazarus APT conceals malicious code within BMP image to drop its RAT . Retrieved September 29, 2021.

Internal MISP references

UUID c531a8dc-ea08-46db-a6d4-754bd1b9d545 which can be used as unique global reference for MalwareBytes Lazarus-Andariel Conceals Code April 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
date_published 2021-04-19T00:00:00Z
source MITRE
title Lazarus APT conceals malicious code within BMP image to drop its RAT

Lazarus RATANKBA

Lei, C., et al. (2018, January 24). Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More. Retrieved May 22, 2018.

Internal MISP references

UUID e3f9853f-29b0-4219-a488-a6ecfa16b09f which can be used as unique global reference for Lazarus RATANKBA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-22T00:00:00Z
date_published 2018-01-24T00:00:00Z
source MITRE
title Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More

ATT Lazarus TTP Evolution

Fernando Martinez. (2021, July 6). Lazarus campaign TTPs and evolution. Retrieved September 22, 2021.

Internal MISP references

UUID 594c59ff-c4cb-4164-a62d-120e282b2538 which can be used as unique global reference for ATT Lazarus TTP Evolution in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-22T00:00:00Z
date_published 2021-07-06T00:00:00Z
source MITRE
title Lazarus campaign TTPs and evolution

TrendMicro Lazarus Nov 2018

Trend Micro. (2018, November 20). Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America. Retrieved December 3, 2018.

Internal MISP references

UUID 4c697316-c13a-4243-be18-c0e059e4168c which can be used as unique global reference for TrendMicro Lazarus Nov 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-12-03T00:00:00Z
date_published 2018-11-20T00:00:00Z
source MITRE
title Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America

F-Secure Lazarus Cryptocurrency Aug 2020

F-Secure Labs. (2020, August 18). Lazarus Group Campaign Targeting the Cryptocurrency Vertical. Retrieved September 1, 2020.

Internal MISP references

UUID f7facaae-e768-42eb-8e0e-2bfd0a636076 which can be used as unique global reference for F-Secure Lazarus Cryptocurrency Aug 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-01T00:00:00Z
date_published 2020-08-18T00:00:00Z
source MITRE
title Lazarus Group Campaign Targeting the Cryptocurrency Vertical

Lazarus KillDisk

Kálnai, P., Cherepanov A. (2018, April 03). Lazarus KillDisks Central American casino. Retrieved May 17, 2018.

Internal MISP references

UUID 6f931476-29e6-4bba-ba1b-37ab742f4b49 which can be used as unique global reference for Lazarus KillDisk in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-17T00:00:00Z
date_published 2018-04-03T00:00:00Z
source MITRE
title Lazarus KillDisks Central American casino

ESET Lazarus KillDisk April 2018

Kálnai, P., Cherepanov A. (2018, April 03). Lazarus KillDisks Central American casino. Retrieved May 17, 2018.

Internal MISP references

UUID 454704b7-9ede-4d30-acfd-2cf16a89bcb3 which can be used as unique global reference for ESET Lazarus KillDisk April 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-17T00:00:00Z
date_published 2018-04-03T00:00:00Z
source MITRE
title Lazarus KillDisks Central American casino

McAfee Lazarus Resurfaces Feb 2018

Sherstobitoff, R. (2018, February 12). Lazarus Resurfaces, Targets Global Banks and Bitcoin Users. Retrieved February 19, 2018.

Internal MISP references

UUID 4e4cb57d-764a-4233-8fc6-d049a1caabe9 which can be used as unique global reference for McAfee Lazarus Resurfaces Feb 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-19T00:00:00Z
date_published 2018-02-12T00:00:00Z
source MITRE
title Lazarus Resurfaces, Targets Global Banks and Bitcoin Users

Kaspersky ThreatNeedle Feb 2021

Vyacheslav Kopeytsev and Seongsu Park. (2021, February 25). Lazarus targets defense industry with ThreatNeedle. Retrieved October 27, 2021.

Internal MISP references

UUID ba6a5fcc-9391-42c0-8b90-57b729525f41 which can be used as unique global reference for Kaspersky ThreatNeedle Feb 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-27T00:00:00Z
date_published 2021-02-25T00:00:00Z
source MITRE
title Lazarus targets defense industry with ThreatNeedle

Kaspersky Lazarus Under The Hood Blog 2017

GReAT. (2017, April 3). Lazarus Under the Hood. Retrieved April 17, 2019.

Internal MISP references

UUID a1e1ab6a-8db0-4593-95ec-78784607dfa0 which can be used as unique global reference for Kaspersky Lazarus Under The Hood Blog 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-17T00:00:00Z
date_published 2017-04-03T00:00:00Z
source MITRE, Tidal Cyber
title Lazarus Under the Hood

Kaspersky Lazarus Under The Hood APR 2017

GReAT. (2017, April 3). Lazarus Under the Hood. Retrieved October 3, 2018.

Internal MISP references

UUID 312b30b1-3bd6-46ea-8f77-504f442499bc which can be used as unique global reference for Kaspersky Lazarus Under The Hood APR 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-10-03T00:00:00Z
date_published 2017-04-03T00:00:00Z
source MITRE
title Lazarus Under the Hood

Secureworks Emotet Nov 2018

Mclellan, M.. (2018, November 19). Lazy Passwords Become Rocket Fuel for Emotet SMB Spreader. Retrieved March 25, 2019.

Internal MISP references

UUID 1ef76c14-f796-409a-9542-762f1e72f9b7 which can be used as unique global reference for Secureworks Emotet Nov 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-25T00:00:00Z
date_published 2018-11-19T00:00:00Z
source MITRE
title Lazy Passwords Become Rocket Fuel for Emotet SMB Spreader

MalwareBytes LazyScripter Feb 2021

Jazi, H. (2021, February). LazyScripter: From Empire to double RAT. Retrieved November 24, 2021.

Internal MISP references

UUID 078837a7-82cd-4e26-9135-43b612e911fe which can be used as unique global reference for MalwareBytes LazyScripter Feb 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-11-24T00:00:00Z
date_published 2021-02-01T00:00:00Z
source MITRE, Tidal Cyber
title LazyScripter: From Empire to double RAT

Ldifde.exe - LOLBAS Project

LOLBAS. (2022, August 31). Ldifde.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 45d41df9-328c-4ea3-b0fb-fc9f43bdabe5 which can be used as unique global reference for Ldifde.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-08-31T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Ldifde.exe

Ldifde Microsoft

Microsoft. (2016, August 31). Ldifde Microsoft. Retrieved July 11, 2023.

Internal MISP references

UUID c47ed0e0-f3e3-41de-9ea7-64fe4e343d9d which can be used as unique global reference for Ldifde Microsoft in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-11T00:00:00Z
date_published 2016-08-31T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Ldifde Microsoft

Symantec Leafminer July 2018

Symantec Security Response. (2018, July 25). Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions. Retrieved August 28, 2018.

Internal MISP references

UUID 01130af7-a2d4-435e-8790-49933e041451 which can be used as unique global reference for Symantec Leafminer July 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-28T00:00:00Z
date_published 2018-07-25T00:00:00Z
source MITRE, Tidal Cyber
title Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions

Proofpoint TA505 Mar 2018

Proofpoint Staff. (2018, March 7). Leaked Ammyy Admin Source Code Turned into Malware. Retrieved May 28, 2019.

Internal MISP references

UUID 44e48c77-59dd-4851-8455-893513b7cf45 which can be used as unique global reference for Proofpoint TA505 Mar 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-28T00:00:00Z
date_published 2018-03-07T00:00:00Z
source MITRE
title Leaked Ammyy Admin Source Code Turned into Malware

Microsoft Purview Data Loss Prevention

Microsoft. (2024, January 9). Learn about data loss prevention. Retrieved March 4, 2024.

Internal MISP references

UUID 0d8044c0-27ac-51bc-b08f-14ab352ed0b6 which can be used as unique global reference for Microsoft Purview Data Loss Prevention in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-04T00:00:00Z
date_published 2024-01-09T00:00:00Z
source MITRE
title Learn about data loss prevention

Medium DnsTunneling

Galobardes, R. (2018, October 30). Learn how easy is to bypass firewalls using DNS tunneling (and also how to block it). Retrieved March 15, 2020.

Internal MISP references

UUID f31de733-406c-4348-b3fe-bdc30d707277 which can be used as unique global reference for Medium DnsTunneling in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-15T00:00:00Z
date_published 2018-10-30T00:00:00Z
source MITRE
title Learn how easy is to bypass firewalls using DNS tunneling (and also how to block it)

Learn XPC Exploitation

Wojciech Reguła. (2020, June 29). Learn XPC exploitation. Retrieved October 12, 2021.

Internal MISP references

UUID da995792-b78b-4db5-85d8-99fda96c6826 which can be used as unique global reference for Learn XPC Exploitation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-12T00:00:00Z
date_published 2020-06-29T00:00:00Z
source MITRE
title Learn XPC exploitation

ClearSky Lebanese Cedar Jan 2021

ClearSky Cyber Security. (2021, January). “Lebanese Cedar” APT Global Lebanese Espionage Campaign Leveraging Web Servers. Retrieved February 10, 2021.

Internal MISP references

UUID 53944d48-caa9-4912-b42d-94a3789ed15b which can be used as unique global reference for ClearSky Lebanese Cedar Jan 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-10T00:00:00Z
date_published 2021-01-01T00:00:00Z
source MITRE
title “Lebanese Cedar” APT Global Lebanese Espionage Campaign Leveraging Web Servers

Mandiant UNC3313 Feb 2022

Tomcik, R. et al. (2022, February 24). Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity. Retrieved August 18, 2022.

Internal MISP references

UUID ac1a1262-1254-4ab2-a940-2d08b6558e9e which can be used as unique global reference for Mandiant UNC3313 Feb 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-18T00:00:00Z
date_published 2022-02-24T00:00:00Z
source MITRE
title Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity

LemonDuck

Manoj Ahuje. (2022, April 21). LemonDuck Targets Docker for Cryptomining Operations. Retrieved June 30, 2022.

Internal MISP references

UUID 3a7ea56a-3b19-4b69-a206-6eb7c4ae609d which can be used as unique global reference for LemonDuck in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-30T00:00:00Z
date_published 2022-04-21T00:00:00Z
source MITRE
title LemonDuck Targets Docker for Cryptomining Operations

Twitter Leoloobeek Scheduled Task

Loobeek, L. (2017, December 8). leoloobeek Status. Retrieved December 12, 2017.

Internal MISP references

UUID efdbaba5-1713-4ae1-bb82-4b4706f03b87 which can be used as unique global reference for Twitter Leoloobeek Scheduled Task in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-12T00:00:00Z
date_published 2017-12-08T00:00:00Z
source MITRE
title leoloobeek Status

TLDRSec AWS Attacks

Clint Gibler and Scott Piper. (2021, January 4). Lesser Known Techniques for Attacking AWS Environments. Retrieved March 4, 2024.

Internal MISP references

UUID b8de9dd2-3c57-5417-a24f-0260dff6afc6 which can be used as unique global reference for TLDRSec AWS Attacks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-04T00:00:00Z
date_published 2021-01-04T00:00:00Z
source MITRE
title Lesser Known Techniques for Attacking AWS Environments

Let's Encrypt FAQ

Let's Encrypt. (2020, April 23). Let's Encrypt FAQ. Retrieved October 15, 2020.

Internal MISP references

UUID 96e1ccb9-bd5c-4716-8848-4c30e6eac4ad which can be used as unique global reference for Let's Encrypt FAQ in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-15T00:00:00Z
date_published 2020-04-23T00:00:00Z
source MITRE
title Let's Encrypt FAQ

OSX Malware Detection

Patrick Wardle. (2016, February 29). Let's Play Doctor: Practical OS X Malware Detection & Analysis. Retrieved July 10, 2017.

Internal MISP references

UUID 0df0e28a-3c0b-4418-9f5a-77fffe37ac8a which can be used as unique global reference for OSX Malware Detection in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-10T00:00:00Z
date_published 2016-02-29T00:00:00Z
source MITRE
title Let's Play Doctor: Practical OS X Malware Detection & Analysis

xorrior emond Jan 2018

Ross, Chris. (2018, January 17). Leveraging Emond on macOS For Persistence. Retrieved September 10, 2019.

Internal MISP references

UUID b49649ec-28f0-4d30-ab6c-13b12fca36e8 which can be used as unique global reference for xorrior emond Jan 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-10T00:00:00Z
date_published 2018-01-17T00:00:00Z
source MITRE
title Leveraging Emond on macOS For Persistence

Cyberreason DCOM DDE Lateral Movement Nov 2017

Tsukerman, P. (2017, November 8). Leveraging Excel DDE for lateral movement via DCOM. Retrieved November 21, 2017.

Internal MISP references

UUID 6edb3d7d-6b74-4dc4-a866-b81b19810f97 which can be used as unique global reference for Cyberreason DCOM DDE Lateral Movement Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-21T00:00:00Z
date_published 2017-11-08T00:00:00Z
source MITRE
title Leveraging Excel DDE for lateral movement via DCOM

Proofpoint Leviathan Oct 2017

Axel F, Pierre T. (2017, October 16). Leviathan: Espionage actor spearphishes maritime and defense targets. Retrieved February 15, 2018.

Internal MISP references

UUID f8c2b67b-c097-4b48-8d95-266a45b7dd4d which can be used as unique global reference for Proofpoint Leviathan Oct 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-15T00:00:00Z
date_published 2017-10-16T00:00:00Z
source MITRE
title Leviathan: Espionage actor spearphishes maritime and defense targets

LIBC

Kerrisk, M. (2016, December 12). libc(7) — Linux manual page. Retrieved June 25, 2020.

Internal MISP references

UUID a3fe6ea5-c443-473a-bb13-b4fd8f4923fd which can be used as unique global reference for LIBC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-25T00:00:00Z
date_published 2016-12-12T00:00:00Z
source MITRE
title libc(7) — Linux manual page

libzip

D. Baron, T. Klausner. (2020). libzip. Retrieved February 20, 2020.

Internal MISP references

UUID e7008738-101c-4903-a9fc-b0bd28d66069 which can be used as unique global reference for libzip in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-20T00:00:00Z
date_published 2020-01-01T00:00:00Z
source MITRE
title libzip

Symantec Darkmoon Sept 2014

Payet, L. (2014, September 19). Life on Mars: How attackers took advantage of hope for alien existance in new Darkmoon campaign. Retrieved September 13, 2018.

Internal MISP references

UUID 3362a507-03c3-4236-b484-8144248b5cac which can be used as unique global reference for Symantec Darkmoon Sept 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-13T00:00:00Z
date_published 2014-09-19T00:00:00Z
source MITRE
title Life on Mars: How attackers took advantage of hope for alien existance in new Darkmoon campaign

Wikipedia LLMNR

Wikipedia. (2016, July 7). Link-Local Multicast Name Resolution. Retrieved November 17, 2017.

Internal MISP references

UUID e06d8b82-f61d-49fc-8120-b6d9e5864cc8 which can be used as unique global reference for Wikipedia LLMNR in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-17T00:00:00Z
date_published 2016-07-07T00:00:00Z
source MITRE
title Link-Local Multicast Name Resolution

IzyKnows auditd threat detection 2022

IzySec. (2022, January 26). Linux auditd for Threat Detection. Retrieved September 29, 2023.

Internal MISP references

UUID 8a2f5c37-df28-587e-81b8-4bf7bb796854 which can be used as unique global reference for IzyKnows auditd threat detection 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-29T00:00:00Z
date_published 2022-01-26T00:00:00Z
source MITRE
title Linux auditd for Threat Detection

Fysbis Dr Web Analysis

Doctor Web. (2014, November 21). Linux.BackDoor.Fysbis.1. Retrieved December 7, 2017.

Internal MISP references

UUID f1eb4818-fda6-46f2-9d5a-5469a5ed44fc which can be used as unique global reference for Fysbis Dr Web Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-07T00:00:00Z
date_published 2014-11-21T00:00:00Z
source MITRE
title Linux.BackDoor.Fysbis.1

GDSecurity Linux injection

McNamara, R. (2017, September 5). Linux Based Inter-Process Code Injection Without Ptrace(2). Retrieved December 20, 2017.

Internal MISP references

UUID 834966eb-d07a-42ea-83db-d6e71b39214c which can be used as unique global reference for GDSecurity Linux injection in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 2017-09-05T00:00:00Z
source MITRE
title Linux Based Inter-Process Code Injection Without Ptrace(2)

GDS Linux Injection

McNamara, R. (2017, September 5). Linux Based Inter-Process Code Injection Without Ptrace(2). Retrieved February 21, 2020.

Internal MISP references

UUID 3e7f5991-25b4-43e9-9f0b-a5c668fb0657 which can be used as unique global reference for GDS Linux Injection in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-21T00:00:00Z
date_published 2017-09-05T00:00:00Z
source MITRE
title Linux Based Inter-Process Code Injection Without Ptrace(2)

Linux/Cdorked.A We Live Security Analysis

Pierre-Marc Bureau. (2013, April 26). Linux/Cdorked.A: New Apache backdoor being used in the wild to serve Blackhole. Retrieved September 10, 2017.

Internal MISP references

UUID f76fce2e-2884-4b50-a7d7-55f08b84099c which can be used as unique global reference for Linux/Cdorked.A We Live Security Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-09-10T00:00:00Z
date_published 2013-04-26T00:00:00Z
source MITRE
title Linux/Cdorked.A: New Apache backdoor being used in the wild to serve Blackhole

Avast Linux Trojan Cron Persistence

Threat Intelligence Team. (2015, January 6). Linux DDoS Trojan hiding itself with an embedded rootkit. Retrieved January 8, 2018.

Internal MISP references

UUID 148fe0e1-8487-4d49-8966-f14e144372f5 which can be used as unique global reference for Avast Linux Trojan Cron Persistence in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-08T00:00:00Z
date_published 2015-01-06T00:00:00Z
source MITRE
title Linux DDoS Trojan hiding itself with an embedded rootkit

BH Linux Inject

Colgan, T. (2015, August 15). Linux-Inject. Retrieved February 21, 2020.

Internal MISP references

UUID bdbb2a83-fc3b-439f-896a-75bffada4d51 which can be used as unique global reference for BH Linux Inject in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-21T00:00:00Z
date_published 2015-08-15T00:00:00Z
source MITRE
title Linux-Inject

PAM Backdoor

zephrax. (2018, August 3). linux-pam-backdoor. Retrieved June 25, 2020.

Internal MISP references

UUID da1ffaf1-39f9-4516-8c04-4a4301e13585 which can be used as unique global reference for PAM Backdoor in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-25T00:00:00Z
date_published 2018-08-03T00:00:00Z
source MITRE
title linux-pam-backdoor

Linux Password and Shadow File Formats

The Linux Documentation Project. (n.d.). Linux Password and Shadow File Formats. Retrieved February 19, 2020.

Internal MISP references

UUID 7c574609-4b0d-44e7-adc3-8a3d67e10e9f which can be used as unique global reference for Linux Password and Shadow File Formats in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-19T00:00:00Z
source MITRE
title Linux Password and Shadow File Formats

nixCraft - John the Ripper

Vivek Gite. (2014, September 17). Linux Password Cracking: Explain unshadow and john Commands (John the Ripper Tool). Retrieved February 19, 2020.

Internal MISP references

UUID 5e093b21-8bbd-4ad4-9fe2-cbb04207f1d3 which can be used as unique global reference for nixCraft - John the Ripper in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-19T00:00:00Z
date_published 2014-09-17T00:00:00Z
source MITRE
title Linux Password Cracking: Explain unshadow and john Commands (John the Ripper Tool)

Polop Linux PrivEsc Gitbook

Carlos Polop. (2023, March 5). Linux Privilege Escalation. Retrieved March 31, 2023.

Internal MISP references

UUID a73a2819-61bd-5bd2-862d-5eeed344909f which can be used as unique global reference for Polop Linux PrivEsc Gitbook in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-31T00:00:00Z
date_published 2023-03-05T00:00:00Z
source MITRE
title Linux Privilege Escalation

setuid man page

Michael Kerrisk. (2017, September 15). Linux Programmer's Manual. Retrieved September 21, 2018.

Internal MISP references

UUID c07e9d6c-18f2-4246-a265-9bec7d833bba which can be used as unique global reference for setuid man page in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-21T00:00:00Z
date_published 2017-09-15T00:00:00Z
source MITRE
title Linux Programmer's Manual

Man LD.SO

Kerrisk, M. (2020, June 13). Linux Programmer's Manual. Retrieved June 15, 2020.

Internal MISP references

UUID a8a16cf6-0482-4e98-a39a-496491f985df which can be used as unique global reference for Man LD.SO in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-15T00:00:00Z
date_published 2020-06-13T00:00:00Z
source MITRE
title Linux Programmer's Manual

BleepingComputer 12 3 2023

Lawrence Abrams. (2023, December 3). Linux version of Qilin ransomware focuses on VMware ESXi. Retrieved January 10, 2024.

Internal MISP references

UUID 8cb73f97-0256-472d-88b7-92b6d63578fd which can be used as unique global reference for BleepingComputer 12 3 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-10T00:00:00Z
date_published 2023-12-03T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Linux version of Qilin ransomware focuses on VMware ESXi

Uninformed Needle

skape. (2003, January 19). Linux x86 run-time process manipulation. Retrieved December 20, 2017.

Internal MISP references

UUID 5ac2d917-756f-48d0-ab32-648b45a29083 which can be used as unique global reference for Uninformed Needle in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 2003-01-19T00:00:00Z
source MITRE
title Linux x86 run-time process manipulation

List Blobs

Microsoft - List Blobs. (n.d.). Retrieved October 4, 2021.

Internal MISP references

UUID f9aa697a-83dd-4bae-bc11-006be51ce477 which can be used as unique global reference for List Blobs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-04T00:00:00Z
source MITRE
title List Blobs

ListObjectsV2

Amazon - ListObjectsV2. Retrieved October 4, 2021.

Internal MISP references

UUID 727c2077-f922-4314-908a-356c42564181 which can be used as unique global reference for ListObjectsV2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-04T00:00:00Z
source MITRE
title ListObjectsV2

Wikipedia File Header Signatures

Wikipedia. (2016, March 31). List of file signatures. Retrieved April 22, 2016.

Internal MISP references

UUID 00de69c8-78b1-4de3-a4dc-f5be3dbca212 which can be used as unique global reference for Wikipedia File Header Signatures in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-22T00:00:00Z
date_published 2016-03-31T00:00:00Z
source MITRE
title List of file signatures

Wikipedia OSI

Wikipedia. (n.d.). List of network protocols (OSI model). Retrieved December 4, 2014.

Internal MISP references

UUID d1080030-12c7-4223-92ab-fb764acf111d which can be used as unique global reference for Wikipedia OSI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-04T00:00:00Z
source MITRE
title List of network protocols (OSI model)

AWS List Roles

Amazon. (n.d.). List Roles. Retrieved August 11, 2020.

Internal MISP references

UUID 42ff02f9-45d0-466b-a5fa-e19c8187b529 which can be used as unique global reference for AWS List Roles in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-11T00:00:00Z
source MITRE
title List Roles

Google Cloud Secrets

Google Cloud. (n.d.). List secrets and view secret details. Retrieved September 25, 2023.

Internal MISP references

UUID 4a9e631d-3588-5585-b00a-316a934e6009 which can be used as unique global reference for Google Cloud Secrets in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-25T00:00:00Z
source MITRE
title List secrets and view secret details

Peripheral Discovery Linux

Shahriar Shovon. (2018, March). List USB Devices Linux. Retrieved March 11, 2022.

Internal MISP references

UUID 427b3a1b-88ea-4027-bae6-7fb45490b81d which can be used as unique global reference for Peripheral Discovery Linux in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-11T00:00:00Z
date_published 2018-03-01T00:00:00Z
source MITRE
title List USB Devices Linux

AWS List Users

Amazon. (n.d.). List Users. Retrieved August 11, 2020.

Internal MISP references

UUID 517e3d27-36da-4810-b256-3f47147b36e3 which can be used as unique global reference for AWS List Users in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-11T00:00:00Z
source MITRE
title List Users

Sophos PowerShell command audit

jak. (2020, June 27). Live Discover - PowerShell command audit. Retrieved August 21, 2020.

Internal MISP references

UUID 441f289c-7fdc-4cf1-9379-960be75c7202 which can be used as unique global reference for Sophos PowerShell command audit in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-21T00:00:00Z
date_published 2020-06-27T00:00:00Z
source MITRE
title Live Discover - PowerShell command audit

Dell TG-1314

Dell SecureWorks Counter Threat Unit Special Operations Team. (2015, May 28). Living off the Land. Retrieved January 26, 2016.

Internal MISP references

UUID 79fc7568-b6ff-460b-9200-56d7909ed157 which can be used as unique global reference for Dell TG-1314 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-26T00:00:00Z
date_published 2015-05-28T00:00:00Z
source MITRE, Tidal Cyber
title Living off the Land

Symantec Living off the Land

Wueest, C., Anand, H. (2017, July). Living off the land and fileless attack techniques. Retrieved April 10, 2018.

Internal MISP references

UUID 4bad4659-f501-4eb6-b3ca-0359e3ba824e which can be used as unique global reference for Symantec Living off the Land in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-10T00:00:00Z
date_published 2017-07-01T00:00:00Z
source MITRE
title Living off the land and fileless attack techniques

LOLBAS Main Site

LOLBAS. (n.d.). Living Off The Land Binaries and Scripts (and also Libraries). Retrieved February 10, 2020.

Internal MISP references

UUID 615f6fa5-3059-49fc-9fa4-5ca0aeff4331 which can be used as unique global reference for LOLBAS Main Site in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-10T00:00:00Z
source MITRE
title Living Off The Land Binaries and Scripts (and also Libraries)

LOLBAS Project

Oddvar Moe et al. (2022, February). Living Off The Land Binaries, Scripts and Libraries. Retrieved March 7, 2022.

Internal MISP references

UUID 14b1d3ab-8508-4946-9913-17e667956064 which can be used as unique global reference for LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-07T00:00:00Z
date_published 2022-02-01T00:00:00Z
source MITRE
title Living Off The Land Binaries, Scripts and Libraries

FireEye 2019 Apple Remote Desktop

Jake Nicastro, Willi Ballenthin. (2019, October 9). Living off the Orchard: Leveraging Apple Remote Desktop for Good and Evil. Retrieved August 16, 2021.

Internal MISP references

UUID bbc72952-988e-4c3c-ab5e-75b64e9e33f5 which can be used as unique global reference for FireEye 2019 Apple Remote Desktop in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-16T00:00:00Z
date_published 2019-10-09T00:00:00Z
source MITRE
title Living off the Orchard: Leveraging Apple Remote Desktop for Good and Evil

LKM loading kernel restrictions

Pingios, A.. (2018, February 7). LKM loading kernel restrictions. Retrieved June 4, 2020.

Internal MISP references

UUID 10ccae99-c6f5-4b83-89c9-06a9e35280fc which can be used as unique global reference for LKM loading kernel restrictions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-04T00:00:00Z
date_published 2018-02-07T00:00:00Z
source MITRE
title LKM loading kernel restrictions

Rapid7 LLMNR Spoofer

Francois, R. (n.d.). LLMNR Spoofer. Retrieved November 17, 2017.

Internal MISP references

UUID 229b04b6-98ca-4e6f-9917-a26cfe0a7f0d which can be used as unique global reference for Rapid7 LLMNR Spoofer in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-17T00:00:00Z
source MITRE
title LLMNR Spoofer

Wikipedia Loadable Kernel Module

Wikipedia. (2018, March 17). Loadable kernel module. Retrieved April 9, 2018.

Internal MISP references

UUID e6d9f967-4f45-44d2-8a19-69741745f917 which can be used as unique global reference for Wikipedia Loadable Kernel Module in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-09T00:00:00Z
date_published 2018-03-17T00:00:00Z
source MITRE
title Loadable kernel module

Microsoft LoadLibrary

Microsoft. (2018, December 5). LoadLibraryA function (libloaderapi.h). Retrieved September 28, 2021.

Internal MISP references

UUID dfaf5bfa-61a7-45f8-a50e-0d8bc6cb2189 which can be used as unique global reference for Microsoft LoadLibrary in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-28T00:00:00Z
date_published 2018-12-05T00:00:00Z
source MITRE
title LoadLibraryA function (libloaderapi.h)

Microsoft Local Accounts Feb 2019

Microsoft. (2018, December 9). Local Accounts. Retrieved February 11, 2019.

Internal MISP references

UUID 6ae7487c-cb61-4f10-825f-4ef9ef050b7c which can be used as unique global reference for Microsoft Local Accounts Feb 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-11T00:00:00Z
date_published 2018-12-09T00:00:00Z
source MITRE
title Local Accounts

Sternsecurity LLMNR-NBTNS

Sternstein, J. (2013, November). Local Network Attacks: LLMNR and NBT-NS Poisoning. Retrieved November 17, 2017.

Internal MISP references

UUID 422a6043-78c2-43ef-8e87-7d7a8878f94a which can be used as unique global reference for Sternsecurity LLMNR-NBTNS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-17T00:00:00Z
date_published 2013-11-01T00:00:00Z
source MITRE
title Local Network Attacks: LLMNR and NBT-NS Poisoning

Sophos Geolocation 2016

Wisniewski, C. (2016, May 3). Location-based threats: How cybercriminals target you based on where you live. Retrieved April 1, 2021.

Internal MISP references

UUID a3b7540d-20cc-4d94-8321-9fd730486f8c which can be used as unique global reference for Sophos Geolocation 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-01T00:00:00Z
date_published 2016-05-03T00:00:00Z
source MITRE
title Location-based threats: How cybercriminals target you based on where you live

ASEC BLOG November 08 2022

Sanseo. (2022, November 8). LockBit 3.0 Being Distributed via Amadey Bot - ASEC BLOG. Retrieved May 15, 2023.

Internal MISP references

UUID 36144a43-ccac-4380-8595-76116dcb6706 which can be used as unique global reference for ASEC BLOG November 08 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-15T00:00:00Z
date_published 2022-11-08T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title LockBit 3.0 Being Distributed via Amadey Bot - ASEC BLOG

VMWare LockBit 3.0 October 2022

Dana Behling. (2022, October 15). LockBit 3.0 Ransomware Unlocked. Retrieved May 19, 2023.

Internal MISP references

UUID b625f291-0152-468c-a130-ec8fb0c6ad21 which can be used as unique global reference for VMWare LockBit 3.0 October 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-19T00:00:00Z
date_published 2022-10-15T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title LockBit 3.0 Ransomware Unlocked

Sentinel Labs LockBit 3.0 July 2022

Jim Walter, Aleksandar Milenkoski. (2022, July 21). LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques. Retrieved May 19, 2023.

Internal MISP references

UUID 9a73b140-b483-4274-a134-ed1bb15ac31c which can be used as unique global reference for Sentinel Labs LockBit 3.0 July 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-19T00:00:00Z
date_published 2022-07-21T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title LockBit 3.0 Update

Cyble LockBit 3.0 July 2022

Cybleinc. (2022, July 5). Lockbit 3.0 –  Ransomware group launches new version. Retrieved May 19, 2023.

Internal MISP references

UUID 9b9bd080-e727-4c41-bb2a-abff48b0fedc which can be used as unique global reference for Cyble LockBit 3.0 July 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-19T00:00:00Z
date_published 2022-07-05T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Lockbit 3.0 –  Ransomware group launches new version

Cary Esentutl

Cary, M. (2018, December 6). Locked File Access Using ESENTUTL.exe. Retrieved September 5, 2019.

Internal MISP references

UUID aa1211c6-e490-444a-8aab-7626e0700dd0 which can be used as unique global reference for Cary Esentutl in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-05T00:00:00Z
date_published 2018-12-06T00:00:00Z
source MITRE
title Locked File Access Using ESENTUTL.exe

Group IB Ransomware September 2020

Group IB. (2020, September). LOCK LIKE A PRO. Retrieved September 27, 2021.

Internal MISP references

UUID 52d0e16f-9a20-442f-9a17-686e51d7e32b which can be used as unique global reference for Group IB Ransomware September 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-27T00:00:00Z
date_published 2020-09-01T00:00:00Z
source MITRE
title LOCK LIKE A PRO

AWS Cloud Trail Backup API

Amazon. (2020). Logging AWS Backup API Calls with AWS CloudTrail. Retrieved April 27, 2020.

Internal MISP references

UUID 17222170-5454-4a7d-804b-23753ec841eb which can be used as unique global reference for AWS Cloud Trail Backup API in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-04-27T00:00:00Z
date_published 2020-01-01T00:00:00Z
source MITRE
title Logging AWS Backup API Calls with AWS CloudTrail

AWS Logging IAM Calls

AWS. (n.d.). Logging IAM and AWS STS API calls with AWS CloudTrail. Retrieved April 1, 2022.

Internal MISP references

UUID 2aa0682b-f553-4c2b-ae9e-112310bcb8d0 which can be used as unique global reference for AWS Logging IAM Calls in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-01T00:00:00Z
source MITRE
title Logging IAM and AWS STS API calls with AWS CloudTrail

Login Items AE

Apple. (n.d.). Login Items AE. Retrieved October 4, 2021.

Internal MISP references

UUID d15943dd-d11c-4af2-a3ac-9ebe168a7526 which can be used as unique global reference for Login Items AE in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-04T00:00:00Z
source MITRE
title Login Items AE

LoginWindowScripts Apple Dev

Apple. (n.d.). LoginWindowScripts. Retrieved April 1, 2022.

Internal MISP references

UUID 340eb8df-cc22-4b59-8dca-32ec52fd6818 which can be used as unique global reference for LoginWindowScripts Apple Dev in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-01T00:00:00Z
source MITRE
title LoginWindowScripts

LogMeIn Homepage

LogMeIn. (n.d.). LogMeIn Homepage. Retrieved November 16, 2023.

Internal MISP references

UUID e113b544-82ad-4099-ab4e-7fc8b78f54bd which can be used as unique global reference for LogMeIn Homepage in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title LogMeIn Homepage

LogonUserW function

Microsoft. (2023, March 10). LogonUserW function (winbase.h). Retrieved January 8, 2024.

Internal MISP references

UUID bf8cce5c-be5e-59c7-9ff2-e478f30ce712 which can be used as unique global reference for LogonUserW function in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-08T00:00:00Z
date_published 2023-03-10T00:00:00Z
source MITRE
title LogonUserW function (winbase.h)

ESET LoJax Sept 2018

ESET. (2018, September). LOJAX First UEFI rootkit found in the wild, courtesy of the Sednit group. Retrieved July 2, 2019.

Internal MISP references

UUID bb938fea-2b2e-41d3-a55c-40ea34c00d21 which can be used as unique global reference for ESET LoJax Sept 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-02T00:00:00Z
date_published 2018-09-01T00:00:00Z
source MITRE
title LOJAX First UEFI rootkit found in the wild, courtesy of the Sednit group

Morphisec Lokibot April 2020

Cheruku, H. (2020, April 15). LOKIBOT WITH AUTOIT OBFUSCATOR + FRENCHY SHELLCODE. Retrieved May 14, 2020.

Internal MISP references

UUID e938bab1-7dc1-4a78-b1e2-ab2aa0a83eb0 which can be used as unique global reference for Morphisec Lokibot April 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-14T00:00:00Z
date_published 2020-04-15T00:00:00Z
source MITRE
title LOKIBOT WITH AUTOIT OBFUSCATOR + FRENCHY SHELLCODE

t1105_lolbas

LOLBAS. (n.d.). LOLBAS Mapped to T1105. Retrieved March 11, 2022.

Internal MISP references

UUID 80e649f5-6c74-4d66-a452-4f4cd51501da which can be used as unique global reference for t1105_lolbas in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-11T00:00:00Z
source MITRE
title LOLBAS Mapped to T1105

Lolbin Ssh.exe Use As Proxy

frack113, Nasreddine Bencherchali. (2023, January 26). Lolbin Ssh.exe Use As Proxy. Retrieved May 25, 2023.

Internal MISP references

UUID c7af164d-549d-44de-b491-542ef2eb4334 which can be used as unique global reference for Lolbin Ssh.exe Use As Proxy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-25T00:00:00Z
date_published 2023-01-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Lolbin Ssh.exe Use As Proxy

Qualys LolZarus

Pradhan, A. (2022, February 8). LolZarus: Lazarus Group Incorporating Lolbins into Campaigns. Retrieved March 22, 2022.

Internal MISP references

UUID 784f1f5a-f7f2-45e8-84bd-b600f2b74b33 which can be used as unique global reference for Qualys LolZarus in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-22T00:00:00Z
date_published 2022-02-08T00:00:00Z
source MITRE
title LolZarus: Lazarus Group Incorporating Lolbins into Campaigns

Bitdefender Trickbot C2 infra Nov 2020

Liviu Arsene, Radu Tudorica. (2020, November 23). TrickBot is Dead. Long Live TrickBot!. Retrieved September 28, 2021.

Internal MISP references

UUID 1a281862-efc8-4566-8d06-ba463e22225d which can be used as unique global reference for Bitdefender Trickbot C2 infra Nov 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-28T00:00:00Z
source MITRE
title Long Live TrickBot!

Proofpoint LookBack Malware Aug 2019

Raggi, M. Schwarz, D.. (2019, August 1). LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards. Retrieved February 25, 2021.

Internal MISP references

UUID 77887f82-7815-4a91-8c8a-f77dc8a9ba53 which can be used as unique global reference for Proofpoint LookBack Malware Aug 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-25T00:00:00Z
date_published 2019-08-01T00:00:00Z
source MITRE
title LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards

Fidelis DarkComet

Fidelis Cybersecurity. (2015, August 4). Looking at the Sky for a DarkComet. Retrieved April 5, 2016.

Internal MISP references

UUID 6043b34d-dec3-415b-8329-05f698f320e3 which can be used as unique global reference for Fidelis DarkComet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-05T00:00:00Z
date_published 2015-08-04T00:00:00Z
source MITRE
title Looking at the Sky for a DarkComet

BlackHat Process Doppelgänging Dec 2017

Liberman, T. & Kogan, E. (2017, December 7). Lost in Transaction: Process Doppelgänging. Retrieved December 20, 2017.

Internal MISP references

UUID b0752c3a-1777-4209-938d-5382de6a49f5 which can be used as unique global reference for BlackHat Process Doppelgänging Dec 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 2017-12-07T00:00:00Z
source MITRE
title Lost in Transaction: Process Doppelgänging

ESET LoudMiner June 2019

Malik, M. (2019, June 20). LoudMiner: Cross-platform mining in cracked VST software. Retrieved May 18, 2020.

Internal MISP references

UUID f1e4ff9e-cb6c-46cc-898e-5f170bb5f634 which can be used as unique global reference for ESET LoudMiner June 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-18T00:00:00Z
date_published 2019-06-20T00:00:00Z
source MITRE
title LoudMiner: Cross-platform mining in cracked VST software

GitHub Mimikatz Issue 92 June 2017

Warren, J. (2017, June 22). lsadump::changentlm and lsadump::setntlm work, but generate Windows events #92. Retrieved December 4, 2017.

Internal MISP references

UUID 099c3492-1813-4874-9901-e24b081f7e12 which can be used as unique global reference for GitHub Mimikatz Issue 92 June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-04T00:00:00Z
date_published 2017-06-22T00:00:00Z
source MITRE
title lsadump::changentlm and lsadump::setntlm work, but generate Windows events #92

Deep Instinct LSASS

Gilboa, A. (2021, February 16). LSASS Memory Dumps are Stealthier than Ever Before - Part 2. Retrieved December 27, 2023.

Internal MISP references

UUID 4a37ea4e-c512-5e41-8e4e-27911b3a4617 which can be used as unique global reference for Deep Instinct LSASS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-27T00:00:00Z
date_published 2021-02-16T00:00:00Z
source MITRE
title LSASS Memory Dumps are Stealthier than Ever Before - Part 2

lsmod man

Kerrisk, M. (2022, December 18). lsmod(8) — Linux manual page. Retrieved March 28, 2023.

Internal MISP references

UUID c2f88274-9da4-5d24-b68d-302ee5990dd5 which can be used as unique global reference for lsmod man in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-28T00:00:00Z
date_published 2022-12-18T00:00:00Z
source MITRE
title lsmod(8) — Linux manual page

Unit 42 Lucifer June 2020

Hsu, K. et al. (2020, June 24). Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices. Retrieved November 16, 2020.

Internal MISP references

UUID 3977a87a-2eab-4a67-82b2-10c9dc7e4554 which can be used as unique global reference for Unit 42 Lucifer June 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-16T00:00:00Z
date_published 2020-06-24T00:00:00Z
source MITRE
title Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices

Securelist LuckyMouse June 2018

Legezo, D. (2018, June 13). LuckyMouse hits national data center to organize country-level waterholing campaign. Retrieved August 18, 2018.

Internal MISP references

UUID f974708b-598c-46a9-aac9-c5fbdd116c2a which can be used as unique global reference for Securelist LuckyMouse June 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-18T00:00:00Z
date_published 2018-06-13T00:00:00Z
source MITRE
title LuckyMouse hits national data center to organize country-level waterholing campaign

lucr-3: Getting SaaS-y in the cloud

Ian Ahl. (2023, September 20). LUCR-3: Scattered Spider Getting SaaS-y In The Cloud. Retrieved September 20, 2023.

Internal MISP references

UUID 033e7c95-cded-5e51-9a9f-1c6038b0509f which can be used as unique global reference for lucr-3: Getting SaaS-y in the cloud in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-20T00:00:00Z
date_published 2023-09-20T00:00:00Z
source MITRE
title LUCR-3: Scattered Spider Getting SaaS-y In The Cloud

Permiso Scattered Spider 2023

Ian Ahl. (2023, September 20). LUCR-3: SCATTERED SPIDER GETTING SAAS-Y IN THE CLOUD. Retrieved September 25, 2023.

Internal MISP references

UUID 020b97ab-466d-52e6-b1f1-6f9f8ffdabf0 which can be used as unique global reference for Permiso Scattered Spider 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-25T00:00:00Z
date_published 2023-09-20T00:00:00Z
source MITRE
title LUCR-3: SCATTERED SPIDER GETTING SAAS-Y IN THE CLOUD

Kaspersky LuminousMoth July 2021

Lechtik, M, and etl. (2021, July 14). LuminousMoth APT: Sweeping attacks for the chosen few. Retrieved October 20, 2022.

Internal MISP references

UUID e21c6931-fba8-52b0-b6f0-1c8222881fbd which can be used as unique global reference for Kaspersky LuminousMoth July 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-10-20T00:00:00Z
date_published 2021-07-14T00:00:00Z
source MITRE
title LuminousMoth APT: Sweeping attacks for the chosen few

Bitdefender LuminousMoth July 2021

Botezatu, B and etl. (2021, July 21). LuminousMoth - PlugX, File Exfiltration and Persistence Revisited. Retrieved October 20, 2022.

Internal MISP references

UUID 6b1ce8bb-4e77-59f3-87ff-78f4a1a10ad3 which can be used as unique global reference for Bitdefender LuminousMoth July 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-10-20T00:00:00Z
date_published 2021-07-21T00:00:00Z
source MITRE
title LuminousMoth - PlugX, File Exfiltration and Persistence Revisited

Unit42 Luna Moth

Kristopher Russo. (n.d.). Luna Moth Callback Phishing Campaign. Retrieved February 2, 2023.

Internal MISP references

UUID ec52bcc9-6a56-5b94-8534-23c8e7ce740f which can be used as unique global reference for Unit42 Luna Moth in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-02T00:00:00Z
source MITRE
title Luna Moth Callback Phishing Campaign

sygnia Luna Month

Oren Biderman, Tomer Lahiyani, Noam Lifshitz, Ori Porag. (n.d.). LUNA MOTH: THE THREAT ACTORS BEHIND RECENT FALSE SUBSCRIPTION SCAMS. Retrieved February 2, 2023.

Internal MISP references

UUID 3e1c2a64-8446-538d-a148-2de87991955a which can be used as unique global reference for sygnia Luna Month in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-02T00:00:00Z
source MITRE
title LUNA MOTH: THE THREAT ACTORS BEHIND RECENT FALSE SUBSCRIPTION SCAMS

Zscaler Lyceum DnsSystem June 2022

Shivtarkar, N. and Kumar, A. (2022, June 9). Lyceum .NET DNS Backdoor. Retrieved June 23, 2022.

Internal MISP references

UUID eb78de14-8044-4466-8954-9ca44a17e895 which can be used as unique global reference for Zscaler Lyceum DnsSystem June 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-23T00:00:00Z
date_published 2022-06-09T00:00:00Z
source MITRE
title Lyceum .NET DNS Backdoor

Kaspersky Lyceum October 2021

Kayal, A. et al. (2021, October). LYCEUM REBORN: COUNTERINTELLIGENCE IN THE MIDDLE EAST. Retrieved June 14, 2022.

Internal MISP references

UUID b3d13a82-c24e-4b47-b47a-7221ad449859 which can be used as unique global reference for Kaspersky Lyceum October 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-14T00:00:00Z
date_published 2021-10-01T00:00:00Z
source MITRE
title LYCEUM REBORN: COUNTERINTELLIGENCE IN THE MIDDLE EAST

SecureWorks August 2019

SecureWorks. (2019, August 27). LYCEUM Takes Center Stage in Middle East Campaign. Retrieved November 11, 2019

Internal MISP references

UUID 573edbb6-687b-4bc2-bc4a-764a548633b5 which can be used as unique global reference for SecureWorks August 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-11-11T00:00:00Z
date_published 2019-08-27T00:00:00Z
source MITRE
title LYCEUM Takes Center Stage in Middle East Campaign

CoinTicker 2019

Thomas Reed. (2018, October 29). Mac cryptocurrency ticker app installs backdoors. Retrieved April 23, 2019.

Internal MISP references

UUID 99c53143-6f93-44c9-a874-c1b9e4506fb4 which can be used as unique global reference for CoinTicker 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-23T00:00:00Z
date_published 2018-10-29T00:00:00Z
source MITRE
title Mac cryptocurrency ticker app installs backdoors

ESET Machete July 2019

ESET. (2019, July). MACHETE JUST GOT SHARPER Venezuelan government institutions under attack. Retrieved September 13, 2019.

Internal MISP references

UUID 408d5e33-fcb6-4d21-8be9-7aa5a8bd3385 which can be used as unique global reference for ESET Machete July 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-13T00:00:00Z
date_published 2019-07-01T00:00:00Z
source MITRE, Tidal Cyber
title MACHETE JUST GOT SHARPER Venezuelan government institutions under attack

synack 2016 review

Patrick Wardle. (2017, January 1). Mac Malware of 2016. Retrieved September 21, 2018.

Internal MISP references

UUID 9845ef95-bcc5-4430-8008-1e4a28e13c33 which can be used as unique global reference for synack 2016 review in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-21T00:00:00Z
date_published 2017-01-01T00:00:00Z
source MITRE
title Mac Malware of 2016

objsee mac malware 2017

Patrick Wardle. (n.d.). Mac Malware of 2017. Retrieved September 21, 2018.

Internal MISP references

UUID 08227ae5-4086-4c31-83d9-459c3a097754 which can be used as unique global reference for objsee mac malware 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-21T00:00:00Z
source MITRE
title Mac Malware of 2017

Unit42 CookieMiner Jan 2019

Chen, y., et al. (2019, January 31). Mac Malware Steals Cryptocurrency Exchanges’ Cookies. Retrieved July 22, 2020.

Internal MISP references

UUID 4605c51d-b36e-4c29-abda-2a97829f6019 which can be used as unique global reference for Unit42 CookieMiner Jan 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-22T00:00:00Z
date_published 2019-01-31T00:00:00Z
source MITRE
title Mac Malware Steals Cryptocurrency Exchanges’ Cookies

Unit 42 Mac Crypto Cookies January 2019

Chen, Y., Hu, W., Xu, Z., et. al. (2019, January 31). Mac Malware Steals Cryptocurrency Exchanges’ Cookies. Retrieved October 14, 2019.

Internal MISP references

UUID 0a88e730-8ed2-4983-8f11-2cb2e4abfe3e which can be used as unique global reference for Unit 42 Mac Crypto Cookies January 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-14T00:00:00Z
date_published 2019-01-31T00:00:00Z
source MITRE
title Mac Malware Steals Cryptocurrency Exchanges’ Cookies

MacKeeper Bundlore Apr 2019

Sushko, O. (2019, April 17). macOS Bundlore: Mac Virus Bypassing macOS Security Features. Retrieved June 30, 2020.

Internal MISP references

UUID 4d631c9a-4fd5-43a4-8b78-4219bd371e87 which can be used as unique global reference for MacKeeper Bundlore Apr 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-30T00:00:00Z
date_published 2019-04-17T00:00:00Z
source MITRE
title macOS Bundlore: Mac Virus Bypassing macOS Security Features

MalwareUnicorn macOS Dylib Injection MachO

Amanda Rousseau. (2020, April 4). MacOS Dylib Injection Workshop. Retrieved March 29, 2021.

Internal MISP references

UUID 61aae3a4-317e-4117-a02a-27885709fb07 which can be used as unique global reference for MalwareUnicorn macOS Dylib Injection MachO in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-29T00:00:00Z
date_published 2020-04-04T00:00:00Z
source MITRE
title MacOS Dylib Injection Workshop

macOS Hierarchical File System Overview

Tenon. (n.d.). Retrieved October 12, 2021.

Internal MISP references

UUID 4b8b110a-fc40-4094-a70d-15530bc05fec which can be used as unique global reference for macOS Hierarchical File System Overview in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-12T00:00:00Z
source MITRE
title macOS Hierarchical File System Overview

Add List Remove Login Items Apple Script

kaloprominat. (2013, July 30). macos: manage add list remove login items apple script. Retrieved October 5, 2021.

Internal MISP references

UUID 13773d75-6fc1-4289-bf45-6ee147279052 which can be used as unique global reference for Add List Remove Login Items Apple Script in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-05T00:00:00Z
date_published 2013-07-30T00:00:00Z
source MITRE
title macos: manage add list remove login items apple script

SentinelOne 9 11 2023

Phil Stokes. (2023, September 11). macOS MetaStealer . Retrieved January 1, 2024.

Internal MISP references

UUID 0d015be9-34ba-4c59-9cea-80b76ee89dd0 which can be used as unique global reference for SentinelOne 9 11 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-01T00:00:00Z
date_published 2023-09-11T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title macOS MetaStealer

macOS MS office sandbox escape

Cedric Owens. (2021, May 22). macOS MS Office Sandbox Brain Dump. Retrieved August 20, 2021.

Internal MISP references

UUID 759e81c1-a250-440e-8b52-178bcf5451b9 which can be used as unique global reference for macOS MS office sandbox escape in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-20T00:00:00Z
date_published 2021-05-22T00:00:00Z
source MITRE
title macOS MS Office Sandbox Brain Dump

MDSec macOS JXA and VSCode

Dominic Chell. (2021, January 1). macOS Post-Exploitation Shenanigans with VSCode Extensions. Retrieved April 20, 2021.

Internal MISP references

UUID 979cac34-d447-4e42-b17e-8ab2630bcfec which can be used as unique global reference for MDSec macOS JXA and VSCode in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-20T00:00:00Z
date_published 2021-01-01T00:00:00Z
source MITRE
title macOS Post-Exploitation Shenanigans with VSCode Extensions

SentinelOne macOS Red Team

Phil Stokes. (2019, December 5). macOS Red Team: Calling Apple APIs Without Building Binaries. Retrieved July 17, 2020.

Internal MISP references

UUID 4b05bd7c-22a3-4168-850c-8168700b17ba which can be used as unique global reference for SentinelOne macOS Red Team in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-17T00:00:00Z
date_published 2019-12-05T00:00:00Z
source MITRE
title macOS Red Team: Calling Apple APIs Without Building Binaries

Lockboxx ARD 2019

Dan Borges. (2019, July 21). MacOS Red Teaming 206: ARD (Apple Remote Desktop Protocol). Retrieved September 10, 2021.

Internal MISP references

UUID 159f8495-5354-4b93-84cb-a25e56fcff3e which can be used as unique global reference for Lockboxx ARD 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-10T00:00:00Z
date_published 2019-07-21T00:00:00Z
source MITRE
title MacOS Red Teaming 206: ARD (Apple Remote Desktop Protocol)

nixCraft macOS PATH variables

Vivek Gite. (2023, August 22). MacOS – Set / Change $PATH Variable Command. Retrieved September 28, 2023.

Internal MISP references

UUID 83daecf1-8708-56da-aaad-1e7e95c4ea43 which can be used as unique global reference for nixCraft macOS PATH variables in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-28T00:00:00Z
date_published 2023-08-22T00:00:00Z
source MITRE
title MacOS – Set / Change $PATH Variable Command

SensePost MacroLess DDE Oct 2017

Stalmans, E., El-Sherei, S. (2017, October 9). Macro-less Code Exec in MSWord. Retrieved November 21, 2017.

Internal MISP references

UUID 1036fbbb-f731-458a-b38c-42431612c0ad which can be used as unique global reference for SensePost MacroLess DDE Oct 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-21T00:00:00Z
date_published 2017-10-09T00:00:00Z
source MITRE
title Macro-less Code Exec in MSWord

Macro Malware Targets Macs

Yerko Grbic. (2017, February 14). Macro Malware Targets Macs. Retrieved July 8, 2017.

Internal MISP references

UUID d63f3f6a-4486-48a4-b2f8-c2a8d571731a which can be used as unique global reference for Macro Malware Targets Macs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-08T00:00:00Z
date_published 2017-02-14T00:00:00Z
source MITRE
title Macro Malware Targets Macs

alientvault macspy

PETER EWANE. (2017, June 9). MacSpy: OS X RAT as a Service. Retrieved September 21, 2018.

Internal MISP references

UUID 80bb8646-1eb0-442a-aa51-ee3efaf75915 which can be used as unique global reference for alientvault macspy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-21T00:00:00Z
date_published 2017-06-09T00:00:00Z
source MITRE
title MacSpy: OS X RAT as a Service

Reed thiefquest fake ransom

Thomas Reed. (2020, July 7). Mac ThiefQuest malware may not be ransomware after all. Retrieved March 18, 2021.

Internal MISP references

UUID b265ef93-c1fb-440d-a9e0-89cf25a3de05 which can be used as unique global reference for Reed thiefquest fake ransom in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-18T00:00:00Z
date_published 2020-07-07T00:00:00Z
source MITRE
title Mac ThiefQuest malware may not be ransomware after all

reed thiefquest ransomware analysis

Thomas Reed. (2020, July 7). Mac ThiefQuest malware may not be ransomware after all. Retrieved March 22, 2021.

Internal MISP references

UUID 47b49df4-34f1-4a89-9983-e8bc19aadf8c which can be used as unique global reference for reed thiefquest ransomware analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-22T00:00:00Z
date_published 2020-07-07T00:00:00Z
source MITRE
title Mac ThiefQuest malware may not be ransomware after all

Malwarebytes 9 6 2023

Jerome Segura. (2023, September 6). Mac users targeted in new malvertising campaign delivering Atomic Stealer. Retrieved April 19, 2024.

Internal MISP references

UUID 5f2f6a12-26c5-4c74-98ad-48b67379a716 which can be used as unique global reference for Malwarebytes 9 6 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-19T00:00:00Z
date_published 2023-09-06T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Mac users targeted in new malvertising campaign delivering Atomic Stealer

Objective See Green Lambert for OSX Oct 2021

Sandvik, Runa. (2021, October 1). Made In America: Green Lambert for OS X. Retrieved March 21, 2022.

Internal MISP references

UUID fad94973-eafa-4fdb-b7aa-22c21d894f81 which can be used as unique global reference for Objective See Green Lambert for OSX Oct 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-21T00:00:00Z
date_published 2021-10-01T00:00:00Z
source MITRE
title Made In America: Green Lambert for OS X

Trend Micro FIN6 October 2019

Chen, J. (2019, October 10). Magecart Card Skimmers Injected Into Online Shops. Retrieved September 9, 2020.

Internal MISP references

UUID edb9395d-c8a2-46a5-8bf4-91b1d8fe6e3b which can be used as unique global reference for Trend Micro FIN6 October 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-09T00:00:00Z
date_published 2019-10-10T00:00:00Z
source MITRE
title Magecart Card Skimmers Injected Into Online Shops

Unit 42 Magic Hound Feb 2017

Lee, B. and Falcone, R. (2017, February 15). Magic Hound Campaign Attacks Saudi Targets. Retrieved December 27, 2017.

Internal MISP references

UUID f1ef9868-3ddb-4289-aa92-481c35517920 which can be used as unique global reference for Unit 42 Magic Hound Feb 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-27T00:00:00Z
date_published 2017-02-15T00:00:00Z
source MITRE
title Magic Hound Campaign Attacks Saudi Targets

AMD Magic Packet

AMD. (1995, November 1). Magic Packet Technical White Paper. Retrieved February 17, 2021.

Internal MISP references

UUID 06d36dea-e13d-48c4-b6d6-0c175c379f5b which can be used as unique global reference for AMD Magic Packet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-17T00:00:00Z
date_published 1995-11-01T00:00:00Z
source MITRE
title Magic Packet Technical White Paper

MagicWeb

Microsoft Threat Intelligence Center, Microsoft Detection and Response Team, Microsoft 365 Defender Research Team . (2022, August 24). MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone. Retrieved September 28, 2022.

Internal MISP references

UUID 5b728693-37e8-4100-ac82-b70945113e07 which can be used as unique global reference for MagicWeb in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-28T00:00:00Z
date_published 2022-08-24T00:00:00Z
source MITRE
title MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

MAGNET GOBLIN

Check Point Research. (2024, March 8). MAGNET GOBLIN TARGETS PUBLICLY FACING SERVERS USING 1-DAY VULNERABILITIES. Retrieved March 27, 2024.

Internal MISP references

UUID 955b6449-4cd5-5512-a5f3-2bcb91def3ef which can be used as unique global reference for MAGNET GOBLIN in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-27T00:00:00Z
date_published 2024-03-08T00:00:00Z
source MITRE
title MAGNET GOBLIN TARGETS PUBLICLY FACING SERVERS USING 1-DAY VULNERABILITIES

FireEye FIN7 Oct 2019

Carr, N, et all. (2019, October 10). Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques. Retrieved October 11, 2019.

Internal MISP references

UUID df8886d1-fbd7-4c24-8ab1-6261923dee96 which can be used as unique global reference for FireEye FIN7 Oct 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-11T00:00:00Z
date_published 2019-10-10T00:00:00Z
source MITRE
title Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques

Microsoft Mail Flow Rules 2023

Microsoft. (2023, February 22). Mail flow rules (transport rules) in Exchange Online. Retrieved March 13, 2023.

Internal MISP references

UUID 421093d7-6ac8-5ebc-9a04-1c65bdce0980 which can be used as unique global reference for Microsoft Mail Flow Rules 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-13T00:00:00Z
date_published 2023-02-22T00:00:00Z
source MITRE
title Mail flow rules (transport rules) in Exchange Online

GitHub MailSniper

Bullock, B., . (2018, November 20). MailSniper. Retrieved October 4, 2019.

Internal MISP references

UUID 50595548-b0c6-49d1-adab-43c8969ae716 which can be used as unique global reference for GitHub MailSniper in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-04T00:00:00Z
date_published 2018-11-20T00:00:00Z
source MITRE
title MailSniper

mailx man page

Michael Kerrisk. (2021, August 27). mailx(1p) — Linux manual page. Retrieved June 10, 2022.

Internal MISP references

UUID 6813a1a2-fbe0-4809-aad7-734997e59bea which can be used as unique global reference for mailx man page in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-10T00:00:00Z
date_published 2021-08-27T00:00:00Z
source MITRE
title mailx(1p) — Linux manual page

enigma0x3 normal.dotm

Nelson, M. (2014, January 23). Maintaining Access with normal.dotm. Retrieved July 3, 2017.

Internal MISP references

UUID b8339d48-699d-4043-8197-1f0435a8dca5 which can be used as unique global reference for enigma0x3 normal.dotm in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-03T00:00:00Z
date_published 2014-01-23T00:00:00Z
source MITRE
title Maintaining Access with normal.dotm

NetSPI Startup Stored Procedures

Sutherland, S. (2016, March 7). Maintaining Persistence via SQL Server – Part 1: Startup Stored Procedures. Retrieved July 8, 2019.

Internal MISP references

UUID afe89472-ac42-4a0d-b398-5ed6a5dee74f which can be used as unique global reference for NetSPI Startup Stored Procedures in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-08T00:00:00Z
date_published 2016-03-07T00:00:00Z
source MITRE
title Maintaining Persistence via SQL Server – Part 1: Startup Stored Procedures

QR-cofense

Nathaniel Raymond. (2023, August 16). Major Energy Company Targeted in Large QR Code Phishing Campaign. Retrieved February 13, 2024.

Internal MISP references

UUID eda8270f-c76f-5d01-b45f-74246945ec50 which can be used as unique global reference for QR-cofense in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-13T00:00:00Z
date_published 2023-08-16T00:00:00Z
source MITRE
title Major Energy Company Targeted in Large QR Code Phishing Campaign

Cofense-redirect

Raymond, Nathaniel. (2023, August 16). Major Energy Company Targeted in Large QR Code Phishing Campaign. Retrieved January 17, 2024.

Internal MISP references

UUID 450da173-3573-5502-ab53-6d6b9955714d which can be used as unique global reference for Cofense-redirect in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-17T00:00:00Z
date_published 2023-08-16T00:00:00Z
source MITRE
title Major Energy Company Targeted in Large QR Code Phishing Campaign

Makecab.exe - LOLBAS Project

LOLBAS. (2018, May 25). Makecab.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 6473e36b-b5ad-4254-b46d-38c53ccbe446 which can be used as unique global reference for Makecab.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Makecab.exe

Infoblox Lokibot January 2019

Hoang, M. (2019, January 31). Malicious Activity Report: Elements of Lokibot Infostealer. Retrieved May 15, 2020.

Internal MISP references

UUID 17ab0f84-a062-4c4f-acf9-e0b8f81c3cda which can be used as unique global reference for Infoblox Lokibot January 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-15T00:00:00Z
date_published 2019-01-31T00:00:00Z
source MITRE
title Malicious Activity Report: Elements of Lokibot Infostealer

U.S. CISA PaperCut May 2023

Cybersecurity and Infrastructure Security Agency. (2023, May 11). Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG. Retrieved May 17, 2023.

Internal MISP references

UUID b5ef2b97-7cc7-470b-ae97-a45dc4af32a6 which can be used as unique global reference for U.S. CISA PaperCut May 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-17T00:00:00Z
date_published 2023-05-11T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG

GoBotKR

Zuzana Hromcová. (2019, July 8). Malicious campaign targets South Korean users with backdoor‑laced torrents. Retrieved March 31, 2022.

Internal MISP references

UUID 7d70675c-5520-4c81-8880-912ce918c4b5 which can be used as unique global reference for GoBotKR in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-31T00:00:00Z
date_published 2019-07-08T00:00:00Z
source MITRE
title Malicious campaign targets South Korean users with backdoor‑laced torrents

ICEBRG Chrome Extensions

De Tore, M., Warner, J. (2018, January 15). MALICIOUS CHROME EXTENSIONS ENABLE CRIMINALS TO IMPACT OVER HALF A MILLION USERS AND GLOBAL BUSINESSES. Retrieved January 17, 2018.

Internal MISP references

UUID 459bfd4a-7a9b-4d65-b574-acb221428dad which can be used as unique global reference for ICEBRG Chrome Extensions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-17T00:00:00Z
date_published 2018-01-15T00:00:00Z
source MITRE
title MALICIOUS CHROME EXTENSIONS ENABLE CRIMINALS TO IMPACT OVER HALF A MILLION USERS AND GLOBAL BUSINESSES

McAfee Malicious Doc Targets Pyeongchang Olympics

Saavedra-Morales, J., Sherstobitoff, R. (2018, January 6). Malicious Document Targets Pyeongchang Olympics. Retrieved April 10, 2018.

Internal MISP references

UUID e6b5c261-86c1-4b6b-8a5e-c6a454554588 which can be used as unique global reference for McAfee Malicious Doc Targets Pyeongchang Olympics in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-10T00:00:00Z
date_published 2018-01-06T00:00:00Z
source MITRE
title Malicious Document Targets Pyeongchang Olympics

Fortinet Fareit

Salvio, J., Joven, R. (2016, December 16). Malicious Macro Bypasses UAC to Elevate Privilege for Fareit Malware. Retrieved December 27, 2016.

Internal MISP references

UUID d06223d7-2d86-41c6-af23-50865a1810c0 which can be used as unique global reference for Fortinet Fareit in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-12-27T00:00:00Z
date_published 2016-12-16T00:00:00Z
source MITRE
title Malicious Macro Bypasses UAC to Elevate Privilege for Fareit Malware

Microsoft OAuth Spam 2022

Microsoft. (2023, September 22). Malicious OAuth applications abuse cloud email services to spread spam. Retrieved March 13, 2023.

Internal MISP references

UUID 086c06a0-3960-5fa8-b034-cef37a3aee90 which can be used as unique global reference for Microsoft OAuth Spam 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-13T00:00:00Z
date_published 2023-09-22T00:00:00Z
source MITRE
title Malicious OAuth applications abuse cloud email services to spread spam

Zscaler Kasidet

Yadav, A., et al. (2016, January 29). Malicious Office files dropping Kasidet and Dridex. Retrieved March 24, 2016.

Internal MISP references

UUID 63077223-4711-4c1e-9fb2-3995c7e03cf2 which can be used as unique global reference for Zscaler Kasidet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-24T00:00:00Z
date_published 2016-01-29T00:00:00Z
source MITRE
title Malicious Office files dropping Kasidet and Dridex

SilentBreak Outlook Rules

Landers, N. (2015, December 4). Malicious Outlook Rules. Retrieved February 4, 2019.

Internal MISP references

UUID a2ad0658-7c12-4f58-b7bf-6300eacb4a8f which can be used as unique global reference for SilentBreak Outlook Rules in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-04T00:00:00Z
date_published 2015-12-04T00:00:00Z
source MITRE
title Malicious Outlook Rules

Webroot PHP 2011

Brandt, Andrew. (2011, February 22). Malicious PHP Scripts on the Rise. Retrieved October 3, 2018.

Internal MISP references

UUID 6d0da707-2328-4b43-a112-570c1fd5dec1 which can be used as unique global reference for Webroot PHP 2011 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-10-03T00:00:00Z
date_published 2011-02-22T00:00:00Z
source MITRE
title Malicious PHP Scripts on the Rise

CISA ComRAT Oct 2020

CISA. (2020, October 29). Malware Analysis Report (AR20-303A). Retrieved December 9, 2020.

Internal MISP references

UUID 6ba168aa-ca07-4856-911f-fa48da54e471 which can be used as unique global reference for CISA ComRAT Oct 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-09T00:00:00Z
date_published 2020-10-29T00:00:00Z
source MITRE
title Malware Analysis Report (AR20-303A)

Malware Analysis Report ComRAT

CISA. (2020, October 29). Malware Analysis Report (AR20-303A) MAR-10310246-2.v1 – PowerShell Script: ComRAT. Retrieved September 30, 2022.

Internal MISP references

UUID 9d81e2c8-09d5-4542-9c60-13a22a5a0073 which can be used as unique global reference for Malware Analysis Report ComRAT in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-30T00:00:00Z
date_published 2020-10-29T00:00:00Z
source MITRE
title Malware Analysis Report (AR20-303A) MAR-10310246-2.v1 – PowerShell Script: ComRAT

CISA Zebrocy Oct 2020

CISA. (2020, October 29). Malware Analysis Report (AR20-303B). Retrieved December 9, 2020.

Internal MISP references

UUID b7518c4d-6c10-43d2-8e57-d354fb8d4a99 which can be used as unique global reference for CISA Zebrocy Oct 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-09T00:00:00Z
date_published 2020-10-29T00:00:00Z
source MITRE
title Malware Analysis Report (AR20-303B)

CISA Supernova Jan 2021

CISA. (2021, January 27). Malware Analysis Report (AR21-027A). Retrieved February 22, 2021.

Internal MISP references

UUID ce300d75-8351-4d7c-b280-7d5fbe17f9bb which can be used as unique global reference for CISA Supernova Jan 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-22T00:00:00Z
date_published 2021-01-27T00:00:00Z
source MITRE
title Malware Analysis Report (AR21-027A)

UK NCSC Jaguar Tooth April 18 2023

National Cyber Security Centre. (2023, April 18). Malware Analysis Report: Jaguar Tooth. Retrieved August 23, 2023.

Internal MISP references

UUID 954e0cb9-9a93-4cac-af84-c6989b973fac which can be used as unique global reference for UK NCSC Jaguar Tooth April 18 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-23T00:00:00Z
date_published 2023-04-18T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Malware Analysis Report: Jaguar Tooth

US-CERT SHARPKNOT June 2018

US-CERT. (2018, March 09). Malware Analysis Report (MAR) - 10135536.11.WHITE. Retrieved June 13, 2018.

Internal MISP references

UUID b6bb568f-de15-4ace-8075-c08e7835fea2 which can be used as unique global reference for US-CERT SHARPKNOT June 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-06-13T00:00:00Z
date_published 2018-03-09T00:00:00Z
source MITRE
title Malware Analysis Report (MAR) - 10135536.11.WHITE

US-CERT Bankshot Dec 2017

US-CERT. (2017, December 13). Malware Analysis Report (MAR) - 10135536-B. Retrieved July 17, 2018.

Internal MISP references

UUID af2a708d-f96f-49e7-9351-1ea703e614a0 which can be used as unique global reference for US-CERT Bankshot Dec 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-17T00:00:00Z
date_published 2017-12-13T00:00:00Z
source MITRE
title Malware Analysis Report (MAR) - 10135536-B

US-CERT Volgmer 2 Nov 2017

US-CERT. (2017, November 01). Malware Analysis Report (MAR) - 10135536-D. Retrieved July 16, 2018.

Internal MISP references

UUID a3a5c26c-0d57-4ffc-ae28-3fe828e08fcb which can be used as unique global reference for US-CERT Volgmer 2 Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-16T00:00:00Z
date_published 2017-11-01T00:00:00Z
source MITRE
title Malware Analysis Report (MAR) - 10135536-D

US-CERT HARDRAIN March 2018

US-CERT. (2018, February 05). Malware Analysis Report (MAR) - 10135536-F. Retrieved June 11, 2018.

Internal MISP references

UUID ffc17fa5-e7d3-4592-b47b-e12ced0e62a4 which can be used as unique global reference for US-CERT HARDRAIN March 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-06-11T00:00:00Z
date_published 2018-02-05T00:00:00Z
source MITRE
title Malware Analysis Report (MAR) - 10135536-F

US-CERT BADCALL

US-CERT. (2018, February 06). Malware Analysis Report (MAR) - 10135536-G. Retrieved June 7, 2018.

Internal MISP references

UUID aeb4ff70-fa98-474c-8337-9e50d07ee378 which can be used as unique global reference for US-CERT BADCALL in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-06-07T00:00:00Z
date_published 2018-02-06T00:00:00Z
source MITRE
title Malware Analysis Report (MAR) - 10135536-G

CISA MAR SLOTHFULMEDIA October 2020

DHS/CISA, Cyber National Mission Force. (2020, October 1). Malware Analysis Report (MAR) MAR-10303705-1.v1 – Remote Access Trojan: SLOTHFULMEDIA. Retrieved October 2, 2020.

Internal MISP references

UUID 57c3256c-0d24-4647-9037-fefe1c88ad61 which can be used as unique global reference for CISA MAR SLOTHFULMEDIA October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-02T00:00:00Z
date_published 2020-10-01T00:00:00Z
source MITRE
title Malware Analysis Report (MAR) MAR-10303705-1.v1 – Remote Access Trojan: SLOTHFULMEDIA

Kroll RawPOS Jan 2017

Nesbit, B. and Ackerman, D. (2017, January). Malware Analysis Report - RawPOS Malware: Deconstructing an Intruder’s Toolkit. Retrieved October 4, 2017.

Internal MISP references

UUID cbbfffb9-c378-4e57-a2af-e76e6014ed57 which can be used as unique global reference for Kroll RawPOS Jan 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-10-04T00:00:00Z
date_published 2017-01-01T00:00:00Z
source MITRE
title Malware Analysis Report - RawPOS Malware: Deconstructing an Intruder’s Toolkit

VMRay OSAMiner dynamic analysis 2021

VMRAY. (2021, January 14). Malware Analysis Spotlight: OSAMiner Uses Run-Only AppleScripts to Evade Detection. Retrieved October 4, 2022.

Internal MISP references

UUID 47a5d32d-e6a5-46c2-898a-e45dc42371be which can be used as unique global reference for VMRay OSAMiner dynamic analysis 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-10-04T00:00:00Z
date_published 2021-01-14T00:00:00Z
source MITRE
title Malware Analysis Spotlight: OSAMiner Uses Run-Only AppleScripts to Evade Detection

Arch Linux Package Systemd Compromise BleepingComputer 10JUL2018

Catalin Cimpanu. (2018, July 10). Malware Found in Arch Linux AUR Package Repository. Retrieved April 23, 2019.

Internal MISP references

UUID 0654dabf-e885-45bf-8a8e-2b512ff4bf46 which can be used as unique global reference for Arch Linux Package Systemd Compromise BleepingComputer 10JUL2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-23T00:00:00Z
date_published 2018-07-10T00:00:00Z
source MITRE
title Malware Found in Arch Linux AUR Package Repository

Alperovitch Malware

Alperovitch, D. (2014, October 31). Malware-Free Intrusions. Retrieved November 4, 2014.

Internal MISP references

UUID b6635fd7-40ec-4481-bb0a-c1d3391854a7 which can be used as unique global reference for Alperovitch Malware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-04T00:00:00Z
date_published 2014-10-31T00:00:00Z
source MITRE
title Malware-Free Intrusions

Chrome Extension C2 Malware

Kjaer, M. (2016, July 18). Malware in the browser: how you might get hacked by a Chrome extension. Retrieved November 22, 2017.

Internal MISP references

UUID b0fdf9c7-614b-4269-ba3e-7d8b02aa8502 which can be used as unique global reference for Chrome Extension C2 Malware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-22T00:00:00Z
date_published 2016-07-18T00:00:00Z
source MITRE
title Malware in the browser: how you might get hacked by a Chrome extension

FireEye Kevin Mandia Guardrails

Shoorbajee, Z. (2018, June 1). Playing nice? FireEye CEO says U.S. malware is more restrained than adversaries'. Retrieved January 17, 2019.

Internal MISP references

UUID 0c518eec-a94e-42a7-8eb7-527ae3e279b6 which can be used as unique global reference for FireEye Kevin Mandia Guardrails in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-01-17T00:00:00Z
source MITRE
title malware is more restrained than adversaries'

Karl Greenberg. (2023, April 20). Malware is proliferating, but detection measures bear fruit: Mandiant. Retrieved September 21, 2023.

Internal MISP references

UUID 1347e21e-e77d-464d-bbbe-dc4d3f2b07a1 which can be used as unique global reference for TechRepublic M-Trends 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-21T00:00:00Z
date_published 2023-04-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Malware is proliferating, but detection measures bear fruit: Mandiant

CTU BITS Malware June 2016

Counter Threat Unit Research Team. (2016, June 6). Malware Lingers with BITS. Retrieved January 12, 2018.

Internal MISP references

UUID db98b15c-399d-4a4c-8fa6-5a4ff38c3853 which can be used as unique global reference for CTU BITS Malware June 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-12T00:00:00Z
date_published 2016-06-06T00:00:00Z
source MITRE
title Malware Lingers with BITS

CyberBit System Calls

Gavriel, H. (2018, November 27). Malware Mitigation when Direct System Calls are Used. Retrieved September 29, 2021.

Internal MISP references

UUID c13cf528-2a7d-4a32-aee2-db5db2f30298 which can be used as unique global reference for CyberBit System Calls in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
date_published 2018-11-27T00:00:00Z
source MITRE
title Malware Mitigation when Direct System Calls are Used

Malware Monday VBE

Bromiley, M. (2016, December 27). Malware Monday: VBScript and VBE Files. Retrieved March 17, 2023.

Internal MISP references

UUID 9b52a72b-938a-5eb6-a3b7-5a925657f0a3 which can be used as unique global reference for Malware Monday VBE in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-17T00:00:00Z
date_published 2016-12-27T00:00:00Z
source MITRE
title Malware Monday: VBScript and VBE Files

RSAC 2015 San Francisco Patrick Wardle

Wardle, P. (2015, April). Malware Persistence on OS X Yosemite. Retrieved April 6, 2018.

Internal MISP references

UUID 7e3f3dda-c407-4b06-a6b0-8b72c4dad6e6 which can be used as unique global reference for RSAC 2015 San Francisco Patrick Wardle in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-06T00:00:00Z
date_published 2015-04-01T00:00:00Z
source MITRE
title Malware Persistence on OS X Yosemite

Malware Persistence on OS X

Patrick Wardle. (2015). Malware Persistence on OS X Yosemite. Retrieved July 10, 2017.

Internal MISP references

UUID d4e3b066-c439-4284-ba28-3b8bd8ec270e which can be used as unique global reference for Malware Persistence on OS X in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-10T00:00:00Z
date_published 2015-01-01T00:00:00Z
source MITRE
title Malware Persistence on OS X Yosemite

FireEye Hijacking July 2010

Harbour, N. (2010, July 15). Malware Persistence without the Windows Registry. Retrieved November 17, 2020.

Internal MISP references

UUID 536f9987-f3b6-4d5f-8a6b-32a0c651500d which can be used as unique global reference for FireEye Hijacking July 2010 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-17T00:00:00Z
date_published 2010-07-15T00:00:00Z
source MITRE
title Malware Persistence without the Windows Registry

Mondok Windows PiggyBack BITS May 2007

Mondok, M. (2007, May 11). Malware piggybacks on Windows’ Background Intelligent Transfer Service. Retrieved January 12, 2018.

Internal MISP references

UUID 7dd03a92-11b8-4b8a-9d34-082ecf09a6e4 which can be used as unique global reference for Mondok Windows PiggyBack BITS May 2007 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-12T00:00:00Z
date_published 2007-05-11T00:00:00Z
source MITRE
title Malware piggybacks on Windows’ Background Intelligent Transfer Service

Conficker Nuclear Power Plant

Cimpanu, C. (2016, April 26). Malware Shuts Down German Nuclear Power Plant on Chernobyl's 30th Anniversary. Retrieved February 18, 2021.

Internal MISP references

UUID 83b8c3c4-d67a-48bd-8614-1c703a8d969b which can be used as unique global reference for Conficker Nuclear Power Plant in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-18T00:00:00Z
date_published 2016-04-26T00:00:00Z
source MITRE
title Malware Shuts Down German Nuclear Power Plant on Chernobyl's 30th Anniversary

MMPC ISAPI Filter 2012

MMPC. (2012, October 3). Malware signed with the Adobe code signing certificate. Retrieved June 3, 2021.

Internal MISP references

UUID ef412bcd-54be-4972-888c-f5a2cdfb8d02 which can be used as unique global reference for MMPC ISAPI Filter 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-03T00:00:00Z
date_published 2012-10-03T00:00:00Z
source MITRE
title Malware signed with the Adobe code signing certificate

Leonardo Turla Penquin May 2020

Leonardo. (2020, May 29). MALWARE TECHNICAL INSIGHT TURLA “Penquin_x64”. Retrieved March 11, 2021.

Internal MISP references

UUID 09d8bb54-6fa5-4842-98aa-6e9656a19092 which can be used as unique global reference for Leonardo Turla Penquin May 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-11T00:00:00Z
date_published 2020-05-29T00:00:00Z
source MITRE
title MALWARE TECHNICAL INSIGHT TURLA “Penquin_x64”

Malware System Language Check

Pierre-Marc Bureau. (2009, January 15). Malware Trying to Avoid Some Countries. Retrieved August 18, 2021.

Internal MISP references

UUID 3d4c5366-038a-453e-b803-a172b95da5f7 which can be used as unique global reference for Malware System Language Check in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-18T00:00:00Z
date_published 2009-01-15T00:00:00Z
source MITRE
title Malware Trying to Avoid Some Countries

JPCert TSCookie March 2018

Tomonaga, S. (2018, March 6). Malware “TSCookie”. Retrieved May 6, 2020.

Internal MISP references

UUID ff1717f7-0d2e-4947-87d7-44576affe9f8 which can be used as unique global reference for JPCert TSCookie March 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-06T00:00:00Z
date_published 2018-03-06T00:00:00Z
source MITRE
title Malware “TSCookie”

Symantec BITS May 2007

Florio, E. (2007, May 9). Malware Update with Windows Update. Retrieved January 12, 2018.

Internal MISP references

UUID e5962c87-0d42-46c2-8757-91f264fc570f which can be used as unique global reference for Symantec BITS May 2007 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-12T00:00:00Z
date_published 2007-05-09T00:00:00Z
source MITRE
title Malware Update with Windows Update

JPCert BlackTech Malware September 2019

Tomonaga, S.. (2019, September 18). Malware Used by BlackTech after Network Intrusion. Retrieved May 6, 2020.

Internal MISP references

UUID 26f44bde-f723-4854-8acc-3d95e5fa764a which can be used as unique global reference for JPCert BlackTech Malware September 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-06T00:00:00Z
date_published 2019-09-18T00:00:00Z
source MITRE
title Malware Used by BlackTech after Network Intrusion

Unit 42 Rocke January 2019

Xingyu, J.. (2019, January 17). Malware Used by Rocke Group Evolves to Evade Detection by Cloud Security Products. Retrieved May 26, 2020.

Internal MISP references

UUID facf686b-a5a9-4c85-bb46-f56a434d3d78 which can be used as unique global reference for Unit 42 Rocke January 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-26T00:00:00Z
date_published 2019-01-17T00:00:00Z
source MITRE
title Malware Used by Rocke Group Evolves to Evade Detection by Cloud Security Products

Manage-bde.wsf - LOLBAS Project

LOLBAS. (2018, May 25). Manage-bde.wsf. Retrieved December 4, 2023.

Internal MISP references

UUID 74d5483e-2268-464c-a048-bb1f25bbfc4f which can be used as unique global reference for Manage-bde.wsf - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Manage-bde.wsf

Microsoft Manage Device Identities

Microsoft. (2022, February 18). Manage device identities by using the Azure portal. Retrieved April 13, 2022.

Internal MISP references

UUID 91aa3a4a-a852-40db-b6ec-68504670cfa6 which can be used as unique global reference for Microsoft Manage Device Identities in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-13T00:00:00Z
date_published 2022-02-18T00:00:00Z
source MITRE
title Manage device identities by using the Azure portal

Microsoft MOF May 2018

Satran, M. (2018, May 30). Managed Object Format (MOF). Retrieved January 24, 2020.

Internal MISP references

UUID 1d1da9ad-c995-4040-8103-b51af9d8bac3 which can be used as unique global reference for Microsoft MOF May 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-01-24T00:00:00Z
date_published 2018-05-30T00:00:00Z
source MITRE
title Managed Object Format (MOF)

Microsoft Inbox Rules

Microsoft. (n.d.). Manage email messages by using rules. Retrieved June 11, 2021.

Internal MISP references

UUID 91ce21f7-4cd5-4a75-a533-45d052a11c5d which can be used as unique global reference for Microsoft Inbox Rules in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-11T00:00:00Z
source MITRE
title Manage email messages by using rules

Google Workspace External Sharing

Google. (n.d.). Manage external sharing for your organization. Retrieved March 4, 2024.

Internal MISP references

UUID 0cc85d20-f47c-52da-8391-83d630e744b9 which can be used as unique global reference for Google Workspace External Sharing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-04T00:00:00Z
source MITRE
title Manage external sharing for your organization

Google Cloud Just in Time Access 2023

Google Cloud. (n.d.). Manage just-in-time privileged access to projects. Retrieved September 21, 2023.

Internal MISP references

UUID 797c6051-9dff-531b-8438-d306bdf46720 which can be used as unique global reference for Google Cloud Just in Time Access 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-21T00:00:00Z
source MITRE
title Manage just-in-time privileged access to projects

Microsoft Manage Mail Flow Rules 2023

Microsoft. (2023, February 22). Manage mail flow rules in Exchange Online. Retrieved March 13, 2023.

Internal MISP references

UUID 1d5d7353-7d9d-522a-a0aa-6f4aa0886ca1 which can be used as unique global reference for Microsoft Manage Mail Flow Rules 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-13T00:00:00Z
date_published 2023-02-22T00:00:00Z
source MITRE
title Manage mail flow rules in Exchange Online

Office 365 Partner Relationships

Microsoft. (2022, March 4). Manage partner relationships. Retrieved May 27, 2022.

Internal MISP references

UUID 3d794f31-c3b4-4e0b-8558-b944d6616676 which can be used as unique global reference for Office 365 Partner Relationships in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-27T00:00:00Z
date_published 2022-03-04T00:00:00Z
source MITRE
title Manage partner relationships

Microsoft 365 External Sharing

Microsoft. (2023, October 11). Manage sharing settings for SharePoint and OneDrive in Microsoft 365. Retrieved March 4, 2024.

Internal MISP references

UUID 69154fdc-3540-5c31-8285-f7795db45d7f which can be used as unique global reference for Microsoft 365 External Sharing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-04T00:00:00Z
date_published 2023-10-11T00:00:00Z
source MITRE
title Manage sharing settings for SharePoint and OneDrive in Microsoft 365

TechNet Trusted Publishers

Microsoft. (n.d.). Manage Trusted Publishers. Retrieved March 31, 2016.

Internal MISP references

UUID e355ae20-4ada-49f3-a097-744838d6ff7d which can be used as unique global reference for TechNet Trusted Publishers in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-31T00:00:00Z
source MITRE
title Manage Trusted Publishers

Microsoft Enable Cred Guard April 2017

Lich, B., Tobin, J., Hall, J. (2017, April 5). Manage Windows Defender Credential Guard. Retrieved November 27, 2017.

Internal MISP references

UUID dc95771b-db84-43ae-b9ee-6f0ef3f1c93d which can be used as unique global reference for Microsoft Enable Cred Guard April 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-27T00:00:00Z
date_published 2017-04-05T00:00:00Z
source MITRE
title Manage Windows Defender Credential Guard

Outlook File Sizes

N. O'Bryan. (2018, May 30). Managing Outlook Cached Mode and OST File Sizes. Retrieved February 19, 2020.

Internal MISP references

UUID 6fbbb53f-cd4b-4ce1-942d-5cadb907cf86 which can be used as unique global reference for Outlook File Sizes in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-19T00:00:00Z
date_published 2018-05-30T00:00:00Z
source MITRE
title Managing Outlook Cached Mode and OST File Sizes

Microsoft Managing WebDAV Security

Microsoft. (n.d.). Managing WebDAV Security (IIS 6.0). Retrieved December 21, 2017.

Internal MISP references

UUID eeb7cd82-b116-4989-b3fa-968a23f839f3 which can be used as unique global reference for Microsoft Managing WebDAV Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-21T00:00:00Z
source MITRE
title Managing WebDAV Security (IIS 6.0)

Mandiant. (2011, January 27). Mandiant M-Trends 2011. Retrieved January 10, 2016.

Internal MISP references

UUID 563be052-29ac-4625-927d-84e475ef848e which can be used as unique global reference for Mandiant M Trends 2011 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-10T00:00:00Z
date_published 2011-01-27T00:00:00Z
source MITRE
title Mandiant M-Trends 2011

Mandiant. (2016, February 25). Mandiant M-Trends 2016. Retrieved March 5, 2019.

Internal MISP references

UUID f769a3ac-4330-46b7-bed8-61697e22cd24 which can be used as unique global reference for Mandiant M Trends 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-05T00:00:00Z
date_published 2016-02-25T00:00:00Z
source MITRE
title Mandiant M-Trends 2016

FireEye APT35 2018

Mandiant. (2018). Mandiant M-Trends 2018. Retrieved July 9, 2018.

Internal MISP references

UUID 71d3db50-4a20-4d8e-a640-4670d642205c which can be used as unique global reference for FireEye APT35 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-09T00:00:00Z
date_published 2018-01-01T00:00:00Z
source MITRE, Tidal Cyber
title Mandiant M-Trends 2018

Mandiant WMI

Mandiant. (n.d.). Retrieved February 13, 2024.

Internal MISP references

UUID 8d237948-7b10-5055-b9e6-52e6cab16f32 which can be used as unique global reference for Mandiant WMI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-13T00:00:00Z
source MITRE
title Mandiant WMI

MSDN Manifests

Microsoft. (n.d.). Manifests. Retrieved June 3, 2016.

Internal MISP references

UUID a29301fe-0e3c-4c6e-85c5-a30a6bcb9114 which can be used as unique global reference for MSDN Manifests in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-03T00:00:00Z
source MITRE
title Manifests

Microsoft Manifests

Microsoft. (n.d.). Manifests. Retrieved December 5, 2014.

Internal MISP references

UUID e336dc02-c7bb-4046-93d9-17b9512fb731 which can be used as unique global reference for Microsoft Manifests in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-05T00:00:00Z
source MITRE
title Manifests

Wikipedia Man in the Browser

Wikipedia. (2017, October 28). Man-in-the-browser. Retrieved January 10, 2018.

Internal MISP references

UUID f8975da7-4c50-4b3b-8ecb-c99c9b3bc20c which can be used as unique global reference for Wikipedia Man in the Browser in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-10T00:00:00Z
date_published 2017-10-28T00:00:00Z
source MITRE
title Man-in-the-browser

Kaspersky Encyclopedia MiTM

Kaspersky IT Encyclopedia. (n.d.). Man-in-the-middle attack. Retrieved September 1, 2023.

Internal MISP references

UUID 353a6eb9-54c5-5211-ad87-abf5d941e503 which can be used as unique global reference for Kaspersky Encyclopedia MiTM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-01T00:00:00Z
source MITRE
title Man-in-the-middle attack

Rapid7 MiTM Basics

Rapid7. (n.d.). Man-in-the-Middle (MITM) Attacks. Retrieved March 2, 2020.

Internal MISP references

UUID 33b25966-0ab9-4cc6-9702-62263a23af9c which can be used as unique global reference for Rapid7 MiTM Basics in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-02T00:00:00Z
source MITRE
title Man-in-the-Middle (MITM) Attacks

mitm_tls_downgrade_att

praetorian Editorial Team. (2014, August 19). Man-in-the-Middle TLS Protocol Downgrade Attack. Retrieved December 8, 2021.

Internal MISP references

UUID af907fe1-1e37-4f44-8ad4-fcc3826ee6fb which can be used as unique global reference for mitm_tls_downgrade_att in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-08T00:00:00Z
date_published 2014-08-19T00:00:00Z
source MITRE
title Man-in-the-Middle TLS Protocol Downgrade Attack

Praetorian TLS Downgrade Attack 2014

Praetorian. (2014, August 19). Man-in-the-Middle TLS Protocol Downgrade Attack. Retrieved October 8, 2021.

Internal MISP references

UUID 4375602d-4b5f-476d-82f8-3cef84d3378e which can be used as unique global reference for Praetorian TLS Downgrade Attack 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-08T00:00:00Z
date_published 2014-08-19T00:00:00Z
source MITRE
title Man-in-the-Middle TLS Protocol Downgrade Attack

InsiderThreat ChangeNTLM July 2017

Warren, J. (2017, July 11). Manipulating User Passwords with Mimikatz. Retrieved December 4, 2017.

Internal MISP references

UUID 3bf24c68-fc98-4143-9dff-f54030c902fe which can be used as unique global reference for InsiderThreat ChangeNTLM July 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-04T00:00:00Z
date_published 2017-07-11T00:00:00Z
source MITRE
title Manipulating User Passwords with Mimikatz

Kaspersky ManOnTheSide

Starikova, A. (2023, February 14). Man-on-the-side – peculiar attack. Retrieved September 1, 2023.

Internal MISP references

UUID 8ea545ac-cca6-5da5-8a93-6b07518fc9d4 which can be used as unique global reference for Kaspersky ManOnTheSide in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-01T00:00:00Z
date_published 2023-02-14T00:00:00Z
source MITRE
title Man-on-the-side – peculiar attack

symantec_mantis

Symantec Threat Hunter Team. (2023, April 4). Mantis: New Tooling Used in Attacks Against Palestinian Targets. Retrieved March 4, 2024.

Internal MISP references

UUID 76a792b5-f3cd-566e-a87b-9fae844ce07d which can be used as unique global reference for symantec_mantis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-04T00:00:00Z
date_published 2023-04-04T00:00:00Z
source MITRE
title Mantis: New Tooling Used in Attacks Against Palestinian Targets

CrowdStrike Manufacturing Threat July 2020

Falcon OverWatch Team. (2020, July 14). Manufacturing Industry in the Adversaries’ Crosshairs. Retrieved October 17, 2021.

Internal MISP references

UUID 5ed6a702-dcc5-4021-95cc-5b720dbd8774 which can be used as unique global reference for CrowdStrike Manufacturing Threat July 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-17T00:00:00Z
date_published 2020-07-14T00:00:00Z
source MITRE
title Manufacturing Industry in the Adversaries’ Crosshairs

US-CERT TYPEFRAME June 2018

US-CERT. (2018, June 14). MAR-10135536-12 – North Korean Trojan: TYPEFRAME. Retrieved July 13, 2018.

Internal MISP references

UUID b89f20ad-39c4-480f-b02e-20f4e71f6b95 which can be used as unique global reference for US-CERT TYPEFRAME June 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-13T00:00:00Z
date_published 2018-06-14T00:00:00Z
source MITRE
title MAR-10135536-12 – North Korean Trojan: TYPEFRAME

US-CERT KEYMARBLE Aug 2018

US-CERT. (2018, August 09). MAR-10135536-17 – North Korean Trojan: KEYMARBLE. Retrieved August 16, 2018.

Internal MISP references

UUID b30dd720-a85d-4bf5-84e1-394a27917ee7 which can be used as unique global reference for US-CERT KEYMARBLE Aug 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-16T00:00:00Z
date_published 2018-08-09T00:00:00Z
source MITRE
title MAR-10135536-17 – North Korean Trojan: KEYMARBLE

US-CERT HOPLIGHT Apr 2019

US-CERT. (2019, April 10). MAR-10135536-8 – North Korean Trojan: HOPLIGHT. Retrieved April 19, 2019.

Internal MISP references

UUID e722b71b-9042-4143-a156-489783d86e0a which can be used as unique global reference for US-CERT HOPLIGHT Apr 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-19T00:00:00Z
date_published 2019-04-10T00:00:00Z
source MITRE
title MAR-10135536-8 – North Korean Trojan: HOPLIGHT

US-CERT HOTCROISSANT February 2020

US-CERT. (2020, February 20). MAR-10271944-1.v1 – North Korean Trojan: HOTCROISSANT. Retrieved May 1, 2020.

Internal MISP references

UUID db5c816a-2a23-4966-8f0b-4ec86cae45c9 which can be used as unique global reference for US-CERT HOTCROISSANT February 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-01T00:00:00Z
date_published 2020-02-20T00:00:00Z
source MITRE
title MAR-10271944-1.v1 – North Korean Trojan: HOTCROISSANT

CISA MAR-10288834-2.v1 TAINTEDSCRIBE MAY 2020

USG. (2020, May 12). MAR-10288834-2.v1 – North Korean Trojan: TAINTEDSCRIBE. Retrieved March 5, 2021.

Internal MISP references

UUID b9946fcc-592a-4c54-b504-4fe5050704df which can be used as unique global reference for CISA MAR-10288834-2.v1 TAINTEDSCRIBE MAY 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-05T00:00:00Z
date_published 2020-05-12T00:00:00Z
source MITRE
title MAR-10288834-2.v1 – North Korean Trojan: TAINTEDSCRIBE

CISA MAR-10292089-1.v2 TAIDOOR August 2021

CISA, FBI, DOD. (2021, August). MAR-10292089-1.v2 – Chinese Remote Access Trojan: TAIDOOR. Retrieved August 24, 2021.

Internal MISP references

UUID 0ae18fda-cc88-49f4-8e85-7b63044579ea which can be used as unique global reference for CISA MAR-10292089-1.v2 TAIDOOR August 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-24T00:00:00Z
date_published 2021-08-01T00:00:00Z
source MITRE
title MAR-10292089-1.v2 – Chinese Remote Access Trojan: TAIDOOR

US-CERT BLINDINGCAN Aug 2020

US-CERT. (2020, August 19). MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN. Retrieved August 19, 2020.

Internal MISP references

UUID 0421788c-b807-4e19-897c-bfb4323feb16 which can be used as unique global reference for US-CERT BLINDINGCAN Aug 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-19T00:00:00Z
date_published 2020-08-19T00:00:00Z
source MITRE
title MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN

CISA SoreFang July 2016

CISA. (2020, July 16). MAR-10296782-1.v1 – SOREFANG. Retrieved September 29, 2020.

Internal MISP references

UUID a87db09c-cadc-48fd-9634-8dd44bbd9009 which can be used as unique global reference for CISA SoreFang July 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-29T00:00:00Z
date_published 2020-07-16T00:00:00Z
source MITRE
title MAR-10296782-1.v1 – SOREFANG

CISA WellMess July 2020

CISA. (2020, July 16). MAR-10296782-2.v1 – WELLMESS. Retrieved September 24, 2020.

Internal MISP references

UUID 40e9eda2-51a2-4fd8-b0b1-7d2c6deca820 which can be used as unique global reference for CISA WellMess July 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-24T00:00:00Z
date_published 2020-07-16T00:00:00Z
source MITRE
title MAR-10296782-2.v1 – WELLMESS

CISA WellMail July 2020

CISA. (2020, July 16). MAR-10296782-3.v1 – WELLMAIL. Retrieved September 29, 2020.

Internal MISP references

UUID 2f33b88a-a8dd-445b-a34f-e356b94bed35 which can be used as unique global reference for CISA WellMail July 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-29T00:00:00Z
date_published 2020-07-16T00:00:00Z
source MITRE
title MAR-10296782-3.v1 – WELLMAIL

CISA EB Aug 2020

Cybersecurity and Infrastructure Security Agency. (2020, August 26). MAR-10301706-1.v1 - North Korean Remote Access Tool: ECCENTRICBANDWAGON. Retrieved March 18, 2021.

Internal MISP references

UUID a1b143f9-ca85-4c11-8909-49423c9ffeab which can be used as unique global reference for CISA EB Aug 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-18T00:00:00Z
date_published 2020-08-26T00:00:00Z
source MITRE
title MAR-10301706-1.v1 - North Korean Remote Access Tool: ECCENTRICBANDWAGON

CISA HatMan

CISA. (2019, February 27). MAR-17-352-01 HatMan-Safety System Targeted Malware. Retrieved January 6, 2021.

Internal MISP references

UUID 0690fa53-fee4-43fa-afd5-61137fd7529e which can be used as unique global reference for CISA HatMan in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-06T00:00:00Z
date_published 2019-02-27T00:00:00Z
source MITRE
title MAR-17-352-01 HatMan-Safety System Targeted Malware

Outflank MotW 2020

Hegt, S. (2020, March 30). Mark-of-the-Web from a red team’s perspective. Retrieved February 22, 2021.

Internal MISP references

UUID 54d9c59f-800a-426f-90c8-0d1cb2bea1ea which can be used as unique global reference for Outflank MotW 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-22T00:00:00Z
date_published 2020-03-30T00:00:00Z
source MITRE
title Mark-of-the-Web from a red team’s perspective

Masquerads-Guardio

Tal, Nati. (2022, December 28). “MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets. Retrieved February 21, 2023.

Internal MISP references

UUID e11492f4-f9a3-5489-b2bb-a28b19ef88b5 which can be used as unique global reference for Masquerads-Guardio in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-21T00:00:00Z
date_published 2022-12-28T00:00:00Z
source MITRE
title “MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets

CNET Leaks

Ng, A. (2019, January 17). Massive breach leaks 773 million email addresses, 21 million passwords. Retrieved October 20, 2020.

Internal MISP references

UUID 46df3a49-e7c4-4169-b35c-0aecc78c31ea which can be used as unique global reference for CNET Leaks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2019-01-17T00:00:00Z
source MITRE
title Massive breach leaks 773 million email addresses, 21 million passwords

ArsTechnica Great Firewall of China

Goodin, D.. (2015, March 31). Massive denial-of-service attack on GitHub tied to Chinese government. Retrieved April 19, 2019.

Internal MISP references

UUID 1a08d58f-bf91-4345-aa4e-2906d3ef365a which can be used as unique global reference for ArsTechnica Great Firewall of China in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-19T00:00:00Z
date_published 2015-03-31T00:00:00Z
source MITRE
title Massive denial-of-service attack on GitHub tied to Chinese government

Europol Cobalt Mar 2018

Europol. (2018, March 26). Mastermind Behind EUR 1 Billion Cyber Bank Robbery Arrested in Spain. Retrieved October 10, 2018.

Internal MISP references

UUID f9d1f2ab-9e75-48ce-bcdf-b7119687feef which can be used as unique global reference for Europol Cobalt Mar 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-10-10T00:00:00Z
date_published 2018-03-26T00:00:00Z
source MITRE
title Mastermind Behind EUR 1 Billion Cyber Bank Robbery Arrested in Spain

LOLBAS Mavinject

LOLBAS. (n.d.). Mavinject.exe. Retrieved September 22, 2021.

Internal MISP references

UUID 4ba7fa89-006b-4fbf-aa6c-6775842c97a4 which can be used as unique global reference for LOLBAS Mavinject in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-22T00:00:00Z
source MITRE
title Mavinject.exe

Mavinject Functionality Deconstructed

Matt Graeber. (2018, May 29). mavinject.exe Functionality Deconstructed. Retrieved September 22, 2021.

Internal MISP references

UUID 17b055ba-5e59-4508-ba77-2519c03c6d65 which can be used as unique global reference for Mavinject Functionality Deconstructed in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-22T00:00:00Z
date_published 2018-05-29T00:00:00Z
source MITRE
title mavinject.exe Functionality Deconstructed

Sophos Maze VM September 2020

Brandt, A., Mackenzie, P.. (2020, September 17). Maze Attackers Adopt Ragnar Locker Virtual Machine Technique. Retrieved October 9, 2020.

Internal MISP references

UUID 9c4bbcbb-2c18-453c-8b02-0a0cd512c3f3 which can be used as unique global reference for Sophos Maze VM September 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-09T00:00:00Z
date_published 2020-09-17T00:00:00Z
source MITRE
title Maze Attackers Adopt Ragnar Locker Virtual Machine Technique

mbed-crypto

ARMmbed. (2018, June 21). Mbed Crypto. Retrieved February 15, 2021.

Internal MISP references

UUID 324ba1b8-cc97-4d20-b25d-053b2462f3b2 which can be used as unique global reference for mbed-crypto in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-15T00:00:00Z
date_published 2018-06-21T00:00:00Z
source MITRE
title Mbed Crypto

McAfee REvil October 2019

Saavedra-Morales, J, et al. (2019, October 20). McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo. Retrieved August 5, 2020.

Internal MISP references

UUID 288e94b3-a023-4b59-8b2a-25c469fb56a1 which can be used as unique global reference for McAfee REvil October 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-05T00:00:00Z
date_published 2019-10-20T00:00:00Z
source MITRE
title McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo

McAfee Sodinokibi October 2019

McAfee. (2019, October 2). McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us. Retrieved August 4, 2020.

Internal MISP references

UUID 1bf961f2-dfa9-4ca3-9bf5-90c21755d783 which can be used as unique global reference for McAfee Sodinokibi October 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-04T00:00:00Z
date_published 2019-10-02T00:00:00Z
source MITRE
title McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us

McAfee Sandworm November 2013

Li, H. (2013, November 5). McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office. Retrieved June 18, 2020.

Internal MISP references

UUID c90ecd26-ce29-4c1d-b739-357b6d42f399 which can be used as unique global reference for McAfee Sandworm November 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-18T00:00:00Z
date_published 2013-11-05T00:00:00Z
source MITRE
title McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office

McAfee Honeybee

Sherstobitoff, R. (2018, March 02). McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018.

Internal MISP references

UUID e6f0f7b5-01fe-437f-a9c9-2ea054e7d69d which can be used as unique global reference for McAfee Honeybee in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-16T00:00:00Z
date_published 2018-03-02T00:00:00Z
source MITRE
title McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups

Secureworks MCMD July 2019

Secureworks. (2019, July 24). MCMD Malware Analysis. Retrieved August 13, 2020.

Internal MISP references

UUID f7364cfc-5a3b-4538-80d0-cae65f3c6592 which can be used as unique global reference for Secureworks MCMD July 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-13T00:00:00Z
date_published 2019-07-24T00:00:00Z
source MITRE
title MCMD Malware Analysis

Purves Kextpocalypse 2

Richard Purves. (2017, November 9). MDM and the Kextpocalypse . Retrieved September 23, 2021.

Internal MISP references

UUID 57aeedda-2c32-404f-bead-fe6d213d7241 which can be used as unique global reference for Purves Kextpocalypse 2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-23T00:00:00Z
date_published 2017-11-09T00:00:00Z
source MITRE
title MDM and the Kextpocalypse

MDSec Brute Ratel August 2022

Chell, D. PART 3: How I Met Your Beacon – Brute Ratel. Retrieved February 6, 2023.

Internal MISP references

UUID dfd12595-0056-5b4a-b753-624fac1bb3a6 which can be used as unique global reference for MDSec Brute Ratel August 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-06T00:00:00Z
source MITRE
title MDSec Brute Ratel August 2022

Secureworks NICKEL ACADEMY Dec 2017

Secureworks. (2017, December 15). Media Alert - Secureworks Discovers North Korean Cyber Threat Group, Lazarus, Spearphishing Financial Executives of Cryptocurrency Companies. Retrieved December 27, 2017.

Internal MISP references

UUID aa7393ad-0760-4f27-a068-17beba17bbe3 which can be used as unique global reference for Secureworks NICKEL ACADEMY Dec 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-27T00:00:00Z
date_published 2017-12-15T00:00:00Z
source MITRE
title Media Alert - Secureworks Discovers North Korean Cyber Threat Group, Lazarus, Spearphishing Financial Executives of Cryptocurrency Companies

Cybereason Nocturnus MedusaLocker 2020

Cybereason Nocturnus. (2020, November 19). Cybereason vs. MedusaLocker Ransomware. Retrieved June 23, 2021.

Internal MISP references

UUID f7b41120-8455-409f-ad9c-815c2c43edfd which can be used as unique global reference for Cybereason Nocturnus MedusaLocker 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-23T00:00:00Z
source MITRE
title MedusaLocker Ransomware

HC3 Analyst Note MedusaLocker Ransomware February 2023

Health Sector Cybersecurity Coordination Center (HC3). (2023, February 24). MedusaLocker Ransomware. Retrieved August 11, 2023.

Internal MISP references

UUID 49e314d6-5324-41e0-8bee-2b3e08d5e12f which can be used as unique global reference for HC3 Analyst Note MedusaLocker Ransomware February 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-11T00:00:00Z
date_published 2023-02-24T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title MedusaLocker Ransomware

Bleeping Computer Medusa Ransomware March 12 2023

Lawrence Abrams. (2023, March 12). Medusa ransomware gang picks up steam as it targets companies worldwide. Retrieved September 14, 2023.

Internal MISP references

UUID 21fe1d9e-17f1-49e2-b05f-78e9160f5414 which can be used as unique global reference for Bleeping Computer Medusa Ransomware March 12 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-14T00:00:00Z
date_published 2023-03-12T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Medusa ransomware gang picks up steam as it targets companies worldwide

CyberScoop Babuk February 2021

Lyngaas, S. (2021, February 4). Meet Babuk, a ransomware attacker blamed for the Serco breach. Retrieved August 11, 2021.

Internal MISP references

UUID 0a0aeacd-0976-4c84-b40d-5704afca9f0e which can be used as unique global reference for CyberScoop Babuk February 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-11T00:00:00Z
date_published 2021-02-04T00:00:00Z
source MITRE
title Meet Babuk, a ransomware attacker blamed for the Serco breach

CrowdStrike Stardust Chollima Profile April 2018

Meyers, Adam. (2018, April 6). Meet CrowdStrike’s Adversary of the Month for April: STARDUST CHOLLIMA. Retrieved September 29, 2021.

Internal MISP references

UUID a0119ad4-ceea-4dba-bc08-a682085a9b27 which can be used as unique global reference for CrowdStrike Stardust Chollima Profile April 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
date_published 2018-04-06T00:00:00Z
source MITRE
title Meet CrowdStrike’s Adversary of the Month for April: STARDUST CHOLLIMA

CrowdStrike VOODOO BEAR

Meyers, A. (2018, January 19). Meet CrowdStrike’s Adversary of the Month for January: VOODOO BEAR. Retrieved May 22, 2018.

Internal MISP references

UUID ce07d409-292d-4e8e-b1af-bd5ba46c1b95 which can be used as unique global reference for CrowdStrike VOODOO BEAR in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-22T00:00:00Z
date_published 2018-01-19T00:00:00Z
source MITRE
title Meet CrowdStrike’s Adversary of the Month for January: VOODOO BEAR

Crowdstrike MUSTANG PANDA June 2018

Meyers, A. (2018, June 15). Meet CrowdStrike’s Adversary of the Month for June: MUSTANG PANDA. Retrieved April 12, 2021.

Internal MISP references

UUID 35e72170-b1ec-49c9-aefe-a24fc4302fa6 which can be used as unique global reference for Crowdstrike MUSTANG PANDA June 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-12T00:00:00Z
date_published 2018-06-15T00:00:00Z
source MITRE, Tidal Cyber
title Meet CrowdStrike’s Adversary of the Month for June: MUSTANG PANDA

CrowdStrike VENOMOUS BEAR

Meyers, A. (2018, March 12). Meet CrowdStrike’s Adversary of the Month for March: VENOMOUS BEAR. Retrieved May 16, 2018.

Internal MISP references

UUID ee400057-2b26-4464-96b4-484c9eb9d5c2 which can be used as unique global reference for CrowdStrike VENOMOUS BEAR in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-16T00:00:00Z
date_published 2018-03-12T00:00:00Z
source MITRE
title Meet CrowdStrike’s Adversary of the Month for March: VENOMOUS BEAR

Crowdstrike Helix Kitten Nov 2018

Meyers, A. (2018, November 27). Meet CrowdStrike’s Adversary of the Month for November: HELIX KITTEN. Retrieved December 18, 2018.

Internal MISP references

UUID 3fc0d7ad-6283-4cfd-b72f-5ce47594531e which can be used as unique global reference for Crowdstrike Helix Kitten Nov 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-12-18T00:00:00Z
date_published 2018-11-27T00:00:00Z
source MITRE
title Meet CrowdStrike’s Adversary of the Month for November: HELIX KITTEN

Cloudflare Memcrashed Feb 2018

Marek Majkowski of Cloudflare. (2018, February 27). Memcrashed - Major amplification attacks from UDP port 11211. Retrieved April 18, 2019.

Internal MISP references

UUID a2a0c1eb-20ad-4c40-a8cd-1732fdde7e19 which can be used as unique global reference for Cloudflare Memcrashed Feb 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-18T00:00:00Z
date_published 2018-02-27T00:00:00Z
source MITRE
title Memcrashed - Major amplification attacks from UDP port 11211

Github Mempdump

DiabloHorn. (2015, March 22). mempdump. Retrieved October 6, 2017.

Internal MISP references

UUID f830ed8b-33fa-4d1e-a66c-41f8c6aba69c which can be used as unique global reference for Github Mempdump in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-10-06T00:00:00Z
date_published 2015-03-22T00:00:00Z
source MITRE
title mempdump

Palo Alto menuPass Feb 2017

Miller-Osborn, J. and Grunzweig, J.. (2017, February 16). menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations. Retrieved March 1, 2017.

Internal MISP references

UUID ba4f7d65-73ec-4726-b1f6-f2443ffda5e7 which can be used as unique global reference for Palo Alto menuPass Feb 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-01T00:00:00Z
date_published 2017-02-16T00:00:00Z
source MITRE, Tidal Cyber
title menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations

FireEye MESSAGETAP October 2019

Leong, R., Perez, D., Dean, T. (2019, October 31). MESSAGETAP: Who’s Reading Your Text Messages?. Retrieved May 11, 2020.

Internal MISP references

UUID f56380e8-3cfa-407c-a493-7f9e50ba3867 which can be used as unique global reference for FireEye MESSAGETAP October 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-11T00:00:00Z
date_published 2019-10-31T00:00:00Z
source MITRE
title MESSAGETAP: Who’s Reading Your Text Messages?

SentinelLabs Metador Technical Appendix Sept 2022

SentinelLabs. (2022, September 22). Metador Technical Appendix. Retrieved April 4, 2023.

Internal MISP references

UUID aa021076-e9c5-5428-a938-c10cfb6b7c97 which can be used as unique global reference for SentinelLabs Metador Technical Appendix Sept 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-04-04T00:00:00Z
date_published 2022-09-22T00:00:00Z
source MITRE
title Metador Technical Appendix

FireEye Metamorfo Apr 2018

Sierra, E., Iglesias, G.. (2018, April 24). Metamorfo Campaigns Targeting Brazilian Users. Retrieved July 30, 2020.

Internal MISP references

UUID fd220165-43c8-4aaf-9295-0a2b7a52929c which can be used as unique global reference for FireEye Metamorfo Apr 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-30T00:00:00Z
date_published 2018-04-24T00:00:00Z
source MITRE
title Metamorfo Campaigns Targeting Brazilian Users

Metasploit_Ref

Metasploit. (n.d.). Retrieved December 4, 2014.

Internal MISP references

UUID ab6ea6b3-3c71-4e69-9713-dae3e4446083 which can be used as unique global reference for Metasploit_Ref in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-04T00:00:00Z
source MITRE
title Metasploit_Ref

Metasploit SSH Module

undefined. (n.d.). Retrieved April 12, 2019.

Internal MISP references

UUID e4ae69e5-67ba-4a3e-8101-5e7f073bd312 which can be used as unique global reference for Metasploit SSH Module in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-12T00:00:00Z
source MITRE
title Metasploit SSH Module

Github Rapid7 Meterpreter Elevate

Rapid7. (2013, November 26). meterpreter/source/extensions/priv/server/elevate/. Retrieved July 8, 2018.

Internal MISP references

UUID 113dafad-8ede-424b-b727-66f71ea7806a which can be used as unique global reference for Github Rapid7 Meterpreter Elevate in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-08T00:00:00Z
date_published 2013-11-26T00:00:00Z
source MITRE
title meterpreter/source/extensions/priv/server/elevate/

Methods of Mac Malware Persistence

Patrick Wardle. (2014, September). Methods of Malware Persistence on Mac OS X. Retrieved July 5, 2017.

Internal MISP references

UUID 44154472-2894-4161-b23f-46d1b1fd6772 which can be used as unique global reference for Methods of Mac Malware Persistence in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-05T00:00:00Z
date_published 2014-09-01T00:00:00Z
source MITRE
title Methods of Malware Persistence on Mac OS X

MFA Fatigue Attacks - PortSwigger

Jessica Haworth. (2022, February 16). MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications. Retrieved March 31, 2022.

Internal MISP references

UUID 1b7b0f00-71ba-4762-ae81-bce24591cff4 which can be used as unique global reference for MFA Fatigue Attacks - PortSwigger in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-31T00:00:00Z
date_published 2022-02-16T00:00:00Z
source MITRE
title MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications

Mftrace.exe - LOLBAS Project

LOLBAS. (2018, May 25). Mftrace.exe. Retrieved December 4, 2023.

Internal MISP references

UUID b6d42cc9-1bf0-4389-8654-90b8d4e7ff49 which can be used as unique global reference for Mftrace.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Mftrace.exe

Radware Micropsia July 2018

Tsarfaty, Y. (2018, July 25). Micropsia Malware. Retrieved November 13, 2018.

Internal MISP references

UUID 8771ed60-eecb-4e0c-b22c-0c26d30d4dec which can be used as unique global reference for Radware Micropsia July 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-13T00:00:00Z
date_published 2018-07-25T00:00:00Z
source MITRE
title Micropsia Malware

Optiv Device Code Phishing 2021

Optiv. (2021, August 17). Microsoft 365 OAuth Device Code Flow and Phishing. Retrieved March 19, 2024.

Internal MISP references

UUID 848da3e2-3228-5ee6-8fff-ff3328e6a387 which can be used as unique global reference for Optiv Device Code Phishing 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-19T00:00:00Z
date_published 2021-08-17T00:00:00Z
source MITRE
title Microsoft 365 OAuth Device Code Flow and Phishing

Microsoft Midnight Blizzard January 19 2024

MSRC. (2024, January 19). Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard. Retrieved January 24, 2024.

Internal MISP references

UUID 91b48ddd-9e3f-4d36-a262-3b52145b3db2 which can be used as unique global reference for Microsoft Midnight Blizzard January 19 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-24T00:00:00Z
date_published 2024-01-19T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard

Microsoft ZINC disruption Dec 2017

Smith, B. (2017, December 19). Microsoft and Facebook disrupt ZINC malware attack to protect customers and the internet from ongoing cyberthreats. Retrieved December 20, 2017.

Internal MISP references

UUID 99831838-fc8f-43fa-9c87-6ccdf5677c34 which can be used as unique global reference for Microsoft ZINC disruption Dec 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 2017-12-19T00:00:00Z
source MITRE
title Microsoft and Facebook disrupt ZINC malware attack to protect customers and the internet from ongoing cyberthreats

The Hacker News Microsoft DDoS June 19 2023

Ravie Lakshmanan. (2023, June 19). Microsoft Blames Massive DDoS Attack for Azure, Outlook, and OneDrive Disruptions. Retrieved October 10, 2023.

Internal MISP references

UUID 2ee27b55-b7a7-40a8-8c0b-5e28943cd273 which can be used as unique global reference for The Hacker News Microsoft DDoS June 19 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-10T00:00:00Z
date_published 2023-06-19T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Microsoft Blames Massive DDoS Attack for Azure, Outlook, and OneDrive Disruptions

Posts By SpecterOps Team Members 2 5 2024

Andy Robbins. (2024, February 2). Microsoft Breach - What Happened What Should Azure Admins Do. Retrieved February 5, 2024.

Internal MISP references

UUID b4c9a3a7-c7d0-4a1d-98cd-6018c072d537 which can be used as unique global reference for Posts By SpecterOps Team Members 2 5 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-05T00:00:00Z
date_published 2024-02-02T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Microsoft Breach - What Happened What Should Azure Admins Do

Microsoft 365 Defender Threat Intelligence Team. (2021, June 14). Microsoft delivers comprehensive solution to battle rise in consent phishing emails. Retrieved December 13, 2021.

Internal MISP references

UUID 393e44fe-cf52-4c39-a79f-f7cdd9d8e16a which can be used as unique global reference for Microsoft OAuth 2.0 Consent Phishing 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-13T00:00:00Z
date_published 2021-06-14T00:00:00Z
source MITRE
title Microsoft delivers comprehensive solution to battle rise in consent phishing emails

Microsoft Digital Defense FY20 Sept 2020

Microsoft . (2020, September 29). Microsoft Digital Defense Report FY20. Retrieved April 21, 2021.

Internal MISP references

UUID cdf74af5-ed71-4dfd-bc49-0ccfa40b65ea which can be used as unique global reference for Microsoft Digital Defense FY20 Sept 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-21T00:00:00Z
date_published 2020-09-29T00:00:00Z
source MITRE, Tidal Cyber
title Microsoft Digital Defense Report FY20

BleepingComputer DDE Disabled in Word Dec 2017

Cimpanu, C. (2017, December 15). Microsoft Disables DDE Feature in Word to Prevent Further Malware Attacks. Retrieved December 19, 2017.

Internal MISP references

UUID d6f93310-77b6-491e-ba9d-ec1faf8de7e4 which can be used as unique global reference for BleepingComputer DDE Disabled in Word Dec 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-19T00:00:00Z
date_published 2017-12-15T00:00:00Z
source MITRE
title Microsoft Disables DDE Feature in Word to Prevent Further Malware Attacks

Microsoft DuplicateTokenEx

Microsoft TechNet. (n.d.). Retrieved April 25, 2017.

Internal MISP references

UUID 8a389e76-d43a-477c-aab4-301c7c55b439 which can be used as unique global reference for Microsoft DuplicateTokenEx in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-04-25T00:00:00Z
source MITRE
title Microsoft DuplicateTokenEx

Red Canary HTA Abuse Part Deux

McCammon, K. (2015, August 14). Microsoft HTML Application (HTA) Abuse, Part Deux. Retrieved October 27, 2017.

Internal MISP references

UUID 39b1cb2f-a07b-49f2-bf2c-15f0c9b95772 which can be used as unique global reference for Red Canary HTA Abuse Part Deux in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-10-27T00:00:00Z
date_published 2015-08-14T00:00:00Z
source MITRE
title Microsoft HTML Application (HTA) Abuse, Part Deux

Microsoft HTML Help May 2018

Microsoft. (2018, May 30). Microsoft HTML Help 1.4. Retrieved October 3, 2018.

Internal MISP references

UUID f9daf15d-61ea-4cfa-a4e8-9d33d1acd28f which can be used as unique global reference for Microsoft HTML Help May 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-10-03T00:00:00Z
date_published 2018-05-30T00:00:00Z
source MITRE
title Microsoft HTML Help 1.4

Microsoft - Azure AD Identity Tokens - Aug 2019

Microsoft. (2019, August 29). Microsoft identity platform access tokens. Retrieved September 12, 2019.

Internal MISP references

UUID 44767d53-8cd7-44dd-a69d-8a7bebc1d87d which can be used as unique global reference for Microsoft - Azure AD Identity Tokens - Aug 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-12T00:00:00Z
date_published 2019-08-29T00:00:00Z
source MITRE
title Microsoft identity platform access tokens

Microsoft Identity Platform Access 2019

Cai, S., Flores, J., de Guzman, C., et. al.. (2019, August 27). Microsoft identity platform access tokens. Retrieved October 4, 2019.

Internal MISP references

UUID a39d976e-9b52-48f3-b5db-0ffd84ecd338 which can be used as unique global reference for Microsoft Identity Platform Access 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-04T00:00:00Z
date_published 2019-08-27T00:00:00Z
source MITRE
title Microsoft identity platform access tokens

Microsoft - OAuth Code Authorization flow - June 2019

Microsoft. (n.d.). Microsoft identity platform and OAuth 2.0 authorization code flow. Retrieved September 12, 2019.

Internal MISP references

UUID a41c2123-8b8d-4f98-a535-e58e3e746b69 which can be used as unique global reference for Microsoft - OAuth Code Authorization flow - June 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-12T00:00:00Z
source MITRE
title Microsoft identity platform and OAuth 2.0 authorization code flow

Microsoft Identity Platform Protocols May 2019

Microsoft. (n.d.). Retrieved September 12, 2019.

Internal MISP references

UUID a99d2292-be39-4e55-a952-30c9d6a3d0a3 which can be used as unique global reference for Microsoft Identity Platform Protocols May 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-12T00:00:00Z
source MITRE
title Microsoft Identity Platform Protocols May 2019

Microsoft ImpersonateLoggedOnUser

Microsoft TechNet. (n.d.). Retrieved April 25, 2017.

Internal MISP references

UUID 01f5176a-cce6-46e2-acce-a77b6bea7172 which can be used as unique global reference for Microsoft ImpersonateLoggedOnUser in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-04-25T00:00:00Z
source MITRE
title Microsoft ImpersonateLoggedOnUser

Microsoft Internal Solorigate Investigation Blog

MSRC Team. (2021, February 18). Microsoft Internal Solorigate Investigation – Final Update. Retrieved May 14, 2021.

Internal MISP references

UUID 66cade99-0040-464c-98a6-bba57719f0a4 which can be used as unique global reference for Microsoft Internal Solorigate Investigation Blog in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-14T00:00:00Z
date_published 2021-02-18T00:00:00Z
source MITRE
title Microsoft Internal Solorigate Investigation – Final Update

Microsoft LogonUser

Microsoft TechNet. (n.d.). Retrieved April 25, 2017.

Internal MISP references

UUID 08088ec0-5b48-4c32-b213-5e029e5f83ee which can be used as unique global reference for Microsoft LogonUser in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-04-25T00:00:00Z
source MITRE
title Microsoft LogonUser

mmc_vulns

Boxiner, A., Vaknin, E. (2019, June 11). Microsoft Management Console (MMC) Vulnerabilities. Retrieved September 24, 2021.

Internal MISP references

UUID 7bcf1c90-6299-448b-92c3-a6702882936a which can be used as unique global reference for mmc_vulns in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-24T00:00:00Z
date_published 2019-06-11T00:00:00Z
source MITRE
title Microsoft Management Console (MMC) Vulnerabilities

Microsoft.NodejsTools.PressAnyKey.exe - LOLBAS Project

LOLBAS. (2022, January 20). Microsoft.NodejsTools.PressAnyKey.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 25c46948-a648-4c3c-b442-e700df68fa20 which can be used as unique global reference for Microsoft.NodejsTools.PressAnyKey.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-01-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Microsoft.NodejsTools.PressAnyKey.exe

FireEye FELIXROOT July 2018

Patil, S. (2018, June 26). Microsoft Office Vulnerabilities Used to Distribute FELIXROOT Backdoor in Recent Campaign. Retrieved July 31, 2018.

Internal MISP references

UUID 501057e2-9a31-46fe-aaa0-427218682153 which can be used as unique global reference for FireEye FELIXROOT July 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-31T00:00:00Z
date_published 2018-06-26T00:00:00Z
source MITRE
title Microsoft Office Vulnerabilities Used to Distribute FELIXROOT Backdoor in Recent Campaign

Irongeek Sims BSides 2017

Stephen Sims. (2017, April 30). Microsoft Patch Analysis for Exploitation. Retrieved October 16, 2020.

Internal MISP references

UUID ce11568a-36a8-4da2-972f-9cd67cc337d8 which can be used as unique global reference for Irongeek Sims BSides 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-16T00:00:00Z
date_published 2017-04-30T00:00:00Z
source MITRE
title Microsoft Patch Analysis for Exploitation

Microsoft_rec_block_rules

Microsoft. (2021, August 23). Retrieved August 16, 2021.

Internal MISP references

UUID 8fbc12b4-dec6-4913-9103-b28b5c3395ee which can be used as unique global reference for Microsoft_rec_block_rules in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-16T00:00:00Z
source MITRE
title Microsoft_rec_block_rules

Microsoft WDAC

Coulter, D. et al.. (2019, April 9). Microsoft recommended block rules. Retrieved August 12, 2021.

Internal MISP references

UUID 86955cd2-5980-44ba-aa7b-4b9f8e347730 which can be used as unique global reference for Microsoft WDAC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-12T00:00:00Z
date_published 2019-04-09T00:00:00Z
source MITRE
title Microsoft recommended block rules

Microsoft Driver Block Rules

Microsoft. (2020, October 15). Microsoft recommended driver block rules. Retrieved March 16, 2021.

Internal MISP references

UUID 2ad8414a-4490-4896-8266-556b8bdbb77f which can be used as unique global reference for Microsoft Driver Block Rules in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-16T00:00:00Z
date_published 2020-10-15T00:00:00Z
source MITRE
title Microsoft recommended driver block rules

Microsoft driver block rules - Duplicate

Jordan Geurten et al. . (2022, March 29). Microsoft recommended driver block rules. Retrieved April 7, 2022.

Internal MISP references

UUID 9bb5c330-56bd-47e7-8414-729d8e6cb3b3 which can be used as unique global reference for Microsoft driver block rules - Duplicate in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-07T00:00:00Z
date_published 2022-03-29T00:00:00Z
source MITRE
title Microsoft recommended driver block rules

Microsoft Register-WmiEvent

Microsoft. (n.d.). Retrieved January 24, 2020.

Internal MISP references

UUID 6d75029f-f63c-4ca6-b5f9-cb41b698b32a which can be used as unique global reference for Microsoft Register-WmiEvent in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-01-24T00:00:00Z
source MITRE
title Microsoft Register-WmiEvent

Microsoft DDoS Attacks Response June 2023

MSRC Team. (2023, June 16). Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks. Retrieved October 10, 2023.

Internal MISP references

UUID d64e941e-785b-4b23-a7d0-04f12024b033 which can be used as unique global reference for Microsoft DDoS Attacks Response June 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-10T00:00:00Z
date_published 2023-06-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks

Microsoft Security Advisory 2269637

Microsoft. (, May 23). Microsoft Security Advisory 2269637. Retrieved March 13, 2020.

Internal MISP references

UUID fa3d303e-bb1a-426d-9387-e92fc1ea75bc which can be used as unique global reference for Microsoft Security Advisory 2269637 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-13T00:00:00Z
date_published 1978-05-23T00:00:00Z
source MITRE
title Microsoft Security Advisory 2269637

Microsoft 2269637

Microsoft. (2010, August 22). Microsoft Security Advisory 2269637 Released. Retrieved December 5, 2014.

Internal MISP references

UUID ebb94db8-b1a3-4d61-97e6-9b787a742669 which can be used as unique global reference for Microsoft 2269637 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-05T00:00:00Z
date_published 2010-08-22T00:00:00Z
source MITRE
title Microsoft Security Advisory 2269637 Released

Microsoft DDE Advisory Nov 2017

Microsoft. (2017, November 8). Microsoft Security Advisory 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields. Retrieved November 21, 2017.

Internal MISP references

UUID 955b0074-a1d6-40b5-9437-bd2548daf54c which can be used as unique global reference for Microsoft DDE Advisory Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-21T00:00:00Z
date_published 2017-11-08T00:00:00Z
source MITRE
title Microsoft Security Advisory 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields

Microsoft WDigest Mit

Microsoft. (2014, May 13). Microsoft Security Advisory: Update to improve credentials protection and management. Retrieved June 8, 2020.

Internal MISP references

UUID 2a9149d7-ba39-47f2-8f23-7f3b175931f0 which can be used as unique global reference for Microsoft WDigest Mit in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-08T00:00:00Z
date_published 2014-05-13T00:00:00Z
source MITRE
title Microsoft Security Advisory: Update to improve credentials protection and management

MS17-010 March 2017

Microsoft. (2017, March 14). Microsoft Security Bulletin MS17-010 - Critical. Retrieved August 17, 2017.

Internal MISP references

UUID 8088a624-d8c8-4d8e-99c2-a9da4a2f0117 which can be used as unique global reference for MS17-010 March 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-08-17T00:00:00Z
date_published 2017-03-14T00:00:00Z
source MITRE
title Microsoft Security Bulletin MS17-010 - Critical

MSTIC GADOLINIUM September 2020

Ben Koehl, Joe Hannon. (2020, September 24). Microsoft Security - Detecting Empires in the Cloud. Retrieved August 24, 2021.

Internal MISP references

UUID ee352214-421f-4778-ac28-949142a8ef2a which can be used as unique global reference for MSTIC GADOLINIUM September 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-24T00:00:00Z
date_published 2020-09-24T00:00:00Z
source MITRE
title Microsoft Security - Detecting Empires in the Cloud

Microsoft SIR Vol 19

Anthe, C. et al. (2015, October 19). Microsoft Security Intelligence Report Volume 19. Retrieved December 23, 2015.

Internal MISP references

UUID 050e0a70-19e6-4637-a3f7-b7cd788cca43 which can be used as unique global reference for Microsoft SIR Vol 19 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-12-23T00:00:00Z
date_published 2015-10-19T00:00:00Z
source MITRE
title Microsoft Security Intelligence Report Volume 19

Microsoft SIR Vol 21

Anthe, C. et al. (2016, December 14). Microsoft Security Intelligence Report Volume 21. Retrieved November 27, 2017.

Internal MISP references

UUID 619b9cf8-7201-45de-9c36-834ccee356a9 which can be used as unique global reference for Microsoft SIR Vol 21 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-27T00:00:00Z
date_published 2016-12-14T00:00:00Z
source MITRE
title Microsoft Security Intelligence Report Volume 21

Microsoft Threat Intelligence Tweet April 26 2023

MsftSecIntel. (2023, May 26). Microsoft Threat Intelligence Tweet April 26 2023. Retrieved June 16, 2023.

Internal MISP references

UUID 3b5a2349-e10c-422b-91e3-20e9033fdb60 which can be used as unique global reference for Microsoft Threat Intelligence Tweet April 26 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-16T00:00:00Z
date_published 2023-05-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Microsoft Threat Intelligence Tweet April 26 2023

Microsoft Threat Intelligence Tweet August 17 2023

MsftSecIntel. (2023, August 17). Microsoft Threat Intelligence Tweet August 17 2023. Retrieved September 14, 2023.

Internal MISP references

UUID 8b0ebcb5-d531-4f49-aa2d-bceb5e491b3f which can be used as unique global reference for Microsoft Threat Intelligence Tweet August 17 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-14T00:00:00Z
date_published 2023-08-17T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Microsoft Threat Intelligence Tweet August 17 2023

Microsoft Threat Intelligence Tweet June 17 2020

MsftSecIntel. (2020, June 17). Microsoft Threat Intelligence Tweet June 17 2020. Retrieved June 22, 2023.

Internal MISP references

UUID 98fc7485-9424-412f-8162-a69d6c10c243 which can be used as unique global reference for Microsoft Threat Intelligence Tweet June 17 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-22T00:00:00Z
date_published 2020-06-17T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Microsoft Threat Intelligence Tweet June 17 2020

Microsoft Threat Intelligence Tweet May 18 2023

MsftSecIntel. (2023, May 18). Microsoft Threat Intelligence Tweet May 18 2023. Retrieved May 25, 2023.

Internal MISP references

UUID b41e9f89-cd88-4483-bb86-9d88c555a648 which can be used as unique global reference for Microsoft Threat Intelligence Tweet May 18 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-25T00:00:00Z
date_published 2023-05-18T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Microsoft Threat Intelligence Tweet May 18 2023

Wikipedia Windows Library Files

Wikipedia. (2017, January 31). Microsoft Windows library files. Retrieved February 13, 2017.

Internal MISP references

UUID 9b6e2f38-6e5a-4e4f-ad84-97155be2c641 which can be used as unique global reference for Wikipedia Windows Library Files in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-02-13T00:00:00Z
date_published 2017-01-31T00:00:00Z
source MITRE
title Microsoft Windows library files

Proofpoint Cobalt June 2017

Mesa, M, et al. (2017, June 1). Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions. Retrieved October 10, 2018.

Internal MISP references

UUID c4922659-88b2-4311-9c9b-dc9b383d746a which can be used as unique global reference for Proofpoint Cobalt June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-10-10T00:00:00Z
date_published 2017-06-01T00:00:00Z
source MITRE
title Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions

Microsoft.Workflow.Compiler.exe - LOLBAS Project

LOLBAS. (2018, October 22). Microsoft.Workflow.Compiler.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 1e659b32-a06f-45dc-a1eb-03f1a42c55ef which can be used as unique global reference for Microsoft.Workflow.Compiler.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-10-22T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Microsoft.Workflow.Compiler.exe

InfoSecurity Sandworm Oct 2014

Muncaster, P.. (2014, October 14). Microsoft Zero Day Traced to Russian ‘Sandworm’ Hackers. Retrieved October 6, 2017.

Internal MISP references

UUID 05b3840d-162d-455f-a87b-229e83e5a031 which can be used as unique global reference for InfoSecurity Sandworm Oct 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-10-06T00:00:00Z
date_published 2014-10-14T00:00:00Z
source MITRE
title Microsoft Zero Day Traced to Russian ‘Sandworm’ Hackers

objective-see windtail1 dec 2018

Wardle, Patrick. (2018, December 20). Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 1). Retrieved October 3, 2019.

Internal MISP references

UUID 7a32c962-8050-45de-8b90-8644be5109d9 which can be used as unique global reference for objective-see windtail1 dec 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-03T00:00:00Z
date_published 2018-12-20T00:00:00Z
source MITRE, Tidal Cyber
title Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 1)

objective-see windtail2 jan 2019

Wardle, Patrick. (2019, January 15). Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 2). Retrieved October 3, 2019.

Internal MISP references

UUID e6bdc679-ee0c-4f34-b5bc-0d6a26485b36 which can be used as unique global reference for objective-see windtail2 jan 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-03T00:00:00Z
date_published 2019-01-15T00:00:00Z
source MITRE
title Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 2)

CyberScoop BlackOasis Oct 2017

Bing, C. (2017, October 16). Middle Eastern hacking group is using FinFisher malware to conduct international espionage. Retrieved February 15, 2018.

Internal MISP references

UUID a8224ad5-4688-4382-a3e7-1dd3ed74ebce which can be used as unique global reference for CyberScoop BlackOasis Oct 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-15T00:00:00Z
date_published 2017-10-16T00:00:00Z
source MITRE
title Middle Eastern hacking group is using FinFisher malware to conduct international espionage

Int SP - chat apps

Microsoft Threat Intelligence. (2023, August 2). Midnight Blizzard conducts targeted social engineering over Microsoft Teams. Retrieved February 16, 2024.

Internal MISP references

UUID 8d0db0f2-9b29-5216-8c9c-de8bf0c541de which can be used as unique global reference for Int SP - chat apps in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-16T00:00:00Z
date_published 2023-08-02T00:00:00Z
source MITRE
title Midnight Blizzard conducts targeted social engineering over Microsoft Teams

Microsoft Security Blog 1 26 2024

Microsoft Threat Intelligence. (2024, January 25). Midnight Blizzard Guidance for responders on nation-state attack . Retrieved January 26, 2024.

Internal MISP references

UUID 10dedea9-35e9-476f-84e8-e49e3f057039 which can be used as unique global reference for Microsoft Security Blog 1 26 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-26T00:00:00Z
date_published 2024-01-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Midnight Blizzard Guidance for responders on nation-state attack

Deply Mimikatz

Deply, B. (n.d.). Mimikatz. Retrieved September 29, 2015.

Internal MISP references

UUID c92d890c-2839-433a-b458-f663e66e1c63 which can be used as unique global reference for Deply Mimikatz in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-09-29T00:00:00Z
source MITRE
title Mimikatz

CG 2014

CG. (2014, May 20). Mimikatz Against Virtual Machine Memory Part 1. Retrieved November 12, 2014.

Internal MISP references

UUID 46836549-f7e9-45e1-8d89-4d25ba26dbd7 which can be used as unique global reference for CG 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
date_published 2014-05-20T00:00:00Z
source MITRE
title Mimikatz Against Virtual Machine Memory Part 1

ADSecurity AD Kerberos Attacks

Metcalf, S. (2014, November 22). Mimikatz and Active Directory Kerberos Attacks. Retrieved June 2, 2016.

Internal MISP references

UUID 07ff57eb-1e23-433b-8da7-80f1caf7543e which can be used as unique global reference for ADSecurity AD Kerberos Attacks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-02T00:00:00Z
date_published 2014-11-22T00:00:00Z
source MITRE
title Mimikatz and Active Directory Kerberos Attacks

Harmj0y DCSync Sept 2015

Schroeder, W. (2015, September 22). Mimikatz and DCSync and ExtraSids, Oh My. Retrieved December 4, 2017.

Internal MISP references

UUID 2a01a70c-28a8-444e-95a7-00a568d51ce6 which can be used as unique global reference for Harmj0y DCSync Sept 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-04T00:00:00Z
date_published 2015-09-22T00:00:00Z
source MITRE
title Mimikatz and DCSync and ExtraSids, Oh My

Harmj0y Mimikatz and DCSync

Schroeder, W. (2015, September 22). Mimikatz and DCSync and ExtraSids, Oh My. Retrieved August 7, 2017.

Internal MISP references

UUID 2afa76c1-caa1-4f16-9289-7abc7eb3a102 which can be used as unique global reference for Harmj0y Mimikatz and DCSync in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-08-07T00:00:00Z
date_published 2015-09-22T00:00:00Z
source MITRE
title Mimikatz and DCSync and ExtraSids, Oh My

ADSecurity Mimikatz DCSync

Metcalf, S. (2015, September 25). Mimikatz DCSync Usage, Exploitation, and Detection. Retrieved August 7, 2017.

Internal MISP references

UUID 61b0bb42-2ed6-413d-b331-0a84df12a87d which can be used as unique global reference for ADSecurity Mimikatz DCSync in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-08-07T00:00:00Z
date_published 2015-09-25T00:00:00Z
source MITRE
title Mimikatz DCSync Usage, Exploitation, and Detection

AdSecurity DCSync Sept 2015

Metcalf, S. (2015, September 25). Mimikatz DCSync Usage, Exploitation, and Detection. Retrieved December 4, 2017.

Internal MISP references

UUID 856ed70b-29b0-4f56-b5ae-a98981a22eaf which can be used as unique global reference for AdSecurity DCSync Sept 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-04T00:00:00Z
date_published 2015-09-25T00:00:00Z
source MITRE
title Mimikatz DCSync Usage, Exploitation, and Detection

GitHub Mimikittenz July 2016

Jamieson O'Reilly (putterpanda). (2016, July 4). mimikittenz. Retrieved June 20, 2019.

Internal MISP references

UUID 2e0a95b2-3f9a-4638-9bc5-ff1f3ac2af4b which can be used as unique global reference for GitHub Mimikittenz July 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-20T00:00:00Z
date_published 2016-07-04T00:00:00Z
source MITRE
title mimikittenz

MimiPenguin GitHub May 2017

Gregal, H. (2017, May 12). MimiPenguin. Retrieved December 5, 2017.

Internal MISP references

UUID b10cd6cc-35ed-4eac-b213-110de28f33ef which can be used as unique global reference for MimiPenguin GitHub May 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-05T00:00:00Z
date_published 2017-05-12T00:00:00Z
source MITRE
title MimiPenguin

mimipenguin proc file

Gregal, Hunter. (2019, September 17). MimiPenguin 2.0. Retrieved March 28, 2024.

Internal MISP references

UUID b66d4c5a-f4de-5888-ad8a-a20bda888bc6 which can be used as unique global reference for mimipenguin proc file in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-28T00:00:00Z
date_published 2019-09-17T00:00:00Z
source MITRE
title MimiPenguin 2.0

Securelist Minidionis July 2015

Lozhkin, S.. (2015, July 16). Minidionis – one more APT with a usage of cloud drives. Retrieved April 5, 2017.

Internal MISP references

UUID af40a05e-02fb-4943-b3ff-9a292679e93d which can be used as unique global reference for Securelist Minidionis July 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-04-05T00:00:00Z
date_published 2015-07-16T00:00:00Z
source MITRE
title Minidionis – one more APT with a usage of cloud drives

mining_ruby_reversinglabs

Maljic, T. (2020, April 16). Mining for malicious Ruby gems. Retrieved October 15, 2022.

Internal MISP references

UUID ca2074d8-330b-544e-806f-ddee7b702631 which can be used as unique global reference for mining_ruby_reversinglabs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-10-15T00:00:00Z
date_published 2020-04-16T00:00:00Z
source MITRE
title Mining for malicious Ruby gems

lazgroup_idn_phishing

RISKIQ. (2017, December 20). Mining Insights: Infrastructure Analysis of Lazarus Group Cyber Attacks on the Cryptocurrency Industry. Retrieved July 29, 2022.

Internal MISP references

UUID 83de363d-b575-4851-9c2d-a78f504cf754 which can be used as unique global reference for lazgroup_idn_phishing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-29T00:00:00Z
date_published 2017-12-20T00:00:00Z
source MITRE
title Mining Insights: Infrastructure Analysis of Lazarus Group Cyber Attacks on the Cryptocurrency Industry

NCSC-NL COATHANGER Feb 2024

Dutch Military Intelligence and Security Service (MIVD) & Dutch General Intelligence and Security Service (AIVD). (2024, February 6). Ministry of Defense of the Netherlands uncovers COATHANGER, a stealthy Chinese FortiGate RAT. Retrieved February 7, 2024.

Internal MISP references

UUID e8e60112-a08d-5316-b80f-f601e7e5c973 which can be used as unique global reference for NCSC-NL COATHANGER Feb 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-07T00:00:00Z
date_published 2024-02-06T00:00:00Z
source MITRE
title Ministry of Defense of the Netherlands uncovers COATHANGER, a stealthy Chinese FortiGate RAT

APT15 Intezer June 2018

Rosenberg, J. (2018, June 14). MirageFox: APT15 Resurfaces With New Tools Based On Old Ones. Retrieved September 21, 2018.

Internal MISP references

UUID 0110500c-bf67-43a5-97cb-16eb6c01040b which can be used as unique global reference for APT15 Intezer June 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-21T00:00:00Z
date_published 2018-06-14T00:00:00Z
source MITRE, Tidal Cyber
title MirageFox: APT15 Resurfaces With New Tools Based On Old Ones

ESET Mispadu November 2019

ESET Research. (2019, November 19). Mispadu: Advertisement for a discounted Unhappy Meal. Retrieved April 4, 2024.

Internal MISP references

UUID a27753c1-2f7a-40c4-9e28-a37265bce28c which can be used as unique global reference for ESET Mispadu November 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-04T00:00:00Z
date_published 2019-11-19T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Mispadu: Advertisement for a discounted Unhappy Meal

ESET Security Mispadu Facebook Ads 2019

ESET Security. (2019, November 19). Mispadu: Advertisement for a discounted Unhappy Meal. Retrieved March 13, 2024.

Internal MISP references

UUID e1b945f4-20e0-5b69-8fd7-f05afce8c0ba which can be used as unique global reference for ESET Security Mispadu Facebook Ads 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-13T00:00:00Z
date_published 2019-11-19T00:00:00Z
source MITRE
title Mispadu: Advertisement for a discounted Unhappy Meal

Slideshare Abusing SSH

Duarte, H., Morrison, B. (2012). (Mis)trusting and (ab)using ssh. Retrieved January 8, 2018.

Internal MISP references

UUID 4f63720a-50b6-4eef-826c-71ce8d6e4bb8 which can be used as unique global reference for Slideshare Abusing SSH in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-08T00:00:00Z
date_published 2012-01-01T00:00:00Z
source MITRE
title (Mis)trusting and (ab)using ssh

Mitiga Security Advisory: SSM Agent as Remote Access Trojan

Ariel Szarf, Or Aspir. (n.d.). Mitiga Security Advisory: Abusing the SSM Agent as a Remote Access Trojan. Retrieved January 31, 2024.

Internal MISP references

UUID 88fecbcd-a89b-536a-a1f6-6ddfb2b452da which can be used as unique global reference for Mitiga Security Advisory: SSM Agent as Remote Access Trojan in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-31T00:00:00Z
source MITRE
title Mitiga Security Advisory: Abusing the SSM Agent as a Remote Access Trojan

ACSC Email Spoofing

Australian Cyber Security Centre. (2012, December). Mitigating Spoofed Emails Using Sender Policy Framework. Retrieved October 19, 2020.

Internal MISP references

UUID 4e82a053-c881-4569-8efe-3ef40f6e25a0 which can be used as unique global reference for ACSC Email Spoofing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
date_published 2012-12-01T00:00:00Z
source MITRE
title Mitigating Spoofed Emails Using Sender Policy Framework

NSA Cyber Mitigating Web Shells

NSA Cybersecurity Directorate. (n.d.). Mitigating Web Shells. Retrieved July 22, 2021.

Internal MISP references

UUID cc40e8e8-5450-4340-a091-ae7e609778dc which can be used as unique global reference for NSA Cyber Mitigating Web Shells in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-07-22T00:00:00Z
source MITRE
title Mitigating Web Shells

MIT ccache

Massachusetts Institute of Technology. (n.d.). MIT Kerberos Documentation: Credential Cache. Retrieved October 4, 2021.

Internal MISP references

UUID 6a1b4373-2304-420c-8733-e1eae71ff7b2 which can be used as unique global reference for MIT ccache in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-04T00:00:00Z
source MITRE
title MIT Kerberos Documentation: Credential Cache

MITRE SE Guide 2014

The MITRE Corporation. (2014). MITRE Systems Engineering Guide. Retrieved April 6, 2018.

Internal MISP references

UUID 576f95bc-5cb9-473e-b026-19b864d1c26c which can be used as unique global reference for MITRE SE Guide 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-06T00:00:00Z
date_published 2014-01-01T00:00:00Z
source MITRE
title MITRE Systems Engineering Guide

win_mmc

Microsoft. (2017, October 16). mmc. Retrieved September 20, 2021.

Internal MISP references

UUID 508373ef-2634-404f-99de-7a73cce68699 which can be used as unique global reference for win_mmc in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-20T00:00:00Z
date_published 2017-10-16T00:00:00Z
source MITRE
title mmc

Mmc.exe - LOLBAS Project

LOLBAS. (2018, December 4). Mmc.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 490b6769-e386-4a3d-972e-5a919cb2f6f5 which can be used as unique global reference for Mmc.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-12-04T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Mmc.exe

Trend Micro Bouncing Golf 2019

E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.

Internal MISP references

UUID b830fe30-0b53-4fc6-a172-7da930618725 which can be used as unique global reference for Trend Micro Bouncing Golf 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-01-27T00:00:00Z
date_published 2019-06-28T00:00:00Z
source MITRE
title Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East

ELF Injection May 2009

O'Neill, R. (2009, May). Modern Day ELF Runtime infection via GOT poisoning. Retrieved March 15, 2020.

Internal MISP references

UUID 3ca314d4-3fcf-4545-8ae9-4d8781d51295 which can be used as unique global reference for ELF Injection May 2009 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-15T00:00:00Z
date_published 2009-05-01T00:00:00Z
source MITRE
title Modern Day ELF Runtime infection via GOT poisoning

Elastic Rules macOS launchctl 2022

Elastic Security 7.17. (2022, February 1). Modification of Environment Variable via Launchctl. Retrieved September 28, 2023.

Internal MISP references

UUID 04b0582e-357f-5f2a-8582-b3bf8f52c2a2 which can be used as unique global reference for Elastic Rules macOS launchctl 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-28T00:00:00Z
date_published 2022-02-01T00:00:00Z
source MITRE
title Modification of Environment Variable via Launchctl

modinfo man

Russell, R. (n.d.). modinfo(8) - Linux man page. Retrieved March 28, 2023.

Internal MISP references

UUID d4f2db5c-ef6d-556d-a5e2-f6738277fecd which can be used as unique global reference for modinfo man in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-28T00:00:00Z
source MITRE
title modinfo(8) - Linux man page

hasherezade debug

hasherezade. (2021, June 30). Module 3 - Understanding and countering malware's evasion and self-defence. Retrieved April 1, 2022.

Internal MISP references

UUID 53b0c71d-c577-40e8-8a04-9de083e276a2 which can be used as unique global reference for hasherezade debug in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-01T00:00:00Z
date_published 2021-06-30T00:00:00Z
source MITRE
title Module 3 - Understanding and countering malware's evasion and self-defence

Microsoft Module Class

Microsoft. (n.d.). Module Class. Retrieved September 28, 2021.

Internal MISP references

UUID b051a38a-09c7-4280-a5b6-08067d81a2d8 which can be used as unique global reference for Microsoft Module Class in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-28T00:00:00Z
source MITRE
title Module Class

GitHub Mimikatz kerberos Module

Deply, B., Le Toux, V.. (2016, June 5). module ~ kerberos. Retrieved March 17, 2020.

Internal MISP references

UUID b5eca224-bea1-48e8-acdc-e910d52560f1 which can be used as unique global reference for GitHub Mimikatz kerberos Module in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-17T00:00:00Z
date_published 2016-06-05T00:00:00Z
source MITRE
title module ~ kerberos

GitHub Mimikatz lsadump Module

Deply, B., Le Toux, V. (2016, June 5). module ~ lsadump. Retrieved August 7, 2017.

Internal MISP references

UUID e188ff4d-a983-4f5a-b9e1-3b0f9fd8df25 which can be used as unique global reference for GitHub Mimikatz lsadump Module in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-08-07T00:00:00Z
date_published 2016-06-05T00:00:00Z
source MITRE
title module ~ lsadump

Module Stomping for Shellcode Injection

Red Teaming Experiments. (n.d.). Module Stomping for Shellcode Injection. Retrieved July 14, 2022.

Internal MISP references

UUID 0f9b58e2-2a81-4b79-aad6-b36a844cf1c6 which can be used as unique global reference for Module Stomping for Shellcode Injection in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-14T00:00:00Z
source MITRE
title Module Stomping for Shellcode Injection

Linux Kernel Module Programming Guide

Pomerantz, O., Salzman, P. (2003, April 4). Modules vs Programs. Retrieved April 6, 2018.

Internal MISP references

UUID ceefe610-0b26-4307-806b-17313d570511 which can be used as unique global reference for Linux Kernel Module Programming Guide in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-06T00:00:00Z
date_published 2003-04-04T00:00:00Z
source MITRE
title Modules vs Programs

FOX-IT May 2016 Mofang

Yonathan Klijnsma. (2016, May 17). Mofang: A politically motivated information stealing adversary. Retrieved May 12, 2020.

Internal MISP references

UUID f1a08b1c-f7d5-4a91-b3b7-0f042b297842 which can be used as unique global reference for FOX-IT May 2016 Mofang in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-12T00:00:00Z
date_published 2016-05-17T00:00:00Z
source MITRE, Tidal Cyber
title Mofang: A politically motivated information stealing adversary

Unit42 Molerat Mar 2020

Falcone, R., et al. (2020, March 3). Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations. Retrieved December 14, 2020.

Internal MISP references

UUID 328f1c87-c9dc-42d8-bb33-a17ad4d7f57e which can be used as unique global reference for Unit42 Molerat Mar 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-14T00:00:00Z
date_published 2020-03-03T00:00:00Z
source MITRE
title Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations

Cybereason Molerats Dec 2020

Cybereason Nocturnus Team. (2020, December 9). MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign. Retrieved December 22, 2020.

Internal MISP references

UUID 81a10a4b-c66f-4526-882c-184436807e1d which can be used as unique global reference for Cybereason Molerats Dec 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-22T00:00:00Z
date_published 2020-12-09T00:00:00Z
source MITRE
title MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign

Azure - Monitor Logs

Microsoft. (2019, June 4). Monitor at scale by using Azure Monitor. Retrieved May 1, 2020.

Internal MISP references

UUID e16974cc-623e-4fa6-ac36-5f199d54bf55 which can be used as unique global reference for Azure - Monitor Logs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-01T00:00:00Z
date_published 2019-06-04T00:00:00Z
source MITRE
title Monitor at scale by using Azure Monitor

EventTracker File Permissions Feb 2014

Netsurion. (2014, February 19). Monitoring File Permission Changes with the Windows Security Log. Retrieved August 19, 2018.

Internal MISP references

UUID 91a4278e-ea52-4cd5-8c79-c73c690372a3 which can be used as unique global reference for EventTracker File Permissions Feb 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-19T00:00:00Z
date_published 2014-02-19T00:00:00Z
source MITRE
title Monitoring File Permission Changes with the Windows Security Log

Microsoft Silent Process Exit NOV 2017

Marshall, D. & Griffin, S. (2017, November 28). Monitoring Silent Process Exit. Retrieved June 27, 2018.

Internal MISP references

UUID 86896031-f654-4185-ba45-8c931903153b which can be used as unique global reference for Microsoft Silent Process Exit NOV 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-06-27T00:00:00Z
date_published 2017-11-28T00:00:00Z
source MITRE
title Monitoring Silent Process Exit

Windows Event Forwarding Payne

Payne, J. (2015, November 23). Monitoring what matters - Windows Event Forwarding for everyone (even if you already have a SIEM.). Retrieved February 1, 2016.

Internal MISP references

UUID 72798df8-0e12-46f5-acb0-2fe99bd8dbff which can be used as unique global reference for Windows Event Forwarding Payne in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-02-01T00:00:00Z
date_published 2015-11-23T00:00:00Z
source MITRE
title Monitoring what matters - Windows Event Forwarding for everyone (even if you already have a SIEM.)

GCP Monitoring Service Account Usage

Google Cloud. (2022, March 31). Monitor usage patterns for service accounts and keys . Retrieved April 1, 2022.

Internal MISP references

UUID d33115c5-ae47-4089-a6cb-4ef97effa722 which can be used as unique global reference for GCP Monitoring Service Account Usage in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-01T00:00:00Z
date_published 2022-03-31T00:00:00Z
source MITRE
title Monitor usage patterns for service accounts and keys

Forcepoint Monsoon

Settle, A., et al. (2016, August 8). MONSOON - Analysis Of An APT Campaign. Retrieved September 22, 2016.

Internal MISP references

UUID ea64a3a5-a248-44bb-98cd-f7e3d4c23d4e which can be used as unique global reference for Forcepoint Monsoon in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-09-22T00:00:00Z
date_published 2016-08-08T00:00:00Z
source MITRE
title MONSOON - Analysis Of An APT Campaign

Microsoft Security Blog 5 28 2024

Microsoft Threat Intelligence. (2024, May 28). Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks . Retrieved May 29, 2024.

Internal MISP references

UUID faf315ed-71f7-4e29-8334-701da35a69ad which can be used as unique global reference for Microsoft Security Blog 5 28 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-05-29T00:00:00Z
date_published 2024-05-28T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks

Security Intelligence More Eggs Aug 2019

Villadsen, O.. (2019, August 29). More_eggs, Anyone? Threat Actor ITG08 Strikes Again. Retrieved September 16, 2019.

Internal MISP references

UUID f0a0286f-adb9-4a6e-85b5-5b0f45e6fbf3 which can be used as unique global reference for Security Intelligence More Eggs Aug 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-16T00:00:00Z
date_published 2019-08-29T00:00:00Z
source MITRE, Tidal Cyber
title More_eggs, Anyone? Threat Actor ITG08 Strikes Again

ESET EvilNum July 2020

Porolli, M. (2020, July 9). More evil: A deep look at Evilnum and its toolset. Retrieved January 22, 2021.

Internal MISP references

UUID 6851b3f9-0239-40fc-ba44-34a775e9bd4e which can be used as unique global reference for ESET EvilNum July 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-22T00:00:00Z
date_published 2020-07-09T00:00:00Z
source MITRE, Tidal Cyber
title More evil: A deep look at Evilnum and its toolset

Microsoft More information about DLL

Microsoft. (2010, August 12). More information about the DLL Preloading remote attack vector. Retrieved December 5, 2014.

Internal MISP references

UUID 80289c7b-53c1-4aec-9436-04a43a82f769 which can be used as unique global reference for Microsoft More information about DLL in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-05T00:00:00Z
date_published 2010-08-12T00:00:00Z
source MITRE
title More information about the DLL Preloading remote attack vector

Microsoft DLL Preloading

Microsoft. (2010, August 12). More information about the DLL Preloading remote attack vector. Retrieved December 5, 2014.

Internal MISP references

UUID 46aa7075-9f0a-461e-8519-5c4860208678 which can be used as unique global reference for Microsoft DLL Preloading in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-05T00:00:00Z
date_published 2010-08-12T00:00:00Z
source MITRE
title More information about the DLL Preloading remote attack vector

aptsim

valsmith. (2012, September 21). More on APTSim. Retrieved September 28, 2017.

Internal MISP references

UUID c33ca45d-eeff-4a23-906c-99369047c7f5 which can be used as unique global reference for aptsim in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-09-28T00:00:00Z
date_published 2012-09-21T00:00:00Z
source MITRE
title More on APTSim

Washington Post WannaCry 2017

Dwoskin, E. and Adam, K. (2017, May 14). More than 150 countries affected by massive cyberattack, Europol says. Retrieved March 25, 2019.

Internal MISP references

UUID bbf9b08a-072c-4fb9-8c3c-cb6f91e8940c which can be used as unique global reference for Washington Post WannaCry 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-25T00:00:00Z
date_published 2017-05-14T00:00:00Z
source MITRE
title More than 150 countries affected by massive cyberattack, Europol says

ArsTechnica Intel

Goodin, D. & Salter, J. (2020, August 6). More than 20GB of Intel source code and proprietary data dumped online. Retrieved October 20, 2020.

Internal MISP references

UUID 99151b50-3dd8-47b5-a48f-2e3b450944e9 which can be used as unique global reference for ArsTechnica Intel in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2020-08-06T00:00:00Z
source MITRE
title More than 20GB of Intel source code and proprietary data dumped online

Kaspersky Winnti April 2013

Kaspersky Lab's Global Research and Analysis Team. (2013, April 11). Winnti. More than just a game. Retrieved February 8, 2017.

Internal MISP references

UUID 2d4834b9-61c4-478e-919a-317d97cd2c36 which can be used as unique global reference for Kaspersky Winnti April 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-02-08T00:00:00Z
source MITRE, Tidal Cyber
title More than just a game

polygot_icedID

Lim, M. (2022, September 27). More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID. Retrieved September 29, 2022.

Internal MISP references

UUID dcd65d74-4e7b-5ddd-8c72-700456981347 which can be used as unique global reference for polygot_icedID in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-29T00:00:00Z
date_published 2022-09-27T00:00:00Z
source MITRE
title More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID

CrowdStrike Deep Panda Web Shells

RYANJ. (2014, February 20). Mo’ Shells Mo’ Problems – Deep Panda Web Shells. Retrieved September 16, 2015.

Internal MISP references

UUID e9c47d8e-f732-45c9-bceb-26c5d564e781 which can be used as unique global reference for CrowdStrike Deep Panda Web Shells in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-09-16T00:00:00Z
date_published 2014-02-20T00:00:00Z
source MITRE, Tidal Cyber
title Mo’ Shells Mo’ Problems – Deep Panda Web Shells

MoustachedBouncer ESET August 2023

Faou, M. (2023, August 10). MoustachedBouncer: Espionage against foreign diplomats in Belarus. Retrieved September 25, 2023.

Internal MISP references

UUID 9070f14b-5d5e-5f6d-bcac-628478e01242 which can be used as unique global reference for MoustachedBouncer ESET August 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-25T00:00:00Z
date_published 2023-08-10T00:00:00Z
source MITRE
title MoustachedBouncer: Espionage against foreign diplomats in Belarus

ESET MoustachedBouncer

Faou, M. (2023, August 10). MoustachedBouncer: Espionage against foreign diplomats in Belarus. Retrieved September 1, 2023.

Internal MISP references

UUID 6c85e925-d42b-590c-a424-14ebb49812bb which can be used as unique global reference for ESET MoustachedBouncer in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-01T00:00:00Z
date_published 2023-08-10T00:00:00Z
source MITRE
title MoustachedBouncer: Espionage against foreign diplomats in Belarus

Progress Software MOVEit Transfer Critical Vulnerability

Progress Software. (2023, June 16). MOVEit Transfer Critical Vulnerability (May 2023) (CVE-2023-34362). Retrieved July 28, 2023.

Internal MISP references

UUID 9f364e22-b73c-4f3a-902c-a3f0eb01a2b9 which can be used as unique global reference for Progress Software MOVEit Transfer Critical Vulnerability in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-28T00:00:00Z
date_published 2023-06-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title MOVEit Transfer Critical Vulnerability (May 2023) (CVE-2023-34362)

TechNet Moving Beyond EMET

Nunez, N. (2017, August 9). Moving Beyond EMET II – Windows Defender Exploit Guard. Retrieved March 12, 2018.

Internal MISP references

UUID da4fbddf-9398-43a9-888c-2c58e9fc9aaf which can be used as unique global reference for TechNet Moving Beyond EMET in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-12T00:00:00Z
date_published 2017-08-09T00:00:00Z
source MITRE
title Moving Beyond EMET II – Windows Defender Exploit Guard

ScriptingOSX zsh

Armin Briegel. (2019, June 5). Moving to zsh, part 2: Configuration Files. Retrieved February 25, 2021.

Internal MISP references

UUID 08b390aa-863b-420e-9b00-e168e3c756d8 which can be used as unique global reference for ScriptingOSX zsh in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-25T00:00:00Z
date_published 2019-06-05T00:00:00Z
source MITRE
title Moving to zsh, part 2: Configuration Files

Volatility Detecting Hooks Sept 2012

Volatility Labs. (2012, September 24). MoVP 3.1 Detecting Malware Hooks in the Windows GUI Subsystem. Retrieved December 12, 2017.

Internal MISP references

UUID e208c277-e477-4123-8c3c-313d55cdc1ea which can be used as unique global reference for Volatility Detecting Hooks Sept 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-12T00:00:00Z
date_published 2012-09-24T00:00:00Z
source MITRE
title MoVP 3.1 Detecting Malware Hooks in the Windows GUI Subsystem

Mozilla Firefox Installer DLL Hijack

Kugler, R. (2012, November 20). Mozilla Foundation Security Advisory 2012-98. Retrieved March 10, 2017.

Internal MISP references

UUID 920d1607-154e-4c74-b1eb-0d8299be536f which can be used as unique global reference for Mozilla Firefox Installer DLL Hijack in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-10T00:00:00Z
date_published 2012-11-20T00:00:00Z
source MITRE
title Mozilla Foundation Security Advisory 2012-98

mozilla_sec_adv_2012

Robert Kugler. (2012, November 20). Mozilla Foundation Security Advisory 2012-98. Retrieved March 10, 2017.

Internal MISP references

UUID cd720550-a0b5-4d1d-85dd-98da97f45b62 which can be used as unique global reference for mozilla_sec_adv_2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-10T00:00:00Z
date_published 2012-11-20T00:00:00Z
source MITRE
title Mozilla Foundation Security Advisory 2012-98

MpCmdRun.exe - LOLBAS Project

LOLBAS. (2020, March 20). MpCmdRun.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 2082d5ca-474f-4130-b275-c1ac5e30064c which can be used as unique global reference for MpCmdRun.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-03-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title MpCmdRun.exe

TechNet MS14-019

Nagaraju, S. (2014, April 8). MS14-019 – Fixing a binary hijacking via .cmd or .bat file. Retrieved July 25, 2016.

Internal MISP references

UUID 2474e2ee-bbcd-4b7c-8c52-22112d22135f which can be used as unique global reference for TechNet MS14-019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-07-25T00:00:00Z
date_published 2014-04-08T00:00:00Z
source MITRE
title MS14-019 – Fixing a binary hijacking via .cmd or .bat file

SRD GPP

Security Research and Defense. (2014, May 13). MS14-025: An Update for Group Policy Preferences. Retrieved January 28, 2015.

Internal MISP references

UUID a15fff18-5d3f-4898-9e47-ec6ae7dda749 which can be used as unique global reference for SRD GPP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-01-28T00:00:00Z
date_published 2014-05-13T00:00:00Z
source MITRE
title MS14-025: An Update for Group Policy Preferences

Microsoft MS14-025

Microsoft. (2014, May 13). MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege. Retrieved January 28, 2015.

Internal MISP references

UUID dbe32cbd-8c6e-483f-887c-ea2a5102cf65 which can be used as unique global reference for Microsoft MS14-025 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-01-28T00:00:00Z
date_published 2014-05-13T00:00:00Z
source MITRE
title MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege

MS14-025

Microsoft. (2014, May 13). MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege. Retrieved February 17, 2020.

Internal MISP references

UUID 7537c0bb-6f14-4a4a-94cc-98c6ed9e878f which can be used as unique global reference for MS14-025 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-17T00:00:00Z
date_published 2014-05-13T00:00:00Z
source MITRE
title MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege

MSDN MSBuild

Microsoft. (n.d.). MSBuild1. Retrieved November 30, 2016.

Internal MISP references

UUID 9ad54187-84b0-47f9-af6e-c3753452e470 which can be used as unique global reference for MSDN MSBuild in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-11-30T00:00:00Z
source MITRE
title MSBuild1

LOLBAS Msbuild

LOLBAS. (n.d.). Msbuild.exe. Retrieved July 31, 2019.

Internal MISP references

UUID de8e0741-255b-4c41-ba50-248ac5acc325 which can be used as unique global reference for LOLBAS Msbuild in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-31T00:00:00Z
source MITRE
title Msbuild.exe

Microsoft MSBuild Inline Tasks 2017

Microsoft. (2017, September 21). MSBuild inline tasks. Retrieved March 5, 2021.

Internal MISP references

UUID 2c638ca5-c7e2-4c4e-bb9c-e36d14899ca8 which can be used as unique global reference for Microsoft MSBuild Inline Tasks 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-05T00:00:00Z
date_published 2017-09-21T00:00:00Z
source MITRE
title MSBuild inline tasks

Msconfig.exe - LOLBAS Project

LOLBAS. (2018, May 25). Msconfig.exe. Retrieved December 4, 2023.

Internal MISP references

UUID a073d2fc-d20d-4a52-944e-85ff89f04978 which can be used as unique global reference for Msconfig.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Msconfig.exe

Msdeploy.exe - LOLBAS Project

LOLBAS. (2018, May 25). Msdeploy.exe. Retrieved December 4, 2023.

Internal MISP references

UUID e563af9a-5e49-4612-a52b-31f22f76193c which can be used as unique global reference for Msdeploy.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Msdeploy.exe

MSDN File Associations

Microsoft. (n.d.). Retrieved July 26, 2016.

Internal MISP references

UUID f62c8cc9-9c75-4b9a-a0b4-8fc55a94e207 which can be used as unique global reference for MSDN File Associations in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-07-26T00:00:00Z
source MITRE
title MSDN File Associations

Microsoft DRSR Dec 2017

Microsoft. (2017, December 1). MS-DRSR Directory Replication Service (DRS) Remote Protocol. Retrieved December 4, 2017.

Internal MISP references

UUID 43b75a27-7875-4c24-b04d-54e1b60f3028 which can be used as unique global reference for Microsoft DRSR Dec 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-04T00:00:00Z
date_published 2017-12-01T00:00:00Z
source MITRE
title MS-DRSR Directory Replication Service (DRS) Remote Protocol

Msdt.exe - LOLBAS Project

LOLBAS. (2018, May 25). Msdt.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 3eb1750c-a2f2-4d68-b060-ceb32f44f5fe which can be used as unique global reference for Msdt.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Msdt.exe

Msedge.exe - LOLBAS Project

LOLBAS. (2022, January 20). Msedge.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 6169c12e-9753-4e48-8213-aff95b0f6a95 which can be used as unique global reference for Msedge.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-01-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Msedge.exe

msedge_proxy.exe - LOLBAS Project

LOLBAS. (2023, August 18). msedge_proxy.exe. Retrieved December 4, 2023.

Internal MISP references

UUID a6fd4727-e22f-4157-9a5f-1217cb876b32 which can be used as unique global reference for msedge_proxy.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2023-08-18T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title msedge_proxy.exe

msedgewebview2.exe - LOLBAS Project

LOLBAS. (2023, June 15). msedgewebview2.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 8125ece7-10d1-4e79-8ea1-724fe46a3c97 which can be used as unique global reference for msedgewebview2.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2023-06-15T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title msedgewebview2.exe

LOLBAS Mshta

LOLBAS. (n.d.). Mshta.exe. Retrieved July 31, 2019.

Internal MISP references

UUID 915a4aef-800e-4c68-ad39-df67c3dbaf75 which can be used as unique global reference for LOLBAS Mshta in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-31T00:00:00Z
source MITRE
title Mshta.exe

Mshtml.dll - LOLBAS Project

LOLBAS. (2018, May 25). Mshtml.dll. Retrieved December 4, 2023.

Internal MISP references

UUID 1a135e0b-5a79-4a4c-bc70-fd8f3f84e1f0 which can be used as unique global reference for Mshtml.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Mshtml.dll

Microsoft msiexec

Microsoft. (2017, October 15). msiexec. Retrieved January 24, 2020.

Internal MISP references

UUID 028a8dc6-08f6-4660-8b82-9d5483d15f72 which can be used as unique global reference for Microsoft msiexec in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-01-24T00:00:00Z
date_published 2017-10-15T00:00:00Z
source MITRE
title msiexec

LOLBAS Msiexec

LOLBAS. (n.d.). Msiexec.exe. Retrieved April 18, 2019.

Internal MISP references

UUID 996cc7ea-0729-4c51-b9c3-b201ec32e984 which can be used as unique global reference for LOLBAS Msiexec in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-18T00:00:00Z
source MITRE
title Msiexec.exe

CIS Emotet Dec 2018

CIS. (2018, December 12). MS-ISAC Security Primer- Emotet. Retrieved March 25, 2019.

Internal MISP references

UUID e88ba993-d5c0-440f-af52-1f70f1579215 which can be used as unique global reference for CIS Emotet Dec 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-25T00:00:00Z
date_published 2018-12-12T00:00:00Z
source MITRE
title MS-ISAC Security Primer- Emotet

Microsoft NRPC Dec 2017

Microsoft. (2017, December 1). MS-NRPC - Netlogon Remote Protocol. Retrieved December 6, 2017.

Internal MISP references

UUID 05cf36a3-ff04-4437-9209-376e9f27c009 which can be used as unique global reference for Microsoft NRPC Dec 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-06T00:00:00Z
date_published 2017-12-01T00:00:00Z
source MITRE
title MS-NRPC - Netlogon Remote Protocol

MsoHtmEd.exe - LOLBAS Project

LOLBAS. (2022, July 24). MsoHtmEd.exe. Retrieved December 4, 2023.

Internal MISP references

UUID c39fdefa-4c54-48a9-8357-ffe4dca2a2f4 which can be used as unique global reference for MsoHtmEd.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-07-24T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title MsoHtmEd.exe

Mspub.exe - LOLBAS Project

LOLBAS. (2022, August 2). Mspub.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 41eff63a-fef0-4b4b-86f7-0908150fcfcf which can be used as unique global reference for Mspub.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-08-02T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Mspub.exe

Microsoft SAMR

Microsoft. (n.d.). MS-SAMR Security Account Manager (SAM) Remote Protocol (Client-to-Server) - Transport. Retrieved December 4, 2017.

Internal MISP references

UUID add907d8-06c1-481d-a27a-d077ecb32d0e which can be used as unique global reference for Microsoft SAMR in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-04T00:00:00Z
source MITRE
title MS-SAMR Security Account Manager (SAM) Remote Protocol (Client-to-Server) - Transport

GitHub IAD Secure Host Baseline UAC Filtering

NSA IAD. (2017, January 24). MS Security Guide. Retrieved December 18, 2017.

Internal MISP references

UUID 15ad7216-df50-467f-a00b-687336898537 which can be used as unique global reference for GitHub IAD Secure Host Baseline UAC Filtering in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-18T00:00:00Z
date_published 2017-01-24T00:00:00Z
source MITRE
title MS Security Guide

msxsl.exe - LOLBAS Project

LOLBAS. (2018, May 25). msxsl.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 4e1ed0a8-60d0-45e2-9592-573b904811f8 which can be used as unique global reference for msxsl.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title msxsl.exe

XSL Bypass Mar 2019

Singh, A. (2019, March 14). MSXSL.EXE and WMIC.EXE — A Way to Proxy Code Execution. Retrieved August 2, 2019.

Internal MISP references

UUID e4e2cf48-47e0-45d8-afc2-a35635f7e880 which can be used as unique global reference for XSL Bypass Mar 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-08-02T00:00:00Z
date_published 2019-03-14T00:00:00Z
source MITRE
title MSXSL.EXE and WMIC.EXE — A Way to Proxy Code Execution

Mandiant. (2015, February 24). M-Trends 2015: A View from the Front Lines. Retrieved May 18, 2016.

Internal MISP references

UUID 067497eb-17d9-465f-a070-495575f420d7 which can be used as unique global reference for Mandiant M-Trends 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-05-18T00:00:00Z
date_published 2015-02-24T00:00:00Z
source MITRE
title M-Trends 2015: A View from the Front Lines

MTrends 2016

Mandiant. (2016, February). M-Trends 2016. Retrieved January 4, 2017.

Internal MISP references

UUID a4747b74-7266-439b-bb8a-bae7102b0d07 which can be used as unique global reference for MTrends 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-01-04T00:00:00Z
date_published 2016-02-01T00:00:00Z
source MITRE
title M-Trends 2016

Mandiant. (2020, February). M-Trends 2020. Retrieved April 24, 2020.

Internal MISP references

UUID 83bc9b28-f8b3-4522-b9f1-f43bce3ae917 which can be used as unique global reference for Mandiant M-Trends 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-04-24T00:00:00Z
date_published 2020-02-01T00:00:00Z
source MITRE
title M-Trends 2020

Accenture MUDCARP March 2019

Accenture iDefense Unit. (2019, March 5). Mudcarp's Focus on Submarine Technologies. Retrieved August 24, 2021.

Internal MISP references

UUID 811d433d-27a4-4411-8ec9-b3a173ba0033 which can be used as unique global reference for Accenture MUDCARP March 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-24T00:00:00Z
date_published 2019-03-05T00:00:00Z
source MITRE
title Mudcarp's Focus on Submarine Technologies

Unit 42 4 9 2024

Margaret Zimmermann. (2024, April 9). Muddled Libra's Evolution to the Cloud. Retrieved April 9, 2024.

Internal MISP references

UUID 85379fc0-18e5-4862-9629-d21fa686afa2 which can be used as unique global reference for Unit 42 4 9 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-09T00:00:00Z
date_published 2024-04-09T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Muddled Libra's Evolution to the Cloud

Unit 42 MuddyWater Nov 2017

Lancaster, T.. (2017, November 14). Muddying the Water: Targeted Attacks in the Middle East. Retrieved March 15, 2018.

Internal MISP references

UUID dcdee265-2e46-4f40-95c7-6a2683edb23a which can be used as unique global reference for Unit 42 MuddyWater Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-15T00:00:00Z
date_published 2017-11-14T00:00:00Z
source MITRE, Tidal Cyber
title Muddying the Water: Targeted Attacks in the Middle East

Securelist MuddyWater Oct 2018

Kaspersky Lab's Global Research & Analysis Team. (2018, October 10). MuddyWater expands operations. Retrieved November 2, 2018.

Internal MISP references

UUID d968546b-5b00-4a7b-9bff-57dfedd0125f which can be used as unique global reference for Securelist MuddyWater Oct 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-02T00:00:00Z
date_published 2018-10-10T00:00:00Z
source MITRE
title MuddyWater expands operations

ClearSky MuddyWater Nov 2018

ClearSky Cyber Security. (2018, November). MuddyWater Operations in Lebanon and Oman: Using an Israeli compromised domain for a two-stage campaign. Retrieved November 29, 2018.

Internal MISP references

UUID a5f60f45-5df5-407d-9f68-bc5f7c42ee85 which can be used as unique global reference for ClearSky MuddyWater Nov 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-29T00:00:00Z
date_published 2018-11-01T00:00:00Z
source MITRE, Tidal Cyber
title MuddyWater Operations in Lebanon and Oman: Using an Israeli compromised domain for a two-stage campaign

TrendMicro POWERSTATS V3 June 2019

Lunghi, D. and Horejsi, J.. (2019, June 10). MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools. Retrieved May 14, 2020.

Internal MISP references

UUID bf9847e2-f2bb-4a96-af8f-56e1ffc45cf7 which can be used as unique global reference for TrendMicro POWERSTATS V3 June 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-14T00:00:00Z
date_published 2019-06-10T00:00:00Z
source MITRE
title MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools

NIST MFA

NIST. (n.d.). Multi-Factor Authentication (MFA). Retrieved January 30, 2020.

Internal MISP references

UUID 2f069bb2-3f59-409e-a337-7c69411c8b01 which can be used as unique global reference for NIST MFA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-01-30T00:00:00Z
source MITRE
title Multi-Factor Authentication (MFA)

Talos Cobalt Group July 2018

Svajcer, V. (2018, July 31). Multiple Cobalt Personality Disorder. Retrieved September 5, 2018.

Internal MISP references

UUID 7cdfd0d1-f7e6-4625-91ff-f87f46f95864 which can be used as unique global reference for Talos Cobalt Group July 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-05T00:00:00Z
date_published 2018-07-31T00:00:00Z
source MITRE, Tidal Cyber
title Multiple Cobalt Personality Disorder

U.S. CISA Zoho Exploits September 7 2023

Cybersecurity and Infrastructure Security Agency. (2023, September 7). Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475. Retrieved September 7, 2023.

Internal MISP references

UUID 6bb581e8-ed0e-41fe-bf95-49b5d11b4e6b which can be used as unique global reference for U.S. CISA Zoho Exploits September 7 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-07T00:00:00Z
date_published 2023-09-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475

CIS Multiple SMB Vulnerabilities

CIS. (2017, May 15). Multiple Vulnerabilities in Microsoft Windows SMB Server Could Allow for Remote Code Execution. Retrieved April 3, 2018.

Internal MISP references

UUID 76d9da2c-1503-4105-b017-cb2b69298296 which can be used as unique global reference for CIS Multiple SMB Vulnerabilities in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-03T00:00:00Z
date_published 2017-05-15T00:00:00Z
source MITRE
title Multiple Vulnerabilities in Microsoft Windows SMB Server Could Allow for Remote Code Execution

GitHub Mauraena

Orrù, M., Trotta, G.. (2019, September 11). Muraena. Retrieved October 14, 2019.

Internal MISP references

UUID 578ecf62-b546-4f52-9d50-92557edf2dd4 which can be used as unique global reference for GitHub Mauraena in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-14T00:00:00Z
date_published 2019-09-11T00:00:00Z
source MITRE
title Muraena

Arbor Musical Chairs Feb 2018

Sabo, S. (2018, February 15). Musical Chairs Playing Tetris. Retrieved February 19, 2018.

Internal MISP references

UUID bddf44bb-7a0a-498b-9831-7b73cf9a582e which can be used as unique global reference for Arbor Musical Chairs Feb 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-19T00:00:00Z
date_published 2018-02-15T00:00:00Z
source MITRE
title Musical Chairs Playing Tetris

Mythc Documentation

Thomas, C. (n.d.). Mythc Documentation. Retrieved March 25, 2022.

Internal MISP references

UUID de3091b4-663e-4d9e-9dde-51250749863d which can be used as unique global reference for Mythc Documentation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-25T00:00:00Z
source MITRE
title Mythc Documentation

Mythic Github

Thomas, C. (2018, July 4). Mythic. Retrieved March 25, 2022.

Internal MISP references

UUID 20d0adf0-b832-4b03-995e-dfb56474ddcc which can be used as unique global reference for Mythic Github in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-25T00:00:00Z
date_published 2018-07-04T00:00:00Z
source MITRE
title Mythic

Crowdstrike Mythic Leopard Profile

Crowdstrike. (n.d.). Mythic Leopard. Retrieved October 6, 2021.

Internal MISP references

UUID efa5dc67-3364-4049-bb13-8b9e1b55f172 which can be used as unique global reference for Crowdstrike Mythic Leopard Profile in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-06T00:00:00Z
source MITRE
title Mythic Leopard

CheckPoint Naikon May 2020

CheckPoint. (2020, May 7). Naikon APT: Cyber Espionage Reloaded. Retrieved May 26, 2020.

Internal MISP references

UUID f080acab-a6a0-42e1-98ff-45e415393648 which can be used as unique global reference for CheckPoint Naikon May 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-26T00:00:00Z
date_published 2020-05-07T00:00:00Z
source MITRE
title Naikon APT: Cyber Espionage Reloaded

Bitdefender Naikon April 2021

Vrabie, V. (2021, April 23). NAIKON – Traces from a Military Cyber-Espionage Operation. Retrieved June 29, 2021.

Internal MISP references

UUID 55660913-4c03-4360-bb8b-1cad94bd8d0e which can be used as unique global reference for Bitdefender Naikon April 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-29T00:00:00Z
date_published 2021-04-23T00:00:00Z
source MITRE
title NAIKON – Traces from a Military Cyber-Espionage Operation

Microsoft Named Pipes

Microsoft. (2018, May 31). Named Pipes. Retrieved September 28, 2021.

Internal MISP references

UUID 09a3f7dd-5597-4a55-8408-a2f09f4efcd4 which can be used as unique global reference for Microsoft Named Pipes in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-28T00:00:00Z
date_published 2018-05-31T00:00:00Z
source MITRE
title Named Pipes

fsecure NanHaiShu July 2016

F-Secure Labs. (2016, July). NANHAISHU RATing the South China Sea. Retrieved July 6, 2018.

Internal MISP references

UUID 41984650-a0ac-4445-80b6-7ceaf93bd135 which can be used as unique global reference for fsecure NanHaiShu July 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-06T00:00:00Z
date_published 2016-07-01T00:00:00Z
source MITRE
title NANHAISHU RATing the South China Sea

DigiTrust NanoCore Jan 2017

The DigiTrust Group. (2017, January 01). NanoCore Is Not Your Average RAT. Retrieved November 9, 2018.

Internal MISP references

UUID 6abac972-bbd0-4cd2-b3a7-25e7825ac134 which can be used as unique global reference for DigiTrust NanoCore Jan 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-09T00:00:00Z
date_published 2017-01-01T00:00:00Z
source MITRE
title NanoCore Is Not Your Average RAT

PaloAlto NanoCore Feb 2016

Kasza, A., Halfpop, T. (2016, February 09). NanoCoreRAT Behind an Increase in Tax-Themed Phishing E-mails. Retrieved November 9, 2018.

Internal MISP references

UUID caa0a421-04b0-4ebc-b365-97082d69d33d which can be used as unique global reference for PaloAlto NanoCore Feb 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-09T00:00:00Z
date_published 2016-02-09T00:00:00Z
source MITRE
title NanoCoreRAT Behind an Increase in Tax-Themed Phishing E-mails

Unit42 BabyShark Feb 2019

Unit 42. (2019, February 22). New BabyShark Malware Targets U.S. National Security Think Tanks. Retrieved October 7, 2019.

Internal MISP references

UUID 634404e3-e2c9-4872-a280-12d2be168cba which can be used as unique global reference for Unit42 BabyShark Feb 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-07T00:00:00Z
source MITRE
title National Security Think Tanks

National Vulnerability Database

National Vulnerability Database. (n.d.). National Vulnerability Database. Retrieved October 15, 2020.

Internal MISP references

UUID 9b42dcc6-a39c-4d74-adc3-135f9ceac5ba which can be used as unique global reference for National Vulnerability Database in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-15T00:00:00Z
source MITRE
title National Vulnerability Database

NationsBuying

Nicole Perlroth and David E. Sanger. (2013, July 12). Nations Buying as Hackers Sell Flaws in Computer Code. Retrieved March 9, 2017.

Internal MISP references

UUID a3e224e7-fe22-48d6-9ff5-35900f06c060 which can be used as unique global reference for NationsBuying in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-09T00:00:00Z
date_published 2013-07-12T00:00:00Z
source MITRE
title Nations Buying as Hackers Sell Flaws in Computer Code

FireEye Maze May 2020

Kennelly, J., Goody, K., Shilko, J. (2020, May 7). Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents. Retrieved May 18, 2020.

Internal MISP references

UUID 02338a66-6820-4505-8239-a1f1fcc60d32 which can be used as unique global reference for FireEye Maze May 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-18T00:00:00Z
date_published 2020-05-07T00:00:00Z
source MITRE
title Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents

Talos NavRAT May 2018

Mercer, W., Rascagneres, P. (2018, May 31). NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea. Retrieved June 11, 2018.

Internal MISP references

UUID f644ac27-a923-489b-944e-1ba89c609307 which can be used as unique global reference for Talos NavRAT May 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-06-11T00:00:00Z
date_published 2018-05-31T00:00:00Z
source MITRE
title NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea

GitHub NBNSpoof

Nomex. (2014, February 7). NBNSpoof. Retrieved November 17, 2017.

Internal MISP references

UUID 4119091a-96f8-441c-b66f-ee0d9013d7ca which can be used as unique global reference for GitHub NBNSpoof in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-17T00:00:00Z
date_published 2014-02-07T00:00:00Z
source MITRE
title NBNSpoof

SecTools nbtscan June 2003

SecTools. (2003, June 11). NBTscan. Retrieved March 17, 2021.

Internal MISP references

UUID 505c9e8b-66e0-435c-835f-b4405ba91966 which can be used as unique global reference for SecTools nbtscan June 2003 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-17T00:00:00Z
date_published 2003-06-11T00:00:00Z
source MITRE
title NBTscan

Debian nbtscan Nov 2019

Bezroutchko, A. (2019, November 19). NBTscan man page. Retrieved March 17, 2021.

Internal MISP references

UUID 8d718be1-9695-4e61-a922-5162d88477c0 which can be used as unique global reference for Debian nbtscan Nov 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-17T00:00:00Z
date_published 2019-11-19T00:00:00Z
source MITRE
title NBTscan man page

TechNet Nbtstat

Microsoft. (n.d.). Nbtstat. Retrieved April 17, 2016.

Internal MISP references

UUID 1b1e6b08-fc2a-48f7-82bd-e3c1a7a0d97e which can be used as unique global reference for TechNet Nbtstat in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-17T00:00:00Z
source MITRE
title Nbtstat

NCSC Sandworm Feb 2020

NCSC. (2020, February 20). NCSC supports US advisory regarding GRU intrusion set Sandworm. Retrieved June 10, 2020.

Internal MISP references

UUID d876d037-9d24-44af-b8f0-5c1555632b91 which can be used as unique global reference for NCSC Sandworm Feb 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-10T00:00:00Z
date_published 2020-02-20T00:00:00Z
source MITRE
title NCSC supports US advisory regarding GRU intrusion set Sandworm

7 - appv

Nick Landers. (2017, August 8). Need a signed alternative to Powershell.exe? SyncAppvPublishingServer in Win10 has got you covered.. Retrieved February 6, 2024.

Internal MISP references

UUID 264a4f99-b1dc-5afd-8178-e1f37c3db8ff which can be used as unique global reference for 7 - appv in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-06T00:00:00Z
date_published 2017-08-08T00:00:00Z
source MITRE
title Need a signed alternative to Powershell.exe? SyncAppvPublishingServer in Win10 has got you covered.

TechNet NetBIOS

Microsoft. (n.d.). NetBIOS Name Resolution. Retrieved November 17, 2017.

Internal MISP references

UUID f756ee2e-2e79-41df-bf9f-6492a9708663 which can be used as unique global reference for TechNet NetBIOS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-17T00:00:00Z
source MITRE
title NetBIOS Name Resolution

Microsoft Net

Microsoft. (2017, February 14). Net Commands On Windows Operating Systems. Retrieved March 19, 2020.

Internal MISP references

UUID a04320b9-0c6a-49f9-8b84-50587278cdfb which can be used as unique global reference for Microsoft Net in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-19T00:00:00Z
date_published 2017-02-14T00:00:00Z
source MITRE
title Net Commands On Windows Operating Systems

Savill 1999

Savill, J. (1999, March 4). Net.exe reference. Retrieved September 22, 2015.

Internal MISP references

UUID e814d4a5-b846-4d68-ac00-7021238d287a which can be used as unique global reference for Savill 1999 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-09-22T00:00:00Z
date_published 1999-03-04T00:00:00Z
source MITRE
title Net.exe reference

Microsoft Net Utility

Microsoft. (2006, October 18). Net.exe Utility. Retrieved September 22, 2015.

Internal MISP references

UUID 75998d1c-69c0-40d2-a64b-43ad8efa05da which can be used as unique global reference for Microsoft Net Utility in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-09-22T00:00:00Z
date_published 2006-10-18T00:00:00Z
source MITRE
title Net.exe Utility

TechNet Netsh Firewall

Microsoft. (2009, June 3). Netsh Commands for Windows Firewall. Retrieved April 20, 2016.

Internal MISP references

UUID 00fb3fa3-6f72-47ad-a950-f258a70485f2 which can be used as unique global reference for TechNet Netsh Firewall in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-20T00:00:00Z
date_published 2009-06-03T00:00:00Z
source MITRE
title Netsh Commands for Windows Firewall

Netsh.exe - LOLBAS Project

LOLBAS. (2019, December 24). Netsh.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 6d76b28f-ab57-46bd-871d-1488212d3a8f which can be used as unique global reference for Netsh.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2019-12-24T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Netsh.exe

Github Netsh Helper CS Beacon

Smeets, M. (2016, September 26). NetshHelperBeacon. Retrieved February 13, 2017.

Internal MISP references

UUID c3169722-9c32-4a38-a7fe-8d4b6e51ca36 which can be used as unique global reference for Github Netsh Helper CS Beacon in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-02-13T00:00:00Z
date_published 2016-09-26T00:00:00Z
source MITRE
title NetshHelperBeacon

TechNet Netstat

Microsoft. (n.d.). Netstat. Retrieved April 17, 2016.

Internal MISP references

UUID 84ac26d8-9c7c-4c8c-bf64-a9fb4578388c which can be used as unique global reference for TechNet Netstat in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-17T00:00:00Z
source MITRE
title Netstat

The DFIR Report NetSupport October 30 2023

The DFIR Report. (2023, October 30). NetSupport Intrusion Results in Domain Compromise. Retrieved May 22, 2024.

Internal MISP references

UUID 0436db31-42f0-47c1-b9a9-c6bb7c60a1ec which can be used as unique global reference for The DFIR Report NetSupport October 30 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-05-22T00:00:00Z
date_published 2023-10-30T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title NetSupport Intrusion Results in Domain Compromise

TechNet Net Time

Microsoft. (n.d.). Net time. Retrieved November 25, 2016.

Internal MISP references

UUID 83094489-791f-4925-879f-e79f67e4bf1f which can be used as unique global reference for TechNet Net Time in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-11-25T00:00:00Z
source MITRE
title Net time

Technet Net Use

Microsoft. (n.d.). Net Use. Retrieved November 25, 2016.

Internal MISP references

UUID f761d4b6-8fc5-4037-aa34-7982c17f8bed which can be used as unique global reference for Technet Net Use in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-11-25T00:00:00Z
source MITRE
title Net Use

TrendMicro Netwalker May 2020

Victor, K.. (2020, May 18). Netwalker Fileless Ransomware Injected via Reflective Loading . Retrieved May 26, 2020.

Internal MISP references

UUID ceda9ef6-e609-4a34-9db1-d2a3ebffb679 which can be used as unique global reference for TrendMicro Netwalker May 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-26T00:00:00Z
date_published 2020-05-18T00:00:00Z
source MITRE
title Netwalker Fileless Ransomware Injected via Reflective Loading

Sophos Netwalker May 2020

Szappanos, G., Brandt, A.. (2020, May 27). Netwalker ransomware tools give insight into threat actor. Retrieved May 27, 2020.

Internal MISP references

UUID 721db562-6046-4f47-95a1-36a16f26f3d1 which can be used as unique global reference for Sophos Netwalker May 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-27T00:00:00Z
date_published 2020-05-27T00:00:00Z
source MITRE
title Netwalker ransomware tools give insight into threat actor

McAfee Netwire Mar 2015

McAfee. (2015, March 2). Netwire RAT Behind Recent Targeted Attacks. Retrieved February 15, 2018.

Internal MISP references

UUID b02fbf00-f571-4507-941d-ac1d4a8310b0 which can be used as unique global reference for McAfee Netwire Mar 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-15T00:00:00Z
date_published 2015-03-02T00:00:00Z
source MITRE
title Netwire RAT Behind Recent Targeted Attacks

Windows Anonymous Enumeration of SAM Accounts

Microsoft. (2017, April 19). Network access: Do not allow anonymous enumeration of SAM accounts and shares. Retrieved May 20, 2020.

Internal MISP references

UUID 25e0244a-b829-4df9-a435-b6f9f1a2f0bc which can be used as unique global reference for Windows Anonymous Enumeration of SAM Accounts in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-20T00:00:00Z
date_published 2017-04-19T00:00:00Z
source MITRE
title Network access: Do not allow anonymous enumeration of SAM accounts and shares

Microsoft Network access Credential Manager

Microsoft. (2016, August 31). Network access: Do not allow storage of passwords and credentials for network authentication. Retrieved November 23, 2020.

Internal MISP references

UUID e0d8c585-e898-43ba-8d46-201dbe52db56 which can be used as unique global reference for Microsoft Network access Credential Manager in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-23T00:00:00Z
date_published 2016-08-31T00:00:00Z
source MITRE
title Network access: Do not allow storage of passwords and credentials for network authentication

Microsoft NFS Overview

Microsoft. (2018, July 9). Network File System overview. Retrieved September 28, 2021.

Internal MISP references

UUID 1e49b346-d822-4f82-92db-2989313d07e9 which can be used as unique global reference for Microsoft NFS Overview in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-28T00:00:00Z
date_published 2018-07-09T00:00:00Z
source MITRE
title Network File System overview

Network Provider API

Microsoft. (2021, January 7). Network Provider API. Retrieved March 30, 2023.

Internal MISP references

UUID b218434e-4233-5963-824e-50ee32d468ed which can be used as unique global reference for Network Provider API in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-30T00:00:00Z
date_published 2021-01-07T00:00:00Z
source MITRE
title Network Provider API

Malware Bytes New AgentTesla variant steals WiFi credentials

Hossein Jazi. (2020, April 16). New AgentTesla variant steals WiFi credentials. Retrieved September 8, 2023.

Internal MISP references

UUID b61b7db6-ed0d-546d-b1e0-c2630530975b which can be used as unique global reference for Malware Bytes New AgentTesla variant steals WiFi credentials in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-08T00:00:00Z
date_published 2020-04-16T00:00:00Z
source MITRE
title New AgentTesla variant steals WiFi credentials

Malwarebytes Agent Tesla April 2020

Jazi, H. (2020, April 16). New AgentTesla variant steals WiFi credentials. Retrieved May 19, 2020.

Internal MISP references

UUID 87f4fe4c-54cd-40a7-938b-6e6f6d2efbea which can be used as unique global reference for Malwarebytes Agent Tesla April 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-19T00:00:00Z
date_published 2020-04-16T00:00:00Z
source MITRE
title New AgentTesla variant steals WiFi credentials

TrendMicro New Andariel Tactics July 2018

Chen, Joseph. (2018, July 16). New Andariel Reconnaissance Tactics Uncovered. Retrieved September 29, 2021.

Internal MISP references

UUID b667eb44-8c2f-4319-bc93-f03610214b8b which can be used as unique global reference for TrendMicro New Andariel Tactics July 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
date_published 2018-07-16T00:00:00Z
source MITRE
title New Andariel Reconnaissance Tactics Uncovered

Unit 42 C0d0so0 Jan 2016

Grunzweig, J., Lee, B. (2016, January 22). New Attacks Linked to C0d0so0 Group. Retrieved August 2, 2018.

Internal MISP references

UUID c740fc1c-093e-4389-890e-1fd88a824df4 which can be used as unique global reference for Unit 42 C0d0so0 Jan 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-02T00:00:00Z
date_published 2016-01-22T00:00:00Z
source MITRE
title New Attacks Linked to C0d0so0 Group

Trend Micro Banking Malware Jan 2019

Salvio, J.. (2014, June 27). New Banking Malware Uses Network Sniffing for Data Theft. Retrieved March 25, 2019.

Internal MISP references

UUID 4fee21e3-1b8f-4e10-b077-b59e2df94633 which can be used as unique global reference for Trend Micro Banking Malware Jan 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-25T00:00:00Z
date_published 2014-06-27T00:00:00Z
source MITRE
title New Banking Malware Uses Network Sniffing for Data Theft

IBM IcedID November 2017

Kessem, L., et al. (2017, November 13). New Banking Trojan IcedID Discovered by IBM X-Force Research. Retrieved July 14, 2020.

Internal MISP references

UUID fdc56361-24f4-4fa5-949e-02e61c4d3be8 which can be used as unique global reference for IBM IcedID November 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-14T00:00:00Z
date_published 2017-11-13T00:00:00Z
source MITRE
title New Banking Trojan IcedID Discovered by IBM X-Force Research

Minerva Labs Black Basta May 2022

Zargarov, N. (2022, May 2). New Black Basta Ransomware Hijacks Windows Fax Service. Retrieved March 7, 2023.

Internal MISP references

UUID 6358f7ed-41d6-56be-83bb-179e0a8b7873 which can be used as unique global reference for Minerva Labs Black Basta May 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-07T00:00:00Z
date_published 2022-05-02T00:00:00Z
source MITRE
title New Black Basta Ransomware Hijacks Windows Fax Service

Google TAG Lazarus Jan 2021

Weidemann, A. (2021, January 25). New campaign targeting security researchers. Retrieved December 20, 2021.

Internal MISP references

UUID fb4b3427-353d-44c7-8dcd-d257324a83b2 which can be used as unique global reference for Google TAG Lazarus Jan 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-20T00:00:00Z
date_published 2021-01-25T00:00:00Z
source MITRE
title New campaign targeting security researchers

Airbus Derusbi 2015

Perigaud, F. (2015, December 15). Newcomers in the Derusbi family. Retrieved December 20, 2017.

Internal MISP references

UUID 9b419a40-c20b-40dd-8627-9c1c786bf165 which can be used as unique global reference for Airbus Derusbi 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 2015-12-15T00:00:00Z
source MITRE
title Newcomers in the Derusbi family

Malwarebytes Crossrider Apr 2018

Reed, Thomas. (2018, April 24). New Crossrider variant installs configuration profiles on Macs. Retrieved September 6, 2019.

Internal MISP references

UUID 80530288-26a3-4c3e-ace1-47510df10fbd which can be used as unique global reference for Malwarebytes Crossrider Apr 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-06T00:00:00Z
date_published 2018-04-24T00:00:00Z
source MITRE
title New Crossrider variant installs configuration profiles on Macs

CyberBit Early Bird Apr 2018

Gavriel, H. & Erbesfeld, B. (2018, April 11). New ‘Early Bird’ Code Injection Technique Discovered. Retrieved May 24, 2018.

Internal MISP references

UUID 8ae4ec67-518e-46dd-872c-7e2a9ca4ef13 which can be used as unique global reference for CyberBit Early Bird Apr 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-24T00:00:00Z
date_published 2018-04-11T00:00:00Z
source MITRE
title New ‘Early Bird’ Code Injection Technique Discovered

Zscaler Molerats Campaign

Sahil Antil, Sudeep Singh. (2022, January 20). New espionage attack by Molerats APT targeting users in the Middle East. Retrieved October 10, 2023.

Internal MISP references

UUID 3b39e73e-229f-4ff4-bec3-d83e6364a66e which can be used as unique global reference for Zscaler Molerats Campaign in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-10T00:00:00Z
date_published 2022-01-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title New espionage attack by Molerats APT targeting users in the Middle East

CrowdStrike Wizard Spider March 2019

Feeley, B. and Stone-Gross, B. (2019, March 20). New Evidence Proves Ongoing WIZARD SPIDER / LUNAR SPIDER Collaboration. Retrieved June 15, 2020.

Internal MISP references

UUID d7001d6f-97a1-4155-8f74-3d878d4cbb27 which can be used as unique global reference for CrowdStrike Wizard Spider March 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-15T00:00:00Z
date_published 2019-03-20T00:00:00Z
source MITRE
title New Evidence Proves Ongoing WIZARD SPIDER / LUNAR SPIDER Collaboration

Bleeping Computer Evil Corp mimics PayloadBin gang 2022

Abrams, L. (2021, June 6). New Evil Corp ransomware mimics PayloadBin gang to evade US sanctions. Retrieved July 19, 2022.

Internal MISP references

UUID 5695d3a2-6b6c-433a-9254-d4a2e001a8be which can be used as unique global reference for Bleeping Computer Evil Corp mimics PayloadBin gang 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-19T00:00:00Z
source Tidal Cyber
title New Evil Corp ransomware mimics PayloadBin gang to evade US sanctions

Microsoft Block Office Macros

Windows Defender Research. (2016, March 22). New feature in Office 2016 can block macros and help prevent infection. Retrieved April 11, 2018.

Internal MISP references

UUID 4d0f4d0a-b812-42f8-a52c-a1f5c69e6337 which can be used as unique global reference for Microsoft Block Office Macros in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-11T00:00:00Z
date_published 2016-03-22T00:00:00Z
source MITRE
title New feature in Office 2016 can block macros and help prevent infection

TechNet Office Macro Security

Microsoft Malware Protection Center. (2016, March 22). New feature in Office 2016 can block macros and help prevent infection. Retrieved July 3, 2017.

Internal MISP references

UUID f14f08c5-de51-4827-ba3a-f0598dfbe505 which can be used as unique global reference for TechNet Office Macro Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-03T00:00:00Z
date_published 2016-03-22T00:00:00Z
source MITRE
title New feature in Office 2016 can block macros and help prevent infection

SolarWinds Sunburst Sunspot Update January 2021

Sudhakar Ramakrishna . (2021, January 11). New Findings From Our Investigation of SUNBURST. Retrieved January 13, 2021.

Internal MISP references

UUID 1be1b6e0-1b42-4d07-856b-b6321c17bb88 which can be used as unique global reference for SolarWinds Sunburst Sunspot Update January 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-13T00:00:00Z
date_published 2021-01-11T00:00:00Z
source MITRE
title New Findings From Our Investigation of SUNBURST

BleepingComp Godlua JUL19

Gatlan, S. (2019, July 3). New Godlua Malware Evades Traffic Monitoring via DNS over HTTPS. Retrieved March 15, 2020.

Internal MISP references

UUID fd862d10-79bc-489d-a552-118014d01648 which can be used as unique global reference for BleepingComp Godlua JUL19 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-15T00:00:00Z
date_published 2019-07-03T00:00:00Z
source MITRE
title New Godlua Malware Evades Traffic Monitoring via DNS over HTTPS

HTML Smuggling Menlo Security 2020

Subramanian, K. (2020, August 18). New HTML Smuggling Attack Alert: Duri. Retrieved May 20, 2021.

Internal MISP references

UUID a9fc3502-66c2-4504-9886-458f8a803b5d which can be used as unique global reference for HTML Smuggling Menlo Security 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-20T00:00:00Z
date_published 2020-08-18T00:00:00Z
source MITRE
title New HTML Smuggling Attack Alert: Duri

Microsoft New-InboxRule

Microsoft. (n.d.). New-InboxRule. Retrieved June 7, 2021.

Internal MISP references

UUID 54fcfc36-e0d5-422f-8a45-eeb7fa077a93 which can be used as unique global reference for Microsoft New-InboxRule in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-07T00:00:00Z
source MITRE
title New-InboxRule

AWS - IAM Console Best Practices

Moncur, Rob. (2020, July 5). New Information in the AWS IAM Console Helps You Follow IAM Best Practices. Retrieved August 4, 2020.

Internal MISP references

UUID dadae802-91a7-46d4-aacd-48f49f22854e which can be used as unique global reference for AWS - IAM Console Best Practices in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-04T00:00:00Z
date_published 2020-07-05T00:00:00Z
source MITRE
title New Information in the AWS IAM Console Helps You Follow IAM Best Practices

Trend Micro Ransomware February 2021

Centero, R. et al. (2021, February 5). New in Ransomware: Seth-Locker, Babuk Locker, Maoloa, TeslaCrypt, and CobraLocker. Retrieved August 11, 2021.

Internal MISP references

UUID 64a86a3f-0160-4766-9ac1-7d287eb2c323 which can be used as unique global reference for Trend Micro Ransomware February 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-11T00:00:00Z
date_published 2021-02-05T00:00:00Z
source MITRE
title New in Ransomware: Seth-Locker, Babuk Locker, Maoloa, TeslaCrypt, and CobraLocker

Avast CCleaner3 2018

Avast Threat Intelligence Team. (2018, March 8). New investigations into the CCleaner incident point to a possible third stage that had keylogger capacities. Retrieved March 15, 2018.

Internal MISP references

UUID 1641553f-96e7-4829-8c77-d96388dac5c7 which can be used as unique global reference for Avast CCleaner3 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-15T00:00:00Z
date_published 2018-03-08T00:00:00Z
source MITRE
title New investigations into the CCleaner incident point to a possible third stage that had keylogger capacities

amnesia malware

Claud Xiao, Cong Zheng, Yanhui Jia. (2017, April 6). New IoT/Linux Malware Targets DVRs, Forms Botnet. Retrieved February 19, 2018.

Internal MISP references

UUID 489a6c57-f64c-423b-a7bd-169fa36c4cdf which can be used as unique global reference for amnesia malware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-19T00:00:00Z
date_published 2017-04-06T00:00:00Z
source MITRE
title New IoT/Linux Malware Targets DVRs, Forms Botnet

Tsunami

Claud Xiao and Cong Zheng. (2017, April 6). New IoT/Linux Malware Targets DVRs, Forms Botnet. Retrieved December 17, 2020.

Internal MISP references

UUID 95b5b03e-f160-47cf-920c-8f4f3d4114a3 which can be used as unique global reference for Tsunami in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-17T00:00:00Z
date_published 2017-04-06T00:00:00Z
source MITRE
title New IoT/Linux Malware Targets DVRs, Forms Botnet

ClearSky Siamesekitten August 2021

ClearSky Cyber Security . (2021, August). New Iranian Espionage Campaign By “Siamesekitten” - Lyceum. Retrieved June 6, 2022.

Internal MISP references

UUID 9485efce-8d54-4461-b64e-0d15e31fbf8c which can be used as unique global reference for ClearSky Siamesekitten August 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-06T00:00:00Z
date_published 2021-08-01T00:00:00Z
source MITRE
title New Iranian Espionage Campaign By “Siamesekitten” - Lyceum

Unit 42 NOKKI Sept 2018

Grunzweig, J., Lee, B. (2018, September 27). New KONNI Malware attacking Eurasia and Southeast Asia. Retrieved November 5, 2018.

Internal MISP references

UUID f3d3b9bc-4c59-4a1f-b602-e3e884661708 which can be used as unique global reference for Unit 42 NOKKI Sept 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-05T00:00:00Z
date_published 2018-09-27T00:00:00Z
source MITRE
title New KONNI Malware attacking Eurasia and Southeast Asia

Arghire LazyScripter

Ionut Arghire. (2021, February 24). New ‘LazyScripter’ Hacking Group Targets Airlines. Retrieved January 10, 2024.

Internal MISP references

UUID bafb2088-d3c1-5550-a48e-cf1e84662fcc which can be used as unique global reference for Arghire LazyScripter in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-10T00:00:00Z
date_published 2021-02-24T00:00:00Z
source MITRE
title New ‘LazyScripter’ Hacking Group Targets Airlines

Trend Micro Cheerscrypt May 2022

Dela Cruz, A. et al. (2022, May 25). New Linux-Based Ransomware Cheerscrypt Targeting ESXi Devices Linked to Leaked Babuk Source Code. Retrieved December 19, 2023.

Internal MISP references

UUID ca7ccf2c-37f3-522a-acfb-09daa16e23d8 which can be used as unique global reference for Trend Micro Cheerscrypt May 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-19T00:00:00Z
date_published 2022-05-25T00:00:00Z
source MITRE
title New Linux-Based Ransomware Cheerscrypt Targeting ESXi Devices Linked to Leaked Babuk Source Code

Malwarebytes Higaisa 2020

Malwarebytes Threat Intelligence Team. (2020, June 4). New LNK attack tied to Higaisa APT discovered. Retrieved March 2, 2021.

Internal MISP references

UUID 6054e0ab-cf61-49ba-b7f5-58b304477451 which can be used as unique global reference for Malwarebytes Higaisa 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-02T00:00:00Z
date_published 2020-06-04T00:00:00Z
source MITRE
title New LNK attack tied to Higaisa APT discovered

New loader on the bloc - AresLoader | Intel471

Intel471. (2023, March 22). New loader on the bloc - AresLoader. Retrieved May 7, 2023.

Internal MISP references

UUID 1bdd0957-1f5b-4323-bf49-f5c41b8c397a which can be used as unique global reference for New loader on the bloc - AresLoader | Intel471 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2023-03-22T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title New loader on the bloc - AresLoader

Gallagher 2015

Gallagher, S.. (2015, August 5). Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes”. Retrieved January 25, 2016.

Internal MISP references

UUID b1540c5c-0bbc-4b9d-9185-fae224ba31be which can be used as unique global reference for Gallagher 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-25T00:00:00Z
date_published 2015-08-05T00:00:00Z
source MITRE
title Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes”

FireEye Ursnif Nov 2017

Vaish, A. & Nemes, S. (2017, November 28). Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection. Retrieved June 5, 2019.

Internal MISP references

UUID 32c0b9d2-9f31-4e49-8b3a-c63ff4fffa47 which can be used as unique global reference for FireEye Ursnif Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-05T00:00:00Z
date_published 2017-11-28T00:00:00Z
source MITRE
title Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection

FireEye TLS Nov 2017

Vaish, A. & Nemes, S. (2017, November 28). Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection. Retrieved December 18, 2017.

Internal MISP references

UUID 9737055a-f583-448e-84d0-1d336c4da9a8 which can be used as unique global reference for FireEye TLS Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-18T00:00:00Z
date_published 2017-11-28T00:00:00Z
source MITRE
title Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection

Antiquated Mac Malware

Thomas Reed. (2017, January 18). New Mac backdoor using antiquated code. Retrieved July 5, 2017.

Internal MISP references

UUID 165edb01-2681-45a3-b76b-4eb7dee5dab9 which can be used as unique global reference for Antiquated Mac Malware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-05T00:00:00Z
date_published 2017-01-18T00:00:00Z
source MITRE
title New Mac backdoor using antiquated code

Trend Micro MacOS Backdoor November 2020

Magisa, L. (2020, November 27). New MacOS Backdoor Connected to OceanLotus Surfaces. Retrieved December 2, 2020.

Internal MISP references

UUID 43726cb8-a169-4594-9323-fad65b9bae97 which can be used as unique global reference for Trend Micro MacOS Backdoor November 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-02T00:00:00Z
date_published 2020-11-27T00:00:00Z
source MITRE
title New MacOS Backdoor Connected to OceanLotus Surfaces

TrendMicro MacOS April 2018

Horejsi, J. (2018, April 04). New MacOS Backdoor Linked to OceanLotus Found. Retrieved November 13, 2018.

Internal MISP references

UUID e18ad1a7-1e7e-4aca-be9b-9ee12b41c147 which can be used as unique global reference for TrendMicro MacOS April 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-13T00:00:00Z
date_published 2018-04-04T00:00:00Z
source MITRE
title New MacOS Backdoor Linked to OceanLotus Found

TrendMicro macOS Dacls May 2020

Mabutas, G. (2020, May 11). New MacOS Dacls RAT Backdoor Shows Lazarus’ Multi-Platform Attack Capability. Retrieved August 10, 2020.

Internal MISP references

UUID 0ef8691d-48ae-4057-82ef-eb086c05e2b9 which can be used as unique global reference for TrendMicro macOS Dacls May 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-10T00:00:00Z
date_published 2020-05-11T00:00:00Z
source MITRE
title New MacOS Dacls RAT Backdoor Shows Lazarus’ Multi-Platform Attack Capability

OSX Malware Exploits MacKeeper

Sergei Shevchenko. (2015, June 4). New Mac OS Malware Exploits Mackeeper. Retrieved July 3, 2017.

Internal MISP references

UUID 8c4bcbc7-ff52-4f7b-a22e-98bf9cfb1040 which can be used as unique global reference for OSX Malware Exploits MacKeeper in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-03T00:00:00Z
date_published 2015-06-04T00:00:00Z
source MITRE
title New Mac OS Malware Exploits Mackeeper

Carbon Black Shlayer Feb 2019

Carbon Black Threat Analysis Unit. (2019, February 12). New macOS Malware Variant of Shlayer (OSX) Discovered. Retrieved August 8, 2019.

Internal MISP references

UUID d8212691-4a6e-49bf-bc33-740850a1189a which can be used as unique global reference for Carbon Black Shlayer Feb 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-08-08T00:00:00Z
date_published 2019-02-12T00:00:00Z
source MITRE
title New macOS Malware Variant of Shlayer (OSX) Discovered

Palo Alto Rover

Ray, V., Hayashi, K. (2016, February 29). New Malware ‘Rover’ Targets Indian Ambassador to Afghanistan. Retrieved February 29, 2016.

Internal MISP references

UUID bbdf3f49-9875-4d41-986d-b693e82c77e1 which can be used as unique global reference for Palo Alto Rover in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-02-29T00:00:00Z
date_published 2016-02-29T00:00:00Z
source MITRE
title New Malware ‘Rover’ Targets Indian Ambassador to Afghanistan

Palo Alto Reaver Nov 2017

Grunzweig, J. and Miller-Osborn, J. (2017, November 10). New Malware with Ties to SunOrcal Discovered. Retrieved November 16, 2017.

Internal MISP references

UUID 69fbe527-2ec4-457b-81b1-2eda65eb8442 which can be used as unique global reference for Palo Alto Reaver Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-16T00:00:00Z
date_published 2017-11-10T00:00:00Z
source MITRE
title New Malware with Ties to SunOrcal Discovered

Trend Micro Xbash Sept 2018

Trend Micro. (2018, September 19). New Multi-Platform Xbash Packs Obfuscation, Ransomware, Coinminer, Worm and Botnet. Retrieved June 4, 2019.

Internal MISP references

UUID a4b37a24-b2a0-4fcb-9ec3-0d6b67e4e13b which can be used as unique global reference for Trend Micro Xbash Sept 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-04T00:00:00Z
date_published 2018-09-19T00:00:00Z
source MITRE
title New Multi-Platform Xbash Packs Obfuscation, Ransomware, Coinminer, Worm and Botnet

NKAbuse BC

Bill Toulas. (2023, December 14). New NKAbuse malware abuses NKN blockchain for stealthy comms. Retrieved February 8, 2024.

Internal MISP references

UUID 7c0fea50-a125-57eb-9a86-dd0d6693abce which can be used as unique global reference for NKAbuse BC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-08T00:00:00Z
date_published 2023-12-14T00:00:00Z
source MITRE
title New NKAbuse malware abuses NKN blockchain for stealthy comms

MSRC Nobelium June 2021

MSRC. (2021, June 25). New Nobelium activity. Retrieved August 4, 2021.

Internal MISP references

UUID 1588799f-a5d2-46bc-978d-f10ed7ceb15c which can be used as unique global reference for MSRC Nobelium June 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-04T00:00:00Z
date_published 2021-06-25T00:00:00Z
source MITRE
title New Nobelium activity

Symantec Orangeworm April 2018

Symantec Security Response Attack Investigation Team. (2018, April 23). New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia. Retrieved May 8, 2018.

Internal MISP references

UUID eee5efa1-bbc6-44eb-8fae-23002f351605 which can be used as unique global reference for Symantec Orangeworm April 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-08T00:00:00Z
date_published 2018-04-23T00:00:00Z
source MITRE, Tidal Cyber
title New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia

OSX.Dok Malware

Thomas Reed. (2017, July 7). New OSX.Dok malware intercepts web traffic. Retrieved July 10, 2017.

Internal MISP references

UUID 71d65081-dada-4a69-94c5-f1d8e4e151c1 which can be used as unique global reference for OSX.Dok Malware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-10T00:00:00Z
date_published 2017-07-07T00:00:00Z
source MITRE
title New OSX.Dok malware intercepts web traffic

OSX Keydnap malware

Marc-Etienne M.Leveille. (2016, July 6). New OSX/Keydnap malware is hungry for credentials. Retrieved July 3, 2017.

Internal MISP references

UUID d43e0dd1-0946-4f49-bcc7-3ef38445eac3 which can be used as unique global reference for OSX Keydnap malware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-03T00:00:00Z
date_published 2016-07-06T00:00:00Z
source MITRE
title New OSX/Keydnap malware is hungry for credentials

Intego Shlayer Apr 2018

Vrijenhoek, Jay. (2018, April 24). New OSX/Shlayer Malware Variant Found Using a Dirty New Trick. Retrieved September 6, 2019.

Internal MISP references

UUID 3ca1254c-db51-4a5d-8242-ffd9e4481c22 which can be used as unique global reference for Intego Shlayer Apr 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-06T00:00:00Z
date_published 2018-04-24T00:00:00Z
source MITRE
title New OSX/Shlayer Malware Variant Found Using a Dirty New Trick

Cybereason Linux Exim Worm

Cybereason Nocturnus. (2019, June 13). New Pervasive Worm Exploiting Linux Exim Server Vulnerability. Retrieved June 24, 2020.

Internal MISP references

UUID 9523d8ae-d749-4c25-8c7b-df2d8c25c3c8 which can be used as unique global reference for Cybereason Linux Exim Worm in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-24T00:00:00Z
date_published 2019-06-13T00:00:00Z
source MITRE
title New Pervasive Worm Exploiting Linux Exim Server Vulnerability

Netskope Device Code Phishing 2021

Jenko Hwong. (2021, August 10). New Phishing Attacks Exploiting OAuth Authorization Flows (Part 1). Retrieved March 19, 2024.

Internal MISP references

UUID 175ea9c6-aa18-581b-9af5-d4d44f0909e9 which can be used as unique global reference for Netskope Device Code Phishing 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-19T00:00:00Z
date_published 2021-08-10T00:00:00Z
source MITRE
title New Phishing Attacks Exploiting OAuth Authorization Flows (Part 1)

Microsoft Prestige ransomware October 2022

MSTIC. (2022, October 14). New “Prestige” ransomware impacts organizations in Ukraine and Poland. Retrieved January 19, 2023.

Internal MISP references

UUID b57e1181-461b-5ada-a739-873ede1ec079 which can be used as unique global reference for Microsoft Prestige ransomware October 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-01-19T00:00:00Z
date_published 2022-10-14T00:00:00Z
source MITRE
title New “Prestige” ransomware impacts organizations in Ukraine and Poland

Unit 42 MechaFlounder March 2019

Falcone, R. (2019, March 4). New Python-Based Payload MechaFlounder Used by Chafer. Retrieved May 27, 2020.

Internal MISP references

UUID 2263af27-9c30-4bf6-a204-2f148ebdd17c which can be used as unique global reference for Unit 42 MechaFlounder March 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-27T00:00:00Z
date_published 2019-03-04T00:00:00Z
source MITRE
title New Python-Based Payload MechaFlounder Used by Chafer

Talos Nyetya June 2017

Chiu, A. (2016, June 27). New Ransomware Variant "Nyetya" Compromises Systems Worldwide. Retrieved March 26, 2019.

Internal MISP references

UUID c76e806c-b0e3-4ab9-ba6d-68a9f731f127 which can be used as unique global reference for Talos Nyetya June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-26T00:00:00Z
date_published 2016-06-27T00:00:00Z
source MITRE
title New Ransomware Variant "Nyetya" Compromises Systems Worldwide

Cyble Black Basta May 2022

Cyble. (2022, May 6). New ransomware variant targeting high-value organizations. Retrieved March 7, 2023.

Internal MISP references

UUID 18035aba-0ae3-58b8-b426-86c2e38a37ae which can be used as unique global reference for Cyble Black Basta May 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-07T00:00:00Z
date_published 2022-05-06T00:00:00Z
source MITRE
title New ransomware variant targeting high-value organizations

Bleepingcomputer RAT malware 2020

Abrams, L. (2020, October 23). New RAT malware gets commands via Discord, has ransomware feature. Retrieved April 1, 2021.

Internal MISP references

UUID a587ea99-a951-4aa8-a3cf-a4822ae97490 which can be used as unique global reference for Bleepingcomputer RAT malware 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-01T00:00:00Z
date_published 2020-10-23T00:00:00Z
source MITRE
title New RAT malware gets commands via Discord, has ransomware feature

IBM ITG18 2020

Wikoff, A. Emerson, R. (2020, July 16). New Research Exposes Iranian Threat Group Operations. Retrieved March 8, 2021.

Internal MISP references

UUID 523b7a1e-88ef-4440-a7b3-3fd0b8d5e199 which can be used as unique global reference for IBM ITG18 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-08T00:00:00Z
date_published 2020-07-16T00:00:00Z
source MITRE
title New Research Exposes Iranian Threat Group Operations

new_rogue_DHCP_serv_malware

Irwin, Ullrich, J. (2009, March 16). new rogue-DHCP server malware. Retrieved January 14, 2022.

Internal MISP references

UUID 8e0a8a9a-9b1f-4141-b595-80b98daf6b68 which can be used as unique global reference for new_rogue_DHCP_serv_malware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-14T00:00:00Z
date_published 2009-03-16T00:00:00Z
source MITRE
title new rogue-DHCP server malware

NCSC, CISA, FBI, NSA. (2022, February 23). New Sandworm malware Cyclops Blink replaces VPNFilter. Retrieved March 3, 2022.

Internal MISP references

UUID bee6cf85-5cb9-4000-b82e-9e15aebfbece which can be used as unique global reference for NCSC CISA Cyclops Blink Advisory February 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-03T00:00:00Z
date_published 2022-02-23T00:00:00Z
source MITRE
title New Sandworm malware Cyclops Blink replaces VPNFilter

Eweek Newscaster and Charming Kitten May 2014

Kerner, S. (2014, May 29). Newscaster Threat Uses Social Media for Intelligence Gathering. Retrieved April 14, 2021.

Internal MISP references

UUID a3407cd2-d579-4d64-8f2e-162c31a99534 which can be used as unique global reference for Eweek Newscaster and Charming Kitten May 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-14T00:00:00Z
date_published 2014-05-29T00:00:00Z
source MITRE
title Newscaster Threat Uses Social Media for Intelligence Gathering

Deep Instinct TA505 Apr 2019

Vilkomir-Preisman, S. (2019, April 2). New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload. Retrieved May 28, 2019.

Internal MISP references

UUID 529524c0-123b-459c-bc6f-62aa45c228d1 which can be used as unique global reference for Deep Instinct TA505 Apr 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-28T00:00:00Z
date_published 2019-04-02T00:00:00Z
source MITRE
title New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload

Janicab

Thomas. (2013, July 15). New signed malware called Janicab. Retrieved July 17, 2017.

Internal MISP references

UUID 1acc1a83-faac-41d3-a08b-cc3a539567fb which can be used as unique global reference for Janicab in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-17T00:00:00Z
date_published 2013-07-15T00:00:00Z
source MITRE
title New signed malware called Janicab

MSTIC NOBELIUM May 2021

Microsoft Threat Intelligence Center (MSTIC). (2021, May 27). New sophisticated email-based attack from NOBELIUM. Retrieved May 28, 2021.

Internal MISP references

UUID 047ec63f-1f4b-4b57-9ab5-8a5cfcc11f4d which can be used as unique global reference for MSTIC NOBELIUM May 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-28T00:00:00Z
date_published 2021-05-27T00:00:00Z
source MITRE
title New sophisticated email-based attack from NOBELIUM

Microsoft Phosphorus Mar 2019

Burt, T. (2019, March 27). New steps to protect customers from hacking. Retrieved May 27, 2020.

Internal MISP references

UUID c55a112d-4b05-4c32-a5b3-480b12929115 which can be used as unique global reference for Microsoft Phosphorus Mar 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-27T00:00:00Z
date_published 2019-03-27T00:00:00Z
source MITRE
title New steps to protect customers from hacking

FireEye SUNSHUTTLE Mar 2021

Smith, L., Leathery, J., Read, B. (2021, March 4). New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452. Retrieved March 12, 2021.

Internal MISP references

UUID 1cdb8a1e-fbed-4db3-b273-5f8f45356dc1 which can be used as unique global reference for FireEye SUNSHUTTLE Mar 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-12T00:00:00Z
date_published 2021-03-04T00:00:00Z
source MITRE
title New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452

Blasco 2013

Blasco, J. (2013, March 21). New Sykipot developments [Blog]. Retrieved November 12, 2014.

Internal MISP references

UUID 46be6b77-ee2b-407e-bdd4-5a1183eda7f3 which can be used as unique global reference for Blasco 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
date_published 2013-03-21T00:00:00Z
source MITRE
title New Sykipot developments [Blog]

Malwarebytes Targeted Attack against Saudi Arabia

Malwarebytes Labs. (2017, March 27). New targeted attack against Saudi Arabia Government. Retrieved July 3, 2017.

Internal MISP references

UUID 735647f9-9cd4-4a20-8812-4671a3358e46 which can be used as unique global reference for Malwarebytes Targeted Attack against Saudi Arabia in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-03T00:00:00Z
date_published 2017-03-27T00:00:00Z
source MITRE
title New targeted attack against Saudi Arabia Government

FireEye APT34 Dec 2017

Sardiwal, M, et al. (2017, December 7). New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit. Retrieved December 20, 2017.

Internal MISP references

UUID 88f41728-08ad-4cd8-a418-895738d68b04 which can be used as unique global reference for FireEye APT34 Dec 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 2017-12-07T00:00:00Z
source MITRE, Tidal Cyber
title New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit

Unit 42 Cobalt Gang Oct 2018

Unit 42. (2018, October 25). New Techniques to Uncover and Attribute Financial actors Commodity Builders and Infrastructure Revealed. Retrieved December 11, 2018.

Internal MISP references

UUID 8956f0e5-d07f-4063-bf60-f8b964d03e6d which can be used as unique global reference for Unit 42 Cobalt Gang Oct 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-12-11T00:00:00Z
date_published 2018-10-25T00:00:00Z
source MITRE
title New Techniques to Uncover and Attribute Financial actors Commodity Builders and Infrastructure Revealed

ESET TeleBots Oct 2018

Cherepanov, A., Lipovsky, R. (2018, October 11). New TeleBots backdoor: First evidence linking Industroyer to NotPetya. Retrieved November 27, 2018.

Internal MISP references

UUID 56372448-03f5-49b5-a2a9-384fbd49fefc which can be used as unique global reference for ESET TeleBots Oct 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-27T00:00:00Z
date_published 2018-10-11T00:00:00Z
source MITRE
title New TeleBots backdoor: First evidence linking Industroyer to NotPetya

Unit 42 DarkHydrus July 2018

Falcone, R., et al. (2018, July 27). New Threat Actor Group DarkHydrus Targets Middle East Government. Retrieved August 2, 2018.

Internal MISP references

UUID 800279cf-e6f8-4721-818f-46e35ec7892a which can be used as unique global reference for Unit 42 DarkHydrus July 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-02T00:00:00Z
date_published 2018-07-27T00:00:00Z
source MITRE, Tidal Cyber
title New Threat Actor Group DarkHydrus Targets Middle East Government

Bitdefender Trickbot March 2020

Tudorica, R., Maximciuc, A., Vatamanu, C. (2020, March 18). New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong. Retrieved March 15, 2021.

Internal MISP references

UUID 2ccdaded-97f6-47e2-b6c0-9a83e8a945d6 which can be used as unique global reference for Bitdefender Trickbot March 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-15T00:00:00Z
date_published 2020-03-18T00:00:00Z
source MITRE
title New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong

Malwarebytes Konni Aug 2021

Threat Intelligence Team. (2021, August 23). New variant of Konni malware used in campaign targetting Russia. Retrieved January 5, 2022.

Internal MISP references

UUID fb8c6402-ec18-414a-85f7-3d76eacbd890 which can be used as unique global reference for Malwarebytes Konni Aug 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-05T00:00:00Z
date_published 2021-08-23T00:00:00Z
source MITRE
title New variant of Konni malware used in campaign targetting Russia

Proofpoint Vega Credential Stealer May 2018

Proofpoint. (2018, May 10). New Vega Stealer shines brightly in targeted campaign . Retrieved June 18, 2019.

Internal MISP references

UUID c52fe62f-4df4-43b0-a126-2df07dc61fc0 which can be used as unique global reference for Proofpoint Vega Credential Stealer May 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-18T00:00:00Z
date_published 2018-05-10T00:00:00Z
source MITRE
title New Vega Stealer shines brightly in targeted campaign

Proofpoint Azorult July 2018

Proofpoint. (2018, July 30). New version of AZORult stealer improves loading features, spreads alongside ransomware in new campaign. Retrieved November 29, 2018.

Internal MISP references

UUID a85c869a-3ba3-42c2-9460-d3d1f0874044 which can be used as unique global reference for Proofpoint Azorult July 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-29T00:00:00Z
date_published 2018-07-30T00:00:00Z
source MITRE
title New version of AZORult stealer improves loading features, spreads alongside ransomware in new campaign

Avira Mustang Panda January 2020

Hamzeloofard, S. (2020, January 31). New wave of PlugX targets Hong Kong | Avira Blog. Retrieved April 13, 2021.

Internal MISP references

UUID bc7755a0-5ee3-477b-b8d7-67174a59d0e2 which can be used as unique global reference for Avira Mustang Panda January 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-13T00:00:00Z
date_published 2020-01-31T00:00:00Z
source MITRE
title New wave of PlugX targets Hong Kong

Palo Alto DNS Requests

Grunzweig, J., et al. (2016, May 24). New Wekby Attacks Use DNS Requests As Command and Control Mechanism. Retrieved August 17, 2016.

Internal MISP references

UUID 4a946c3f-ee0a-4649-8104-2bd9d90ebd49 which can be used as unique global reference for Palo Alto DNS Requests in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-17T00:00:00Z
date_published 2016-05-24T00:00:00Z
source MITRE
title New Wekby Attacks Use DNS Requests As Command and Control Mechanism

PaloAlto DNS Requests May 2016

Grunzweig, J., et al. (2016, May 24). New Wekby Attacks Use DNS Requests As Command and Control Mechanism. Retrieved November 15, 2018.

Internal MISP references

UUID 6f08aa4e-c89f-4d3e-8f46-e856e21d2d50 which can be used as unique global reference for PaloAlto DNS Requests May 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-15T00:00:00Z
date_published 2016-05-24T00:00:00Z
source MITRE
title New Wekby Attacks Use DNS Requests As Command and Control Mechanism

Unit42 Azorult Nov 2018

Yan, T., et al. (2018, November 21). New Wine in Old Bottle: New Azorult Variant Found in FindMyName Campaign using Fallout Exploit Kit. Retrieved November 29, 2018.

Internal MISP references

UUID 44ceddf6-bcbf-4a60-bb92-f8cdc675d185 which can be used as unique global reference for Unit42 Azorult Nov 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-29T00:00:00Z
date_published 2018-11-21T00:00:00Z
source MITRE
title New Wine in Old Bottle: New Azorult Variant Found in FindMyName Campaign using Fallout Exploit Kit

FireEye Clandestine Fox

Chen, X., Scott, M., Caselden, D.. (2014, April 26). New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks. Retrieved January 14, 2016.

Internal MISP references

UUID fd536975-ff27-45fc-a07f-4b2128568df8 which can be used as unique global reference for FireEye Clandestine Fox in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-14T00:00:00Z
date_published 2014-04-26T00:00:00Z
source MITRE
title New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks

Twitter ItsReallyNick Platinum Masquerade

Carr, N.. (2018, October 25). Nick Carr Status Update. Retrieved April 22, 2019.

Internal MISP references

UUID 12eea502-cf70-474f-8127-352cacc37418 which can be used as unique global reference for Twitter ItsReallyNick Platinum Masquerade in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-22T00:00:00Z
date_published 2018-10-25T00:00:00Z
source MITRE
title Nick Carr Status Update

Twitter ItsReallyNick APT32 pubprn Masquerade

Carr, N.. (2017, December 26). Nick Carr Status Update APT32 pubprn. Retrieved April 22, 2019.

Internal MISP references

UUID 731865ea-2410-40ac-85cf-75f768edd08a which can be used as unique global reference for Twitter ItsReallyNick APT32 pubprn Masquerade in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-22T00:00:00Z
date_published 2017-12-26T00:00:00Z
source MITRE
title Nick Carr Status Update APT32 pubprn

Twitter ItsReallyNick APT41 EK

Carr, N. (2019, October 30). Nick Carr Status Update APT41 Environmental Keying. Retrieved June 23, 2020.

Internal MISP references

UUID e226a034-b79b-42bd-8115-2537f98e5d46 which can be used as unique global reference for Twitter ItsReallyNick APT41 EK in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-23T00:00:00Z
date_published 2019-10-30T00:00:00Z
source MITRE
title Nick Carr Status Update APT41 Environmental Keying

Twitter ItsReallyNick Masquerading Update

Carr, N.. (2018, October 25). Nick Carr Status Update Masquerading. Retrieved April 22, 2019.

Internal MISP references

UUID aca324b7-15f1-47b5-9c13-248d1b1a7fff which can be used as unique global reference for Twitter ItsReallyNick Masquerading Update in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-22T00:00:00Z
date_published 2018-10-25T00:00:00Z
source MITRE
title Nick Carr Status Update Masquerading

SecureWorks NICKEL GLADSTONE profile Sept 2021

SecureWorks. (2021, September 29). NICKEL GLADSTONE Threat Profile. Retrieved September 29, 2021.

Internal MISP references

UUID c78a8379-04a4-4558-820d-831ad4f267fd which can be used as unique global reference for SecureWorks NICKEL GLADSTONE profile Sept 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
date_published 2021-09-29T00:00:00Z
source MITRE
title NICKEL GLADSTONE Threat Profile

Microsoft NICKEL December 2021

MSTIC. (2021, December 6). NICKEL targeting government organizations across Latin America and Europe. Retrieved March 18, 2022.

Internal MISP references

UUID 29a46bb3-f514-4554-ad9c-35f9a5ad9870 which can be used as unique global reference for Microsoft NICKEL December 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-18T00:00:00Z
date_published 2021-12-06T00:00:00Z
source MITRE, Tidal Cyber
title NICKEL targeting government organizations across Latin America and Europe

Nicolas Falliere, Liam O Murchu, Eric Chien February 2011

Nicolas Falliere, Liam O Murchu, Eric Chien. (2011, February) W32.Stuxnet Dossier (Version 1.4). Retrieved September 22, 2017

Internal MISP references

UUID a1b371c2-b2b1-5780-95c8-11f8c616dcf3 which can be used as unique global reference for Nicolas Falliere, Liam O Murchu, Eric Chien February 2011 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-09-22T00:00:00Z
source MITRE
title Nicolas Falliere, Liam O Murchu, Eric Chien February 2011

ProofPoint Ursnif Aug 2016

Proofpoint Staff. (2016, August 25). Nightmare on Tor Street: Ursnif variant Dreambot adds Tor functionality. Retrieved June 5, 2019.

Internal MISP references

UUID 4cef8c44-d440-4746-b3e8-c8e4d307273d which can be used as unique global reference for ProofPoint Ursnif Aug 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-05T00:00:00Z
date_published 2016-08-25T00:00:00Z
source MITRE
title Nightmare on Tor Street: Ursnif variant Dreambot adds Tor functionality

NirSoft Website

NirSoft. (n.d.). NirSoft Website. Retrieved March 6, 2024.

Internal MISP references

UUID 024e4e25-aab7-4231-bb4b-5e399d02d7b2 which can be used as unique global reference for NirSoft Website in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-06T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title NirSoft Website

NIST Server Security July 2008

Scarfone, K. et al.. (2008, July). NIST Special Publication 800-123 - Guide to General Server Security. Retrieved July 26, 2018.

Internal MISP references

UUID 351a444e-2829-4584-83ea-de909e43ee72 which can be used as unique global reference for NIST Server Security July 2008 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-26T00:00:00Z
date_published 2008-07-01T00:00:00Z
source MITRE
title NIST Special Publication 800-123 - Guide to General Server Security

Netskope Nitol

Malik, A. (2016, October 14). Nitol Botnet makes a resurgence with evasive sandbox analysis technique. Retrieved September 30, 2021.

Internal MISP references

UUID 94b5ac75-1fd5-4cad-a604-2b09846eb975 which can be used as unique global reference for Netskope Nitol in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-30T00:00:00Z
date_published 2016-10-14T00:00:00Z
source MITRE
title Nitol Botnet makes a resurgence with evasive sandbox analysis technique

FireEye Njw0rm Aug 2013

Dawda, U. and Villeneuve, N. (2013, August 30). Njw0rm - Brother From the Same Mother. Retrieved June 4, 2019.

Internal MISP references

UUID 062c31b1-7c1e-487f-8340-11f4b3faabc4 which can be used as unique global reference for FireEye Njw0rm Aug 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-04T00:00:00Z
date_published 2013-08-30T00:00:00Z
source MITRE
title Njw0rm - Brother From the Same Mother

Nltest Manual

ss64. (n.d.). NLTEST.exe - Network Location Test. Retrieved February 14, 2019.

Internal MISP references

UUID 4bb113a8-7e2c-4656-86f4-c30b08705ffa which can be used as unique global reference for Nltest Manual in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-14T00:00:00Z
source MITRE
title NLTEST.exe - Network Location Test

Nmap: the Network Mapper

Nmap. (n.d.). Nmap: the Network Mapper - Free Security Scanner. Retrieved September 7, 2023.

Internal MISP references

UUID 65f1bbaa-8ad1-4ad5-b726-660558d27efc which can be used as unique global reference for Nmap: the Network Mapper in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Nmap: the Network Mapper - Free Security Scanner

Microsoft Nobelium Admin Privileges

Microsoft Threat Intelligence Center. (2021, October 25). NOBELIUM targeting delegated administrative privileges to facilitate broader attacks. Retrieved January 31, 2022.

Internal MISP references

UUID aa315293-77a5-4ad9-b024-9af844edff9a which can be used as unique global reference for Microsoft Nobelium Admin Privileges in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-31T00:00:00Z
date_published 2021-10-25T00:00:00Z
source MITRE
title NOBELIUM targeting delegated administrative privileges to facilitate broader attacks

MSTIC Nobelium Oct 2021

Microsoft Threat Intelligence Center. (2021, October 25). NOBELIUM targeting delegated administrative privileges to facilitate broader attacks. Retrieved March 25, 2022.

Internal MISP references

UUID 7b6cc308-9871-47e5-9039-a9a7e66ce373 which can be used as unique global reference for MSTIC Nobelium Oct 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-25T00:00:00Z
date_published 2021-10-25T00:00:00Z
source MITRE
title NOBELIUM targeting delegated administrative privileges to facilitate broader attacks

Symantec Noberus September 22 2022

Symantec Threat Hunter Team. (2022, September 22). Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics. Retrieved September 14, 2023.

Internal MISP references

UUID afd6808d-2c9f-4926-b7c6-ca9d3abdd923 which can be used as unique global reference for Symantec Noberus September 22 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-14T00:00:00Z
date_published 2022-09-22T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics

new_rust_based_ransomware

Symantec Threat Hunter Team. (2021, December 16). Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware. Retrieved January 14, 2022.

Internal MISP references

UUID 8206240f-c84e-442e-b025-f629e9cc8d91 which can be used as unique global reference for new_rust_based_ransomware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-14T00:00:00Z
date_published 2021-12-16T00:00:00Z
source MITRE
title Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware

SentinelOne NobleBaron June 2021

Guerrero-Saade, J. (2021, June 1). NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks. Retrieved August 4, 2021.

Internal MISP references

UUID 98cf2bb0-f36c-45af-8d47-bf26aca3bb09 which can be used as unique global reference for SentinelOne NobleBaron June 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-04T00:00:00Z
date_published 2021-06-01T00:00:00Z
source MITRE
title NobleBaron

NodeJS

OpenJS Foundation. (n.d.). Node.js. Retrieved June 23, 2020.

Internal MISP references

UUID af710d49-48f4-47f6-98c6-8d4a4568b020 which can be used as unique global reference for NodeJS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-23T00:00:00Z
source MITRE
title Node.js

Mandiant No Easy Breach

Dunwoody, M. and Carr, N.. (2016, September 27). No Easy Breach DerbyCon 2016. Retrieved October 4, 2016.

Internal MISP references

UUID e7c49ce6-9c5d-483a-b476-8a48799df6fa which can be used as unique global reference for Mandiant No Easy Breach in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-10-04T00:00:00Z
date_published 2016-09-27T00:00:00Z
source MITRE
title No Easy Breach DerbyCon 2016

ESET PipeMon May 2020

Tartare, M. et al. (2020, May 21). No “Game over” for the Winnti Group. Retrieved August 24, 2020.

Internal MISP references

UUID cbc09411-be18-4241-be69-b718a741ed8c which can be used as unique global reference for ESET PipeMon May 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-24T00:00:00Z
date_published 2020-05-21T00:00:00Z
source MITRE
title No “Game over” for the Winnti Group

nohup Linux Man

Meyering, J. (n.d.). nohup(1). Retrieved August 30, 2023.

Internal MISP references

UUID f61dde91-3518-5a74-8eb8-bb3bae43e8fb which can be used as unique global reference for nohup Linux Man in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-30T00:00:00Z
source MITRE
title nohup(1)

Unit 42 Nokki Oct 2018

Grunzweig, J. (2018, October 01). NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT. Retrieved November 5, 2018.

Internal MISP references

UUID 4eea6638-a71b-4d74-acc4-0fac82ef72f6 which can be used as unique global reference for Unit 42 Nokki Oct 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-05T00:00:00Z
date_published 2018-10-01T00:00:00Z
source MITRE
title NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT

ESET Nomadic Octopus 2018

Cherepanov, A. (2018, October 4). Nomadic Octopus Cyber espionage in Central Asia. Retrieved October 13, 2021.

Internal MISP references

UUID 50dcb3f0-1461-453a-aab9-38c2e259173f which can be used as unique global reference for ESET Nomadic Octopus 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-13T00:00:00Z
date_published 2018-10-04T00:00:00Z
source MITRE, Tidal Cyber
title Nomadic Octopus Cyber espionage in Central Asia

Malwarebytes Pony April 2016

hasherezade. (2016, April 11). No money, but Pony! From a mail to a trojan horse. Retrieved May 21, 2020.

Internal MISP references

UUID f8700002-5da6-4cb8-be62-34e421d2a573 which can be used as unique global reference for Malwarebytes Pony April 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-21T00:00:00Z
date_published 2016-04-11T00:00:00Z
source MITRE
title No money, but Pony! From a mail to a trojan horse

WithSecure Lazarus-NoPineapple Threat Intel Report 2023

Ruohonen, S. & Robinson, S. (2023, February 2). No Pineapple! -DPRK Targeting of Medical Research and Technology Sector. Retrieved July 10, 2023.

Internal MISP references

UUID 195922fa-a843-5cd3-a153-32f0b960dcb9 which can be used as unique global reference for WithSecure Lazarus-NoPineapple Threat Intel Report 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-10T00:00:00Z
date_published 2023-02-02T00:00:00Z
source MITRE
title No Pineapple! -DPRK Targeting of Medical Research and Technology Sector

xorrior chrome extensions macOS

Chris Ross. (2019, February 8). No Place Like Chrome. Retrieved April 27, 2021.

Internal MISP references

UUID 84bfd3a1-bda2-4821-ac52-6af8515e5879 which can be used as unique global reference for xorrior chrome extensions macOS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-27T00:00:00Z
date_published 2019-02-08T00:00:00Z
source MITRE
title No Place Like Chrome

Cybernews Yanfeng Qilin November 2023

Stefanie Schappert. (2023, November 28). North American auto supplier Yanfeng claimed by Qilin ransom group. Retrieved November 30, 2023.

Internal MISP references

UUID 93c89ca5-1863-4ee2-9fff-258f94f655c4 which can be used as unique global reference for Cybernews Yanfeng Qilin November 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-30T00:00:00Z
date_published 2023-11-28T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title North American auto supplier Yanfeng claimed by Qilin ransom group

The Hacker News Lazarus Aug 2022

Lakshmanan, R. (2022, August 17). North Korea Hackers Spotted Targeting Job Seekers with macOS Malware. Retrieved April 10, 2023.

Internal MISP references

UUID 8ae38830-1547-5cc1-83a4-87c3a7c82aa6 which can be used as unique global reference for The Hacker News Lazarus Aug 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-04-10T00:00:00Z
date_published 2022-08-17T00:00:00Z
source MITRE
title North Korea Hackers Spotted Targeting Job Seekers with macOS Malware

Zdnet Kimsuky Group September 2020

Cimpanu, C. (2020, September 30). North Korea has tried to hack 11 officials of the UN Security Council. Retrieved November 4, 2020.

Internal MISP references

UUID 6253bbc5-4d7d-4b7e-bd6b-59bd6366dc50 which can be used as unique global reference for Zdnet Kimsuky Group September 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-04T00:00:00Z
date_published 2020-09-30T00:00:00Z
source MITRE
title North Korea has tried to hack 11 officials of the UN Security Council

Volexity InkySquid BLUELIGHT August 2021

Cash, D., Grunzweig, J., Meltzer, M., Adair, S., Lancaster, T. (2021, August 17). North Korean APT InkySquid Infects Victims Using Browser Exploits. Retrieved September 30, 2021.

Internal MISP references

UUID 7e394434-364f-4e50-9a96-3e75dacc9866 which can be used as unique global reference for Volexity InkySquid BLUELIGHT August 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-30T00:00:00Z
date_published 2021-08-17T00:00:00Z
source MITRE
title North Korean APT InkySquid Infects Victims Using Browser Exploits

Talos Kimsuky Nov 2021

An, J and Malhotra, A. (2021, November 10). North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets. Retrieved December 29, 2021.

Internal MISP references

UUID 17927f0e-297a-45ec-8e1c-8a33892205dc which can be used as unique global reference for Talos Kimsuky Nov 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-29T00:00:00Z
date_published 2021-11-10T00:00:00Z
source MITRE
title North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets

Volexity InkySquid RokRAT August 2021

Cash, D., Grunzweig, J., Adair, S., Lancaster, T. (2021, August 25). North Korean BLUELIGHT Special: InkySquid Deploys RokRAT. Retrieved October 1, 2021.

Internal MISP references

UUID bff1667b-3f87-4653-bd17-b675e997baf1 which can be used as unique global reference for Volexity InkySquid RokRAT August 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-01T00:00:00Z
date_published 2021-08-25T00:00:00Z
source MITRE
title North Korean BLUELIGHT Special: InkySquid Deploys RokRAT

Lazarus APT January 2022

Saini, A. and Hossein, J. (2022, January 27). North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign. Retrieved January 27, 2022.

Internal MISP references

UUID fbd96014-16c3-4ad6-bb3f-f92d15efce13 which can be used as unique global reference for Lazarus APT January 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-27T00:00:00Z
date_published 2022-01-27T00:00:00Z
source MITRE
title North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign

Github NoRunDll

gtworek. (2019, December 17). NoRunDll. Retrieved August 23, 2021.

Internal MISP references

UUID 72d4b682-ed19-4e0f-aeff-faa52b3a0439 which can be used as unique global reference for Github NoRunDll in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-23T00:00:00Z
date_published 2019-12-17T00:00:00Z
source MITRE
title NoRunDll

Crowdstrike TELCO BPO Campaign December 2022

Parisi, T. (2022, December 2). Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies. Retrieved June 30, 2023.

Internal MISP references

UUID 382785e1-4ef3-506e-b74f-cd07df9ae46e which can be used as unique global reference for Crowdstrike TELCO BPO Campaign December 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-30T00:00:00Z
date_published 2022-12-02T00:00:00Z
source MITRE
title Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies

CrowdStrike Scattered Spider SIM Swapping December 22 2022

Tim Parisi. (2022, December 22). Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies. Retrieved September 14, 2023.

Internal MISP references

UUID e48760ba-2752-4d30-8f99-152c81f63017 which can be used as unique global reference for CrowdStrike Scattered Spider SIM Swapping December 22 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-14T00:00:00Z
date_published 2022-12-22T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies

Sophos Dyreza April 2015

Ducklin, P. (2015, April 20). Notes from SophosLabs: Dyreza, the malware that discriminates against old computers. Retrieved June 16, 2020.

Internal MISP references

UUID 50f9aa49-dde5-42c9-ba5c-f42281a71b7e which can be used as unique global reference for Sophos Dyreza April 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-16T00:00:00Z
date_published 2015-04-20T00:00:00Z
source MITRE
title Notes from SophosLabs: Dyreza, the malware that discriminates against old computers

NIST Supply Chain 2012

Boyens, J,. Et al.. (2002, October). Notional Supply Chain Risk Management Practices for Federal Information Systems. Retrieved April 6, 2018.

Internal MISP references

UUID b3171abc-957c-4bd5-a18f-0d66bba396b9 which can be used as unique global reference for NIST Supply Chain 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-06T00:00:00Z
date_published 2002-10-01T00:00:00Z
source MITRE
title Notional Supply Chain Risk Management Practices for Federal Information Systems

eSentire FIN7 July 2021

eSentire. (2021, July 21). Notorious Cybercrime Gang, FIN7, Lands Malware in Law Firm Using Fake Legal Complaint Against Jack Daniels’ Owner, Brown-Forman Inc.. Retrieved September 20, 2021.

Internal MISP references

UUID 3976dd0e-7dee-4ae7-8c38-484b12ca233e which can be used as unique global reference for eSentire FIN7 July 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-20T00:00:00Z
date_published 2021-07-21T00:00:00Z
source MITRE
title Notorious Cybercrime Gang, FIN7, Lands Malware in Law Firm Using Fake Legal Complaint Against Jack Daniels’ Owner, Brown-Forman Inc.

Secureworks NotPetya June 2017

Counter Threat Research Team. (2017, June 28). NotPetya Campaign: What We Know About the Latest Global Ransomware Attack. Retrieved June 11, 2020.

Internal MISP references

UUID 3109e59c-ace2-4e5a-bba2-24b840a7af0d which can be used as unique global reference for Secureworks NotPetya June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-11T00:00:00Z
date_published 2017-06-28T00:00:00Z
source MITRE
title NotPetya Campaign: What We Know About the Latest Global Ransomware Attack

SensePost NotRuler

SensePost. (2017, September 21). NotRuler - The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange. Retrieved February 4, 2019.

Internal MISP references

UUID 1bafe35e-f99c-4aa9-8b2f-5a35970ec83b which can be used as unique global reference for SensePost NotRuler in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-04T00:00:00Z
date_published 2017-09-21T00:00:00Z
source MITRE
title NotRuler - The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange

FireEye APT29 Nov 2018

Dunwoody, M., et al. (2018, November 19). Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign. Retrieved November 27, 2018.

Internal MISP references

UUID 30e769e0-4552-429b-b16e-27830d42edea which can be used as unique global reference for FireEye APT29 Nov 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-27T00:00:00Z
date_published 2018-11-19T00:00:00Z
source MITRE
title Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign

Unit 42 Cuba August 9 2022

Anthony Galiette, Daniel Bunce, Doel Santos, Shawn Westfall. (2022, August 9). Novel News on Cuba Ransomware: Greetings From Tropical Scorpius. Retrieved June 4, 2022.

Internal MISP references

UUID 06f668d9-9a68-4d2f-b9a0-b92beb3b75d6 which can be used as unique global reference for Unit 42 Cuba August 9 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-04T00:00:00Z
date_published 2022-08-09T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Novel News on Cuba Ransomware: Greetings From Tropical Scorpius

NT API Windows

The NTinterlnals.net team. (n.d.). Nowak, T. Retrieved June 25, 2020.

Internal MISP references

UUID 306f7da7-caa2-40bf-a3db-e579c541eeb4 which can be used as unique global reference for NT API Windows in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-25T00:00:00Z
source MITRE
title Nowak, T

Now You Serial

Rahman, Alyssa. (2021, December 13). Now You Serial, Now You Don’t — Systematically Hunting for Deserialization Exploits. Retrieved November 28, 2023.

Internal MISP references

UUID c42e1d00-942c-513d-bdfb-b97afc8f38cf which can be used as unique global reference for Now You Serial in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-28T00:00:00Z
date_published 2021-12-13T00:00:00Z
source MITRE
title Now You Serial, Now You Don’t — Systematically Hunting for Deserialization Exploits

Npcap: Windows Packet Capture Library & Driver

Npcap. (n.d.). Npcap: Windows Packet Capture Library & Driver. Retrieved September 7, 2023.

Internal MISP references

UUID c8dc5650-eb37-4bb6-b5b7-e6269c79785c which can be used as unique global reference for Npcap: Windows Packet Capture Library & Driver in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Npcap: Windows Packet Capture Library & Driver

NPLogonNotify

Microsoft. (2021, October 21). NPLogonNotify function (npapi.h). Retrieved March 30, 2023.

Internal MISP references

UUID 1fda833e-e543-5e68-a0f5-8a4170dd632a which can be used as unique global reference for NPLogonNotify in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-30T00:00:00Z
date_published 2021-10-21T00:00:00Z
source MITRE
title NPLogonNotify function (npapi.h)

NPPSPY

Grzegorz Tworek. (2021, December 15). NPPSpy. Retrieved March 30, 2023.

Internal MISP references

UUID c12bfaf6-4d83-552e-912b-cc55bce85961 which can be used as unique global reference for NPPSPY in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-30T00:00:00Z
date_published 2021-12-15T00:00:00Z
source MITRE
title NPPSpy

ntdsutil.exe - LOLBAS Project

LOLBAS. (2020, January 10). ntdsutil.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 9d15ab80-86b7-4a69-ae3f-de017ca89f37 which can be used as unique global reference for ntdsutil.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-01-10T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title ntdsutil.exe

Ntdsutil Microsoft

Microsoft. (2016, August 31). Ntdsutil Microsoft. Retrieved July 11, 2023.

Internal MISP references

UUID 34de2f08-0481-4894-80ef-86506d821cf0 which can be used as unique global reference for Ntdsutil Microsoft in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-11T00:00:00Z
date_published 2016-08-31T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Ntdsutil Microsoft

Microsoft NTFS File Attributes Aug 2010

Hughes, J. (2010, August 25). NTFS File Attributes. Retrieved March 21, 2018.

Internal MISP references

UUID dc4689d2-54b4-4310-ac10-6b234eedbc16 which can be used as unique global reference for Microsoft NTFS File Attributes Aug 2010 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-21T00:00:00Z
date_published 2010-08-25T00:00:00Z
source MITRE
title NTFS File Attributes

NtQueryInformationProcess

Microsoft. (2021, November 23). NtQueryInformationProcess function (winternl.h). Retrieved February 4, 2022.

Internal MISP references

UUID 7b533ca9-9075-408d-b125-89bc7446ec8f which can be used as unique global reference for NtQueryInformationProcess in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-04T00:00:00Z
date_published 2021-11-23T00:00:00Z
source MITRE
title NtQueryInformationProcess function (winternl.h)

AsyncRAT GitHub

Nyan-x-Cat. (n.d.). NYAN-x-CAT / AsyncRAT-C-Sharp. Retrieved October 3, 2023.

Internal MISP references

UUID b40fc5d8-02fd-5683-88c3-592c6b06df1a which can be used as unique global reference for AsyncRAT GitHub in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-03T00:00:00Z
source MITRE
title NYAN-x-CAT / AsyncRAT-C-Sharp

Joe Sec Nymaim

Joe Security. (2016, April 21). Nymaim - evading Sandboxes with API hammering. Retrieved September 30, 2021.

Internal MISP references

UUID fe6ac288-1c7c-4ec0-a709-c3ca56e5d088 which can be used as unique global reference for Joe Sec Nymaim in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-30T00:00:00Z
date_published 2016-04-21T00:00:00Z
source MITRE
title Nymaim - evading Sandboxes with API hammering

OWASP Fingerprinting

OWASP Wiki. (2018, February 16). OAT-004 Fingerprinting. Retrieved October 20, 2020.

Internal MISP references

UUID ec89a48b-3b00-4928-8450-d2fbd307817f which can be used as unique global reference for OWASP Fingerprinting in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2018-02-16T00:00:00Z
source MITRE
title OAT-004 Fingerprinting

OWASP Vuln Scanning

OWASP. (n.d.). OAT-014 Vulnerability Scanning. Retrieved October 20, 2020.

Internal MISP references

UUID 039c0947-1976-4eb8-bb26-4c74dceea7f0 which can be used as unique global reference for OWASP Vuln Scanning in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2018-02-16T00:00:00Z
source MITRE
title OAT-014 Vulnerability Scanning

SecureWorks Device Code Phishing 2021

SecureWorks Counter Threat Unit Research Team. (2021, June 3). OAuth’S Device Code Flow Abused in Phishing Attacks. Retrieved March 19, 2024.

Internal MISP references

UUID 0cea6734-d877-5007-95cc-0e24bdf33ff8 which can be used as unique global reference for SecureWorks Device Code Phishing 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-19T00:00:00Z
date_published 2021-06-03T00:00:00Z
source MITRE
title OAuth’S Device Code Flow Abused in Phishing Attacks

BlackHat API Packers

Choi, S. (2015, August 6). Obfuscated API Functions in Modern Packers. Retrieved August 22, 2022.

Internal MISP references

UUID fc4434c0-373b-42fe-a0f5-683c24fa329e which can be used as unique global reference for BlackHat API Packers in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-22T00:00:00Z
date_published 2015-08-06T00:00:00Z
source MITRE
title Obfuscated API Functions in Modern Packers

FireEye Obfuscation June 2017

Bohannon, D. & Carr N. (2017, June 30). Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques. Retrieved February 12, 2018.

Internal MISP references

UUID 6d1089b7-0efe-4961-8abc-22a882895377 which can be used as unique global reference for FireEye Obfuscation June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-12T00:00:00Z
date_published 2017-06-30T00:00:00Z
source MITRE
title Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques

objective-see 2017 review

Patrick Wardle. (n.d.). Retrieved March 20, 2018.

Internal MISP references

UUID 26b757c8-25cd-42ef-bef2-eb7a28455d57 which can be used as unique global reference for objective-see 2017 review in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-20T00:00:00Z
source MITRE
title objective-see 2017 review

Talos Oblique RAT March 2021

Malhotra, A. (2021, March 2). ObliqueRAT returns with new campaign using hijacked websites. Retrieved September 2, 2021.

Internal MISP references

UUID 20e13efb-4ca1-43b2-83a6-c852e03333d7 which can be used as unique global reference for Talos Oblique RAT March 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-02T00:00:00Z
date_published 2021-03-02T00:00:00Z
source MITRE
title ObliqueRAT returns with new campaign using hijacked websites

IBM ITG07 June 2019

McMillen, D. Sperry, C. (2019, June 14). Observations of ITG07 Cyber Operations. Retrieved May 17, 2021.

Internal MISP references

UUID e2d453c3-efb4-44e5-8b60-6a98dd6c3341 which can be used as unique global reference for IBM ITG07 June 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-17T00:00:00Z
date_published 2019-06-14T00:00:00Z
source MITRE
title Observations of ITG07 Cyber Operations

Palo Alto CVE-2015-3113 July 2015

Falcone, R. and Wartell, R.. (2015, July 27). Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload. Retrieved January 22, 2016.

Internal MISP references

UUID 0ab158b4-9085-481a-8458-40f7c752179f which can be used as unique global reference for Palo Alto CVE-2015-3113 July 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-22T00:00:00Z
date_published 2015-07-27T00:00:00Z
source MITRE
title Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload

Volexity OceanLotus Nov 2017

Lassalle, D., et al. (2017, November 6). OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society. Retrieved November 6, 2017.

Internal MISP references

UUID ed9f5545-377f-4a12-92e4-c0439cc5b037 which can be used as unique global reference for Volexity OceanLotus Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-06T00:00:00Z
date_published 2017-11-06T00:00:00Z
source MITRE
title OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society

Volexity Ocean Lotus November 2020

Adair, S. and Lancaster, T. (2020, November 6). OceanLotus: Extending Cyber Espionage Operations Through Fake Websites. Retrieved November 20, 2020.

Internal MISP references

UUID dbea2493-7e0a-47f0-88c1-5867f8bb1199 which can be used as unique global reference for Volexity Ocean Lotus November 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-20T00:00:00Z
date_published 2020-11-06T00:00:00Z
source MITRE
title OceanLotus: Extending Cyber Espionage Operations Through Fake Websites

OceanLotus for OS X

Eddie Lee. (2016, February 17). OceanLotus for OS X - an Application Bundle Pretending to be an Adobe Flash Update. Retrieved July 5, 2017.

Internal MISP references

UUID 6e9acc29-06af-4915-8e01-7dcccb204530 which can be used as unique global reference for OceanLotus for OS X in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-05T00:00:00Z
date_published 2016-02-17T00:00:00Z
source MITRE
title OceanLotus for OS X - an Application Bundle Pretending to be an Adobe Flash Update

ESET OceanLotus macOS April 2019

Dumont, R.. (2019, April 9). OceanLotus: macOS malware update. Retrieved April 15, 2019.

Internal MISP references

UUID e97e479b-4e6d-40b5-94cb-eac06172c0f8 which can be used as unique global reference for ESET OceanLotus macOS April 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-15T00:00:00Z
date_published 2019-04-09T00:00:00Z
source MITRE
title OceanLotus: macOS malware update

ESET OceanLotus

Foltýn, T. (2018, March 13). OceanLotus ships new backdoor using old tricks. Retrieved May 22, 2018.

Internal MISP references

UUID a7bcbaca-10c1-403a-9eb5-f111af1cbf6a which can be used as unique global reference for ESET OceanLotus in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-22T00:00:00Z
date_published 2018-03-13T00:00:00Z
source MITRE, Tidal Cyber
title OceanLotus ships new backdoor using old tricks

Okta HAR Files Incident Update

David Bradbury. (2023, November 29). October Customer Support Security Incident - Update and Recommended Actions. Retrieved December 19, 2023.

Internal MISP references

UUID 5e09ab9c-8cb2-49f5-b65f-fd5447e71ef4 which can be used as unique global reference for Okta HAR Files Incident Update in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-19T00:00:00Z
date_published 2023-11-29T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title October Customer Support Security Incident - Update and Recommended Actions

Securelist Octopus Oct 2018

Kaspersky Lab's Global Research & Analysis Team. (2018, October 15). Octopus-infested seas of Central Asia. Retrieved November 14, 2018.

Internal MISP references

UUID 77407057-53f1-4fde-bc74-00f73d417f7d which can be used as unique global reference for Securelist Octopus Oct 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-14T00:00:00Z
date_published 2018-10-15T00:00:00Z
source MITRE, Tidal Cyber
title Octopus-infested seas of Central Asia

MSTIC Octo Tempest Operations October 2023

Microsoft. (2023, October 25). Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction. Retrieved March 18, 2024.

Internal MISP references

UUID 92716d7d-3ca5-5d7a-b719-946e94828f13 which can be used as unique global reference for MSTIC Octo Tempest Operations October 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-18T00:00:00Z
date_published 2023-10-25T00:00:00Z
source MITRE
title Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction

LOLBAS Odbcconf

LOLBAS. (n.d.). Odbcconf.exe. Retrieved March 7, 2019.

Internal MISP references

UUID febcaaec-b535-4347-a4c7-b3284b251897 which can be used as unique global reference for LOLBAS Odbcconf in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-07T00:00:00Z
source MITRE
title Odbcconf.exe

Microsoft odbcconf.exe

Microsoft. (2017, January 18). ODBCCONF.EXE. Retrieved March 7, 2019.

Internal MISP references

UUID 9df74876-2abf-4ced-b986-36212225d795 which can be used as unique global reference for Microsoft odbcconf.exe in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-07T00:00:00Z
date_published 2017-01-18T00:00:00Z
source MITRE
title ODBCCONF.EXE

GrimBlog UsernameEnum

GrimHacker. (2017, July 24). Office365 ActiveSync Username Enumeration. Retrieved December 9, 2021.

Internal MISP references

UUID cab25908-63da-484d-8c42-4451f46086e2 which can be used as unique global reference for GrimBlog UsernameEnum in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-09T00:00:00Z
date_published 2017-07-24T00:00:00Z
source MITRE
title Office365 ActiveSync Username Enumeration

GitHub Office 365 User Enumeration

gremwell. (2020, March 24). Office 365 User Enumeration. Retrieved May 27, 2022.

Internal MISP references

UUID 314fb591-d5f2-4f0c-ab0b-97977308b5dc which can be used as unique global reference for GitHub Office 365 User Enumeration in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-27T00:00:00Z
date_published 2020-03-24T00:00:00Z
source MITRE
title Office 365 User Enumeration

GitHub Office-Crackros Aug 2016

Carr, N. (2016, August 14). OfficeCrackros. Retrieved February 12, 2018.

Internal MISP references

UUID 6298d7b0-c6f9-46dd-91f0-41ef0ad515a5 which can be used as unique global reference for GitHub Office-Crackros Aug 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-12T00:00:00Z
date_published 2016-08-14T00:00:00Z
source MITRE
title OfficeCrackros

GlobalDotName Jun 2019

Shukrun, S. (2019, June 2). Office Templates and GlobalDotName - A Stealthy Office Persistence Technique. Retrieved August 26, 2019.

Internal MISP references

UUID f574182a-5d91-43c8-b560-e84a7e941c96 which can be used as unique global reference for GlobalDotName Jun 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-08-26T00:00:00Z
date_published 2019-06-02T00:00:00Z
source MITRE
title Office Templates and GlobalDotName - A Stealthy Office Persistence Technique

Microsoft VBA

Microsoft. (2019, June 11). Office VBA Reference. Retrieved June 23, 2020.

Internal MISP references

UUID ba0e3c5d-7934-4ece-b4a1-c03bc355f378 which can be used as unique global reference for Microsoft VBA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-23T00:00:00Z
date_published 2019-06-11T00:00:00Z
source MITRE
title Office VBA Reference

OfflineScannerShell.exe - LOLBAS Project

LOLBAS. (2021, August 16). OfflineScannerShell.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 8194442f-4f86-438e-bd0c-f4cbda0264b8 which can be used as unique global reference for OfflineScannerShell.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-08-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title OfflineScannerShell.exe

Bitdefender Agent Tesla April 2020

Arsene, L. (2020, April 21). Oil & Gas Spearphishing Campaigns Drop Agent Tesla Spyware in Advance of Historic OPEC+ Deal. Retrieved May 19, 2020.

Internal MISP references

UUID e3d932fc-0148-43b9-bcc7-971dd7ba3bf8 which can be used as unique global reference for Bitdefender Agent Tesla April 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-19T00:00:00Z
date_published 2020-04-21T00:00:00Z
source MITRE
title Oil & Gas Spearphishing Campaigns Drop Agent Tesla Spyware in Advance of Historic OPEC+ Deal

Palo Alto OilRig April 2017

Falcone, R.. (2017, April 27). OilRig Actors Provide a Glimpse into Development and Testing Efforts. Retrieved May 3, 2017.

Internal MISP references

UUID fb561cdd-03f6-4867-b5b5-7e4deb11f0d0 which can be used as unique global reference for Palo Alto OilRig April 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-05-03T00:00:00Z
date_published 2017-04-27T00:00:00Z
source MITRE
title OilRig Actors Provide a Glimpse into Development and Testing Efforts

OilRig New Delivery Oct 2017

Falcone, R. and Lee, B. (2017, October 9). OilRig Group Steps Up Attacks with New Delivery Documents and New Injector Trojan. Retrieved January 8, 2018.

Internal MISP references

UUID f5f3e1e7-1d83-4ddc-a878-134cd0d268ce which can be used as unique global reference for OilRig New Delivery Oct 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-08T00:00:00Z
date_published 2017-10-09T00:00:00Z
source MITRE
title OilRig Group Steps Up Attacks with New Delivery Documents and New Injector Trojan

Palo Alto OilRig Oct 2016

Grunzweig, J. and Falcone, R.. (2016, October 4). OilRig Malware Campaign Updates Toolset and Expands Targets. Retrieved May 3, 2017.

Internal MISP references

UUID 14bbb07b-caeb-4d17-8e54-047322a5930c which can be used as unique global reference for Palo Alto OilRig Oct 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-05-03T00:00:00Z
date_published 2016-10-04T00:00:00Z
source MITRE, Tidal Cyber
title OilRig Malware Campaign Updates Toolset and Expands Targets

Unit 42 OilRig Sept 2018

Falcone, R., et al. (2018, September 04). OilRig Targets a Middle Eastern Government and Adds Evasion Techniques to OopsIE. Retrieved September 24, 2018.

Internal MISP references

UUID 84815940-b98a-4f5c-82fe-7d8bf2f51a09 which can be used as unique global reference for Unit 42 OilRig Sept 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-24T00:00:00Z
date_published 2018-09-04T00:00:00Z
source MITRE
title OilRig Targets a Middle Eastern Government and Adds Evasion Techniques to OopsIE

Unit42 RDAT July 2020

Falcone, R. (2020, July 22). OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory. Retrieved July 28, 2020.

Internal MISP references

UUID 2929baa5-ead7-4936-ab67-c4742afc473c which can be used as unique global reference for Unit42 RDAT July 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-28T00:00:00Z
date_published 2020-07-22T00:00:00Z
source MITRE
title OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory

Unit 42 QUADAGENT July 2018

Lee, B., Falcone, R. (2018, July 25). OilRig Targets Technology Service Provider and Government Agency with QUADAGENT. Retrieved August 9, 2018.

Internal MISP references

UUID 320f49df-7b0a-4a6a-8542-17b0f56c94c9 which can be used as unique global reference for Unit 42 QUADAGENT July 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-09T00:00:00Z
date_published 2018-07-25T00:00:00Z
source MITRE
title OilRig Targets Technology Service Provider and Government Agency with QUADAGENT

OilRig ISMAgent July 2017

Falcone, R. and Lee, B. (2017, July 27). OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group. Retrieved January 8, 2018.

Internal MISP references

UUID e42c60cb-7827-4896-96e9-1323d5973aac which can be used as unique global reference for OilRig ISMAgent July 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-08T00:00:00Z
date_published 2017-07-27T00:00:00Z
source MITRE
title OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group

Unit 42 RGDoor Jan 2018

Falcone, R. (2018, January 25). OilRig uses RGDoor IIS Backdoor on Targets in the Middle East. Retrieved July 6, 2018.

Internal MISP references

UUID 94b37da6-f808-451e-8f2d-5df0e93358ca which can be used as unique global reference for Unit 42 RGDoor Jan 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-06T00:00:00Z
date_published 2018-01-25T00:00:00Z
source MITRE
title OilRig uses RGDoor IIS Backdoor on Targets in the Middle East

Palo Alto OilRig Sep 2018

Wilhoit, K. and Falcone, R. (2018, September 12). OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government. Retrieved February 18, 2019.

Internal MISP references

UUID 2ec6eabe-92e2-454c-ba7b-b27fec5b428d which can be used as unique global reference for Palo Alto OilRig Sep 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-18T00:00:00Z
date_published 2018-09-12T00:00:00Z
source MITRE
title OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government

ESET Okrum July 2019

Hromcova, Z. (2019, July). OKRUM AND KETRICAN: AN OVERVIEW OF RECENT KE3CHANG GROUP ACTIVITY. Retrieved May 6, 2020.

Internal MISP references

UUID 197163a8-1a38-4edd-ba73-f44e7a329f41 which can be used as unique global reference for ESET Okrum July 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-06T00:00:00Z
date_published 2019-07-01T00:00:00Z
source MITRE
title OKRUM AND KETRICAN: AN OVERVIEW OF RECENT KE3CHANG GROUP ACTIVITY

Talos Agent Tesla Oct 2018

Brumaghin, E., et al. (2018, October 15). Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox. Retrieved November 5, 2018.

Internal MISP references

UUID a7f38717-afbe-41c1-a404-bcb023c337e3 which can be used as unique global reference for Talos Agent Tesla Oct 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-05T00:00:00Z
date_published 2018-10-15T00:00:00Z
source MITRE
title Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox

Securelist Malware Tricks April 2017

Ishimaru, S.. (2017, April 13). Old Malware Tricks To Bypass Detection in the Age of Big Data. Retrieved May 30, 2019.

Internal MISP references

UUID 3430ac9b-1621-42b4-9cc7-5ee60191051f which can be used as unique global reference for Securelist Malware Tricks April 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-30T00:00:00Z
date_published 2017-04-13T00:00:00Z
source MITRE
title Old Malware Tricks To Bypass Detection in the Age of Big Data

Red Canary Verclsid.exe

Haag, M., Levan, K. (2017, April 6). Old Phishing Attacks Deploy a New Methodology: Verclsid.exe. Retrieved August 10, 2020.

Internal MISP references

UUID f64e934f-737d-4461-8158-ae855bc472c4 which can be used as unique global reference for Red Canary Verclsid.exe in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-10T00:00:00Z
date_published 2017-04-06T00:00:00Z
source MITRE
title Old Phishing Attacks Deploy a New Methodology: Verclsid.exe

Talos Olympic Destroyer 2018

Mercer, W. and Rascagneres, P. (2018, February 12). Olympic Destroyer Takes Aim At Winter Olympics. Retrieved March 14, 2019.

Internal MISP references

UUID 25a2e179-7abd-4091-8af4-e9d2bf24ef11 which can be used as unique global reference for Talos Olympic Destroyer 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-14T00:00:00Z
date_published 2018-02-12T00:00:00Z
source MITRE
title Olympic Destroyer Takes Aim At Winter Olympics

Crowdstrike Pirate Panda April 2020

Busselen, M. (2020, April 7). On-demand Webcast: CrowdStrike Experts on COVID-19 Cybersecurity Challenges and Recommendations. Retrieved May 20, 2020.

Internal MISP references

UUID f71410b4-5f79-439a-ae9e-8965f9bc577f which can be used as unique global reference for Crowdstrike Pirate Panda April 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-20T00:00:00Z
date_published 2020-04-07T00:00:00Z
source MITRE
title On-demand Webcast: CrowdStrike Experts on COVID-19 Cybersecurity Challenges and Recommendations

OneDriveStandaloneUpdater.exe - LOLBAS Project

LOLBAS. (2021, August 22). OneDriveStandaloneUpdater.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 3d7dcd68-a7b2-438c-95bb-b7523a39c6f7 which can be used as unique global reference for OneDriveStandaloneUpdater.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-08-22T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title OneDriveStandaloneUpdater.exe

Electron 6-8

Kosayev, U. (2023, June 15). One Electron to Rule Them All. Retrieved March 7, 2024.

Internal MISP references

UUID e4aa340e-de84-5b0d-8fba-405005a46f09 which can be used as unique global reference for Electron 6-8 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-07T00:00:00Z
date_published 2023-06-15T00:00:00Z
source MITRE
title One Electron to Rule Them All

chasing_avaddon_ransomware

Hernandez, A. S. Tarter, P. Ocamp, E. J. (2022, January 19). One Source to Rule Them All: Chasing AVADDON Ransomware. Retrieved January 26, 2022.

Internal MISP references

UUID c5aeed6b-2d5d-4d49-b05e-261d565808d9 which can be used as unique global reference for chasing_avaddon_ransomware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-26T00:00:00Z
date_published 2022-01-19T00:00:00Z
source MITRE
title One Source to Rule Them All: Chasing AVADDON Ransomware

Onion Routing

Wikipedia. (n.d.). Onion Routing. Retrieved October 20, 2020.

Internal MISP references

UUID 0667caad-39cd-469b-91c0-1210c09e6041 which can be used as unique global reference for Onion Routing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
source MITRE
title Onion Routing

FireEye FIN7 Aug 2018

Carr, N., et al. (2018, August 01). On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation. Retrieved August 23, 2018.

Internal MISP references

UUID 54e5f23a-5ca6-4feb-8046-db2fb71b400a which can be used as unique global reference for FireEye FIN7 Aug 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-23T00:00:00Z
date_published 2018-08-01T00:00:00Z
source MITRE
title On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation

securelist_strongpity

Baumgartner, K. (2016, October 3). On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users. Retrieved March 28, 2024.

Internal MISP references

UUID 67d6cf00-7971-55fb-ae5f-e71a3150ceaa which can be used as unique global reference for securelist_strongpity in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-28T00:00:00Z
date_published 2016-10-03T00:00:00Z
source MITRE
title On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users

OSX.FairyTale

Phile Stokes. (2018, September 20). On the Trail of OSX.FairyTale | Adware Playing at Malware. Retrieved August 24, 2021.

Internal MISP references

UUID 27f8ad45-53d2-48ba-b549-f7674cf9c2e7 which can be used as unique global reference for OSX.FairyTale in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-24T00:00:00Z
date_published 2018-09-20T00:00:00Z
source MITRE
title On the Trail of OSX.FairyTale

Unit 42 OopsIE! Feb 2018

Lee, B., Falcone, R. (2018, February 23). OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan. Retrieved July 16, 2018.

Internal MISP references

UUID d4c2bac0-e95c-46af-ae52-c93de3d92f19 which can be used as unique global reference for Unit 42 OopsIE! Feb 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-16T00:00:00Z
date_published 2018-02-23T00:00:00Z
source MITRE
title OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan

Proofpoint ZeroT Feb 2017

Huss, D., et al. (2017, February 2). Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX. Retrieved April 5, 2018.

Internal MISP references

UUID 63787035-f136-43e1-b445-22853bbed92b which can be used as unique global reference for Proofpoint ZeroT Feb 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-05T00:00:00Z
date_published 2017-02-02T00:00:00Z
source MITRE
title Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX

OpenConsole.exe - LOLBAS Project

LOLBAS. (2022, June 17). OpenConsole.exe. Retrieved December 4, 2023.

Internal MISP references

UUID e597522a-68ac-4d7e-80c4-db1c66d2da04 which can be used as unique global reference for OpenConsole.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-06-17T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title OpenConsole.exe

Open Login Items Apple

Apple. (n.d.). Open items automatically when you log in on Mac. Retrieved October 1, 2021.

Internal MISP references

UUID 46a480eb-52d1-44c9-8b44-7e516b27cf82 which can be used as unique global reference for Open Login Items Apple in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-01T00:00:00Z
source MITRE
title Open items automatically when you log in on Mac

OpenSSH Project Page

OpenSSH. (2023, March 15). OpenSSH. Retrieved May 25, 2023.

Internal MISP references

UUID e5ca6811-cd22-4be5-a751-d23fb99d206e which can be used as unique global reference for OpenSSH Project Page in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-25T00:00:00Z
date_published 2023-03-15T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title OpenSSH

OpenSSH Server Listening On Socket

mdecrevoisier. (2022, October 25). OpenSSH Server Listening On Socket. Retrieved May 25, 2023.

Internal MISP references

UUID 8ab9903b-db4b-4459-9791-f9ab12b7577b which can be used as unique global reference for OpenSSH Server Listening On Socket in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-25T00:00:00Z
date_published 2022-10-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title OpenSSH Server Listening On Socket

Operating with EmPyre

rvrsh3ll. (2016, May 18). Operating with EmPyre. Retrieved July 12, 2017.

Internal MISP references

UUID 459a4ad5-0e28-4bfc-a73e-b9dd516d516f which can be used as unique global reference for Operating with EmPyre in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-12T00:00:00Z
date_published 2016-05-18T00:00:00Z
source MITRE
title Operating with EmPyre

Windows AppleJeus GReAT

Global Research & Analysis Team, Kaspersky Lab (GReAT). (2018, August 23). Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware. Retrieved September 27, 2022.

Internal MISP references

UUID 336ea5f5-d8cc-4af5-9aa0-203e319b3c28 which can be used as unique global reference for Windows AppleJeus GReAT in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-27T00:00:00Z
date_published 2018-08-23T00:00:00Z
source MITRE
title Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware

Cybereason Operation Bearded Barbie April 5 2022

Cybereason Nocturnus. (2022, April 5). Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials. Retrieved October 30, 2023.

Internal MISP references

UUID 7d71b7c9-531e-4e4f-ab85-df2380555b7a which can be used as unique global reference for Cybereason Operation Bearded Barbie April 5 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-30T00:00:00Z
date_published 2022-04-05T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials

Novetta Blockbuster Destructive Malware

Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Destructive Malware Report. Retrieved March 2, 2016.

Internal MISP references

UUID de278b77-52cb-4126-9341-5b32843ae9f1 which can be used as unique global reference for Novetta Blockbuster Destructive Malware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-02T00:00:00Z
date_published 2016-02-24T00:00:00Z
source MITRE
title Operation Blockbuster: Destructive Malware Report

Novetta Blockbuster Loaders

Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Loaders, Installers and Uninstallers Report. Retrieved March 2, 2016.

Internal MISP references

UUID 5d3e2f36-3833-4203-9884-c3ff806da286 which can be used as unique global reference for Novetta Blockbuster Loaders in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-02T00:00:00Z
date_published 2016-02-24T00:00:00Z
source MITRE
title Operation Blockbuster: Loaders, Installers and Uninstallers Report

Novetta Blockbuster RATs

Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Remote Administration Tools & Content Staging Malware Report. Retrieved March 16, 2016.

Internal MISP references

UUID 80d88e80-b5a7-48b7-a999-96b06d082997 which can be used as unique global reference for Novetta Blockbuster RATs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-16T00:00:00Z
date_published 2016-02-24T00:00:00Z
source MITRE
title Operation Blockbuster: Remote Administration Tools & Content Staging Malware Report

Novetta Blockbuster Tools

Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Tools Report. Retrieved March 10, 2016.

Internal MISP references

UUID 6dd1b091-9ace-4e31-9845-3b1091147ecd which can be used as unique global reference for Novetta Blockbuster Tools in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-10T00:00:00Z
date_published 2016-02-24T00:00:00Z
source MITRE
title Operation Blockbuster: Tools Report

Novetta Blockbuster

Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Unraveling the Long Thread of the Sony Attack. Retrieved February 25, 2016.

Internal MISP references

UUID bde96b4f-5f98-4ce5-a507-4b05d192b6d7 which can be used as unique global reference for Novetta Blockbuster in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-02-25T00:00:00Z
date_published 2016-02-24T00:00:00Z
source MITRE, Tidal Cyber
title Operation Blockbuster: Unraveling the Long Thread of the Sony Attack

FireEye Clandestine Wolf

Eng, E., Caselden, D.. (2015, June 23). Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign. Retrieved January 14, 2016.

Internal MISP references

UUID dbb779c4-4d75-4fb4-ad3a-7d1f0f74e26f which can be used as unique global reference for FireEye Clandestine Wolf in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-14T00:00:00Z
date_published 2015-06-23T00:00:00Z
source MITRE, Tidal Cyber
title Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign

Cylance Cleaver

Cylance. (2014, December). Operation Cleaver. Retrieved September 14, 2017.

Internal MISP references

UUID f0b45225-3ec3-406f-bd74-87f24003761b which can be used as unique global reference for Cylance Cleaver in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-09-14T00:00:00Z
date_published 2014-12-01T00:00:00Z
source MITRE, Tidal Cyber
title Operation Cleaver

PWC Cloud Hopper April 2017

PwC and BAE Systems. (2017, April). Operation Cloud Hopper. Retrieved April 5, 2017.

Internal MISP references

UUID fe741064-8cd7-428b-bdb9-9f2ab7e92489 which can be used as unique global reference for PWC Cloud Hopper April 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-04-05T00:00:00Z
date_published 2017-04-01T00:00:00Z
source MITRE, Tidal Cyber
title Operation Cloud Hopper

PWC Cloud Hopper Technical Annex April 2017

PwC and BAE Systems. (2017, April). Operation Cloud Hopper: Technical Annex. Retrieved April 13, 2017.

Internal MISP references

UUID da6c8a72-c732-44d5-81ac-427898706eed which can be used as unique global reference for PWC Cloud Hopper Technical Annex April 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-04-13T00:00:00Z
date_published 2017-04-01T00:00:00Z
source MITRE
title Operation Cloud Hopper: Technical Annex

Cybereason Cobalt Kitty 2017

Dahan, A. (2017). Operation Cobalt Kitty. Retrieved December 27, 2018.

Internal MISP references

UUID bf838a23-1620-4668-807a-4354083d69b1 which can be used as unique global reference for Cybereason Cobalt Kitty 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-12-27T00:00:00Z
date_published 2017-01-01T00:00:00Z
source MITRE
title Operation Cobalt Kitty

Cybereason Oceanlotus May 2017

Dahan, A. (2017, May 24). OPERATION COBALT KITTY: A LARGE-SCALE APT IN ASIA CARRIED OUT BY THE OCEANLOTUS GROUP. Retrieved November 5, 2018.

Internal MISP references

UUID 1ef3025b-d4a9-49aa-b744-2dbea10a0abf which can be used as unique global reference for Cybereason Oceanlotus May 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-05T00:00:00Z
date_published 2017-05-24T00:00:00Z
source MITRE
title OPERATION COBALT KITTY: A LARGE-SCALE APT IN ASIA CARRIED OUT BY THE OCEANLOTUS GROUP

Cybereason OperationCuckooBees May 2022

Cybereason Nocturnus. (2022, May 4). Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques. Retrieved September 22, 2022.

Internal MISP references

UUID fe3e2c7e-2287-406c-b717-cf7721b5843a which can be used as unique global reference for Cybereason OperationCuckooBees May 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-22T00:00:00Z
date_published 2022-05-04T00:00:00Z
source MITRE
title Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques

Securelist ScarCruft Jun 2016

Raiu, C., and Ivanov, A. (2016, June 17). Operation Daybreak. Retrieved February 15, 2018.

Internal MISP references

UUID 04961952-9bac-48f3-adc7-40a3a2bcee84 which can be used as unique global reference for Securelist ScarCruft Jun 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-15T00:00:00Z
date_published 2016-06-17T00:00:00Z
source MITRE, Tidal Cyber
title Operation Daybreak

FireEye Operation Double Tap

Moran, N., et al. (2014, November 21). Operation Double Tap. Retrieved January 14, 2016.

Internal MISP references

UUID 4b9af128-98da-48b6-95c7-8d27979c2ab1 which can be used as unique global reference for FireEye Operation Double Tap in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-14T00:00:00Z
date_published 2014-11-21T00:00:00Z
source MITRE
title Operation Double Tap

ClearSky Lazarus Aug 2020

ClearSky Research Team. (2020, August 13). Operation 'Dream Job' Widespread North Korean Espionage Campaign. Retrieved December 20, 2021.

Internal MISP references

UUID 2827e6e4-8163-47fb-9e22-b59e59cd338f which can be used as unique global reference for ClearSky Lazarus Aug 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-20T00:00:00Z
date_published 2020-08-13T00:00:00Z
source MITRE
title Operation 'Dream Job' Widespread North Korean Espionage Campaign

Cylance Dust Storm

Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.

Internal MISP references

UUID 001dd53c-74e6-4add-aeb7-da76b0d2afe8 which can be used as unique global reference for Cylance Dust Storm in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-22T00:00:00Z
date_published 2016-02-23T00:00:00Z
source MITRE
title Operation Dust Storm

DustySky

ClearSky. (2016, January 7). Operation DustySky. Retrieved January 8, 2016.

Internal MISP references

UUID b9e0770d-f54a-4ada-abd1-65c45eee00fa which can be used as unique global reference for DustySky in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-08T00:00:00Z
date_published 2016-01-07T00:00:00Z
source MITRE, Tidal Cyber
title Operation DustySky

DustySky2

ClearSky Cybersecurity. (2016, June 9). Operation DustySky - Part 2. Retrieved August 3, 2016.

Internal MISP references

UUID 4a3ecdec-254c-4eb4-9126-f540bb21dffe which can be used as unique global reference for DustySky2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-03T00:00:00Z
date_published 2016-06-09T00:00:00Z
source MITRE
title Operation DustySky - Part 2

Trend Micro Tick November 2019

Chen, J. et al. (2019, November). Operation ENDTRADE: TICK’s Multi-Stage Backdoors for Attacking Industries and Stealing Classified Data. Retrieved June 9, 2020.

Internal MISP references

UUID 93adbf0d-5f5e-498e-aca1-ed3eb11561e7 which can be used as unique global reference for Trend Micro Tick November 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-09T00:00:00Z
date_published 2019-11-01T00:00:00Z
source MITRE
title Operation ENDTRADE: TICK’s Multi-Stage Backdoors for Attacking Industries and Stealing Classified Data

FireEye DeputyDog 9002 November 2013

Moran, N. et al.. (2013, November 10). Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method. Retrieved March 19, 2018.

Internal MISP references

UUID 68b5a913-b696-4ca5-89ed-63453023d2a2 which can be used as unique global reference for FireEye DeputyDog 9002 November 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-19T00:00:00Z
date_published 2013-11-10T00:00:00Z
source MITRE
title Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method

Volexity Exchange Marauder March 2021

Gruzweig, J. et al. (2021, March 2). Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities. Retrieved March 3, 2021.

Internal MISP references

UUID ef0626e9-281c-4770-b145-ffe36e18e369 which can be used as unique global reference for Volexity Exchange Marauder March 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-03T00:00:00Z
date_published 2021-03-02T00:00:00Z
source MITRE, Tidal Cyber
title Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities

ESET Dukes October 2019

Faou, M., Tartare, M., Dupuy, T. (2019, October). OPERATION GHOST. Retrieved September 23, 2020.

Internal MISP references

UUID fbc77b85-cc5a-4c65-956d-b8556974b4ef which can be used as unique global reference for ESET Dukes October 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-23T00:00:00Z
date_published 2019-10-01T00:00:00Z
source MITRE
title OPERATION GHOST

IssueMakersLab Andariel GoldenAxe May 2017

IssueMakersLab. (2017, May 1). Operation GoldenAxe. Retrieved September 29, 2021.

Internal MISP references

UUID 10a21964-d31f-40af-bf32-5ccd7d8c99a2 which can be used as unique global reference for IssueMakersLab Andariel GoldenAxe May 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
date_published 2017-05-01T00:00:00Z
source MITRE
title Operation GoldenAxe

ESET Operation Groundbait

Cherepanov, A.. (2016, May 17). Operation Groundbait: Analysis of a surveillance toolkit. Retrieved May 18, 2016.

Internal MISP references

UUID 218e69fd-558c-459b-9a57-ad2ee3e96296 which can be used as unique global reference for ESET Operation Groundbait in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-05-18T00:00:00Z
date_published 2016-05-17T00:00:00Z
source MITRE
title Operation Groundbait: Analysis of a surveillance toolkit

Operation Hangover May 2013

Fagerland, S., et al. (2013, May). Operation Hangover: Unveiling an Indian Cyberattack Infrastructure. Retrieved September 26, 2016.

Internal MISP references

UUID fd581c0c-d93e-4396-a372-99cde3cd0c7c which can be used as unique global reference for Operation Hangover May 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-09-26T00:00:00Z
date_published 2013-05-01T00:00:00Z
source MITRE
title Operation Hangover: Unveiling an Indian Cyberattack Infrastructure

ESET Lazarus Jun 2020

Breitenbacher, D and Osis, K. (2020, June 17). OPERATION IN(TER)CEPTION: Targeted Attacks Against European Aerospace and Military Companies. Retrieved December 20, 2021.

Internal MISP references

UUID b16a0141-dea3-4b34-8279-7bc1ce3d7052 which can be used as unique global reference for ESET Lazarus Jun 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-20T00:00:00Z
date_published 2020-06-17T00:00:00Z
source MITRE
title OPERATION IN(TER)CEPTION: Targeted Attacks Against European Aerospace and Military Companies

AhnLab Kimsuky Kabar Cobra Feb 2019

AhnLab. (2019, February 28). Operation Kabar Cobra - Tenacious cyber-espionage campaign by Kimsuky Group. Retrieved September 29, 2021.

Internal MISP references

UUID 4035e871-9291-4d7f-9c5f-d8482d4dc8a7 which can be used as unique global reference for AhnLab Kimsuky Kabar Cobra Feb 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
date_published 2019-02-28T00:00:00Z
source MITRE
title Operation Kabar Cobra - Tenacious cyber-espionage campaign by Kimsuky Group

Villeneuve et al 2014

Villeneuve, N., Bennett, J. T., Moran, N., Haq, T., Scott, M., & Geers, K. (2014). OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs. Retrieved November 12, 2014.

Internal MISP references

UUID 31504d92-6c4d-43f0-8548-ccc3aa05ba48 which can be used as unique global reference for Villeneuve et al 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
date_published 2014-01-01T00:00:00Z
source MITRE
title OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs

Mandiant Operation Ke3chang November 2014

Villeneuve, N., Bennett, J. T., Moran, N., Haq, T., Scott, M., & Geers, K. (2014). OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs. Retrieved November 12, 2014.

Internal MISP references

UUID bb45cf96-ceae-4f46-a0f5-08cd89f699c9 which can be used as unique global reference for Mandiant Operation Ke3chang November 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
date_published 2014-01-01T00:00:00Z
source MITRE, Tidal Cyber
title OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs

Cisco Operation Layover September 2021

Ventura, V. (2021, September 16). Operation Layover: How we tracked an attack on the aviation industry to five years of compromise. Retrieved September 15, 2023.

Internal MISP references

UUID f19b4bd5-99f9-54c0-bffe-cc9c052aea12 which can be used as unique global reference for Cisco Operation Layover September 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-15T00:00:00Z
date_published 2021-09-16T00:00:00Z
source MITRE
title Operation Layover: How we tracked an attack on the aviation industry to five years of compromise

Lotus Blossom Jun 2015

Falcone, R., et al.. (2015, June 16). Operation Lotus Blossom. Retrieved February 15, 2016.

Internal MISP references

UUID 46fdb8ca-b14d-43bd-a20f-cae7b26e56c6 which can be used as unique global reference for Lotus Blossom Jun 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-02-15T00:00:00Z
date_published 2015-06-16T00:00:00Z
source MITRE, Tidal Cyber
title Operation Lotus Blossom

FireEye Operation Molerats

Villeneuve, N., Haq, H., Moran, N. (2013, August 23). OPERATION MOLERATS: MIDDLE EAST CYBER ATTACKS USING POISON IVY. Retrieved April 1, 2016.

Internal MISP references

UUID 6b24e4aa-e773-4ca3-8267-19e036dc1144 which can be used as unique global reference for FireEye Operation Molerats in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-01T00:00:00Z
date_published 2013-08-23T00:00:00Z
source MITRE
title OPERATION MOLERATS: MIDDLE EAST CYBER ATTACKS USING POISON IVY

McAfee Lazarus Nov 2020

Beek, C. (2020, November 5). Operation North Star: Behind The Scenes. Retrieved December 20, 2021.

Internal MISP references

UUID a283d229-3a2a-43ef-bcbe-aa6d41098b51 which can be used as unique global reference for McAfee Lazarus Nov 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-20T00:00:00Z
date_published 2020-11-05T00:00:00Z
source MITRE
title Operation North Star: Behind The Scenes

McAfee Lazarus Jul 2020

Cashman, M. (2020, July 29). Operation North Star Campaign. Retrieved December 20, 2021.

Internal MISP references

UUID 43581a7d-d71a-4121-abb6-127483a49d12 which can be used as unique global reference for McAfee Lazarus Jul 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-20T00:00:00Z
date_published 2020-07-29T00:00:00Z
source MITRE
title Operation North Star Campaign

McAfee Oceansalt Oct 2018

Sherstobitoff, R., Malhotra, A. (2018, October 18). ‘Operation Oceansalt’ Attacks South Korea, U.S., and Canada With Source Code From Chinese Hacker Group. Retrieved November 30, 2018.

Internal MISP references

UUID 04b475ab-c7f6-4373-a4b0-04b5d8028f95 which can be used as unique global reference for McAfee Oceansalt Oct 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-30T00:00:00Z
date_published 2018-10-18T00:00:00Z
source MITRE
title ‘Operation Oceansalt’ Attacks South Korea, U.S., and Canada With Source Code From Chinese Hacker Group

FireEye OpPoisonedHandover February 2016

Ned Moran, Mike Scott, Mike Oppenheim of FireEye. (2014, November 3). Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kong’s Pro-Democracy Movement. Retrieved April 18, 2019.

Internal MISP references

UUID 1d57b1c8-930b-4bcb-a51e-39020327cc5d which can be used as unique global reference for FireEye OpPoisonedHandover February 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-18T00:00:00Z
date_published 2014-11-03T00:00:00Z
source MITRE
title Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kong’s Pro-Democracy Movement

Operation Quantum Entanglement

Haq, T., Moran, N., Vashisht, S., Scott, M. (2014, September). OPERATION QUANTUM ENTANGLEMENT. Retrieved November 4, 2015.

Internal MISP references

UUID c94f9652-32c3-4975-a9c0-48f93bdfe790 which can be used as unique global reference for Operation Quantum Entanglement in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-11-04T00:00:00Z
date_published 2014-09-01T00:00:00Z
source MITRE, Tidal Cyber
title OPERATION QUANTUM ENTANGLEMENT

ProofPoint GoT 9002 Aug 2017

Huss, D. & Mesa, M. (2017, August 25). Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures. Retrieved March 19, 2018.

Internal MISP references

UUID b796f889-400c-440b-86b2-1588fd15f3ae which can be used as unique global reference for ProofPoint GoT 9002 Aug 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-19T00:00:00Z
date_published 2017-08-25T00:00:00Z
source MITRE
title Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures

FireEye Op RussianDoll

FireEye Labs. (2015, April 18). Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack. Retrieved April 24, 2017.

Internal MISP references

UUID 6f5986b7-07ee-4bca-9cb1-248744e94d7f which can be used as unique global reference for FireEye Op RussianDoll in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-04-24T00:00:00Z
date_published 2015-04-18T00:00:00Z
source MITRE
title Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack

FireEye Operation Saffron Rose 2013

Villeneuve, N. et al.. (2013). OPERATION SAFFRON ROSE . Retrieved May 28, 2020.

Internal MISP references

UUID 2f4c0941-d14e-4eb8-828c-f1d9a1e14a95 which can be used as unique global reference for FireEye Operation Saffron Rose 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-28T00:00:00Z
date_published 2013-01-01T00:00:00Z
source MITRE
title OPERATION SAFFRON ROSE

Cylance Shaheen Nov 2018

Livelli, K, et al. (2018, November 12). Operation Shaheen. Retrieved May 1, 2019.

Internal MISP references

UUID 57802e46-e12c-4230-8d1c-08854a0de06a which can be used as unique global reference for Cylance Shaheen Nov 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-01T00:00:00Z
date_published 2018-11-12T00:00:00Z
source MITRE
title Operation Shaheen

McAfee Sharpshooter December 2018

Sherstobitoff, R., Malhotra, A., et. al.. (2018, December 18). Operation Sharpshooter Campaign Targets Global Defense, Critical Infrastructure. Retrieved May 14, 2020.

Internal MISP references

UUID 96b6d012-8620-4ef5-bf9a-5f88e465a495 which can be used as unique global reference for McAfee Sharpshooter December 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-14T00:00:00Z
date_published 2018-12-18T00:00:00Z
source MITRE
title Operation Sharpshooter Campaign Targets Global Defense, Critical Infrastructure

Novetta-Axiom

Novetta. (n.d.). Operation SMN: Axiom Threat Actor Group Report. Retrieved November 12, 2014.

Internal MISP references

UUID 0dd428b9-849b-4108-87b1-20050b86f420 which can be used as unique global reference for Novetta-Axiom in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
source MITRE, Tidal Cyber
title Operation SMN: Axiom Threat Actor Group Report

Cybereason Soft Cell June 2019

Cybereason Nocturnus. (2019, June 25). Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers. Retrieved July 18, 2019.

Internal MISP references

UUID 620b7353-0e58-4503-b534-9250a8f5ae3c which can be used as unique global reference for Cybereason Soft Cell June 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-18T00:00:00Z
date_published 2019-06-25T00:00:00Z
source MITRE
title Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers

Azure AD Graph API

Microsoft. (2016, March 26). Operations overview | Graph API concepts. Retrieved June 18, 2020.

Internal MISP references

UUID fed0fef5-e366-4e24-9554-0599744cd1c6 which can be used as unique global reference for Azure AD Graph API in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-18T00:00:00Z
date_published 2016-03-26T00:00:00Z
source MITRE
title Operations overview

ESET Operation Spalax Jan 2021

M. Porolli. (2021, January 21). Operation Spalax: Targeted malware attacks in Colombia. Retrieved September 16, 2022.

Internal MISP references

UUID b699dd10-7d3f-4542-bf8a-b3f0c747bd0e which can be used as unique global reference for ESET Operation Spalax Jan 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-16T00:00:00Z
date_published 2021-01-21T00:00:00Z
source MITRE
title Operation Spalax: Targeted malware attacks in Colombia

Proofpoint TA453 July2021

Miller, J. et al. (2021, July 13). Operation SpoofedScholars: A Conversation with TA453. Retrieved August 18, 2021.

Internal MISP references

UUID a987872f-2176-437c-a38f-58676b7b12de which can be used as unique global reference for Proofpoint TA453 July2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-18T00:00:00Z
date_published 2021-07-13T00:00:00Z
source MITRE
title Operation SpoofedScholars: A Conversation with TA453

Proofpoint Operation Transparent Tribe March 2016

Huss, D. (2016, March 1). Operation Transparent Tribe. Retrieved June 8, 2016.

Internal MISP references

UUID 8e39d0da-114f-4ae6-8130-ca1380077d6a which can be used as unique global reference for Proofpoint Operation Transparent Tribe March 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-08T00:00:00Z
date_published 2016-03-01T00:00:00Z
source MITRE, Tidal Cyber
title Operation Transparent Tribe

TrendMicro TropicTrooper 2015

Alintanahin, K. (2015). Operation Tropic Trooper: Relying on Tried-and-Tested Flaws to Infiltrate Secret Keepers. Retrieved June 14, 2019.

Internal MISP references

UUID 65d1f980-1dc2-4d36-8148-2d8747a39883 which can be used as unique global reference for TrendMicro TropicTrooper 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-14T00:00:00Z
date_published 2015-01-01T00:00:00Z
source MITRE
title Operation Tropic Trooper: Relying on Tried-and-Tested Flaws to Infiltrate Secret Keepers

ClearSky and Trend Micro Operation Wilted Tulip July 2017

ClearSky and Trend Micro. (2017, July). Operation Wilted Tulip - Exposing a cyber espionage apparatus. Retrieved May 17, 2021.

Internal MISP references

UUID 696b12c6-ce1e-4e79-b781-43e0c70f9f2e which can be used as unique global reference for ClearSky and Trend Micro Operation Wilted Tulip July 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-17T00:00:00Z
date_published 2017-07-01T00:00:00Z
source MITRE, Tidal Cyber
title Operation Wilted Tulip - Exposing a cyber espionage apparatus

ClearSky Wilted Tulip July 2017

ClearSky Cyber Security and Trend Micro. (2017, July). Operation Wilted Tulip: Exposing a cyber espionage apparatus. Retrieved August 21, 2017.

Internal MISP references

UUID 50233005-8dc4-4e91-9477-df574271df40 which can be used as unique global reference for ClearSky Wilted Tulip July 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-08-21T00:00:00Z
date_published 2017-07-01T00:00:00Z
source MITRE
title Operation Wilted Tulip: Exposing a cyber espionage apparatus

ESET Windigo Mar 2014

Bilodeau, O., Bureau, M., Calvet, J., Dorais-Joncas, A., Léveillé, M., Vanheuverzwijn, B. (2014, March 18). Operation Windigo – the vivisection of a large Linux server‑side credential‑stealing malware campaign. Retrieved February 10, 2021.

Internal MISP references

UUID 721cdb36-d3fc-4212-b324-6be2b5f9cb46 which can be used as unique global reference for ESET Windigo Mar 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-10T00:00:00Z
date_published 2014-03-18T00:00:00Z
source MITRE
title Operation Windigo – the vivisection of a large Linux server‑side credential‑stealing malware campaign

FoxIT Wocao December 2019

Dantzig, M. v., Schamper, E. (2019, December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020.

Internal MISP references

UUID aa3e31c7-71cd-4a3f-b482-9049c9abb631 which can be used as unique global reference for FoxIT Wocao December 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-08T00:00:00Z
date_published 2019-12-19T00:00:00Z
source MITRE
title Operation Wocao: Shining a light on one of China’s hidden hacking groups

TrendMicro Operation Woolen Goldfish March 2015

Cedric Pernet, Kenney Lu. (2015, March 19). Operation Woolen-Goldfish - When Kittens Go phishing. Retrieved April 21, 2021.

Internal MISP references

UUID 0f077c93-aeda-4c95-9996-c52812a31267 which can be used as unique global reference for TrendMicro Operation Woolen Goldfish March 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-21T00:00:00Z
date_published 2015-03-19T00:00:00Z
source MITRE
title Operation Woolen-Goldfish - When Kittens Go phishing

Bleeping Computer Op Sharpshooter March 2019

I. Ilascu. (2019, March 3). Op 'Sharpshooter' Connected to North Korea's Lazarus Group. Retrieved September 26, 2022.

Internal MISP references

UUID 84430646-6568-4288-8710-2827692a8862 which can be used as unique global reference for Bleeping Computer Op Sharpshooter March 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-26T00:00:00Z
date_published 2019-03-03T00:00:00Z
source MITRE
title Op 'Sharpshooter' Connected to North Korea's Lazarus Group

Symantec Orangeworm IOCs April 2018

Symantec Security Response Attack Investigation Team. (2018, April 23). Orangeworm: Indicators of Compromise. Retrieved July 8, 2018.

Internal MISP references

UUID 293596ad-a13f-456b-8916-d1e1b1afe0da which can be used as unique global reference for Symantec Orangeworm IOCs April 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-08T00:00:00Z
date_published 2018-04-23T00:00:00Z
source MITRE
title Orangeworm: Indicators of Compromise

Symantec WastedLocker June 2020

Symantec Threat Intelligence. (2020, June 25). WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations. Retrieved May 20, 2021.

Internal MISP references

UUID 061d8f74-a202-4089-acae-687e4f96933b which can be used as unique global reference for Symantec WastedLocker June 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-20T00:00:00Z
source MITRE
title Organizations

Symantec Calisto July 2018

Pantig, J. (2018, July 30). OSX.Calisto. Retrieved September 7, 2018.

Internal MISP references

UUID cefef3d8-94f5-4d94-9689-6ed38702454f which can be used as unique global reference for Symantec Calisto July 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-07T00:00:00Z
date_published 2018-07-30T00:00:00Z
source MITRE
title OSX.Calisto

Objective-See MacMa Nov 2021

Wardle, P. (2021, November 11). OSX.CDDS (OSX.MacMa). Retrieved June 30, 2022.

Internal MISP references

UUID 7240261e-d901-4a68-b6fc-deec308e8a50 which can be used as unique global reference for Objective-See MacMa Nov 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-30T00:00:00Z
date_published 2021-11-11T00:00:00Z
source MITRE
title OSX.CDDS (OSX.MacMa)

hexed osx.dok analysis 2019

fluffybunny. (2019, July 9). OSX.Dok Analysis. Retrieved October 4, 2021.

Internal MISP references

UUID 96f9d36a-01a5-418e-85f4-957e58d49c1b which can be used as unique global reference for hexed osx.dok analysis 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-04T00:00:00Z
date_published 2019-07-09T00:00:00Z
source MITRE
title OSX.Dok Analysis

malwarebyteslabs xcsset dubrobber

Thomas Reed. (2020, April 21). OSX.DubRobber. Retrieved October 5, 2021.

Internal MISP references

UUID 11ef576f-1bac-49e3-acba-85d70a42503e which can be used as unique global reference for malwarebyteslabs xcsset dubrobber in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-05T00:00:00Z
date_published 2020-04-21T00:00:00Z
source MITRE
title OSX.DubRobber

wardle evilquest partii

Patrick Wardle. (2020, July 3). OSX.EvilQuest Uncovered part ii: insidious capabilities. Retrieved March 21, 2021.

Internal MISP references

UUID 4fee237c-c2ec-47f5-b382-ec6bd4779281 which can be used as unique global reference for wardle evilquest partii in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-21T00:00:00Z
date_published 2020-07-03T00:00:00Z
source MITRE
title OSX.EvilQuest Uncovered part ii: insidious capabilities

wardle evilquest parti

Patrick Wardle. (2020, June 29). OSX.EvilQuest Uncovered part i: infection, persistence, and more!. Retrieved March 18, 2021.

Internal MISP references

UUID 1ebd91db-9b56-442f-bb61-9e154b5966ac which can be used as unique global reference for wardle evilquest parti in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-18T00:00:00Z
date_published 2020-06-29T00:00:00Z
source MITRE
title OSX.EvilQuest Uncovered part i: infection, persistence, and more!

eset_osx_flashback

ESET. (2012, January 1). OSX/Flashback. Retrieved April 19, 2022.

Internal MISP references

UUID ce6e5a21-0063-4356-a77a-5c5f9fd2cf5c which can be used as unique global reference for eset_osx_flashback in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-19T00:00:00Z
date_published 2012-01-01T00:00:00Z
source MITRE
title OSX/Flashback

CheckPoint Dok

Ofer Caspi. (2017, May 4). OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic. Retrieved October 5, 2021.

Internal MISP references

UUID 8c178fd8-db34-45c6-901a-a8b2c178d809 which can be used as unique global reference for CheckPoint Dok in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-05T00:00:00Z
date_published 2017-05-04T00:00:00Z
source MITRE
title OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic

Intego Shlayer Feb 2018

Long, Joshua. (2018, February 21). OSX/Shlayer: New Mac malware comes out of its shell. Retrieved August 28, 2019.

Internal MISP references

UUID 46eb883c-e203-4cd9-8f1c-c6ea12bc2742 which can be used as unique global reference for Intego Shlayer Feb 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-08-28T00:00:00Z
date_published 2018-02-21T00:00:00Z
source MITRE
title OSX/Shlayer: New Mac malware comes out of its shell

Decoded Avast.io Follina June 3 2022

Threat Intelligence Team. (2022, June 3). Outbreak of Follina in Australia. Retrieved May 7, 2023.

Internal MISP references

UUID 2b43d421-3921-4efa-9bde-4b482811523f which can be used as unique global reference for Decoded Avast.io Follina June 3 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2022-06-03T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Outbreak of Follina in Australia

SensePost Outlook Forms

Stalmans, E. (2017, April 28). Outlook Forms and Shells. Retrieved February 4, 2019.

Internal MISP references

UUID 5d91a713-2f05-43bd-9fef-aa3f51f4c45a which can be used as unique global reference for SensePost Outlook Forms in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-04T00:00:00Z
date_published 2017-04-28T00:00:00Z
source MITRE
title Outlook Forms and Shells

SensePost Outlook Home Page

Stalmans, E. (2017, October 11). Outlook Home Page – Another Ruler Vector. Retrieved February 4, 2019.

Internal MISP references

UUID d2758a4b-d326-45a7-9ebf-03efcd1832da which can be used as unique global reference for SensePost Outlook Home Page in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-04T00:00:00Z
date_published 2017-10-11T00:00:00Z
source MITRE
title Outlook Home Page – Another Ruler Vector

Outlook Today Home Page

Soutcast. (2018, September 14). Outlook Today Homepage Persistence. Retrieved February 5, 2019.

Internal MISP references

UUID cb7beffb-a955-40fd-b114-de6533efc80d which can be used as unique global reference for Outlook Today Home Page in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-05T00:00:00Z
date_published 2018-09-14T00:00:00Z
source MITRE
title Outlook Today Homepage Persistence

Recorded Future Beacon 2019

Recorded Future. (2019, June 20). Out of the Blue: How Recorded Future Identified Rogue Cobalt Strike Servers. Retrieved October 16, 2020.

Internal MISP references

UUID 4e554042-53bb-44d4-9acc-44c86329ac47 which can be used as unique global reference for Recorded Future Beacon 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-16T00:00:00Z
date_published 2019-06-20T00:00:00Z
source MITRE
title Out of the Blue: How Recorded Future Identified Rogue Cobalt Strike Servers

FireEye APT33 Guardrail

Ackerman, G., et al. (2018, December 21). OVERRULED: Containing a Potentially Destructive Adversary. Retrieved January 17, 2019.

Internal MISP references

UUID 4b4c9e72-eee1-4fa4-8dcb-501ec49882b0 which can be used as unique global reference for FireEye APT33 Guardrail in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-01-17T00:00:00Z
date_published 2018-12-21T00:00:00Z
source MITRE
title OVERRULED: Containing a Potentially Destructive Adversary

Kubernetes Cloud Native Security

Kubernetes. (n.d.). Overview of Cloud Native Security. Retrieved March 8, 2023.

Internal MISP references

UUID 55ee5bcc-ba56-58ac-9afb-2349aa75fe39 which can be used as unique global reference for Kubernetes Cloud Native Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-08T00:00:00Z
source MITRE
title Overview of Cloud Native Security

Apple Doco Archive Dynamic Libraries

Apple Inc.. (2012, July 23). Overview of Dynamic Libraries. Retrieved March 24, 2021.

Internal MISP references

UUID e3b8cc52-2096-418c-b291-1bc76022961d which can be used as unique global reference for Apple Doco Archive Dynamic Libraries in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-24T00:00:00Z
date_published 2012-07-23T00:00:00Z
source MITRE
title Overview of Dynamic Libraries

Apple Dev Dynamic Libraries

Apple. (2012, July 23). Overview of Dynamic Libraries. Retrieved September 7, 2023.

Internal MISP references

UUID 39ffd162-4052-57ec-bd20-2fe6b8e6beab which can be used as unique global reference for Apple Dev Dynamic Libraries in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-07T00:00:00Z
date_published 2012-07-23T00:00:00Z
source MITRE
title Overview of Dynamic Libraries

GCP IAM Conditions

Google Cloud. (n.d.). Overview of IAM Conditions. Retrieved January 2, 2024.

Internal MISP references

UUID fc117963-580f-5f4a-a969-b2410e00a58f which can be used as unique global reference for GCP IAM Conditions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-02T00:00:00Z
source MITRE
title Overview of IAM Conditions

Kubeflow Pipelines

The Kubeflow Authors. (n.d.). Overview of Kubeflow Pipelines. Retrieved March 29, 2021.

Internal MISP references

UUID 0b40474c-173c-4a8c-8cc7-bac2dcfcaedd which can be used as unique global reference for Kubeflow Pipelines in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-29T00:00:00Z
source MITRE
title Overview of Kubeflow Pipelines

TechNet RDP Gateway

Microsoft. (n.d.). Overview of Remote Desktop Gateway. Retrieved June 6, 2016.

Internal MISP references

UUID 3e832a4f-b8e6-4c28-bb33-f2db817403b9 which can be used as unique global reference for TechNet RDP Gateway in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-06T00:00:00Z
source MITRE
title Overview of Remote Desktop Gateway

CrowdStrike AQUATIC PANDA December 2021

Wiley, B. et al. (2021, December 29). OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt. Retrieved January 18, 2022.

Internal MISP references

UUID fd095ef2-6fc2-4f6f-9e4f-037b2a9217d2 which can be used as unique global reference for CrowdStrike AQUATIC PANDA December 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-18T00:00:00Z
date_published 2021-12-29T00:00:00Z
source MITRE, Tidal Cyber
title OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt

OWASP Top 10 2017

OWASP. (2017, April 16). OWASP Top 10 2017 - The Ten Most Critical Web Application Security Risks. Retrieved February 12, 2019.

Internal MISP references

UUID 044ef2b7-44cc-4da6-b8e2-45d630558534 which can be used as unique global reference for OWASP Top 10 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-12T00:00:00Z
date_published 2017-04-16T00:00:00Z
source MITRE
title OWASP Top 10 2017 - The Ten Most Critical Web Application Security Risks

OWASP Top 10

OWASP. (2018, February 23). OWASP Top Ten Project. Retrieved April 3, 2018.

Internal MISP references

UUID c6db3a77-4d01-4b4d-886d-746d676ed6d0 which can be used as unique global reference for OWASP Top 10 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-03T00:00:00Z
date_published 2018-02-23T00:00:00Z
source MITRE
title OWASP Top Ten Project

Debian Manual Maintainer Scripts

Debian Policy Manual v4.6.1.1. (2022, August 14). Package maintainer scripts and installation procedure. Retrieved September 27, 2022.

Internal MISP references

UUID e32e293a-f583-494e-9eb5-c82167f2e000 which can be used as unique global reference for Debian Manual Maintainer Scripts in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-27T00:00:00Z
date_published 2022-08-14T00:00:00Z
source MITRE
title Package maintainer scripts and installation procedure

GCP Packet Mirroring

Google Cloud. (n.d.). Packet Mirroring overview. Retrieved March 17, 2022.

Internal MISP references

UUID c91c6399-3520-4410-936d-48c3b13235ca which can be used as unique global reference for GCP Packet Mirroring in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-17T00:00:00Z
source MITRE
title Packet Mirroring overview

Citizenlab Packrat 2015

Scott-Railton, J., et al. (2015, December 8). Packrat. Retrieved December 18, 2020.

Internal MISP references

UUID 316f347f-3e92-4861-a075-db64adf6b6a8 which can be used as unique global reference for Citizenlab Packrat 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-18T00:00:00Z
date_published 2015-12-08T00:00:00Z
source MITRE
title Packrat

GitHub Pacu

Rhino Security Labs. (2019, August 22). Pacu. Retrieved October 17, 2019.

Internal MISP references

UUID bda43b1b-ea8d-4371-9984-6d8a7cc24965 which can be used as unique global reference for GitHub Pacu in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-17T00:00:00Z
date_published 2019-08-22T00:00:00Z
source MITRE
title Pacu

Pacu Detection Disruption Module

Rhino Security Labs. (2021, April 29). Pacu Detection Disruption Module. Retrieved August 4, 2023.

Internal MISP references

UUID deba605b-7abc-5794-a820-448a395aab69 which can be used as unique global reference for Pacu Detection Disruption Module in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-04T00:00:00Z
date_published 2021-04-29T00:00:00Z
source MITRE
title Pacu Detection Disruption Module

Symantec Palmerworm Sep 2020

Threat Intelligence. (2020, September 29). Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors. Retrieved March 25, 2022.

Internal MISP references

UUID 84ecd475-8d3f-4e7c-afa8-2dff6078bed5 which can be used as unique global reference for Symantec Palmerworm Sep 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-25T00:00:00Z
date_published 2020-09-29T00:00:00Z
source MITRE, Tidal Cyber
title Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors

Apple PAM

Apple. (2011, May 11). PAM - Pluggable Authentication Modules. Retrieved June 25, 2020.

Internal MISP references

UUID 4838a58e-c00d-4b4c-937d-8da5d9f1a4b5 which can be used as unique global reference for Apple PAM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-25T00:00:00Z
date_published 2011-05-11T00:00:00Z
source MITRE
title PAM - Pluggable Authentication Modules

Man Pam_Unix

die.net. (n.d.). pam_unix(8) - Linux man page. Retrieved June 25, 2020.

Internal MISP references

UUID 6bc5ad93-3cc2-4429-ac4c-aae72193df27 which can be used as unique global reference for Man Pam_Unix in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-25T00:00:00Z
source MITRE
title pam_unix(8) - Linux man page

Unit42 PlugX June 2017

Lancaster, T., Idrizovic, E. (2017, June 27). Paranoid PlugX. Retrieved April 19, 2019.

Internal MISP references

UUID 9dc629a0-543c-4221-86cc-0dfb93903988 which can be used as unique global reference for Unit42 PlugX June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-19T00:00:00Z
date_published 2017-06-27T00:00:00Z
source MITRE
title Paranoid PlugX

Palo Alto PlugX June 2017

Lancaster, T. and Idrizovic, E.. (2017, June 27). Paranoid PlugX. Retrieved July 13, 2017.

Internal MISP references

UUID 27f17e79-ef38-4c20-9250-40c81fa8717a which can be used as unique global reference for Palo Alto PlugX June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-13T00:00:00Z
date_published 2017-06-27T00:00:00Z
source MITRE
title Paranoid PlugX

Secuirtyinbits Ataware3 May 2019

Secuirtyinbits . (2019, May 14). Parent PID Spoofing (Stage 2) Ataware Ransomware Part 3. Retrieved June 6, 2019.

Internal MISP references

UUID 0828b2fd-c85f-44c7-bb05-61e6eba34336 which can be used as unique global reference for Secuirtyinbits Ataware3 May 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-06T00:00:00Z
date_published 2019-05-14T00:00:00Z
source MITRE
title Parent PID Spoofing (Stage 2) Ataware Ransomware Part 3

Dragos PARISITE

Dragos. (n.d.). PARISITE. Retrieved December 21, 2020.

Internal MISP references

UUID 15e974db-51a9-4ec1-9725-cff8bb9bc2fa which can be used as unique global reference for Dragos PARISITE in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-21T00:00:00Z
source MITRE
title PARISITE

DOJ Lazarus Sony 2018

Department of Justice. (2018, September 6). Criminal Complaint - United States of America v. PARK JIN HYOK. Retrieved March 29, 2019.

Internal MISP references

UUID 950f8c1e-8793-43b7-abc7-0c9f6790b3b7 which can be used as unique global reference for DOJ Lazarus Sony 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-29T00:00:00Z
source MITRE
title PARK JIN HYOK

intezer stripped binaries elf files 2018

Ignacio Sanmillan. (2018, February 7). Executable and Linkable Format 101. Part 2: Symbols. Retrieved September 29, 2022.

Internal MISP references

UUID 2d1faa93-fed5-4b0d-b6c9-72bbc4782201 which can be used as unique global reference for intezer stripped binaries elf files 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-29T00:00:00Z
source MITRE
title Part 2: Symbols

Gabilondo DYLD_INSERT_LIBRARIES Catalina Bypass

Jon Gabilondo. (2019, September 22). How to Inject Code into Mach-O Apps. Part II.. Retrieved March 24, 2021.

Internal MISP references

UUID 67f3ce33-0197-41ef-a9d0-474c97ecf570 which can be used as unique global reference for Gabilondo DYLD_INSERT_LIBRARIES Catalina Bypass in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-24T00:00:00Z
source MITRE
title Part II.

Office 365 Delegated Administration

Microsoft. (n.d.). Partners: Offer delegated administration. Retrieved May 27, 2022.

Internal MISP references

UUID fa0ed0fd-bf57-4a0f-9370-e22f27b20e42 which can be used as unique global reference for Office 365 Delegated Administration in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-27T00:00:00Z
source MITRE
title Partners: Offer delegated administration

Microsoft IFEOorMalware July 2015

Microsoft. (2015, July 30). Part of Windows 10 or really Malware?. Retrieved December 18, 2017.

Internal MISP references

UUID 183843b5-66dc-4229-ba66-3171d9b8e33d which can be used as unique global reference for Microsoft IFEOorMalware July 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-18T00:00:00Z
date_published 2015-07-30T00:00:00Z
source MITRE
title Part of Windows 10 or really Malware?

Circl Passive DNS

CIRCL Computer Incident Response Center. (n.d.). Passive DNS. Retrieved October 20, 2020.

Internal MISP references

UUID c19f8683-97fb-4e0c-a9f5-12033b1d38ca which can be used as unique global reference for Circl Passive DNS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
source MITRE
title Passive DNS

ObjectiveSee AppleJeus 2019

Patrick Wardle. (2019, October 12). Pass the AppleJeus. Retrieved September 28, 2022.

Internal MISP references

UUID 4cfec669-1db5-4a67-81e2-18383e4c4d3d which can be used as unique global reference for ObjectiveSee AppleJeus 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-28T00:00:00Z
date_published 2019-10-12T00:00:00Z
source MITRE
title Pass the AppleJeus

GentilKiwi Pass the Ticket

Deply, B. (2014, January 13). Pass the ticket. Retrieved June 2, 2016.

Internal MISP references

UUID 3ff12b9c-1c4e-4383-a771-792f5e95dcf1 which can be used as unique global reference for GentilKiwi Pass the Ticket in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-02T00:00:00Z
date_published 2014-01-13T00:00:00Z
source MITRE
title Pass the ticket

Wikipedia Password cracking

Wikipedia. (n.d.). Password cracking. Retrieved December 23, 2015.

Internal MISP references

UUID d5ebb79f-b39a-46cb-b546-2db383783a58 which can be used as unique global reference for Wikipedia Password cracking in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-12-23T00:00:00Z
source MITRE
title Password cracking

RDP Hijacking Korznikov

Korznikov, A. (2017, March 17). Passwordless RDP Session Hijacking Feature All Windows versions. Retrieved December 11, 2017.

Internal MISP references

UUID 8877e1f3-11e6-4ae0-adbd-c9b98b07ee25 which can be used as unique global reference for RDP Hijacking Korznikov in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-11T00:00:00Z
date_published 2017-03-17T00:00:00Z
source MITRE
title Passwordless RDP Session Hijacking Feature All Windows versions

ise Password Manager February 2019

ise. (2019, February 19). Password Managers: Under the Hood of Secrets Management. Retrieved January 22, 2021.

Internal MISP references

UUID 253104ab-20b0-43d2-8338-afdd3237cc53 which can be used as unique global reference for ise Password Manager February 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-22T00:00:00Z
date_published 2019-02-19T00:00:00Z
source MITRE
title Password Managers: Under the Hood of Secrets Management

Microsoft Password Complexity

Hall, J., Lich, B. (2017, September 9). Password must meet complexity requirements. Retrieved April 5, 2018.

Internal MISP references

UUID 918d4b6c-5783-4332-96d9-430e4c5ae030 which can be used as unique global reference for Microsoft Password Complexity in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-05T00:00:00Z
date_published 2017-09-09T00:00:00Z
source MITRE
title Password must meet complexity requirements

BlackHillsInfosec Password Spraying

Thyer, J. (2015, October 30). Password Spraying & Other Fun with RPCCLIENT. Retrieved April 25, 2017.

Internal MISP references

UUID f45c7a4b-dafc-4e5c-ad3f-db4b0388a1d7 which can be used as unique global reference for BlackHillsInfosec Password Spraying in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-04-25T00:00:00Z
date_published 2015-10-30T00:00:00Z
source MITRE
title Password Spraying & Other Fun with RPCCLIENT

how_pwd_rev_enc_1

Teusink, N. (2009, August 25). Passwords stored using reversible encryption: how it works (part 1). Retrieved November 17, 2021.

Internal MISP references

UUID 180246ca-94d8-4c78-894d-ae3b6fad3257 which can be used as unique global reference for how_pwd_rev_enc_1 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-11-17T00:00:00Z
date_published 2009-08-25T00:00:00Z
source MITRE
title Passwords stored using reversible encryption: how it works (part 1)

how_pwd_rev_enc_2

Teusink, N. (2009, August 26). Passwords stored using reversible encryption: how it works (part 2). Retrieved November 17, 2021.

Internal MISP references

UUID cc08f190-5c17-441c-a6fa-99f8fdb8d1ae which can be used as unique global reference for how_pwd_rev_enc_2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-11-17T00:00:00Z
date_published 2009-08-26T00:00:00Z
source MITRE
title Passwords stored using reversible encryption: how it works (part 2)

Volexity Patchwork June 2018

Meltzer, M, et al. (2018, June 07). Patchwork APT Group Targets US Think Tanks. Retrieved July 16, 2018.

Internal MISP references

UUID d3ed7dd9-0941-4160-aa6a-c0244c63560f which can be used as unique global reference for Volexity Patchwork June 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-16T00:00:00Z
date_published 2018-06-07T00:00:00Z
source MITRE, Tidal Cyber
title Patchwork APT Group Targets US Think Tanks

PaloAlto Patchwork Mar 2018

Levene, B. et al.. (2018, March 7). Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent. Retrieved March 31, 2018.

Internal MISP references

UUID 2609e461-1e23-4dc2-aa44-d09f4acb8c6e which can be used as unique global reference for PaloAlto Patchwork Mar 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-31T00:00:00Z
date_published 2018-03-07T00:00:00Z
source MITRE
title Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent

Symantec Patchwork

Hamada, J.. (2016, July 25). Patchwork cyberespionage group expands targets from governments to wide range of industries. Retrieved August 17, 2016.

Internal MISP references

UUID a6172463-56e2-49f2-856d-f4f8320d7c6e which can be used as unique global reference for Symantec Patchwork in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-17T00:00:00Z
date_published 2016-07-25T00:00:00Z
source MITRE, Tidal Cyber
title Patchwork cyberespionage group expands targets from governments to wide range of industries

Trend Micro Pawn Storm OAuth 2017

Hacquebord, F.. (2017, April 25). Pawn Storm Abuses Open Authentication in Advanced Social Engineering Attacks. Retrieved October 4, 2019.

Internal MISP references

UUID 7d12c764-facd-4086-acd0-5c0287344520 which can be used as unique global reference for Trend Micro Pawn Storm OAuth 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-04T00:00:00Z
date_published 2017-04-25T00:00:00Z
source MITRE
title Pawn Storm Abuses Open Authentication in Advanced Social Engineering Attacks

TrendMicro Pawn Storm 2019

Hacquebord, F. (n.d.). Pawn Storm in 2019 A Year of Scanning and Credential Phishing on High-Profile Targets. Retrieved December 29, 2020.

Internal MISP references

UUID 104f3264-3e8a-46ca-b9b2-e16a59938570 which can be used as unique global reference for TrendMicro Pawn Storm 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-29T00:00:00Z
source MITRE
title Pawn Storm in 2019 A Year of Scanning and Credential Phishing on High-Profile Targets

TrendMicro Pawn Storm Dec 2020

Hacquebord, F., Remorin, L. (2020, December 17). Pawn Storm’s Lack of Sophistication as a Strategy. Retrieved January 13, 2021.

Internal MISP references

UUID 3bc249cd-f29a-4a74-a179-a6860e43683f which can be used as unique global reference for TrendMicro Pawn Storm Dec 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-13T00:00:00Z
date_published 2020-12-17T00:00:00Z
source MITRE
title Pawn Storm’s Lack of Sophistication as a Strategy

ClearSky Pay2Kitten December 2020

ClearSky. (2020, December 17). Pay2Key Ransomware – A New Campaign by Fox Kitten. Retrieved December 21, 2020.

Internal MISP references

UUID 6e09bc1a-8a5d-4512-9176-40eed91af358 which can be used as unique global reference for ClearSky Pay2Kitten December 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-21T00:00:00Z
date_published 2020-12-17T00:00:00Z
source MITRE
title Pay2Key Ransomware – A New Campaign by Fox Kitten

PaypalScam

Bob Sullivan. (2000, July 24). PayPal alert! Beware the 'PaypaI' scam. Retrieved March 2, 2017.

Internal MISP references

UUID bcea7897-6cb2-467d-ad3b-ffd20badf19f which can be used as unique global reference for PaypalScam in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-02T00:00:00Z
date_published 2000-07-24T00:00:00Z
source MITRE
title PayPal alert! Beware the 'PaypaI' scam

Pcalua.exe - LOLBAS Project

LOLBAS. (2018, May 25). Pcalua.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 958064d4-7f9f-46a9-b475-93d6587ed770 which can be used as unique global reference for Pcalua.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Pcalua.exe

pcodedmp Bontchev

Bontchev, V. (2019, July 30). pcodedmp.py - A VBA p-code disassembler. Retrieved September 17, 2020.

Internal MISP references

UUID 3057d857-6984-4247-918b-952b75ee152e which can be used as unique global reference for pcodedmp Bontchev in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-17T00:00:00Z
date_published 2019-07-30T00:00:00Z
source MITRE
title pcodedmp.py - A VBA p-code disassembler

GitHub PcShare 2014

LiveMirror. (2014, September 17). PcShare. Retrieved October 11, 2022.

Internal MISP references

UUID f113559f-a6da-43bc-bc64-9ff7155b82bc which can be used as unique global reference for GitHub PcShare 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-10-11T00:00:00Z
date_published 2014-09-17T00:00:00Z
source MITRE
title PcShare

Pcwrun.exe - LOLBAS Project

LOLBAS. (2018, May 25). Pcwrun.exe. Retrieved December 4, 2023.

Internal MISP references

UUID b5946ca4-1f1b-4cba-af2f-0b99d6fff8b0 which can be used as unique global reference for Pcwrun.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Pcwrun.exe

Pcwutl.dll - LOLBAS Project

LOLBAS. (2018, May 25). Pcwutl.dll. Retrieved December 4, 2023.

Internal MISP references

UUID 1050758d-20da-4c4a-83d3-40aeff3db9ca which can be used as unique global reference for Pcwutl.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Pcwutl.dll

Microsoft Peach Sandstorm 2023

Microsoft Threat Intelligence. (2023, September 14). Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets. Retrieved September 18, 2023.

Internal MISP references

UUID 84d026ed-b8f2-5bbb-865a-2d93aa4b2ef8 which can be used as unique global reference for Microsoft Peach Sandstorm 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-18T00:00:00Z
date_published 2023-09-14T00:00:00Z
source MITRE
title Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets

Microsoft Peach Sandstorm September 14 2023

Microsoft Threat Intelligence. (2023, September 14). Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets. Retrieved January 31, 2024.

Internal MISP references

UUID 98a631f4-4b95-4159-b311-dee1216ec208 which can be used as unique global reference for Microsoft Peach Sandstorm September 14 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-31T00:00:00Z
date_published 2023-09-14T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets

Microsoft PEB 2021

Microsoft. (2021, October 6). PEB structure (winternl.h). Retrieved November 19, 2021.

Internal MISP references

UUID e0ec4cf6-1e6a-41ab-8704-a66c5cc4d226 which can be used as unique global reference for Microsoft PEB 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-11-19T00:00:00Z
date_published 2021-10-06T00:00:00Z
source MITRE
title PEB structure (winternl.h)

Peirates GitHub

InGuardians. (2022, January 5). Peirates GitHub. Retrieved February 8, 2022.

Internal MISP references

UUID a75cde8b-76e4-4dc3-b1d5-cf08479905e7 which can be used as unique global reference for Peirates GitHub in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-08T00:00:00Z
date_published 2022-01-05T00:00:00Z
source MITRE
title Peirates GitHub

Pentesting AD Forests

García, C. (2019, April 3). Pentesting Active Directory Forests. Retrieved October 20, 2020.

Internal MISP references

UUID 3ca2e78e-751e-460b-9f3c-f851d054bce4 which can be used as unique global reference for Pentesting AD Forests in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2019-04-03T00:00:00Z
source MITRE
title Pentesting Active Directory Forests

U.S. CISA BlackTech September 27 2023

Cybersecurity and Infrastructure Security Agency. (2023, September 27). People's Republic of China-Linked Cyber Actors Hide in Router Firmware. Retrieved September 29, 2023.

Internal MISP references

UUID 309bfb48-76d1-4ae9-9c6a-30b54658133c which can be used as unique global reference for U.S. CISA BlackTech September 27 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-29T00:00:00Z
date_published 2023-09-27T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title People's Republic of China-Linked Cyber Actors Hide in Router Firmware

U.S. CISA Volt Typhoon May 24 2023

Cybersecurity and Infrastructure Security Agency. (2023, May 24). People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection. Retrieved May 25, 2023.

Internal MISP references

UUID 12320f38-ebbf-486a-a450-8a548c3722d6 which can be used as unique global reference for U.S. CISA Volt Typhoon May 24 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-25T00:00:00Z
date_published 2023-05-24T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection

Joint Cybersecurity Advisory Volt Typhoon June 2023

NSA et al. (2023, May 24). People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection. Retrieved July 27, 2023.

Internal MISP references

UUID 14872f08-e219-5c0d-a2d7-43a3ba348b4b which can be used as unique global reference for Joint Cybersecurity Advisory Volt Typhoon June 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-27T00:00:00Z
date_published 2023-05-24T00:00:00Z
source MITRE
title People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection

TechNet Firewall Design

Microsoft. (2004, February 6). Perimeter Firewall Design. Retrieved April 25, 2016.

Internal MISP references

UUID bb149242-1916-400d-93b8-d0def161ed85 which can be used as unique global reference for TechNet Firewall Design in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-25T00:00:00Z
date_published 2004-02-06T00:00:00Z
source MITRE
title Perimeter Firewall Design

Oddvar Moe IFEO APR 2018

Moe, O. (2018, April 10). Persistence using GlobalFlags in Image File Execution Options - Hidden from Autoruns.exe. Retrieved June 27, 2018.

Internal MISP references

UUID 8661b51c-ddb7-484f-919d-22079c39d1e4 which can be used as unique global reference for Oddvar Moe IFEO APR 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-06-27T00:00:00Z
date_published 2018-04-10T00:00:00Z
source MITRE
title Persistence using GlobalFlags in Image File Execution Options - Hidden from Autoruns.exe

Oddvar Moe RunOnceEx Mar 2018

Moe, O. (2018, March 21). Persistence using RunOnceEx - Hidden from Autoruns.exe. Retrieved June 29, 2018.

Internal MISP references

UUID 36d52213-8d9f-4642-892b-40460d5631d7 which can be used as unique global reference for Oddvar Moe RunOnceEx Mar 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-06-29T00:00:00Z
date_published 2018-03-21T00:00:00Z
source MITRE
title Persistence using RunOnceEx - Hidden from Autoruns.exe

Xorrior Authorization Plugins

Chris Ross. (2018, October 17). Persistent Credential Theft with Authorization Plugins. Retrieved April 22, 2021.

Internal MISP references

UUID e397815d-34ea-4275-90d8-1b85e5b47369 which can be used as unique global reference for Xorrior Authorization Plugins in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-22T00:00:00Z
date_published 2018-10-17T00:00:00Z
source MITRE
title Persistent Credential Theft with Authorization Plugins

SpecterOps JXA 2020

Pitt, L. (2020, August 6). Persistent JXA. Retrieved April 14, 2021.

Internal MISP references

UUID d9b6bb05-6ab4-4f5e-9ef0-f3e0cc97ce29 which can be used as unique global reference for SpecterOps JXA 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-14T00:00:00Z
date_published 2020-08-06T00:00:00Z
source MITRE
title Persistent JXA

PersistentJXA_leopitt

Leo Pitt. (2020, August 6). Persistent JXA - A poor man's Powershell for macOS. Retrieved January 11, 2021.

Internal MISP references

UUID 2d66932e-1b73-4255-a9a8-ea8effb3a776 which can be used as unique global reference for PersistentJXA_leopitt in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-11T00:00:00Z
date_published 2020-08-06T00:00:00Z
source MITRE
title Persistent JXA - A poor man's Powershell for macOS

Pester.bat - LOLBAS Project

LOLBAS. (2018, May 25). Pester.bat. Retrieved December 4, 2023.

Internal MISP references

UUID 93f281f6-6fcc-474a-b222-b303ea417a18 which can be used as unique global reference for Pester.bat - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Pester.bat

TrendMicro PE_URSNIF.A2

Trend Micro. (2014, December 11). PE_URSNIF.A2. Retrieved June 5, 2019.

Internal MISP references

UUID 71f5b9da-b882-4376-ac93-b4ce952d0271 which can be used as unique global reference for TrendMicro PE_URSNIF.A2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-05T00:00:00Z
date_published 2014-12-11T00:00:00Z
source MITRE
title PE_URSNIF.A2

Volatility Phalanx2

Case, A. (2012, October 10). Phalanx 2 Revealed: Using Volatility to Analyze an Advanced Linux Rootkit. Retrieved April 9, 2018.

Internal MISP references

UUID 6149f9ed-9218-489b-b87c-8208de89be68 which can be used as unique global reference for Volatility Phalanx2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-09T00:00:00Z
date_published 2012-10-10T00:00:00Z
source MITRE
title Phalanx 2 Revealed: Using Volatility to Analyze an Advanced Linux Rootkit

Prevailion EvilNum May 2020

Adamitis, D. (2020, May 6). Phantom in the Command Shell. Retrieved December 22, 2021.

Internal MISP references

UUID 533b8ae2-2fc3-4cf4-bcaa-5d8bfcba91c0 which can be used as unique global reference for Prevailion EvilNum May 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-22T00:00:00Z
date_published 2020-05-06T00:00:00Z
source MITRE
title Phantom in the Command Shell

GitHub Phishery

Ryan Hanson. (2016, September 24). phishery. Retrieved October 23, 2020.

Internal MISP references

UUID 6da51561-a813-4802-aa84-1b3de1bc2e14 which can be used as unique global reference for GitHub Phishery in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-23T00:00:00Z
date_published 2016-09-24T00:00:00Z
source MITRE
title phishery

ryhanson phishery SEPT 2016

Hanson, R. (2016, September 24). phishery. Retrieved July 21, 2018.

Internal MISP references

UUID 7e643cf0-5df7-455d-add7-2342f36bdbcb which can be used as unique global reference for ryhanson phishery SEPT 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-21T00:00:00Z
date_published 2016-09-24T00:00:00Z
source MITRE
title phishery

ANSSI Nobelium Phishing December 2021

ANSSI. (2021, December 6). PHISHING CAMPAIGNS BY THE NOBELIUM INTRUSION SET. Retrieved April 13, 2022.

Internal MISP references

UUID 96ee2b87-9727-4914-affe-d9dc5d58c955 which can be used as unique global reference for ANSSI Nobelium Phishing December 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-13T00:00:00Z
date_published 2021-12-06T00:00:00Z
source MITRE
title PHISHING CAMPAIGNS BY THE NOBELIUM INTRUSION SET

QR-campaign-energy-firm

Jonathan Greig. (2023, August 16). Phishing campaign used QR codes to target large energy company. Retrieved November 27, 2023.

Internal MISP references

UUID f73f45c8-4285-572e-b861-a0ded463a91e which can be used as unique global reference for QR-campaign-energy-firm in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-27T00:00:00Z
date_published 2023-08-16T00:00:00Z
source MITRE
title Phishing campaign used QR codes to target large energy company

Enigma Phishing for Credentials Jan 2015

Nelson, M. (2015, January 21). Phishing for Credentials: If you want it, just ask!. Retrieved December 17, 2018.

Internal MISP references

UUID 7fff81f0-2b99-4f4f-8eca-c6a54c4d8205 which can be used as unique global reference for Enigma Phishing for Credentials Jan 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-12-17T00:00:00Z
date_published 2015-01-21T00:00:00Z
source MITRE
title Phishing for Credentials: If you want it, just ask!

KISA Operation Muzabi

KISA. (n.d.). Phishing Target Reconnaissance and Attack Resource Analysis Operation Muzabi. Retrieved March 7, 2022.

Internal MISP references

UUID 8742ac96-a316-4264-9d3d-265784483f1a which can be used as unique global reference for KISA Operation Muzabi in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-07T00:00:00Z
source MITRE
title Phishing Target Reconnaissance and Attack Resource Analysis Operation Muzabi

Staaldraad Phishing with OAuth 2017

Stalmans, E.. (2017, August 2). Phishing with OAuth and o365/Azure. Retrieved October 4, 2019.

Internal MISP references

UUID ae139c14-05ec-4c75-861b-15d86b4913fc which can be used as unique global reference for Staaldraad Phishing with OAuth 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-04T00:00:00Z
date_published 2017-08-02T00:00:00Z
source MITRE
title Phishing with OAuth and o365/Azure

phobos_virustotal

Phobos Ransomware. (2020, December 30). Phobos Ransomware, Fast.exe. Retrieved September 20, 2021.

Internal MISP references

UUID 929dbb22-34a5-4377-95dd-9e240ecb343a which can be used as unique global reference for phobos_virustotal in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-20T00:00:00Z
date_published 2020-12-30T00:00:00Z
source MITRE
title Phobos Ransomware, Fast.exe

Deep Instinct PhonyC2 June 2023

Simon Kenin. (2023, June 29). PhonyC2: Revealing a New Malicious Command & Control Framework by MuddyWater. Retrieved October 10, 2023.

Internal MISP references

UUID fd42ac0b-eae5-41bb-b56c-cb1c6d19857b which can be used as unique global reference for Deep Instinct PhonyC2 June 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-10T00:00:00Z
date_published 2023-06-29T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title PhonyC2: Revealing a New Malicious Command & Control Framework by MuddyWater

Talos Remcos Aug 2018

Brumaghin, E., Unterbrink, H. (2018, August 22). Picking Apart Remcos Botnet-In-A-Box. Retrieved November 6, 2018.

Internal MISP references

UUID c5cb2eff-ed48-47ff-bfd6-79152bf51430 which can be used as unique global reference for Talos Remcos Aug 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-06T00:00:00Z
date_published 2018-08-22T00:00:00Z
source MITRE
title Picking Apart Remcos Botnet-In-A-Box

FireEye FIN6 Apr 2019

McKeague, B. et al. (2019, April 5). Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware. Retrieved April 17, 2019.

Internal MISP references

UUID e8a2bc6a-04e3-484e-af67-5f57656c7206 which can be used as unique global reference for FireEye FIN6 Apr 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-17T00:00:00Z
date_published 2019-04-05T00:00:00Z
source MITRE
title Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware

Picus Labs Proc cump 2022

Huseyin Can YUCEEL & Picus Labs. (2022, March 22). Retrieved March 31, 2023.

Internal MISP references

UUID e8a50a79-6ca4-5c91-87ad-0b1ba9eca505 which can be used as unique global reference for Picus Labs Proc cump 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-31T00:00:00Z
source MITRE
title Picus Labs Proc cump 2022

wired-pig butchering

Lily Hay Newman. (n.d.). ‘Pig Butchering’ Scams Are Now a $3 Billion Threat. Retrieved August 18, 2023.

Internal MISP references

UUID dc833e17-7105-5790-b30b-b4fed7fd2d2f which can be used as unique global reference for wired-pig butchering in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-18T00:00:00Z
source MITRE
title ‘Pig Butchering’ Scams Are Now a $3 Billion Threat

Malwarebytes Pikabot December 15 2023

Jérôme Segura. (2023, December 15). PikaBot distributed via malicious search ads. Retrieved January 11, 2023.

Internal MISP references

UUID 50b29ef4-7ade-4672-99b6-fdf367170a5b which can be used as unique global reference for Malwarebytes Pikabot December 15 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-01-11T00:00:00Z
date_published 2023-12-15T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title PikaBot distributed via malicious search ads

Trustwave Pillowmint June 2020

Trustwave SpiderLabs. (2020, June 22). Pillowmint: FIN7’s Monkey Thief . Retrieved July 27, 2020.

Internal MISP references

UUID 31bf381d-a0fc-4a4f-8d39-832480891685 which can be used as unique global reference for Trustwave Pillowmint June 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-27T00:00:00Z
date_published 2020-06-22T00:00:00Z
source MITRE
title Pillowmint: FIN7’s Monkey Thief

TechNet Ping

Microsoft. (n.d.). Ping. Retrieved April 8, 2016.

Internal MISP references

UUID 5afc8ad5-f50d-464f-ba84-e347b3f3e994 which can be used as unique global reference for TechNet Ping in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-08T00:00:00Z
source MITRE
title Ping

Rehberger, J. (2018, December). Pivot to the Cloud using Pass the Cookie. Retrieved April 5, 2019.

Internal MISP references

UUID dc67930f-5c7b-41be-97e9-d8f4a55e6019 which can be used as unique global reference for Pass The Cookie in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-05T00:00:00Z
date_published 2018-12-01T00:00:00Z
source MITRE
title Pivot to the Cloud using Pass the Cookie

Pktmon.exe - LOLBAS Project

LOLBAS. (2020, August 12). Pktmon.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 8f0ad4ed-869b-4332-b091-7551262cff29 which can be used as unique global reference for Pktmon.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-08-12T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Pktmon.exe

Osanda Stealing NetNTLM Hashes

Osanda Malith Jayathissa. (2017, March 24). Places of Interest in Stealing NetNTLM Hashes. Retrieved January 26, 2018.

Internal MISP references

UUID 991f885e-b3f4-4f3f-b0f9-c9862f918f36 which can be used as unique global reference for Osanda Stealing NetNTLM Hashes in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-26T00:00:00Z
date_published 2017-03-24T00:00:00Z
source MITRE
title Places of Interest in Stealing NetNTLM Hashes

Microsoft PLATINUM June 2017

Kaplan, D, et al. (2017, June 7). PLATINUM continues to evolve, find ways to maintain invisibility. Retrieved February 19, 2018.

Internal MISP references

UUID e71c669e-50bc-4e91-8cee-7cbedab420d1 which can be used as unique global reference for Microsoft PLATINUM June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-19T00:00:00Z
date_published 2017-06-07T00:00:00Z
source MITRE
title PLATINUM continues to evolve, find ways to maintain invisibility

Microsoft PLATINUM April 2016

Windows Defender Advanced Threat Hunting Team. (2016, April 29). PLATINUM: Targeted attacks in South and Southeast Asia. Retrieved February 15, 2018.

Internal MISP references

UUID d0ec5037-aa7f-48ee-8d37-ff8fb2c8c297 which can be used as unique global reference for Microsoft PLATINUM April 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-15T00:00:00Z
date_published 2016-04-29T00:00:00Z
source MITRE, Tidal Cyber
title PLATINUM: Targeted attacks in South and Southeast Asia

Forcepoint Felismus Mar 2017

Somerville, L. and Toro, A. (2017, March 30). Playing Cat & Mouse: Introducing the Felismus Malware. Retrieved November 16, 2017.

Internal MISP references

UUID 23b94586-3856-4937-9b02-4fe184b7ba01 which can be used as unique global reference for Forcepoint Felismus Mar 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-16T00:00:00Z
date_published 2017-03-30T00:00:00Z
source MITRE
title Playing Cat & Mouse: Introducing the Felismus Malware

Symantec Play Ransomware April 19 2023

Symantec Threat Hunter Team. (2023, April 19). Play Ransomware Group Using New Custom Data-Gathering Tools. Retrieved August 10, 2023.

Internal MISP references

UUID a78613a5-ce17-4d11-8f2f-3e642cd7673c which can be used as unique global reference for Symantec Play Ransomware April 19 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-10T00:00:00Z
date_published 2023-04-19T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Play Ransomware Group Using New Custom Data-Gathering Tools

Trend Micro Play Ransomware September 06 2022

Don Ovid Ladores, Lucas Silva, Scott Burden, Janus Agcaoili, Ivan Nicole Chavez, Ian Kenefick, Ieriz Nicolle Gonzalez, Paul Pajares. (2022, September 6). Play Ransomware's Attack Playbook Similar to that of Hive, Nokoyawa. Retrieved September 21, 2023.

Internal MISP references

UUID ed02529c-920d-4a92-8e86-be1ed7083991 which can be used as unique global reference for Trend Micro Play Ransomware September 06 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-21T00:00:00Z
date_published 2022-09-06T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Play Ransomware's Attack Playbook Similar to that of Hive, Nokoyawa

Trend Micro Play Playbook September 06 2022

Don Ovid Ladores, Lucas Silva, Scott Burden, Janus Agcaoili, Ivan Nicole Chavez, Ian Kenefick, Ieriz Nicolle Gonzalez, Paul Pajares. (2022, September 6). Play Ransomware's Attack Playbook Similar to that of Hive, Nokoyawa. Retrieved August 10, 2023.

Internal MISP references

UUID 2d2b527d-25b0-4b58-9ae6-c87060b64069 which can be used as unique global reference for Trend Micro Play Playbook September 06 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-10T00:00:00Z
date_published 2022-09-06T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Play Ransomware's Attack Playbook Similar to that of Hive, Nokoyawa

JPCert PLEAD Downloader June 2018

Tomonaga, S. (2018, June 8). PLEAD Downloader Used by BlackTech. Retrieved May 6, 2020.

Internal MISP references

UUID 871f4af2-ed99-4256-a74d-b8c0816a82ab which can be used as unique global reference for JPCert PLEAD Downloader June 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-06T00:00:00Z
date_published 2018-06-08T00:00:00Z
source MITRE
title PLEAD Downloader Used by BlackTech

Trend Micro PLEAD RTLO

Alintanahin, K.. (2014, May 23). PLEAD Targeted Attacks Against Taiwanese Government Agencies. Retrieved April 22, 2019.

Internal MISP references

UUID 9a052eba-1708-44c9-a20f-8b4ef208fa14 which can be used as unique global reference for Trend Micro PLEAD RTLO in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-22T00:00:00Z
date_published 2014-05-23T00:00:00Z
source MITRE
title PLEAD Targeted Attacks Against Taiwanese Government Agencies

fileinfo plist file description

FileInfo.com team. (2019, November 26). .PLIST File Extension. Retrieved October 12, 2021.

Internal MISP references

UUID 24331b9d-68af-4db2-887f-3a984b6c5783 which can be used as unique global reference for fileinfo plist file description in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-12T00:00:00Z
date_published 2019-11-26T00:00:00Z
source MITRE
title .PLIST File Extension

Pnputil.exe - LOLBAS Project

LOLBAS. (2020, December 25). Pnputil.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 21d0419a-5454-4808-b7e6-2b1b9de08ed6 which can be used as unique global reference for Pnputil.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-12-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Pnputil.exe

uptycs Fake POC linux malware 2023

Nischay Hegde and Siddartha Malladi. (2023, July 12). PoC Exploit: Fake Proof of Concept with Backdoor Malware. Retrieved September 28, 2023.

Internal MISP references

UUID edc18649-2fcf-5fb3-a717-db4bb28ca25f which can be used as unique global reference for uptycs Fake POC linux malware 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-28T00:00:00Z
date_published 2023-07-12T00:00:00Z
source MITRE
title PoC Exploit: Fake Proof of Concept with Backdoor Malware

GitHub SIP POC Sept 2017

Graeber, M. (2017, September 14). PoCSubjectInterfacePackage. Retrieved January 31, 2018.

Internal MISP references

UUID 1a9bc729-532b-47ab-89ba-90b0ff41f8aa which can be used as unique global reference for GitHub SIP POC Sept 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-31T00:00:00Z
date_published 2017-09-14T00:00:00Z
source MITRE
title PoCSubjectInterfacePackage

Kube Pod

kubenetes. (n.d.). Pod v1 core. Retrieved October 13, 2021.

Internal MISP references

UUID 8a7a4a51-e16d-447e-8f1e-c02d6dae3e26 which can be used as unique global reference for Kube Pod in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-13T00:00:00Z
source MITRE
title Pod v1 core

Talos PoetRAT October 2020

Mercer, W. Rascagneres, P. Ventura, V. (2020, October 6). PoetRAT: Malware targeting public and private sector in Azerbaijan evolves . Retrieved April 9, 2021.

Internal MISP references

UUID 5862c90a-3bae-48d0-8749-9a6510fe3630 which can be used as unique global reference for Talos PoetRAT October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-09T00:00:00Z
date_published 2020-10-06T00:00:00Z
source MITRE
title PoetRAT: Malware targeting public and private sector in Azerbaijan evolves

Talos PoetRAT April 2020

Mercer, W, et al. (2020, April 16). PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors. Retrieved April 27, 2020.

Internal MISP references

UUID fe2a79a5-bc50-4147-b919-f3d0eb7430b6 which can be used as unique global reference for Talos PoetRAT April 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-04-27T00:00:00Z
date_published 2020-04-16T00:00:00Z
source MITRE
title PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors

Talos Zeus Panda Nov 2017

Brumaghin, E., et al. (2017, November 02). Poisoning the Well: Banking Trojan Targets Google Search Results. Retrieved November 5, 2018.

Internal MISP references

UUID f96711d4-010d-4d7e-8074-31dd1b41c54d which can be used as unique global reference for Talos Zeus Panda Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-05T00:00:00Z
date_published 2017-11-02T00:00:00Z
source MITRE
title Poisoning the Well: Banking Trojan Targets Google Search Results

FireEye Poison Ivy

FireEye. (2014). POISON IVY: Assessing Damage and Extracting Intelligence. Retrieved November 12, 2014.

Internal MISP references

UUID c189447e-a903-4dc2-a38b-1f4accc64e20 which can be used as unique global reference for FireEye Poison Ivy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
date_published 2014-01-01T00:00:00Z
source MITRE
title POISON IVY: Assessing Damage and Extracting Intelligence

Umbreon Trend Micro

Fernando Mercês. (2016, September 5). Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems. Retrieved March 5, 2018.

Internal MISP references

UUID 38d9c5a2-8fa5-4cb7-a1a9-86b3f54c1eb7 which can be used as unique global reference for Umbreon Trend Micro in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-05T00:00:00Z
date_published 2016-09-05T00:00:00Z
source MITRE
title Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems

AWS IAM Policies and Permissions

AWS. (n.d.). Policies and permissions in IAM. Retrieved April 1, 2022.

Internal MISP references

UUID 9bb520fa-0c4f-48aa-8b0a-8f1d42ee1d0c which can be used as unique global reference for AWS IAM Policies and Permissions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-01T00:00:00Z
source MITRE
title Policies and permissions in IAM

EnableMPRNotifications

Microsoft. (2023, January 26). Policy CSP - WindowsLogon. Retrieved March 30, 2023.

Internal MISP references

UUID 36a7ed58-95ef-594f-a15b-5c3b5911a630 which can be used as unique global reference for EnableMPRNotifications in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-30T00:00:00Z
date_published 2023-01-26T00:00:00Z
source MITRE
title Policy CSP - WindowsLogon

Microsoft DirSync

Microsoft. (n.d.). Polling for Changes Using the DirSync Control. Retrieved March 30, 2018.

Internal MISP references

UUID 6b7ad651-8c48-462d-90db-07ed3d570118 which can be used as unique global reference for Microsoft DirSync in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-30T00:00:00Z
source MITRE
title Polling for Changes Using the DirSync Control

Polyglot Files: a Hacker’s best friend

Li, V. (2019, October 2). Polyglot Files: a Hacker’s best friend. Retrieved September 27, 2022.

Internal MISP references

UUID ea9c1fc9-41d7-5629-b714-62f9ecf70e3b which can be used as unique global reference for Polyglot Files: a Hacker’s best friend in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-27T00:00:00Z
date_published 2019-10-02T00:00:00Z
source MITRE
title Polyglot Files: a Hacker’s best friend

CheckPoint Redaman October 2019

Eisenkraft, K., Olshtein, A. (2019, October 17). Pony’s C&C servers hidden inside the Bitcoin blockchain. Retrieved June 15, 2020.

Internal MISP references

UUID ce64739e-1311-4e1b-8352-ff941786ff39 which can be used as unique global reference for CheckPoint Redaman October 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-15T00:00:00Z
date_published 2019-10-17T00:00:00Z
source MITRE
title Pony’s C&C servers hidden inside the Bitcoin blockchain

Kaspersky Poseidon Group

Kaspersky Lab's Global Research and Analysis Team. (2016, February 9). Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage. Retrieved March 16, 2016.

Internal MISP references

UUID e53bc63e-986f-4d48-a6b7-ed8e93494ed5 which can be used as unique global reference for Kaspersky Poseidon Group in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-16T00:00:00Z
date_published 2016-02-09T00:00:00Z
source MITRE, Tidal Cyber
title Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage

Breach Post-mortem SSH Hijack

Hodgson, M. (2019, May 8). Post-mortem and remediations for Apr 11 security incident. Retrieved February 17, 2020.

Internal MISP references

UUID f1d15b92-8840-45ae-b23d-0cba20fc22cc which can be used as unique global reference for Breach Post-mortem SSH Hijack in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-17T00:00:00Z
date_published 2019-05-08T00:00:00Z
source MITRE
title Post-mortem and remediations for Apr 11 security incident

Elastic Docs Potential Protocol Tunneling via EarthWorm

Elastic. (n.d.). Potential Protocol Tunneling via EarthWorm. Retrieved July 7, 2023.

Internal MISP references

UUID a02790a1-f7c5-43b6-bc7e-075b2c0aa791 which can be used as unique global reference for Elastic Docs Potential Protocol Tunneling via EarthWorm in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Potential Protocol Tunneling via EarthWorm

sus mofcomp

detection.fyi. (2023, October 28). Potential Suspicious Mofcomp Execution. Retrieved February 9, 2024.

Internal MISP references

UUID c0cdb878-ef43-570a-8d5b-d643ec01f435 which can be used as unique global reference for sus mofcomp in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-09T00:00:00Z
date_published 2023-10-28T00:00:00Z
source MITRE
title Potential Suspicious Mofcomp Execution

This is Security Command Line Confusion

B. Ancel. (2014, August 20). Poweliks – Command Line Confusion. Retrieved March 5, 2018.

Internal MISP references

UUID 49a21bba-b77d-4b0e-b666-20ef2826e92c which can be used as unique global reference for This is Security Command Line Confusion in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-05T00:00:00Z
date_published 2014-08-20T00:00:00Z
source MITRE
title Poweliks – Command Line Confusion

TrendMicro POWELIKS AUG 2014

Santos, R. (2014, August 1). POWELIKS: Malware Hides In Windows Registry. Retrieved August 9, 2018.

Internal MISP references

UUID 4a42df15-4d09-4f4f-8333-2b41356fdb80 which can be used as unique global reference for TrendMicro POWELIKS AUG 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-09T00:00:00Z
date_published 2014-08-01T00:00:00Z
source MITRE
title POWELIKS: Malware Hides In Windows Registry

Microsoft: Powercfg command-line options

Microsoft. (2021, December 15). Powercfg command-line options. Retrieved June 5, 2023.

Internal MISP references

UUID d9b5be77-5e44-5786-a683-82642b8dd8c9 which can be used as unique global reference for Microsoft: Powercfg command-line options in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-05T00:00:00Z
date_published 2021-12-15T00:00:00Z
source MITRE
title Powercfg command-line options

Volexity PowerDuke November 2016

Adair, S.. (2016, November 9). PowerDuke: Widespread Post-Election Spear Phishing Campaigns Targeting Think Tanks and NGOs. Retrieved January 11, 2017.

Internal MISP references

UUID 4026c055-6020-41bb-a4c8-54b308867023 which can be used as unique global reference for Volexity PowerDuke November 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-01-11T00:00:00Z
date_published 2016-11-09T00:00:00Z
source MITRE
title PowerDuke: Widespread Post-Election Spear Phishing Campaigns Targeting Think Tanks and NGOs

Cybereason PowerLess February 2022

Cybereason Nocturnus. (2022, February 1). PowerLess Trojan: Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage. Retrieved June 1, 2022.

Internal MISP references

UUID 095aaa25-b674-4313-bc4f-3227b00c0459 which can be used as unique global reference for Cybereason PowerLess February 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-01T00:00:00Z
date_published 2022-02-01T00:00:00Z
source MITRE
title PowerLess Trojan: Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage

MalwareTech Power Loader Aug 2013

MalwareTech. (2013, August 13). PowerLoader Injection – Something truly amazing. Retrieved December 16, 2017.

Internal MISP references

UUID 9a9a6ca1-d7c5-4385-924b-cdeffd66602e which can be used as unique global reference for MalwareTech Power Loader Aug 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-16T00:00:00Z
date_published 2013-08-13T00:00:00Z
source MITRE
title PowerLoader Injection – Something truly amazing

Powerpnt.exe - LOLBAS Project

LOLBAS. (2019, July 19). Powerpnt.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 23c48ab3-9426-4949-9a35-d1b9ecb4bb47 which can be used as unique global reference for Powerpnt.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2019-07-19T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Powerpnt.exe

Sophos PowerShell Command History Forensics

Vikas, S. (2020, August 26). PowerShell Command History Forensics. Retrieved September 4, 2020.

Internal MISP references

UUID 9cff28da-c379-49e7-b971-7dccc72054fc which can be used as unique global reference for Sophos PowerShell Command History Forensics in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-04T00:00:00Z
date_published 2020-08-26T00:00:00Z
source MITRE
title PowerShell Command History Forensics

Microsoft PowerShell CLM

PowerShell Team. (2017, November 2). PowerShell Constrained Language Mode. Retrieved March 27, 2023.

Internal MISP references

UUID d6eaa28f-f900-528a-bba0-560a37c90a98 which can be used as unique global reference for Microsoft PowerShell CLM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-27T00:00:00Z
date_published 2017-11-02T00:00:00Z
source MITRE
title PowerShell Constrained Language Mode

SensePost PS DDE May 2016

El-Sherei, S. (2016, May 20). PowerShell, C-Sharp and DDE The Power Within. Retrieved November 22, 2017.

Internal MISP references

UUID 28b3c105-8d64-4767-a735-d353d1fee756 which can be used as unique global reference for SensePost PS DDE May 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-22T00:00:00Z
date_published 2016-05-20T00:00:00Z
source MITRE
title PowerShell, C-Sharp and DDE The Power Within

Powersploit

PowerSploit. (n.d.). Retrieved December 4, 2014.

Internal MISP references

UUID 8e870f75-ed76-4898-bfbb-ad3c0c1ae0ca which can be used as unique global reference for Powersploit in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-04T00:00:00Z
source MITRE
title Powersploit

PowerShellMagazine PowerSploit July 2014

Graeber, M. (2014, July 8). PowerSploit. Retrieved February 6, 2018.

Internal MISP references

UUID 7765d4f7-bf2d-43b9-a87e-74114a092645 which can be used as unique global reference for PowerShellMagazine PowerSploit July 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-06T00:00:00Z
date_published 2014-07-08T00:00:00Z
source MITRE
title PowerSploit

PowerSploit Documentation

PowerSploit. (n.d.). PowerSploit. Retrieved February 6, 2018.

Internal MISP references

UUID 56628e55-94cd-4c5e-8f5a-34ffb7a45174 which can be used as unique global reference for PowerSploit Documentation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-06T00:00:00Z
source MITRE
title PowerSploit

GitHub PowerSploit May 2012

PowerShellMafia. (2012, May 26). PowerSploit - A PowerShell Post-Exploitation Framework. Retrieved February 6, 2018.

Internal MISP references

UUID ec3edb54-9f1b-401d-a265-cd8924e5cb2b which can be used as unique global reference for GitHub PowerSploit May 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-06T00:00:00Z
date_published 2012-05-26T00:00:00Z
source MITRE
title PowerSploit - A PowerShell Post-Exploitation Framework

byt3bl33d3r NTLM Relaying

Salvati, M. (2017, June 2). Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes). Retrieved February 7, 2019.

Internal MISP references

UUID 34deeec2-6edc-492c-bb35-5ccb1dc8e4df which can be used as unique global reference for byt3bl33d3r NTLM Relaying in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-07T00:00:00Z
date_published 2017-06-02T00:00:00Z
source MITRE
title Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes)

U.S. CISA Volt Typhoon February 7 2024

Cybersecurity and Infrastructure Security Agency. (2024, February 7). PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure. Retrieved February 9, 2024.

Internal MISP references

UUID c74f5ecf-8810-4670-b778-24171c078724 which can be used as unique global reference for U.S. CISA Volt Typhoon February 7 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-09T00:00:00Z
date_published 2024-02-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure

Zimbra Preauth

Zimbra. (2023, March 16). Preauth. Retrieved May 31, 2023.

Internal MISP references

UUID f8931e8d-9a03-5407-857a-2a1c5a895eed which can be used as unique global reference for Zimbra Preauth in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-31T00:00:00Z
date_published 2023-03-16T00:00:00Z
source MITRE
title Preauth

Microsoft Preauthentication Jul 2012

Microsoft. (2012, July 18). Preauthentication. Retrieved August 24, 2020.

Internal MISP references

UUID edaf08ec-0a56-480a-93ef-eb8038147e5c which can be used as unique global reference for Microsoft Preauthentication Jul 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-24T00:00:00Z
date_published 2012-07-18T00:00:00Z
source MITRE
title Preauthentication

Elastic Predicting DGA

Ahuja, A., Anderson, H., Grant, D., Woodbridge, J.. (2016, November 2). Predicting Domain Generation Algorithms with Long Short-Term Memory Networks. Retrieved April 26, 2019.

Internal MISP references

UUID 4462e71d-0373-4fc0-8cde-93a2972bedd5 which can be used as unique global reference for Elastic Predicting DGA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-26T00:00:00Z
date_published 2016-11-02T00:00:00Z
source MITRE
title Predicting Domain Generation Algorithms with Long Short-Term Memory Networks

WithSecure SystemBC May 10 2021

Callum Roxan, Sami Ruohonen. (2021, May 10). Prelude to Ransomware: SystemBC. Retrieved September 21, 2023.

Internal MISP references

UUID 4004e072-9e69-4e81-a2b7-840e106cf3d9 which can be used as unique global reference for WithSecure SystemBC May 10 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-21T00:00:00Z
date_published 2021-05-10T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Prelude to Ransomware: SystemBC

URI

Michael Cobb. (2007, October 11). Preparing for uniform resource identifier (URI) exploits. Retrieved February 9, 2024.

Internal MISP references

UUID 8bb388d4-b7d1-5778-b599-2ed42206b88b which can be used as unique global reference for URI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-09T00:00:00Z
date_published 2007-10-11T00:00:00Z
source MITRE
title Preparing for uniform resource identifier (URI) exploits

Presentationhost.exe - LOLBAS Project

LOLBAS. (2018, May 25). Presentationhost.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 37539e72-18f5-435a-a949-f9fa5991149a which can be used as unique global reference for Presentationhost.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Presentationhost.exe

Microsoft Sub Takeover 2020

Microsoft. (2020, September 29). Prevent dangling DNS entries and avoid subdomain takeover. Retrieved October 12, 2020.

Internal MISP references

UUID b8005a55-7e77-4dc1-abed-f75a0a3d8afb which can be used as unique global reference for Microsoft Sub Takeover 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-12T00:00:00Z
date_published 2020-09-29T00:00:00Z
source MITRE
title Prevent dangling DNS entries and avoid subdomain takeover

Microsoft Preventing SMB

Microsoft. (2020, March 10). Preventing SMB traffic from lateral connections and entering or leaving the network. Retrieved June 1, 2020.

Internal MISP references

UUID cd2fd958-63ce-4ac9-85e6-bb32f29d88b0 which can be used as unique global reference for Microsoft Preventing SMB in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-01T00:00:00Z
date_published 2020-03-10T00:00:00Z
source MITRE
title Preventing SMB traffic from lateral connections and entering or leaving the network

Palo Alto Prince of Persia

Bar, T., Conant, S., Efraim, L. (2016, June 28). Prince of Persia – Game Over. Retrieved July 5, 2017.

Internal MISP references

UUID e08bfc40-a580-4fa3-9531-d5e1bede374e which can be used as unique global reference for Palo Alto Prince of Persia in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-05T00:00:00Z
date_published 2016-06-28T00:00:00Z
source MITRE
title Prince of Persia – Game Over

PrintBrm.exe - LOLBAS Project

LOLBAS. (2021, June 21). PrintBrm.exe. Retrieved December 4, 2023.

Internal MISP references

UUID a7ab6f09-c22f-4627-afb1-c13a963efca5 which can be used as unique global reference for PrintBrm.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-06-21T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title PrintBrm.exe

Print.exe - LOLBAS Project

LOLBAS. (2018, May 25). Print.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 696ce89a-b3a1-4993-b30d-33a669a57031 which can be used as unique global reference for Print.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Print.exe

PrivateLoader: The first step in many malware schemes | Intel471

Intel471. (2022, February 8). PrivateLoader: The first step in many malware schemes. Retrieved May 15, 2023.

Internal MISP references

UUID c84be284-03ad-4674-94db-03f264f2db9f which can be used as unique global reference for PrivateLoader: The first step in many malware schemes | Intel471 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-15T00:00:00Z
date_published 2022-02-08T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title PrivateLoader: The first step in many malware schemes

Rhino Google Cloud Privilege Escalation

Spencer Gietzen. (n.d.). Privilege Escalation in Google Cloud Platform – Part 1 (IAM). Retrieved September 21, 2023.

Internal MISP references

UUID 55173e12-9edc-5685-ac0b-acd51617cc6e which can be used as unique global reference for Rhino Google Cloud Privilege Escalation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-21T00:00:00Z
source MITRE
title Privilege Escalation in Google Cloud Platform – Part 1 (IAM)

Rhingo Security Labs GCP Privilege Escalation

Spencer Gietzen. (n.d.). Privilege Escalation in Google Cloud Platform – Part 1 (IAM). Retrieved May 27, 2022.

Internal MISP references

UUID 55373476-1cbe-49f5-aecb-69d60b336d38 which can be used as unique global reference for Rhingo Security Labs GCP Privilege Escalation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-27T00:00:00Z
source MITRE
title Privilege Escalation in Google Cloud Platform – Part 1 (IAM)

FireEye APT19

Ahl, I. (2017, June 06). Privileges and Credentials: Phished at the Request of Counsel. Retrieved May 17, 2018.

Internal MISP references

UUID d75508b1-8b85-47c9-a087-bc64e8e4cb33 which can be used as unique global reference for FireEye APT19 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-17T00:00:00Z
date_published 2017-06-06T00:00:00Z
source MITRE
title Privileges and Credentials: Phished at the Request of Counsel

Anomali Static Kitten February 2021

Mele, G. et al. (2021, February 10). Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies. Retrieved March 17, 2021.

Internal MISP references

UUID 710ed789-de1f-4601-a8ba-32147827adcb which can be used as unique global reference for Anomali Static Kitten February 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-17T00:00:00Z
date_published 2021-02-10T00:00:00Z
source MITRE
title Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies

sus mofcomp dos

The DFIR Report. (2023, January 8). proc_creation_win_mofcomp_execution.yml. Retrieved February 9, 2024.

Internal MISP references

UUID f7c4e24f-b91e-574f-8b16-fb93295ef9d8 which can be used as unique global reference for sus mofcomp dos in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-09T00:00:00Z
date_published 2023-01-08T00:00:00Z
source MITRE
title proc_creation_win_mofcomp_execution.yml

Procdump.exe - LOLBAS Project

LOLBAS. (2020, October 14). Procdump.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 3e37fe71-71d0-424e-96ff-81070e2571ae which can be used as unique global reference for Procdump.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-10-14T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Procdump.exe

Microsoft Process Creation Flags May 2018

Schofield, M. & Satran, M. (2018, May 30). Process Creation Flags. Retrieved June 4, 2019.

Internal MISP references

UUID d4edd219-c91a-4ff1-8f22-10daa1057f29 which can be used as unique global reference for Microsoft Process Creation Flags May 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-04T00:00:00Z
date_published 2018-05-30T00:00:00Z
source MITRE
title Process Creation Flags

hasherezade Process Doppelgänging Dec 2017

hasherezade. (2017, December 18). Process Doppelgänging – a new way to impersonate a process. Retrieved December 20, 2017.

Internal MISP references

UUID b7a86159-7005-4b61-8b4e-a3dcd77c6a7d which can be used as unique global reference for hasherezade Process Doppelgänging Dec 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 2017-12-18T00:00:00Z
source MITRE
title Process Doppelgänging – a new way to impersonate a process

Microsoft Processes and Threads

Microsoft. (2018, May 31). Processes and Threads. Retrieved September 28, 2021.

Internal MISP references

UUID 250c689d-9a9c-4f02-8b99-ca43fbdaddae which can be used as unique global reference for Microsoft Processes and Threads in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-28T00:00:00Z
date_published 2018-05-31T00:00:00Z
source MITRE
title Processes and Threads

ProcessHacker Github

ProcessHacker. (2009, October 27). Process Hacker. Retrieved April 11, 2022.

Internal MISP references

UUID 3fc82a92-cfba-405d-b30e-22eba69ab1ee which can be used as unique global reference for ProcessHacker Github in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-11T00:00:00Z
date_published 2009-10-27T00:00:00Z
source MITRE
title Process Hacker

Leitch Hollowing

Leitch, J. (n.d.). Process Hollowing. Retrieved November 12, 2014.

Internal MISP references

UUID 8feb180a-bfad-42cb-b8ee-792c5088567a which can be used as unique global reference for Leitch Hollowing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
source MITRE
title Process Hollowing

Korean FSI TA505 2020

Financial Security Institute. (2020, February 28). Profiling of TA505 Threat Group That Continues to Attack the Financial Sector. Retrieved July 14, 2022.

Internal MISP references

UUID d4e2c109-341c-45b3-9d41-3eb980724524 which can be used as unique global reference for Korean FSI TA505 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-14T00:00:00Z
date_published 2020-02-28T00:00:00Z
source MITRE
title Profiling of TA505 Threat Group That Continues to Attack the Financial Sector

Microsoft Profiling Mar 2017

Microsoft. (2017, March 30). Profiling Overview. Retrieved June 24, 2020.

Internal MISP references

UUID eb0909ea-616c-4d79-b145-ee2f1ae539fb which can be used as unique global reference for Microsoft Profiling Mar 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-24T00:00:00Z
date_published 2017-03-30T00:00:00Z
source MITRE
title Profiling Overview

Microsoft Win32

Microsoft. (n.d.). Programming reference for the Win32 API. Retrieved March 15, 2020.

Internal MISP references

UUID 585b9975-3cfb-4485-a9eb-5eea337ebd3c which can be used as unique global reference for Microsoft Win32 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-15T00:00:00Z
source MITRE
title Programming reference for the Win32 API

CameraShy

ThreatConnect Inc. and Defense Group Inc. (DGI). (2015, September 23). Project CameraShy: Closing the Aperture on China's Unit 78020. Retrieved December 17, 2015.

Internal MISP references

UUID 9942b6a5-6ffb-4a26-9392-6c8bb9954997 which can be used as unique global reference for CameraShy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-12-17T00:00:00Z
date_published 2015-09-23T00:00:00Z
source MITRE, Tidal Cyber
title Project CameraShy: Closing the Aperture on China's Unit 78020

Unit 42 ProjectM March 2016

Falcone, R. and Conant S. (2016, March 25). ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe. Retrieved September 2, 2021.

Internal MISP references

UUID adee82e6-a74a-4a91-ab5a-97847b135ca3 which can be used as unique global reference for Unit 42 ProjectM March 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-02T00:00:00Z
date_published 2016-03-25T00:00:00Z
source MITRE
title ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe

Threatpost Sauron

Michael Mimoso. (2016, August 8). ProjectSauron APT On Par With Equation, Flame, Duqu. Retrieved January 10, 2024.

Internal MISP references

UUID 4d349f2f-c740-55c7-8e7b-b6957e382307 which can be used as unique global reference for Threatpost Sauron in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-10T00:00:00Z
date_published 2016-08-08T00:00:00Z
source MITRE
title ProjectSauron APT On Par With Equation, Flame, Duqu

Kaspersky ProjectSauron Blog

Kaspersky Lab's Global Research & Analysis Team. (2016, August 8). ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms. Retrieved August 17, 2016.

Internal MISP references

UUID baeaa632-3fa5-4d2b-9537-ccc7674fd7d6 which can be used as unique global reference for Kaspersky ProjectSauron Blog in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-17T00:00:00Z
date_published 2016-08-08T00:00:00Z
source MITRE, Tidal Cyber
title ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms

Kaspersky TajMahal April 2019

GReAT. (2019, April 10). Project TajMahal – a sophisticated new APT framework. Retrieved October 14, 2019.

Internal MISP references

UUID 1ed20522-52ae-4d0c-b42e-c680490958ac which can be used as unique global reference for Kaspersky TajMahal April 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-14T00:00:00Z
date_published 2019-04-10T00:00:00Z
source MITRE
title Project TajMahal – a sophisticated new APT framework

DarkReading FireEye FIN5 Oct 2015

Higgins, K. (2015, October 13). Prolific Cybercrime Gang Favors Legit Login Credentials. Retrieved October 4, 2017.

Internal MISP references

UUID afe0549d-dc1b-4bcf-9a1d-55698afd530e which can be used as unique global reference for DarkReading FireEye FIN5 Oct 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-10-04T00:00:00Z
date_published 2015-10-13T00:00:00Z
source MITRE
title Prolific Cybercrime Gang Favors Legit Login Credentials

Talos Promethium June 2020

Mercer, W. et al. (2020, June 29). PROMETHIUM extends global reach with StrongPity3 APT. Retrieved July 20, 2020.

Internal MISP references

UUID 188d990e-f0be-40f2-90f3-913dfe687d27 which can be used as unique global reference for Talos Promethium June 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-20T00:00:00Z
date_published 2020-06-29T00:00:00Z
source MITRE
title PROMETHIUM extends global reach with StrongPity3 APT

Intel471 Pro-Russian Hacktivist 2022

Intel471. (2022, September 14). Pro-Russian Hacktivist Groups Target Ukraine Supporters. Retrieved April 30, 2024.

Internal MISP references

UUID f51610a7-1323-4cc4-85ec-2ebdab2a2a50 which can be used as unique global reference for Intel471 Pro-Russian Hacktivist 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-30T00:00:00Z
date_published 2022-09-14T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Pro-Russian Hacktivist Groups Target Ukraine Supporters

TechNet Credential Guard

Lich, B. (2016, May 31). Protect derived domain credentials with Credential Guard. Retrieved June 1, 2016.

Internal MISP references

UUID d5b2446b-4685-490f-8181-1169cd049bee which can be used as unique global reference for TechNet Credential Guard in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-01T00:00:00Z
date_published 2016-05-31T00:00:00Z
source MITRE
title Protect derived domain credentials with Credential Guard

Microsoft Protected Users Security Group

Microsoft. (2016, October 12). Protected Users Security Group. Retrieved May 29, 2020.

Internal MISP references

UUID e6316ecd-da29-4928-a868-c9876badce62 which can be used as unique global reference for Microsoft Protected Users Security Group in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-29T00:00:00Z
date_published 2016-10-12T00:00:00Z
source MITRE
title Protected Users Security Group

CISA Remote Monitoring and Management Software

CISA. (n.d.). Protecting Against Malicious Use of Remote Monitoring and Management Software. Retrieved February 2, 2023.

Internal MISP references

UUID 1ee55a8c-9e9d-520a-a3d3-1d2da57e0265 which can be used as unique global reference for CISA Remote Monitoring and Management Software in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-02T00:00:00Z
source MITRE
title Protecting Against Malicious Use of Remote Monitoring and Management Software

Protecting Microsoft 365 From On-Premises Attacks

Microsoft. (2022, August 26). Protecting Microsoft 365 from on-premises attacks. Retrieved February 21, 2023.

Internal MISP references

UUID 95e19778-95ce-585a-892e-e6a8c20389f7 which can be used as unique global reference for Protecting Microsoft 365 From On-Premises Attacks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-21T00:00:00Z
date_published 2022-08-26T00:00:00Z
source MITRE
title Protecting Microsoft 365 from on-premises attacks

SANS PsExec

Pilkington, M. (2012, December 17). Protecting Privileged Domain Accounts: PsExec Deep-Dive. Retrieved August 17, 2016.

Internal MISP references

UUID a8d1e40d-b291-443c-86cc-edf6db00b898 which can be used as unique global reference for SANS PsExec in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-17T00:00:00Z
date_published 2012-12-17T00:00:00Z
source MITRE
title Protecting Privileged Domain Accounts: PsExec Deep-Dive

Docker Daemon Socket Protect

Docker. (n.d.). Protect the Docker Daemon Socket. Retrieved March 29, 2021.

Internal MISP references

UUID 48ce6b2c-57e7-4467-b0ea-3160ac46817e which can be used as unique global reference for Docker Daemon Socket Protect in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-29T00:00:00Z
source MITRE
title Protect the Docker Daemon Socket

Malwarebytes Emotet Dec 2017

Smith, A.. (2017, December 22). Protect your network from Emotet Trojan with Malwarebytes Endpoint Security. Retrieved January 17, 2019.

Internal MISP references

UUID 3642af0b-f14d-4860-a87c-fb57dc107a49 which can be used as unique global reference for Malwarebytes Emotet Dec 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-01-17T00:00:00Z
date_published 2017-12-22T00:00:00Z
source MITRE
title Protect your network from Emotet Trojan with Malwarebytes Endpoint Security

ProtocolHandler.exe - LOLBAS Project

LOLBAS. (2022, July 24). ProtocolHandler.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 1f678111-dfa3-4c06-9359-816b9ca12cd0 which can be used as unique global reference for ProtocolHandler.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-07-24T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title ProtocolHandler.exe

cybereason osx proton

Amit Serper. (2018, May 10). ProtonB What this Mac Malware Actually Does. Retrieved March 19, 2018.

Internal MISP references

UUID 9c43d646-9ac2-43b5-80b6-9e69dcb57617 which can be used as unique global reference for cybereason osx proton in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-19T00:00:00Z
date_published 2018-05-10T00:00:00Z
source MITRE
title ProtonB What this Mac Malware Actually Does

Provlaunch.exe - LOLBAS Project

LOLBAS. (2023, June 30). Provlaunch.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 56a57369-4707-4dff-ad23-431109f24233 which can be used as unique global reference for Provlaunch.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2023-06-30T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Provlaunch.exe

FBI Proxies Credential Stuffing

FBI. (2022, August 18). Proxies and Configurations Used for Credential Stuffing Attacks on Online Customer Accounts . Retrieved July 6, 2023.

Internal MISP references

UUID 17f9b7b0-3e1a-5d75-9030-da79fcccdb49 which can be used as unique global reference for FBI Proxies Credential Stuffing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-06T00:00:00Z
date_published 2022-08-18T00:00:00Z
source MITRE
title Proxies and Configurations Used for Credential Stuffing Attacks on Online Customer Accounts

Sysdig Proxyjacking

Crystal Morin. (2023, April 4). Proxyjacking has Entered the Chat. Retrieved July 6, 2023.

Internal MISP references

UUID 26562be2-cab6-5867-9a43-d8a59c663596 which can be used as unique global reference for Sysdig Proxyjacking in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-06T00:00:00Z
date_published 2023-04-04T00:00:00Z
source MITRE
title Proxyjacking has Entered the Chat

Password Protected Word Docs

Lawrence Abrams. (2017, July 12). PSA: Don't Open SPAM Containing Password Protected Word Docs. Retrieved January 5, 2022.

Internal MISP references

UUID fe6f3ee6-b0a4-4092-947b-48e02a9255c1 which can be used as unique global reference for Password Protected Word Docs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-05T00:00:00Z
date_published 2017-07-12T00:00:00Z
source MITRE
title PSA: Don't Open SPAM Containing Password Protected Word Docs

Github PSAttack

Haight, J. (2016, April 21). PS>Attack. Retrieved June 1, 2016.

Internal MISP references

UUID 929e37ed-c230-4517-a2ef-b7896bd3e4a2 which can be used as unique global reference for Github PSAttack in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-01T00:00:00Z
date_published 2016-04-21T00:00:00Z
source MITRE
title PS>Attack

PsExec Russinovich

Russinovich, M. (2004, June 28). PsExec. Retrieved December 17, 2015.

Internal MISP references

UUID d6216ce3-1e63-4bb1-b379-b530c8203a96 which can be used as unique global reference for PsExec Russinovich in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-12-17T00:00:00Z
date_published 2004-06-28T00:00:00Z
source MITRE
title PsExec

SANS UAC Bypass

Medin, T. (2013, August 8). PsExec UAC Bypass. Retrieved June 3, 2016.

Internal MISP references

UUID 824739ac-633a-40e0-bb01-2bfd43714d67 which can be used as unique global reference for SANS UAC Bypass in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-03T00:00:00Z
date_published 2013-08-08T00:00:00Z
source MITRE
title PsExec UAC Bypass

GitHub PSPKIAudit

HarmJ0y et al. (2021, June 16). PSPKIAudit. Retrieved August 2, 2022.

Internal MISP references

UUID ac3d5502-0ab9-446e-bf8c-22675f92f017 which can be used as unique global reference for GitHub PSPKIAudit in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-02T00:00:00Z
date_published 2021-06-16T00:00:00Z
source MITRE
title PSPKIAudit

Psr.exe - LOLBAS Project

LOLBAS. (2020, June 27). Psr.exe. Retrieved December 4, 2023.

Internal MISP references

UUID a00782cf-f6b2-4b63-9d8d-97efe17e11c0 which can be used as unique global reference for Psr.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-06-27T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Psr.exe

Microsoft PsSetCreateProcessNotifyRoutine routine

Microsoft. (n.d.). PsSetCreateProcessNotifyRoutine routine. Retrieved December 20, 2017.

Internal MISP references

UUID c407645d-1109-49a7-a4c0-51ec9cd54c8d which can be used as unique global reference for Microsoft PsSetCreateProcessNotifyRoutine routine in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
source MITRE
title PsSetCreateProcessNotifyRoutine routine

PTRACE man

Kerrisk, M. (2020, February 9). PTRACE(2) - Linux Programmer's Manual. Retrieved February 21, 2020.

Internal MISP references

UUID fc5e63e7-090a-441b-8e34-9946e1840b49 which can be used as unique global reference for PTRACE man in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-21T00:00:00Z
date_published 2020-02-09T00:00:00Z
source MITRE
title PTRACE(2) - Linux Programmer's Manual

Wikipedia Public Key Crypto

Wikipedia. (2017, June 29). Public-key cryptography. Retrieved July 5, 2017.

Internal MISP references

UUID 1b7514e7-477d-44a2-acee-d1819066dee4 which can be used as unique global reference for Wikipedia Public Key Crypto in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-05T00:00:00Z
date_published 2017-06-29T00:00:00Z
source MITRE
title Public-key cryptography

SingHealth Breach Jan 2019

Committee of Inquiry into the Cyber Attack on SingHealth. (2019, January 10). Public Report of the Committee of Inquiry into the Cyber Attack on Singapore Health Services Private Limited's Patient Database. Retrieved June 29, 2020.

Internal MISP references

UUID d1f699e3-7c9d-4a95-ad58-f46e665a4d37 which can be used as unique global reference for SingHealth Breach Jan 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-29T00:00:00Z
date_published 2019-01-10T00:00:00Z
source MITRE
title Public Report of the Committee of Inquiry into the Cyber Attack on Singapore Health Services Private Limited's Patient Database

pubprn

Jason Gerend. (2017, October 16). pubprn. Retrieved July 23, 2021.

Internal MISP references

UUID c845c67a-20ab-405c-95fe-2f667f83b886 which can be used as unique global reference for pubprn in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-07-23T00:00:00Z
date_published 2017-10-16T00:00:00Z
source MITRE
title pubprn

Pubprn.vbs - LOLBAS Project

LOLBAS. (2018, May 25). Pubprn.vbs. Retrieved December 4, 2023.

Internal MISP references

UUID d2b6b9fd-5f80-41c0-ac22-06b78c86a9e5 which can be used as unique global reference for Pubprn.vbs - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Pubprn.vbs

PaloAlto EncodedCommand March 2017

White, J. (2017, March 10). Pulling Back the Curtains on EncodedCommand PowerShell Attacks. Retrieved February 12, 2018.

Internal MISP references

UUID 069ef9af-3402-4b13-8c60-b397b0b0bfd7 which can be used as unique global reference for PaloAlto EncodedCommand March 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-12T00:00:00Z
date_published 2017-03-10T00:00:00Z
source MITRE
title Pulling Back the Curtains on EncodedCommand PowerShell Attacks

Anomali Linux Rabbit 2018

Anomali Labs. (2018, December 6). Pulling Linux Rabbit/Rabbot Malware Out of a Hat. Retrieved March 4, 2019.

Internal MISP references

UUID e843eb47-21b0-44b9-8065-02aea0a0b05f which can be used as unique global reference for Anomali Linux Rabbit 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-04T00:00:00Z
date_published 2018-12-06T00:00:00Z
source MITRE
title Pulling Linux Rabbit/Rabbot Malware Out of a Hat

anomali-linux-rabbit

Anomali Threat Research. (2018, December 6). Pulling Linux Rabbit/Rabbot Malware Out of a Hat. Retrieved December 17, 2020.

Internal MISP references

UUID ec413dc7-028c-4153-9e98-abe85961747f which can be used as unique global reference for anomali-linux-rabbit in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-17T00:00:00Z
date_published 2018-12-06T00:00:00Z
source MITRE
title Pulling Linux Rabbit/Rabbot Malware Out of a Hat

CrowdStrike PUNK SPIDER

CrowdStrike. (n.d.). Punk Spider. Retrieved February 20, 2024.

Internal MISP references

UUID a16f89a4-5142-559b-acfa-f69ad9410bd2 which can be used as unique global reference for CrowdStrike PUNK SPIDER in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-20T00:00:00Z
source MITRE
title Punk Spider

Menlo Security PureCrypter February 2023

Abhay Yadav. (2023, February 23). PureCrypter targets government entities through Discord. Retrieved May 10, 2023.

Internal MISP references

UUID 58b4eb62-4bdc-47fd-98b2-22dfff1b9dc3 which can be used as unique global reference for Menlo Security PureCrypter February 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-10T00:00:00Z
date_published 2023-02-23T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title PureCrypter targets government entities through Discord

BleepingComputer Snowflake June 11 2024

Sergiu Gatlan. (2024, June 11). Pure Storage confirms data breach after Snowflake account hack. Retrieved June 13, 2024.

Internal MISP references

UUID 410920f2-8e0f-437b-928f-0a7b19a6b96e which can be used as unique global reference for BleepingComputer Snowflake June 11 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-06-13T00:00:00Z
date_published 2024-06-11T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Pure Storage confirms data breach after Snowflake account hack

Free Trial PurpleUrchin

Gamazo, William. Quist, Nathaniel.. (2023, January 5). PurpleUrchin Bypasses CAPTCHA and Steals Cloud Platform Resources. Retrieved February 28, 2024.

Internal MISP references

UUID 841f397d-d103-56d7-9854-7ce43c684879 which can be used as unique global reference for Free Trial PurpleUrchin in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-28T00:00:00Z
date_published 2023-01-05T00:00:00Z
source MITRE
title PurpleUrchin Bypasses CAPTCHA and Steals Cloud Platform Resources

Cylance Putter Panda

Gross, J. and Walter, J.. (2016, January 12). Puttering into the Future.... Retrieved January 22, 2016.

Internal MISP references

UUID 058d6e8e-7ab9-4151-97de-1778ac95e18d which can be used as unique global reference for Cylance Putter Panda in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-22T00:00:00Z
date_published 2016-01-12T00:00:00Z
source MITRE
title Puttering into the Future...

Oddvar Moe ADS1 Jan 2018

Moe, O. (2018, January 14). Putting Data in Alternate Data Streams and How to Execute It. Retrieved June 30, 2018.

Internal MISP references

UUID 4a711970-870c-4710-9dbc-7cfebd2e315c which can be used as unique global reference for Oddvar Moe ADS1 Jan 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-06-30T00:00:00Z
date_published 2018-01-14T00:00:00Z
source MITRE
title Putting Data in Alternate Data Streams and How to Execute It

Oddvar Moe ADS2 Apr 2018

Moe, O. (2018, April 11). Putting Data in Alternate Data Streams and How to Execute It - Part 2. Retrieved June 30, 2018.

Internal MISP references

UUID b280f0c8-effe-45a4-a64a-a9a8b6ad2122 which can be used as unique global reference for Oddvar Moe ADS2 Apr 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-06-30T00:00:00Z
date_published 2018-04-11T00:00:00Z
source MITRE
title Putting Data in Alternate Data Streams and How to Execute It - Part 2

Moran RDPieces

Moran, B. (2020, November 18). Putting Together the RDPieces. Retrieved October 17, 2022.

Internal MISP references

UUID 794331fb-f1f2-4aaa-aae8-d1c4c95fb00f which can be used as unique global reference for Moran RDPieces in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-10-17T00:00:00Z
date_published 2020-11-18T00:00:00Z
source MITRE
title Putting Together the RDPieces

PuTTY Download Page

PuTTY. (n.d.). PuTTY Download Page. Retrieved November 16, 2023.

Internal MISP references

UUID bf278270-128e-483b-9f09-ce24f5f6ed80 which can be used as unique global reference for PuTTY Download Page in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title PuTTY Download Page

Wikipedia pwdump

Wikipedia. (2007, August 9). pwdump. Retrieved June 22, 2016.

Internal MISP references

UUID 6a1a1ae1-a587-41f5-945f-011d6808e5b8 which can be used as unique global reference for Wikipedia pwdump in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-22T00:00:00Z
date_published 2007-08-09T00:00:00Z
source MITRE
title pwdump

DFIR Pysa Nov 2020

THe DFIR Report. (2020, November 23). PYSA/Mespinoza Ransomware. Retrieved March 17, 2021.

Internal MISP references

UUID a00ae87e-6e64-4f1c-8639-adca436c217e which can be used as unique global reference for DFIR Pysa Nov 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-17T00:00:00Z
date_published 2020-11-23T00:00:00Z
source MITRE
title PYSA/Mespinoza Ransomware

NHS Digital Pysa Oct 2020

NHS Digital. (2020, October 10). Pysa Ransomware: Another 'big-game hunter' ransomware. Retrieved March 17, 2021.

Internal MISP references

UUID 5a853dfb-d935-4d85-a5bf-0ab5279fd32e which can be used as unique global reference for NHS Digital Pysa Oct 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-17T00:00:00Z
date_published 2020-10-10T00:00:00Z
source MITRE
title Pysa Ransomware: Another 'big-game hunter' ransomware

oletools toolkit

decalage2. (2019, December 3). python-oletools. Retrieved September 18, 2020.

Internal MISP references

UUID 9036fac0-dca8-4956-b0b4-469801adad28 which can be used as unique global reference for oletools toolkit in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-18T00:00:00Z
date_published 2019-12-03T00:00:00Z
source MITRE
title python-oletools

GitHub PoshC2

Nettitude. (2018, July 23). Python Server for PoshC2. Retrieved April 23, 2019.

Internal MISP references

UUID 45e79c0e-a2f6-4b56-b621-4142756bd1b1 which can be used as unique global reference for GitHub PoshC2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-23T00:00:00Z
date_published 2018-07-23T00:00:00Z
source MITRE
title Python Server for PoshC2

Trend Micro Qakbot December 2020

Trend Micro. (2020, December 17). QAKBOT: A decade-old malware still with new tricks. Retrieved September 27, 2021.

Internal MISP references

UUID c061ce45-1452-4c11-9586-bd5eb2d718ab which can be used as unique global reference for Trend Micro Qakbot December 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-27T00:00:00Z
date_published 2020-12-17T00:00:00Z
source MITRE
title QAKBOT: A decade-old malware still with new tricks

Cyberint Qakbot May 2021

Cyberint. (2021, May 25). Qakbot Banking Trojan. Retrieved September 27, 2021.

Internal MISP references

UUID 1baeac94-9168-4813-ab72-72e609250745 which can be used as unique global reference for Cyberint Qakbot May 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-27T00:00:00Z
date_published 2021-05-25T00:00:00Z
source MITRE
title Qakbot Banking Trojan

Kroll Qakbot June 2020

Sette, N. et al. (2020, June 4). Qakbot Malware Now Exfiltrating Emails for Sophisticated Thread Hijacking Attacks. Retrieved September 27, 2021.

Internal MISP references

UUID 716960fd-c22d-42af-ba9b-295fee02657f which can be used as unique global reference for Kroll Qakbot June 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-27T00:00:00Z
date_published 2020-06-04T00:00:00Z
source MITRE
title Qakbot Malware Now Exfiltrating Emails for Sophisticated Thread Hijacking Attacks

Trend Micro Qakbot May 2020

Mendoza, E. et al. (2020, May 25). Qakbot Resurges, Spreads through VBS Files. Retrieved September 27, 2021.

Internal MISP references

UUID e2791c37-e149-43e7-b7c3-c91a6d1bc91e which can be used as unique global reference for Trend Micro Qakbot May 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-27T00:00:00Z
date_published 2020-05-25T00:00:00Z
source MITRE
title Qakbot Resurges, Spreads through VBS Files

K7 QakBot Returns January 4 2024

Saikumaravel. (2024, January 4). Qakbot Returns. Retrieved January 24, 2024.

Internal MISP references

UUID 5cb5e645-b77b-4bd1-a742-c8f53f234713 which can be used as unique global reference for K7 QakBot Returns January 4 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-24T00:00:00Z
date_published 2024-01-04T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Qakbot Returns

Kaspersky QakBot September 2021

Kuzmenko, A. et al. (2021, September 2). QakBot technical analysis. Retrieved September 27, 2021.

Internal MISP references

UUID f40cabe3-a324-4b4d-8e95-25c036dbd8b5 which can be used as unique global reference for Kaspersky QakBot September 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-27T00:00:00Z
date_published 2021-09-02T00:00:00Z
source MITRE
title QakBot technical analysis

Red Canary Qbot

Rainey, K. (n.d.). Qbot. Retrieved September 27, 2021.

Internal MISP references

UUID 6e4960e7-ae5e-4b68-ac85-4bd84e940634 which can be used as unique global reference for Red Canary Qbot in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-27T00:00:00Z
source MITRE
title Qbot

qr-phish-agriculture

Tim Bedard and Tyler Johnson. (2023, October 4). QR Code Scams & Phishing. Retrieved November 27, 2023.

Internal MISP references

UUID 58df8729-ab42-55ee-a27d-655644bdeb0d which can be used as unique global reference for qr-phish-agriculture in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-27T00:00:00Z
date_published 2023-10-04T00:00:00Z
source MITRE
title QR Code Scams & Phishing

TheEclecticLightCompany Quarantine and the flag

hoakley. (2020, October 29). Quarantine and the quarantine flag. Retrieved September 13, 2021.

Internal MISP references

UUID 7cce88cc-fbfb-43e1-a330-ac55bce9e394 which can be used as unique global reference for TheEclecticLightCompany Quarantine and the flag in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-13T00:00:00Z
date_published 2020-10-29T00:00:00Z
source MITRE
title Quarantine and the quarantine flag

GitHub QuasarRAT

MaxXor. (n.d.). QuasarRAT. Retrieved July 10, 2018.

Internal MISP references

UUID c87e4427-af97-4e93-9596-ad5a588aa171 which can be used as unique global reference for GitHub QuasarRAT in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-10T00:00:00Z
source MITRE
title QuasarRAT

0DAY IN {REA_TEAM} Pikabot January 6 2024

0DAY IN {REA_TEAM}. (2024, January 6). [QuickNote] Technical Analysis of recent Pikabot Core Module. Retrieved January 11, 2024.

Internal MISP references

UUID 08ec9726-5a1d-4b2e-82d5-a5a9e7e917ae which can be used as unique global reference for 0DAY IN {REA_TEAM} Pikabot January 6 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-11T00:00:00Z
date_published 2024-01-06T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title [QuickNote] Technical Analysis of recent Pikabot Core Module

DidierStevens SelectMyParent Nov 2009

Stevens, D. (2009, November 22). Quickpost: SelectMyParent or Playing With the Windows Process Tree. Retrieved June 3, 2019.

Internal MISP references

UUID 1fee31b0-2d9c-4c02-b494-d3a6b80f12f3 which can be used as unique global reference for DidierStevens SelectMyParent Nov 2009 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-03T00:00:00Z
date_published 2009-11-22T00:00:00Z
source MITRE
title Quickpost: SelectMyParent or Playing With the Windows Process Tree

Microsoft - Azure AD App Registration - May 2019

Microsoft. (2019, May 8). Quickstart: Register an application with the Microsoft identity platform. Retrieved September 12, 2019.

Internal MISP references

UUID 36a06c99-55ca-4163-9450-c3b84ae10039 which can be used as unique global reference for Microsoft - Azure AD App Registration - May 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-12T00:00:00Z
date_published 2019-05-08T00:00:00Z
source MITRE
title Quickstart: Register an application with the Microsoft identity platform

Microsoft Azure Key Vault

Microsoft. (2023, January 13). Quickstart: Set and retrieve a secret from Azure Key Vault using Azure CLI. Retrieved September 25, 2023.

Internal MISP references

UUID 8f076aae-38c0-5335-9f7a-1e29b90fc33f which can be used as unique global reference for Microsoft Azure Key Vault in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-25T00:00:00Z
date_published 2023-01-13T00:00:00Z
source MITRE
title Quickstart: Set and retrieve a secret from Azure Key Vault using Azure CLI

Google Command Center Dashboard

Google. (2019, October 3). Quickstart: Using the dashboard. Retrieved October 8, 2019.

Internal MISP references

UUID a470fe2a-40ce-4060-8dfc-2cdb56bbc18b which can be used as unique global reference for Google Command Center Dashboard in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-08T00:00:00Z
date_published 2019-10-03T00:00:00Z
source MITRE
title Quickstart: Using the dashboard

Trend Micro R980 2016

Antazo, F. and Yambao, M. (2016, August 10). R980 Ransomware Found Abusing Disposable Email Address Service. Retrieved October 13, 2020.

Internal MISP references

UUID 6afd89ba-2f51-4192-82b3-d961cc86adf1 which can be used as unique global reference for Trend Micro R980 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-13T00:00:00Z
date_published 2016-08-10T00:00:00Z
source MITRE
title R980 Ransomware Found Abusing Disposable Email Address Service

Costa AvosLocker May 2022

Costa, F. (2022, May 1). RaaS AvosLocker Incident Response Analysis. Retrieved January 11, 2023.

Internal MISP references

UUID a94268d8-6b7c-574b-a588-d8fd80c27fd3 which can be used as unique global reference for Costa AvosLocker May 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-01-11T00:00:00Z
date_published 2022-05-01T00:00:00Z
source MITRE
title RaaS AvosLocker Incident Response Analysis

Sekoia.io Raccoon Stealer June 28 2022

Quentin Bourgue, Pierre Le Bourhis, Threat & Detection Research Team - TDR. (2022, June 28). Raccoon Stealer v2 – Part 1: The return of the dead. Retrieved November 16, 2023.

Internal MISP references

UUID df0c9cbd-8692-497e-9f81-cf9e44a3a5cd which can be used as unique global reference for Sekoia.io Raccoon Stealer June 28 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-16T00:00:00Z
date_published 2022-06-28T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Raccoon Stealer v2 – Part 1: The return of the dead

DOJ Iran Indictments March 2018

DOJ. (2018, March 23). U.S. v. Rafatnejad et al . Retrieved February 3, 2021.

Internal MISP references

UUID 7dfdccd5-d035-4678-89c1-f5f1630d7a79 which can be used as unique global reference for DOJ Iran Indictments March 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-03T00:00:00Z
source MITRE
title Rafatnejad et al

Sophos Ragnar May 2020

SophosLabs. (2020, May 21). Ragnar Locker ransomware deploys virtual machine to dodge security. Retrieved June 29, 2020.

Internal MISP references

UUID 04ed6dc0-45c2-4e36-8ec7-a75f6f715f0a which can be used as unique global reference for Sophos Ragnar May 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-29T00:00:00Z
date_published 2020-05-21T00:00:00Z
source MITRE
title Ragnar Locker ransomware deploys virtual machine to dodge security

GitHub Raindance

Stringer, M.. (2018, November 21). RainDance. Retrieved October 6, 2019.

Internal MISP references

UUID 321bba10-06c6-4c4f-a3e0-318561fa0fed which can be used as unique global reference for GitHub Raindance in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-06T00:00:00Z
date_published 2018-11-21T00:00:00Z
source MITRE
title RainDance

Symantec RAINDROP January 2021

Symantec Threat Hunter Team. (2021, January 18). Raindrop: New Malware Discovered in SolarWinds Investigation. Retrieved January 19, 2021.

Internal MISP references

UUID 9185092d-3d99-466d-b885-f4e76fe74b6b which can be used as unique global reference for Symantec RAINDROP January 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-19T00:00:00Z
date_published 2021-01-18T00:00:00Z
source MITRE
title Raindrop: New Malware Discovered in SolarWinds Investigation

Eset Ramsay May 2020

Sanmillan, I.. (2020, May 13). Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks. Retrieved May 27, 2020.

Internal MISP references

UUID 3c149b0b-f37c-4d4e-aa61-351c87fd57ce which can be used as unique global reference for Eset Ramsay May 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-27T00:00:00Z
date_published 2020-05-13T00:00:00Z
source MITRE
title Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks

Rancor WMI

Jen Miller-Osborn and Mike Harbison. (2019, December 17). Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia. Retrieved February 9, 2024.

Internal MISP references

UUID 462b8752-aa21-50d1-a21d-c9945373f37c which can be used as unique global reference for Rancor WMI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-09T00:00:00Z
date_published 2019-12-17T00:00:00Z
source MITRE
title Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia

Rancor Unit42 June 2018

Ash, B., et al. (2018, June 26). RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families. Retrieved July 2, 2018.

Internal MISP references

UUID 45098a85-a61f-491a-a549-f62b02dc2ecd which can be used as unique global reference for Rancor Unit42 June 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-02T00:00:00Z
date_published 2018-06-26T00:00:00Z
source MITRE, Tidal Cyber
title RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families

BroadcomSW June 5 2024

Threat Hunter Team Symantec. (2024, June 5). RansomHub New Ransomware has Origins in Older Knight. Retrieved June 7, 2024.

Internal MISP references

UUID 3fa49490-cb22-4362-bf48-eaba9e83e6f5 which can be used as unique global reference for BroadcomSW June 5 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-06-07T00:00:00Z
date_published 2024-06-05T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title RansomHub New Ransomware has Origins in Older Knight

FBI-ransomware

FBI. (n.d.). Ransomware. Retrieved August 18, 2023.

Internal MISP references

UUID 54e296c9-edcc-5af7-99be-b118da29711f which can be used as unique global reference for FBI-ransomware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-18T00:00:00Z
source MITRE
title Ransomware

Singleton, C. and Kiefer, C. (2020, September 28). Ransomware 2020: Attack Trends Affecting Organizations Worldwide. Retrieved September 20, 2021.

Internal MISP references

UUID eb767436-4a96-4e28-bd34-944842d7593e which can be used as unique global reference for IBM Ransomware Trends September 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-20T00:00:00Z
date_published 2020-09-28T00:00:00Z
source MITRE
title Ransomware 2020: Attack Trends Affecting Organizations Worldwide

DHS/CISA Ransomware Targeting Healthcare October 2020

DHS/CISA. (2020, October 28). Ransomware Activity Targeting the Healthcare and Public Health Sector. Retrieved October 28, 2020.

Internal MISP references

UUID 984e86e6-32e4-493c-8172-3d29de4720cc which can be used as unique global reference for DHS/CISA Ransomware Targeting Healthcare October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-28T00:00:00Z
date_published 2020-10-28T00:00:00Z
source MITRE, Tidal Cyber
title Ransomware Activity Targeting the Healthcare and Public Health Sector

FireEye Ransomware Disrupt Industrial Production

Zafra, D. Lunden, K. Brubaker, N. Kennelly, J.. (2020, February 24). Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT. Retrieved February 9, 2021.

Internal MISP references

UUID 9ffa0f35-98e4-4265-8b66-9c805a2b6525 which can be used as unique global reference for FireEye Ransomware Disrupt Industrial Production in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-09T00:00:00Z
date_published 2020-02-24T00:00:00Z
source MITRE
title Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT

FireEye Ransomware Feb 2020

Zafra, D., et al. (2020, February 24). Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT. Retrieved March 2, 2021.

Internal MISP references

UUID 44856547-2de5-45ff-898f-a523095bd593 which can be used as unique global reference for FireEye Ransomware Feb 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-02T00:00:00Z
date_published 2020-02-24T00:00:00Z
source MITRE
title Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT

Check Point Pay2Key November 2020

Check Point. (2020, November 6). Ransomware Alert: Pay2Key. Retrieved January 4, 2021.

Internal MISP references

UUID e4ea263d-f70e-4f9c-92a1-cb0e565a5ae9 which can be used as unique global reference for Check Point Pay2Key November 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-04T00:00:00Z
date_published 2020-11-06T00:00:00Z
source MITRE
title Ransomware Alert: Pay2Key

Microsoft Ransomware as a Service

Microsoft. (2022, May 9). Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself. Retrieved March 10, 2023.

Internal MISP references

UUID 833018b5-6ef6-5327-9af5-1a551df25cd2 which can be used as unique global reference for Microsoft Ransomware as a Service in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-10T00:00:00Z
date_published 2022-05-09T00:00:00Z
source MITRE
title Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself

Www.invictus-ir.com 1 11 2024

Www.invictus-ir.com. (2024, January 11). Ransomware in the cloud. Retrieved April 17, 2024.

Internal MISP references

UUID 5e2a0756-d8f6-4359-9ca3-1e96fb8b5ac9 which can be used as unique global reference for Www.invictus-ir.com 1 11 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-17T00:00:00Z
date_published 2024-01-11T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Ransomware in the cloud

McAfee Maze March 2020

Mundo, A. (2020, March 26). Ransomware Maze. Retrieved May 18, 2020.

Internal MISP references

UUID 627a14dd-5300-4f58-869c-0ec91ffb664e which can be used as unique global reference for McAfee Maze March 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-18T00:00:00Z
date_published 2020-03-26T00:00:00Z
source MITRE
title Ransomware Maze

Sophos SystemBC December 16 2020

Sivagnanam Gn, Sean Gallagher. (2020, December 16). Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor. Retrieved September 21, 2023.

Internal MISP references

UUID eca1301f-deeb-4a97-8c4e-e61210706116 which can be used as unique global reference for Sophos SystemBC December 16 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-21T00:00:00Z
date_published 2020-12-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor

Fortinet Play Ransomware December 22 2022

Shunichi Imano, James Slaughter. (2022, December 22). Ransomware Roundup – Play. Retrieved August 10, 2023.

Internal MISP references

UUID a3fa463f-dd2f-4d23-8834-c428d90ea09b which can be used as unique global reference for Fortinet Play Ransomware December 22 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-10T00:00:00Z
date_published 2022-12-22T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Ransomware Roundup – Play

TrendMicro Akira October 5 2023

Trend Micro Research. (2023, October 5). Ransomware Spotlight: Akira. Retrieved February 27, 2024.

Internal MISP references

UUID 8f45fb21-c6ad-4b97-b459-da96eb643069 which can be used as unique global reference for TrendMicro Akira October 5 2023 in MISP communities and other software using the MISP galaxy

External references
  • http:/www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-akira
Associated metadata
Metadata key Value
date_accessed 2024-02-27T00:00:00Z
date_published 2023-10-05T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Ransomware Spotlight: Akira

Trend Micro AvosLocker Apr 2022

Trend Micro Research. (2022, April 4). Ransomware Spotlight AvosLocker. Retrieved January 11, 2023.

Internal MISP references

UUID 01fdc732-0951-59e2-afaf-5fe761357e7f which can be used as unique global reference for Trend Micro AvosLocker Apr 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-01-11T00:00:00Z
date_published 2022-04-04T00:00:00Z
source MITRE
title Ransomware Spotlight AvosLocker

Trend Micro Black Basta Spotlight September 2022

Trend Micro. (2022, September 1). Ransomware Spotlight Black Basta. Retrieved March 8, 2023.

Internal MISP references

UUID 1f2942ab-e6a9-5a50-b266-3436c8c0b5ec which can be used as unique global reference for Trend Micro Black Basta Spotlight September 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-08T00:00:00Z
date_published 2022-09-01T00:00:00Z
source MITRE
title Ransomware Spotlight Black Basta

Trend Micro BlackCat October 27 2022

Trend Micro Research. (2022, October 27). Ransomware Spotlight: BlackCat. Retrieved March 5, 2024.

Internal MISP references

UUID 94aef206-b4cb-4d91-9843-96cf50af157c which can be used as unique global reference for Trend Micro BlackCat October 27 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-05T00:00:00Z
date_published 2022-10-27T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Ransomware Spotlight: BlackCat

Trend Micro LockBit Spotlight February 08 2023

Trend Micro Research. (2022, February 8). Ransomware Spotlight: LockBit. Retrieved August 18, 2023.

Internal MISP references

UUID f72dade0-ec82-40e7-96a0-9f124d59bd35 which can be used as unique global reference for Trend Micro LockBit Spotlight February 08 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-18T00:00:00Z
date_published 2022-02-08T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Ransomware Spotlight: LockBit

Trend Micro Play Spotlight July 21 2023

Trend Micro Research. (2023, July 21). Ransomware Spotlight: Play. Retrieved August 10, 2023.

Internal MISP references

UUID 6cf9c6f0-7818-45dd-9afc-f69e394c23e4 which can be used as unique global reference for Trend Micro Play Spotlight July 21 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-10T00:00:00Z
date_published 2023-07-21T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Ransomware Spotlight: Play

Group IB Ransomware May 2020

Group IB. (2020, May). Ransomware Uncovered: Attackers’ Latest Methods. Retrieved August 5, 2020.

Internal MISP references

UUID 18d20965-f1f4-439f-a4a3-34437ad1fe14 which can be used as unique global reference for Group IB Ransomware May 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-05T00:00:00Z
date_published 2020-05-01T00:00:00Z
source MITRE
title Ransomware Uncovered: Attackers’ Latest Methods

GitHub ransomwatch

joshhighet. (n.d.). ransomwatch. Retrieved June 30, 2023.

Internal MISP references

UUID 62037959-58e4-475a-bb91-ff360d20c1d7 which can be used as unique global reference for GitHub ransomwatch in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-30T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title ransomwatch

PyPI RAR

mkz. (2020). rarfile 3.1. Retrieved February 20, 2020.

Internal MISP references

UUID e40d1cc8-b8c7-4f43-b6a7-c50a4f7bf1f0 which can be used as unique global reference for PyPI RAR in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-20T00:00:00Z
date_published 2020-01-01T00:00:00Z
source MITRE
title rarfile 3.1

WinRAR Homepage

A. Roshal. (2020). RARLAB. Retrieved February 20, 2020.

Internal MISP references

UUID c1334e4f-67c8-451f-b50a-86003f6e3d3b which can be used as unique global reference for WinRAR Homepage in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-20T00:00:00Z
date_published 2020-01-01T00:00:00Z
source MITRE
title RARLAB

Aquino RARSTONE

Aquino, M. (2013, June 13). RARSTONE Found In Targeted Attacks. Retrieved December 17, 2015.

Internal MISP references

UUID 2327592e-4e8a-481e-bdf9-d548c776adee which can be used as unique global reference for Aquino RARSTONE in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-12-17T00:00:00Z
date_published 2013-06-13T00:00:00Z
source MITRE
title RARSTONE Found In Targeted Attacks

Rasautou.exe - LOLBAS Project

LOLBAS. (2020, January 10). Rasautou.exe. Retrieved December 4, 2023.

Internal MISP references

UUID dc299f7a-403b-4a22-9386-0be3e160d185 which can be used as unique global reference for Rasautou.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-01-10T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Rasautou.exe

Red Canary Raspberry Robin May 2022

Lauren Podber, Stef Rand. (2022, May 5). Raspberry Robin gets the worm early. Retrieved May 19, 2023.

Internal MISP references

UUID fb04d89a-3f39-48be-b986-9c4eac4dd8a4 which can be used as unique global reference for Red Canary Raspberry Robin May 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-19T00:00:00Z
date_published 2022-05-05T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Raspberry Robin gets the worm early

Microsoft Security Raspberry Robin October 2022

Microsoft Threat Intelligence. (2022, October 27). Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity. Retrieved May 19, 2023.

Internal MISP references

UUID 8017e42a-8373-4d24-8d89-638a925b704b which can be used as unique global reference for Microsoft Security Raspberry Robin October 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-19T00:00:00Z
date_published 2022-10-27T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity

Dragos Raspite Aug 2018

Dragos, Inc. (2018, August 2). RASPITE. Retrieved November 26, 2018.

Internal MISP references

UUID bf4ccd52-0a03-41b6-bde7-34ead90171c3 which can be used as unique global reference for Dragos Raspite Aug 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-26T00:00:00Z
date_published 2018-08-02T00:00:00Z
source MITRE
title RASPITE

RATANKBA

Trend Micro. (2017, February 27). RATANKBA: Delving into Large-scale Watering Holes against Enterprises. Retrieved May 22, 2018.

Internal MISP references

UUID 7d08ec64-7fb8-4520-b26b-95b0dee891fe which can be used as unique global reference for RATANKBA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-22T00:00:00Z
date_published 2017-02-27T00:00:00Z
source MITRE
title RATANKBA: Delving into Large-scale Watering Holes against Enterprises

TrendMicro RawPOS April 2015

TrendLabs Security Intelligence Blog. (2015, April). RawPOS Technical Brief. Retrieved October 4, 2017.

Internal MISP references

UUID e483ed86-713b-42c6-ad77-e9b889bbcb81 which can be used as unique global reference for TrendMicro RawPOS April 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-10-04T00:00:00Z
date_published 2015-04-01T00:00:00Z
source MITRE
title RawPOS Technical Brief

Rclone

Nick Craig-Wood. (n.d.). Rclone syncs your files to cloud storage. Retrieved August 30, 2022.

Internal MISP references

UUID 3c7824de-d958-4254-beec-bc4e5ab989b0 which can be used as unique global reference for Rclone in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-30T00:00:00Z
source MITRE
title Rclone syncs your files to cloud storage

Rclone Wars

Justin Schoenfeld and Aaron Didier. (2021, May 4). Rclone Wars: Transferring leverage in a ransomware attack. Retrieved August 30, 2022.

Internal MISP references

UUID d47e5f7c-cf70-4f7c-ac83-57e4e1187485 which can be used as unique global reference for Rclone Wars in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-30T00:00:00Z
date_published 2021-05-04T00:00:00Z
source MITRE
title Rclone Wars: Transferring leverage in a ransomware attack

rcsi.exe - LOLBAS Project

LOLBAS. (2018, May 25). rcsi.exe. Retrieved December 4, 2023.

Internal MISP references

UUID dc02058a-7ed3-4253-a976-6f99b9e91406 which can be used as unique global reference for rcsi.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title rcsi.exe

RDP Hijacking Medium

Beaumont, K. (2017, March 19). RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an organisation. Retrieved December 11, 2017.

Internal MISP references

UUID 0a615508-c155-4004-86b8-916bbfd8ae42 which can be used as unique global reference for RDP Hijacking Medium in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-11T00:00:00Z
date_published 2017-03-19T00:00:00Z
source MITRE
title RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an organisation

RDPWrap Github

Stas'M Corp. (2014, October 22). RDP Wrapper Library by Stas'M. Retrieved March 28, 2022.

Internal MISP references

UUID 777a0a6f-3684-4888-ae1b-adc386be763a which can be used as unique global reference for RDPWrap Github in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-28T00:00:00Z
date_published 2014-10-22T00:00:00Z
source MITRE
title RDP Wrapper Library by Stas'M

rdrleakdiag.exe - LOLBAS Project

LOLBAS. (2022, May 18). rdrleakdiag.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 1feff728-2230-4a45-bd64-6093f8b42646 which can be used as unique global reference for rdrleakdiag.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-05-18T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title rdrleakdiag.exe

blog.vincss.net 1 13 2021

Yến Hứa. (2021, January 13). [RE019] From A to X analyzing some real cases which used recent Emotet samples. Retrieved February 27, 2024.

Internal MISP references

UUID 1ebae9fa-bab1-4a26-8d49-ae6778fdf094 which can be used as unique global reference for blog.vincss.net 1 13 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-27T00:00:00Z
date_published 2021-01-13T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title [RE019] From A to X analyzing some real cases which used recent Emotet samples

ESET RTM Feb 2017

Faou, M. and Boutin, J. (2017, February). Read The Manual: A Guide to the RTM Banking Trojan. Retrieved March 9, 2017.

Internal MISP references

UUID ab2cced7-05b8-4788-8d3c-8eadb0aaf38c which can be used as unique global reference for ESET RTM Feb 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-09T00:00:00Z
date_published 2017-02-01T00:00:00Z
source MITRE, Tidal Cyber
title Read The Manual: A Guide to the RTM Banking Trojan

FireEye Sunshop Campaign May 2013

Moran, N. (2013, May 20). Ready for Summer: The Sunshop Campaign. Retrieved March 19, 2018.

Internal MISP references

UUID ec246c7a-3396-46f9-acc4-a100cb5e5fe6 which can be used as unique global reference for FireEye Sunshop Campaign May 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-19T00:00:00Z
date_published 2013-05-20T00:00:00Z
source MITRE
title Ready for Summer: The Sunshop Campaign

Mandiant golang stripped binaries explanation

STEPHEN ECKELS. (2022, February 28). Ready, Set, Go — Golang Internals and Symbol Recovery. Retrieved September 29, 2022.

Internal MISP references

UUID 60eb0109-9655-41ab-bf76-37b17bf9594a which can be used as unique global reference for Mandiant golang stripped binaries explanation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-29T00:00:00Z
date_published 2022-02-28T00:00:00Z
source MITRE
title Ready, Set, Go — Golang Internals and Symbol Recovery

reagentc_cmd

Microsoft, EliotSeattle, et al. (2022, August 18). REAgentC command-line options. Retrieved October 19, 2022.

Internal MISP references

UUID d26c830b-c196-5503-bf8c-4cfe90a6e7e5 which can be used as unique global reference for reagentc_cmd in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-10-19T00:00:00Z
date_published 2022-08-18T00:00:00Z
source MITRE
title REAgentC command-line options

Microsoft DART Case Report 001

Berk Veral. (2020, March 9). Real-life cybercrime stories from DART, the Microsoft Detection and Response Team. Retrieved May 27, 2022.

Internal MISP references

UUID bd8c6a86-1a63-49cd-a97f-3d119e4223d4 which can be used as unique global reference for Microsoft DART Case Report 001 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-27T00:00:00Z
date_published 2020-03-09T00:00:00Z
source MITRE
title Real-life cybercrime stories from DART, the Microsoft Detection and Response Team

Sans ARP Spoofing Aug 2003

Siles, R. (2003, August). Real World ARP Spoofing. Retrieved October 15, 2020.

Internal MISP references

UUID 1f9f5bfc-c044-4046-8586-39163a305c1e which can be used as unique global reference for Sans ARP Spoofing Aug 2003 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-15T00:00:00Z
date_published 2003-08-01T00:00:00Z
source MITRE
title Real World ARP Spoofing

Github CLI Create Webhook

Github. (n.d.). Receiving webhooks with the GitHub CLI. Retrieved August 4, 2023.

Internal MISP references

UUID 8ddee62e-adc0-5b28-b271-4b14b01f84c1 which can be used as unique global reference for Github CLI Create Webhook in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-04T00:00:00Z
source MITRE
title Receiving webhooks with the GitHub CLI

Kaspersky Cloud Atlas August 2019

GReAT. (2019, August 12). Recent Cloud Atlas activity. Retrieved May 8, 2020.

Internal MISP references

UUID 4c3ae600-0787-4847-b528-ae3e8ff1b5ef which can be used as unique global reference for Kaspersky Cloud Atlas August 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-08T00:00:00Z
date_published 2019-08-12T00:00:00Z
source MITRE
title Recent Cloud Atlas activity

Talos MuddyWater May 2019

Adamitis, D. et al. (2019, May 20). Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques. Retrieved June 5, 2019.

Internal MISP references

UUID 5b8b6429-14ef-466b-b806-5603e694efc1 which can be used as unique global reference for Talos MuddyWater May 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-05T00:00:00Z
date_published 2019-05-20T00:00:00Z
source MITRE
title Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques

Mandiant Pulse Secure Update May 2021

Perez, D. et al. (2021, May 27). Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices. Retrieved February 5, 2024.

Internal MISP references

UUID 5620adaf-c2a7-5f0f-ae70-554ce720426e which can be used as unique global reference for Mandiant Pulse Secure Update May 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-05T00:00:00Z
date_published 2021-05-27T00:00:00Z
source MITRE
title Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices

Free Desktop Entry Keys

Free Desktop. (2017, December 24). Recognized Desktop Entry Keys. Retrieved September 12, 2019.

Internal MISP references

UUID 4ffb9866-1cf4-46d1-b7e5-d75bd98de018 which can be used as unique global reference for Free Desktop Entry Keys in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-12T00:00:00Z
date_published 2017-12-24T00:00:00Z
source MITRE
title Recognized Desktop Entry Keys

Recorded Future APT3 May 2017

Insikt Group (Recorded Future). (2017, May 17). Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3. Retrieved June 18, 2017.

Internal MISP references

UUID a894d79f-5977-4ef9-9aa5-7bfec795ceb2 which can be used as unique global reference for Recorded Future APT3 May 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-06-18T00:00:00Z
date_published 2017-05-17T00:00:00Z
source MITRE
title Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3

Trend Micro Daserf Nov 2017

Chen, J. and Hsieh, M. (2017, November 7). REDBALDKNIGHT/BRONZE BUTLER’s Daserf Backdoor Now Using Steganography. Retrieved December 27, 2017.

Internal MISP references

UUID 4ca0e6a9-8c20-49a0-957a-7108083a8a29 which can be used as unique global reference for Trend Micro Daserf Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-27T00:00:00Z
date_published 2017-11-07T00:00:00Z
source MITRE, Tidal Cyber
title REDBALDKNIGHT/BRONZE BUTLER’s Daserf Backdoor Now Using Steganography

Red Canary SocGholish March 2024

Red Canary. (2024, March). Red Canary 2024 Threat Detection Report: SocGholish. Retrieved March 22, 2024.

Internal MISP references

UUID 70fa26e4-109c-5a48-b9fd-ac8b9acf2cf3 which can be used as unique global reference for Red Canary SocGholish March 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-22T00:00:00Z
date_published 2024-03-01T00:00:00Z
source MITRE
title Red Canary 2024 Threat Detection Report: SocGholish

RHEL auditd

Jahoda, M. et al.. (2017, March 14). redhat Security Guide - Chapter 7 - System Auditing. Retrieved December 20, 2017.

Internal MISP references

UUID cdedab06-7745-4a5e-aa62-00ed81ccc8d0 which can be used as unique global reference for RHEL auditd in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 2017-03-14T00:00:00Z
source MITRE
title redhat Security Guide - Chapter 7 - System Auditing

Red Hat System Auditing

Jahoda, M. et al.. (2017, March 14). Red Hat Security Guide - Chapter 7 - System Auditing. Retrieved December 20, 2017.

Internal MISP references

UUID 599337b3-8587-5578-9be5-e6e4f0edd0ef which can be used as unique global reference for Red Hat System Auditing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 2017-03-14T00:00:00Z
source MITRE
title Red Hat Security Guide - Chapter 7 - System Auditing

Recorded Future RedHotel August 2023

Insikt Group. (2023, August 8). RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale. Retrieved March 11, 2024.

Internal MISP references

UUID 006715e1-9354-51aa-812b-21a33a37ebb4 which can be used as unique global reference for Recorded Future RedHotel August 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-11T00:00:00Z
date_published 2023-08-08T00:00:00Z
source MITRE
title RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale

Cylance Redirect to SMB

Cylance. (2015, April 13). Redirect to SMB. Retrieved December 21, 2017.

Internal MISP references

UUID 32c7626a-b284-424c-8294-7fac37e71336 which can be used as unique global reference for Cylance Redirect to SMB in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-21T00:00:00Z
date_published 2015-04-13T00:00:00Z
source MITRE
title Redirect to SMB

Black Hills Red Teaming MS AD Azure, 2018

Felch, M.. (2018, August 31). Red Teaming Microsoft Part 1 Active Directory Leaks via Azure. Retrieved October 6, 2019.

Internal MISP references

UUID 48971032-8fa2-40ff-adef-e91d7109b859 which can be used as unique global reference for Black Hills Red Teaming MS AD Azure, 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-06T00:00:00Z
date_published 2018-08-31T00:00:00Z
source MITRE
title Red Teaming Microsoft Part 1 Active Directory Leaks via Azure

OutFlank System Calls

de Plaa, C. (2019, June 19). Red Team Tactics: Combining Direct System Calls and sRDI to bypass AV/EDR. Retrieved September 29, 2021.

Internal MISP references

UUID c4c3370a-2d6b-4ebd-961e-58d584066377 which can be used as unique global reference for OutFlank System Calls in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
date_published 2019-06-19T00:00:00Z
source MITRE
title Red Team Tactics: Combining Direct System Calls and sRDI to bypass AV/EDR

US-CERT TA17-156A SNMP Abuse 2017

US-CERT. (2017, June 5). Reducing the Risk of SNMP Abuse. Retrieved October 19, 2020.

Internal MISP references

UUID 82b814f3-2853-48a9-93ff-701d16d97535 which can be used as unique global reference for US-CERT TA17-156A SNMP Abuse 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
date_published 2017-06-05T00:00:00Z
source MITRE
title Reducing the Risk of SNMP Abuse

Cloudflare ReflectionDoS May 2017

Marek Majkowsk, Cloudflare. (2017, May 24). Reflections on reflection (attacks). Retrieved April 23, 2019.

Internal MISP references

UUID a6914c13-f95f-4c30-a129-905ed43e3454 which can be used as unique global reference for Cloudflare ReflectionDoS May 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-23T00:00:00Z
date_published 2017-05-24T00:00:00Z
source MITRE
title Reflections on reflection (attacks)

Trend Micro

Karen Victor. (2020, May 18). Reflective Loading Runs Netwalker Fileless Ransomware. Retrieved September 30, 2022.

Internal MISP references

UUID 2d4cb6f1-bc44-454b-94c1-88a81324903e which can be used as unique global reference for Trend Micro in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-30T00:00:00Z
date_published 2020-05-18T00:00:00Z
source MITRE
title Reflective Loading Runs Netwalker Fileless Ransomware

Microsoft Reg

Microsoft. (2012, April 17). Reg. Retrieved May 1, 2015.

Internal MISP references

UUID 1e1b21bd-18b3-4c77-8eb8-911b028ab603 which can be used as unique global reference for Microsoft Reg in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-05-01T00:00:00Z
date_published 2012-04-17T00:00:00Z
source MITRE
title Reg

LOLBAS Regasm

LOLBAS. (n.d.). Regasm.exe. Retrieved July 31, 2019.

Internal MISP references

UUID b6a3356f-72c2-4ec2-a276-2432eb691055 which can be used as unique global reference for LOLBAS Regasm in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-31T00:00:00Z
source MITRE
title Regasm.exe

MSDN Regasm

Microsoft. (n.d.). Regasm.exe (Assembly Registration Tool). Retrieved July 1, 2016.

Internal MISP references

UUID 66a3de54-4a16-4b1b-b18f-e3842aeb7b40 which can be used as unique global reference for MSDN Regasm in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-07-01T00:00:00Z
source MITRE
title Regasm.exe (Assembly Registration Tool)

Microsoft RegDelNull July 2016

Russinovich, M. & Sharkey, K. (2016, July 4). RegDelNull v1.11. Retrieved August 10, 2018.

Internal MISP references

UUID d34d35ee-9d0b-4556-ad19-04cfa9001bf2 which can be used as unique global reference for Microsoft RegDelNull July 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-10T00:00:00Z
date_published 2016-07-04T00:00:00Z
source MITRE
title RegDelNull v1.11

Regedit.exe - LOLBAS Project

LOLBAS. (2018, May 25). Regedit.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 86e47198-751b-4754-8741-6dd8f2960416 which can be used as unique global reference for Regedit.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Regedit.exe

Reg.exe - LOLBAS Project

LOLBAS. (2018, May 25). Reg.exe. Retrieved December 4, 2023.

Internal MISP references

UUID ba0e31a1-125b-43c3-adf0-567ca393eeab which can be used as unique global reference for Reg.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Reg.exe

Microsoft Reghide NOV 2006

Russinovich, M. & Sharkey, K. (2006, January 10). Reghide. Retrieved August 9, 2018.

Internal MISP references

UUID 42503ec7-f5da-4116-a3b3-a1b18a66eed3 which can be used as unique global reference for Microsoft Reghide NOV 2006 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-09T00:00:00Z
date_published 2006-01-10T00:00:00Z
source MITRE
title Reghide

Regini.exe - LOLBAS Project

LOLBAS. (2020, July 3). Regini.exe. Retrieved December 4, 2023.

Internal MISP references

UUID db2573d2-6ecd-4c5a-b038-2f799f9723ae which can be used as unique global reference for Regini.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-07-03T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Regini.exe

Register-cimprovider.exe - LOLBAS Project

LOLBAS. (2018, May 25). Register-cimprovider.exe. Retrieved December 4, 2023.

Internal MISP references

UUID d445d016-c4f1-45c8-929d-913867275417 which can be used as unique global reference for Register-cimprovider.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Register-cimprovider.exe

Microsoft Registry

Microsoft. (2018, May 31). Registry. Retrieved September 29, 2021.

Internal MISP references

UUID 08dc94ff-a289-45bd-93c2-1183fd507493 which can be used as unique global reference for Microsoft Registry in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
date_published 2018-05-31T00:00:00Z
source MITRE
title Registry

Tilbury 2014

Tilbury, C. (2014, August 28). Registry Analysis with CrowdResponse. Retrieved November 12, 2014.

Internal MISP references

UUID 136325ee-0712-49dd-b3ab-a6f2bfb218b0 which can be used as unique global reference for Tilbury 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
date_published 2014-08-28T00:00:00Z
source MITRE
title Registry Analysis with CrowdResponse

Microsoft COR_PROFILER Feb 2013

Microsoft. (2013, February 4). Registry-Free Profiler Startup and Attach. Retrieved June 24, 2020.

Internal MISP references

UUID 4e85ef68-dfb7-4db3-ac76-92f4b78cb1cd which can be used as unique global reference for Microsoft COR_PROFILER Feb 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-24T00:00:00Z
date_published 2013-02-04T00:00:00Z
source MITRE
title Registry-Free Profiler Startup and Attach

Microsoft Registry Auditing Aug 2016

Microsoft. (2016, August 31). Registry (Global Object Access Auditing). Retrieved January 31, 2018.

Internal MISP references

UUID f58ac1e4-c470-4aac-a077-7f358e25b0fa which can be used as unique global reference for Microsoft Registry Auditing Aug 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-31T00:00:00Z
date_published 2016-08-31T00:00:00Z
source MITRE
title Registry (Global Object Access Auditing)

Registry Key Security

Microsoft. (2018, May 31). Registry Key Security and Access Rights. Retrieved March 16, 2017.

Internal MISP references

UUID f8f12cbb-029c-48b1-87ce-624a7f98c8ab which can be used as unique global reference for Registry Key Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-16T00:00:00Z
date_published 2018-05-31T00:00:00Z
source MITRE
title Registry Key Security and Access Rights

MSDN Registry Key Security

Microsoft. (n.d.). Registry Key Security and Access Rights. Retrieved March 16, 2017.

Internal MISP references

UUID c5627d86-1b59-4c2a-aac0-88f1b4dc6974 which can be used as unique global reference for MSDN Registry Key Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-16T00:00:00Z
source MITRE
title Registry Key Security and Access Rights

Microsoft Registry Drivers

Microsoft. (2021, December 14). Registry Trees for Devices and Drivers. Retrieved March 28, 2023.

Internal MISP references

UUID 4bde767e-d4a7-56c5-9aa3-b3f3cc2e3e70 which can be used as unique global reference for Microsoft Registry Drivers in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-28T00:00:00Z
date_published 2021-12-14T00:00:00Z
source MITRE
title Registry Trees for Devices and Drivers

Microsoft System Wide Com Keys

Microsoft. (n.d.). Registry Values for System-Wide Security. Retrieved November 21, 2017.

Internal MISP references

UUID e0836ebc-66fd-46ac-adf6-727b46f2fb38 which can be used as unique global reference for Microsoft System Wide Com Keys in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-21T00:00:00Z
source MITRE
title Registry Values for System-Wide Security

LOLBAS Regsvcs

LOLBAS. (n.d.). Regsvcs.exe. Retrieved July 31, 2019.

Internal MISP references

UUID 3f669f4c-0b94-4b78-ad3e-fd62f7600902 which can be used as unique global reference for LOLBAS Regsvcs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-31T00:00:00Z
source MITRE
title Regsvcs.exe

MSDN Regsvcs

Microsoft. (n.d.). Regsvcs.exe (.NET Services Installation Tool). Retrieved July 1, 2016.

Internal MISP references

UUID 4f3651df-159e-4006-8cb6-de0d0712a194 which can be used as unique global reference for MSDN Regsvcs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-07-01T00:00:00Z
source MITRE
title Regsvcs.exe (.NET Services Installation Tool)

LOLBAS Regsvr32

LOLBAS. (n.d.). Regsvr32.exe. Retrieved July 31, 2019.

Internal MISP references

UUID 8e32abef-534e-475a-baad-946b6ec681c1 which can be used as unique global reference for LOLBAS Regsvr32 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-31T00:00:00Z
source MITRE
title Regsvr32.exe

Fortinet Remcos Feb 2017

Bacurio, F., Salvio, J. (2017, February 14). REMCOS: A New RAT In The Wild. Retrieved November 6, 2018.

Internal MISP references

UUID c4d5d6e7-47c0-457a-b396-53d34f87e444 which can be used as unique global reference for Fortinet Remcos Feb 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-06T00:00:00Z
date_published 2017-02-14T00:00:00Z
source MITRE
title REMCOS: A New RAT In The Wild

Mandiant Remediation and Hardening Strategies for Microsoft 365

Mandiant. (2022, August). Remediation and Hardening Strategies for Microsoft 365 to Defend Against APT29. Retrieved February 21, 2023.

Internal MISP references

UUID 4054604b-7c0f-5012-b40c-2b117f6b54c2 which can be used as unique global reference for Mandiant Remediation and Hardening Strategies for Microsoft 365 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-21T00:00:00Z
date_published 2022-08-01T00:00:00Z
source MITRE
title Remediation and Hardening Strategies for Microsoft 365 to Defend Against APT29

Mandiant Defend UNC2452 White Paper

Mandiant. (2021, January 19). Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452. Retrieved January 22, 2021.

Internal MISP references

UUID ed031297-d0f5-44a7-9723-ba692e923a6e which can be used as unique global reference for Mandiant Defend UNC2452 White Paper in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-22T00:00:00Z
date_published 2021-01-19T00:00:00Z
source MITRE
title Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452

Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452

Mike Burns, Matthew McWhirt, Douglas Bienstock, Nick Bennett. (2021, January 19). Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452. Retrieved September 25, 2021.

Internal MISP references

UUID 7aa5c294-df8e-4994-9b9e-69444d75ef37 which can be used as unique global reference for Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-25T00:00:00Z
date_published 2021-01-19T00:00:00Z
source MITRE
title Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452

TechNet Remote Desktop Services

Microsoft. (n.d.). Remote Desktop Services. Retrieved June 1, 2016.

Internal MISP references

UUID b8fc1bdf-f602-4a9b-a51c-fa49e70f24cd which can be used as unique global reference for TechNet Remote Desktop Services in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-01T00:00:00Z
source MITRE
title Remote Desktop Services

Remote.exe - LOLBAS Project

LOLBAS. (2021, June 1). Remote.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 9a298f83-80b8-45a3-9f63-6119be6621b4 which can be used as unique global reference for Remote.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-06-01T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Remote.exe

Microsoft Remote Use of Local

Margosis, A.. (2018, December 10). Remote Use of Local Accounts: LAPS Changes Everything. Retrieved March 13, 2020.

Internal MISP references

UUID 2239d595-4b80-4828-9d06-f8de221f9534 which can be used as unique global reference for Microsoft Remote Use of Local in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-13T00:00:00Z
date_published 2018-12-10T00:00:00Z
source MITRE
title Remote Use of Local Accounts: LAPS Changes Everything

SigmaHQ

Sittikorn S. (2022, April 15). Removal Of SD Value to Hide Schedule Task - Registry. Retrieved June 1, 2022.

Internal MISP references

UUID 27812e3f-9177-42ad-8681-91c65aba4743 which can be used as unique global reference for SigmaHQ in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-01T00:00:00Z
date_published 2022-04-15T00:00:00Z
source MITRE
title Removal Of SD Value to Hide Schedule Task - Registry

disable_win_evt_logging

Heiligenstein, L. (n.d.). REP-25: Disable Windows Event Logging. Retrieved April 7, 2022.

Internal MISP references

UUID 408c0c8c-5d8e-5ebe-bd31-81b405c615d8 which can be used as unique global reference for disable_win_evt_logging in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-07T00:00:00Z
source MITRE
title REP-25: Disable Windows Event Logging

Microsoft Replace Process Token

Brower, N., Lich, B. (2017, April 19). Replace a process level token. Retrieved December 19, 2017.

Internal MISP references

UUID 75130a36-e859-438b-9536-410c2831b2de which can be used as unique global reference for Microsoft Replace Process Token in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-19T00:00:00Z
date_published 2017-04-19T00:00:00Z
source MITRE
title Replace a process level token

Replace.exe - LOLBAS Project

LOLBAS. (2018, May 25). Replace.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 82a473e9-208c-4c47-bf38-92aee43238dd which can be used as unique global reference for Replace.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Replace.exe

Bugcrowd Replay Attack

Bugcrowd. (n.d.). Replay Attack. Retrieved September 27, 2023.

Internal MISP references

UUID ed31056c-23cb-5cb0-9b70-f363c54b27f7 which can be used as unique global reference for Bugcrowd Replay Attack in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-27T00:00:00Z
source MITRE
title Replay Attack

Mac Forwarding Rules

Apple. (n.d.). Reply to, forward, or redirect emails in Mail on Mac. Retrieved June 22, 2021.

Internal MISP references

UUID 0ff40575-cd2d-4a70-a07b-fff85f520062 which can be used as unique global reference for Mac Forwarding Rules in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-22T00:00:00Z
source MITRE
title Reply to, forward, or redirect emails in Mail on Mac

GitHub Reptile

Augusto, I. (2018, March 8). Reptile - LMK Linux rootkit. Retrieved April 9, 2018.

Internal MISP references

UUID 6e8cc88a-fb3f-4464-9380-868f597def6e which can be used as unique global reference for GitHub Reptile in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-09T00:00:00Z
date_published 2018-03-08T00:00:00Z
source MITRE
title Reptile - LMK Linux rootkit

AWS Temporary Security Credentials

AWS. (n.d.). Requesting temporary security credentials. Retrieved April 1, 2022.

Internal MISP references

UUID c6f29134-5af2-42e1-af4f-fbb9eae03432 which can be used as unique global reference for AWS Temporary Security Credentials in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-01T00:00:00Z
source MITRE
title Requesting temporary security credentials

ARS Technica China Hack SK April 2017

Sean Gallagher. (2017, April 21). Researchers claim China trying to hack South Korea missile defense efforts. Retrieved October 17, 2021.

Internal MISP references

UUID c9c647b6-f4fb-44d6-9376-23c1ae9520b4 which can be used as unique global reference for ARS Technica China Hack SK April 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-17T00:00:00Z
date_published 2017-04-21T00:00:00Z
source MITRE, Tidal Cyber
title Researchers claim China trying to hack South Korea missile defense efforts

Wired SandCat Oct 2019

Zetter, K. (2019, October 3). Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC. Retrieved October 15, 2020.

Internal MISP references

UUID 5f28adee-1313-48ec-895c-27341bd1071f which can be used as unique global reference for Wired SandCat Oct 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-15T00:00:00Z
date_published 2019-10-03T00:00:00Z
source MITRE
title Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC

Vincens AcidPour 2024

A.J. Vincens, CyberScoop. (2024, March 18). Researchers spot updated version of malware that hit Viasat. Retrieved March 25, 2024.

Internal MISP references

UUID 742c8a5c-21e5-58d8-a90d-f4c186c0699a which can be used as unique global reference for Vincens AcidPour 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-25T00:00:00Z
date_published 2024-03-18T00:00:00Z
source MITRE
title Researchers spot updated version of malware that hit Viasat

MSitPros CMSTP Aug 2017

Moe, O. (2017, August 15). Research on CMSTP.exe. Retrieved April 11, 2018.

Internal MISP references

UUID 8dbbf13b-e73c-43c2-a053-7b07fdf25c85 which can be used as unique global reference for MSitPros CMSTP Aug 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-11T00:00:00Z
date_published 2017-08-15T00:00:00Z
source MITRE
title Research on CMSTP.exe

sentinellabs resource named fork 2020

Phil Stokes. (2020, November 5). Resourceful macOS Malware Hides in Named Fork. Retrieved October 12, 2021.

Internal MISP references

UUID 0008dfd8-25a1-4e6a-9154-da7bcbb7daa7 which can be used as unique global reference for sentinellabs resource named fork 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-12T00:00:00Z
date_published 2020-11-05T00:00:00Z
source MITRE
title Resourceful macOS Malware Hides in Named Fork

GitHub Responder

Gaffie, L. (2016, August 25). Responder. Retrieved November 17, 2017.

Internal MISP references

UUID 3ef681a9-4ab0-420b-9d1a-b8152c50b3ca which can be used as unique global reference for GitHub Responder in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-17T00:00:00Z
date_published 2016-08-25T00:00:00Z
source MITRE
title Responder

Mandiant UNC2589 March 2022

Sadowski, J; Hall, R. (2022, March 4). Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation. Retrieved June 9, 2022.

Internal MISP references

UUID 63d89139-9dd4-4ed6-bf6e-8cd872c5d034 which can be used as unique global reference for Mandiant UNC2589 March 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-09T00:00:00Z
date_published 2022-03-04T00:00:00Z
source MITRE
title Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation

CrowdStrike BGH Ransomware 2021

Falcon Complete Team. (2021, May 11). Response When Minutes Matter: Rising Up Against Ransomware. Retrieved October 8, 2021.

Internal MISP references

UUID a4cb3caf-e7ef-4662-93c6-63a0c3352a32 which can be used as unique global reference for CrowdStrike BGH Ransomware 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-08T00:00:00Z
date_published 2021-05-11T00:00:00Z
source MITRE
title Response When Minutes Matter: Rising Up Against Ransomware

Google - Restore Cloud Snapshot

Google. (2019, October 7). Restoring and deleting persistent disk snapshots. Retrieved October 8, 2019.

Internal MISP references

UUID ffa46676-518e-4fef-965d-e91efae95dfc which can be used as unique global reference for Google - Restore Cloud Snapshot in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-08T00:00:00Z
date_published 2019-10-07T00:00:00Z
source MITRE
title Restoring and deleting persistent disk snapshots

Google Instances Resource

Google. (n.d.). Rest Resource: instance. Retrieved March 3, 2020.

Internal MISP references

UUID 9733447c-072f-4da8-9cc7-0a0ce6a3b820 which can be used as unique global reference for Google Instances Resource in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-03T00:00:00Z
source MITRE
title Rest Resource: instance

Secureworks IRON LIBERTY July 2019

Secureworks. (2019, July 24). Resurgent Iron Liberty Targeting Energy Sector. Retrieved August 12, 2020.

Internal MISP references

UUID c666200d-5392-43f2-9ad0-1268d7b2e86f which can be used as unique global reference for Secureworks IRON LIBERTY July 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-12T00:00:00Z
date_published 2019-07-24T00:00:00Z
source MITRE, Tidal Cyber
title Resurgent Iron Liberty Targeting Energy Sector

Palo Alto Retefe

Levene, B., Falcone, R., Grunzweig, J., Lee, B., Olson, R. (2015, August 20). Retefe Banking Trojan Targets Sweden, Switzerland and Japan. Retrieved July 3, 2017.

Internal MISP references

UUID 52f841b0-10a8-4f48-8265-5b336489ff80 which can be used as unique global reference for Palo Alto Retefe in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-03T00:00:00Z
date_published 2015-08-20T00:00:00Z
source MITRE
title Retefe Banking Trojan Targets Sweden, Switzerland and Japan

AWS Secrets Manager

AWS. (n.d.). Retrieve secrets from AWS Secrets Manager. Retrieved September 25, 2023.

Internal MISP references

UUID ec87e183-3018-5cac-9fab-711003be54f7 which can be used as unique global reference for AWS Secrets Manager in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-25T00:00:00Z
source MITRE
title Retrieve secrets from AWS Secrets Manager

Directory Services Internals DPAPI Backup Keys Oct 2015

Grafnetter, M. (2015, October 26). Retrieving DPAPI Backup Keys from Active Directory. Retrieved December 19, 2017.

Internal MISP references

UUID e48dc4ce-e7c5-44e4-b033-7ab4bbdbe1cb which can be used as unique global reference for Directory Services Internals DPAPI Backup Keys Oct 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-19T00:00:00Z
date_published 2015-10-26T00:00:00Z
source MITRE
title Retrieving DPAPI Backup Keys from Active Directory

Malwarebytes RokRAT VBA January 2021

Jazi, Hossein. (2021, January 6). Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat. Retrieved March 22, 2022.

Internal MISP references

UUID 62ad7dbc-3ed2-4fa5-a56a-2810ce131167 which can be used as unique global reference for Malwarebytes RokRAT VBA January 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-22T00:00:00Z
date_published 2021-01-06T00:00:00Z
source MITRE
title Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat

TCC Database

Marina Liang. (2024, April 23). Return of the mac(OS): Transparency, Consent, and Control (TCC) Database Manipulation. Retrieved March 28, 2024.

Internal MISP references

UUID 4929c08e-cc20-5f85-8ae0-6bb691ce7917 which can be used as unique global reference for TCC Database in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-28T00:00:00Z
date_published 2024-04-23T00:00:00Z
source MITRE
title Return of the mac(OS): Transparency, Consent, and Control (TCC) Database Manipulation

jRAT Symantec Aug 2018

Sharma, R. (2018, August 15). Revamped jRAT Uses New Anti-Parsing Techniques. Retrieved September 21, 2018.

Internal MISP references

UUID 8aed9534-2ec6-4c9f-b63b-9bb135432cfb which can be used as unique global reference for jRAT Symantec Aug 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-21T00:00:00Z
date_published 2018-08-15T00:00:00Z
source MITRE
title Revamped jRAT Uses New Anti-Parsing Techniques

Sygnia Emperor Dragonfly October 2022

Biderman, O. et al. (2022, October 3). REVEALING EMPEROR DRAGONFLY: NIGHT SKY AND CHEERSCRYPT - A SINGLE RANSOMWARE GROUP. Retrieved December 6, 2023.

Internal MISP references

UUID f9e40a71-c963-53de-9266-13f9f326c5bf which can be used as unique global reference for Sygnia Emperor Dragonfly October 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-06T00:00:00Z
date_published 2022-10-03T00:00:00Z
source MITRE
title REVEALING EMPEROR DRAGONFLY: NIGHT SKY AND CHEERSCRYPT - A SINGLE RANSOMWARE GROUP

Morphisec Snip3 May 2021

Lorber, N. (2021, May 7). Revealing the Snip3 Crypter, a Highly Evasive RAT Loader. Retrieved September 13, 2023.

Internal MISP references

UUID abe44c50-8347-5c98-8b04-d41afbe59d4c which can be used as unique global reference for Morphisec Snip3 May 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-13T00:00:00Z
date_published 2021-05-07T00:00:00Z
source MITRE
title Revealing the Snip3 Crypter, a Highly Evasive RAT Loader

Microsoft DUBNIUM June 2016

Microsoft. (2016, June 9). Reverse-engineering DUBNIUM. Retrieved March 31, 2021.

Internal MISP references

UUID ae28afad-e2d6-4c3c-a309-ee7c44a3e586 which can be used as unique global reference for Microsoft DUBNIUM June 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-31T00:00:00Z
date_published 2016-06-09T00:00:00Z
source MITRE
title Reverse-engineering DUBNIUM

Microsoft DUBNIUM Flash June 2016

Microsoft. (2016, June 20). Reverse-engineering DUBNIUM’s Flash-targeting exploit. Retrieved March 31, 2021.

Internal MISP references

UUID 999a471e-6373-463b-a77b-d3020b4a8702 which can be used as unique global reference for Microsoft DUBNIUM Flash June 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-31T00:00:00Z
date_published 2016-06-20T00:00:00Z
source MITRE
title Reverse-engineering DUBNIUM’s Flash-targeting exploit

Microsoft DUBNIUM July 2016

Microsoft. (2016, July 14). Reverse engineering DUBNIUM – Stage 2 payload analysis . Retrieved March 31, 2021.

Internal MISP references

UUID e1bd8fb3-e0b4-4659-85a1-d37e1c3d167f which can be used as unique global reference for Microsoft DUBNIUM July 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-31T00:00:00Z
date_published 2016-07-14T00:00:00Z
source MITRE
title Reverse engineering DUBNIUM – Stage 2 payload analysis

CSRB LAPSUS$ July 24 2023

Cyber Safety Review Board. (2023, July 24). Review of the Attacks Associated with LAPSUS$ and Related Threat Groups. Retrieved November 16, 2023.

Internal MISP references

UUID f8311977-303c-4d05-a7f4-25b3ae36318b which can be used as unique global reference for CSRB LAPSUS$ July 24 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-16T00:00:00Z
date_published 2023-07-24T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Review of the Attacks Associated with LAPSUS$ and Related Threat Groups

Intel 471 REvil March 2020

Intel 471 Malware Intelligence team. (2020, March 31). REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation. Retrieved August 4, 2020.

Internal MISP references

UUID b939dc98-e00e-4d47-84a4-3eaaeb5c0abf which can be used as unique global reference for Intel 471 REvil March 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-04T00:00:00Z
date_published 2020-03-31T00:00:00Z
source MITRE
title REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation

BleepingComputer REvil 2021

Abrams, L. (2021, March 19). REvil ransomware has a new ‘Windows Safe Mode’ encryption mode. Retrieved June 23, 2021.

Internal MISP references

UUID 790ef274-aea4-49b7-8b59-1b95185c5f50 which can be used as unique global reference for BleepingComputer REvil 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-23T00:00:00Z
date_published 2021-03-19T00:00:00Z
source MITRE
title REvil ransomware has a new ‘Windows Safe Mode’ encryption mode

Secureworks REvil September 2019

Counter Threat Unit Research Team. (2019, September 24). REvil/Sodinokibi Ransomware. Retrieved August 4, 2020.

Internal MISP references

UUID 8f4e2baf-4227-4bbd-bfdb-5598717dcf88 which can be used as unique global reference for Secureworks REvil September 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-04T00:00:00Z
date_published 2019-09-24T00:00:00Z
source MITRE, Tidal Cyber
title REvil/Sodinokibi Ransomware

Secureworks GandCrab and REvil September 2019

Secureworks . (2019, September 24). REvil: The GandCrab Connection. Retrieved August 4, 2020.

Internal MISP references

UUID 46b5d57b-17be-48ff-b723-406f6a55d84a which can be used as unique global reference for Secureworks GandCrab and REvil September 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-04T00:00:00Z
date_published 2019-09-24T00:00:00Z
source MITRE
title REvil: The GandCrab Connection

Enigma Reviving DDE Jan 2018

Nelson, M. (2018, January 29). Reviving DDE: Using OneNote and Excel for Code Execution. Retrieved February 3, 2018.

Internal MISP references

UUID 188a0f02-8d1e-4e4e-b2c0-ddf1bf1bdf93 which can be used as unique global reference for Enigma Reviving DDE Jan 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-03T00:00:00Z
date_published 2018-01-29T00:00:00Z
source MITRE
title Reviving DDE: Using OneNote and Excel for Code Execution

GitHub Revoke-Obfuscation

Bohannon, D. (2017, July 27). Revoke-Obfuscation. Retrieved February 12, 2018.

Internal MISP references

UUID 3624d75e-be50-4c10-9e8a-28523568ff9f which can be used as unique global reference for GitHub Revoke-Obfuscation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-12T00:00:00Z
date_published 2017-07-27T00:00:00Z
source MITRE
title Revoke-Obfuscation

FireEye Revoke-Obfuscation July 2017

Bohannon, D. & Holmes, L. (2017, July 27). Revoke-Obfuscation: PowerShell Obfuscation Detection Using Science. Retrieved February 12, 2018.

Internal MISP references

UUID e03e9d19-18bb-4d28-8c96-8c1cef89a20b which can be used as unique global reference for FireEye Revoke-Obfuscation July 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-12T00:00:00Z
date_published 2017-07-27T00:00:00Z
source MITRE
title Revoke-Obfuscation: PowerShell Obfuscation Detection Using Science

HC3 Analyst Note Rhysida Ransomware August 2023

Health Sector Cybersecurity Coordination Center (HC3). (2023, August 4). Rhysida Ransomware. Retrieved August 11, 2023.

Internal MISP references

UUID 3f6e2821-5073-4382-b5dd-08676eaa2240 which can be used as unique global reference for HC3 Analyst Note Rhysida Ransomware August 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-11T00:00:00Z
date_published 2023-08-04T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Rhysida Ransomware

SentinelOne Rhysida June 29 2023

Alex Delamotte, Jim Walter. (2023, June 29). Rhysida Ransomware | RaaS Crawls Out of Crimeware Undergrowth to Attack Chilean Army. Retrieved August 11, 2023.

Internal MISP references

UUID 4fa2a841-71e8-4733-8622-cc068d077ad9 which can be used as unique global reference for SentinelOne Rhysida June 29 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-11T00:00:00Z
date_published 2023-06-29T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Rhysida Ransomware

Prodaft RIG February 2023

PTI Team. (2023, February 27). [RIG] RIG Exploit Kit: In-Depth Analysis. Retrieved May 8, 2023.

Internal MISP references

UUID 13ed0c11-f258-47d8-9253-8bd13661c2a9 which can be used as unique global reference for Prodaft RIG February 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-08T00:00:00Z
date_published 2023-02-27T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title [RIG] RIG Exploit Kit: In-Depth Analysis

Microsoft XorDdos Linux Stealth 2022

Microsoft Threat Intelligence. (2022, May 19). Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices. Retrieved September 27, 2023.

Internal MISP references

UUID 6425d351-2c88-5af9-970a-4d0d184d0c70 which can be used as unique global reference for Microsoft XorDdos Linux Stealth 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-27T00:00:00Z
date_published 2022-05-19T00:00:00Z
source MITRE
title Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices

httrack_unhcr

RISKIQ. (2022, March 15). RiskIQ Threat Intelligence Roundup: Campaigns Targeting Ukraine and Global Malware Infrastructure. Retrieved July 29, 2022.

Internal MISP references

UUID a4a3fd3d-1c13-40e5-b462-fa69a1861986 which can be used as unique global reference for httrack_unhcr in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-29T00:00:00Z
date_published 2022-03-15T00:00:00Z
source MITRE
title RiskIQ Threat Intelligence Roundup: Campaigns Targeting Ukraine and Global Malware Infrastructure

US-CERT Alert TA13-175A Risks of Default Passwords on the Internet

US-CERT. (n.d.). Risks of Default Passwords on the Internet. Retrieved April 12, 2019.

Internal MISP references

UUID 0c365c3f-3aa7-4c63-b96e-7716b95db049 which can be used as unique global reference for US-CERT Alert TA13-175A Risks of Default Passwords on the Internet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-12T00:00:00Z
source MITRE
title Risks of Default Passwords on the Internet

ROADtools Github

Dirk-jan Mollema. (2022, January 31). ROADtools. Retrieved January 31, 2022.

Internal MISP references

UUID 90c592dc-2c9d-401a-96ab-b539f7522956 which can be used as unique global reference for ROADtools Github in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-31T00:00:00Z
date_published 2022-01-31T00:00:00Z
source MITRE
title ROADtools

Harmj0y Roasting AS-REPs Jan 2017

HarmJ0y. (2017, January 17). Roasting AS-REPs. Retrieved August 24, 2020.

Internal MISP references

UUID bfb01fbf-4dc0-4943-8a21-457f28f4b01f which can be used as unique global reference for Harmj0y Roasting AS-REPs Jan 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-24T00:00:00Z
date_published 2017-01-17T00:00:00Z
source MITRE
title Roasting AS-REPs

Anomali Rocke March 2019

Anomali Labs. (2019, March 15). Rocke Evolves Its Arsenal With a New Malware Family Written in Golang. Retrieved April 24, 2019.

Internal MISP references

UUID 31051c8a-b523-4b8e-b834-2168c59e783b which can be used as unique global reference for Anomali Rocke March 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-24T00:00:00Z
date_published 2019-03-15T00:00:00Z
source MITRE
title Rocke Evolves Its Arsenal With a New Malware Family Written in Golang

Talos Rocke August 2018

Liebenberg, D.. (2018, August 30). Rocke: The Champion of Monero Miners. Retrieved May 26, 2020.

Internal MISP references

UUID bff0ee40-e583-4f73-a013-4669ca576904 which can be used as unique global reference for Talos Rocke August 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-26T00:00:00Z
date_published 2018-08-30T00:00:00Z
source MITRE, Tidal Cyber
title Rocke: The Champion of Monero Miners

Check Point Rocket Kitten

Check Point Software Technologies. (2015). ROCKET KITTEN: A CAMPAIGN WITH 9 LIVES. Retrieved March 16, 2018.

Internal MISP references

UUID 71da7d4c-f1f8-4f5c-a609-78a414851baf which can be used as unique global reference for Check Point Rocket Kitten in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-16T00:00:00Z
date_published 2015-01-01T00:00:00Z
source MITRE
title ROCKET KITTEN: A CAMPAIGN WITH 9 LIVES

NCCGroup RokRat Nov 2018

Pantazopoulos, N.. (2018, November 8). RokRat Analysis. Retrieved May 21, 2020.

Internal MISP references

UUID bcad3b27-858f-4c1d-a24c-dbc4dcee3cdc which can be used as unique global reference for NCCGroup RokRat Nov 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-21T00:00:00Z
date_published 2018-11-08T00:00:00Z
source MITRE
title RokRat Analysis

Talos ROKRAT 2

Mercer, W., Rascagneres, P. (2017, November 28). ROKRAT Reloaded. Retrieved May 21, 2018.

Internal MISP references

UUID 116f6565-d36d-4d01-9a97-a40cf589afa9 which can be used as unique global reference for Talos ROKRAT 2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-21T00:00:00Z
date_published 2017-11-28T00:00:00Z
source MITRE
title ROKRAT Reloaded

Kubernetes RBAC

Kubernetes. (n.d.). Role Based Access Control Good Practices. Retrieved March 8, 2023.

Internal MISP references

UUID 37c0e0e1-cc4d-5a93-b8a0-224f031b7324 which can be used as unique global reference for Kubernetes RBAC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-08T00:00:00Z
source MITRE
title Role Based Access Control Good Practices

Google Cloud Service Account Authentication Roles

Google Cloud. (n.d.). Roles for service account authentication. Retrieved July 10, 2023.

Internal MISP references

UUID 525a8afc-64e9-5cc3-9c56-95da9811da0d which can be used as unique global reference for Google Cloud Service Account Authentication Roles in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-10T00:00:00Z
source MITRE
title Roles for service account authentication

BBC-Ronin

Joe Tidy. (2022, March 30). Ronin Network: What a $600m hack says about the state of crypto. Retrieved August 18, 2023.

Internal MISP references

UUID 8e162e39-a58f-5ba0-9a8e-101d4cfa324c which can be used as unique global reference for BBC-Ronin in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-18T00:00:00Z
date_published 2022-03-30T00:00:00Z
source MITRE
title Ronin Network: What a $600m hack says about the state of crypto

Wikipedia Root Certificate

Wikipedia. (2016, December 6). Root certificate. Retrieved February 20, 2017.

Internal MISP references

UUID 68b9ccbb-906e-4f06-b5bd-3969723c3616 which can be used as unique global reference for Wikipedia Root Certificate in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-02-20T00:00:00Z
date_published 2016-12-06T00:00:00Z
source MITRE
title Root certificate

Wikipedia Rootkit

Wikipedia. (2016, June 1). Rootkit. Retrieved June 2, 2016.

Internal MISP references

UUID 7e877b6b-9873-48e2-b138-e02dcb5268ca which can be used as unique global reference for Wikipedia Rootkit in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-02T00:00:00Z
date_published 2016-06-01T00:00:00Z
source MITRE
title Rootkit

Sekoia HideDRV Oct 2016

Rascagnères, P.. (2016, October 27). Rootkit analysis: Use case on HideDRV. Retrieved March 9, 2017.

Internal MISP references

UUID c383811d-c036-4fe7-add8-b4d4f73b3ce4 which can be used as unique global reference for Sekoia HideDRV Oct 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-09T00:00:00Z
date_published 2016-10-27T00:00:00Z
source MITRE
title Rootkit analysis: Use case on HideDRV

RotaJakiro 2021 netlab360 analysis

Alex Turing, Hui Wang. (2021, April 28). RotaJakiro: A long live secret backdoor with 0 VT detection. Retrieved June 14, 2023.

Internal MISP references

UUID 7a9c53dd-2c0e-5452-9ee2-01531fbf8ba8 which can be used as unique global reference for RotaJakiro 2021 netlab360 analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-14T00:00:00Z
date_published 2021-04-28T00:00:00Z
source MITRE
title RotaJakiro: A long live secret backdoor with 0 VT detection

netlab360 rotajakiro vs oceanlotus

Alex Turing. (2021, May 6). RotaJakiro, the Linux version of the OceanLotus. Retrieved June 14, 2023.

Internal MISP references

UUID 20967c9b-5bb6-5cdd-9466-2c9efd9ab98c which can be used as unique global reference for netlab360 rotajakiro vs oceanlotus in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-14T00:00:00Z
date_published 2021-05-06T00:00:00Z
source MITRE
title RotaJakiro, the Linux version of the OceanLotus

TechNet Route

Microsoft. (n.d.). Route. Retrieved April 17, 2016.

Internal MISP references

UUID 0e483ec8-af40-4139-9711-53b999e069ee which can be used as unique global reference for TechNet Route in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-17T00:00:00Z
source MITRE
title Route

U.S. HHS Royal & BlackCat Alert

Health Sector Cybersecurity Coordination Center (HC3). (2023, January 12). Royal & BlackCat Ransomware: The Threat to the Health Sector. Retrieved March 7, 2024.

Internal MISP references

UUID d1d6b6fe-ef93-4417-844b-7cd8dc76934b which can be used as unique global reference for U.S. HHS Royal & BlackCat Alert in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-07T00:00:00Z
date_published 2023-01-12T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Royal & BlackCat Ransomware: The Threat to the Health Sector

Kroll Royal Deep Dive February 2023

Iacono, L. and Green, S. (2023, February 13). Royal Ransomware Deep Dive. Retrieved March 30, 2023.

Internal MISP references

UUID dcdcc965-56d0-58e6-996b-d8bd40916745 which can be used as unique global reference for Kroll Royal Deep Dive February 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-30T00:00:00Z
date_published 2023-02-13T00:00:00Z
source MITRE
title Royal Ransomware Deep Dive

Trend Micro Royal Linux ESXi February 2023

Morales, N. et al. (2023, February 20). Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers. Retrieved March 30, 2023.

Internal MISP references

UUID e5bb846f-d11f-580c-b96a-9de4ba5eaed6 which can be used as unique global reference for Trend Micro Royal Linux ESXi February 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-30T00:00:00Z
date_published 2023-02-20T00:00:00Z
source MITRE
title Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers

Cybereason Royal December 2022

Cybereason Global SOC and Cybereason Security Research Teams. (2022, December 14). Royal Rumble: Analysis of Royal Ransomware. Retrieved March 30, 2023.

Internal MISP references

UUID 28aef64e-20d3-5227-a3c9-e657c6e2d07e which can be used as unique global reference for Cybereason Royal December 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-30T00:00:00Z
date_published 2022-12-14T00:00:00Z
source MITRE
title Royal Rumble: Analysis of Royal Ransomware

Royal Rumble: Analysis of Royal Ransomware

Cybereason global soc & cybereason security research teams. (n.d.). Royal Rumble: Analysis of Royal Ransomware. Retrieved May 18, 2023.

Internal MISP references

UUID 5afa7fd0-908e-4714-9ab3-2bbbc1fff976 which can be used as unique global reference for Royal Rumble: Analysis of Royal Ransomware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-18T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Royal Rumble: Analysis of Royal Ransomware

Rpcping.exe - LOLBAS Project

LOLBAS. (2018, May 25). Rpcping.exe. Retrieved December 4, 2023.

Internal MISP references

UUID dc15a187-4de7-422e-a507-223e89e317b1 which can be used as unique global reference for Rpcping.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Rpcping.exe

Threatpost New Op Sharpshooter Data March 2019

L. O'Donnell. (2019, March 3). RSAC 2019: New Operation Sharpshooter Data Reveals Higher Complexity, Scope. Retrieved September 26, 2022.

Internal MISP references

UUID 2361b5b1-3a01-4d77-99c6-261f444a498e which can be used as unique global reference for Threatpost New Op Sharpshooter Data March 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-26T00:00:00Z
date_published 2019-03-03T00:00:00Z
source MITRE
title RSAC 2019: New Operation Sharpshooter Data Reveals Higher Complexity, Scope

GCN RSA June 2011

Jackson, William. (2011, June 7). RSA confirms its tokens used in Lockheed hack. Retrieved September 24, 2018.

Internal MISP references

UUID 40564d23-b9ae-4bb3-8dd1-d6b01163a32d which can be used as unique global reference for GCN RSA June 2011 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-24T00:00:00Z
date_published 2011-06-07T00:00:00Z
source MITRE
title RSA confirms its tokens used in Lockheed hack

RSA Shell Crew

RSA Incident Response. (2014, January). RSA Incident Response Emerging Threat Profile: Shell Crew. Retrieved January 14, 2016.

Internal MISP references

UUID 6872a6d3-c4ab-40cf-82b7-5c5c8e077189 which can be used as unique global reference for RSA Shell Crew in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-14T00:00:00Z
date_published 2014-01-01T00:00:00Z
source MITRE
title RSA Incident Response Emerging Threat Profile: Shell Crew

GitHub Rubeus March 2023

Harmj0y. (n.d.). Rubeus. Retrieved March 29, 2023.

Internal MISP references

UUID 4bde7ce6-7fc6-5660-a8aa-745f19350ee1 which can be used as unique global reference for GitHub Rubeus March 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-29T00:00:00Z
source MITRE
title Rubeus

SOCPrime DoubleExtension

Eugene Tkachenko. (2020, May 1). Rule of the Week: Possible Malicious File Double Extension. Retrieved July 27, 2021.

Internal MISP references

UUID 14a99228-de84-4551-a6b5-9c6f1173f292 which can be used as unique global reference for SOCPrime DoubleExtension in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-07-27T00:00:00Z
date_published 2020-05-01T00:00:00Z
source MITRE
title Rule of the Week: Possible Malicious File Double Extension

SensePost Ruler GitHub

SensePost. (2016, August 18). Ruler: A tool to abuse Exchange services. Retrieved February 4, 2019.

Internal MISP references

UUID aa0a1508-a872-4e69-bf20-d3c8202f18c1 which can be used as unique global reference for SensePost Ruler GitHub in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-04T00:00:00Z
date_published 2016-08-18T00:00:00Z
source MITRE
title Ruler: A tool to abuse Exchange services

Microsoft Cloud App Security

Niv Goldenberg. (2018, December 12). Rule your inbox with Microsoft Cloud App Security. Retrieved June 7, 2021.

Internal MISP references

UUID be0a1168-fa84-4742-a658-41a078b7f5fa which can be used as unique global reference for Microsoft Cloud App Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-07T00:00:00Z
date_published 2018-12-12T00:00:00Z
source MITRE
title Rule your inbox with Microsoft Cloud App Security

Microsoft Run Key

Microsoft. (n.d.). Run and RunOnce Registry Keys. Retrieved November 12, 2014.

Internal MISP references

UUID 0d633a50-4afd-4479-898e-1a785f5637da which can be used as unique global reference for Microsoft Run Key in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
source MITRE
title Run and RunOnce Registry Keys

Microsoft RunAs

Microsoft. (2016, August 31). Runas. Retrieved October 1, 2021.

Internal MISP references

UUID af05c12e-f9c6-421a-9a5d-0797c01ab2dc which can be used as unique global reference for Microsoft RunAs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-01T00:00:00Z
date_published 2016-08-31T00:00:00Z
source MITRE
title Runas

Microsoft runas - Duplicate

Microsoft TechNet. (n.d.). Runas. Retrieved April 21, 2017.

Internal MISP references

UUID 8b4bdce9-da19-443f-88d2-11466e126c09 which can be used as unique global reference for Microsoft runas - Duplicate in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-04-21T00:00:00Z
source MITRE
title Runas

Wikipedia Run Command

Wikipedia. (2018, August 3). Run Command. Retrieved October 12, 2018.

Internal MISP references

UUID 2fd66037-95dd-4819-afc7-00b7fd6f54fe which can be used as unique global reference for Wikipedia Run Command in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-10-12T00:00:00Z
date_published 2018-08-03T00:00:00Z
source MITRE
title Run Command

Secpod Winexe June 2017

Prakash, T. (2017, June 21). Run commands on Windows system remotely using Winexe. Retrieved January 22, 2018.

Internal MISP references

UUID ca8ea354-44d4-4606-8b3e-1102b27f251c which can be used as unique global reference for Secpod Winexe June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-22T00:00:00Z
date_published 2017-06-21T00:00:00Z
source MITRE
title Run commands on Windows system remotely using Winexe

Rundll32.exe - LOLBAS Project

LOLBAS. (2018, May 25). Rundll32.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 90aff246-ce27-4f21-96f9-38543718ab07 which can be used as unique global reference for Rundll32.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Rundll32.exe

Attackify Rundll32.exe Obscurity

Attackify. (n.d.). Rundll32.exe Obscurity. Retrieved August 23, 2021.

Internal MISP references

UUID daa35853-eb46-4ef4-b543-a2c5157f96bf which can be used as unique global reference for Attackify Rundll32.exe Obscurity in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-23T00:00:00Z
source MITRE
title Rundll32.exe Obscurity

Runexehelper.exe - LOLBAS Project

LOLBAS. (2022, December 13). Runexehelper.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 86ff0379-2b73-4981-9f13-2b02b53bc90f which can be used as unique global reference for Runexehelper.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-12-13T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Runexehelper.exe

ELC Running at startup

hoakley. (2018, May 22). Running at startup: when to use a Login Item or a LaunchAgent/LaunchDaemon. Retrieved October 5, 2021.

Internal MISP references

UUID 11ee6303-5103-4063-a765-659ead217c6c which can be used as unique global reference for ELC Running at startup in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-05T00:00:00Z
date_published 2018-05-22T00:00:00Z
source MITRE
title Running at startup: when to use a Login Item or a LaunchAgent/LaunchDaemon

Powershell Remote Commands

Microsoft. (2020, August 21). Running Remote Commands. Retrieved July 26, 2021.

Internal MISP references

UUID 24c526e1-7199-45ca-99b4-75e75c7041cd which can be used as unique global reference for Powershell Remote Commands in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-07-26T00:00:00Z
date_published 2020-08-21T00:00:00Z
source MITRE
title Running Remote Commands

AutoIT

AutoIT. (n.d.). Running Scripts. Retrieved March 29, 2024.

Internal MISP references

UUID 97e76bc2-9312-5f39-8491-8b42ddeb2067 which can be used as unique global reference for AutoIT in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-29T00:00:00Z
source MITRE
title Running Scripts

Runonce.exe - LOLBAS Project

LOLBAS. (2018, May 25). Runonce.exe. Retrieved December 4, 2023.

Internal MISP references

UUID b97d4b16-ead2-4cc7-90e5-f8b05d84faf3 which can be used as unique global reference for Runonce.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Runonce.exe

Apple Developer Doco Archive Run-Path

Apple Inc.. (2012, July 7). Run-Path Dependent Libraries. Retrieved March 31, 2021.

Internal MISP references

UUID e9e5cff5-836a-4b66-87d5-03a727c0f467 which can be used as unique global reference for Apple Developer Doco Archive Run-Path in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-31T00:00:00Z
date_published 2012-07-07T00:00:00Z
source MITRE
title Run-Path Dependent Libraries

Runscripthelper.exe - LOLBAS Project

LOLBAS. (2018, May 25). Runscripthelper.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 6d7151e3-685a-4dc7-a44d-aefae4f3db6a which can be used as unique global reference for Runscripthelper.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Runscripthelper.exe

Microsoft Run Command

Microsoft. (2023, March 10). Run scripts in your VM by using Run Command. Retrieved March 13, 2023.

Internal MISP references

UUID 4f2e6adb-6e3d-5f1f-b873-4b99797f2bfa which can be used as unique global reference for Microsoft Run Command in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-13T00:00:00Z
date_published 2023-03-10T00:00:00Z
source MITRE
title Run scripts in your VM by using Run Command

McAfee APT28 DDE2 Nov 2017

Paganini, P. (2017, November 9). Russia-Linked APT28 group observed using DDE attack to deliver malware. Retrieved November 21, 2017.

Internal MISP references

UUID d5ab8075-334f-492c-8318-c691f210b984 which can be used as unique global reference for McAfee APT28 DDE2 Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-21T00:00:00Z
date_published 2017-11-09T00:00:00Z
source MITRE
title Russia-Linked APT28 group observed using DDE attack to deliver malware

Security Affairs DustSquad Oct 2018

Paganini, P. (2018, October 16). Russia-linked APT group DustSquad targets diplomatic entities in Central Asia. Retrieved August 24, 2021.

Internal MISP references

UUID 0e6b019c-cf8e-40a7-9e7c-6a7dc5309dc6 which can be used as unique global reference for Security Affairs DustSquad Oct 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-24T00:00:00Z
date_published 2018-10-16T00:00:00Z
source MITRE
title Russia-linked APT group DustSquad targets diplomatic entities in Central Asia

SecurityWeek Nomadic Octopus Oct 2018

Kovacs, E. (2018, October 18). Russia-Linked Hackers Target Diplomatic Entities in Central Asia. Retrieved October 13, 2021.

Internal MISP references

UUID 659f86ef-7e90-42ff-87b7-2e289f9f6cc2 which can be used as unique global reference for SecurityWeek Nomadic Octopus Oct 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-13T00:00:00Z
date_published 2018-10-18T00:00:00Z
source MITRE
title Russia-Linked Hackers Target Diplomatic Entities in Central Asia

U.S. Federal Bureau of Investigation 2 27 2024

U.S. Federal Bureau of Investigation. (2024, February 27). Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations. Retrieved February 28, 2024.

Internal MISP references

UUID 962fb031-dfd1-43a7-8202-3a2231b0472b which can be used as unique global reference for U.S. Federal Bureau of Investigation 2 27 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-28T00:00:00Z
date_published 2024-02-27T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations

U.S. CISA SVR TeamCity Exploits December 2023

Cybersecurity and Infrastructure Security Agency. (2023, December 13). Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally. Retrieved December 14, 2023.

Internal MISP references

UUID 5f66f864-58c2-4b41-8011-61f954e04b7e which can be used as unique global reference for U.S. CISA SVR TeamCity Exploits December 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-14T00:00:00Z
date_published 2023-12-13T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally

U.S. CISA Star Blizzard December 2023

Cybersecurity and Infrastructure Security Agency. (2023, December 7). Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns. Retrieved December 14, 2023.

Internal MISP references

UUID 3d53c154-8ced-4dbe-ab4e-db3bc15bfe4b which can be used as unique global reference for U.S. CISA Star Blizzard December 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-14T00:00:00Z
date_published 2023-12-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns

NSA/FBI Drovorub August 2020

NSA/FBI. (2020, August). Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware. Retrieved August 25, 2020.

Internal MISP references

UUID d697a342-4100-4e6b-95b9-4ae3ba80924b which can be used as unique global reference for NSA/FBI Drovorub August 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-25T00:00:00Z
date_published 2020-08-01T00:00:00Z
source MITRE
title Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware

Cybersecurity Advisory GRU Brute Force Campaign July 2021

NSA, CISA, FBI, NCSC. (2021, July). Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments. Retrieved July 26, 2021.

Internal MISP references

UUID e70f0742-5f3e-4701-a46b-4a58c0281537 which can be used as unique global reference for Cybersecurity Advisory GRU Brute Force Campaign July 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-07-26T00:00:00Z
date_published 2021-07-01T00:00:00Z
source MITRE, Tidal Cyber
title Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments

BleepingComputer Ebury March 2017

Cimpanu, C.. (2017, March 29). Russian Hacker Pleads Guilty for Role in Infamous Linux Ebury Malware. Retrieved April 23, 2019.

Internal MISP references

UUID e5d69297-b0f3-4586-9eb7-d2922b3ee7bb which can be used as unique global reference for BleepingComputer Ebury March 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-23T00:00:00Z
date_published 2017-03-29T00:00:00Z
source MITRE
title Russian Hacker Pleads Guilty for Role in Infamous Linux Ebury Malware

Russian 2FA Push Annoyance - Cimpanu

Catalin Cimpanu. (2021, December 9). Russian hackers bypass 2FA by annoying victims with repeated push notifications. Retrieved March 31, 2022.

Internal MISP references

UUID ad2b0648-b657-4daa-9510-82375a252fc4 which can be used as unique global reference for Russian 2FA Push Annoyance - Cimpanu in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-31T00:00:00Z
date_published 2021-12-09T00:00:00Z
source MITRE
title Russian hackers bypass 2FA by annoying victims with repeated push notifications

Unit42 Redaman January 2019

Duncan, B., Harbison, M. (2019, January 23). Russian Language Malspam Pushing Redaman Banking Malware. Retrieved June 16, 2020.

Internal MISP references

UUID 433cd55a-f912-4d5a-aff6-92133d08267b which can be used as unique global reference for Unit42 Redaman January 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-16T00:00:00Z
date_published 2019-01-23T00:00:00Z
source MITRE
title Russian Language Malspam Pushing Redaman Banking Malware

Russians Exploit Default MFA Protocol - CISA March 2022

Cyber Security Infrastructure Agency. (2022, March 15). Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. Retrieved May 31, 2022.

Internal MISP references

UUID 00c6ff88-6eeb-486d-ae69-dffd5aebafe6 which can be used as unique global reference for Russians Exploit Default MFA Protocol - CISA March 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-31T00:00:00Z
date_published 2022-03-15T00:00:00Z
source MITRE
title Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability

CISA MFA PrintNightmare

Cybersecurity and Infrastructure Security Agency. (2022, March 15). Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. Retrieved March 16, 2022.

Internal MISP references

UUID fa03324e-c79c-422e-80f1-c270fd87d4e2 which can be used as unique global reference for CISA MFA PrintNightmare in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-16T00:00:00Z
date_published 2022-03-15T00:00:00Z
source MITRE
title Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability

US-CERT TA18-106A Network Infrastructure Devices 2018

US-CERT. (2018, April 20). Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices. Retrieved October 19, 2020.

Internal MISP references

UUID 8fdf280d-680f-4b8f-8fb9-6b3118ec3983 which can be used as unique global reference for US-CERT TA18-106A Network Infrastructure Devices 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
date_published 2018-04-20T00:00:00Z
source MITRE
title Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices

alert_TA18_106A

CISA. (2018, April 20). Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices. Retrieved February 14, 2022.

Internal MISP references

UUID 26b520dc-5c68-40f4-82fb-366d27fc0c2f which can be used as unique global reference for alert_TA18_106A in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-14T00:00:00Z
date_published 2018-04-20T00:00:00Z
source MITRE
title Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices

UK GOV FSB Factsheet April 2022

UK Gov. (2022, April 5). Russia's FSB malign activity: factsheet. Retrieved April 5, 2022.

Internal MISP references

UUID 27e7d347-9d85-4897-9e04-33f58acc5687 which can be used as unique global reference for UK GOV FSB Factsheet April 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-05T00:00:00Z
date_published 2022-04-05T00:00:00Z
source MITRE
title Russia's FSB malign activity: factsheet

Unit 42 Gamaredon February 2022

Unit 42. (2022, February 3). Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine. Retrieved February 21, 2022.

Internal MISP references

UUID a5df39b2-77f8-4814-8198-8620655aa79b which can be used as unique global reference for Unit 42 Gamaredon February 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-21T00:00:00Z
date_published 2022-02-03T00:00:00Z
source MITRE
title Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine

Wired Russia Cyberwar

Greenberg, A. (2022, November 10). Russia’s New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless. Retrieved March 22, 2023.

Internal MISP references

UUID 28c53a97-5500-5bfb-8aac-3c0bf94c2dfe which can be used as unique global reference for Wired Russia Cyberwar in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-22T00:00:00Z
date_published 2022-11-10T00:00:00Z
source MITRE
title Russia’s New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless

RyanW3stman Tweet October 10 2023

RyanW3stman. (2023, October 10). RyanW3stman Tweet October 10 2023. Retrieved October 10, 2023.

Internal MISP references

UUID cfd0ad64-54b2-446f-9624-9c90a9a94f52 which can be used as unique global reference for RyanW3stman Tweet October 10 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-10T00:00:00Z
date_published 2023-10-10T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title RyanW3stman Tweet October 10 2023

Ryte Wiki

Ryte Wiki. (n.d.). Retrieved March 5, 2024.

Internal MISP references

UUID 51b4932e-f85a-5483-8bf8-48de9c85782d which can be used as unique global reference for Ryte Wiki in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-05T00:00:00Z
source MITRE
title Ryte Wiki

DFIR Ryuk in 5 Hours October 2020

The DFIR Report. (2020, October 18). Ryuk in 5 Hours. Retrieved October 19, 2020.

Internal MISP references

UUID 892150f4-769d-447d-b652-e5d85790ee37 which can be used as unique global reference for DFIR Ryuk in 5 Hours October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
date_published 2020-10-18T00:00:00Z
source MITRE
title Ryuk in 5 Hours

ANSSI RYUK RANSOMWARE

ANSSI. (2021, February 25). RYUK RANSOMWARE. Retrieved March 29, 2021.

Internal MISP references

UUID 0a23be83-3438-4437-9e51-0cfa16a00d57 which can be used as unique global reference for ANSSI RYUK RANSOMWARE in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-29T00:00:00Z
date_published 2021-02-25T00:00:00Z
source MITRE
title RYUK RANSOMWARE

Bleeping Computer - Ryuk WoL

Abrams, L. (2021, January 14). Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices. Retrieved February 11, 2021.

Internal MISP references

UUID f6670b73-4d57-4aad-8264-1d42d585e280 which can be used as unique global reference for Bleeping Computer - Ryuk WoL in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-11T00:00:00Z
date_published 2021-01-14T00:00:00Z
source MITRE
title Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices

DFIR Ryuk 2 Hour Speed Run November 2020

The DFIR Report. (2020, November 5). Ryuk Speed Run, 2 Hours to Ransom. Retrieved November 6, 2020.

Internal MISP references

UUID 3b904516-3b26-4caa-8814-6e69b76a7c8c which can be used as unique global reference for DFIR Ryuk 2 Hour Speed Run November 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-06T00:00:00Z
date_published 2020-11-05T00:00:00Z
source MITRE
title Ryuk Speed Run, 2 Hours to Ransom

DFIR Ryuk's Return October 2020

The DFIR Report. (2020, October 8). Ryuk’s Return. Retrieved October 9, 2020.

Internal MISP references

UUID eba1dafb-ff62-4d34-b268-3b9ba6a7a822 which can be used as unique global reference for DFIR Ryuk's Return October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-09T00:00:00Z
date_published 2020-10-08T00:00:00Z
source MITRE
title Ryuk’s Return

Rhino S3 Ransomware Part 1

Gietzen, S. (n.d.). S3 Ransomware Part 1: Attack Vector. Retrieved April 14, 2021.

Internal MISP references

UUID bb28711f-186d-4101-b153-6340ce826343 which can be used as unique global reference for Rhino S3 Ransomware Part 1 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-14T00:00:00Z
source MITRE
title S3 Ransomware Part 1: Attack Vector

Rhino S3 Ransomware Part 2

Gietzen, S. (n.d.). S3 Ransomware Part 2: Prevention and Defense. Retrieved April 14, 2021.

Internal MISP references

UUID a2b3e738-257c-4078-9fde-d55b08c8003b which can be used as unique global reference for Rhino S3 Ransomware Part 2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-14T00:00:00Z
source MITRE
title S3 Ransomware Part 2: Prevention and Defense

S3Recon GitHub

Travis Clarke. (2020, March 21). S3Recon GitHub. Retrieved March 4, 2022.

Internal MISP references

UUID 803c51be-a54e-4fab-8ea0-c6bef18e84d3 which can be used as unique global reference for S3Recon GitHub in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-04T00:00:00Z
date_published 2020-03-21T00:00:00Z
source MITRE
title S3Recon GitHub

Dell Sakula

Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, July 30). Sakula Malware Family. Retrieved January 26, 2016.

Internal MISP references

UUID e9a2ffd8-7aed-4343-8678-66fc3e758d19 which can be used as unique global reference for Dell Sakula in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-26T00:00:00Z
date_published 2015-07-30T00:00:00Z
source MITRE
title Sakula Malware Family

Wine API samlib.dll

Wine API. (n.d.). samlib.dll. Retrieved December 4, 2017.

Internal MISP references

UUID d0fdc669-959c-42ed-be5d-386a4e90a897 which can be used as unique global reference for Wine API samlib.dll in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-04T00:00:00Z
source MITRE
title samlib.dll

Sophos SamSam Apr 2018

Palotay, D. and Mackenzie, P. (2018, April). SamSam Ransomware Chooses Its Targets Carefully. Retrieved April 15, 2019.

Internal MISP references

UUID 4da5e9c3-7205-4a6e-b147-be7c971380f0 which can be used as unique global reference for Sophos SamSam Apr 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-15T00:00:00Z
date_published 2018-04-01T00:00:00Z
source MITRE
title SamSam Ransomware Chooses Its Targets Carefully

Symantec SamSam Oct 2018

Symantec Security Response Attack Investigation Team. (2018, October 30). SamSam: Targeted Ransomware Attacks Continue. Retrieved April 16, 2019.

Internal MISP references

UUID c5022a91-bdf4-4187-9967-dfe6362219ea which can be used as unique global reference for Symantec SamSam Oct 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-16T00:00:00Z
date_published 2018-10-30T00:00:00Z
source MITRE
title SamSam: Targeted Ransomware Attacks Continue

Talos SamSam Jan 2018

Ventura, V. (2018, January 22). SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks. Retrieved April 16, 2019.

Internal MISP references

UUID 0965bb64-be96-46b9-b60f-6829c43a661f which can be used as unique global reference for Talos SamSam Jan 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-16T00:00:00Z
date_published 2018-01-22T00:00:00Z
source MITRE
title SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks

NSA Sandworm 2020

National Security Agency. (2020, March 28). Sandworm Actors Exploiting Vulnerability In EXIM Mail Transfer Agent. Retrieved March 1, 2024.

Internal MISP references

UUID 5135c600-b2a6-59e7-9023-8e293736f8de which can be used as unique global reference for NSA Sandworm 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-01T00:00:00Z
date_published 2020-03-28T00:00:00Z
source MITRE
title Sandworm Actors Exploiting Vulnerability In EXIM Mail Transfer Agent

Mandiant Sandworm November 9 2023

Ken Proska, John Wolfram, Jared Wilson, Dan Black, Keith Lunden, Daniel Kapellmann Zafra, Nathan Brubaker, Tyler McLellan, Chris Sistrunk. (2023, November 9). Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology. Retrieved April 17, 2024.

Internal MISP references

UUID e35f005d-a3cd-4733-88ac-92bbf46e2c8a which can be used as unique global reference for Mandiant Sandworm November 9 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-17T00:00:00Z
date_published 2023-11-09T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology

Mandiant-Sandworm-Ukraine-2022

Ken Proska, John Wolfram, Jared Wilson, Dan Black, Keith Lunden, Daniel Kapellmann Zafra, Nathan Brubaker, Tyler Mclellan, Chris Sistrunk. (2023, November 9). Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology. Retrieved March 28, 2024.

Internal MISP references

UUID 7ad64744-2790-54e4-97cd-e412423f6ada which can be used as unique global reference for Mandiant-Sandworm-Ukraine-2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-28T00:00:00Z
date_published 2023-11-09T00:00:00Z
source MITRE
title Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology

ANSSI Sandworm January 2021

ANSSI. (2021, January 27). SANDWORM INTRUSION SET CAMPAIGN TARGETING CENTREON SYSTEMS. Retrieved March 30, 2021.

Internal MISP references

UUID 5e619fef-180a-46d4-8bf5-998860b5ad7e which can be used as unique global reference for ANSSI Sandworm January 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-30T00:00:00Z
date_published 2021-01-27T00:00:00Z
source MITRE
title SANDWORM INTRUSION SET CAMPAIGN TARGETING CENTREON SYSTEMS

iSIGHT Sandworm 2014

Hultquist, J.. (2016, January 7). Sandworm Team and the Ukrainian Power Authority Attacks. Retrieved October 6, 2017.

Internal MISP references

UUID 63622990-5467-42b2-8f45-b675dfc4dc8f which can be used as unique global reference for iSIGHT Sandworm 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-10-06T00:00:00Z
date_published 2016-01-07T00:00:00Z
source MITRE
title Sandworm Team and the Ukrainian Power Authority Attacks

DOJ - Cisco Insider

DOJ. (2020, August 26). San Jose Man Pleads Guilty To Damaging Cisco’s Network. Retrieved December 15, 2020.

Internal MISP references

UUID b8d9006d-7466-49cf-a70e-384edee530ce which can be used as unique global reference for DOJ - Cisco Insider in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-15T00:00:00Z
date_published 2020-08-26T00:00:00Z
source MITRE
title San Jose Man Pleads Guilty To Damaging Cisco’s Network

SANS 1

Joshua Wright. (2020, October 13). Retrieved March 22, 2024.

Internal MISP references

UUID 6fb8f825-5f77-501a-8277-22a5f551d13a which can be used as unique global reference for SANS 1 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-22T00:00:00Z
source MITRE
title SANS 1

SANS 2

Joshua Wright. (2020, October 14). Retrieved March 22, 2024.

Internal MISP references

UUID 2a4c41f3-473f-516f-8c68-b771f7c3dfcb which can be used as unique global reference for SANS 2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-22T00:00:00Z
source MITRE
title SANS 2

ATT ScanBox

Blasco, J. (2014, August 28). Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks. Retrieved October 19, 2020.

Internal MISP references

UUID 48753fc9-b7b7-465f-92a7-fb3f51b032cb which can be used as unique global reference for ATT ScanBox in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
date_published 2014-08-28T00:00:00Z
source MITRE
title Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks

Mandiant SCANdalous Jul 2020

Stephens, A. (2020, July 13). SCANdalous! (External Detection Using Network Scan Data and Automation). Retrieved October 12, 2021.

Internal MISP references

UUID 3a60f7de-9ead-444e-9d08-689c655b26c7 which can be used as unique global reference for Mandiant SCANdalous Jul 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-12T00:00:00Z
date_published 2020-07-13T00:00:00Z
source MITRE
title SCANdalous! (External Detection Using Network Scan Data and Automation)

Securelist ScarCruft May 2019

GReAT. (2019, May 13). ScarCruft continues to evolve, introduces Bluetooth harvester. Retrieved June 4, 2019.

Internal MISP references

UUID 2dd5b872-a4ab-4b77-8457-a3d947298fc0 which can be used as unique global reference for Securelist ScarCruft May 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-04T00:00:00Z
date_published 2019-05-13T00:00:00Z
source MITRE
title ScarCruft continues to evolve, introduces Bluetooth harvester

Sysdig ScarletEel 2.0 2023

Alessandro Brucato. (2023, July 11). SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto. Retrieved September 25, 2023.

Internal MISP references

UUID 285266e7-7a62-5f98-9b0f-fefde4b21c88 which can be used as unique global reference for Sysdig ScarletEel 2.0 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-25T00:00:00Z
date_published 2023-07-11T00:00:00Z
source MITRE
title SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto

Sysdig ScarletEel 2.0

SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto. (2023, July 11). SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto. Retrieved July 12, 2023.

Internal MISP references

UUID 90e60242-82d8-5648-b7e4-def6fd508e16 which can be used as unique global reference for Sysdig ScarletEel 2.0 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-12T00:00:00Z
date_published 2023-07-11T00:00:00Z
source MITRE
title SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto

Sysdig Scarleteel February 28 2023

Alberto Pellitteri. (2023, February 28). SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft. Retrieved February 2, 2023.

Internal MISP references

UUID 18931f81-51bf-44af-9573-512ccb66c238 which can be used as unique global reference for Sysdig Scarleteel February 28 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-02T00:00:00Z
date_published 2023-02-28T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft

Scarlet Mimic Jan 2016

Falcone, R. and Miller-Osborn, J.. (2016, January 24). Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists. Retrieved February 10, 2016.

Internal MISP references

UUID f84a5b6d-3af1-45b1-ac55-69ceced8735f which can be used as unique global reference for Scarlet Mimic Jan 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-02-10T00:00:00Z
date_published 2016-01-24T00:00:00Z
source MITRE, Tidal Cyber
title Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists

U.S. CISA Scattered Spider November 16 2023

Cybersecurity and Infrastructure Security Agency. (2023, November 16). Scattered Spider. Retrieved November 16, 2023.

Internal MISP references

UUID 9c242265-c28c-4580-8e6a-478d8700b092 which can be used as unique global reference for U.S. CISA Scattered Spider November 16 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-16T00:00:00Z
date_published 2023-11-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Scattered Spider

CrowdStrike Scattered Spider Profile

CrowdStrike. (n.d.). Scattered Spider. Retrieved July 5, 2023.

Internal MISP references

UUID a865a984-7f7b-5f82-ac4a-6fac79a2a753 which can be used as unique global reference for CrowdStrike Scattered Spider Profile in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-05T00:00:00Z
source MITRE
title Scattered Spider

CrowdStrike Scattered Spider BYOVD January 2023

CrowdStrike. (2023, January 10). SCATTERED SPIDER Exploits Windows Security Deficiencies with Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security. Retrieved July 5, 2023.

Internal MISP references

UUID d7d86f5d-1f02-54b0-b6f4-879878563245 which can be used as unique global reference for CrowdStrike Scattered Spider BYOVD January 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-05T00:00:00Z
date_published 2023-01-10T00:00:00Z
source MITRE
title SCATTERED SPIDER Exploits Windows Security Deficiencies with Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security

Trellix Scattered Spider MO August 2023

Trellix et. al.. (2023, August 17). Scattered Spider: The Modus Operandi. Retrieved March 18, 2024.

Internal MISP references

UUID 0041bf10-e26f-59e8-a212-6b1687aafb79 which can be used as unique global reference for Trellix Scattered Spider MO August 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-18T00:00:00Z
date_published 2023-08-17T00:00:00Z
source MITRE
title Scattered Spider: The Modus Operandi

Sc.exe - LOLBAS Project

LOLBAS. (2018, May 25). Sc.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 5ce3ef73-f789-4939-a60e-e0a373048bda which can be used as unique global reference for Sc.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Sc.exe

TechNet Forum Scheduled Task Operational Setting

Satyajit321. (2015, November 3). Scheduled Tasks History Retention settings. Retrieved December 12, 2017.

Internal MISP references

UUID 63e53238-30b5-46ef-8083-7d2888b01561 which can be used as unique global reference for TechNet Forum Scheduled Task Operational Setting in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-12T00:00:00Z
date_published 2015-11-03T00:00:00Z
source MITRE
title Scheduled Tasks History Retention settings

Kifarunix - Task Scheduling in Linux

Koromicha. (2019, September 7). Scheduling tasks using at command in Linux. Retrieved December 3, 2019.

Internal MISP references

UUID dbab6766-ab87-4528-97e5-cc3121aa77b9 which can be used as unique global reference for Kifarunix - Task Scheduling in Linux in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-12-03T00:00:00Z
date_published 2019-09-07T00:00:00Z
source MITRE
title Scheduling tasks using at command in Linux

TechNet Schtasks

Microsoft. (n.d.). Schtasks. Retrieved April 28, 2016.

Internal MISP references

UUID 17c03e27-222d-41b5-9fa2-34f0939e5371 which can be used as unique global reference for TechNet Schtasks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-28T00:00:00Z
source MITRE
title Schtasks

Schtasks.exe - LOLBAS Project

LOLBAS. (2018, May 25). Schtasks.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 2ef31677-b7ec-4200-a342-7c9196e1aa58 which can be used as unique global reference for Schtasks.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Schtasks.exe

Secplicity Rhysida May 23 2023

Ryan Estes. (2023, May 23). Scratching the Surface of Rhysida Ransomware. Retrieved August 11, 2023.

Internal MISP references

UUID 1b73bfb6-376e-4252-b3a1-9b6cf5ccaaf3 which can be used as unique global reference for Secplicity Rhysida May 23 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-11T00:00:00Z
date_published 2023-05-23T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Scratching the Surface of Rhysida Ransomware

Wikipedia Screensaver

Wikipedia. (2017, November 22). Screensaver. Retrieved December 5, 2017.

Internal MISP references

UUID b5d69465-27df-4acc-b6cc-f51be8780b7b which can be used as unique global reference for Wikipedia Screensaver in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-05T00:00:00Z
date_published 2017-11-22T00:00:00Z
source MITRE
title Screensaver

CobaltStrike Scripted Web Delivery

Strategic Cyber, LLC. (n.d.). Scripted Web Delivery. Retrieved January 23, 2018.

Internal MISP references

UUID 89ed4c93-b69d-4eed-8212-cd2ebee08bcb which can be used as unique global reference for CobaltStrike Scripted Web Delivery in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-23T00:00:00Z
source MITRE
title Scripted Web Delivery

Cobalt Strike DCOM Jan 2017

Mudge, R. (2017, January 24). Scripting Matt Nelson’s MMC20.Application Lateral Movement Technique. Retrieved November 21, 2017.

Internal MISP references

UUID ccafe7af-fbb3-4478-9035-f588e5e3c8b8 which can be used as unique global reference for Cobalt Strike DCOM Jan 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-21T00:00:00Z
date_published 2017-01-24T00:00:00Z
source MITRE
title Scripting Matt Nelson’s MMC20.Application Lateral Movement Technique

Scriptrunner.exe - LOLBAS Project

LOLBAS. (2018, May 25). Scriptrunner.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 805d16cc-8bd0-4f80-b0ac-c5b5df51427c which can be used as unique global reference for Scriptrunner.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Scriptrunner.exe

Scrobj.dll - LOLBAS Project

LOLBAS. (2021, January 7). Scrobj.dll. Retrieved December 4, 2023.

Internal MISP references

UUID c50ff71f-c742-4d63-a18e-e1ce41d55193 which can be used as unique global reference for Scrobj.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-01-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Scrobj.dll

Microsoft SDelete July 2016

Russinovich, M. (2016, July 4). SDelete v2.0. Retrieved February 8, 2018.

Internal MISP references

UUID 356c7d49-5abc-4566-9657-5ce58cf7be67 which can be used as unique global reference for Microsoft SDelete July 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-08T00:00:00Z
date_published 2016-07-04T00:00:00Z
source MITRE
title SDelete v2.0

Sean Metcalf Twitter DNS Records

Sean Metcalf. (2019, May 9). Sean Metcalf Twitter. Retrieved May 27, 2022.

Internal MISP references

UUID c7482430-58f9-4365-a7c6-d17067b257e4 which can be used as unique global reference for Sean Metcalf Twitter DNS Records in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-27T00:00:00Z
date_published 2019-05-09T00:00:00Z
source MITRE
title Sean Metcalf Twitter

Amazon. (n.d.). Search CloudTrail logs for API calls to EC2 Instances. Retrieved June 17, 2020.

Internal MISP references

UUID 636b933d-8953-4579-980d-227527dfcc94 which can be used as unique global reference for AWS CloudTrail Search in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-17T00:00:00Z
source MITRE
title Search CloudTrail logs for API calls to EC2 Instances

Group IB Cobalt Aug 2017

Matveeva, V. (2017, August 15). Secrets of Cobalt. Retrieved October 10, 2018.

Internal MISP references

UUID 2d9ef1de-2ee6-4500-a87d-b55f83e65900 which can be used as unique global reference for Group IB Cobalt Aug 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-10-10T00:00:00Z
date_published 2017-08-15T00:00:00Z
source MITRE
title Secrets of Cobalt

GitHub SHB Credential Guard

NSA IAD. (2017, April 20). Secure Host Baseline - Credential Guard. Retrieved April 25, 2017.

Internal MISP references

UUID 11bb1f9b-53c1-4738-ab66-56522f228743 which can be used as unique global reference for GitHub SHB Credential Guard in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-04-25T00:00:00Z
date_published 2017-04-20T00:00:00Z
source MITRE
title Secure Host Baseline - Credential Guard

Secure Host Baseline EMET

National Security Agency. (2016, May 4). Secure Host Baseline EMET. Retrieved June 22, 2016.

Internal MISP references

UUID 00953d3e-5fe7-454a-8d01-6405f74cca80 which can be used as unique global reference for Secure Host Baseline EMET in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-22T00:00:00Z
date_published 2016-05-04T00:00:00Z
source MITRE
title Secure Host Baseline EMET

TechNet Secure Boot Process

Microsoft. (n.d.). Secure the Windows 10 boot process. Retrieved April 23, 2020.

Internal MISP references

UUID 3f0ff65d-56a0-4c29-b561-e6342b0b6b65 which can be used as unique global reference for TechNet Secure Boot Process in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-04-23T00:00:00Z
source MITRE
title Secure the Windows 10 boot process

Securing bash history

Mathew Branwell. (2012, March 21). Securing .bash_history file. Retrieved July 8, 2017.

Internal MISP references

UUID 15280399-e9c8-432c-8ee2-47ced9377378 which can be used as unique global reference for Securing bash history in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-08T00:00:00Z
date_published 2012-03-21T00:00:00Z
source MITRE
title Securing .bash_history file

Microsoft Securing Privileged Access

Plett, C., Poggemeyer, L. (12, October 26). Securing Privileged Access Reference Material. Retrieved April 25, 2017.

Internal MISP references

UUID 716844d6-a6ed-41d4-9067-3822ed32828f which can be used as unique global reference for Microsoft Securing Privileged Access in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-04-25T00:00:00Z
date_published 2026-10-12T00:00:00Z
source MITRE
title Securing Privileged Access Reference Material

Berkley Secure

Berkeley Security, University of California. (n.d.). Securing Remote Desktop for System Administrators. Retrieved November 4, 2014.

Internal MISP references

UUID 98bdf25b-fbad-497f-abd2-8286d9e0479c which can be used as unique global reference for Berkley Secure in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-04T00:00:00Z
source MITRE
title Securing Remote Desktop for System Administrators

Cisco Securing SNMP

Cisco. (2006, May 10). Securing Simple Network Management Protocol. Retrieved October 19, 2020.

Internal MISP references

UUID 31de3a32-ae7a-42bf-9153-5d891651a7d1 which can be used as unique global reference for Cisco Securing SNMP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
date_published 2006-05-10T00:00:00Z
source MITRE
title Securing Simple Network Management Protocol

ADSecurity Windows Secure Baseline

Metcalf, S. (2016, October 21). Securing Windows Workstations: Developing a Secure Baseline. Retrieved November 17, 2017.

Internal MISP references

UUID 078b9848-8e5f-4750-bb90-3e110876a6a4 which can be used as unique global reference for ADSecurity Windows Secure Baseline in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-17T00:00:00Z
date_published 2016-10-21T00:00:00Z
source MITRE
title Securing Windows Workstations: Developing a Secure Baseline

Morphisec ShellTea June 2019

Gorelik, M.. (2019, June 10). SECURITY ALERT: FIN8 IS BACK IN BUSINESS, TARGETING THE HOSPITALITY INDUSTRY. Retrieved June 13, 2019.

Internal MISP references

UUID 1b6ce918-651a-480d-8305-82bccbf42e96 which can be used as unique global reference for Morphisec ShellTea June 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-13T00:00:00Z
date_published 2019-06-10T00:00:00Z
source MITRE
title SECURITY ALERT: FIN8 IS BACK IN BUSINESS, TARGETING THE HOSPITALITY INDUSTRY

Carbon Black Obfuscation Sept 2016

Tedesco, B. (2016, September 23). Security Alert Summary. Retrieved February 12, 2018.

Internal MISP references

UUID bed8ae68-9738-46fb-abc9-0004fa35636a which can be used as unique global reference for Carbon Black Obfuscation Sept 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-12T00:00:00Z
date_published 2016-09-23T00:00:00Z
source MITRE
title Security Alert Summary

Havana authentication bug

Jay Pipes. (2013, December 23). Security Breach! Tenant A is seeing the VNC Consoles of Tenant B!. Retrieved October 6, 2021.

Internal MISP references

UUID 255181c2-b1c5-4531-bc16-853f21bc6435 which can be used as unique global reference for Havana authentication bug in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-06T00:00:00Z
date_published 2013-12-23T00:00:00Z
source MITRE
title Security Breach! Tenant A is seeing the VNC Consoles of Tenant B!

Proofpoint TA450 Phishing March 2024

Miller, J. et al. (2024, March 21). Security Brief: TA450 Uses Embedded Links in PDF Attachments in Latest Campaign. Retrieved March 27, 2024.

Internal MISP references

UUID 263be6fe-d9ed-5216-a0be-e8391dbd83e6 which can be used as unique global reference for Proofpoint TA450 Phishing March 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-27T00:00:00Z
date_published 2024-03-21T00:00:00Z
source MITRE
title Security Brief: TA450 Uses Embedded Links in PDF Attachments in Latest Campaign

Microsoft Trust Considerations Nov 2014

Microsoft. (2014, November 19). Security Considerations for Trusts. Retrieved November 30, 2017.

Internal MISP references

UUID 01ddd53c-1f02-466d-abf2-43bf1ab2d3fc which can be used as unique global reference for Microsoft Trust Considerations Nov 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-30T00:00:00Z
date_published 2014-11-19T00:00:00Z
source MITRE
title Security Considerations for Trusts

AWS Sec Groups VPC

Amazon. (n.d.). Security groups for your VPC. Retrieved October 13, 2021.

Internal MISP references

UUID a5dd078b-10c7-433d-b7b5-929cf8437413 which can be used as unique global reference for AWS Sec Groups VPC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-13T00:00:00Z
source MITRE
title Security groups for your VPC

Microsoft SID

Microsoft. (n.d.). Security Identifiers. Retrieved November 30, 2017.

Internal MISP references

UUID c921c476-741e-4b49-8f94-752984adbba5 which can be used as unique global reference for Microsoft SID in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-30T00:00:00Z
source MITRE
title Security Identifiers

Schneider Electric USB Malware

Schneider Electric. (2018, August 24). Security Notification – USB Removable Media Provided With Conext Combox and Conext Battery Monitor. Retrieved May 28, 2019.

Internal MISP references

UUID e4d8ce63-8626-4c8f-a437-b6a120ff61c7 which can be used as unique global reference for Schneider Electric USB Malware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-28T00:00:00Z
date_published 2018-08-24T00:00:00Z
source MITRE
title Security Notification – USB Removable Media Provided With Conext Combox and Conext Battery Monitor

Electron 3

Alanna Titterington. (2023, September 14). Security of Electron-based desktop applications. Retrieved March 7, 2024.

Internal MISP references

UUID e3e9d747-d5d7-5d36-b5fc-9f58b1d330f3 which can be used as unique global reference for Electron 3 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-07T00:00:00Z
date_published 2023-09-14T00:00:00Z
source MITRE
title Security of Electron-based desktop applications

Apple Dev SecurityD

Apple. (n.d.). Security Server and Security Agent. Retrieved March 29, 2024.

Internal MISP references

UUID 2b63d6c7-138b-5a9b-83e0-58f3d34723da which can be used as unique global reference for Apple Dev SecurityD in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-29T00:00:00Z
source MITRE
title Security Server and Security Agent

Microsoft Security Subsystem

Microsoft. (n.d.). Security Subsystem Architecture. Retrieved November 27, 2017.

Internal MISP references

UUID 27dae010-e3b3-4080-8039-9f89a29607e6 which can be used as unique global reference for Microsoft Security Subsystem in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-27T00:00:00Z
source MITRE
title Security Subsystem Architecture

CISA IDN ST05-016

CISA. (2019, September 27). Security Tip (ST05-016): Understanding Internationalized Domain Names. Retrieved October 20, 2020.

Internal MISP references

UUID 3cc2c996-10e9-4e25-999c-21dc2c69e4af which can be used as unique global reference for CISA IDN ST05-016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2019-09-27T00:00:00Z
source MITRE
title Security Tip (ST05-016): Understanding Internationalized Domain Names

Azure AD Federation Vulnerability

Dr. Nestori Syynimaa.. (2017, November 16). Security vulnerability in Azure AD & Office 365 identity federation. Retrieved February 1, 2022.

Internal MISP references

UUID 123995be-36f5-4cd6-b80a-d601c2d0971e which can be used as unique global reference for Azure AD Federation Vulnerability in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-01T00:00:00Z
date_published 2017-11-16T00:00:00Z
source MITRE
title Security vulnerability in Azure AD & Office 365 identity federation

AADInternals zure AD Federated Domain

Dr. Nestori Syynimaa. (2017, November 16). Security vulnerability in Azure AD & Office 365 identity federation. Retrieved September 28, 2022.

Internal MISP references

UUID d2005eb6-4da4-4938-97fb-caa0e2381f4e which can be used as unique global reference for AADInternals zure AD Federated Domain in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-28T00:00:00Z
date_published 2017-11-16T00:00:00Z
source MITRE
title Security vulnerability in Azure AD & Office 365 identity federation

ESET Sednit July 2015

ESET Research. (2015, July 10). Sednit APT Group Meets Hacking Team. Retrieved March 1, 2017.

Internal MISP references

UUID e21c39ad-85e5-49b4-8df7-e8890b09c7c1 which can be used as unique global reference for ESET Sednit July 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-01T00:00:00Z
date_published 2015-07-10T00:00:00Z
source MITRE
title Sednit APT Group Meets Hacking Team

ESET Sednit USBStealer 2014

Calvet, J. (2014, November 11). Sednit Espionage Group Attacking Air-Gapped Networks. Retrieved January 4, 2017.

Internal MISP references

UUID 8673f7fc-5b23-432a-a2d8-700ece46bd0f which can be used as unique global reference for ESET Sednit USBStealer 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-01-04T00:00:00Z
date_published 2014-11-11T00:00:00Z
source MITRE
title Sednit Espionage Group Attacking Air-Gapped Networks

ESET Sednit 2017 Activity

ESET. (2017, December 21). Sednit update: How Fancy Bear Spent the Year. Retrieved February 18, 2019.

Internal MISP references

UUID 406e434e-0602-4a08-bbf6-6d72311a720e which can be used as unique global reference for ESET Sednit 2017 Activity in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-18T00:00:00Z
date_published 2017-12-21T00:00:00Z
source MITRE
title Sednit update: How Fancy Bear Spent the Year

ESET Zebrocy Nov 2018

ESET. (2018, November 20). Sednit: What’s going on with Zebrocy?. Retrieved February 12, 2019.

Internal MISP references

UUID 1e503e32-75aa-482b-81d3-ac61e806fa5c which can be used as unique global reference for ESET Zebrocy Nov 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-12T00:00:00Z
date_published 2018-11-20T00:00:00Z
source MITRE
title Sednit: What’s going on with Zebrocy?

Symantec MuddyWater Dec 2018

Symantec DeepSight Adversary Intelligence Team. (2018, December 10). Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms. Retrieved December 14, 2018.

Internal MISP references

UUID a8e58ef1-91e1-4f93-b2ff-faa7a6365f5d which can be used as unique global reference for Symantec MuddyWater Dec 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-12-14T00:00:00Z
date_published 2018-12-10T00:00:00Z
source MITRE, Tidal Cyber
title Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms

SanDisk SMART

SanDisk. (n.d.). Self-Monitoring, Analysis and Reporting Technology (S.M.A.R.T.). Retrieved October 2, 2018.

Internal MISP references

UUID 578464ff-79d4-4358-9aa6-df8d7063fee1 which can be used as unique global reference for SanDisk SMART in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
date_accessed 2018-10-02T00:00:00Z
source MITRE
title Self-Monitoring, Analysis and Reporting Technology (S.M.A.R.T.)

SELinux official

SELinux Project. (2017, November 30). SELinux Project Wiki. Retrieved December 20, 2017.

Internal MISP references

UUID 3b64ce9e-6eec-42ee-bec1-1a8b5420f01d which can be used as unique global reference for SELinux official in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 2017-11-30T00:00:00Z
source MITRE
title SELinux Project Wiki

Microsoft SendNotifyMessage function

Microsoft. (n.d.). SendNotifyMessage function. Retrieved December 16, 2017.

Internal MISP references

UUID c65b3dc8-4129-4c14-b3d1-7fdd1d39ebd5 which can be used as unique global reference for Microsoft SendNotifyMessage function in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-16T00:00:00Z
source MITRE
title SendNotifyMessage function

DFIR Report Gootloader

The DFIR Report. (2022, May 9). SEO Poisoning – A Gootloader Story. Retrieved September 30, 2022.

Internal MISP references

UUID aa12dc30-ba81-46c5-b412-ca4a01e72d7f which can be used as unique global reference for DFIR Report Gootloader in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-30T00:00:00Z
date_published 2022-05-09T00:00:00Z
source MITRE
title SEO Poisoning – A Gootloader Story

MalwareBytes SEO

Arntz, P. (2018, May 29). SEO poisoning: Is it worth it?. Retrieved September 30, 2022.

Internal MISP references

UUID 250b09a2-dd97-4fbf-af2f-618d1f126957 which can be used as unique global reference for MalwareBytes SEO in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-30T00:00:00Z
date_published 2018-05-29T00:00:00Z
source MITRE
title SEO poisoning: Is it worth it?

Sophos Attachment

Ducklin, P. (2020, October 2). Serious Security: Phishing without links – when phishers bring along their own web pages. Retrieved October 20, 2020.

Internal MISP references

UUID b4aa5bf9-31db-42ee-93e8-a576ecc00b57 which can be used as unique global reference for Sophos Attachment in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2020-10-02T00:00:00Z
source MITRE
title Serious Security: Phishing without links – when phishers bring along their own web pages

ProofPoint Serpent

Campbell, B. et al. (2022, March 21). Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain. Retrieved April 11, 2022.

Internal MISP references

UUID c2f7958b-f521-4133-9aeb-c5c8fae23e78 which can be used as unique global reference for ProofPoint Serpent in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-11T00:00:00Z
date_published 2022-03-21T00:00:00Z
source MITRE
title Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain

Wikipedia SMB

Wikipedia. (2016, June 12). Server Message Block. Retrieved June 12, 2016.

Internal MISP references

UUID 087b4779-22d5-4872-adb7-583904a92285 which can be used as unique global reference for Wikipedia SMB in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-12T00:00:00Z
date_published 2016-06-12T00:00:00Z
source MITRE
title Server Message Block

Wikipedia Server Message Block

Wikipedia. (2017, December 16). Server Message Block. Retrieved December 21, 2017.

Internal MISP references

UUID 3ea03c65-12e0-4e28-bbdc-17bb8c1e1831 which can be used as unique global reference for Wikipedia Server Message Block in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-21T00:00:00Z
date_published 2017-12-16T00:00:00Z
source MITRE
title Server Message Block

Proofpoint TA505 Jan 2019

Schwarz, D. and Proofpoint Staff. (2019, January 9). ServHelper and FlawedGrace - New malware introduced by TA505. Retrieved May 28, 2019.

Internal MISP references

UUID b744f739-8810-4fb9-96e3-6488f9ed6305 which can be used as unique global reference for Proofpoint TA505 Jan 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-28T00:00:00Z
date_published 2019-01-09T00:00:00Z
source MITRE
title ServHelper and FlawedGrace - New malware introduced by TA505

Kubernetes Service Accounts Security

Kubernetes. (n.d.). Service Accounts. Retrieved July 14, 2023.

Internal MISP references

UUID 522eaa6b-0075-5346-bf3c-db1e7820aba2 which can be used as unique global reference for Kubernetes Service Accounts Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-14T00:00:00Z
source MITRE
title Service Accounts

GCP Service Accounts

Google. (n.d.). Service Accounts Overview. Retrieved February 28, 2024.

Internal MISP references

UUID 7409c7d3-97a0-5f17-9061-cdaf41274647 which can be used as unique global reference for GCP Service Accounts in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-28T00:00:00Z
source MITRE
title Service Accounts Overview

Microsoft Service Control Manager

Microsoft. (2018, May 31). Service Control Manager. Retrieved March 28, 2020.

Internal MISP references

UUID 00d22c6d-a51a-4107-bf75-53ec3330db92 which can be used as unique global reference for Microsoft Service Control Manager in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-28T00:00:00Z
date_published 2018-05-31T00:00:00Z
source MITRE
title Service Control Manager

Rapid7 Service Persistence 22JUNE2016

Rapid7. (2016, June 22). Service Persistence. Retrieved April 23, 2019.

Internal MISP references

UUID 75441af3-2ff6-42c8-b7f1-c8dc2c27efe2 which can be used as unique global reference for Rapid7 Service Persistence 22JUNE2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-23T00:00:00Z
date_published 2016-06-22T00:00:00Z
source MITRE
title Service Persistence

Microsoft SPN

Microsoft. (n.d.). Service Principal Names. Retrieved March 22, 2018.

Internal MISP references

UUID 985ad31b-c385-473d-978d-40b6cd85268a which can be used as unique global reference for Microsoft SPN in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-22T00:00:00Z
source MITRE
title Service Principal Names

Microsoft SetSPN

Microsoft. (2010, April 13). Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe). Retrieved March 22, 2018.

Internal MISP references

UUID dd5dc432-32de-4bf3-b2c7-0bbdda031dd0 which can be used as unique global reference for Microsoft SetSPN in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-22T00:00:00Z
date_published 2010-04-13T00:00:00Z
source MITRE
title Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe)

Twitter Service Recovery Nov 2017

The Cyber (@r0wdy_). (2017, November 30). Service Recovery Parameters. Retrieved April 9, 2018.

Internal MISP references

UUID 8875ff5d-65bc-402a-bfe0-32adc10fb008 which can be used as unique global reference for Twitter Service Recovery Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-09T00:00:00Z
date_published 2017-11-30T00:00:00Z
source MITRE
title Service Recovery Parameters

Tweet Registry Perms Weakness

@r0wdy_. (2017, November 30). Service Recovery Parameters. Retrieved April 9, 2018.

Internal MISP references

UUID 7757776d-b0e9-4a99-8a55-2cd1b248c4a0 which can be used as unique global reference for Tweet Registry Perms Weakness in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-09T00:00:00Z
date_published 2017-11-30T00:00:00Z
source MITRE
title Service Recovery Parameters

TechNet Services

Microsoft. (n.d.). Services. Retrieved June 7, 2016.

Internal MISP references

UUID b50a3c2e-e997-4af5-8be0-3a8b3a959827 which can be used as unique global reference for TechNet Services in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-07T00:00:00Z
source MITRE
title Services

Krebs Access Brokers Fortune 500

Brian Krebs. (2012, October 22). Service Sells Access to Fortune 500 Firms. Retrieved March 10, 2023.

Internal MISP references

UUID 37d237ae-f0a8-5b30-8f97-d751c1560391 which can be used as unique global reference for Krebs Access Brokers Fortune 500 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-10T00:00:00Z
date_published 2012-10-22T00:00:00Z
source MITRE
title Service Sells Access to Fortune 500 Firms

Session Management Cheat Sheet

OWASP CheatSheets Series Team. (n.d.). Session Management Cheat Sheet. Retrieved December 26, 2023.

Internal MISP references

UUID 8b979a57-8238-5a68-bb0f-0301fa1b6432 which can be used as unique global reference for Session Management Cheat Sheet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-26T00:00:00Z
source MITRE
title Session Management Cheat Sheet

Medium Authentication Tokens

Hsu, S. (2018, June 30). Session vs Token Based Authentication. Retrieved September 29, 2021.

Internal MISP references

UUID 08b5165c-1c98-4ebc-9f9f-778115e9e06d which can be used as unique global reference for Medium Authentication Tokens in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
date_published 2018-06-30T00:00:00Z
source MITRE
title Session vs Token Based Authentication

Microsoft Set-InboxRule

Microsoft. (n.d.). Set-InboxRule. Retrieved June 7, 2021.

Internal MISP references

UUID 28cc6142-cc4f-4e63-bcff-94347bc06b37 which can be used as unique global reference for Microsoft Set-InboxRule in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-07T00:00:00Z
source MITRE
title Set-InboxRule

Setres.exe - LOLBAS Project

LOLBAS. (2022, October 21). Setres.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 631de0bd-d536-4183-bc5a-25af83bd795a which can be used as unique global reference for Setres.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-10-21T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Setres.exe

Microsoft Process Wide Com Keys

Microsoft. (n.d.). Setting Process-Wide Security Through the Registry. Retrieved November 21, 2017.

Internal MISP references

UUID 749d83a9-3c9f-42f4-b5ed-fa775b079716 which can be used as unique global reference for Microsoft Process Wide Com Keys in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-21T00:00:00Z
source MITRE
title Setting Process-Wide Security Through the Registry

SettingSyncHost.exe - LOLBAS Project

LOLBAS. (2021, August 26). SettingSyncHost.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 57f573f2-1c9b-4037-8f4d-9ae65d13af94 which can be used as unique global reference for SettingSyncHost.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-08-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title SettingSyncHost.exe

Petri Logon Script AD

Daniel Petri. (2009, January 8). Setting up a Logon Script through Active Directory Users and Computers in Windows Server 2008. Retrieved November 15, 2019.

Internal MISP references

UUID 1de42b0a-3dd6-4f75-bcf3-a2373e349a39 which can be used as unique global reference for Petri Logon Script AD in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-11-15T00:00:00Z
date_published 2009-01-08T00:00:00Z
source MITRE
title Setting up a Logon Script through Active Directory Users and Computers in Windows Server 2008

AWS Setting Up Run Command

AWS. (n.d.). Setting up Run Command. Retrieved March 13, 2023.

Internal MISP references

UUID 9d320336-5be4-5c20-8205-a139376fe648 which can be used as unique global reference for AWS Setting Up Run Command in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-13T00:00:00Z
source MITRE
title Setting up Run Command

VNC Authentication

Tegan. (2019, August 15). Setting up System Authentication. Retrieved September 20, 2021.

Internal MISP references

UUID de6e1202-19aa-41af-8446-521abc20200d which can be used as unique global reference for VNC Authentication in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-20T00:00:00Z
date_published 2019-08-15T00:00:00Z
source MITRE
title Setting up System Authentication

MacOS VNC software for Remote Desktop

Apple Support. (n.d.). Set up a computer running VNC software for Remote Desktop. Retrieved August 18, 2021.

Internal MISP references

UUID c1f7fb59-6e61-4a7f-b14d-a3d1d3da45af which can be used as unique global reference for MacOS VNC software for Remote Desktop in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-18T00:00:00Z
source MITRE
title Set up a computer running VNC software for Remote Desktop

Setupapi.dll - LOLBAS Project

LOLBAS. (2018, May 25). Setupapi.dll. Retrieved December 4, 2023.

Internal MISP references

UUID 1a8a1434-fc4a-4c3e-9a9b-fb91692d7efd which can be used as unique global reference for Setupapi.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Setupapi.dll

Microsoft Service Recovery Feb 2013

Microsoft. (2013, February 22). Set up Recovery Actions to Take Place When a Service Fails. Retrieved April 9, 2018.

Internal MISP references

UUID 6284d130-83e5-4961-a723-af4f9a01c24e which can be used as unique global reference for Microsoft Service Recovery Feb 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-09T00:00:00Z
date_published 2013-02-22T00:00:00Z
source MITRE
title Set up Recovery Actions to Take Place When a Service Fails

Microsoft SetWindowLong function

Microsoft. (n.d.). SetWindowLong function. Retrieved December 16, 2017.

Internal MISP references

UUID 11755d06-a9df-4a19-a165-2995f25c4b12 which can be used as unique global reference for Microsoft SetWindowLong function in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-16T00:00:00Z
source MITRE
title SetWindowLong function

Securelist ShadowPad Aug 2017

GReAT. (2017, August 15). ShadowPad in corporate networks. Retrieved March 22, 2021.

Internal MISP references

UUID 862877d7-e18c-4613-bdad-0700bf3d45ae which can be used as unique global reference for Securelist ShadowPad Aug 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-22T00:00:00Z
date_published 2017-08-15T00:00:00Z
source MITRE
title ShadowPad in corporate networks

Kaspersky ShadowPad Aug 2017

Kaspersky Lab. (2017, August). ShadowPad: popular server management software hit in supply chain attack. Retrieved March 22, 2021.

Internal MISP references

UUID 95c9a28d-6056-4f87-9a46-9491318889e2 which can be used as unique global reference for Kaspersky ShadowPad Aug 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-22T00:00:00Z
date_published 2017-08-01T00:00:00Z
source MITRE
title ShadowPad: popular server management software hit in supply chain attack

Palo Alto Shamoon Nov 2016

Falcone, R.. (2016, November 30). Shamoon 2: Return of the Disttrack Wiper. Retrieved January 11, 2017.

Internal MISP references

UUID 15007a87-a281-41ae-b203-fdafe02a885f which can be used as unique global reference for Palo Alto Shamoon Nov 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-01-11T00:00:00Z
date_published 2016-11-30T00:00:00Z
source MITRE
title Shamoon 2: Return of the Disttrack Wiper

Unit 42 Shamoon3 2018

Falcone, R. (2018, December 13). Shamoon 3 Targets Oil and Gas Organization. Retrieved March 14, 2019.

Internal MISP references

UUID c2148166-faf4-4ab7-a37e-deae0c88c08d which can be used as unique global reference for Unit 42 Shamoon3 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-14T00:00:00Z
date_published 2018-12-13T00:00:00Z
source MITRE
title Shamoon 3 Targets Oil and Gas Organization

McAfee Shamoon December19 2018

Roccia, T., Saavedra-Morales, J., Beek, C.. (2018, December 19). Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems. Retrieved May 29, 2020.

Internal MISP references

UUID 11cb784e-0bfe-4e64-a1ed-56530798f358 which can be used as unique global reference for McAfee Shamoon December19 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-29T00:00:00Z
date_published 2018-12-19T00:00:00Z
source MITRE
title Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems

McAfee Shamoon December 2018

Mundo, A., Roccia, T., Saavedra-Morales, J., Beek, C.. (2018, December 14). Shamoon Returns to Wipe Systems in Middle East, Europe . Retrieved May 29, 2020.

Internal MISP references

UUID d731f5b4-77a1-4de1-a00a-e2ad918de670 which can be used as unique global reference for McAfee Shamoon December 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-29T00:00:00Z
date_published 2018-12-14T00:00:00Z
source MITRE
title Shamoon Returns to Wipe Systems in Middle East, Europe

TechNet Shared Folder

Microsoft. (n.d.). Share a Folder or Drive. Retrieved June 30, 2017.

Internal MISP references

UUID 80a9b92a-1404-4454-88f0-dd929a12e16f which can be used as unique global reference for TechNet Shared Folder in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-06-30T00:00:00Z
source MITRE
title Share a Folder or Drive

AWS EBS Snapshot Sharing

Amazon Web Services. (n.d.). Share an Amazon EBS snapshot. Retrieved March 2, 2022.

Internal MISP references

UUID 6f454218-91b7-4606-9467-c6d465c0fd1f which can be used as unique global reference for AWS EBS Snapshot Sharing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-02T00:00:00Z
source MITRE
title Share an Amazon EBS snapshot

Linux Shared Libraries

Wheeler, D. (2003, April 11). Shared Libraries. Retrieved September 7, 2023.

Internal MISP references

UUID 054d769a-f88e-55e9-971a-f169ee434cfe which can be used as unique global reference for Linux Shared Libraries in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-07T00:00:00Z
date_published 2003-04-11T00:00:00Z
source MITRE
title Shared Libraries

TLDP Shared Libraries

The Linux Documentation Project. (n.d.). Shared Libraries. Retrieved January 31, 2020.

Internal MISP references

UUID 2862845b-72b3-41d8-aafb-b36e90c6c30a which can be used as unique global reference for TLDP Shared Libraries in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-01-31T00:00:00Z
source MITRE
title Shared Libraries

Phrack halfdead 1997

halflife. (1997, September 1). Shared Library Redirection Techniques. Retrieved December 20, 2017.

Internal MISP references

UUID 9b3f0dc7-d830-43c5-8a5b-ad3c811920c5 which can be used as unique global reference for Phrack halfdead 1997 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 1997-09-01T00:00:00Z
source MITRE
title Shared Library Redirection Techniques

Wikipedia Shared Resource

Wikipedia. (2017, April 15). Shared resource. Retrieved June 30, 2017.

Internal MISP references

UUID 6cc6164e-84b3-4413-9895-6719248808fb which can be used as unique global reference for Wikipedia Shared Resource in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-06-30T00:00:00Z
date_published 2017-04-15T00:00:00Z
source MITRE
title Shared resource

Sharepoint Sharing Events

Microsoft. (n.d.). Sharepoint Sharing Events. Retrieved October 8, 2021.

Internal MISP references

UUID 2086d37a-05a8-4604-9c69-75a178406b4a which can be used as unique global reference for Sharepoint Sharing Events in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-08T00:00:00Z
source MITRE
title Sharepoint Sharing Events

GitHub GhostPack Certificates

HarmJ0y. (2018, August 22). SharpDPAPI - Certificates. Retrieved August 2, 2022.

Internal MISP references

UUID 941e214d-4188-4ca0-9ef8-b26aa96373a2 which can be used as unique global reference for GitHub GhostPack Certificates in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-02T00:00:00Z
date_published 2018-08-22T00:00:00Z
source MITRE
title SharpDPAPI - Certificates

Shdocvw.dll - LOLBAS Project

LOLBAS. (2018, May 25). Shdocvw.dll. Retrieved December 4, 2023.

Internal MISP references

UUID 0739d5fe-b460-4ed4-be75-cff422643a32 which can be used as unique global reference for Shdocvw.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Shdocvw.dll

Securelist Turla Oct 2018

Kaspersky Lab's Global Research & Analysis Team. (2018, October 04). Shedding Skin – Turla’s Fresh Faces. Retrieved November 7, 2018.

Internal MISP references

UUID 5b08ea46-e25d-4df9-9b91-f8e7a1d5f7ee which can be used as unique global reference for Securelist Turla Oct 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-07T00:00:00Z
date_published 2018-10-04T00:00:00Z
source MITRE
title Shedding Skin – Turla’s Fresh Faces

Shell32.dll - LOLBAS Project

LOLBAS. (2018, May 25). Shell32.dll. Retrieved December 4, 2023.

Internal MISP references

UUID 9465358f-e0cc-41f0-a7f9-01d5faca8157 which can be used as unique global reference for Shell32.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Shell32.dll

Cylance Shell Crew Feb 2017

Cylance SPEAR Team. (2017, February 9). Shell Crew Variants Continue to Fly Under Big AV’s Radar. Retrieved February 15, 2017.

Internal MISP references

UUID c0fe5d29-838b-4e91-bd33-59ab3dbcfbc3 which can be used as unique global reference for Cylance Shell Crew Feb 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-02-15T00:00:00Z
date_published 2017-02-09T00:00:00Z
source MITRE
title Shell Crew Variants Continue to Fly Under Big AV’s Radar

Magento

Cesar Anjos. (2018, May 31). Shell Logins as a Magento Reinfection Vector. Retrieved December 17, 2020.

Internal MISP references

UUID b8b3f360-e14c-49ea-a4e5-8d6d9727e731 which can be used as unique global reference for Magento in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-17T00:00:00Z
date_published 2018-05-31T00:00:00Z
source MITRE
title Shell Logins as a Magento Reinfection Vector

Trend Micro TA505 June 2019

Hiroaki, H. and Lu, L. (2019, June 12). Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns. Retrieved May 29, 2020.

Internal MISP references

UUID e664a0c7-154f-449e-904d-335be1b72b29 which can be used as unique global reference for Trend Micro TA505 June 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-29T00:00:00Z
date_published 2019-06-12T00:00:00Z
source MITRE
title Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns

Shimgvw.dll - LOLBAS Project

LOLBAS. (2021, January 6). Shimgvw.dll. Retrieved December 4, 2023.

Internal MISP references

UUID aba1cc57-ac30-400f-8b02-db7bf279dfb6 which can be used as unique global reference for Shimgvw.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-01-06T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Shimgvw.dll

FireEye Shining A Light on DARKSIDE May 2021

FireEye. (2021, May 11). Shining a Light on DARKSIDE Ransomware Operations. Retrieved September 22, 2021.

Internal MISP references

UUID 6ac6acc2-9fea-4887-99b2-9988991b47b6 which can be used as unique global reference for FireEye Shining A Light on DARKSIDE May 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-22T00:00:00Z
date_published 2021-05-11T00:00:00Z
source MITRE
title Shining a Light on DARKSIDE Ransomware Operations

Telekom Security DarkGate August 25 2023

Fabian Marquardt. (2023, August 25). Shining some light on the DarkGate loader. Retrieved October 20, 2023.

Internal MISP references

UUID 1cb60362-f73e-49e6-b0ee-e8f67a25c058 which can be used as unique global reference for Telekom Security DarkGate August 25 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-20T00:00:00Z
date_published 2023-08-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Shining some light on the DarkGate loader

NCC Group Black Basta June 2022

Inman, R. and Gurney, P. (2022, June 6). Shining the Light on Black Basta. Retrieved March 8, 2023.

Internal MISP references

UUID b5f91f77-b102-5812-a79f-69b254487da8 which can be used as unique global reference for NCC Group Black Basta June 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-08T00:00:00Z
date_published 2022-06-06T00:00:00Z
source MITRE
title Shining the Light on Black Basta

Trustwave Cherry Picker

Merritt, E.. (2015, November 16). Shining the Spotlight on Cherry Picker PoS Malware. Retrieved April 20, 2016.

Internal MISP references

UUID e09f639e-bdd3-4e88-8032-f665e347272b which can be used as unique global reference for Trustwave Cherry Picker in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-20T00:00:00Z
date_published 2015-11-16T00:00:00Z
source MITRE
title Shining the Spotlight on Cherry Picker PoS Malware

File obfuscation

Aspen Lindblom, Joseph Goodwin, and Chris Sheldon. (2021, July 19). Shlayer Malvertising Campaigns Still Using Flash Update Disguise. Retrieved March 29, 2024.

Internal MISP references

UUID 1fb860e8-47e4-5b6e-85ef-afe8de81a3b9 which can be used as unique global reference for File obfuscation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-29T00:00:00Z
date_published 2021-07-19T00:00:00Z
source MITRE
title Shlayer Malvertising Campaigns Still Using Flash Update Disguise

Shlayer jamf gatekeeper bypass 2021

Jaron Bradley. (2021, April 26). Shlayer malware abusing Gatekeeper bypass on macOS. Retrieved September 22, 2021.

Internal MISP references

UUID 9ece29ee-c4e9-4a30-9958-88b114a417ce which can be used as unique global reference for Shlayer jamf gatekeeper bypass 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-22T00:00:00Z
date_published 2021-04-26T00:00:00Z
source MITRE
title Shlayer malware abusing Gatekeeper bypass on macOS

Shodan

Shodan. (n.d.). Shodan. Retrieved October 20, 2020.

Internal MISP references

UUID a142aceb-3ef5-4231-8771-bb3b2dae9acd which can be used as unique global reference for Shodan in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
source MITRE
title Shodan

Shortcut for Persistence

Elastic. (n.d.). Shortcut File Written or Modified for Persistence. Retrieved June 1, 2022.

Internal MISP references

UUID 4a12e927-0511-40b1-85f3-869ffc452c2e which can be used as unique global reference for Shortcut for Persistence in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-01T00:00:00Z
source MITRE
title Shortcut File Written or Modified for Persistence

Unprotect Shortcut

Unprotect Project. (2019, March 18). Shortcut Hiding. Retrieved October 3, 2023.

Internal MISP references

UUID b62d40bc-2782-538a-8913-429908c6a2ee which can be used as unique global reference for Unprotect Shortcut in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-03T00:00:00Z
date_published 2019-03-18T00:00:00Z
source MITRE
title Shortcut Hiding

Sleep, shut down, hibernate

AVG. (n.d.). Should You Shut Down, Sleep or Hibernate Your PC or Mac Laptop?. Retrieved June 8, 2023.

Internal MISP references

UUID e9064801-0297-51d0-9089-db58f4811a9f which can be used as unique global reference for Sleep, shut down, hibernate in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-08T00:00:00Z
source MITRE
title Should You Shut Down, Sleep or Hibernate Your PC or Mac Laptop?

show_clock_detail_cisco_cmd

Cisco. (2023, March 6). show clock detail - Cisco IOS Security Command Reference: Commands S to Z . Retrieved July 13, 2022.

Internal MISP references

UUID a2215813-31b0-5624-92d8-479e7bd1a30b which can be used as unique global reference for show_clock_detail_cisco_cmd in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-13T00:00:00Z
date_published 2023-03-06T00:00:00Z
source MITRE
title show clock detail - Cisco IOS Security Command Reference: Commands S to Z

show_processes_cisco_cmd

Cisco. (2022, August 16). show processes - . Retrieved July 13, 2022.

Internal MISP references

UUID 944e529b-5e8a-54a1-b205-71dcb7dd304f which can be used as unique global reference for show_processes_cisco_cmd in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-13T00:00:00Z
date_published 2022-08-16T00:00:00Z
source MITRE
title show processes -

show_run_config_cmd_cisco

Cisco. (2022, August 16). show running-config - Cisco IOS Configuration Fundamentals Command Reference . Retrieved July 13, 2022.

Internal MISP references

UUID 5a68a45a-a53e-5d73-a82a-0cc951071aef which can be used as unique global reference for show_run_config_cmd_cisco in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-13T00:00:00Z
date_published 2022-08-16T00:00:00Z
source MITRE
title show running-config - Cisco IOS Configuration Fundamentals Command Reference

Symantec Shuckworm January 2022

Symantec. (2022, January 31). Shuckworm Continues Cyber-Espionage Attacks Against Ukraine. Retrieved February 17, 2022.

Internal MISP references

UUID 3abb9cfb-8927-4447-b904-6ed071787bef which can be used as unique global reference for Symantec Shuckworm January 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-17T00:00:00Z
date_published 2022-01-31T00:00:00Z
source MITRE, Tidal Cyber
title Shuckworm Continues Cyber-Espionage Attacks Against Ukraine

Microsoft Shutdown Oct 2017

Microsoft. (2017, October 15). Shutdown. Retrieved October 4, 2019.

Internal MISP references

UUID c587f021-596a-4e63-ac51-afa2793a859d which can be used as unique global reference for Microsoft Shutdown Oct 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-04T00:00:00Z
date_published 2017-10-15T00:00:00Z
source MITRE
title Shutdown

MalwareBytes SideCopy Dec 2021

Threat Intelligence Team. (2021, December 2). SideCopy APT: Connecting lures victims, payloads to infrastructure. Retrieved June 13, 2022.

Internal MISP references

UUID 466569a7-1ef8-4824-bd9c-d25301184ea4 which can be used as unique global reference for MalwareBytes SideCopy Dec 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-13T00:00:00Z
date_published 2021-12-02T00:00:00Z
source MITRE
title SideCopy APT: Connecting lures victims, payloads to infrastructure

Rewterz Sidewinder APT April 2020

Rewterz. (2020, April 20). Sidewinder APT Group Campaign Analysis. Retrieved January 29, 2021.

Internal MISP references

UUID e1cecdab-d6d1-47c6-a942-3f3329e5d98d which can be used as unique global reference for Rewterz Sidewinder APT April 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-29T00:00:00Z
date_published 2020-04-20T00:00:00Z
source MITRE
title Sidewinder APT Group Campaign Analysis

Cyble Sidewinder September 2020

Cyble. (2020, September 26). SideWinder APT Targets with futuristic Tactics and Techniques. Retrieved January 29, 2021.

Internal MISP references

UUID 25d8d6df-d3b9-4f57-bce0-d5285660e746 which can be used as unique global reference for Cyble Sidewinder September 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-29T00:00:00Z
date_published 2020-09-26T00:00:00Z
source MITRE
title SideWinder APT Targets with futuristic Tactics and Techniques

Microsoft Sigcheck May 2017

Russinovich, M. et al.. (2017, May 22). Sigcheck. Retrieved April 3, 2018.

Internal MISP references

UUID 7f3a0f44-03d4-4b02-9d9d-74e8ee9eede8 which can be used as unique global reference for Microsoft Sigcheck May 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-03T00:00:00Z
date_published 2017-05-22T00:00:00Z
source MITRE
title Sigcheck

Linux Signal Man

Linux man-pages. (2023, April 3). signal(7). Retrieved August 30, 2023.

Internal MISP references

UUID 63483956-fa3e-52da-a834-b3b762c4e84e which can be used as unique global reference for Linux Signal Man in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-30T00:00:00Z
date_published 2023-04-03T00:00:00Z
source MITRE
title signal(7)

f-secure janicab

Brod. (2013, July 15). Signed Mac Malware Using Right-to-Left Override Trick. Retrieved July 17, 2017.

Internal MISP references

UUID 07e484cb-7e72-4938-a029-f9904d751777 which can be used as unique global reference for f-secure janicab in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-17T00:00:00Z
date_published 2013-07-15T00:00:00Z
source MITRE
title Signed Mac Malware Using Right-to-Left Override Trick

Group IB Silence Aug 2019

Group-IB. (2019, August). Silence 2.0: Going Global. Retrieved May 5, 2020.

Internal MISP references

UUID 2c314eb6-767f-45b9-8a60-dba11e06afd8 which can be used as unique global reference for Group IB Silence Aug 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-05T00:00:00Z
date_published 2019-08-01T00:00:00Z
source MITRE
title Silence 2.0: Going Global

SecureList Silence Nov 2017

GReAT. (2017, November 1). Silence – a new Trojan attacking financial organizations. Retrieved May 24, 2019.

Internal MISP references

UUID 004a8877-7e57-48ad-a6ce-b9ad8577cc68 which can be used as unique global reference for SecureList Silence Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-24T00:00:00Z
date_published 2017-11-01T00:00:00Z
source MITRE
title Silence – a new Trojan attacking financial organizations

Cyber Forensicator Silence Jan 2019

Skulkin, O.. (2019, January 20). Silence: Dissecting Malicious CHM Files and Performing Forensic Analysis. Retrieved May 24, 2019.

Internal MISP references

UUID c328d6d3-5e8b-45a6-8487-eecd7e8cbf7e which can be used as unique global reference for Cyber Forensicator Silence Jan 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-24T00:00:00Z
date_published 2019-01-20T00:00:00Z
source MITRE
title Silence: Dissecting Malicious CHM Files and Performing Forensic Analysis

Group IB Silence Sept 2018

Group-IB. (2018, September). Silence: Moving Into the Darkside. Retrieved May 5, 2020.

Internal MISP references

UUID 10d41d2e-44be-41a7-84c1-b8f39689cb93 which can be used as unique global reference for Group IB Silence Sept 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-05T00:00:00Z
date_published 2018-09-01T00:00:00Z
source MITRE
title Silence: Moving Into the Darkside

CrowdStrike Silent Chollima Adversary September 2021

CrowdStrike. (2021, September 29). Silent Chollima Adversary Profile. Retrieved September 29, 2021.

Internal MISP references

UUID 835283b5-af3b-4baf-805e-da8ebbe8b5d2 which can be used as unique global reference for CrowdStrike Silent Chollima Adversary September 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
date_published 2021-09-29T00:00:00Z
source MITRE, Tidal Cyber
title Silent Chollima Adversary Profile

Malwarebytes Silent Librarian October 2020

Malwarebytes Threat Intelligence Team. (2020, October 14). Silent Librarian APT right on schedule for 20/21 academic year. Retrieved February 3, 2021.

Internal MISP references

UUID 9bb8ddd0-a8ec-459b-9983-79ccf46297ca which can be used as unique global reference for Malwarebytes Silent Librarian October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-03T00:00:00Z
date_published 2020-10-14T00:00:00Z
source MITRE
title Silent Librarian APT right on schedule for 20/21 academic year

Phish Labs Silent Librarian

Hassold, Crane. (2018, March 26). Silent Librarian: More to the Story of the Iranian Mabna Institute Indictment. Retrieved February 3, 2021.

Internal MISP references

UUID d79d0510-4d49-464d-8074-daedd186f1c1 which can be used as unique global reference for Phish Labs Silent Librarian in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-03T00:00:00Z
date_published 2018-03-26T00:00:00Z
source MITRE, Tidal Cyber
title Silent Librarian: More to the Story of the Iranian Mabna Institute Indictment

GitHub SILENTTRINITY Modules July 2019

Salvati, M. (2019, August 6). SILENTTRINITY Modules. Retrieved March 24, 2022.

Internal MISP references

UUID df9252e6-2727-4b39-a5f8-9f01c85aae9d which can be used as unique global reference for GitHub SILENTTRINITY Modules July 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-24T00:00:00Z
date_published 2019-08-06T00:00:00Z
source MITRE
title SILENTTRINITY Modules

Unit 42 Siloscape Jun 2021

Prizmant, D. (2021, June 7). Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments. Retrieved June 9, 2021.

Internal MISP references

UUID 4be128a7-97b8-48fa-8a52-a53c1e56f086 which can be used as unique global reference for Unit 42 Siloscape Jun 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-09T00:00:00Z
date_published 2021-06-07T00:00:00Z
source MITRE
title Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments

Unit42 SilverTerrier 2016

Renals, P., Conant, S. (2016). SILVERTERRIER: The Next Evolution in Nigerian Cybercrime. Retrieved November 13, 2018.

Internal MISP references

UUID a6ba79ca-7d4a-48d3-aae3-ee766770f83b which can be used as unique global reference for Unit42 SilverTerrier 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-13T00:00:00Z
date_published 2016-01-01T00:00:00Z
source MITRE, Tidal Cyber
title SILVERTERRIER: The Next Evolution in Nigerian Cybercrime

Unit42 SilverTerrier 2018

Unit42. (2016). SILVERTERRIER: THE RISE OF NIGERIAN BUSINESS EMAIL COMPROMISE. Retrieved November 13, 2018.

Internal MISP references

UUID 59630d6e-d034-4788-b418-a72bafefe54e which can be used as unique global reference for Unit42 SilverTerrier 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-13T00:00:00Z
date_published 2016-01-01T00:00:00Z
source MITRE, Tidal Cyber
title SILVERTERRIER: THE RISE OF NIGERIAN BUSINESS EMAIL COMPROMISE

Timac DYLD_INSERT_LIBRARIES

Timac. (2012, December 18). Simple code injection using DYLD_INSERT_LIBRARIES. Retrieved March 26, 2020.

Internal MISP references

UUID 54fcbc49-f4e3-48a4-9d67-52ca08b322b2 which can be used as unique global reference for Timac DYLD_INSERT_LIBRARIES in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-26T00:00:00Z
date_published 2012-12-18T00:00:00Z
source MITRE
title Simple code injection using DYLD_INSERT_LIBRARIES

SIM Swapping and Abuse of the Microsoft Azure Serial Console

Mandiant Intelligence. (2023, May 16). SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack. Retrieved June 2, 2023.

Internal MISP references

UUID c596a0e0-6e9c-52e4-b1bb-9c0542f960f2 which can be used as unique global reference for SIM Swapping and Abuse of the Microsoft Azure Serial Console in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-02T00:00:00Z
date_published 2023-05-16T00:00:00Z
source MITRE
title SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack

EduardosBlog SIPs July 2008

Navarro, E. (2008, July 11). SIP’s (Subject Interface Package) and Authenticode. Retrieved January 31, 2018.

Internal MISP references

UUID ac37f167-3ae9-437b-9215-c30c1ab4e249 which can be used as unique global reference for EduardosBlog SIPs July 2008 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-31T00:00:00Z
date_published 2008-07-11T00:00:00Z
source MITRE
title SIP’s (Subject Interface Package) and Authenticode

Anonymous Hackers Deface Russian Govt Site

Andy. (2018, May 12). ‘Anonymous’ Hackers Deface Russian Govt. Site to Protest Web-Blocking (NSFW). Retrieved April 19, 2019.

Internal MISP references

UUID ca63ccd4-8c81-4de6-8eb4-06a6c68ce4d3 which can be used as unique global reference for Anonymous Hackers Deface Russian Govt Site in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-19T00:00:00Z
source MITRE
title Site to Protest Web-Blocking (NSFW)

Dell Skeleton

Dell SecureWorks. (2015, January 12). Skeleton Key Malware Analysis. Retrieved April 8, 2019.

Internal MISP references

UUID cea9ce77-7641-4086-b92f-a4c3ad94a49c which can be used as unique global reference for Dell Skeleton in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-08T00:00:00Z
date_published 2015-01-12T00:00:00Z
source MITRE
title Skeleton Key Malware Analysis

Command Five SK 2011

Command Five Pty Ltd. (2011, September). SK Hack by an Advanced Persistent Threat. Retrieved April 6, 2018.

Internal MISP references

UUID ccca927e-fa03-4eba-b631-9989804a1f3c which can be used as unique global reference for Command Five SK 2011 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-06T00:00:00Z
date_published 2011-09-01T00:00:00Z
source MITRE
title SK Hack by an Advanced Persistent Threat

Trend Micro Skidmap

Remillano, A., Urbanec, J. (2019, September 19). Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload. Retrieved June 4, 2020.

Internal MISP references

UUID 53291621-f0ad-4cb7-af08-78b96eb67168 which can be used as unique global reference for Trend Micro Skidmap in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-04T00:00:00Z
date_published 2019-09-19T00:00:00Z
source MITRE
title Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload

Detectify Slack Tokens

Detectify. (2016, April 28). Slack bot token leakage exposing business critical information. Retrieved October 19, 2020.

Internal MISP references

UUID 46c40ed4-5a15-4b38-b625-bebc569dbf69 which can be used as unique global reference for Detectify Slack Tokens in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
date_published 2016-04-28T00:00:00Z
source MITRE
title Slack bot token leakage exposing business critical information

Huntress ScreenConnect 2 23 2024

Team Huntress. (2024, February 23). SlashAndGrab ScreenConnect Post-Exploitation in the Wild (CVE-2024-1709 & CVE-2024-1708). Retrieved February 23, 2024.

Internal MISP references

UUID 203e002f-09b0-436d-b9c2-a8988ee0b7aa which can be used as unique global reference for Huntress ScreenConnect 2 23 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-23T00:00:00Z
date_published 2024-02-23T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title SlashAndGrab ScreenConnect Post-Exploitation in the Wild (CVE-2024-1709 & CVE-2024-1708)

GitHub Sliver C2

BishopFox. (n.d.). Sliver. Retrieved September 15, 2021.

Internal MISP references

UUID f706839a-c6e7-469b-a0c0-02c0d55eb4f6 which can be used as unique global reference for GitHub Sliver C2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-15T00:00:00Z
source MITRE
title Sliver

GitHub Sliver C2 DNS

BishopFox. (n.d.). Sliver DNS C2 . Retrieved September 15, 2021.

Internal MISP references

UUID 41c1ac3e-d03a-4e09-aebe-a8c191236e7e which can be used as unique global reference for GitHub Sliver C2 DNS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-15T00:00:00Z
source MITRE
title Sliver DNS C2

GitHub Sliver Download

BishopFox. (n.d.). Sliver Download. Retrieved September 16, 2021.

Internal MISP references

UUID f9f6468f-6115-4753-a1ff-3658e410f964 which can be used as unique global reference for GitHub Sliver Download in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-16T00:00:00Z
source MITRE
title Sliver Download

GitHub Sliver File System August 2021

BishopFox. (2021, August 18). Sliver Filesystem. Retrieved September 22, 2021.

Internal MISP references

UUID 820beaff-a0d5-4017-9a9c-6fbd7874b585 which can be used as unique global reference for GitHub Sliver File System August 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-22T00:00:00Z
date_published 2021-08-18T00:00:00Z
source MITRE
title Sliver Filesystem

GitHub Sliver HTTP

BishopFox. (n.d.). Sliver HTTP(S) C2. Retrieved September 16, 2021.

Internal MISP references

UUID 0194a86d-c7bf-4115-ab45-4c67fcfdb2a1 which can be used as unique global reference for GitHub Sliver HTTP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-16T00:00:00Z
source MITRE
title Sliver HTTP(S) C2

GitHub Sliver Ifconfig

BishopFox. (n.d.). Sliver Ifconfig. Retrieved September 16, 2021.

Internal MISP references

UUID e9783116-144f-49e9-a3c5-28bf3ff9c654 which can be used as unique global reference for GitHub Sliver Ifconfig in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-16T00:00:00Z
source MITRE
title Sliver Ifconfig

GitHub Sliver Netstat

BishopFox. (n.d.). Sliver Netstat. Retrieved September 16, 2021.

Internal MISP references

UUID 37ef7619-8157-4522-aea7-779d75464029 which can be used as unique global reference for GitHub Sliver Netstat in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-16T00:00:00Z
source MITRE
title Sliver Netstat

GitHub Sliver Screen

BishopFox. (n.d.). Sliver Screenshot. Retrieved September 16, 2021.

Internal MISP references

UUID 0417572e-d1c7-4db5-8644-5b94c79cc14d which can be used as unique global reference for GitHub Sliver Screen in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-16T00:00:00Z
source MITRE
title Sliver Screenshot

GitHub Sliver Encryption

BishopFox. (n.d.). Sliver Transport Encryption. Retrieved September 16, 2021.

Internal MISP references

UUID b33a9d44-1468-4b3e-8d27-9c48c81bec74 which can be used as unique global reference for GitHub Sliver Encryption in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-16T00:00:00Z
source MITRE
title Sliver Transport Encryption

GitHub Sliver Upload

BishopFox. (n.d.). Sliver Upload. Retrieved September 16, 2021.

Internal MISP references

UUID 96e6e207-bf8b-4a3e-9a92-779e8bb6bb67 which can be used as unique global reference for GitHub Sliver Upload in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-16T00:00:00Z
source MITRE
title Sliver Upload

Zdnet Ngrok September 2018

Cimpanu, C. (2018, September 13). Sly malware author hides cryptomining botnet behind ever-shifting proxy service. Retrieved September 15, 2020.

Internal MISP references

UUID 3edb88be-2ca6-4925-ba2e-a5a4ac5f9ab0 which can be used as unique global reference for Zdnet Ngrok September 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-15T00:00:00Z
date_published 2018-09-13T00:00:00Z
source MITRE
title Sly malware author hides cryptomining botnet behind ever-shifting proxy service

NCSC GCHQ Small Sieve Jan 2022

NCSC GCHQ. (2022, January 27). Small Sieve Malware Analysis Report. Retrieved August 22, 2022.

Internal MISP references

UUID 0edb8946-be38-45f5-a27c-bdbebc383d72 which can be used as unique global reference for NCSC GCHQ Small Sieve Jan 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-22T00:00:00Z
date_published 2022-01-27T00:00:00Z
source MITRE
title Small Sieve Malware Analysis Report

SmartMontools

smartmontools. (n.d.). smartmontools. Retrieved October 2, 2018.

Internal MISP references

UUID efae8de6-1b8d-47c0-b7a0-e3d0c227a14c which can be used as unique global reference for SmartMontools in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-10-02T00:00:00Z
source MITRE
title smartmontools

CME Github September 2018

byt3bl33d3r. (2018, September 8). SMB: Command Reference. Retrieved July 17, 2020.

Internal MISP references

UUID a6e1e3b4-1b69-43b7-afbe-aedb812c5778 which can be used as unique global reference for CME Github September 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-17T00:00:00Z
date_published 2018-09-08T00:00:00Z
source MITRE
title SMB: Command Reference

US-CERT SMB Security

US-CERT. (2017, March 16). SMB Security Best Practices. Retrieved December 21, 2017.

Internal MISP references

UUID 710d2292-c693-4857-9196-397449061e76 which can be used as unique global reference for US-CERT SMB Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-21T00:00:00Z
date_published 2017-03-16T00:00:00Z
source MITRE
title SMB Security Best Practices

SMLoginItemSetEnabled Schroeder 2013

Tim Schroeder. (2013, April 21). SMLoginItemSetEnabled Demystified. Retrieved October 5, 2021.

Internal MISP references

UUID ad14bad2-95c8-49b0-9777-e464fc8359a0 which can be used as unique global reference for SMLoginItemSetEnabled Schroeder 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-05T00:00:00Z
date_published 2013-04-21T00:00:00Z
source MITRE
title SMLoginItemSetEnabled Demystified

Malwarebytes SmokeLoader 2016

Hasherezade. (2016, September 12). Smoke Loader – downloader with a smokescreen still alive. Retrieved March 20, 2018.

Internal MISP references

UUID b619e338-16aa-478c-b227-b22f78d572a3 which can be used as unique global reference for Malwarebytes SmokeLoader 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-20T00:00:00Z
date_published 2016-09-12T00:00:00Z
source MITRE
title Smoke Loader – downloader with a smokescreen still alive

Talos Smoke Loader July 2018

Baker, B., Unterbrink H. (2018, July 03). Smoking Guns - Smoke Loader learned new tricks. Retrieved July 5, 2018.

Internal MISP references

UUID 072ac051-7564-4dd3-a279-7f75c91b55f1 which can be used as unique global reference for Talos Smoke Loader July 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-05T00:00:00Z
date_published 2018-07-03T00:00:00Z
source MITRE
title Smoking Guns - Smoke Loader learned new tricks

FireEye SMOKEDHAM June 2021

FireEye. (2021, June 16). Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise. Retrieved September 22, 2021.

Internal MISP references

UUID a81ad3ef-fd96-432c-a7c8-ccc86d127a1b which can be used as unique global reference for FireEye SMOKEDHAM June 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-22T00:00:00Z
date_published 2021-06-16T00:00:00Z
source MITRE
title Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise

nccgroup Smuggling HTA 2017

Warren, R. (2017, August 8). Smuggling HTA files in Internet Explorer/Edge. Retrieved May 20, 2021.

Internal MISP references

UUID f5615cdc-bc56-415b-8e38-6f3fd1c33c88 which can be used as unique global reference for nccgroup Smuggling HTA 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-20T00:00:00Z
date_published 2017-08-08T00:00:00Z
source MITRE
title Smuggling HTA files in Internet Explorer/Edge

Environmental Keyed HTA

Warren, R. (2017, August 8). Smuggling HTA files in Internet Explorer/Edge. Retrieved January 16, 2019.

Internal MISP references

UUID b16bae1a-75aa-478b-b8c7-458ee5a3f7e5 which can be used as unique global reference for Environmental Keyed HTA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-01-16T00:00:00Z
date_published 2017-08-08T00:00:00Z
source MITRE
title Smuggling HTA files in Internet Explorer/Edge

Accenture SNAKEMACKEREL Nov 2018

Accenture Security. (2018, November 29). SNAKEMACKEREL. Retrieved April 15, 2019.

Internal MISP references

UUID c38d021c-d84c-4aa7-b7a5-be47e18df1d8 which can be used as unique global reference for Accenture SNAKEMACKEREL Nov 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-15T00:00:00Z
date_published 2018-11-29T00:00:00Z
source MITRE
title SNAKEMACKEREL

Sophos Snatch Ransomware 2019

Sophos. (2019, December 9). Snatch ransomware reboots PCs into Safe Mode to bypass protection. Retrieved June 23, 2021.

Internal MISP references

UUID 63019d16-07ec-4e53-98b7-529cc09b8429 which can be used as unique global reference for Sophos Snatch Ransomware 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-23T00:00:00Z
date_published 2019-12-09T00:00:00Z
source MITRE
title Snatch ransomware reboots PCs into Safe Mode to bypass protection

AdSecurity SID History Sept 2015

Metcalf, S. (2015, September 19). Sneaky Active Directory Persistence #14: SID History. Retrieved November 30, 2017.

Internal MISP references

UUID 26961107-c48e-46d5-8d80-cda543b3be3b which can be used as unique global reference for AdSecurity SID History Sept 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-30T00:00:00Z
date_published 2015-09-19T00:00:00Z
source MITRE
title Sneaky Active Directory Persistence #14: SID History

ADSecurity GPO Persistence 2016

Metcalf, S. (2016, March 14). Sneaky Active Directory Persistence #17: Group Policy. Retrieved March 5, 2019.

Internal MISP references

UUID e304715f-7da1-4342-ba5b-d0387d93aeb2 which can be used as unique global reference for ADSecurity GPO Persistence 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-05T00:00:00Z
date_published 2016-03-14T00:00:00Z
source MITRE
title Sneaky Active Directory Persistence #17: Group Policy

Telefonica Snip3 December 2021

Jornet, A. (2021, December 23). Snip3, an investigation into malware. Retrieved September 19, 2023.

Internal MISP references

UUID f026dd44-1491-505b-8a8a-e4f28c6cd6a7 which can be used as unique global reference for Telefonica Snip3 December 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-19T00:00:00Z
date_published 2021-12-23T00:00:00Z
source MITRE
title Snip3, an investigation into malware

Cybereason SocGholish Zloader April 2022

Cybereason Global SOC Team. (2022, April 25). SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems. Retrieved May 7, 2023.

Internal MISP references

UUID c28b2fbf-f309-4fb3-9743-1c11651e03ee which can be used as unique global reference for Cybereason SocGholish Zloader April 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2022-04-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems

ReliaQuest SocGholish

Dean Murphy, Brandon Tirado, Joseph Morales. (2023, January 30). SocGholish: A Tale of FakeUpdates. Retrieved May 7, 2023.

Internal MISP references

UUID de4c13b5-1707-4d8f-a562-6e5fd5504dda which can be used as unique global reference for ReliaQuest SocGholish in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2023-01-30T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title SocGholish: A Tale of FakeUpdates

SocGholish-update

Andrew Northern. (2022, November 22). SocGholish, a very real threat from a very fake update. Retrieved February 13, 2024.

Internal MISP references

UUID 01d9c3ba-29e2-5090-b399-0e7adf50a6b9 which can be used as unique global reference for SocGholish-update in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-13T00:00:00Z
date_published 2022-11-22T00:00:00Z
source MITRE
title SocGholish, a very real threat from a very fake update

SentinelOne SocGholish Infrastructure November 2022

Milenkoski, A. (2022, November 7). SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders. Retrieved March 22, 2024.

Internal MISP references

UUID 8a26eeb6-6f80-58f1-b773-b38835c6781d which can be used as unique global reference for SentinelOne SocGholish Infrastructure November 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-22T00:00:00Z
date_published 2022-11-07T00:00:00Z
source MITRE
title SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders

SentinelLabs SocGholish November 2022

Aleksandar Milenkoski. (2022, November 7). SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders. Retrieved May 7, 2023.

Internal MISP references

UUID c2dd119c-25d8-4e48-8eeb-89552a5a096c which can be used as unique global reference for SentinelLabs SocGholish November 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2022-11-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders

Proofpoint November 21 2022

Proofpoint. (2022, November 21). SocGholish Malware: A Real Threat from a Fake Update | Proofpoint US. Retrieved May 7, 2023.

Internal MISP references

UUID dc4117ea-be69-47db-ab75-03100fee230c which can be used as unique global reference for Proofpoint November 21 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2022-11-21T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title SocGholish Malware: A Real Threat from a Fake Update

Rapid7 Blog 5 10 2024

Rapid7. (2024, May 10). Social Engineering Campaign Linked to Black Basta Ransomware Operators . Retrieved May 21, 2024.

Internal MISP references

UUID ba749fe0-1ac7-4767-85df-97e6351c37f9 which can be used as unique global reference for Rapid7 Blog 5 10 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-05-21T00:00:00Z
date_published 2024-05-10T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Social Engineering Campaign Linked to Black Basta Ransomware Operators

Security Joes Sockbot March 09 2022

Felipe Duarte, Ido Naor. (2022, March 9). Sockbot in GoLand. Retrieved September 22, 2023.

Internal MISP references

UUID bca2b5c2-bc3b-4504-806e-5c5b6fee96e6 which can be used as unique global reference for Security Joes Sockbot March 09 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-22T00:00:00Z
date_published 2022-03-09T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Sockbot in GoLand

Kaspersky Sodin July 2019

Mamedov, O, et al. (2019, July 3). Sodin ransomware exploits Windows vulnerability and processor architecture. Retrieved August 4, 2020.

Internal MISP references

UUID ea46271d-3251-4bd7-afa8-f1bd7baf9570 which can be used as unique global reference for Kaspersky Sodin July 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-04T00:00:00Z
date_published 2019-07-03T00:00:00Z
source MITRE
title Sodin ransomware exploits Windows vulnerability and processor architecture

Kaspersky Sofacy

Kaspersky Lab's Global Research and Analysis Team. (2015, December 4). Sofacy APT hits high profile targets with updated toolset. Retrieved December 10, 2015.

Internal MISP references

UUID 46226f98-c762-48e3-9bcd-19ff14184bb5 which can be used as unique global reference for Kaspersky Sofacy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-12-10T00:00:00Z
date_published 2015-12-04T00:00:00Z
source MITRE
title Sofacy APT hits high profile targets with updated toolset

Unit 42 Sofacy Feb 2018

Lee, B, et al. (2018, February 28). Sofacy Attacks Multiple Government Entities. Retrieved March 15, 2018.

Internal MISP references

UUID 0bcc2d76-987c-4a9b-9e00-1400eec4e606 which can be used as unique global reference for Unit 42 Sofacy Feb 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-15T00:00:00Z
date_published 2018-02-28T00:00:00Z
source MITRE
title Sofacy Attacks Multiple Government Entities

Unit 42 Sofacy Nov 2018

Falcone, R., Lee, B.. (2018, November 20). Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan. Retrieved April 23, 2019.

Internal MISP references

UUID 1523c6de-8879-4652-ac51-1a5085324370 which can be used as unique global reference for Unit 42 Sofacy Nov 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-23T00:00:00Z
date_published 2018-11-20T00:00:00Z
source MITRE
title Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan

Unit42 Cannon Nov 2018

Falcone, R., Lee, B. (2018, November 20). Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan. Retrieved November 26, 2018.

Internal MISP references

UUID 8c634bbc-4878-4b27-aa18-5996ec968809 which can be used as unique global reference for Unit42 Cannon Nov 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-26T00:00:00Z
date_published 2018-11-20T00:00:00Z
source MITRE
title Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan

Palo Alto Sofacy 06-2018

Lee, B., Falcone, R. (2018, June 06). Sofacy Group’s Parallel Attacks. Retrieved June 18, 2018.

Internal MISP references

UUID a32357eb-3226-4bee-aeed-d2fbcfa52da0 which can be used as unique global reference for Palo Alto Sofacy 06-2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-06-18T00:00:00Z
date_published 2018-06-06T00:00:00Z
source MITRE
title Sofacy Group’s Parallel Attacks

F-Secure Sofacy 2015

F-Secure. (2015, September 8). Sofacy Recycles Carberp and Metasploit Code. Retrieved August 3, 2016.

Internal MISP references

UUID 56a95d3c-5268-4e69-b669-7055fb38d570 which can be used as unique global reference for F-Secure Sofacy 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-03T00:00:00Z
date_published 2015-09-08T00:00:00Z
source MITRE
title Sofacy Recycles Carberp and Metasploit Code

Sofacy Komplex Trojan

Dani Creus, Tyler Halfpop, Robert Falcone. (2016, September 26). Sofacy's 'Komplex' OS X Trojan. Retrieved July 8, 2017.

Internal MISP references

UUID a21be45e-26c3-446d-b336-b58d08df5749 which can be used as unique global reference for Sofacy Komplex Trojan in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-08T00:00:00Z
date_published 2016-09-26T00:00:00Z
source MITRE
title Sofacy's 'Komplex' OS X Trojan

Sofacy DealersChoice

Falcone, R. (2018, March 15). Sofacy Uses DealersChoice to Target European Government Agency. Retrieved June 4, 2018.

Internal MISP references

UUID ec157d0c-4091-43f5-85f1-a271c4aac1fc which can be used as unique global reference for Sofacy DealersChoice in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-06-04T00:00:00Z
date_published 2018-03-15T00:00:00Z
source MITRE
title Sofacy Uses DealersChoice to Target European Government Agency

Unit 42 SolarStorm December 2020

Unit 42. (2020, December 23). SolarStorm Supply Chain Attack Timeline. Retrieved March 24, 2023.

Internal MISP references

UUID ecbb602a-2427-5eba-8c2b-25d90c95f166 which can be used as unique global reference for Unit 42 SolarStorm December 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-24T00:00:00Z
date_published 2020-12-23T00:00:00Z
source MITRE
title SolarStorm Supply Chain Attack Timeline

Symantec Sunburst Sending Data January 2021

Symantec Threat Hunter Team. (2021, January 22). SolarWinds: How Sunburst Sends Data Back to the Attackers. Retrieved January 22, 2021.

Internal MISP references

UUID 50be20ca-48d1-4eb9-a25f-76935a0770b3 which can be used as unique global reference for Symantec Sunburst Sending Data January 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-22T00:00:00Z
date_published 2021-01-22T00:00:00Z
source MITRE
title SolarWinds: How Sunburst Sends Data Back to the Attackers

Carnegie Mellon University Supernova Dec 2020

Carnegie Mellon University. (2020, December 26). SolarWinds Orion API authentication bypass allows remote command execution. Retrieved February 22, 2021.

Internal MISP references

UUID ad43df0c-bdac-43e2-bd86-640036367b6c which can be used as unique global reference for Carnegie Mellon University Supernova Dec 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-22T00:00:00Z
date_published 2020-12-26T00:00:00Z
source MITRE
title SolarWinds Orion API authentication bypass allows remote command execution

SolarWinds Advisory Dec 2020

SolarWinds. (2020, December 24). SolarWinds Security Advisory. Retrieved February 22, 2021.

Internal MISP references

UUID 4e8b908a-bdc5-441b-bc51-98dfa87f6b7a which can be used as unique global reference for SolarWinds Advisory Dec 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-22T00:00:00Z
date_published 2020-12-24T00:00:00Z
source MITRE
title SolarWinds Security Advisory

solution_monitor_dhcp_scopes

Shoemaker, E. (2015, December 31). Solution: Monitor DHCP Scopes and Detect Man-in-the-Middle Attacks with PRTG and PowerShell. Retrieved March 7, 2022.

Internal MISP references

UUID 6fce30c3-17d6-42a0-8470-319e2930e573 which can be used as unique global reference for solution_monitor_dhcp_scopes in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-07T00:00:00Z
date_published 2015-12-31T00:00:00Z
source MITRE
title Solution: Monitor DHCP Scopes and Detect Man-in-the-Middle Attacks with PRTG and PowerShell

Sophos X-Ops Tweet September 13 2023

SophosXOps. (2023, September 13). Sophos X-Ops Tweet September 13 2023. Retrieved September 22, 2023.

Internal MISP references

UUID 98af96a6-98bb-4d81-bb0c-a550e765e6ac which can be used as unique global reference for Sophos X-Ops Tweet September 13 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-22T00:00:00Z
date_published 2023-09-13T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Sophos X-Ops Tweet September 13 2023

Source Manual

ss64. (n.d.). Source or Dot Operator. Retrieved May 21, 2019.

Internal MISP references

UUID a39354fc-334f-4f65-ba8a-56550f91710f which can be used as unique global reference for Source Manual in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-21T00:00:00Z
source MITRE
title Source or Dot Operator

FireEye Southeast Asia Threat Landscape March 2015

FireEye. (2015, March). SOUTHEAST ASIA: AN EVOLVING CYBER THREAT LANDSCAPE. Retrieved February 5, 2024.

Internal MISP references

UUID 59658f8b-af24-5df5-8f7d-cb6b9cf7579e which can be used as unique global reference for FireEye Southeast Asia Threat Landscape March 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-05T00:00:00Z
date_published 2015-03-01T00:00:00Z
source MITRE
title SOUTHEAST ASIA: AN EVOLVING CYBER THREAT LANDSCAPE

Symantec Sowbug Nov 2017

Symantec Security Response. (2017, November 7). Sowbug: Cyber espionage group targets South American and Southeast Asian governments. Retrieved November 16, 2017.

Internal MISP references

UUID 14f49074-fc46-45d3-bf7e-30c896c39c07 which can be used as unique global reference for Symantec Sowbug Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-16T00:00:00Z
date_published 2017-11-07T00:00:00Z
source MITRE, Tidal Cyber
title Sowbug: Cyber espionage group targets South American and Southeast Asian governments

NIST 800-63-3

Grassi, P., et al. (2017, December 1). SP 800-63-3, Digital Identity Guidelines. Retrieved January 16, 2019.

Internal MISP references

UUID 143599bf-167b-4041-82c5-8612c3e81095 which can be used as unique global reference for NIST 800-63-3 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-01-16T00:00:00Z
date_published 2017-12-01T00:00:00Z
source MITRE
title SP 800-63-3, Digital Identity Guidelines

Threatpost Hancitor

Tom Spring. (2017, January 11). Spammers Revive Hancitor Downloader Campaigns. Retrieved August 13, 2020.

Internal MISP references

UUID 70ad77af-88aa-4f06-a9cb-df9608157841 which can be used as unique global reference for Threatpost Hancitor in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-13T00:00:00Z
date_published 2017-01-11T00:00:00Z
source MITRE
title Spammers Revive Hancitor Downloader Campaigns

CheckPoint SpeakUp Feb 2019

Check Point Research. (2019, February 4). SpeakUp: A New Undetected Backdoor Linux Trojan. Retrieved April 17, 2019.

Internal MISP references

UUID 8f0d6a8d-6bd4-4df5-aa28-70e1ec4b0b12 which can be used as unique global reference for CheckPoint SpeakUp Feb 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-17T00:00:00Z
date_published 2019-02-04T00:00:00Z
source MITRE
title SpeakUp: A New Undetected Backdoor Linux Trojan

Cyfirma Kimsuky Spear Phishing

Cyfirma. (2020, December 16). Spear Phishing Attack by N. Korean Hacking Group, Kimsuky. Retrieved October 30, 2023.

Internal MISP references

UUID de9817bc-1ac0-4f19-b5af-c402c874f431 which can be used as unique global reference for Cyfirma Kimsuky Spear Phishing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-30T00:00:00Z
date_published 2020-12-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Spear Phishing Attack by N. Korean Hacking Group, Kimsuky

Palo Alto Unit 42 OutSteel SaintBot February 2022

Unit 42. (2022, February 25). Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot. Retrieved June 9, 2022.

Internal MISP references

UUID b0632490-76be-4018-982d-4b73b3d13881 which can be used as unique global reference for Palo Alto Unit 42 OutSteel SaintBot February 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-09T00:00:00Z
date_published 2022-02-25T00:00:00Z
source MITRE
title Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot

Zscaler Bazar September 2020

Sadique, M. and Singh, A. (2020, September 29). Spear Phishing Campaign Delivers Buer and Bazar Malware. Retrieved November 19, 2020.

Internal MISP references

UUID fc46f152-9ed7-4850-8127-7b1f486ef2fe which can be used as unique global reference for Zscaler Bazar September 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-19T00:00:00Z
date_published 2020-09-29T00:00:00Z
source MITRE
title Spear Phishing Campaign Delivers Buer and Bazar Malware

Reaqta MSXSL Spearphishing MAR 2018

Admin. (2018, March 2). Spear-phishing campaign leveraging on MSXSL. Retrieved July 3, 2018.

Internal MISP references

UUID 927737c9-63a3-49a6-85dc-620e055aaf0a which can be used as unique global reference for Reaqta MSXSL Spearphishing MAR 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-03T00:00:00Z
date_published 2018-03-02T00:00:00Z
source MITRE
title Spear-phishing campaign leveraging on MSXSL

FireEye Regsvr32 Targeting Mongolian Gov

Anubhav, A., Kizhakkinan, D. (2017, February 22). Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government. Retrieved February 24, 2017.

Internal MISP references

UUID d1509d15-04af-46bd-a6b1-30fbd179b257 which can be used as unique global reference for FireEye Regsvr32 Targeting Mongolian Gov in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-02-24T00:00:00Z
date_published 2017-02-22T00:00:00Z
source MITRE
title Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government

FireEye admin@338 March 2014

Moran, N. and Lanstein, A.. (2014, March 25). Spear Phishing the News Cycle: APT Actors Leverage Interest in the Disappearance of Malaysian Flight MH 370. Retrieved April 15, 2016.

Internal MISP references

UUID 6a37e6eb-b767-4b10-9c39-660a42b19ddd which can be used as unique global reference for FireEye admin@338 March 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-15T00:00:00Z
date_published 2014-03-25T00:00:00Z
source MITRE
title Spear Phishing the News Cycle: APT Actors Leverage Interest in the Disappearance of Malaysian Flight MH 370

Microsoft File Handlers

Microsoft. (n.d.). Specifying File Handlers for File Name Extensions. Retrieved November 13, 2014.

Internal MISP references

UUID cc12cd2c-4f41-4d7b-902d-53c35eb41210 which can be used as unique global reference for Microsoft File Handlers in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-13T00:00:00Z
source MITRE
title Specifying File Handlers for File Name Extensions

GTFO split

GTFOBins. (2020, November 13). split. Retrieved April 18, 2022.

Internal MISP references

UUID 4b86c8c3-57b0-4558-be21-f928acb23f49 which can be used as unique global reference for GTFO split in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-18T00:00:00Z
date_published 2020-11-13T00:00:00Z
source MITRE
title split

split man page

Torbjorn Granlund, Richard M. Stallman. (2020, March null). split(1) — Linux manual page. Retrieved March 25, 2022.

Internal MISP references

UUID 3a4dc770-8bfa-44e9-bb0e-f0af0ae92994 which can be used as unique global reference for split man page in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-25T00:00:00Z
source MITRE
title split(1) — Linux manual page

Spoofing credential dialogs

Johann Rehberger. (2021, April 18). Spoofing credential dialogs on macOS Linux and Windows. Retrieved August 19, 2021.

Internal MISP references

UUID 4f8abaae-1483-4bf6-a79c-6a801ae5a640 which can be used as unique global reference for Spoofing credential dialogs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-19T00:00:00Z
date_published 2021-04-18T00:00:00Z
source MITRE
title Spoofing credential dialogs on macOS Linux and Windows

Infosecinstitute RTLO Technique

Security Ninja. (2015, April 16). Spoof Using Right to Left Override (RTLO) Technique. Retrieved April 22, 2019.

Internal MISP references

UUID 79d21506-07a8-444d-a2d7-c91de67c393e which can be used as unique global reference for Infosecinstitute RTLO Technique in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-22T00:00:00Z
date_published 2015-04-16T00:00:00Z
source MITRE
title Spoof Using Right to Left Override (RTLO) Technique

BBC-malvertising

BBC. (2011, March 29). Spotify ads hit by malware attack. Retrieved February 21, 2023.

Internal MISP references

UUID 425775e4-2948-5a73-a2d8-9a3edca74b1b which can be used as unique global reference for BBC-malvertising in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-21T00:00:00Z
date_published 2011-03-29T00:00:00Z
source MITRE
title Spotify ads hit by malware attack

NSA Spotting

National Security Agency/Central Security Service Information Assurance Directorate. (2015, August 7). Spotting the Adversary with Windows Event Log Monitoring. Retrieved September 6, 2018.

Internal MISP references

UUID c1fa6c1d-f11a-47d4-88fc-ec0a3dc44279 which can be used as unique global reference for NSA Spotting in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-06T00:00:00Z
date_published 2015-08-07T00:00:00Z
source MITRE
title Spotting the Adversary with Windows Event Log Monitoring

Villeneuve 2014

Villeneuve, N., Homan, J. (2014, July 31). Spy of the Tiger. Retrieved September 29, 2015.

Internal MISP references

UUID a156e24e-0da5-4ac7-b914-29f2f05e7d6f which can be used as unique global reference for Villeneuve 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-09-29T00:00:00Z
date_published 2014-07-31T00:00:00Z
source MITRE, Tidal Cyber
title Spy of the Tiger

Sqldumper.exe - LOLBAS Project

LOLBAS. (2018, May 25). Sqldumper.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 793d6262-37af-46e1-a6b5-a5262f4a749d which can be used as unique global reference for Sqldumper.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Sqldumper.exe

sqlmap Introduction

Damele, B., Stampar, M. (n.d.). sqlmap. Retrieved March 19, 2018.

Internal MISP references

UUID ac643245-d54f-470f-a393-26875c0877c8 which can be used as unique global reference for sqlmap Introduction in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-19T00:00:00Z
source MITRE
title sqlmap

Sqlps.exe - LOLBAS Project

LOLBAS. (2018, May 25). Sqlps.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 31cc851a-c536-4cef-9391-d3c7d3eab64f which can be used as unique global reference for Sqlps.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Sqlps.exe

SQLToolsPS.exe - LOLBAS Project

LOLBAS. (2018, May 25). SQLToolsPS.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 612c9569-80af-48d2-a853-0f6e3f55aa50 which can be used as unique global reference for SQLToolsPS.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title SQLToolsPS.exe

Squirrel.exe - LOLBAS Project

LOLBAS. (2019, June 26). Squirrel.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 952b5ca5-1251-4e27-bd30-5d55d7d2da5e which can be used as unique global reference for Squirrel.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2019-06-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Squirrel.exe

ZScaler Squirrelwaffle Sep 2021

Kumar, A., Stone-Gross, Brett. (2021, September 28). Squirrelwaffle: New Loader Delivering Cobalt Strike. Retrieved August 9, 2022.

Internal MISP references

UUID 624a62db-f00f-45f9-89f6-2c3505b4979f which can be used as unique global reference for ZScaler Squirrelwaffle Sep 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-09T00:00:00Z
date_published 2021-09-28T00:00:00Z
source MITRE
title Squirrelwaffle: New Loader Delivering Cobalt Strike

Netskope Squirrelwaffle Oct 2021

Palazolo, G. (2021, October 7). SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot. Retrieved August 9, 2022.

Internal MISP references

UUID 5559895a-4647-438f-b3d5-6d6aa323a6f9 which can be used as unique global reference for Netskope Squirrelwaffle Oct 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-09T00:00:00Z
date_published 2021-10-07T00:00:00Z
source MITRE
title SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot

Clockwork SSH Agent Hijacking

Beuchler, B. (2012, September 28). SSH Agent Hijacking. Retrieved December 20, 2017.

Internal MISP references

UUID 4a4026e3-977a-4f25-aeee-794947f384b2 which can be used as unique global reference for Clockwork SSH Agent Hijacking in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 2012-09-28T00:00:00Z
source MITRE
title SSH Agent Hijacking

Symantec SSH and ssh-agent

Hatch, B. (2004, November 22). SSH and ssh-agent. Retrieved January 8, 2018.

Internal MISP references

UUID 0d576bca-511d-40a2-9916-26832eb28861 which can be used as unique global reference for Symantec SSH and ssh-agent in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-08T00:00:00Z
date_published 2004-11-22T00:00:00Z
source MITRE
title SSH and ssh-agent

ssh.exe - LOLBAS Project

LOLBAS. (2021, November 8). ssh.exe. Retrieved December 4, 2023.

Internal MISP references

UUID b1a9af1c-0cfc-4e8a-88ac-7d33cddc26a1 which can be used as unique global reference for ssh.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-11-08T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title ssh.exe

SSH Secure Shell

SSH.COM. (n.d.). SSH (Secure Shell). Retrieved March 23, 2020.

Internal MISP references

UUID ac5fc103-1946-488b-8af5-eda0636cbdd0 which can be used as unique global reference for SSH Secure Shell in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-23T00:00:00Z
source MITRE
title SSH (Secure Shell)

SSH Tunneling

SSH.COM. (n.d.). SSH tunnel. Retrieved March 15, 2020.

Internal MISP references

UUID 13280f38-0f17-42d3-9f92-693f1da60ffa which can be used as unique global reference for SSH Tunneling in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-15T00:00:00Z
source MITRE
title SSH tunnel

SSLShopper Lookup

SSL Shopper. (n.d.). SSL Checker. Retrieved October 20, 2020.

Internal MISP references

UUID a8dc493f-2021-48fa-8f28-afd13756b789 which can be used as unique global reference for SSLShopper Lookup in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
source MITRE
title SSL Checker

Ubuntu SSSD Docs

Ubuntu. (n.d.). SSSD. Retrieved September 23, 2021.

Internal MISP references

UUID f2ed1c28-8cde-4279-a04c-217a4dc68121 which can be used as unique global reference for Ubuntu SSSD Docs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-23T00:00:00Z
source MITRE
title SSSD

Stantinko Botnet

Vachon, F., Faou, M. (2017, July 20). Stantinko: A massive adware campaign operating covertly since 2012. Retrieved November 16, 2017.

Internal MISP references

UUID d81e0274-76f4-43ce-b829-69f761e280dc which can be used as unique global reference for Stantinko Botnet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-16T00:00:00Z
date_published 2017-07-20T00:00:00Z
source MITRE
title Stantinko: A massive adware campaign operating covertly since 2012

StarBlizzard

Microsoft Threat Intelligence. (2023, December 7). Star Blizzard increases sophistication and evasion in ongoing attacks. Retrieved February 13, 2024.

Internal MISP references

UUID 68b16960-1893-51a1-b46c-974a09d4a0c4 which can be used as unique global reference for StarBlizzard in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-13T00:00:00Z
date_published 2023-12-07T00:00:00Z
source MITRE
title Star Blizzard increases sophistication and evasion in ongoing attacks

Amazon AWS

Amazon. (n.d.). Start Building on AWS Today. Retrieved October 13, 2021.

Internal MISP references

UUID b7d41cde-18c8-4e15-a0ac-ca0afc127e33 which can be used as unique global reference for Amazon AWS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-13T00:00:00Z
source MITRE
title Start Building on AWS Today

Docker Systemd

Docker. (n.d.). Start containers automatically. Retrieved February 15, 2024.

Internal MISP references

UUID 5969a1d0-7645-5a58-a461-446d49b63b17 which can be used as unique global reference for Docker Systemd in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-15T00:00:00Z
source MITRE
title Start containers automatically

Startup Items

Apple. (2016, September 13). Startup Items. Retrieved July 11, 2017.

Internal MISP references

UUID e36dd211-22e4-4b23-befb-fbfe1a84b866 which can be used as unique global reference for Startup Items in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-11T00:00:00Z
date_published 2016-09-13T00:00:00Z
source MITRE
title Startup Items

Microsoft Safe Mode

Microsoft. (n.d.). Start your PC in safe mode in Windows 10. Retrieved June 23, 2021.

Internal MISP references

UUID fdddb25b-22ba-4433-b25f-bad340ffc849 which can be used as unique global reference for Microsoft Safe Mode in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-23T00:00:00Z
source MITRE
title Start your PC in safe mode in Windows 10

Mandiant APT41

Rufus Brown, Van Ta, Douglas Bienstock, Geoff Ackerman, John Wolfram. (2022, March 8). Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments. Retrieved July 8, 2022.

Internal MISP references

UUID e54415fe-40c2-55ff-9e75-881bc8a912b8 which can be used as unique global reference for Mandiant APT41 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-08T00:00:00Z
source MITRE
title State Governments

Twitter SquiblyTwo Detection APR 2018

Desimone, J. (2018, April 18). Status Update. Retrieved July 3, 2018.

Internal MISP references

UUID 9cee0681-3ad2-4b1d-8eeb-5160134f3069 which can be used as unique global reference for Twitter SquiblyTwo Detection APR 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-03T00:00:00Z
date_published 2018-04-18T00:00:00Z
source MITRE
title Status Update

MSFT-AI

Microsoft Threat Intelligence. (2024, February 14). Staying ahead of threat actors in the age of AI. Retrieved March 11, 2024.

Internal MISP references

UUID 4f08a1a3-3cc5-5dfb-9190-2e4991e43d94 which can be used as unique global reference for MSFT-AI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-11T00:00:00Z
date_published 2024-02-14T00:00:00Z
source MITRE
title Staying ahead of threat actors in the age of AI

Mandiant Endpoint Evading 2019

Pena, E., Erikson, C. (2019, October 10). Staying Hidden on the Endpoint: Evading Detection with Shellcode. Retrieved November 29, 2021.

Internal MISP references

UUID 5d43542f-aad5-4ac5-b5b6-1a2b03222fc8 which can be used as unique global reference for Mandiant Endpoint Evading 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-11-29T00:00:00Z
date_published 2019-10-10T00:00:00Z
source MITRE
title Staying Hidden on the Endpoint: Evading Detection with Shellcode

Sekoia.io Stealc February 20 2023

Quentin Bourgue, Pierre Le Bourhis, Threat & Detection Research Team. (2023, February 20). Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part 1. Retrieved July 28, 2023.

Internal MISP references

UUID ca5b727d-f35b-4009-b4d4-21a69d41162d which can be used as unique global reference for Sekoia.io Stealc February 20 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-28T00:00:00Z
date_published 2023-02-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part 1

Sekoia.io Stealc February 27 2023

Pierre Le Bourhis, Quentin Bourgue, Threat & Detection Research Team. (2023, February 27). Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part 2. Retrieved July 28, 2023.

Internal MISP references

UUID edd0cab4-48f7-48d8-a318-ced118af6a63 which can be used as unique global reference for Sekoia.io Stealc February 27 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-28T00:00:00Z
date_published 2023-02-27T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part 2

AADInternals Azure AD Device Identities

Dr. Nestori Syynimaa. (2022, February 15). Stealing and faking Azure AD device identities. Retrieved February 21, 2023.

Internal MISP references

UUID b5ef16c4-1db0-51e9-93ab-54a8e480debc which can be used as unique global reference for AADInternals Azure AD Device Identities in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-21T00:00:00Z
date_published 2022-02-15T00:00:00Z
source MITRE
title Stealing and faking Azure AD device identities

O365 Blog Azure AD Device IDs

Syynimaa, N. (2022, February 15). Stealing and faking Azure AD device identities. Retrieved August 3, 2022.

Internal MISP references

UUID ec94c043-92ef-4691-b21a-7ea68f39e338 which can be used as unique global reference for O365 Blog Azure AD Device IDs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-03T00:00:00Z
date_published 2022-02-15T00:00:00Z
source MITRE
title Stealing and faking Azure AD device identities

Carnal Ownage Password Filters Sept 2013

Fuller, R. (2013, September 11). Stealing passwords every time they change. Retrieved November 21, 2017.

Internal MISP references

UUID 78ed9074-a46c-4ce6-ab7d-a587bd585dc5 which can be used as unique global reference for Carnal Ownage Password Filters Sept 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-21T00:00:00Z
date_published 2013-09-11T00:00:00Z
source MITRE
title Stealing passwords every time they change

CSM Elderwood Sept 2012

Clayton, M.. (2012, September 14). Stealing US business secrets: Experts ID two huge cyber 'gangs' in China. Retrieved February 15, 2018.

Internal MISP references

UUID 6b79006d-f6de-489c-82fa-8c3c28d652ef which can be used as unique global reference for CSM Elderwood Sept 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-15T00:00:00Z
date_published 2012-09-14T00:00:00Z
source MITRE
title Stealing US business secrets: Experts ID two huge cyber 'gangs' in China

DEFCON2016 Sticky Keys

Maldonado, D., McGuffin, T. (2016, August 6). Sticky Keys to the Kingdom. Retrieved July 5, 2017.

Internal MISP references

UUID f903146d-b63d-4771-8d53-28ef137c9349 which can be used as unique global reference for DEFCON2016 Sticky Keys in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-05T00:00:00Z
date_published 2016-08-06T00:00:00Z
source MITRE
title Sticky Keys to the Kingdom

The DFIR Report Stolen Images Conti

The DFIR Report. (2023, April 4). Stolen Images Campaign Ends in Conti Ransomware. Retrieved June 23, 2023.

Internal MISP references

UUID 4a89916f-3919-41fd-bf93-27f25a2363f5 which can be used as unique global reference for The DFIR Report Stolen Images Conti in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-23T00:00:00Z
date_published 2023-04-04T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Stolen Images Campaign Ends in Conti Ransomware

Netscout Stolen Pencil Dec 2018

ASERT team. (2018, December 5). STOLEN PENCIL Campaign Targets Academia. Retrieved February 5, 2019.

Internal MISP references

UUID 6d3b31da-a784-4da0-91dd-b72c04fd520a which can be used as unique global reference for Netscout Stolen Pencil Dec 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-05T00:00:00Z
date_published 2018-12-05T00:00:00Z
source MITRE
title STOLEN PENCIL Campaign Targets Academia

FireEye VBA stomp Feb 2020

Cole, R., Moore, A., Stark, G., Stancill, B. (2020, February 5). STOMP 2 DIS: Brilliance in the (Visual) Basics. Retrieved September 17, 2020.

Internal MISP references

UUID bd034cc8-29e2-4d58-a72a-161b831191b7 which can be used as unique global reference for FireEye VBA stomp Feb 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-17T00:00:00Z
date_published 2020-02-05T00:00:00Z
source MITRE
title STOMP 2 DIS: Brilliance in the (Visual) Basics

Stopping CloudTrail from Sending Events to CloudWatch Logs

Amazon Web Services. (n.d.). Stopping CloudTrail from Sending Events to CloudWatch Logs. Retrieved October 16, 2020.

Internal MISP references

UUID affb4d4f-5c96-4c27-b702-b8ad9bc8e1b3 which can be used as unique global reference for Stopping CloudTrail from Sending Events to CloudWatch Logs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-16T00:00:00Z
source MITRE
title Stopping CloudTrail from Sending Events to CloudWatch Logs

McAfee Virtual Jan 2017

Roccia, T. (2017, January 19). Stopping Malware With a Fake Virtual Machine. Retrieved April 17, 2019.

Internal MISP references

UUID a541a027-733c-438f-a723-6f7e8e6f354c which can be used as unique global reference for McAfee Virtual Jan 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-17T00:00:00Z
date_published 2017-01-19T00:00:00Z
source MITRE
title Stopping Malware With a Fake Virtual Machine

Checkpoint Dridex Jan 2021

Check Point Research. (2021, January 4). Stopping Serial Killer: Catching the Next Strike. Retrieved September 7, 2021.

Internal MISP references

UUID a988084f-1a58-4e5b-a616-ed31d311cccf which can be used as unique global reference for Checkpoint Dridex Jan 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-07T00:00:00Z
date_published 2021-01-04T00:00:00Z
source MITRE
title Stopping Serial Killer: Catching the Next Strike

U.S. CISA Akira April 18 2024

Cybersecurity and Infrastructure Security Agency. (2024, April 18). #StopRansomware: Akira Ransomware. Retrieved April 19, 2024.

Internal MISP references

UUID 2e8cf25e-1c06-4f14-a6aa-cb7b876ad5be which can be used as unique global reference for U.S. CISA Akira April 18 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-19T00:00:00Z
date_published 2024-04-18T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title #StopRansomware: Akira Ransomware

U.S. CISA ALPHV Blackcat December 2023

Cybersecurity and Infrastructure Security Agency. (2023, December 19). #StopRansomware: ALPHV Blackcat. Retrieved December 19, 2023.

Internal MISP references

UUID d28d64cf-b5db-4438-8c5c-907ce5f55f69 which can be used as unique global reference for U.S. CISA ALPHV Blackcat December 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-19T00:00:00Z
date_published 2023-12-19T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title #StopRansomware: ALPHV Blackcat

U.S. CISA AvosLocker October 11 2023

Cybersecurity and Infrastructure Security Agency. (2023, October 11). #StopRansomware: AvosLocker Ransomware (Update). Retrieved October 20, 2023.

Internal MISP references

UUID d419a317-6599-4fc5-91d1-a4c2bc83bf6a which can be used as unique global reference for U.S. CISA AvosLocker October 11 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-20T00:00:00Z
date_published 2023-10-11T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title #StopRansomware: AvosLocker Ransomware (Update)

U.S. CISA BianLian Ransomware May 2023

Cybersecurity and Infrastructure Security Agency. (2023, May 16). #StopRansomware: BianLian Ransomware Group. Retrieved May 18, 2023.

Internal MISP references

UUID aa52e826-f292-41f6-985d-0282230c8948 which can be used as unique global reference for U.S. CISA BianLian Ransomware May 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-18T00:00:00Z
date_published 2023-05-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title #StopRansomware: BianLian Ransomware Group

U.S. CISA Black Basta May 10 2024

Cybersecurity and Infrastructure Security Agency. (2024, May 10). #StopRansomware: Black Basta. Retrieved May 13, 2024.

Internal MISP references

UUID 10fed6c7-4d73-49cd-9170-3f67d06365ca which can be used as unique global reference for U.S. CISA Black Basta May 10 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-05-13T00:00:00Z
date_published 2024-05-10T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title #StopRansomware: Black Basta

U.S. CISA CL0P CVE-2023-34362 Exploitation

Cybersecurity and Infrastructure Security Agency. (2023, June 7). #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability. Retrieved July 27, 2023.

Internal MISP references

UUID 07e48ca8-b965-4234-b04a-dfad45d58b22 which can be used as unique global reference for U.S. CISA CL0P CVE-2023-34362 Exploitation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-27T00:00:00Z
date_published 2023-06-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability

U.S. CISA Cuba Ransomware October 2022

Cybersecurity and Infrastructure Security Agency. (2023, January 5). #StopRansomware: Cuba Ransomware. Retrieved May 19, 2023.

Internal MISP references

UUID d6ed5172-a319-45b0-b1cb-d270a2a48fa3 which can be used as unique global reference for U.S. CISA Cuba Ransomware October 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-19T00:00:00Z
date_published 2023-01-05T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title #StopRansomware: Cuba Ransomware

U.S. CISA Daixin Team October 2022

Cybersecurity and Infrastructure Security Agency. (2022, October 26). #StopRansomware: Daixin Team. Retrieved May 19, 2023.

Internal MISP references

UUID cbf5ecfb-de79-41cc-8250-01790ff6e89b which can be used as unique global reference for U.S. CISA Daixin Team October 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-19T00:00:00Z
date_published 2022-10-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title #StopRansomware: Daixin Team

U.S. CISA LockBit 3.0 March 2023

Cybersecurity and Infrastructure Security Agency. (2023, March 16). #StopRansomware: LockBit 3.0. Retrieved May 19, 2023.

Internal MISP references

UUID 06de9247-ce40-4709-a17a-a65b8853758b which can be used as unique global reference for U.S. CISA LockBit 3.0 March 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-19T00:00:00Z
date_published 2023-03-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title #StopRansomware: LockBit 3.0

U.S. CISA LockBit Citrix Bleed November 21 2023

Cybersecurity and Infrastructure Security Agency. (2023, November 21). #StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability. Retrieved November 30, 2023.

Internal MISP references

UUID 21f56e0c-9605-4fbb-9cb1-f868ba6eb053 which can be used as unique global reference for U.S. CISA LockBit Citrix Bleed November 21 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-30T00:00:00Z
date_published 2023-11-21T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title #StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability

U.S. CISA MedusaLocker August 11 2022

Cybersecurity and Infrastructure Security Agency. (2022, August 11). #StopRansomware: MedusaLocker. Retrieved August 4, 2023.

Internal MISP references

UUID 48b34fb3-c346-4165-a4c6-caeaa9b02dba which can be used as unique global reference for U.S. CISA MedusaLocker August 11 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-04T00:00:00Z
date_published 2022-08-11T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title #StopRansomware: MedusaLocker

U.S. CISA Phobos February 29 2024

Cybersecurity and Infrastructure Security Agency. (2024, February 29). #StopRansomware: Phobos Ransomware. Retrieved March 7, 2024.

Internal MISP references

UUID bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a which can be used as unique global reference for U.S. CISA Phobos February 29 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-07T00:00:00Z
date_published 2024-02-29T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title #StopRansomware: Phobos Ransomware

U.S. CISA Play Ransomware December 2023

Cybersecurity and Infrastructure Security Agency. (2023, December 18). #StopRansomware: Play Ransomware. Retrieved December 18, 2023.

Internal MISP references

UUID ad96148c-8230-4923-86fd-4b1da211db1a which can be used as unique global reference for U.S. CISA Play Ransomware December 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-18T00:00:00Z
date_published 2023-12-18T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title #StopRansomware: Play Ransomware

U.S. CISA Rhysida Ransomware November 15 2023

Cybersecurity and Infrastructure Security Agency. (2023, November 15). #StopRansomware: Rhysida Ransomware. Retrieved November 16, 2023.

Internal MISP references

UUID 6d902955-d9a9-4ec1-8dd4-264f7594605e which can be used as unique global reference for U.S. CISA Rhysida Ransomware November 15 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-16T00:00:00Z
date_published 2023-11-15T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title #StopRansomware: Rhysida Ransomware

CISA Royal AA23-061A March 2023

CISA. (2023, March 2). #StopRansomware: Royal Ransomware. Retrieved March 31, 2023.

Internal MISP references

UUID 81baa61e-13c3-51e0-bf22-08383dbfb2a1 which can be used as unique global reference for CISA Royal AA23-061A March 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-31T00:00:00Z
date_published 2023-03-02T00:00:00Z
source MITRE
title #StopRansomware: Royal Ransomware

#StopRansomware: Royal Ransomware | CISA

Cybersecurity and Infrastructure Security Agency. (2023, March 2). #StopRansomware: Royal Ransomware | CISA. Retrieved May 10, 2023.

Internal MISP references

UUID dd094572-da2e-4e54-9e54-b243dd4fcd2b which can be used as unique global reference for #StopRansomware: Royal Ransomware | CISA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-10T00:00:00Z
date_published 2023-03-02T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title #StopRansomware: Royal Ransomware

U.S. CISA Vice Society September 2022

Cybersecurity and Infrastructure Security Agency. (2022, September 8). #StopRansomware: Vice Society. Retrieved May 19, 2023.

Internal MISP references

UUID 0a754513-5f20-44a0-8cea-c5d9519106c8 which can be used as unique global reference for U.S. CISA Vice Society September 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-19T00:00:00Z
date_published 2022-09-08T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title #StopRansomware: Vice Society

Stordiag.exe - LOLBAS Project

LOLBAS. (2021, October 21). Stordiag.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 5e52a211-7ef6-42bd-93a1-5902f5e1c2ea which can be used as unique global reference for Stordiag.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-10-21T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Stordiag.exe

Pentestlab Stored Credentials

netbiosX. (2017, April 19). Stored Credentials. Retrieved April 6, 2018.

Internal MISP references

UUID 5be9afb8-749e-45a2-8e86-b5e6dc167b41 which can be used as unique global reference for Pentestlab Stored Credentials in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-06T00:00:00Z
date_published 2017-04-19T00:00:00Z
source MITRE
title Stored Credentials

store_pwd_rev_enc

Microsoft. (2021, October 28). Store passwords using reversible encryption. Retrieved January 3, 2022.

Internal MISP references

UUID d3b9df24-b776-4658-9bb4-f43a2fe0094c which can be used as unique global reference for store_pwd_rev_enc in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-03T00:00:00Z
date_published 2021-10-28T00:00:00Z
source MITRE
title Store passwords using reversible encryption

IBM Storwize

IBM Support. (2017, April 26). Storwize USB Initialization Tool may contain malicious code. Retrieved May 28, 2019.

Internal MISP references

UUID 321cf27a-327d-4824-84d0-56634d3b86f5 which can be used as unique global reference for IBM Storwize in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-28T00:00:00Z
date_published 2017-04-26T00:00:00Z
source MITRE
title Storwize USB Initialization Tool may contain malicious code

G Data Sodinokibi June 2019

Han, Karsten. (2019, June 4). Strange Bits: Sodinokibi Spam, CinaRAT, and Fake G DATA. Retrieved August 4, 2020.

Internal MISP references

UUID 03b1ef5a-aa63-453a-affc-aa0caf174ce4 which can be used as unique global reference for G Data Sodinokibi June 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-04T00:00:00Z
date_published 2019-06-04T00:00:00Z
source MITRE
title Strange Bits: Sodinokibi Spam, CinaRAT, and Fake G DATA

Windows Blogs Microsoft Edge Sandbox

Cowan, C. (2017, March 23). Strengthening the Microsoft Edge Sandbox. Retrieved March 12, 2018.

Internal MISP references

UUID d7097b1e-507b-4626-9cef-39367c09f722 which can be used as unique global reference for Windows Blogs Microsoft Edge Sandbox in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-12T00:00:00Z
date_published 2017-03-23T00:00:00Z
source MITRE
title Strengthening the Microsoft Edge Sandbox

ComputerWeekly Strider

Warwick Ashford. (2016, August 8). Strider cyber attack group deploying malware for espionage. Retrieved January 10, 2024.

Internal MISP references

UUID dc9cfd06-54fb-553c-b538-1e93fed6c538 which can be used as unique global reference for ComputerWeekly Strider in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-10T00:00:00Z
date_published 2016-08-08T00:00:00Z
source MITRE
title Strider cyber attack group deploying malware for espionage

Symantec Strider Blog

Symantec Security Response. (2016, August 7). Strider: Cyberespionage group turns eye of Sauron on targets. Retrieved August 17, 2016.

Internal MISP references

UUID 664eac41-257f-4d4d-aba5-5d2e8e2117a7 which can be used as unique global reference for Symantec Strider Blog in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-17T00:00:00Z
date_published 2016-08-07T00:00:00Z
source MITRE, Tidal Cyber
title Strider: Cyberespionage group turns eye of Sauron on targets

Cybereason StrifeWater Feb 2022

Cybereason Nocturnus. (2022, February 1). StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations. Retrieved August 15, 2022.

Internal MISP references

UUID 30c911b2-9a5e-4510-a78c-c65e84398c7e which can be used as unique global reference for Cybereason StrifeWater Feb 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-15T00:00:00Z
date_published 2022-02-01T00:00:00Z
source MITRE
title StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations

Bitdefender StrongPity June 2020

Tudorica, R. et al. (2020, June 30). StrongPity APT - Revealing Trojanized Tools, Working Hours and Infrastructure. Retrieved July 20, 2020.

Internal MISP references

UUID 7d2e20f2-20ba-4d51-9495-034c07be41a8 which can be used as unique global reference for Bitdefender StrongPity June 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-20T00:00:00Z
date_published 2020-06-30T00:00:00Z
source MITRE
title StrongPity APT - Revealing Trojanized Tools, Working Hours and Infrastructure

welivesec_strongpity

Stefanko, L. (2023, January 10). StrongPity espionage campaign targeting Android users. Retrieved January 31, 2023.

Internal MISP references

UUID 1b89df2c-e756-599a-9f7f-a5230db9de46 which can be used as unique global reference for welivesec_strongpity in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-01-31T00:00:00Z
date_published 2023-01-10T00:00:00Z
source MITRE
title StrongPity espionage campaign targeting Android users

Microsoft STRONTIUM New Patterns Cred Harvesting Sept 2020

Microsoft Threat Intelligence Center (MSTIC). (2020, September 10). STRONTIUM: Detecting new patterns in credential harvesting. Retrieved September 11, 2020.

Internal MISP references

UUID 0a65008c-acdd-40fa-af1a-3d9941af8eac which can be used as unique global reference for Microsoft STRONTIUM New Patterns Cred Harvesting Sept 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-11T00:00:00Z
date_published 2020-09-10T00:00:00Z
source MITRE
title STRONTIUM: Detecting new patterns in credential harvesting

ESET Stuxnet Under the Microscope

Matrosov, A., Rodionov, E., Harley, D., Malcho, J.. (n.d.). Stuxnet Under the Microscope. Retrieved December 7, 2020.

Internal MISP references

UUID 4ec039a9-f843-42de-96ed-185c4e8c2d9f which can be used as unique global reference for ESET Stuxnet Under the Microscope in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-07T00:00:00Z
source MITRE
title Stuxnet Under the Microscope

subTee .NET Profilers May 2017

Smith, C. (2017, May 18). Subvert CLR Process Listing With .NET Profilers. Retrieved June 24, 2020.

Internal MISP references

UUID 6ef42019-5393-423e-811d-29b728c877e1 which can be used as unique global reference for subTee .NET Profilers May 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-24T00:00:00Z
date_published 2017-05-18T00:00:00Z
source MITRE
title Subvert CLR Process Listing With .NET Profilers

SpectorOps Subverting Trust Sept 2017

Graeber, M. (2017, September). Subverting Trust in Windows. Retrieved January 31, 2018.

Internal MISP references

UUID 0b6e7651-0e17-4101-ab2b-22cb09fe1691 which can be used as unique global reference for SpectorOps Subverting Trust Sept 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-31T00:00:00Z
date_published 2017-09-01T00:00:00Z
source MITRE
title Subverting Trust in Windows

Symantec Suckfly March 2016

DiMaggio, J. (2016, March 15). Suckfly: Revealing the secret life of your code signing certificates. Retrieved August 3, 2016.

Internal MISP references

UUID 8711c175-e405-4cb0-8c86-8aaa471e5573 which can be used as unique global reference for Symantec Suckfly March 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-03T00:00:00Z
date_published 2016-03-15T00:00:00Z
source MITRE, Tidal Cyber
title Suckfly: Revealing the secret life of your code signing certificates

sudo man page 2018

Todd C. Miller. (2018). Sudo Man Page. Retrieved March 19, 2018.

Internal MISP references

UUID 659d4302-d4cf-41af-8007-aa1da0208aa0 which can be used as unique global reference for sudo man page 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-19T00:00:00Z
date_published 2018-01-01T00:00:00Z
source MITRE
title Sudo Man Page

FireEye SUNBURST Additional Details Dec 2020

Stephen Eckels, Jay Smith, William Ballenthin. (2020, December 24). SUNBURST Additional Technical Details. Retrieved January 6, 2021.

Internal MISP references

UUID c5d94f7f-f796-4872-9a19-f030c825588e which can be used as unique global reference for FireEye SUNBURST Additional Details Dec 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-06T00:00:00Z
date_published 2020-12-24T00:00:00Z
source MITRE
title SUNBURST Additional Technical Details

CheckPoint Sunburst & Teardrop December 2020

Check Point Research. (2020, December 22). SUNBURST, TEARDROP and the NetSec New Normal. Retrieved January 6, 2021.

Internal MISP references

UUID 4e3d9201-83d4-5375-b3b7-e00dfb16342d which can be used as unique global reference for CheckPoint Sunburst & Teardrop December 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-06T00:00:00Z
date_published 2020-12-22T00:00:00Z
source MITRE
title SUNBURST, TEARDROP and the NetSec New Normal

Check Point Sunburst Teardrop December 2020

Check Point Research. (2020, December 22). SUNBURST, TEARDROP and the NetSec New Normal. Retrieved January 6, 2021.

Internal MISP references

UUID a6b75979-af51-42ed-9bb9-01d5fb9ceac9 which can be used as unique global reference for Check Point Sunburst Teardrop December 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-06T00:00:00Z
date_published 2020-12-22T00:00:00Z
source MITRE
title SUNBURST, TEARDROP and the NetSec New Normal

CrowdStrike SUNSPOT Implant January 2021

CrowdStrike Intelligence Team. (2021, January 11). SUNSPOT: An Implant in the Build Process. Retrieved January 11, 2021.

Internal MISP references

UUID 3a7b71cf-961a-4f63-84a8-31b43b18fb95 which can be used as unique global reference for CrowdStrike SUNSPOT Implant January 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-11T00:00:00Z
date_published 2021-01-11T00:00:00Z
source MITRE
title SUNSPOT: An Implant in the Build Process

Kaspersky Superfish

Onuma. (2015, February 24). Superfish: Adware Preinstalled on Lenovo Laptops. Retrieved February 20, 2017.

Internal MISP references

UUID 3d554c05-992c-41f3-99f4-6b0baac56b3a which can be used as unique global reference for Kaspersky Superfish in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-02-20T00:00:00Z
date_published 2015-02-24T00:00:00Z
source MITRE
title Superfish: Adware Preinstalled on Lenovo Laptops

Unit42 SUPERNOVA Dec 2020

Tennis, M. (2020, December 17). SUPERNOVA: A Novel .NET Webshell. Retrieved February 22, 2021.

Internal MISP references

UUID e884d0b5-f2a2-47cb-bb77-3acdac6b1790 which can be used as unique global reference for Unit42 SUPERNOVA Dec 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-22T00:00:00Z
date_published 2020-12-17T00:00:00Z
source MITRE
title SUPERNOVA: A Novel .NET Webshell

Guidepoint SUPERNOVA Dec 2020

Riley, W. (2020, December 1). SUPERNOVA SolarWinds .NET Webshell Analysis. Retrieved February 18, 2021.

Internal MISP references

UUID 78fee365-ab2b-4823-8358-46c362be1ac0 which can be used as unique global reference for Guidepoint SUPERNOVA Dec 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-18T00:00:00Z
date_published 2020-12-01T00:00:00Z
source MITRE
title SUPERNOVA SolarWinds .NET Webshell Analysis

00sec Droppers

0x00pico. (2017, September 25). Super-Stealthy Droppers. Retrieved October 4, 2021.

Internal MISP references

UUID 7569e79b-5a80-4f42-b467-8548cc9fc319 which can be used as unique global reference for 00sec Droppers in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-04T00:00:00Z
date_published 2017-09-25T00:00:00Z
source MITRE
title Super-Stealthy Droppers

FireEyeSupplyChain

FireEye. (2014). SUPPLY CHAIN ANALYSIS: From Quartermaster to SunshopFireEye. Retrieved March 6, 2017.

Internal MISP references

UUID 0647b285-963b-4427-bc96-a17b5f8839a9 which can be used as unique global reference for FireEyeSupplyChain in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-06T00:00:00Z
date_published 2014-01-01T00:00:00Z
source MITRE
title SUPPLY CHAIN ANALYSIS: From Quartermaster to SunshopFireEye

Moran 2013

Moran, N., & Villeneuve, N. (2013, August 12). Survival of the Fittest: New York Times Attackers Evolve Quickly [Blog]. Retrieved November 12, 2014.

Internal MISP references

UUID d38bdb47-1a8d-43f8-b7ed-dfa5e430ac2f which can be used as unique global reference for Moran 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
date_published 2013-08-12T00:00:00Z
source MITRE
title Survival of the Fittest: New York Times Attackers Evolve Quickly [Blog]

4 - appv

John Fokker. (2022, March 17). Suspected DarkHotel APT activity update. Retrieved February 6, 2024.

Internal MISP references

UUID 2b64284f-bc2c-5ca5-bf16-f862345cef80 which can be used as unique global reference for 4 - appv in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-06T00:00:00Z
date_published 2022-03-17T00:00:00Z
source MITRE
title Suspected DarkHotel APT activity update

Dell Threat Group 2889

Dell SecureWorks. (2015, October 7). Suspected Iran-Based Hacker Group Creates Network of Fake LinkedIn Profiles. Retrieved January 14, 2016.

Internal MISP references

UUID de7003cb-5127-4fd7-9475-d69e0d7f5cc8 which can be used as unique global reference for Dell Threat Group 2889 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-14T00:00:00Z
date_published 2015-10-07T00:00:00Z
source MITRE
title Suspected Iran-Based Hacker Group Creates Network of Fake LinkedIn Profiles

Mandiant UNC3890 Aug 2022

Mandiant Israel Research Team. (2022, August 17). Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors. Retrieved September 21, 2022.

Internal MISP references

UUID 7b3fda0b-d327-4f02-bebe-2b8974f9959d which can be used as unique global reference for Mandiant UNC3890 Aug 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-21T00:00:00Z
date_published 2022-08-17T00:00:00Z
source MITRE
title Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors

Suspected Russian Activity Targeting Government and Business Entities Around the Globe

Luke Jenkins, Sarah Hawley, Parnian Najafi, Doug Bienstock. (2021, December 6). Suspected Russian Activity Targeting Government and Business Entities Around the Globe. Retrieved April 15, 2022.

Internal MISP references

UUID f45a0551-8d49-4d40-989f-659416dc25ec which can be used as unique global reference for Suspected Russian Activity Targeting Government and Business Entities Around the Globe in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-15T00:00:00Z
date_published 2021-12-06T00:00:00Z
source MITRE
title Suspected Russian Activity Targeting Government and Business Entities Around the Globe

NCSC et al APT29 2024

UK National Cyber Security Center et al. (2024, February). SVR cyber actors adapt tactics for initial cloud access. Retrieved March 1, 2024.

Internal MISP references

UUID e04e6419-a086-598d-a794-925e42f3f237 which can be used as unique global reference for NCSC et al APT29 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-01T00:00:00Z
date_published 2024-02-01T00:00:00Z
source MITRE
title SVR cyber actors adapt tactics for initial cloud access

U.S. CISA APT29 Cloud Access

Cybersecurity and Infrastructure Security Agency. (2024, February 26). SVR Cyber Actors Adapt Tactics for Initial Cloud Access. Retrieved March 1, 2024.

Internal MISP references

UUID e9e08eca-1e01-4ff0-a8ef-49ecf66aaf3d which can be used as unique global reference for U.S. CISA APT29 Cloud Access in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-01T00:00:00Z
date_published 2024-02-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title SVR Cyber Actors Adapt Tactics for Initial Cloud Access

Recorded Future Turla Infra 2020

Insikt Group. (2020, March 12). Swallowing the Snake’s Tail: Tracking Turla Infrastructure. Retrieved October 20, 2020.

Internal MISP references

UUID 73aaff33-5a0e-40b7-a089-77ac57da8dca which can be used as unique global reference for Recorded Future Turla Infra 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2020-03-12T00:00:00Z
source MITRE
title Swallowing the Snake’s Tail: Tracking Turla Infrastructure

Microsoft Sxstrace

Gerend, J. et al.. (2017, October 16). sxstrace. Retrieved April 26, 2021.

Internal MISP references

UUID a0a753c6-7d8c-4ad9-91a9-a2c385178054 which can be used as unique global reference for Microsoft Sxstrace in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-26T00:00:00Z
date_published 2017-10-16T00:00:00Z
source MITRE
title sxstrace

Alienvault Sykipot DOD Smart Cards

Blasco, J. (2012, January 12). Sykipot variant hijacks DOD and Windows smart cards. Retrieved January 10, 2016.

Internal MISP references

UUID 1a96544f-5b4e-4e1a-8db0-a989df9e4aaa which can be used as unique global reference for Alienvault Sykipot DOD Smart Cards in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-10T00:00:00Z
date_published 2012-01-12T00:00:00Z
source MITRE
title Sykipot variant hijacks DOD and Windows smart cards

SecureList SynAck Doppelgänging May 2018

Ivanov, A. et al. (2018, May 7). SynAck targeted ransomware uses the Doppelgänging technique. Retrieved May 22, 2018.

Internal MISP references

UUID d9f0af0f-8a65-406b-9d7e-4051086ef301 which can be used as unique global reference for SecureList SynAck Doppelgänging May 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-22T00:00:00Z
date_published 2018-05-07T00:00:00Z
source MITRE
title SynAck targeted ransomware uses the Doppelgänging technique

6 - appv

Strontic. (n.d.). SyncAppvPublishingServer.exe. Retrieved February 6, 2024.

Internal MISP references

UUID bc5d8a1a-5cf9-5974-bf13-245fa53721da which can be used as unique global reference for 6 - appv in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-06T00:00:00Z
source MITRE
title SyncAppvPublishingServer.exe

SyncAppvPublishingServer.exe - LOLBAS Project

LOLBAS. (2018, May 25). SyncAppvPublishingServer.exe. Retrieved December 4, 2023.

Internal MISP references

UUID ce371df7-aab6-4338-9491-656481cb5601 which can be used as unique global reference for SyncAppvPublishingServer.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title SyncAppvPublishingServer.exe

5 - appv

Nick Landers, Casey Smith. (n.d.). /Syncappvpublishingserver.vbs. Retrieved February 6, 2024.

Internal MISP references

UUID 926c9e06-cc6a-55ea-8436-1211b4cc4d92 which can be used as unique global reference for 5 - appv in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-06T00:00:00Z
source MITRE
title /Syncappvpublishingserver.vbs

Syncappvpublishingserver.vbs - LOLBAS Project

LOLBAS. (2018, May 25). Syncappvpublishingserver.vbs. Retrieved December 4, 2023.

Internal MISP references

UUID adb09226-894c-4874-a2e3-fb2c6de30173 which can be used as unique global reference for Syncappvpublishingserver.vbs - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Syncappvpublishingserver.vbs

Mac Time Sync

Cone, Matt. (2021, January 14). Synchronize your Mac's Clock with a Time Server. Retrieved March 27, 2024.

Internal MISP references

UUID b36dd8af-045d-57b0-b0a9-45d831fe6373 which can be used as unique global reference for Mac Time Sync in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-27T00:00:00Z
date_published 2021-01-14T00:00:00Z
source MITRE
title Synchronize your Mac's Clock with a Time Server

Mandiant - Synful Knock

Bill Hau, Tony Lee, Josh Homan. (2015, September 15). SYNful Knock - A Cisco router implant - Part I. Retrieved October 19, 2020.

Internal MISP references

UUID 1f6eaa98-9184-4341-8634-5512a9c632dd which can be used as unique global reference for Mandiant - Synful Knock in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
date_published 2015-09-15T00:00:00Z
source MITRE
title SYNful Knock - A Cisco router implant - Part I

sysdig

Sysdig. (2023). Sysdig Global Cloud Threat Report. Retrieved March 1, 2024.

Internal MISP references

UUID 80cb54c2-2c44-5e19-bbc5-da9f4aaf976a which can be used as unique global reference for sysdig in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-01T00:00:00Z
date_published 2023-01-01T00:00:00Z
source MITRE
title Sysdig Global Cloud Threat Report

Sysmon EID 9

Russinovich, R. & Garnier, T. (2021, August 18). Sysmon Event ID 9. Retrieved September 24, 2021.

Internal MISP references

UUID b24440b2-43c3-46f2-be4c-1147f6acfe57 which can be used as unique global reference for Sysmon EID 9 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-24T00:00:00Z
date_published 2021-08-18T00:00:00Z
source MITRE
title Sysmon Event ID 9

Microsoft Sysmon v6 May 2017

Russinovich, M. & Garnier, T. (2017, May 22). Sysmon v6.20. Retrieved December 13, 2017.

Internal MISP references

UUID 41cd9e06-a56c-4b68-948c-efc497a8d0dc which can be used as unique global reference for Microsoft Sysmon v6 May 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-13T00:00:00Z
date_published 2017-05-22T00:00:00Z
source MITRE
title Sysmon v6.20

Syssetup.dll - LOLBAS Project

LOLBAS. (2018, May 25). Syssetup.dll. Retrieved December 4, 2023.

Internal MISP references

UUID 3bb7027f-7cbb-47e7-8cbb-cf45604669af which can be used as unique global reference for Syssetup.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Syssetup.dll

System and kernel extensions in macOS

Apple. (n.d.). System and kernel extensions in macOS. Retrieved March 31, 2022.

Internal MISP references

UUID e5c4974d-dfd4-4c1c-ba4c-b6fb276effac which can be used as unique global reference for System and kernel extensions in macOS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-31T00:00:00Z
source MITRE
title System and kernel extensions in macOS

Linux man-pages: systemd January 2014

Linux man-pages. (2014, January). systemd(1) - Linux manual page. Retrieved April 23, 2019.

Internal MISP references

UUID e9a58efd-8de6-40c9-9638-c642311d6a07 which can be used as unique global reference for Linux man-pages: systemd January 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-23T00:00:00Z
date_published 2014-01-01T00:00:00Z
source MITRE
title systemd(1) - Linux manual page

FreeDesktop Journal

freedesktop.org. (n.d.). systemd-journald.service. Retrieved June 15, 2022.

Internal MISP references

UUID 5ded9060-9a23-42dc-b13b-15e4e3ccabf9 which can be used as unique global reference for FreeDesktop Journal in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-15T00:00:00Z
source MITRE
title systemd-journald.service

Ubuntu Manpage systemd rc

Canonical Ltd.. (n.d.). systemd-rc-local-generator - Compatibility generator for starting /etc/rc.local and /usr/sbin/halt.local during boot and shutdown. Retrieved February 23, 2021.

Internal MISP references

UUID 6be16aba-a37f-49c4-9a36-51d2676f64e6 which can be used as unique global reference for Ubuntu Manpage systemd rc in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-23T00:00:00Z
source MITRE
title systemd-rc-local-generator - Compatibility generator for starting /etc/rc.local and /usr/sbin/halt.local during boot and shutdown

Systemd Service Units

Freedesktop.org. (n.d.). systemd.service — Service unit configuration. Retrieved March 16, 2020.

Internal MISP references

UUID 43bae447-d2e3-4b53-b17b-12a0b54ac604 which can be used as unique global reference for Systemd Service Units in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-16T00:00:00Z
source MITRE
title systemd.service — Service unit configuration

freedesktop systemd.service

Free Desktop. (n.d.). systemd.service — Service unit configuration. Retrieved March 20, 2023.

Internal MISP references

UUID cae49a7a-db3b-5202-ba45-fbfa98b073c9 which can be used as unique global reference for freedesktop systemd.service in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-20T00:00:00Z
source MITRE
title systemd.service — Service unit configuration

systemdsleep Linux

Man7. (n.d.). systemd-sleep.conf(5) — Linux manual page. Retrieved June 7, 2023.

Internal MISP references

UUID 9537f6f9-1521-5c21-b14f-ac459a2d1b70 which can be used as unique global reference for systemdsleep Linux in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-07T00:00:00Z
source MITRE
title systemd-sleep.conf(5) — Linux manual page

Freedesktop.org Linux systemd 29SEP2018

Freedesktop.org. (2018, September 29). systemd System and Service Manager. Retrieved April 23, 2019.

Internal MISP references

UUID 940dcbbe-45d3-4f36-8d48-d606d41a679e which can be used as unique global reference for Freedesktop.org Linux systemd 29SEP2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-23T00:00:00Z
date_published 2018-09-29T00:00:00Z
source MITRE
title systemd System and Service Manager

archlinux Systemd Timers Aug 2020

archlinux. (2020, August 11). systemd/Timers. Retrieved October 12, 2020.

Internal MISP references

UUID 670f02f1-3927-4f38-aa2b-9ca0d8cf5b8e which can be used as unique global reference for archlinux Systemd Timers Aug 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-12T00:00:00Z
date_published 2020-08-11T00:00:00Z
source MITRE
title systemd/Timers

TechNet Systeminfo

Microsoft. (n.d.). Systeminfo. Retrieved April 8, 2016.

Internal MISP references

UUID 5462ba66-6e26-41c2-bc28-6c19085d4469 which can be used as unique global reference for TechNet Systeminfo in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-08T00:00:00Z
source MITRE
title Systeminfo

Peripheral Discovery macOS

SS64. (n.d.). system_profiler. Retrieved March 11, 2022.

Internal MISP references

UUID 2a3c5216-b153-4d89-b0b1-f32af3aa83d0 which can be used as unique global reference for Peripheral Discovery macOS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-11T00:00:00Z
source MITRE
title system_profiler

MSDN System Time

Microsoft. (n.d.). System Time. Retrieved November 25, 2016.

Internal MISP references

UUID 5e15e03b-be8b-4f3d-a3ae-0df7a4ecfbec which can be used as unique global reference for MSDN System Time in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-11-25T00:00:00Z
source MITRE
title System Time

linux system time

ArchLinux. (2024, February 1). System Time. Retrieved March 27, 2024.

Internal MISP references

UUID 2dfd22d7-c78b-5967-b732-736f37ea5489 which can be used as unique global reference for linux system time in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-27T00:00:00Z
date_published 2024-02-01T00:00:00Z
source MITRE
title System Time

atomic-red proc file system

Atomic Red Team. (2023, November). T1003.007 - OS Credential Dumping: Proc Filesystem. Retrieved March 28, 2024.

Internal MISP references

UUID c7e77109-36d3-5549-a0f7-bacc0d9288b2 which can be used as unique global reference for atomic-red proc file system in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-28T00:00:00Z
date_published 2023-11-01T00:00:00Z
source MITRE
title T1003.007 - OS Credential Dumping: Proc Filesystem

T1562.002_redcanaryco

redcanaryco. (2021, September 3). T1562.002 - Disable Windows Event Logging. Retrieved September 13, 2021.

Internal MISP references

UUID e136f5a2-d4c2-4c6c-8f72-0f8ed9abeed1 which can be used as unique global reference for T1562.002_redcanaryco in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-13T00:00:00Z
date_published 2021-09-03T00:00:00Z
source MITRE
title T1562.002 - Disable Windows Event Logging

Palo Alto T9000 Feb 2016

Grunzweig, J. and Miller-Osborn, J.. (2016, February 4). T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques. Retrieved April 15, 2016.

Internal MISP references

UUID d7eefe85-86cf-4b9d-bf70-f16c5a0227cc which can be used as unique global reference for Palo Alto T9000 Feb 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-15T00:00:00Z
date_published 2016-02-04T00:00:00Z
source MITRE
title T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques

US-CERT TA18-068A 2018

US-CERT. (2018, March 27). TA18-068A Brute Force Attacks Conducted by Cyber Actors. Retrieved October 2, 2019.

Internal MISP references

UUID d9992f57-8ff3-432f-b445-937ff4a6ebf9 which can be used as unique global reference for US-CERT TA18-068A 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-02T00:00:00Z
date_published 2018-03-27T00:00:00Z
source MITRE
title TA18-068A Brute Force Attacks Conducted by Cyber Actors

Browers FriarFox

Raggi, Michael. Proofpoint Threat Research Team. (2021, February 25). TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organizations. Retrieved February 26, 2024.

Internal MISP references

UUID 3fe79fc8-c86d-57ad-961f-30fddd0e5f62 which can be used as unique global reference for Browers FriarFox in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-26T00:00:00Z
date_published 2021-02-25T00:00:00Z
source MITRE
title TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organizations

Proofpoint TA416 November 2020

Proofpoint Threat Research Team. (2020, November 23). TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader. Retrieved April 13, 2021.

Internal MISP references

UUID f72685de-c775-41c4-94ed-45fd7f873a1d which can be used as unique global reference for Proofpoint TA416 November 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-13T00:00:00Z
date_published 2020-11-23T00:00:00Z
source MITRE
title TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader

NCC Group TA505

Terefos, A. (2020, November 18). TA505: A Brief History of Their Time. Retrieved July 14, 2022.

Internal MISP references

UUID 45e0b869-5447-491b-9e8b-fbf63c62f5d6 which can be used as unique global reference for NCC Group TA505 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-14T00:00:00Z
date_published 2020-11-18T00:00:00Z
source MITRE
title TA505: A Brief History of Their Time

ProofPoint SettingContent-ms July 2018

Proofpoint Staff. (2018, July 19). TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT. Retrieved April 19, 2019.

Internal MISP references

UUID 4f92af77-0428-4c67-8eec-98ecc3b55630 which can be used as unique global reference for ProofPoint SettingContent-ms July 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-19T00:00:00Z
date_published 2018-07-19T00:00:00Z
source MITRE
title TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT

IBM TA505 April 2020

Frydrych, M. (2020, April 14). TA505 Continues to Infect Networks With SDBbot RAT. Retrieved May 29, 2020.

Internal MISP references

UUID bcef8bf8-5fc2-4921-b920-74ef893b8a27 which can be used as unique global reference for IBM TA505 April 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-29T00:00:00Z
date_published 2020-04-14T00:00:00Z
source MITRE
title TA505 Continues to Infect Networks With SDBbot RAT

Proofpoint TA505 October 2019

Schwarz, D. et al. (2019, October 16). TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader. Retrieved May 29, 2020.

Internal MISP references

UUID 711ea2b3-58e2-4b38-aa71-877029c12e64 which can be used as unique global reference for Proofpoint TA505 October 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-29T00:00:00Z
date_published 2019-10-16T00:00:00Z
source MITRE
title TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader

Proofpoint TA505 June 2018

Proofpoint Staff. (2018, June 8). TA505 shifts with the times. Retrieved May 28, 2019.

Internal MISP references

UUID e48dec7b-5635-4ae0-b0db-229660806c06 which can be used as unique global reference for Proofpoint TA505 June 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-28T00:00:00Z
date_published 2018-06-08T00:00:00Z
source MITRE
title TA505 shifts with the times

TrendMicro TA505 Aug 2019

Trend Micro. (2019, August 27). TA505: Variety in Use of ServHelper and FlawedAmmyy. Retrieved February 22, 2021.

Internal MISP references

UUID 460758ea-ed3e-4e9b-ba2e-97c9d42154a4 which can be used as unique global reference for TrendMicro TA505 Aug 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-22T00:00:00Z
date_published 2019-08-27T00:00:00Z
source MITRE
title TA505: Variety in Use of ServHelper and FlawedAmmyy

Unit 42 TA551 Jan 2021

Duncan, B. (2021, January 7). TA551: Email Attack Campaign Switches from Valak to IcedID. Retrieved March 17, 2021.

Internal MISP references

UUID 8e34bf1e-86ce-4d52-a6fa-037572766e99 which can be used as unique global reference for Unit 42 TA551 Jan 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-17T00:00:00Z
date_published 2021-01-07T00:00:00Z
source MITRE
title TA551: Email Attack Campaign Switches from Valak to IcedID

Proofpoint February 23 2023

Proofpoint. (2023, February 23). TA569: SocGholish and Beyond | Proofpoint US. Retrieved May 7, 2023.

Internal MISP references

UUID fe7924b1-a385-4784-b308-15c2d0dbd840 which can be used as unique global reference for Proofpoint February 23 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2023-02-23T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title TA569: SocGholish and Beyond

TA571

Axel F, Selena Larson. (2023, October 30). TA571 Delivers IcedID Forked Loader. Retrieved February 13, 2024.

Internal MISP references

UUID 5b463ad7-f425-5e70-b0b0-28514730a888 which can be used as unique global reference for TA571 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-13T00:00:00Z
date_published 2023-10-30T00:00:00Z
source MITRE
title TA571 Delivers IcedID Forked Loader

IBM TA577 OneNote Malspam

IBM X-Force. (2023, May 30). TA577 OneNote Malspam Results in QakBot Deployment. Retrieved January 24, 2024.

Internal MISP references

UUID 30ebffb8-be3e-4094-a41b-882aec9e14b8 which can be used as unique global reference for IBM TA577 OneNote Malspam in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-24T00:00:00Z
date_published 2023-05-30T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title TA577 OneNote Malspam Results in QakBot Deployment

Proofpoint TA577 NTLM March 4 2024

Tommy Madjar, Kelsey Merriman, Selena Larson, Proofpoint Threat Research Team. (2024, March 4). TA577’s Unusual Attack Chain Leads to NTLM Data Theft. Retrieved March 11, 2024.

Internal MISP references

UUID bbbef77a-8cd8-411c-a8a7-7faa7b5fdb2c which can be used as unique global reference for Proofpoint TA577 NTLM March 4 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-11T00:00:00Z
date_published 2024-03-04T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title TA577’s Unusual Attack Chain Leads to NTLM Data Theft

Cobalt Strike TTPs Dec 2017

Cobalt Strike. (2017, December 8). Tactics, Techniques, and Procedures. Retrieved December 20, 2017.

Internal MISP references

UUID ee56d7a3-32c4-4f75-ad0c-73164a83b5a6 which can be used as unique global reference for Cobalt Strike TTPs Dec 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 2017-12-08T00:00:00Z
source MITRE
title Tactics, Techniques, and Procedures

Reuters Taiwan BlackTech August 2020

Lee, Y. (2020, August 19). Taiwan says China behind cyberattacks on government agencies, emails. Retrieved April 6, 2022.

Internal MISP references

UUID 77293f88-e336-4786-b042-7f0080bbff32 which can be used as unique global reference for Reuters Taiwan BlackTech August 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-06T00:00:00Z
date_published 2020-08-19T00:00:00Z
source MITRE
title Taiwan says China behind cyberattacks on government agencies, emails

Microsoft Process Snapshot

Microsoft. (n.d.). Taking a Snapshot and Viewing Processes. Retrieved December 12, 2017.

Internal MISP references

UUID 6e4b1921-99b2-41ce-a7dc-72c05b17c682 which can be used as unique global reference for Microsoft Process Snapshot in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-12T00:00:00Z
source MITRE
title Taking a Snapshot and Viewing Processes

Lacework TeamTNT May 2021

Stroud, J. (2021, May 25). Taking TeamTNT's Docker Images Offline. Retrieved September 22, 2021.

Internal MISP references

UUID 5908b04b-dbca-4fd8-bacc-141ef15546a1 which can be used as unique global reference for Lacework TeamTNT May 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-22T00:00:00Z
date_published 2021-05-25T00:00:00Z
source MITRE
title Taking TeamTNT's Docker Images Offline

Datadog ECS January 19 2024

Martin McCloskey, Christophe Tafani-Dereeper. (2024, January 19). Tales from the cloud trenches: Amazon ECS is the new EC2 for crypto mining. Retrieved April 11, 2024.

Internal MISP references

UUID 7e4e44a7-b079-41af-b41d-176ba7e99563 which can be used as unique global reference for Datadog ECS January 19 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-11T00:00:00Z
date_published 2024-01-19T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Tales from the cloud trenches: Amazon ECS is the new EC2 for crypto mining

Splunk Kovar Certificates 2017

Kovar, R. (2017, December 11). Tall Tales of Hunting with TLS/SSL Certificates. Retrieved October 16, 2020.

Internal MISP references

UUID 2b341021-897e-4e3f-9141-825d3501c498 which can be used as unique global reference for Splunk Kovar Certificates 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-16T00:00:00Z
date_published 2017-12-11T00:00:00Z
source MITRE
title Tall Tales of Hunting with TLS/SSL Certificates

Dragos TALONITE

Dragos. (null). TALONITE. Retrieved February 25, 2021.

Internal MISP references

UUID f8ef1920-a4ad-4d65-b9de-8357d75f6929 which can be used as unique global reference for Dragos TALONITE in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-25T00:00:00Z
source MITRE
title TALONITE

Talos Sodinokibi April 2019

Cadieux, P, et al (2019, April 30). Sodinokibi ransomware exploits WebLogic Server vulnerability. Retrieved August 4, 2020.

Internal MISP references

UUID fb948877-da2b-4abd-9d57-de9866b7a7c2 which can be used as unique global reference for Talos Sodinokibi April 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-04T00:00:00Z
source MITRE
title Talos Sodinokibi April 2019

Medium Event Tracing Tampering 2018

Palantir. (2018, December 24). Tampering with Windows Event Tracing: Background, Offense, and Defense. Retrieved June 7, 2019.

Internal MISP references

UUID cd1a7b9a-183f-4acf-95c8-14d9475d0551 which can be used as unique global reference for Medium Event Tracing Tampering 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-07T00:00:00Z
date_published 2018-12-24T00:00:00Z
source MITRE
title Tampering with Windows Event Tracing: Background, Offense, and Defense

Tar.exe - LOLBAS Project

LOLBAS. (2023, January 30). Tar.exe. Retrieved December 4, 2023.

Internal MISP references

UUID e5f54ded-3ec1-49c1-9302-6b9f372d5015 which can be used as unique global reference for Tar.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2023-01-30T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Tar.exe

NGLite Trojan

Robert Falcone, Jeff White, and Peter Renals. (2021, November 7). Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer. Retrieved February 8, 2024.

Internal MISP references

UUID 7cdd99d2-bbb2-5c81-ad09-92b581f33ffe which can be used as unique global reference for NGLite Trojan in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-08T00:00:00Z
date_published 2021-11-07T00:00:00Z
source MITRE
title Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer

Netskope GCP Redirection

Ashwin Vamshi. (2019, January 24). Targeted Attacks Abusing Google Cloud Platform Open Redirection. Retrieved August 18, 2022.

Internal MISP references

UUID 18efeffc-c47b-46ad-8e7b-2eda30a406f0 which can be used as unique global reference for Netskope GCP Redirection in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-18T00:00:00Z
date_published 2019-01-24T00:00:00Z
source MITRE
title Targeted Attacks Abusing Google Cloud Platform Open Redirection

AhnLab Andariel Subgroup of Lazarus June 2018

AhnLab. (2018, June 23). Targeted attacks by Andariel Threat Group, a subgroup of the Lazarus. Retrieved September 29, 2021.

Internal MISP references

UUID bbc66e9f-98f9-4e34-b568-2833ea536f2e which can be used as unique global reference for AhnLab Andariel Subgroup of Lazarus June 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
date_published 2018-06-23T00:00:00Z
source MITRE, Tidal Cyber
title Targeted attacks by Andariel Threat Group, a subgroup of the Lazarus

Sood and Enbody

Aditya Sood and Richard Enbody. (2014, December 16). Targeted Cyber Attacks. Retrieved January 4, 2024.

Internal MISP references

UUID 61aca848-6376-560a-8f14-c23a3a9c832b which can be used as unique global reference for Sood and Enbody in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-04T00:00:00Z
date_published 2014-12-16T00:00:00Z
source MITRE
title Targeted Cyber Attacks

dharma_ransomware

Loui, E. Scheuerman, K. et al. (2020, April 16). Targeted Dharma Ransomware Intrusions Exhibit Consistent Techniques. Retrieved January 26, 2022.

Internal MISP references

UUID dfd168c0-40da-4402-a123-963eb8e2125a which can be used as unique global reference for dharma_ransomware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-26T00:00:00Z
date_published 2020-04-16T00:00:00Z
source MITRE
title Targeted Dharma Ransomware Intrusions Exhibit Consistent Techniques

Targeted SSL Stripping Attacks Are Real

Check Point. (n.d.). Targeted SSL Stripping Attacks Are Real. Retrieved May 24, 2023.

Internal MISP references

UUID 714528e8-0f2e-50a3-93c0-c560a34ba973 which can be used as unique global reference for Targeted SSL Stripping Attacks Are Real in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-24T00:00:00Z
source MITRE
title Targeted SSL Stripping Attacks Are Real

CFR Vaccine Development Threats

Council on Foreign Relations. (2020, November 28). Targeting of companies involved in vaccine development. Retrieved October 30, 2023.

Internal MISP references

UUID 2ec4f877-de9a-44bf-8236-20d7ecd631df which can be used as unique global reference for CFR Vaccine Development Threats in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-30T00:00:00Z
date_published 2020-11-28T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Targeting of companies involved in vaccine development

Tarrask scheduled task

Microsoft Threat Intelligence Team & Detection and Response Team . (2022, April 12). Tarrask malware uses scheduled tasks for defense evasion. Retrieved June 1, 2022.

Internal MISP references

UUID 87682623-d1dd-4ee8-ae68-b08be5113e3e which can be used as unique global reference for Tarrask scheduled task in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-01T00:00:00Z
date_published 2022-04-12T00:00:00Z
source MITRE
title Tarrask malware uses scheduled tasks for defense evasion

Microsoft Tasklist

Microsoft. (n.d.). Tasklist. Retrieved December 23, 2015.

Internal MISP references

UUID 2c09561a-02ee-4948-9745-9d6c8eb2881d which can be used as unique global reference for Microsoft Tasklist in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-12-23T00:00:00Z
source MITRE
title Tasklist

Microsoft Tasks

Microsoft. (2018, May 31). Tasks. Retrieved September 28, 2021.

Internal MISP references

UUID def6601b-67e6-41e5-bcf3-9c701b86fd10 which can be used as unique global reference for Microsoft Tasks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-28T00:00:00Z
date_published 2018-05-31T00:00:00Z
source MITRE
title Tasks

TechNet Task Scheduler Security

Microsoft. (2005, January 21). Task Scheduler and security. Retrieved June 8, 2016.

Internal MISP references

UUID 3a6d08ba-d79d-46f7-917d-075a98c59228 which can be used as unique global reference for TechNet Task Scheduler Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-08T00:00:00Z
date_published 2005-01-21T00:00:00Z
source MITRE
title Task Scheduler and security

tau bundlore erika noerenberg 2020

Erika Noerenberg. (2020, June 29). TAU Threat Analysis: Bundlore (macOS) mm-install-macos. Retrieved October 12, 2021.

Internal MISP references

UUID 1c62ed57-43f7-40d7-a5c9-46b40a40af0e which can be used as unique global reference for tau bundlore erika noerenberg 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-12T00:00:00Z
date_published 2020-06-29T00:00:00Z
source MITRE
title TAU Threat Analysis: Bundlore (macOS) mm-install-macos

CarbonBlack Conti July 2020

Baskin, B. (2020, July 8). TAU Threat Discovery: Conti Ransomware. Retrieved February 17, 2021.

Internal MISP references

UUID 3c3a6dc0-66f2-492e-8c9c-c0bcca73008e which can be used as unique global reference for CarbonBlack Conti July 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-17T00:00:00Z
date_published 2020-07-08T00:00:00Z
source MITRE
title TAU Threat Discovery: Conti Ransomware

CarbonBlack LockerGoga 2019

CarbonBlack Threat Analysis Unit. (2019, March 22). TAU Threat Intelligence Notification – LockerGoga Ransomware. Retrieved April 16, 2019.

Internal MISP references

UUID 9970063c-6df7-4638-a247-6b1102289372 which can be used as unique global reference for CarbonBlack LockerGoga 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-16T00:00:00Z
date_published 2019-03-22T00:00:00Z
source MITRE
title TAU Threat Intelligence Notification – LockerGoga Ransomware

GitHub Turla Driver Loader

TDL Project. (2016, February 4). TDL (Turla Driver Loader). Retrieved April 22, 2021.

Internal MISP references

UUID ed3534be-06ce-487b-911d-abe2fba70210 which can be used as unique global reference for GitHub Turla Driver Loader in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-22T00:00:00Z
date_published 2016-02-04T00:00:00Z
source MITRE
title TDL (Turla Driver Loader)

S1 Old Rat New Tricks

Landry, J. (2016, April 21). Teaching an old RAT new tricks. Retrieved October 4, 2021.

Internal MISP references

UUID 20ef3645-fb92-4e13-a5a8-99367869bcba which can be used as unique global reference for S1 Old Rat New Tricks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-04T00:00:00Z
date_published 2016-04-21T00:00:00Z
source MITRE
title Teaching an old RAT new tricks

Teams.exe - LOLBAS Project

LOLBAS. (2022, January 17). Teams.exe. Retrieved December 4, 2023.

Internal MISP references

UUID ceee2b13-331f-4019-9c27-af0ce8b25414 which can be used as unique global reference for Teams.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-01-17T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Teams.exe

TeamTNT Cloud Enumeration

Nathaniel Quist. (2021, June 4). TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations. Retrieved February 8, 2022.

Internal MISP references

UUID a672b74f-1f04-4d3a-84a6-1dd50e1a9951 which can be used as unique global reference for TeamTNT Cloud Enumeration in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-08T00:00:00Z
date_published 2021-06-04T00:00:00Z
source MITRE
title TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations

Intezer TeamTNT Explosion September 2021

Intezer. (2021, September 1). TeamTNT Cryptomining Explosion. Retrieved October 15, 2021.

Internal MISP references

UUID e0d6208b-a4d6-45f0-bb3a-6c8681630b55 which can be used as unique global reference for Intezer TeamTNT Explosion September 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-15T00:00:00Z
date_published 2021-09-01T00:00:00Z
source MITRE
title TeamTNT Cryptomining Explosion

AquaSec TeamTNT 2023

Ofek Itach and Assaf Morag. (2023, July 13). TeamTNT Reemerged with New Aggressive Cloud Campaign. Retrieved February 15, 2024.

Internal MISP references

UUID b98f1967-c62f-5afe-a2f7-4c426615d576 which can be used as unique global reference for AquaSec TeamTNT 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-15T00:00:00Z
date_published 2023-07-13T00:00:00Z
source MITRE
title TeamTNT Reemerged with New Aggressive Cloud Campaign

Talos TeamTNT

Darin Smith. (2022, April 21). TeamTNT targeting AWS, Alibaba. Retrieved July 8, 2022.

Internal MISP references

UUID acd1b4c5-da28-584e-b892-599180a8dbb0 which can be used as unique global reference for Talos TeamTNT in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-08T00:00:00Z
date_published 2022-04-21T00:00:00Z
source MITRE
title TeamTNT targeting AWS, Alibaba

Cisco Talos Intelligence Group

Darin Smith. (2022, April 21). TeamTNT targeting AWS, Alibaba. Retrieved August 4, 2022.

Internal MISP references

UUID f39b5f92-6e14-4c7f-b79d-7bade722e6d9 which can be used as unique global reference for Cisco Talos Intelligence Group in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-04T00:00:00Z
date_published 2022-04-21T00:00:00Z
source MITRE
title TeamTNT targeting AWS, Alibaba

Cado Security TeamTNT Worm August 2020

Cado Security. (2020, August 16). Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials. Retrieved September 22, 2021.

Internal MISP references

UUID 8ccab4fe-155d-44b0-b0f2-941e9f8f87db which can be used as unique global reference for Cado Security TeamTNT Worm August 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-22T00:00:00Z
date_published 2020-08-16T00:00:00Z
source MITRE
title Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials

ATT TeamTNT Chimaera September 2020

AT&T Alien Labs. (2021, September 8). TeamTNT with new campaign aka Chimaera. Retrieved September 22, 2021.

Internal MISP references

UUID 5d9f402f-4ff4-4993-8685-e5656e2f3aff which can be used as unique global reference for ATT TeamTNT Chimaera September 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-22T00:00:00Z
date_published 2021-09-08T00:00:00Z
source MITRE
title TeamTNT with new campaign aka Chimaera

OSX Coldroot RAT

Patrick Wardle. (2018, February 17). Tearing Apart the Undetected (OSX)Coldroot RAT. Retrieved August 8, 2019.

Internal MISP references

UUID 5ee3a92c-df33-4ecd-b21e-7b9a4f6de227 which can be used as unique global reference for OSX Coldroot RAT in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-08-08T00:00:00Z
date_published 2018-02-17T00:00:00Z
source MITRE
title Tearing Apart the Undetected (OSX)Coldroot RAT

Kaspersky ProjectSauron Technical Analysis

Kaspersky Lab's Global Research & Analysis Team. (2016, August 9). The ProjectSauron APT. Technical Analysis. Retrieved August 17, 2016.

Internal MISP references

UUID 1664726e-3a79-4d90-86e0-b2d50e9e0ba2 which can be used as unique global reference for Kaspersky ProjectSauron Technical Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-17T00:00:00Z
source MITRE
title Technical Analysis

McAfee Babuk February 2021

Mundo, A. et al. (2021, February). Technical Analysis of Babuk Ransomware. Retrieved August 11, 2021.

Internal MISP references

UUID bb23ca19-78bb-4406-90a4-bf82bd467e04 which can be used as unique global reference for McAfee Babuk February 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-11T00:00:00Z
date_published 2021-02-01T00:00:00Z
source MITRE
title Technical Analysis of Babuk Ransomware

Crytox Ransomware

Romain Dumont . (2022, September 21). Technical Analysis of Crytox Ransomware. Retrieved November 22, 2023.

Internal MISP references

UUID 7c22d9d0-a2d8-5936-a6b1-5c696a2a19c6 which can be used as unique global reference for Crytox Ransomware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-22T00:00:00Z
date_published 2022-09-21T00:00:00Z
source MITRE
title Technical Analysis of Crytox Ransomware

McAfee Cuba April 2021

Roccio, T., et al. (2021, April). Technical Analysis of Cuba Ransomware. Retrieved June 18, 2021.

Internal MISP references

UUID e0e86e08-64ec-48dc-91e6-24fde989cd77 which can be used as unique global reference for McAfee Cuba April 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-18T00:00:00Z
date_published 2021-04-01T00:00:00Z
source MITRE
title Technical Analysis of Cuba Ransomware

McAfee Dianxun March 2021

Roccia, T., Seret, T., Fokker, J. (2021, March 16). Technical Analysis of Operation Dianxun. Retrieved April 13, 2021.

Internal MISP references

UUID a40a69d7-7abc-4829-9905-98c156a809fe which can be used as unique global reference for McAfee Dianxun March 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-13T00:00:00Z
date_published 2021-03-16T00:00:00Z
source MITRE
title Technical Analysis of Operation Dianxun

Zscaler Pikabot May 24 2023

Brett Stone-Gross, Nikolaos Pantazopoulos. (2023, May 24). Technical Analysis of Pikabot. Retrieved January 11, 2024.

Internal MISP references

UUID ec87676b-bc88-44b5-9e9a-5eb8eb39b4a1 which can be used as unique global reference for Zscaler Pikabot May 24 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-11T00:00:00Z
date_published 2023-05-24T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Technical Analysis of Pikabot

Technical Analysis of PureCrypter | Zscaler Blog

Zscaler. (2022, June 13). Technical Analysis of PureCrypter | Zscaler Blog. Retrieved May 10, 2023.

Internal MISP references

UUID 5e3fa76b-0ca3-4935-830a-6ca132fa2fb4 which can be used as unique global reference for Technical Analysis of PureCrypter | Zscaler Blog in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-10T00:00:00Z
date_published 2022-06-13T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Technical Analysis of PureCrypter

Crowdstrike WhisperGate January 2022

Crowdstrike. (2022, January 19). Technical Analysis of the WhisperGate Malicious Bootloader. Retrieved March 10, 2022.

Internal MISP references

UUID 846bccb4-b177-4c17-8cc5-56769c1d4b60 which can be used as unique global reference for Crowdstrike WhisperGate January 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-10T00:00:00Z
date_published 2022-01-19T00:00:00Z
source MITRE
title Technical Analysis of the WhisperGate Malicious Bootloader

Apple TN2459 Kernel Extensions

Apple. (2018, April 19). Technical Note TN2459: User-Approved Kernel Extension Loading. Retrieved June 30, 2020.

Internal MISP references

UUID 8cd7676a-bbef-4c31-8288-365837acf65d which can be used as unique global reference for Apple TN2459 Kernel Extensions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-30T00:00:00Z
date_published 2018-04-19T00:00:00Z
source MITRE
title Technical Note TN2459: User-Approved Kernel Extension Loading

fb_arid_viper

Flossman, M., Scott, M. (2021, April). Technical Paper // Taking Action Against Arid Viper. Retrieved March 4, 2024.

Internal MISP references

UUID 1dca5e73-0b6e-51cd-867c-927d081f228d which can be used as unique global reference for fb_arid_viper in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-04T00:00:00Z
date_published 2021-04-01T00:00:00Z
source MITRE
title Technical Paper // Taking Action Against Arid Viper

GovCERT Carbon May 2016

GovCERT. (2016, May 23). Technical Report about the Espionage Case at RUAG. Retrieved November 7, 2018.

Internal MISP references

UUID 2e4a445f-b55c-4800-9d75-9d8fe20abc74 which can be used as unique global reference for GovCERT Carbon May 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-07T00:00:00Z
date_published 2016-05-23T00:00:00Z
source MITRE
title Technical Report about the Espionage Case at RUAG

Palo Alto Office Test Sofacy

Falcone, R. (2016, July 20). Technical Walkthrough: Office Test Persistence Method Used In Recent Sofacy Attacks. Retrieved July 3, 2017.

Internal MISP references

UUID 3138f32c-f89c-439c-a8c5-2964c356308d which can be used as unique global reference for Palo Alto Office Test Sofacy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-03T00:00:00Z
date_published 2016-07-20T00:00:00Z
source MITRE
title Technical Walkthrough: Office Test Persistence Method Used In Recent Sofacy Attacks

te.exe - LOLBAS Project

LOLBAS. (2018, May 25). te.exe. Retrieved December 4, 2023.

Internal MISP references

UUID e7329381-319e-4dcc-8187-92882e6f2e12 which can be used as unique global reference for te.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title te.exe

ESET Telebots June 2017

Cherepanov, A.. (2017, June 30). TeleBots are back: Supply chain attacks against Ukraine. Retrieved June 11, 2020.

Internal MISP references

UUID eb5c2951-b149-4e40-bc5f-b2630213eb8b which can be used as unique global reference for ESET Telebots June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-11T00:00:00Z
date_published 2017-06-30T00:00:00Z
source MITRE
title TeleBots are back: Supply chain attacks against Ukraine

SANS Brian Wiltse Template Injection

Wiltse, B.. (2018, November 7). Template Injection Attacks - Bypassing Security Controls by Living off the Land. Retrieved April 10, 2019.

Internal MISP references

UUID 8c010c87-865b-4168-87a7-4a24db413def which can be used as unique global reference for SANS Brian Wiltse Template Injection in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-10T00:00:00Z
date_published 2018-11-07T00:00:00Z
source MITRE
title Template Injection Attacks - Bypassing Security Controls by Living off the Land

Amazon AWS Temporary Security Credentials

Amazon. (n.d.). Temporary Security Credentials. Retrieved October 18, 2019.

Internal MISP references

UUID d3740d23-1561-47c4-a6e5-df1b6277839e which can be used as unique global reference for Amazon AWS Temporary Security Credentials in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-18T00:00:00Z
source MITRE
title Temporary Security Credentials

Elastic Process Injection July 2017

Hosseini, A. (2017, July 18). Ten Process Injection Techniques: A Technical Survey Of Common And Trending Process Injection Techniques. Retrieved December 7, 2017.

Internal MISP references

UUID 02c9100d-27eb-4f2f-b302-adf890055546 which can be used as unique global reference for Elastic Process Injection July 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-07T00:00:00Z
date_published 2017-07-18T00:00:00Z
source MITRE
title Ten Process Injection Techniques: A Technical Survey Of Common And Trending Process Injection Techniques

TestWindowRemoteAgent.exe - LOLBAS Project

LOLBAS. (2023, August 21). TestWindowRemoteAgent.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 0cc891bc-692c-4a52-9985-39ddb434294d which can be used as unique global reference for TestWindowRemoteAgent.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2023-08-21T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title TestWindowRemoteAgent.exe

Sygnia Elephant Beetle Jan 2022

Sygnia Incident Response Team. (2022, January 5). TG2003: ELEPHANT BEETLE UNCOVERING AN ORGANIZED FINANCIAL-THEFT OPERATION. Retrieved February 9, 2023.

Internal MISP references

UUID 932897a6-0fa4-5be3-bf0b-20d6ddad238e which can be used as unique global reference for Sygnia Elephant Beetle Jan 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-09T00:00:00Z
date_published 2022-01-05T00:00:00Z
source MITRE
title TG2003: ELEPHANT BEETLE UNCOVERING AN ORGANIZED FINANCIAL-THEFT OPERATION

Cloudflare February 5 2024

Matthew Prince. (2024, February 1). Thanksgiving 2023 security incident. Retrieved February 5, 2024.

Internal MISP references

UUID 0d183112-77d9-472f-8b0e-5724e1bb4706 which can be used as unique global reference for Cloudflare February 5 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-05T00:00:00Z
date_published 2024-02-01T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Thanksgiving 2023 security incident

Domain_Steal_CC

Krebs, B. (2018, November 13). That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards. Retrieved September 20, 2019.

Internal MISP references

UUID 30ab5d35-db9b-401f-89cb-73f2c7fea060 which can be used as unique global reference for Domain_Steal_CC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-20T00:00:00Z
date_published 2018-11-13T00:00:00Z
source MITRE
title That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards

Kali Hydra

Kali. (2014, February 18). THC-Hydra. Retrieved November 2, 2017.

Internal MISP references

UUID d8c93272-00f8-4dc4-b4cd-03246fc0fc23 which can be used as unique global reference for Kali Hydra in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-02T00:00:00Z
date_published 2014-02-18T00:00:00Z
source MITRE
title THC-Hydra

Adventures of a Keystroke

Tinaztepe, E. (n.d.). The Adventures of a Keystroke: An in-depth look into keyloggers on Windows. Retrieved April 27, 2016.

Internal MISP references

UUID f29ed400-2986-4b2c-9b8a-7dde37562d22 which can be used as unique global reference for Adventures of a Keystroke in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-27T00:00:00Z
source MITRE
title The Adventures of a Keystroke: An in-depth look into keyloggers on Windows

ThreatConnect Anthem

ThreatConnect Research Team. (2015, February 27). The Anthem Hack: All Roads Lead to China. Retrieved January 26, 2016.

Internal MISP references

UUID 61ecd0b4-6cac-4d9f-8e8c-3d488fef6fec which can be used as unique global reference for ThreatConnect Anthem in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-26T00:00:00Z
date_published 2015-02-27T00:00:00Z
source MITRE, Tidal Cyber
title The Anthem Hack: All Roads Lead to China

Talos Cobalt Strike September 2020

Mavis, N. (2020, September 21). The Art and Science of Detecting Cobalt Strike. Retrieved April 6, 2021.

Internal MISP references

UUID 60a5ee63-3d98-466a-8037-4a1edfcdef8c which can be used as unique global reference for Talos Cobalt Strike September 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-06T00:00:00Z
date_published 2020-09-21T00:00:00Z
source MITRE
title The Art and Science of Detecting Cobalt Strike

wardle chp2 persistence

Patrick Wardle. (2022, January 1). The Art of Mac Malware Volume 0x1:Analysis. Retrieved April 19, 2022.

Internal MISP references

UUID 3684bacb-24cb-4467-b463-d0d3f5075c5c which can be used as unique global reference for wardle chp2 persistence in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-19T00:00:00Z
date_published 2022-01-01T00:00:00Z
source MITRE
title The Art of Mac Malware Volume 0x1:Analysis

wardle artofmalware volume1

Patrick Wardle. (2020, August 5). The Art of Mac Malware Volume 0x1: Analysis. Retrieved March 19, 2021.

Internal MISP references

UUID 53d0279e-4f30-4bbe-a9c7-90e36cd81570 which can be used as unique global reference for wardle artofmalware volume1 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-19T00:00:00Z
date_published 2020-08-05T00:00:00Z
source MITRE
title The Art of Mac Malware Volume 0x1: Analysis

ArtOfMemoryForensics

Ligh, M.H. et al.. (2014, July). The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory. Retrieved December 20, 2017.

Internal MISP references

UUID 054404b7-48a6-4578-9828-9f1e8e21d2df which can be used as unique global reference for ArtOfMemoryForensics in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 2014-07-01T00:00:00Z
source MITRE
title The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory

STIG Audit Kernel Modules

Unified Compliance Framework. (2016, December 20). The audit system must be configured to audit the loading and unloading of dynamic kernel modules.. Retrieved September 28, 2021.

Internal MISP references

UUID 44c10623-557f-445d-8b88-6006af13c54d which can be used as unique global reference for STIG Audit Kernel Modules in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-28T00:00:00Z
date_published 2016-12-20T00:00:00Z
source MITRE
title The audit system must be configured to audit the loading and unloading of dynamic kernel modules.

Medium Metamorfo Apr 2020

Erlich, C. (2020, April 3). The Avast Abuser: Metamorfo Banking Malware Hides By Abusing Avast Executable. Retrieved May 26, 2020.

Internal MISP references

UUID 356defac-b976-41c1-aac8-5d6ff0c80e28 which can be used as unique global reference for Medium Metamorfo Apr 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-26T00:00:00Z
date_published 2020-04-03T00:00:00Z
source MITRE
title The Avast Abuser: Metamorfo Banking Malware Hides By Abusing Avast Executable

Gigamon Berserk Bear October 2021

Slowik, J. (2021, October). THE BAFFLING BERSERK BEAR: A DECADE’S ACTIVITY TARGETING CRITICAL INFRASTRUCTURE. Retrieved December 6, 2021.

Internal MISP references

UUID 06b6cbe3-8e35-4594-b36f-76b503c11520 which can be used as unique global reference for Gigamon Berserk Bear October 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-06T00:00:00Z
date_published 2021-10-01T00:00:00Z
source MITRE
title THE BAFFLING BERSERK BEAR: A DECADE’S ACTIVITY TARGETING CRITICAL INFRASTRUCTURE

Kaspersky Emotet Jan 2019

Shulmin, A. . (2015, April 9). The Banking Trojan Emotet: Detailed Analysis. Retrieved March 25, 2019.

Internal MISP references

UUID 4824dfdf-8dbb-4b98-afcc-4a703c31fbda which can be used as unique global reference for Kaspersky Emotet Jan 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-25T00:00:00Z
date_published 2015-04-09T00:00:00Z
source MITRE
title The Banking Trojan Emotet: Detailed Analysis

Symantec Black Vine

DiMaggio, J.. (2015, August 6). The Black Vine cyberespionage group. Retrieved January 26, 2016.

Internal MISP references

UUID 0b7745ce-04c0-41d9-a440-df9084a45d09 which can be used as unique global reference for Symantec Black Vine in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-26T00:00:00Z
date_published 2015-08-06T00:00:00Z
source MITRE, Tidal Cyber
title The Black Vine cyberespionage group

Group IB GrimAgent July 2021

Priego, A. (2021, July). THE BROTHERS GRIM: THE REVERSING TALE OF GRIMAGENT MALWARE USED BY RYUK. Retrieved July 16, 2021.

Internal MISP references

UUID 6b0dd676-3ea5-4b56-a27b-b1685787de02 which can be used as unique global reference for Group IB GrimAgent July 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-07-16T00:00:00Z
date_published 2021-07-01T00:00:00Z
source MITRE
title THE BROTHERS GRIM: THE REVERSING TALE OF GRIMAGENT MALWARE USED BY RYUK

RSA Carbanak November 2017

RSA. (2017, November 21). THE CARBANAK/FIN7 SYNDICATE A HISTORICAL OVERVIEW OF AN EVOLVING THREAT. Retrieved July 29, 2020.

Internal MISP references

UUID eb947d49-26f4-4104-8296-1552a273c9c3 which can be used as unique global reference for RSA Carbanak November 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-29T00:00:00Z
date_published 2017-11-21T00:00:00Z
source MITRE
title THE CARBANAK/FIN7 SYNDICATE A HISTORICAL OVERVIEW OF AN EVOLVING THREAT

Picus Emotet Dec 2018

Özarslan, S. (2018, December 21). The Christmas Card you never wanted - A new wave of Emotet is back to wreak havoc. Retrieved March 25, 2019.

Internal MISP references

UUID d7594fb4-e544-491b-a406-228a5c7884a9 which can be used as unique global reference for Picus Emotet Dec 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-25T00:00:00Z
date_published 2018-12-21T00:00:00Z
source MITRE
title The Christmas Card you never wanted - A new wave of Emotet is back to wreak havoc

Medium Ali Salem Bumblebee April 2022

Salem, A. (2022, April 27). The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection. Retrieved September 2, 2022.

Internal MISP references

UUID 5f6752a7-50a9-4202-b69b-c5f9d24b86de which can be used as unique global reference for Medium Ali Salem Bumblebee April 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-02T00:00:00Z
date_published 2022-04-27T00:00:00Z
source MITRE
title The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection

Avira XWorm April 2023

Gurumoorthi Ramanathan. (2023, April 25). The Claws of Evilcode Gauntlet – XWorm RAT  . Retrieved May 10, 2023.

Internal MISP references

UUID 564931cf-a3e1-488f-bc90-be37c448f3b3 which can be used as unique global reference for Avira XWorm April 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-10T00:00:00Z
date_published 2023-04-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title The Claws of Evilcode Gauntlet – XWorm RAT

MSDN COM Elevation

Microsoft. (n.d.). The COM Elevation Moniker. Retrieved July 26, 2016.

Internal MISP references

UUID 898df7c7-4f19-40cb-a216-7b0f6c6155b3 which can be used as unique global reference for MSDN COM Elevation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-07-26T00:00:00Z
source MITRE
title The COM Elevation Moniker

Microsoft Component Object Model

Microsoft. (n.d.). The Component Object Model. Retrieved August 18, 2016.

Internal MISP references

UUID e1bb3872-7748-4e64-818f-6187a20d59f0 which can be used as unique global reference for Microsoft Component Object Model in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-18T00:00:00Z
source MITRE
title The Component Object Model

SANS Conficker

Burton, K. (n.d.). The Conficker Worm. Retrieved February 18, 2021.

Internal MISP references

UUID 2dca2274-5f25-475a-b87d-97f3e3a525de which can be used as unique global reference for SANS Conficker in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-18T00:00:00Z
source MITRE
title The Conficker Worm

Trellix Darkgate 2023

Ernesto Fernández Provecho, Pham Duy Phuc, Ciana Driscoll & Vinoo Thomas. (2023, November 21). The Continued Evolution of the DarkGate Malware-as-a-Service. Retrieved February 9, 2024.

Internal MISP references

UUID 83fb92d8-1245-5d68-b9f2-0915c10401c6 which can be used as unique global reference for Trellix Darkgate 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-09T00:00:00Z
date_published 2023-11-21T00:00:00Z
source MITRE
title The Continued Evolution of the DarkGate Malware-as-a-Service

Symantec DDoS October 2014

Wueest, C.. (2014, October 21). The continued rise of DDoS attacks. Retrieved April 24, 2019.

Internal MISP references

UUID 878e0382-4191-4bca-8adc-c379b0d57ba8 which can be used as unique global reference for Symantec DDoS October 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-24T00:00:00Z
date_published 2014-10-21T00:00:00Z
source MITRE
title The continued rise of DDoS attacks

BlackBerry CostaRicto November 2020

The BlackBerry Research and Intelligence Team. (2020, November 12). The CostaRicto Campaign: Cyber-Espionage Outsourced. Retrieved May 24, 2021.

Internal MISP references

UUID 93a23447-641c-4ee2-9fbd-64b2adea8a5f which can be used as unique global reference for BlackBerry CostaRicto November 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-05-24T00:00:00Z
date_published 2020-11-12T00:00:00Z
source MITRE
title The CostaRicto Campaign: Cyber-Espionage Outsourced

Invictus IR DangerDev 2024

Invictus Incident Response. (2024, January 31). The curious case of DangerDev@protonmail.me. Retrieved March 19, 2024.

Internal MISP references

UUID 90d608b9-ddbf-5476-bce1-85e8466aca47 which can be used as unique global reference for Invictus IR DangerDev 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-19T00:00:00Z
date_published 2024-01-31T00:00:00Z
source MITRE
title The curious case of DangerDev@protonmail.me

Www.invictus-ir.com 1 31 2024

Www.invictus-ir.com. (2024, January 31). The curious case of DangerDev@protonmail.me. Retrieved April 17, 2024.

Internal MISP references

UUID 803a084a-0468-4c43-9843-a0b5652acdba which can be used as unique global reference for Www.invictus-ir.com 1 31 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-17T00:00:00Z
date_published 2024-01-31T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title The curious case of DangerDev@protonmail.me

SecureWorks Mia Ash July 2017

Counter Threat Unit Research Team. (2017, July 27). The Curious Case of Mia Ash: Fake Persona Lures Middle Eastern Targets. Retrieved February 26, 2018.

Internal MISP references

UUID 754c9276-ef05-4d05-956f-75866090aa78 which can be used as unique global reference for SecureWorks Mia Ash July 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-26T00:00:00Z
date_published 2017-07-27T00:00:00Z
source MITRE
title The Curious Case of Mia Ash: Fake Persona Lures Middle Eastern Targets

Trustwave IIS Module 2013

Grunzweig, J. (2013, December 9). The Curious Case of the Malicious IIS Module. Retrieved June 3, 2021.

Internal MISP references

UUID cbb79c3c-1e2c-42ac-8183-9566ccde0cd6 which can be used as unique global reference for Trustwave IIS Module 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-03T00:00:00Z
date_published 2013-12-09T00:00:00Z
source MITRE
title The Curious Case of the Malicious IIS Module

CloudSploit - Unused AWS Regions

CloudSploit. (2019, June 8). The Danger of Unused AWS Regions. Retrieved October 8, 2019.

Internal MISP references

UUID 7c237b73-233f-4fe3-b4a6-ce523fd82853 which can be used as unique global reference for CloudSploit - Unused AWS Regions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-08T00:00:00Z
date_published 2019-06-08T00:00:00Z
source MITRE
title The Danger of Unused AWS Regions

Dormann Dangers of VHD 2019

Dormann, W. (2019, September 4). The Dangers of VHD and VHDX Files. Retrieved March 16, 2021.

Internal MISP references

UUID e58b4e78-d858-4b28-8d06-2fb467b26337 which can be used as unique global reference for Dormann Dangers of VHD 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-16T00:00:00Z
date_published 2019-09-04T00:00:00Z
source MITRE
title The Dangers of VHD and VHDX Files

Kaspersky Darkhotel

Kaspersky Lab's Global Research and Analysis Team. (2014, November). The Darkhotel APT A Story of Unusual Hospitality. Retrieved November 12, 2014.

Internal MISP references

UUID 3247c03a-a57c-4945-9b85-72a70719e1cd which can be used as unique global reference for Kaspersky Darkhotel in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
date_published 2014-11-01T00:00:00Z
source MITRE, Tidal Cyber
title The Darkhotel APT A Story of Unusual Hospitality

ESET ForSSHe December 2018

Dumont, R., M.Léveillé, M., Porcher, H. (2018, December 1). THE DARK SIDE OF THE FORSSHE A landscape of OpenSSH backdoors. Retrieved July 16, 2020.

Internal MISP references

UUID 0e25bf8b-3c9e-4661-a9fd-79b2ad3b8dd2 which can be used as unique global reference for ESET ForSSHe December 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-16T00:00:00Z
date_published 2018-12-01T00:00:00Z
source MITRE
title THE DARK SIDE OF THE FORSSHE A landscape of OpenSSH backdoors

Zscaler 2 12 2024

Nikolaos Pantazopoulos. (2024, February 12). The (D)Evolution of Pikabot. Retrieved March 12, 2024.

Internal MISP references

UUID 17ebabfb-6399-4b5f-8274-b34045e2d51a which can be used as unique global reference for Zscaler 2 12 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-12T00:00:00Z
date_published 2024-02-12T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title The (D)Evolution of Pikabot

Binary Reverse Engineering Blog 9 6 2023

Binary Reverse Engineering Blog. (2023, September 6). The DGA of BumbleBee. Retrieved February 19, 2024.

Internal MISP references

UUID 8cc9f506-65ce-4adb-aa79-c6cea1efb99b which can be used as unique global reference for Binary Reverse Engineering Blog 9 6 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-19T00:00:00Z
date_published 2023-09-06T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title The DGA of BumbleBee

Securelist Dropping Elephant

Kaspersky Lab's Global Research & Analysis Team. (2016, July 8). The Dropping Elephant – aggressive cyber-espionage in the Asian region. Retrieved August 3, 2016.

Internal MISP references

UUID 2efa655f-ebd3-459b-9fd7-712d3f4ba1f8 which can be used as unique global reference for Securelist Dropping Elephant in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-03T00:00:00Z
date_published 2016-07-08T00:00:00Z
source MITRE
title The Dropping Elephant – aggressive cyber-espionage in the Asian region

F-Secure The Dukes

F-Secure Labs. (2015, September 17). The Dukes: 7 years of Russian cyberespionage. Retrieved December 10, 2015.

Internal MISP references

UUID cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27 which can be used as unique global reference for F-Secure The Dukes in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-12-10T00:00:00Z
date_published 2015-09-17T00:00:00Z
source MITRE
title The Dukes: 7 years of Russian cyberespionage

Kaspersky Duqu 2.0

Kaspersky Lab. (2015, June 11). The Duqu 2.0. Retrieved April 21, 2017.

Internal MISP references

UUID b4d6db03-1587-4af3-87ff-51542ef7c87b which can be used as unique global reference for Kaspersky Duqu 2.0 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-04-21T00:00:00Z
date_published 2015-06-11T00:00:00Z
source MITRE
title The Duqu 2.0

Symantec Elderwood Sept 2012

O'Gorman, G., and McDonald, G.. (2012, September 6). The Elderwood Project. Retrieved February 15, 2018.

Internal MISP references

UUID 5e908748-d260-42f1-a599-ac38b4e22559 which can be used as unique global reference for Symantec Elderwood Sept 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-15T00:00:00Z
date_published 2012-09-06T00:00:00Z
source MITRE
title The Elderwood Project

Kaspersky Turla Aug 2014

Kaspersky Lab's Global Research & Analysis Team. (2014, August 06). The Epic Turla Operation: Solving some of the mysteries of Snake/Uroboros. Retrieved November 7, 2018.

Internal MISP references

UUID 52577f34-0aa6-4765-9f6b-dd7397183223 which can be used as unique global reference for Kaspersky Turla Aug 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-07T00:00:00Z
date_published 2014-08-06T00:00:00Z
source MITRE
title The Epic Turla Operation: Solving some of the mysteries of Snake/Uroboros

Kaspersky Turla

Kaspersky Lab's Global Research and Analysis Team. (2014, August 7). The Epic Turla Operation: Solving some of the mysteries of Snake/Uroburos. Retrieved December 11, 2014.

Internal MISP references

UUID 535e9f1a-f89e-4766-a290-c5b8100968f8 which can be used as unique global reference for Kaspersky Turla in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-11T00:00:00Z
date_published 2014-08-07T00:00:00Z
source MITRE, Tidal Cyber
title The Epic Turla Operation: Solving some of the mysteries of Snake/Uroburos

FireEye EPS Awakens Part 2

Winters, R. (2015, December 20). The EPS Awakens - Part 2. Retrieved January 22, 2016.

Internal MISP references

UUID 7fd58ef5-a0b7-40b6-8771-ca5e87740965 which can be used as unique global reference for FireEye EPS Awakens Part 2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-22T00:00:00Z
date_published 2015-12-20T00:00:00Z
source MITRE, Tidal Cyber
title The EPS Awakens - Part 2

Symantec Emotet Jul 2018

Symantec. (2018, July 18). The Evolution of Emotet: From Banking Trojan to Threat Distributor. Retrieved March 25, 2019.

Internal MISP references

UUID b94b5be4-1c77-48e1-875e-0cff0023fbd9 which can be used as unique global reference for Symantec Emotet Jul 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-25T00:00:00Z
date_published 2018-07-18T00:00:00Z
source MITRE
title The Evolution of Emotet: From Banking Trojan to Threat Distributor

SilentBreak Offensive PS Dec 2015

Christensen, L.. (2015, December 28). The Evolution of Offensive PowerShell Invocation. Retrieved December 8, 2018.

Internal MISP references

UUID 8eec1af3-c65e-4522-8087-73122ac6c281 which can be used as unique global reference for SilentBreak Offensive PS Dec 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-12-08T00:00:00Z
date_published 2015-12-28T00:00:00Z
source MITRE
title The Evolution of Offensive PowerShell Invocation

CrowdStrike Evolution of Pinchy Spider July 2021

Meyers, Adam. (2021, July 6). The Evolution of PINCHY SPIDER from GandCrab to REvil. Retrieved March 28, 2023.

Internal MISP references

UUID 7578541b-1ae3-58d0-a8b9-120bd6cd96f5 which can be used as unique global reference for CrowdStrike Evolution of Pinchy Spider July 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-28T00:00:00Z
date_published 2021-07-06T00:00:00Z
source MITRE
title The Evolution of PINCHY SPIDER from GandCrab to REvil

ATT Felismus

Julia Kisielius. (2017, April 25). The Felismus RAT: Powerful Threat, Mysterious Purpose. Retrieved January 10, 2024.

Internal MISP references

UUID 5c74fdea-e5d5-5a77-a945-4819184e571f which can be used as unique global reference for ATT Felismus in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-10T00:00:00Z
date_published 2017-04-25T00:00:00Z
source MITRE
title The Felismus RAT: Powerful Threat, Mysterious Purpose

Proofpoint Ransomware Initial Access June 2021

Selena Larson, Daniel Blackford, Garrett G. (2021, June 16). The First Step: Initial Access Leads to Ransomware. Retrieved January 24, 2024.

Internal MISP references

UUID 3b0631ae-f589-4b7c-a00a-04dcd5f3a77b which can be used as unique global reference for Proofpoint Ransomware Initial Access June 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-24T00:00:00Z
date_published 2021-06-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title The First Step: Initial Access Leads to Ransomware

Kaspersky Flame

Gostev, A. (2012, May 28). The Flame: Questions and Answers. Retrieved March 1, 2017.

Internal MISP references

UUID 6db8f76d-fe38-43b1-ad85-ad372da9c09d which can be used as unique global reference for Kaspersky Flame in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-01T00:00:00Z
date_published 2012-05-28T00:00:00Z
source MITRE
title The Flame: Questions and Answers

Unit 42 CARROTBAT November 2018

Grunzweig, J. and Wilhoit, K. (2018, November 29). The Fractured Block Campaign: CARROTBAT Used to Deliver Malware Targeting Southeast Asia. Retrieved June 2, 2020.

Internal MISP references

UUID 6986a64a-5fe6-4697-b70b-79cccaf3d730 which can be used as unique global reference for Unit 42 CARROTBAT November 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-02T00:00:00Z
date_published 2018-11-29T00:00:00Z
source MITRE
title The Fractured Block Campaign: CARROTBAT Used to Deliver Malware Targeting Southeast Asia

Palo Alto Gamaredon Feb 2017

Kasza, A. and Reichel, D. (2017, February 27). The Gamaredon Group Toolset Evolution. Retrieved March 1, 2017.

Internal MISP references

UUID 3f9a6343-1db3-4696-99ed-f22c6eabee71 which can be used as unique global reference for Palo Alto Gamaredon Feb 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-01T00:00:00Z
date_published 2017-02-27T00:00:00Z
source MITRE, Tidal Cyber
title The Gamaredon Group Toolset Evolution

GNU Acct

GNU. (2010, February 5). The GNU Accounting Utilities. Retrieved December 20, 2017.

Internal MISP references

UUID ef3edd44-b8d1-4d7d-a0d8-0e75aa441eac which can be used as unique global reference for GNU Acct in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 2010-02-05T00:00:00Z
source MITRE
title The GNU Accounting Utilities

GLIBC

glibc developer community. (2020, February 1). The GNU C Library (glibc). Retrieved June 25, 2020.

Internal MISP references

UUID 75a6a1bf-a5a7-419d-b290-6662aeddb7eb which can be used as unique global reference for GLIBC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-25T00:00:00Z
date_published 2020-02-01T00:00:00Z
source MITRE
title The GNU C Library (glibc)

Trustwave GoldenSpy June 2020

Trustwave SpiderLabs. (2020, June 25). The Golden Tax Department and Emergence of GoldenSpy Malware. Retrieved July 23, 2020.

Internal MISP references

UUID 2a27a2ea-2815-4d97-88c0-47a6e04e84f8 which can be used as unique global reference for Trustwave GoldenSpy June 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-23T00:00:00Z
date_published 2020-06-25T00:00:00Z
source MITRE
title The Golden Tax Department and Emergence of GoldenSpy Malware

Proofpoint TA416 Europe March 2022

Raggi, M. et al. (2022, March 7). The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates. Retrieved March 16, 2022.

Internal MISP references

UUID 5731d7e4-dd19-4d08-b493-7b1a467599d3 which can be used as unique global reference for Proofpoint TA416 Europe March 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-16T00:00:00Z
date_published 2022-03-07T00:00:00Z
source MITRE
title The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates

Red Canary Gootloader April 2023

Tony Lambert, Lauren Podber. (2023, April 28). The Goot cause: Detecting Gootloader and its follow-on activity. Retrieved May 7, 2023.

Internal MISP references

UUID 658e3a1a-2f68-4e84-8dab-43e48766703e which can be used as unique global reference for Red Canary Gootloader April 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2023-04-28T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title The Goot cause: Detecting Gootloader and its follow-on activity

Unit 42 Gorgon Group Aug 2018

Falcone, R., et al. (2018, August 02). The Gorgon Group: Slithering Between Nation State and Cybercrime. Retrieved August 7, 2018.

Internal MISP references

UUID d0605185-3f8d-4846-a718-15572714e15b which can be used as unique global reference for Unit 42 Gorgon Group Aug 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-07T00:00:00Z
date_published 2018-08-02T00:00:00Z
source MITRE, Tidal Cyber
title The Gorgon Group: Slithering Between Nation State and Cybercrime

Trend Micro HeartBeat Campaign January 2013

Roland Dela Paz. (2003, January 3). The HeartBeat APT Campaign. Retrieved October 17, 2021.

Internal MISP references

UUID f42a36c2-1ca5-49ff-a7ec-7de90379a6d5 which can be used as unique global reference for Trend Micro HeartBeat Campaign January 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-17T00:00:00Z
date_published 2003-01-03T00:00:00Z
source MITRE
title The HeartBeat APT Campaign

FireEye Hikit Rootkit

Glyer, C., Kazanciyan, R. (2012, August 20). The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 1). Retrieved June 6, 2016.

Internal MISP references

UUID 65d751cb-fdd2-4a45-81db-8a5a11bbee62 which can be used as unique global reference for FireEye Hikit Rootkit in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-06T00:00:00Z
date_published 2012-08-20T00:00:00Z
source MITRE
title The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 1)

FireEye HIKIT Rootkit Part 2

Glyer, C., Kazanciyan, R. (2012, August 22). The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 2). Retrieved May 4, 2020.

Internal MISP references

UUID 48448972-a5ed-4371-b930-b51dcb174b82 which can be used as unique global reference for FireEye HIKIT Rootkit Part 2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-04T00:00:00Z
date_published 2012-08-22T00:00:00Z
source MITRE
title The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 2)

Proofpoint Human Factor

Proofpoint. (n.d.). The Human Factor 2023: Analyzing the cyber attack chain. Retrieved July 20, 2023.

Internal MISP references

UUID 143e191f-9175-557b-8fe1-41dbe04867a6 which can be used as unique global reference for Proofpoint Human Factor in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-20T00:00:00Z
source MITRE
title The Human Factor 2023: Analyzing the cyber attack chain

TechNet Blogs Credential Protection

Wilson, B. (2016, April 18). The Importance of KB2871997 and KB2928120 for Credential Protection. Retrieved April 11, 2018.

Internal MISP references

UUID 88367099-df19-4044-8c9b-2db4c9f418c4 which can be used as unique global reference for TechNet Blogs Credential Protection in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-11T00:00:00Z
date_published 2016-04-18T00:00:00Z
source MITRE
title The Importance of KB2871997 and KB2928120 for Credential Protection

dhs_threat_to_net_devices

U.S. Department of Homeland Security. (2016, August 30). The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations. Retrieved July 29, 2022.

Internal MISP references

UUID f1d16045-d365-43d2-bc08-65ba1ddbe0fd which can be used as unique global reference for dhs_threat_to_net_devices in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-29T00:00:00Z
date_published 2016-08-30T00:00:00Z
source MITRE
title The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations

Triton-EENews-2017

Blake Sobczak. (2019, March 7). The inside story of the world’s most dangerous malware. Retrieved March 25, 2024.

Internal MISP references

UUID 5cc54d85-ee53-579d-a8fb-9b54b3540dc0 which can be used as unique global reference for Triton-EENews-2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-25T00:00:00Z
date_published 2019-03-07T00:00:00Z
source MITRE
title The inside story of the world’s most dangerous malware

sentinelone_israel_hamas_war

Hegel, T., Milenkoski, A. (2023, October 24). The Israel-Hamas War | Cyber Domain State-Sponsored Activity of Interest. Retrieved March 4, 2024.

Internal MISP references

UUID 8fa21bad-0186-5181-b52e-32f7f116695c which can be used as unique global reference for sentinelone_israel_hamas_war in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-04T00:00:00Z
date_published 2023-10-24T00:00:00Z
source MITRE
title The Israel-Hamas War

PWC KeyBoys Feb 2017

Parys, B. (2017, February 11). The KeyBoys are back in town. Retrieved June 13, 2019.

Internal MISP references

UUID 9ac6737b-c8a2-416f-bbc3-8c5556ad4833 which can be used as unique global reference for PWC KeyBoys Feb 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-13T00:00:00Z
date_published 2017-02-11T00:00:00Z
source MITRE
title The KeyBoys are back in town

Securelist Kimsuky Sept 2013

Tarakanov , D.. (2013, September 11). The “Kimsuky” Operation: A North Korean APT?. Retrieved August 13, 2019.

Internal MISP references

UUID f26771b0-2101-4fed-ac82-1bd9683dd7da which can be used as unique global reference for Securelist Kimsuky Sept 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-08-13T00:00:00Z
date_published 2013-09-11T00:00:00Z
source MITRE
title The “Kimsuky” Operation: A North Korean APT?

ClearSky Kittens Back 2 Oct 2019

ClearSky Research Team. (2019, October 1). The Kittens Are Back in Town2 - Charming Kitten Campaign KeepsGoing on, Using New Impersonation Methods. Retrieved April 21, 2021.

Internal MISP references

UUID f5114978-2528-4199-a586-0158c5f8a138 which can be used as unique global reference for ClearSky Kittens Back 2 Oct 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-21T00:00:00Z
date_published 2019-10-01T00:00:00Z
source MITRE
title The Kittens Are Back in Town2 - Charming Kitten Campaign KeepsGoing on, Using New Impersonation Methods

ClearSky Kittens Back 3 August 2020

ClearSky Research Team. (2020, August 1). The Kittens Are Back in Town 3 - Charming Kitten Campaign Evolved and Deploying Spear-Phishing link by WhatsApp. Retrieved April 21, 2021.

Internal MISP references

UUID a10c6a53-79bb-4454-b444-cfb9136ecd36 which can be used as unique global reference for ClearSky Kittens Back 3 August 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-21T00:00:00Z
date_published 2020-08-01T00:00:00Z
source MITRE, Tidal Cyber
title The Kittens Are Back in Town 3 - Charming Kitten Campaign Evolved and Deploying Spear-Phishing link by WhatsApp

Kubernetes API

The Kubernetes Authors. (n.d.). The Kubernetes API. Retrieved March 29, 2021.

Internal MISP references

UUID 5bdd1b82-9e5c-4db0-9764-240e37a1cc99 which can be used as unique global reference for Kubernetes API in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-29T00:00:00Z
source MITRE
title The Kubernetes API

GitHub LaZagne Dec 2018

Zanni, A. (n.d.). The LaZagne Project !!!. Retrieved December 14, 2018.

Internal MISP references

UUID 9347b507-3a41-405d-87f9-d4fc2bfc48e5 which can be used as unique global reference for GitHub LaZagne Dec 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-12-14T00:00:00Z
source MITRE
title The LaZagne Project !!!

GitHub LaZange Dec 2018

Zanni, A. (n.d.). The LaZagne Project !!!. Retrieved December 14, 2018.

Internal MISP references

UUID 33cca4fa-72a8-59a3-a62f-12f71a499a15 which can be used as unique global reference for GitHub LaZange Dec 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-12-14T00:00:00Z
source MITRE
title The LaZagne Project !!!

Dell P2P ZeuS

SecureWorks. (2013). The Lifecycle of Peer-to-Peer (Gameover) ZeuS. Retrieved August 19, 2015.

Internal MISP references

UUID 773d1d91-a93c-4bb3-928b-4c3f82f2c889 which can be used as unique global reference for Dell P2P ZeuS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-08-19T00:00:00Z
date_published 2013-01-01T00:00:00Z
source MITRE
title The Lifecycle of Peer-to-Peer (Gameover) ZeuS

Cylera Kwampirs 2022

Pablo Rincón Crespo. (2022, January). The link between Kwampirs (Orangeworm) and Shamoon APTs. Retrieved February 8, 2024.

Internal MISP references

UUID 06442111-2c71-5efb-9530-cabeba159a91 which can be used as unique global reference for Cylera Kwampirs 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-08T00:00:00Z
date_published 2022-01-01T00:00:00Z
source MITRE
title The link between Kwampirs (Orangeworm) and Shamoon APTs

Linux Kernel API

Linux Kernel Organization, Inc. (n.d.). The Linux Kernel API. Retrieved June 25, 2020.

Internal MISP references

UUID 0a30d54e-187a-43e0-9725-3c80aa1c7619 which can be used as unique global reference for Linux Kernel API in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-25T00:00:00Z
source MITRE
title The Linux Kernel API

Linux Kernel Programming

Pomerantz, O., Salzman, P.. (2003, April 4). The Linux Kernel Module Programming Guide. Retrieved April 6, 2018.

Internal MISP references

UUID 70f31f19-e0b3-40b1-b8dd-6667557bb334 which can be used as unique global reference for Linux Kernel Programming in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-06T00:00:00Z
date_published 2003-04-04T00:00:00Z
source MITRE
title The Linux Kernel Module Programming Guide

The DFIR Report Dharma Ransomware June 2020

The DFIR Report. (2020, June 16). The Little Ransomware That Couldn’t (Dharma). Retrieved March 7, 2024.

Internal MISP references

UUID b1002e9a-020d-4224-bf60-0c2a66d511f2 which can be used as unique global reference for The DFIR Report Dharma Ransomware June 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-07T00:00:00Z
date_published 2020-06-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title The Little Ransomware That Couldn’t (Dharma)

Villeneuve 2011

Villeneuve, N., Sancho, D. (2011). THE “LURID” DOWNLOADER. Retrieved November 12, 2014.

Internal MISP references

UUID ed5a2ec0-8328-40db-9f58-7eaac4ad39a0 which can be used as unique global reference for Villeneuve 2011 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
date_published 2011-01-01T00:00:00Z
source MITRE
title THE “LURID” DOWNLOADER

Microsoft BlackCat Jun 2022

Microsoft Defender Threat Intelligence. (2022, June 13). The many lives of BlackCat ransomware. Retrieved December 20, 2022.

Internal MISP references

UUID 55be1ca7-fdb7-5d76-a9c8-5f44a0d00b0e which can be used as unique global reference for Microsoft BlackCat Jun 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-12-20T00:00:00Z
date_published 2022-06-13T00:00:00Z
source MITRE
title The many lives of BlackCat ransomware

Talos Nyetya MEDoc 2017

Maynor, D., Nikolic, A., Olney, M., and Younan, Y. (2017, July 5). The MeDoc Connection. Retrieved March 26, 2019.

Internal MISP references

UUID a055d7a2-a356-4f0e-9a66-7f7b3ac7e74a which can be used as unique global reference for Talos Nyetya MEDoc 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-26T00:00:00Z
date_published 2017-07-05T00:00:00Z
source MITRE
title The MeDoc Connection

PegasusCitizenLab

Bill Marczak and John Scott-Railton. (2016, August 24). The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender. Retrieved December 12, 2016.

Internal MISP references

UUID d248e284-37d3-4425-a29e-5a0c814ae803 which can be used as unique global reference for PegasusCitizenLab in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-12-12T00:00:00Z
date_published 2016-08-24T00:00:00Z
source MITRE
title The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender

Securelist MiniDuke Feb 2013

Kaspersky Lab's Global Research & Analysis Team. (2013, February 27). The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor. Retrieved April 5, 2017.

Internal MISP references

UUID def2a635-d322-4c27-9167-2642bf8f153c which can be used as unique global reference for Securelist MiniDuke Feb 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-04-05T00:00:00Z
date_published 2013-02-27T00:00:00Z
source MITRE
title The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor

Harmj0y SeEnableDelegationPrivilege Right

Schroeder, W. (2017, January 10). The Most Dangerous User Right You (Probably) Have Never Heard Of. Retrieved March 5, 2019.

Internal MISP references

UUID e8f7df08-1a62-41d9-b8a4-ff39a2160294 which can be used as unique global reference for Harmj0y SeEnableDelegationPrivilege Right in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-05T00:00:00Z
date_published 2017-01-10T00:00:00Z
source MITRE
title The Most Dangerous User Right You (Probably) Have Never Heard Of

Baumgartner Naikon 2015

Baumgartner, K., Golovkin, M.. (2015, May). The MsnMM Campaigns: The Earliest Naikon APT Campaigns. Retrieved April 10, 2019.

Internal MISP references

UUID 09302b4f-7f71-4289-92f6-076c685f0810 which can be used as unique global reference for Baumgartner Naikon 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-10T00:00:00Z
date_published 2015-05-01T00:00:00Z
source MITRE
title The MsnMM Campaigns: The Earliest Naikon APT Campaigns

SentinelLabs Metador Sept 2022

Ehrlich, A., et al. (2022, September). THE MYSTERY OF METADOR | AN UNATTRIBUTED THREAT HIDING IN TELCOS, ISPS, AND UNIVERSITIES. Retrieved January 23, 2023.

Internal MISP references

UUID 137474b7-638a-56d7-9ce2-ab906f207175 which can be used as unique global reference for SentinelLabs Metador Sept 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-01-23T00:00:00Z
date_published 2022-09-01T00:00:00Z
source MITRE
title THE MYSTERY OF METADOR

Baumgartner Golovkin Naikon 2015

Baumgartner, K., Golovkin, M.. (2015, May 14). The Naikon APT. Retrieved January 14, 2015.

Internal MISP references

UUID 5163576f-0b2c-49ba-8f34-b7efe3f3f6db which can be used as unique global reference for Baumgartner Golovkin Naikon 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-01-14T00:00:00Z
date_published 2015-05-14T00:00:00Z
source MITRE
title The Naikon APT

Cofense NanoCore Mar 2018

Patel, K. (2018, March 02). The NanoCore RAT Has Resurfaced From the Sewers. Retrieved November 9, 2018.

Internal MISP references

UUID de31ba54-5634-48c5-aa57-c6b0dbb53870 which can be used as unique global reference for Cofense NanoCore Mar 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-09T00:00:00Z
date_published 2018-03-02T00:00:00Z
source MITRE
title The NanoCore RAT Has Resurfaced From the Sewers

Kaspersky NetTraveler

Kaspersky Lab's Global Research and Analysis Team. (n.d.). The NetTraveler (aka ‘Travnet’). Retrieved November 12, 2014.

Internal MISP references

UUID a7d4b322-3710-436f-bd51-e5c258073dba which can be used as unique global reference for Kaspersky NetTraveler in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
source MITRE
title The NetTraveler (aka ‘Travnet’)

Unit42 OceanLotus 2017

Erye Hernandez and Danny Tsechansky. (2017, June 22). The New and Improved macOS Backdoor from OceanLotus. Retrieved September 8, 2023.

Internal MISP references

UUID fcaf57f1-6696-54a5-a78c-255c8f6ac235 which can be used as unique global reference for Unit42 OceanLotus 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-08T00:00:00Z
date_published 2017-06-22T00:00:00Z
source MITRE
title The New and Improved macOS Backdoor from OceanLotus

CyberArk Labs Discord

CyberArk Labs. (2023, April 13). The (Not so) Secret War on Discord. Retrieved July 20, 2023.

Internal MISP references

UUID 4b3cd2c0-fd0b-5583-8746-648229fc5f9d which can be used as unique global reference for CyberArk Labs Discord in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-20T00:00:00Z
date_published 2023-04-13T00:00:00Z
source MITRE
title The (Not so) Secret War on Discord

Gh0stRAT ATT March 2019

Quinn, J. (2019, March 25). The odd case of a Gh0stRAT variant. Retrieved July 15, 2020.

Internal MISP references

UUID 88d7bf25-985a-4b5e-92d6-ec4fa47a314f which can be used as unique global reference for Gh0stRAT ATT March 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-15T00:00:00Z
date_published 2019-03-25T00:00:00Z
source MITRE
title The odd case of a Gh0stRAT variant

Palo Alto OilRig May 2016

Falcone, R. and Lee, B.. (2016, May 26). The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor. Retrieved May 3, 2017.

Internal MISP references

UUID 53836b95-a30a-4e95-8e19-e2bb2f18c738 which can be used as unique global reference for Palo Alto OilRig May 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-05-03T00:00:00Z
date_published 2016-05-26T00:00:00Z
source MITRE, Tidal Cyber
title The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor

STIG krbtgt reset

UCF. (n.d.). The password for the krbtgt account on a domain must be reset at least every 180 days. Retrieved November 5, 2020.

Internal MISP references

UUID a42fc58f-e7a7-46de-a2f4-25fa8498b3b3 which can be used as unique global reference for STIG krbtgt reset in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-05T00:00:00Z
source MITRE
title The password for the krbtgt account on a domain must be reset at least every 180 days

Haq 2014

Haq, T., Moran, N., Scott, M., & Vashisht, S. O. (2014, September 10). The Path to Mass-Producing Cyber Attacks [Blog]. Retrieved November 12, 2014.

Internal MISP references

UUID 4e10228d-d9da-4ba4-bca7-d3bbdce42e0d which can be used as unique global reference for Haq 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
date_published 2014-09-10T00:00:00Z
source MITRE, Tidal Cyber
title The Path to Mass-Producing Cyber Attacks [Blog]

Kaspersky Turla Penquin December 2014

Baumgartner, K. and Raiu, C. (2014, December 8). The ‘Penquin’ Turla. Retrieved March 11, 2021.

Internal MISP references

UUID 957edb5c-b893-4968-9603-1a6b8577f3aa which can be used as unique global reference for Kaspersky Turla Penquin December 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-11T00:00:00Z
date_published 2014-12-08T00:00:00Z
source MITRE
title The ‘Penquin’ Turla

FireEye PLA

FireEye Labs. (2014, May 20). The PLA and the 8:00am-5:00pm Work Day: FireEye Confirms DOJ’s Findings on APT1 Intrusion Activity. Retrieved November 4, 2014.

Internal MISP references

UUID b8b72a8e-87a1-4ce7-94df-ed938f9eb61c which can be used as unique global reference for FireEye PLA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-04T00:00:00Z
date_published 2014-05-20T00:00:00Z
source MITRE
title The PLA and the 8:00am-5:00pm Work Day: FireEye Confirms DOJ’s Findings on APT1 Intrusion Activity

Kaspersky ProjectSauron Full Report

Kaspersky Lab's Global Research & Analysis Team. (2016, August 9). The ProjectSauron APT. Retrieved August 17, 2016.

Internal MISP references

UUID 6840c1d6-89dc-4138-99e8-fbd2a45f2a1c which can be used as unique global reference for Kaspersky ProjectSauron Full Report in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-17T00:00:00Z
date_published 2016-08-09T00:00:00Z
source MITRE
title The ProjectSauron APT

McMillan Pwn March 2012

Robert McMillan. (2012, March 3). The Pwn Plug is a little white box that can hack your network. Retrieved March 30, 2018.

Internal MISP references

UUID 6b57e883-75a1-4a71-accc-2d18148b9c3d which can be used as unique global reference for McMillan Pwn March 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-30T00:00:00Z
date_published 2012-03-03T00:00:00Z
source MITRE
title The Pwn Plug is a little white box that can hack your network

FireEye Application Shimming

Ballenthin, W., Tomczak, J.. (2015). The Real Shim Shary. Retrieved May 4, 2020.

Internal MISP references

UUID 658c8dd6-1a6a-40f0-a7b5-286fd4b1985d which can be used as unique global reference for FireEye Application Shimming in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-04T00:00:00Z
date_published 2015-01-01T00:00:00Z
source MITRE
title The Real Shim Shary

Kaspersky Regin

Kaspersky Lab's Global Research and Analysis Team. (2014, November 24). THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS. Retrieved December 1, 2014.

Internal MISP references

UUID 1b521b76-5b8f-4bd9-b312-7c795fc97898 which can be used as unique global reference for Kaspersky Regin in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-01T00:00:00Z
date_published 2014-11-24T00:00:00Z
source MITRE
title THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS

The Remote Framebuffer Protocol

T. Richardson, J. Levine, RealVNC Ltd.. (2011, March). The Remote Framebuffer Protocol. Retrieved September 20, 2021.

Internal MISP references

UUID 4c75a00d-aa90-4260-ab7a-2addc17d1728 which can be used as unique global reference for The Remote Framebuffer Protocol in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-20T00:00:00Z
date_published 2011-03-01T00:00:00Z
source MITRE
title The Remote Framebuffer Protocol

Malwarebytes Heroku Skimmers

Jérôme Segura. (2019, December 4). There's an app for that: web skimmers found on PaaS Heroku. Retrieved August 18, 2022.

Internal MISP references

UUID 4656cc2c-aff3-4416-b18d-995876d37e06 which can be used as unique global reference for Malwarebytes Heroku Skimmers in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-18T00:00:00Z
date_published 2019-12-04T00:00:00Z
source MITRE
title There's an app for that: web skimmers found on PaaS Heroku

Electron 1

TOM ABAI. (2023, August 10). There’s a New Stealer Variant in Town, and It’s Using Electron to Stay Fully Undetected. Retrieved March 7, 2024.

Internal MISP references

UUID e1762a94-5efc-5211-a714-f4d6d71bfe37 which can be used as unique global reference for Electron 1 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-07T00:00:00Z
date_published 2023-08-10T00:00:00Z
source MITRE
title There’s a New Stealer Variant in Town, and It’s Using Electron to Stay Fully Undetected

ELC Extended Attributes

Howard Oakley. (2020, October 24). There's more to files than data: Extended Attributes. Retrieved October 12, 2021.

Internal MISP references

UUID e62d67ed-48d0-4141-aacc-92e165d66f16 which can be used as unique global reference for ELC Extended Attributes in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-12T00:00:00Z
date_published 2020-10-24T00:00:00Z
source MITRE
title There's more to files than data: Extended Attributes

FireEye WMI SANS 2015

Devon Kerr. (2015). There's Something About WMI. Retrieved May 4, 2020.

Internal MISP references

UUID a9333ef5-5637-4a4c-9aaf-fdc9daf8b860 which can be used as unique global reference for FireEye WMI SANS 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-04T00:00:00Z
date_published 2015-01-01T00:00:00Z
source MITRE
title There's Something About WMI

Nviso Spoof Command Line 2020

Daman, R. (2020, February 4). The return of the spoof part 2: Command line spoofing. Retrieved November 19, 2021.

Internal MISP references

UUID a3fa92ed-763c-4082-8220-cab82d70fad4 which can be used as unique global reference for Nviso Spoof Command Line 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-11-19T00:00:00Z
date_published 2020-02-04T00:00:00Z
source MITRE
title The return of the spoof part 2: Command line spoofing

Zscaler Higaisa 2020

Singh, S. Singh, A. (2020, June 11). The Return on the Higaisa APT. Retrieved March 2, 2021.

Internal MISP references

UUID 26d7ee2c-d4f7-441a-9073-49c9049b017e which can be used as unique global reference for Zscaler Higaisa 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-02T00:00:00Z
date_published 2020-06-11T00:00:00Z
source MITRE
title The Return on the Higaisa APT

Check Point Research Rhysida August 08 2023

Check Point Research. (2023, August 8). The Rhysida Ransomware: Activity Analysis and Ties to Vice Society. Retrieved August 11, 2023.

Internal MISP references

UUID 0d01416f-4888-4b68-be47-a3245549cec5 which can be used as unique global reference for Check Point Research Rhysida August 08 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-11T00:00:00Z
date_published 2023-08-08T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title The Rhysida Ransomware: Activity Analysis and Ties to Vice Society

DigiTrust Agent Tesla Jan 2017

The DigiTrust Group. (2017, January 12). The Rise of Agent Tesla. Retrieved November 5, 2018.

Internal MISP references

UUID dbae7e21-20d4-454c-88db-43e2a195808e which can be used as unique global reference for DigiTrust Agent Tesla Jan 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-05T00:00:00Z
date_published 2017-01-12T00:00:00Z
source MITRE
title The Rise of Agent Tesla

Cofense Agent Tesla

James Arndt. (2023, February 21). The Rise of Agent Tesla: Understanding the Notorious Keylogger. Retrieved January 10, 2024.

Internal MISP references

UUID f8a8a3a0-5b30-5f3e-a7b0-f8a4aaae7ee7 which can be used as unique global reference for Cofense Agent Tesla in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-10T00:00:00Z
date_published 2023-02-21T00:00:00Z
source MITRE
title The Rise of Agent Tesla: Understanding the Notorious Keylogger

ATT QakBot April 2021

Morrow, D. (2021, April 15). The rise of QakBot. Retrieved September 27, 2021.

Internal MISP references

UUID c7b0b3f3-e9ea-4159-acd1-f6d92ed41828 which can be used as unique global reference for ATT QakBot April 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-27T00:00:00Z
date_published 2021-04-15T00:00:00Z
source MITRE
title The rise of QakBot

ESET Telebots Dec 2016

Cherepanov, A.. (2016, December 13). The rise of TeleBots: Analyzing disruptive KillDisk attacks. Retrieved June 10, 2020.

Internal MISP references

UUID 34e6e415-099a-4f29-aad0-fc0331a733a4 which can be used as unique global reference for ESET Telebots Dec 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-10T00:00:00Z
date_published 2016-12-13T00:00:00Z
source MITRE
title The rise of TeleBots: Analyzing disruptive KillDisk attacks

SEI SSL Inspection Risks

Dormann, W. (2015, March 13). The Risks of SSL Inspection. Retrieved April 5, 2016.

Internal MISP references

UUID 3fafc00e-b808-486e-81bc-c08b6a410133 which can be used as unique global reference for SEI SSL Inspection Risks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-05T00:00:00Z
date_published 2015-03-13T00:00:00Z
source MITRE
title The Risks of SSL Inspection

SourceForge rkhunter

Rootkit Hunter Project. (2018, February 20). The Rootkit Hunter project. Retrieved April 9, 2018.

Internal MISP references

UUID e52cf1aa-3d14-40ce-a1d4-e9de672261ef which can be used as unique global reference for SourceForge rkhunter in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-09T00:00:00Z
date_published 2018-02-20T00:00:00Z
source MITRE
title The Rootkit Hunter project

Campbell 2014

Campbell, C. (2014). The Secret Life of Krbtgt. Retrieved December 4, 2014.

Internal MISP references

UUID 8bef22ff-f2fc-4e1a-b4d2-d746a120f6c6 which can be used as unique global reference for Campbell 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-04T00:00:00Z
date_published 2014-01-01T00:00:00Z
source MITRE
title The Secret Life of Krbtgt

Proofpoint Domain Shadowing

Proofpoint Staff. (2015, December 15). The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK. Retrieved October 16, 2020.

Internal MISP references

UUID 4653a9a5-95f1-4b02-9bf0-8f1b8cd6c059 which can be used as unique global reference for Proofpoint Domain Shadowing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-16T00:00:00Z
date_published 2015-12-15T00:00:00Z
source MITRE
title The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK

Symantec Shamoon 2012

Symantec. (2012, August 16). The Shamoon Attacks. Retrieved March 14, 2019.

Internal MISP references

UUID ac634e99-d951-402b-bb1c-e575753dfda8 which can be used as unique global reference for Symantec Shamoon 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-14T00:00:00Z
date_published 2012-08-16T00:00:00Z
source MITRE
title The Shamoon Attacks

Spring Dragon Jun 2015

Baumgartner, K.. (2015, June 17). The Spring Dragon APT. Retrieved February 15, 2016.

Internal MISP references

UUID 2cc38587-a18e-47e9-a8bb-e3498e4737f5 which can be used as unique global reference for Spring Dragon Jun 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-02-15T00:00:00Z
date_published 2015-06-17T00:00:00Z
source MITRE
title The Spring Dragon APT

Check Point APT31 February 2021

Itkin, E. and Cohen, I. (2021, February 22). The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day. Retrieved March 24, 2021.

Internal MISP references

UUID 84ac99ef-106f-44e9-97f0-3eda90570932 which can be used as unique global reference for Check Point APT31 February 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-24T00:00:00Z
date_published 2021-02-22T00:00:00Z
source MITRE
title The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day

System Information Discovery Technique

YUCEEL, Huseyin Can. Picus Labs. (2022, June 9). The System Information Discovery Technique Explained - MITRE ATT&CK T1082. Retrieved March 27, 2024.

Internal MISP references

UUID 6123fbd4-c6fc-504c-92f2-5d405730c298 which can be used as unique global reference for System Information Discovery Technique in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-27T00:00:00Z
date_published 2022-06-09T00:00:00Z
source MITRE
title The System Information Discovery Technique Explained - MITRE ATT&CK T1082

UCF STIG Elevation Account Enumeration

UCF. (n.d.). The system must require username and password to elevate a running application.. Retrieved December 18, 2017.

Internal MISP references

UUID 7b895692-d401-4d74-ab3f-e6f8e432877a which can be used as unique global reference for UCF STIG Elevation Account Enumeration in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-18T00:00:00Z
source MITRE
title The system must require username and password to elevate a running application.

TrendMicro Taidoor

Trend Micro. (2012). The Taidoor Campaign. Retrieved November 12, 2014.

Internal MISP references

UUID 3d703dfa-97c5-498f-a712-cb4995119297 which can be used as unique global reference for TrendMicro Taidoor in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
date_published 2012-01-01T00:00:00Z
source MITRE
title The Taidoor Campaign

SpectorOPs SettingContent-ms Jun 2018

Nelson, M. (2018, June 11). The Tale of SettingContent-ms Files. Retrieved April 18, 2019.

Internal MISP references

UUID 88ffa36e-c1d8-4e40-86c9-bdefad9a6c95 which can be used as unique global reference for SpectorOPs SettingContent-ms Jun 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-18T00:00:00Z
date_published 2018-06-11T00:00:00Z
source MITRE
title The Tale of SettingContent-ms Files

Securelist Brazilian Banking Malware July 2020

GReAT. (2020, July 14). The Tetrade: Brazilian banking malware goes global. Retrieved November 9, 2020.

Internal MISP references

UUID ccc34875-93f3-40ed-a9ee-f31b86708507 which can be used as unique global reference for Securelist Brazilian Banking Malware July 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-09T00:00:00Z
date_published 2020-07-14T00:00:00Z
source MITRE
title The Tetrade: Brazilian banking malware goes global

Symantec Trojan.Hydraq Jan 2010

Symantec Security Response. (2010, January 18). The Trojan.Hydraq Incident. Retrieved February 20, 2018.

Internal MISP references

UUID 10bed842-400f-4276-972d-5fca794ea778 which can be used as unique global reference for Symantec Trojan.Hydraq Jan 2010 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-20T00:00:00Z
date_published 2010-01-18T00:00:00Z
source MITRE
title The Trojan.Hydraq Incident

Fidelis Turbo

Fidelis Cybersecurity. (2016, February 29). The Turbo Campaign, Featuring Derusbi for 64-bit Linux. Retrieved March 2, 2016.

Internal MISP references

UUID f19877f1-3e0f-4c68-b6c9-ef5b0bd470ed which can be used as unique global reference for Fidelis Turbo in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-02T00:00:00Z
date_published 2016-02-29T00:00:00Z
source MITRE
title The Turbo Campaign, Featuring Derusbi for 64-bit Linux

USDOJ Sandworm Feb 2020

Pompeo, M. (2020, February 20). The United States Condemns Russian Cyber Attack Against the Country of Georgia. Retrieved June 18, 2020.

Internal MISP references

UUID fefa7321-cd60-4c7e-a9d5-c723d88013f2 which can be used as unique global reference for USDOJ Sandworm Feb 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-18T00:00:00Z
date_published 2020-02-20T00:00:00Z
source MITRE
title The United States Condemns Russian Cyber Attack Against the Country of Georgia

Securelist Ventir

Mikhail, K. (2014, October 16). The Ventir Trojan: assemble your MacOS spy. Retrieved April 6, 2018.

Internal MISP references

UUID 5e4e82c0-16b6-43bc-a70d-6b8d55aaef52 which can be used as unique global reference for Securelist Ventir in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-06T00:00:00Z
date_published 2014-10-16T00:00:00Z
source MITRE
title The Ventir Trojan: assemble your MacOS spy

Symantec Waterbug

Symantec. (2015, January 26). The Waterbug attack group. Retrieved April 10, 2015.

Internal MISP references

UUID ec02f951-17b8-44cb-945a-e5c313555124 which can be used as unique global reference for Symantec Waterbug in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-04-10T00:00:00Z
date_published 2015-01-26T00:00:00Z
source MITRE
title The Waterbug attack group

Windows NT Command Shell

Tim Hill. (2014, February 2). The Windows NT Command Shell. Retrieved December 5, 2014.

Internal MISP references

UUID aee1e76c-8ff2-4ff0-83e3-edcb76f34d19 which can be used as unique global reference for Windows NT Command Shell in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-05T00:00:00Z
date_published 2014-02-02T00:00:00Z
source MITRE
title The Windows NT Command Shell

Malwarebytes The Windows Vault

Arntz, P. (2016, March 30). The Windows Vault . Retrieved November 23, 2020.

Internal MISP references

UUID f09fdc31-38ca-411d-8478-683b08a68535 which can be used as unique global reference for Malwarebytes The Windows Vault in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-23T00:00:00Z
date_published 2016-03-30T00:00:00Z
source MITRE
title The Windows Vault

Microsoft JScript 2007

Microsoft. (2007, August 15). The World of JScript, JavaScript, ECMAScript …. Retrieved June 23, 2020.

Internal MISP references

UUID e3c97d0f-150e-4fe3-a4ce-fc146a2fa718 which can be used as unique global reference for Microsoft JScript 2007 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-23T00:00:00Z
date_published 2007-08-15T00:00:00Z
source MITRE
title The World of JScript, JavaScript, ECMAScript …

ntlm_relaying_kerberos_del

Mollema, D. (2019, March 4). The worst of both worlds: Combining NTLM Relaying and Kerberos delegation . Retrieved August 15, 2022.

Internal MISP references

UUID 08f44086-2387-4254-a0b6-3b9be2b6ee30 which can be used as unique global reference for ntlm_relaying_kerberos_del in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-15T00:00:00Z
date_published 2019-03-04T00:00:00Z
source MITRE
title The worst of both worlds: Combining NTLM Relaying and Kerberos delegation

trendmicro xcsset xcode project 2020

Mac Threat Response, Mobile Research Team. (2020, August 13). The XCSSET Malware: Inserts Malicious Code Into Xcode Projects, Performs UXSS Backdoor Planting in Safari, and Leverages Two Zero-day Exploits. Retrieved October 5, 2021.

Internal MISP references

UUID 0194bb11-8b97-4d61-8ddb-824077edc7db which can be used as unique global reference for trendmicro xcsset xcode project 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-05T00:00:00Z
date_published 2020-08-13T00:00:00Z
source MITRE
title The XCSSET Malware: Inserts Malicious Code Into Xcode Projects, Performs UXSS Backdoor Planting in Safari, and Leverages Two Zero-day Exploits

Sophos New Ryuk Attack October 2020

Sean Gallagher, Peter Mackenzie, Elida Leite, Syed Shahram, Bill Kearney, Anand Aijan, Sivagnanam Gn, Suraj Mundalik. (2020, October 14). They’re back: inside a new Ryuk ransomware attack. Retrieved October 14, 2020.

Internal MISP references

UUID bfc6f6fe-b504-4b99-a7c0-1efba08ac14e which can be used as unique global reference for Sophos New Ryuk Attack October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-14T00:00:00Z
date_published 2020-10-14T00:00:00Z
source MITRE
title They’re back: inside a new Ryuk ransomware attack

RSA EU12 They're Inside

Rivner, U., Schwartz, E. (2012). They’re Inside… Now What?. Retrieved November 25, 2016.

Internal MISP references

UUID 8330ab88-9c73-4332-97d6-c1fb95b1a155 which can be used as unique global reference for RSA EU12 They're Inside in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-11-25T00:00:00Z
date_published 2012-01-01T00:00:00Z
source MITRE
title They’re Inside… Now What?

APT29 Deep Look at Credential Roaming

Thibault Van Geluwe De Berlaere. (2022, November 8). They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming. Retrieved November 9, 2022.

Internal MISP references

UUID 691fb596-07b6-5c13-9cec-e28530ffde12 which can be used as unique global reference for APT29 Deep Look at Credential Roaming in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-11-09T00:00:00Z
date_published 2022-11-08T00:00:00Z
source MITRE
title They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming

ZDNet Ransomware Backups 2020

Steve Ranger. (2020, February 27). Ransomware victims thought their backups were safe. They were wrong. Retrieved March 21, 2023.

Internal MISP references

UUID 301da9c8-60de-58f0-989f-6b504e3457a3 which can be used as unique global reference for ZDNet Ransomware Backups 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-21T00:00:00Z
source MITRE
title They were wrong

Microsoft Unidentified Dec 2018

Microsoft Defender Research Team. (2018, December 3). Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers. Retrieved April 15, 2019.

Internal MISP references

UUID 896c88f9-8765-4b60-b679-667b338757e3 which can be used as unique global reference for Microsoft Unidentified Dec 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-15T00:00:00Z
source MITRE
title think tanks, non-profits, public sector by unidentified attackers

iPhone Charging Cable Hack

Zack Whittaker. (2019, August 12). This hacker’s iPhone charging cable can hijack your computer. Retrieved May 25, 2022.

Internal MISP references

UUID b8bb0bc5-e131-47b5-8c42-48cd3dc25250 which can be used as unique global reference for iPhone Charging Cable Hack in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-25T00:00:00Z
date_published 2019-08-12T00:00:00Z
source MITRE
title This hacker’s iPhone charging cable can hijack your computer

Mandiant APT41 Global Intrusion

Gyler, C.,Perez D.,Jones, S.,Miller, S.. (2021, February 25). This is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits. Retrieved February 17, 2022.

Internal MISP references

UUID 9b75a38e-e5c7-43c8-a7fb-c7f212e00497 which can be used as unique global reference for Mandiant APT41 Global Intrusion in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-17T00:00:00Z
date_published 2021-02-25T00:00:00Z
source MITRE
title This is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits

FireEye APT41 March 2020

Glyer, C, et al. (2020, March). This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits. Retrieved April 28, 2020.

Internal MISP references

UUID e4d7c8f6-e202-4aac-b39d-7b2c9c5ea48d which can be used as unique global reference for FireEye APT41 March 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-04-28T00:00:00Z
date_published 2020-03-01T00:00:00Z
source MITRE
title This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits

Proofpoint Bumblebee April 2022

Merriman, K. and Trouerbach, P. (2022, April 28). This isn't Optimus Prime's Bumblebee but it's Still Transforming. Retrieved August 22, 2022.

Internal MISP references

UUID 765b0ce9-7305-4b35-b5be-2f6f42339646 which can be used as unique global reference for Proofpoint Bumblebee April 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-22T00:00:00Z
date_published 2022-04-28T00:00:00Z
source MITRE
title This isn't Optimus Prime's Bumblebee but it's Still Transforming

Code Injection on Linux and macOS

Itamar Turner-Trauring. (2017, April 18). “This will only hurt for a moment”: code injection on Linux and macOS with LD_PRELOAD. Retrieved December 20, 2017.

Internal MISP references

UUID 82d41fd8-495d-41b6-b908-6ada5764c94d which can be used as unique global reference for Code Injection on Linux and macOS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 2017-04-18T00:00:00Z
source MITRE
title “This will only hurt for a moment”: code injection on Linux and macOS with LD_PRELOAD

TrendMicros ScreenConnect February 27 2024

Ian Kenefick, Junestherry Dela Cruz, Peter Girnus. (2024, February 27). Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities. Retrieved February 28, 2024.

Internal MISP references

UUID 186dff50-f68a-4a5a-aa55-8ffbd89859c8 which can be used as unique global reference for TrendMicros ScreenConnect February 27 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-28T00:00:00Z
date_published 2024-02-27T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities

FireEye Fin8 May 2016

Kizhakkinan, D., et al. (2016, May 11). Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks. Retrieved February 12, 2018.

Internal MISP references

UUID 2079101c-d988-430a-9082-d25c475b2af5 which can be used as unique global reference for FireEye Fin8 May 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-12T00:00:00Z
date_published 2016-05-11T00:00:00Z
source MITRE
title Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks

Proofpoint TA407 September 2019

Proofpoint Threat Insight Team. (2019, September 5). Threat Actor Profile: TA407, the Silent Librarian. Retrieved February 3, 2021.

Internal MISP references

UUID e787e9af-f496-442a-8b36-16056ff8bfc1 which can be used as unique global reference for Proofpoint TA407 September 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-03T00:00:00Z
date_published 2019-09-05T00:00:00Z
source MITRE
title Threat Actor Profile: TA407, the Silent Librarian

Proofpoint TA505 Sep 2017

Proofpoint Staff. (2017, September 27). Threat Actor Profile: TA505, From Dridex to GlobeImposter. Retrieved May 28, 2019.

Internal MISP references

UUID c1fff36f-802b-4436-abce-7f2787c148db which can be used as unique global reference for Proofpoint TA505 Sep 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-28T00:00:00Z
date_published 2017-09-27T00:00:00Z
source MITRE, Tidal Cyber
title Threat Actor Profile: TA505, From Dridex to GlobeImposter

Cyble 4 26 2023

Cybleinc. (2023, April 26). Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram. Retrieved January 1, 2024.

Internal MISP references

UUID cdef460c-a2e0-4a44-83fe-1cf1adc3ebf1 which can be used as unique global reference for Cyble 4 26 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-01T00:00:00Z
date_published 2023-04-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram

U.S. CISA CVE-2023-3519 Exploits

Cybersecurity and Infrastructure Security Agency. (2023, July 20). Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells. Retrieved July 24, 2023.

Internal MISP references

UUID 021c4caa-7a7a-4e49-9c5c-6eec176bf923 which can be used as unique global reference for U.S. CISA CVE-2023-3519 Exploits in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-24T00:00:00Z
date_published 2023-07-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells

U.S. CISA CVE-2023-35078 Exploits

Cybersecurity and Infrastructure Security Agency. (2023, August 1). Threat Actors Exploiting Ivanti EPMM Vulnerabilities. Retrieved August 3, 2023.

Internal MISP references

UUID 62305b8a-76c8-49ec-82dc-6756643ccf7a which can be used as unique global reference for U.S. CISA CVE-2023-35078 Exploits in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-03T00:00:00Z
date_published 2023-08-01T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Threat Actors Exploiting Ivanti EPMM Vulnerabilities

U.S. CISA Ivanti Exploits February 2024

Cybersecurity and Infrastructure Security Agency. (2024, February 29). Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways. Retrieved March 1, 2024.

Internal MISP references

UUID a501b21d-916d-454e-b5a0-c3d3bdb4e45c which can be used as unique global reference for U.S. CISA Ivanti Exploits February 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-01T00:00:00Z
date_published 2024-02-29T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways

Microsoft Security Blog 5 15 2024

Microsoft Threat Intelligence. (2024, May 15). Threat actors misusing Quick Assist in social engineering attacks leading to ransomware . Retrieved May 16, 2024.

Internal MISP references

UUID 0876de6e-ea0c-4717-89a4-9c7baed53b6f which can be used as unique global reference for Microsoft Security Blog 5 15 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-05-16T00:00:00Z
date_published 2024-05-15T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Threat actors misusing Quick Assist in social engineering attacks leading to ransomware

Atlas SEO

Atlas Cybersecurity. (2021, April 19). Threat Actors use Search-Engine-Optimization Tactics to Redirect Traffic and Install Malware. Retrieved September 30, 2022.

Internal MISP references

UUID 26d7134e-7b93-4aa1-a859-03cf964ca1b5 which can be used as unique global reference for Atlas SEO in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-30T00:00:00Z
date_published 2021-04-19T00:00:00Z
source MITRE
title Threat Actors use Search-Engine-Optimization Tactics to Redirect Traffic and Install Malware

Cybereason TA505 April 2019

Salem, E. (2019, April 25). Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware. Retrieved May 28, 2019.

Internal MISP references

UUID 076f2b95-97d2-4d50-bb9b-6199c161e5c6 which can be used as unique global reference for Cybereason TA505 April 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-28T00:00:00Z
date_published 2019-04-25T00:00:00Z
source MITRE
title Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware

Cisco CaddyWiper March 2022

Malhotra, A. (2022, March 15). Threat Advisory: CaddyWiper. Retrieved March 23, 2022.

Internal MISP references

UUID 88fc1f96-2d55-4c92-a929-234248490c30 which can be used as unique global reference for Cisco CaddyWiper March 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-23T00:00:00Z
date_published 2022-03-15T00:00:00Z
source MITRE
title Threat Advisory: CaddyWiper

Carbon Black Squiblydoo Apr 2016

Nolen, R. et al.. (2016, April 28). Threat Advisory: “Squiblydoo” Continues Trend of Attackers Using Native OS Tools to “Live off the Land”. Retrieved April 9, 2018.

Internal MISP references

UUID b23fc191-cc84-49c8-9eb0-09db7e23b24d which can be used as unique global reference for Carbon Black Squiblydoo Apr 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-09T00:00:00Z
date_published 2016-04-28T00:00:00Z
source MITRE
title Threat Advisory: “Squiblydoo” Continues Trend of Attackers Using Native OS Tools to “Live off the Land”

Aqua Build Images on Hosts

Assaf Morag. (2020, July 15). Threat Alert: Attackers Building Malicious Images on Your Hosts. Retrieved March 29, 2021.

Internal MISP references

UUID efd64f41-13cc-4b2b-864c-4d2352cdadcd which can be used as unique global reference for Aqua Build Images on Hosts in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-29T00:00:00Z
date_published 2020-07-15T00:00:00Z
source MITRE
title Threat Alert: Attackers Building Malicious Images on Your Hosts

Aqua Kinsing April 2020

Singer, G. (2020, April 3). Threat Alert: Kinsing Malware Attacks Targeting Container Environments. Retrieved April 1, 2021.

Internal MISP references

UUID 67dd04dd-c0e0-49e6-9341-4e445d660641 which can be used as unique global reference for Aqua Kinsing April 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-01T00:00:00Z
date_published 2020-04-03T00:00:00Z
source MITRE
title Threat Alert: Kinsing Malware Attacks Targeting Container Environments

Segurança Informática URSA Sophisticated Loader 2020

Pedro Tavares (Segurança Informática). (2020, September 15). Threat analysis: The emergent URSA trojan impacts many countries using a sophisticated loader. Retrieved March 13, 2024.

Internal MISP references

UUID 29d25b85-ae13-57d6-9e6f-d0f65783b5ac which can be used as unique global reference for Segurança Informática URSA Sophisticated Loader 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-13T00:00:00Z
date_published 2020-09-15T00:00:00Z
source MITRE
title Threat analysis: The emergent URSA trojan impacts many countries using a sophisticated loader

Palo Alto Networks Black Basta August 2022

Elsad, A. (2022, August 25). Threat Assessment: Black Basta Ransomware. Retrieved March 8, 2023.

Internal MISP references

UUID fc9ee531-3680-549b-86e0-a10a70c3ec67 which can be used as unique global reference for Palo Alto Networks Black Basta August 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-08T00:00:00Z
date_published 2022-08-25T00:00:00Z
source MITRE
title Threat Assessment: Black Basta Ransomware

Unit42 Clop April 2021

Santos, D. (2021, April 13). Threat Assessment: Clop Ransomware. Retrieved July 30, 2021.

Internal MISP references

UUID ce48d631-757c-480b-8572-b7d9f4d738c6 which can be used as unique global reference for Unit42 Clop April 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-07-30T00:00:00Z
date_published 2021-04-13T00:00:00Z
source MITRE
title Threat Assessment: Clop Ransomware

Palo Alto Unit 42 EKANS

Hinchliffe, A. Santos, D. (2020, June 26). Threat Assessment: EKANS Ransomware. Retrieved February 9, 2021.

Internal MISP references

UUID dcdd4e48-3c3d-4008-a6f6-390f896f147b which can be used as unique global reference for Palo Alto Unit 42 EKANS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-09T00:00:00Z
date_published 2020-06-26T00:00:00Z
source MITRE
title Threat Assessment: EKANS Ransomware

UNIT 42 LAPSUS Mar 2022

UNIT 42. (2022, March 24). Threat Brief: Lapsus$ Group. Retrieved May 17, 2022.

Internal MISP references

UUID 50f4c1ed-b046-405a-963d-a113324355a3 which can be used as unique global reference for UNIT 42 LAPSUS Mar 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-17T00:00:00Z
date_published 2022-03-24T00:00:00Z
source MITRE
title Threat Brief: Lapsus$ Group

Unit 42 WhisperGate January 2022

Falcone, R. et al.. (2022, January 20). Threat Brief: Ongoing Russia and Ukraine Cyber Conflict. Retrieved March 10, 2022.

Internal MISP references

UUID 3daa8c9e-da17-4eda-aa0d-df97c5de8f64 which can be used as unique global reference for Unit 42 WhisperGate January 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-10T00:00:00Z
date_published 2022-01-20T00:00:00Z
source MITRE
title Threat Brief: Ongoing Russia and Ukraine Cyber Conflict

Unit 42 DGA Feb 2019

Unit 42. (2019, February 7). Threat Brief: Understanding Domain Generation Algorithms (DGA). Retrieved February 19, 2019.

Internal MISP references

UUID 5e1db76a-0a3e-42ce-a66c-f914fb1a3471 which can be used as unique global reference for Unit 42 DGA Feb 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-19T00:00:00Z
date_published 2019-02-07T00:00:00Z
source MITRE
title Threat Brief: Understanding Domain Generation Algorithms (DGA)

Dell TG-3390

Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, August 5). Threat Group-3390 Targets Organizations for Cyberespionage. Retrieved August 18, 2018.

Internal MISP references

UUID dfd2d832-a6c5-40e7-a554-5a92f05bebae which can be used as unique global reference for Dell TG-3390 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-18T00:00:00Z
date_published 2015-08-05T00:00:00Z
source MITRE, Tidal Cyber
title Threat Group-3390 Targets Organizations for Cyberespionage

SecureWorks TG-4127

SecureWorks Counter Threat Unit Threat Intelligence. (2016, June 16). Threat Group-4127 Targets Hillary Clinton Presidential Campaign. Retrieved August 3, 2016.

Internal MISP references

UUID 5f401c82-4e16-43a1-b234-48918fe7df9f which can be used as unique global reference for SecureWorks TG-4127 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-03T00:00:00Z
date_published 2016-06-16T00:00:00Z
source MITRE
title Threat Group-4127 Targets Hillary Clinton Presidential Campaign

McAfee APT28 DDE1 Nov 2017

Sherstobitoff, R., Rea, M. (2017, November 7). Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack. Retrieved November 21, 2017.

Internal MISP references

UUID 8670f4ee-7491-4c37-9832-99d6f8f54ba8 which can be used as unique global reference for McAfee APT28 DDE1 Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-21T00:00:00Z
date_published 2017-11-07T00:00:00Z
source MITRE
title Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack

Unit 42 9 15 2023

Amer Elsad; Kristopher Russo; Austin Dever. (2023, September 15). Threat Group Assessment Muddled Libra (Updated). Retrieved January 1, 2024.

Internal MISP references

UUID 5e9842ae-180f-4645-a5f5-5ddfb8b2d810 which can be used as unique global reference for Unit 42 9 15 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-01T00:00:00Z
date_published 2023-09-15T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Threat Group Assessment Muddled Libra (Updated)

Awake Security Avaddon

Gahlot, A. (n.d.). Threat Hunting for Avaddon Ransomware. Retrieved August 19, 2021.

Internal MISP references

UUID c113cde7-5dd5-45e9-af16-3ab6ed0b1728 which can be used as unique global reference for Awake Security Avaddon in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-19T00:00:00Z
source MITRE
title Threat Hunting for Avaddon Ransomware

Detecting Command & Control in the Cloud

Gary Golomb. (n.d.). Threat Hunting Series: Detecting Command & Control in the Cloud. Retrieved July 8, 2022.

Internal MISP references

UUID b12e0288-48cd-46ec-8305-0f4d050782f2 which can be used as unique global reference for Detecting Command & Control in the Cloud in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-08T00:00:00Z
source MITRE
title Threat Hunting Series: Detecting Command & Control in the Cloud

Awake Security C2 Cloud

Gary Golomb and Tory Kei. (n.d.). Threat Hunting Series: Detecting Command & Control in the Cloud. Retrieved May 27, 2022.

Internal MISP references

UUID fa3762ce-3e60-4991-b464-12601d2a6912 which can be used as unique global reference for Awake Security C2 Cloud in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-27T00:00:00Z
source MITRE
title Threat Hunting Series: Detecting Command & Control in the Cloud

Threat Matrix for Kubernetes

Weizman, Y. (2020, April 2). Threat Matrix for Kubernetes. Retrieved March 30, 2021.

Internal MISP references

UUID 43fab719-e348-4902-8df3-8807765b95f0 which can be used as unique global reference for Threat Matrix for Kubernetes in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-30T00:00:00Z
date_published 2020-04-02T00:00:00Z
source MITRE
title Threat Matrix for Kubernetes

SecureWorks BRONZE MOHAWK n.d.

SecureWorks. (n.d.). Threat Profile - BRONZE MOHAWK. Retrieved August 24, 2021.

Internal MISP references

UUID b741fe9a-4b08-44b9-b6e7-5988eee486a3 which can be used as unique global reference for SecureWorks BRONZE MOHAWK n.d. in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-24T00:00:00Z
source MITRE
title Threat Profile - BRONZE MOHAWK

ESET T3 Threat Report 2021

ESET. (2022, February). THREAT REPORT T3 2021. Retrieved February 10, 2022.

Internal MISP references

UUID 34a23b22-2d39-47cc-a1e9-47f7f490dcbd which can be used as unique global reference for ESET T3 Threat Report 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-10T00:00:00Z
date_published 2022-02-01T00:00:00Z
source MITRE
title THREAT REPORT T3 2021

BlackBerry Amadey 2020

Kasuya, M. (2020, January 8). Threat Spotlight: Amadey Bot Targets Non-Russian Users. Retrieved July 14, 2022.

Internal MISP references

UUID 21b7a7c7-55a2-4235-ba11-d34ba68d1bf5 which can be used as unique global reference for BlackBerry Amadey 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-14T00:00:00Z
date_published 2020-01-08T00:00:00Z
source MITRE
title Threat Spotlight: Amadey Bot Targets Non-Russian Users

CiscoAngler

Nick Biasini. (2015, March 3). Threat Spotlight: Angler Lurking in the Domain Shadows. Retrieved March 6, 2017.

Internal MISP references

UUID 0b10d7d4-9c18-4fd8-933a-b46e41d618ab which can be used as unique global reference for CiscoAngler in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-06T00:00:00Z
date_published 2015-03-03T00:00:00Z
source MITRE
title Threat Spotlight: Angler Lurking in the Domain Shadows

Talos IPFS 2022

Edmund Brumaghin. (2022, November 9). Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns. Retrieved March 8, 2023.

Internal MISP references

UUID dc98c7ce-0a3f-5f35-9885-6c1c73e5858d which can be used as unique global reference for Talos IPFS 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-08T00:00:00Z
date_published 2022-11-09T00:00:00Z
source MITRE
title Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns

Cisco Group 72

Esler, J., Lee, M., and Williams, C. (2014, October 14). Threat Spotlight: Group 72. Retrieved January 14, 2016.

Internal MISP references

UUID b9201737-ef72-46d4-8e86-89fee5b98aa8 which can be used as unique global reference for Cisco Group 72 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-14T00:00:00Z
date_published 2014-10-14T00:00:00Z
source MITRE
title Threat Spotlight: Group 72

Talos ZxShell Oct 2014

Allievi, A., et al. (2014, October 28). Threat Spotlight: Group 72, Opening the ZxShell. Retrieved September 24, 2019.

Internal MISP references

UUID 41c20013-71b3-4957-98f0-fb919014c93e which can be used as unique global reference for Talos ZxShell Oct 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-24T00:00:00Z
date_published 2014-10-28T00:00:00Z
source MITRE
title Threat Spotlight: Group 72, Opening the ZxShell

Infinitum IT LockBit 3.0

Infinitum IT. (n.d.). Threat Spotlight: Lockbit Black 3.0 Ransomware. Retrieved May 19, 2023.

Internal MISP references

UUID 8bee2689-dfd8-45b2-b8dd-e87ab3ade0ec which can be used as unique global reference for Infinitum IT LockBit 3.0 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-19T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Threat Spotlight: Lockbit Black 3.0 Ransomware

BlackBerry SystemBC June 10 2021

The BlackBerry Research & Intelligence Team. (2021, June 10). Threat Thursday: SystemBC – a RAT in the Pipeline. Retrieved September 21, 2023.

Internal MISP references

UUID 08186ff9-6ca5-4c09-b5e7-b883eb15fdba which can be used as unique global reference for BlackBerry SystemBC June 10 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-21T00:00:00Z
date_published 2021-06-10T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Threat Thursday: SystemBC – a RAT in the Pipeline

DOJ North Korea Indictment Feb 2021

Department of Justice. (2021, February 17). Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe. Retrieved June 9, 2021.

Internal MISP references

UUID d702653f-a9da-4a36-8f84-97caeb445266 which can be used as unique global reference for DOJ North Korea Indictment Feb 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-09T00:00:00Z
date_published 2021-02-17T00:00:00Z
source MITRE
title Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe

Symantec Thrip June 2018

Security Response Attack Investigation Team. (2018, June 19). Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies. Retrieved July 10, 2018.

Internal MISP references

UUID 482a6946-b663-4789-a31f-83fb2132118d which can be used as unique global reference for Symantec Thrip June 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-10T00:00:00Z
date_published 2018-06-19T00:00:00Z
source MITRE, Tidal Cyber
title Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies

FireEye Bootkits

Andonov, D., et al. (2015, December 7). Thriving Beyond The Operating System: Financial Threat Group Targets Volume Boot Record. Retrieved May 13, 2016.

Internal MISP references

UUID 585827a8-1f03-439d-b66e-ad5290117c1b which can be used as unique global reference for FireEye Bootkits in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-05-13T00:00:00Z
date_published 2015-12-07T00:00:00Z
source MITRE
title Thriving Beyond The Operating System: Financial Threat Group Targets Volume Boot Record

SpecterOps AWS Traffic Mirroring

Luke Paine. (2020, March 11). Through the Looking Glass — Part 1. Retrieved March 17, 2022.

Internal MISP references

UUID 6ab2cfa1-230f-498e-8049-fcdd2f7296dd which can be used as unique global reference for SpecterOps AWS Traffic Mirroring in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-17T00:00:00Z
date_published 2020-03-11T00:00:00Z
source MITRE
title Through the Looking Glass — Part 1

Ossmann Star Feb 2011

Michael Ossmann. (2011, February 17). Throwing Star LAN Tap. Retrieved March 30, 2018.

Internal MISP references

UUID 1be27354-1326-4568-b26a-d0034acecba2 which can be used as unique global reference for Ossmann Star Feb 2011 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-30T00:00:00Z
date_published 2011-02-17T00:00:00Z
source MITRE
title Throwing Star LAN Tap

Trend Micro April 05 2022

Trend Micro. (2022, April 5). Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload. Retrieved May 7, 2023.

Internal MISP references

UUID c049ac17-1fa9-42ff-9220-1ed40890dc77 which can be used as unique global reference for Trend Micro April 05 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2022-04-05T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload

Symantec Tick Apr 2016

DiMaggio, J. (2016, April 28). Tick cyberespionage group zeros in on Japan. Retrieved July 16, 2018.

Internal MISP references

UUID 3e29cacc-2c05-4f35-8dd1-948f8aee6713 which can be used as unique global reference for Symantec Tick Apr 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-16T00:00:00Z
date_published 2016-04-28T00:00:00Z
source MITRE
title Tick cyberespionage group zeros in on Japan

TightVNC Software Project Page

TightVNC Software. (n.d.). TightVNC Software. Retrieved July 10, 2023.

Internal MISP references

UUID e1725230-4f6c-47c5-8e30-90dfb01a75d7 which can be used as unique global reference for TightVNC Software Project Page in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-10T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title TightVNC Software

AnyRun TimeBomb

Malicious History. (2020, September 17). Time Bombs: Malware With Delayed Execution. Retrieved April 22, 2021.

Internal MISP references

UUID cd369bf9-80a8-426f-a0aa-c9745b40696c which can be used as unique global reference for AnyRun TimeBomb in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-22T00:00:00Z
date_published 2020-09-17T00:00:00Z
source MITRE
title Time Bombs: Malware With Delayed Execution

Microsoft TimeProvider

Microsoft. (n.d.). Time Provider. Retrieved March 26, 2018.

Internal MISP references

UUID cf7c1db8-6282-4ccd-9609-5a012faf70d6 which can be used as unique global reference for Microsoft TimeProvider in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-26T00:00:00Z
source MITRE
title Time Provider

Talos TinyTurla September 2021

Cisco Talos. (2021, September 21). TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines. Retrieved December 2, 2021.

Internal MISP references

UUID 94cdbd73-a31a-4ec3-aa36-de3ea077c1c7 which can be used as unique global reference for Talos TinyTurla September 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-02T00:00:00Z
date_published 2021-09-21T00:00:00Z
source MITRE
title TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines

Kaspersky ToddyCat Check Logs October 2023

Dedola, G. et al. (2023, October 12). ToddyCat: Keep calm and check logs. Retrieved January 3, 2024.

Internal MISP references

UUID dbdaf320-eada-5bbb-95ab-aaa987ed7960 which can be used as unique global reference for Kaspersky ToddyCat Check Logs October 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-03T00:00:00Z
date_published 2023-10-12T00:00:00Z
source MITRE
title ToddyCat: Keep calm and check logs

Pentestlab Token Manipulation

netbiosX. (2017, April 3). Token Manipulation. Retrieved April 21, 2017.

Internal MISP references

UUID 243deb44-4d47-4c41-bd5d-262c4319cce5 which can be used as unique global reference for Pentestlab Token Manipulation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-04-21T00:00:00Z
date_published 2017-04-03T00:00:00Z
source MITRE
title Token Manipulation

Token tactics

Microsoft Incident Response. (2022, November 16). Token tactics: How to prevent, detect, and respond to cloud token theft. Retrieved December 26, 2023.

Internal MISP references

UUID e254e336-2e3e-5bea-a9e9-0f42f333b894 which can be used as unique global reference for Token tactics in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-26T00:00:00Z
date_published 2022-11-16T00:00:00Z
source MITRE
title Token tactics: How to prevent, detect, and respond to cloud token theft

Langer Stuxnet

Ralph Langner. (2013, November). To Kill a Centrifuge: A Technical Analysis of What Stuxnet's Creators Tried to Achieve. Retrieved December 7, 2020.

Internal MISP references

UUID 76b99581-e94d-4e51-8110-80557474048e which can be used as unique global reference for Langer Stuxnet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-07T00:00:00Z
date_published 2013-11-01T00:00:00Z
source MITRE
title To Kill a Centrifuge: A Technical Analysis of What Stuxnet's Creators Tried to Achieve

TrendMicro Tonto Team October 2020

Daniel Lughi, Jaromir Horejsi. (2020, October 2). Tonto Team - Exploring the TTPs of an advanced threat actor operating a large infrastructure. Retrieved October 17, 2021.

Internal MISP references

UUID 140e6b01-6b98-4f82-9455-0c84b3856b86 which can be used as unique global reference for TrendMicro Tonto Team October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-17T00:00:00Z
date_published 2020-10-02T00:00:00Z
source MITRE
title Tonto Team - Exploring the TTPs of an advanced threat actor operating a large infrastructure

NorthSec 2015 GData Uroburos Tools

Rascagneres, P. (2015, May). Tools used by the Uroburos actors. Retrieved August 18, 2016.

Internal MISP references

UUID 99e2709e-a32a-4fbf-a20a-ffcdd8befdc8 which can be used as unique global reference for NorthSec 2015 GData Uroburos Tools in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-18T00:00:00Z
date_published 2015-05-01T00:00:00Z
source MITRE
title Tools used by the Uroburos actors

Cider Security Top 10 CICD Security Risks

Daniel Krivelevich and Omer Gil. (n.d.). Top 10 CI/CD Security Risks. Retrieved March 24, 2024.

Internal MISP references

UUID 512974b7-b464-52af-909a-2cb880b524e5 which can be used as unique global reference for Cider Security Top 10 CICD Security Risks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-24T00:00:00Z
source MITRE
title Top 10 CI/CD Security Risks

Dingledine Tor The Second-Generation Onion Router

Roger Dingledine, Nick Mathewson and Paul Syverson. (2004). Tor: The Second-Generation Onion Router. Retrieved December 21, 2017.

Internal MISP references

UUID ffb6a26d-2da9-4cce-bb2d-5280e9cc16b4 which can be used as unique global reference for Dingledine Tor The Second-Generation Onion Router in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-21T00:00:00Z
date_published 2004-01-01T00:00:00Z
source MITRE
title Tor: The Second-Generation Onion Router

FireEye FIN7 Shim Databases

Erickson, J., McWhirt, M., Palombo, D. (2017, May 3). To SDB, Or Not To SDB: FIN7 Leveraging Shim Databases for Persistence. Retrieved July 18, 2017.

Internal MISP references

UUID 25d8bac0-9187-45db-ad96-c7bce20cef00 which can be used as unique global reference for FireEye FIN7 Shim Databases in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-18T00:00:00Z
date_published 2017-05-03T00:00:00Z
source MITRE
title To SDB, Or Not To SDB: FIN7 Leveraging Shim Databases for Persistence

LOLBAS Tracker

LOLBAS. (n.d.). Tracker.exe. Retrieved July 31, 2019.

Internal MISP references

UUID f0e368f1-3347-41ef-91fb-995c3cb07707 which can be used as unique global reference for LOLBAS Tracker in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-31T00:00:00Z
source MITRE
title Tracker.exe

BushidoToken Akira 2023

Will Thomas. (2023, September 15). Tracking Adversaries: Akira, another descendent of Conti. Retrieved February 21, 2024.

Internal MISP references

UUID 8fe09ef1-f72e-5261-b79f-5d41fad51eac which can be used as unique global reference for BushidoToken Akira 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-21T00:00:00Z
date_published 2023-09-15T00:00:00Z
source MITRE
title Tracking Adversaries: Akira, another descendent of Conti

BushidoToken Scattered Spider August 16 2023

BushidoToken. (2023, August 16). Tracking Adversaries: Scattered Spider, the BlackCat affiliate. Retrieved September 14, 2023.

Internal MISP references

UUID 621a8320-0e3c-444f-b82a-7fd4fdf9fb67 which can be used as unique global reference for BushidoToken Scattered Spider August 16 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-14T00:00:00Z
date_published 2023-08-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Tracking Adversaries: Scattered Spider, the BlackCat affiliate

Lateral Movement Payne

Payne, J. (2015, November 26). Tracking Lateral Movement Part One - Special Groups and Specific Service Accounts. Retrieved February 1, 2016.

Internal MISP references

UUID 5d5ca6a4-5e2f-4679-9040-b68d524778ff which can be used as unique global reference for Lateral Movement Payne in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-02-01T00:00:00Z
date_published 2015-11-26T00:00:00Z
source MITRE
title Tracking Lateral Movement Part One - Special Groups and Specific Service Accounts

Unit 42 KerrDown February 2019

Ray, V. and Hayashi, K. (2019, February 1). Tracking OceanLotus’ new Downloader, KerrDown. Retrieved October 1, 2021.

Internal MISP references

UUID bff5dbfe-d080-46c1-82b7-272e03d2aa8c which can be used as unique global reference for Unit 42 KerrDown February 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-01T00:00:00Z
date_published 2019-02-01T00:00:00Z
source MITRE
title Tracking OceanLotus’ new Downloader, KerrDown

Trend Micro TeamTNT

Fiser, D. Oliveira, A. (n.d.). Tracking the Activities of TeamTNT A Closer Look at a Cloud-Focused Malicious Actor Group. Retrieved September 22, 2021.

Internal MISP references

UUID d6b52135-6bb2-4e37-8f94-1e1d6354bdfd which can be used as unique global reference for Trend Micro TeamTNT in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-22T00:00:00Z
source MITRE
title Tracking the Activities of TeamTNT A Closer Look at a Cloud-Focused Malicious Actor Group

Okta HAR Files Incident Notice

David Bradbury. (2023, October 20). Tracking Unauthorized Access to Okta's Support System. Retrieved December 19, 2023.

Internal MISP references

UUID 14855034-494e-477d-8c91-fc534fd7790d which can be used as unique global reference for Okta HAR Files Incident Notice in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-19T00:00:00Z
date_published 2023-10-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Tracking Unauthorized Access to Okta's Support System

SANS Windshift August 2018

Karim, T. (2018, August). TRAILS OF WINDSHIFT. Retrieved June 25, 2020.

Internal MISP references

UUID 97eac0f2-d528-4f7c-8425-7531eae4fc39 which can be used as unique global reference for SANS Windshift August 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-25T00:00:00Z
date_published 2018-08-01T00:00:00Z
source MITRE
title TRAILS OF WINDSHIFT

Microsoft TxF

Microsoft. (n.d.). Transactional NTFS (TxF). Retrieved December 20, 2017.

Internal MISP references

UUID f7f2eecc-19e6-4d93-8a53-91afea2f242e which can be used as unique global reference for Microsoft TxF in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
source MITRE
title Transactional NTFS (TxF)

Rclone-mega-extortion_05_2021

Justin Schoenfeld, Aaron Didier. (2021, May 4). Transferring leverage in a ransomware attack. Retrieved July 14, 2022.

Internal MISP references

UUID 9b492a2f-1326-4733-9c0e-a9454bf7fabb which can be used as unique global reference for Rclone-mega-extortion_05_2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-14T00:00:00Z
date_published 2021-05-04T00:00:00Z
source MITRE
title Transferring leverage in a ransomware attack

JScrip May 2018

Microsoft. (2018, May 31). Translating to JScript. Retrieved June 23, 2020.

Internal MISP references

UUID 99e48516-f918-477c-b85e-4ad894cc031f which can be used as unique global reference for JScrip May 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-23T00:00:00Z
date_published 2018-05-31T00:00:00Z
source MITRE
title Translating to JScript

tt_obliqueRAT

Malhotra, A., McKay, K. et al. (2021, May 13). Transparent Tribe APT expands its Windows malware arsenal . Retrieved July 29, 2022.

Internal MISP references

UUID be1e3092-1981-457b-ae76-b55b057e1d73 which can be used as unique global reference for tt_obliqueRAT in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-29T00:00:00Z
date_published 2021-05-13T00:00:00Z
source MITRE
title Transparent Tribe APT expands its Windows malware arsenal

Talos Transparent Tribe May 2021

Malhotra, A. et al. (2021, May 13). Transparent Tribe APT expands its Windows malware arsenal. Retrieved September 2, 2021.

Internal MISP references

UUID 5d58c285-bc7d-4a8a-a96a-ac7118c1089d which can be used as unique global reference for Talos Transparent Tribe May 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-02T00:00:00Z
date_published 2021-05-13T00:00:00Z
source MITRE, Tidal Cyber
title Transparent Tribe APT expands its Windows malware arsenal

Cisco Talos Transparent Tribe Education Campaign July 2022

N. Baisini. (2022, July 13). Transparent Tribe begins targeting education sector in latest campaign. Retrieved September 22, 2022.

Internal MISP references

UUID acb10fb6-608f-44d3-9faf-7e577b0e2786 which can be used as unique global reference for Cisco Talos Transparent Tribe Education Campaign July 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-22T00:00:00Z
date_published 2022-07-13T00:00:00Z
source MITRE
title Transparent Tribe begins targeting education sector in latest campaign

tt_httrack_fake_domains

Malhotra, A., Thattil, J. et al. (2022, March 29). Transparent Tribe campaign uses new bespoke malware to target Indian government officials . Retrieved September 6, 2022.

Internal MISP references

UUID 9bdda422-dbf7-4b70-a7b1-9e3ad658c239 which can be used as unique global reference for tt_httrack_fake_domains in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-06T00:00:00Z
date_published 2022-03-29T00:00:00Z
source MITRE
title Transparent Tribe campaign uses new bespoke malware to target Indian government officials

Securelist Trasparent Tribe 2020

Dedola, G. (2020, August 20). Transparent Tribe: Evolution analysis, part 1. Retrieved April 1, 2021.

Internal MISP references

UUID 0db470b1-ab22-4b67-a858-472e4de7c6f0 which can be used as unique global reference for Securelist Trasparent Tribe 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-01T00:00:00Z
date_published 2020-08-20T00:00:00Z
source MITRE
title Transparent Tribe: Evolution analysis, part 1

Kaspersky Transparent Tribe August 2020

Dedola, G. (2020, August 20). Transparent Tribe: Evolution analysis, part 1. Retrieved September 2, 2021.

Internal MISP references

UUID 42c7faa2-f664-4e4a-9d23-93c88a09da5b which can be used as unique global reference for Kaspersky Transparent Tribe August 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-02T00:00:00Z
date_published 2020-08-20T00:00:00Z
source MITRE, Tidal Cyber
title Transparent Tribe: Evolution analysis, part 1

Microsoft TransportAgent Jun 2016

Microsoft. (2016, June 1). Transport agents. Retrieved June 24, 2019.

Internal MISP references

UUID 16ae3e7e-5f0d-4ca9-8453-be960b2111b6 which can be used as unique global reference for Microsoft TransportAgent Jun 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-24T00:00:00Z
date_published 2016-06-01T00:00:00Z
source MITRE
title Transport agents

Trap Manual

ss64. (n.d.). trap. Retrieved May 21, 2019.

Internal MISP references

UUID 143462e1-b7e8-4e18-9cb1-6f4f3969e891 which can be used as unique global reference for Trap Manual in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-21T00:00:00Z
source MITRE
title trap

Red Canary Netwire Linux 2022

TONY LAMBERT. (2022, June 7). Trapping the Netwire RAT on Linux. Retrieved September 28, 2023.

Internal MISP references

UUID 6d4c6c52-38ae-52f5-b438-edeceed446a5 which can be used as unique global reference for Red Canary Netwire Linux 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-28T00:00:00Z
date_published 2022-06-07T00:00:00Z
source MITRE
title Trapping the Netwire RAT on Linux

Cyberciti Trap Statements

Cyberciti. (2016, March 29). Trap statement. Retrieved May 21, 2019.

Internal MISP references

UUID 24cf5471-f327-4407-b32f-055537f3495e which can be used as unique global reference for Cyberciti Trap Statements in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-21T00:00:00Z
date_published 2016-03-29T00:00:00Z
source MITRE
title Trap statement

Dept. of Treasury Iran Sanctions September 2020

Dept. of Treasury. (2020, September 17). Treasury Sanctions Cyber Actors Backed by Iranian Intelligence. Retrieved December 10, 2020.

Internal MISP references

UUID 0c8ff80a-6b1d-4212-aa40-99aeef04ce05 which can be used as unique global reference for Dept. of Treasury Iran Sanctions September 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-10T00:00:00Z
date_published 2020-09-17T00:00:00Z
source MITRE
title Treasury Sanctions Cyber Actors Backed by Iranian Intelligence

Treasury EvilCorp Dec 2019

U.S. Department of Treasury. (2019, December 5). Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware. Retrieved September 15, 2021.

Internal MISP references

UUID 074a52c4-26d9-4083-9349-c14e2639c1bc which can be used as unique global reference for Treasury EvilCorp Dec 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-15T00:00:00Z
date_published 2019-12-05T00:00:00Z
source MITRE
title Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware

Treasury North Korean Cyber Groups September 2019

US Treasury . (2019, September 13). Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups. Retrieved September 29, 2021.

Internal MISP references

UUID 54977bb2-2929-41d7-bdea-06d39dc76174 which can be used as unique global reference for Treasury North Korean Cyber Groups September 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
date_published 2019-09-13T00:00:00Z
source MITRE
title Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups

Mandiant APT29 Trello

Wolfram, J. et al. (2022, April 28). Trello From the Other Side: Tracking APT29 Phishing Campaigns. Retrieved August 3, 2022.

Internal MISP references

UUID 5590bb5c-d9d1-480c-bb69-1944c1cf2431 which can be used as unique global reference for Mandiant APT29 Trello in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-03T00:00:00Z
date_published 2022-04-28T00:00:00Z
source MITRE
title Trello From the Other Side: Tracking APT29 Phishing Campaigns

Mandiant. (n.d.). Trending Evil Q1 2022. Retrieved May 18, 2023.

Internal MISP references

UUID 5643a6d5-a660-4416-a4d9-6fd4d0da74ef which can be used as unique global reference for Mandiant Trending Evil Q1 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-18T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Trending Evil Q1 2022

Trend Micro - Int SP

Trend Micro. (n.d.). Retrieved February 16, 2024.

Internal MISP references

UUID 1c21c911-11db-560c-b623-5937dc478b74 which can be used as unique global reference for Trend Micro - Int SP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-16T00:00:00Z
source MITRE
title Trend Micro - Int SP

Malicious Chrome Extension Numbers

Jagpal, N., et al. (2015, August). Trends and Lessons from Three Years Fighting Malicious Extensions. Retrieved November 17, 2017.

Internal MISP references

UUID f34fcf1f-370e-4b6e-9cc4-7ee4075faf6e which can be used as unique global reference for Malicious Chrome Extension Numbers in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-17T00:00:00Z
date_published 2015-08-01T00:00:00Z
source MITRE
title Trends and Lessons from Three Years Fighting Malicious Extensions

Triage 23893f035f8564dfea5030b9fdd54120d96072bb

tria.ge. (n.d.). Triage 23893f035f8564dfea5030b9fdd54120d96072bb. Retrieved October 20, 2023.

Internal MISP references

UUID 3c4857e0-0318-435f-9459-bd57d83e84fe which can be used as unique global reference for Triage 23893f035f8564dfea5030b9fdd54120d96072bb in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Triage 23893f035f8564dfea5030b9fdd54120d96072bb

Triage e82c11612c0870e8175eafa8c9c5f9151d0b80d7

tria.ge. (n.d.). Triage e82c11612c0870e8175eafa8c9c5f9151d0b80d7. Retrieved October 20, 2023.

Internal MISP references

UUID fd9800c3-c556-4804-a4ea-f31c2b198dcf which can be used as unique global reference for Triage e82c11612c0870e8175eafa8c9c5f9151d0b80d7 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Triage e82c11612c0870e8175eafa8c9c5f9151d0b80d7

exatrack bpf filters passive backdoors

ExaTrack. (2022, May 11). Tricephalic Hellkeeper: a tale of a passive backdoor. Retrieved October 18, 2022.

Internal MISP references

UUID 84ffd130-97b9-4bbf-bc3e-42accdf248ce which can be used as unique global reference for exatrack bpf filters passive backdoors in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-10-18T00:00:00Z
date_published 2022-05-11T00:00:00Z
source MITRE
title Tricephalic Hellkeeper: a tale of a passive backdoor

Malwarebytes TrickBot Sep 2019

Umawing, J. (2019, September 3). TrickBot adds new trick to its arsenal: tampering with trusted texts. Retrieved June 15, 2020.

Internal MISP references

UUID 4d6d258f-a57f-4cfd-880a-1ecd98e26d9f which can be used as unique global reference for Malwarebytes TrickBot Sep 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-15T00:00:00Z
date_published 2019-09-03T00:00:00Z
source MITRE
title TrickBot adds new trick to its arsenal: tampering with trusted texts

TrendMicro Trickbot Feb 2019

Llimos, N., Pascual, C.. (2019, February 12). Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire. Retrieved March 12, 2019.

Internal MISP references

UUID c402888a-ccd1-4cbc-856c-ff0bdcb8b30b which can be used as unique global reference for TrendMicro Trickbot Feb 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-12T00:00:00Z
date_published 2019-02-12T00:00:00Z
source MITRE
title Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire

Eclypsium Trickboot December 2020

Eclypsium, Advanced Intelligence. (2020, December 1). TRICKBOT NOW OFFERS ‘TRICKBOOT’: PERSIST, BRICK, PROFIT. Retrieved March 15, 2021.

Internal MISP references

UUID ad72e27f-ae4f-425a-a4ef-c76a20382691 which can be used as unique global reference for Eclypsium Trickboot December 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-15T00:00:00Z
date_published 2020-12-01T00:00:00Z
source MITRE
title TRICKBOT NOW OFFERS ‘TRICKBOOT’: PERSIST, BRICK, PROFIT

IBM X-Force ITG23 Oct 2021

Villadsen, O., et al. (2021, October 13). Trickbot Rising - Gang Doubles Down on Infection Efforts to Amass Network Footholds. Retrieved June 15, 2023.

Internal MISP references

UUID d796e773-7335-549f-a79b-a2961f85a8ec which can be used as unique global reference for IBM X-Force ITG23 Oct 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-15T00:00:00Z
date_published 2021-10-13T00:00:00Z
source MITRE
title Trickbot Rising - Gang Doubles Down on Infection Efforts to Amass Network Footholds

Trend Micro Trickbot Nov 2018

Anthony, N., Pascual, C.. (2018, November 1). Trickbot Shows Off New Trick: Password Grabber Module. Retrieved November 16, 2018.

Internal MISP references

UUID 5504d906-579e-4b1c-8864-d811b67a25f8 which can be used as unique global reference for Trend Micro Trickbot Nov 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-16T00:00:00Z
date_published 2018-11-01T00:00:00Z
source MITRE
title Trickbot Shows Off New Trick: Password Grabber Module

Joe Sec Trickbot

Joe Security. (2020, July 13). TrickBot's new API-Hammering explained. Retrieved September 30, 2021.

Internal MISP references

UUID f5441718-3c0d-4b26-863c-24df1130b090 which can be used as unique global reference for Joe Sec Trickbot in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-30T00:00:00Z
date_published 2020-07-13T00:00:00Z
source MITRE
title TrickBot's new API-Hammering explained

Fortinet TrickBot

Bacurio Jr., F. and Salvio, J. (2018, April 9). Trickbot’s New Reconnaissance Plugin. Retrieved February 14, 2019.

Internal MISP references

UUID a5dc1702-1930-463a-a581-74cc13e66ba5 which can be used as unique global reference for Fortinet TrickBot in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-14T00:00:00Z
date_published 2018-04-09T00:00:00Z
source MITRE
title Trickbot’s New Reconnaissance Plugin

Trickbot VNC module July 2021

Ionut Illascu. (2021, July 14). Trickbot updates its VNC module for high-value targets. Retrieved September 10, 2021.

Internal MISP references

UUID 0484ddd0-5402-4300-99d4-4504591dddc0 which can be used as unique global reference for Trickbot VNC module July 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-10T00:00:00Z
date_published 2021-07-14T00:00:00Z
source MITRE
title Trickbot updates its VNC module for high-value targets

Fidelis TrickBot Oct 2016

Reaves, J. (2016, October 15). TrickBot: We Missed you, Dyre. Retrieved August 2, 2018.

Internal MISP references

UUID 839c02d1-58ec-4e25-a981-0276dbb1acc8 which can be used as unique global reference for Fidelis TrickBot Oct 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-02T00:00:00Z
date_published 2016-10-15T00:00:00Z
source MITRE
title TrickBot: We Missed you, Dyre

Bromium Ursnif Mar 2017

Holland, A. (2019, March 7). Tricks and COMfoolery: How Ursnif Evades Detection. Retrieved June 10, 2019.

Internal MISP references

UUID 04028685-b2e0-4faf-8c9d-36d1b07f09fc which can be used as unique global reference for Bromium Ursnif Mar 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-10T00:00:00Z
date_published 2019-03-07T00:00:00Z
source MITRE
title Tricks and COMfoolery: How Ursnif Evades Detection

IBM TrickBot Nov 2016

Keshet, L. (2016, November 09). Tricks of the Trade: A Deeper Look Into TrickBot’s Machinations. Retrieved August 2, 2018.

Internal MISP references

UUID 092aec63-aea0-4bc9-9c05-add89b4233ff which can be used as unique global reference for IBM TrickBot Nov 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-02T00:00:00Z
date_published 2016-11-09T00:00:00Z
source MITRE
title Tricks of the Trade: A Deeper Look Into TrickBot’s Machinations

TrendMictro Phishing

Babon, P. (2020, September 3). Tricky 'Forms' of Phishing. Retrieved October 20, 2020.

Internal MISP references

UUID 621f1c52-5f34-4293-a507-b58c4084a19b which can be used as unique global reference for TrendMictro Phishing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
date_published 2020-09-03T00:00:00Z
source MITRE
title Tricky 'Forms' of Phishing

Trimarc Detecting Password Spraying

Metcalf, S. (2018, May 6). Trimarc Research: Detecting Password Spraying with Security Event Auditing. Retrieved January 16, 2019.

Internal MISP references

UUID aadbd0a8-00f2-404b-8d02-6d36292726da which can be used as unique global reference for Trimarc Detecting Password Spraying in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-01-16T00:00:00Z
date_published 2018-05-06T00:00:00Z
source MITRE
title Trimarc Research: Detecting Password Spraying with Security Event Auditing

Emotet Deploys TrickBot

Cybereason Nocturnus. (n.d.). Triple Threat: Emotet Deploys TrickBot to Steal Data & Spread Ryuk. Retrieved November 28, 2023.

Internal MISP references

UUID 672743fe-f83a-507e-bd38-2315d7a062e0 which can be used as unique global reference for Emotet Deploys TrickBot in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-28T00:00:00Z
source MITRE
title Triple Threat: Emotet Deploys TrickBot to Steal Data & Spread Ryuk

Dragos TRISIS

Dragos. (2017, December 13). TRISIS Malware Analysis of Safety System Targeted Malware. Retrieved January 6, 2021.

Internal MISP references

UUID 7659f7bc-2059-4a4d-a12c-17ccd99b737a which can be used as unique global reference for Dragos TRISIS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-06T00:00:00Z
date_published 2017-12-13T00:00:00Z
source MITRE
title TRISIS Malware Analysis of Safety System Targeted Malware

FireEye TRITON 2019

Miller, S, et al. (2019, April 10). TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping. Retrieved April 16, 2019.

Internal MISP references

UUID 49c97b85-ca22-400a-9dc4-6290cc117f04 which can be used as unique global reference for FireEye TRITON 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-16T00:00:00Z
date_published 2019-04-10T00:00:00Z
source MITRE
title TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping

FireEye TEMP.Veles JSON April 2019

Miller, S., et al. (2019, April 10). TRITON Appendix C. Retrieved April 29, 2019.

Internal MISP references

UUID 491783dc-7a6b-42a6-b923-c4439117e7e4 which can be used as unique global reference for FireEye TEMP.Veles JSON April 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-29T00:00:00Z
date_published 2019-04-10T00:00:00Z
source MITRE
title TRITON Appendix C

FireEye TEMP.Veles 2018

FireEye Intelligence . (2018, October 23). TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers. Retrieved April 16, 2019.

Internal MISP references

UUID e41151fa-ea11-43ca-9689-c65aae63a8d2 which can be used as unique global reference for FireEye TEMP.Veles 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-16T00:00:00Z
date_published 2018-10-23T00:00:00Z
source MITRE
title TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers

Palo Alto MoonWind March 2017

Miller-Osborn, J. and Grunzweig, J.. (2017, March 30). Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations. Retrieved March 30, 2017.

Internal MISP references

UUID 4f3d7a08-2cf5-49ed-8bcd-6df180f3d194 which can be used as unique global reference for Palo Alto MoonWind March 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-30T00:00:00Z
date_published 2017-03-30T00:00:00Z
source MITRE
title Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations

CyberESI GTALK

CyberESI. (2011). TROJAN.GTALK. Retrieved June 29, 2015.

Internal MISP references

UUID 7952f365-1284-4461-8bc3-d8e20e38e1ba which can be used as unique global reference for CyberESI GTALK in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-06-29T00:00:00Z
date_published 2011-01-01T00:00:00Z
source MITRE
title TROJAN.GTALK

Symantec Hydraq Jan 2010

Lelli, A. (2010, January 11). Trojan.Hydraq. Retrieved February 20, 2018.

Internal MISP references

UUID 2f99e508-6d0c-4590-8156-cdcadeef8ed9 which can be used as unique global reference for Symantec Hydraq Jan 2010 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-20T00:00:00Z
date_published 2010-01-11T00:00:00Z
source MITRE
title Trojan.Hydraq

Symantec Security Center Trojan.Kwampirs

Moench, B. and Aboud, E. (2016, August 23). Trojan.Kwampirs. Retrieved May 10, 2018.

Internal MISP references

UUID d6fb6b97-042c-4a66-a2ba-31c13f96a144 which can be used as unique global reference for Symantec Security Center Trojan.Kwampirs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-10T00:00:00Z
date_published 2016-08-23T00:00:00Z
source MITRE
title Trojan.Kwampirs

Symantec Naid June 2012

Neville, A. (2012, June 15). Trojan.Naid. Retrieved February 22, 2018.

Internal MISP references

UUID dc3c16b3-e06b-4b56-b6bd-b98a0b39df3b which can be used as unique global reference for Symantec Naid June 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-22T00:00:00Z
date_published 2012-06-15T00:00:00Z
source MITRE
title Trojan.Naid

Symantec Pasam May 2012

Mullaney, C. & Honda, H. (2012, May 4). Trojan.Pasam. Retrieved February 22, 2018.

Internal MISP references

UUID c8135017-43c5-4bde-946e-141684c29b7a which can be used as unique global reference for Symantec Pasam May 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-22T00:00:00Z
date_published 2012-05-04T00:00:00Z
source MITRE
title Trojan.Pasam

Microsoft TrojanSpy:Win32/Ursnif.gen!I Sept 2017

Microsoft. (2017, September 15). TrojanSpy:Win32/Ursnif.gen!I. Retrieved December 18, 2017.

Internal MISP references

UUID 2b0c16e3-9ea0-455e-ae01-18d9b388fea6 which can be used as unique global reference for Microsoft TrojanSpy:Win32/Ursnif.gen!I Sept 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-18T00:00:00Z
date_published 2017-09-15T00:00:00Z
source MITRE
title TrojanSpy:Win32/Ursnif.gen!I

Symantec Ushedix June 2008

Symantec. (2008, June 28). Trojan.Ushedix. Retrieved December 18, 2017.

Internal MISP references

UUID 9df2b407-df20-403b-ba1b-a681b9c74c7e which can be used as unique global reference for Symantec Ushedix June 2008 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-18T00:00:00Z
date_published 2008-06-28T00:00:00Z
source MITRE
title Trojan.Ushedix

Symantec Volgmer Aug 2014

Yagi, J. (2014, August 24). Trojan.Volgmer. Retrieved July 16, 2018.

Internal MISP references

UUID 8f5ba106-267a-4f9e-9498-04e27f509c5e which can be used as unique global reference for Symantec Volgmer Aug 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-16T00:00:00Z
date_published 2014-08-24T00:00:00Z
source MITRE
title Trojan.Volgmer

FSecure Lokibot November 2019

Kazem, M. (2019, November 25). Trojan:W32/Lokibot. Retrieved May 15, 2020.

Internal MISP references

UUID e4ed8915-8f1e-47a0-ad99-075c66fa9cd3 which can be used as unique global reference for FSecure Lokibot November 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-15T00:00:00Z
date_published 2019-11-25T00:00:00Z
source MITRE
title Trojan:W32/Lokibot

Microsoft Totbrick Oct 2017

Pornasdoro, A. (2017, October 12). Trojan:Win32/Totbrick. Retrieved September 14, 2018.

Internal MISP references

UUID 3abe861b-0e3b-458a-98cf-38450058b4a5 which can be used as unique global reference for Microsoft Totbrick Oct 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-14T00:00:00Z
date_published 2017-10-12T00:00:00Z
source MITRE
title Trojan:Win32/Totbrick

Ciubotariu 2014

Ciubotariu, M. (2014, January 23). Trojan.Zeroaccess.C Hidden in NTFS EA. Retrieved December 2, 2014.

Internal MISP references

UUID 8a4583fe-cf73-47ba-a4ea-3e5ef1eb51b6 which can be used as unique global reference for Ciubotariu 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-02T00:00:00Z
date_published 2014-01-23T00:00:00Z
source MITRE
title Trojan.Zeroaccess.C Hidden in NTFS EA

TrendMicro TROJ-FAKEAV OCT 2012

Sioting, S. (2012, October 8). TROJ_FAKEAV.GZD. Retrieved August 8, 2018.

Internal MISP references

UUID 5d9e974f-07f8-48e4-96b6-632ecb31465d which can be used as unique global reference for TrendMicro TROJ-FAKEAV OCT 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-08T00:00:00Z
date_published 2012-10-08T00:00:00Z
source MITRE
title TROJ_FAKEAV.GZD

troj_zegost

Trend Micro. (2012, October 9). TROJ_ZEGOST. Retrieved September 2, 2021.

Internal MISP references

UUID c3790ad6-704a-4076-8729-61b5df9d7983 which can be used as unique global reference for troj_zegost in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-02T00:00:00Z
date_published 2012-10-09T00:00:00Z
source MITRE
title TROJ_ZEGOST

TrendMicro Tropic Trooper May 2020

Chen, J.. (2020, May 12). Tropic Trooper’s Back: USBferry Attack Targets Air gapped Environments. Retrieved May 20, 2020.

Internal MISP references

UUID 4fbc1df0-f174-4461-817d-0baf6e947ba1 which can be used as unique global reference for TrendMicro Tropic Trooper May 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-20T00:00:00Z
date_published 2020-05-12T00:00:00Z
source MITRE, Tidal Cyber
title Tropic Trooper’s Back: USBferry Attack Targets Air gapped Environments

TrendMicro Tropic Trooper Mar 2018

Horejsi, J., et al. (2018, March 14). Tropic Trooper’s New Strategy. Retrieved November 9, 2018.

Internal MISP references

UUID 5d69d122-13bc-45c4-95ab-68283a21b699 which can be used as unique global reference for TrendMicro Tropic Trooper Mar 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-09T00:00:00Z
date_published 2018-03-14T00:00:00Z
source MITRE, Tidal Cyber
title Tropic Trooper’s New Strategy

Unit 42 Tropic Trooper Nov 2016

Ray, V. (2016, November 22). Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy. Retrieved November 9, 2018.

Internal MISP references

UUID cad84e3d-9506-44f8-bdd9-d090e6ce9b06 which can be used as unique global reference for Unit 42 Tropic Trooper Nov 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-09T00:00:00Z
date_published 2016-11-22T00:00:00Z
source MITRE
title Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy

paloalto Tropic Trooper 2016

Ray, V., et al. (2016, November 22). Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy. Retrieved December 18, 2020.

Internal MISP references

UUID 47524b17-1acd-44b1-8de5-168369fa9455 which can be used as unique global reference for paloalto Tropic Trooper 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-18T00:00:00Z
date_published 2016-11-22T00:00:00Z
source MITRE
title Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy

Microsoft Conditional Access Policy Changes

Microsoft. (2023, October 23). Troubleshooting Conditional Access policy changes. Retrieved January 2, 2024.

Internal MISP references

UUID fb9ad2ce-c6bc-584b-b42e-0e7c23e5d6cc which can be used as unique global reference for Microsoft Conditional Access Policy Changes in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-02T00:00:00Z
date_published 2023-10-23T00:00:00Z
source MITRE
title Troubleshooting Conditional Access policy changes

GitHub truffleHog

Dylan Ayrey. (2016, December 31). truffleHog. Retrieved October 19, 2020.

Internal MISP references

UUID 324a563f-55ee-49e9-9fc7-2b8e35f36875 which can be used as unique global reference for GitHub truffleHog in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
date_published 2016-12-31T00:00:00Z
source MITRE
title truffleHog

TCG Trusted Platform Module

Trusted Computing Group. (2008, April 29). Trusted Platform Module (TPM) Summary. Retrieved June 8, 2016.

Internal MISP references

UUID 51a2a2fd-7828-449d-aab5-dbcf5d37f020 which can be used as unique global reference for TCG Trusted Platform Module in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-08T00:00:00Z
date_published 2008-04-29T00:00:00Z
source MITRE
title Trusted Platform Module (TPM) Summary

Microsoft Trusts

Microsoft. (2009, October 7). Trust Technologies. Retrieved February 14, 2019.

Internal MISP references

UUID e6bfc6a8-9eea-4c65-9c2b-04749da72a92 which can be used as unique global reference for Microsoft Trusts in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-14T00:00:00Z
date_published 2009-10-07T00:00:00Z
source MITRE
title Trust Technologies

SSHjack Blackhat

Adam Boileau. (2005, August 5). Trust Transience: Post Intrusion SSH Hijacking. Retrieved December 19, 2017.

Internal MISP references

UUID 64f94126-de4c-4204-8409-d26804f32cff which can be used as unique global reference for SSHjack Blackhat in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-19T00:00:00Z
date_published 2005-08-05T00:00:00Z
source MITRE
title Trust Transience: Post Intrusion SSH Hijacking

Trend Micro Totbrick Oct 2016

Antazo, F. (2016, October 31). TSPY_TRICKLOAD.N. Retrieved September 14, 2018.

Internal MISP references

UUID d6419764-f203-4089-8b38-860c442238e7 which can be used as unique global reference for Trend Micro Totbrick Oct 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-14T00:00:00Z
date_published 2016-10-31T00:00:00Z
source MITRE
title TSPY_TRICKLOAD.N

Ttdinject.exe - LOLBAS Project

LOLBAS. (2020, May 12). Ttdinject.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 3146c9c9-9836-4ce5-afe6-ef8f7b4a7b9d which can be used as unique global reference for Ttdinject.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-05-12T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Ttdinject.exe

ttint_rat

Tu, L. Ma, Y. Ye, G. (2020, October 1). Ttint: An IoT Remote Access Trojan spread through 2 0-day vulnerabilities. Retrieved October 28, 2021.

Internal MISP references

UUID f3e60cae-3225-4800-bc15-cb46ff715061 which can be used as unique global reference for ttint_rat in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-28T00:00:00Z
date_published 2020-10-01T00:00:00Z
source MITRE
title Ttint: An IoT Remote Access Trojan spread through 2 0-day vulnerabilities

Tttracer.exe - LOLBAS Project

LOLBAS. (2019, November 5). Tttracer.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 7c88a77e-034e-4847-8bd7-1be3a684a158 which can be used as unique global reference for Tttracer.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2019-11-05T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Tttracer.exe

Invincea XTunnel

Belcher, P.. (2016, July 28). Tunnel of Gov: DNC Hack and the Russian XTunnel. Retrieved August 3, 2016.

Internal MISP references

UUID 43773784-92b8-4722-806c-4b1fc4278bb0 which can be used as unique global reference for Invincea XTunnel in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-03T00:00:00Z
date_published 2016-07-28T00:00:00Z
source MITRE
title Tunnel of Gov: DNC Hack and the Russian XTunnel

Sysadmins of the North April 28 2015

Jan reilink. (2015, April 28). Tunnel RDP through SSH & PuTTY. Retrieved May 25, 2023.

Internal MISP references

UUID 4fc8c559-c2a1-4834-914f-c66621b117c3 which can be used as unique global reference for Sysadmins of the North April 28 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-25T00:00:00Z
date_published 2015-04-28T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Tunnel RDP through SSH & PuTTY

ThreatGeek Derusbi Converge

Fidelis Threat Research Team. (2016, May 2). Turbo Twist: Two 64-bit Derusbi Strains Converge. Retrieved August 16, 2018.

Internal MISP references

UUID a386b614-a808-42cf-be23-658f71b31560 which can be used as unique global reference for ThreatGeek Derusbi Converge in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-16T00:00:00Z
date_published 2016-05-02T00:00:00Z
source MITRE
title Turbo Twist: Two 64-bit Derusbi Strains Converge

Mandiant Suspected Turla Campaign February 2023

Hawley, S. et al. (2023, February 2). Turla: A Galaxy of Opportunity. Retrieved May 15, 2023.

Internal MISP references

UUID d8f43a52-a59e-5567-8259-821b1b6bde43 which can be used as unique global reference for Mandiant Suspected Turla Campaign February 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-15T00:00:00Z
date_published 2023-02-02T00:00:00Z
source MITRE
title Turla: A Galaxy of Opportunity

ESET Crutch December 2020

Faou, M. (2020, December 2). Turla Crutch: Keeping the “back door” open. Retrieved December 4, 2020.

Internal MISP references

UUID 8b2f40f5-7dca-4edf-8314-a8f5bc4831b8 which can be used as unique global reference for ESET Crutch December 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-04T00:00:00Z
date_published 2020-12-02T00:00:00Z
source MITRE
title Turla Crutch: Keeping the “back door” open

ESET LightNeuron May 2019

Faou, M. (2019, May). Turla LightNeuron: One email away from remote code execution. Retrieved June 24, 2019.

Internal MISP references

UUID 679aa333-572c-44ba-b94a-606f168d1ed2 which can be used as unique global reference for ESET LightNeuron May 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-24T00:00:00Z
date_published 2019-05-01T00:00:00Z
source MITRE
title Turla LightNeuron: One email away from remote code execution

ESET Turla Mosquito May 2018

ESET Research. (2018, May 22). Turla Mosquito: A shift towards more generic tools. Retrieved July 3, 2018.

Internal MISP references

UUID d683b8a2-7f90-4ae3-b763-c25fd701dbf6 which can be used as unique global reference for ESET Turla Mosquito May 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-03T00:00:00Z
date_published 2018-05-22T00:00:00Z
source MITRE
title Turla Mosquito: A shift towards more generic tools

ESET Turla August 2018

ESET. (2018, August). Turla Outlook Backdoor: Analysis of an unusual Turla backdoor. Retrieved March 11, 2019.

Internal MISP references

UUID e725fb9d-65b9-4e3f-9930-13c2c74b7fa4 which can be used as unique global reference for ESET Turla August 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-11T00:00:00Z
date_published 2018-08-01T00:00:00Z
source MITRE
title Turla Outlook Backdoor: Analysis of an unusual Turla backdoor

Accenture HyperStack October 2020

Accenture. (2020, October). Turla uses HyperStack, Carbon, and Kazuar to compromise government entity. Retrieved December 2, 2020.

Internal MISP references

UUID 680f2a0b-f69d-48bd-93ed-20ee2f79e3f7 which can be used as unique global reference for Accenture HyperStack October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-02T00:00:00Z
date_published 2020-10-01T00:00:00Z
source MITRE
title Turla uses HyperStack, Carbon, and Kazuar to compromise government entity

Gmail Delegation

Google. (n.d.). Turn Gmail delegation on or off. Retrieved April 1, 2022.

Internal MISP references

UUID dfd28a01-56ba-4c0c-9742-d8b1db49df06 which can be used as unique global reference for Gmail Delegation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-01T00:00:00Z
source MITRE
title Turn Gmail delegation on or off

Google Cloud Privilege Escalation

Chris Moberly. (2020, February 12). Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments. Retrieved April 1, 2022.

Internal MISP references

UUID 3dc4b69c-8cae-4489-8df2-5f55419fb3b1 which can be used as unique global reference for Google Cloud Privilege Escalation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-01T00:00:00Z
date_published 2020-02-12T00:00:00Z
source MITRE
title Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments

SSH in Windows

Microsoft. (2020, May 19). Tutorial: SSH in Windows Terminal. Retrieved July 26, 2021.

Internal MISP references

UUID 3006af23-b802-400f-841d-7eea7d748d28 which can be used as unique global reference for SSH in Windows in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-07-26T00:00:00Z
date_published 2020-05-19T00:00:00Z
source MITRE
title Tutorial: SSH in Windows Terminal

Microsoft NEODYMIUM Dec 2016

Microsoft. (2016, December 14). Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe. Retrieved November 27, 2017.

Internal MISP references

UUID 87c9f8e4-f8d1-4f19-86ca-6fd18a33890b which can be used as unique global reference for Microsoft NEODYMIUM Dec 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-27T00:00:00Z
date_published 2016-12-14T00:00:00Z
source MITRE, Tidal Cyber
title Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe

Twitter Richard WMIC

Ackroyd, R. (2023, March 24). Twitter. Retrieved March 24, 2023.

Internal MISP references

UUID 7d701a8e-6816-5112-ac16-b36e71d7c5db which can be used as unique global reference for Twitter Richard WMIC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-24T00:00:00Z
date_published 2023-03-24T00:00:00Z
source MITRE
title Twitter

Twitter Nick Carr APT10

Carr, N.. (2017, April 6). Retrieved June 29, 2017.

Internal MISP references

UUID 0f133f2c-3b02-4b3b-a960-ef6a7862cf8f which can be used as unique global reference for Twitter Nick Carr APT10 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-06-29T00:00:00Z
source MITRE
title Twitter Nick Carr APT10

Crowdstrike KRYPTONITE PANDA August 2018

Adam Kozy. (2018, August 30). Two Birds, One Stone Panda. Retrieved August 24, 2021.

Internal MISP references

UUID 42fe94f5-bc4c-4b0b-9c35-0bc32cbc5d79 which can be used as unique global reference for Crowdstrike KRYPTONITE PANDA August 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-24T00:00:00Z
date_published 2018-08-30T00:00:00Z
source MITRE
title Two Birds, One Stone Panda

Two New Monero Malware Attacks Target Windows and Android Users

Douglas Bonderud. (2018, September 17). Two New Monero Malware Attacks Target Windows and Android Users. Retrieved June 5, 2023.

Internal MISP references

UUID a797397b-2af7-58b9-b66a-5ded260659f0 which can be used as unique global reference for Two New Monero Malware Attacks Target Windows and Android Users in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-05T00:00:00Z
date_published 2018-09-17T00:00:00Z
source MITRE
title Two New Monero Malware Attacks Target Windows and Android Users

Trend Micro Pawn Storm April 2017

Hacquebord, F.. (2017, April 25). Two Years of Pawn Storm: Examining an Increasingly Relevant Threat. Retrieved May 3, 2017.

Internal MISP references

UUID d92f22a7-7753-47da-a850-00c073b5fd27 which can be used as unique global reference for Trend Micro Pawn Storm April 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-05-03T00:00:00Z
date_published 2017-04-25T00:00:00Z
source MITRE
title Two Years of Pawn Storm: Examining an Increasingly Relevant Threat

Almond COR_PROFILER Apr 2019

Almond. (2019, April 30). UAC bypass via elevated .NET applications. Retrieved June 24, 2020.

Internal MISP references

UUID a49c5870-2a48-4cd7-8b4e-e80c5414f565 which can be used as unique global reference for Almond COR_PROFILER Apr 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-24T00:00:00Z
date_published 2019-04-30T00:00:00Z
source MITRE
title UAC bypass via elevated .NET applications

Github UACMe

UACME Project. (2016, June 16). UACMe. Retrieved July 26, 2016.

Internal MISP references

UUID 7006d59d-3b61-4030-a680-5dac52133722 which can be used as unique global reference for Github UACMe in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-07-26T00:00:00Z
date_published 2016-06-16T00:00:00Z
source MITRE
title UACMe

ZScaler SEO

Wang, J. (2018, October 17). Ubiquitous SEO Poisoning URLs. Retrieved September 30, 2022.

Internal MISP references

UUID f117cfa5-1bad-43ae-9eaa-3b9123061f93 which can be used as unique global reference for ZScaler SEO in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-30T00:00:00Z
date_published 2018-10-17T00:00:00Z
source MITRE
title Ubiquitous SEO Poisoning URLs

PaloAlto UBoatRAT Nov 2017

Hayashi, K. (2017, November 28). UBoatRAT Navigates East Asia. Retrieved January 12, 2018.

Internal MISP references

UUID 235a1129-2f35-4861-90b8-1f761d89b0f9 which can be used as unique global reference for PaloAlto UBoatRAT Nov 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-12T00:00:00Z
date_published 2017-11-28T00:00:00Z
source MITRE
title UBoatRAT Navigates East Asia

UK NSCS Russia SolarWinds April 2021

UK NCSC. (2021, April 15). UK and US call out Russia for SolarWinds compromise. Retrieved April 16, 2021.

Internal MISP references

UUID f49e6780-8caa-4c3c-8d68-47a2cc4319a1 which can be used as unique global reference for UK NSCS Russia SolarWinds April 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-16T00:00:00Z
date_published 2021-04-15T00:00:00Z
source MITRE
title UK and US call out Russia for SolarWinds compromise

UK Gov Malign RIS Activity April 2021

UK Gov. (2021, April 15). UK and US expose global campaign of malign activity by Russian intelligence services . Retrieved April 16, 2021.

Internal MISP references

UUID 7fe5a605-c33e-4d3d-b787-2d1f649bee53 which can be used as unique global reference for UK Gov Malign RIS Activity April 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-16T00:00:00Z
date_published 2021-04-15T00:00:00Z
source MITRE
title UK and US expose global campaign of malign activity by Russian intelligence services

UK Gov UK Exposes Russia SolarWinds April 2021

UK Gov. (2021, April 15). UK exposes Russian involvement in SolarWinds cyber compromise . Retrieved April 16, 2021.

Internal MISP references

UUID ffbd83d7-9d4f-42b9-adc0-eb144045aef2 which can be used as unique global reference for UK Gov UK Exposes Russia SolarWinds April 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-16T00:00:00Z
date_published 2021-04-15T00:00:00Z
source MITRE
title UK exposes Russian involvement in SolarWinds cyber compromise

UK NCSC Olympic Attacks October 2020

UK NCSC. (2020, October 19). UK exposes series of Russian cyber attacks against Olympic and Paralympic Games . Retrieved November 30, 2020.

Internal MISP references

UUID 93053f1b-917c-4573-ba20-99fcaa16a2dd which can be used as unique global reference for UK NCSC Olympic Attacks October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-30T00:00:00Z
date_published 2020-10-19T00:00:00Z
source MITRE
title UK exposes series of Russian cyber attacks against Olympic and Paralympic Games

Cisco Ukraine Wipers January 2022

Biasini, N. et al.. (2022, January 21). Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation. Retrieved March 14, 2022.

Internal MISP references

UUID db17cc3d-9cd3-4faa-9de9-3b8fbec909c3 which can be used as unique global reference for Cisco Ukraine Wipers January 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-14T00:00:00Z
date_published 2022-01-21T00:00:00Z
source MITRE
title Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation

Symantec Ukraine Wipers February 2022

Symantec Threat Hunter Team. (2022, February 24). Ukraine: Disk-wiping Attacks Precede Russian Invasion. Retrieved March 25, 2022.

Internal MISP references

UUID 3ed4cd00-3387-4b80-bda8-0a190dc6353c which can be used as unique global reference for Symantec Ukraine Wipers February 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-25T00:00:00Z
date_published 2022-02-24T00:00:00Z
source MITRE
title Ukraine: Disk-wiping Attacks Precede Russian Invasion

Bleepingcomputer Gamardeon FSB November 2021

Toulas, B. (2018, November 4). Ukraine links members of Gamaredon hacker group to Russian FSB. Retrieved April 15, 2022.

Internal MISP references

UUID c565b025-df74-40a9-9535-b630ca06f777 which can be used as unique global reference for Bleepingcomputer Gamardeon FSB November 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-15T00:00:00Z
date_published 2018-11-04T00:00:00Z
source MITRE
title Ukraine links members of Gamaredon hacker group to Russian FSB

Leonard TAG 2023

Billy Leonard. (2023, April 19). Ukraine remains Russia’s biggest cyber focus in 2023. Retrieved March 1, 2024.

Internal MISP references

UUID 95c6ad1d-df16-5dd3-a6ef-75c1247ec5e0 which can be used as unique global reference for Leonard TAG 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-01T00:00:00Z
date_published 2023-04-19T00:00:00Z
source MITRE
title Ukraine remains Russia’s biggest cyber focus in 2023

Qualys Hermetic Wiper March 2022

Dani, M. (2022, March 1). Ukrainian Targets Hit by HermeticWiper, New Datawiper Malware. Retrieved March 25, 2022.

Internal MISP references

UUID 2b25969b-2f0b-4204-9277-596e80c4e626 which can be used as unique global reference for Qualys Hermetic Wiper March 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-25T00:00:00Z
date_published 2022-03-01T00:00:00Z
source MITRE
title Ukrainian Targets Hit by HermeticWiper, New Datawiper Malware

GitHub Ultimate AppLocker Bypass List

Moe, O. (2018, March 1). Ultimate AppLocker Bypass List. Retrieved April 10, 2018.

Internal MISP references

UUID a2fa7fb8-ddba-44cf-878f-448fb2aa6149 which can be used as unique global reference for GitHub Ultimate AppLocker Bypass List in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-10T00:00:00Z
date_published 2018-03-01T00:00:00Z
source MITRE
title Ultimate AppLocker Bypass List

Okta HAR Files RCA

David Bradbury. (2023, November 3). Unauthorized Access to Okta's Support Case Management System: Root Cause and Remediation. Retrieved December 19, 2023.

Internal MISP references

UUID 742d095c-9bd1-4f4a-8bc6-16db6d15a9f4 which can be used as unique global reference for Okta HAR Files RCA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-19T00:00:00Z
date_published 2023-11-03T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Unauthorized Access to Okta's Support Case Management System: Root Cause and Remediation

UCF. (n.d.). Unauthorized accounts must not have the Create symbolic links user right.. Retrieved December 18, 2017.

Internal MISP references

UUID 93716db0-6f88-425c-af00-ed2e941214d3 which can be used as unique global reference for UCF STIG Symbolic Links in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-18T00:00:00Z
source MITRE
title Unauthorized accounts must not have the Create symbolic links user right.

FireEye FiveHands April 2021

McLellan, T. and Moore, J. et al. (2021, April 29). UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat. Retrieved June 2, 2021.

Internal MISP references

UUID 832aeb46-b248-43e8-9157-a2f56bcd1806 which can be used as unique global reference for FireEye FiveHands April 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-02T00:00:00Z
date_published 2021-04-29T00:00:00Z
source MITRE
title UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat

Mandiant APT29 Eye Spy Email Nov 22

Mandiant. (2022, May 2). UNC3524: Eye Spy on Your Email. Retrieved August 17, 2023.

Internal MISP references

UUID 452ca091-42b1-5bef-8a01-921c1f46bbee which can be used as unique global reference for Mandiant APT29 Eye Spy Email Nov 22 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-17T00:00:00Z
date_published 2022-05-02T00:00:00Z
source MITRE
title UNC3524: Eye Spy on Your Email

Google Cloud June 10 2024

Mandiant. (2024, June 10). UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion . Retrieved June 13, 2024.

Internal MISP references

UUID 0afe3662-b55c-4189-9c9a-2be55a9b6a70 which can be used as unique global reference for Google Cloud June 10 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-06-13T00:00:00Z
date_published 2024-06-10T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion

Mandiant UNC961 March 23 2023

Ryan Tomcik, Rufus Brown, Josh Fleischer. (2023, March 23). UNC961 in the Multiverse of Mandiant: Three Encounters with a Financially Motivated Threat Actor. Retrieved November 1, 2023.

Internal MISP references

UUID cef19ceb-179f-4d49-acba-5ce40ab9f65e which can be used as unique global reference for Mandiant UNC961 March 23 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-01T00:00:00Z
date_published 2023-03-23T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title UNC961 in the Multiverse of Mandiant: Three Encounters with a Financially Motivated Threat Actor

Trend Micro DRBControl February 2020

Lunghi, D. et al. (2020, February). Uncovering DRBControl. Retrieved November 12, 2021.

Internal MISP references

UUID 4dfbf26d-023b-41dd-82c8-12fe18cb10e6 which can be used as unique global reference for Trend Micro DRBControl February 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-11-12T00:00:00Z
date_published 2020-02-01T00:00:00Z
source MITRE, Tidal Cyber
title Uncovering DRBControl

Checkpoint MosesStaff Nov 2021

Checkpoint Research. (2021, November 15). Uncovering MosesStaff techniques: Ideology over Money. Retrieved August 11, 2022.

Internal MISP references

UUID d6da2849-cff0-408a-9f09-81a33fc88a56 which can be used as unique global reference for Checkpoint MosesStaff Nov 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-11T00:00:00Z
date_published 2021-11-15T00:00:00Z
source MITRE
title Uncovering MosesStaff techniques: Ideology over Money

bencane blog bashrc

Benjamin Cane. (2013, September 16). Understanding a little more about /etc/profile and /etc/bashrc. Retrieved February 25, 2021.

Internal MISP references

UUID 503a4cd6-5cfe-4cce-b363-0cf3c8bc9feb which can be used as unique global reference for bencane blog bashrc in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-25T00:00:00Z
date_published 2013-09-16T00:00:00Z
source MITRE
title Understanding a little more about /etc/profile and /etc/bashrc

Juniper DAI 2020

Juniper. (2020, September 23). Understanding and Using Dynamic ARP Inspection (DAI). Retrieved October 15, 2020.

Internal MISP references

UUID f63b099d-a316-42a1-b1ce-17f11d0f3d2e which can be used as unique global reference for Juniper DAI 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-15T00:00:00Z
date_published 2020-09-23T00:00:00Z
source MITRE
title Understanding and Using Dynamic ARP Inspection (DAI)

Understanding BumbleBee Loader The Delivery - VMRay 9 1 2023

Emre Güler Threat Researcher. (2023, September 1). Understanding BumbleBee Loader The Delivery. Retrieved February 19, 2024.

Internal MISP references

UUID ce1bddab-f63b-400f-ba49-0a06c4f5066a which can be used as unique global reference for Understanding BumbleBee Loader The Delivery - VMRay 9 1 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-19T00:00:00Z
date_published 2023-09-01T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Understanding BumbleBee Loader The Delivery

Understanding BumbleBee The malicious behavior - VMRay 9 1 2023

Emre Güler Threat Researcher. (2023, September 1). Understanding BumbleBee The malicious behavior. Retrieved February 19, 2024.

Internal MISP references

UUID b0bedc26-d075-448e-9adc-741c047a851c which can be used as unique global reference for Understanding BumbleBee The malicious behavior - VMRay 9 1 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-19T00:00:00Z
date_published 2023-09-01T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Understanding BumbleBee The malicious behavior

Google Cloud IAM Policies

Google Cloud. (2022, March 31). Understanding policies. Retrieved April 1, 2022.

Internal MISP references

UUID b23a0df2-923d-4a5d-a40c-3ae218a0be94 which can be used as unique global reference for Google Cloud IAM Policies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-01T00:00:00Z
date_published 2022-03-31T00:00:00Z
source MITRE
title Understanding policies

Juniper Traffic Mirroring

Juniper. (n.d.). Understanding Port Mirroring on EX2200, EX3200, EX3300, EX4200, EX4500, EX4550, EX6200, and EX8200 Series Switches. Retrieved October 19, 2020.

Internal MISP references

UUID a6f62986-0b62-4316-b762-021f1bb14903 which can be used as unique global reference for Juniper Traffic Mirroring in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-19T00:00:00Z
source MITRE
title Understanding Port Mirroring on EX2200, EX3200, EX3300, EX4200, EX4500, EX4550, EX6200, and EX8200 Series Switches

U.S. CISA Understanding LockBit June 2023

Cybersecurity and Infrastructure Security Agency. (2023, June 14). Understanding Ransomware Threat Actors: LockBit. Retrieved June 30, 2023.

Internal MISP references

UUID 9c03b801-2ebe-4c7b-aa29-1b7a3625964a which can be used as unique global reference for U.S. CISA Understanding LockBit June 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-30T00:00:00Z
date_published 2023-06-14T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Understanding Ransomware Threat Actors: LockBit

Auth0 Understanding Refresh Tokens

Auth0 Inc.. (n.d.). Understanding Refresh Tokens. Retrieved December 16, 2021.

Internal MISP references

UUID 84eb3d8a-f6b1-4bb5-9411-2c8da29b5946 which can be used as unique global reference for Auth0 Understanding Refresh Tokens in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-16T00:00:00Z
source MITRE
title Understanding Refresh Tokens

Huntress ScreenConnect 2 19 2024

Team Huntress. (2024, February 19). Understanding the ConnectWise ScreenConnect CVE-2024-1709 & CVE-2024-1708 . Retrieved February 22, 2024.

Internal MISP references

UUID 8d08b5e2-13ed-4283-8bd2-f3d9a5d02bc5 which can be used as unique global reference for Huntress ScreenConnect 2 19 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-22T00:00:00Z
date_published 2024-02-19T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Understanding the ConnectWise ScreenConnect CVE-2024-1709 & CVE-2024-1708

baeldung Linux proc map 2022

baeldung. (2022, April 8). Understanding the Linux /proc/id/maps File. Retrieved March 31, 2023.

Internal MISP references

UUID b70d04e4-c5f9-5cb2-b896-9bd64e97369e which can be used as unique global reference for baeldung Linux proc map 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-31T00:00:00Z
date_published 2022-04-08T00:00:00Z
source MITRE
title Understanding the Linux /proc/id/maps File

Talos Phobos November 17 2023

Guilherme Venere. (2023, November 17). Understanding the Phobos affiliate structure and activity. Retrieved March 7, 2024.

Internal MISP references

UUID c049d198-efd0-40e2-a675-cf099b8211b3 which can be used as unique global reference for Talos Phobos November 17 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-07T00:00:00Z
date_published 2023-11-17T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Understanding the Phobos affiliate structure and activity

Mandiant APT44 April 17 2024

Gabby Roncone, Dan Black, John Wolfram, Tyler McLellan, Nick Simonian, Ryan Hall, Anton Prokopenkov, Luke Jenkins, Dan Perez, Lexie Aytes, Alden Wahlstrom. (2024, April 17). Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm. Retrieved April 17, 2024.

Internal MISP references

UUID a64f689e-2bb4-4253-86cd-545e7f633a7e which can be used as unique global reference for Mandiant APT44 April 17 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-17T00:00:00Z
date_published 2024-04-17T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm

FireEye KEGTAP SINGLEMALT October 2020

Kimberly Goody, Jeremy Kennelly, Joshua Shilko, Steve Elovitz, Douglas Bienstock. (2020, October 28). Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser. Retrieved October 28, 2020.

Internal MISP references

UUID 59162ffd-cb95-4757-bb1e-0c2a4ad5c083 which can be used as unique global reference for FireEye KEGTAP SINGLEMALT October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-28T00:00:00Z
date_published 2020-10-28T00:00:00Z
source MITRE
title Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser

Wikipedia UEFI

Wikipedia. (2017, July 10). Unified Extensible Firmware Interface. Retrieved July 11, 2017.

Internal MISP references

UUID 681c6a57-76db-410b-82d6-4e614bcdb6e0 which can be used as unique global reference for Wikipedia UEFI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-11T00:00:00Z
date_published 2017-07-10T00:00:00Z
source MITRE
title Unified Extensible Firmware Interface

New DragonOK

Miller-Osborn, J., Grunzweig, J.. (2015, April). Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets. Retrieved November 4, 2015.

Internal MISP references

UUID 82c1ed0d-a41d-4212-a3ae-a1d661bede2d which can be used as unique global reference for New DragonOK in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-11-04T00:00:00Z
date_published 2015-04-01T00:00:00Z
source MITRE
title Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets

Unit 42 Playbook Dec 2017

Unit 42. (2017, December 15). Unit 42 Playbook Viewer. Retrieved December 20, 2017.

Internal MISP references

UUID 9923f9ff-a7b8-4058-8213-3c83c54c10a6 which can be used as unique global reference for Unit 42 Playbook Dec 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 2017-12-15T00:00:00Z
source MITRE, Tidal Cyber
title Unit 42 Playbook Viewer

Unit 42 SeaDuke 2015

Grunzweig, J.. (2015, July 14). Unit 42 Technical Analysis: Seaduke. Retrieved August 3, 2016.

Internal MISP references

UUID 735d38da-9214-4141-86af-11eefa5c4d04 which can be used as unique global reference for Unit 42 SeaDuke 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-03T00:00:00Z
date_published 2015-07-14T00:00:00Z
source MITRE
title Unit 42 Technical Analysis: Seaduke

3OHA double-fork 2022

Juan Tapiador. (2022, April 11). UNIX daemonization and the double fork. Retrieved September 29, 2023.

Internal MISP references

UUID 521b79fe-bb7b-52fd-a899-b73e254027a5 which can be used as unique global reference for 3OHA double-fork 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-29T00:00:00Z
date_published 2022-04-11T00:00:00Z
source MITRE
title UNIX daemonization and the double fork

Flashpoint Anonymous Sudan Timeline

Flashpoint. (2023, June 20). Unmasking Anonymous Sudan: Timeline of DDoS Attacks, Affiliations, and Motivations. Retrieved October 10, 2023.

Internal MISP references

UUID 2e7060d2-f7bc-457e-a2e6-12897d503ea6 which can be used as unique global reference for Flashpoint Anonymous Sudan Timeline in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-10T00:00:00Z
date_published 2023-06-20T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Unmasking Anonymous Sudan: Timeline of DDoS Attacks, Affiliations, and Motivations

AADInternals Azure AD On-Prem to Cloud

Dr. Nestori Syynimaa. (2020, July 13). Unnoticed sidekick: Getting access to cloud as an on-prem admin. Retrieved September 28, 2022.

Internal MISP references

UUID 7a6a7ecd-b9c7-4371-9924-34733597556c which can be used as unique global reference for AADInternals Azure AD On-Prem to Cloud in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-09-28T00:00:00Z
date_published 2020-07-13T00:00:00Z
source MITRE
title Unnoticed sidekick: Getting access to cloud as an on-prem admin

Adsecurity Mimikatz Guide

Metcalf, S. (2015, November 13). Unofficial Guide to Mimikatz & Command Reference. Retrieved December 23, 2015.

Internal MISP references

UUID b251ed65-a145-4053-9dc2-bf0dad83d76c which can be used as unique global reference for Adsecurity Mimikatz Guide in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-12-23T00:00:00Z
date_published 2015-11-13T00:00:00Z
source MITRE
title Unofficial Guide to Mimikatz & Command Reference

InfoSec Write-ups 7 23 2023

Mov Eax. (2023, July 23). Unpacking Emotet Trojan. Retrieved February 27, 2024.

Internal MISP references

UUID 684835bb-7d67-440d-82c2-5f98c3e29341 which can be used as unique global reference for InfoSec Write-ups 7 23 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-27T00:00:00Z
date_published 2023-07-23T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Unpacking Emotet Trojan

Cyble Akira May 10 2023

Cybleinc. (2023, May 10). Unraveling Akira Ransomware. Retrieved February 27, 2024.

Internal MISP references

UUID 4a6cde5d-971e-4260-9ab4-777ee81d5af0 which can be used as unique global reference for Cyble Akira May 10 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-27T00:00:00Z
date_published 2023-05-10T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Unraveling Akira Ransomware

Kaspersky Lamberts Toolkit April 2017

GREAT. (2017, April 11). Unraveling the Lamberts Toolkit. Retrieved March 21, 2022.

Internal MISP references

UUID 2be23bfb-c6fb-455e-ae88-2ae910ccef60 which can be used as unique global reference for Kaspersky Lamberts Toolkit April 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-21T00:00:00Z
date_published 2017-04-11T00:00:00Z
source MITRE
title Unraveling the Lamberts Toolkit

CrowdStrike Grim Spider May 2019

John, E. and Carvey, H. (2019, May 30). Unraveling the Spiderweb: Timelining ATT&CK Artifacts Used by GRIM SPIDER. Retrieved May 12, 2020.

Internal MISP references

UUID 103f2b78-81ed-4096-a67a-dedaffd67e9b which can be used as unique global reference for CrowdStrike Grim Spider May 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-12T00:00:00Z
date_published 2019-05-30T00:00:00Z
source MITRE
title Unraveling the Spiderweb: Timelining ATT&CK Artifacts Used by GRIM SPIDER

Unregmp2.exe - LOLBAS Project

LOLBAS. (2021, December 6). Unregmp2.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 9ad11187-bf91-4205-98c7-c7b981e4ab6f which can be used as unique global reference for Unregmp2.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-12-06T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Unregmp2.exe

TrendMicro Patchwork Dec 2017

Lunghi, D., et al. (2017, December). Untangling the Patchwork Cyberespionage Group. Retrieved July 10, 2018.

Internal MISP references

UUID 15465b26-99e1-4956-8c81-cda3388169b8 which can be used as unique global reference for TrendMicro Patchwork Dec 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-10T00:00:00Z
date_published 2017-12-01T00:00:00Z
source MITRE
title Untangling the Patchwork Cyberespionage Group

Kaspersky Careto

Kaspersky Labs. (2014, February 11). Unveiling “Careto” - The Masked APT. Retrieved July 5, 2017.

Internal MISP references

UUID 547f1a4a-7e4a-461d-8c19-f4775cd60ac0 which can be used as unique global reference for Kaspersky Careto in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-05T00:00:00Z
date_published 2014-02-11T00:00:00Z
source MITRE
title Unveiling “Careto” - The Masked APT

NKAbuse SL

KASPERSKY GERT. (2023, December 14). Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol. Retrieved February 8, 2024.

Internal MISP references

UUID 96e199f8-1d33-574f-a507-05303db728e1 which can be used as unique global reference for NKAbuse SL in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-08T00:00:00Z
date_published 2023-12-14T00:00:00Z
source MITRE
title Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol

Cymmetria Patchwork

Cymmetria. (2016). Unveiling Patchwork - The Copy-Paste APT. Retrieved August 3, 2016.

Internal MISP references

UUID d4e43b2c-a858-4285-984f-f59db5c657bd which can be used as unique global reference for Cymmetria Patchwork in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-03T00:00:00Z
date_published 2016-01-01T00:00:00Z
source MITRE, Tidal Cyber
title Unveiling Patchwork - The Copy-Paste APT

Orange Residential Proxies

Orange Cyberdefense. (2024, March 14). Unveiling the depths of residential proxies providers. Retrieved April 11, 2024.

Internal MISP references

UUID df4b99f3-1796-57b3-a352-37be5380badc which can be used as unique global reference for Orange Residential Proxies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-04-11T00:00:00Z
date_published 2024-03-14T00:00:00Z
source MITRE
title Unveiling the depths of residential proxies providers

The DFIR Report Ursnif January 2023

The DFIR Report. (2023, January 9). Unwrapping Ursnifs Gifts. Retrieved May 10, 2023.

Internal MISP references

UUID 0c017bf7-0ec7-4e45-8c20-7db284c4a51e which can be used as unique global reference for The DFIR Report Ursnif January 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-10T00:00:00Z
date_published 2023-01-09T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Unwrapping Ursnifs Gifts

Rapid7G20Espionage

Rapid7. (2013, August 26). Upcoming G20 Summit Fuels Espionage Operations. Retrieved March 6, 2017.

Internal MISP references

UUID 2235ff2a-07b8-4198-b91d-e50739e274f4 which can be used as unique global reference for Rapid7G20Espionage in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-06T00:00:00Z
date_published 2013-08-26T00:00:00Z
source MITRE
title Upcoming G20 Summit Fuels Espionage Operations

Unit 42 BackConfig May 2020

Hinchliffe, A. and Falcone, R. (2020, May 11). Updated BackConfig Malware Targeting Government and Military Organizations in South Asia. Retrieved June 17, 2020.

Internal MISP references

UUID f26629db-c641-4b6b-abbf-b55b9cc91cf1 which can be used as unique global reference for Unit 42 BackConfig May 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-17T00:00:00Z
date_published 2020-05-11T00:00:00Z
source MITRE
title Updated BackConfig Malware Targeting Government and Military Organizations in South Asia

Secureworks Karagany July 2019

Secureworks. (2019, July 24). Updated Karagany Malware Targets Energy Sector. Retrieved August 12, 2020.

Internal MISP references

UUID 61c05edf-24aa-4399-8cdf-01d27f6595a1 which can be used as unique global reference for Secureworks Karagany July 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-12T00:00:00Z
date_published 2019-07-24T00:00:00Z
source MITRE
title Updated Karagany Malware Targets Energy Sector

Update.exe - LOLBAS Project

LOLBAS. (2019, June 26). Update.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 2c85d5e5-2cb2-4af7-8c33-8aaac3360706 which can be used as unique global reference for Update.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2019-06-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Update.exe

Microsoft - Update or Repair Federated domain

Microsoft. (2020, September 14). Update or repair the settings of a federated domain in Office 365, Azure, or Intune. Retrieved December 30, 2020.

Internal MISP references

UUID 1db3856e-d581-42e6-8038-44b0a2a2b435 which can be used as unique global reference for Microsoft - Update or Repair Federated domain in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-30T00:00:00Z
date_published 2020-09-14T00:00:00Z
source MITRE
title Update or repair the settings of a federated domain in Office 365, Azure, or Intune

Trendmicro Evolving ThiefQuest 2020

Gabrielle Joyce Mabutas, Luis Magisa, Steven Du. (2020, July 17). Updates on Quickly-Evolving ThiefQuest macOS Malware. Retrieved April 26, 2021.

Internal MISP references

UUID 880c1b9e-55a1-404c-9754-1fc2ee30a72b which can be used as unique global reference for Trendmicro Evolving ThiefQuest 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-26T00:00:00Z
date_published 2020-07-17T00:00:00Z
source MITRE
title Updates on Quickly-Evolving ThiefQuest macOS Malware

AWS Update Trail

AWS. (n.d.). update-trail. Retrieved August 4, 2023.

Internal MISP references

UUID a94e1e4a-2963-5563-a8a6-ab9f64a86476 which can be used as unique global reference for AWS Update Trail in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-04T00:00:00Z
source MITRE
title update-trail

Unit 42 Pirpi July 2015

Falcone, R., Wartell, R.. (2015, July 27). UPS: Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload. Retrieved April 23, 2019.

Internal MISP references

UUID 42d35b93-2866-46d8-b8ff-675df05db9db which can be used as unique global reference for Unit 42 Pirpi July 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-23T00:00:00Z
date_published 2015-07-27T00:00:00Z
source MITRE
title UPS: Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload

PaperCut MF/NG vulnerability bulletin

PaperCut. (2023, March 8). URGENT MF/NG vulnerability bulletin (March 2023) | PaperCut. Retrieved August 3, 2023.

Internal MISP references

UUID d6e71b45-fc91-40f4-8201-2186994ae42a which can be used as unique global reference for PaperCut MF/NG vulnerability bulletin in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-03T00:00:00Z
date_published 2023-03-08T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title URGENT MF/NG vulnerability bulletin (March 2023)

URI Use

Nathan McFeters. Billy Kim Rios. Rob Carter.. (2008). URI Use and Abuse. Retrieved February 9, 2024.

Internal MISP references

UUID 8d0aea35-c1af-5dda-a4c9-814f0e9c9334 which can be used as unique global reference for URI Use in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-09T00:00:00Z
date_published 2008-01-01T00:00:00Z
source MITRE
title URI Use and Abuse

Url.dll - LOLBAS Project

LOLBAS. (2018, May 25). Url.dll. Retrieved December 4, 2023.

Internal MISP references

UUID 0c88fb72-6be5-4a01-af1c-553650779253 which can be used as unique global reference for Url.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Url.dll

SCILabs Malteiro Threat Overlap 2023

SCILabs. (2023, October 8). URSA/Mispadu: Overlap analysis with other threats. Retrieved March 13, 2024.

Internal MISP references

UUID ed4aab9c-6b94-593b-b81e-47393197ee48 which can be used as unique global reference for SCILabs Malteiro Threat Overlap 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-13T00:00:00Z
date_published 2023-10-08T00:00:00Z
source MITRE
title URSA/Mispadu: Overlap analysis with other threats

NJCCIC Ursnif Sept 2016

NJCCIC. (2016, September 27). Ursnif. Retrieved June 4, 2019.

Internal MISP references

UUID d57a2efe-8c98-491e-aecd-e051241a1779 which can be used as unique global reference for NJCCIC Ursnif Sept 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-04T00:00:00Z
date_published 2016-09-27T00:00:00Z
source MITRE
title Ursnif

TrendMicro Ursnif Mar 2015

Caragay, R. (2015, March 26). URSNIF: The Multifaceted Malware. Retrieved June 5, 2019.

Internal MISP references

UUID d02287df-9d93-4cbe-8e59-8f4ef3debc65 which can be used as unique global reference for TrendMicro Ursnif Mar 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-06-05T00:00:00Z
date_published 2015-03-26T00:00:00Z
source MITRE
title URSNIF: The Multifaceted Malware

Proofpoint August 29 2016

Proofpoint. (2016, August 29). Ursnif Variant Dreambot Adds Tor Functionality | Proofpoint. Retrieved May 11, 2023.

Internal MISP references

UUID f05ecd1b-7844-4920-8c3a-0b30ff126ac9 which can be used as unique global reference for Proofpoint August 29 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-11T00:00:00Z
date_published 2016-08-29T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Ursnif Variant Dreambot Adds Tor Functionality

US Coast Guard Killnet August 17 2022

US Coast Guard Cyber Command. (2022, August 17). US Coast Guard Cyber Command Maritime Cyber Alert 03-22. Retrieved October 9, 2023.

Internal MISP references

UUID 2d2a6f76-9531-4b35-b247-ae5da8663a92 which can be used as unique global reference for US Coast Guard Killnet August 17 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-09T00:00:00Z
date_published 2022-08-17T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title US Coast Guard Cyber Command Maritime Cyber Alert 03-22

USCYBERCOM SLOTHFULMEDIA October 2020

USCYBERCOM. (2020, October 1). USCYBERCOM Cybersecurity Alert SLOTHFULMEDIA. Retrieved November 16, 2020.

Internal MISP references

UUID 600de668-f128-4368-8667-24ed9a9db47a which can be used as unique global reference for USCYBERCOM SLOTHFULMEDIA October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-16T00:00:00Z
date_published 2020-10-01T00:00:00Z
source MITRE
title USCYBERCOM Cybersecurity Alert SLOTHFULMEDIA

win10_asr

Microsoft. (2021, July 2). Use attack surface reduction rules to prevent malware infection. Retrieved June 24, 2021.

Internal MISP references

UUID 4499df4a-53c2-4f17-ac90-b99272f5f522 which can be used as unique global reference for win10_asr in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-24T00:00:00Z
date_published 2021-07-02T00:00:00Z
source MITRE
title Use attack surface reduction rules to prevent malware infection

Azure AD Conditional Access Exclusions

Microsoft. (2022, August 26). Use Azure AD access reviews to manage users excluded from Conditional Access policies. Retrieved August 30, 2022.

Internal MISP references

UUID 8cfb45ec-b660-4a3a-9175-af4ea01ef473 which can be used as unique global reference for Azure AD Conditional Access Exclusions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-30T00:00:00Z
date_published 2022-08-26T00:00:00Z
source MITRE
title Use Azure AD access reviews to manage users excluded from Conditional Access policies

Docker Bind Mounts

Docker. (n.d.). Use Bind Mounts. Retrieved March 30, 2021.

Internal MISP references

UUID b298b3d1-30c1-4894-b1de-be11812cde6b which can be used as unique global reference for Docker Bind Mounts in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-30T00:00:00Z
source MITRE
title Use Bind Mounts

Chrome Roaming Profiles

Chrome Enterprise and Education Help. (n.d.). Use Chrome Browser with Roaming User Profiles. Retrieved March 28, 2023.

Internal MISP references

UUID cf0bb77d-c7f7-515b-9217-ba9120cdddec which can be used as unique global reference for Chrome Roaming Profiles in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-28T00:00:00Z
source MITRE
title Use Chrome Browser with Roaming User Profiles

Ars Technica GRU indictment Jul 2018

Gallagher, S. (2018, July 27). How they did it (and will likely try again): GRU hackers vs. US elections. Retrieved September 13, 2018.

Internal MISP references

UUID a1192cb3-4536-4900-93c7-a127ca06c690 which can be used as unique global reference for Ars Technica GRU indictment Jul 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-13T00:00:00Z
source MITRE
title US elections

Remote Management MDM macOS

Apple. (n.d.). Use MDM to enable Remote Management in macOS. Retrieved September 23, 2021.

Internal MISP references

UUID e5f59848-7014-487d-9bae-bed81af1b72b which can be used as unique global reference for Remote Management MDM macOS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-23T00:00:00Z
source MITRE
title Use MDM to enable Remote Management in macOS

Securelist Denis April 2017

Shulmin, A., Yunakovsky, S. (2017, April 28). Use of DNS Tunneling for C&C Communications. Retrieved November 5, 2018.

Internal MISP references

UUID 07855a81-1b72-4361-917e-a413b0124eca which can be used as unique global reference for Securelist Denis April 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-05T00:00:00Z
date_published 2017-04-28T00:00:00Z
source MITRE
title Use of DNS Tunneling for C&C Communications

Microsoft UAC

Microsoft. (n.d.). User Account Control. Retrieved January 18, 2018.

Internal MISP references

UUID 2eb2fb2f-0b43-4c8c-a69f-3f76a8fd90f3 which can be used as unique global reference for Microsoft UAC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-18T00:00:00Z
source MITRE
title User Account Control

TechNet Inside UAC

Russinovich, M. (2009, July). User Account Control: Inside Windows 7 User Account Control. Retrieved July 26, 2016.

Internal MISP references

UUID dea47af6-677a-4625-8664-adf0e6839c9f which can be used as unique global reference for TechNet Inside UAC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-07-26T00:00:00Z
date_published 2009-07-01T00:00:00Z
source MITRE
title User Account Control: Inside Windows 7 User Account Control

User Approved Kernel Extension Pike’s

Pikeralpha. (2017, August 29). User Approved Kernel Extension Loading…. Retrieved September 23, 2021.

Internal MISP references

UUID 7700928b-2d27-470c-a2d9-e5c5f9a43af3 which can be used as unique global reference for User Approved Kernel Extension Pike’s in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-23T00:00:00Z
date_published 2017-08-29T00:00:00Z
source MITRE
title User Approved Kernel Extension Loading…

Adlice Software IAT Hooks Oct 2014

Tigzy. (2014, October 15). Userland Rootkits: Part 1, IAT hooks. Retrieved December 12, 2017.

Internal MISP references

UUID 9a0e7054-9239-43cd-8e5f-aac8b665be72 which can be used as unique global reference for Adlice Software IAT Hooks Oct 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-12T00:00:00Z
date_published 2014-10-15T00:00:00Z
source MITRE
title Userland Rootkits: Part 1, IAT hooks

cisco_username_cmd

Cisco. (2023, March 6). username - Cisco IOS Security Command Reference: Commands S to Z. Retrieved July 13, 2022.

Internal MISP references

UUID 8e7b99d7-ad94-5802-a1ee-6334842e7e0b which can be used as unique global reference for cisco_username_cmd in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-07-13T00:00:00Z
date_published 2023-03-06T00:00:00Z
source MITRE
title username - Cisco IOS Security Command Reference: Commands S to Z

Jamf User Password Policies

Holland, J. (2016, January 25). User password policies on non AD machines. Retrieved April 5, 2018.

Internal MISP references

UUID aa3846fd-a307-4be5-a487-9aa2688d5816 which can be used as unique global reference for Jamf User Password Policies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-05T00:00:00Z
date_published 2016-01-25T00:00:00Z
source MITRE
title User password policies on non AD machines

MacOS Email Rules

Apple. (n.d.). Use rules to manage emails you receive in Mail on Mac. Retrieved June 14, 2021.

Internal MISP references

UUID f83283aa-3aaf-4ebd-8503-0d84c2c627c4 which can be used as unique global reference for MacOS Email Rules in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-14T00:00:00Z
source MITRE
title Use rules to manage emails you receive in Mail on Mac

Microsoft 365 Sharing Auditing

Microsoft. (2023, October 1). Use sharing auditing in the audit log. Retrieved March 4, 2024.

Internal MISP references

UUID f45d4d73-31b5-557d-b734-f5c186a2e31c which can be used as unique global reference for Microsoft 365 Sharing Auditing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-04T00:00:00Z
date_published 2023-10-01T00:00:00Z
source MITRE
title Use sharing auditing in the audit log

Kickstart Apple Remote Desktop commands

Apple. (n.d.). Use the kickstart command-line utility in Apple Remote Desktop. Retrieved September 23, 2021.

Internal MISP references

UUID f26542dd-aa61-4d2a-a05a-8f9674b49f82 which can be used as unique global reference for Kickstart Apple Remote Desktop commands in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-23T00:00:00Z
source MITRE
title Use the kickstart command-line utility in Apple Remote Desktop

Microsoft Windows Event Forwarding FEB 2018

Hardy, T. & Hall, J. (2018, February 15). Use Windows Event Forwarding to help with intrusion detection. Retrieved August 7, 2018.

Internal MISP references

UUID 4e7c36b9-415f-41f1-980e-251d92994eb4 which can be used as unique global reference for Microsoft Windows Event Forwarding FEB 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-07T00:00:00Z
date_published 2018-02-15T00:00:00Z
source MITRE
title Use Windows Event Forwarding to help with intrusion detection

Google Workspace Data Loss Prevention

Google. (n.d.). Use Workspace DLP to prevent data loss. Retrieved March 4, 2024.

Internal MISP references

UUID 81dc5818-342c-5efb-90c6-425c218e130f which can be used as unique global reference for Google Workspace Data Loss Prevention in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-04T00:00:00Z
source MITRE
title Use Workspace DLP to prevent data loss

Apple ZShell

Apple. (2020, January 28). Use zsh as the default shell on your Mac. Retrieved June 12, 2020.

Internal MISP references

UUID 5374ad8e-96a2-4d19-b2cf-28232fa97b52 which can be used as unique global reference for Apple ZShell in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-12T00:00:00Z
date_published 2020-01-28T00:00:00Z
source MITRE
title Use zsh as the default shell on your Mac

Kuberentes ABAC

Kuberenets. (n.d.). Using ABAC Authorization. Retrieved July 14, 2023.

Internal MISP references

UUID 7f960599-a3d6-53bb-91ff-f0e6117a30ed which can be used as unique global reference for Kuberentes ABAC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-14T00:00:00Z
source MITRE
title Using ABAC Authorization

Cisco Umbrella DGA Brute Force

Kasza, A. (2015, February 18). Using Algorithms to Brute Force Algorithms. Retrieved February 18, 2019.

Internal MISP references

UUID d0eacad8-a6ff-4282-8fbc-d7984ad03b56 which can be used as unique global reference for Cisco Umbrella DGA Brute Force in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-18T00:00:00Z
date_published 2015-02-18T00:00:00Z
source MITRE
title Using Algorithms to Brute Force Algorithms

Exploit Monday Mitigate Device Guard Bypases

Graeber, M. (2016, September 8). Using Device Guard to Mitigate Against Device Guard Bypasses. Retrieved September 13, 2016.

Internal MISP references

UUID 8130e5e1-376f-4945-957a-aaf8684b361b which can be used as unique global reference for Exploit Monday Mitigate Device Guard Bypases in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-09-13T00:00:00Z
date_published 2016-09-08T00:00:00Z
source MITRE
title Using Device Guard to Mitigate Against Device Guard Bypasses

Microsoft DsAddSidHistory

Microsoft. (n.d.). Using DsAddSidHistory. Retrieved November 30, 2017.

Internal MISP references

UUID 11c44e1e-28d8-4d45-8539-6586466a5b3c which can be used as unique global reference for Microsoft DsAddSidHistory in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-30T00:00:00Z
source MITRE
title Using DsAddSidHistory

AWS Instance Profiles

AWS. (n.d.). Using instance profiles. Retrieved February 28, 2024.

Internal MISP references

UUID d114854b-50eb-5d60-896b-401df1e6cada which can be used as unique global reference for AWS Instance Profiles in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-28T00:00:00Z
source MITRE
title Using instance profiles

Microsoft 365 Defender Solorigate

Microsoft 365 Defender Team. (2020, December 28). Using Microsoft 365 Defender to protect against Solorigate. Retrieved January 7, 2021.

Internal MISP references

UUID 449cf112-535b-44af-9001-55123b342779 which can be used as unique global reference for Microsoft 365 Defender Solorigate in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-07T00:00:00Z
date_published 2020-12-28T00:00:00Z
source MITRE
title Using Microsoft 365 Defender to protect against Solorigate

TechNet Netsh

Microsoft. (n.d.). Using Netsh. Retrieved February 13, 2017.

Internal MISP references

UUID 58112a3a-06bd-4a46-8a09-4dba5f42a04f which can be used as unique global reference for TechNet Netsh in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-02-13T00:00:00Z
source MITRE
title Using Netsh

Demaske Netsh Persistence

Demaske, M. (2016, September 23). USING NETSHELL TO EXECUTE EVIL DLLS AND PERSIST ON A HOST. Retrieved April 8, 2017.

Internal MISP references

UUID 663b3fd6-0dd6-45c8-afba-dc0ea6d331b5 which can be used as unique global reference for Demaske Netsh Persistence in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-04-08T00:00:00Z
date_published 2016-09-23T00:00:00Z
source MITRE
title USING NETSHELL TO EXECUTE EVIL DLLS AND PERSIST ON A HOST

CrowdStrike Outlook Forms

Parisi, T., et al. (2017, July). Using Outlook Forms for Lateral Movement and Persistence. Retrieved February 5, 2019.

Internal MISP references

UUID ad412d39-c0c5-4119-9193-0ba1309edb3f which can be used as unique global reference for CrowdStrike Outlook Forms in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-05T00:00:00Z
date_published 2017-07-01T00:00:00Z
source MITRE
title Using Outlook Forms for Lateral Movement and Persistence

Red Hat PAM

Red Hat. (n.d.). CHAPTER 2. USING PLUGGABLE AUTHENTICATION MODULES (PAM). Retrieved June 25, 2020.

Internal MISP references

UUID 3dc88605-64c8-495a-9e3b-e5686fd2eb03 which can be used as unique global reference for Red Hat PAM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-25T00:00:00Z
source MITRE
title USING PLUGGABLE AUTHENTICATION MODULES (PAM)

Varonis Power Automate Data Exfiltration

Eric Saraga. (2022, February 2). Using Power Automate for Covert Data Exfiltration in Microsoft 365. Retrieved May 27, 2022.

Internal MISP references

UUID 16436468-1daf-433d-bb3b-f842119594b4 which can be used as unique global reference for Varonis Power Automate Data Exfiltration in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-27T00:00:00Z
date_published 2022-02-02T00:00:00Z
source MITRE
title Using Power Automate for Covert Data Exfiltration in Microsoft 365

Microsoft Disable NTLM Nov 2012

Microsoft. (2012, November 29). Using security policies to restrict NTLM traffic. Retrieved December 4, 2017.

Internal MISP references

UUID 5861ed76-fedd-4ff9-8242-308c7206e4cb which can be used as unique global reference for Microsoft Disable NTLM Nov 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-04T00:00:00Z
date_published 2012-11-29T00:00:00Z
source MITRE
title Using security policies to restrict NTLM traffic

Microsoft SMB Packet Signing

Microsoft. (2008, September 10). Using SMB Packet Signing. Retrieved February 7, 2019.

Internal MISP references

UUID 32a30a3f-3ed1-4def-86b1-f40bbffa1cc5 which can be used as unique global reference for Microsoft SMB Packet Signing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-07T00:00:00Z
date_published 2008-09-10T00:00:00Z
source MITRE
title Using SMB Packet Signing

Microsoft Using Software Restriction

Microsoft. (2012, June 27). Using Software Restriction Policies and AppLocker Policies. Retrieved April 7, 2016.

Internal MISP references

UUID 774e6598-0926-4adb-890f-00824de07ae0 which can be used as unique global reference for Microsoft Using Software Restriction in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-07T00:00:00Z
date_published 2012-06-27T00:00:00Z
source MITRE
title Using Software Restriction Policies and AppLocker Policies

TechNet Applocker vs SRP

Microsoft. (2012, June 27). Using Software Restriction Policies and AppLocker Policies. Retrieved April 7, 2016.

Internal MISP references

UUID 84e1c53f-e858-4106-9c14-1b536d5b56f9 which can be used as unique global reference for TechNet Applocker vs SRP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-07T00:00:00Z
date_published 2012-06-27T00:00:00Z
source MITRE
title Using Software Restriction Policies and AppLocker Policies

OSX Keychain Schaumann

Jan Schaumann. (2015, November 5). Using the OS X Keychain to store and retrieve passwords. Retrieved March 31, 2022.

Internal MISP references

UUID d0ac448a-7299-4ddc-8730-be72fb840ccb which can be used as unique global reference for OSX Keychain Schaumann in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-31T00:00:00Z
date_published 2015-11-05T00:00:00Z
source MITRE
title Using the OS X Keychain to store and retrieve passwords

AutoHotKey

AutoHotkey Foundation LLC. (n.d.). Using the Program. Retrieved March 29, 2024.

Internal MISP references

UUID 0ddfa2ec-a8a5-5cf0-b1b9-7ff6890bc666 which can be used as unique global reference for AutoHotKey in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-29T00:00:00Z
source MITRE
title Using the Program

USNYAG IranianBotnet March 2016

Preet Bharara, US Attorney. (2016, March 24). Retrieved April 23, 2019.

Internal MISP references

UUID 69ee73c1-359f-4584-a6e7-75119d24bbf5 which can be used as unique global reference for USNYAG IranianBotnet March 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-23T00:00:00Z
source MITRE
title USNYAG IranianBotnet March 2016

UtilityFunctions.ps1 - LOLBAS Project

LOLBAS. (2021, September 26). UtilityFunctions.ps1. Retrieved December 4, 2023.

Internal MISP references

UUID 8f15755b-2e32-420e-8463-497e3f8d8cfd which can be used as unique global reference for UtilityFunctions.ps1 - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-09-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title UtilityFunctions.ps1

Kernel.org Restrict Kernel Module

Vander Stoep, J. (2016, April 5). [v3] selinux: restrict kernel module loadinglogin register. Retrieved April 9, 2018.

Internal MISP references

UUID a7c3fc64-9b79-4324-8177-0061208d018c which can be used as unique global reference for Kernel.org Restrict Kernel Module in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-09T00:00:00Z
date_published 2016-04-05T00:00:00Z
source MITRE
title [v3] selinux: restrict kernel module loadinglogin register

SentinelOne Valak June 2020

Reaves, J. and Platt, J. (2020, June). Valak Malware and the Connection to Gozi Loader ConfCrew. Retrieved August 31, 2020.

Internal MISP references

UUID 92b8ff34-05ef-4139-a6bd-56eb8af9d5e9 which can be used as unique global reference for SentinelOne Valak June 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-31T00:00:00Z
date_published 2020-06-01T00:00:00Z
source MITRE
title Valak Malware and the Connection to Gozi Loader ConfCrew

Cybereason Valak May 2020

Salem, E. et al. (2020, May 28). VALAK: MORE THAN MEETS THE EYE . Retrieved June 19, 2020.

Internal MISP references

UUID 235d1cf1-2413-4620-96cf-083d348410c2 which can be used as unique global reference for Cybereason Valak May 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-19T00:00:00Z
date_published 2020-05-28T00:00:00Z
source MITRE
title VALAK: MORE THAN MEETS THE EYE

Walmart Roberts Oct 2018

Sayre, K., Ogden, H., Roberts, C. (2018, October 10). VBA Stomping — Advanced Maldoc Techniques. Retrieved September 17, 2020.

Internal MISP references

UUID d1c88a57-85f4-4a35-a7fa-35e8c7fcd943 which can be used as unique global reference for Walmart Roberts Oct 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-17T00:00:00Z
date_published 2018-10-10T00:00:00Z
source MITRE
title VBA Stomping — Advanced Maldoc Techniques

vbc.exe - LOLBAS Project

LOLBAS. (2020, February 27). vbc.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 25eb4048-ee6d-44ca-a70b-37605028bd3c which can be used as unique global reference for vbc.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-02-27T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title vbc.exe

Veil_Ref

Veil Framework. (n.d.). Retrieved December 4, 2014.

Internal MISP references

UUID 722755a8-305f-4e37-8278-afb360836bec which can be used as unique global reference for Veil_Ref in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-04T00:00:00Z
source MITRE
title Veil_Ref

HC3 Analyst Note Venus Ransomware November 2022

Health Sector Cybersecurity Coordination Center (HC3). (2022, November 9). Venus Ransomware Targets Publicly Exposed Remote Desktop Services. Retrieved May 19, 2023.

Internal MISP references

UUID bd6e6a59-3a73-48f6-84cd-e7c027c8671f which can be used as unique global reference for HC3 Analyst Note Venus Ransomware November 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-19T00:00:00Z
date_published 2022-11-09T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Venus Ransomware Targets Publicly Exposed Remote Desktop Services

LOLBAS Verclsid

LOLBAS. (n.d.). Verclsid.exe. Retrieved August 10, 2020.

Internal MISP references

UUID 63ac9e95-aad8-4735-9e63-f45d8c499030 which can be used as unique global reference for LOLBAS Verclsid in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-10T00:00:00Z
source MITRE
title Verclsid.exe

WinOSBite verclsid.exe

verclsid-exe. (2019, December 17). verclsid.exe File Information - What is it & How to Block . Retrieved August 10, 2020.

Internal MISP references

UUID 5d5fa25b-64a9-4fdb-87c5-1a69a7d2f874 which can be used as unique global reference for WinOSBite verclsid.exe in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-10T00:00:00Z
date_published 2019-12-17T00:00:00Z
source MITRE
title verclsid.exe File Information - What is it & How to Block

Unit 42 VERMIN Jan 2018

Lancaster, T., Cortes, J. (2018, January 29). VERMIN: Quasar RAT and Custom Malware Used In Ukraine. Retrieved July 5, 2018.

Internal MISP references

UUID 0d6db249-9368-495e-9f1f-c7f10041f5ff which can be used as unique global reference for Unit 42 VERMIN Jan 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-05T00:00:00Z
date_published 2018-01-29T00:00:00Z
source MITRE
title VERMIN: Quasar RAT and Custom Malware Used In Ukraine

Unit 42 Vice Society December 6 2022

JR Gumarin. (2022, December 6). Vice Society: Profiling a Persistent Threat to the Education Sector. Retrieved November 14, 2023.

Internal MISP references

UUID 6abf7387-0857-4938-b36e-1374a66d4ed8 which can be used as unique global reference for Unit 42 Vice Society December 6 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-14T00:00:00Z
date_published 2022-12-06T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Vice Society: Profiling a Persistent Threat to the Education Sector

Minerva Labs Vidar Stealer Evasion

Minerva Labs. (2021, September 23). Vidar Stealer Evasion Arsenal. Retrieved November 16, 2023.

Internal MISP references

UUID ce9714d3-7f7c-4068-bcc8-0f0eeaf0dc0b which can be used as unique global reference for Minerva Labs Vidar Stealer Evasion in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-16T00:00:00Z
date_published 2021-09-23T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Vidar Stealer Evasion Arsenal

Amnesty Intl. Ocean Lotus February 2021

Amnesty International. (2021, February 24). Vietnamese activists targeted by notorious hacking group. Retrieved March 1, 2021.

Internal MISP references

UUID a54a2f68-8406-43ab-8758-07edd49dfb83 which can be used as unique global reference for Amnesty Intl. Ocean Lotus February 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-01T00:00:00Z
date_published 2021-02-24T00:00:00Z
source MITRE
title Vietnamese activists targeted by notorious hacking group

FireEye APT32 April 2020

Henderson, S., et al. (2020, April 22). Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage. Retrieved April 28, 2020.

Internal MISP references

UUID 347ad5a1-d0b1-4f2b-9abd-eff96d05987d which can be used as unique global reference for FireEye APT32 April 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-04-28T00:00:00Z
date_published 2020-04-22T00:00:00Z
source MITRE
title Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage

Slack Help Center Access Logs

Slack Help Center. (n.d.). View Access Logs for your workspace. Retrieved April 10, 2023.

Internal MISP references

UUID b179d0d4-e115-59f1-86a7-7dcfc253e16f which can be used as unique global reference for Slack Help Center Access Logs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-04-10T00:00:00Z
source MITRE
title View Access Logs for your workspace

Azure Activity Logs

Microsoft. (n.d.). View Azure activity logs. Retrieved June 17, 2020.

Internal MISP references

UUID 19b55c10-f4fd-49c2-b267-0d3d8e9acdd7 which can be used as unique global reference for Azure Activity Logs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-17T00:00:00Z
source MITRE
title View Azure activity logs

DOJ GRU Indictment Jul 2018

Mueller, R. (2018, July 13). Indictment - United States of America vs. VIKTOR BORISOVICH NETYKSHO, et al. Retrieved September 13, 2018.

Internal MISP references

UUID d65f371b-19d0-49de-b92b-94a2bea1d988 which can be used as unique global reference for DOJ GRU Indictment Jul 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-09-13T00:00:00Z
source MITRE
title VIKTOR BORISOVICH NETYKSHO, et al

MalwareTech VFS Nov 2014

Hutchins, M. (2014, November 28). Virtual File Systems for Beginners. Retrieved June 22, 2020.

Internal MISP references

UUID c06af73d-5ed0-46a0-a5a9-161035075884 which can be used as unique global reference for MalwareTech VFS Nov 2014 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-22T00:00:00Z
date_published 2014-11-28T00:00:00Z
source MITRE
title Virtual File Systems for Beginners

Virtualization/Sandbox Evasion

YUCEEL, Huseyin Can. Picus Labs. (2022, June 9). Virtualization/Sandbox Evasion - How Attackers Avoid Malware Analysis. Retrieved December 26, 2023.

Internal MISP references

UUID a3031616-f21a-574f-a9a5-a808a6230aa8 which can be used as unique global reference for Virtualization/Sandbox Evasion in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-26T00:00:00Z
date_published 2022-06-09T00:00:00Z
source MITRE
title Virtualization/Sandbox Evasion - How Attackers Avoid Malware Analysis

Ars Technica Pwn2Own 2017 VM Escape

Goodin, D. (2017, March 17). Virtual machine escape fetches $105,000 at Pwn2Own hacking contest - updated. Retrieved March 12, 2018.

Internal MISP references

UUID e75f2d0f-f63e-48c7-a0c3-8f00f371624e which can be used as unique global reference for Ars Technica Pwn2Own 2017 VM Escape in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-12T00:00:00Z
date_published 2017-03-17T00:00:00Z
source MITRE
title Virtual machine escape fetches $105,000 at Pwn2Own hacking contest - updated

Google VM

Google. (n.d.). Virtual machine instances. Retrieved October 13, 2021.

Internal MISP references

UUID 2b7ec610-5654-4c94-b5df-9cf5670eec33 which can be used as unique global reference for Google VM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-13T00:00:00Z
source MITRE
title Virtual machine instances

Microsoft Virutal Machine API

Microsoft. (2019, March 1). Virtual Machines - Get. Retrieved October 8, 2019.

Internal MISP references

UUID f565c237-07c5-4e9e-9879-513627517109 which can be used as unique global reference for Microsoft Virutal Machine API in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-08T00:00:00Z
date_published 2019-03-01T00:00:00Z
source MITRE
title Virtual Machines - Get

Azure Update Virtual Machines

Microsoft. (n.d.). Virtual Machines - Update. Retrieved April 1, 2022.

Internal MISP references

UUID 299f231f-70d1-4c1a-818f-8a01cf65382c which can be used as unique global reference for Azure Update Virtual Machines in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-01T00:00:00Z
source MITRE
title Virtual Machines - Update

Azure Virtual Network TAP

Microsoft. (2022, February 9). Virtual network TAP. Retrieved March 17, 2022.

Internal MISP references

UUID 3f106d7e-f101-4adb-bbd1-d8c04a347f85 which can be used as unique global reference for Azure Virtual Network TAP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-17T00:00:00Z
date_published 2022-02-09T00:00:00Z
source MITRE
title Virtual network TAP

Google VPC Overview

Google. (2019, September 23). Virtual Private Cloud (VPC) network overview. Retrieved October 6, 2019.

Internal MISP references

UUID 9ebe53cf-657f-475d-85e4-9e30f4af1e7d which can be used as unique global reference for Google VPC Overview in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-06T00:00:00Z
date_published 2019-09-23T00:00:00Z
source MITRE
title Virtual Private Cloud (VPC) network overview

Volexity Virtual Private Keylogging

Adair, S. (2015, October 7). Virtual Private Keylogging: Cisco Web VPNs Leveraged for Access and Persistence. Retrieved March 20, 2017.

Internal MISP references

UUID b299f8e7-01da-4d59-9657-ef93cf284cc0 which can be used as unique global reference for Volexity Virtual Private Keylogging in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-03-20T00:00:00Z
date_published 2015-10-07T00:00:00Z
source MITRE
title Virtual Private Keylogging: Cisco Web VPNs Leveraged for Access and Persistence

VirusTotal Behavior def.exe

VirusTotal. (2023, July 11). VirusTotal Behavior def.exe. Retrieved July 11, 2023.

Internal MISP references

UUID 3502c98d-b61d-42fa-b23e-7128a4042c03 which can be used as unique global reference for VirusTotal Behavior def.exe in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-11T00:00:00Z
date_published 2023-07-11T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title VirusTotal Behavior def.exe

VirusTotal FAQ

VirusTotal. (n.d.). VirusTotal FAQ. Retrieved May 23, 2019.

Internal MISP references

UUID 5cd965f6-c4af-40aa-8f08-620cf5f1242a which can be used as unique global reference for VirusTotal FAQ in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-23T00:00:00Z
source MITRE
title VirusTotal FAQ

Visa RawPOS March 2015

Visa. (2015, March). Visa Security Alert: "RawPOS" Malware Targeting Lodging Merchants. Retrieved October 6, 2017.

Internal MISP references

UUID a2371f44-0a88-4d68-bbe7-7e79f13f78c2 which can be used as unique global reference for Visa RawPOS March 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-10-06T00:00:00Z
date_published 2015-03-01T00:00:00Z
source MITRE
title Visa Security Alert: "RawPOS" Malware Targeting Lodging Merchants

ESET Recon Snake Nest

Boutin, J. and Faou, M. (2018). Visiting the snake nest. Retrieved May 7, 2019.

Internal MISP references

UUID b69d7c73-40c2-4cb2-b9ad-088ef61e2f7f which can be used as unique global reference for ESET Recon Snake Nest in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-07T00:00:00Z
date_published 2018-01-01T00:00:00Z
source MITRE
title Visiting the snake nest

VB Microsoft

Microsoft. (n.d.). Visual Basic documentation. Retrieved June 23, 2020.

Internal MISP references

UUID b23a1a5d-48dd-4346-bf8d-390624214081 which can be used as unique global reference for VB Microsoft in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-23T00:00:00Z
source MITRE
title Visual Basic documentation

Wikipedia VBA

Wikipedia. (n.d.). Visual Basic for Applications. Retrieved August 13, 2020.

Internal MISP references

UUID 70818420-c3ec-46c3-9e97-d8f989f2e3db which can be used as unique global reference for Wikipedia VBA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-08-13T00:00:00Z
source MITRE
title Visual Basic for Applications

VB .NET Mar 2020

.NET Team. (2020, March 11). Visual Basic support planned for .NET 5.0. Retrieved June 23, 2020.

Internal MISP references

UUID da6d1b56-8e59-4125-b318-48a40a1c8e94 which can be used as unique global reference for VB .NET Mar 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-23T00:00:00Z
date_published 2020-03-11T00:00:00Z
source MITRE
title Visual Basic support planned for .NET 5.0

VisualUiaVerifyNative.exe - LOLBAS Project

LOLBAS. (2021, September 26). VisualUiaVerifyNative.exe. Retrieved December 4, 2023.

Internal MISP references

UUID b17be296-15ad-468f-8157-8cb4093b2e97 which can be used as unique global reference for VisualUiaVerifyNative.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-09-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title VisualUiaVerifyNative.exe

Carbon Black HotCroissant April 2020

Knight, S.. (2020, April 16). VMware Carbon Black TAU Threat Analysis: The Evolution of Lazarus. Retrieved May 1, 2020.

Internal MISP references

UUID 43bcb35b-56e1-47a8-9c74-f7543a25b2a6 which can be used as unique global reference for Carbon Black HotCroissant April 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-01T00:00:00Z
date_published 2020-04-16T00:00:00Z
source MITRE
title VMware Carbon Black TAU Threat Analysis: The Evolution of Lazarus

Offensive Security VNC Authentication Check

Offensive Security. (n.d.). VNC Authentication. Retrieved October 6, 2021.

Internal MISP references

UUID 90a5ab3c-c2a8-4b02-9bd7-628672907737 which can be used as unique global reference for Offensive Security VNC Authentication Check in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-06T00:00:00Z
source MITRE
title VNC Authentication

Trend Micro Void Rabisu May 30 2023

Feike Hacquebord, Stephen Hilt, Fernando Merces, Lord Alfred Remorin. (2023, May 30). Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals. Retrieved June 4, 2023.

Internal MISP references

UUID 5fd628ca-f366-4f0d-b493-8be19fa4dd4e which can be used as unique global reference for Trend Micro Void Rabisu May 30 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-04T00:00:00Z
date_published 2023-05-30T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals

CheckPoint Volatile Cedar March 2015

Threat Intelligence and Research. (2015, March 30). VOLATILE CEDAR. Retrieved February 8, 2021.

Internal MISP references

UUID a26344a2-63ca-422e-8cf9-0cf22a5bee72 which can be used as unique global reference for CheckPoint Volatile Cedar March 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-08T00:00:00Z
date_published 2015-03-30T00:00:00Z
source MITRE, Tidal Cyber
title VOLATILE CEDAR

Microsoft Volt Typhoon May 2023

Microsoft Threat Intelligence. (2023, May 24). Volt Typhoon targets US critical infrastructure with living-off-the-land techniques. Retrieved July 27, 2023.

Internal MISP references

UUID 8b74f0b7-9719-598c-b3ee-61d734393e6f which can be used as unique global reference for Microsoft Volt Typhoon May 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-27T00:00:00Z
date_published 2023-05-24T00:00:00Z
source MITRE
title Volt Typhoon targets US critical infrastructure with living-off-the-land techniques

Microsoft Volt Typhoon May 24 2023

Microsoft Threat Intelligence. (2023, May 24). Volt Typhoon targets US critical infrastructure with living-off-the-land techniques. Retrieved May 25, 2023.

Internal MISP references

UUID 2e94c44a-d2a7-4e56-ac8a-df315fc14ec1 which can be used as unique global reference for Microsoft Volt Typhoon May 24 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-25T00:00:00Z
date_published 2023-05-24T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Volt Typhoon targets US critical infrastructure with living-off-the-land techniques

VSDiagnostics.exe - LOLBAS Project

LOLBAS. (2023, July 12). VSDiagnostics.exe. Retrieved December 4, 2023.

Internal MISP references

UUID b4658fc0-af16-45b1-8403-a9676760a36a which can be used as unique global reference for VSDiagnostics.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2023-07-12T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title VSDiagnostics.exe

Vshadow.exe - LOLBAS Project

LOLBAS. (2023, September 6). Vshadow.exe. Retrieved December 4, 2023.

Internal MISP references

UUID ae3b1e26-d7d7-4049-b4a7-80cd2b149b7c which can be used as unique global reference for Vshadow.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2023-09-06T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Vshadow.exe

VSIISExeLauncher.exe - LOLBAS Project

LOLBAS. (2021, September 24). VSIISExeLauncher.exe. Retrieved December 4, 2023.

Internal MISP references

UUID e2fda344-77b8-4650-a7da-1e422db6d3a1 which can be used as unique global reference for VSIISExeLauncher.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-09-24T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title VSIISExeLauncher.exe

vsjitdebugger.exe - LOLBAS Project

LOLBAS. (2018, May 25). vsjitdebugger.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 94a880fa-70b0-46c3-997e-b22dc9180134 which can be used as unique global reference for vsjitdebugger.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title vsjitdebugger.exe

vsls-agent.exe - LOLBAS Project

LOLBAS. (2022, November 1). vsls-agent.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 325eab54-bcdd-4a12-ab41-aaf06a0405e9 which can be used as unique global reference for vsls-agent.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-11-01T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title vsls-agent.exe

vstest.console.exe - LOLBAS Project

LOLBAS. (2023, September 8). vstest.console.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 70c168a0-9ddf-408d-ba29-885c0c5c936a which can be used as unique global reference for vstest.console.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2023-09-08T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title vstest.console.exe

Kanthak Sentinel

Kanthak, S. (2016, July 20). Vulnerability and Exploit Detector. Retrieved February 3, 2017.

Internal MISP references

UUID 94f99326-1512-47ca-8c99-9b382e4d0261 which can be used as unique global reference for Kanthak Sentinel in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-02-03T00:00:00Z
date_published 2016-07-20T00:00:00Z
source MITRE
title Vulnerability and Exploit Detector

Vulnerability and Exploit Detector

Kanthak, S.. (2016, July 20). Vulnerability and Exploit Detector. Retrieved February 3, 2017.

Internal MISP references

UUID d63d6e14-8fe7-4893-a42f-3752eaec8770 which can be used as unique global reference for Vulnerability and Exploit Detector in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-02-03T00:00:00Z
date_published 2016-07-20T00:00:00Z
source MITRE
title Vulnerability and Exploit Detector

Electron Security 3

CertiK. (2020, June 30). Vulnerability in Electron-based Application: Unintentionally Giving Malicious Code Room to Run. Retrieved March 7, 2024.

Internal MISP references

UUID b425f1b5-0375-5747-abd0-c5cd7ba3b781 which can be used as unique global reference for Electron Security 3 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-07T00:00:00Z
date_published 2020-06-30T00:00:00Z
source MITRE
title Vulnerability in Electron-based Application: Unintentionally Giving Malicious Code Room to Run

Technet MS14-068

Microsoft. (2014, November 18). Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780). Retrieved December 23, 2015.

Internal MISP references

UUID db78c095-b7b2-4422-8473-49d4a1129b76 which can be used as unique global reference for Technet MS14-068 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-12-23T00:00:00Z
date_published 2014-11-18T00:00:00Z
source MITRE
title Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780)

vxunderground debug

vxunderground. (2021, June 30). VX-API. Retrieved April 1, 2022.

Internal MISP references

UUID 8c7fe2a2-64a1-4680-a4e6-f6eefe00407a which can be used as unique global reference for vxunderground debug in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-01T00:00:00Z
date_published 2021-06-30T00:00:00Z
source MITRE
title VX-API

Symantec W32.Duqu

Symantec Security Response. (2011, November). W32.Duqu: The precursor to the next Stuxnet. Retrieved September 17, 2015.

Internal MISP references

UUID 8660411a-6b9c-46c2-8f5f-049ec60c7d40 which can be used as unique global reference for Symantec W32.Duqu in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-09-17T00:00:00Z
date_published 2011-11-01T00:00:00Z
source MITRE
title W32.Duqu: The precursor to the next Stuxnet

Symantec W.32 Stuxnet Dossier

Nicolas Falliere, Liam O. Murchu, Eric Chien. (2011, February). W32.Stuxnet Dossier. Retrieved December 7, 2020.

Internal MISP references

UUID ef65ab18-fd84-4098-8805-df0268fc3a38 which can be used as unique global reference for Symantec W.32 Stuxnet Dossier in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-07T00:00:00Z
date_published 2011-02-01T00:00:00Z
source MITRE
title W32.Stuxnet Dossier

w32.tidserv.g

Symantec. (2009, March 22). W32.Tidserv.G. Retrieved January 14, 2022.

Internal MISP references

UUID 9d4ac51b-d870-43e8-bc6f-d7159343b00c which can be used as unique global reference for w32.tidserv.g in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-14T00:00:00Z
date_published 2009-03-22T00:00:00Z
source MITRE
title W32.Tidserv.G

Github W32Time Oct 2017

Lundgren, S. (2017, October 28). w32time. Retrieved March 26, 2018.

Internal MISP references

UUID a248fd87-c3c1-4de7-a9af-0436a10f71aa which can be used as unique global reference for Github W32Time Oct 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-26T00:00:00Z
date_published 2017-10-28T00:00:00Z
source MITRE
title w32time

Symantec Chernobyl W95.CIH

Yamamura, M. (2002, April 25). W95.CIH. Retrieved April 12, 2019.

Internal MISP references

UUID a35cab17-634d-4a7a-a42c-4a4280e8785d which can be used as unique global reference for Symantec Chernobyl W95.CIH in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-12T00:00:00Z
date_published 2002-04-25T00:00:00Z
source MITRE
title W95.CIH

Wab.exe - LOLBAS Project

LOLBAS. (2018, May 25). Wab.exe. Retrieved December 4, 2023.

Internal MISP references

UUID c432556e-c7f9-4e36-af7e-d7bea6f51e95 which can be used as unique global reference for Wab.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Wab.exe

GitLab WakeOnLAN

Perry, David. (2020, August 11). WakeOnLAN (WOL). Retrieved February 17, 2021.

Internal MISP references

UUID 120e3b14-f08b-40e0-9d20-4ddda6b8cc06 which can be used as unique global reference for GitLab WakeOnLAN in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-17T00:00:00Z
date_published 2020-08-11T00:00:00Z
source MITRE
title WakeOnLAN (WOL)

FireEye WannaCry 2017

Berry, A., Homan, J., and Eitzman, R. (2017, May 23). WannaCry Malware Profile. Retrieved March 15, 2019.

Internal MISP references

UUID 34b15fe1-c550-4150-87bc-ac9662547247 which can be used as unique global reference for FireEye WannaCry 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-15T00:00:00Z
date_published 2017-05-23T00:00:00Z
source MITRE
title WannaCry Malware Profile

BfV North Korea February 17 2024

Bundesamt fur Verfassungsschutz. (2024, February 17). Warning of North Korean cyber threats targeting the Defense Sector. Retrieved February 26, 2024.

Internal MISP references

UUID cc76be15-6d9d-40b2-b7f3-196bb0a7106a which can be used as unique global reference for BfV North Korea February 17 2024 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-26T00:00:00Z
date_published 2024-02-17T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Warning of North Korean cyber threats targeting the Defense Sector

Trend Micro War of Crypto Miners

Oliveira, A., Fiser, D. (2020, September 10). War of Linux Cryptocurrency Miners: A Battle for Resources. Retrieved April 6, 2021.

Internal MISP references

UUID 1ba47efe-35f8-4d52-95c7-65cdc829c8e5 which can be used as unique global reference for Trend Micro War of Crypto Miners in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-06T00:00:00Z
date_published 2020-09-10T00:00:00Z
source MITRE
title War of Linux Cryptocurrency Miners: A Battle for Resources

Check Point Warzone Feb 2020

Harakhavik, Y. (2020, February 3). Warzone: Behind the enemy lines. Retrieved December 17, 2021.

Internal MISP references

UUID c214c36e-2bc7-4b98-a74e-529aae99f9cf which can be used as unique global reference for Check Point Warzone Feb 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-17T00:00:00Z
date_published 2020-02-03T00:00:00Z
source MITRE
title Warzone: Behind the enemy lines

Uptycs Warzone UAC Bypass November 2020

Mohanta, A. (2020, November 25). Warzone RAT comes with UAC bypass technique. Retrieved April 7, 2022.

Internal MISP references

UUID 1324b314-a4d9-43e7-81d6-70b6917fe527 which can be used as unique global reference for Uptycs Warzone UAC Bypass November 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-07T00:00:00Z
date_published 2020-11-25T00:00:00Z
source MITRE
title Warzone RAT comes with UAC bypass technique

Dragos WASSONITE

Dragos. (n.d.). WASSONITE. Retrieved January 20, 2021.

Internal MISP references

UUID 39e6ab06-9f9f-4292-9034-b2f56064164d which can be used as unique global reference for Dragos WASSONITE in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-01-20T00:00:00Z
source MITRE
title WASSONITE

NCC Group WastedLocker June 2020

Antenucci, S., Pantazopoulos, N., Sandee, M. (2020, June 23). WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group. Retrieved September 14, 2021.

Internal MISP references

UUID 1520f2e5-2689-428f-9ee4-05e153a52381 which can be used as unique global reference for NCC Group WastedLocker June 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-14T00:00:00Z
date_published 2020-06-23T00:00:00Z
source MITRE
title WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group

Sentinel Labs WastedLocker July 2020

Walter, J.. (2020, July 23). WastedLocker Ransomware: Abusing ADS and NTFS File Attributes. Retrieved September 14, 2021.

Internal MISP references

UUID 5ed4eb07-cc90-46bc-8527-0bb59e1eefe1 which can be used as unique global reference for Sentinel Labs WastedLocker July 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-14T00:00:00Z
date_published 2020-07-23T00:00:00Z
source MITRE
title WastedLocker Ransomware: Abusing ADS and NTFS File Attributes

Intezer Doki July 20

Fishbein, N., Kajiloti, M.. (2020, July 28). Watch Your Containers: Doki Infecting Docker Servers in the Cloud. Retrieved March 30, 2021.

Internal MISP references

UUID 688b2582-6602-44e1-aaac-3a4b8e168b04 which can be used as unique global reference for Intezer Doki July 20 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-30T00:00:00Z
date_published 2020-07-28T00:00:00Z
source MITRE
title Watch Your Containers: Doki Infecting Docker Servers in the Cloud

Trend Micro Waterbear December 2019

Su, V. et al. (2019, December 11). Waterbear Returns, Uses API Hooking to Evade Security. Retrieved February 22, 2021.

Internal MISP references

UUID bf320133-3823-4232-b7d2-d07da9bbccc2 which can be used as unique global reference for Trend Micro Waterbear December 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-22T00:00:00Z
date_published 2019-12-11T00:00:00Z
source MITRE
title Waterbear Returns, Uses API Hooking to Evade Security

Symantec Waterbug Jun 2019

Symantec DeepSight Adversary Intelligence Team. (2019, June 20). Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments. Retrieved July 8, 2019.

Internal MISP references

UUID ddd5c2c9-7126-4b89-b415-dc651a2ccc0e which can be used as unique global reference for Symantec Waterbug Jun 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-08T00:00:00Z
date_published 2019-06-20T00:00:00Z
source MITRE
title Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments

ESET DazzleSpy Jan 2022

M.Léveillé, M., Cherepanov, A.. (2022, January 25). Watering hole deploys new macOS malware, DazzleSpy, in Asia. Retrieved May 6, 2022.

Internal MISP references

UUID 212012ac-9084-490f-8dd2-5cc9ac6e6de1 which can be used as unique global reference for ESET DazzleSpy Jan 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-06T00:00:00Z
date_published 2022-01-25T00:00:00Z
source MITRE
title Watering hole deploys new macOS malware, DazzleSpy, in Asia

win_wbadmin_delete_catalog

Microsoft. (2017, October 16). wbadmin delete catalog. Retrieved September 20, 2021.

Internal MISP references

UUID 6adfba35-3bf1-4915-813e-40c4a843ae34 which can be used as unique global reference for win_wbadmin_delete_catalog in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-20T00:00:00Z
date_published 2017-10-16T00:00:00Z
source MITRE
title wbadmin delete catalog

SecureWorks WannaCry Analysis

Counter Threat Unit Research Team. (2017, May 18). WCry Ransomware Analysis. Retrieved March 26, 2019.

Internal MISP references

UUID 522b2a19-1d15-48f8-8801-c64d3abd945a which can be used as unique global reference for SecureWorks WannaCry Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-03-26T00:00:00Z
date_published 2017-05-18T00:00:00Z
source MITRE
title WCry Ransomware Analysis

Aleks Weapons Nov 2015

Nick Aleks. (2015, November 7). Weapons of a Pentester - Understanding the virtual & physical tools used by white/black hat hackers. Retrieved March 30, 2018.

Internal MISP references

UUID fd22c941-b0dc-4420-b363-2f5777981041 which can be used as unique global reference for Aleks Weapons Nov 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-30T00:00:00Z
date_published 2015-11-07T00:00:00Z
source MITRE
title Weapons of a Pentester - Understanding the virtual & physical tools used by white/black hat hackers

NIST Web Bug

NIST Information Technology Laboratory. (n.d.). web bug. Retrieved March 22, 2023.

Internal MISP references

UUID b4362602-faf0-5b28-a147-b3153da1903f which can be used as unique global reference for NIST Web Bug in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-22T00:00:00Z
source MITRE
title web bug

Didier Stevens WebDAV Traffic

Stevens, D. (2017, November 13). WebDAV Traffic To Malicious Sites. Retrieved December 21, 2017.

Internal MISP references

UUID b521efe2-5c1c-48c5-a2a9-95da2367f537 which can be used as unique global reference for Didier Stevens WebDAV Traffic in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-21T00:00:00Z
date_published 2017-11-13T00:00:00Z
source MITRE
title WebDAV Traffic To Malicious Sites

Checkmarx Webhooks

Jossef Harush Kadouri. (2022, March 7). Webhook Party — Malicious packages caught exfiltrating data via legit webhook services. Retrieved July 20, 2023.

Internal MISP references

UUID f68f1151-839e-5ae7-bab1-aa2b4c0d11ec which can be used as unique global reference for Checkmarx Webhooks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-20T00:00:00Z
date_published 2022-03-07T00:00:00Z
source MITRE
title Webhook Party — Malicious packages caught exfiltrating data via legit webhook services

Push Security SaaS Attacks Repository Webhooks

Push Security. (2023, July 31). Webhooks. Retrieved August 4, 2023.

Internal MISP references

UUID 519693e2-71c9-55d2-98fd-be451837582a which can be used as unique global reference for Push Security SaaS Attacks Repository Webhooks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-04T00:00:00Z
date_published 2023-07-31T00:00:00Z
source MITRE
title Webhooks

acunetix Server Secuirty

Acunetix. (n.d.). Web Server Security and Database Server Security. Retrieved July 26, 2018.

Internal MISP references

UUID cedbdeb8-6669-4c5c-a8aa-d37576aaa1ba which can be used as unique global reference for acunetix Server Secuirty in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-26T00:00:00Z
source MITRE
title Web Server Security and Database Server Security

Microsoft Well Known SIDs Jun 2017

Microsoft. (2017, June 23). Well-known security identifiers in Windows operating systems. Retrieved November 30, 2017.

Internal MISP references

UUID 14b344ed-bde6-4755-b59a-595edb23a210 which can be used as unique global reference for Microsoft Well Known SIDs Jun 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-30T00:00:00Z
date_published 2017-06-23T00:00:00Z
source MITRE
title Well-known security identifiers in Windows operating systems

PWC WellMess C2 August 2020

PWC. (2020, August 17). WellMess malware: analysis of its Command and Control (C2) server. Retrieved September 29, 2020.

Internal MISP references

UUID 3afca6f1-680a-46ae-8cea-10b6b870d5e7 which can be used as unique global reference for PWC WellMess C2 August 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-09-29T00:00:00Z
date_published 2020-08-17T00:00:00Z
source MITRE
title WellMess malware: analysis of its Command and Control (C2) server

Cofense Astaroth Sept 2018

Doaty, J., Garrett, P.. (2018, September 10). We’re Seeing a Resurgence of the Demonic Astaroth WMIC Trojan. Retrieved April 17, 2019.

Internal MISP references

UUID d316c581-646d-48e7-956e-34e2f957c67d which can be used as unique global reference for Cofense Astaroth Sept 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-17T00:00:00Z
date_published 2018-09-10T00:00:00Z
source MITRE
title We’re Seeing a Resurgence of the Demonic Astaroth WMIC Trojan

Microsoft wevtutil Oct 2017

Plett, C. et al.. (2017, October 16). wevtutil. Retrieved July 2, 2018.

Internal MISP references

UUID 8896d802-96c6-4546-8a82-c1f7f2d71ea1 which can be used as unique global reference for Microsoft wevtutil Oct 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-02T00:00:00Z
date_published 2017-10-16T00:00:00Z
source MITRE
title wevtutil

Wevtutil Microsoft Documentation

Microsoft. (n.d.). wevtutil. Retrieved September 14, 2021.

Internal MISP references

UUID 25511dde-9e13-4e03-8ae4-2495e9f5eb5e which can be used as unique global reference for Wevtutil Microsoft Documentation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-14T00:00:00Z
source MITRE
title wevtutil

Wfc.exe - LOLBAS Project

LOLBAS. (2021, September 26). Wfc.exe. Retrieved December 4, 2023.

Internal MISP references

UUID a937012a-01c8-457c-8808-47c1753e8781 which can be used as unique global reference for Wfc.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-09-26T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Wfc.exe

Crowdstrike Downgrade

Bart Lenaerts-Bergman. (2023, March 14). WHAT ARE DOWNGRADE ATTACKS?. Retrieved May 24, 2023.

Internal MISP references

UUID 47856c5f-6c4c-5b4c-bbc1-ccb6848d9b74 which can be used as unique global reference for Crowdstrike Downgrade in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-24T00:00:00Z
date_published 2023-03-14T00:00:00Z
source MITRE
title WHAT ARE DOWNGRADE ATTACKS?

Chrome Extensions Definition

Chrome. (n.d.). What are Extensions?. Retrieved November 16, 2017.

Internal MISP references

UUID fe00cee9-54d9-4775-86da-b7db73295bf7 which can be used as unique global reference for Chrome Extensions Definition in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-16T00:00:00Z
source MITRE
title What are Extensions?

StackExchange Hooks Jul 2012

Stack Exchange - Security. (2012, July 31). What are the methods to find hooked functions and APIs?. Retrieved December 12, 2017.

Internal MISP references

UUID dfa76ff1-df9e-4cdf-aabe-476479cdcf13 which can be used as unique global reference for StackExchange Hooks Jul 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-12T00:00:00Z
date_published 2012-07-31T00:00:00Z
source MITRE
title What are the methods to find hooked functions and APIs?

macOS APT Activity Bradley

Jaron Bradley. (2021, November 14). What does APT Activity Look Like on macOS?. Retrieved January 19, 2022.

Internal MISP references

UUID 7ccda957-b38d-4c3f-a8f5-6cecdcb3f584 which can be used as unique global reference for macOS APT Activity Bradley in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-01-19T00:00:00Z
date_published 2021-11-14T00:00:00Z
source MITRE
title What does APT Activity Look Like on macOS?

okta

okta. (n.d.). What Happens If Your JWT Is Stolen?. Retrieved September 12, 2019.

Internal MISP references

UUID 61e2fb16-d04b-494c-8bea-fb34e81faa73 which can be used as unique global reference for okta in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-12T00:00:00Z
source MITRE
title What Happens If Your JWT Is Stolen?

Norton Botnet

Norton. (n.d.). What is a botnet?. Retrieved October 4, 2020.

Internal MISP references

UUID f97427f1-ea16-4e92-a4a2-4d62a800df15 which can be used as unique global reference for Norton Botnet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-04T00:00:00Z
source MITRE
title What is a botnet?

Microsoft DLL

Microsoft. (2023, April 28). What is a DLL. Retrieved September 7, 2023.

Internal MISP references

UUID f0ae2788-537c-5644-ba1b-d06a612e73c1 which can be used as unique global reference for Microsoft DLL in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-07T00:00:00Z
date_published 2023-04-28T00:00:00Z
source MITRE
title What is a DLL

Cloudflare DNSamplficationDoS

Cloudflare. (n.d.). What is a DNS amplification attack?. Retrieved April 23, 2019.

Internal MISP references

UUID 734cb2bb-462a-4bdc-9774-6883f99379b9 which can be used as unique global reference for Cloudflare DNSamplficationDoS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-23T00:00:00Z
source MITRE
title What is a DNS amplification attack?

Amazon AWS VPC Guide

Amazon. (n.d.). What Is Amazon VPC?. Retrieved October 6, 2019.

Internal MISP references

UUID 7972332d-fbe9-4f14-9511-4298f65f2a86 which can be used as unique global reference for Amazon AWS VPC Guide in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-06T00:00:00Z
source MITRE
title What Is Amazon VPC?

Cloudflare HTTPflood

Cloudflare. (n.d.). What is an HTTP flood DDoS attack?. Retrieved April 22, 2019.

Internal MISP references

UUID 1a5934a4-35ce-4f7c-be9c-c1faf4ee0838 which can be used as unique global reference for Cloudflare HTTPflood in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-22T00:00:00Z
source MITRE
title What is an HTTP flood DDoS attack?

Cloudflare NTPamplifciationDoS

Cloudflare. (n.d.). What is a NTP amplificaiton attack?. Retrieved April 23, 2019.

Internal MISP references

UUID 09ce093a-d378-4915-a35f-bf18a278d873 which can be used as unique global reference for Cloudflare NTPamplifciationDoS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-23T00:00:00Z
source MITRE
title What is a NTP amplificaiton attack?

Microsoft Primary Refresh Token

Microsoft. (2022, September 9). What is a Primary Refresh Token?. Retrieved February 21, 2023.

Internal MISP references

UUID d23bf6dc-979b-5f34-86a7-637979a5f20e which can be used as unique global reference for Microsoft Primary Refresh Token in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-21T00:00:00Z
date_published 2022-09-09T00:00:00Z
source MITRE
title What is a Primary Refresh Token?

Comparitech Replay Attack

Justin Schamotta. (2022, October 28). What is a replay attack?. Retrieved September 27, 2023.

Internal MISP references

UUID a9f0b569-8f18-579f-bf98-f4f9b93e5524 which can be used as unique global reference for Comparitech Replay Attack in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-27T00:00:00Z
date_published 2022-10-28T00:00:00Z
source MITRE
title What is a replay attack?

Corero SYN-ACKflood

Corero. (n.d.). What is a SYN-ACK Flood Attack?. Retrieved April 22, 2019.

Internal MISP references

UUID ec41de8a-c673-41bf-b713-4a647b135532 which can be used as unique global reference for Corero SYN-ACKflood in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-22T00:00:00Z
source MITRE
title What is a SYN-ACK Flood Attack?

Cloudflare SynFlood

Cloudflare. (n.d.). What is a SYN flood attack?. Retrieved April 22, 2019.

Internal MISP references

UUID e292c4fe-ae77-4393-b666-fb6290cb4aa8 which can be used as unique global reference for Cloudflare SynFlood in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-22T00:00:00Z
source MITRE
title What is a SYN flood attack?

Amazon VM

Microsoft. (n.d.). What is a virtual machine (VM)?. Retrieved October 13, 2021.

Internal MISP references

UUID 9afbd6a5-1c31-4727-8f36-04d4d8e65660 which can be used as unique global reference for Amazon VM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-13T00:00:00Z
source MITRE
title What is a virtual machine (VM)?

RedHat Webhooks

RedHat. (2022, June 1). What is a webhook?. Retrieved July 20, 2023.

Internal MISP references

UUID 37321591-40fd-537e-ba74-71042bc5064e which can be used as unique global reference for RedHat Webhooks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-20T00:00:00Z
date_published 2022-06-01T00:00:00Z
source MITRE
title What is a webhook?

AWS System Manager

AWS. (2023, June 2). What is AWS System Manager?. Retrieved June 2, 2023.

Internal MISP references

UUID a7813928-4351-54c5-a64e-61bd4689e93b which can be used as unique global reference for AWS System Manager in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-02T00:00:00Z
date_published 2023-06-02T00:00:00Z
source MITRE
title What is AWS System Manager?

Microsoft Azure Virtual Network Overview

Annamalai, N., Casey, C., Almeida, M., et. al.. (2019, June 18). What is Azure Virtual Network?. Retrieved October 6, 2019.

Internal MISP references

UUID bf7f2e7a-f5ae-4b6e-8c90-fd41a92c4615 which can be used as unique global reference for Microsoft Azure Virtual Network Overview in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-06T00:00:00Z
date_published 2019-06-18T00:00:00Z
source MITRE
title What is Azure Virtual Network?

CrowdStrike-BEC

Bart Lenaerts-Bergmans. (2023, March 10). What is Business Email Compromise?. Retrieved August 8, 2023.

Internal MISP references

UUID 7e674a8d-e79f-5cb0-8ad2-a7678e647c6f which can be used as unique global reference for CrowdStrike-BEC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-08-08T00:00:00Z
date_published 2023-03-10T00:00:00Z
source MITRE
title What is Business Email Compromise?

Microsoft Conditional Access

Microsoft. (2023, November 15). What is Conditional Access?. Retrieved January 2, 2024.

Internal MISP references

UUID 7d39522c-5a9c-5a19-a0e4-e5aec68f5f08 which can be used as unique global reference for Microsoft Conditional Access in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-02T00:00:00Z
date_published 2023-11-15T00:00:00Z
source MITRE
title What is Conditional Access?

PAN DNS Tunneling

Palo Alto Networks. (n.d.). What Is DNS Tunneling?. Retrieved March 15, 2020.

Internal MISP references

UUID efe1c443-475b-45fc-8d33-5bf3bdf941c5 which can be used as unique global reference for PAN DNS Tunneling in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-15T00:00:00Z
source MITRE
title What Is DNS Tunneling?

Proofpoint-spoof

Proofpoint. (n.d.). What Is Email Spoofing?. Retrieved February 24, 2023.

Internal MISP references

UUID fe9f7542-bbf0-5e34-b3a9-8596cc5aa754 which can be used as unique global reference for Proofpoint-spoof in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-24T00:00:00Z
source MITRE
title What Is Email Spoofing?

magnusviri emond Apr 2016

Reynolds, James. (2016, April 7). What is emond?. Retrieved September 10, 2019.

Internal MISP references

UUID 373f64a5-a30f-4b6e-b352-d0c6f8b65fdb which can be used as unique global reference for magnusviri emond Apr 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-10T00:00:00Z
date_published 2016-04-07T00:00:00Z
source MITRE
title What is emond?

Microsoft - Azure AD Federation

Microsoft. (2018, November 28). What is federation with Azure AD?. Retrieved December 30, 2020.

Internal MISP references

UUID fedb345f-b5a7-40cd-98c7-6b14bab95ed9 which can be used as unique global reference for Microsoft - Azure AD Federation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-30T00:00:00Z
date_published 2018-11-28T00:00:00Z
source MITRE
title What is federation with Azure AD?

What Is FormBook Malware?

www.blackberry.com. (n.d.). What Is FormBook Malware?. Retrieved May 18, 2023.

Internal MISP references

UUID d1f57ed6-8f44-46cc-afb7-53d9543f68ed which can be used as unique global reference for What Is FormBook Malware? in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-18T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title What Is FormBook Malware?

What is FormBook Malware? - Check Point Software

Check Point Software. (n.d.). What is FormBook Malware? - Check Point Software. Retrieved May 18, 2023.

Internal MISP references

UUID c7670c6d-014b-4937-ac0f-9f2aec60e2d8 which can be used as unique global reference for What is FormBook Malware? - Check Point Software in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-18T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title What is FormBook Malware? - Check Point Software

grsecurity official

grsecurity. (2017, December 12). What is grsecurity?. Retrieved December 20, 2017.

Internal MISP references

UUID f87c0c95-65bd-4b57-9b7d-1b7936f03c2a which can be used as unique global reference for grsecurity official in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
date_published 2017-12-12T00:00:00Z
source MITRE
title What is grsecurity?

VDSO Aug 2005

Petersson, J. (2005, August 14). What is linux-gate.so.1?. Retrieved June 16, 2020.

Internal MISP references

UUID ae70f799-ebb6-4ffe-898e-945cb754c1cb which can be used as unique global reference for VDSO Aug 2005 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-16T00:00:00Z
date_published 2005-08-14T00:00:00Z
source MITRE
title What is linux-gate.so.1?

what_is_mmc

Microsoft. (2020, September 27). What is Microsoft Management Console?. Retrieved October 5, 2021.

Internal MISP references

UUID 57e130ab-f981-423e-bafe-51d0d0e1abdf which can be used as unique global reference for what_is_mmc in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-05T00:00:00Z
date_published 2020-09-27T00:00:00Z
source MITRE
title What is Microsoft Management Console?

Microsoft NET - Duplicate

Microsoft. (n.d.). What is .NET Framework?. Retrieved March 15, 2020.

Internal MISP references

UUID b4727044-51bb-43b3-afdb-515bb4bb0f7e which can be used as unique global reference for Microsoft NET - Duplicate in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-15T00:00:00Z
source MITRE
title What is .NET Framework?

Pastebin EchoSec

Ciarniello, A. (2019, September 24). What is Pastebin and Why Do Hackers Love It?. Retrieved April 11, 2023.

Internal MISP references

UUID 3fc422e5-9a1d-5ac4-8e65-1df13d8a688e which can be used as unique global reference for Pastebin EchoSec in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-04-11T00:00:00Z
date_published 2019-09-24T00:00:00Z
source MITRE
title What is Pastebin and Why Do Hackers Love It?

Microsoft Protected View

Microsoft. (n.d.). What is Protected View?. Retrieved November 22, 2017.

Internal MISP references

UUID 5261895f-367f-4c5d-b4df-7ff44bbbe28e which can be used as unique global reference for Microsoft Protected View in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-11-22T00:00:00Z
source MITRE
title What is Protected View?

TechNet RPC

Microsoft. (2003, March 28). What Is RPC?. Retrieved June 12, 2016.

Internal MISP references

UUID 7eaa0fa8-953a-482e-8f6b-02607e928525 which can be used as unique global reference for TechNet RPC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-12T00:00:00Z
date_published 2003-03-28T00:00:00Z
source MITRE
title What Is RPC?

IOKit Fundamentals

Apple. (2014, April 9). What Is the I/O Kit?. Retrieved September 24, 2021.

Internal MISP references

UUID ac90279f-becd-4a96-a08e-8c4c26dba3c0 which can be used as unique global reference for IOKit Fundamentals in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-24T00:00:00Z
date_published 2014-04-09T00:00:00Z
source MITRE
title What Is the I/O Kit?

Baeldung LD_PRELOAD

baeldung. (2020, August 9). What Is the LD_PRELOAD Trick?. Retrieved March 24, 2021.

Internal MISP references

UUID 6fd6ea96-1cf4-4169-8069-4f29dbc9f217 which can be used as unique global reference for Baeldung LD_PRELOAD in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-24T00:00:00Z
date_published 2020-08-09T00:00:00Z
source MITRE
title What Is the LD_PRELOAD Trick?

Microsoft VBScript

Microsoft. (2011, April 19). What Is VBScript?. Retrieved March 28, 2020.

Internal MISP references

UUID 5ea8d8c7-8039-4210-967a-a4dcd566bf95 which can be used as unique global reference for Microsoft VBScript in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-28T00:00:00Z
date_published 2011-04-19T00:00:00Z
source MITRE
title What Is VBScript?

VEC

CloudFlare. (n.d.). What is vendor email compromise (VEC)?. Retrieved September 12, 2023.

Internal MISP references

UUID 4fd7c9f7-4731-524a-b332-9cb7f2c025ae which can be used as unique global reference for VEC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-12T00:00:00Z
source MITRE
title What is vendor email compromise (VEC)?

Proofpoint Vishing

Proofpoint. (n.d.). What Is Vishing?. Retrieved September 8, 2023.

Internal MISP references

UUID 7a200d34-b4f3-5036-8582-23872ef27eb1 which can be used as unique global reference for Proofpoint Vishing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-08T00:00:00Z
source MITRE
title What Is Vishing?

taxonomy_downgrade_att_tls

Alashwali, E. S., Rasmussen, K. (2019, January 26). What's in a Downgrade? A Taxonomy of Downgrade Attacks in the TLS Protocol and Application Protocols Using TLS. Retrieved December 7, 2021.

Internal MISP references

UUID 4459076e-7c79-4855-9091-5aabd274f586 which can be used as unique global reference for taxonomy_downgrade_att_tls in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-12-07T00:00:00Z
date_published 2019-01-26T00:00:00Z
source MITRE
title What's in a Downgrade? A Taxonomy of Downgrade Attacks in the TLS Protocol and Application Protocols Using TLS

ESET Emotet July 6 2023

Jakub Kaloč. (2023, July 6). What’s up with Emotet?. Retrieved February 27, 2024.

Internal MISP references

UUID d351b4a1-72b8-488d-a926-176c77ee9d1c which can be used as unique global reference for ESET Emotet July 6 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-27T00:00:00Z
date_published 2023-07-06T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title What’s up with Emotet?

FireEye fxsst June 2011

Harbour, N. (2011, June 3). What the fxsst?. Retrieved November 17, 2020.

Internal MISP references

UUID 06f8f5b2-2ebe-4210-84b6-f86e911a7118 which can be used as unique global reference for FireEye fxsst June 2011 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-17T00:00:00Z
date_published 2011-06-03T00:00:00Z
source MITRE
title What the fxsst?

Krebs Capital One August 2019

Krebs, B.. (2019, August 19). What We Can Learn from the Capital One Hack. Retrieved March 25, 2020.

Internal MISP references

UUID 7d917231-735c-40d8-806d-7fee60d2f996 which can be used as unique global reference for Krebs Capital One August 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-03-25T00:00:00Z
date_published 2019-08-19T00:00:00Z
source MITRE
title What We Can Learn from the Capital One Hack

Symantec ADS May 2009

Pravs. (2009, May 25). What you need to know about alternate data streams in windows? Is your Data secure? Can you restore that?. Retrieved March 21, 2018.

Internal MISP references

UUID e2970bef-439d-435d-92e7-8c58abbd270c which can be used as unique global reference for Symantec ADS May 2009 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-21T00:00:00Z
date_published 2009-05-25T00:00:00Z
source MITRE
title What you need to know about alternate data streams in windows? Is your Data secure? Can you restore that?

BH Manul Aug 2016

Galperin, E., Et al.. (2016, August 4). When Governments Attack: State Sponsored Malware Attacks Against Activists, Lawyers, and Journalists. Retrieved May 23, 2018.

Internal MISP references

UUID 1debebac-6578-433f-b8c3-d17e704ee501 which can be used as unique global reference for BH Manul Aug 2016 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-23T00:00:00Z
date_published 2016-08-04T00:00:00Z
source MITRE
title When Governments Attack: State Sponsored Malware Attacks Against Activists, Lawyers, and Journalists

Dragos Heroku Watering Hole

Kent Backman. (2021, May 18). When Intrusions Don’t Align: A New Water Watering Hole and Oldsmar. Retrieved August 18, 2022.

Internal MISP references

UUID 8768909c-f511-4067-9a97-6f7dee24f276 which can be used as unique global reference for Dragos Heroku Watering Hole in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-18T00:00:00Z
date_published 2021-05-18T00:00:00Z
source MITRE
title When Intrusions Don’t Align: A New Water Watering Hole and Oldsmar

SpectorOps Bifrost Kerberos macOS 2019

Cody Thomas. (2019, November 14). When Kirbi walks the Bifrost. Retrieved October 6, 2021.

Internal MISP references

UUID 58ecb4e9-25fc-487b-9fed-25c781cc531b which can be used as unique global reference for SpectorOps Bifrost Kerberos macOS 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-06T00:00:00Z
date_published 2019-11-14T00:00:00Z
source MITRE
title When Kirbi walks the Bifrost

Palo Alto Brute Ratel July 2022

Harbison, M. and Renals, P. (2022, July 5). When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors. Retrieved February 1, 2023.

Internal MISP references

UUID a9ab0444-386b-5baf-84e1-0e6df4a21296 which can be used as unique global reference for Palo Alto Brute Ratel July 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-01T00:00:00Z
date_published 2022-07-05T00:00:00Z
source MITRE
title When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors

Trend Micro When Phishing Starts from the Inside 2017

Chris Taylor. (2017, October 5). When Phishing Starts from the Inside. Retrieved October 8, 2019.

Internal MISP references

UUID dbdc2009-a468-439b-bd96-e6153b3fb8a1 which can be used as unique global reference for Trend Micro When Phishing Starts from the Inside 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-10-08T00:00:00Z
date_published 2017-10-05T00:00:00Z
source MITRE
title When Phishing Starts from the Inside

Microsoft Where to use TxF

Microsoft. (n.d.). When to Use Transactional NTFS. Retrieved December 20, 2017.

Internal MISP references

UUID f315072c-67cb-4166-aa18-8e92e00ef7e8 which can be used as unique global reference for Microsoft Where to use TxF in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
source MITRE
title When to Use Transactional NTFS

Brining MimiKatz to Unix

Tim Wadhwa-Brown. (2018, November). Where 2 worlds collide Bringing Mimikatz et al to UNIX. Retrieved October 13, 2021.

Internal MISP references

UUID 5ad06565-6694-4c42-81c9-880d66f6d07f which can be used as unique global reference for Brining MimiKatz to Unix in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-13T00:00:00Z
date_published 2018-11-01T00:00:00Z
source MITRE
title Where 2 worlds collide Bringing Mimikatz et al to UNIX

Dell Lateral Movement

Carvey, H.. (2014, September 2). Where you AT?: Indicators of lateral movement using at.exe on Windows 7 systems. Retrieved January 25, 2016.

Internal MISP references

UUID fcc9b52a-751f-4985-8c32-7aaf411706ad which can be used as unique global reference for Dell Lateral Movement in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-25T00:00:00Z
date_published 2014-09-02T00:00:00Z
source MITRE, Tidal Cyber
title Where you AT?: Indicators of lateral movement using at.exe on Windows 7 systems

Secureworks - AT.exe Scheduled Task

Carvey, H.. (2014, September). Where You AT?: Indicators of Lateral Movement Using at.exe on Windows 7 Systems. Retrieved November 27, 2019.

Internal MISP references

UUID cd197a24-3671-427f-8ee6-da001ec985c8 which can be used as unique global reference for Secureworks - AT.exe Scheduled Task in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-11-27T00:00:00Z
date_published 2014-09-01T00:00:00Z
source MITRE
title Where You AT?: Indicators of Lateral Movement Using at.exe on Windows 7 Systems

Cybereason WhisperGate February 2022

Cybereason Nocturnus. (2022, February 15). Cybereason vs. WhisperGate and HermeticWiper. Retrieved March 10, 2022.

Internal MISP references

UUID 464d9cac-04c7-4e57-a5d6-604fba90a982 which can be used as unique global reference for Cybereason WhisperGate February 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-10T00:00:00Z
source MITRE
title WhisperGate and HermeticWiper

RecordedFuture WhisperGate Jan 2022

Insikt Group. (2020, January 28). WhisperGate Malware Corrupts Computers in Ukraine. Retrieved March 31, 2023.

Internal MISP references

UUID 4610e4db-a75b-5fdd-826d-15099d131585 which can be used as unique global reference for RecordedFuture WhisperGate Jan 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-03-31T00:00:00Z
date_published 2020-01-28T00:00:00Z
source MITRE
title WhisperGate Malware Corrupts Computers in Ukraine

Symantec Whitefly March 2019

Symantec. (2019, March 6). Whitefly: Espionage Group has Singapore in Its Sights. Retrieved May 26, 2020.

Internal MISP references

UUID d0e48356-36d9-4b4c-b621-e3c4404378d2 which can be used as unique global reference for Symantec Whitefly March 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-05-26T00:00:00Z
date_published 2019-03-06T00:00:00Z
source MITRE, Tidal Cyber
title Whitefly: Espionage Group has Singapore in Its Sights

Accenture Lyceum Targets November 2021

Accenture. (2021, November 9). Who are latest targets of cyber group Lyceum?. Retrieved June 16, 2022.

Internal MISP references

UUID 127836ce-e459-405d-a75c-32fd5f0ab198 which can be used as unique global reference for Accenture Lyceum Targets November 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-16T00:00:00Z
date_published 2021-11-09T00:00:00Z
source MITRE
title Who are latest targets of cyber group Lyceum?

Who Hid My Desktop

Safran, Or. Asinovsky, Pavel. (2017, November). Who Hid My Desktop: Deep Dive Into HVNC. Retrieved November 28, 2023.

Internal MISP references

UUID f9c81b1d-b58c-54d4-8eb8-cd86e9121ce4 which can be used as unique global reference for Who Hid My Desktop in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-28T00:00:00Z
date_published 2017-11-01T00:00:00Z
source MITRE
title Who Hid My Desktop: Deep Dive Into HVNC

Krebs-Anna

Brian Krebs. (2017, January 18). Who is Anna-Senpai, the Mirai Worm Author?. Retrieved May 15, 2017.

Internal MISP references

UUID 028b7582-be46-4642-9e36-b781cac66340 which can be used as unique global reference for Krebs-Anna in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-05-15T00:00:00Z
date_published 2017-01-18T00:00:00Z
source MITRE
title Who is Anna-Senpai, the Mirai Worm Author?

CrowdStrike Ember Bear Profile March 2022

CrowdStrike. (2022, March 30). Who is EMBER BEAR?. Retrieved June 9, 2022.

Internal MISP references

UUID 0639c340-b495-4d91-8418-3069f3fe0df1 which can be used as unique global reference for CrowdStrike Ember Bear Profile March 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-09T00:00:00Z
date_published 2022-03-30T00:00:00Z
source MITRE
title Who is EMBER BEAR?

WHOIS

NTT America. (n.d.). Whois Lookup. Retrieved October 20, 2020.

Internal MISP references

UUID fa6cba30-66e9-4a6b-85e8-a8c3773a3efe which can be used as unique global reference for WHOIS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-10-20T00:00:00Z
source MITRE
title Whois Lookup

Meyers Numbered Panda

Meyers, A. (2013, March 29). Whois Numbered Panda. Retrieved January 14, 2016.

Internal MISP references

UUID 988dfcfc-0c16-4129-9523-a77539291951 which can be used as unique global reference for Meyers Numbered Panda in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-01-14T00:00:00Z
date_published 2013-03-29T00:00:00Z
source MITRE, Tidal Cyber
title Whois Numbered Panda

CrowdStrike PIONEER KITTEN August 2020

Orleans, A. (2020, August 31). Who Is PIONEER KITTEN?. Retrieved December 21, 2020.

Internal MISP references

UUID 4fce29cc-ddab-4b96-b295-83c282a87564 which can be used as unique global reference for CrowdStrike PIONEER KITTEN August 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-21T00:00:00Z
date_published 2020-08-31T00:00:00Z
source MITRE, Tidal Cyber
title Who Is PIONEER KITTEN?

SECURELIST Bright Star 2015

Baumgartner, K., Guerrero-Saade, J. (2015, March 4). Who’s Really Spreading through the Bright Star?. Retrieved December 18, 2020.

Internal MISP references

UUID 59cba16f-91ed-458c-91c9-5b02c03678f5 which can be used as unique global reference for SECURELIST Bright Star 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-18T00:00:00Z
date_published 2015-03-04T00:00:00Z
source MITRE
title Who’s Really Spreading through the Bright Star?

Trend Micro Privileged Container

Fiser, D., Oliveira, A.. (2019, December 20). Why a Privileged Container in Docker is a Bad Idea. Retrieved March 30, 2021.

Internal MISP references

UUID 92ac290c-4863-4774-b334-848ed72e3627 which can be used as unique global reference for Trend Micro Privileged Container in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-03-30T00:00:00Z
date_published 2019-12-20T00:00:00Z
source MITRE
title Why a Privileged Container in Docker is a Bad Idea

Mandiant UNC3944 September 14 2023

Mandiant Intelligence. (2023, September 14). Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety. Retrieved November 16, 2023.

Internal MISP references

UUID 7420d79f-c6a3-4932-9c2e-c9cc36e2ca35 which can be used as unique global reference for Mandiant UNC3944 September 14 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-11-16T00:00:00Z
date_published 2023-09-14T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety

Mandiant UNC3944 SMS Phishing 2023

Mandiant Intelligence. (2023, September 14). Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety. Retrieved January 2, 2024.

Internal MISP references

UUID 3a310dbd-4b5c-5eaf-a4ce-699e52007c9b which can be used as unique global reference for Mandiant UNC3944 SMS Phishing 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-02T00:00:00Z
date_published 2023-09-14T00:00:00Z
source MITRE
title Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety

Electron Security 2

Stack Overflow. (n.d.). Why do I see an "Electron Security Warning" after updating my Electron project to the latest version?. Retrieved March 7, 2024.

Internal MISP references

UUID 8ec05b76-ec57-5173-9e1e-cf4131d7bd51 which can be used as unique global reference for Electron Security 2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-07T00:00:00Z
source MITRE
title Why do I see an "Electron Security Warning" after updating my Electron project to the latest version?

Auth0 - Why You Should Always Use Access Tokens to Secure APIs Sept 2019

Auth0. (n.d.). Why You Should Always Use Access Tokens to Secure APIs. Retrieved September 12, 2019.

Internal MISP references

UUID 8ec52402-7e54-463d-8906-f373e5855018 which can be used as unique global reference for Auth0 - Why You Should Always Use Access Tokens to Secure APIs Sept 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-12T00:00:00Z
source MITRE
title Why You Should Always Use Access Tokens to Secure APIs

Securelist Digital Certificates

Ladikov, A. (2015, January 29). Why You Shouldn’t Completely Trust Files Signed with Digital Certificates. Retrieved March 31, 2016.

Internal MISP references

UUID 3568163b-24b8-42fd-b111-b9d83c34cc4f which can be used as unique global reference for Securelist Digital Certificates in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-31T00:00:00Z
date_published 2015-01-29T00:00:00Z
source MITRE
title Why You Shouldn’t Completely Trust Files Signed with Digital Certificates

Crowdstrike DNS Hijack 2019

Matt Dahl. (2019, January 25). Widespread DNS Hijacking Activity Targets Multiple Sectors. Retrieved February 14, 2022.

Internal MISP references

UUID 969ad6de-9415-464d-ba52-2e61e1814a92 which can be used as unique global reference for Crowdstrike DNS Hijack 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-14T00:00:00Z
date_published 2019-01-25T00:00:00Z
source MITRE
title Widespread DNS Hijacking Activity Targets Multiple Sectors

Browser Adrozek

Microsoft Threat Intelligence. (2020, December 10). Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers. Retrieved February 26, 2024.

Internal MISP references

UUID 48afb730-b5e1-5a85-bb60-9ef9b536e397 which can be used as unique global reference for Browser Adrozek in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-26T00:00:00Z
date_published 2020-12-10T00:00:00Z
source MITRE
title Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers

Wi-Fi Password of All Connected Networks in Windows/Linux

Geeks for Geeks. (n.d.). Wi-Fi Password of All Connected Networks in Windows/Linux. Retrieved September 8, 2023.

Internal MISP references

UUID 7005f62f-0239-56c7-964b-64384e17b8da which can be used as unique global reference for Wi-Fi Password of All Connected Networks in Windows/Linux in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-09-08T00:00:00Z
source MITRE
title Wi-Fi Password of All Connected Networks in Windows/Linux

Wikipedia Exe Compression

Executable compression. (n.d.). Retrieved December 4, 2014.

Internal MISP references

UUID 13ac05f8-f2a9-4243-8039-aff9ee1d5fc6 which can be used as unique global reference for Wikipedia Exe Compression in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-04T00:00:00Z
source MITRE
title Wikipedia Exe Compression

ESET Carberp March 2012

Matrosov, A., Rodionov, E., Volkov, D., Harley, D. (2012, March 2). Win32/Carberp When You’re in a Black Hole, Stop Digging. Retrieved July 15, 2020.

Internal MISP references

UUID 806eadfc-f473-4f2b-b03b-8a1f1c0a2d96 which can be used as unique global reference for ESET Carberp March 2012 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-07-15T00:00:00Z
date_published 2012-03-02T00:00:00Z
source MITRE
title Win32/Carberp When You’re in a Black Hole, Stop Digging

ESET Industroyer

Anton Cherepanov. (2017, June 12). Win32/Industroyer: A new threat for industrial controls systems. Retrieved December 18, 2020.

Internal MISP references

UUID 9197f712-3c53-4746-9722-30e248511611 which can be used as unique global reference for ESET Industroyer in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-18T00:00:00Z
date_published 2017-06-12T00:00:00Z
source MITRE
title Win32/Industroyer: A new threat for industrial controls systems

Microsoft Kasidet

Manuel, J. and Plantado, R.. (2015, August 9). Win32/Kasidet. Retrieved March 24, 2016.

Internal MISP references

UUID 7c34c189-6581-4a56-aead-871400839d1a which can be used as unique global reference for Microsoft Kasidet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-24T00:00:00Z
date_published 2015-08-09T00:00:00Z
source MITRE
title Win32/Kasidet

ESET Ebury Oct 2017

Vachon, F. (2017, October 30). Windigo Still not Windigone: An Ebury Update . Retrieved February 10, 2021.

Internal MISP references

UUID 5257a8ed-1cc8-42f8-86a7-8c0fd0e553a7 which can be used as unique global reference for ESET Ebury Oct 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-10T00:00:00Z
date_published 2017-10-30T00:00:00Z
source MITRE
title Windigo Still not Windigone: An Ebury Update

Microsoft AMSI June 2015

Microsoft. (2015, June 9). Windows 10 to offer application developers new malware defenses. Retrieved February 12, 2018.

Internal MISP references

UUID d3724d08-f89b-4fb9-a0ea-3a6f929e0b6a which can be used as unique global reference for Microsoft AMSI June 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-02-12T00:00:00Z
date_published 2015-06-09T00:00:00Z
source MITRE
title Windows 10 to offer application developers new malware defenses

Davidson Windows

Davidson, L. (n.d.). Windows 7 UAC whitelist. Retrieved November 12, 2014.

Internal MISP references

UUID 49af01f2-06c5-4b21-9882-901ad828ee28 which can be used as unique global reference for Davidson Windows in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
source MITRE
title Windows 7 UAC whitelist

IRED API Hashing

spotheplanet. (n.d.). Windows API Hashing in Malware. Retrieved August 22, 2022.

Internal MISP references

UUID 1b8b87d5-1b70-401b-8850-d8afd3b22356 which can be used as unique global reference for IRED API Hashing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-08-22T00:00:00Z
source MITRE
title Windows API Hashing in Malware

TrendMicro WindowsAppMac

Trend Micro. (2019, February 11). Windows App Runs on Mac, Downloads Info Stealer and Adware. Retrieved April 25, 2019.

Internal MISP references

UUID dc673650-1a37-4af1-aa03-8f57a064156b which can be used as unique global reference for TrendMicro WindowsAppMac in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-25T00:00:00Z
date_published 2019-02-11T00:00:00Z
source MITRE
title Windows App Runs on Mac, Downloads Info Stealer and Adware

Windows Commands JPCERT

Tomonaga, S. (2016, January 26). Windows Commands Abused by Attackers. Retrieved February 2, 2016.

Internal MISP references

UUID 9d935f7f-bc2a-4d09-a51a-82074ffd7d77 which can be used as unique global reference for Windows Commands JPCERT in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-02-02T00:00:00Z
date_published 2016-01-26T00:00:00Z
source MITRE
title Windows Commands Abused by Attackers

Amplia WCE

Amplia Security. (n.d.). Windows Credentials Editor (WCE) F.A.Q.. Retrieved December 17, 2015.

Internal MISP references

UUID 790ea33a-7a64-488e-ab90-d82e021e0c06 which can be used as unique global reference for Amplia WCE in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-12-17T00:00:00Z
source MITRE
title Windows Credentials Editor (WCE) F.A.Q.

Microsoft Windows Defender Application Control

Gorzelany, A., Hall, J., Poggemeyer, L.. (2019, January 7). Windows Defender Application Control. Retrieved July 16, 2019.

Internal MISP references

UUID 678ef307-d203-4b65-bed4-b844ada7ab83 which can be used as unique global reference for Microsoft Windows Defender Application Control in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-16T00:00:00Z
date_published 2019-01-07T00:00:00Z
source MITRE
title Windows Defender Application Control

Microsoft Operation Wilysupply

Florio, E.. (2017, May 4). Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack. Retrieved February 14, 2019.

Internal MISP references

UUID 567ce633-a061-460b-84af-01dfe3d818c7 which can be used as unique global reference for Microsoft Operation Wilysupply in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-02-14T00:00:00Z
date_published 2017-05-04T00:00:00Z
source MITRE
title Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack

PassLib mscache

Eli Collins. (2016, November 25). Windows' Domain Cached Credentials v2. Retrieved February 21, 2020.

Internal MISP references

UUID ce40e997-d04b-49a6-8838-13205c54243a which can be used as unique global reference for PassLib mscache in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-21T00:00:00Z
date_published 2016-11-25T00:00:00Z
source MITRE
title Windows' Domain Cached Credentials v2

ProjectZero File Write EoP Apr 2018

Forshaw, J. (2018, April 18). Windows Exploitation Tricks: Exploiting Arbitrary File Writes for Local Elevation of Privilege. Retrieved May 3, 2018.

Internal MISP references

UUID 2c49288b-438d-487a-8e6e-f9d9eda73e2f which can be used as unique global reference for ProjectZero File Write EoP Apr 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-05-03T00:00:00Z
date_published 2018-04-18T00:00:00Z
source MITRE
title Windows Exploitation Tricks: Exploiting Arbitrary File Writes for Local Elevation of Privilege

DBAPPSecurity BITTER zero-day Feb 2021

JinQuan, MaDongZe, TuXiaoYi, and LiHao. (2021, February 10). Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack. Retrieved June 1, 2022.

Internal MISP references

UUID fb98df9a-303d-4658-93da-0dcbd7bf9b1e which can be used as unique global reference for DBAPPSecurity BITTER zero-day Feb 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-01T00:00:00Z
date_published 2021-02-10T00:00:00Z
source MITRE
title Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack

EyeofRa Detecting Hooking June 2017

Eye of Ra. (2017, June 27). Windows Keylogger Part 2: Defense against user-land. Retrieved December 12, 2017.

Internal MISP references

UUID d2d2186c-040f-4045-b161-fc468aa09534 which can be used as unique global reference for EyeofRa Detecting Hooking June 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-12T00:00:00Z
date_published 2017-06-27T00:00:00Z
source MITRE
title Windows Keylogger Part 2: Defense against user-land

Passcape LSA Secrets

Passcape. (n.d.). Windows LSA secrets. Retrieved February 21, 2020.

Internal MISP references

UUID 64b0e13f-de5f-4964-bcfa-bb0f6206383a which can be used as unique global reference for Passcape LSA Secrets in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-21T00:00:00Z
source MITRE
title Windows LSA secrets

Windows Malware Infecting Android

Lucian Constantin. (2014, January 23). Windows malware tries to infect Android devices connected to PCs. Retrieved May 25, 2022.

Internal MISP references

UUID 3733386a-14bd-44a6-8241-a10660ba25d9 which can be used as unique global reference for Windows Malware Infecting Android in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-05-25T00:00:00Z
date_published 2014-01-23T00:00:00Z
source MITRE
title Windows malware tries to infect Android devices connected to PCs

MSDN WMI

Microsoft. (n.d.). Windows Management Instrumentation. Retrieved April 27, 2016.

Internal MISP references

UUID 210ca539-71f6-4494-91ea-402a3e0e2a10 which can be used as unique global reference for MSDN WMI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-27T00:00:00Z
source MITRE
title Windows Management Instrumentation

FireEye WMI 2015

Ballenthin, W., et al. (2015). Windows Management Instrumentation (WMI) Offense, Defense, and Forensics. Retrieved March 30, 2016.

Internal MISP references

UUID 135ccd72-2714-4453-9c8f-f5fde31905ee which can be used as unique global reference for FireEye WMI 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-03-30T00:00:00Z
date_published 2015-01-01T00:00:00Z
source MITRE
title Windows Management Instrumentation (WMI) Offense, Defense, and Forensics

win_msc_files_overview

Brinkmann, M.. (2017, June 10). Windows .msc files overview. Retrieved September 20, 2021.

Internal MISP references

UUID 81aa896a-3498-4c37-8882-2b77933b71a8 which can be used as unique global reference for win_msc_files_overview in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-20T00:00:00Z
date_published 2017-06-10T00:00:00Z
source MITRE
title Windows .msc files overview

Hill NT Shell

Hill, T. (n.d.). Windows NT Command Shell. Retrieved December 5, 2014.

Internal MISP references

UUID 0e5dfc7e-c908-49b4-a54f-7dcecf332ee8 which can be used as unique global reference for Hill NT Shell in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-05T00:00:00Z
source MITRE
title Windows NT Command Shell

passcape Windows Vault

Passcape. (n.d.). Windows Password Recovery - Vault Explorer and Decoder. Retrieved November 24, 2020.

Internal MISP references

UUID a8a56a64-8e73-4331-9961-b1f9b6cbb348 which can be used as unique global reference for passcape Windows Vault in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-24T00:00:00Z
source MITRE
title Windows Password Recovery - Vault Explorer and Decoder

Malware Archaeology PowerShell Cheat Sheet

Malware Archaeology. (2016, June). WINDOWS POWERSHELL LOGGING CHEAT SHEET - Win 7/Win 2008 or later. Retrieved June 24, 2016.

Internal MISP references

UUID d7da4285-aeed-42dc-8f55-facbe6daf317 which can be used as unique global reference for Malware Archaeology PowerShell Cheat Sheet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-06-24T00:00:00Z
date_published 2016-06-01T00:00:00Z
source MITRE
title WINDOWS POWERSHELL LOGGING CHEAT SHEET - Win 7/Win 2008 or later

TechNet PowerShell

Microsoft. (n.d.). Windows PowerShell Scripting. Retrieved April 28, 2016.

Internal MISP references

UUID 20ec94d1-4a5c-43f5-bb65-f3ea965d2b6e which can be used as unique global reference for TechNet PowerShell in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-04-28T00:00:00Z
source MITRE
title Windows PowerShell Scripting

Windows Privilege Escalation Guide

absolomb. (2018, January 26). Windows Privilege Escalation Guide. Retrieved August 10, 2018.

Internal MISP references

UUID 185154f2-5f2e-48bf-b609-991e9d6a037b which can be used as unique global reference for Windows Privilege Escalation Guide in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-10T00:00:00Z
date_published 2018-01-26T00:00:00Z
source MITRE
title Windows Privilege Escalation Guide

SploitSpren Windows Priv Jan 2018

McFarland, R. (2018, January 26). Windows Privilege Escalation Guide. Retrieved August 10, 2018.

Internal MISP references

UUID c52945dc-eb20-4e69-8f8e-a262f33c244c which can be used as unique global reference for SploitSpren Windows Priv Jan 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-10T00:00:00Z
date_published 2018-01-26T00:00:00Z
source MITRE
title Windows Privilege Escalation Guide

SecurityBoulevard Unquoted Services APR 2018

HackHappy. (2018, April 23). Windows Privilege Escalation – Unquoted Services. Retrieved August 10, 2018.

Internal MISP references

UUID 939c05ae-bb21-4ed2-8fa3-a729f717ee3a which can be used as unique global reference for SecurityBoulevard Unquoted Services APR 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-10T00:00:00Z
date_published 2018-04-23T00:00:00Z
source MITRE
title Windows Privilege Escalation – Unquoted Services

Windows Unquoted Services

HackHappy. (2018, April 23). Windows Privilege Escalation – Unquoted Services. Retrieved August 10, 2018.

Internal MISP references

UUID 30681a0a-a49f-416a-b5bc-621c60f1130a which can be used as unique global reference for Windows Unquoted Services in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-08-10T00:00:00Z
date_published 2018-04-23T00:00:00Z
source MITRE
title Windows Privilege Escalation – Unquoted Services

Windows Process Injection KernelCallbackTable

odzhan. (2019, May 25). Windows Process Injection: KernelCallbackTable used by FinFisher / FinSpy. Retrieved February 4, 2022.

Internal MISP references

UUID 01a3fc64-ff07-48f7-b0d9-5728012761c7 which can be used as unique global reference for Windows Process Injection KernelCallbackTable in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-04T00:00:00Z
date_published 2019-05-25T00:00:00Z
source MITRE
title Windows Process Injection: KernelCallbackTable used by FinFisher / FinSpy

Modexp Windows Process Injection

odzhan. (2019, April 25). Windows Process Injection: WordWarping, Hyphentension, AutoCourgette, Streamception, Oleum, ListPlanting, Treepoline. Retrieved November 15, 2021.

Internal MISP references

UUID 1bf45166-bfce-450e-87d1-b1e3b19fdb62 which can be used as unique global reference for Modexp Windows Process Injection in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-11-15T00:00:00Z
date_published 2019-04-25T00:00:00Z
source MITRE
title Windows Process Injection: WordWarping, Hyphentension, AutoCourgette, Streamception, Oleum, ListPlanting, Treepoline

Wikipedia Windows Registry

Wikipedia. (n.d.). Windows Registry. Retrieved February 2, 2015.

Internal MISP references

UUID 656f0ffd-33e0-40ef-bdf7-70758f855f18 which can be used as unique global reference for Wikipedia Windows Registry in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-02-02T00:00:00Z
source MITRE
title Windows Registry

Cylance Reg Persistence Sept 2013

Langendorf, S. (2013, September 24). Windows Registry Persistence, Part 2: The Run Keys and Search-Order. Retrieved April 11, 2018.

Internal MISP references

UUID 9e9c745f-19fd-4218-b8dc-85df804ecb70 which can be used as unique global reference for Cylance Reg Persistence Sept 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-11T00:00:00Z
date_published 2013-09-24T00:00:00Z
source MITRE
title Windows Registry Persistence, Part 2: The Run Keys and Search-Order

Microsoft WinRM

Microsoft. (n.d.). Windows Remote Management. Retrieved November 12, 2014.

Internal MISP references

UUID ddbe110c-88f1-4774-bcb9-cd18b6218fc4 which can be used as unique global reference for Microsoft WinRM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-11-12T00:00:00Z
source MITRE
title Windows Remote Management

Symantec Windows Rootkits

Symantec. (n.d.). Windows Rootkit Overview. Retrieved December 21, 2017.

Internal MISP references

UUID 5b8d9094-dabf-4c29-a95b-b90dbcf07382 which can be used as unique global reference for Symantec Windows Rootkits in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-21T00:00:00Z
source MITRE
title Windows Rootkit Overview

insecure_reg_perms

Clément Labro. (2020, November 12). Windows RpcEptMapper Service Insecure Registry Permissions EoP. Retrieved August 25, 2021.

Internal MISP references

UUID d18717ae-7fe4-40f9-aff2-b35120d31dc8 which can be used as unique global reference for insecure_reg_perms in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-08-25T00:00:00Z
date_published 2020-11-12T00:00:00Z
source MITRE
title Windows RpcEptMapper Service Insecure Registry Permissions EoP

Microsoft Windows Scripts

Microsoft. (2017, January 18). Windows Script Interfaces. Retrieved June 23, 2020.

Internal MISP references

UUID 9e7cd4da-da18-4d20-809a-19abb4352807 which can be used as unique global reference for Microsoft Windows Scripts in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-06-23T00:00:00Z
date_published 2017-01-18T00:00:00Z
source MITRE
title Windows Script Interfaces

Microsoft Security Event 4670

Franklin Smith, R. (n.d.). Windows Security Log Event ID 4670. Retrieved November 4, 2019.

Internal MISP references

UUID 23a50cd5-ac76-4dbe-8937-0fe8aec8cbf6 which can be used as unique global reference for Microsoft Security Event 4670 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-11-04T00:00:00Z
source MITRE
title Windows Security Log Event ID 4670

Windows Log Events

Franklin Smith. (n.d.). Windows Security Log Events. Retrieved February 21, 2020.

Internal MISP references

UUID 53464503-6e6f-45d8-a208-1820678deeac which can be used as unique global reference for Windows Log Events in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-21T00:00:00Z
source MITRE
title Windows Security Log Events

winser19_file_overwrite_bug_twitter

Naceri, A. (2021, November 7). Windows Server 2019 file overwrite bug. Retrieved April 7, 2022.

Internal MISP references

UUID 158d971e-2f96-5200-8a87-d3887de30ff0 which can be used as unique global reference for winser19_file_overwrite_bug_twitter in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-04-07T00:00:00Z
date_published 2021-11-07T00:00:00Z
source MITRE
title Windows Server 2019 file overwrite bug

Windows Server Containers Are Open

Daniel Prizmant. (2020, July 15). Windows Server Containers Are Open, and Here's How You Can Break Out. Retrieved October 1, 2021.

Internal MISP references

UUID 9a801256-5852-433e-95bd-768f9b70b9fe which can be used as unique global reference for Windows Server Containers Are Open in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-10-01T00:00:00Z
date_published 2020-07-15T00:00:00Z
source MITRE
title Windows Server Containers Are Open, and Here's How You Can Break Out

Sysinternals AppCertDlls Oct 2007

Microsoft. (2007, October 24). Windows Sysinternals - AppCertDlls. Retrieved December 18, 2017.

Internal MISP references

UUID 68e006df-9fb6-4890-9952-7bad38b16dee which can be used as unique global reference for Sysinternals AppCertDlls Oct 2007 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-18T00:00:00Z
date_published 2007-10-24T00:00:00Z
source MITRE
title Windows Sysinternals - AppCertDlls

Russinovich Sysinternals

Russinovich, M. (2014, May 2). Windows Sysinternals PsExec v2.11. Retrieved May 13, 2015.

Internal MISP references

UUID 72d27aca-62c5-4e96-9977-c41951aaa888 which can be used as unique global reference for Russinovich Sysinternals in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-05-13T00:00:00Z
date_published 2014-05-02T00:00:00Z
source MITRE
title Windows Sysinternals PsExec v2.11

Microsoft System Services Fundamentals

Microsoft. (2018, February 17). Windows System Services Fundamentals. Retrieved March 28, 2022.

Internal MISP references

UUID 25d54a16-59a0-497d-a4a5-021420da8f1c which can be used as unique global reference for Microsoft System Services Fundamentals in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-03-28T00:00:00Z
date_published 2018-02-17T00:00:00Z
source MITRE
title Windows System Services Fundamentals

Microsoft W32Time May 2017

Mathers, B. (2017, May 31). Windows Time Service Tools and Settings. Retrieved March 26, 2018.

Internal MISP references

UUID 9e3d8dec-745a-4744-b80c-d65897ebba3c which can be used as unique global reference for Microsoft W32Time May 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-26T00:00:00Z
date_published 2017-05-31T00:00:00Z
source MITRE
title Windows Time Service Tools and Settings

Technet Windows Time Service

Mathers, B. (2016, September 30). Windows Time Service Tools and Settings. Retrieved November 25, 2016.

Internal MISP references

UUID 0d908e07-abc1-40fc-b147-9b9fd483b262 which can be used as unique global reference for Technet Windows Time Service in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-11-25T00:00:00Z
date_published 2016-09-30T00:00:00Z
source MITRE
title Windows Time Service Tools and Settings

Microsoft W32Time Feb 2018

Microsoft. (2018, February 1). Windows Time Service (W32Time). Retrieved March 26, 2018.

Internal MISP references

UUID 991f7a9f-4317-42fa-bc9b-f533fe36b517 which can be used as unique global reference for Microsoft W32Time Feb 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-03-26T00:00:00Z
date_published 2018-02-01T00:00:00Z
source MITRE
title Windows Time Service (W32Time)

Microsoft CVE-2021-1732 Feb 2021

Microsoft. (2018, February 9). Windows Win32k Elevation of Privilege Vulnerability CVE-2021-1732. Retrieved June 1, 2022.

Internal MISP references

UUID 7bbf39dd-851d-42dd-8be2-87de83f3abc0 which can be used as unique global reference for Microsoft CVE-2021-1732 Feb 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-06-01T00:00:00Z
date_published 2018-02-09T00:00:00Z
source MITRE
title Windows Win32k Elevation of Privilege Vulnerability CVE-2021-1732

win_xml_evt_log

Forensics Wiki. (2021, June 19). Windows XML Event Log (EVTX). Retrieved September 13, 2021.

Internal MISP references

UUID baeaad76-0acf-4921-9d6c-245649b32976 which can be used as unique global reference for win_xml_evt_log in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-13T00:00:00Z
date_published 2021-06-19T00:00:00Z
source MITRE
title Windows XML Event Log (EVTX)

Winexe Github Sept 2013

Skalkotos, N. (2013, September 20). WinExe. Retrieved January 22, 2018.

Internal MISP references

UUID 7003e2d4-83e5-4672-aaa9-53cc4bcb08b5 which can be used as unique global reference for Winexe Github Sept 2013 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-22T00:00:00Z
date_published 2013-09-20T00:00:00Z
source MITRE
title WinExe

Microsoft WinExec

Microsoft. (n.d.). WinExec function. Retrieved December 5, 2014.

Internal MISP references

UUID 9e1ae9ae-bafc-460a-891e-e75df01c96c4 which can be used as unique global reference for Microsoft WinExec in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2014-12-05T00:00:00Z
source MITRE
title WinExec function

winget.exe - LOLBAS Project

LOLBAS. (2022, January 3). winget.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 5ef334f3-fe6f-4cc1-b37d-d147180a8b8d which can be used as unique global reference for winget.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-01-03T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title winget.exe

PreKageo Winhook Jul 2011

Prekas, G. (2011, July 11). Winhook. Retrieved December 12, 2017.

Internal MISP references

UUID 9461f70f-bb14-4e40-9136-97f93aa16f33 which can be used as unique global reference for PreKageo Winhook Jul 2011 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-12T00:00:00Z
date_published 2011-07-11T00:00:00Z
source MITRE
title Winhook

Novetta Winnti April 2015

Novetta Threat Research Group. (2015, April 7). Winnti Analysis. Retrieved February 8, 2017.

Internal MISP references

UUID cbe8373b-f14b-4890-99fd-35ffd7090dea which can be used as unique global reference for Novetta Winnti April 2015 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-02-08T00:00:00Z
date_published 2015-04-07T00:00:00Z
source MITRE
title Winnti Analysis

Chronicle Winnti for Linux May 2019

Chronicle Blog. (2019, May 15). Winnti: More than just Windows and Gates. Retrieved April 29, 2020.

Internal MISP references

UUID e815e47a-c924-4b03-91e5-d41f2bb74773 which can be used as unique global reference for Chronicle Winnti for Linux May 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-04-29T00:00:00Z
date_published 2019-05-15T00:00:00Z
source MITRE
title Winnti: More than just Windows and Gates

WinRAR Website

WinRAR. (n.d.). WinRAR download free and support: WinRAR. Retrieved December 18, 2023.

Internal MISP references

UUID ad620d61-108c-4bb0-a897-02764ea9a903 which can be used as unique global reference for WinRAR Website in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-18T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title WinRAR download free and support: WinRAR

winrm.vbs - LOLBAS Project

LOLBAS. (2018, May 25). winrm.vbs. Retrieved December 4, 2023.

Internal MISP references

UUID 86107810-8a1d-4c13-80f0-c1624143d057 which can be used as unique global reference for winrm.vbs - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title winrm.vbs

Microsoft WinVerifyTrust

Microsoft. (n.d.). WinVerifyTrust function. Retrieved January 31, 2018.

Internal MISP references

UUID cc14faff-c164-4135-ae36-ba68e1a50024 which can be used as unique global reference for Microsoft WinVerifyTrust in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-01-31T00:00:00Z
source MITRE
title WinVerifyTrust function

Winword.exe - LOLBAS Project

LOLBAS. (2019, July 19). Winword.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 6d75b154-a51d-4541-8353-22ee1d12ebed which can be used as unique global reference for Winword.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2019-07-19T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Winword.exe

WinZip Homepage

Corel Corporation. (2020). WinZip. Retrieved February 20, 2020.

Internal MISP references

UUID dc047688-2ea3-415c-b516-06542048b049 which can be used as unique global reference for WinZip Homepage in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-20T00:00:00Z
date_published 2020-01-01T00:00:00Z
source MITRE
title WinZip

Dell Wiper

Dell SecureWorks. (2013, March 21). Wiper Malware Analysis Attacking Korean Financial Sector. Retrieved May 13, 2015.

Internal MISP references

UUID be6629ef-e7c6-411c-9bd2-34e59062cadd which can be used as unique global reference for Dell Wiper in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-05-13T00:00:00Z
date_published 2013-03-21T00:00:00Z
source MITRE
title Wiper Malware Analysis Attacking Korean Financial Sector

WireLurker

Claud Xiao. (n.d.). WireLurker: A New Era in iOS and OS X Malware. Retrieved July 10, 2017.

Internal MISP references

UUID fd33f71b-767d-4312-a8c9-5446939bb5ae which can be used as unique global reference for WireLurker in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-10T00:00:00Z
source MITRE
title WireLurker: A New Era in iOS and OS X Malware

Lab52 WIRTE Apr 2019

S2 Grupo. (2019, April 2). WIRTE Group attacking the Middle East. Retrieved May 24, 2019.

Internal MISP references

UUID 884b675e-390c-4f6d-8cb7-5d97d84115e5 which can be used as unique global reference for Lab52 WIRTE Apr 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-24T00:00:00Z
date_published 2019-04-02T00:00:00Z
source MITRE
title WIRTE Group attacking the Middle East

Kaspersky WIRTE November 2021

Yamout, M. (2021, November 29). WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019. Retrieved February 1, 2022.

Internal MISP references

UUID 143b4694-024d-49a5-be3c-d9ceca7295b2 which can be used as unique global reference for Kaspersky WIRTE November 2021 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-02-01T00:00:00Z
date_published 2021-11-29T00:00:00Z
source MITRE
title WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019

Cofense RevengeRAT Feb 2019

Gannon, M. (2019, February 11). With Upgrades in Delivery and Support Infrastructure, Revenge RAT Malware is a Bigger Threat. Retrieved May 1, 2019.

Internal MISP references

UUID 3abfc3eb-7f9d-49e5-8048-4118cde3122e which can be used as unique global reference for Cofense RevengeRAT Feb 2019 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-05-01T00:00:00Z
date_published 2019-02-11T00:00:00Z
source MITRE
title With Upgrades in Delivery and Support Infrastructure, Revenge RAT Malware is a Bigger Threat

CrowdStrike Wizard Spider October 2020

Podlosky, A., Hanel, A. et al. (2020, October 16). WIZARD SPIDER Update: Resilient, Reactive and Resolute. Retrieved June 15, 2021.

Internal MISP references

UUID 5c8d67ea-63bc-4765-b6f6-49fa5210abe6 which can be used as unique global reference for CrowdStrike Wizard Spider October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-06-15T00:00:00Z
date_published 2020-10-16T00:00:00Z
source MITRE, Tidal Cyber
title WIZARD SPIDER Update: Resilient, Reactive and Resolute

Wlrmdr.exe - LOLBAS Project

LOLBAS. (2022, February 16). Wlrmdr.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 43bebdc3-3072-4a3d-a0b7-0b23f1119136 which can be used as unique global reference for Wlrmdr.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-02-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Wlrmdr.exe

WMI 1-3

Microsoft. (2023, March 7). Retrieved February 13, 2024.

Internal MISP references

UUID fe0a3b0c-8526-5a0d-acb8-660bbc0c9328 which can be used as unique global reference for WMI 1-3 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-13T00:00:00Z
source MITRE
title WMI 1-3

Microsoft WMI Architecture

Microsoft. (2018, May 31). WMI Architecture. Retrieved September 29, 2021.

Internal MISP references

UUID 3778449c-e8b4-4ee5-914b-746053e8ca70 which can be used as unique global reference for Microsoft WMI Architecture in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
date_published 2018-05-31T00:00:00Z
source MITRE
title WMI Architecture

WMI 7,8

Microsoft. (2024, January 26). WMIC Deprecation. Retrieved February 13, 2024.

Internal MISP references

UUID 819cecb2-5bd3-5c20-bbda-372516b00d6e which can be used as unique global reference for WMI 7,8 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-02-13T00:00:00Z
date_published 2024-01-26T00:00:00Z
source MITRE
title WMIC Deprecation

LOLBAS Wmic

LOLBAS. (n.d.). Wmic.exe. Retrieved July 31, 2019.

Internal MISP references

UUID 497e73d4-9f27-4b30-ba09-f152ce866d0f which can be used as unique global reference for LOLBAS Wmic in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-07-31T00:00:00Z
source MITRE
title Wmic.exe

Microsoft WMI System Classes

Microsoft. (2018, May 31). WMI System Classes. Retrieved September 29, 2021.

Internal MISP references

UUID 60a5c359-3523-4638-aee2-3e13e0077ba9 which can be used as unique global reference for Microsoft WMI System Classes in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-29T00:00:00Z
date_published 2018-05-31T00:00:00Z
source MITRE
title WMI System Classes

MalwareBytes WoodyRAT Aug 2022

MalwareBytes Threat Intelligence Team. (2022, August 3). Woody RAT: A new feature-rich malware spotted in the wild. Retrieved December 6, 2022.

Internal MISP references

UUID 5c2ecb15-14e9-5bd3-be5f-628fa4e98ee6 which can be used as unique global reference for MalwareBytes WoodyRAT Aug 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2022-12-06T00:00:00Z
date_published 2022-08-03T00:00:00Z
source MITRE
title Woody RAT: A new feature-rich malware spotted in the wild

WorkFolders.exe - LOLBAS Project

LOLBAS. (2021, August 16). WorkFolders.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 42cfa3eb-7a8c-482e-b8d8-78ae5c30b843 which can be used as unique global reference for WorkFolders.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2021-08-16T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title WorkFolders.exe

Confluence Logs

Confluence Support. (2021, April 22). Working with Confluence Logs. Retrieved September 23, 2021.

Internal MISP references

UUID f715468d-7d72-4ca4-a828-9fc909ca4f37 which can be used as unique global reference for Confluence Logs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-09-23T00:00:00Z
date_published 2021-04-22T00:00:00Z
source MITRE
title Working with Confluence Logs

AppInit Registry

Microsoft. (2006, October). Working with the AppInit_DLLs registry value. Retrieved July 15, 2015.

Internal MISP references

UUID dd3f98d9-0228-45a6-9e7b-1babf911a9ac which can be used as unique global reference for AppInit Registry in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2015-07-15T00:00:00Z
date_published 2006-10-01T00:00:00Z
source MITRE
title Working with the AppInit_DLLs registry value

Kubernetes Workload Management

Kubernetes. (n.d.). Workload Management. Retrieved March 28, 2024.

Internal MISP references

UUID f207163b-08a8-5219-aca8-812e83e0dad3 which can be used as unique global reference for Kubernetes Workload Management in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-28T00:00:00Z
source MITRE
title Workload Management

ESF_filemonitor

Patrick Wardle. (2019, September 17). Writing a File Monitor with Apple's Endpoint Security Framework. Retrieved December 17, 2020.

Internal MISP references

UUID 280ddf42-92d1-4850-9241-96c1ef9c0609 which can be used as unique global reference for ESF_filemonitor in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-17T00:00:00Z
date_published 2019-09-17T00:00:00Z
source MITRE
title Writing a File Monitor with Apple's Endpoint Security Framework

Writing Bad Malware for OSX

Patrick Wardle. (2015). Writing Bad @$$ Malware for OS X. Retrieved July 10, 2017.

Internal MISP references

UUID 5628ecd9-48da-4a50-94ba-4b70abe56089 which can be used as unique global reference for Writing Bad Malware for OSX in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-10T00:00:00Z
date_published 2015-01-01T00:00:00Z
source MITRE
title Writing Bad @$$ Malware for OS X

Wscript.exe - LOLBAS Project

LOLBAS. (2018, May 25). Wscript.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 6c536675-84dd-44c3-8771-70120b413db7 which can be used as unique global reference for Wscript.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Wscript.exe

Enigma0x3 PubPrn Bypass

Nelson, M. (2017, August 3). WSH INJECTION: A CASE STUDY. Retrieved April 9, 2018.

Internal MISP references

UUID 8b12e87b-3836-4c79-877b-0a2761b34533 which can be used as unique global reference for Enigma0x3 PubPrn Bypass in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-04-09T00:00:00Z
date_published 2017-08-03T00:00:00Z
source MITRE
title WSH INJECTION: A CASE STUDY

Wsl.exe - LOLBAS Project

LOLBAS. (2019, June 27). Wsl.exe. Retrieved December 4, 2023.

Internal MISP references

UUID c147902a-e8e4-449f-8106-9e268d5367d8 which can be used as unique global reference for Wsl.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2019-06-27T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Wsl.exe

Wsreset.exe - LOLBAS Project

LOLBAS. (2019, March 18). Wsreset.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 24b73a27-f2ec-4cfa-a9df-59d4d4c1dd89 which can be used as unique global reference for Wsreset.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2019-03-18T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Wsreset.exe

wt.exe - LOLBAS Project

LOLBAS. (2022, July 27). wt.exe. Retrieved December 4, 2023.

Internal MISP references

UUID bbdd85b0-fdbb-4bd2-b962-a915c23c83c2 which can be used as unique global reference for wt.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2022-07-27T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title wt.exe

wuauclt.exe - LOLBAS Project

LOLBAS. (2020, September 23). wuauclt.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 09229ea3-ffd8-4d97-9728-f8c683ef6f26 which can be used as unique global reference for wuauclt.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2020-09-23T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title wuauclt.exe

XAgentOSX 2017

Robert Falcone. (2017, February 14). XAgentOSX: Sofacy's Xagent macOS Tool. Retrieved July 12, 2017.

Internal MISP references

UUID 2dc7a8f1-ccee-46f0-a995-268694f11b02 which can be used as unique global reference for XAgentOSX 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-12T00:00:00Z
date_published 2017-02-14T00:00:00Z
source MITRE
title XAgentOSX: Sofacy's Xagent macOS Tool

XAgentOSX

Robert Falcone. (2017, February 14). XAgentOSX: Sofacy's Xagent macOS Tool. Retrieved July 12, 2017.

Internal MISP references

UUID b4fd246d-9bd1-4bed-a9cb-92233c5c45c4 which can be used as unique global reference for XAgentOSX in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-07-12T00:00:00Z
date_published 2017-02-14T00:00:00Z
source MITRE
title XAgentOSX: Sofacy's Xagent macOS Tool

Unit42 Xbash Sept 2018

Xiao, C. (2018, September 17). Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows. Retrieved November 14, 2018.

Internal MISP references

UUID 21b890f7-82db-4840-a05e-2155b8ddce8c which can be used as unique global reference for Unit42 Xbash Sept 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-14T00:00:00Z
date_published 2018-09-17T00:00:00Z
source MITRE
title Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows

xCmd

Rayaprolu, A.. (2011, April 12). xCmd an Alternative to PsExec. Retrieved August 10, 2016.

Internal MISP references

UUID 430fc6ef-33c5-4cd8-b785-358e4aae5230 which can be used as unique global reference for xCmd in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-08-10T00:00:00Z
date_published 2011-04-12T00:00:00Z
source MITRE
title xCmd an Alternative to PsExec

xcopy Microsoft

Microsoft. (2023, February 3). xcopy Microsoft. Retrieved July 11, 2023.

Internal MISP references

UUID 05e01751-ebb4-4b09-be89-4e405ab7e7e4 which can be used as unique global reference for xcopy Microsoft in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-07-11T00:00:00Z
date_published 2023-02-03T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title xcopy Microsoft

Dragos Xenotime 2018

Dragos, Inc.. (n.d.). Xenotime. Retrieved April 16, 2019.

Internal MISP references

UUID b20fe65f-df43-4a59-af3f-43afafba15ab which can be used as unique global reference for Dragos Xenotime 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-16T00:00:00Z
source MITRE
title Xenotime

gist Arch package compromise 10JUL2018

Catalin Cimpanu. (2018, July 10). ~x file downloaded in public Arch package compromise. Retrieved April 23, 2019.

Internal MISP references

UUID b2900049-444a-4fe5-af1f-b9cd2cd9491c which can be used as unique global reference for gist Arch package compromise 10JUL2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-23T00:00:00Z
date_published 2018-07-10T00:00:00Z
source MITRE
title ~x file downloaded in public Arch package compromise

Cyble July 01 2022

Cybleinc. (2022, July 1). Xloader Returns with New Infection Technique. Retrieved May 7, 2023.

Internal MISP references

UUID 1b0e143a-3c5d-4445-9a99-8e42815130ac which can be used as unique global reference for Cyble July 01 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-07T00:00:00Z
date_published 2022-07-01T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Xloader Returns with New Infection Technique

SentinelOne 8 21 2023

Dinesh Devadoss; Phil Stokes. (2023, August 21). XLoader's Latest Trick . Retrieved January 1, 2024.

Internal MISP references

UUID fc9b3eac-a638-4b84-92ae-591bc16a845e which can be used as unique global reference for SentinelOne 8 21 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-01-01T00:00:00Z
date_published 2023-08-21T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title XLoader's Latest Trick

Trend Micro Exposed Docker Server

Remillano II, A., et al. (2020, June 20). XORDDoS, Kaiji Variants Target Exposed Docker Servers. Retrieved April 5, 2021.

Internal MISP references

UUID 05c8909c-749c-4153-9a05-173d5d7a80a9 which can be used as unique global reference for Trend Micro Exposed Docker Server in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-05T00:00:00Z
date_published 2020-06-20T00:00:00Z
source MITRE
title XORDDoS, Kaiji Variants Target Exposed Docker Servers

Microsoft xp_cmdshell 2017

Microsoft. (2017, March 15). xp_cmdshell (Transact-SQL). Retrieved September 9, 2019.

Internal MISP references

UUID 1945b8b2-de29-4f7a-8957-cc96fbad3b11 which can be used as unique global reference for Microsoft xp_cmdshell 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-09-09T00:00:00Z
date_published 2017-03-15T00:00:00Z
source MITRE
title xp_cmdshell (Transact-SQL)

Microsoft XSLT Script Mar 2017

Wenzel, M. et al. (2017, March 30). XSLT Stylesheet Scripting Using . Retrieved July 3, 2018.

Internal MISP references

UUID 7ff47640-2a98-4a55-939a-ab6c8c8d2d09 which can be used as unique global reference for Microsoft XSLT Script Mar 2017 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-07-03T00:00:00Z
date_published 2017-03-30T00:00:00Z
source MITRE
title XSLT Stylesheet Scripting Using

Xwizard.exe - LOLBAS Project

LOLBAS. (2018, May 25). Xwizard.exe. Retrieved December 4, 2023.

Internal MISP references

UUID 573df5d1-83e7-4437-bdad-604f093b3cfd which can be used as unique global reference for Xwizard.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Xwizard.exe

Linux kernel Yama

Linux Kernel Archives. (n.d.). Yama Documentation - ptrace_scope. Retrieved December 20, 2017.

Internal MISP references

UUID 615d7744-327e-4f14-bce0-a16c352e7486 which can be used as unique global reference for Linux kernel Yama in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-20T00:00:00Z
source MITRE
title Yama Documentation - ptrace_scope

Red Canary Yellow Cockatoo June 2022

RED CANARY INTELLIGENCE. (2022, June 7). Yellow Cockatoo: Search engine redirects, in-memory remote access trojan, and more. Retrieved May 10, 2023.

Internal MISP references

UUID f97537c2-f080-4438-8728-4d2a91388132 which can be used as unique global reference for Red Canary Yellow Cockatoo June 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-05-10T00:00:00Z
date_published 2022-06-07T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Yellow Cockatoo: Search engine redirects, in-memory remote access trojan, and more

PwC Yellow Liderc

PwC Threat Intelligence. (2023, October 25). Yellow Liderc ships its scripts and delivers IMAPLoader malware. Retrieved March 29, 2024.

Internal MISP references

UUID b6544ea7-befa-53ae-95fa-5c227c848c46 which can be used as unique global reference for PwC Yellow Liderc in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2024-03-29T00:00:00Z
date_published 2023-10-25T00:00:00Z
source MITRE
title Yellow Liderc ships its scripts and delivers IMAPLoader malware

PwC Yellow Liderc October 25 2023

PwC Threat Intelligence. (2023, October 25). Yellow Liderc ships its scripts and delivers IMAPLoader malware. Retrieved October 25, 2023.

Internal MISP references

UUID cbeaf9b5-865f-44a1-a913-9eec28d7a5ff which can be used as unique global reference for PwC Yellow Liderc October 25 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-10-25T00:00:00Z
date_published 2023-10-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Yellow Liderc ships its scripts and delivers IMAPLoader malware

Mandiant APT29 Microsoft 365 2022

Douglas Bienstock. (2022, August 18). You Can’t Audit Me: APT29 Continues Targeting Microsoft 365. Retrieved February 23, 2023.

Internal MISP references

UUID e141408e-d22b-58e4-884f-0cbff25444da which can be used as unique global reference for Mandiant APT29 Microsoft 365 2022 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-02-23T00:00:00Z
date_published 2022-08-18T00:00:00Z
source MITRE
title You Can’t Audit Me: APT29 Continues Targeting Microsoft 365

BlackHat Mac OSX Rootkit

Pan, M., Tsai, S. (2014). You can’t see me: A Mac OS X Rootkit uses the tricks you haven't known yet. Retrieved December 21, 2017.

Internal MISP references

UUID e01a6d46-5b38-42df-bd46-3995d38bb60e which can be used as unique global reference for BlackHat Mac OSX Rootkit in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2017-12-21T00:00:00Z
date_published 2014-01-01T00:00:00Z
source MITRE
title You can’t see me: A Mac OS X Rootkit uses the tricks you haven't known yet

Malwarebytes DarkComet March 2018

Kujawa, A. (2018, March 27). You dirty RAT! Part 1: DarkComet. Retrieved November 6, 2018.

Internal MISP references

UUID 6a765a99-8d9f-4076-8741-6415a5ab918b which can be used as unique global reference for Malwarebytes DarkComet March 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2018-11-06T00:00:00Z
date_published 2018-03-27T00:00:00Z
source MITRE
title You dirty RAT! Part 1: DarkComet

FireEye Mail CDS 2018

Caban, D. and Hirani, M. (2018, October 3). You’ve Got Mail! Enterprise Email Compromise. Retrieved April 22, 2019.

Internal MISP references

UUID 0af1795c-9cdd-43fa-8184-73f33d9f5366 which can be used as unique global reference for FireEye Mail CDS 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-22T00:00:00Z
date_published 2018-10-03T00:00:00Z
source MITRE
title You’ve Got Mail! Enterprise Email Compromise

US District Court Indictment GRU Unit 74455 October 2020

Scott W. Brady. (2020, October 15). United States vs. Yuriy Sergeyevich Andrienko et al.. Retrieved November 25, 2020.

Internal MISP references

UUID 77788d05-30ff-4308-82e6-d123a3c2fd80 which can be used as unique global reference for US District Court Indictment GRU Unit 74455 October 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-11-25T00:00:00Z
source MITRE
title Yuriy Sergeyevich Andrienko et al.

Sophos ZeroAccess

Wyke, J. (2012, April). ZeroAccess. Retrieved July 18, 2016.

Internal MISP references

UUID 41b51767-62f1-45c2-98cb-47c44c975a58 which can be used as unique global reference for Sophos ZeroAccess in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2016-07-18T00:00:00Z
date_published 2012-04-01T00:00:00Z
source MITRE
title ZeroAccess

Mandiant MOVEit Transfer June 2 2023

Nader Zaveri, Jeremy Kennelly, Genevieve Stark, Matthew Mcwhirt, Dan Nutting, Kimberly Goody, Justin Moore, Joe Pisano, Zander Work, Peter Ukhanov, Juraj Sucik, Will Silverstone, Zach Schramm, Greg Blaum, Ollie Styles, Nicholas Bennett, Josh Murchie. (2023, June 2). Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft. Retrieved June 16, 2023.

Internal MISP references

UUID 232c7555-0483-4a57-88cb-71a990f7d683 which can be used as unique global reference for Mandiant MOVEit Transfer June 2 2023 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-06-16T00:00:00Z
date_published 2023-06-02T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft

Kaspersky RTLO Cyber Crime

Firsh, A.. (2018, February 13). Zero-day vulnerability in Telegram - Cybercriminals exploited Telegram flaw to launch multipurpose attacks. Retrieved April 22, 2019.

Internal MISP references

UUID 38fbd993-de98-49e9-8437-bc6a1493d6ed which can be used as unique global reference for Kaspersky RTLO Cyber Crime in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-22T00:00:00Z
date_published 2018-02-13T00:00:00Z
source MITRE
title Zero-day vulnerability in Telegram - Cybercriminals exploited Telegram flaw to launch multipurpose attacks

DOJ APT10 Dec 2018

United States District Court Southern District of New York (USDC SDNY) . (2018, December 17). United States of America v. Zhu Hua and Zhang Shilong. Retrieved April 17, 2019.

Internal MISP references

UUID 3ddc68b4-53f1-4fa5-b7f3-4e5d7d9661f2 which can be used as unique global reference for DOJ APT10 Dec 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2019-04-17T00:00:00Z
source MITRE, Tidal Cyber
title Zhu Hua and Zhang Shilong

District Court of NY APT10 Indictment December 2018

US District Court Southern District of New York. (2018, December 17). United States v. Zhu Hua Indictment. Retrieved December 17, 2020.

Internal MISP references

UUID 79ccbc74-b9c4-4dc8-91ae-1d15c4db563b which can be used as unique global reference for District Court of NY APT10 Indictment December 2018 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-12-17T00:00:00Z
source MITRE
title Zhu Hua Indictment

Zipfldr.dll - LOLBAS Project

LOLBAS. (2018, May 25). Zipfldr.dll. Retrieved December 4, 2023.

Internal MISP references

UUID 3bee0640-ea48-4164-be57-ac565d8cbea7 which can be used as unique global reference for Zipfldr.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2023-12-04T00:00:00Z
date_published 2018-05-25T00:00:00Z
owner TidalCyberIan
source Tidal Cyber
title Zipfldr.dll

Zlib Github

madler. (2017). zlib. Retrieved February 20, 2020.

Internal MISP references

UUID 982bcacc-afb2-4bbb-9197-f44d765b9e07 which can be used as unique global reference for Zlib Github in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2020-02-20T00:00:00Z
date_published 2017-01-01T00:00:00Z
source MITRE
title zlib

Microsoft Zone.Identifier 2020

Microsoft. (2020, August 31). Zone.Identifier Stream Name. Retrieved February 22, 2021.

Internal MISP references

UUID 2efbb7be-3ca1-444a-8584-7ceb08101e74 which can be used as unique global reference for Microsoft Zone.Identifier 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-02-22T00:00:00Z
date_published 2020-08-31T00:00:00Z
source MITRE
title Zone.Identifier Stream Name

Sysdig Kinsing November 2020

Huang, K. (2020, November 23). Zoom into Kinsing. Retrieved April 1, 2021.

Internal MISP references

UUID 4922dbb5-d3fd-4bf2-8af7-3b8889579c31 which can be used as unique global reference for Sysdig Kinsing November 2020 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
date_accessed 2021-04-01T00:00:00Z
date_published 2020-11-23T00:00:00Z
source MITRE
title Zoom into Kinsing